From e06f50cb06ad50ba5d5221964519681a4f8622a2 Mon Sep 17 00:00:00 2001 From: Ghanshyam Mann Date: Sat, 24 Feb 2024 11:32:37 -0800 Subject: [PATCH] Retire Tripleo: remove repo content TripleO project is retiring - https://review.opendev.org/c/openstack/governance/+/905145 this commit remove the content of this project repo Change-Id: I73df79a8698625815ea4e3099904da448a49887e --- .gitignore | 27 - .sync.yml | 3 - Gemfile | 36 - LICENSE | 176 -- Puppetfile_extras | 34 - README.md | 20 - README.rst | 10 + Rakefile | 7 - bindep.txt | 12 - doc/requirements.txt | 6 - files/mysql_ed25519_password.py | 42 - lib/facter/alt_fqdns.rb | 34 - lib/facter/netmask_ipv6.rb | 49 - lib/facter/nic_alias.rb | 27 - lib/facter/stonith_levels.rb | 27 - .../docker_volumes_to_storage_maps.rb | 44 - lib/puppet/functions/ip_to_erl_format.rb | 32 - lib/puppet/functions/list_to_hash.rb | 31 - lib/puppet/functions/merge_hash_values.rb | 30 - .../functions/mysql_ed25519_password.rb | 21 - lib/puppet/functions/noop_resource.rb | 93 - .../functions/pacemaker_bundle_replicas.rb | 24 - lib/puppet/functions/qdr_ssl_certificate.rb | 39 - lib/puppet/functions/tripleo_swift_devices.rb | 27 - .../parser/functions/interface_for_ip.rb | 85 - .../parser/functions/local_fence_devices.rb | 34 - lib/puppet/provider/package/norpm.rb | 51 - manifests/config.pp | 44 - manifests/fencing.pp | 222 -- manifests/haproxy.pp | 1839 ----------------- manifests/haproxy/endpoint.pp | 321 --- manifests/haproxy/horizon_endpoint.pp | 211 -- manifests/haproxy/service_endpoints.pp | 48 - manifests/haproxy/stats.pp | 101 - manifests/haproxy/userlist.pp | 54 - manifests/init.pp | 23 - manifests/noop.pp | 68 - manifests/pacemaker/haproxy_with_vip.pp | 124 -- manifests/packages.pp | 41 - manifests/profile/base/aodh.pp | 129 -- manifests/profile/base/aodh/api.pp | 105 - manifests/profile/base/aodh/authtoken.pp | 84 - manifests/profile/base/aodh/evaluator.pp | 59 - manifests/profile/base/aodh/listener.pp | 36 - manifests/profile/base/aodh/notifier.pp | 36 - manifests/profile/base/apache.pp | 51 - manifests/profile/base/barbican.pp | 36 - manifests/profile/base/barbican/api.pp | 181 -- manifests/profile/base/barbican/authtoken.pp | 84 - manifests/profile/base/barbican/backends.pp | 77 - manifests/profile/base/ceilometer.pp | 155 -- .../base/ceilometer/agent/notification.pp | 111 - .../profile/base/ceilometer/agent/polling.pp | 78 - manifests/profile/base/cinder.pp | 142 -- manifests/profile/base/cinder/api.pp | 97 - manifests/profile/base/cinder/authtoken.pp | 84 - manifests/profile/base/cinder/backup.pp | 36 - manifests/profile/base/cinder/backup/ceph.pp | 36 - manifests/profile/base/cinder/backup/gcs.pp | 56 - manifests/profile/base/cinder/backup/nfs.pp | 36 - manifests/profile/base/cinder/backup/s3.pp | 36 - manifests/profile/base/cinder/backup/swift.pp | 36 - manifests/profile/base/cinder/scheduler.pp | 35 - manifests/profile/base/cinder/volume.pp | 346 ---- .../base/cinder/volume/dellemc_powerflex.pp | 65 - .../base/cinder/volume/dellemc_powermax.pp | 70 - .../base/cinder/volume/dellemc_powerstore.pp | 66 - .../profile/base/cinder/volume/dellemc_sc.pp | 87 - .../base/cinder/volume/dellemc_unity.pp | 66 - .../profile/base/cinder/volume/dellemc_vnx.pp | 76 - .../base/cinder/volume/dellemc_xtremio.pp | 76 - .../profile/base/cinder/volume/ibm_svf.pp | 60 - manifests/profile/base/cinder/volume/iscsi.pp | 67 - .../profile/base/cinder/volume/netapp.pp | 89 - manifests/profile/base/cinder/volume/nfs.pp | 116 -- .../profile/base/cinder/volume/nvmeof.pp | 80 - manifests/profile/base/cinder/volume/pure.pp | 80 - manifests/profile/base/cinder/volume/rbd.pp | 147 -- manifests/profile/base/database/mysql.pp | 279 --- .../profile/base/database/mysql/client.pp | 104 - .../database/mysql/include_and_check_auth.pp | 49 - manifests/profile/base/database/mysql/user.pp | 62 - .../profile/base/database/mysql/users.pp | 37 - manifests/profile/base/database/redis.pp | 119 -- manifests/profile/base/designate.pp | 139 -- manifests/profile/base/designate/api.pp | 105 - manifests/profile/base/designate/authtoken.pp | 84 - manifests/profile/base/designate/backend.pp | 43 - manifests/profile/base/designate/central.pp | 63 - .../profile/base/designate/coordination.pp | 57 - manifests/profile/base/designate/mdns.pp | 33 - manifests/profile/base/designate/producer.pp | 40 - manifests/profile/base/designate/sink.pp | 33 - manifests/profile/base/designate/worker.pp | 45 - manifests/profile/base/etcd.pp | 98 - manifests/profile/base/glance/api.pp | 317 --- manifests/profile/base/glance/authtoken.pp | 84 - .../profile/base/glance/backend/cinder.pp | 146 -- manifests/profile/base/glance/backend/file.pp | 71 - manifests/profile/base/glance/backend/rbd.pp | 102 - .../profile/base/glance/backend/swift.pp | 155 -- manifests/profile/base/glance/netapp.pp | 60 - manifests/profile/base/gnocchi.pp | 72 - manifests/profile/base/gnocchi/api.pp | 152 -- manifests/profile/base/gnocchi/authtoken.pp | 84 - manifests/profile/base/gnocchi/metricd.pp | 34 - manifests/profile/base/gnocchi/statsd.pp | 34 - manifests/profile/base/haproxy.pp | 58 - manifests/profile/base/heat.pp | 192 -- manifests/profile/base/heat/api.pp | 94 - manifests/profile/base/heat/api_cfn.pp | 94 - manifests/profile/base/heat/authtoken.pp | 84 - manifests/profile/base/heat/engine.pp | 47 - manifests/profile/base/horizon.pp | 131 -- manifests/profile/base/ironic.pp | 91 - manifests/profile/base/ironic/api.pp | 95 - manifests/profile/base/ironic/authtoken.pp | 84 - manifests/profile/base/ironic/conductor.pp | 85 - manifests/profile/base/ironic_inspector.pp | 91 - .../base/ironic_inspector/authtoken.pp | 84 - manifests/profile/base/iscsid.pp | 79 - manifests/profile/base/keystone.pp | 311 --- manifests/profile/base/logging/logrotate.pp | 171 -- manifests/profile/base/logging/rsyslog.pp | 158 -- .../base/logging/rsyslog/file_input.pp | 57 - manifests/profile/base/lvm.pp | 40 - manifests/profile/base/manila.pp | 124 -- manifests/profile/base/manila/api.pp | 178 -- manifests/profile/base/manila/authtoken.pp | 84 - manifests/profile/base/manila/scheduler.pp | 36 - manifests/profile/base/manila/share.pp | 271 --- manifests/profile/base/memcached.pp | 63 - manifests/profile/base/metrics/collectd.pp | 263 --- .../base/metrics/collectd/collectd_plugin.pp | 6 - .../base/metrics/collectd/collectd_service.pp | 14 - .../base/metrics/collectd/libpodstats.pp | 70 - .../base/metrics/collectd/plugin_helper.pp | 6 - .../base/metrics/collectd/sensubility.pp | 246 --- .../metrics/collectd/sensubility_script.pp | 64 - .../metrics/collectd/sqlalchemy_collectd.pp | 53 - manifests/profile/base/metrics/qdr.pp | 253 --- manifests/profile/base/neutron.pp | 155 -- .../profile/base/neutron/agents/bagpipe.pp | 37 - manifests/profile/base/neutron/agents/l2gw.pp | 35 - manifests/profile/base/neutron/agents/mlnx.pp | 34 - .../neutron/agents/networking_baremetal.pp | 36 - manifests/profile/base/neutron/agents/ovn.pp | 76 - manifests/profile/base/neutron/authtoken.pp | 84 - manifests/profile/base/neutron/bgpvpn.pp | 37 - manifests/profile/base/neutron/dhcp.pp | 52 - .../base/neutron/dhcp_agent_wrappers.pp | 84 - manifests/profile/base/neutron/l2gw.pp | 37 - manifests/profile/base/neutron/l3.pp | 35 - .../profile/base/neutron/l3_agent_wrappers.pp | 156 -- manifests/profile/base/neutron/linuxbridge.pp | 20 - manifests/profile/base/neutron/metadata.pp | 35 - .../profile/base/neutron/ovn_metadata.pp | 90 - .../neutron/ovn_metadata_agent_wrappers.pp | 56 - manifests/profile/base/neutron/ovn_northd.pp | 40 - manifests/profile/base/neutron/ovs.pp | 66 - manifests/profile/base/neutron/plugins/ml2.pp | 87 - .../base/neutron/plugins/ml2/bagpipe.pp | 37 - .../plugins/ml2/networking_baremetal.pp | 36 - .../profile/base/neutron/plugins/ml2/ovn.pp | 136 -- .../profile/base/neutron/plugins/ml2/vts.pp | 51 - .../base/neutron/plugins/opencontrail.pp | 43 - manifests/profile/base/neutron/server.pp | 179 -- manifests/profile/base/neutron/sfc.pp | 37 - manifests/profile/base/neutron/sriov.pp | 36 - .../base/neutron/wrappers/dibbler_client.pp | 48 - .../profile/base/neutron/wrappers/dnsmasq.pp | 48 - .../profile/base/neutron/wrappers/haproxy.pp | 48 - .../base/neutron/wrappers/keepalived.pp | 48 - .../wrappers/keepalived_state_change.pp | 43 - .../profile/base/neutron/wrappers/radvd.pp | 49 - manifests/profile/base/nova.pp | 180 -- manifests/profile/base/nova/api.pp | 124 -- manifests/profile/base/nova/authtoken.pp | 84 - manifests/profile/base/nova/compute.pp | 81 - manifests/profile/base/nova/compute/ironic.pp | 34 - .../profile/base/nova/compute/libvirt.pp | 35 - .../base/nova/compute/libvirt_guests.pp | 41 - .../base/nova/compute_libvirt_shared.pp | 59 - manifests/profile/base/nova/conductor.pp | 50 - manifests/profile/base/nova/libvirt.pp | 179 -- manifests/profile/base/nova/metadata.pp | 94 - manifests/profile/base/nova/migration.pp | 35 - .../profile/base/nova/migration/client.pp | 101 - .../profile/base/nova/migration/target.pp | 87 - manifests/profile/base/nova/scheduler.pp | 34 - .../profile/base/nova/virtlogd_wrapper.pp | 54 - manifests/profile/base/nova/vncproxy.pp | 33 - .../profile/base/nova/wrappers/virtlogd.pp | 43 - manifests/profile/base/octavia.pp | 85 - manifests/profile/base/octavia/api.pp | 123 -- manifests/profile/base/octavia/authtoken.pp | 84 - .../profile/base/octavia/health_manager.pp | 40 - .../profile/base/octavia/housekeeping.pp | 41 - .../profile/base/octavia/provider/ovn.pp | 135 -- manifests/profile/base/octavia/worker.pp | 41 - manifests/profile/base/pacemaker.pp | 285 --- .../profile/base/pacemaker/instance_ha.pp | 166 -- manifests/profile/base/pacemaker_remote.pp | 96 - manifests/profile/base/placement.pp | 46 - manifests/profile/base/placement/api.pp | 92 - manifests/profile/base/placement/authtoken.pp | 84 - manifests/profile/base/qdr.pp | 156 -- manifests/profile/base/rabbitmq.pp | 277 --- manifests/profile/base/rsyslog/sidecar.pp | 36 - manifests/profile/base/snmp.pp | 83 - manifests/profile/base/sshd.pp | 92 - manifests/profile/base/swift.pp | 46 - manifests/profile/base/swift/add_devices.pp | 61 - manifests/profile/base/swift/dispersion.pp | 33 - manifests/profile/base/swift/proxy.pp | 206 -- manifests/profile/base/swift/ringbuilder.pp | 175 -- manifests/profile/base/swift/storage.pp | 75 - manifests/profile/pacemaker/ceph_nfs.pp | 153 -- .../profile/pacemaker/cinder/backup_bundle.pp | 243 --- .../profile/pacemaker/cinder/volume_bundle.pp | 243 --- manifests/profile/pacemaker/clustercheck.pp | 79 - .../profile/pacemaker/compute_instanceha.pp | 33 - .../pacemaker/database/mysql_bundle.pp | 709 ------- .../pacemaker/database/redis_bundle.pp | 370 ---- manifests/profile/pacemaker/haproxy_bundle.pp | 373 ---- .../profile/pacemaker/manila/share_bundle.pp | 290 --- manifests/profile/pacemaker/ovn_dbs_bundle.pp | 372 ---- manifests/profile/pacemaker/ovn_northd.pp | 100 - .../profile/pacemaker/rabbitmq_bundle.pp | 427 ---- manifests/stunnel.pp | 46 - manifests/stunnel/service_proxy.pp | 64 - manifests/tls_proxy.pp | 76 - manifests/trusted_ca.pp | 39 - manifests/trusted_cas.pp | 28 - metadata.json | 41 - .../notes/6.2.0-64eaf596539f3ed1.yaml | 64 - .../Add-CRL-resource-d2263462d40f01c0.yaml | 4 - ...t-for-ibm_svf-driver-01924479bb11063c.yaml | 4 - ...le_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml | 3 - ...per-case-name-checks-306011421f53131d.yaml | 3 - .../notes/HAProxy-CRL-d05b555f92ff55ed.yaml | 6 - .../notes/No-TLS-v1.0-0edeac680bb51f94.yaml | 4 - ...olume_mode-parameter-220b1026aebd9e3b.yaml | 5 - ...LS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml | 8 - ...pacemaker-by-default-ca887dca02a21705.yaml | 6 - .../add-bagpipe-driver-9163f5b22096fde0.yaml | 4 - ...dd-barbican-backends-2412df7eef07038e.yaml | 5 - .../add-bgpvpn-support-77676690fb6dd17b.yaml | 3 - ...-ceilo-polling-agent-53fab550a09a6196.yaml | 6 - ...ackend-az-parameters-f9ab30b42b4df37b.yaml | 5 - ...nfs-snapshot-support-ac547f24dddf97e8.yaml | 5 - ...d-related-parameters-58dd288c74b818f7.yaml | 5 - ...s-queue-for-barbican-72477b0b45bcfbd7.yaml | 3 - .../add-ldap-backend-48e875e971343e2a.yaml | 5 - ...ackend-az-parameters-de4d7e84fc65a3ed.yaml | 5 - ...dd-memcache-security-92060c4fe540774c.yaml | 7 - .../add-memcached-port-048959c2f58f0a57.yaml | 6 - ...mistral-event-engine-05097cb76834f09d.yaml | 4 - ...l_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml | 5 - ...utron-agent-wrappers-bf84104f3607264b.yaml | 8 - .../add-neutron-tls-8d020c63f14408d0.yaml | 5 - ...via-auth-to-keystone-d0353544c0e27b57.yaml | 3 - ...ia-ovn-nb-connection-9d5bc428c4ff35af.yaml | 5 - ...octavia-provider-ovn-6734aa08af4772e4.yaml | 5 - ...-service-auth-config-acc4adb3e6c4542d.yaml | 5 - .../add-opendaylight-ha-47a40c03917faf9c.yaml | 5 - .../add-purge-tables-4f2de7c7e12ccf0c.yaml | 6 - .../add-sfc-support-a1eb6d2bbadcf074.yaml | 4 - ...-for-IPv6-deployment-988400c781b92066.yaml | 4 - ...-support-for-octavia-f1e472af89e9a05c.yaml | 4 - ...inspector-via-apache-ea70e9fa1ad04553.yaml | 6 - ...port-for-pure-cinder-d45e6aaf3e243c91.yaml | 3 - ...add-tls-opendaylight-a3f943a0f6012424.yaml | 5 - ...meout-for-haproxy-ui-0705dfd671f9f487.yaml | 6 - .../add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml | 4 - ...via-haproxy-endpoint-8d20b5bfd11f8d89.yaml | 4 - .../notes/aide-removed-14f41082b1424a53.yaml | 4 - ...ng-pci-dev-for-sriov-bbc29f62fcac10ff.yaml | 5 - .../apache_mpm_tuning-deafdf6610ce57b2.yaml | 6 - ...lect-migration-proxy-2400e9c69fc620ba.yaml | 14 - ...led-protocols-manila-86b6662a8b617866.yaml | 6 - .../bugfix-1664561-50d76b25addb08dd.yaml | 4 - ...p-agents-per-network-3089c5e7b15f8b7b.yaml | 6 - ...h_dashboard_endpoint-10035021352fc190.yaml | 6 - ...eph_grafana_endpoint-0e220cb59ee679e0.yaml | 5 - ...der-rbd-backend-host-2b37388637756c80.yaml | 14 - ...ckup-gcs-s3-backends-52503ffa22c0b83d.yaml | 7 - ...r-backup-nfs-backend-59bf771a58af65f6.yaml | 4 - ...-default-volume-type-a344cea7ab4b4b2a.yaml | 6 - ...-excluded-domain_ips-1004544d96796e76.yaml | 6 - ...pp-hieradata-changes-3004544d96796e76.yaml | 9 - ...er-rbd-extra-options-c13a1e84b6452fac.yaml | 6 - ...nder-rbd-multiconfig-285d1542ef08fa10.yaml | 6 - ...volume-active-active-ffaa12e6ba862f51.yaml | 7 - ...eanup_odl_clustering-7efdd58639df88a5.yaml | 8 - ...d_migration_security-1543136408c76459.yaml | 10 - ...cold_migration_setup-dc4ebd834920c27f.yaml | 4 - ...posable-network-vips-a1b9b738561a8214.yaml | 11 - ...ffic-to-internal_api-ddc96d24c7018b81.yaml | 10 - ...ilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml | 5 - .../notes/dellsc-driver-b7cd300a24a64b01.yaml | 5 - ...heat-APIs-over-httpd-46b111d0a4a4eed4.yaml | 3 - .../deployment_user-6df5c1c2fe8b7b6b.yaml | 5 - ...ovn-from-octavia-api-15e33154a31f20ec.yaml | 7 - ...ate-redis-file-limit-4a60fa0fde4667ef.yaml | 5 - ...e-redis-coordination-b4afdcc8855cc0ca.yaml | 4 - ...able-odl-port-status-117c1d9c2f3235e9.yaml | 6 - ...light-ha-port-status-0a97e10e6456661c.yaml | 5 - .../docker_profile-8571ae260eec69b8.yaml | 4 - .../docker_registry-163bf23bc95761a8.yaml | 5 - ...able-languages-in-ui-88a8caa6db9b4dd7.yaml | 5 - ...ficate-configuration-d8924916efc3054b.yaml | 5 - ...external-swift-proxy-f12c99b34516a023.yaml | 5 - ...daylight_port_status-1ee052b299b36b83.yaml | 5 - .../ensure-ssl-conf-2f32c6ead6f3bb0e.yaml | 10 - .../notes/etcd-tls-bb8605c91ff8a94c.yaml | 3 - ...rewall-chain-updates-f2b9d6ced9bde846.yaml | 4 - ...es-support-ipversion-c9e2adeca34b2fd0.yaml | 9 - ...rewall-service-rules-6586a2c138dfe338.yaml | 10 - .../firewall_table-f58ec47de40ec62d.yaml | 5 - ...ation-during-updates-aecfab9a4aa8770b.yaml | 6 - ...-masquerade-networks-c9ab4affb17627e1.yaml | 6 - ...x-neutron-cert-perms-4a034bb516be6f9f.yaml | 4 - ...ix-odl-haproxy-check-ce000de26141fa7e.yaml | 5 - ...x-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml | 6 - ...openflow-port-resync-79b5f69b71740a6c.yaml | 6 - ...l-ovs-pipeline-check-7622d3e5a6ed2ee1.yaml | 6 - .../fix-odl-tls-owner-77d2d71fe39ea3e7.yaml | 5 - ...ht-websocket-haproxy-7220b0c25ff13faa.yaml | 5 - ...x-sriov-neutron-base-3e32bd667886c474.yaml | 3 - .../flashblade_driver-bd6df03b7f140071.yaml | 4 - ...galera-install-rsync-b2f2504f12cc0cfd.yaml | 6 - .../glance-multistore-766022d470827d1d.yaml | 8 - .../haproxy-basic-auth-e2839941c806c615.yaml | 8 - ...oxy-custom-bind-opts-09226d990c62063d.yaml | 10 - .../haproxy-facility-8196cc8e1299d79b.yaml | 3 - ...oxy-frontend-backend-e3719b323e84fd2c.yaml | 12 - ...-leastconn-overrides-bdb2068ef794ff1d.yaml | 9 - .../haproxy-logging-13b333a7e9d9558e.yaml | 10 - ...ove-activate_httplog-87325732ab9ca721.yaml | 6 - ...xy-service-endpoints-4351bd4666dfe9a7.yaml | 11 - ...xy_cell_server_names-5cc0e81836d568b7.yaml | 7 - ...xy_dynamic_endpoints-bf618ef45674bea4.yaml | 8 - ...oxy_globals_override-7a573da1c8633f01.yaml | 5 - ...aproxy_socket_access-ba72ad281ca64287.yaml | 7 - .../heat_api_timeout-cbb01242534cec79.yaml | 5 - .../notes/hpelefthand_8474c416b0d411e6.yaml | 3 - ...aproxy-http-services-ace7d9bf94610ed9.yaml | 6 - ...odb_buffer_pool_size-6fa946cf008a4606.yaml | 4 - ...nnodb_file_per_table-f925b3bbf29d44ea.yaml | 20 - ...sh_log_at_trx_commit-eb7d99749ca3c911.yaml | 17 - ...mysql-user-interface-e16d62f3743128a0.yaml | 6 - ...-inspection-ip-range-f10297dd32f3721b.yaml | 6 - ...networking-baremetal-ebb19eca5fa235bc.yaml | 4 - .../ironic-ssh-removal-e5f40b477cf7357c.yaml | 5 - .../notes/isilon_driver_bfa347d073cd11e7.yaml | 4 - .../keepalived-test-f3eddf57a5b4d433.yaml | 9 - ...eepalived_deprecated-199df5a0f3f35189.yaml | 4 - .../key-manager-backend-e8bd95b728bb0d0e.yaml | 6 - ...-notification-topics-5b155e7b5e60b7fd.yaml | 7 - .../keystone_member-70065ba9269c4bfd.yaml | 6 - .../l2gw_agent_support-2bc24b539da738a8.yaml | 3 - .../l2gw_plugin_support-e0b1faafe8e1135f.yaml | 3 - .../notes/login_defs-1d1b32c233a33b2f.yaml | 10 - ...-containers-compress-96934a4e76b9689d.yaml | 5 - ...ate-containers-purge-56143a979ba80b51.yaml | 38 - ...-copytruncate-hourly-f0851bec551f5f5f.yaml | 5 - .../messaging-amqp-7efec1bcb435e7cf.yaml | 4 - ...o-messaging-services-f29943b2eafd24e6.yaml | 5 - ...on-for-glance-netapp-47668bb602316024.yaml | 4 - .../mistral-mod-wsgi-1a1d3eb279daa7fd.yaml | 7 - .../modular-libvirt-c19ccf0f0118c88c.yaml | 15 - .../notes/mongodb_drop-02daffbfe4975cb9.yaml | 8 - ...itor_interval_ovndbs-6af18ba7f4a17cc5.yaml | 4 - ...ve-ceilo-upgrade-out-3318df875de5cd00.yaml | 6 - ...e-cinder-rbd-backend-ef2767baf771b741.yaml | 7 - ...mysql_bundle_options-b5ecf4c4472cca01.yaml | 8 - .../networking-ansible-741fd4a6c8374db8.yaml | 3 - ...switch-agent-profile-1250bb1518199a67.yaml | 5 - .../neutron_iptables-9ea317c73b79929d.yaml | 5 - ...conntrack_proto_sctp-a64300a3fc7b4e55.yaml | 9 - .../notes/nokolla-7898fe76cf623a0c.yaml | 9 - .../nova-cache-in-tht-533e048fd6ccc65f.yaml | 6 - .../notes/nova-endpoint-a957a840ee653307.yaml | 5 - ...va-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml | 7 - ...-remove-wsgi-enabled-5899b7d6d77a4fd4.yaml | 7 - .../nova_cells_setup-2c3e3344d8adcc26.yaml | 3 - ...ute_include_metadata-21757b44cb976e5d.yaml | 7 - ...e_migration_force_nc-f903a09955164ad9.yaml | 15 - .../nova_metadata_wsgi-bbc8e5e053282a83.yaml | 7 - ...etadata_wsgi-cleanup-4b4877fe73f25c2e.yaml | 10 - .../nova_migration_qemu-fc2150565dae8d33.yaml | 5 - ...nc_proxy_ssl_support-507a776063403a8e.yaml | 7 - ...d_for_disk_migration-2e16003c4764a399.yaml | 12 - ...ove_nova-consoleauth-c126434b3dbda106.yaml | 15 - ...ova_virtlogd_wrapper-43c6c319db2a36ef.yaml | 16 - ...ng-separate-backends-69aabd30ba470e61.yaml | 4 - .../notes/ovn-ha-c7668c26aefb8f2d.yaml | 4 - .../notes/ovn-ssl-298db2d617d7cc5e.yaml | 16 - ...emote_probe_interval-6fcbdb1e2c9a9a33.yaml | 9 - .../ovs-hw-offload-89a49899af3b9892.yaml | 4 - .../pacemaker-selinux-8dc0344afd5d64bd.yaml | 5 - ...vice-options-haproxy-75f5f00cf5243ecb.yaml | 9 - .../powerflex-driver-f728e372280c44e6.yaml | 3 - .../powermax-driver-d428e372280c44e6.yaml | 5 - .../powerstore-driver-e428e372280c44e6.yaml | 3 - .../proxy-api-endpoints-359e5fb64d80d400.yaml | 6 - .../ps-san-private_key-5a9f11e7907ba600.yaml | 4 - releasenotes/notes/ptp-062b1d1f2d9f2275.yaml | 6 - .../notes/puppet-auditd-0f6cbd6a2d193aac.yaml | 4 - ..._add_iscsi_cidr_list-bac3b40a3137f06d.yaml | 5 - .../notes/pure_nvme-02263cb67d33e7f4.yaml | 7 - ...update_cinder_params-94940d1d3ca46877.yaml | 6 - ..._remove_postsave_cmd-07ad04ac44d7b706.yaml | 7 - .../rabbitmq-user-check-95da891a2e197d89.yaml | 6 - ...bitmq_extra_policies-69cbc0a4afeac963.yaml | 5 - ...itmq_password_change-4fce15c9ebb0e20c.yaml | 4 - ...rbd-disk-cache-modes-b6b75fa2e52b8915.yaml | 5 - ...re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml | 5 - .../notes/redfish-9203af1f7bf02bc5.yaml | 5 - .../remove-cephfsnative-0d3d76746ee928ab.yaml | 4 - ...-glance-nfs-mounting-3833e08ecc83c6dc.yaml | 7 - ...-heat-api-cloudwatch-bb2b8d0cdff775e2.yaml | 5 - .../remove-login_defs-408e25efb875425f.yaml | 5 - ...remove-neutron-lbaas-f6337e030a200b64.yaml | 12 - .../notes/remove-ntp-34d5eb69bfc231b0.yaml | 4 - .../notes/remove-odl-1ca26e0ffcbd13b5.yaml | 5 - .../remove-old-urls-dea2b7fdcb50dd48.yaml | 12 - .../remove-stack-action-4f0eaef2405d39da.yaml | 4 - ...port-for-puppet-ceph-bbe044bd575d1239.yaml | 9 - ...ove_bootstrap_nodeid-c5109a575c538bda.yaml | 8 - ...ve_puppet_certmonger-843205d2ef88d6e4.yaml | 6 - ...obe_interval_ovn_dbs-df22bef3bb12a0f7.yaml | 6 - ...trict-mongodb-memory-c19d69638b63feb4.yaml | 6 - .../rgw-keystone-v3-43ef17dd10f825be.yaml | 5 - .../notes/rsyslog-205c11903ed92bdf.yaml | 5 - .../notes/rsyslog-tls-dfa676eda2ec646f.yaml | 3 - .../sahara_auth_v3-65bd276b39b4e284.yaml | 4 - .../notes/sc-driver-a428e372280c44e6.yaml | 5 - ...d_driver_deprecation_2368457faab68824.yaml | 4 - ...o_driver_deprecation_4468457faab68824.yaml | 4 - .../notes/securetty-6a10eefd601e45ca.yaml | 6 - .../security-compliance-1f5cb3b3be9f7657.yaml | 5 - .../sensubility-scripts-994014edfcc2da88.yaml | 6 - ...tup_timeouts_ovn_dbs-630a7ccfda5976a5.yaml | 10 - .../notes/snmdd_config-db21f3175967be4a.yaml | 11 - ...lit-up-neutron-lbaas-f0c248220ed872cd.yaml | 9 - .../notes/sriov_numvfs-40564db9e1be589b.yaml | 4 - releasenotes/notes/sshd-437c531301f458bb.yaml | 5 - ...rt-httpd-step3-and-4-2bd7be9e1429ef6d.yaml | 5 - ...-container-ring-mgmt-ecf65b9fbae0d297.yaml | 8 - ...ift-create-local-dir-b00292e623d03044.yaml | 7 - ...t-dispersion-profile-09dc69980028e751.yaml | 6 - ...add-audit-middleware-290db6db952d690f.yaml | 5 - ...roxy-use-hash-suffix-b04c2ac17a2c8c38.yaml | 6 - ...wift-ring-curl-retry-1c329d1808b7f02c.yaml | 8 - .../notes/tuned-removed-ab68a7109a1e7403.yaml | 4 - .../notes/unity_driver_aaa347d073cd11e7.yaml | 4 - .../notes/unity_driver_aba347d073cd11e7.yaml | 4 - .../notes/unity_driver_afa347d073cd11e7.yaml | 4 - ...a-ocf-resource-agent-0db89eb7c55e64ca.yaml | 6 - .../notes/use-reno-80402e5526a598aa.yaml | 6 - ...scale-driver-profile-970b5cb72f9fdcba.yaml | 3 - .../notes/vf-lag-sriov-ec194ecd4b447a46.yaml | 4 - .../notes/vip-bind-nic-11e80207fcb78a20.yaml | 10 - .../virtlogd_config-8bc3aad489caf8a3.yaml | 6 - ...x_driver_deprecation_1368457faab68824.yaml | 4 - .../notes/vnc_tls-7e5f275217117f78.yaml | 10 - .../vncserver_listen-4417377cac38464c.yaml | 7 - .../notes/vnx_driver_aea44d073cd161e7.yaml | 4 - .../notes/vnx_driver_bea44d073cd161e7.yaml | 4 - .../notes/vnx_driver_cea44d073cd161e7.yaml | 4 - releasenotes/notes/vpp-7368457faab68824.yaml | 7 - .../notes/vpp-ml2-9c1321fa30f3b172.yaml | 3 - .../vxflexos-driver-aec8e372280c44e6.yaml | 3 - ...s_driver_deprecation_5568457faab68824.yaml | 5 - ...per-containers-debug-f141d964548eb2ea.yaml | 17 - ...mio-add-ports-option-b1e60a97ba56f21e.yaml | 5 - .../xtremio-driver-f428e372280c44e6.yaml | 5 - ...si-remove-deprecated-da9224d14cef4fde.yaml | 6 - .../xtremio_driver_cea44d073cd161e7.yaml | 4 - ...d_driver_deprecation_3368457faab68824.yaml | 4 - .../notes/zaqar-httpd-93db7feb60622687.yaml | 3 - .../notes/zaqar-redis-5ff1028b66fd47a8.yaml | 4 - ..._undercloud_backends-66c268161cf7840e.yaml | 6 - releasenotes/source/_static/.placeholder | 0 releasenotes/source/conf.py | 265 --- releasenotes/source/index.rst | 17 - releasenotes/source/ocata.rst | 6 - releasenotes/source/pike.rst | 6 - releasenotes/source/queens.rst | 6 - releasenotes/source/rocky.rst | 6 - releasenotes/source/stein.rst | 6 - releasenotes/source/train.rst | 6 - releasenotes/source/unreleased.rst | 5 - releasenotes/source/ussuri.rst | 6 - releasenotes/source/victoria.rst | 6 - releasenotes/source/wallaby.rst | 6 - setup.cfg | 15 - setup.py | 23 - spec/classes/tripleo_config_spec.rb | 45 - spec/classes/tripleo_haproxy_spec.rb | 218 -- spec/classes/tripleo_haproxy_stats_spec.rb | 104 - spec/classes/tripleo_init_spec.rb | 23 - .../tripleo_profile_base_aodh_api_spec.rb | 121 -- ...ripleo_profile_base_aodh_authtoken_spec.rb | 86 - ...ripleo_profile_base_aodh_evaluator_spec.rb | 71 - ...tripleo_profile_base_aodh_listener_spec.rb | 56 - ...tripleo_profile_base_aodh_notifier_spec.rb | 56 - .../classes/tripleo_profile_base_aodh_spec.rb | 98 - .../tripleo_profile_base_apache_spec.rb | 82 - .../tripleo_profile_base_barbican_api_spec.rb | 112 - ...eo_profile_base_barbican_authtoken_spec.rb | 86 - ...leo_profile_base_barbican_backends_spec.rb | 95 - .../tripleo_profile_base_barbican_spec.rb | 56 - ...base_ceilometer_agent_notification_spec.rb | 67 - ...file_base_ceilometer_agent_polling_spec.rb | 72 - .../tripleo_profile_base_ceilometer_spec.rb | 117 -- .../tripleo_profile_base_cinder_api_spec.rb | 122 -- ...pleo_profile_base_cinder_authtoken_spec.rb | 86 - ...eo_profile_base_cinder_backup_ceph_spec.rb | 59 - ...leo_profile_base_cinder_backup_gcs_spec.rb | 84 - ...leo_profile_base_cinder_backup_nfs_spec.rb | 59 - ...pleo_profile_base_cinder_backup_s3_spec.rb | 59 - ...tripleo_profile_base_cinder_backup_spec.rb | 56 - ...o_profile_base_cinder_backup_swift_spec.rb | 59 - ...pleo_profile_base_cinder_powerflex_spec.rb | 58 - ...ipleo_profile_base_cinder_powermax_spec.rb | 74 - ...leo_profile_base_cinder_powerstore_spec.rb | 79 - .../tripleo_profile_base_cinder_sc_spec.rb | 72 - ...pleo_profile_base_cinder_scheduler_spec.rb | 56 - .../tripleo_profile_base_cinder_spec.rb | 188 -- .../tripleo_profile_base_cinder_unity_spec.rb | 73 - .../tripleo_profile_base_cinder_vnx_spec.rb | 74 - ...profile_base_cinder_volume_ibm_svf_spec.rb | 78 - ...o_profile_base_cinder_volume_iscsi_spec.rb | 83 - ..._profile_base_cinder_volume_netapp_spec.rb | 81 - ...leo_profile_base_cinder_volume_nfs_spec.rb | 132 -- ..._profile_base_cinder_volume_nvmeof_spec.rb | 74 - ...eo_profile_base_cinder_volume_pure_spec.rb | 74 - ...leo_profile_base_cinder_volume_rbd_spec.rb | 181 -- ...tripleo_profile_base_cinder_volume_spec.rb | 571 ----- ...ripleo_profile_base_cinder_xtremio_spec.rb | 72 - ...profile_base_database_mysql_client_spec.rb | 97 - ...ripleo_profile_base_database_mysql_spec.rb | 41 - ...ripleo_profile_base_database_redis_spec.rb | 55 - ...tripleo_profile_base_designate_api_spec.rb | 78 - ...o_profile_base_designate_authtoken_spec.rb | 86 - ...leo_profile_base_designate_backend_spec.rb | 56 - ...leo_profile_base_designate_central_spec.rb | 123 -- ...rofile_base_designate_coordination_spec.rb | 83 - ...ripleo_profile_base_designate_mdns_spec.rb | 67 - ...eo_profile_base_designate_producer_spec.rb | 81 - ...ripleo_profile_base_designate_sink_spec.rb | 67 - .../tripleo_profile_base_designate_spec.rb | 69 - ...pleo_profile_base_designate_worker_spec.rb | 69 - .../classes/tripleo_profile_base_etcd_spec.rb | 131 -- .../tripleo_profile_base_glance_api_spec.rb | 264 --- ...pleo_profile_base_glance_authtoken_spec.rb | 86 - ...profile_base_glance_backend_cinder_spec.rb | 137 -- ...o_profile_base_glance_backend_file_spec.rb | 105 - ...eo_profile_base_glance_backend_rbd_spec.rb | 134 -- ..._profile_base_glance_backend_swift_spec.rb | 98 - .../tripleo_profile_base_gnocchi_api_spec.rb | 180 -- ...leo_profile_base_gnocchi_authtoken_spec.rb | 86 - ...ipleo_profile_base_gnocchi_metricd_spec.rb | 69 - .../tripleo_profile_base_gnocchi_spec.rb | 103 - ...ripleo_profile_base_gnocchi_statsd_spec.rb | 69 - .../tripleo_profile_base_heat_api_cfn_spec.rb | 109 - .../tripleo_profile_base_heat_api_spec.rb | 109 - ...ripleo_profile_base_heat_authtoken_spec.rb | 86 - .../tripleo_profile_base_heat_engine_spec.rb | 101 - .../classes/tripleo_profile_base_heat_spec.rb | 233 --- .../tripleo_profile_base_horizon_spec.rb | 149 -- .../tripleo_profile_base_ironic_api_spec.rb | 121 -- ...pleo_profile_base_ironic_authtoken_spec.rb | 86 - ...le_base_ironic_inspector_authtoken_spec.rb | 86 - ...pleo_profile_base_ironic_inspector_spec.rb | 120 -- .../tripleo_profile_base_ironic_spec.rb | 111 - .../tripleo_profile_base_iscsid_spec.rb | 62 - .../tripleo_profile_base_keystone_spec.rb | 267 --- ...leo_profile_base_logging_logrotate_spec.rb | 59 - ...ipleo_profile_base_logging_rsyslog_spec.rb | 152 -- spec/classes/tripleo_profile_base_lvm_spec.rb | 53 - .../tripleo_profile_base_manila_api_spec.rb | 226 -- ...pleo_profile_base_manila_authtoken_spec.rb | 86 - ...pleo_profile_base_manila_scheduler_spec.rb | 76 - .../tripleo_profile_base_manila_share_spec.rb | 78 - .../tripleo_profile_base_manila_spec.rb | 127 -- .../tripleo_profile_base_memcached_spec.rb | 76 - ..._base_metrics_collectd_sensubility_spec.rb | 76 - ...pleo_profile_base_metrics_collectd_spec.rb | 157 -- .../tripleo_profile_base_metrics_qdr_spec.rb | 235 --- ...leo_profile_base_neutron_authtoken_spec.rb | 86 - .../tripleo_profile_base_neutron_dhcp_spec.rb | 85 - .../tripleo_profile_base_neutron_l3_spec.rb | 55 - ...ipleo_profile_base_neutron_ml2_vts_spec.rb | 98 - .../tripleo_profile_base_neutron_ovs_spec.rb | 99 - ...ofile_base_neutron_plugins_ml2_ovn_spec.rb | 258 --- ...ripleo_profile_base_neutron_server_spec.rb | 217 -- .../tripleo_profile_base_neutron_spec.rb | 99 - .../tripleo_profile_base_nova_api_spec.rb | 180 -- ...ripleo_profile_base_nova_authtoken_spec.rb | 86 - ...o_profile_base_nova_compute_ironic_spec.rb | 67 - ..._profile_base_nova_compute_libvirt_spec.rb | 86 - .../tripleo_profile_base_nova_compute_spec.rb | 120 -- ...ripleo_profile_base_nova_conductor_spec.rb | 113 - .../tripleo_profile_base_nova_libvirt_spec.rb | 242 --- ...tripleo_profile_base_nova_metadata_spec.rb | 169 -- ...profile_base_nova_migration_client_spec.rb | 190 -- ...ripleo_profile_base_nova_migration_spec.rb | 40 - ...profile_base_nova_migration_target_spec.rb | 165 -- ...ripleo_profile_base_nova_scheduler_spec.rb | 64 - .../classes/tripleo_profile_base_nova_spec.rb | 185 -- ...tripleo_profile_base_nova_vncproxy_spec.rb | 62 - .../tripleo_profile_base_octavia_api_spec.rb | 182 -- ...leo_profile_base_octavia_authtoken_spec.rb | 86 - ...rofile_base_octavia_health_manager_spec.rb | 85 - ..._profile_base_octavia_housekeeping_spec.rb | 85 - ..._profile_base_octavia_provider_ovn_spec.rb | 174 -- .../tripleo_profile_base_octavia_spec.rb | 157 -- ...ripleo_profile_base_octavia_worker_spec.rb | 85 - .../tripleo_profile_base_pacemaker_spec.rb | 71 - ...tripleo_profile_base_placement_api_spec.rb | 131 -- ...o_profile_base_placement_authtoken_spec.rb | 86 - .../tripleo_profile_base_placement_spec.rb | 93 - spec/classes/tripleo_profile_base_qdr_spec.rb | 158 -- .../classes/tripleo_profile_base_snmp_spec.rb | 108 - .../classes/tripleo_profile_base_sshd_spec.rb | 188 -- .../tripleo_profile_base_swift_proxy_spec.rb | 138 -- ...leo_profile_base_swift_ringbuilder_spec.rb | 65 - .../tripleo_profile_base_swift_spec.rb | 86 - ...ile_pacemaker_cinder_backup_bundle_spec.rb | 124 -- ...ile_pacemaker_cinder_volume_bundle_spec.rb | 130 -- ...file_pacemaker_manila_share_bundle_spec.rb | 143 -- spec/defines/tripleo_haproxy_endpoint_spec.rb | 114 - .../tripleo_haproxy_service_endpoints_spec.rb | 49 - spec/defines/tripleo_haproxy_userlist_spec.rb | 56 - ...o_profile_base_database_mysql_user_spec.rb | 43 - ...le_base_logging_rsyslog_file_input_spec.rb | 78 - ...etrics_collectd_sensubility_script_spec.rb | 45 - ...se_neutron_wrappers_dibbler_client_spec.rb | 59 - ...file_base_neutron_wrappers_dnsmasq_spec.rb | 60 - ...file_base_neutron_wrappers_haproxy_spec.rb | 63 - ...e_base_neutron_wrappers_keepalived_spec.rb | 60 - ...n_wrappers_keepalived_state_change_spec.rb | 56 - ...rofile_base_neutron_wrappers_radvd_spec.rb | 63 - spec/fixtures/hiera.yaml | 8 - spec/fixtures/hieradata/default.yaml | 225 -- spec/fixtures/hieradata/step1.yaml | 2 - spec/fixtures/hieradata/step2.yaml | 12 - spec/fixtures/hieradata/step3.yaml | 10 - spec/fixtures/hieradata/step4.yaml | 7 - spec/fixtures/hieradata/step5.yaml | 50 - spec/fixtures/hieradata/step6.yaml | 2 - .../docker_volumes_to_storage_maps_spec.rb | 19 - spec/functions/ip_to_erl_format_spec.rb | 11 - spec/functions/list_to_hash_spec.rb | 11 - spec/functions/noop_resource_spec.rb | 16 - spec/functions/tripleo_swift_devices_spec.rb | 13 - spec/shared_examples.rb | 5 - spec/spec_helper.rb | 26 - spec/spec_helper_acceptance.rb | 1 - templates/designate/rndc.key.erb | 4 - .../logrotate/containers_logrotate.conf.erb | 33 - .../metrics/collectd-sensubility.conf.epp | 74 - templates/metrics/libpodstats.conf.epp | 4 - templates/neutron/dibbler-client.epp | 57 - templates/neutron/dnsmasq.epp | 54 - templates/neutron/haproxy.epp | 55 - templates/neutron/keepalived.epp | 56 - .../neutron-keepalived-state-change.epp | 40 - templates/neutron/radvd.epp | 54 - templates/nova/virtlogd.epp | 53 - templates/rabbitmq/ssl-dist.conf.erb | 21 - templates/rsyslog_sidecar/rsyslog.conf.erb | 7 - templates/stunnel/foreground.erb | 2 - templates/stunnel/service.erb | 7 - tox.ini | 12 - zuul.d/layout.yaml | 33 - 680 files changed, 10 insertions(+), 42085 deletions(-) delete mode 100644 .gitignore delete mode 100644 .sync.yml delete mode 100644 Gemfile delete mode 100644 LICENSE delete mode 100644 Puppetfile_extras delete mode 100644 README.md create mode 100644 README.rst delete mode 100644 Rakefile delete mode 100644 bindep.txt delete mode 100644 doc/requirements.txt delete mode 100755 files/mysql_ed25519_password.py delete mode 100644 lib/facter/alt_fqdns.rb delete mode 100644 lib/facter/netmask_ipv6.rb delete mode 100644 lib/facter/nic_alias.rb delete mode 100644 lib/facter/stonith_levels.rb delete mode 100644 lib/puppet/functions/docker_volumes_to_storage_maps.rb delete mode 100644 lib/puppet/functions/ip_to_erl_format.rb delete mode 100644 lib/puppet/functions/list_to_hash.rb delete mode 100644 lib/puppet/functions/merge_hash_values.rb delete mode 100644 lib/puppet/functions/mysql_ed25519_password.rb delete mode 100644 lib/puppet/functions/noop_resource.rb delete mode 100644 lib/puppet/functions/pacemaker_bundle_replicas.rb delete mode 100644 lib/puppet/functions/qdr_ssl_certificate.rb delete mode 100644 lib/puppet/functions/tripleo_swift_devices.rb delete mode 100644 lib/puppet/parser/functions/interface_for_ip.rb delete mode 100644 lib/puppet/parser/functions/local_fence_devices.rb delete mode 100644 lib/puppet/provider/package/norpm.rb delete mode 100644 manifests/config.pp delete mode 100644 manifests/fencing.pp delete mode 100644 manifests/haproxy.pp delete mode 100644 manifests/haproxy/endpoint.pp delete mode 100644 manifests/haproxy/horizon_endpoint.pp delete mode 100644 manifests/haproxy/service_endpoints.pp delete mode 100644 manifests/haproxy/stats.pp delete mode 100644 manifests/haproxy/userlist.pp delete mode 100644 manifests/init.pp delete mode 100644 manifests/noop.pp delete mode 100644 manifests/pacemaker/haproxy_with_vip.pp delete mode 100644 manifests/packages.pp delete mode 100644 manifests/profile/base/aodh.pp delete mode 100644 manifests/profile/base/aodh/api.pp delete mode 100644 manifests/profile/base/aodh/authtoken.pp delete mode 100644 manifests/profile/base/aodh/evaluator.pp delete mode 100644 manifests/profile/base/aodh/listener.pp delete mode 100644 manifests/profile/base/aodh/notifier.pp delete mode 100644 manifests/profile/base/apache.pp delete mode 100644 manifests/profile/base/barbican.pp delete mode 100644 manifests/profile/base/barbican/api.pp delete mode 100644 manifests/profile/base/barbican/authtoken.pp delete mode 100644 manifests/profile/base/barbican/backends.pp delete mode 100644 manifests/profile/base/ceilometer.pp delete mode 100644 manifests/profile/base/ceilometer/agent/notification.pp delete mode 100644 manifests/profile/base/ceilometer/agent/polling.pp delete mode 100644 manifests/profile/base/cinder.pp delete mode 100644 manifests/profile/base/cinder/api.pp delete mode 100644 manifests/profile/base/cinder/authtoken.pp delete mode 100644 manifests/profile/base/cinder/backup.pp delete mode 100644 manifests/profile/base/cinder/backup/ceph.pp delete mode 100644 manifests/profile/base/cinder/backup/gcs.pp delete mode 100644 manifests/profile/base/cinder/backup/nfs.pp delete mode 100644 manifests/profile/base/cinder/backup/s3.pp delete mode 100644 manifests/profile/base/cinder/backup/swift.pp delete mode 100644 manifests/profile/base/cinder/scheduler.pp delete mode 100644 manifests/profile/base/cinder/volume.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_powerflex.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_powermax.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_powerstore.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_sc.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_unity.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_vnx.pp delete mode 100644 manifests/profile/base/cinder/volume/dellemc_xtremio.pp delete mode 100644 manifests/profile/base/cinder/volume/ibm_svf.pp delete mode 100644 manifests/profile/base/cinder/volume/iscsi.pp delete mode 100644 manifests/profile/base/cinder/volume/netapp.pp delete mode 100644 manifests/profile/base/cinder/volume/nfs.pp delete mode 100644 manifests/profile/base/cinder/volume/nvmeof.pp delete mode 100644 manifests/profile/base/cinder/volume/pure.pp delete mode 100644 manifests/profile/base/cinder/volume/rbd.pp delete mode 100644 manifests/profile/base/database/mysql.pp delete mode 100644 manifests/profile/base/database/mysql/client.pp delete mode 100644 manifests/profile/base/database/mysql/include_and_check_auth.pp delete mode 100644 manifests/profile/base/database/mysql/user.pp delete mode 100644 manifests/profile/base/database/mysql/users.pp delete mode 100644 manifests/profile/base/database/redis.pp delete mode 100644 manifests/profile/base/designate.pp delete mode 100644 manifests/profile/base/designate/api.pp delete mode 100644 manifests/profile/base/designate/authtoken.pp delete mode 100644 manifests/profile/base/designate/backend.pp delete mode 100644 manifests/profile/base/designate/central.pp delete mode 100644 manifests/profile/base/designate/coordination.pp delete mode 100644 manifests/profile/base/designate/mdns.pp delete mode 100644 manifests/profile/base/designate/producer.pp delete mode 100644 manifests/profile/base/designate/sink.pp delete mode 100644 manifests/profile/base/designate/worker.pp delete mode 100644 manifests/profile/base/etcd.pp delete mode 100644 manifests/profile/base/glance/api.pp delete mode 100644 manifests/profile/base/glance/authtoken.pp delete mode 100644 manifests/profile/base/glance/backend/cinder.pp delete mode 100644 manifests/profile/base/glance/backend/file.pp delete mode 100644 manifests/profile/base/glance/backend/rbd.pp delete mode 100644 manifests/profile/base/glance/backend/swift.pp delete mode 100644 manifests/profile/base/glance/netapp.pp delete mode 100644 manifests/profile/base/gnocchi.pp delete mode 100644 manifests/profile/base/gnocchi/api.pp delete mode 100644 manifests/profile/base/gnocchi/authtoken.pp delete mode 100644 manifests/profile/base/gnocchi/metricd.pp delete mode 100644 manifests/profile/base/gnocchi/statsd.pp delete mode 100644 manifests/profile/base/haproxy.pp delete mode 100644 manifests/profile/base/heat.pp delete mode 100644 manifests/profile/base/heat/api.pp delete mode 100644 manifests/profile/base/heat/api_cfn.pp delete mode 100644 manifests/profile/base/heat/authtoken.pp delete mode 100644 manifests/profile/base/heat/engine.pp delete mode 100644 manifests/profile/base/horizon.pp delete mode 100644 manifests/profile/base/ironic.pp delete mode 100644 manifests/profile/base/ironic/api.pp delete mode 100644 manifests/profile/base/ironic/authtoken.pp delete mode 100644 manifests/profile/base/ironic/conductor.pp delete mode 100644 manifests/profile/base/ironic_inspector.pp delete mode 100644 manifests/profile/base/ironic_inspector/authtoken.pp delete mode 100644 manifests/profile/base/iscsid.pp delete mode 100644 manifests/profile/base/keystone.pp delete mode 100644 manifests/profile/base/logging/logrotate.pp delete mode 100644 manifests/profile/base/logging/rsyslog.pp delete mode 100644 manifests/profile/base/logging/rsyslog/file_input.pp delete mode 100644 manifests/profile/base/lvm.pp delete mode 100644 manifests/profile/base/manila.pp delete mode 100644 manifests/profile/base/manila/api.pp delete mode 100644 manifests/profile/base/manila/authtoken.pp delete mode 100644 manifests/profile/base/manila/scheduler.pp delete mode 100644 manifests/profile/base/manila/share.pp delete mode 100644 manifests/profile/base/memcached.pp delete mode 100644 manifests/profile/base/metrics/collectd.pp delete mode 100644 manifests/profile/base/metrics/collectd/collectd_plugin.pp delete mode 100644 manifests/profile/base/metrics/collectd/collectd_service.pp delete mode 100644 manifests/profile/base/metrics/collectd/libpodstats.pp delete mode 100644 manifests/profile/base/metrics/collectd/plugin_helper.pp delete mode 100644 manifests/profile/base/metrics/collectd/sensubility.pp delete mode 100644 manifests/profile/base/metrics/collectd/sensubility_script.pp delete mode 100644 manifests/profile/base/metrics/collectd/sqlalchemy_collectd.pp delete mode 100644 manifests/profile/base/metrics/qdr.pp delete mode 100644 manifests/profile/base/neutron.pp delete mode 100644 manifests/profile/base/neutron/agents/bagpipe.pp delete mode 100644 manifests/profile/base/neutron/agents/l2gw.pp delete mode 100644 manifests/profile/base/neutron/agents/mlnx.pp delete mode 100644 manifests/profile/base/neutron/agents/networking_baremetal.pp delete mode 100644 manifests/profile/base/neutron/agents/ovn.pp delete mode 100644 manifests/profile/base/neutron/authtoken.pp delete mode 100644 manifests/profile/base/neutron/bgpvpn.pp delete mode 100644 manifests/profile/base/neutron/dhcp.pp delete mode 100644 manifests/profile/base/neutron/dhcp_agent_wrappers.pp delete mode 100644 manifests/profile/base/neutron/l2gw.pp delete mode 100644 manifests/profile/base/neutron/l3.pp delete mode 100644 manifests/profile/base/neutron/l3_agent_wrappers.pp delete mode 100644 manifests/profile/base/neutron/linuxbridge.pp delete mode 100644 manifests/profile/base/neutron/metadata.pp delete mode 100644 manifests/profile/base/neutron/ovn_metadata.pp delete mode 100644 manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp delete mode 100644 manifests/profile/base/neutron/ovn_northd.pp delete mode 100644 manifests/profile/base/neutron/ovs.pp delete mode 100644 manifests/profile/base/neutron/plugins/ml2.pp delete mode 100644 manifests/profile/base/neutron/plugins/ml2/bagpipe.pp delete mode 100644 manifests/profile/base/neutron/plugins/ml2/networking_baremetal.pp delete mode 100644 manifests/profile/base/neutron/plugins/ml2/ovn.pp delete mode 100644 manifests/profile/base/neutron/plugins/ml2/vts.pp delete mode 100644 manifests/profile/base/neutron/plugins/opencontrail.pp delete mode 100644 manifests/profile/base/neutron/server.pp delete mode 100644 manifests/profile/base/neutron/sfc.pp delete mode 100644 manifests/profile/base/neutron/sriov.pp delete mode 100644 manifests/profile/base/neutron/wrappers/dibbler_client.pp delete mode 100644 manifests/profile/base/neutron/wrappers/dnsmasq.pp delete mode 100644 manifests/profile/base/neutron/wrappers/haproxy.pp delete mode 100644 manifests/profile/base/neutron/wrappers/keepalived.pp delete mode 100644 manifests/profile/base/neutron/wrappers/keepalived_state_change.pp delete mode 100644 manifests/profile/base/neutron/wrappers/radvd.pp delete mode 100644 manifests/profile/base/nova.pp delete mode 100644 manifests/profile/base/nova/api.pp delete mode 100644 manifests/profile/base/nova/authtoken.pp delete mode 100644 manifests/profile/base/nova/compute.pp delete mode 100644 manifests/profile/base/nova/compute/ironic.pp delete mode 100644 manifests/profile/base/nova/compute/libvirt.pp delete mode 100644 manifests/profile/base/nova/compute/libvirt_guests.pp delete mode 100644 manifests/profile/base/nova/compute_libvirt_shared.pp delete mode 100644 manifests/profile/base/nova/conductor.pp delete mode 100644 manifests/profile/base/nova/libvirt.pp delete mode 100644 manifests/profile/base/nova/metadata.pp delete mode 100644 manifests/profile/base/nova/migration.pp delete mode 100644 manifests/profile/base/nova/migration/client.pp delete mode 100644 manifests/profile/base/nova/migration/target.pp delete mode 100644 manifests/profile/base/nova/scheduler.pp delete mode 100644 manifests/profile/base/nova/virtlogd_wrapper.pp delete mode 100644 manifests/profile/base/nova/vncproxy.pp delete mode 100644 manifests/profile/base/nova/wrappers/virtlogd.pp delete mode 100644 manifests/profile/base/octavia.pp delete mode 100644 manifests/profile/base/octavia/api.pp delete mode 100644 manifests/profile/base/octavia/authtoken.pp delete mode 100644 manifests/profile/base/octavia/health_manager.pp delete mode 100644 manifests/profile/base/octavia/housekeeping.pp delete mode 100644 manifests/profile/base/octavia/provider/ovn.pp delete mode 100644 manifests/profile/base/octavia/worker.pp delete mode 100644 manifests/profile/base/pacemaker.pp delete mode 100644 manifests/profile/base/pacemaker/instance_ha.pp delete mode 100644 manifests/profile/base/pacemaker_remote.pp delete mode 100644 manifests/profile/base/placement.pp delete mode 100644 manifests/profile/base/placement/api.pp delete mode 100644 manifests/profile/base/placement/authtoken.pp delete mode 100644 manifests/profile/base/qdr.pp delete mode 100644 manifests/profile/base/rabbitmq.pp delete mode 100644 manifests/profile/base/rsyslog/sidecar.pp delete mode 100644 manifests/profile/base/snmp.pp delete mode 100644 manifests/profile/base/sshd.pp delete mode 100644 manifests/profile/base/swift.pp delete mode 100644 manifests/profile/base/swift/add_devices.pp delete mode 100644 manifests/profile/base/swift/dispersion.pp delete mode 100644 manifests/profile/base/swift/proxy.pp delete mode 100644 manifests/profile/base/swift/ringbuilder.pp delete mode 100644 manifests/profile/base/swift/storage.pp delete mode 100644 manifests/profile/pacemaker/ceph_nfs.pp delete mode 100644 manifests/profile/pacemaker/cinder/backup_bundle.pp delete mode 100644 manifests/profile/pacemaker/cinder/volume_bundle.pp delete mode 100644 manifests/profile/pacemaker/clustercheck.pp delete mode 100644 manifests/profile/pacemaker/compute_instanceha.pp delete mode 100644 manifests/profile/pacemaker/database/mysql_bundle.pp delete mode 100644 manifests/profile/pacemaker/database/redis_bundle.pp delete mode 100644 manifests/profile/pacemaker/haproxy_bundle.pp delete mode 100644 manifests/profile/pacemaker/manila/share_bundle.pp delete mode 100644 manifests/profile/pacemaker/ovn_dbs_bundle.pp delete mode 100644 manifests/profile/pacemaker/ovn_northd.pp delete mode 100644 manifests/profile/pacemaker/rabbitmq_bundle.pp delete mode 100644 manifests/stunnel.pp delete mode 100644 manifests/stunnel/service_proxy.pp delete mode 100644 manifests/tls_proxy.pp delete mode 100644 manifests/trusted_ca.pp delete mode 100644 manifests/trusted_cas.pp delete mode 100644 metadata.json delete mode 100644 releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml delete mode 100644 releasenotes/notes/Add-CRL-resource-d2263462d40f01c0.yaml delete mode 100644 releasenotes/notes/Add-support-for-ibm_svf-driver-01924479bb11063c.yaml delete mode 100644 releasenotes/notes/Composable_role_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml delete mode 100644 releasenotes/notes/Fixes-SRIOV-upper-case-name-checks-306011421f53131d.yaml delete mode 100644 releasenotes/notes/HAProxy-CRL-d05b555f92ff55ed.yaml delete mode 100644 releasenotes/notes/No-TLS-v1.0-0edeac680bb51f94.yaml delete mode 100644 releasenotes/notes/Support-ceph_volume_mode-parameter-220b1026aebd9e3b.yaml delete mode 100644 releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml delete mode 100644 releasenotes/notes/Use-encryption-for-pacemaker-by-default-ca887dca02a21705.yaml delete mode 100644 releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml delete mode 100644 releasenotes/notes/add-barbican-backends-2412df7eef07038e.yaml delete mode 100644 releasenotes/notes/add-bgpvpn-support-77676690fb6dd17b.yaml delete mode 100644 releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml delete mode 100644 releasenotes/notes/add-cinder-backend-az-parameters-f9ab30b42b4df37b.yaml delete mode 100644 releasenotes/notes/add-cinder-nfs-snapshot-support-ac547f24dddf97e8.yaml delete mode 100644 releasenotes/notes/add-dateext-and-related-parameters-58dd288c74b818f7.yaml delete mode 100644 releasenotes/notes/add-keystone-notifications-queue-for-barbican-72477b0b45bcfbd7.yaml delete mode 100644 releasenotes/notes/add-ldap-backend-48e875e971343e2a.yaml delete mode 100644 releasenotes/notes/add-manila-backend-az-parameters-de4d7e84fc65a3ed.yaml delete mode 100644 releasenotes/notes/add-memcache-security-92060c4fe540774c.yaml delete mode 100644 releasenotes/notes/add-memcached-port-048959c2f58f0a57.yaml delete mode 100644 releasenotes/notes/add-mistral-event-engine-05097cb76834f09d.yaml delete mode 100644 releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml delete mode 100644 releasenotes/notes/add-neutron-agent-wrappers-bf84104f3607264b.yaml delete mode 100644 releasenotes/notes/add-neutron-tls-8d020c63f14408d0.yaml delete mode 100644 releasenotes/notes/add-octavia-auth-to-keystone-d0353544c0e27b57.yaml delete mode 100644 releasenotes/notes/add-octavia-ovn-nb-connection-9d5bc428c4ff35af.yaml delete mode 100644 releasenotes/notes/add-octavia-provider-ovn-6734aa08af4772e4.yaml delete mode 100644 releasenotes/notes/add-octavia-service-auth-config-acc4adb3e6c4542d.yaml delete mode 100644 releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml delete mode 100644 releasenotes/notes/add-purge-tables-4f2de7c7e12ccf0c.yaml delete mode 100644 releasenotes/notes/add-sfc-support-a1eb6d2bbadcf074.yaml delete mode 100644 releasenotes/notes/add-support-for-IPv6-deployment-988400c781b92066.yaml delete mode 100644 releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml delete mode 100644 releasenotes/notes/add-support-for-proxying-ironic-inspector-via-apache-ea70e9fa1ad04553.yaml delete mode 100644 releasenotes/notes/add-support-for-pure-cinder-d45e6aaf3e243c91.yaml delete mode 100644 releasenotes/notes/add-tls-opendaylight-a3f943a0f6012424.yaml delete mode 100644 releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml delete mode 100644 releasenotes/notes/add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml delete mode 100644 releasenotes/notes/adding-octavia-haproxy-endpoint-8d20b5bfd11f8d89.yaml delete mode 100644 releasenotes/notes/aide-removed-14f41082b1424a53.yaml delete mode 100644 releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml delete mode 100644 releasenotes/notes/apache_mpm_tuning-deafdf6610ce57b2.yaml delete mode 100644 releasenotes/notes/auto-select-migration-proxy-2400e9c69fc620ba.yaml delete mode 100644 releasenotes/notes/bug-1831767-allow-configuring-enabled-protocols-manila-86b6662a8b617866.yaml delete mode 100644 releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml delete mode 100644 releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml delete mode 100644 releasenotes/notes/ceph_dashboard_endpoint-10035021352fc190.yaml delete mode 100644 releasenotes/notes/ceph_grafana_endpoint-0e220cb59ee679e0.yaml delete mode 100644 releasenotes/notes/change-default-cinder-rbd-backend-host-2b37388637756c80.yaml delete mode 100644 releasenotes/notes/cinder-backup-gcs-s3-backends-52503ffa22c0b83d.yaml delete mode 100644 releasenotes/notes/cinder-backup-nfs-backend-59bf771a58af65f6.yaml delete mode 100644 releasenotes/notes/cinder-default-volume-type-a344cea7ab4b4b2a.yaml delete mode 100644 releasenotes/notes/cinder-dellsc-excluded-domain_ips-1004544d96796e76.yaml delete mode 100644 releasenotes/notes/cinder-netapp-hieradata-changes-3004544d96796e76.yaml delete mode 100644 releasenotes/notes/cinder-rbd-extra-options-c13a1e84b6452fac.yaml delete mode 100644 releasenotes/notes/cinder-rbd-multiconfig-285d1542ef08fa10.yaml delete mode 100644 releasenotes/notes/cinder-volume-active-active-ffaa12e6ba862f51.yaml delete mode 100644 releasenotes/notes/cleanup_odl_clustering-7efdd58639df88a5.yaml delete mode 100644 releasenotes/notes/cold_migration_security-1543136408c76459.yaml delete mode 100644 releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml delete mode 100644 releasenotes/notes/composable-network-vips-a1b9b738561a8214.yaml delete mode 100644 releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml delete mode 100644 releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml delete mode 100644 releasenotes/notes/dellsc-driver-b7cd300a24a64b01.yaml delete mode 100644 releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml delete mode 100644 releasenotes/notes/deployment_user-6df5c1c2fe8b7b6b.yaml delete mode 100644 releasenotes/notes/deprecate-ovn-from-octavia-api-15e33154a31f20ec.yaml delete mode 100644 releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml delete mode 100644 releasenotes/notes/designate-redis-coordination-b4afdcc8855cc0ca.yaml delete mode 100644 releasenotes/notes/disable-odl-port-status-117c1d9c2f3235e9.yaml delete mode 100644 releasenotes/notes/disable-opendaylight-ha-port-status-0a97e10e6456661c.yaml delete mode 100644 releasenotes/notes/docker_profile-8571ae260eec69b8.yaml delete mode 100644 releasenotes/notes/docker_registry-163bf23bc95761a8.yaml delete mode 100644 releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml delete mode 100644 releasenotes/notes/enable-octavia-certificate-configuration-d8924916efc3054b.yaml delete mode 100644 releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml delete mode 100644 releasenotes/notes/enables_opendaylight_port_status-1ee052b299b36b83.yaml delete mode 100644 releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml delete mode 100644 releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml delete mode 100644 releasenotes/notes/firewall-chain-updates-f2b9d6ced9bde846.yaml delete mode 100644 releasenotes/notes/firewall-rules-support-ipversion-c9e2adeca34b2fd0.yaml delete mode 100644 releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml delete mode 100644 releasenotes/notes/firewall_table-f58ec47de40ec62d.yaml delete mode 100644 releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml delete mode 100644 releasenotes/notes/fix-masquerade-networks-c9ab4affb17627e1.yaml delete mode 100644 releasenotes/notes/fix-neutron-cert-perms-4a034bb516be6f9f.yaml delete mode 100644 releasenotes/notes/fix-odl-haproxy-check-ce000de26141fa7e.yaml delete mode 100644 releasenotes/notes/fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml delete mode 100644 releasenotes/notes/fix-odl-ovs-openflow-port-resync-79b5f69b71740a6c.yaml delete mode 100644 releasenotes/notes/fix-odl-ovs-pipeline-check-7622d3e5a6ed2ee1.yaml delete mode 100644 releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml delete mode 100644 releasenotes/notes/fix-opendaylight-websocket-haproxy-7220b0c25ff13faa.yaml delete mode 100644 releasenotes/notes/fix-sriov-neutron-base-3e32bd667886c474.yaml delete mode 100644 releasenotes/notes/flashblade_driver-bd6df03b7f140071.yaml delete mode 100644 releasenotes/notes/galera-install-rsync-b2f2504f12cc0cfd.yaml delete mode 100644 releasenotes/notes/glance-multistore-766022d470827d1d.yaml delete mode 100644 releasenotes/notes/haproxy-basic-auth-e2839941c806c615.yaml delete mode 100644 releasenotes/notes/haproxy-custom-bind-opts-09226d990c62063d.yaml delete mode 100644 releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml delete mode 100644 releasenotes/notes/haproxy-frontend-backend-e3719b323e84fd2c.yaml delete mode 100644 releasenotes/notes/haproxy-leastconn-overrides-bdb2068ef794ff1d.yaml delete mode 100644 releasenotes/notes/haproxy-logging-13b333a7e9d9558e.yaml delete mode 100644 releasenotes/notes/haproxy-remove-activate_httplog-87325732ab9ca721.yaml delete mode 100644 releasenotes/notes/haproxy-service-endpoints-4351bd4666dfe9a7.yaml delete mode 100644 releasenotes/notes/haproxy_cell_server_names-5cc0e81836d568b7.yaml delete mode 100644 releasenotes/notes/haproxy_dynamic_endpoints-bf618ef45674bea4.yaml delete mode 100644 releasenotes/notes/haproxy_globals_override-7a573da1c8633f01.yaml delete mode 100644 releasenotes/notes/haproxy_socket_access-ba72ad281ca64287.yaml delete mode 100644 releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml delete mode 100644 releasenotes/notes/hpelefthand_8474c416b0d411e6.yaml delete mode 100644 releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml delete mode 100644 releasenotes/notes/innodb_buffer_pool_size-6fa946cf008a4606.yaml delete mode 100644 releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml delete mode 100644 releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml delete mode 100644 releasenotes/notes/introduce-mysql-user-interface-e16d62f3743128a0.yaml delete mode 100644 releasenotes/notes/ironic-inspector-disjoint-inspection-ip-range-f10297dd32f3721b.yaml delete mode 100644 releasenotes/notes/ironic-networking-baremetal-ebb19eca5fa235bc.yaml delete mode 100644 releasenotes/notes/ironic-ssh-removal-e5f40b477cf7357c.yaml delete mode 100644 releasenotes/notes/isilon_driver_bfa347d073cd11e7.yaml delete mode 100644 releasenotes/notes/keepalived-test-f3eddf57a5b4d433.yaml delete mode 100644 releasenotes/notes/keepalived_deprecated-199df5a0f3f35189.yaml delete mode 100644 releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml delete mode 100644 releasenotes/notes/keystone-notification-topics-5b155e7b5e60b7fd.yaml delete mode 100644 releasenotes/notes/keystone_member-70065ba9269c4bfd.yaml delete mode 100644 releasenotes/notes/l2gw_agent_support-2bc24b539da738a8.yaml delete mode 100644 releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml delete mode 100644 releasenotes/notes/login_defs-1d1b32c233a33b2f.yaml delete mode 100644 releasenotes/notes/logrotate-containers-compress-96934a4e76b9689d.yaml delete mode 100644 releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml delete mode 100644 releasenotes/notes/logrotate-copytruncate-hourly-f0851bec551f5f5f.yaml delete mode 100644 releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml delete mode 100644 releasenotes/notes/messaging-rabbitmq-or-oslo-messaging-services-f29943b2eafd24e6.yaml delete mode 100644 releasenotes/notes/metadata-file-creation-for-glance-netapp-47668bb602316024.yaml delete mode 100644 releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml delete mode 100644 releasenotes/notes/modular-libvirt-c19ccf0f0118c88c.yaml delete mode 100644 releasenotes/notes/mongodb_drop-02daffbfe4975cb9.yaml delete mode 100644 releasenotes/notes/monitor_interval_ovndbs-6af18ba7f4a17cc5.yaml delete mode 100644 releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml delete mode 100644 releasenotes/notes/multiple-cinder-rbd-backend-ef2767baf771b741.yaml delete mode 100644 releasenotes/notes/mysql_bundle_options-b5ecf4c4472cca01.yaml delete mode 100644 releasenotes/notes/networking-ansible-741fd4a6c8374db8.yaml delete mode 100644 releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml delete mode 100644 releasenotes/notes/neutron_iptables-9ea317c73b79929d.yaml delete mode 100644 releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml delete mode 100644 releasenotes/notes/nokolla-7898fe76cf623a0c.yaml delete mode 100644 releasenotes/notes/nova-cache-in-tht-533e048fd6ccc65f.yaml delete mode 100644 releasenotes/notes/nova-endpoint-a957a840ee653307.yaml delete mode 100644 releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml delete mode 100644 releasenotes/notes/nova-remove-wsgi-enabled-5899b7d6d77a4fd4.yaml delete mode 100644 releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml delete mode 100644 releasenotes/notes/nova_compute_include_metadata-21757b44cb976e5d.yaml delete mode 100644 releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml delete mode 100644 releasenotes/notes/nova_metadata_wsgi-bbc8e5e053282a83.yaml delete mode 100644 releasenotes/notes/nova_metadata_wsgi-cleanup-4b4877fe73f25c2e.yaml delete mode 100644 releasenotes/notes/nova_migration_qemu-fc2150565dae8d33.yaml delete mode 100644 releasenotes/notes/nova_novnc_proxy_ssl_support-507a776063403a8e.yaml delete mode 100644 releasenotes/notes/nova_qemu_native_tls_encryption_on_nbd_for_disk_migration-2e16003c4764a399.yaml delete mode 100644 releasenotes/notes/nova_remove_nova-consoleauth-c126434b3dbda106.yaml delete mode 100644 releasenotes/notes/nova_virtlogd_wrapper-43c6c319db2a36ef.yaml delete mode 100644 releasenotes/notes/oslo-messaging-separate-backends-69aabd30ba470e61.yaml delete mode 100644 releasenotes/notes/ovn-ha-c7668c26aefb8f2d.yaml delete mode 100644 releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml delete mode 100644 releasenotes/notes/ovn_metadata_remote_probe_interval-6fcbdb1e2c9a9a33.yaml delete mode 100644 releasenotes/notes/ovs-hw-offload-89a49899af3b9892.yaml delete mode 100644 releasenotes/notes/pacemaker-selinux-8dc0344afd5d64bd.yaml delete mode 100644 releasenotes/notes/per-service-options-haproxy-75f5f00cf5243ecb.yaml delete mode 100644 releasenotes/notes/powerflex-driver-f728e372280c44e6.yaml delete mode 100644 releasenotes/notes/powermax-driver-d428e372280c44e6.yaml delete mode 100644 releasenotes/notes/powerstore-driver-e428e372280c44e6.yaml delete mode 100644 releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml delete mode 100644 releasenotes/notes/ps-san-private_key-5a9f11e7907ba600.yaml delete mode 100644 releasenotes/notes/ptp-062b1d1f2d9f2275.yaml delete mode 100644 releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml delete mode 100644 releasenotes/notes/pure_add_iscsi_cidr_list-bac3b40a3137f06d.yaml delete mode 100644 releasenotes/notes/pure_nvme-02263cb67d33e7f4.yaml delete mode 100644 releasenotes/notes/pure_storage_update_cinder_params-94940d1d3ca46877.yaml delete mode 100644 releasenotes/notes/qemu_remove_postsave_cmd-07ad04ac44d7b706.yaml delete mode 100644 releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml delete mode 100644 releasenotes/notes/rabbitmq_extra_policies-69cbc0a4afeac963.yaml delete mode 100644 releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml delete mode 100644 releasenotes/notes/rbd-disk-cache-modes-b6b75fa2e52b8915.yaml delete mode 100644 releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml delete mode 100644 releasenotes/notes/redfish-9203af1f7bf02bc5.yaml delete mode 100644 releasenotes/notes/remove-cephfsnative-0d3d76746ee928ab.yaml delete mode 100644 releasenotes/notes/remove-glance-nfs-mounting-3833e08ecc83c6dc.yaml delete mode 100644 releasenotes/notes/remove-heat-api-cloudwatch-bb2b8d0cdff775e2.yaml delete mode 100644 releasenotes/notes/remove-login_defs-408e25efb875425f.yaml delete mode 100644 releasenotes/notes/remove-neutron-lbaas-f6337e030a200b64.yaml delete mode 100644 releasenotes/notes/remove-ntp-34d5eb69bfc231b0.yaml delete mode 100644 releasenotes/notes/remove-odl-1ca26e0ffcbd13b5.yaml delete mode 100644 releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml delete mode 100644 releasenotes/notes/remove-stack-action-4f0eaef2405d39da.yaml delete mode 100644 releasenotes/notes/remove-support-for-puppet-ceph-bbe044bd575d1239.yaml delete mode 100644 releasenotes/notes/remove_bootstrap_nodeid-c5109a575c538bda.yaml delete mode 100644 releasenotes/notes/remove_puppet_certmonger-843205d2ef88d6e4.yaml delete mode 100644 releasenotes/notes/replication_probe_interval_ovn_dbs-df22bef3bb12a0f7.yaml delete mode 100644 releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml delete mode 100644 releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml delete mode 100644 releasenotes/notes/rsyslog-205c11903ed92bdf.yaml delete mode 100644 releasenotes/notes/rsyslog-tls-dfa676eda2ec646f.yaml delete mode 100644 releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml delete mode 100644 releasenotes/notes/sc-driver-a428e372280c44e6.yaml delete mode 100644 releasenotes/notes/sc_old_driver_deprecation_2368457faab68824.yaml delete mode 100644 releasenotes/notes/scaleio_driver_deprecation_4468457faab68824.yaml delete mode 100644 releasenotes/notes/securetty-6a10eefd601e45ca.yaml delete mode 100644 releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml delete mode 100644 releasenotes/notes/sensubility-scripts-994014edfcc2da88.yaml delete mode 100644 releasenotes/notes/setup_timeouts_ovn_dbs-630a7ccfda5976a5.yaml delete mode 100644 releasenotes/notes/snmdd_config-db21f3175967be4a.yaml delete mode 100644 releasenotes/notes/split-up-neutron-lbaas-f0c248220ed872cd.yaml delete mode 100644 releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml delete mode 100644 releasenotes/notes/sshd-437c531301f458bb.yaml delete mode 100644 releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml delete mode 100644 releasenotes/notes/swift-container-ring-mgmt-ecf65b9fbae0d297.yaml delete mode 100644 releasenotes/notes/swift-create-local-dir-b00292e623d03044.yaml delete mode 100644 releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml delete mode 100644 releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml delete mode 100644 releasenotes/notes/swift-proxy-use-hash-suffix-b04c2ac17a2c8c38.yaml delete mode 100644 releasenotes/notes/swift-ring-curl-retry-1c329d1808b7f02c.yaml delete mode 100644 releasenotes/notes/tuned-removed-ab68a7109a1e7403.yaml delete mode 100644 releasenotes/notes/unity_driver_aaa347d073cd11e7.yaml delete mode 100644 releasenotes/notes/unity_driver_aba347d073cd11e7.yaml delete mode 100644 releasenotes/notes/unity_driver_afa347d073cd11e7.yaml delete mode 100644 releasenotes/notes/upstream-rabbitmq-server-ha-ocf-resource-agent-0db89eb7c55e64ca.yaml delete mode 100644 releasenotes/notes/use-reno-80402e5526a598aa.yaml delete mode 100644 releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml delete mode 100644 releasenotes/notes/vf-lag-sriov-ec194ecd4b447a46.yaml delete mode 100644 releasenotes/notes/vip-bind-nic-11e80207fcb78a20.yaml delete mode 100644 releasenotes/notes/virtlogd_config-8bc3aad489caf8a3.yaml delete mode 100644 releasenotes/notes/vmax_driver_deprecation_1368457faab68824.yaml delete mode 100644 releasenotes/notes/vnc_tls-7e5f275217117f78.yaml delete mode 100644 releasenotes/notes/vncserver_listen-4417377cac38464c.yaml delete mode 100644 releasenotes/notes/vnx_driver_aea44d073cd161e7.yaml delete mode 100644 releasenotes/notes/vnx_driver_bea44d073cd161e7.yaml delete mode 100644 releasenotes/notes/vnx_driver_cea44d073cd161e7.yaml delete mode 100644 releasenotes/notes/vpp-7368457faab68824.yaml delete mode 100644 releasenotes/notes/vpp-ml2-9c1321fa30f3b172.yaml delete mode 100644 releasenotes/notes/vxflexos-driver-aec8e372280c44e6.yaml delete mode 100644 releasenotes/notes/vxflexos_driver_deprecation_5568457faab68824.yaml delete mode 100644 releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml delete mode 100644 releasenotes/notes/xtremio-add-ports-option-b1e60a97ba56f21e.yaml delete mode 100644 releasenotes/notes/xtremio-driver-f428e372280c44e6.yaml delete mode 100644 releasenotes/notes/xtremio-iscsi-remove-deprecated-da9224d14cef4fde.yaml delete mode 100644 releasenotes/notes/xtremio_driver_cea44d073cd161e7.yaml delete mode 100644 releasenotes/notes/xtremio_old_driver_deprecation_3368457faab68824.yaml delete mode 100644 releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml delete mode 100644 releasenotes/notes/zaqar-redis-5ff1028b66fd47a8.yaml delete mode 100644 releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml delete mode 100644 releasenotes/source/_static/.placeholder delete mode 100644 releasenotes/source/conf.py delete mode 100644 releasenotes/source/index.rst delete mode 100644 releasenotes/source/ocata.rst delete mode 100644 releasenotes/source/pike.rst delete mode 100644 releasenotes/source/queens.rst delete mode 100644 releasenotes/source/rocky.rst delete mode 100644 releasenotes/source/stein.rst delete mode 100644 releasenotes/source/train.rst delete mode 100644 releasenotes/source/unreleased.rst delete mode 100644 releasenotes/source/ussuri.rst delete mode 100644 releasenotes/source/victoria.rst delete mode 100644 releasenotes/source/wallaby.rst delete mode 100644 setup.cfg delete mode 100755 setup.py delete mode 100644 spec/classes/tripleo_config_spec.rb delete mode 100644 spec/classes/tripleo_haproxy_spec.rb delete mode 100644 spec/classes/tripleo_haproxy_stats_spec.rb delete mode 100644 spec/classes/tripleo_init_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_listener_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_notifier_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_aodh_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_apache_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_barbican_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_barbican_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_barbican_backends_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_barbican_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ceilometer_agent_notification_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ceilometer_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_gcs_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_nfs_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_s3_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_powerflex_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_powermax_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_powerstore_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_sc_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_unity_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_vnx_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_ibm_svf_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_nvmeof_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_pure_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_volume_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_cinder_xtremio_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_database_mysql_client_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_database_mysql_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_database_redis_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_backend_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_central_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_coordination_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_mdns_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_producer_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_sink_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_designate_worker_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_etcd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_backend_cinder_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_backend_file_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_glance_backend_swift_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_gnocchi_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_gnocchi_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_gnocchi_metricd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_gnocchi_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_gnocchi_statsd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_heat_api_cfn_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_heat_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_heat_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_heat_engine_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_heat_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_horizon_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ironic_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ironic_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ironic_inspector_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ironic_inspector_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_ironic_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_iscsid_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_keystone_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_logging_logrotate_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_logging_rsyslog_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_lvm_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_manila_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_manila_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_manila_scheduler_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_manila_share_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_manila_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_memcached_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_metrics_collectd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_metrics_qdr_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_l3_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_ml2_vts_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_ovs_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_server_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_neutron_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_compute_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_conductor_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_libvirt_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_metadata_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_migration_client_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_migration_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_migration_target_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_scheduler_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_health_manager_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_housekeeping_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_octavia_worker_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_pacemaker_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_placement_api_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_placement_authtoken_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_placement_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_qdr_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_snmp_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_sshd_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_swift_proxy_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_swift_ringbuilder_spec.rb delete mode 100644 spec/classes/tripleo_profile_base_swift_spec.rb delete mode 100644 spec/classes/tripleo_profile_pacemaker_cinder_backup_bundle_spec.rb delete mode 100644 spec/classes/tripleo_profile_pacemaker_cinder_volume_bundle_spec.rb delete mode 100644 spec/classes/tripleo_profile_pacemaker_manila_share_bundle_spec.rb delete mode 100644 spec/defines/tripleo_haproxy_endpoint_spec.rb delete mode 100644 spec/defines/tripleo_haproxy_service_endpoints_spec.rb delete mode 100644 spec/defines/tripleo_haproxy_userlist_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_database_mysql_user_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_logging_rsyslog_file_input_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_metrics_collectd_sensubility_script_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb delete mode 100644 spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb delete mode 100644 spec/fixtures/hiera.yaml delete mode 100644 spec/fixtures/hieradata/default.yaml delete mode 100644 spec/fixtures/hieradata/step1.yaml delete mode 100644 spec/fixtures/hieradata/step2.yaml delete mode 100644 spec/fixtures/hieradata/step3.yaml delete mode 100644 spec/fixtures/hieradata/step4.yaml delete mode 100644 spec/fixtures/hieradata/step5.yaml delete mode 100644 spec/fixtures/hieradata/step6.yaml delete mode 100644 spec/functions/docker_volumes_to_storage_maps_spec.rb delete mode 100644 spec/functions/ip_to_erl_format_spec.rb delete mode 100644 spec/functions/list_to_hash_spec.rb delete mode 100644 spec/functions/noop_resource_spec.rb delete mode 100644 spec/functions/tripleo_swift_devices_spec.rb delete mode 100644 spec/shared_examples.rb delete mode 100644 spec/spec_helper.rb delete mode 100644 spec/spec_helper_acceptance.rb delete mode 100644 templates/designate/rndc.key.erb delete mode 100644 templates/logrotate/containers_logrotate.conf.erb delete mode 100644 templates/metrics/collectd-sensubility.conf.epp delete mode 100644 templates/metrics/libpodstats.conf.epp delete mode 100644 templates/neutron/dibbler-client.epp delete mode 100644 templates/neutron/dnsmasq.epp delete mode 100644 templates/neutron/haproxy.epp delete mode 100644 templates/neutron/keepalived.epp delete mode 100644 templates/neutron/neutron-keepalived-state-change.epp delete mode 100644 templates/neutron/radvd.epp delete mode 100644 templates/nova/virtlogd.epp delete mode 100644 templates/rabbitmq/ssl-dist.conf.erb delete mode 100644 templates/rsyslog_sidecar/rsyslog.conf.erb delete mode 100644 templates/stunnel/foreground.erb delete mode 100644 templates/stunnel/service.erb delete mode 100644 tox.ini delete mode 100644 zuul.d/layout.yaml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 2a455e079..000000000 --- a/.gitignore +++ /dev/null @@ -1,27 +0,0 @@ -# Add patterns in here to exclude files created by tools integrated with this -# repository, such as test frameworks from the project's recommended workflow, -# rendered documentation and package builds. -# -# Don't add patterns to exclude files created by preferred personal tools -# (editors, IDEs, your operating system itself even). These should instead be -# maintained outside the repository, for example in a ~/.gitignore file added -# with: -# -# git config --global core.excludesfile '~/.gitignore' - -pkg/ -Gemfile.lock -vendor/ -spec/fixtures/modules -spec/fixtures/manifests -.vagrant/ -.bundle/ -.bundle*/ -coverage/ -.idea/ -*.iml -openstack/ - -# Files created from releasenotes build -releasenotes/build -.tox diff --git a/.sync.yml b/.sync.yml deleted file mode 100644 index 66a03c649..000000000 --- a/.sync.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -spec/spec_helper.rb: - unmanaged: true diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 3f465614a..000000000 --- a/Gemfile +++ /dev/null @@ -1,36 +0,0 @@ -source ENV['GEM_SOURCE'] || "https://rubygems.org" - -group :development, :test, :system_tests do - spec_helper_dir = '/home/zuul/src/opendev.org/openstack/puppet-openstack_spec_helper' - if File.directory?(spec_helper_dir) - if ENV['ZUUL_PROJECT'] == 'openstack/puppet-openstack_spec_helper' - gem 'puppet-openstack_spec_helper', - :path => '../..', - :require => 'false' - else - gem 'puppet-openstack_spec_helper', - :path => spec_helper_dir, - :require => 'false' - end - else - spec_helper_version = ENV['ZUUL_BRANCH'] || "master" - gem 'puppet-openstack_spec_helper', - :git => 'https://opendev.org/openstack/puppet-openstack_spec_helper', - :ref => spec_helper_version, - :require => 'false' - end -end - -if facterversion = ENV['FACTER_GEM_VERSION'] - gem 'facter', facterversion, :require => false -else - gem 'facter', :require => false -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a09..000000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/Puppetfile_extras b/Puppetfile_extras deleted file mode 100644 index 681908724..000000000 --- a/Puppetfile_extras +++ /dev/null @@ -1,34 +0,0 @@ - -## TripleO Puppet modules - -mod 'haproxy', - :git => 'https://github.com/puppetlabs/puppetlabs-haproxy', - :ref => 'main' - -mod 'etcd', - :git => 'https://github.com/puppet-etcd/puppet-etcd', - :ref => 'master' - -mod 'systemd', - :git => 'https://github.com/camptocamp/puppet-systemd', - :ref => 'master' - -mod 'rsyslog', - :git => 'https://github.com/voxpupuli/puppet-rsyslog', - :ref => 'master' - -mod 'ssh', - :git => 'https://github.com/saz/puppet-ssh', - :ref => 'v3.0.1' - -mod 'snmp', - :git => 'https://github.com/razorsedge/puppet-snmp', - :ref => 'master' - -mod 'pacemaker', - :git => 'https://github.com/openstack/puppet-pacemaker', - :ref => 'master' - -mod 'collectd', - :git => 'https://github.com/voxpupuli/puppet-collectd', - :ref => '20494e44a90073273a18fce71f4a602d5b5d0690' diff --git a/README.md b/README.md deleted file mode 100644 index 0ea1628e1..000000000 --- a/README.md +++ /dev/null @@ -1,20 +0,0 @@ -Team and repository tags -======================== - -[![Team and repository tags](https://governance.openstack.org/tc/badges/puppet-tripleo.svg)](https://governance.openstack.org/tc/reference/tags/index.html) - - - -# puppet-tripleo - -Lightweight composition layer for Puppet TripleO. - -## Contributing - -* Free software: Apache License (2.0) -* Source: http://git.openstack.org/cgit/openstack/puppet-tripleo -* Bugs: http://bugs.launchpad.net/tripleo (tag: puppet) -* Documentation: - * TripleO: https://docs.openstack.org/tripleo-docs/latest/ - * Testing with puppet: https://docs.openstack.org/puppet-openstack-guide/latest/contributor/testing.html - * Release Notes: https://docs.openstack.org/releasenotes/puppet-tripleo diff --git a/README.rst b/README.rst new file mode 100644 index 000000000..4ee2c5f13 --- /dev/null +++ b/README.rst @@ -0,0 +1,10 @@ +This project is no longer maintained. + +The contents of this repository are still available in the Git +source code management system. To see the contents of this +repository before it reached its end of life, please check out the +previous commit with "git checkout HEAD^1". + +For any further questions, please email +openstack-discuss@lists.openstack.org or join #openstack-dev on +OFTC. diff --git a/Rakefile b/Rakefile deleted file mode 100644 index df1ea9175..000000000 --- a/Rakefile +++ /dev/null @@ -1,7 +0,0 @@ -require 'puppet-openstack_spec_helper/rake_tasks' - -# We disable the unquoted node name check because puppet-pacemaker node -# properties make use of attributes called 'node' and puppet-lint breaks on -# them: https://github.com/rodjek/puppet-lint/issues/501 -# We are not using site.pp with nodes so this is safe. -PuppetLint.configuration.send('disable_unquoted_node_name') diff --git a/bindep.txt b/bindep.txt deleted file mode 100644 index 01b2ca6b6..000000000 --- a/bindep.txt +++ /dev/null @@ -1,12 +0,0 @@ -# This is a cross-platform list tracking distribution packages needed by tests; -# see http://docs.openstack.org/infra/bindep/ for additional information. - -libxml2-devel [test platform:rpm] -libxml2-dev [test platform:dpkg] -libxslt-devel [test platform:rpm] -libxslt1-dev [test platform:dpkg] -ruby-devel [test platform:rpm] -ruby-dev [test platform:dpkg] -zlib1g-dev [test platform:dpkg] -zlib-devel [test platform:rpm] -puppet [build] diff --git a/doc/requirements.txt b/doc/requirements.txt deleted file mode 100644 index 44cb2082b..000000000 --- a/doc/requirements.txt +++ /dev/null @@ -1,6 +0,0 @@ -# This is required for the docs build jobs -sphinx>=2.0.0,!=2.1.0 # BSD -openstackdocstheme>=2.2.1 # Apache-2.0 - -# This is required for the releasenotes build jobs -reno>=3.1.0 # Apache-2.0 diff --git a/files/mysql_ed25519_password.py b/files/mysql_ed25519_password.py deleted file mode 100755 index 47e646d1f..000000000 --- a/files/mysql_ed25519_password.py +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/env python3 -import hashlib -import base64 -import sys - -from nacl.bindings.crypto_scalarmult import \ - crypto_scalarmult_ed25519_base_noclamp - -# https://github.com/MariaDB/server/blob/10.4/plugin/auth_ed25519/ref10/sign.c -# mariadb's use of ed25519: -# . password is the secret seed -# . ed25519's public key (computed from password) is what is stored in mariadb -# . the hash in mariadb is the base64 encoding of the pk minus the last '=' - - -def _scalar_clamp(s32): - ba = bytearray(s32) - ba0 = bytes(bytearray([ba[0] & 248])) - ba31 = bytes(bytearray([(ba[31] & 127) | 64])) - return ba0 + bytes(s32[1:31]) + ba31 - - -def mysql_ed25519_password(pwd): - # h = SHA512(password) - h = hashlib.sha512(pwd).digest() - # s = prune(first_half(h)) - s = _scalar_clamp(h[:32]) - # A = encoded point [s]B - A = crypto_scalarmult_ed25519_base_noclamp(s) - # encoded pk - encoded = base64.b64encode(A)[:-1] - return encoded - - -if __name__ == "__main__": - if len(sys.argv) <= 1: - print("Usage: %s PASSWORD" % sys.argv[0], file=sys.stderr) - sys.exit(1) - else: - pwd = sys.argv[1].encode() - res = mysql_ed25519_password(pwd) - print(res.decode(), end='') diff --git a/lib/facter/alt_fqdns.rb b/lib/facter/alt_fqdns.rb deleted file mode 100644 index 2d78b9a23..000000000 --- a/lib/facter/alt_fqdns.rb +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -[ - 'external', - 'internal_api', - 'storage', - 'storage_mgmt', - 'tenant', - 'management', - 'ctlplane', -].each do |network| - Facter.add('fqdn_' + network) do - setcode do - hostname_parts = [ - Facter.value(:hostname), - network.gsub('_', ''), - Facter.value(:domain), - ].reject { |part| part.nil? || part.empty? } - hostname_parts.join(".") - end - end -end diff --git a/lib/facter/netmask_ipv6.rb b/lib/facter/netmask_ipv6.rb deleted file mode 100644 index 598641fb3..000000000 --- a/lib/facter/netmask_ipv6.rb +++ /dev/null @@ -1,49 +0,0 @@ -require 'ipaddr' - -def netmask6(value) - if value - ip = IPAddr.new('::0').mask(value) - ip.inspect.split('/')[1].gsub('>', '') - end -end - -if Facter.value('facterversion')[0].to_i < 3 - Facter::Util::IP::REGEX_MAP[:linux][:ipaddress6] = - /inet6 (?:addr: )?((?!(?:fe80|::1))(?>[0-9,a-f,A-F]*\:{1,2})+[0-9,a-f,A-F]{0,4})/ - Facter::Util::IP.get_interfaces.each do |interface| - Facter.add('netmask6_' + Facter::Util::IP.alphafy(interface)) do - setcode do - tmp = [] - regex = %r{inet6\s+.*\s+(?:prefixlen)\s+(\d+)}x - output_int = Facter::Util::IP.get_output_for_interface_and_label(interface, 'netmask6') - - output_int.each_line do |line| - prefixlen = nil - matches = line.match(regex) - prefixlen = matches[1] if matches - - if prefixlen - value = netmask6(prefixlen) - tmp.push(value) - end - end - - tmp.shift if tmp - end - end - end - - Facter.add('netmask6') do - setcode do - prefixlen = nil - regex = %r{#{Facter.value(:ipaddress6)}.*?(?:prefixlen)\s*(\d+)}x - - String(Facter::Util::IP.exec_ifconfig(['2>/dev/null'])).split(/\n/).collect do |line| - matches = line.match(regex) - prefixlen = matches[1] if matches - end - - netmask6(prefixlen) if prefixlen - end - end -end diff --git a/lib/facter/nic_alias.rb b/lib/facter/nic_alias.rb deleted file mode 100644 index c3b9ded6f..000000000 --- a/lib/facter/nic_alias.rb +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -Facter.add('nic_alias') do - setcode do - os_net_config = '/usr/bin/os-net-config' - mapping_report = '' - if File.exist?(os_net_config) - mapping_report = - Facter::Core::Execution.execute("#{os_net_config} -i") - mapping_report.delete("{}' ") - end - mapping_report - end -end diff --git a/lib/facter/stonith_levels.rb b/lib/facter/stonith_levels.rb deleted file mode 100644 index 2d69ae01b..000000000 --- a/lib/facter/stonith_levels.rb +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -Facter.add('stonith_levels') do - setcode do - - # If crm_node is present, return true. Otherwise, return false. - if Facter::Core::Execution.which('crm_node') - hostname = Facter::Core::Execution.execute("crm_node -n 2> /dev/null", {}) - stonith_levels = Facter::Core::Execution.execute("pcs stonith level 2>&1 | sed -n \"/^Target: #{hostname}$/,/^Target:/{/^Target: #{hostname}$/b;/^Target:/b;p}\" |tail -1 | awk '{print $2}' 2> /dev/null", {}).to_i - stonith_levels - end - - end -end diff --git a/lib/puppet/functions/docker_volumes_to_storage_maps.rb b/lib/puppet/functions/docker_volumes_to_storage_maps.rb deleted file mode 100644 index 306357cfe..000000000 --- a/lib/puppet/functions/docker_volumes_to_storage_maps.rb +++ /dev/null @@ -1,44 +0,0 @@ -# This custom function converts an array of docker volumes to the storage_maps -# hash required by the pacemaker::resource::bundle resource. A prefix is added -# to each entry in the storage map to ensure the Puppet resources are unique. -# -# Given: -# docker_volumes = ["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"] -# prefix = "my-prefix" -# Returns: -# storage_maps = { -# "my-prefix-src-vol1" => { -# "source-dir" => "/src/vol1", -# "target-dir" => "/tgt/vol1", -# "options" => "rw", -# }, -# "my-prefix-src-vol2" => { -# "source-dir" => "/src/vol2", -# "target-dir" => "/tgt/vol2", -# "options" => "ro", -# } -# } -Puppet::Functions.create_function(:'docker_volumes_to_storage_maps') do - dispatch :docker_volumes_to_storage_maps do - param 'Array', :docker_volumes - param 'String', :prefix - return_type 'Hash' - end - - def docker_volumes_to_storage_maps(docker_volumes, prefix) - storage_maps = Hash.new - docker_volumes.each do |docker_vol| - source, target, options = docker_vol.split(":") - unless options - options = "rw" - end - storage_maps[prefix + source.gsub("/", "-")] = { - "source-dir" => source, - "target-dir" => target, - "options" => options, - } - end - return storage_maps - end -end - diff --git a/lib/puppet/functions/ip_to_erl_format.rb b/lib/puppet/functions/ip_to_erl_format.rb deleted file mode 100644 index 25619fcbf..000000000 --- a/lib/puppet/functions/ip_to_erl_format.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'ipaddr' - -# Custom function to convert an IP4/6 address from a string to the -# erlang inet kernel format. -# For example from "172.17.0.16" to {172,17,0,16} -# See http://erlang.org/doc/man/kernel_app.html and http://erlang.org/doc/man/inet.html -# for more information. -Puppet::Functions.create_function(:ip_to_erl_format) do - dispatch :ip_to_erl_format do - param 'String', :ip_addr - end - - def ip_to_erl_format(ip_addr) - ip = IPAddr.new(ip_addr) - output = '{' - if ip.ipv6? - split_char = ':' - base = 16 - else - split_char = '.' - base = 10 - end - # to_string() prints the canonicalized form - ip.to_string().split(split_char).each { - |x| output += x.to_i(base).to_s + ',' - } - # Remove the last spurious comma - output = output.chomp(',') - output += '}' - return output - end -end diff --git a/lib/puppet/functions/list_to_hash.rb b/lib/puppet/functions/list_to_hash.rb deleted file mode 100644 index b0d456c99..000000000 --- a/lib/puppet/functions/list_to_hash.rb +++ /dev/null @@ -1,31 +0,0 @@ -# This function is an hack because we are not enabling Puppet parser -# that would allow us to manipulate data iterations directly in manifests. -# -# Example: -# keystone_vips = ['192.168.0.1:5000', '192.168.0.2:5000'] -# $keystone_bind_opts = ['transparent'] -# -# Using this function: -# $keystone_vips_hash = list_to_hash($keystone_vips, $keystone_bind_opts) -# -# Would return: -# $keystone_vips_hash = { -# '192.168.0.1:5000' => ['transparent'], -# '192.168.0.2:5000' => ['transparent'], -# } -# -# Disclaimer: this function is an hack and will disappear once TripleO enable -# Puppet parser. -# - -Puppet::Functions.create_function(:list_to_hash) do - dispatch :list_to_hash do - param 'Array', :arr1 - param 'Array', :arr2 - end - - def list_to_hash(arr1, arr2) - hh = arr1.each_with_object({}) { |v,h| h[v] = arr2 } - return hh - end -end diff --git a/lib/puppet/functions/merge_hash_values.rb b/lib/puppet/functions/merge_hash_values.rb deleted file mode 100644 index 7d332d362..000000000 --- a/lib/puppet/functions/merge_hash_values.rb +++ /dev/null @@ -1,30 +0,0 @@ -# This function merges two hashes and concatenate the values of -# identical keys -# -# Example: -# $frontend = { 'option' => [ 'tcpka', 'tcplog' ], -# 'timeout client' => '90m' } -# $backend = { 'option' => [ 'httpchk' ], -# 'timeout server' => '90m' } -# -# Using this function: -# $merge = merge_hash_values($frontend, $backend) -# -# Would return: -# $merge = { 'option' => [ 'tcpka', 'tcplog', 'httpchk' ], -# 'timeout client' => '90m', -# 'timeout server' => '90m' } -# - -Puppet::Functions.create_function(:'merge_hash_values') do - dispatch :merge_hash_values do - param 'Hash', :hash1 - param 'Hash', :hash2 - return_type 'Hash' - end - - def merge_hash_values(hash1, hash2) - hh = hash1.merge(hash2) {|k, v1, v2| (v2 + v1).uniq()} - return hh - end -end diff --git a/lib/puppet/functions/mysql_ed25519_password.rb b/lib/puppet/functions/mysql_ed25519_password.rb deleted file mode 100644 index 101002c4d..000000000 --- a/lib/puppet/functions/mysql_ed25519_password.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Custom function to generate password hash for MariaDB's auth_ed25519 -# Input is a regular mariadb user password -# Output is the hashed password as expected by auth_ed25519 -Puppet::Functions.create_function(:'mysql_ed25519_password') do - dispatch :mysql_ed25519_password do - param 'String', :password - return_type 'String' - end - - def mysql_ed25519_password(password) - # mysql's auth_ed25519 consists in generating a ed25519 public key - # out of the sha512(password). Unfortunately, there is no native - # ruby implementation of ed25519's unclamped scalar multiplication - # just yet, so rely on an binary to get the hash for now. - python = `(which python3 || which python2 || which python) 2>/dev/null` - raise Puppet::Error, 'python interpreter not found in path' unless $?.success? - hashed = `#{python.rstrip()} /etc/puppet/modules/tripleo/files/mysql_ed25519_password.py #{password}` - raise Puppet::Error, 'generated hash is not 43 bytes long.' unless hashed.length == 43 - return hashed - end -end diff --git a/lib/puppet/functions/noop_resource.rb b/lib/puppet/functions/noop_resource.rb deleted file mode 100644 index 81ba1cc7d..000000000 --- a/lib/puppet/functions/noop_resource.rb +++ /dev/null @@ -1,93 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Author: Dan Prince -# -# A function to create noop providers (set as the default) for the named -# resource. This works alongside of 'puppet apply --tags' to disable -# some custom resource types that still attempt to run commands during -# prefetch, etc. -class Puppet::Provider::Noop < Puppet::Provider - - # generic resource interfaces - def create - true - end - - def destroy - true - end - - def exists? - false - end - - # package resource - def install - true - end - - def uninstall - true - end - - def latest - true - end - - def update - true - end - - def purge - true - end - - def self.instances - [] - end - - # service resource - def status - 0 - end - - def start - true - end - - def stop - true - end - - # some puppet-keystone resources require this - def self.resource_to_name(domain, name, check_for_default = true) - return name - end - -end - -Puppet::Functions.create_function(:noop_resource) do - dispatch :noop_resource do - param 'String', :res - end - - def noop_resource(res) - Puppet::Type.type(res.downcase.to_sym).provide(:noop, :parent => Puppet::Provider::Noop) do - defaultfor :osfamily => :redhat - end - return true - end -end diff --git a/lib/puppet/functions/pacemaker_bundle_replicas.rb b/lib/puppet/functions/pacemaker_bundle_replicas.rb deleted file mode 100644 index 6ea4b618e..000000000 --- a/lib/puppet/functions/pacemaker_bundle_replicas.rb +++ /dev/null @@ -1,24 +0,0 @@ -# Custom function to extract the current number of replicas for a pacemaker -# resource, as defined in the pacemaker cluster. -# Input is the name of a pacemaker bundle resource -# Output is the number of replicas for that resource or 0 if not found -Puppet::Functions.create_function(:'pacemaker_bundle_replicas') do - dispatch :pacemaker_bundle_replicas do - param 'String', :bundle - return_type 'Integer' - end - - def pacemaker_bundle_replicas(bundle) - # the name of the node holding the replicas attribute varies based on the - # container engine used (podman, docker...), so match via attributes instead - replicas = `cibadmin -Q | xmllint --xpath "string(//bundle[@id='#{bundle}']/*[boolean(@image) and boolean(@run-command)]/@replicas)" -` - # strip line break - replicas.strip! - # post-condition: 0 in case the bundle does not exist or an error occurred - if $?.success? && !replicas.empty? - return Integer(replicas) - else - return 0 - end - end -end diff --git a/lib/puppet/functions/qdr_ssl_certificate.rb b/lib/puppet/functions/qdr_ssl_certificate.rb deleted file mode 100644 index 03ef71753..000000000 --- a/lib/puppet/functions/qdr_ssl_certificate.rb +++ /dev/null @@ -1,39 +0,0 @@ -# This adds to ssl profile hash a proper value of "caCertFile" key for "caCertFileContent" key. -# -# Given: -# ssl_profiles = [{"name": "test", "caCertFileContent": "cert content", ...}, ...] -# cert_dir = "/etc/pki/tls/certs/" -# Returns: -# ssl_profiles = [ -# {"name": "test", -# "caCertFileContent": "cert content", -# "caCertFile": "/etc/pki/tls/certs/CA_test.pem", -# ... }, -# ... -# ] -Puppet::Functions.create_function(:qdr_ssl_certificate) do - - dispatch :qdr_ssl_certificate do - param 'Array', :ssl_profiles - param 'String', :cert_dir - return_type 'Array' - end - - def qdr_ssl_certificate(ssl_profiles, cert_dir) - processed_profiles = Array.new - ssl_profiles.each do |profile| - if profile.key?("caCertFileContent") - processed = profile.clone - # create certificate path - path = File.join(cert_dir, "CA_#{processed["name"]}.pem") - # update profile - processed["caCertFile"] = path - processed_profiles.append(processed) - else - processed_profiles.append(profile) - end - end - return processed_profiles - end - -end diff --git a/lib/puppet/functions/tripleo_swift_devices.rb b/lib/puppet/functions/tripleo_swift_devices.rb deleted file mode 100644 index 8b2db7784..000000000 --- a/lib/puppet/functions/tripleo_swift_devices.rb +++ /dev/null @@ -1,27 +0,0 @@ -# Build Swift devices list from the parts, e.g. for: -# raw_disk_prefix = 'r1z1-' -# swift_storage_node_ips = ['192.168.1.12', '192.168.1.13'] -# raw_disks = [':%PORT%/device1', ':%PORT%/device2'] -# -# devices will be ['r1z1-192.168.1.12:%PORT%/device1', -# 'r1z1-192.168.1.12:%PORT%/device2' -# 'r1z1-192.168.1.13:%PORT%/device1' -# 'r1z1-192.168.1.13:%PORT%/device2'] -Puppet::Functions.create_function(:tripleo_swift_devices) do - dispatch :tripleo_swift_devices do - param 'String', :raw_disk_prefix - param 'Array', :swift_node_ips - param 'Array', :raw_disks - end - - def tripleo_swift_devices(raw_disk_prefix, swift_node_ips, raw_disks) - devices = [] - for ip in swift_node_ips do - for disk in raw_disks do - devices << "#{raw_disk_prefix}#{ip}#{disk}" - end - end - - return devices - end -end diff --git a/lib/puppet/parser/functions/interface_for_ip.rb b/lib/puppet/parser/functions/interface_for_ip.rb deleted file mode 100644 index b09e2fba2..000000000 --- a/lib/puppet/parser/functions/interface_for_ip.rb +++ /dev/null @@ -1,85 +0,0 @@ -require 'ipaddr' - -# Custom function to lookup the interface which matches the subnet -# of the provided IP address. -# The function iterates over all the interfaces and chooses the -# first locally assigned interface which matches the IP. -module Puppet::Parser::Functions - newfunction(:interface_for_ip, :type => :rvalue, :doc => "Find the bind IP address for the provided subnet.") do |arg| - if arg[0].class == String - begin - ip1 = IPAddr.new(arg[0]) - network_facts = lookupvar('networking') - Dir.foreach('/sys/class/net/') do |interface| - next if interface == '.' || interface == '..' - # puppet downcases fact names, interface names can have capitals but - # in facter 2.x they were lower case. In facter 3.x they can have - # capitals - iface_no_dash = interface.gsub('-', '_').downcase - - if ip1.ipv4? - ipaddress_name = "ipaddress_#{iface_no_dash}" - netmask_name = "netmask_#{iface_no_dash}" - facter_ip = 'ip' - facter_netmask = 'netmask' - else - ipaddress_name = "ipaddress6_#{iface_no_dash}" - netmask_name = "netmask6_#{iface_no_dash}" - facter_ip = 'ip6' - facter_netmask = 'netmask6' - end - - if network_facts.nil? or network_facts['interfaces'].nil? then - # facter 2 facts - interface_ip = lookupvar(ipaddress_name) - next if interface_ip.nil? - ip2 = IPAddr.new(interface_ip) - netmask = lookupvar(netmask_name) - return interface if ip1.mask(netmask) == ip2.mask(netmask) - else - # facter 3+ syntax: - # networking => { - # ... - # interfaces => { - # br-ctlplane => { - # bindings => [ - # { - # address => "192.168.24.1", - # netmask => "255.255.255.0", - # network => "192.168.24.0" - # } - # ], - # bindings6 => [ - # { - # address => "fe80::5054:ff:fe22:bac3", - # netmask => "ffff:ffff:ffff:ffff::", - # network => "fe80::" - # } - # ], - # ip => "192.168.24.1", - # ip6 => "fe80::5054:ff:fe22:bac3", - # mac => "52:54:00:22:ba:c3", - # mtu => 1500, - # netmask => "255.255.255.0", - # netmask6 => "ffff:ffff:ffff:ffff::", - # network => "192.168.24.0", - # network6 => "fe80::" - # }, - # }, - # ... - # } - next if network_facts['interfaces'][interface].nil? or network_facts['interfaces'][interface][facter_ip].nil? - ip2 = IPAddr.new(network_facts['interfaces'][interface][facter_ip]) - netmask = network_facts['interfaces'][interface][facter_netmask] - return interface if ip1.mask(netmask) == ip2.mask(netmask) - end - end - rescue IPAddr::InvalidAddressError => e - raise Puppet::ParseError, "#{e}: #{arg[0]}" - end - else - raise Puppet::ParseError, "Syntax error: #{arg[0]} must be a String" - end - return '' - end -end diff --git a/lib/puppet/parser/functions/local_fence_devices.rb b/lib/puppet/parser/functions/local_fence_devices.rb deleted file mode 100644 index 1ebce6713..000000000 --- a/lib/puppet/parser/functions/local_fence_devices.rb +++ /dev/null @@ -1,34 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:local_fence_devices, :arity =>2, :type => :rvalue, - :doc => ("Given an array of fence device configs, limit them" + - "to fence devices whose MAC address is present on" + - "some of the local NICs, and prepare a hash which can be" + - "passed to create_resources function")) do |args| - agent = args[0] - devices = args[1] - unless agent.is_a?(String) && agent.length > 0 - raise Puppet::ParseError, "local_fence_devices: Argument 'agent' must be a non-empty string. The value given was: #{agent_type}" - end - unless devices.is_a?(Array) - raise Puppet::ParseError, "local_fence_devices: Argument 'devices' must be an array. The value given was: #{devices}" - end - - # filter by agent type - agent_type_devices = devices.select { |device| device['agent'] == agent } - - # filter by local mac address - local_devices = agent_type_devices.select do |device| - function_has_interface_with(['macaddress', device['host_mac']]) - end - - # construct a hash for create_resources - return local_devices.each_with_object({}) do |device, hash| - # disallow collisions - if hash[device['host_mac']] - raise Puppet::ParseError, "local_fence_devices: Only single fence device per agent per host is allowed. Collision on #{device['host_mac']} for #{agent}" - end - - hash[device['host_mac']] = device['params'] || {} - end - end -end diff --git a/lib/puppet/provider/package/norpm.rb b/lib/puppet/provider/package/norpm.rb deleted file mode 100644 index abe178074..000000000 --- a/lib/puppet/provider/package/norpm.rb +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -require 'puppet' -require 'puppet/provider/package' - -Puppet::Type.type(:package).provide :norpm, :source => :rpm, :parent => :rpm do - desc "RPM packaging provider that does not install anything." - - has_feature :virtual_packages - - def latest - @resource.fail "'latest' is unsupported by this provider." - end - - def install - Puppet.warning("[norpm] Attempting to install #{name} but it will not be installed") - true - end - - def uninstall - Puppet.warning("[norpm] Attempting to uninstall #{name} but it will not be removed") - true - end - - def update - Puppet.warning("[norpm] Attempting to update #{name} but it will not be updated") - true - end - - def purge - Puppet.warning("[norpm] Attempting to purge #{name} but it will not be removed") - true - end - - def self.instances - return [] - end - -end diff --git a/manifests/config.pp b/manifests/config.pp deleted file mode 100644 index 9b8b12841..000000000 --- a/manifests/config.pp +++ /dev/null @@ -1,44 +0,0 @@ -# == Class: tripleo::config -# -# Configure services with Puppet -# -# === Parameters: -# -# [*configs*] -# (optional) Configuration to inject. -# Should be an hash. -# Default to lookup('param_config', {}) -# -# [*providers*] -# (optional) Filter the providers we want -# to use for config. -# Should be an array. -# Default to lookup('param_providers', Array[String], 'deep', []) -# -class tripleo::config( - $configs = lookup('param_config', {}), - $providers = lookup('param_providers', Array[String], 'deep', []), -) { - - if ! empty($configs) { - # Allow composable services to load their own configurations. - # Each service can load its config options by using this form: - # - # puppet_config: - # param_config: - # 'aodh_config': - # DEFAULT: - # foo: fooValue - # bar: barValue - $configs.each |$provider, $sections| { - if empty($providers) or ($provider in $providers) { - $sections.each |$section, $params| { - $params.each |$param, $value| { - create_resources($provider, {"${section}/${param}" => {'value' => $value }}) - } - } - } - } - } - -} diff --git a/manifests/fencing.pp b/manifests/fencing.pp deleted file mode 100644 index 416dc4620..000000000 --- a/manifests/fencing.pp +++ /dev/null @@ -1,222 +0,0 @@ -# == Class: tripleo::fencing -# -# Configure Pacemaker fencing devices for TripleO. -# -# === Parameters: -# -# [*config*] -# JSON config of fencing devices, using the following structure: -# { -# "devices": [ -# { -# "agent": "AGENT_NAME", -# "host_mac": "HOST_MAC_ADDRESS", -# "params": {"PARAM_NAME": "PARAM_VALUE"} -# } -# ] -# } -# For instance: -# { -# "devices": [ -# { -# "agent": "fence_xvm", -# "host_mac": "52:54:00:aa:bb:cc", -# "params": { -# "multicast_address": "225.0.0.12", -# "port": "baremetal_0", -# "manage_fw": true, -# "manage_key_file": true, -# "key_file": "/etc/fence_xvm.key", -# "key_file_password": "abcdef" -# } -# } -# ] -# } -# Defaults to {} -# -# [*tries*] -# Number of attempts when creating fence devices and constraints. -# Defaults to 10 -# -# [*try_sleep*] -# Delay (in seconds) between attempts when creating fence devices -# and constraints. -# Defaults to 3 -# -# [*deep_compare*] -# Enable deep comparing of resources and bundles -# When set to true a resource will be compared in full (options, meta parameters,..) -# to the existing one and in case of difference it will be repushed to the CIB -# Defaults to false -# -# [*update_settle_secs*] -# When deep_compare is enabled and puppet updates a resource, this -# parameter represents the number (in seconds) to wait for the cluster to settle -# after the resource update. -# Defaults to 600 (seconds) -# -# [*watchdog_timeout*] -# Only valid if sbd watchdog fencing is enabled. -# Pacemaker will assume unseen nodes self-fence within this much time. -# Defaults to 60 (seconds) -# -# [*enable_instanceha*] -# (Optional) Boolean driving the Instance HA controlplane configuration -# Defaults to lookup('tripleo::instanceha', undef, undef, false), -# -class tripleo::fencing( - $config = {}, - $tries = 10, - $try_sleep = 3, - $deep_compare = false, - $update_settle_secs = 600, - $watchdog_timeout = 60, - $enable_instanceha = lookup('tripleo::instanceha', undef, undef, false), -) { - $common_params = { - 'tries' => $tries, - 'try_sleep' => $try_sleep, - 'deep_compare' => $deep_compare, - 'update_settle_secs' => $update_settle_secs - } - - # check if instanceha is enabled - if member(lookup('compute_instanceha_short_node_names', undef, undef, []), downcase($::hostname)) { - $is_compute_instanceha_node = true - } else { - $is_compute_instanceha_node = false - } - - $content = $config['devices'] - - # check if the devices: section in fence.yaml contains levels. - # if it doesn't, assume level=1 and build a hash with the content. - $all_levels = $content ? { - Array => {'level1' => $content}, - default => $content - } - - # collect the number of stonith levels currently defined for this system - # and convert it to integer. - $local_levels = 0 + $facts['stonith_levels'] - - # if the number of levels defined on this system is greater than the number in hiera - # we need to delete the delta. - if $local_levels > $all_levels.length { - $begin = $all_levels.length + 1 - range("${begin}", "${local_levels}").each |$level|{ - pacemaker::stonith::level{ "stonith-${level}": - ensure => 'absent', - level => $level, - target => '$(/usr/sbin/crm_node -n)', - stonith_resources => [''], - tries => $tries, - try_sleep => $try_sleep, - } - } - } - - $all_levels.each |$index, $levelx_devices |{ - - $level = regsubst($index, 'level', '', 'G') - $all_devices = $levelx_devices - - $xvm_devices = local_fence_devices('fence_xvm', $all_devices) - create_resources('pacemaker::stonith::fence_xvm', $xvm_devices, $common_params) - - $ironic_devices = local_fence_devices('fence_ironic', $all_devices) - create_resources('pacemaker::stonith::fence_ironic', $ironic_devices, $common_params) - - $redfish_devices = local_fence_devices('fence_redfish', $all_devices) - create_resources('pacemaker::stonith::fence_redfish', $redfish_devices, $common_params) - - $ipmilan_devices = local_fence_devices('fence_ipmilan', $all_devices) - create_resources('pacemaker::stonith::fence_ipmilan', $ipmilan_devices, $common_params) - - $kdump_devices = local_fence_devices('fence_kdump', $all_devices) - create_resources('pacemaker::stonith::fence_kdump', $kdump_devices, $common_params) - - $kubevirt_devices = local_fence_devices('fence_kubevirt', $all_devices) - create_resources('pacemaker::stonith::fence_kubevirt', $kubevirt_devices, $common_params) - - $rhev_devices = local_fence_devices('fence_rhevm', $all_devices) - create_resources('pacemaker::stonith::fence_rhevm', $rhev_devices, $common_params) - - $ucs_devices = local_fence_devices('fence_cisco_ucs', $all_devices) - create_resources('pacemaker::stonith::fence_cisco_ucs', $ucs_devices, $common_params) - - $data = { - 'xvm' => $xvm_devices, 'ironic' => $ironic_devices, 'redfish' => $redfish_devices, - 'ipmilan' => $ipmilan_devices, 'kdump' => $kdump_devices, 'kubevirt' => $kubevirt_devices, - 'rhevm' => $rhev_devices, 'cisco_ucs' => $ucs_devices - } - - # let's store the number of stonith devices created for this server. - # this will be used to detect if there is a least one and fail if - # instance_ha is configured and puppet is running on a compute node. - $data_num = [ - length($ironic_devices), length($redfish_devices), - length($ipmilan_devices), length($kdump_devices), length($rhev_devices) - ] - - $sum = $data_num.reduce |$memo, $value| { $memo + $value } - - $data.each |$items| { - $driver = $items[0] - $driver_devices = $items[1] - - # if there is no valid stonith device and this is a compute-instanceha node we raise an exception - if $level == '1' and $sum == 0 and $enable_instanceha and $is_compute_instanceha_node { - fail('Instance HA requires at least one valid stonith device') - } - - if $driver_devices and length($driver_devices) == 1 { - $mac = keys($driver_devices)[0] - $safe_mac = regsubst($mac, ':', '', 'G') - if ($enable_instanceha and $is_compute_instanceha_node) { - $stonith_resources = [ "stonith-fence_${driver}-${safe_mac}", 'stonith-fence_compute-fence-nova' ] - } - else { - $stonith_resources = [ "stonith-fence_${driver}-${safe_mac}" ] - } - pacemaker::stonith::level{ "stonith-${level}-${safe_mac}": - level => $level, - target => '$(/usr/sbin/crm_node -n)', - stonith_resources => $stonith_resources, - tries => $tries, - try_sleep => $try_sleep, - } - Pcmk_stonith<||> -> Pcmk_stonith_level<||> - } - } - # we use the boostrap_node to create the watchdog resource and the stonith - # topology for all the nodes in the cluster, because the watchdog resource - # is not per-node but cluster-wide - $watchdog_devices = local_fence_devices('fence_watchdog', $all_devices) - if length($watchdog_devices) > 0 { - # check if this is the bootstrap node - if downcase($::hostname) == lookup('pacemaker_short_bootstrap_node_name') { - create_resources('pacemaker::stonith::fence_watchdog', $watchdog_devices, $common_params) - $stonith_resources = [ 'watchdog' ] - # if this is the boostrap node we set watchdog as levelX for all - # the pacemaker nodes - lookup('pacemaker_short_node_names').each |$node| { - pacemaker::stonith::level{ "stonith-${level}-watchdog-${node}": - level => $level, - target => $node, - stonith_resources => [ 'watchdog' ], - tries => $tries, - try_sleep => $try_sleep, - } - } - pacemaker::property { 'stonith-watchdog-timeout': - property => 'stonith-watchdog-timeout', - value => $watchdog_timeout, - tries => $tries, - } - Pcmk_property<||> -> Pcmk_stonith<||> -> Pcmk_stonith_level<||> - } - } - } -} - diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp deleted file mode 100644 index ca78efe2f..000000000 --- a/manifests/haproxy.pp +++ /dev/null @@ -1,1839 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::haproxy -# -# Configure HAProxy for TripleO. -# -# === Parameters: -# -# [*haproxy_service_manage*] -# Will be passed as value for service_manage to HAProxy module. -# Defaults to true -# -# [*haproxy_global_maxconn*] -# The value to use as maxconn in the HAProxy global config section. -# Defaults to 20480 -# -# [*haproxy_default_maxconn*] -# The value to use as maxconn in the HAProxy default config section. -# Defaults to 4096 -# -# [*haproxy_default_timeout*] -# The value to use as timeout in the HAProxy default config section. -# Defaults to [ 'http-request 10s', 'queue 2m', 'connect 10s', 'client 2m', 'server 2m', 'check 10s' ] -# -# [*haproxy_listen_bind_param*] -# A list of params to be added to the HAProxy listener bind directive. By -# default the 'transparent' param is added but it should be cleared if -# one of the *_virtual_ip addresses is a wildcard, eg. 0.0.0.0 -# Defaults to [ 'transparent' ] -# -# [*haproxy_member_options*] -# The default options to use for the HAProxy balancer members. -# Defaults to [ 'check', 'inter 2000', 'rise 2', 'fall 5' ] -# -# [*haproxy_log_address*] -# The IPv4, IPv6 or filesystem socket path of the syslog server. -# Defaults to '/dev/log' -# -# [*haproxy_log_facility*] -# The syslog facility for HAProxy. -# Defaults to 'local0' -# -# [*haproxy_globals_override*] -# HAProxy global option we can append to the default base set in this class. -# If you enter an already existing key, it will override the default. -# Defaults to {} -# -# [*haproxy_lb_mode_longrunning*] -# HAProxy LB mode to use with the services the clients of which may have the notion -# of the longrunning requests, like RPC or just API requests that take time. -# The HAProxy's default roundrobin balance algorithm can be replaced with it. -# Defaults to "leastconn". -# -# [*haproxy_defaults_override*] -# HAProxy defaults option we can append to the default base set in this class. -# If you enter an already existing key, it will override the default. -# Defaults to {} -# -# [*haproxy_daemon*] -# Should haproxy run in daemon mode or not -# Defaults to true -# -# [*haproxy_socket_access_level*] -# Access level for HAProxy socket. -# Can be "user" or "admin" -# Defaults to "user" -# -# [*controller_hosts*] -# IPs of host or group of hosts to load-balance the services -# Can be a string or an array. -# Defaults to lookup('controller_node_ips') -# -# [*controller_hosts_names*] -# Names of host or group of hosts to load-balance the services -# Can be a string or an array. -# Defaults to lookup('controller_node_names', undef, undef, undef) -# -# [*controller_virtual_ip*] -# Control IP or group of IPs to bind the pools -# Can be a string or an array. -# Defaults to undef -# -# [*public_virtual_ip*] -# Public IP or group of IPs to bind the pools -# Can be a string or an array. -# Defaults to undef -# -# [*use_backend_syntax*] -# (optional) When set to true, generate a config with frontend and -# backend sections, otherwise use listen sections. -# Defaults to lookup('haproxy_backend_syntax', undef, undef, false) -# -# [*haproxy_stats_user*] -# Username for haproxy stats authentication. -# A string. -# Defaults to 'admin' -# -# [*haproxy_stats_password*] -# Password for haproxy stats authentication. When set, authentication is -# enabled on the haproxy stats endpoint. -# A string. -# Defaults to undef -# -# [*haproxy_stats_bind_address*] -# Bind address for where the haproxy stats web interface should listen on in addition -# to the controller_virtual_ip -# A string.or an array -# Defaults to undef -# -# [*service_certificate*] -# Filename of an HAProxy-compatible certificate and key file -# When set, enables SSL on the public API endpoints using the specified file. -# Defaults to undef -# -# [*use_internal_certificates*] -# Flag that indicates if we'll use an internal certificate for this specific -# service. When set, enables SSL on the internal API endpoints using the file -# that certmonger is tracking; this is derived from the network the service is -# listening on. -# Defaults to false -# -# [*internal_certificates_specs*] -# A hash that should contain the specs that were used to create the -# certificates. As the name indicates, only the internal certificates will be -# fetched from here. And the keys should follow the following pattern -# "haproxy-". The network name should be as it was defined in -# tripleo-heat-templates. -# Note that this is only taken into account if the $use_internal_certificates -# flag is set. -# Defaults to {} -# -# [*enable_internal_tls*] -# A flag that indicates if the servers in the internal network are using TLS. -# This enables the 'ssl' option for the server members that are proxied. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*ssl_cipher_suite*] -# The default string describing the list of cipher algorithms ("cipher suite") -# that are negotiated during the SSL/TLS handshake for all "bind" lines. This -# value comes from the Fedora system crypto policy. -# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES' -# -# [*ssl_options*] -# String that sets the default ssl options to force on all "bind" lines. -# Defaults to 'no-sslv3 no-tlsv10' -# -# [*ca_bundle*] -# Path to the CA bundle to be used for HAProxy to validate the certificates of -# the servers it balances -# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' -# -# [*crl_file*] -# Path to the CRL file to be used for checking revoked certificates. -# Defaults to undef -# -# [*haproxy_stats_certificate*] -# Filename of an HAProxy-compatible certificate and key file -# When set, enables SSL on the haproxy stats endpoint using the specified file. -# Defaults to undef -# -# [*haproxy_stats*] -# (optional) Enable or not the haproxy stats interface -# Defaults to true -# -# [*keystone_admin*] -# (optional) Enable or not Keystone Admin API binding -# Defaults to lookup('keystone_enabled', undef, undef, false) -# -# [*keystone_public*] -# (optional) Enable or not Keystone Public API binding -# Defaults to lookup('keystone_enabled', undef, undef, false) -# -# [*neutron*] -# (optional) Enable or not Neutron API binding -# Defaults to lookup('neutron_api_enabled', undef, undef, false) -# -# [*cinder*] -# (optional) Enable or not Cinder API binding -# Defaults to lookup('cinder_api_enabled', undef, undef, false) -# -# [*manila*] -# (optional) Enable or not Manila API binding -# Defaults to lookup('manila_api_enabled', undef, undef, false) -# -# [*glance_api*] -# (optional) Enable or not Glance API binding -# Defaults to lookup('glance_api_enabled', undef, undef, false) -# -# [*glance_api_internal*] -# (optional) Enable or not Glance API (internal) binding -# Defaults to lookup('glance_api_internal_enabled', undef, undef, false) -# -# [*nova_osapi*] -# (optional) Enable or not Nova API binding -# Defaults to lookup('nova_api_enabled', undef, undef, false) -# -# [*placement*] -# (optional) Enable or not Placement API binding -# Defaults to lookup('placement_enabled', undef, undef, false) -# -# [*nova_metadata*] -# (optional) Enable or not Nova metadata binding -# Defaults to lookup('nova_metadata_enabled', undef, undef, false) -# -# [*nova_novncproxy*] -# (optional) Enable or not Nova novncproxy binding -# Defaults to lookup('nova_vnc_proxy_enabled', undef, undef, false) -# -# [*aodh*] -# (optional) Enable or not Aodh API binding -# Defaults to lookup('aodh_api_enabled', undef, undef, false) -# -# [*barbican*] -# (optional) Enable or not Barbican API binding -# Defaults to lookup('barbican_api_enabled', undef, undef, false) -# -# [*designate*] -# (optional) Enable or not Designate API binding -# Defaults to lookup('designate_api_enabled', undef, undef, false) -# -# [*metrics_qdr*] -# (optional) Enable or not Metrics QDR binding -# Defaults to lookup('metrics_qdr_enabled', undef, undef, false) -# -# [*gnocchi*] -# (optional) Enable or not Gnocchi API binding -# Defaults to lookup('gnocchi_api_enabled', undef, undef, false) -# -# [*swift_proxy_server*] -# (optional) Enable or not Swift API binding -# Defaults to lookup('swift_proxy_enabled', undef, undef, false) -# -# [*heat_api*] -# (optional) Enable or not Heat API binding -# Defaults to lookup('heat_api_enabled', undef, undef, false) -# -# [*heat_cfn*] -# (optional) Enable or not Heat CFN API binding -# Defaults to lookup('heat_api_cfn_enabled', undef, undef, false) -# -# [*horizon*] -# (optional) Enable or not Horizon dashboard binding -# Defaults to lookup('horizon_enabled', undef, undef, false) -# -# [*ironic*] -# (optional) Enable or not Ironic API binding -# Defaults to lookup('ironic_enabled', undef, undef, false) -# -# [*ironic_inspector*] -# (optional) Enable or not Ironic Inspector API binding -# Defaults to lookup('ironic_inspector_enabled', undef, undef, false) -# -# [*octavia*] -# (optional) Enable or not Octavia API binding -# Defaults to lookup('octavia_api_enabled', undef, undef, false) -# -# [*mysql*] -# (optional) Enable or not MySQL Galera binding -# Defaults to lookup('mysql_enabled', undef, undef, false) -# -# [*mysql_clustercheck*] -# (optional) Enable check via clustercheck for mysql -# Defaults to false -# -# [*mysql_max_conn*] -# (optional) Set the maxconn parameter for mysql -# Defaults to undef -# -# [*mysql_member_options*] -# The options to use for the mysql HAProxy balancer members. -# If this parameter is undefined, the actual value configured will depend -# on the value of $mysql_clustercheck. If cluster checking is enabled, -# the mysql member options will be: "['backup', 'port 9200', 'on-marked-down shutdown-sessions', 'check', 'inter 1s']" -# and if mysql cluster checking is disabled, the member options will be: "union($haproxy_member_options, ['backup'])" -# Defaults to undef -# -# [*mysql_custom_listen_options*] -# Hash to pass to the mysql haproxy listen stanza to be deepmerged with the other options -# Defaults to {} -# -# [*mysql_custom_frontend_options*] -# Hash to pass to the mysql haproxy frontend stanza to be deepmerged with the other options -# Defaults to {} -# -# [*mysql_custom_backend_options*] -# Hash to pass to the mysql haproxy backend stanza to be deepmerged with the other options -# Defaults to {} -# -# [*rabbitmq*] -# (optional) Enable or not RabbitMQ binding -# Defaults to false -# -# [*etcd*] -# (optional) Enable or not Etcd binding -# Defaults to lookup('etcd_enabled', undef, undef, false) -# -# [*docker_registry*] -# (optional) Enable or not the Docker Registry API binding -# Defaults to lookup('enable_docker_registry', undef, undef, false) -# -# [*redis*] -# (optional) Enable or not Redis binding -# Defaults to lookup('redis_enabled', undef, undef, false) -# -# [*redis_password*] -# (optional) Password for Redis authentication, eventually needed by the -# specific monitoring we do from HAProxy for Redis -# Defaults to undef -# -# [*ceph_rgw*] -# (optional) Enable or not Ceph RadosGW binding -# Defaults to lookup('ceph_rgw_enabled', undef, undef, false) -# -# [*ceph_grafana*] -# (optional) Enable or not Ceph Grafana dashboard binding -# Defaults to lookup('ceph_grafana_enabled', undef, undef, false) -# -# [*ceph_dashboard*] -# (optional) Enable or not Ceph Dashboard binding -# Defaults to lookup('ceph_grafana_enabled', undef, undef, false) -# -# [*ovn_dbs*] -# (optional) Enable or not OVN northd binding -# Defaults to lookup('ovn_dbs_enabled', undef, undef, false) -# -# [*ovn_dbs_manage_lb*] -# (optional) Whether or not haproxy should configure OVN dbs for load balancing -# if ovn_dbs is enabled. -# Defaults to false -# -# [*aodh_network*] -# (optional) Specify the network aodh is running on. -# Defaults to lookup('aodh_api_network', undef, undef, undef) -# -# [*barbican_network*] -# (optional) Specify the network barbican is running on. -# Defaults to lookup('barbican_api_network', undef, undef, undef) -# -# [*ceph_rgw_network*] -# (optional) Specify the network ceph_rgw is running on. -# Defaults to lookup('ceph_rgw_network', undef, undef, undef) -# -# [*ceph_grafana_network*] -# (optional) Specify the network ceph_grafana is running on. -# Defaults to lookup('ceph_grafana_network', undef, undef, undef) -# -# [*ceph_dashboard_network*] -# (optional) Specify the network ceph_dashboard is running on. -# Defaults to lookup('ceph_dashboard_network', undef, undef, undef) -# -# [*cinder_network*] -# (optional) Specify the network cinder is running on. -# Defaults to lookup('cinder_api_network', undef, undef, undef) -# -# [*designate_network*] -# (optional) Specify the network designate is running on. -# Defaults to lookup('designate_api_network', undef, undef, undef) -# -# [*metrics_qdr_network*] -# (optional) Specify the network metrics_qdr is running on. -# Defaults to lookup('metrics_qdr_network', undef, undef, undef) -# -# [*docker_registry_network*] -# (optional) Specify the network docker-registry is running on. -# Defaults to lookup('docker_registry_network', undef, undef, undef) -# -# [*glance_api_network*] -# (optional) Specify the network glance_api is running on. -# Defaults to lookup('glance_api_network', undef, undef, undef) -# -# [*gnocchi_network*] -# (optional) Specify the network gnocchi is running on. -# Defaults to lookup('gnocchi_api_network', undef, undef, undef) -# -# [*heat_api_network*] -# (optional) Specify the network heat_api is running on. -# Defaults to lookup('heat_api_network', undef, undef, undef) -# -# [*heat_cfn_network*] -# (optional) Specify the network heat_cfn is running on. -# Defaults to lookup('heat_api_cfn_network', undef, undef, undef) -# -# [*horizon_network*] -# (optional) Specify the network horizon is running on. -# Defaults to lookup('horizon_network', undef, undef, undef) -# -# [*ironic_inspector_network*] -# (optional) Specify the network ironic_inspector is running on. -# Defaults to lookup('ironic_inspector_network', undef, undef, undef) -# -# [*ironic_network*] -# (optional) Specify the network ironic is running on. -# Defaults to lookup('ironic_api_network', undef, undef, undef) -# -# [*keystone_admin_network*] -# (optional) Specify the network keystone_admin is running on. -# Defaults to lookup('keystone_network', undef, undef, undef) -# -# [*keystone_public_network*] -# (optional) Specify the network keystone_public is running on. -# Defaults to lookup('keystone_network', undef, undef, undef) -# -# [*keystone_sticky_sessions*] -# (optional) Use cookie-based session persistence for the Keystone -# public API. -# Defaults to lookup('keystone_sticky_sessions', undef, undef, false) -# -# [*keystone_session_cookie*] -# (optional) Use a specified name for the Keystone sticky session cookie. -# Defaults to lookup('keystone_session_cookie', undef, undef, 'KEYSTONESESSION') -# -# [*manila_network*] -# (optional) Specify the network manila is running on. -# Defaults to lookup('manila_api_network', undef, undef, undef) -# -# [*neutron_network*] -# (optional) Specify the network neutron is running on. -# Defaults to lookup('neutron_api_network', undef, undef, undef) -# -# [*nova_metadata_network*] -# (optional) Specify the network nova_metadata is running on. -# Defaults to lookup('nova_metadata_network', undef, undef, undef) -# -# [*nova_novncproxy_network*] -# (optional) Specify the network nova_novncproxy is running on. -# Defaults to lookup('nova_vnc_proxy_network', undef, undef, lookup('nova_libvirt_network', undef, undef, undef)) -# -# [*nova_osapi_network*] -# (optional) Specify the network nova_osapi is running on. -# Defaults to lookup('nova_api_network', undef, undef, undef) -# -# [*placement_network*] -# (optional) Specify the network placement is running on. -# Defaults to lookup('placement_network', undef, undef, undef) -# -# [*etcd_network*] -# (optional) Specify the network etcd is running on. -# Defaults to lookup('etcd_network', undef, undef, undef) -# -# [*octavia_network*] -# (optional) Specify the network octavia is running on. -# Defaults to lookup('octavia_api_network', undef, undef, undef) -# -# [*ovn_dbs_network*] -# (optional) Specify the network ovn_dbs is running on. -# Defaults to lookup('ovn_dbs_network', undef, undef, undef) -# -# [*swift_proxy_server_network*] -# (optional) Specify the network swift_proxy_server is running on. -# Defaults to lookup('swift_proxy_network', undef, undef, undef) -# -# [*designate_mdns_proxy_baseport*] -# (optional) Specify the base port value for the external->internal -# proxies used for external DNS integration with designate workers. -# Defaults to lookup('designate_mdns_public_port_start', undef, undef, 16000) -# -# [*service_ports*] -# (optional) Hash that contains the values to override from the service ports -# The available keys to modify the services' ports are: -# 'aodh_api_port' (Defaults to 8042) -# 'aodh_api_ssl_port' (Defaults to 13042) -# 'barbican_api_port' (Defaults to 9311) -# 'barbican_api_ssl_port' (Defaults to 13311) -# 'cinder_api_port' (Defaults to 8776) -# 'cinder_api_ssl_port' (Defaults to 13776) -# 'docker_registry_port' (Defaults to 8787) -# 'docker_registry_ssl_port' (Defaults to 13787) -# 'glance_api_port' (Defaults to 9292) -# 'glance_api_internal_port' (Defaults to 9293) -# 'glance_api_ssl_port' (Defaults to 13292) -# 'gnocchi_api_port' (Defaults to 8041) -# 'gnocchi_api_ssl_port' (Defaults to 13041) -# 'heat_api_port' (Defaults to 8004) -# 'heat_api_ssl_port' (Defaults to 13004) -# 'heat_cfn_port' (Defaults to 8000) -# 'heat_cfn_ssl_port' (Defaults to 13005) -# 'ironic_api_port' (Defaults to 6385) -# 'ironic_api_ssl_port' (Defaults to 13385) -# 'ironic_inspector_port' (Defaults to 5050) -# 'ironic_inspector_ssl_port' (Defaults to 13050) -# 'keystone_admin_api_port' (Defaults to 35357) -# 'keystone_public_api_port' (Defaults to 5000) -# 'keystone_public_api_ssl_port' (Defaults to 13000) -# 'manila_api_port' (Defaults to 8786) -# 'manila_api_ssl_port' (Defaults to 13786) -# 'metrics_qdr_port' (Defaults to 5666) -# 'neutron_api_port' (Defaults to 9696) -# 'neutron_api_ssl_port' (Defaults to 13696) -# 'nova_api_port' (Defaults to 8774) -# 'nova_api_ssl_port' (Defaults to 13774) -# 'nova_metadata_port' (Defaults to 8775) -# 'nova_novnc_port' (Defaults to 6080) -# 'nova_novnc_ssl_port' (Defaults to 13080) -# 'octavia_api_port' (Defaults to 9876) -# 'octavia_api_ssl_port' (Defaults to 13876) -# 'placement_port' (Defaults to 8778) -# 'placement_ssl_port' (Defaults to 13778) -# 'ovn_nbdb_port' (Defaults to 6641) -# 'ovn_nbdb_ssl_port' (Defaults to 13641) -# 'ovn_sbdb_port' (Defaults to 6642) -# 'ovn_sbdb_ssl_port' (Defaults to 13642) -# 'swift_proxy_port' (Defaults to 8080) -# 'swift_proxy_ssl_port' (Defaults to 13808) -# 'ceph_rgw_port' (Defaults to 8080) -# 'ceph_rgw_ssl_port' (Defaults to 13808) -# 'ceph_grafana_port' (Defaults to 3100) -# 'ceph_grafana_ssl_port' (Defaults to 3100) -# 'ceph_dashboard_port' (Defaults to 8444) -# 'ceph_dashboard_ssl_port' (Defaults to 8444) -# Defaults to {} -# -# DEPRECATED PARAMETERS -# -# [*activate_httplog*] -# This parameter has been deprecated and has no effect. -# Defaults to undef -# -class tripleo::haproxy ( - $controller_virtual_ip, - $public_virtual_ip, - $use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false), - $haproxy_service_manage = true, - $haproxy_global_maxconn = 20480, - $haproxy_default_maxconn = 4096, - $haproxy_default_timeout = [ 'http-request 10s', 'queue 2m', 'connect 10s', 'client 2m', 'server 2m', 'check 30s' ], - $haproxy_listen_bind_param = [ 'transparent' ], - $haproxy_member_options = [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], - $haproxy_log_address = '/dev/log', - $haproxy_log_facility = 'local0', - $haproxy_globals_override = {}, - $haproxy_defaults_override = {}, - $haproxy_lb_mode_longrunning = 'leastconn', - $haproxy_daemon = true, - $haproxy_socket_access_level = 'user', - $haproxy_stats_user = 'admin', - $haproxy_stats_password = undef, - $haproxy_stats_bind_address = undef, - $controller_hosts = lookup('controller_node_ips'), - $controller_hosts_names = lookup('controller_node_names', undef, undef, undef), - $service_certificate = undef, - $use_internal_certificates = false, - $internal_certificates_specs = {}, - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $ssl_cipher_suite = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES', - $ssl_options = 'no-sslv3 no-tlsv10', - $ca_bundle = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', - $crl_file = undef, - $haproxy_stats_certificate = undef, - $haproxy_stats = true, - $keystone_admin = lookup('keystone_enabled', undef, undef, false), - $keystone_public = lookup('keystone_enabled', undef, undef, false), - $neutron = lookup('neutron_api_enabled', undef, undef, false), - $cinder = lookup('cinder_api_enabled', undef, undef, false), - $manila = lookup('manila_api_enabled', undef, undef, false), - $glance_api = lookup('glance_api_enabled', undef, undef, false), - $glance_api_internal = lookup('glance_api_internal_enabled', undef, undef, false), - $nova_osapi = lookup('nova_api_enabled', undef, undef, false), - $placement = lookup('placement_enabled', undef, undef, false), - $nova_metadata = lookup('nova_metadata_enabled', undef, undef, false), - $nova_novncproxy = lookup('nova_vnc_proxy_enabled', undef, undef, false), - $aodh = lookup('aodh_api_enabled', undef, undef, false), - $barbican = lookup('barbican_api_enabled', undef, undef, false), - $ceph_grafana = lookup('ceph_grafana_enabled', undef, undef, false), - $ceph_dashboard = lookup('ceph_grafana_enabled', undef, undef, false), - $gnocchi = lookup('gnocchi_api_enabled', undef, undef, false), - $swift_proxy_server = lookup('swift_proxy_enabled', undef, undef, false), - $heat_api = lookup('heat_api_enabled', undef, undef, false), - $heat_cfn = lookup('heat_api_cfn_enabled', undef, undef, false), - $horizon = lookup('horizon_enabled', undef, undef, false), - $ironic = lookup('ironic_api_enabled', undef, undef, false), - $ironic_inspector = lookup('ironic_inspector_enabled', undef, undef, false), - $octavia = lookup('octavia_api_enabled', undef, undef, false), - $designate = lookup('designate_api_enabled', undef, undef, false), - $metrics_qdr = lookup('metrics_qdr_enabled', undef, undef, false), - $mysql = lookup('mysql_enabled', undef, undef, false), - $mysql_clustercheck = false, - $mysql_max_conn = undef, - $mysql_member_options = undef, - $mysql_custom_listen_options = {}, - $mysql_custom_frontend_options = {}, - $mysql_custom_backend_options = {}, - $rabbitmq = false, - $etcd = lookup('etcd_enabled', undef, undef, false), - $docker_registry = lookup('enable_docker_registry', undef, undef, false), - $redis = lookup('redis_enabled', undef, undef, false), - $redis_password = undef, - $ceph_rgw = lookup('ceph_rgw_enabled', undef, undef, false), - $ovn_dbs = lookup('ovn_dbs_enabled', undef, undef, false), - $ovn_dbs_manage_lb = false, - $aodh_network = lookup('aodh_api_network', undef, undef, undef), - $barbican_network = lookup('barbican_api_network', undef, undef, false), - $ceph_rgw_network = lookup('ceph_rgw_network', undef, undef, undef), - $cinder_network = lookup('cinder_api_network', undef, undef, undef), - $designate_network = lookup('designate_api_network', undef, undef, undef), - $metrics_qdr_network = lookup('metrics_qdr_network', undef, undef, undef), - $docker_registry_network = lookup('docker_registry_network', undef, undef, undef), - $glance_api_network = lookup('glance_api_network', undef, undef, undef), - $gnocchi_network = lookup('gnocchi_api_network', undef, undef, undef), - $heat_api_network = lookup('heat_api_network', undef, undef, undef), - $ceph_grafana_network = lookup('ceph_grafana_network', undef, undef, undef), - $ceph_dashboard_network = lookup('ceph_dashboard_network', undef, undef, undef), - $heat_cfn_network = lookup('heat_api_cfn_network', undef, undef, undef), - $horizon_network = lookup('horizon_network', undef, undef, undef), - $ironic_inspector_network = lookup('ironic_inspector_network', undef, undef, undef), - $ironic_network = lookup('ironic_api_network', undef, undef, undef), - $keystone_admin_network = lookup('keystone_admin_api_network', undef, undef, undef), - $keystone_public_network = lookup('keystone_public_api_network', undef, undef, undef), - $keystone_sticky_sessions = lookup('keystone_sticky_sessions', undef, undef, false), - $keystone_session_cookie = lookup('keystone_session_cookie,', undef, undef, 'KEYSTONESESSION'), - $manila_network = lookup('manila_api_network', undef, undef, undef), - $neutron_network = lookup('neutron_api_network', undef, undef, undef), - $nova_metadata_network = lookup('nova_metadata_network', undef, undef, undef), - $nova_novncproxy_network = lookup('nova_vnc_proxy_network', undef, undef, lookup('nova_libvirt_network', undef, undef, undef)), - $nova_osapi_network = lookup('nova_api_network', undef, undef, undef), - $placement_network = lookup('placement_network', undef, undef, undef), - $octavia_network = lookup('octavia_api_network', undef, undef, undef), - $ovn_dbs_network = lookup('ovn_dbs_network', undef, undef, undef), - $etcd_network = lookup('etcd_network', undef, undef, undef), - $swift_proxy_server_network = lookup('swift_proxy_network', undef, undef, undef), - $designate_mdns_proxy_baseport = lookup('designate_mdns_public_port_start', undef, undef, 16000), - $service_ports = {}, - # DEPRECATED PARAMETERS - $activate_httplog = undef -) { - - if $activate_httplog != undef { - warning('The activate_httplog parameter has been deprecated and has no effect') - } - - $default_service_ports = { - aodh_api_port => 8042, - aodh_api_ssl_port => 13042, - barbican_api_port => 9311, - barbican_api_ssl_port => 13311, - cinder_api_port => 8776, - cinder_api_ssl_port => 13776, - designate_api_port => 9001, - designate_api_ssl_port => 13001, - docker_registry_port => 8787, - docker_registry_ssl_port => 13787, - etcd_port => 2379, - glance_api_port => 9292, - glance_api_internal_port => 9293, - glance_api_ssl_port => 13292, - gnocchi_api_port => 8041, - gnocchi_api_ssl_port => 13041, - heat_api_port => 8004, - heat_api_ssl_port => 13004, - heat_cfn_port => 8000, - heat_cfn_ssl_port => 13005, - ironic_api_port => 6385, - ironic_api_ssl_port => 13385, - ironic_inspector_port => 5050, - ironic_inspector_ssl_port => 13050, - keystone_admin_api_port => 35357, - keystone_public_api_port => 5000, - keystone_public_api_ssl_port => 13000, - manila_api_port => 8786, - manila_api_ssl_port => 13786, - metrics_qdr_port => 5666, - neutron_api_port => 9696, - neutron_api_ssl_port => 13696, - nova_api_port => 8774, - nova_api_ssl_port => 13774, - nova_metadata_port => 8775, - nova_novnc_port => 6080, - nova_novnc_ssl_port => 13080, - octavia_api_port => 9876, - octavia_api_ssl_port => 13876, - placement_port => 8778, - placement_ssl_port => 13778, - ovn_nbdb_port => 6641, - ovn_nbdb_ssl_port => 13641, - ovn_sbdb_port => 6642, - ovn_sbdb_ssl_port => 13642, - swift_proxy_port => 8080, - swift_proxy_ssl_port => 13808, - ceph_rgw_port => 8080, - ceph_rgw_ssl_port => 13808, - ceph_grafana_port => 3100, - ceph_grafana_ssl_port => 3100, - ceph_prometheus_port => 9092, - ceph_prometheus_ssl_port => 9092, - ceph_alertmanager_port => 9093, - ceph_alertmanager_ssl_port => 9093, - ceph_dashboard_port => 8444, - ceph_dashboard_ssl_port => 8444, - } - $ports = merge($default_service_ports, $service_ports) - - if $enable_internal_tls { - $base_internal_tls_member_options = ['ssl', 'verify required', "ca-file ${ca_bundle}"] - - if $crl_file { - $internal_tls_member_options = concat($base_internal_tls_member_options, "crl-file ${crl_file}") - } else { - $internal_tls_member_options = $base_internal_tls_member_options - } - Haproxy::Balancermember { - verifyhost => true - } - } else { - $internal_tls_member_options = [] - } - - $controller_hosts_real = any2array(split($controller_hosts, ',')) - if ! $controller_hosts_names { - $controller_hosts_names_real = $controller_hosts_real - } else { - $controller_hosts_names_real = downcase(any2array(split($controller_hosts_names, ','))) - } - - $mysql_vip = lookup('mysql_vip', undef, undef, $controller_virtual_ip) - $mysql_bind_opts = { - "${mysql_vip}:3306" => $haproxy_listen_bind_param, - } - - $rabbitmq_vip = lookup('rabbitmq_vip', undef, undef, $controller_virtual_ip) - $rabbitmq_bind_opts = { - "${rabbitmq_vip}:5672" => $haproxy_listen_bind_param, - } - - - $haproxy_global_options = { - 'log' => "${haproxy_log_address} ${haproxy_log_facility}", - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'maxconn' => $haproxy_global_maxconn, - 'ssl-default-bind-ciphers' => $ssl_cipher_suite, - 'ssl-default-bind-options' => $ssl_options, - 'stats' => [ - "socket /var/lib/haproxy/stats mode 600 level ${haproxy_socket_access_level}", - 'timeout 2m' - ], - } - if $haproxy_daemon == true { - $haproxy_daemonize = { - 'daemon' => '', - } - } else { - $haproxy_daemonize = {} - } - - $haproxy_defaults_options = { - 'mode' => 'tcp', - 'log' => 'global', - 'retries' => '3', - 'timeout' => $haproxy_default_timeout, - 'maxconn' => $haproxy_default_maxconn, - } - - class { 'haproxy': - service_manage => $haproxy_service_manage, - global_options => merge($haproxy_global_options, $haproxy_daemonize, $haproxy_globals_override), - defaults_options => merge($haproxy_defaults_options, $haproxy_defaults_override), - } - - - # NOTE(bogdando): the rule is: *log is only needed for frontend usually, - # but tcpka and other "durability" related options should be set for both - # sides, based on a service case by case. - $default_frontend_options = { - 'option' => [ 'httplog', 'forwardfor'], - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }', - 'set-header X-Forwarded-Port %[dst_port]'], - } - $default_backend_options = { - 'option' => [ 'httpchk' ], - } - $default_listen_options = merge_hash_values($default_frontend_options, - $default_backend_options) - Tripleo::Haproxy::Endpoint { - haproxy_listen_bind_param => $haproxy_listen_bind_param, - member_options => $haproxy_member_options, - public_certificate => $service_certificate, - use_internal_certificates => $use_internal_certificates, - internal_certificates_specs => $internal_certificates_specs, - listen_options => $default_listen_options, - frontend_options => $default_frontend_options, - backend_options => $default_backend_options, - } - - $service_names = lookup('enabled_services', undef, undef, []) - tripleo::haproxy::service_endpoints { $service_names: } - - if $haproxy_stats { - if $haproxy_stats_certificate { - $haproxy_stats_certificate_real = $haproxy_stats_certificate - } elsif $use_internal_certificates { - # NOTE(jaosorior): Right now it's hardcoded to use the ctlplane network - $haproxy_stats_certificate_real = $internal_certificates_specs["haproxy-ctlplane"]['service_pem'] - } else { - $haproxy_stats_certificate_real = undef - } - $haproxy_stats_ips_raw = union(any2array($controller_virtual_ip), any2array($haproxy_stats_bind_address)) - $haproxy_stats_ips = delete_undef_values($haproxy_stats_ips_raw) - - class { 'tripleo::haproxy::stats': - haproxy_listen_bind_param => $haproxy_listen_bind_param, - ip => $haproxy_stats_ips, - password => $haproxy_stats_password, - certificate => $haproxy_stats_certificate_real, - user => $haproxy_stats_user, - } - } - - $keystone_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ] - } - $keystone_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ] - } - $keystone_listen_opts = merge_hash_values($keystone_frontend_opts, - $keystone_backend_opts) - if $keystone_admin { - # NOTE(jaosorior): Given that the admin endpoint is in the same vhost - # nowadays as the public/internal one. We can just loadbalance towards the - # same IP. - ::tripleo::haproxy::endpoint { 'keystone_admin': - internal_ip => lookup('keystone_admin_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[keystone_public_api_port], - haproxy_port => $ports[keystone_admin_api_port], - ip_addresses => lookup('keystone_public_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('keystone_public_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $keystone_listen_opts), - frontend_options => merge($default_frontend_options, $keystone_frontend_opts), - backend_options => merge($default_backend_options, $keystone_backend_opts), - service_network => $keystone_admin_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $keystone_public { - ::tripleo::haproxy::endpoint { 'keystone_public': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('keystone_public_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[keystone_public_api_port], - ip_addresses => lookup('keystone_public_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('keystone_public_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $keystone_listen_opts), - frontend_options => merge($default_frontend_options, $keystone_frontend_opts), - backend_options => merge($default_backend_options, $keystone_backend_opts), - public_ssl_port => $ports[keystone_public_api_ssl_port], - service_network => $keystone_public_network, - sticky_sessions => $keystone_sticky_sessions, - session_cookie => $keystone_session_cookie, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $neutron { - $neutron_frontend_opts = { - 'timeout client' => '10m', - 'option' => [ 'httplog', 'forwardfor' ] - } - $neutron_backend_opts = { - 'timeout server' => '10m', - 'balance' => $haproxy_lb_mode_longrunning, - 'option' => [ 'httpchk GET /healthcheck' ] - } - $neutron_listen_opts = merge_hash_values($neutron_frontend_opts, - $neutron_backend_opts) - ::tripleo::haproxy::endpoint { 'neutron': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('neutron_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[neutron_api_port], - ip_addresses => lookup('neutron_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('neutron_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $neutron_listen_opts), - frontend_options => merge($default_frontend_options, $neutron_frontend_opts), - backend_options => merge($default_backend_options, $neutron_backend_opts), - public_ssl_port => $ports[neutron_api_ssl_port], - service_network => $neutron_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $cinder { - $cinder_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $cinder_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - 'balance' => $haproxy_lb_mode_longrunning, - } - $cinder_listen_opts = merge_hash_values($cinder_frontend_opts, - $cinder_backend_opts) - ::tripleo::haproxy::endpoint { 'cinder': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('cinder_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[cinder_api_port], - ip_addresses => lookup('cinder_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('cinder_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $cinder_listen_opts), - frontend_options => merge($default_frontend_options, $cinder_frontend_opts), - backend_options => merge($default_backend_options, $cinder_backend_opts), - public_ssl_port => $ports[cinder_api_ssl_port], - service_network => $cinder_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $manila { - $manila_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $manila_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $manila_listen_opts = merge_hash_values($manila_frontend_opts, - $manila_backend_opts) - ::tripleo::haproxy::endpoint { 'manila': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('manila_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[manila_api_port], - ip_addresses => lookup('manila_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('manila_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $manila_listen_opts), - frontend_options => merge($default_frontend_options, $manila_frontend_opts), - backend_options => merge($default_backend_options, $manila_backend_opts), - public_ssl_port => $ports[manila_api_ssl_port], - service_network => $manila_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $glance_api { - $glance_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $glance_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $glance_listen_opts = merge_hash_values($glance_frontend_opts, - $glance_backend_opts) - ::tripleo::haproxy::endpoint { 'glance_api': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('glance_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[glance_api_port], - ip_addresses => lookup('glance_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('glance_api_node_names', undef, undef, $controller_hosts_names_real), - public_ssl_port => $ports[glance_api_ssl_port], - mode => 'http', - listen_options => merge($default_listen_options, $glance_listen_opts), - frontend_options => merge($default_frontend_options, $glance_frontend_opts), - backend_options => merge($default_backend_options, $glance_backend_opts), - service_network => $glance_api_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $glance_api_internal { - $glance_internal_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $glance_internal_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $glance_internal_listen_opts = merge_hash_values($glance_internal_frontend_opts, - $glance_internal_backend_opts) - - # The glance_api_internal service uses the same network and internal VIP as the - # glance_api service. There is no public VIP (that's handled by the glance_api service). - ::tripleo::haproxy::endpoint { 'glance_api_internal': - internal_ip => lookup('glance_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[glance_api_internal_port], - ip_addresses => lookup('glance_api_internal_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('glance_api_internal_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $glance_internal_listen_opts), - frontend_options => merge($default_frontend_options, $glance_internal_frontend_opts), - backend_options => merge($default_backend_options, $glance_internal_backend_opts), - service_network => $glance_api_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $ceph_grafana { - if $enable_internal_tls { - $ceph_grafana_tls_member_options = ['ssl check verify none'] - } else { - $ceph_grafana_tls_member_options = [] - } - ::tripleo::haproxy::endpoint { 'ceph_grafana': - internal_ip => lookup('ceph_dashboard_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ceph_grafana_port], - ip_addresses => lookup('ceph_grafana_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ceph_grafana_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[ceph_grafana_ssl_port], - listen_options => merge($default_listen_options, { - 'option' => [ 'httpchk HEAD /', 'httplog', 'forwardfor' ], - 'balance' => 'source', - }), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, { - 'option' => [ 'httpchk HEAD /' ], - 'balance' => 'source', - }), - service_network => $ceph_grafana_network, - member_options => union($haproxy_member_options, $ceph_grafana_tls_member_options), - } - ::tripleo::haproxy::endpoint { 'ceph_prometheus': - internal_ip => lookup('ceph_grafana_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ceph_prometheus_port], - ip_addresses => lookup('ceph_grafana_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ceph_grafana_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[ceph_prometheus_ssl_port], - listen_options => merge($default_listen_options, { - 'option' => [ 'httpchk GET /metrics', 'httplog', 'forwardfor' ], - 'balance' => 'source', - }), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, { - 'option' => [ 'httpchk GET /metrics' ], - 'balance' => 'source', - }), - service_network => $ceph_grafana_network, - member_options => $haproxy_member_options, - } - ::tripleo::haproxy::endpoint { 'ceph_alertmanager': - internal_ip => lookup('ceph_grafana_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ceph_alertmanager_port], - ip_addresses => lookup('ceph_grafana_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ceph_grafana_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[ceph_alertmanager_ssl_port], - listen_options => merge($default_listen_options, { - 'option' => [ 'httpchk GET /', 'httplog', 'forwardfor' ], - 'balance' => 'source', - }), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, { - 'option' => [ 'httpchk GET /' ], - 'balance' => 'source', - }), - service_network => $ceph_grafana_network, - member_options => $haproxy_member_options, - } - } - - if $ceph_dashboard { - if $enable_internal_tls { - $ceph_dashboard_tls_member_options = ['ssl check verify none'] - } else { - $ceph_dashboard_tls_member_options = [] - } - $ceph_dashboard_backend_opts = { - 'option' => [ 'httpchk HEAD /' ], - 'balance' => 'source', - 'http-check' => 'expect rstatus 2[0-9][0-9]', - } - $ceph_dashboard_listen_opts = merge_hash_values($default_frontend_options, - $ceph_dashboard_backend_opts) - ::tripleo::haproxy::endpoint { 'ceph_dashboard': - internal_ip => lookup('ceph_dashboard_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ceph_dashboard_port], - ip_addresses => lookup('ceph_grafana_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ceph_grafana_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[ceph_dashboard_ssl_port], - listen_options => merge($default_listen_options, $ceph_dashboard_listen_opts), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, $ceph_dashboard_backend_opts), - service_network => $ceph_dashboard_network, - member_options => union($haproxy_member_options, $ceph_dashboard_tls_member_options), - } - } - - $nova_api_vip = lookup('nova_api_vip', undef, undef, $controller_virtual_ip) - if $nova_osapi { - # NOTE(tkajinam): Nova doesn't provide healthcheck API - ::tripleo::haproxy::endpoint { 'nova_osapi': - public_virtual_ip => $public_virtual_ip, - internal_ip => $nova_api_vip, - service_port => $ports[nova_api_port], - ip_addresses => lookup('nova_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('nova_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[nova_api_ssl_port], - service_network => $nova_osapi_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - $placement_vip = lookup('placement_vip', undef, undef, $controller_virtual_ip) - if $placement { - # NOTE(tkajinam): Placement doesn't provide healthcheck API - ::tripleo::haproxy::endpoint { 'placement': - public_virtual_ip => $public_virtual_ip, - internal_ip => $placement_vip, - service_port => $ports[placement_port], - ip_addresses => lookup('placement_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('placement_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[placement_ssl_port], - service_network => $placement_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $nova_metadata { - # NOTE(tkajinam): Nova doesn't provide healthcheck API - if lookup('nova_is_additional_cell', undef, undef, undef) { - $nova_metadata_server_names_real = lookup('nova_metadata_cell_node_names', undef, undef, $controller_hosts_names_real) - } else { - $nova_metadata_server_names_real = lookup('nova_metadata_node_names', undef, undef, $controller_hosts_names_real) - } - $nova_metadata_backend_opts = { - 'balance' => 'source', - 'hash-type' => 'consistent', - } - $nova_metadata_listen_opts = merge_hash_values($default_listen_options, - $nova_metadata_backend_opts) - ::tripleo::haproxy::endpoint { 'nova_metadata': - internal_ip => lookup('nova_metadata_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[nova_metadata_port], - ip_addresses => lookup('nova_metadata_node_ips', undef, undef, $controller_hosts_real), - server_names => $nova_metadata_server_names_real, - mode => 'http', - service_network => $nova_metadata_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - listen_options => merge($default_listen_options, $nova_metadata_listen_opts), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, $nova_metadata_backend_opts), - } - } - - $nova_vnc_proxy_vip = lookup('nova_vnc_proxy_vip', undef, undef, $controller_virtual_ip) - if $nova_novncproxy { - # NOTE(tkajinam): Nova-VNCProxy doesn't provide healthcheck API - if $enable_internal_tls { - # we need to make sure we use ssl for checks. - $haproxy_member_options_real = delete($haproxy_member_options, 'check') - $novncproxy_ssl_member_options = ['check-ssl'] - } else { - $haproxy_member_options_real = $haproxy_member_options - $novncproxy_ssl_member_options = [] - } - if lookup('nova_is_additional_cell', undef, undef, undef) { - $novncproxy_server_names_real = lookup('nova_vnc_proxy_cell_node_names', undef, undef, $controller_hosts_names_real) - } else { - $novncproxy_server_names_real = lookup('nova_vnc_proxy_node_names', undef, undef, $controller_hosts_names_real) - } - $nova_vncproxy_frontend_opts = { - 'option' => [ 'tcpka', 'tcplog' ], - } - $nova_vncproxy_backend_opts = { - 'option' => [ 'tcpka' ], - 'balance' => 'source', - 'timeout' => [ 'tunnel 1h' ], - } - $nova_vncproxy_listen_opts = merge_hash_values($nova_vncproxy_frontend_opts, - $nova_vncproxy_backend_opts) - ::tripleo::haproxy::endpoint { 'nova_novncproxy': - public_virtual_ip => $public_virtual_ip, - internal_ip => $nova_vnc_proxy_vip, - service_port => $ports[nova_novnc_port], - ip_addresses => lookup('nova_vnc_proxy_node_ips', undef, undef, $controller_hosts_real), - server_names => $novncproxy_server_names_real, - mode => 'http', - listen_options => merge($default_listen_options, $nova_vncproxy_listen_opts), - frontend_options => merge($default_frontend_options, $nova_vncproxy_frontend_opts), - backend_options => merge($default_backend_options, $nova_vncproxy_backend_opts), - public_ssl_port => $ports[nova_novnc_ssl_port], - service_network => $nova_novncproxy_network, - member_options => union($haproxy_member_options_real, $internal_tls_member_options, $novncproxy_ssl_member_options), - } - } - - if $aodh { - $aodh_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $aodh_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $aodh_listen_opts = merge_hash_values($aodh_frontend_opts, - $aodh_backend_opts) - ::tripleo::haproxy::endpoint { 'aodh': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('aodh_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[aodh_api_port], - ip_addresses => lookup('aodh_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('aodh_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $aodh_listen_opts), - frontend_options => merge($default_frontend_options, $aodh_frontend_opts), - backend_options => merge($default_backend_options, $aodh_backend_opts), - public_ssl_port => $ports[aodh_api_ssl_port], - service_network => $aodh_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $barbican { - $barbican_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $barbican_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $barbican_listen_opts = merge_hash_values($barbican_frontend_opts, - $barbican_backend_opts) - ::tripleo::haproxy::endpoint { 'barbican': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('barbican_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[barbican_api_port], - ip_addresses => lookup('barbican_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('barbican_api_node_names', undef, undef, $controller_hosts_names_real), - public_ssl_port => $ports[barbican_api_ssl_port], - service_network => $barbican_network, - mode => 'http', - listen_options => merge($default_listen_options, $barbican_listen_opts), - frontend_options => merge($default_frontend_options, $barbican_frontend_opts), - backend_options => merge($default_backend_options, $barbican_backend_opts), - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $gnocchi { - # NOTE(tkajinam): Gnocchi doesn't provide healthcheck API - ::tripleo::haproxy::endpoint { 'gnocchi': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('gnocchi_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[gnocchi_api_port], - ip_addresses => lookup('gnocchi_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('gnocchi_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[gnocchi_api_ssl_port], - service_network => $gnocchi_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $swift_proxy_server { - $swift_proxy_server_frontend_options = { - 'option' => [ 'httplog', 'forwardfor' ], - 'timeout client' => '2m', - } - $swift_proxy_server_backend_options = { - 'option' => [ 'httpchk GET /healthcheck' ], - 'balance' => $haproxy_lb_mode_longrunning, - 'timeout server' => '2m', - } - $swift_proxy_server_listen_options = merge_hash_values($swift_proxy_server_frontend_options, - $swift_proxy_server_backend_options) - ::tripleo::haproxy::endpoint { 'swift_proxy_server': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('swift_proxy_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[swift_proxy_port], - ip_addresses => lookup('swift_proxy_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('swift_proxy_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $swift_proxy_server_listen_options), - frontend_options => merge($default_frontend_options, $swift_proxy_server_frontend_options), - backend_options => merge($default_backend_options, $swift_proxy_server_backend_options), - public_ssl_port => $ports[swift_proxy_ssl_port], - service_network => $swift_proxy_server_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - $heat_api_vip = lookup('heat_api_vip', undef, undef, $controller_virtual_ip) - $heat_ip_addresses = lookup('heat_api_node_ips', undef, undef, $controller_hosts_real) - $heat_frontend_options = { - 'option' => [ 'httplog', 'forwardfor' ], - 'timeout client' => '10m', - } - $heat_durability_options = { - 'option' => [ 'tcpka', 'httpchk GET /healthcheck' ], - 'balance' => $haproxy_lb_mode_longrunning, - 'timeout server' => '10m', - } - if $service_certificate { - $heat_ssl_options = { - 'http-response' => "replace-header Location http://${public_virtual_ip}(.*) https://${public_virtual_ip}\\1", - } - $heat_listen_options = merge($default_listen_options, $heat_ssl_options, $heat_frontend_options) - $heat_frontend_options_real = merge($default_frontend_options, $heat_ssl_options, $heat_frontend_options) - } else { - $heat_listen_options = merge($default_listen_options, $heat_frontend_options) - $heat_frontend_options_real = merge($default_frontend_options, $heat_frontend_options) - } - $heat_listen_options_real = merge_hash_values($heat_listen_options, $heat_durability_options) - $heat_backend_options = merge($default_backend_options, $heat_durability_options) - - if $heat_api { - ::tripleo::haproxy::endpoint { 'heat_api': - public_virtual_ip => $public_virtual_ip, - internal_ip => $heat_api_vip, - service_port => $ports[heat_api_port], - ip_addresses => $heat_ip_addresses, - server_names => lookup('heat_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => $heat_listen_options_real, - frontend_options => $heat_frontend_options_real, - backend_options => $heat_backend_options, - public_ssl_port => $ports[heat_api_ssl_port], - service_network => $heat_api_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $heat_cfn { - ::tripleo::haproxy::endpoint { 'heat_cfn': - public_virtual_ip => $public_virtual_ip, - internal_ip => $heat_api_vip, - service_port => $ports[heat_cfn_port], - ip_addresses => $heat_ip_addresses, - server_names => lookup('heat_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => $heat_listen_options_real, - frontend_options => $heat_frontend_options_real, - backend_options => $heat_backend_options, - public_ssl_port => $ports[heat_cfn_ssl_port], - service_network => $heat_cfn_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $horizon { - class { 'tripleo::haproxy::horizon_endpoint': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('horizon_vip', undef, undef, $controller_virtual_ip), - haproxy_listen_bind_param => $haproxy_listen_bind_param, - ip_addresses => lookup('horizon_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('horizon_node_names', undef, undef, $controller_hosts_names_real), - member_options => union($haproxy_member_options, $internal_tls_member_options), - public_certificate => $service_certificate, - use_internal_certificates => $use_internal_certificates, - internal_certificates_specs => $internal_certificates_specs, - service_network => $horizon_network, - } - } - - if $ironic { - $ironic_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $ironic_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $ironic_listen_opts = merge_hash_values($ironic_frontend_opts, - $ironic_backend_opts) - ::tripleo::haproxy::endpoint { 'ironic': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('ironic_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ironic_api_port], - ip_addresses => lookup('ironic_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ironic_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - frontend_options => merge($default_frontend_options, $ironic_frontend_opts), - backend_options => merge($default_backend_options, $ironic_backend_opts), - listen_options => merge($default_listen_options, $ironic_listen_opts), - public_ssl_port => $ports[ironic_api_ssl_port], - service_network => $ironic_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $ironic_inspector { - $ironic_inspector_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $ironic_inspector_backend_opts = { - 'option' => [ 'httpchk' ], - 'balance' => $haproxy_lb_mode_longrunning - } - $ironic_inspector_listen_opts = merge_hash_values($ironic_inspector_frontend_opts, - $ironic_inspector_backend_opts) - # NOTE(tkajinam): Ironic-inspector doesn't provide healthcheck API - ::tripleo::haproxy::endpoint { 'ironic-inspector': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('ironic_inspector_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ironic_inspector_port], - ip_addresses => lookup('ironic_inspector_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ironic_inspector_node_names', undef, undef, $controller_hosts_names_real), - public_ssl_port => $ports[ironic_inspector_ssl_port], - service_network => $ironic_inspector_network, - mode => 'http', - listen_options => merge($default_listen_options, $ironic_inspector_listen_opts), - frontend_options => merge($default_frontend_options, $ironic_inspector_frontend_opts), - backend_options => merge($default_backend_options, $ironic_inspector_backend_opts), - } - } - - if $designate { - $designate_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $designate_backend_opts = { - 'option' => [ 'httpchk GET /healthcheck' ], - } - $designate_listen_opts = merge_hash_values($designate_frontend_opts, - $designate_backend_opts) - ::tripleo::haproxy::endpoint { 'designate': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('designate_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[designate_api_port], - ip_addresses => lookup('designate_api_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('designate_api_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - listen_options => merge($default_listen_options, $designate_listen_opts), - frontend_options => merge($default_frontend_options, $designate_frontend_opts), - backend_options => merge($default_backend_options, $designate_backend_opts), - public_ssl_port => $ports[designate_api_ssl_port], - service_network => $designate_network, - } - - # Create a reverse proxy for each miniDNS server running on the internal network so - # external bind instances can access them without having to have access to the internal - # network. - # - if $designate_mdns_proxy_baseport { - $mdns_nodes = zip( - lookup('designate_mdns_node_ips', undef, undef, $controller_hosts_real), - lookup('designate_mdns_node_names', undef, undef, $controller_hosts_names_real)) - - # TODO(beagles): it would preferable to implement in terms of - # tripleo::haproxy::endpoint. I'm leaving as a follow up as - # it seems like it would require more intrusive changes on a - # shared and critical bit of haproxy related code. - # - $mdns_nodes.each |$index, $mdns_node| { - if $use_backend_syntax { - haproxy::frontend { "designate_mdns_${index}": - ipaddress => $public_virtual_ip, - ports => String($designate_mdns_proxy_baseport + $index), - mode => 'tcp', - options => { - 'default_backend ' => "designate_mdns_${index}_be", - 'option' => [ 'tcplog' ], - }, - } - - haproxy::backend { "designate_mdns_${index}_be": - mode => 'tcp', - options => { - 'option' => [ 'tcplog' ], - }, - } - $designate_minidns_service = "designate_mdns_${index}_be" - } else { - haproxy::listen { "designate_mdns_${index}": - ipaddress => $public_virtual_ip, - ports => String($designate_mdns_proxy_baseport + $index), - mode => 'tcp', - options => { - 'option' => [ 'tcplog'] - } - } - $designate_minidns_service = "designate_mdns_${index}" - } - haproxy::balancermember { "designate_mdns_${index}": - listening_service => $designate_minidns_service, - ports => '5354', - ipaddresses => $mdns_node[0], - server_names => $mdns_node[1], - verifyhost => false, - } - } - } - } - - if $metrics_qdr { - $metrics_bind_opts = { - "${public_virtual_ip}:${ports[metrics_qdr_port]}" => $haproxy_listen_bind_param, - } - if $use_backend_syntax { - haproxy::frontend { 'metrics_qdr': - bind => $metrics_bind_opts, - options => { - 'default_backend' => 'metrics_qdr_be', - 'option' => [ 'tcplog' ], - }, - collect_exported => false, - } - haproxy::backend { 'metrics_qdr_be': - options => { - 'option' => [ 'tcp-check' ], - 'tcp-check' => ["connect port ${ports[metrics_qdr_port]}"], - }, - } - $metrics_qdr_service = 'metrics_qdr_be' - } else { - haproxy::listen { 'metrics_qdr': - bind => $metrics_bind_opts, - options => { - 'option' => [ 'tcp-check', 'tcplog' ], - 'tcp-check' => ["connect port ${ports[metrics_qdr_port]}"], - }, - collect_exported => false, - } - $metrics_qdr_service = 'metrics_qdr' - } - # Note(mmagr): while MetricsQdr service runs on all overcloud nodes, we need load balancing - # only on controllers as those are only QDRs forming mesh (listening on connection - # from QDRs running other nodes [storage, compute, etc.]). Sadly we don't have another - # reasonable way to get list of internal_api interfaces of controllers than using list - # of other services running only on controllers and also using internal_api network. - # MetricsQdr will be refactored (split to QDR running on controller or on other node) - # to better integrate, but for now we need this hack to enable the feature - haproxy::balancermember { 'metrics_qdr': - listening_service => $metrics_qdr_service, - ports => $ports[metrics_qdr_port], - ipaddresses => lookup('pacemaker_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('pacemaker_node_names', undef, undef, $controller_hosts_names_real), - options => union($haproxy_member_options, ['on-marked-down shutdown-sessions']), - verifyhost => false, - } - } - - if $mysql_clustercheck { - $mysql_frontend_opts = { - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout client' => '90m', - 'maxconn' => $mysql_max_conn - } - $mysql_backend_opts = { - 'option' => [ 'tcpka', 'httpchk' ], - 'stick-table' => 'type ip size 1000', - 'stick' => 'on dst', - 'timeout server' => '90m', - } - $mysql_listen_opts = merge_hash_values($mysql_frontend_opts, - $mysql_backend_opts) - if $mysql_member_options { - $mysql_member_options_real = $mysql_member_options - } else { - $mysql_member_options_real = ['backup', 'port 9200', 'on-marked-down shutdown-sessions', 'check', 'inter 1s'] - } - } else { - $mysql_frontend_opts = { - 'timeout client' => '90m', - 'maxconn' => $mysql_max_conn - } - $mysql_backend_opts = { - 'timeout server' => '90m', - } - $mysql_listen_opts = merge_hash_values($mysql_frontend_opts, - $mysql_backend_opts) - if $mysql_member_options { - $mysql_member_options_real = $mysql_member_options - } else { - $mysql_member_options_real = union($haproxy_member_options, ['backup']) - } - } - - if $mysql { - if lookup('nova_is_additional_cell', undef, undef, undef) { - $mysql_server_names_real = lookup('mysql_cell_node_names', undef, undef, $controller_hosts_names_real) - } else { - $mysql_server_names_real = lookup('mysql_node_names', undef, undef, $controller_hosts_names_real) - } - if $use_backend_syntax { - haproxy::frontend { 'mysql': - bind => $mysql_bind_opts, - options => deep_merge($mysql_frontend_opts, - { 'default_backend' => 'mysql_be' }, - $mysql_custom_frontend_options), - collect_exported => false, - } - haproxy::backend { 'mysql_be': - options => deep_merge($mysql_backend_opts, $mysql_custom_backend_options), - } - $mysql_service = 'mysql_be' - } else { - haproxy::listen { 'mysql': - bind => $mysql_bind_opts, - options => deep_merge($mysql_listen_opts, $mysql_custom_listen_options), - collect_exported => false, - } - $mysql_service = 'mysql' - } - haproxy::balancermember { 'mysql-backup': - listening_service => $mysql_service, - ports => '3306', - ipaddresses => lookup('mysql_node_ips', undef, undef, $controller_hosts_real), - server_names => $mysql_server_names_real, - options => $mysql_member_options_real, - } - } - - if $rabbitmq { - if $use_backend_syntax { - haproxy::frontend { 'rabbitmq': - bind => $rabbitmq_bind_opts, - collect_exported => false, - options => { - 'default_backend' => 'rabbitmq_be', - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout' => [ 'client 0' ], - }, - } - haproxy::backend { 'rabbitmq_be': - options => { - 'option' => [ 'tcpka' ], - 'timeout' => [ 'server 0' ], - }, - } - $rabbitmq_service = 'rabbitmq_be' - } else { - haproxy::listen { 'rabbitmq': - bind => $rabbitmq_bind_opts, - options => { - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout' => [ 'client 0', 'server 0' ], - }, - collect_exported => false, - } - $rabbitmq_service = 'rabbitmq' - } - haproxy::balancermember { 'rabbitmq': - listening_service => $rabbitmq_service, - ports => '5672', - ipaddresses => lookup('rabbitmq_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('rabbitmq_node_names', undef, undef, $controller_hosts_names_real), - options => $haproxy_member_options, - } - } - - if $etcd { - ::tripleo::haproxy::endpoint { 'etcd': - internal_ip => lookup('etcd_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[etcd_port], - ip_addresses => lookup('etcd_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('etcd_node_names', undef, undef, $controller_hosts_names_real), - service_network => $etcd_network, - member_options => union($haproxy_member_options, $internal_tls_member_options), - listen_options => { - 'balance' => 'source', - }, - backend_options => { - 'balance' => 'source', - } - } - } - - if $docker_registry { - ::tripleo::haproxy::endpoint { 'docker-registry': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('docker_registry_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[docker_registry_port], - ip_addresses => lookup('docker_registry_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('docker_registry_node_names', undef, undef, $controller_hosts_names_real), - public_ssl_port => $ports[docker_registry_ssl_port], - service_network => $docker_registry_network, - } - } - - if $redis { - $redis_vip = lookup('redis_vip', undef, undef, $controller_virtual_ip) - $redis_bind_opts = { - "${redis_vip}:6379" => $haproxy_listen_bind_param, - } - - if $enable_internal_tls { - $redis_tcp_check_ssl_options = ['connect port 6379 ssl'] - $redis_ssl_member_options = ['check-ssl', "ca-file ${ca_bundle}"] - } else { - $redis_tcp_check_ssl_options = ['connect port 6379'] - $redis_ssl_member_options = [] - } - if $redis_password { - $redis_tcp_check_password_options = ["send AUTH\\ ${redis_password}\\r\\n", - 'expect string +OK'] - } else { - $redis_tcp_check_password_options = [] - } - $redis_tcp_check_connect_options = union($redis_tcp_check_ssl_options, $redis_tcp_check_password_options) - $redis_tcp_check_common_options = ['send PING\r\n', - 'expect string +PONG', - 'send info\ replication\r\n', - 'expect string role:master', - 'send QUIT\r\n', - 'expect string +OK'] - $redis_tcp_check_options = $redis_tcp_check_connect_options + $redis_tcp_check_common_options - if $use_backend_syntax { - haproxy::frontend { 'redis': - bind => $redis_bind_opts, - collect_exported => false, - options => { - 'timeout client' => '90m', - 'default_backend' => 'redis_be', - 'option' => [ 'tcplog' ], - }, - } - haproxy::backend { 'redis_be': - options => { - 'timeout server' => '90m', - 'balance' => 'first', - 'option' => [ 'tcp-check' ], - 'tcp-check' => $redis_tcp_check_options, - }, - } - $redis_service = 'redis_be' - } else { - haproxy::listen { 'redis': - bind => $redis_bind_opts, - options => { - 'balance' => 'first', - 'timeout client' => '90m', - 'timeout server' => '90m', - 'option' => [ 'tcp-check', 'tcplog' ], - 'tcp-check' => $redis_tcp_check_options, - }, - collect_exported => false, - } - $redis_service = 'redis' - } - haproxy::balancermember { 'redis': - listening_service => $redis_service, - ports => '6379', - ipaddresses => lookup('redis_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('redis_node_names', undef, undef, $controller_hosts_names_real), - options => union($haproxy_member_options, ['on-marked-down shutdown-sessions'], $redis_ssl_member_options), - verifyhost => false, - } - } - - if $ceph_rgw { - $ceph_rgw_backend_opts = { - 'option' => [ 'httpchk GET /swift/healthcheck' ], - 'balance' => $haproxy_lb_mode_longrunning - } - $ceph_rgw_listen_opts = merge_hash_values($default_frontend_options, - $ceph_rgw_backend_opts) - ::tripleo::haproxy::endpoint { 'ceph_rgw': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('ceph_rgw_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ceph_rgw_port], - ip_addresses => lookup('ceph_rgw_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ceph_rgw_node_names', undef, undef, $controller_hosts_names_real), - mode => 'http', - public_ssl_port => $ports[ceph_rgw_ssl_port], - service_network => $ceph_rgw_network, - listen_options => merge($default_listen_options, $ceph_rgw_listen_opts), - frontend_options => $default_frontend_options, - backend_options => merge($default_backend_options, $ceph_rgw_backend_opts), - member_options => union($haproxy_member_options, $internal_tls_member_options), - } - } - - if $octavia { - $octavia_frontend_opts = { - 'option' => [ 'httplog', 'forwardfor' ], - } - $octavia_backend_opts = { - 'hash-type' => 'consistent', - 'option' => [ 'httpchk GET /healthcheck' ], - 'balance' => 'source', - } - $octavia_listen_opts = merge_hash_values($octavia_frontend_opts, - $octavia_backend_opts) - ::tripleo::haproxy::endpoint { 'octavia': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('octavia_api_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[octavia_api_port], - ip_addresses => lookup('octavia_api_node_ips'), - server_names => lookup('octavia_api_node_names'), - public_ssl_port => $ports[octavia_api_ssl_port], - service_network => $octavia_network, - mode => 'http', - member_options => union($haproxy_member_options, $internal_tls_member_options), - listen_options => merge($default_listen_options, $octavia_listen_opts), - frontend_options => merge($default_frontend_options, $octavia_frontend_opts), - backend_options => $octavia_backend_opts, - } - } - - if $ovn_dbs and $ovn_dbs_manage_lb { - # FIXME: is this config enough to ensure we only hit the first node in - # ovn_northd_node_ips ? - # We only configure ovn_dbs_vip in haproxy if HA for OVN DB servers is - # disabled. - # If HA is enabled, pacemaker configures the OVN DB servers accordingly. - $ovn_db_frontend_opts = { - 'option' => [ 'tcpka', 'tcplog' ], - 'timeout client' => '90m', - } - $ovn_db_backend_opts = { - 'option' => [ 'tcpka' ], - 'timeout server' => '90m', - 'stick-table' => 'type ip size 1000', - 'stick' => 'on dst', - } - $ovn_db_listen_opts = merge_hash_values($ovn_db_frontend_opts, - $ovn_db_backend_opts) - ::tripleo::haproxy::endpoint { 'ovn_nbdb': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('ovn_dbs_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ovn_nbdb_port], - ip_addresses => lookup('ovn_dbs_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ovn_dbs_node_names', undef, undef, $controller_hosts_names_real), - service_network => $ovn_dbs_network, - public_ssl_port => $ports[ovn_nbdb_ssl_port], - listen_options => $ovn_db_listen_opts, - frontend_options => $ovn_db_frontend_opts, - backend_options => $ovn_db_backend_opts, - mode => 'tcp' - } - ::tripleo::haproxy::endpoint { 'ovn_sbdb': - public_virtual_ip => $public_virtual_ip, - internal_ip => lookup('ovn_dbs_vip', undef, undef, $controller_virtual_ip), - service_port => $ports[ovn_sbdb_port], - ip_addresses => lookup('ovn_dbs_node_ips', undef, undef, $controller_hosts_real), - server_names => lookup('ovn_dbs_node_names', undef, undef, $controller_hosts_names_real), - service_network => $ovn_dbs_network, - public_ssl_port => $ports[ovn_sbdb_ssl_port], - listen_options => $ovn_db_listen_opts, - frontend_options => $ovn_db_frontend_opts, - backend_options => $ovn_db_backend_opts, - mode => 'tcp' - } - } -} diff --git a/manifests/haproxy/endpoint.pp b/manifests/haproxy/endpoint.pp deleted file mode 100644 index fcc2090b8..000000000 --- a/manifests/haproxy/endpoint.pp +++ /dev/null @@ -1,321 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::haproxy::endpoint -# -# Configure a HAProxy listen endpoint -# -# [*internal_ip*] -# The IP in which the proxy endpoint will be listening in the internal -# network. -# -# [*service_port*] -# The default port on which the endpoint will be listening. -# -# [*member_options*] -# Options for the balancer member, specified after the server declaration. -# These should go in the member's configuration block. -# -# [*use_backend_syntax*] -# (optional) When set to true, generate a config with frontend and -# backend sections, otherwise use listen sections. -# Defaults to lookup('haproxy_backend_syntax', undef, undef, false) -# -# [*haproxy_port*] -# An alternative port, on which haproxy will listen for incoming requests. -# Defaults to service_port. -# -# [*base_service_name*] -# In cases where the service name doesn't match the endpoint name, you can -# specify this option in order to get an appropriate value for $ip_addresses -# and $server_names. So, this will be used in hiera to derive these, if set. -# Defaults to undef -# -# [*ip_addresses*] -# The ordered list of IPs to be used to contact the balancer member. -# Defaults to lookup("${name}_node_ips", undef, undef, undef) -# -# [*server_names*] -# The names of the balancer members, which usually should be the hostname. -# Defaults to lookup("${name}_node_names", undef, undef, undef) -# -# [*public_virtual_ip*] -# Address in which the proxy endpoint will be listening in the public network. -# If this service is internal only this should be omitted. -# Defaults to undef. -# -# [*mode*] -# HAProxy mode in which the endpoint will be listening. This can be undef, -# tcp, http or health. -# Defaults to undef. -# -# [*haproxy_listen_bind_param*] -# A list of params to be added to the HAProxy listener bind directive. -# Defaults to undef. -# -# [*listen_options*] -# Options specified for the listening service's configuration block (in -# HAproxy terms, the frontend). -# defaults to {'option' => []} -# -# [*frontend_options*] -# Options specified for the frontend service's configuration block -# defaults to {'option' => []} -# -# [*backend_options*] -# Options specified for the service's backend configuration block -# defaults to {'option' => []} -# -# [*public_ssl_port*] -# The port used for the public proxy endpoint if it differs from the default -# one. This is used only if SSL is enabled, and it's used in order to avoid -# overriding with the internal proxy endpoint (which could happen if they were -# in the same network). -# Defaults to undef. -# -# [*public_certificate*] -# Certificate path used to enable TLS for the public proxy endpoint. -# Defaults to undef. -# -# [*use_internal_certificates*] -# Flag that indicates if we'll use an internal certificate for this specific -# service. When set, enables SSL on the internal API endpoints using the file -# that certmonger is tracking; this is derived from the network the service is -# listening on. -# Defaults to false -# -# [*internal_certificates_specs*] -# A hash that should contain the specs that were used to create the -# certificates. As the name indicates, only the internal certificates will be -# fetched from here. And the keys should follow the following pattern -# "haproxy-". The network name should be as it was defined in -# tripleo-heat-templates. -# Note that this is only taken into account if the $use_internal_certificates -# flag is set. -# Defaults to {} -# -# [*service_network*] -# (optional) Indicates the network that the service is running on. Used for -# fetching the certificate for that specific network. -# Defaults to undef -# -# [*authorized_userlist*] -# (optional) Userlist that may access the endpoint. Activate Basic Authentication. -# You'll need to create a tripleo::haproxy::userlist in order to use that option. -# Defaults to undef -# -# [*sticky_sessions*] -# (optional) Enable sticky sessions for this frontend using a cookie -# -# [*session_cookie*] -# (optional) Cookie name to use for sticky sessions. This should be different -# for each service using sticky sessions. -# -define tripleo::haproxy::endpoint ( - $internal_ip, - $service_port, - $member_options, - $use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false), - $haproxy_port = undef, - $base_service_name = undef, - $ip_addresses = lookup("${name}_node_ips", undef, undef, undef), - $server_names = lookup("${name}_node_names", undef, undef, undef), - $public_virtual_ip = undef, - $mode = undef, - $haproxy_listen_bind_param = undef, - $listen_options = { - 'option' => [], - }, - $frontend_options = { - 'option' => [], - }, - $backend_options = { - 'option' => [], - }, - $public_ssl_port = undef, - $public_certificate = undef, - $use_internal_certificates = false, - $internal_certificates_specs = {}, - $service_network = undef, - $authorized_userlist = undef, - $sticky_sessions = false, - $session_cookie = 'STICKYSESSION', -) { - - if $haproxy_port { - $haproxy_port_real = $haproxy_port - $service_port_real = $service_port - } else { - $haproxy_port_real = $service_port - $service_port_real = $service_port - } - - if $base_service_name { - $ip_addresses_real = lookup("${base_service_name}_node_ips", undef, undef, undef) - } else { - $ip_addresses_real = $ip_addresses - } - if $base_service_name { - $server_names_real = lookup("${base_service_name}_node_names", undef, undef, undef) - } else { - $server_names_real = $server_names - } - # Let users override the options on a per-service basis - $custom_options = lookup("tripleo::haproxy::${name}::options", undef, undef, undef) - $custom_frontend_options = lookup("tripleo::haproxy::${name}::frontend_options", undef, undef, undef) - $custom_backend_options = lookup("tripleo::haproxy::${name}::backend_options", undef, undef, undef) - $custom_bind_options_public = delete( - any2array(lookup("tripleo::haproxy::${name}::public_bind_options", undef, undef, undef)), - undef).flatten() - $custom_bind_options_internal = delete( - any2array(lookup("tripleo::haproxy::${name}::internal_bind_options", undef, undef, undef)), - undef).flatten() - if $public_virtual_ip { - # service exposed to the public network - - if $public_certificate { - if $mode == 'http' { - $tls_listen_options = { - 'http-response' => 'replace-header Location http://(.*) https://\\1', - 'redirect' => "scheme https code 301 if { hdr(host) -i ${public_virtual_ip} } !{ ssl_fc }", - } - $listen_options_precookie = merge($tls_listen_options, $listen_options, $custom_options) - $frontend_options_precookie = merge($tls_listen_options, $frontend_options, $custom_frontend_options) - } else { - $listen_options_precookie = merge($listen_options, $custom_options) - $frontend_options_precookie = merge($frontend_options, $custom_frontend_options) - } - $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${public_ssl_port}"), - union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public)) - } else { - $listen_options_precookie = merge($listen_options, $custom_options) - $frontend_options_precookie = merge($frontend_options, $custom_frontend_options) - $public_bind_opts = list_to_hash(suffix(any2array($public_virtual_ip), ":${haproxy_port_real}"), - union($haproxy_listen_bind_param, $custom_bind_options_public)) - } - } else { - # internal service only - $public_bind_opts = {} - $listen_options_precookie = merge($listen_options, $custom_options) - $frontend_options_precookie = merge($frontend_options, $custom_frontend_options) - } - if $sticky_sessions { - $cookie_options = { - 'cookie' => "${session_cookie} insert indirect nocache", - } - $listen_options_real = merge($listen_options_precookie, $cookie_options) - $frontend_options_real = merge($frontend_options_precookie, $cookie_options) - } else { - $listen_options_real = $listen_options_precookie - $frontend_options_real = $frontend_options_precookie - } - if $use_internal_certificates { - if !$service_network { - fail("The service_network for this service is undefined. Can't configure TLS for the internal network.") - } - - if $service_network == 'external' and $public_certificate { - # NOTE(jaosorior): This service has been configured to use the external - # network. We should use the public certificate in this case. - $internal_cert_path = $public_certificate - } else { - # NOTE(jaosorior): This service is configured for the internal network. - # We use the certificate spec hash. The key of the - # internal_certificates_specs hash must must match the convention - # haproxy- or else this will fail. Further, it must - # contain the path that we'll use under 'service_pem'. - $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] - } - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"), - union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path], - $custom_bind_options_internal)) - } else { - if $service_network == 'external' and $public_certificate { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"), - union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], - $custom_bind_options_internal)) - } else { - $internal_bind_opts = list_to_hash(suffix(any2array($internal_ip), ":${haproxy_port_real}"), - union($haproxy_listen_bind_param, $custom_bind_options_internal)) - } - } - if $authorized_userlist { - $access_rules = { - 'acl' => "acl Auth${name} http_auth(${authorized_userlist})", - 'http-request' => "auth realm ${name} if !Auth${name}", - } - if $use_backend_syntax { - Haproxy::Frontend[$name] { - require => Tripleo::Haproxy::Userlist[$authorized_userlist], - } - } else { - Haproxy::Listen[$name] { - require => Tripleo::Haproxy::Userlist[$authorized_userlist], - } - } - } else { - $access_rules = {} - } - - $_real_options = merge($listen_options_real, $access_rules) - $_real_frontend_options = merge($frontend_options_real, $access_rules, - { 'default_backend' => "${name}_be" }) - - $bind_opts = merge($internal_bind_opts, $public_bind_opts) - - if $use_backend_syntax { - haproxy::frontend { "${name}": - bind => $bind_opts, - collect_exported => false, - mode => $mode, - options => $_real_frontend_options, - } - haproxy::backend { "${name}_be": - mode => $mode, - options => merge($backend_options, $custom_backend_options), - } - $listening_service = "${name}_be" - } else { - haproxy::listen { "${name}": - bind => $bind_opts, - collect_exported => false, - mode => $mode, - options => $_real_options, - } - $listening_service = "${name}" - } - if $sticky_sessions { - hash(zip($ip_addresses_real, $server_names_real)).each | $ip, $server | { - # We need to be sure the IP (IPv6) don't have colons - # which is a reserved character to reference manifests - $non_colon_ip = regsubst($ip, ':', '-', 'G') - haproxy::balancermember { "${name}_${non_colon_ip}_${server}": - listening_service => $listening_service, - ports => "${service_port_real}", - ipaddresses => $ip, - server_names => $server, - options => union($member_options, ["cookie ${server}"]), - } - } - } else { - haproxy::balancermember { "${name}": - listening_service => $listening_service, - ports => "${service_port_real}", - ipaddresses => $ip_addresses_real, - server_names => $server_names_real, - options => $member_options, - } - } -} diff --git a/manifests/haproxy/horizon_endpoint.pp b/manifests/haproxy/horizon_endpoint.pp deleted file mode 100644 index e38893da7..000000000 --- a/manifests/haproxy/horizon_endpoint.pp +++ /dev/null @@ -1,211 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::haproxy::endpoint -# -# Configure a HAProxy listen endpoint -# -# [*internal_ip*] -# The IP in which the proxy endpoint will be listening in the internal -# network. -# -# [*ip_addresses*] -# The ordered list of IPs to be used to contact the balancer member. -# -# [*server_names*] -# The names of the balancer members, which usually should be the hostname. -# -# [*member_options*] -# Options for the balancer member, specified after the server declaration. -# These should go in the member's configuration block. -# -# [*public_virtual_ip*] -# Address in which the proxy endpoint will be listening in the public network. -# If this service is internal only this should be omitted. -# Defaults to undef. -# -# [*use_backend_syntax*] -# (optional) When set to true, generate a config with frontend and -# backend sections, otherwise use listen sections. -# Defaults to lookup('haproxy_backend_syntax', undef, undef, false) -# -# [*haproxy_listen_bind_param*] -# A list of params to be added to the HAProxy listener bind directive. -# Defaults to undef. -# -# [*public_certificate*] -# Certificate path used to enable TLS for the public proxy endpoint. -# Defaults to undef. -# -# [*use_internal_certificates*] -# Flag that indicates if we'll use an internal certificate for this specific -# service. When set, enables SSL on the internal API endpoints using the file -# that certmonger is tracking; this is derived from the network the service is -# listening on. -# Defaults to false -# -# [*internal_certificates_specs*] -# A hash that should contain the specs that were used to create the -# certificates. As the name indicates, only the internal certificates will be -# fetched from here. And the keys should follow the following pattern -# "haproxy-". The network name should be as it was defined in -# tripleo-heat-templates. -# Note that this is only taken into account if the $use_internal_certificates -# flag is set. -# Defaults to {} -# -# [*service_network*] -# (optional) Indicates the network that the service is running on. Used for -# fetching the certificate for that specific network. -# Defaults to undef -# -# [*hsts_header_value*] -# (optional) Adds the HTTP Strict Transport Security (HSTS) header to -# response. This takes effect only when public_certificate is set. -# Defaults to undef -# -class tripleo::haproxy::horizon_endpoint ( - $internal_ip, - $ip_addresses, - $server_names, - $member_options, - $public_virtual_ip, - $use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false), - $haproxy_listen_bind_param = undef, - $public_certificate = undef, - $use_internal_certificates = false, - $internal_certificates_specs = {}, - $service_network = undef, - $hsts_header_value = undef, -) { - # Let users override the options on a per-service basis - $custom_options = lookup('tripleo::haproxy::horizon::options', undef, undef, undef) - $custom_frontend_options = lookup('tripleo::haproxy::horizon::frontend_options', undef, undef, undef) - $custom_backend_options = lookup('tripleo::haproxy::horizon::backend_options', undef, undef, undef) - $custom_bind_options_public = delete( - any2array(lookup('tripleo::haproxy::horizon::public_bind_options', undef, undef, undef)), - undef).flatten() - $custom_bind_options_internal = delete( - any2array(lookup('tripleo::haproxy::horizon::internal_bind_options', undef, undef, undef)), - undef).flatten() - - # service exposed to the public network - if $public_certificate { - if $use_internal_certificates { - if !$service_network { - fail("The service_network for this service is undefined. Can't configure TLS for the internal network.") - } - # NOTE(jaosorior): The key of the internal_certificates_specs hash must - # must match the convention haproxy- or else this - # will fail. Further, it must contain the path that we'll use under - # 'service_pem'. - $internal_cert_path = $internal_certificates_specs["haproxy-${service_network}"]['service_pem'] - $internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $internal_cert_path]) - } else { - # If no internal cert is given, we still configure TLS for the internal - # network, however, we expect that the public certificate has appropriate - # subjectaltnames set. - $internal_bind_opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate]) - } - # NOTE(jaosorior): If the internal_ip and the public_virtual_ip are the - # same, the first option takes precedence. Which is the case when network - # isolation is not enabled. This is not a problem as both options are - # identical. If network isolation is enabled, this works correctly and - # will add a TLS binding to both the internal_ip and the - # public_virtual_ip. - # Even though for the public_virtual_ip the port 80 is listening, we - # redirect to https in the horizon_options below. - $horizon_bind_opts = { - "${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal), - "${internal_ip}:443" => union($internal_bind_opts, $custom_bind_options_internal), - "${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public), - "${public_virtual_ip}:443" => union($haproxy_listen_bind_param, ['ssl', 'crt', $public_certificate], $custom_bind_options_public), - } - - if $hsts_header_value != undef { - $hsts_header_value_real = join(any2array($hsts_header_value), '; ') - $hsts_response = "set-header Strict-Transport-Security \"${hsts_header_value_real};\"" - } else { - $hsts_response = undef - } - - $horizon_frontend_options = { - 'http-response' => delete_undef_values([ - 'replace-header Location http://(.*) https://\\1', - $hsts_response]), - # NOTE(jaosorior): We always redirect to https for the public_virtual_ip. - 'redirect' => 'scheme https code 301 if !{ ssl_fc }', - 'option' => [ 'forwardfor' ], - 'http-request' => [ - 'set-header X-Forwarded-Proto https if { ssl_fc }', - 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], - } - } else { - $horizon_bind_opts = { - "${internal_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_internal), - "${public_virtual_ip}:80" => union($haproxy_listen_bind_param, $custom_bind_options_public), - } - $horizon_frontend_options = { - 'option' => [ 'forwardfor' ], - } - } - $horizon_backend_options = { - 'cookie' => 'SERVERID insert indirect nocache', - 'option' => [ 'httpchk' ], - } - $horizon_options = merge_hash_values($horizon_backend_options, - $horizon_frontend_options) - - if $use_internal_certificates { - # Use SSL port if TLS in the internal network is enabled. - $backend_port = '443' - } else { - $backend_port = '80' - } - - if $use_backend_syntax { - haproxy::frontend { 'horizon': - bind => $horizon_bind_opts, - options => merge($horizon_frontend_options, - { default_backend => 'horizon_be' }, - $custom_frontend_options), - mode => 'http', - collect_exported => false, - } - haproxy::backend { 'horizon_be': - options => merge($horizon_backend_options, $custom_backend_options), - mode => 'http', - } - } else { - haproxy::listen { 'horizon': - bind => $horizon_bind_opts, - options => merge($horizon_options, $custom_options), - mode => 'http', - collect_exported => false, - } - } - hash(zip($ip_addresses, $server_names)).each | $ip, $server | { - # We need to be sure the IP (IPv6) don't have colons - # which is a reserved character to reference manifests - $non_colon_ip = regsubst($ip, ':', '-', 'G') - haproxy::balancermember { "horizon_${non_colon_ip}_${server}": - listening_service => 'horizon_be', - ports => "${backend_port}", - ipaddresses => $ip, - server_names => $server, - options => union($member_options, ["cookie ${server}"]), - } - } -} diff --git a/manifests/haproxy/service_endpoints.pp b/manifests/haproxy/service_endpoints.pp deleted file mode 100644 index d3c383f60..000000000 --- a/manifests/haproxy/service_endpoints.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::haproxy::service_endpoints -# -# Define used to create haproxyendpoints for composable services. -# -# === Parameters: -# -# [*service_name*] -# (optional) The service_name to create the service endpoint(s) for. -# Defaults to $title -# -define tripleo::haproxy::service_endpoints ($service_name = $title) { - - $underscore_name = regsubst($service_name, '-', '_', 'G') - - # This allows each composable service to load its own custom rules by - # creating its own flat hiera key named: - # tripleo..haproxy_endpoints - # tripleo..haproxy_userlists - $dots_endpoints = lookup("'tripleo.${underscore_name}.haproxy_endpoints'", undef, undef, {}) - $dots_userlists = lookup("'tripleo.${underscore_name}.haproxy_userlists'", undef, undef, {}) - - # Supports standard "::" notation - # tripleo::::haproxy_endpoints - # tripleo::::haproxy_userlists - $colons_endpoints = lookup("tripleo::${underscore_name}::haproxy_endpoints", undef, undef, {}) - $colons_userlists = lookup("tripleo::${underscore_name}::haproxy_userlists", undef, undef, {}) - - # Merge hashes - $service_endpoints = merge($colons_endpoints, $dots_endpoints) - $service_userlists = merge($colons_userlists, $dots_userlists) - - create_resources('tripleo::haproxy::userlist', $service_userlists) - create_resources('tripleo::haproxy::endpoint', $service_endpoints) -} diff --git a/manifests/haproxy/stats.pp b/manifests/haproxy/stats.pp deleted file mode 100644 index c3399771a..000000000 --- a/manifests/haproxy/stats.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::haproxy::stats -# -# Configure the HAProxy stats interface -# -# [*haproxy_listen_bind_param*] -# A list of params to be added to the HAProxy listener bind directive. -# -# [*ip*] -# IP Address(es) on which the stats interface is listening on. -# Can be a string or a list of ip addresses -# -# [*use_backend_syntax*] -# (optional) When set to true, generate a config with frontend and -# backend sections, otherwise use listen sections. -# Defaults to lookup('haproxy_backend_syntax', undef, undef, false) -# -# [*port*] -# Port on which to listen to for haproxy stats web interface -# Defaults to '1993' -# -# [*password*] -# Password for haproxy stats authentication. When set, authentication is -# enabled on the haproxy stats endpoint. -# A string. -# Defaults to undef -# -# [*certificate*] -# Filename of an HAProxy-compatible certificate and key file -# When set, enables SSL on the haproxy stats endpoint using the specified file. -# Defaults to undef -# -# [*user*] -# Username for haproxy stats authentication. -# A string. -# Defaults to 'admin' -# -class tripleo::haproxy::stats ( - $haproxy_listen_bind_param, - $ip, - $use_backend_syntax = lookup('haproxy_backend_syntax', undef, undef, false), - $port = '1993', - $password = undef, - $certificate = undef, - $user = 'admin' -) { - if $certificate { - $opts = union($haproxy_listen_bind_param, ['ssl', 'crt', $certificate]) - } else { - $opts = $haproxy_listen_bind_param - } - - $haproxy_stats_bind_opts = list_to_hash(suffix(any2array($ip), ":${port}"), $opts) - - $stats_base = ['enable', 'uri /'] - if $password { - $stats_config = union($stats_base, ["auth ${user}:${password}"]) - } else { - $stats_config = $stats_base - } - if $use_backend_syntax { - haproxy::frontend { 'haproxy.stats': - bind => $haproxy_stats_bind_opts, - mode => 'http', - options => { - 'default_backend' => 'haproxy.stats_be', - 'stats' => $stats_config, - }, - collect_exported => false, - } - haproxy::backend { 'haproxy.stats_be': - mode => 'http', - options => { - 'stats' => $stats_config, - }, - } - } else { - haproxy::listen { 'haproxy.stats': - bind => $haproxy_stats_bind_opts, - mode => 'http', - options => { - 'stats' => $stats_config, - }, - collect_exported => false, - } - } -} diff --git a/manifests/haproxy/userlist.pp b/manifests/haproxy/userlist.pp deleted file mode 100644 index 106d02509..000000000 --- a/manifests/haproxy/userlist.pp +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2017 Camptocamp SA. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Definition: tripleo::haproxy::userlist -# -# Configure an HAProxy userlist. It wrapps haproxy::userlist definition. -# -# [*groups*] -# List of groups -# -# [*users*] -# List of users -# -# == Example -# ::tripleo::haproxy::userlist {'starwars': -# groups => [ -# 'aldebaran users leia,luke', -# 'deathstar users anakin,sith', -# ], -# users => [ -# 'leia insecure-password sister', -# 'luke insecure-password jedi', -# 'anakin insecure-password darthvador', -# 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', # mkpasswd -m sha-256 darkSideOfTheForce -# ] -# } -# -# Please refer to the following HAProxy documentation for more options: -# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-user -# http://cbonte.github.io/haproxy-dconv/configuration-1.4.html#3.4-group -# -# -define tripleo::haproxy::userlist( - Optional[Array] $groups = [], - Optional[Array] $users = [], -) { - - ::haproxy::userlist {$name: - users => $users, - groups => $groups, - } -} diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index 9f6d77523..000000000 --- a/manifests/init.pp +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo -# -# Installs the system requirements -# - -class tripleo{ - -} diff --git a/manifests/noop.pp b/manifests/noop.pp deleted file mode 100644 index 53da9b9b4..000000000 --- a/manifests/noop.pp +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::noop -# -# Enable noop mode for various Puppet resource types via collectors. -# -# === Parameters: -# [*package*] -# Whether Package resources should be noop. -# Defaults to true -# -# [*file*] -# Whether File resources should be noop. -# Defaults to true -# -# [*service*] -# Whether Service resources should be noop. -# Defaults to true -# -# [*exec*] -# Whether Exec resources should be noop. -# Defaults to true -# -# [*user*] -# Whether User resources should be noop. -# Defaults to true -# -# [*group*] -# Whether Group resources should be noop. -# Defaults to true -# -# [*cron*] -# Whether Cron resources should be noop. -# Defaults to true -# -# -class tripleo::noop ( - $package = true, - $file = true, - $service = true, - $exec = true, - $user = true, - $group = true, - $cron = true, -) { - - Package <| |> { noop => $package} - File <| |> { noop => $file} - Service <| |> { noop => $service} - Exec <| |> { noop => $exec} - User <| |> { noop => $user} - Group <| |> { noop => $group} - Cron <| |> { noop => $cron} - -} diff --git a/manifests/pacemaker/haproxy_with_vip.pp b/manifests/pacemaker/haproxy_with_vip.pp deleted file mode 100644 index b3fd390b2..000000000 --- a/manifests/pacemaker/haproxy_with_vip.pp +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::pacemaker::haproxy_with_vip -# -# Configure the vip with the haproxy under pacemaker -# -# === Parameters: -# -# [*vip_name*] -# (String) Logical name of the vip (control, public, storage ...) -# Required -# -# [*ip_address*] -# (String) IP address on which HAProxy is colocated -# Required -# -# [*location_rule*] -# (optional) Add a location constraint before actually enabling -# the resource. Must be a hash like the following example: -# location_rule => { -# resource_discovery => 'exclusive', # optional -# role => 'master|slave', # optional -# score => 0, # optional -# score_attribute => foo, # optional -# # Multiple expressions can be used -# expression => ['opsrole eq controller'] -# } -# Defaults to undef -# -# [*meta_params*] -# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*op_params*] -# (optional) Additional op parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to 1 -# -# [*nic*] -# (Optional) Specifies the nic interface on which the VIP should be added -# Defaults to undef -# -# [*ensure*] -# (Boolean) Create the all the resources only if true. False won't -# destroy the resource, it will just not create them. -# Default to true -# -define tripleo::pacemaker::haproxy_with_vip( - $vip_name, - $ip_address, - $location_rule = undef, - $meta_params = '', - $op_params = '', - $pcs_tries = 1, - $nic = undef, - $ensure = true -){ - if($ensure) { - if $ip_address =~ Stdlib::Compat::Ipv6 { - $netmask = '128' - $vip_nic = interface_for_ip($ip_address) - $ipv6_addrlabel = '99' - } elsif $ip_address =~ Stdlib::Compat::Ip_address { - $netmask = '32' - $vip_nic = '' - $ipv6_addrlabel = '' - } else { - fail("Haproxy VIP: ${ip_address} is not a proper IP address.") - } - - if $nic != undef { - $nic_real = $nic - } else { - $nic_real = $vip_nic - } - - pacemaker::resource::ip { "${vip_name}_vip": - ip_address => $ip_address, - cidr_netmask => $netmask, - nic => $nic_real, - ipv6_addrlabel => $ipv6_addrlabel, - meta_params => "resource-stickiness=INFINITY ${meta_params}", - location_rule => $location_rule, - op_params => $op_params, - tries => $pcs_tries, - } - - pacemaker::constraint::order { "${vip_name}_vip-then-haproxy": - first_resource => "ip-${ip_address}", - second_resource => 'haproxy-bundle', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - tries => $pcs_tries, - } - pacemaker::constraint::colocation { "${vip_name}_vip-with-haproxy": - source => "ip-${ip_address}", - target => 'haproxy-bundle', - score => 'INFINITY', - tries => $pcs_tries, - } - - Pacemaker::Resource::Ip["${vip_name}_vip"] - -> Pacemaker::Resource::Bundle['haproxy-bundle'] - -> Pacemaker::Constraint::Order["${vip_name}_vip-then-haproxy"] - -> Pacemaker::Constraint::Colocation["${vip_name}_vip-with-haproxy"] - } -} diff --git a/manifests/packages.pp b/manifests/packages.pp deleted file mode 100644 index 52595579d..000000000 --- a/manifests/packages.pp +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::packages -# -# Configure package installation/upgrade defaults. -# -# === Parameters: -# -# [*enable_install*] -# Whether to enable package installation via Puppet. -# Defaults to false -# -class tripleo::packages ( - $enable_install = false, -) { - - # if both enable_install is false - if (!str2bool($enable_install)) { - case $::osfamily { - 'RedHat': { - Package <| |> { provider => 'norpm' } - } - default: { - warning('enable_install option not supported for this distro.') - } - } - } -} diff --git a/manifests/profile/base/aodh.pp b/manifests/profile/base/aodh.pp deleted file mode 100644 index a66a4980c..000000000 --- a/manifests/profile/base/aodh.pp +++ /dev/null @@ -1,129 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh -# -# aodh profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') - -class tripleo::profile::base::aodh ( - $step = Integer(lookup('step')), - $bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'aodh' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - include aodh::service_credentials - include aodh::config - include aodh::db - include aodh::db::sync - include aodh::logging - } - -} diff --git a/manifests/profile/base/aodh/api.pp b/manifests/profile/base/aodh/api.pp deleted file mode 100644 index 418577ba7..000000000 --- a/manifests/profile/base/aodh/api.pp +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh::api -# -# aodh API profile for tripleo -# -# === Parameters -# -# [*aodh_network*] -# (Optional) The network name where the aodh endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('aodh_api_network', undef, undef, undef) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('aodh_api_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*enable_aodh_expirer*] -# (Optional) Whether aodh expirer should be configured -# Defaults to lookup('enable_aodh_expirer', undef, undef, true) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::aodh::api ( - $aodh_network = lookup('aodh_api_network', undef, undef, undef), - $bootstrap_node = lookup('aodh_api_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), - $enable_aodh_expirer = true, - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - include tripleo::profile::base::aodh - include tripleo::profile::base::aodh::authtoken - - if $enable_internal_tls { - if !$aodh_network { - fail('aodh_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${aodh_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${aodh_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include aodh::api - include aodh::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'aodh::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } - - if $step >= 5 { - if $enable_aodh_expirer { - include aodh::expirer - } - } -} diff --git a/manifests/profile/base/aodh/authtoken.pp b/manifests/profile/base/aodh/authtoken.pp deleted file mode 100644 index bad1e940b..000000000 --- a/manifests/profile/base/aodh/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh::authtoken -# -# Aodh authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::aodh::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+aodh") - } else { - $hashed_secret_key = undef - } - - class { 'aodh::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/aodh/evaluator.pp b/manifests/profile/base/aodh/evaluator.pp deleted file mode 100644 index f51bb11a1..000000000 --- a/manifests/profile/base/aodh/evaluator.pp +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh::evaluator -# -# aodh evaluator profile for tripleo -# -# === Parameters -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*aodh_redis_password*] -# (Optional) redis password to configure coordination url -# Defaults to lookup('aodh_redis_password') -# -# [*redis_vip*] -# (Optional) redis vip to configure coordination url -# Defaults to lookup('redis_vip') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to lookup('step') -# -class tripleo::profile::base::aodh::evaluator ( - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $aodh_redis_password = lookup('aodh_redis_password'), - $redis_vip = lookup('redis_vip'), - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::aodh - if $enable_internal_tls { - $tls_query_param = '?ssl=true' - } else { - $tls_query_param = '' - } - - if $step >= 4 { - class { 'aodh::coordination': - backend_url => join(['redis://:', $aodh_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), - } - include aodh::evaluator - } - -} diff --git a/manifests/profile/base/aodh/listener.pp b/manifests/profile/base/aodh/listener.pp deleted file mode 100644 index f16cf9ec3..000000000 --- a/manifests/profile/base/aodh/listener.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh::listener -# -# aodh listener profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::aodh::listener ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::aodh - - if $step >= 4 { - include aodh::listener - } - -} diff --git a/manifests/profile/base/aodh/notifier.pp b/manifests/profile/base/aodh/notifier.pp deleted file mode 100644 index 3538d7b1a..000000000 --- a/manifests/profile/base/aodh/notifier.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::aodh::notifier -# -# aodh notifier profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::aodh::notifier ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::aodh - - if $step >= 4 { - include aodh::notifier - } - -} diff --git a/manifests/profile/base/apache.pp b/manifests/profile/base/apache.pp deleted file mode 100644 index e730342ea..000000000 --- a/manifests/profile/base/apache.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2017 Camptocamp SA. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class tripleo::profile::base::apache -# -# Common apache modules and configuration for API listeners -# -# === Parameters -# -# [*enable_status_listener*] -# Enable or not the localhost listener in httpd. -# Accepted values: Boolean. -# Default to false. -# -# [*status_listener*] -# Where should apache listen for status page -# Default to 127.0.0.1:80 -# -# [*mpm_module*] -# The MPM module to use. -# Default to prefork. - -class tripleo::profile::base::apache( - Boolean $enable_status_listener = false, - String $status_listener = '127.0.0.1:80', - String $mpm_module = 'prefork', -) { - include apache::params - class { 'apache': - mpm_module => $mpm_module, - } - - include apache::mod::status - include apache::mod::ssl - if $enable_status_listener { - if !defined(Apache::Listen[$status_listener]) { - ::apache::listen {$status_listener: } - } - } -} diff --git a/manifests/profile/base/barbican.pp b/manifests/profile/base/barbican.pp deleted file mode 100644 index 32c683f93..000000000 --- a/manifests/profile/base/barbican.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::barbican -# -# Barbican profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::barbican ( - $step = Integer(lookup('step')), -) { - - if $step >= 3 { - include barbican - include barbican::config - include barbican::db - } -} diff --git a/manifests/profile/base/barbican/api.pp b/manifests/profile/base/barbican/api.pp deleted file mode 100644 index 4960b503d..000000000 --- a/manifests/profile/base/barbican/api.pp +++ /dev/null @@ -1,181 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::barbican::api -# -# Barbican profile for tripleo api -# -# === Parameters -# -# [*barbican_network*] -# (Optional) The network name where the barbican endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('barbican_api_network', undef, undef, undef) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('barbican_api_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', unef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::barbican::api ( - $barbican_network = lookup('barbican_api_network', undef, undef, undef), - $bootstrap_node = lookup('barbican_api_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $enable_internal_tls { - if !$barbican_network { - fail('barbican_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${barbican_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${barbican_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - include tripleo::profile::base::barbican - include tripleo::profile::base::barbican::authtoken - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - include tripleo::profile::base::barbican::backends - - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'barbican::api': - sync_db => $sync_db, - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - multiple_secret_stores_enabled => true, - enabled_secret_stores => $::tripleo::profile::base::barbican::backends::enabled_secret_stores, - } - include barbican::api::logging - include barbican::healthcheck - include barbican::keystone::notification - include barbican::quota - if $configure_apache { - include tripleo::profile::base::apache - class { 'barbican::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} diff --git a/manifests/profile/base/barbican/authtoken.pp b/manifests/profile/base/barbican/authtoken.pp deleted file mode 100644 index 5801e4c6f..000000000 --- a/manifests/profile/base/barbican/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::barbican::authtoken -# -# Barbican authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defauls to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::barbican::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+barbican") - } else { - $hashed_secret_key = undef - } - - class { 'barbican::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/barbican/backends.pp b/manifests/profile/base/barbican/backends.pp deleted file mode 100644 index edc4ca7c5..000000000 --- a/manifests/profile/base/barbican/backends.pp +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::barbican::backends -# -# Barbican's secret store plugin profile for tripleo -# -# === Parameters -# -# [*simple_crypto_backend_enabled*] -# (Optional) Whether the simple crypto backend is enabled or not. This is -# dynamically set via t-h-t. -# Defaults to lookup('barbican_backend_simple_crypto_enabled', undef, undef, false) -# -# [*dogtag_backend_enabled*] -# (Optional) Whether the Dogtag backend is enabled or not. This is -# dynamically set via t-h-t. -# Defaults to lookup('barbican_backend_dogtag_enabled', undef, undef, false) -# -# [*p11_crypto_backend_enabled*] -# (Optional) Whether the pkcs11 crypto backend is enabled or not. This is -# dynamically set via t-h-t. -# Defaults to lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false) -# -# [*kmip_backend_enabled*] -# (Optional) Whether the KMIP backend is enabled or not. This is -# dynamically set via t-h-t. -# Defaults to lookup('barbican_backend_kmip_enabled', undef, undef, false) -# -class tripleo::profile::base::barbican::backends ( - $simple_crypto_backend_enabled = lookup('barbican_backend_simple_crypto_enabled', undef, undef, false), - $dogtag_backend_enabled = lookup('barbican_backend_dogtag_enabled', undef, undef, false), - $p11_crypto_backend_enabled = lookup('barbican_backend_pkcs11_crypto_enabled', undef, undef, false), - $kmip_backend_enabled = lookup('barbican_backend_kmip_enabled', undef, undef, false), -) { - if $simple_crypto_backend_enabled { - include barbican::plugins::simple_crypto - $backend1 = 'simple_crypto' - } else { - $backend1 = undef - } - - if $dogtag_backend_enabled { - include barbican::plugins::dogtag - $backend2 = 'dogtag' - } else { - $backend2 = undef - } - - if $p11_crypto_backend_enabled { - include barbican::plugins::p11_crypto - $backend3 = 'pkcs11' - } else { - $backend3 = undef - } - - if $kmip_backend_enabled { - include barbican::plugins::kmip - $backend4 = 'kmip' - } else { - $backend4 = undef - } - - $enabled_backends_list = delete_undef_values([$backend1, $backend2, $backend3, $backend4]) - $enabled_secret_stores = join($enabled_backends_list, ',') -} diff --git a/manifests/profile/base/ceilometer.pp b/manifests/profile/base/ceilometer.pp deleted file mode 100644 index b86eab363..000000000 --- a/manifests/profile/base/ceilometer.pp +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ceilometer -# -# Ceilometer profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defauls to lookup('memcached_ipv6', undef, undef, false) -# -# [*cache_backend*] -# (Optional) oslo.cache backend used for caching. -# Defaults to lookup('ceilometer::cache::backend', undef, undef, false) -# -class tripleo::profile::base::ceilometer ( - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $cache_backend = lookup('ceilometer::cache::backend', undef, undef, false), -) { - - $memcached_hosts_real = any2array($memcached_hosts) - - if $step >= 3 { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] { - # NOTE(tkajinm): The inet6 prefix is required for backends using - # python-memcached - $cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - # NOTE(tkajinam): The other backends like pymemcache don't require - # the inet6 prefix - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - } else { - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - class { 'ceilometer::cache': - memcache_servers => $cache_memcache_servers - } - - class { 'ceilometer' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - - include ceilometer::config - include ceilometer::logging - } -} diff --git a/manifests/profile/base/ceilometer/agent/notification.pp b/manifests/profile/base/ceilometer/agent/notification.pp deleted file mode 100644 index 8ab8ca939..000000000 --- a/manifests/profile/base/ceilometer/agent/notification.pp +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ceilometer::agent::notification -# -# Ceilometer Notification Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*notifier_enabled*] -# (optional) Enable configuration of notifier as pipeline publisher. -# Defaults to false -# -# [*notifier_events_enabled*] -# (optional) Enable configuration of event notifier as pipeline publisher. -# Defaults to false -# -# [*notifier_host_addr*] -# (optional) IP address of Ceilometer notifier (edge qdr Endpoint) -# Defaults to undef -# -# [*notifier_host_port*] -# (optional) Ceilometer notifier port -# Defaults to undef -# -# [*notifier_params*] -# (optional) Query parameters for notifier URL -# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'} -# -# [*notifier_event_params*] -# (optional) Query parameters for event notifier URL -# Defaults to {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'} -# -# [*event_pipeline_publishers*] -# (Optional) A list of event pipeline publishers -# Defaults to undef -# -# [*pipeline_publishers*] -# (Optional) A list of pipeline publishers -# Defaults to undef -# -class tripleo::profile::base::ceilometer::agent::notification ( - $step = Integer(lookup('step')), - $notifier_enabled = false, - $notifier_events_enabled = false, - $notifier_host_addr = undef, - $notifier_host_port = undef, - $notifier_params = {'driver' => 'amqp', 'topic' => 'ceilometer/metering.sample'}, - $notifier_event_params = {'driver' => 'amqp', 'topic' => 'ceilometer/event.sample'}, - $pipeline_publishers = undef, - $event_pipeline_publishers = undef, -) { - include tripleo::profile::base::ceilometer - - if $step >= 4 { - include ceilometer::agent::service_credentials - - if $pipeline_publishers { - $other_publishers = Array($pipeline_publishers, true) - } else { - $other_publishers = [] - } - if $notifier_enabled { - $real_pipeline_publishers = $other_publishers + [os_transport_url({ - 'transport' => 'notifier', - 'host' => $notifier_host_addr, - 'port' => $notifier_host_port, - 'query' => $notifier_params, - })] - } else { - $real_pipeline_publishers = $other_publishers - } - - if $event_pipeline_publishers { - $other_event_publishers = Array($event_pipeline_publishers, true) - } else { - $other_event_publishers = [] - } - if $notifier_events_enabled { - $real_event_pipeline_publishers = $other_event_publishers + [os_transport_url({ - 'transport' => 'notifier', - 'host' => $notifier_host_addr, - 'port' => $notifier_host_port, - 'query' => $notifier_event_params, - })] - } else { - $real_event_pipeline_publishers = $other_event_publishers - } - - class { 'ceilometer::agent::notification': - event_pipeline_publishers => $real_event_pipeline_publishers, - pipeline_publishers => $real_pipeline_publishers, - } - } -} diff --git a/manifests/profile/base/ceilometer/agent/polling.pp b/manifests/profile/base/ceilometer/agent/polling.pp deleted file mode 100644 index 3834ab332..000000000 --- a/manifests/profile/base/ceilometer/agent/polling.pp +++ /dev/null @@ -1,78 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ceilometer::agent::polling -# -# Ceilometer polling Agent profile for tripleo -# -# === Parameters -# -# [*central_namespace*] -# (Optional) Use central namespace for polling agent. -# Defaults to lookup('central_namespace', undef, undef, false) -# -# [*compute_namespace*] -# (Optional) Use compute namespace for polling agent. -# Defaults to lookup('compute_namespace', undef, undef, false) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*ipmi_namespace*] -# (Optional) Use ipmi namespace for polling agent. -# Defaults to lookup('ipmi_namespace', undef, undef, false) -# -# [*ceilometer_redis_password*] -# (Optional) redis password to configure coordination url -# Defaults to lookup('ceilometer_redis_password') -# -# [*redis_vip*] -# (Optional) redis vip to configure coordination url -# Defaults to lookup('redis_vip') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::ceilometer::agent::polling ( - $central_namespace = lookup('central_namespace', undef, undef, false), - $compute_namespace = lookup('compute_namespace', undef, undef, false), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $ipmi_namespace = lookup('ipmi_namespace', undef, undef, false), - $ceilometer_redis_password = lookup('ceilometer_redis_password'), - $redis_vip = lookup('redis_vip'), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::ceilometer - - if $enable_internal_tls { - $tls_query_param = '?ssl=true' - } else { - $tls_query_param = '' - } - - if $step >= 4 { - include ceilometer::agent::service_credentials - class { 'ceilometer::coordination': - backend_url => join(['redis://:', $ceilometer_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), - } - class { 'ceilometer::agent::polling': - central_namespace => $central_namespace, - compute_namespace => $compute_namespace, - ipmi_namespace => $ipmi_namespace, - } - } -} diff --git a/manifests/profile/base/cinder.pp b/manifests/profile/base/cinder.pp deleted file mode 100644 index eb455eeb0..000000000 --- a/manifests/profile/base/cinder.pp +++ /dev/null @@ -1,142 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder -# -# Cinder common profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*cinder_enable_db_purge*] -# (Optional) Whether to enable db purging -# Defaults to true -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') - -class tripleo::profile::base::cinder ( - $bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef), - $cinder_enable_db_purge = true, - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'cinder' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - include cinder::config - include cinder::db - include cinder::glance - include cinder::nova - include cinder::logging - include cinder::quota - include cinder::keystone::service_user - include cinder::key_manager - include cinder::key_manager::barbican - } - - if $step >= 5 { - if $cinder_enable_db_purge { - include cinder::cron::db_purge - } - } - -} diff --git a/manifests/profile/base/cinder/api.pp b/manifests/profile/base/cinder/api.pp deleted file mode 100644 index cadd16e69..000000000 --- a/manifests/profile/base/cinder/api.pp +++ /dev/null @@ -1,97 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::api -# -# Cinder API profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*cinder_api_network*] -# (Optional) The network name where the cinder API endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('cinder_api_network', undef, undef, undef) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::cinder::api ( - $bootstrap_node = lookup('cinder_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $cinder_api_network = lookup('cinder_api_network', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::cinder - include tripleo::profile::base::cinder::authtoken - - if $enable_internal_tls { - if !$cinder_api_network { - fail('cinder_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${cinder_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${cinder_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - class { 'cinder::api': - sync_db => $sync_db, - } - include cinder::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'cinder::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} diff --git a/manifests/profile/base/cinder/authtoken.pp b/manifests/profile/base/cinder/authtoken.pp deleted file mode 100644 index 0ced3f27d..000000000 --- a/manifests/profile/base/cinder/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::authtoken -# -# Cinder authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::cinder::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+cinder") - } else { - $hashed_secret_key = undef - } - - class { 'cinder::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/cinder/backup.pp b/manifests/profile/base/cinder/backup.pp deleted file mode 100644 index 155560449..000000000 --- a/manifests/profile/base/cinder/backup.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup -# -# Cinder Backup profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder - - if $step >= 4 { - include cinder::backup - } - -} diff --git a/manifests/profile/base/cinder/backup/ceph.pp b/manifests/profile/base/cinder/backup/ceph.pp deleted file mode 100644 index 19e670769..000000000 --- a/manifests/profile/base/cinder/backup/ceph.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup::ceph -# -# Cinder Backup Ceph profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup::ceph ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder::backup - - if $step >= 4 { - include cinder::backup::ceph - } - -} diff --git a/manifests/profile/base/cinder/backup/gcs.pp b/manifests/profile/base/cinder/backup/gcs.pp deleted file mode 100644 index 920a01bfd..000000000 --- a/manifests/profile/base/cinder/backup/gcs.pp +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup::gcs -# -# Cinder Backup Google Cloud Service (GCS) profile for tripleo -# -# === Parameters -# -# [*credentials*] -# (required) The GCS service account credentials, in JSON format. -# -# [*credential_file*] -# (Optional) Absolute path of GCS service account credential file, to -# be created with content from the credentials input. -# Defaults to '/etc/cinder/gcs-backup.json' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup::gcs ( - $credentials, - $credential_file = '/etc/cinder/gcs-backup.json', - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder::backup - - if $step >= 4 { - file { "${credential_file}" : - ensure => file, - content => to_json_pretty($credentials), - owner => 'root', - group => 'cinder', - mode => '0640', - } - - class { 'cinder::backup::google': - backup_gcs_credential_file => $credential_file, - } - } - -} diff --git a/manifests/profile/base/cinder/backup/nfs.pp b/manifests/profile/base/cinder/backup/nfs.pp deleted file mode 100644 index 70afa6f58..000000000 --- a/manifests/profile/base/cinder/backup/nfs.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup::nfs -# -# Cinder Backup NFS profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup::nfs ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder::backup - - if $step >= 4 { - include cinder::backup::nfs - } - -} diff --git a/manifests/profile/base/cinder/backup/s3.pp b/manifests/profile/base/cinder/backup/s3.pp deleted file mode 100644 index 05eec9540..000000000 --- a/manifests/profile/base/cinder/backup/s3.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup::s3 -# -# Cinder Backup S3 profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup::s3 ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder::backup - - if $step >= 4 { - include cinder::backup::s3 - } - -} diff --git a/manifests/profile/base/cinder/backup/swift.pp b/manifests/profile/base/cinder/backup/swift.pp deleted file mode 100644 index 22dced04a..000000000 --- a/manifests/profile/base/cinder/backup/swift.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::backup::swift -# -# Cinder Backup Swift profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::backup::swift ( - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::cinder::backup - - if $step >= 4 { - include cinder::backup::swift - } - -} diff --git a/manifests/profile/base/cinder/scheduler.pp b/manifests/profile/base/cinder/scheduler.pp deleted file mode 100644 index 6be8dd0f3..000000000 --- a/manifests/profile/base/cinder/scheduler.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::scheduler -# -# Cinder Scheduler profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::scheduler ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder - - if $step >= 4 { - include cinder::scheduler - } - -} diff --git a/manifests/profile/base/cinder/volume.pp b/manifests/profile/base/cinder/volume.pp deleted file mode 100644 index 98bb30fa5..000000000 --- a/manifests/profile/base/cinder/volume.pp +++ /dev/null @@ -1,346 +0,0 @@ -# Copyright 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume -# -# Cinder Volume profile for tripleo -# -# === Parameters -# -# [*cinder_enable_pure_backend*] -# (Optional) Whether to enable the pure backend -# Defaults to false -# -# [*cinder_enable_dellemc_sc_backend*] -# (Optional) Whether to enable the sc backend -# Defaults to false -# -# [*cinder_enable_dellemc_unity_backend*] -# (Optional) Whether to enable the unity backend -# Defaults to false -# -# [*cinder_enable_dellemc_powerflex_backend*] -# (Optional) Whether to enable the powerflex backend -# Defaults to false -# -# [*cinder_enable_dellemc_powermax_backend*] -# (Optional) Whether to enable the powermax backend -# Defaults to false -# -# [*cinder_enable_dellemc_powerstore_backend*] -# (Optional) Whether to enable the powerstore backend -# Defaults to false -# -# [*cinder_enable_dellemc_vnx_backend*] -# (Optional) Whether to enable the vnx backend -# Defaults to false -# -# [*cinder_enable_dellemc_xtremio_backend*] -# (Optional) Whether to enable the xtremio backend -# Defaults to false -# -# [*cinder_enable_ibm_svf_backend*] -# (Optional) Whether to enable the ibm_svf backend -# Defaults to false -# -# [*cinder_enable_iscsi_backend*] -# (Optional) Whether to enable the iscsi backend -# Defaults to true -# -# [*cinder_enable_netapp_backend*] -# (Optional) Whether to enable the netapp backend -# Defaults to false -# -# [*cinder_enable_nfs_backend*] -# (Optional) Whether to enable the nfs backend -# Defaults to false -# -# [*cinder_enable_rbd_backend*] -# (Optional) Whether to enable the rbd backend -# Defaults to false -# -#[*cinder_enable_nvmeof_backend*] -# (Optional) Whether to enable the NVMeOF backend -# Defaults to false -# -# [*cinder_user_enabled_backends*] -# (Optional) List of additional backend stanzas to activate -# Defaults to lookup('cinder_user_enabled_backends', undef, undef, undef) -# -# [*cinder_volume_cluster*] -# (Optional) Name of the cluster when running in active-active mode -# Defaults to '' -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*etcd_certificate_specs*] -# (optional) TLS certificate specs for the etcd service -# Defaults to lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {}) -# -# [*etcd_enabled*] -# (optional) Whether the etcd service is enabled or not -# Defaults to lookup('etcd_enabled', undef, undef, false) -# -# [*etcd_host*] -# (optional) IP address (VIP) of the etcd service -# Defaults to lookup('etcd_vip', undef, undef, undef) -# -# [*etcd_port*] -# (optional) Port used by the etcd service -# Defaults to lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# DEPRECATED PARAMETERS -# -# [*cinder_rbd_client_name*] -# (Optional) Name of RBD client -# Defaults to undef -# -# [*cinder_rbd_ceph_conf_path*] -# (Optional) The path where the Ceph Cluster config files are stored on the host -# Defaults to undef -# -class tripleo::profile::base::cinder::volume ( - $cinder_enable_pure_backend = false, - $cinder_enable_dellemc_sc_backend = false, - $cinder_enable_dellemc_unity_backend = false, - $cinder_enable_dellemc_powerflex_backend = false, - $cinder_enable_dellemc_powermax_backend = false, - $cinder_enable_dellemc_powerstore_backend = false, - $cinder_enable_dellemc_vnx_backend = false, - $cinder_enable_dellemc_xtremio_backend = false, - $cinder_enable_ibm_svf_backend = false, - $cinder_enable_iscsi_backend = true, - $cinder_enable_netapp_backend = false, - $cinder_enable_nfs_backend = false, - $cinder_enable_rbd_backend = false, - $cinder_enable_nvmeof_backend = false, - $cinder_user_enabled_backends = lookup('cinder_user_enabled_backends', undef, undef, undef), - $cinder_volume_cluster = '', - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $etcd_certificate_specs = lookup('tripleo::profile::base::etcd::certificate_specs', undef, undef, {}), - $etcd_enabled = lookup('etcd_enabled', undef, undef, false), - $etcd_host = lookup('etcd_vip', undef, undef, undef), - $etcd_port = lookup('tripleo::profile::base::etcd::client_port', undef, undef, '2379'), - $step = Integer(lookup('step')), - # DEPRECATED PARAMETERS - $cinder_rbd_ceph_conf_path = undef, - $cinder_rbd_client_name = undef, -) { - include tripleo::profile::base::cinder - - if $step >= 4 { - if $cinder_volume_cluster == '' { - $cinder_volume_cluster_real = undef - } else { - $cinder_volume_cluster_real = $cinder_volume_cluster - } - - if $cinder_volume_cluster_real { - unless $etcd_enabled { - fail('Running cinder-volume in active-active mode with a cluster name requires the etcd service.') - } - if empty($etcd_host) { - fail('etcd_vip not set in hieradata') - } - case $::operatingsystemmajrelease { - # el8 uses etcd version 3.2, which supports v3alpha path - '8' : { $api_version = 'v3alpha' } - # el9 uses etcd version 3.4, which supports v3 path - default : { $api_version = 'v3' } - } - $options_init = "?api_version=${api_version}" - if $enable_internal_tls { - $protocol = 'https' - $tls_keyfile = $etcd_certificate_specs['service_key'] - $tls_certfile = $etcd_certificate_specs['service_certificate'] - $options_tls = sprintf('&cert_key=%s&cert_cert=%s', $tls_keyfile, $tls_certfile) - $options = "${options_init}${options_tls}" - } else { - $protocol = 'http' - $options = "${options_init}" - } - $backend_url = sprintf('etcd3+%s://%s:%s%s', $protocol, normalize_ip_for_uri($etcd_host), $etcd_port, $options) - class { 'cinder::coordination' : - backend_url => $backend_url, - } - } - - class { 'cinder::volume' : - cluster => $cinder_volume_cluster_real, - } - - if $cinder_enable_pure_backend { - include tripleo::profile::base::cinder::volume::pure - $cinder_pure_backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, 'tripleo_pure') - } else { - $cinder_pure_backend_name = undef - } - - if $cinder_enable_dellemc_sc_backend { - include tripleo::profile::base::cinder::volume::dellemc_sc - $cinder_dellemc_sc_backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, 'tripleo_dellemc_sc') - } else { - $cinder_dellemc_sc_backend_name = undef - } - - if $cinder_enable_dellemc_unity_backend { - include tripleo::profile::base::cinder::volume::dellemc_unity - $cinder_dellemc_unity_backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name', - undef, undef, 'tripleo_dellemc_unity') - } else { - $cinder_dellemc_unity_backend_name = undef - } - - if $cinder_enable_dellemc_powerflex_backend { - include tripleo::profile::base::cinder::volume::dellemc_powerflex - $cinder_dellemc_powerflex_backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name', - undef, undef, 'tripleo_dellemc_powerflex') - } else { - $cinder_dellemc_powerflex_backend_name = undef - } - - if $cinder_enable_dellemc_powermax_backend { - include tripleo::profile::base::cinder::volume::dellemc_powermax - $cinder_dellemc_powermax_backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name', - undef, undef, 'tripleo_dellemc_powermax') - } else { - $cinder_dellemc_powermax_backend_name = undef - } - - if $cinder_enable_dellemc_powerstore_backend { - include tripleo::profile::base::cinder::volume::dellemc_powerstore - $cinder_dellemc_powerstore_backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name', - undef, undef, 'tripleo_dellemc_powerstore') - } else { - $cinder_dellemc_powerstore_backend_name = undef - } - - if $cinder_enable_dellemc_vnx_backend { - include tripleo::profile::base::cinder::volume::dellemc_vnx - $cinder_dellemc_vnx_backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name', - undef, undef, 'tripleo_dellemc_vnx') - } else { - $cinder_dellemc_vnx_backend_name = undef - } - - if $cinder_enable_dellemc_xtremio_backend { - include tripleo::profile::base::cinder::volume::dellemc_xtremio - $cinder_dellemc_xtremio_backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name', - undef, undef, 'tripleo_dellemc_xtremio') - } else { - $cinder_dellemc_xtremio_backend_name = undef - } - - if $cinder_enable_ibm_svf_backend { - include tripleo::profile::base::cinder::volume::ibm_svf - $cinder_ibm_svf_backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name', - undef, undef, 'tripleo_ibm_svf') - } else { - $cinder_ibm_svf_backend_name = undef - } - - if $cinder_enable_iscsi_backend { - include tripleo::profile::base::cinder::volume::iscsi - $cinder_iscsi_backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi') - } else { - $cinder_iscsi_backend_name = undef - } - - if $cinder_enable_netapp_backend { - include tripleo::profile::base::cinder::volume::netapp - $cinder_netapp_backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, 'tripleo_netapp') - } else { - $cinder_netapp_backend_name = undef - } - - if $cinder_enable_nfs_backend { - include tripleo::profile::base::cinder::volume::nfs - $cinder_nfs_backend_name = lookup('tripleo::profile::base::cinder::volume::nfs::backend_name', - undef, undef, lookup('cinder::backend::nfs::volume_backend_name', - undef, undef, 'tripleo_nfs')) - } else { - $cinder_nfs_backend_name = undef - } - - if $cinder_enable_rbd_backend { - include tripleo::profile::base::cinder::volume::rbd - $cinder_rbd_backend_name = lookup('tripleo::profile::base::cinder::volume::rbd::backend_name', - undef, undef, ['tripleo_ceph']) - - $extra_pools = lookup('tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools', undef, undef, undef) - if empty($extra_pools) { - $extra_backend_names = [] - } else { - # These $extra_pools are associated with the first backend - $base_name = any2array($cinder_rbd_backend_name)[0] - $extra_backend_names = any2array($extra_pools).map |$pool_name| { "${base_name}_${pool_name}" } - } - - # Each $multi_config backend can specify its own list of extra pools. The - # backend names are the $multi_config hash keys. - $multi_config = lookup('tripleo::profile::base::cinder::volume::rbd::multi_config', undef, undef, {}) - $extra_multiconfig_backend_names = $multi_config.map |$base_name, $backend_config| { - $backend_extra_pools = $backend_config['CinderRbdExtraPools'] - any2array($backend_extra_pools).map |$pool_name| { "${base_name}_${pool_name}" } - } - - $cinder_rbd_extra_backend_names = flatten($extra_backend_names, $extra_multiconfig_backend_names) - } else { - $cinder_rbd_backend_name = undef - $cinder_rbd_extra_backend_names = undef - } - - if $cinder_enable_nvmeof_backend { - include tripleo::profile::base::cinder::volume::nvmeof - $cinder_nvmeof_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof') - } else { - $cinder_nvmeof_backend_name = undef - } - - $backends = delete_undef_values(concat([], $cinder_iscsi_backend_name, - $cinder_rbd_backend_name, - $cinder_rbd_extra_backend_names, - $cinder_pure_backend_name, - $cinder_dellemc_sc_backend_name, - $cinder_dellemc_unity_backend_name, - $cinder_dellemc_powerflex_backend_name, - $cinder_dellemc_powermax_backend_name, - $cinder_dellemc_powerstore_backend_name, - $cinder_dellemc_vnx_backend_name, - $cinder_dellemc_xtremio_backend_name, - $cinder_ibm_svf_backend_name, - $cinder_netapp_backend_name, - $cinder_nfs_backend_name, - $cinder_user_enabled_backends, - $cinder_nvmeof_backend_name)) - # NOTE(aschultz): during testing it was found that puppet 3 may incorrectly - # include a "" in the previous array which is not removed by the - # delete_undef_values function. So we need to make sure we don't have any - # "" strings in our array. - $cinder_enabled_backends = delete($backends, '') - - class { 'cinder::backends' : - enabled_backends => $cinder_enabled_backends, - } - include cinder::backend::defaults - } - -} diff --git a/manifests/profile/base/cinder/volume/dellemc_powerflex.pp b/manifests/profile/base/cinder/volume/dellemc_powerflex.pp deleted file mode 100644 index d5202773f..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_powerflex.pp +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_powerflex -# -# Cinder Volume dellemc_powerflex profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) Name given to the Cinder backend stanza -# Defaults to lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_powerflex ( - $backend_name = lookup('cinder::backend::dellemc_powerflex::volume_backend_name', undef, undef, 'tripleo_dellemc_powerflex'), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - create_resources('cinder::backend::dellemc_powerflex', { $backend_name => delete_undef_values({ - 'backend_availability_zone' => lookup('cinder::backend::dellemc_powerflex::backend_availability_zone', - undef, undef, undef), - 'san_login' => lookup('cinder::backend::dellemc_powerflex::san_login', undef, undef, undef), - 'san_password' => lookup('cinder::backend::dellemc_powerflex::san_password', undef, undef, undef), - 'san_ip' => lookup('cinder::backend::dellemc_powerflex::san_ip', undef, undef, undef), - 'powerflex_storage_pools' => lookup('cinder::backend::dellemc_powerflex::powerflex_storage_pools', - undef, undef, undef), - 'powerflex_allow_migration_during_rebuild' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_migration_during_rebuild', - undef, undef, undef), - 'powerflex_allow_non_padded_volumes' => lookup('cinder::backend::dellemc_powerflex::powerflex_allow_non_padded_volumes', - undef, undef, undef), - 'powerflex_max_over_subscription_ratio' => lookup('cinder::backend::dellemc_powerflex::powerflex_max_over_subscription_ratio', - undef, undef, undef), - 'powerflex_rest_server_port' => lookup('cinder::backend::dellemc_powerflex::powerflex_rest_server_port', - undef, undef, undef), - 'powerflex_round_volume_capacity' => lookup('cinder::backend::dellemc_powerflex::powerflex_round_volume_capacity', - undef, undef, undef), - 'powerflex_server_api_version' => lookup('cinder::backend::dellemc_powerflex::powerflex_server_api_version', - undef, undef, undef), - 'powerflex_unmap_volume_before_deletion' => lookup('cinder::backend::dellemc_powerflex::powerflex_unmap_volume_before_deletion', - undef, undef, undef), - 'san_thin_provision' => lookup('cinder::backend::dellemc_powerflex::san_thin_provision', undef, undef, undef), - 'driver_ssl_cert_verify' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_verify', - undef, undef, undef), - 'driver_ssl_cert_path' => lookup('cinder::backend::dellemc_powerflex::driver_ssl_cert_path', undef, undef, undef) - })}) - } -} diff --git a/manifests/profile/base/cinder/volume/dellemc_powermax.pp b/manifests/profile/base/cinder/volume/dellemc_powermax.pp deleted file mode 100644 index c4844a7f1..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_powermax.pp +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_powermax -# -# Cinder Volume dellemc_powermax profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend:dellemc_powermax::volume_backend_name', undef, undef, -# ['tripleo_dellemc_powermax']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_powermax ( - $backend_name = lookup('cinder::backend::dellemc_powermax::volume_backend_name', undef, undef, ['tripleo_dellemc_powermax']), - $multi_config = lookup('cinder::backend::dellemc_powermax::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderPowermaxAvailabilityZone' => lookup('cinder::backend::dellemc_powermax::backend_availability_zone', undef, undef, undef), - 'CinderPowermaxSanIp' => lookup('cinder::backend::dellemc_powermax::san_ip', undef, undef, undef), - 'CinderPowermaxSanLogin' => lookup('cinder::backend::dellemc_powermax::san_login', undef, undef, undef), - 'CinderPowermaxSanPassword' => lookup('cinder::backend::dellemc_powermax::san_password', undef, undef, undef), - 'CinderPowermaxStorageProtocol' => lookup('cinder::backend::dellemc_powermax::powermax_storage_protocol', undef, undef, undef), - 'CinderPowermaxArray' => lookup('cinder::backend::dellemc_powermax::powermax_array', undef, undef, undef), - 'CinderPowermaxSrp' => lookup('cinder::backend::dellemc_powermax::powermax_srp', undef, undef, undef), - 'CinderPowermaxPortGroups' => lookup('cinder::backend::dellemc_powermax::powermax_port_groups', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::dellemc_powermax', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderPowermaxAvailabilityZone'], - 'san_ip' => $backend_config['CinderPowermaxSanIp'], - 'san_login' => $backend_config['CinderPowermaxSanLogin'], - 'san_password' => $backend_config['CinderPowermaxSanPassword'], - 'powermax_storage_protocol' => $backend_config['CinderPowermaxStorageProtocol'], - 'powermax_array' => $backend_config['CinderPowermaxArray'], - 'powermax_srp' => $backend_config['CinderPowermaxSrp'], - 'powermax_port_groups' => $backend_config['CinderPowermaxPortGroups'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/dellemc_powerstore.pp b/manifests/profile/base/cinder/volume/dellemc_powerstore.pp deleted file mode 100644 index 3bae21b6a..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_powerstore.pp +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_powerstore -# -# Cinder Volume dellemc_powerstore profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend:dellemc_powerstore::volume_backend_name', undef, undef, -# ['tripleo_dellemc_powerstore']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_powerstore ( - $backend_name = lookup('cinder::backend::dellemc_powerstore::volume_backend_name', undef, undef, ['tripleo_dellemc_powerstore']), - $multi_config = lookup('cinder::backend::dellemc_powerstore::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderPowerStoreAvailabilityZone' => lookup('cinder::backend::dellemc_powerstore::backend_availability_zone', undef, undef, undef), - 'CinderPowerStoreSanIp' => lookup('cinder::backend::dellemc_powerstore::san_ip', undef, undef, undef), - 'CinderPowerStoreSanLogin' => lookup('cinder::backend::dellemc_powerstore::san_login', undef, undef, undef), - 'CinderPowerStoreSanPassword' => lookup('cinder::backend::dellemc_powerstore::san_password', undef, undef, undef), - 'CinderPowerStoreStorageProtocol' => lookup('cinder::backend::dellemc_powerstore::storage_protocol', undef, undef, undef), - 'CinderPowerStorePorts' => lookup('cinder::backend::dellemc_powerstore::powerstore_ports', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::dellemc_powerstore', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderPowerStoreAvailabilityZone'], - 'san_ip' => $backend_config['CinderPowerStoreSanIp'], - 'san_login' => $backend_config['CinderPowerStoreSanLogin'], - 'san_password' => $backend_config['CinderPowerStoreSanPassword'], - 'storage_protocol' => $backend_config['CinderPowerStoreStorageProtocol'], - 'powerstore_ports' => $backend_config['CinderPowerStorePorts'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/dellemc_sc.pp b/manifests/profile/base/cinder/volume/dellemc_sc.pp deleted file mode 100644 index bb9967a09..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_sc.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_sc -# -# Cinder Volume dellemc_sc profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) Name given to the Cinder backend stanza -# Defaults to lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_sc ( - $backend_name = lookup('cinder::backend::dellemc_sc::volume_backend_name', undef, undef, ['tripleo_dellemc_sc']), - $multi_config = lookup('cinder::backend::dellemc_sc::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - - $backend_defaults = { - 'CinderSCAvailabilityZone' => lookup('cinder::backend::dellemc_sc::backend_availability_zone', undef, undef, undef), - 'CinderSCSanIp' => lookup('cinder::backend::dellemc_sc::san_ip', undef, undef, undef), - 'CinderSCSanLogin' => lookup('cinder::backend::dellemc_sc::san_login', undef, undef, undef), - 'CinderSCSanPassword' => lookup('cinder::backend::dellemc_sc::san_password', undef, undef, undef), - 'CinderSCStorageProtocol' => lookup('cinder::backend::dellemc_sc::sc_storage_protocol', undef, undef, undef), - 'CinderSCSSN' => lookup('cinder::backend::dellemc_sc::dell_sc_ssn', undef, undef, undef), - 'CinderSCTargetIpAddress' => lookup('cinder::backend::dellemc_sc::iscsi_ip_address', undef, undef, undef), - 'CinderSCTargetPort' => lookup('cinder::backend::dellemc_sc::iscsi_port', undef, undef, undef), - 'CinderSCApiPort' => lookup('cinder::backend::dellemc_sc::dell_sc_api_port', undef, undef, undef), - 'CinderSCServerFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_server_folder', undef, undef, undef), - 'CinderSCVolumeFolder' => lookup('cinder::backend::dellemc_sc::dell_sc_volume_folder', undef, undef, undef), - 'CinderSCExcludedDomainIps' => lookup('cinder::backend::dellemc_sc::excluded_domain_ips', undef, undef, undef), - 'CinderSCSecondarySanIp' => lookup('cinder::backend::dellemc_sc::secondary_san_ip', undef, undef, undef), - 'CinderSCSecondarySanLogin' => lookup('cinder::backend::dellemc_sc::secondary_san_login', undef, undef, undef), - 'CinderSCSecondarySanPassword' => lookup('cinder::backend::dellemc_sc::secondary_san_password', undef, undef, undef), - 'CinderSCSecondaryApiPort' => lookup('cinder::backend::dellemc_sc::secondary_sc_api_port', undef, undef, undef), - 'CinderSCUseMultipathForImageXfer' => lookup('cinder::backend::dellemc_sc::use_multipath_for_image_xfer', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::dellemc_sc', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderSCAvailabilityZone'], - 'san_ip' => $backend_config['CinderSCSanIp'], - 'san_login' => $backend_config['CinderSCSanLogin'], - 'san_password' => $backend_config['CinderSCSanPassword'], - 'sc_storage_protocol' => $backend_config['CinderSCStorageProtocol'], - 'dell_sc_ssn' => $backend_config['CinderSCSSN'], - 'target_ip_address' => $backend_config['CinderSCTargetIpAddress'], - 'target_port' => $backend_config['CinderSCTargetPort'], - 'dell_sc_api_port' => $backend_config['CinderSCApiPort'], - 'dell_sc_server_folder' => $backend_config['CinderSCServerFolder'], - 'dell_sc_volume_folder' => $backend_config['CinderSCVolumeFolder'], - 'excluded_domain_ips' => $backend_config['CinderSCExcludedDomainIps'], - 'secondary_san_ip' => $backend_config['CinderSCSecondarySanIp'], - 'secondary_san_login' => $backend_config['CinderSCSecondarySanLogin'], - 'secondary_san_password' => $backend_config['CinderSCSecondarySanPassword'], - 'secondary_sc_api_port' => $backend_config['CinderSCSecondaryApiPort'], - 'use_multipath_for_image_xfer' => $backend_config['CinderSCUseMultipathForImageXfer'], - })}) - } - } -} diff --git a/manifests/profile/base/cinder/volume/dellemc_unity.pp b/manifests/profile/base/cinder/volume/dellemc_unity.pp deleted file mode 100644 index 18407f6b7..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_unity.pp +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_unity -# -# Cinder Volume dellemc_unity profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_unity ( - $backend_name = lookup('cinder::backend::dellemc_unity::volume_backend_name', undef, undef, ['tripleo_dellemc_unity']), - $multi_config = lookup('cinder::backend::dellemc_unity::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderDellEMCUnityAvailabilityZone' => lookup('cinder::backend::dellemc_unity::backend_availability_zone', undef, undef, undef), - 'CinderDellEMCUnitySanIp' => lookup('cinder::backend::dellemc_unity::san_ip', undef, undef, undef), - 'CinderDellEMCUnitySanLogin' => lookup('cinder::backend::dellemc_unity::san_login', undef, undef, undef), - 'CinderDellEMCUnitySanPassword' => lookup('cinder::backend::dellemc_unity::san_password', undef, undef, undef), - 'CinderDellEMCUnityStorageProtocol' => lookup('cinder::backend::dellemc_unity::storage_protocol', undef, undef, undef), - 'CinderDellEMCUnityIoPorts' => lookup('cinder::backend::dellemc_unity::unity_io_ports', undef, undef, undef), - 'CinderDellEMCUnityStoragePoolNames' => lookup('cinder::backend::dellemc_unity::unity_storage_pool_names', undef, undef, undef), - } - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::dellemc_unity', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderDellEMCUnityAvailabilityZone'], - 'san_ip' => $backend_config['CinderDellEMCUnitySanIp'], - 'san_login' => $backend_config['CinderDellEMCUnitySanLogin'], - 'san_password' => $backend_config['CinderDellEMCUnitySanPassword'], - 'storage_protocol' => $backend_config['CinderDellEMCUnityStorageProtocol'], - 'unity_io_ports' => $backend_config['CinderDellEMCUnityIoPorts'], - 'unity_storage_pool_names' => $backend_config['CinderDellEMCUnityStoragePoolNames'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/dellemc_vnx.pp b/manifests/profile/base/cinder/volume/dellemc_vnx.pp deleted file mode 100644 index 180f516b4..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_vnx.pp +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright (c) 2016-2018 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_vnx -# -# Cinder Volume dellemc_vnx profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza -# Defaults to lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_vnx ( - $backend_name = lookup('cinder::backend::emc_vnx::volume_backend_name', undef, undef, ['tripleo_dellemc_vnx']), - $multi_config = lookup('cinder::backend::emc_vnx::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderDellEMCVNXAvailabilityZone' => lookup('cinder::backend::emc_vnx::backend_availability_zone', undef, undef, undef), - 'CinderDellEMCVNXSanIp' => lookup('cinder::backend::emc_vnx::san_ip', undef, undef, undef), - 'CinderDellEMCVNXSanLogin' => lookup('cinder::backend::emc_vnx::san_login', undef, undef, undef), - 'CinderDellEMCVNXSanPassword' => lookup('cinder::backend::emc_vnx::san_password', undef, undef, undef), - 'CinderDellEMCVNXStorageProtocol' => lookup('cinder::backend::emc_vnx::storage_protocol', undef, undef, undef), - 'CinderDellEMCVNXStoragePoolNames' => lookup('cinder::backend::emc_vnx::storage_vnx_pool_names', undef, undef, undef), - 'CinderDellEMCVNXDefaultTimeout' => lookup('cinder::backend::emc_vnx::default_timeout', undef, undef, undef), - 'CinderDellEMCVNXMaxLunsPerStorageGroup' => lookup('cinder::backend::emc_vnx::max_luns_per_storage_group', undef, undef, undef), - 'CinderDellEMCVNXInitiatorAutoRegistration' => lookup('cinder::backend::emc_vnx::initiator_auto_registration', undef, undef, undef), - 'CinderDellEMCVNXAuthType' => lookup('cinder::backend::emc_vnx::storage_vnx_auth_type', undef, undef, undef), - 'CinderDellEMCVNXStorageSecurityFileDir' => lookup('cinder::backend::emc_vnx::storage_vnx_security_file_dir', undef, undef, undef), - 'CinderDellEMCVNXNaviseccliPath' => lookup('cinder::backend::emc_vnx::naviseccli_path', undef, undef, undef), - } - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::emc_vnx', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderDellEMCVNXAvailabilityZone'], - 'san_ip' => $backend_config['CinderDellEMCVNXSanIp'], - 'san_login' => $backend_config['CinderDellEMCVNXSanLogin'], - 'san_password' => $backend_config['CinderDellEMCVNXSanPassword'], - 'storage_protocol' => $backend_config['CinderDellEMCVNXStorageProtocol'], - 'storage_vnx_pool_names' => $backend_config['CinderDellEMCVNXStoragePoolNames'], - 'default_timeout' => $backend_config['CinderDellEMCVNXDefaultTimeout'], - 'max_luns_per_storage_group' => $backend_config['CinderDellEMCVNXMaxLunsPerStorageGroup'], - 'initiator_auto_registration' => $backend_config['CinderDellEMCVNXInitiatorAutoRegistration'], - 'storage_vnx_auth_type' => $backend_config['CinderDellEMCVNXAuthType'], - 'storage_vnx_security_file_dir' => $backend_config['CinderDellEMCVNXStorageSecurityFileDir'], - 'naviseccli_path' => $backend_config['CinderDellEMCVNXNaviseccliPath'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/dellemc_xtremio.pp b/manifests/profile/base/cinder/volume/dellemc_xtremio.pp deleted file mode 100644 index 22e9d5842..000000000 --- a/manifests/profile/base/cinder/volume/dellemc_xtremio.pp +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::dellemc_xtremio -# -# Cinder Volume dellemc_xtremio profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) Name given to the Cinder backend stanza -# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::dellemc_xtremio ( - $backend_name = lookup('cinder::backend::dellemc_xtremio::volume_backend_name', undef, undef, ['tripleo_dellemc_xtremio']), - $multi_config = lookup('cinder::backend::dellemc_xtremio::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - - $backend_defaults = { - 'CinderXtremioAvailabilityZone' => lookup('cinder::backend::dellemc_xtremio::backend_availability_zone', undef, undef, undef), - 'CinderXtremioSanIp' => lookup('cinder::backend::dellemc_xtremio::san_ip', undef, undef, undef), - 'CinderXtremioSanLogin' => lookup('cinder::backend::dellemc_xtremio::san_login', undef, undef, undef), - 'CinderXtremioSanPassword' => lookup('cinder::backend::dellemc_xtremio::san_password', undef, undef, undef), - 'CinderXtremioStorageProtocol' => lookup('cinder::backend::dellemc_xtremio::xtremio_storage_protocol', undef, undef, undef), - 'CinderXtremioClusterName' => lookup('cinder::backend::dellemc_xtremio::xtremio_cluster_name', undef, undef, undef), - 'CinderXtremioArrayBusyRetryCount' => lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_count', - undef, undef, undef), - 'CinderXtremioArrayBusyRetryInterval'=> lookup('cinder::backend::dellemc_xtremio::xtremio_array_busy_retry_interval', - undef, undef, undef), - 'CinderXtremioVolumesPerGlanceCache' => lookup('cinder::backend::dellemc_xtremio::xtremio_volumes_per_glance_cache', - undef, undef, undef), - 'CinderXtremioPorts' => lookup('cinder::backend::dellemc_xtremio::xtremio_ports', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::dellemc_xtremio', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderXtremioAvailabilityZone'], - 'san_ip' => $backend_config['CinderXtremioSanIp'], - 'san_login' => $backend_config['CinderXtremioSanLogin'], - 'san_password' => $backend_config['CinderXtremioSanPassword'], - 'xtremio_storage_protocol' => $backend_config['CinderXtremioStorageProtocol'], - 'xtremio_cluster_name' => $backend_config['CinderXtremioClusterName'], - 'xtremio_array_busy_retry_count' => $backend_config['CinderXtremioArrayBusyRetryCount'], - 'xtremio_array_busy_retry_interval' => $backend_config['CinderXtremioArrayBusyRetryInterval'], - 'xtremio_volumes_per_glance_cache' => $backend_config['CinderXtremioVolumesPerGlanceCache'], - 'xtremio_ports' => $backend_config['CinderXtremioPorts'], - })}) - } - } -} diff --git a/manifests/profile/base/cinder/volume/ibm_svf.pp b/manifests/profile/base/cinder/volume/ibm_svf.pp deleted file mode 100644 index b33b3b7a3..000000000 --- a/manifests/profile/base/cinder/volume/ibm_svf.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# == Class: tripleo::profile::base::cinder::volume::ibm_svf -# -# Cinder Volume IBM Spectrum Virtualize family (Svf) profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend:ibm_svf::volume_backend_name', undef, undef, -# ['tripleo_ibm_svf']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::ibm_svf ( - $backend_name = lookup('cinder::backend::ibm_svf::volume_backend_name', undef, undef, ['tripleo_ibm_svf']), - $multi_config = lookup('cinder::backend::ibm_svf::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - # NOTE: Svf was earlier called as storwize/svc driver, so the cinder - # configuration parameters were named accordingly. - if $step >= 4 { - $backend_defaults = { - 'CinderSvfAvailabilityZone' => lookup('cinder::backend::ibm_svf::backend_availability_zone', undef, undef, undef), - 'CinderSvfSanIp' => lookup('cinder::backend::ibm_svf::san_ip', undef, undef, undef), - 'CinderSvfSanLogin' => lookup('cinder::backend::ibm_svf::san_login', undef, undef, undef), - 'CinderSvfSanPassword' => lookup('cinder::backend::ibm_svf::san_password', undef, undef, undef), - 'CinderSvfAllowTenantQos' => lookup('cinder::backend::ibm_svf::storwize_svc_allow_tenant_qos', undef, undef, undef), - 'CinderSvfConnectionProtocol' => lookup('cinder::backend::ibm_svf::storwize_svc_connection_protocol', undef, undef, undef), - 'CinderSvfIscsiChapEnabled' => lookup('cinder::backend::ibm_svf::storwize_svc_iscsi_chap_enabled', undef, undef, undef), - 'CinderSvfRetainAuxVolume' => lookup('cinder::backend::ibm_svf::storwize_svc_retain_aux_volume', undef, undef, undef), - 'CinderSvfVolumePoolName' => lookup('cinder::backend::ibm_svf::storwize_svc_volpool_name', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::ibm_svf', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderSvfAvailabilityZone'], - 'san_ip' => $backend_config['CinderSvfSanIp'], - 'san_login' => $backend_config['CinderSvfSanLogin'], - 'san_password' => $backend_config['CinderSvfSanPassword'], - 'storwize_svc_allow_tenant_qos' => $backend_config['CinderSvfAllowTenantQos'], - 'storwize_svc_connection_protocol' => $backend_config['CinderSvfConnectionProtocol'], - 'storwize_svc_iscsi_chap_enabled' => $backend_config['CinderSvfIscsiChapEnabled'], - 'storwize_svc_retain_aux_volume' => $backend_config['CinderSvfRetainAuxVolume'], - 'storwize_svc_volpool_name' => $backend_config['CinderSvfVolumePoolName'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/iscsi.pp b/manifests/profile/base/cinder/volume/iscsi.pp deleted file mode 100644 index 9d29245b1..000000000 --- a/manifests/profile/base/cinder/volume/iscsi.pp +++ /dev/null @@ -1,67 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::iscsi -# -# Cinder Volume iscsi profile for tripleo -# -# === Parameters -# -# [*cinder_iscsi_address*] -# The address where to bind the iscsi targets daemon -# -# [*backend_name*] -# (Optional) Name given to the Cinder backend stanza -# Defaults to lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi') -# -# [*backend_availability_zone*] -# (Optional) Availability zone for this volume backend -# Defaults to lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef) -# -# [*cinder_iscsi_helper*] -# (Optional) The iscsi helper to use -# Defaults to 'tgtadm' -# -# [*cinder_iscsi_protocol*] -# (Optional) The iscsi protocol to use -# Defaults to 'iscsi' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::iscsi ( - $cinder_iscsi_address, - $backend_name = lookup('cinder::backend::iscsi::volume_backend_name', undef, undef, 'tripleo_iscsi'), - $backend_availability_zone = lookup('cinder::backend::iscsi::backend_availability_zone', undef, undef, undef), - $cinder_iscsi_helper = 'tgtadm', - $cinder_iscsi_protocol = 'iscsi', - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - # NOTE(gfidente): never emit in hieradata: - # key: [ipv6] - # as it will cause hiera parsing errors - create_resources('cinder::backend::iscsi', { $backend_name => delete_undef_values({ - 'backend_availability_zone' => $backend_availability_zone, - 'target_ip_address' => normalize_ip_for_uri($cinder_iscsi_address), - 'target_helper' => $cinder_iscsi_helper, - 'target_protocol' => $cinder_iscsi_protocol, - })}) - } - -} diff --git a/manifests/profile/base/cinder/volume/netapp.pp b/manifests/profile/base/cinder/volume/netapp.pp deleted file mode 100644 index 64de776cd..000000000 --- a/manifests/profile/base/cinder/volume/netapp.pp +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::netapp -# -# Cinder Volume netapp profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::netapp ( - $backend_name = lookup('cinder::backend::netapp::volume_backend_name', undef, undef, ['tripleo_netapp']), - $multi_config = lookup('cinder::backend::netapp::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderNetappAvailabilityZone' => lookup('cinder::backend::netapp::backend_availability_zone', undef, undef, undef), - 'CinderNetappLogin' => lookup('cinder::backend::netapp::netapp_login', undef, undef, undef), - 'CinderNetappPassword' => lookup('cinder::backend::netapp::netapp_password', undef, undef, undef), - 'CinderNetappServerHostname' => lookup('cinder::backend::netapp::netapp_server_hostname', undef, undef, undef), - 'CinderNetappServerPort' => lookup('cinder::backend::netapp::netapp_server_port', undef, undef, undef), - 'CinderNetappSizeMultiplier' => lookup('cinder::backend::netapp::netapp_size_multiplier', undef, undef, undef), - 'CinderNetappStorageFamily' => lookup('cinder::backend::netapp::netapp_storage_family', undef, undef, undef), - 'CinderNetappStorageProtocol' => lookup('cinder::backend::netapp::netapp_storage_protocol', undef, undef, undef), - 'CinderNetappTransportType' => lookup('cinder::backend::netapp::netapp_transport_type', undef, undef, undef), - 'CinderNetappVserver' => lookup('cinder::backend::netapp::netapp_vserver', undef, undef, undef), - 'CinderNetappNfsShares' => lookup('cinder::backend::netapp::nfs_shares', undef, undef, undef), - 'CinderNetappNfsSharesConfig' => lookup('cinder::backend::netapp::nfs_shares_config', undef, undef, undef), - 'CinderNetappNfsMountOptions' => lookup('cinder::backend::netapp::nfs_mount_options', undef, undef, undef), - 'CinderNetappCopyOffloadToolPath' => lookup('cinder::backend::netapp::netapp_copyoffload_tool_path', undef, undef, undef), - 'CinderNetappHostType' => lookup('cinder::backend::netapp::netapp_host_type', undef, undef, undef), - 'CinderNetappNasSecureFileOperations' => lookup('cinder::backend::netapp::nas_secure_file_operations', undef, undef, undef), - 'CinderNetappNasSecureFilePermissions' => lookup('cinder::backend::netapp::nas_secure_file_permissions', undef, undef, undef), - 'CinderNetappPoolNameSearchPattern' => lookup('cinder::backend::netapp::netapp_pool_name_search_pattern', undef, undef, undef), - } - - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::netapp', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderNetappAvailabilityZone'], - 'netapp_login' => $backend_config['CinderNetappLogin'], - 'netapp_password' => $backend_config['CinderNetappPassword'], - 'netapp_server_hostname' => $backend_config['CinderNetappServerHostname'], - 'netapp_server_port' => $backend_config['CinderNetappServerPort'], - 'netapp_size_multiplier' => $backend_config['CinderNetappSizeMultiplier'], - 'netapp_storage_family' => $backend_config['CinderNetappStorageFamily'], - 'netapp_storage_protocol' => $backend_config['CinderNetappStorageProtocol'], - 'netapp_transport_type' => $backend_config['CinderNetappTransportType'], - 'netapp_vserver' => $backend_config['CinderNetappVserver'], - 'nfs_shares' => any2array($backend_config['CinderNetappNfsShares']), - 'nfs_shares_config' => $backend_config['CinderNetappNfsSharesConfig'], - 'nfs_mount_options' => $backend_config['CinderNetappNfsMountOptions'], - 'netapp_copyoffload_tool_path' => $backend_config['CinderNetappCopyOffloadToolPath'], - 'netapp_host_type' => $backend_config['CinderNetappHostType'], - 'nas_secure_file_operations' => $backend_config['CinderNetappNasSecureFileOperations'], - 'nas_secure_file_permissions' => $backend_config['CinderNetappNasSecureFilePermissions'], - 'netapp_pool_name_search_pattern' => $backend_config['CinderNetappPoolNameSearchPattern'], - })}) - } - } - -} diff --git a/manifests/profile/base/cinder/volume/nfs.pp b/manifests/profile/base/cinder/volume/nfs.pp deleted file mode 100644 index 80254496a..000000000 --- a/manifests/profile/base/cinder/volume/nfs.pp +++ /dev/null @@ -1,116 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::nfs -# -# Cinder Volume nfs profile for tripleo -# -# === Parameters -# -# [*cinder_nfs_servers*] -# List of NFS shares to mount -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs']) -# -# [*backend_availability_zone*] -# (Optional) Availability zone for this volume backend -# Defaults to lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef) -# -# [*cinder_nfs_mount_options*] -# (Optional) List of mount options for the NFS share -# Defaults to '' -# -# [*cinder_nfs_shares_config*] -# (Optional) NFS shares configuration file -# Defaults to '/etc/cinder/shares-nfs.conf' -# -# [*cinder_nfs_snapshot_support*] -# (Optional) Whether to enable support for snapshots in the NFS driver. -# Defaults to $::os_service_default -# -# [*cinder_nas_secure_file_operations*] -# (Optional) Allow network-attached storage systems to operate in a secure -# environment where root level access is not permitted. If set to False, -# access is as the root user and insecure. If set to True, access is not as -# root. If set to auto, a check is done to determine if this is a new -# installation: True is used if so, otherwise False. Default is auto. -# Defaults to $::os_service_default -# -# [*cinder_nas_secure_file_permissions*] -# (Optional) Set more secure file permissions on network-attached storage -# volume files to restrict broad other/world access. If set to False, -# volumes are created with open permissions. If set to True, volumes are -# created with permissions for the cinder user and group (660). If set to -# auto, a check is done to determine if this is a new installation: True is -# used if so, otherwise False. Default is auto. -# Defaults to $::os_service_default -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to {} -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::nfs ( - $cinder_nfs_servers, - $backend_name = lookup('cinder::backend::nfs::volume_backend_name', undef, undef, ['tripleo_nfs']), - $backend_availability_zone = lookup('cinder::backend::nfs::backend_availability_zone', undef, undef, undef), - $cinder_nfs_mount_options = '', - $cinder_nfs_shares_config = '/etc/cinder/shares-nfs.conf', - $cinder_nfs_snapshot_support = $::os_service_default, - $cinder_nas_secure_file_operations = $::os_service_default, - $cinder_nas_secure_file_permissions = $::os_service_default, - $multi_config = {}, - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - package {'nfs-utils': } - $backend_defaults = { - 'CinderNfsAvailabilityZone' => $backend_availability_zone, - 'CinderNfsServers' => $cinder_nfs_servers, - 'CinderNfsMountOptions' => $cinder_nfs_mount_options, - 'CinderNfsSharesConfig' => $cinder_nfs_shares_config, - 'CinderNfsSnapshotSupport' => $cinder_nfs_snapshot_support, - 'CinderNasSecureFileOperations' => $cinder_nas_secure_file_operations, - 'CinderNasSecureFilePermissions' => $cinder_nas_secure_file_permissions, - } - any2array($backend_name).each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - create_resources('cinder::backend::nfs', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderNfsAvailabilityZone'], - 'nfs_servers' => $backend_config['CinderNfsServers'], - 'nfs_mount_options' => $backend_config['CinderNfsMountOptions'], - 'nfs_shares_config' => $backend_config['CinderNfsSharesConfig'], - 'nfs_snapshot_support' => $backend_config['CinderNfsSnapshotSupport'], - 'nas_secure_file_operations' => $backend_config['CinderNasSecureFileOperations'], - 'nas_secure_file_permissions' => $backend_config['CinderNasSecureFilePermissions'], - })}) - Package['nfs-utils'] -> Cinder::Backend::Nfs[$backend] - } - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - require => Package['nfs-utils'], - } - } - } -} diff --git a/manifests/profile/base/cinder/volume/nvmeof.pp b/manifests/profile/base/cinder/volume/nvmeof.pp deleted file mode 100644 index 05eed9dff..000000000 --- a/manifests/profile/base/cinder/volume/nvmeof.pp +++ /dev/null @@ -1,80 +0,0 @@ -# -# == Class: tripleo::profile::base::cinder::volume::nvmeof -# -# NVMeOF Cinder Volume profile for tripleo -# -# === Parameters -# -# [*target_ip_address*] -# (Required) The IP address of NVMe target -# -# [*target_port*] -# (Required) Port that NVMe target is listening on -# -# [*target_helper*] -# (Required) Target user-land tool to use -# -# [*target_protocol*] -# (Required) Target protocol to use -# -# [*target_prefix*] -# (Optional) Prefix for LVM volumes -# Defaults to 'nvme-subsystem' -# -# [*nvmet_port_id*] -# (Optional) Port id of the NVMe target -# Defaults to '1' -# -# [*nvmet_ns_id*] -# (Optional) The namespace id associated with the subsystem -# Defaults to '10' -# -# [*volume_backend_name*] -# (Optional) Name given to the Cinder backend -# Defaults to lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof') -# -# [*backend_availability_zone*] -# (Optional) Availability zone for this volume backend -# Defaults to lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef) -# -# [*volume_driver*] -# (Optional) Driver to use for volume creation -# Defaults to 'cinder.volume.drivers.lvm.LVMVolumeDriver' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::nvmeof ( - $target_ip_address, - $target_port, - $target_helper, - $target_protocol, - $target_prefix = 'nvme-subsystem', - $nvmet_port_id = '1', - $nvmet_ns_id = '10', - $volume_backend_name = lookup('cinder::backend::nvmeof::volume_backend_name', undef, undef, 'tripleo_nvmeof'), - $backend_availability_zone = lookup('cinder::backend::nvmeof::backend_availability_zone', undef, undef, undef), - $volume_driver = 'cinder.volume.drivers.lvm.LVMVolumeDriver', - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - create_resources('cinder::backend::nvmeof', { $volume_backend_name => delete_undef_values({ - 'target_ip_address' => normalize_ip_for_uri($target_ip_address), - 'target_port' => $target_port, - 'target_helper' => $target_helper, - 'target_protocol' => $target_protocol, - 'target_prefix' => $target_prefix, - 'nvmet_port_id' => $nvmet_port_id, - 'nvmet_ns_id' => $nvmet_ns_id, - 'volume_backend_name' => $volume_backend_name, - 'backend_availability_zone' => $backend_availability_zone, - 'volume_driver' => $volume_driver, - })}) - } - -} - diff --git a/manifests/profile/base/cinder/volume/pure.pp b/manifests/profile/base/cinder/volume/pure.pp deleted file mode 100644 index 0ecedf0fb..000000000 --- a/manifests/profile/base/cinder/volume/pure.pp +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::pure -# -# Cinder Volume pure profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure']) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to lookup('cinder::backend::pure::volume_multi_config', undef, undef, {}) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::pure ( - $backend_name = lookup('cinder::backend::pure::volume_backend_name', undef, undef, ['tripleo_pure']), - $multi_config = lookup('cinder::backend::pure::volume_multi_config', undef, undef, {}), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CinderPureAvailabilityZone' => lookup('cinder::backend::pure::backend_availability_zone', undef, undef, undef), - 'CinderPureSanIp' => lookup('cinder::backend::pure::san_ip', undef, undef, undef), - 'CinderPureAPIToken' => lookup('cinder::backend::pure::pure_api_token', undef, undef, undef), - 'CinderPureStorageProtocol' => lookup('cinder::backend::pure::pure_storage_protocol', undef, undef, undef), - 'CinderPureUseChap' => lookup('cinder::backend::pure::use_chap_auth', undef, undef, undef), - 'CinderPureMultipathXfer' => lookup('cinder::backend::pure::use_multipath_for_image_xfer', undef, undef, undef), - 'CinderPureImageCache' => lookup('cinder::backend::pure::image_volume_cache_enabled', undef, undef, undef), - 'CinderPureIscsiCidr' => lookup('cinder::backend::pure::pure_iscsi_cidr', undef, undef, undef), - 'CinderPureIscsiCidrList' => lookup('cinder::backend::pure::pure_iscsi_cidr_list', undef, undef, undef), - 'CinderPureHostPersonality' => lookup('cinder::backend::pure::pure_host_personality', undef, undef, undef), - 'CinderPureEradicateOnDelete' => lookup('cinder::backend::pure::pure_eradicate_on_delete', undef, undef, undef), - 'CinderPureNvmeTransport' => lookup('cinder::backend::pure::pure_nvme_transport', undef, undef, undef), - 'CinderPureNvmeCidr' => lookup('cinder::backend::pure::pure_nvme_cidr', undef, undef, undef), - 'CinderPureNvmeCidrList' => lookup('cinder::backend::pure::pure_nvme_cidr_list', undef, undef, undef), - } - - $backend_name.each |String $backend| { - $backend_config = merge($backend_defaults, pick($multi_config[$backend], {})) - - create_resources('cinder::backend::pure', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderPureAvailabilityZone'], - 'san_ip' => $backend_config['CinderPureSanIp'], - 'pure_api_token' => $backend_config['CinderPureAPIToken'], - 'pure_storage_protocol' => $backend_config['CinderPureStorageProtocol'], - 'use_chap_auth' => $backend_config['CinderPureUseChap'], - 'use_multipath_for_image_xfer' => $backend_config['CinderPureMultipathXfer'], - 'image_volume_cache_enabled' => $backend_config['CinderPureImageCache'], - 'pure_iscsi_cidr' => $backend_config['CinderPureIscsiCidr'], - 'pure_iscsi_cidr_list' => $backend_config['CinderPureIscsiCidrList'], - 'pure_host_personality' => $backend_config['CinderPureHostPersonality'], - 'pure_eradicate_on_delete' => $backend_config['CinderPureEradicateOnDelete'], - 'pure_nvme_transport' => $backend_config['CinderPureNvmeTransport'], - 'pure_nvme_cidr' => $backend_config['CinderPureNvmeCidr'], - 'pure_nvme_cidr_list' => $backend_config['CinderPureNvmeCidrList'], - })}) - } - } -} diff --git a/manifests/profile/base/cinder/volume/rbd.pp b/manifests/profile/base/cinder/volume/rbd.pp deleted file mode 100644 index 89255a111..000000000 --- a/manifests/profile/base/cinder/volume/rbd.pp +++ /dev/null @@ -1,147 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::cinder::volume::rbd -# -# Cinder Volume rbd profile for tripleo -# -# === Parameters -# -# [*backend_name*] -# (Optional) List of names given to the Cinder backend stanza. -# Defaults to lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph']) -# -# [*backend_availability_zone*] -# (Optional) Availability zone for this volume backend -# Defaults to lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef) -# -# [*cinder_rbd_backend_host*] -# (Optional) String to use as backend_host in the backend stanza -# Defaults to lookup('cinder::backend_host', undef, undef, lookup('cinder::host', undef, undef, $::hostname)) -# -# [*cinder_rbd_ceph_conf*] -# (Optional) The path to the Ceph cluster config file -# Defaults to '/etc/ceph/ceph.conf' -# -# [*cinder_rbd_pool_name*] -# (Optional) The name of the RBD pool to use -# Defaults to 'volumes' -# -# [*cinder_rbd_extra_pools*] -# (Optional) List of additional pools to use for Cinder. A separate RBD -# backend is created for each additional pool. -# Defaults to undef -# -# [*cinder_rbd_secret_uuid*] -# (Optional) UUID of the of the libvirt secret storing the Cephx key -# Defaults to undef -# -# [*cinder_rbd_user_name*] -# (Optional) The user name for the RBD client -# Defaults to 'openstack' -# -# [*cinder_rbd_flatten_volume_from_snapshot*] -# (Optional) Whether volumes created from a snapshot should be flattened -# in order to remove a dependency on the snapshot. -# Defaults to lookup('cinder::backend::rbd::flatten_volume_from_snapshot, undef, undef, undef) -# -# [*multi_config*] -# (Optional) A config hash when multiple backends are used. -# Defaults to {} -# -# [*extra_options*] -# (optional) Hash of extra options to configure for the RBD backends. -# Example: { 'tripleo_ceph/param1' => { 'value' => value1 } } -# Defaults to: {} -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::cinder::volume::rbd ( - $backend_name = lookup('cinder::backend::rbd::volume_backend_name', undef, undef, ['tripleo_ceph']), - $backend_availability_zone = lookup('cinder::backend::rbd::backend_availability_zone', undef, undef, undef), - # lint:ignore:parameter_documentation - $cinder_rbd_backend_host = lookup('cinder::backend_host', undef, undef, lookup('cinder::host', - undef, undef, $::hostname)), - # lint:endignore - $cinder_rbd_ceph_conf = lookup('cinder::backend::rbd::rbd_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'), - $cinder_rbd_pool_name = 'volumes', - $cinder_rbd_extra_pools = undef, - $cinder_rbd_secret_uuid = undef, - $cinder_rbd_user_name = 'openstack', - $cinder_rbd_flatten_volume_from_snapshot = lookup('cinder::backend::rbd::flatten_volume_from_snapshot', undef, undef, undef), - $multi_config = {}, - $extra_options = {}, - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::cinder::volume - - if $step >= 4 { - $backend_defaults = { - 'CephClusterFSID' => $cinder_rbd_secret_uuid, - 'CephClientUserName' => $cinder_rbd_user_name, - 'CinderRbdAvailabilityZone' => $backend_availability_zone, - 'CinderRbdPoolName' => $cinder_rbd_pool_name, - 'CinderRbdExtraPools' => $cinder_rbd_extra_pools, - 'CinderRbdFlattenVolumeFromSnapshot' => $cinder_rbd_flatten_volume_from_snapshot, - } - - $backends_array = any2array($backend_name) - $backends_array.each |String $backend| { - $backend_multi_config = pick($multi_config[$backend], {}) - - $multi_config_cluster = $backend_multi_config['CephClusterName'] - if $multi_config_cluster { - $backend_ceph_conf = "/etc/ceph/${multi_config_cluster}.conf" - } else { - $backend_ceph_conf = $cinder_rbd_ceph_conf - } - - # Ensure extra_options are only applied once. - if $backend == $backends_array[0] { - $extra_options_real = $extra_options - } else { - $extra_options_real = undef - } - - $backend_config = merge($backend_defaults, $backend_multi_config) - - create_resources('cinder::backend::rbd', { $backend => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'], - 'backend_host' => $cinder_rbd_backend_host, - 'rbd_ceph_conf' => $backend_ceph_conf, - 'rbd_pool' => $backend_config['CinderRbdPoolName'], - 'rbd_user' => $backend_config['CephClientUserName'], - 'rbd_secret_uuid' => $backend_config['CephClusterFSID'], - 'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'], - 'extra_options' => $extra_options_real, - })}) - - any2array($backend_config['CinderRbdExtraPools']).each |String $pool_name| { - create_resources('cinder::backend::rbd', { "${backend}_${pool_name}" => delete_undef_values({ - 'backend_availability_zone' => $backend_config['CinderRbdAvailabilityZone'], - 'backend_host' => $cinder_rbd_backend_host, - 'rbd_ceph_conf' => $backend_ceph_conf, - 'rbd_pool' => $pool_name, - 'rbd_user' => $backend_config['CephClientUserName'], - 'rbd_secret_uuid' => $backend_config['CephClusterFSID'], - 'rbd_flatten_volume_from_snapshot' => $backend_config['CinderRbdFlattenVolumeFromSnapshot'], - })}) - } - } - } - -} diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp deleted file mode 100644 index 4b7254b9f..000000000 --- a/manifests/profile/base/database/mysql.pp +++ /dev/null @@ -1,279 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::database::mysql -# -# MySQL profile for tripleo -# -# === Parameters -# -# [*bind_address*] -# (Optional) The address that the local mysql instance should bind to. -# Defaults to $::hostname -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('mysql_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate -# it will create. Note that the certificate nickname must be 'mysql' in -# the case of this service. -# Example with hiera: -# tripleo::profile::base::database::mysql::certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "mysql/" -# Defaults to {}. -# -# [*cipher_list*] -# (Optional) When enable_internal_tls is true, defines the list of allowed -# ciphers for the mysql server. -# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1' -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*innodb_buffer_pool_size*] -# (Optional) Configure the size of the MySQL buffer pool. -# Defaults to lookup('innodb_buffer_pool_size', undef, undef, undef) -# -# [*innodb_log_file_size*] -# (Optional) Configure the size in bytes of each log file in a log group. -# Defaults to undef. -# -# [*innodb_flush_method*] -# (Optional) Defines the method used to flush data to InnoDB data files and log files. -# Defaults to undef. -# -# [*innodb_lock_wait_timeout*] -# (Option) Time in seconds that an InnoDB transaction waits for an InnoDB row lock (not table lock). -# When this occurs, the statement (not transaction) is rolled back. -# Defaults to undef. -# -# [*innodb_strict_mode*] -# (Optional) InnoDB strict mode enforcement. When set to 'ON', InnoDB -# performs validity checks on DDL statements such as table creation, -# or table row size. When set to 'OFF', the same checks only return -# warnings rather than error. -# Defaults to lookup('innodb_strict_mode', undef, undef, 'OFF') -# -# [*table_open_cache*] -# (Optional) Configure the number of open tables for all threads. -# Increasing this value increases the number of file descriptors that mysqld requires. -# Defaults to undef. -# -# [*manage_resources*] -# (Optional) Whether or not manage root user, root my.cnf, and service. -# Defaults to true -# -# [*mysql_server_options*] -# (Optional) Extras options to deploy MySQL. Useful when deploying Galera cluster. -# Should be an hash. -# Defaults to {} -# -# [*mysql_max_connections*] -# (Optional) Maximum number of connections to MySQL. -# Defaults to lookup('mysql_max_connections', undef, undef, undef) -# -# [*mysql_auth_ed25519*] -# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate -# a user when connecting to the server -# Defaults to lookup('mysql_auth_ed25519', undef, undef, false) -# -# [*remove_default_accounts*] -# (Optional) Whether or not remove default MySQL accounts. -# Defaults to true -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# -class tripleo::profile::base::database::mysql ( - $bind_address = $::hostname, - $bootstrap_node = lookup('mysql_short_bootstrap_node_name', undef, undef, undef), - $certificate_specs = {}, - $cipher_list = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1', - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $innodb_buffer_pool_size = lookup('innodb_buffer_pool_size', undef, undef, undef), - $innodb_log_file_size = undef, - $innodb_lock_wait_timeout = lookup('innodb_lock_wait_timeout', undef, undef, undef), - $innodb_strict_mode = lookup('innodb_strict_mode', undef, undef, 'OFF'), - $table_open_cache = undef, - $innodb_flush_method = undef, - $manage_resources = true, - $mysql_server_options = {}, - $mysql_max_connections = lookup('mysql_max_connections', undef, undef, undef), - $mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false), - $remove_default_accounts = true, - $step = Integer(lookup('step')), -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - validate_legacy(Hash, 'validate_hash', $mysql_server_options) - validate_legacy(Hash, 'validate_hash', $certificate_specs) - - if $enable_internal_tls { - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - $tls_cipher_list = $cipher_list - - # Force users/grants created to use TLS connections - Openstacklib::Db::Mysql <||> { tls_options => ['SSL'] } - } else { - $tls_certfile = undef - $tls_keyfile = undef - $tls_cipher_list = undef - } - - # non-ha scenario - if $manage_resources { - $mysql_step = 2 - } else { - # ha scenario - $mysql_step = 1 - } - if $step >= $mysql_step { - if str2bool(lookup('enable_galera', undef, undef, true)) { - $mysql_config_file = '/etc/my.cnf.d/galera.cnf' - } else { - $mysql_config_file = '/etc/my.cnf.d/server.cnf' - } - # TODO Galera - # FIXME: due to https://bugzilla.redhat.com/show_bug.cgi?id=1298671 we - # set bind-address to a hostname instead of an ip address; to move Mysql - # from internal_api on another network we'll have to customize both - # MysqlNetwork and ControllerHostnameResolveNetwork in ServiceNetMap - $mysql_server_default = { - 'mysqld' => { - 'bind-address' => $bind_address, - 'max_connections' => $mysql_max_connections, - 'open_files_limit' => '65536', - 'innodb_buffer_pool_size' => $innodb_buffer_pool_size, - 'innodb_file_per_table' => 'ON', - 'innodb_log_file_size' => $innodb_log_file_size, - 'innodb_lock_wait_timeout' => $innodb_lock_wait_timeout, - 'innodb_strict_mode' => $innodb_strict_mode, - 'log_warnings' => '1', - 'table_open_cache' => $table_open_cache, - 'innodb_flush_method' => $innodb_flush_method, - 'query_cache_size' => '0', - 'query_cache_type' => '0', - 'ssl' => $enable_internal_tls, - 'ssl-key' => $tls_keyfile, - 'ssl-cert' => $tls_certfile, - 'ssl-cipher' => $tls_cipher_list, - 'ssl-ca' => undef, - 'plugin_load_add' => 'auth_ed25519', - } - } - $mysql_server_options_real = deep_merge($mysql_server_default, $mysql_server_options) - class { 'mysql::server': - config_file => $mysql_config_file, - override_options => $mysql_server_options_real, - create_root_user => $manage_resources, - create_root_my_cnf => $manage_resources, - service_manage => $manage_resources, - service_enabled => $manage_resources, - remove_default_accounts => $remove_default_accounts, - } - } - - $service_names = lookup('enabled_services', undef, undef, undef) - - if $service_names { - tripleo::profile::base::database::mysql::users { $service_names: } - } - - if $step >= 2 and $sync_db { - Class['mysql::server'] -> Mysql_database<||> - if ($manage_resources) { - # the mysql module handles password for user 'root@localhost', but it - # doesn't modify 'root@%'. So make sure this user password is managed - # as well by creating a resource appropriately. - mysql_user { 'root@%': - ensure => present, - password_hash => mysql::password(lookup('mysql::server::root_password')), - } - } - if ($mysql_auth_ed25519) { - ['root@localhost', 'root@%'].each |$user| { - Mysql_user<| title == $user |> { - plugin => 'ed25519', - password_hash => mysql_ed25519_password(lookup('mysql::server::root_password')) - } - } - } - # Note: use 'include_and_check_auth' below rather than 'include' - # to support ed25519 authentication - if lookup('aodh_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'aodh::db::mysql':} - } - if lookup('cinder_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'cinder::db::mysql':} - } - if lookup('barbican_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'barbican::db::mysql':} - } - if lookup('designate_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'designate::db::mysql':} - } - if lookup('glance_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'glance::db::mysql':} - } - if lookup('gnocchi_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'gnocchi::db::mysql':} - } - if lookup('heat_engine_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'heat::db::mysql':} - } - if lookup('ironic_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::db::mysql':} - } - if lookup('ironic_inspector_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'ironic::inspector::db::mysql':} - } - if lookup('keystone_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'keystone::db::mysql':} - } - if lookup('manila_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'manila::db::mysql':} - } - if lookup('neutron_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'neutron::db::mysql':} - } - if lookup('nova_conductor_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql':} - } - if lookup('nova_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'nova::db::mysql_api':} - } - if lookup('placement_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'placement::db::mysql':} - } - if lookup('octavia_api_enabled', undef, undef, false) { - tripleo::profile::base::database::mysql::include_and_check_auth{'octavia::db::mysql':} - } - } - -} diff --git a/manifests/profile/base/database/mysql/client.pp b/manifests/profile/base/database/mysql/client.pp deleted file mode 100644 index 4dabd62a9..000000000 --- a/manifests/profile/base/database/mysql/client.pp +++ /dev/null @@ -1,104 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::haproxy -# -# Loadbalancer profile for tripleo -# -# === Parameters -# -# [*enable_ssl*] -# (Optional) Whether SSL should be used for the connection to the server or -# not. -# Defaults to false -# -# [*mysql_read_default_file*] -# (Optional) Name of the file that will be passed to pymysql connection strings -# Defaults to '/etc/my.cnf.d/tripleo.cnf' -# -# [*mysql_read_default_group*] -# (Optional) Name of the ini section to be passed to pymysql connection strings -# Defaults to 'tripleo' -# -# [*mysql_client_bind_address*] -# (Optional) Client IP address of the host that will be written in the mysql_read_default_file -# Defaults to undef -# -# [*ssl_ca*] -# (Optional) The SSL CA file to use to verify the MySQL server's certificate. -# Defaults to '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::database::mysql::client ( - $enable_ssl = false, - $mysql_read_default_file = '/etc/my.cnf.d/tripleo.cnf', - $mysql_read_default_group = 'tripleo', - $mysql_client_bind_address = undef, - $ssl_ca = '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt', - $step = Integer(lookup('step')), -) { - if $step >= 1 { - if $mysql_client_bind_address =~ Stdlib::Compat::Ip_address { - $client_bind_changes = [ - "set ${mysql_read_default_group}/bind-address '${mysql_client_bind_address}'" - ] - } else { - $client_bind_changes = [ - "rm ${mysql_read_default_group}/bind-address" - ] - } - - if $enable_ssl { - $changes_ssl = [ - "set ${mysql_read_default_group}/ssl '1'", - "set ${mysql_read_default_group}/ssl-ca '${ssl_ca}'", - 'set client/ssl \'1\'', - "set client/ssl-ca '${ssl_ca}'" - ] - } else { - $changes_ssl = [ - "rm ${mysql_read_default_group}/ssl", - "rm ${mysql_read_default_group}/ssl-ca", - 'rm client/ssl', - 'rm client/ssl-ca' - ] - } - - $conf_changes = union($client_bind_changes, $changes_ssl) - - # When generating configuration with docker-puppet, services do - # not include any profile that would ensure creation of /etc/my.cnf.d, - # so we enforce the check here. - file {'/etc/my.cnf.d': - ensure => 'directory' - } - file { $mysql_read_default_file: - ensure => file, - } - augeas { 'tripleo-mysql-client-conf': - incl => $mysql_read_default_file, - lens => 'Puppet.lns', - changes => $conf_changes, - require => File[$mysql_read_default_file], - } - - # If a profile created a file resource for the parent directory, - # ensure it is being run before the config file generation - File<| title == '/etc/my.cnf.d' |> -> Augeas['tripleo-mysql-client-conf'] - } -} diff --git a/manifests/profile/base/database/mysql/include_and_check_auth.pp b/manifests/profile/base/database/mysql/include_and_check_auth.pp deleted file mode 100644 index 675b38022..000000000 --- a/manifests/profile/base/database/mysql/include_and_check_auth.pp +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: include_and_check_auth -# -# Include an OpenStack MySQL profile and configures it for alternative -# client authentication like e.g. ed25519 -# -# === Parameters -# -# [*module*] -# (Optional) The puppet module to include -# Defaults to $title -# -# [*mysql_auth_ed25519*] -# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate -# a user when connecting to the server -# Defaults to lookup('mysql_auth_ed25519', undef, undef, false) -# -define tripleo::profile::base::database::mysql::include_and_check_auth( - $module = $title, - $mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false), -) { - include $module - if ($mysql_auth_ed25519) { - # currently all openstack puppet modules create MySQL users - # by hashing their password for the default auth method. - # If ed25519 auth is enabled, we must hash the password - # differently; so do it with a collector until all - # openstack modules support ed25519 auth natively. - $stripped_module_name = regsubst($module,'^::','') - $password_key = "${stripped_module_name}::password" - Openstacklib::Db::Mysql<| tag == $stripped_module_name |> { - plugin => 'ed25519', - password_hash => mysql_ed25519_password(lookup($password_key)) - } - } -} diff --git a/manifests/profile/base/database/mysql/user.pp b/manifests/profile/base/database/mysql/user.pp deleted file mode 100644 index 50b54348e..000000000 --- a/manifests/profile/base/database/mysql/user.pp +++ /dev/null @@ -1,62 +0,0 @@ -# The tripleo::profile::base::database::mysql::user resource implements -# a generic resource to create databases, users and grants in MySQL -# -# == parameters -# -# [*password*] -# (Required) Password to connect to the database. -# -# [*dbname*] -# (Required) Name of the database. -# -# [*user*] -# (Required) User to connect to the database. -# -# [*host*] -# (Optional) The default source host user is allowed to connect from. -# Defaults to '127.0.0.1' -# -# [*allowed_hosts*] -# (Optional) Other hosts the user is allowed to connect from. -# Defaults to 'undef'. -# -# [*charset*] -# (Optional) The database charset. -# Defaults to 'utf8' -# -# [*collate*] -# (Optional) The database collate. -# Only used with mysql modules >= 2.2. -# Defaults to 'utf8_general_ci' -# -# == Dependencies -# Class['mysql::server'] -# -# == Examples -# -# == Authors -# -# == Copyright -# -define tripleo::profile::base::database::mysql::user ( - $password, - $dbname, - $user, - $host = '127.0.0.1', - $charset = 'utf8', - $collate = 'utf8_general_ci', - $allowed_hosts = undef -) { - - validate_legacy(String, 'validate_string', $password) - - ::openstacklib::db::mysql { $title : - user => $user, - password => $password, - dbname => $dbname, - host => $host, - charset => $charset, - collate => $collate, - allowed_hosts => $allowed_hosts, - } -} diff --git a/manifests/profile/base/database/mysql/users.pp b/manifests/profile/base/database/mysql/users.pp deleted file mode 100644 index c17f34a02..000000000 --- a/manifests/profile/base/database/mysql/users.pp +++ /dev/null @@ -1,37 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::haproxy::service_endpoints -# -# Define used to create haproxyendpoints for composable services. -# -# === Parameters: -# -# [*service_name*] -# (optional) The service_name to create the myql resources for. -# Defaults to $title -# -define tripleo::profile::base::database::mysql::users ($service_name = $title) { - - $underscore_name = regsubst($service_name, '-', '_', 'G') - - # This allows each composable service to load its own custom rules by - # creating its own flat hiera key named: - # tripleo::::mysql_user - $mysql_users = lookup("tripleo::${underscore_name}::mysql_user", undef, undef, undef) - - if $mysql_users { - ensure_resource('tripleo::profile::base::database::mysql::user', $service_name, $mysql_users) - } -} diff --git a/manifests/profile/base/database/redis.pp b/manifests/profile/base/database/redis.pp deleted file mode 100644 index fa96f513f..000000000 --- a/manifests/profile/base/database/redis.pp +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::database::redis -# -# Redis profile for tripleo -# -# === Parameters -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# redis_certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('redis_certificate_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*redis_network*] -# (Optional) The network name where the redis endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('redis_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pacemaker_managed*] -# (Optional) Whether the redis service is managed by Pacemaker -# Defaults to false -# -# [*tls_tunnel_local_name*] -# (Optional) When TLS proxy is in use, name of the localhost to forward -# unencryption Redis traffic to. -# This is set by t-h-t. -# Defaults to 'localhost' -# -# [*tls_proxy_bind_ip*] -# IP on which the TLS proxy will listen on. Required only if -# enable_internal_tls is set. -# Defaults to undef -# -# [*tls_proxy_fqdn*] -# fqdn on which the tls proxy will listen on. required only used if -# enable_internal_tls is set. -# defaults to undef -# -# [*tls_proxy_port*] -# port on which the tls proxy will listen on. Only used if -# enable_internal_tls is set. -# defaults to 6379 -# -class tripleo::profile::base::database::redis ( - $certificate_specs = lookup('redis_certificate_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $redis_network = lookup('redis_network', undef, undef, undef), - $step = Integer(lookup('step')), - $pacemaker_managed = false, - $tls_tunnel_local_name = 'localhost', - $tls_proxy_bind_ip = undef, - $tls_proxy_fqdn = undef, - $tls_proxy_port = 6379, -) { - - # When Redis is managed by pacemaker then the configuration is generated - # before cluster is being set up. - if $pacemaker_managed { - $redis_step = 1 - } else { - $redis_step = 2 - } - if $step >= $redis_step { - if $enable_internal_tls { - if !$redis_network { - fail('redis_network is not set in the hieradata.') - } - if !$tls_proxy_bind_ip { - fail('tls_proxy_bind_ip is not set in the hieradata.') - } - if !$tls_proxy_fqdn { - fail('tls_proxy_fqdn is required if internal TLS is enabled.') - } - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - - include tripleo::stunnel - - tripleo::stunnel::service_proxy { 'redis': - accept_host => $tls_proxy_bind_ip, - accept_port => $tls_proxy_port, - connect_host => $tls_tunnel_local_name, - connect_port => $tls_proxy_port, - certificate => $tls_certfile, - key => $tls_keyfile, - notify => Class['redis'], - } - } - - include redis - } -} diff --git a/manifests/profile/base/designate.pp b/manifests/profile/base/designate.pp deleted file mode 100644 index 6a62bbd3a..000000000 --- a/manifests/profile/base/designate.pp +++ /dev/null @@ -1,139 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate -# -# Designate server profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [* DEPRECATED PARAMETERS *] -# -# [*rndc_host*] -# The address on which rndc should listen -# Defaults to undef -# -# [*rndc_port*] -# The port on which rndc should listen -# Defaults undef -# -# [*rndc_keys*] -# A list of keys that rndc should accept -# Defaults to undef -# -# [*rndc_allowed_addresses*] -# A list of addresses that are allowed to send rndc commands -# Defaults to undef -# -class tripleo::profile::base::designate ( - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - # DEPRECATED PARAMETERS - $rndc_host = undef, - $rndc_port = undef, - $rndc_keys = undef, - $rndc_allowed_addresses = undef, -) { - if $step >= 3 { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'designate' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - if ($rndc_host or $rndc_allowed_addresses or $rndc_keys or $rndc_allowed_addresses) { - warning('rndc/named configuration through puppet is no longer supported.') - } - include designate::config - include designate::logging - include designate::network_api::neutron - } -} diff --git a/manifests/profile/base/designate/api.pp b/manifests/profile/base/designate/api.pp deleted file mode 100644 index c8c80e0bb..000000000 --- a/manifests/profile/base/designate/api.pp +++ /dev/null @@ -1,105 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::api -# -# Designate API server profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*designate_network*] -# (Optional) The network name where the designate endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('designate_api_network', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*listen_ip*] -# (Optional) The IP on which the API should listen. (now set by hiera via -# designate::wsgi::apache) -# Defaults to undef -# -# [*listen_port*] -# (Optional) The port on which the API should listen. (no longer needed, -# listen port gets default value from designate::wsgi::apache) -# Defaults to undef -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::designate::api ( - $step = Integer(lookup('step')), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $designate_network = lookup('designate_api_network', undef, undef, undef), - $listen_ip = undef, - $listen_port = undef, - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - include tripleo::profile::base::designate - include tripleo::profile::base::designate::authtoken - - if $enable_internal_tls { - if !$designate_network { - fail('designate_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${designate_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${designate_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if ($step >= 3) { - # TODO: remove once the tripleo heat template changes merge - if $listen_ip and $listen_port { - $listen_uri = normalize_ip_for_uri($listen_ip) - class { 'designate::api': - listen => "${listen_uri}:${listen_port}" - } - } else { - if $configure_apache { - include tripleo::profile::base::apache - class { 'designate::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile - } - } - include designate::api - } - include designate::healthcheck - } -} diff --git a/manifests/profile/base/designate/authtoken.pp b/manifests/profile/base/designate/authtoken.pp deleted file mode 100644 index 3fcb32b46..000000000 --- a/manifests/profile/base/designate/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::authtoken -# -# Designate authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::designate::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+designate") - } else { - $hashed_secret_key = undef - } - - class { 'designate::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/designate/backend.pp b/manifests/profile/base/designate/backend.pp deleted file mode 100644 index e12bf722d..000000000 --- a/manifests/profile/base/designate/backend.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::backend -# -# Designate backend profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*backend*] -# (Optional) Specify a backend used. -# Defaults to lookup('designate_backend', undef, undef, 'bind9'), -# -class tripleo::profile::base::designate::backend ( - $step = Integer(lookup('step')), - $backend = lookup('designate_backend', undef, undef, 'bind9'), -) { - if $step >= 4 { - if $backend == 'bind9' { - class{ 'designate::backend::bind9': - configure_bind => false - } - } else { - fail("${backend} is not supported by designate") - } - } -} diff --git a/manifests/profile/base/designate/central.pp b/manifests/profile/base/designate/central.pp deleted file mode 100644 index 0f3243bfe..000000000 --- a/manifests/profile/base/designate/central.pp +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::central -# -# Designate Central profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('designate_central_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# DEPRECATED PARAMETERS -# -# [*pools_file_content*] -# (Optional) The content of /etc/designate/pools.yaml -# Defaults to the content of templates/designate/pools.yaml.erb -# -class tripleo::profile::base::designate::central ( - $bootstrap_node = lookup('designate_central_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), - # DEPRECATED PARAMETERS - $pools_file_content = undef, -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $pools_file_content { - warning('pool file content is no longer manually configurable') - } - - include tripleo::profile::base::designate - include tripleo::profile::base::designate::coordination - - if ($step >= 4 or ($step >= 3 and $sync_db)) { - class { 'designate::db': - sync_db => $sync_db, - } - include designate::central - include designate::quota - include designate::network_api::neutron - } -} diff --git a/manifests/profile/base/designate/coordination.pp b/manifests/profile/base/designate/coordination.pp deleted file mode 100644 index ac8f0ebbd..000000000 --- a/manifests/profile/base/designate/coordination.pp +++ /dev/null @@ -1,57 +0,0 @@ -# Copyright 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::coordination -# -# Designate Coordination profile for tripleo for setting coordination/redis -# related configuration. -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*designate_redis_password*] -# (Optional) Password for the neutron redis user for the coordination url -# Defaults to lookup('designate_redis_password', undef, undef, undef), -# -# [*redis_vip*] -# (Optional) Redis ip address for the coordination url -# Defaults to lookup('redis_vip', undef, undef, undef), -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -class tripleo::profile::base::designate::coordination ( - $step = Integer(lookup('step')), - $designate_redis_password = lookup('designate_redis_password', undef, undef, undef), - $redis_vip = lookup('redis_vip', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), -) { - if $step >= 4 { - if $redis_vip { - if $enable_internal_tls { - $tls_query_param = '?ssl=true' - } else { - $tls_query_param = '' - } - class { 'designate::coordination': - backend_url => join(['redis://:', $designate_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]) - } - } - } -} diff --git a/manifests/profile/base/designate/mdns.pp b/manifests/profile/base/designate/mdns.pp deleted file mode 100644 index a308ce13b..000000000 --- a/manifests/profile/base/designate/mdns.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::mdns -# -# Designate MiniDNS profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::designate::mdns ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::designate - if $step >= 4 { - include designate::mdns - } -} diff --git a/manifests/profile/base/designate/producer.pp b/manifests/profile/base/designate/producer.pp deleted file mode 100644 index c75eea4e6..000000000 --- a/manifests/profile/base/designate/producer.pp +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::producer -# -# Designate Producer profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::designate::producer ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::designate - include tripleo::profile::base::designate::coordination - - if $step >= 4 { - include designate::producer - include designate::producer_task::delayed_notify - include designate::producer_task::periodic_exists - include designate::producer_task::periodic_secondary_refresh - include designate::producer_task::worker_periodic_recovery - include designate::producer_task::zone_purge - } -} diff --git a/manifests/profile/base/designate/sink.pp b/manifests/profile/base/designate/sink.pp deleted file mode 100644 index a89ba9d36..000000000 --- a/manifests/profile/base/designate/sink.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::sink -# -# Designate Sink profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::designate::sink ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::designate - if $step >= 4 { - include designate::sink - } -} diff --git a/manifests/profile/base/designate/worker.pp b/manifests/profile/base/designate/worker.pp deleted file mode 100644 index d87d3a911..000000000 --- a/manifests/profile/base/designate/worker.pp +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::designate::worker -# -# Designate Worker profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# DEPRECATED PARAMETERS -# -# [*rndc_key*] -# (Optional) The base64-encoded key secret for /etc/rndc.key. -# Defaults to lookup('designate_rndc_key', undef, undef, false) -# -class tripleo::profile::base::designate::worker ( - $step = Integer(lookup('step')), - # DEPRECATED PARAMETERS - $rndc_key = lookup('designate_rndc_key', undef, undef, false), -) { - include tripleo::profile::base::designate - - if $step >= 4 { - if $rndc_key { - warning('Configuring rndc keys through puppet has been deprecated') - } - include designate::worker - } -} diff --git a/manifests/profile/base/etcd.pp b/manifests/profile/base/etcd.pp deleted file mode 100644 index be77e4be0..000000000 --- a/manifests/profile/base/etcd.pp +++ /dev/null @@ -1,98 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::etcd -# -# etcd profile for tripleo -# -# === Parameters -# -# [*bind_ip*] -# (optional) IP to bind etcd service to. -# Defaults to '127.0.0.1'. -# -# [*client_port*] -# (optional) etcd client listening port. -# Defaults to '2379'. -# -# [*peer_port*] -# (optional) etcd peer listening port. -# Defaults to '2380'. -# -# [*nodes*] -# (Optional) Array of host(s) for etcd nodes. -# Defaults to lookup('etcd_node_ips', undef, undef, []). -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate -# it will create. Note that the certificate nickname must be 'etcd' in -# the case of this service. -# Example with hiera: -# tripleo::profile::base::etcd::certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "etcd/" -# Defaults to {}. -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::etcd ( - $bind_ip = '127.0.0.1', - $client_port = '2379', - $peer_port = '2380', - $nodes = lookup('etcd_node_names', undef, undef, []), - $certificate_specs = {}, - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), -) { - - validate_legacy(Hash, 'validate_hash', $certificate_specs) - - if $enable_internal_tls { - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - $protocol = 'https' - } else { - $tls_certfile = undef - $tls_keyfile = undef - $protocol = 'http' - } - - if $step >= 2 { - $bind_ip_normalized = normalize_ip_for_uri($bind_ip) - - class {'etcd': - listen_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}", - advertise_client_urls => "${protocol}://${bind_ip_normalized}:${client_port}", - listen_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}", - initial_advertise_peer_urls => "${protocol}://${bind_ip_normalized}:${peer_port}", - initial_cluster => regsubst($nodes, '.+', "\\0=${protocol}://\\0:${peer_port}"), - proxy => 'off', - cert_file => $tls_certfile, - key_file => $tls_keyfile, - client_cert_auth => $enable_internal_tls, - peer_cert_file => $tls_certfile, - peer_key_file => $tls_keyfile, - peer_client_cert_auth => $enable_internal_tls, - } - } -} diff --git a/manifests/profile/base/glance/api.pp b/manifests/profile/base/glance/api.pp deleted file mode 100644 index c43fff4f7..000000000 --- a/manifests/profile/base/glance/api.pp +++ /dev/null @@ -1,317 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::api -# -# Glance API profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('glance_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*glance_backend*] -# (Optional) Default glance backend type. -# Defaults to downcase(lookup('glance_backend', undef, undef, 'swift')) -# -# [*glance_backend_id*] -# (Optional) Default glance backend identifier. -# Defaults to 'default_backend' -# -# [*glance_network*] -# (Optional) The network name where the glance endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('glance_api_network', undef, undef, undef) -# -# [*bind_port*] -# (optional) The port the server should bind to. -# Default: 9292 -# -# [*log_dir*] -# (Optional) Directory where logs should be stored. -# If set to $::os_service_default, it will not log to any directory. -# Defaults to '/var/log/glance'. -# -# [*log_file*] -# (Optional) File where logs should be stored. -# If set to $::os_service_default, it will not log to any file. -# Defaults to '/var/log/glance/api.log'. -# -# [*show_image_direct_url*] -# (optional) Expose image location to trusted clients. -# Defaults to false -# -# [*show_multiple_locations*] -# (optional) Whether to include the backend image locations in image -# properties. -# Defaults to false -# -# [*multistore_config*] -# (Optional) Hash of settings for configuring additional glance-api backends. -# Defaults to {} -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*tls_proxy_bind_ip*] -# IP on which the TLS proxy will listen on. Required only if -# enable_internal_tls is set. -# Defaults to undef -# -# [*tls_proxy_fqdn*] -# fqdn on which the tls proxy will listen on. required only used if -# enable_internal_tls is set. -# defaults to undef -# -# [*tls_proxy_port*] -# port on which the tls proxy will listen on. Only used if -# enable_internal_tls is set. -# defaults to 9292 -# -# [*glance_enable_db_purge*] -# (optional) Whether to enable db purging -# defaults to true -# -# [*glance_enable_cache*] -# (optional) Whether to enable caching -# defaults to false -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -# DEPRECATED PARAMETERS -# -# [*glance_rbd_client_name*] -# (optional) Deprecated. RBD client name -# Defaults to undef -# -class tripleo::profile::base::glance::api ( - $bootstrap_node = lookup('glance_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $glance_backend = downcase(lookup('glance_backend', undef, undef, 'swift')), - $glance_backend_id = 'default_backend', - $glance_network = lookup('glance_api_network', undef, undef, undef), - $bind_port = 9292, - $log_dir = '/var/log/glance', - $log_file = '/var/log/glance/api.log', - $show_image_direct_url = false, - $show_multiple_locations = false, - $multistore_config = {}, - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $tls_proxy_bind_ip = undef, - $tls_proxy_fqdn = undef, - $tls_proxy_port = 9292, - $glance_enable_db_purge = true, - $glance_enable_cache = false, - $configure_apache = lookup('configure_apache', undef, undef, true), - # DEPRECATED PARAMETERS - $glance_rbd_client_name = undef, -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::glance::authtoken - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $enable_internal_tls { - if !$glance_network { - fail('glance_api_network is not set in the hieradata.') - } - if !$tls_proxy_bind_ip { - fail('glance_api_tls_proxy_bind_ip is not set in the hieradata.') - } - if !$tls_proxy_fqdn { - fail('tls_proxy_fqdn is required if internal TLS is enabled.') - } - $tls_certfile = $certificates_specs["httpd-${glance_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${glance_network}"]['service_key'] - - if $configure_apache { - tripleo::tls_proxy { 'glance-api': - servername => $tls_proxy_fqdn, - ip => $tls_proxy_bind_ip, - port => $tls_proxy_port, - tls_cert => $tls_certfile, - tls_key => $tls_keyfile, - notify => Class['glance::api'], - } - include tripleo::profile::base::apache - } - } - - $multistore_backends = $multistore_config.map |$backend_config| { - unless has_key($backend_config[1], 'GlanceBackend') { - fail("multistore_config '${backend_config[0]}' does not specify a glance_backend.") - } - "${backend_config[0]}:${backend_config[1]['GlanceBackend']}" - } - - $enabled_backends = ["${glance_backend_id}:${glance_backend}"] + $multistore_backends - - include glance - include glance::config - include glance::healthcheck - include glance::api::db - class { 'glance::api::logging': - log_dir => $log_dir, - log_file => $log_file, - } - class { 'glance::api': - bind_port => $bind_port, - enabled_backends => $enabled_backends, - default_backend => $glance_backend_id, - show_image_direct_url => $show_image_direct_url, - show_multiple_locations => $show_multiple_locations, - sync_db => $sync_db, - } - include glance::key_manager - include glance::key_manager::barbican - - ['cinder', 'file', 'rbd', 'swift'].each |String $backend_type| { - - # Generate a list of backend names for a given backend type - $backend_names = $enabled_backends.reduce([]) |$accum, String $backend| { - $backend_info = $backend.split(':') - if $backend_info[1] == $backend_type { - $accum << $backend_info[0] - } else { - $accum - } - } - - unless empty($backend_names) { - class { "tripleo::profile::base::glance::backend::${backend_type}": - backend_names => $backend_names, - multistore_config => $multistore_config, - } - } - } - - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'glance::notify::rabbitmq' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - } - - if $step >= 5 { - if $glance_enable_db_purge { - include glance::cron::db_purge - } - if $glance_enable_cache { - include glance::cache::cleaner - include glance::cache::pruner - } - } - -} diff --git a/manifests/profile/base/glance/authtoken.pp b/manifests/profile/base/glance/authtoken.pp deleted file mode 100644 index 74a84d737..000000000 --- a/manifests/profile/base/glance/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::authtoken -# -# Glance authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::glance::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+glance") - } else { - $hashed_secret_key = undef - } - - class { 'glance::api::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/glance/backend/cinder.pp b/manifests/profile/base/glance/backend/cinder.pp deleted file mode 100644 index bc4babd46..000000000 --- a/manifests/profile/base/glance/backend/cinder.pp +++ /dev/null @@ -1,146 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::backend::cinder -# -# Glance API cinder backend configuration for tripleo -# -# === Parameters -# -# [*backend_names*] -# Array of cinder store backend names. -# -# [*multistore_config*] -# (Optional) Hash containing multistore data for configuring multiple backends. -# Defaults to {} -# -# [*cinder_ca_certificates_file*] -# (Optional) Location of ca certificate file to use for cinder client requests. -# Defaults to lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef). -# -# [*cinder_api_insecure*] -# (Optional) Allow to perform insecure SSL requests to cinder. -# Defaults to lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef). -# -# [*cinder_catalog_info*] -# (Optional) Info to match when looking for cinder in the service catalog. -# Defaults to lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef). -# -# [*cinder_endpoint_template*] -# (Optional) Override service catalog lookup with template for cinder endpoint. -# Defaults to lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef). -# -# [*cinder_http_retries*] -# (Optional) Number of cinderclient retries on failed http calls. -# Defaults to lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef). -# -# [*cinder_store_auth_address*] -# (Optional) A valid authentication service address. -# Defaults to lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef). -# -# [*cinder_store_project_name*] -# (Optional) Project name where the image volume is stored in cinder. -# Defaults to lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef). -# -# [*cinder_store_user_name*] -# (Optional) User name to authenticate against cinder. -# Defaults to lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef) -# -# [*cinder_store_password*] -# (Optional) A valid password for the user specified by `cinder_store_user_name' -# Defaults to lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef) -# -# [*cinder_os_region_name*] -# (optional) Sets the keystone region to use. -# Defaults to lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef) -# -# [*cinder_enforce_multipath*] -# (Optional) Set to True when multipathd is enabled -# Defaults to lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef) -# -# [*cinder_use_multipath*] -# (Optional) Set to True when multipathd is enabled -# Defaults to lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef) -# -# [*cinder_mount_point_base*] -# (Optional) Directory where the NFS volume is mounted on the glance node. -# Defaults to lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef) -# -# [*cinder_volume_type*] -# (Optional) The volume type to be used to create image volumes in cinder. -# Defaults to lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef) -# -# [*store_description*] -# (Optional) Provides constructive information about the store backend to -# end users. -# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store'). -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::glance::backend::cinder ( - $backend_names, - $multistore_config = {}, - $cinder_ca_certificates_file = lookup('glance::backend::cinder::cinder_ca_certificates_file', undef, undef, undef), - $cinder_api_insecure = lookup('glance::backend::cinder::cinder_api_insecure', undef, undef, undef), - $cinder_catalog_info = lookup('glance::backend::cinder::cinder_catalog_info', undef, undef, undef), - $cinder_endpoint_template = lookup('glance::backend::cinder::cinder_endpoint_template', undef, undef, undef), - $cinder_http_retries = lookup('glance::backend::cinder::cinder_http_retries', undef, undef, undef), - $cinder_store_auth_address = lookup('glance::backend::cinder::cinder_store_auth_address', undef, undef, undef), - $cinder_store_project_name = lookup('glance::backend::cinder::cinder_store_project_name', undef, undef, undef), - $cinder_store_user_name = lookup('glance::backend::cinder::cinder_store_user_name', undef, undef, undef), - $cinder_store_password = lookup('glance::backend::cinder::cinder_store_password', undef, undef, undef), - $cinder_os_region_name = lookup('glance::backend::cinder::cinder_os_region_name', undef, undef, undef), - $cinder_enforce_multipath = lookup('glance::backend::cinder::cinder_enforce_multipath', undef, undef, undef), - $cinder_use_multipath = lookup('glance::backend::cinder::cinder_use_multipath', undef, undef, undef), - $cinder_mount_point_base = lookup('glance::backend::cinder::cinder_mount_point_base', undef, undef, undef), - $cinder_volume_type = lookup('glance::backend::cinder::cinder_volume_type', undef, undef, undef), - $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Cinder store'), - $step = Integer(lookup('step')), -) { - - - if $step >= 4 { - $backend_names.each |String $backend_name| { - $backend_config = pick($multistore_config[$backend_name], {}) - $store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description) - - if $backend_config['GlanceCinderVolumeType'] { - $cinder_volume_type_real = $backend_config['GlanceCinderVolumeType'] - } else { - $cinder_volume_type_real = $cinder_volume_type - } - - create_resources('glance::backend::multistore::cinder', { $backend_name => delete_undef_values({ - 'cinder_api_insecure' => $cinder_api_insecure, - 'cinder_catalog_info' => $cinder_catalog_info, - 'cinder_http_retries' => $cinder_http_retries, - 'cinder_endpoint_template' => $cinder_endpoint_template, - 'cinder_ca_certificates_file' => $cinder_ca_certificates_file, - 'cinder_store_auth_address' => $cinder_store_auth_address, - 'cinder_store_project_name' => $cinder_store_project_name, - 'cinder_store_user_name' => $cinder_store_user_name, - 'cinder_store_password' => $cinder_store_password, - 'cinder_os_region_name' => $cinder_os_region_name, - 'cinder_enforce_multipath' => $cinder_enforce_multipath, - 'cinder_use_multipath' => $cinder_use_multipath, - 'cinder_mount_point_base' => $cinder_mount_point_base, - 'cinder_volume_type' => $cinder_volume_type_real, - 'store_description' => $store_description_real, - })}) - } - } -} diff --git a/manifests/profile/base/glance/backend/file.pp b/manifests/profile/base/glance/backend/file.pp deleted file mode 100644 index a97c23207..000000000 --- a/manifests/profile/base/glance/backend/file.pp +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::backend::file -# -# Glance API file backend configuration for tripleo -# -# === Parameters -# -# [*backend_names*] -# Array of file store backend names. -# -# [*multistore_config*] -# (Optional) Hash containing multistore data for configuring multiple backends. -# Defaults to {} -# -# [*filesystem_store_datadir*] -# (Optional) Location where dist images are stored when the backend type is file. -# Defaults to lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef). -# -# [*filesystem_thin_provisioning*] -# (Optional) Boolean describing if thin provisioning is enabled or not -# Defaults to lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef). -# -# [*store_description*] -# (Optional) Provides constructive information about the store backend to -# end users. -# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store'). -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::glance::backend::file ( - $backend_names, - $multistore_config = {}, - $filesystem_store_datadir = lookup('glance::backend::file::filesystem_store_datadir', undef, undef, undef), - $filesystem_thin_provisioning = lookup('glance::backend::file::filesystem_thin_provisioning', undef, undef, undef), - $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'File store'), - $step = Integer(lookup('step')), -) { - - if $backend_names.length() > 1 { - fail('Multiple file backends are not supported.') - } - - if $step >= 4 { - $backend_name = $backend_names[0] - - $multistore_description = pick($multistore_config[$backend_name], {})['GlanceStoreDescription'] - $store_description_real = pick($multistore_description, $store_description) - - create_resources('glance::backend::multistore::file', { $backend_name => delete_undef_values({ - 'filesystem_store_datadir' => $filesystem_store_datadir, - 'filesystem_thin_provisioning' => $filesystem_thin_provisioning, - 'store_description' => $store_description_real, - })}) - } -} diff --git a/manifests/profile/base/glance/backend/rbd.pp b/manifests/profile/base/glance/backend/rbd.pp deleted file mode 100644 index ff803dc4b..000000000 --- a/manifests/profile/base/glance/backend/rbd.pp +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::backend::rbd -# -# Glance API rbd backend configuration for tripleo -# -# === Parameters -# -# [*backend_names*] -# Array of rbd store backend names. -# -# [*multistore_config*] -# (Optional) Hash containing multistore data for configuring multiple backends. -# Defaults to {} -# -# [*rbd_store_ceph_conf*] -# (Optional) Ceph cluster config file. -# Defaults to lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'). -# -# [*rbd_store_user*] -# (Optional) Ceph client username. -# Defaults to lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'). -# -# [*rbd_store_pool*] -# (Optional) Ceph pool for storing images. -# Defaults to lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'). -# -# [*rbd_store_chunk_size*] -# (Optional) RBD chunk size. -# Defaults to lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef). -# -# [*rbd_thin_provisioning*] -# (Optional) Boolean describing if thin provisioning is enabled or not -# Defaults to lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef). -# -# [*rados_connect_timeout*] -# (Optional) RADOS connection timeout. -# Defaults to lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef). -# -# [*store_description*] -# (Optional) Provides constructive information about the store backend to -# end users. -# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'). -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::glance::backend::rbd ( - $backend_names, - $multistore_config = {}, - $rbd_store_ceph_conf = lookup('glance::backend::rbd::rbd_store_ceph_conf', undef, undef, '/etc/ceph/ceph.conf'), - $rbd_store_user = lookup('glance::backend::rbd::rbd_store_user', undef, undef, 'openstack'), - $rbd_store_pool = lookup('glance::backend::rbd::rbd_store_pool', undef, undef, 'images'), - $rbd_store_chunk_size = lookup('glance::backend::rbd::rbd_store_chunk_size', undef, undef, undef), - $rbd_thin_provisioning = lookup('glance::backend::rbd::rbd_thin_provisioning', undef, undef, undef), - $rados_connect_timeout = lookup('glance::backend::rbd::rados_connect_timeout', undef, undef, undef), - $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'RBD store'), - $step = Integer(lookup('step')), -) { - - if $step >= 4 { - $backend_names.each |String $backend_name| { - $backend_config = pick($multistore_config[$backend_name], {}) - - $rbd_store_user_real = pick($backend_config['CephClientUserName'], $rbd_store_user) - $rbd_store_pool_real = pick($backend_config['GlanceRbdPoolName'], $rbd_store_pool) - $store_description_real = pick($backend_config['GlanceStoreDescription'], $store_description) - - $ceph_cluster_name = $backend_config['CephClusterName'] - - if $ceph_cluster_name { - $rbd_store_ceph_conf_real = "/etc/ceph/${ceph_cluster_name}.conf" - } else { - $rbd_store_ceph_conf_real = $rbd_store_ceph_conf - } - - create_resources('glance::backend::multistore::rbd', { $backend_name => delete_undef_values({ - 'rbd_store_ceph_conf' => $rbd_store_ceph_conf_real, - 'rbd_store_user' => $rbd_store_user_real, - 'rbd_store_pool' => $rbd_store_pool_real, - 'rbd_store_chunk_size' => $rbd_store_chunk_size, - 'rbd_thin_provisioning' => $rbd_thin_provisioning, - 'rados_connect_timeout' => $rados_connect_timeout, - 'store_description' => $store_description_real, - })}) - } - } -} diff --git a/manifests/profile/base/glance/backend/swift.pp b/manifests/profile/base/glance/backend/swift.pp deleted file mode 100644 index 494ab6f17..000000000 --- a/manifests/profile/base/glance/backend/swift.pp +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::backend::swift -# -# Glance API swift backend configuration for tripleo -# -# === Parameters -# -# [*backend_names*] -# Array of swift store backend names. -# -# [*multistore_config*] -# (Optional) Hash containing multistore data for configuring multiple backends. -# Defaults to {} -# -# [*swift_store_user*] -# (Optional) Swift store user. -# Defaults to lookup('glance::backend::swift::swift_store_user'). -# -# [*swift_store_key*] -# (Optional) Swift store key. -# Defaults to lookup('glance::backend::swift::swift_store_key'). -# -# [*swift_store_container*] -# (Optional) Swift store container. -# Defaults to lookup('glance::backend::swift::swift_store_container', undef, undef, undef). -# -# [*swift_store_auth_address*] -# (Optional) Swift store auth address. -# Defaults to lookup('glance::backend::swift::swift_store_auth_address', undef, undef, undef). -# -# [*swift_store_auth_version*] -# (Optional) Swift store auth version. -# Defaults to lookup('glance::backend::swift::swift_store_auth_version', undef, undef, undef). -# -# [*swift_store_auth_project_domain_id*] -# (Optional) Useful when keystone auth is version 3. -# Defaults to lookup('glance::backend::swift::swift_store_auth_project_domain_id', undef, undef, undef). -# -# [*swift_store_auth_user_domain_id*] -# (Optional) Useful when keystone auth is version 3. -# Defaults to lookup('glance::backend::swift::swift_store_auth_user_domain_id', undef, undef, undef). -# -# [*swift_store_large_object_size*] -# (Optional) What size, in MB, should Glance start chunking image files -# and do a large object manifest in Swift? -# Defaults to lookup('glance::backend::swift::swift_store_large_object_size', undef, undef, undef). -# -# [*swift_store_large_object_chunk_size*] -# (Optional) When doing a large object manifest, what size, in MB, should -# Glance write chunks to Swift? This amount of data is written -# to a temporary disk buffer during the process of chunking. -# Defaults to lookup('glance::backend::swift::swift_store_large_object_chunk_size', undef, undef, undef). -# -# [*swift_store_create_container_on_put*] -# (Optional) Whether to create the swift container if it's missing. -# Defaults to lookup('glance::backend::swift::swift_store_create_container_on_put', undef, undef, undef). -# -# [*swift_store_endpoint_type*] -# (Optional) Swift store endpoint type. -# Defaults to lookup('glance::backend::swift::swift_store_endpoint_type', undef, undef, undef). -# -# [*swift_store_region*] -# (Optional) Swift store region. -# Defaults to lookup('glance::backend::swift::swift_store_region', undef, undef, undef). -# -# [*default_swift_reference*] -# (Optional) The reference to the default swift -# account/backing store parameters to use for adding -# new images. -# Defaults to ref1. -# -# [*store_description*] -# (Optional) Provides constructive information about the store backend to -# end users. -# Defaults to lookup('tripleo::profile::base::glance::api::glance_store_description', undef, undef, 'Swift store'). -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# DEPRECATED PARAMETERS -# -# [*swift_store_config_file*] -# (Optional) -# Defaults to undef. -# -class tripleo::profile::base::glance::backend::swift ( - $backend_names, - $multistore_config = {}, - $swift_store_user = lookup('glance::backend::swift::swift_store_user'), - $swift_store_key = lookup('glance::backend::swift::swift_store_key'), - $swift_store_container = lookup('glance::backend::swift::swift_store_container', undef, undef, undef), - $swift_store_auth_address = lookup('glance::backend::swift::swift_store_auth_address', undef, undef, undef), - $swift_store_auth_version = lookup('glance::backend::swift::swift_store_auth_version', undef, undef, undef), - $swift_store_auth_project_domain_id = lookup('glance::backend::swift::swift_store_auth_project_domain_id', undef, undef, undef), - $swift_store_auth_user_domain_id = lookup('glance::backend::swift::swift_store_auth_user_domain_id', undef, undef, undef), - $swift_store_large_object_size = lookup('glance::backend::swift::swift_store_large_object_size', undef, undef, undef), - $swift_store_large_object_chunk_size = lookup('glance::backend::swift::swift_store_large_object_chunk_size', undef, undef, undef), - $swift_store_create_container_on_put = lookup('glance::backend::swift::swift_store_create_container_on_put', undef, undef, undef), - $swift_store_endpoint_type = lookup('glance::backend::swift::swift_store_endpoint_type', undef, undef, undef), - $swift_store_region = lookup('glance::backend::swift::swift_store_region', undef, undef, undef), - $default_swift_reference = 'ref1', - $store_description = lookup('tripleo::profile::base::glance::api::glance_store_description', - undef, undef, 'Swift store'), - $step = Integer(lookup('step')), - # DEPRECATED PARAMETERS - $swift_store_config_file = undef, -) { - - if $backend_names.length() > 1 { - fail('Multiple swift backends are not supported.') - } - - if $swift_store_config_file != undef { - warning('The swift_store_config_file parameter has been deprecated and has no effect') - } - - if $step >= 4 { - $backend_name = $backend_names[0] - - $multistore_description = pick($multistore_config[$backend_name], {})['GlanceStoreDescription'] - $store_description_real = pick($multistore_description, $store_description) - - create_resources('glance::backend::multistore::swift', { $backend_name => delete_undef_values({ - 'swift_store_user' => $swift_store_user, - 'swift_store_key' => $swift_store_key, - 'swift_store_container' => $swift_store_container, - 'swift_store_auth_address' => $swift_store_auth_address, - 'swift_store_auth_version' => $swift_store_auth_version, - 'swift_store_auth_project_domain_id' => $swift_store_auth_project_domain_id, - 'swift_store_auth_user_domain_id' => $swift_store_auth_user_domain_id, - 'swift_store_large_object_size' => $swift_store_large_object_size, - 'swift_store_large_object_chunk_size' => $swift_store_large_object_chunk_size, - 'swift_store_create_container_on_put' => $swift_store_create_container_on_put, - 'swift_store_endpoint_type' => $swift_store_endpoint_type, - 'swift_store_region' => $swift_store_region, - 'default_swift_reference' => $default_swift_reference, - 'store_description' => $store_description_real, - })}) - } -} diff --git a/manifests/profile/base/glance/netapp.pp b/manifests/profile/base/glance/netapp.pp deleted file mode 100644 index 9f1c84568..000000000 --- a/manifests/profile/base/glance/netapp.pp +++ /dev/null @@ -1,60 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::glance::netapp -# -# Create metadata file for glance Netapp -# -# === Parameters -# -# [*netapp_share*] -# Netapp share to mount, in 'IP:PATH' format. -# -# [*netapp_nfs_mount*] -# (Optional) NFS mount point. -# Defaults to '/var/lib/glance/images' -# -# [*filesystem_store_metadata_file*] -# (optional) The path to a file which contains the metadata to be returned -# with any location associated with the filesystem store -# properties. -# Defaults to '/etc/glance/glance-metadata-file.json'. -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) - -class tripleo::profile::base::glance::netapp ( - $netapp_share, - $netapp_nfs_mount = '/var/lib/glance/images', - $filesystem_store_metadata_file = '/etc/glance/glance-metadata-file.json', - $step = Integer(lookup('step')), -) { - - - if ($step >= 4) { - $netapp_share_location = sprintf('nfs://%s', regsubst($netapp_share, ':', '', 'G')) - $metadata = { - 'id' => 'TripleOGlanceNetapp', - 'share_location' => $netapp_share_location, - 'mountpoint' => $netapp_nfs_mount, - 'type' => 'nfs', } - file { $filesystem_store_metadata_file: - ensure => file, - content => inline_template('<%= require "json"; JSON.dump(@metadata) %>'), - } - } -} - diff --git a/manifests/profile/base/gnocchi.pp b/manifests/profile/base/gnocchi.pp deleted file mode 100644 index bfdbaf057..000000000 --- a/manifests/profile/base/gnocchi.pp +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::gnocchi -# -# Gnocchi profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('gnocchi_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*gnocchi_redis_password*] -# (Required) Password for the gnocchi redis user for the coordination url -# Defaults to lookup('gnocchi_redis_password') -# -# [*redis_vip*] -# (Required) Redis ip address for the coordination url -# Defaults to lookup('redis_vip') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::gnocchi ( - $bootstrap_node = lookup('gnocchi_api_short_bootstrap_node_name', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $gnocchi_redis_password = lookup('gnocchi_redis_password'), - $redis_vip = lookup('redis_vip'), - $step = Integer(lookup('step')), -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $enable_internal_tls { - $tls_query_param = '?ssl=true' - } else { - $tls_query_param = '' - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - - class { 'gnocchi': - coordination_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), - } - include gnocchi::config - include gnocchi::cors - include gnocchi::db - include gnocchi::logging - } -} diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp deleted file mode 100644 index bec78ec84..000000000 --- a/manifests/profile/base/gnocchi/api.pp +++ /dev/null @@ -1,152 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::gnocchi::api -# -# Gnocchi profile for tripleo api -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('gnocchi_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*gnocchi_backend*] -# (Optional) Gnocchi backend string file, swift or rbd -# Defaults to swift -# -# [*gnocchi_network*] -# (Optional) The network name where the gnocchi endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('gnocchi_api_network', undef, undef, undef) -# -# [*gnocchi_redis_password*] -# (Required) Password for the gnocchi redis user for the coordination url -# Defaults to lookup('gnocchi_redis_password') -# -# [*redis_vip*] -# (Required) Redis ip address for the coordination url -# Defaults to lookup('redis_vip') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*incoming_storage_driver*] -# (Optional) Storage driver to use for incoming metric data -# Defaults to lookup('incoming_storage_driver', undef, undef, undef) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::gnocchi::api ( - $bootstrap_node = lookup('gnocchi_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $gnocchi_backend = downcase(lookup('gnocchi_backend', undef, undef, 'swift')), - $gnocchi_network = lookup('gnocchi_api_network', undef, undef, undef), - $gnocchi_redis_password = lookup('gnocchi_redis_password'), - $redis_vip = lookup('redis_vip'), - $step = Integer(lookup('step')), - $incoming_storage_driver = lookup('incoming_storage_driver', undef, undef, undef), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::gnocchi - include tripleo::profile::base::gnocchi::authtoken - - if $enable_internal_tls { - if !$gnocchi_network { - fail('gnocchi_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${gnocchi_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${gnocchi_network}"]['service_key'] - $tls_query_param = '?ssl=true' - } else { - $tls_certfile = undef - $tls_keyfile = undef - $tls_query_param = '' - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $sync_db { - # NOTE(sileht): We upgrade only the database on step 3. - # the storage will be updated on step4 when swift is ready - if ($step == 3 and $gnocchi_backend == 'swift') { - $db_sync_extra_opts = '--skip-storage --skip-incoming' - } else { - $db_sync_extra_opts = undef - } - - class { 'gnocchi::db::sync': - extra_opts => $db_sync_extra_opts, - } - } - - include gnocchi::api - if $configure_apache { - include tripleo::profile::base::apache - class { 'gnocchi::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - - if $incoming_storage_driver == 'redis' { - class { 'gnocchi::storage::incoming::redis': - redis_url => join(['redis://:', $gnocchi_redis_password, '@', normalize_ip_for_uri($redis_vip), ':6379/', $tls_query_param]), - } - } - - case $gnocchi_backend { - 'swift': { - include gnocchi::storage::swift - if $sync_db { - include swift::deps - # Ensure we have swift proxy available before running gnocchi-upgrade - # as storage is initialized at this point. - Anchor<| title == 'swift::service::end' |> ~> Anchor['gnocchi::dbsync::begin'] - } - } - 'file': { include gnocchi::storage::file } - 'rbd': { include gnocchi::storage::ceph } - 's3': { include gnocchi::storage::s3 } - default: { fail('Unrecognized gnocchi_backend parameter.') } - } - } - -} diff --git a/manifests/profile/base/gnocchi/authtoken.pp b/manifests/profile/base/gnocchi/authtoken.pp deleted file mode 100644 index 42d7420d6..000000000 --- a/manifests/profile/base/gnocchi/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::gnocchi::authtoken -# -# Gnocchi authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::gnocchi::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+gnocchi") - } else { - $hashed_secret_key = undef - } - - class { 'gnocchi::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/gnocchi/metricd.pp b/manifests/profile/base/gnocchi/metricd.pp deleted file mode 100644 index b90702a38..000000000 --- a/manifests/profile/base/gnocchi/metricd.pp +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::gnocchi::metricd -# -# Gnocchi metricd profile -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::gnocchi::metricd ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::gnocchi - - if $step >= 5 { - include gnocchi::metricd - } -} diff --git a/manifests/profile/base/gnocchi/statsd.pp b/manifests/profile/base/gnocchi/statsd.pp deleted file mode 100644 index 0a63cabc6..000000000 --- a/manifests/profile/base/gnocchi/statsd.pp +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::gnocchi::statsd -# -# Gnocchi statsd profile -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::gnocchi::statsd ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::gnocchi - - if $step >= 5 { - include gnocchi::statsd - } -} diff --git a/manifests/profile/base/haproxy.pp b/manifests/profile/base/haproxy.pp deleted file mode 100644 index c90a21237..000000000 --- a/manifests/profile/base/haproxy.pp +++ /dev/null @@ -1,58 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::haproxy -# -# Loadbalancer profile for tripleo -# -# === Parameters -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# tripleo::profile::base::haproxy::certificates_specs: -# undercloud-haproxy-public-cert: -# service_pem: -# service_certificate: -# service_key: -# hostname: -# postsave_cmd: -# principal: "haproxy/" -# Defaults to {}. -# -# [*enable_load_balancer*] -# (Optional) Whether or not loadbalancer is enabled. -# Defaults to lookup('enable_load_balancer', undef, undef, true). -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::haproxy ( - $certificates_specs = {}, - $enable_load_balancer = lookup('enable_load_balancer', undef, undef, true), - $step = Integer(lookup('step')), -) { - if $step >= 1 { - if $enable_load_balancer { - class {'tripleo::haproxy': - internal_certificates_specs => $certificates_specs, - } - } - } - -} - diff --git a/manifests/profile/base/heat.pp b/manifests/profile/base/heat.pp deleted file mode 100644 index 57bfc31f9..000000000 --- a/manifests/profile/base/heat.pp +++ /dev/null @@ -1,192 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::heat -# -# Heat profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('heat_engine_short_bootstrap_node_name') -# -# [*manage_db_purge*] -# (Optional) Whether to enable db purging -# Defaults to lookup('heat_enable_db_purge', undef, undef, true) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*cache_backend*] -# (Optional) oslo.cache backend used for caching. -# Defaults to lookup('heat::cache::backend', undef, undef, false) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::heat ( - $bootstrap_node = lookup('heat_engine_short_bootstrap_node_name'), - $manage_db_purge = lookup('heat_enable_db_purge', undef, undef, true), - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $cache_backend = lookup('heat::cache::backend', undef, undef, false), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - include tripleo::profile::base::heat::authtoken - - # Domain resources will be created at step5 on the node running keystone.pp - # configure heat.conf at step3 and 4 but actually create the domain later. - if $step >= 3 { - class { 'heat::keystone::domain': - manage_domain => false, - manage_user => false, - manage_role => false, - } - - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'heat' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - - include heat::clients - include heat::config - include heat::cors - include heat::db - include heat::logging - include heat::trustee - - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] { - # NOTE(tkajinm): The inet6 prefix is required for backends using - # python-memcached - $cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - # NOTE(tkajinam): The other backends like pymemcache don't require - # the inet6 prefix - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - } else { - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - - class { 'heat::cache': - memcache_servers => $cache_memcache_servers - } - } - - if $step >= 5 { - if $manage_db_purge { - include heat::cron::purge_deleted - } - } -} diff --git a/manifests/profile/base/heat/api.pp b/manifests/profile/base/heat/api.pp deleted file mode 100644 index 0eaf5c2c9..000000000 --- a/manifests/profile/base/heat/api.pp +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::heat::api -# -# Heat API profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('heat_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*heat_api_network*] -# (Optional) The network name where the heat API endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('heat_api_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::heat::api ( - $bootstrap_node = lookup('heat_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $heat_api_network = lookup('heat_api_network', undef, undef, undef), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - include tripleo::profile::base::heat - - if $enable_internal_tls { - if !$heat_api_network { - fail('heat_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${heat_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${heat_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include heat::api - include heat::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'heat::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} - diff --git a/manifests/profile/base/heat/api_cfn.pp b/manifests/profile/base/heat/api_cfn.pp deleted file mode 100644 index e79e2bc38..000000000 --- a/manifests/profile/base/heat/api_cfn.pp +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::heat::api_cfn -# -# Heat CloudFormation API profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('heat_api_cfn_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*heat_api_cfn_network*] -# (Optional) The network name where the heat cfn endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('heat_api_cfn_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::heat::api_cfn ( - $bootstrap_node = lookup('heat_api_cfn_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $heat_api_cfn_network = lookup('heat_api_cfn_network', undef, undef, undef), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - include tripleo::profile::base::heat - - if $enable_internal_tls { - if !$heat_api_cfn_network { - fail('heat_api_cfn_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${heat_api_cfn_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include heat::api_cfn - include heat::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'heat::wsgi::apache_api_cfn': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} - diff --git a/manifests/profile/base/heat/authtoken.pp b/manifests/profile/base/heat/authtoken.pp deleted file mode 100644 index cee74db69..000000000 --- a/manifests/profile/base/heat/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::heat::authtoken -# -# Heat authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::heat::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+heat") - } else { - $hashed_secret_key = undef - } - - class { 'heat::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/heat/engine.pp b/manifests/profile/base/heat/engine.pp deleted file mode 100644 index 2b6c1ec57..000000000 --- a/manifests/profile/base/heat/engine.pp +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::heat::engine -# -# Heat Engine profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('heat_engine_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::heat::engine ( - $bootstrap_node = lookup('heat_engine_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::heat - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - include heat::engine - include heat::policy - } - -} diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp deleted file mode 100644 index 210f3f3c7..000000000 --- a/manifests/profile/base/horizon.pp +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::horizon -# -# Horizon profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('horizon_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*horizon_network*] -# (Optional) The network name where the horizon endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('horizon_network', undef, undef, undef) -# -# [*neutron_options*] -# (Optional) A hash of parameters to enable features specific to Neutron -# Defaults to lookup('horizon::neutron_options', undef, undef, {}) -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_ips', undef, undef, []) -# -# [*heat_api_enabled*] -# (Optional) Indicate whether Heat is available in the deployment. -# Defaults to lookup('heat_api_enabled', undef, undef, false) -# -# [*octavia_api_enabled*] -# (Optional) Indicate whether Octavia is available in the deployment. -# Defaults to lookup('octavia_api_enabled', undef, undef, false) -# -# [*manila_api_enabled*] -# (Optional) Indicate whether Manila is available in the deployment. -# Defaults to lookup('manila_api_enabled', undef, undef, false) -# -class tripleo::profile::base::horizon ( - $step = Integer(lookup('step')), - $bootstrap_node = lookup('horizon_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $horizon_network = lookup('horizon_network', undef, undef, undef), - $neutron_options = lookup('horizon::neutron_options', undef, undef, {}), - $memcached_ips = lookup('memcached_node_ips', undef, undef, []), - $heat_api_enabled = lookup('heat_api_enabled', undef, undef, false), - $octavia_api_enabled = lookup('octavia_api_enabled', undef, undef, false), - $manila_api_enabled = lookup('manila_api_enabled', undef, undef, false), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - if $enable_internal_tls { - if !$horizon_network { - fail('horizon_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${horizon_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${horizon_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - # Horizon - include tripleo::profile::base::apache - include apache::mod::remoteip - - if $memcached_ips[0] =~ Stdlib::Compat::Ipv6 { - $horizon_memcached_servers = prefix(any2array(normalize_ip_for_uri($memcached_ips)), 'inet6:') - } else { - $horizon_memcached_servers = any2array(normalize_ip_for_uri($memcached_ips)) - } - - class { 'horizon': - cache_server_ip => $horizon_memcached_servers, - neutron_options => $neutron_options, - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - include horizon::policy - - if $heat_api_enabled { - include horizon::dashboards::heat - } - - if $octavia_api_enabled { - include horizon::dashboards::octavia - } - - if $manila_api_enabled { - include horizon::dashboards::manila - } - } -} diff --git a/manifests/profile/base/ironic.pp b/manifests/profile/base/ironic.pp deleted file mode 100644 index 82abf94de..000000000 --- a/manifests/profile/base/ironic.pp +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic -# -# Ironic profile for TripleO -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ironic_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') - -class tripleo::profile::base::ironic ( - $bootstrap_node = lookup('ironic_api_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), -) { - # Database is accessed by both API and conductor, hence it's here. - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - class { 'ironic': - sync_db => $sync_db, - db_online_data_migrations => $sync_db, - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - } - - include ironic::config - include ironic::json_rpc - include ironic::cors - include ironic::db - include ironic::logging - } -} diff --git a/manifests/profile/base/ironic/api.pp b/manifests/profile/base/ironic/api.pp deleted file mode 100644 index b20083c90..000000000 --- a/manifests/profile/base/ironic/api.pp +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic::conductor -# -# Ironic API profile for TripleO -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ironic_api_short_bootstrap_node_name') -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*ironic_api_network*] -# (Optional) The network name where the ironic API endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('ironic_api_network', undef, undef, undef) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::ironic::api ( - $bootstrap_node = lookup('ironic_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $ironic_api_network = lookup('ironic_api_network', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - include tripleo::profile::base::ironic - include tripleo::profile::base::ironic::authtoken - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - if $enable_internal_tls { - if !$ironic_api_network { - fail('ironic_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${ironic_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${ironic_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include ironic::api - include ironic::cors - include ironic::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'ironic::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } - -} diff --git a/manifests/profile/base/ironic/authtoken.pp b/manifests/profile/base/ironic/authtoken.pp deleted file mode 100644 index b189ecd4f..000000000 --- a/manifests/profile/base/ironic/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic::authtoken -# -# Ironic authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::ironic::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+ironic") - } else { - $hashed_secret_key = undef - } - - class { 'ironic::api::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/ironic/conductor.pp b/manifests/profile/base/ironic/conductor.pp deleted file mode 100644 index 4b76c6654..000000000 --- a/manifests/profile/base/ironic/conductor.pp +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic::conductor -# -# Ironic conductor profile for TripleO -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('cinder_backup_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*manage_pxe*] -# (Optional) Whether to manage the PXE/iPXE environment for the conductor. -# Defaults to true -# -# [*enable_staging*] -# (Optional) Whether to enable ironic-staging-drivers support. -# Defaults to false -# -class tripleo::profile::base::ironic::conductor ( - $bootstrap_node = lookup('ironic_api_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), - $manage_pxe = true, - $enable_staging = false, -) { - include tripleo::profile::base::ironic - include tripleo::profile::base::ironic::authtoken - # Database is accessed by both API and conductor, hence it's here. - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - # Ironic conductor class expects PXE directories exist - if ($step >= 3 and $sync_db) and $manage_pxe { - include ironic::pxe - } - - if $step >= 4 { - include ironic::conductor - include ironic::disk_utils - include ironic::drivers::interfaces - include ironic::drivers::pxe - if $manage_pxe { - include ironic::pxe - } - - # Configure a few popular drivers - include ironic::drivers::ansible - include ironic::drivers::drac - include ironic::drivers::ilo - include ironic::drivers::ipmi - include ironic::drivers::redfish - if $enable_staging { - include ironic::drivers::staging - } - - # Configure access to other services - include ironic::cinder - include ironic::drivers::inspector - include ironic::glance - include ironic::neutron - include ironic::nova - include ironic::service_catalog - include ironic::swift - } -} diff --git a/manifests/profile/base/ironic_inspector.pp b/manifests/profile/base/ironic_inspector.pp deleted file mode 100644 index 25b43ad45..000000000 --- a/manifests/profile/base/ironic_inspector.pp +++ /dev/null @@ -1,91 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic_inspector -# -# Ironic inspector profile for TripleO -# -# === Parameters -# -# [*inspection_subnets*] -# IP ranges that will be given to nodes during the inspection -# process. Either a list of ip ranged or a dictionary with $::hostname as -# key to enable HA deployments using disjoint address pools served by the -# DHCP instances. -# -# Example for Non-HA deployment, a list of ip-ranges: -# - ip_range: 192.168.0.100,192.168.0.120 -# - ip_range: 192.168.1.100,192.168.1.200 -# netmask: 255.255.255.0 -# gateway: 192.168.1.254 -# tag: subnet1 -# -# Example for HA deployment using disjoint address pools: -# overcloud-ironic-0: -# - ip_range: 192.168.24.100,192.168.24.119 -# - ip_range: 192.168.25.100,192.168.25.119 -# netmask: 255.255.255.0 -# gateway: 192.168.25.254 -# tag: subnet1 -# overcloud-ironic-1: -# - ip_range: 192.168.24.120,192.168.24.139 -# - ip_range: 192.168.25.120,192.168.25.139 -# netmask: 255.255.255.0 -# gateway: 192.168.25.254 -# tag: subnet1 -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ironic_inspector_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) - -class tripleo::profile::base::ironic_inspector ( - $inspection_subnets = [], - $bootstrap_node = lookup('ironic_inspector_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - - include tripleo::profile::base::ironic_inspector::authtoken - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - $inspection_subnets_real = $inspection_subnets ? { - Hash => $inspection_subnets[$::hostname], - Array => $inspection_subnets, - default => undef - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - include ironic::inspector::cors - class { 'ironic::inspector': - sync_db => $sync_db, - dnsmasq_ip_subnets => $inspection_subnets_real, - } - - include ironic::inspector::db - include ironic::inspector::pxe_filter - include ironic::inspector::pxe_filter::dnsmasq - include ironic::inspector::config - include ironic::inspector::logging - include ironic::inspector::ironic - include ironic::inspector::swift - } -} diff --git a/manifests/profile/base/ironic_inspector/authtoken.pp b/manifests/profile/base/ironic_inspector/authtoken.pp deleted file mode 100644 index 2118131a5..000000000 --- a/manifests/profile/base/ironic_inspector/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::ironic_inspector::authtoken -# -# Ironic inspector authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::ironic_inspector::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+ironic_inspector") - } else { - $hashed_secret_key = undef - } - - class { 'ironic::inspector::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/iscsid.pp b/manifests/profile/base/iscsid.pp deleted file mode 100644 index abeee879e..000000000 --- a/manifests/profile/base/iscsid.pp +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::iscsid -# -# Iscsid profile for tripleo -# -# === Parameters -# -# [*chap_algs*] -# (Optional) Comma separated list of algorithms to use in CHAP protocol -# Defaults to 'SHA3-256,SHA256,SHA1,MD5' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::iscsid ( - $chap_algs = 'SHA3-256,SHA256,SHA1,MD5', - $step = Integer(lookup('step')), -) { - - if $step >= 2 { - # When utilising images for deployment, we need to reset the iSCSI initiator name to make it unique - # https://bugzilla.redhat.com/show_bug.cgi?id=1244328 - ensure_resource('package', 'iscsi-initiator-utils', { ensure => 'present' }) - - # THT supplies a volume mount to the host's /etc/iscsi directory (at - # /tmp/iscsi.host). If the sentinel file (.initiator_reset) exists on the - # host, then copy the IQN from the host. This ensures the IQN is reset - # once, and only once. - exec { 'sync-iqn-from-host': - command => '/bin/cp /tmp/iscsi.host/.initiator_reset /tmp/iscsi.host/initiatorname.iscsi /etc/iscsi/', - onlyif => '/usr/bin/test -f /tmp/iscsi.host/.initiator_reset', - before => Exec['reset-iscsi-initiator-name'], - tag => 'iscsid_config' - } - - exec { 'reset-iscsi-initiator-name': - command => '/bin/echo InitiatorName=$(/usr/sbin/iscsi-iname) > /etc/iscsi/initiatorname.iscsi', - onlyif => '/usr/bin/test ! -f /etc/iscsi/.initiator_reset', - before => File['/etc/iscsi/.initiator_reset'], - require => Package['iscsi-initiator-utils'], - tag => 'iscsid_config' - } - - file { '/etc/iscsi/.initiator_reset': - ensure => present, - before => Exec['sync-iqn-to-host'], - } - - exec { 'sync-iqn-to-host': - command => '/bin/cp /etc/iscsi/initiatorname.iscsi /etc/iscsi/.initiator_reset /tmp/iscsi.host/', - onlyif => [ - '/usr/bin/test -d /tmp/iscsi.host', - '/usr/bin/test ! -f /tmp/iscsi.host/iscsi/.initiator_reset', - ], - tag => 'iscsid_config', - } - - $chap_algs_real = join(any2array($chap_algs), ',') - augeas {'chap_algs in /etc/iscsi/iscsid.conf': - context => '/files/etc/iscsi/iscsid.conf', - changes => ["set node.session.auth.chap_algs ${chap_algs_real}"], - } - } -} diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp deleted file mode 100644 index cf9083080..000000000 --- a/manifests/profile/base/keystone.pp +++ /dev/null @@ -1,311 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::keystone -# -# Keystone profile for tripleo -# -# === Parameters -# -# [*admin_endpoint_network*] -# (Optional) The network name where the admin endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('keystone_admin_api_network', undef, undef, undef) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('keystone_short_bootstrap_node_name') -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*ldap_backends_config*] -# Configuration for keystone::ldap_backend. This takes a hash that will -# create each backend specified. -# Defaults to undef -# -# [*ldap_backend_enable*] -# Enables creating per-domain LDAP backends for keystone. -# Default to false -# -# [*manage_db_purge*] -# (Optional) Whether keystone token flushing should be enabled -# Defaults to lookup('keystone_enable_db_purge', undef, undef, false) -# -# [*public_endpoint_network*] -# (Optional) The network name where the admin endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('keystone_public_api_network', undef, undef, undef) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*ceilometer_notification_topics*] -# Notification topics that keystone should use for ceilometer to consume. -# Defaults to [] -# -# [*barbican_notification_topics*] -# Notification topics that keystone should use for barbican to consume. -# Defaults to [] -# -# [*extra_notification_topics*] -# Extra notification topics that keystone should produce. -# Defaults to [] -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*keystone_federation_enabled*] -# (Optional) Enable federated identity support -# Defaults to lookup('keystone_federation_enabled', undef, undef, false) -# -# [*keystone_openidc_enabled*] -# (Optional) Enable OpenIDC federation -# Defaults to lookup('keystone_openidc_enabled', undef, undef, false) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*cache_backend*] -# (Optional) oslo.cache backend used for caching. -# Defaults to lookup('keystone::cache::backend', undef, undef, false) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::keystone ( - $admin_endpoint_network = lookup('keystone_admin_api_network', undef, undef, undef), - $bootstrap_node = lookup('keystone_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $ldap_backends_config = undef, - $ldap_backend_enable = false, - $manage_db_purge = lookup('keystone_enable_db_purge', undef, undef, false), - $public_endpoint_network = lookup('keystone_public_api_network', undef, undef, undef), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $ceilometer_notification_topics = [], - $barbican_notification_topics = [], - $extra_notification_topics = [], - $step = Integer(lookup('step')), - $keystone_federation_enabled = lookup('keystone_federation_enabled', undef, undef, false), - $keystone_openidc_enabled = lookup('keystone_openidc_enabled', undef, undef, false), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $cache_backend = lookup('keystone::cache::backend', undef, undef, false), - $configure_apache = lookup('configure_apache', undef, undef, true), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $enable_internal_tls { - if !$public_endpoint_network { - fail('keystone_public_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${public_endpoint_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${public_endpoint_network}"]['service_key'] - - if !$admin_endpoint_network { - fail('keystone_admin_api_network is not set in the hieradata.') - } - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] { - # NOTE(tkajinm): The inet6 prefix is required for backends using - # python-memcached - $cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - # NOTE(tkajinam): The other backends like pymemcache don't require - # the inet6 prefix - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - } else { - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - - class { 'keystone::cache': - memcache_servers => $cache_memcache_servers - } - - class { 'keystone': - sync_db => $sync_db, - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - notification_topics => union($ceilometer_notification_topics, - $barbican_notification_topics, - $extra_notification_topics), - } - include keystone::healthcheck - - if 'amqp' in [$oslomsg_rpc_proto, $oslomsg_notify_proto]{ - include keystone::messaging::amqp - } - - include keystone::config - include keystone::db - include keystone::logging - if $configure_apache { - include tripleo::profile::base::apache - class { 'keystone::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - include keystone::cors - include keystone::security_compliance - - if $ldap_backend_enable { - validate_legacy(Hash, 'validate_hash', $ldap_backends_config) - if !str2bool($::selinux) { - selboolean { 'authlogin_nsswitch_use_ldap': - value => on, - persistent => true, - } - } - create_resources('keystone::ldap_backend', $ldap_backends_config, { 'create_domain_entry' => false }) - } - - if $keystone_federation_enabled { - include keystone::federation - } - - if $keystone_openidc_enabled { - $memcached_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - class { 'keystone::federation::openidc': - memcached_servers => $memcached_servers, - } - } - } - - if $step >= 4 and $manage_db_purge { - include keystone::cron::trust_flush - } - -} diff --git a/manifests/profile/base/logging/logrotate.pp b/manifests/profile/base/logging/logrotate.pp deleted file mode 100644 index 72e8a5304..000000000 --- a/manifests/profile/base/logging/logrotate.pp +++ /dev/null @@ -1,171 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::logging::logrotate -# -# Installs a cron job that rotates containerized services logs. -# -# === Parameters -# -# [*step*] -# (Optional) String. The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*ensure*] -# (Optional) Status of the cron job. Valid values are present, absent. -# Defaults to present. -# -# [*minute*] -# (Optional) Defaults to '0'. Configures cron job for logrotate. -# -# [*hour*] -# (Optional) Defaults to '*'. Configures cron job for logrotate. -# -# [*monthday*] -# (Optional) Defaults to '*'. Configures cron job for logrotate. -# -# [*month*] -# (Optional) Defaults to '*'. Configures cron job for logrotate. -# -# [*weekday*] -# (Optional) Defaults to '*'. Configures cron job for logrotate. -# -# [*maxdelay*] -# (Optional) Seconds. Defaults to 90. Should be a positive integer. -# Induces a random delay before running the cronjob to avoid running all -# cron jobs at the same time on all hosts this job is configured. -# -# [*user*] -# (Optional) Defaults to 'root'. Configures cron job for logrotate. -# -# [*copytruncate*] -# (Optional) Defaults to True. -# Configures the logrotate copytruncate parameter. -# -# [*delaycompress*] -# (Optional) Defaults to True. -# Configures the logrotate delaycompress parameter. -# -# [*compress*] -# (Optional) Defaults to True. -# Configures the logrotate compress parameter. -# -# [*minsize*] -# (Optional) Defaults to '1'. -# Configures the logrotate minsize parameter. -# -# [*maxsize*] -# (Optional) Defaults to '10M'. -# Configures the logrotate maxsize parameter. -# -# [*notifempty*] -# (Optional) Defaults to True. -# Configures the logrotate notifempty parameter. -# -# [*rotation*] -# (Optional) Defaults to 'daily'. -# Configures the logrotate rotation interval. -# -# [*rotate*] -# (Optional) Defaults to 14. -# Configures the logrotate rotate parameter. -# -# [*purge_after_days*] -# (Optional) Defaults to 14. -# Configures forced purge period for rotated logs. -# Overrides the rotation and rotate settings. -# -# [*dateext*] -# (Optional) Defaults to undef. -# Configures the dateext parameter. -# -# [*dateformat*] -# (Optional) Defaults to undef. -# Configures the dateformat parameter used with dateext parameter. -# -# [*dateyesterday*] -# (Optional) Defaults to undef. -# Configures the dateyesterday parameter used with dateext parameter. -# -# DEPRECATED PARAMETERS -# -# [*size*] -# DEPRECATED: (Optional) Defaults to '10M'. -# Configures the logrotate size parameter. -# -class tripleo::profile::base::logging::logrotate ( - $step = Integer(lookup('step')), - $ensure = present, - $minute = 0, - $hour = '*', - $monthday = '*', - $month = '*', - $weekday = '*', - Integer $maxdelay = 90, - $user = 'root', - $copytruncate = true, - $delaycompress = true, - $compress = true, - $rotation = 'daily', - $minsize = 1, - $maxsize = '10M', - $notifempty = true, - $rotate = 14, - $purge_after_days = 14, - $dateext = undef, - $dateformat = undef, - $dateyesterday = undef, - # DEPRECATED PARAMETERS - $size = undef, -) { - - if $step >= 4 { - if ($size != undef) { - warning('The size parameter is DISABLED to enforce GDPR.') - warning('Size configures maxsize instead of size.') - $maxsize = pick($size, $maxsize) - } - if $maxdelay == 0 { - $sleep = '' - } else { - $sleep = "sleep `expr \${RANDOM} \\% ${maxdelay}`; " - } - - $svc = 'logrotate-crond' - $config = "/etc/${svc}.conf" - $state = "/var/lib/logrotate/${svc}.status" - $cmd = "${sleep}/usr/sbin/logrotate -s ${state} ${config}" - - file { "${config}": - ensure => $ensure, - owner => $user, - group => $user, - mode => '0640', - content => template('tripleo/logrotate/containers_logrotate.conf.erb'), - } - - cron { "${svc}": - ensure => $ensure, - command => "${cmd} 2>&1|logger -t ${svc}", - environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh', - user => $user, - minute => $minute, - hour => $hour, - monthday => $monthday, - month => $month, - weekday => $weekday, - } - } -} diff --git a/manifests/profile/base/logging/rsyslog.pp b/manifests/profile/base/logging/rsyslog.pp deleted file mode 100644 index b199722fa..000000000 --- a/manifests/profile/base/logging/rsyslog.pp +++ /dev/null @@ -1,158 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::logging::rsyslog -# -# rsyslogd configuration for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) String. The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*service_names*] -# (Optional) List of services enabled on the current role. This is used -# to obtain per-service configuration information. -# Defaults to lookup('service_names', undef, undef, []) -# -# [*elasticsearch*] -# (Optional) Hash. Configuration for output plugin omelasticsearch. -# Defaults to undef -# -# [*elasticsearch_tls_ca_cert*] -# (Optional) String. Contains content of the CA cert for the CA that issued -# Elasticsearch server cert. -# Defaults to undef -# -# [*elasticsearch_tls_client_cert*] -# (Optional) String. Contains content of the client cert for doing client -# cert auth against Elasticsearch. -# Defaults to undef -# -# [*elasticsearch_tls_client_key*] -# (Optional) String. Contains content of the private key corresponding to -# the cert elasticsearch_tls_client_cert. -# Defaults to undef -# -# [*amqp1*] -# (Optional) Hash. Configuration for output plugin omamqp1. -# Defaults to undef -# -# [*reopen_on_truncate*] -# (Optional) String. Set all rsyslog imfile reopenOnTruncate parameters -# unless it is already specified in hiera -# Defaults to undef -# -class tripleo::profile::base::logging::rsyslog ( - $step = Integer(lookup('step')), - $service_names = lookup('service_names', undef, undef, []), - $elasticsearch = undef, - $elasticsearch_tls_ca_cert = undef, - $elasticsearch_tls_client_cert = undef, - $elasticsearch_tls_client_key = undef, - $amqp1 = undef, - $reopen_on_truncate = undef, -) { - if $step >= 2 { - # NOTE: puppet-rsyslog does not have params manifest, so we don't have any - # other choice than using hiera currently. - $rsyslog_confdir = lookup('rsyslog::confdir', undef, undef, '/etc/rsyslog.d') - - if $elasticsearch != undef { - if $elasticsearch_tls_ca_cert { - $cacert_path = "${rsyslog_confdir}/es-ca-cert.crt" - $cacert_conf = {'tls.cacert' => $cacert_path} - - file { 'elasticsearch_ca_cert': - ensure => 'present', - path => $cacert_path, - content => $elasticsearch_tls_ca_cert - } - $esconf1 = merge($elasticsearch, $cacert_conf) - } else { - $esconf1 = $elasticsearch - } - - if $elasticsearch_tls_client_cert { - $clientcert_path = "${rsyslog_confdir}/es-client-cert.pem" - $clientcert_conf = {'tls.mycert' => $clientcert_path} - - file { 'elasticsearch_client_cert': - ensure => 'present', - path => $clientcert_path, - content => $elasticsearch_tls_client_cert - } - $esconf2 = merge($esconf1, $clientcert_conf) - } else { - $esconf2 = $esconf1 - } - - if $elasticsearch_tls_client_key { - $clientkey_path = "${rsyslog_confdir}/es-client-key.pem" - $clientkey_conf = {'tls.myprivkey' => $clientkey_path} - - file { 'elasticsearch_client_key': - ensure => 'present', - path => $clientkey_path, - content => $elasticsearch_tls_client_key - } - $esconf = merge($esconf2, $clientkey_conf) - } else { - $esconf = $esconf2 - } - - $modules_es = { - 'imfile' => {}, - 'omelasticsearch' => {}, - } - $actions_es = { - 'elasticsearch' => { - 'type' => 'omelasticsearch', - 'config' => $esconf, - } - } - } else { - $modules_es = {} - $actions_es = {} - } - - if $amqp1 != undef { - $modules_qdr = { - 'imfile' => {}, - 'omamqp1' => {}, - } - $actions_qdr = { - 'amqp1' => { - 'type' => 'omamqp1', - 'config' => $amqp1, - } - } - } else { - $modules_qdr = {} - $actions_qdr = {} - } - - $modules = $modules_es + $modules_qdr - $actions = $actions_es + $actions_qdr - include rsyslog - class { 'rsyslog::config': - modules => $modules, - actions => $actions - } - tripleo::profile::base::logging::rsyslog::file_input{$service_names: - reopen_on_truncate => $reopen_on_truncate - } - } -} diff --git a/manifests/profile/base/logging/rsyslog/file_input.pp b/manifests/profile/base/logging/rsyslog/file_input.pp deleted file mode 100644 index 15b85041a..000000000 --- a/manifests/profile/base/logging/rsyslog/file_input.pp +++ /dev/null @@ -1,57 +0,0 @@ -# This is used to look up a list of service-specific rsyslogd configurations -# in the hiera data provided by THT. -# -# [*sources*] -# (Optional) List of hashes. Contains configuration of file inputs for given service. -# Defaults to lookup("tripleo_logging_sources_${title}", undef, undef, undef) -# -# [*default_startmsg*] -# (Optional) String. Default POSIX ERE for start of log record. The default enables to forward -# multiline tracebacks for most of OpenStack services. It can be overridden either by this -# parameter for all file inputs or in each file input separately in THT parameters -# tripleo_logging_sources_. -# Defaults to '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(.[0-9]+ [0-9]+)? (DEBUG|INFO|WARNING|ERROR) ' -# -# [*reopen_on_truncate*] -# (Optional) String. Set all rsyslog imfile reopenOnTruncate parameters -# unless it is already specified in hiera -# Defaults to undef -# -define tripleo::profile::base::logging::rsyslog::file_input ( - $sources = lookup("tripleo_logging_sources_${title}", undef, undef, undef), - $default_startmsg = '^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(.[0-9]+ [0-9]+)? (DEBUG|INFO|WARNING|ERROR) ', - Optional[Enum['on','off']] $reopen_on_truncate = undef -) { - if $sources { - $sources_array = Array($sources, true) - $rsyslog_sources = $sources_array.reduce([]) |$memo, $config| { - if ! $config['startmsg.regex'] { - $record = $config + {'startmsg.regex' => $default_startmsg} - } else { - $record = $config - } - - if ! $config['reopenOnTruncate'] { - if $reopen_on_truncate { - $record2 = $record + {'reopenOnTruncate' => $reopen_on_truncate} - } else { - $record2 = $record - } - } else { - $record2 = $record - } - - $memo + [$record2] - } - - $rsyslog_sources.each |$config| { - rsyslog::component::input{ "${title}_${config['tag']}": - priority => $::rsyslog::input_priority, - target => $::rsyslog::target_file, - confdir => $::rsyslog::confdir, - type => 'imfile', - config => $config - } - } - } -} diff --git a/manifests/profile/base/lvm.pp b/manifests/profile/base/lvm.pp deleted file mode 100644 index 91810ce4a..000000000 --- a/manifests/profile/base/lvm.pp +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::lvm -# -# LVM profile for tripleo -# -# === Parameters -# -# [*enable_udev*] -# (Optional) Whether to enable udev usage by LVM. -# Defaults to true -# -class tripleo::profile::base::lvm ( - $enable_udev = true, -) { - - if $enable_udev { - $udev_options_value = 1 - } else { - $udev_options_value = 0 - } - augeas {'udev options in lvm.conf': - context => '/files/etc/lvm/lvm.conf/activation/dict/', - changes => ["set udev_sync/int ${udev_options_value}", - "set udev_rules/int ${udev_options_value}"], - } - -} diff --git a/manifests/profile/base/manila.pp b/manifests/profile/base/manila.pp deleted file mode 100644 index f89bf2cab..000000000 --- a/manifests/profile/base/manila.pp +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::manila -# -# Manila common profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('manila_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') - -class tripleo::profile::base::manila ( - $bootstrap_node = lookup('manila_api_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - class { 'manila' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - include manila::config - include manila::db - include manila::logging - } -} diff --git a/manifests/profile/base/manila/api.pp b/manifests/profile/base/manila/api.pp deleted file mode 100644 index 0a35ff7ec..000000000 --- a/manifests/profile/base/manila/api.pp +++ /dev/null @@ -1,178 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::manila::api -# -# Manila API profile for tripleo -# -# === Parameters -# -# [*enabled_share_protocols*] -# (Optional) Share protocols enabled on the manila API service. -# Defaults to lookup('manila_enabled_share_protocols', undef, undef, undef) -# -# [*backend_generic_enabled*] -# (Optional) Whether or not the generic backend is enabled -# Defaults to lookup('manila_backend_generic_enabled', undef, undef, false) -# -# [*backend_netapp_enabled*] -# (Optional) Whether or not the netapp backend is enabled -# Defaults to lookup('manila_backend_netapp_enabled', undef, undef, false) -# -# [*backend_powermax_enabled*] -# (Optional) Whether or not the powermax backend is enabled -# Defaults to lookup('manila_backend_powermax_enabled', undef, undef, false) -# -# [*backend_isilon_enabled*] -# (Optional) Whether or not the isilon backend is enabled -# Defaults to lookup('manila_backend_isilon_enabled', undef, undef, false) -# -# [*backend_unity_enabled*] -# (Optional) Whether or not the unity backend is enabled -# Defaults to lookup('manila_backend_unity_enabled', undef, undef, false) -# -# [*backend_vnx_enabled*] -# (Optional) Whether or not the vnx backend is enabled -# Defaults to lookup('manila_backend_vnx_enabled', undef, undef, false) -# -# [*backend_flashblade_enabled*] -# (Optional) Whether or not the flashblade backend is enabled -# Defaults to lookup('manila_backend_flashblade_enabled', undef, undef, false) -# -# [*backend_cephfs_enabled*] -# (Optional) Whether or not the cephfs backend is enabled -# Defaults to lookup('manila_backend_cephfs_enabled', undef, undef, false) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('manila_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*manila_api_network*] -# (Optional) The network name where the manila API endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('manila_api_network', undef, undef, undef) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*manila_enable_db_purge*] -# (Optional) Whether to enable db purging -# Defaults to true -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::manila::api ( - $enabled_share_protocols = lookup('manila_enabled_share_protocols', undef, undef, undef), - $backend_generic_enabled = lookup('manila_backend_generic_enabled', undef, undef, false), - $backend_netapp_enabled = lookup('manila_backend_netapp_enabled', undef, undef, false), - $backend_powermax_enabled = lookup('manila_backend_powermax_enabled', undef, undef, false), - $backend_isilon_enabled = lookup('manila_backend_isilon_enabled', undef, undef, false), - $backend_unity_enabled = lookup('manila_backend_unity_enabled', undef, undef, false), - $backend_vnx_enabled = lookup('manila_backend_vnx_enabled', undef, undef, false), - $backend_flashblade_enabled = lookup('manila_backend_flashblade_enabled', undef, undef, false), - $backend_cephfs_enabled = lookup('manila_backend_cephfs_enabled', undef, undef, false), - $bootstrap_node = lookup('manila_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $manila_api_network = lookup('manila_api_network', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $step = Integer(lookup('step')), - $manila_enable_db_purge = true, - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::manila - include tripleo::profile::base::manila::authtoken - - if $enable_internal_tls { - if !$manila_api_network { - fail('manila_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${manila_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${manila_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $configure_apache { - include tripleo::profile::base::apache - } - - unless empty($enabled_share_protocols) { - $enabled_share_protocols_real = join(any2array($enabled_share_protocols), ',') - } else { - if $backend_generic_enabled or $backend_netapp_enabled - or $backend_powermax_enabled or $backend_isilon_enabled - or $backend_unity_enabled or $backend_vnx_enabled - or $backend_flashblade_enabled{ - $nfs_protocol = 'NFS' - $cifs_protocol = 'CIFS' - } else { - $nfs_protocol = undef - $cifs_protocol = undef - } - if $backend_cephfs_enabled { - $cephfs_protocol = lookup( - 'manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, 'CEPHFS') - } else { - $cephfs_protocol = undef - } - - $enabled_share_protocols_real = join(delete_undef_values([$nfs_protocol,$cifs_protocol,$cephfs_protocol]), ',') - - } - class { 'manila::api' : - enabled_share_protocols => $enabled_share_protocols_real - } - include manila::healthcheck - if $configure_apache { - class { 'manila::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } - - if $step >= 5 { - if $manila_enable_db_purge { - include manila::cron::db_purge - } - } -} diff --git a/manifests/profile/base/manila/authtoken.pp b/manifests/profile/base/manila/authtoken.pp deleted file mode 100644 index 6e4b5f1b1..000000000 --- a/manifests/profile/base/manila/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::manila::authtoken -# -# Manila authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::manila::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+manila") - } else { - $hashed_secret_key = undef - } - - class { 'manila::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/manila/scheduler.pp b/manifests/profile/base/manila/scheduler.pp deleted file mode 100644 index 535e74905..000000000 --- a/manifests/profile/base/manila/scheduler.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::manila::scheduler -# -# Manila Scheduler profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::manila::scheduler ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::manila - - if $step >= 4 { - include manila::compute::nova - include manila::network::neutron - include manila::scheduler - } -} diff --git a/manifests/profile/base/manila/share.pp b/manifests/profile/base/manila/share.pp deleted file mode 100644 index ad1e9e3fa..000000000 --- a/manifests/profile/base/manila/share.pp +++ /dev/null @@ -1,271 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::manila::share -# -# Manila share profile for tripleo -# -# === Parameters -# -# [*backend_generic_enabled*] -# (Optional) Whether or not the generic backend is enabled -# Defaults to lookup('manila_backend_generic_enabled', undef, undef, false) -# -# [*backend_netapp_enabled*] -# (Optional) Whether or not the netapp backend is enabled -# Defaults to lookup('manila_backend_netapp_enabled', undef, undef, false) -# -# [*backend_powermax_enabled*] -# (Optional) Whether or not the powermax backend is enabled -# Defaults to lookup('manila_backend_powermax_enabled', undef, undef, false) -# -# [*backend_isilon_enabled*] -# (Optional) Whether or not the isilon backend is enabled -# Defaults to lookup('manila_backend_isilon_enabled', undef, undef, false) -# -# [*backend_unity_enabled*] -# (Optional) Whether or not the unity backend is enabled -# Defaults to lookup('manila_backend_unity_enabled', undef, undef, false) -# -# [*backend_vnx_enabled*] -# (Optional) Whether or not the vnx backend is enabled -# Defaults to lookup('manila_backend_vnx_enabled', undef, undef, false) -# -# [*backend_flashblade_enabled*] -# (Optional) Whether or not the flashblade backend is enabled -# Defaults to lookup('manila_backend_flashblade_enabled', undef, undef, false) -# -# [*backend_cephfs_enabled*] -# (Optional) Whether or not the cephfs backend is enabled -# Defaults to lookup('manila_backend_cephfs_enabled', undef, undef, false) -# -# [*manila_user_enabled_backends*] -# (Optional) List of additional backend stanzas to activate -# Defaults to lookup('manila_user_enabled_backends', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::manila::share ( - $backend_generic_enabled = lookup('manila_backend_generic_enabled', undef, undef, false), - $backend_netapp_enabled = lookup('manila_backend_netapp_enabled', undef, undef, false), - $backend_powermax_enabled = lookup('manila_backend_powermax_enabled', undef, undef, false), - $backend_isilon_enabled = lookup('manila_backend_isilon_enabled', undef, undef, false), - $backend_unity_enabled = lookup('manila_backend_unity_enabled', undef, undef, false), - $backend_vnx_enabled = lookup('manila_backend_vnx_enabled', undef, undef, false), - $backend_flashblade_enabled = lookup('manila_backend_flashblade_enabled', undef, undef, false), - $backend_cephfs_enabled = lookup('manila_backend_cephfs_enabled', undef, undef, false), - $manila_user_enabled_backends = lookup('manila_user_enabled_backends', undef, undef, undef), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::manila - - if $step >= 4 { - include manila::share - - # manila generic: - if $backend_generic_enabled { - $manila_generic_backend = lookup('manila::backend::generic::title') - create_resources('manila::backend::generic', { $manila_generic_backend => delete_undef_values({ - 'driver_handles_share_servers' => lookup('manila::backend::generic::driver_handles_share_servers', undef, undef, true), - 'backend_availability_zone' => lookup('manila::backend::generic::backend_availability_zone', undef, undef, undef), - 'max_time_to_attach' => lookup('manila::backend::generic::max_time_to_attach', undef, undef, undef), - 'max_time_to_create_volume' => lookup('manila::backend::generic::max_time_to_create_volume', undef, undef, undef), - 'service_instance_smb_config_path' => lookup('manila::backend::generic::service_instance_smb_config_path', undef, undef, undef), - 'share_mount_path' => lookup('manila::backend::generic::share_mount_path', undef, undef, undef), - 'share_volume_fstype' => lookup('manila::backend::generic::share_volume_fstype', undef, undef, undef), - 'smb_template_config_path' => lookup('manila::backend::generic::smb_template_config_path', undef, undef, undef), - 'volume_name_template' => lookup('manila::backend::generic::volume_name_template', undef, undef, undef), - 'volume_snapshot_name_template' => lookup('manila::backend::generic::volume_snapshot_name_template', undef, undef, undef), - 'cinder_volume_type' => lookup('manila::backend::generic::cinder_volume_type', undef, undef, undef), - })}) - - $service_instance_user = lookup('manila::service_instance::service_instance_user') - $service_instance_password = lookup('manila::service_instance::service_instance_password') - $service_instance_flavor_id = lookup('manila::service_instance::service_instance_flavor_id') - manila_config { - "${manila_generic_backend}/service_instance_user": value => $service_instance_user; - "${manila_generic_backend}/service_instance_password": value => $service_instance_password; - "${manila_generic_backend}/service_instance_flavor_id": value => $service_instance_flavor_id; - } - - include manila::volume::cinder - } - - # manila cephfs: - if $backend_cephfs_enabled { - $manila_cephfs_backend = lookup('manila::backend::cephfs::title') - $cephfs_auth_id = lookup('manila::backend::cephfs::cephfs_auth_id') - $cephfs_ganesha_server_ip = lookup('manila::backend::cephfs::cephfs_ganesha_server_ip', undef, undef, undef) - $manila_cephfs_protocol_helper_type = lookup('manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, false) - $manila_cephfs_pool_name = lookup('manila::backend::cephfs::pool_name', undef, undef, 'manila_data') - - if $cephfs_ganesha_server_ip == undef { - $cephfs_ganesha_server_ip_real = lookup('ganesha_vip', undef, undef, undef) - } else { - $cephfs_ganesha_server_ip_real = $cephfs_ganesha_server_ip - } - - create_resources('manila::backend::cephfs', { $manila_cephfs_backend => delete_undef_values({ - 'driver_handles_share_servers' => lookup('manila::backend::cephfs::driver_handles_share_servers', undef, undef, false), - 'backend_availability_zone' => lookup('manila::backend::cephfs::backend_availability_zone', undef, undef, undef), - 'share_backend_name' => lookup('manila::backend::cephfs::share_backend_name', undef, undef, undef), - 'cephfs_conf_path' => lookup('manila::backend::cephfs::cephfs_conf_path', undef, undef, undef), - 'cephfs_auth_id' => $cephfs_auth_id, - 'cephfs_cluster_name' => lookup('manila::backend::cephfs::cephfs_cluster_name', undef, undef, undef), - 'cephfs_volume_mode' => lookup('manila::backend::cephfs::cephfs_volume_mode', undef, undef, '0755'), - 'cephfs_protocol_helper_type' => $manila_cephfs_protocol_helper_type, - 'cephfs_ganesha_server_ip' => $cephfs_ganesha_server_ip_real, - 'cephfs_ganesha_server_is_remote' => lookup('manila::backend::cephfs::cephfs_ganesha_server_is_remote', undef, undef, false), - 'cephfs_ganesha_server_username' => lookup('manila::backend::cephfs::cephfs_ganesha_server_username', undef, undef, undef), - 'cephfs_ganesha_server_password' => lookup('manila::backend::cephfs::cephfs_ganesha_server_password', undef, undef, undef), - 'cephfs_ganesha_path_to_private_key' => lookup('manila::backend::cephfs::cephfs_ganesha_path_to_private_key', undef, undef, undef), - })}) - - # cephfs supports both direct cephfs access or access through - # nfs-ganesha depending whether 'cephfs_protocol_helper_type' is - # set to 'CEPHFS' or 'NFS' - if $manila_cephfs_protocol_helper_type == 'NFS' { - manila::backend::ganesha { $manila_cephfs_backend : - ganesha_rados_store_enable => true, - ganesha_rados_store_pool_name => $manila_cephfs_pool_name, - } - } - } - - # manila netapp: - if $backend_netapp_enabled { - $manila_netapp_backend = lookup('manila::backend::netapp::title') - create_resources('manila::backend::netapp', { $manila_netapp_backend => delete_undef_values({ - 'driver_handles_share_servers' => lookup('manila::backend::netapp::driver_handles_share_servers', undef, undef, true), - 'backend_availability_zone' => lookup('manila::backend::netapp::backend_availability_zone', undef, undef, undef), - 'netapp_login' => lookup('manila::backend::netapp::netapp_login', undef, undef, undef), - 'netapp_password' => lookup('manila::backend::netapp::netapp_password', undef, undef, undef), - 'netapp_server_hostname' => lookup('manila::backend::netapp::netapp_server_hostname', undef, undef, undef), - 'netapp_transport_type' => lookup('manila::backend::netapp::netapp_transport_type', undef, undef, undef), - 'netapp_storage_family' => lookup('manila::backend::netapp::netapp_storage_family', undef, undef, undef), - 'netapp_server_port' => lookup('manila::backend::netapp::netapp_server_port', undef, undef, undef), - 'netapp_volume_name_template' => lookup('manila::backend::netapp::netapp_volume_name_template', undef, undef, undef), - 'netapp_vserver' => lookup('manila::backend::netapp::netapp_vserver', undef, undef, undef), - 'netapp_vserver_name_template' => lookup('manila::backend::netapp::netapp_vserver_name_template', undef, undef, undef), - 'netapp_lif_name_template' => lookup('manila::backend::netapp::netapp_lif_name_template', undef, undef, undef), - 'netapp_aggregate_name_search_pattern' => lookup('manila::backend::netapp::netapp_aggregate_name_search_pattern', - undef, undef, undef), - 'netapp_root_volume_aggregate' => lookup('manila::backend::netapp::netapp_root_volume_aggregate', undef, undef, undef), - 'netapp_root_volume' => lookup('manila::backend::netapp::netapp_root_volume', undef, undef, undef), - 'netapp_port_name_search_pattern' => lookup('manila::backend::netapp::netapp_port_name_search_pattern', undef, undef, undef), - 'netapp_trace_flags' => lookup('manila::backend::netapp::netapp_trace_flags', undef, undef, undef), - })}) - } - - # manila powermax: - if $backend_powermax_enabled { - $manila_powermax_backend = lookup('manila::backend::dellemc_powermax::title') - create_resources('manila::backend::dellemc_powermax', { $manila_powermax_backend => delete_undef_values({ - 'backend_availability_zone' => lookup('manila::backend::dellemc_powermax::backend_availability_zone', undef, undef, undef), - 'emc_nas_login' => lookup('manila::backend::dellemc_powermax::emc_nas_login', undef, undef, undef), - 'emc_nas_password' => lookup('manila::backend::dellemc_powermax::emc_nas_password', undef, undef, undef), - 'emc_nas_server' => lookup('manila::backend::dellemc_powermax::emc_nas_server', undef, undef, undef), - 'emc_share_backend' => lookup('manila::backend::dellemc_powermax::emc_share_backend', undef, undef, 'powermax'), - 'emc_ssl_cert_verify' => lookup('manila::backend::dellemc_powermax::emc_ssl_cert_verify', undef, undef, false), - 'emc_nas_server_secure' => lookup('manila::backend::dellemc_powermax::emc_nas_server_secure', undef, undef, false), - 'emc_ssl_cert_path' => lookup('manila::backend::dellemc_powermax::emc_ssl_cert_path', undef, undef, undef), - 'powermax_server_container' => lookup('manila::backend::dellemc_powermax::powermax_server_container', undef, undef, undef), - 'powermax_share_data_pools' => lookup('manila::backend::dellemc_powermax::powermax_share_data_pools', undef, undef, undef), - 'powermax_ethernet_ports' => lookup('manila::backend::dellemc_powermax::powermax_ethernet_ports', undef, undef, undef), - })}) - } - - # manila unity: - if $backend_unity_enabled { - $manila_unity_backend = lookup('manila::backend::dellemc_unity::title') - create_resources('manila::backend::dellemc_unity', { $manila_unity_backend => delete_undef_values({ - 'driver_handles_share_servers' => lookup('manila::backend::dellemc_unity::driver_handles_share_servers', undef, undef, true), - 'backend_availability_zone' => lookup('manila::backend::dellemc_unity::backend_availability_zone', undef, undef, undef), - 'emc_nas_login' => lookup('manila::backend::dellemc_unity::emc_nas_login', undef, undef, undef), - 'emc_nas_password' => lookup('manila::backend::dellemc_unity::emc_nas_password', undef, undef, undef), - 'emc_nas_server' => lookup('manila::backend::dellemc_unity::emc_nas_server', undef, undef, undef), - 'emc_share_backend' => lookup('manila::backend::dellemc_unity::emc_share_backend', undef, undef, 'unity'), - 'unity_server_meta_pool' => lookup('manila::backend::dellemc_unity::unity_server_meta_pool', undef, undef, undef), - 'unity_share_data_pools' => lookup('manila::backend::dellemc_unity::unity_share_data_pools', undef, undef, undef), - 'unity_ethernet_ports' => lookup('manila::backend::dellemc_unity::unity_ethernet_ports', undef, undef, undef), - 'network_plugin_ipv6_enabled' => lookup('manila::backend::dellemc_unity::network_plugin_ipv6_enabled', undef, undef, undef), - 'emc_ssl_cert_verify' => lookup('manila::backend::dellemc_unity::emc_ssl_cert_verify', undef, undef, undef), - 'emc_ssl_cert_path' => lookup('manila::backend::dellemc_unity::emc_ssl_cert_path', undef, undef, undef), - })}) - } - - # manila vnx: - if $backend_vnx_enabled { - $manila_vnx_backend = lookup('manila::backend::dellemc_vnx::title') - create_resources('manila::backend::dellemc_vnx', { $manila_vnx_backend => delete_undef_values({ - 'backend_availability_zone' => lookup('manila::backend::dellemc_vnx::backend_availability_zone', undef, undef, undef), - 'emc_nas_login' => lookup('manila::backend::dellemc_vnx::emc_nas_login', undef, undef, undef), - 'emc_nas_password' => lookup('manila::backend::dellemc_vnx::emc_nas_password', undef, undef, undef), - 'emc_nas_server' => lookup('manila::backend::dellemc_vnx::emc_nas_server', undef, undef, undef), - 'emc_share_backend' => lookup('manila::backend::dellemc_vnx::emc_share_backend', undef, undef, 'vnx'), - 'vnx_server_container' => lookup('manila::backend::dellemc_vnx::vnx_server_container', undef, undef, undef), - 'vnx_share_data_pools' => lookup('manila::backend::dellemc_vnx::vnx_share_data_pools', undef, undef, undef), - 'vnx_ethernet_ports' => lookup('manila::backend::dellemc_vnx::vnx_ethernet_ports', undef, undef, undef), - 'network_plugin_ipv6_enabled' => lookup('manila::backend::dellemc_vnx::network_plugin_ipv6_enabled', undef, undef, undef), - 'emc_ssl_cert_verify' => lookup('manila::backend::dellemc_vnx::emc_ssl_cert_verify', undef, undef, undef), - 'emc_ssl_cert_path' => lookup('manila::backend::dellemc_vnx::emc_ssl_cert_path', undef, undef, undef), - })}) - } - - # manila isilon: - if $backend_isilon_enabled { - $manila_isilon_backend = lookup('manila::backend::dellemc_isilon::title') - create_resources('manila::backend::dellemc_isilon', { $manila_isilon_backend => delete_undef_values({ - 'backend_availability_zone' => lookup('manila::backend::dellemc_isilon::backend_availability_zone', undef, undef, undef), - 'emc_nas_login' => lookup('manila::backend::dellemc_isilon::emc_nas_login', undef, undef, undef), - 'emc_nas_password' => lookup('manila::backend::dellemc_isilon::emc_nas_password', undef, undef, undef), - 'emc_nas_server' => lookup('manila::backend::dellemc_isilon::emc_nas_server', undef, undef, undef), - 'emc_share_backend' => lookup('manila::backend::dellemc_isilon::emc_share_backend', undef, undef, 'isilon'), - 'emc_nas_root_dir' => lookup('manila::backend::dellemc_isilon::emc_nas_root_dir', undef, undef, undef), - 'emc_nas_server_port' => lookup('manila::backend::dellemc_isilon::emc_server_port', undef, undef, undef), - 'emc_nas_server_secure' => lookup('manila::backend::dellemc_isilon::emc_nas_secure', undef, undef, undef), - })}) - } - - # manila flashblade: - if $backend_flashblade_enabled { - $manila_flashblade_backend = lookup('manila::backend::flashblade::title') - create_resources('manila::backend::flashblade', { $manila_flashblade_backend => delete_undef_values({ - 'flashblade_mgmt_vip' => lookup('manila::backend::flashblade::flashblade_mgmt_vip', undef, undef, undef), - 'backend_availability_zone' => lookup('manila::backend::flashblade::backend_availability_zone', undef, undef, undef), - 'flashblade_data_vip' => lookup('manila::backend::flashblade::flashblade_data_vip', undef, undef, undef), - 'flashblade_api_token' => lookup('manila::backend::flashblade::flashblade_api_token', undef, undef, undef), - 'flashblade_eradicate' => lookup('manila::backend::flashblade::flashblade_eradicate', undef, undef, undef), - })}) - } - - $backends = delete_undef_values(concat([], $manila_generic_backend, - $manila_cephfs_backend, - $manila_netapp_backend, - $manila_powermax_backend, - $manila_isilon_backend, - $manila_unity_backend, - $manila_vnx_backend, - $manila_flashblade_backend, - $manila_user_enabled_backends)) - $manila_enabled_backends = delete($backends, '') - - class { 'manila::backends' : - enabled_share_backends => $manila_enabled_backends, - } - } -} diff --git a/manifests/profile/base/memcached.pp b/manifests/profile/base/memcached.pp deleted file mode 100644 index b35cbd798..000000000 --- a/manifests/profile/base/memcached.pp +++ /dev/null @@ -1,63 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::memcached -# -# Memcached profile for tripleo -# -# === Parameters -# -# [*enable_internal_memcached_tls*] -# (Optional) Whether TLS in the internal network is enabled or not for -# Memcached servers. -# Defaults to undef -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate -# it will create. Note that the certificate nickname must be 'memcached' in -# the case of this service. -# Example with hiera: -# tripleo::profile::base::memcached::certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "memcached/" -# Defaults to {}. -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::memcached ( - $enable_internal_memcached_tls = false, - $certificate_specs = {}, - $step = Integer(lookup('step')), -) { - if $step >= 1 { - if $enable_internal_memcached_tls { - $tls_cert_chain = $certificate_specs['service_certificate'] - $tls_key = $certificate_specs['service_key'] - } else { - $tls_cert_chain = undef - $tls_key = undef - } - - class { 'memcached': - use_tls => $enable_internal_memcached_tls, - tls_cert_chain => $tls_cert_chain, - tls_key => $tls_key - } - } -} diff --git a/manifests/profile/base/metrics/collectd.pp b/manifests/profile/base/metrics/collectd.pp deleted file mode 100644 index 59f3e69c7..000000000 --- a/manifests/profile/base/metrics/collectd.pp +++ /dev/null @@ -1,263 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::metrics::collectd -# -# Collectd configuration for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*enable_file_logging*] -# (Optional) Boolean. Whether to enable logfile plugin. -# which we should send metrics. -# Defaults to false -# -# [*collectd_server*] -# (Optional) String. The name or address of a collectd server to -# which we should send metrics. -# -# [*collectd_port*] -# (Optional) Integer. The port to which we will connect on the -# collectd server. -# -# [*collectd_username*] -# (Optional) String. Username for authenticating to the remote -# collectd server. -# -# [*collectd_password*] -# (Optional) String. Password for authenticating to the remote -# collectd server. -# -# [*collectd_securitylevel*] -# (Optional) String. -# -# [*enable_sqlalchemy_collectd*] -# (Optional) boolean. enable SQLAlchemy-collectd plugin -# defaults to false -# -# [*sqlalchemy_collectd_bind_host*] -# (Optional) String. Hostname to listen on. Defaults to 0.0.0.0 -# -# [*sqlalchemy_collectd_log_messages*] -# (Optional) String. Log level for the plugin, set to "debug" to show -# messages received. -# Defaults to 'info' -# -# [*service_names*] -# (Optional) List of strings. A list of active services in this tripleo -# deployment. This is used to look up service-specific plugins that -# need to be installed. -# Defaults to lookup('service_names', undef, undef, []) -# -# [*collectd_manage_repo*] -# (Optional) Boolean. Whether let collectd enable manage repositories. -# If it is set to true the epel repository will be used -# -# [*amqp_transport_name*] -# (Optional) String. Name of the transport. -# Default to 'metrics' -# -# [*amqp_host*] -# (Optional) String. Hostname or IP address of the AMQP 1.0 intermediary. -# Defaults to the undef -# -# [*amqp_port*] -# (Optional) String. Service name or port number on which the AMQP 1.0 -# intermediary accepts connections. This argument must be a string, -# even if the numeric form is used. -# Defaults to undef -# -# [*amqp_user*] -# (Optional) String. User part of credentials used to authenticate to the -# AMQP 1.0 intermediary. -# Defaults to undef -# -# [*amqp_password*] -# (Optional) String. Password part of credentials used to authenticate -# to the AMQP 1.0 intermediary. -# Defaults to undef -# -# [*amqp_address*] -# (Optional) String. This option specifies the prefix for the send-to value -# in the message. -# Defaults to 'collectd' -# -# [*amqp_retry_delay*] -# (Optional) Number. When the AMQP1 connection is lost, defines the time -# in seconds to wait before attempting to reconnect. If not set 1 second -# is the implicit default. -# Defaults to undef -# -# [*amqp_interval*] -# (Optional) Number. Interval on which metrics should be sent to AMQP -# intermediary. If not set the default for all collectd plugins is used. -# Defaults to undef -# -# [*amqp_instances*] -# (Optional) Hash of hashes. Each inner hash represent Instance block in plugin -# configuration file. Key of outer hash represents instance name. -# The 'address' value concatenated with the 'name' given will be used -# as the send-to address for communications over the messaging link. -# Defaults to {}. -# -# [*amqp_send_queue_limit*] -# (Optional) Number. Number of data sets to be kept in memory, older sets -# will be discarded; if set to undef, this feature is disabled. -# Defaults to undef -# -# [*qdr_mode*] -# (Optional) String. Mode in which the QDR service, to which collectd -# should be connected, is running. -# Defaults to lookup('tripleo::profile::base::metrics::qdr::router_mode', undef, undef, 'edge') -# -# [*python_read_plugins*] -# (Optional) List of strings. List of third party python packages to install. -# Defaults to []. -# -# [*enable_sensubility*] -# (Optional) Boolean. Set to true if sensubility should be executed by exec plugin. -# Defaults to false. -# -# [*enable_libpodstats*] -# (Optional) Boolean. Set to true if the collectd libpodstats plugin should be -# loaded -# Defaults to false. -# -class tripleo::profile::base::metrics::collectd ( - $step = Integer(lookup('step')), - $enable_file_logging = false, - $collectd_server = undef, - $collectd_port = undef, - $collectd_username = undef, - $collectd_password = undef, - $collectd_securitylevel = undef, - $enable_sqlalchemy_collectd = false, - $sqlalchemy_collectd_bind_host = undef, - $sqlalchemy_collectd_log_messages = undef, - $amqp_transport_name = 'metrics', - $amqp_host = undef, - $amqp_port = undef, - $amqp_user = undef, - $amqp_password = undef, - $amqp_address = 'collectd', - $amqp_instances = {}, - $amqp_retry_delay = undef, - $amqp_interval = undef, - $amqp_send_queue_limit = undef, - $qdr_mode = lookup('tripleo::profile::base::metrics::qdr::router_mode', undef, undef, 'edge'), - $service_names = lookup('service_names', undef, undef, []), - $collectd_manage_repo = false, - $python_read_plugins = [], - $enable_sensubility = false, - $enable_libpodstats = false, -) { - - if $step >= 3 { - if $enable_libpodstats { - $typesdb = ['/usr/share/collectd/types.db', '/usr/share/collectd/types.db.libpodstats'] - include tripleo::profile::base::metrics::collectd::libpodstats - } else { - $typesdb = ['/usr/share/collectd/types.db'] - } - - class {'collectd': - manage_repo => $collectd_manage_repo, - typesdb => $typesdb, - } - - class { 'collectd::plugin::python': - logtraces => true, - } - - $python_packages = $python_read_plugins - package { $python_packages: - ensure => 'present' - } - - if $enable_file_logging { - include collectd::plugin::logfile - } - - if ! ($collectd_securitylevel in [undef, 'None', 'Sign', 'Encrypt']) { - fail('collectd_securitylevel must be one of (None, Sign, Encrypt).') - } - - # Load per-service plugin configuration - ::tripleo::profile::base::metrics::collectd::collectd_service { - $service_names: } - - # Because THT doesn't allow us to default values to undef, we need - # to perform a number of transformations here to avoid passing a bunch of - # empty strings to the collectd plugins. - - $_collectd_username = empty($collectd_username) ? { - true => undef, - default => $collectd_username - } - - $_collectd_password = empty($collectd_password) ? { - true => undef, - default => $collectd_password - } - - $_collectd_port = empty($collectd_port) ? { - true => undef, - default => $collectd_port - } - - $_collectd_securitylevel = empty($collectd_securitylevel) ? { - true => undef, - default => $collectd_securitylevel - } - - if $enable_sqlalchemy_collectd { - ::tripleo::profile::base::metrics::collectd::sqlalchemy_collectd { 'sqlalchemy_collectd': - bind_host => $sqlalchemy_collectd_bind_host, - log_messages => $sqlalchemy_collectd_log_messages, - } - } - - if ! empty($collectd_server) { - ::collectd::plugin::network::server { $collectd_server: - username => $_collectd_username, - password => $_collectd_password, - port => $_collectd_port, - securitylevel => $_collectd_securitylevel, - } - } elsif !empty($amqp_host) { - class { 'collectd::plugin::amqp1': - ensure => 'present', - manage_package => true, - transport => $amqp_transport_name, - host => $amqp_host, - port => $amqp_port, - user => $amqp_user, - password => $amqp_password, - address => $amqp_address, - instances => $amqp_instances, - retry_delay => $amqp_retry_delay, - interval => $amqp_interval, - send_queue_limit => $amqp_send_queue_limit, - } - } - if $enable_sensubility { - include tripleo::profile::base::metrics::collectd::sensubility - } - } -} diff --git a/manifests/profile/base/metrics/collectd/collectd_plugin.pp b/manifests/profile/base/metrics/collectd/collectd_plugin.pp deleted file mode 100644 index 5ab940b22..000000000 --- a/manifests/profile/base/metrics/collectd/collectd_plugin.pp +++ /dev/null @@ -1,6 +0,0 @@ -# We use this to transform a list of unqualified plugin names -# (like ['disk', 'ntpd']) into the correct collectd plugin classes. -define tripleo::profile::base::metrics::collectd::collectd_plugin ( -) { - include "collectd::plugin::${title}" -} diff --git a/manifests/profile/base/metrics/collectd/collectd_service.pp b/manifests/profile/base/metrics/collectd/collectd_service.pp deleted file mode 100644 index 94ce9cfa0..000000000 --- a/manifests/profile/base/metrics/collectd/collectd_service.pp +++ /dev/null @@ -1,14 +0,0 @@ -# This is used to look up a list of service-specific collectd plugins -# in the hiera data provided by THT. -define tripleo::profile::base::metrics::collectd::collectd_service ( -) { - $plugins = lookup("'tripleo.collectd.plugins.${title}'", undef, undef, []) - - $plugins.each |$plugin| { - ensure_resource( - 'tripleo::profile::base::metrics::collectd::collectd_plugin', - $plugin, - {} - ) - } -} diff --git a/manifests/profile/base/metrics/collectd/libpodstats.pp b/manifests/profile/base/metrics/collectd/libpodstats.pp deleted file mode 100644 index 95a9fc84e..000000000 --- a/manifests/profile/base/metrics/collectd/libpodstats.pp +++ /dev/null @@ -1,70 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::profile::base::metrics::collectd::sensubility -# -# This is used to create configuration file for collectd-sensubility plugin -# -# === Parameters -# -# [*ensure*] -# (Optional) String. Action to perform with sensubility plugin -# configuration file. -# Defaults to 'present' -# -# [*config_path*] -# (Optional) String. Path to configuration file. -# Defaults to /etc/collectd.d/libpodstats.conf -class tripleo::profile::base::metrics::collectd::libpodstats ( - $ensure = 'present', - $config_path = '/etc/collectd.d/libpodstats.conf' -) { - - $db = '/usr/share/collectd/types.db.libpodstats' - - package { 'collectd-libpod-stats': - ensure => $ensure - } - - ::collectd::type { 'pod_cpu': - target => $db, - types => [{ - ds_type => 'GAUGE', - min => 0, - max => 100.1, - ds_name => 'percent', - }, - { - ds_type => 'DERIVE', - min => 0, - max => 'U', - ds_name => 'time', - } - ] - } - - ::collectd::type { 'pod_memory': - target => $db, - ds_type => 'GAUGE', - min => 0, - max => 281474976710656, - ds_name => 'value', - } - - file { $config_path: - ensure => $ensure, - mode => '0644', - content => template('tripleo/metrics/libpodstats.conf.epp'), - } -} diff --git a/manifests/profile/base/metrics/collectd/plugin_helper.pp b/manifests/profile/base/metrics/collectd/plugin_helper.pp deleted file mode 100644 index b624ee108..000000000 --- a/manifests/profile/base/metrics/collectd/plugin_helper.pp +++ /dev/null @@ -1,6 +0,0 @@ -# We use this to transform a list of unqualified plugin names -# (like ['disk', 'ntpd']) into the correct collectd plugin classes. -define tripleo::profile::base::metrics::collectd::plugin_helper ( -) { - include "collectd::plugin::${title}" -} diff --git a/manifests/profile/base/metrics/collectd/sensubility.pp b/manifests/profile/base/metrics/collectd/sensubility.pp deleted file mode 100644 index 1583bb8ce..000000000 --- a/manifests/profile/base/metrics/collectd/sensubility.pp +++ /dev/null @@ -1,246 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::profile::base::metrics::collectd::sensubility -# -# This is used to create configuration file for collectd-sensubility plugin -# -# === Parameters -# -# [*ensure*] -# (Optional) String. Action to perform with sensubility plugin -# configuration file. -# Defaults to 'present' -# -# [*config_path*] -# (Optional) String. Path to configuration file, which should be populated. -# Defaults to '/etc/collectd-sensubility.conf'. -# -# [*log_file*] -# (Optional) String. Override default log file path (/var/log/collectd/sensubility.log). -# Defaults to undef. -# -# [*log_level*] -# (Optional) String. Override default logging level (WARN). -# Defaults to undef. -# -# [*connection*] -# (Optional) String. URL to Sensu sever side (be default "ampq://sensu:sensu@localhost:5672//sensu") -# Defaults to undef. -# -# [*subscriptions*] -# (Optional) List of strings. List of channels to subscribe to. -# Defaults to undef. -# -# [*client_name*] -# (Optional) String. Name of the client displayed on Sensu server side (by default COLLECTD_HOSTNAME env or hostname). -# Defaults to undef. -# -# [*client_address*] -# (Optional) String. Address of the client displayed on Sensu server side (by default IP address of host). -# Defaults to undef. -# -# [*keepalive_interval*] -# (Optional) Integer. Interval in seconds for sending keepalive messages to Sensu server side (By default 20). -# Defaults to undef. -# -# [*shell_path*] -# (Optional) String. Path to shell used for executing check scripts (by default /usr/bin/sh). -# Defaults to undef. -# -# [*worker_count*] -# (Optional) String. Number of goroutines spawned for executing check scripts (by default 2). -# Defaults to undef. -# -# [*checks*] -# (Optional) Hash representing definitions of standalone checks (by default {}). -# Defaults to undef. -# -# [*amqp_host*] -# (Optional) String. Hostname or IP address of the AMQP 1.0 intermediary. -# Defaults to the undef -# -# [*amqp_port*] -# (Optional) String. Service name or port number on which the AMQP 1.0 -# intermediary accepts connections. This argument must be a string, -# even if the numeric form is used. -# Defaults to undef -# -# [*amqp_user*] -# (Optional) String. User part of credentials used to authenticate to the -# AMQP 1.0 intermediary. -# Defaults to undef -# -# [*amqp_password*] -# (Optional) String. Password part of credentials used to authenticate -# to the AMQP 1.0 intermediary. -# Defaults to undef -# -# [*exec_user*] -# (Optional) String. User under which sensubility is executed via collectd-exec. -# Defaults to 'collectd' -# -# [*exec_group*] -# (Optional) String. Group under which sensubility is executed via collectd-exec. -# Defaults to 'collectd' -# -# [*exec_sudo_rule*] -# (Optional) String. Rule which will be saved in /etc/sudoers.d for user specified -# by parameter exec_user. -# Defaults to undef -# -# [*results_format*] -# (Optional) String. Set message format compatibility. Options are -# [smartgateway,sensu] -# Defaults to smartgateway -# -# [*results_channel*] -# String. Target AMQP1 channel address to which messages should be sent -# Defaults to undef -# -# [*transport*] -# String. Bus type for message transport. Options are 'sensu' (rabbitmq) or 'amqp1' -# Defaults to 'sensu' -# -# [*workdir*] -# (Optional) String. Working directory for sensubility. This directory will contain -# temporary check scripts (in checks subdirectory) and downloaded scripts (in scripts subdirectory). -# Defaults to '/var/lib/collectd-sensubility' -# -# [*scripts*] -# (Optional) Hash. Should contain information about what scripts should be downloaded. The item format is following: -# { "script-name" => -# "source" => "http://uri.from.where.to.download/script-name", -# "checksum" => "checksum-of-the-script", -# "create_bin_link" => true/false # whether to create link to /usr/bin -# } -# Defaults to {} -# -# DEPRECATED PARAMETERS -# -# [*tmp_base_dir*] -# (Optional) String. DEPRECATED, use "workdir" parameter instead. -# -class tripleo::profile::base::metrics::collectd::sensubility ( - $ensure = 'present', - $config_path = '/etc/collectd-sensubility.conf', - $log_file = undef, - $log_level = undef, - $connection = undef, - $subscriptions = undef, - $client_name = undef, - $client_address = undef, - $keepalive_interval = undef, - $shell_path = undef, - $worker_count = undef, - $checks = undef, - $amqp_host = undef, - $amqp_port = undef, - $amqp_user = undef, - $amqp_password = undef, - $exec_user = 'collectd', - $exec_group = 'collectd', - $exec_sudo_rule = undef, - $results_format = 'smartgateway', - $results_channel = undef, - $transport = 'sensu', - $workdir = '/var/lib/collectd-sensubility', - $scripts = {}, - # DEPRECATED - $tmp_base_dir = undef, -) { - include collectd - include collectd::plugin::exec - - package { 'collectd-sensubility': - ensure => $ensure, - } - - if $tmp_base_dir { - warning('The "tmp_base_dir" parameter is deprecated and might be ignored in future releases. Use "workdir" instead.') - $checkdir = $tmp_base_dir - } else { - $checkdir = "${workdir}/checks" - } - $scriptsdir = "${workdir}/scripts" - - file { [$workdir, $checkdir, $scriptsdir]: - ensure => 'directory', - mode => '0700', - owner => $exec_user, - group => $exec_group - } - - file { $config_path: - ensure => $ensure, - mode => '0644', - content => epp('tripleo/metrics/collectd-sensubility.conf.epp', { - log_file => $log_file, - log_level => $log_level, - connection => $connection, - subscriptions => $subscriptions, - client_name => $client_name, - client_address => $client_address, - keepalive_interval => $keepalive_interval, - tmp_base_dir => $checkdir, - shell_path => $shell_path, - worker_count => $worker_count, - checks => inline_template('<%= @checks.to_json %>'), - amqp_host => $amqp_host, - amqp_port => $amqp_port, - amqp_user => $amqp_user, - amqp_password => $amqp_password, - results_format => $results_format, - results_channel => $results_channel, - transport => $transport - }) - } - - collectd::plugin::exec::cmd { 'sensubility': - user => $exec_user, - group => $exec_group, - exec => ['collectd-sensubility'], - } - - if $exec_sudo_rule { - $sudoers_path = "/etc/sudoers.d/sensubility_${exec_user}" - file { $sudoers_path: - ensure => $ensure, - mode => '0440', - content => "${exec_user} ${exec_sudo_rule}", - notify => Exec["${exec_user}-sudo-syntax-check"] - } - - exec { "${exec_user}-sudo-syntax-check": - path => ['/usr/sbin/', '/usr/bin/'], - command => "visudo -c -f '${sudoers_path}' || (rm -f '${sudoers_path}' && exit 1)", - refreshonly => true, - } - } - - $scripts.each |$name, $data| { - tripleo::profile::base::metrics::collectd::sensubility_script { $name: - checksum => $data['checksum'], - source => $data['source'], - user => $exec_user, - group => $exec_group, - scriptsdir => $scriptsdir, - create_bin_link => has_key($data, 'create_bin_link') ? { - true => $data['create_bin_link'], - default => true - } - } - } - -} diff --git a/manifests/profile/base/metrics/collectd/sensubility_script.pp b/manifests/profile/base/metrics/collectd/sensubility_script.pp deleted file mode 100644 index b9cd476c6..000000000 --- a/manifests/profile/base/metrics/collectd/sensubility_script.pp +++ /dev/null @@ -1,64 +0,0 @@ -# -# == Define: tripleo::profile::base::metrics::collectd::sensubility_script -# -# This is used to download third party script for sensubility check usage. The -# -# === Parameters -# [*source*] -# URI from where the file should be downloaded (only http:// is supported currently) -# -# [*scriptsdir*] -# Directory where all downloaded scripts reside. -# -# [*scriptname*] -# (optional) Name of script under which it will be saved. -# Defaults to $title -# -# [*checksum*] -# (optional) The checksum of the source contents. Only md5, sha256, sha224, -# sha384 and sha512 are supported when specifying this parameter. -# Defaults to undef -# -# [*user*] -# (optional) Owner of script directory and script files. -# Defaults to 'collectd' -# -# [*group*] -# (optional) Group of script directory and script files. -# Defaults to 'collectd' -# -# [*create_bin_link*] -# (optional) Whether the script should be linked to /usr/bin/sensubility_. -# Defaults to true -# -# [*bindir*] -# (optional) Which bin folder exactly should be used for links. -# Defaults to '/usr/bin' -# -define tripleo::profile::base::metrics::collectd::sensubility_script ( - $source, - $scriptsdir, - $scriptname = $title, - $checksum = undef, - $user = 'collectd', - $group = 'collectd', - $create_bin_link = true, - $bindir = '/usr/bin', -) { - file { "${scriptsdir}/${scriptname}": - ensure => 'present', - source => $source, - checksum_value => $checksum, - checksum => 'md5', - mode => '0700', - owner => $user, - group => $group - } - - if $create_bin_link { - file { "${bindir}/sensubility_${scriptname}": - ensure => 'link', - target => "${scriptsdir}/${scriptname}", - } - } -} diff --git a/manifests/profile/base/metrics/collectd/sqlalchemy_collectd.pp b/manifests/profile/base/metrics/collectd/sqlalchemy_collectd.pp deleted file mode 100644 index cdd070e14..000000000 --- a/manifests/profile/base/metrics/collectd/sqlalchemy_collectd.pp +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: tripleo::profile::base::metrics::collectd::sqlalchemy_collectd -# -# This is used to create configuration file for sqlalchemy-collectd plugin -# -# === Parameters -# -# [*bind_host*] -# (Optional) String. Hostname to listen on. Defaults to 0.0.0.0 -# -# [*bind_port*] -# (Optional) Integer. Port to listen on. defaults to 25827. -# -# [*log_messages*] -# (Optional) String. Log level for the plugin, set to "debug" to show -# messages received. -# Defaults to 'info' -# -# -define tripleo::profile::base::metrics::collectd::sqlalchemy_collectd ( - $bind_host = '0.0.0.0', - $bind_port = 25827, - $log_messages = 'info', - -) { - include collectd - - package { 'python-collectd-sqlalchemy': - ensure => 'present', - } - - ::collectd::plugin::python::module { 'collectd_sqlalchemy': - config => [{ - 'listen' => [$bind_host, $bind_port], - 'loglevel' => $log_messages - }], - module_import => 'sqlalchemy_collectd.server.plugin', - } - -} diff --git a/manifests/profile/base/metrics/qdr.pp b/manifests/profile/base/metrics/qdr.pp deleted file mode 100644 index 78435caa4..000000000 --- a/manifests/profile/base/metrics/qdr.pp +++ /dev/null @@ -1,253 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::metrics::qdr -# -# Qpid dispatch router profile for tripleo -# -# === Parameters -# -# [*username*] -# Username for the qdrouter daemon -# Defaults to undef -# -# [*password*] -# Password for the qdrouter daemon -# Defaults to undef -# -# [*listener_addr*] -# (optional) Service host name -# Defaults to 'localhost' -# -# [*listener_port*] -# Service name or port number on which the qdrouterd will accept connections. -# This argument must be string, even if the numeric form is used. -# Defaults to '5666' -# -# [*listener_require_encrypt*] -# (optional) Require the connection to the peer to be encrypted -# Defaults to 'no' -# -# [*listener_require_ssl*] -# (optional) Require the use of SSL on the connection -# Defaults to false -# -# [*listener_sasl_mech*] -# (optional) List of accepted SASL auth mechanisms -# Defaults to 'ANONYMOUS' -# -# [*listener_ssl_cert_db*] -# (optional) Path to certificate db -# Defaults to undef -# -# [*listener_ssl_cert_file*] -# (optional) Path to certificate file -# Defaults to undef -# -# [*listener_ssl_key_file*] -# (optional) Path to private key file -# Defaults to undef -# -# [*listener_ssl_pw_file*] -# (optional) Path to password file for certificate key -# Defaults to undef -# -# [*listener_ssl_password*] -# (optional) Password to be supplied -# Defaults to undef -# -# [*listener_trusted_certs*] -# (optional) Path to file containing trusted certificates -# Defaults to 'UNSET' -# -# [*interior_mesh_nodes*] -# (optional) Comma separated list of controller nodes' fqdns -# Defaults to lookup('controller_node_names', undef, undef, '') -# -# [*interior_ip*] -# (optional) IP address which should be used for internal communication. -# Has to be member of interior_mesh_nodes -# Defaults to lookup('ctlplane', undef, undef, undef) -# -# [*connectors*] -# (optional) List of hashes containing configuration for outgoing connections -# from the router. Each hash should contain 'host', 'role' and 'port' key. -# Defaults to [] -# -# [*ssl_profiles*] -# (optional) List of hashes containing configuration for ssl profiles -# Defaults to [] -# -# [*ssl_internal_profile_name*] -# (optional) SSL Profile name for internal connections. -# Defaults to undef. -# -# [*addresses*] -# (optional) List of hashes containing configuration for addresses. -# Defaults to [] -# -# [*autolink_addresses*] -# (optional) List of hashes containing configuration for autoLinks -# Defaults to [] -# -# [*router_mode*] -# (optional) Mode in which the qdrouterd service should run. -# Defaults to 'edge' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*ssl_cert_dir*] -# (Optional) Path to directory where SSL certificate files should be created. -# Defaults to '/etc/pki/tls/certs/' -# -class tripleo::profile::base::metrics::qdr ( - $username = undef, - $password = undef, - $listener_addr = 'localhost', - $listener_port = '5666', - $listener_require_ssl = false, - $listener_require_encrypt = false, - $listener_sasl_mech = undef, - $listener_ssl_cert_db = undef, - $listener_ssl_cert_file = undef, - $listener_ssl_key_file = undef, - $listener_ssl_pw_file = undef, - $listener_ssl_password = undef, - $listener_trusted_certs = undef, - $interior_mesh_nodes = lookup('controller_node_ips', undef, undef, ''), - $interior_ip = lookup('ctlplane', undef, undef, undef), - $connectors = [], - $ssl_profiles = [], - $ssl_internal_profile_name = undef, - $addresses = [], - $autolink_addresses = [], - $router_mode = 'edge', - $step = Integer(lookup('step')), - $ssl_cert_dir = '/etc/pki/tls/certs/', -) { - if $step >= 1 { - $interior_nodes = any2array(split($interior_mesh_nodes, ',')) - - if $ssl_internal_profile_name { - $node_base = {'sslProfile' => $ssl_internal_profile_name} - } else { - $node_base = {} - } - - if $router_mode == 'edge' { - if length($interior_nodes) > 0 { - # ignore explicitly set connectors and connect just to one of the interior nodes (choose randomly) - $all_connectors = [merge($node_base, - {'host' => $interior_nodes[fqdn_rand(length($interior_nodes))], - 'port' => '5668', - 'role' => 'edge', - 'verifyHostname' => false, - 'saslMechanisms' => 'ANONYMOUS'} - )] - } else { - # in case we don't have interior_nodes, eg. we run in all-edge mode - $all_connectors = $connectors - } - # and don't provide any internal listener - $internal_listeners = [] - } else { - # validate interior_ip - if ! ($interior_ip in $interior_nodes) { - fail("Value of interior_ip '${interior_ip}' is not member of interior_mesh_nodes '${interior_mesh_nodes}'.") - } - # provide listener for edge node and listener for other interior nodes (if required) - $edge_listener = merge($node_base, - {'host' => $interior_ip, - 'port' => '5668', - 'role' => 'edge', - 'authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS'}) - if length($interior_nodes) > 1 { - $internal_listeners = [ - $edge_listener, - merge($node_base, {'host' => $interior_ip, - 'port' => '5667', - 'role' => 'inter-router', - 'authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS'}) - ] - # build mesh with other interior nodes - $internal_connectors = $interior_nodes.reduce([]) |$memo, $node| { - if strip($node) == strip($interior_ip) { - $memo << true - } elsif true in $memo { - $memo - } else { - $memo << merge($node_base, - {'host' => $node, - 'port' => '5667', - 'role' => 'inter-router', - 'verifyHostname' => false}) - } - } - true - } else { - # single controller does not need to listen on / connect to other inter-router connections - $internal_listeners = [$edge_listener] - $internal_connectors = [] - } - $all_connectors = $connectors + $internal_connectors - } - - file { $ssl_cert_dir: - ensure => directory, - mode => '0755' - } - $prep_ssl_profiles = qdr_ssl_certificate($ssl_profiles, $ssl_cert_dir) - $final_ssl_profiles = $prep_ssl_profiles.reduce( [] ) |$memo, $prf| { - if has_key($prf, 'caCertFileContent') { - file { $prf['caCertFile']: - ensure => present, - content => $prf['caCertFileContent'], - mode => '0644', - require => File[$ssl_cert_dir] - } - $memo << delete($prf, 'caCertFileContent') - } else { - $memo << $prf - } - } - - class { 'qdr': - listener_addr => $listener_addr, - listener_port => $listener_port, - listener_require_encrypt => $listener_require_encrypt, - listener_require_ssl => $listener_require_ssl, - listener_ssl_cert_db => $listener_ssl_cert_db, - listener_ssl_cert_file => $listener_ssl_cert_file, - listener_ssl_key_file => $listener_ssl_key_file, - listener_ssl_pw_file => $listener_ssl_pw_file, - listener_ssl_password => $listener_ssl_password, - listener_trusted_certs => $listener_trusted_certs, - router_mode => $router_mode, - connectors => $all_connectors, - ssl_profiles => $final_ssl_profiles, - extra_addresses => $addresses, - autolink_addresses => $autolink_addresses, - extra_listeners => $internal_listeners, - } - - qdr_user { $username: - ensure => present, - password => $password, - } - } -} diff --git a/manifests/profile/base/neutron.pp b/manifests/profile/base/neutron.pp deleted file mode 100644 index 9a3f06240..000000000 --- a/manifests/profile/base/neutron.pp +++ /dev/null @@ -1,155 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron -# -# Neutron server profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*dhcp_agents_per_network*] -# (Optional) TripleO configured number of DHCP agents -# to use per network. If left to the default value, neutron will be -# configured with the number of DHCP agents being deployed. -# Defaults to undef -# -# [*dhcp_nodes*] -# (Optional) List of nodes running the DHCP agent. Used to -# set neutron's dhcp_agents_per_network value to the number -# of available agents. -# Defaults to lookup('neutron_dhcp_short_node_names') or [] -# -# [*container_cli*] -# (Optional) A container CLI to be used with the wrapper -# tooling to manage containers controlled by Neutron/OVN -# l3/dhcp/metadata agents. Accepts only 'podman' -# Defaults to lookup('container_cli', undef, undef, 'podman'). -# -class tripleo::profile::base::neutron ( - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $dhcp_agents_per_network = undef, - $dhcp_nodes = lookup('neutron_dhcp_short_node_names', undef, undef, []), - $container_cli = lookup('container_cli', undef, undef, 'podman'), -) { - if $step >= 3 { - # NOTE(bogdando) validate_* is deprecated and we do not want to use it here - if !($container_cli in ['podman']) { - fail("container_cli (${container_cli}) is not supported!") - } - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - $dhcp_agent_count = size($dhcp_nodes) - if $dhcp_agents_per_network { - $dhcp_agents_per_net = $dhcp_agents_per_network - if ($dhcp_agents_per_net > $dhcp_agent_count) { - warning("dhcp_agents_per_network (${dhcp_agents_per_net}) is greater\ - than the number of deployed dhcp agents (${dhcp_agent_count})") - } - } - elsif $dhcp_agent_count > 0 { - $dhcp_agents_per_net = $dhcp_agent_count - } - if lookup('nova_is_additional_cell', undef, undef, undef) { - $oslomsg_rpc_hosts_real = delete($oslomsg_rpc_hosts, any2array(lookup('oslo_messaging_rpc_cell_node_names', undef, undef, undef))) - } else { - $oslomsg_rpc_hosts_real = $oslomsg_rpc_hosts - } - - class { 'neutron' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts_real, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - dhcp_agents_per_network => $dhcp_agents_per_net, - } - include neutron::config - include neutron::logging - } -} diff --git a/manifests/profile/base/neutron/agents/bagpipe.pp b/manifests/profile/base/neutron/agents/bagpipe.pp deleted file mode 100644 index 5231c4931..000000000 --- a/manifests/profile/base/neutron/agents/bagpipe.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Ricardo Noriega -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::agents::bagpipe -# -# Neutron Bagpipe Agent profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::agents::bagpipe ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::agents::bagpipe - } -} diff --git a/manifests/profile/base/neutron/agents/l2gw.pp b/manifests/profile/base/neutron/agents/l2gw.pp deleted file mode 100644 index 9d4499892..000000000 --- a/manifests/profile/base/neutron/agents/l2gw.pp +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Peng Liu -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::agent::l2gw -# -# Neutron L2 Gateway agent profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::agents::l2gw ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include neutron::agents::l2gw - } -} diff --git a/manifests/profile/base/neutron/agents/mlnx.pp b/manifests/profile/base/neutron/agents/mlnx.pp deleted file mode 100644 index ba8182643..000000000 --- a/manifests/profile/base/neutron/agents/mlnx.pp +++ /dev/null @@ -1,34 +0,0 @@ -# -# == Class: tripleo::profile::base::neutron::agents::mlnx -# -# Neutron Mellanox Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::neutron::agents::mlnx( - $step = Integer(lookup('step')) -) { - - file { '/etc/neutron/plugins/mlnx': - ensure => directory, - } - - file { '/etc/neutron/plugins/mlnx/mlnx_conf.ini': - ensure => file, - owner => 'root', - group => 'neutron', - require => File['/etc/neutron/plugins/mlnx'], - mode => '0640', - } - - if $step >= 3 { - - include neutron::agents::ml2::mlnx - } -} diff --git a/manifests/profile/base/neutron/agents/networking_baremetal.pp b/manifests/profile/base/neutron/agents/networking_baremetal.pp deleted file mode 100644 index 16fa50beb..000000000 --- a/manifests/profile/base/neutron/agents/networking_baremetal.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::agents::networking_baremetal -# -# ironic-neutron-agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::neutron::agents::networking_baremetal( - $step = Integer(lookup('step')) -) { - - include tripleo::profile::base::neutron - - if $step >= 5 { - include neutron::agents::ml2::networking_baremetal - } -} diff --git a/manifests/profile/base/neutron/agents/ovn.pp b/manifests/profile/base/neutron/agents/ovn.pp deleted file mode 100644 index 10a4c66cb..000000000 --- a/manifests/profile/base/neutron/agents/ovn.pp +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::agents::ovn -# -# OVN Neutron agent profile for tripleo -# -# [*ovn_db_host*] -# (Optional) The IP-Address where OVN DBs are listening. -# Defaults to lookup('ovn_dbs_vip', undef, undef, undef) -# -# [*ovn_db_node_ips*] -# (Optional) The OVN DBs node ip addresses are listening. -# Defaults to lookup('ovn_dbs_node_ips', undef, undef, undef) -# -# [*ovn_db_clustered*] -# (Optional) Boolean indicating if we're running with ovn db clustering -# or pacemaker. Defaults to false for backwards compatibility -# Defaults to lookup('ovn_db_clustered', undef, undef, false) -# -# [*ovn_sbdb_port*] -# (Optional) Port number on which southbound database is listening -# Defaults to lookup('ovn::southbound::port') -# -# [*protocol*] -# (optional) Protocol use in communication with dbs -# Defaults to tcp -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*ovn_chassis_mac_map*] -# (optional) A list of key-value pairs that map a chassis specific mac to -# a physical network name. An example -# value mapping two chassis macs to two physical network names would be: -# physnet1:aa:bb:cc:dd:ee:ff,physnet2:a1:b2:c3:d4:e5:f6 -# These are the macs that ovn-controller will replace a router port -# mac with, if packet is going from a distributed router port on -# vlan type logical switch. -# Defaults to lookup('ovn_chassis_mac_map', undef, undef, undef) -# -class tripleo::profile::base::neutron::agents::ovn ( - $ovn_db_host = lookup('ovn_dbs_vip', undef, undef, undef), - $ovn_db_node_ips = lookup('ovn_dbs_node_ips', undef, undef, undef), - $ovn_db_clustered = lookup('ovn_db_clustered', undef, undef, false), - $ovn_sbdb_port = lookup('ovn::southbound::port'), - $protocol = 'tcp', - $step = Integer(lookup('step')), - $ovn_chassis_mac_map = lookup('ovn_chassis_mac_map', undef, undef, undef), -) { - if $step >= 4 { - if $ovn_db_clustered { - $db_hosts = any2array($ovn_db_node_ips) - } else { - $db_hosts = any2array($ovn_db_host) - } - $sb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_sbdb_port}"], ':') } - class { 'ovn::controller': - ovn_remote => join(any2array($sb_conn), ','), - ovn_chassis_mac_map => $ovn_chassis_mac_map, - } - } -} diff --git a/manifests/profile/base/neutron/authtoken.pp b/manifests/profile/base/neutron/authtoken.pp deleted file mode 100644 index f23108c5c..000000000 --- a/manifests/profile/base/neutron/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::authtoken -# -# Neutron authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::neutron::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+neutron") - } else { - $hashed_secret_key = undef - } - - class { 'neutron::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/neutron/bgpvpn.pp b/manifests/profile/base/neutron/bgpvpn.pp deleted file mode 100644 index 1c45086db..000000000 --- a/manifests/profile/base/neutron/bgpvpn.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Ricardo Noriega -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::bgpvpn -# -# Neutron BGPVPN Service plugin profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::bgpvpn ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::services::bgpvpn - } -} diff --git a/manifests/profile/base/neutron/dhcp.pp b/manifests/profile/base/neutron/dhcp.pp deleted file mode 100644 index 8871fb1b7..000000000 --- a/manifests/profile/base/neutron/dhcp.pp +++ /dev/null @@ -1,52 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::dhcp -# -# Neutron DHCP Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*neutron_dns_integration*] -# (Optional) Configure neutron to use the supplied unbound resolver nodes. -# Defaults to false -# -# [*unbound_resolvers*] -# (Optional) Unbound resolvers if configured. -# Defaults to lookup('unbound_node_ips', undef, undef, undef) -# -class tripleo::profile::base::neutron::dhcp ( - $step = Integer(lookup('step')), - $neutron_dns_integration = false, - $unbound_resolvers = lookup('unbound_node_ips', undef, undef, undef), -) { - if $step >= 4 { - include tripleo::profile::base::neutron - - if $neutron_dns_integration and $unbound_resolvers { - class{ 'neutron::agents::dhcp': - dnsmasq_dns_servers => $unbound_resolvers - } - } else { - include neutron::agents::dhcp - } - - Service<| title == 'neutron-server' |> -> Service <| title == 'neutron-dhcp' |> - } -} diff --git a/manifests/profile/base/neutron/dhcp_agent_wrappers.pp b/manifests/profile/base/neutron/dhcp_agent_wrappers.pp deleted file mode 100644 index 461ad2d7f..000000000 --- a/manifests/profile/base/neutron/dhcp_agent_wrappers.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::dhcp_agent_wrappers -# -# Generates wrapper scripts for running dhcp agent subprocesses in containers. -# -# === Parameters -# -# [*enable_dnsmasq_wrapper*] -# (Optional) If true, generates a wrapper for running dnsmasq in a container. -# Defaults to false -# -# [*dnsmasq_process_wrapper*] -# (Optional) Filename for dnsmasq wrapper in the specified file. -# Defaults to undef -# -# [*dnsmasq_image*] -# (Optional) Container image name for dnsmasq. Required if -# dnsmasq_process_wrapper is set. -# Defaults to undef -# -# [*enable_haproxy_wrapper*] -# (Optional) If true, generates a wrapper for running haproxy in a container. -# Defaults to false -# -# [*haproxy_process_wrapper*] -# (Optional) If set, generates a haproxy wrapper in the specified file. -# Defaults to undef -# -# [*haproxy_image*] -# (Optional) Container image name for haproxy. Required if -# haproxy_process_wrapper is set. -# Defaults to undef -# -# [*debug*] -# (Optional) Debug messages for the wrapper scripts. -# Defaults to False. -# -class tripleo::profile::base::neutron::dhcp_agent_wrappers ( - $enable_dnsmasq_wrapper = false, - $dnsmasq_process_wrapper = undef, - $dnsmasq_image = undef, - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - Boolean $debug = false, -) { - $container_cli = lookup('tripleo::profile::base::neutron::container_cli', undef, undef, 'podman') - if $enable_dnsmasq_wrapper { - unless $dnsmasq_image and $dnsmasq_process_wrapper{ - fail('The container image for dnsmasq and wrapper filename must be provided when generating dnsmasq wrappers') - } - tripleo::profile::base::neutron::wrappers::dnsmasq{'dhcp_dnsmasq_process_wrapper': - dnsmasq_process_wrapper => $dnsmasq_process_wrapper, - dnsmasq_image => $dnsmasq_image, - debug => $debug, - container_cli => $container_cli, - } - } - - if $enable_haproxy_wrapper { - unless $haproxy_image and $haproxy_process_wrapper{ - fail('The container image for haproxy and wrapper filename must be provided when generating haproxy wrappers') - } - tripleo::profile::base::neutron::wrappers::haproxy{'dhcp_haproxy_process_wrapper': - haproxy_process_wrapper => $haproxy_process_wrapper, - haproxy_image => $haproxy_image, - debug => $debug, - container_cli => $container_cli, - } - } -} diff --git a/manifests/profile/base/neutron/l2gw.pp b/manifests/profile/base/neutron/l2gw.pp deleted file mode 100644 index 68ccb0ee3..000000000 --- a/manifests/profile/base/neutron/l2gw.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Peng Liu -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::l2gw -# -# Neutron L2 Gateway Service plugin profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::l2gw ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::services::l2gw - } -} diff --git a/manifests/profile/base/neutron/l3.pp b/manifests/profile/base/neutron/l3.pp deleted file mode 100644 index 1a78cab8f..000000000 --- a/manifests/profile/base/neutron/l3.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::l3 -# -# Neutron L3 Agent server profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::l3 ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::neutron - include neutron::agents::l3 - - Service<| title == 'neutron-server' |> -> Service <| title == 'neutron-l3' |> - } -} diff --git a/manifests/profile/base/neutron/l3_agent_wrappers.pp b/manifests/profile/base/neutron/l3_agent_wrappers.pp deleted file mode 100644 index 26fc23cf9..000000000 --- a/manifests/profile/base/neutron/l3_agent_wrappers.pp +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::l3_agent_wrappers -# -# Generates wrapper scripts for running l3 agent subprocesses in containers. -# -# === Parameters -# -# [*enable_haproxy_wrapper*] -# (Optional) If true, generates a wrapper for running haproxy in a container. -# Defaults to false -# -# [*haproxy_process_wrapper*] -# (Optional) If set, generates a haproxy wrapper in the specified file. -# Defaults to undef -# -# [*haproxy_image*] -# (Optional) Container image name for haproxy. Required if -# haproxy_process_wrapper is set. -# Defaults to undef -# -# [*enable_radvd_wrapper*] -# (Optional) If true, generates a wrapper for running radvd in -# a container. -# Defaults to false -# -# [*radvd_process_wrapper*] -# (Optional) If set, generates a radvd wrapper in the specified file. -# Defaults to undef -# -# [*radvd_image*] -# (Optional) Container image name for haproxy. Required if radvd_process_wrapper -# is set. -# Defaults to undef -# -# [*enable_keepalived_wrapper*] -# (Optional) If true, generates a wrapper for running keepalived in -# a container. -# Defaults to false -# -# [*keepalived_process_wrapper*] -# (Optional) If set, generates a keepalived in the specified file. -# Defaults to undef -# -# [*keepalived_image*] -# (Optional) Container image name for keepalived. Required if -# keepalived_process_wrapper is set. -# Defaults to undef -# -# [*keepalived_state_change_wrapper*] -# (Optional) If set, generates a wrapper for running neutron's keepalived -# state change daemon in the keepalived container. The keepalived wrapper and -# image must also be set if this is set. -# Defaults to undef -# -# [*enable_dibbler_wrapper*] -# (Optional) If true, generates a wrapper for running dibbler in a container. -# Defaults to false -# -# [*dibbler_process_wrapper*] -# (Optional) If set, generates a dibbler in the specified file. -# Defaults to undef -# -# [*dibbler_image*] -# (Optional) Container image name for dibbler. Required if dibbler_process_wrapper is set. -# Defaults to undef -# -# [*debug*] -# (Optional) Debug messages for the wrapper scripts. -# Defaults to False. -# -class tripleo::profile::base::neutron::l3_agent_wrappers ( - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - $enable_radvd_wrapper = false, - $radvd_process_wrapper = undef, - $radvd_image = undef, - $enable_keepalived_wrapper = false, - $keepalived_process_wrapper = undef, - $keepalived_image = undef, - $keepalived_state_change_wrapper = undef, - $enable_dibbler_wrapper = false, - $dibbler_process_wrapper = undef, - $dibbler_image = undef, - Boolean $debug = false, -) { - $container_cli = lookup('tripleo::profile::base::neutron::container_cli', undef, undef, 'podman') - if $enable_haproxy_wrapper { - unless $haproxy_image and $haproxy_process_wrapper{ - fail('The container image for haproxy and wrapper filename must be provided when generating haproxy wrappers') - } - tripleo::profile::base::neutron::wrappers::haproxy{'l3_haproxy_process_wrapper': - haproxy_process_wrapper => $haproxy_process_wrapper, - haproxy_image => $haproxy_image, - debug => $debug, - container_cli => $container_cli, - } - } - - if $enable_radvd_wrapper { - unless $radvd_image and $radvd_process_wrapper{ - fail('The container image for radvd and wrapper filename must be provided when generating radvd wrappers') - } - tripleo::profile::base::neutron::wrappers::radvd{'l3_radvd_process_wrapper': - radvd_process_wrapper => $radvd_process_wrapper, - radvd_image => $radvd_image, - debug => $debug, - container_cli => $container_cli, - } - } - - if $enable_keepalived_wrapper { - unless $keepalived_image and $keepalived_process_wrapper{ - fail('The container image for keepalived and wrapper filename must be provided when generating keepalived wrappers') - } - tripleo::profile::base::neutron::wrappers::keepalived{'l3_keepalived': - keepalived_process_wrapper => $keepalived_process_wrapper, - keepalived_image => $keepalived_image, - debug => $debug, - container_cli => $container_cli, - } - unless $keepalived_state_change_wrapper { - fail('The keepalived state change wrapper must also be configured when generating keepalived wrappers') - } - tripleo::profile::base::neutron::wrappers::keepalived_state_change{'l3_keepalived_state_change': - keepalived_state_change_wrapper => $keepalived_state_change_wrapper, - debug => $debug, - container_cli => $container_cli, - } - } - - if $enable_dibbler_wrapper { - unless $dibbler_image and $dibbler_process_wrapper{ - fail('The container image for dibbler and wrapper filename must be provided when generating dibbler wrappers') - } - tripleo::profile::base::neutron::wrappers::dibbler_client{'l3_dibbler_daemon': - dibbler_process_wrapper => $dibbler_process_wrapper, - dibbler_image => $dibbler_image, - debug => $debug, - container_cli => $container_cli, - } - } -} diff --git a/manifests/profile/base/neutron/linuxbridge.pp b/manifests/profile/base/neutron/linuxbridge.pp deleted file mode 100644 index 570f09254..000000000 --- a/manifests/profile/base/neutron/linuxbridge.pp +++ /dev/null @@ -1,20 +0,0 @@ -# == Class: tripleo::profile::base::neutron::linuxbridge -# -# Neutron linuxbridge agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::linuxbridge( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 5 { - include neutron::agents::ml2::linuxbridge - } -} diff --git a/manifests/profile/base/neutron/metadata.pp b/manifests/profile/base/neutron/metadata.pp deleted file mode 100644 index a76a4f8e8..000000000 --- a/manifests/profile/base/neutron/metadata.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::metadata -# -# Neutron Metadata Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::metadata ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::neutron - include neutron::agents::metadata - - Service<| title == 'neutron-server' |> -> Service<| title == 'neutron-metadata' |> - } -} diff --git a/manifests/profile/base/neutron/ovn_metadata.pp b/manifests/profile/base/neutron/ovn_metadata.pp deleted file mode 100644 index 884d2ded7..000000000 --- a/manifests/profile/base/neutron/ovn_metadata.pp +++ /dev/null @@ -1,90 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::ovn_metadata -# -# Networking-ovn Metadata Agent profile for tripleo -# -# === Parameters -# -# [*ovn_db_host*] -# The IP-Address where OVN DBs are listening. -# Defaults to lookup('ovn_dbs_vip', undef, undef, undef) -# -# [*ovn_db_node_ips*] -# (Optional) The OVN DBs node ip addresses are listening. -# Defaults to lookup('ovn_dbs_node_ips', undef, undef, undef) -# -# [*ovn_db_clustered*] -# (Optional) Boolean indicating if we're running with ovn db clustering -# or pacemaker. Defaults to false for backwards compatibility -# Defaults to lookup('ovn_db_clustered', undef, undef, false) -# -# [*ovn_sb_port*] -# (Optional) Port number on which southbound database is listening -# Defaults to lookup('ovn::southbound::port') -# -# [*ovn_sb_private_key*] -# (optional) The PEM file with private key for SSL connection to OVN-SB-DB -# Defaults to $::os_service_default -# -# [*ovn_sb_certificate*] -# (optional) The PEM file with certificate that certifies the -# private key specified in ovn_sb_private_key -# Defaults to $::os_service_default -# -# [*ovn_sb_ca_cert*] -# (optional) The PEM file with CA certificate that OVN should use to -# verify certificates presented to it by SSL peers -# Defaults to $::os_service_default -# -# [*protocol*] -# (optional) Protocol use in communication with dbs -# Defaults to 'tcp' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::ovn_metadata ( - $ovn_db_host = lookup('ovn_dbs_vip', undef, undef, undef), - $ovn_db_node_ips = lookup('ovn_dbs_node_ips', undef, undef, undef), - $ovn_db_clustered = lookup('ovn_db_clustered', undef, undef, false), - $ovn_sb_port = lookup('ovn::southbound::port'), - $ovn_sb_private_key = $::os_service_default, - $ovn_sb_certificate = $::os_service_default, - $ovn_sb_ca_cert = $::os_service_default, - $protocol = 'tcp', - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::neutron - - if $ovn_db_clustered { - $db_hosts = any2array($ovn_db_node_ips) - } else { - $db_hosts = any2array($ovn_db_host) - } - $sb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port}"], ':') } - - class { 'neutron::agents::ovn_metadata': - ovn_sb_connection => join(any2array($sb_conn), ','), - ovn_sb_private_key => $ovn_sb_private_key, - ovn_sb_certificate => $ovn_sb_certificate, - ovn_sb_ca_cert => $ovn_sb_ca_cert, - } - Service<| title == 'controller' |> -> Service<| title == 'ovn-metadata' |> - } -} diff --git a/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp b/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp deleted file mode 100644 index 35842c8e6..000000000 --- a/manifests/profile/base/neutron/ovn_metadata_agent_wrappers.pp +++ /dev/null @@ -1,56 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::ovn_metadata_agent_wrappers -# -# Generates wrapper scripts for running OVN metadata agent subprocesses in containers. -# -# === Parameters -# -# [*enable_haproxy_wrapper*] -# (Optional) If true, generates a wrapper for running haproxy in a container. -# Defaults to false -# -# [*haproxy_process_wrapper*] -# (Optional) If set, generates a haproxy wrapper in the specified file. -# Defaults to undef -# -# [*haproxy_image*] -# (Optional) Container image name for haproxy. Required if -# haproxy_process_wrapper is set. -# Defaults to undef -# -# [*debug*] -# (Optional) Debug messages for the wrapper scripts. -# Defaults to False. -# -class tripleo::profile::base::neutron::ovn_metadata_agent_wrappers ( - $enable_haproxy_wrapper = false, - $haproxy_process_wrapper = undef, - $haproxy_image = undef, - Boolean $debug = false, -) { - $container_cli = lookup('tripleo::profile::base::neutron::container_cli', undef, undef, 'podman') - if $enable_haproxy_wrapper { - unless $haproxy_image and $haproxy_process_wrapper{ - fail('The container image for haproxy and wrapper filename must be provided when generating haproxy wrappers') - } - tripleo::profile::base::neutron::wrappers::haproxy{'ovn_metadata_haproxy_process_wrapper': - haproxy_process_wrapper => $haproxy_process_wrapper, - haproxy_image => $haproxy_image, - debug => $debug, - container_cli => $container_cli, - } - } -} diff --git a/manifests/profile/base/neutron/ovn_northd.pp b/manifests/profile/base/neutron/ovn_northd.pp deleted file mode 100644 index 2610af8b5..000000000 --- a/manifests/profile/base/neutron/ovn_northd.pp +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn -# -# OVN Neutron northd profile for tripleo -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ovn_dbs_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::ovn_northd ( - $bootstrap_node = lookup('ovn_dbs_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - if $step >= 4 { - # Note this only runs on the first node in the cluster when - # deployed on a role where multiple nodes exist. - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - include ovn::northd - } - } -} - diff --git a/manifests/profile/base/neutron/ovs.pp b/manifests/profile/base/neutron/ovs.pp deleted file mode 100644 index f9b845b58..000000000 --- a/manifests/profile/base/neutron/ovs.pp +++ /dev/null @@ -1,66 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::ovs -# -# Neutron OVS Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*vhostuser_socket_dir*] -# (Optional) vhostuser socket dir, The directory where $vhostuser_socket_dir -# will be created with correct permissions, inorder to support vhostuser -# client mode. -# Defaults to lookup('neutron::agents::ml2::ovs::vhostuser_socket_dir', undef, undef, undef) -# -# [*vhostuser_socket_group*] -# (Optional) Group name for vhostuser socket dir. -# Defaults to lookup('vhostuser_socket_group', undef, undef, 'qemu') -# -# [*vhostuser_socket_user*] -# (Optional) User name for vhostuser socket dir. -# Defaults to lookup('vhostuser_socket_user', undef, undef, 'qemu') -# -class tripleo::profile::base::neutron::ovs( - $step = Integer(lookup('step')), - $vhostuser_socket_dir = lookup('neutron::agents::ml2::ovs::vhostuser_socket_dir', undef, undef, undef), - $vhostuser_socket_group = lookup('vhostuser_socket_group', undef, undef, 'qemu'), - $vhostuser_socket_user = lookup('vhostuser_socket_user', undef, undef, 'qemu'), -) { - include tripleo::profile::base::neutron - - if $step >= 3 { - if $vhostuser_socket_dir { - file { $vhostuser_socket_dir: - ensure => directory, - owner => $vhostuser_socket_user, - group => $vhostuser_socket_group, - mode => '0775', - } - } - } - - if $step >= 5 { - include neutron::agents::ml2::ovs - - # Optional since manage_service may be false and neutron server may not be colocated. - Service<| title == 'neutron-server' |> -> Service<| title == 'neutron-ovs-agent-service' |> - } - -} diff --git a/manifests/profile/base/neutron/plugins/ml2.pp b/manifests/profile/base/neutron/plugins/ml2.pp deleted file mode 100644 index 58cfd2a07..000000000 --- a/manifests/profile/base/neutron/plugins/ml2.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::ml2 -# -# Neutron ML2 plugin profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('neutron_plugin_ml2_short_bootstrap_node_name', undef, undef, undef) -# -# [*mechanism_drivers*] -# (Optional) The mechanism drivers to use with the Ml2 plugin -# Defaults to lookup('neutron::plugins::ml2::mechanism_drivers') -# -# [*service_names*] -# (Optional) List of services enabled on the current role. -# We may not want to configure a ml2 plugin for a role, -# in spite of the fact that it is in the drivers list. -# Check if the required service is enabled from the service list. -# Defaults to lookup('service_names') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::plugins::ml2 ( - $bootstrap_node = lookup('neutron_plugin_ml2_short_bootstrap_node_name', undef, undef, undef), - $mechanism_drivers = lookup('neutron::plugins::ml2::mechanism_drivers'), - $service_names = lookup('service_names'), - $step = Integer(lookup('step')), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::neutron - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - include neutron::plugins::ml2 - - if 'openvswitch' in $mechanism_drivers { - include neutron::plugins::ml2::ovs_driver - } - - if 'sriovnicswitch' in $mechanism_drivers { - include neutron::plugins::ml2::sriov_driver - } - - if 'ovn' in $mechanism_drivers { - include tripleo::profile::base::neutron::plugins::ml2::ovn - } - - if 'nuage' in $mechanism_drivers { - include tripleo::profile::base::neutron::plugins::ml2::nuage - } - - if 'cisco_vts' in $mechanism_drivers { - include tripleo::profile::base::neutron::plugins::ml2::vts - } - - if 'mlnx_sdn_assist' in $mechanism_drivers { - include neutron::plugins::ml2::mellanox - include neutron::plugins::ml2::mellanox::mlnx_sdn_assist - } - - if 'baremetal' in $mechanism_drivers { - include tripleo::profile::base::neutron::plugins::ml2::networking_baremetal - } - } -} diff --git a/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp b/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp deleted file mode 100644 index ab9404634..000000000 --- a/manifests/profile/base/neutron/plugins/ml2/bagpipe.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Ricardo Noriega -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::ml2::bagpipe -# -# Neutron Bagpipe ML2 profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::plugins::ml2::bagpipe ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::plugins::ml2::bagpipe - } -} diff --git a/manifests/profile/base/neutron/plugins/ml2/networking_baremetal.pp b/manifests/profile/base/neutron/plugins/ml2/networking_baremetal.pp deleted file mode 100644 index 9f30eef1d..000000000 --- a/manifests/profile/base/neutron/plugins/ml2/networking_baremetal.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class:tripleo::profile::base::neutron::plugins::ml2::networking_baremetal -# -# Neutron networking-baremetal ML2 plugin profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::neutron::plugins::ml2::networking_baremetal( - $step = Integer(lookup('step')) -) { - - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::plugins::ml2::networking_baremetal - } -} diff --git a/manifests/profile/base/neutron/plugins/ml2/ovn.pp b/manifests/profile/base/neutron/plugins/ml2/ovn.pp deleted file mode 100644 index 05c02d550..000000000 --- a/manifests/profile/base/neutron/plugins/ml2/ovn.pp +++ /dev/null @@ -1,136 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::ml2::ovn -# -# OVN Neutron ML2 profile for tripleo -# -# [*ovn_db_host*] -# The IP-Address where OVN DBs are listening. -# Defaults to lookup('ovn_dbs_vip', undef, undef, undef) -# -# [*ovn_db_node_ips*] -# (Optional) The OVN DBs node ip addresses are listening. -# Defaults to lookup('ovn_dbs_node_ips', undef, undef, undef) -# -# [*ovn_db_clustered*] -# (Optional) Boolean indicating if we're running with ovn db clustering -# or pacemaker. Defaults to false for backwards compatibility -# Defaults to lookup('ovn_db_clustered', undef, undef, false) -# -# [*ovn_nb_port*] -# (Optional) Port number on which northbound database is listening -# Defaults to lookup('ovn::northbound::port') -# -# [*ovn_sb_port*] -# (Optional) Port number on which southbound database is listening -# Defaults to lookup('ovn::southbound::port') -# -# [*ovn_nb_private_key*] -# (optional) The PEM file with private key for SSL connection to OVN-NB-DB -# Defaults to $::os_service_default -# -# [*ovn_nb_certificate*] -# (optional) The PEM file with certificate that certifies the private -# key specified in ovn_nb_private_key -# Defaults to $::os_service_default -# -# [*ovn_nb_ca_cert*] -# (optional) The PEM file with CA certificate that OVN should use to -# verify certificates presented to it by SSL peers -# Defaults to $::os_service_default -# -# [*ovn_sb_private_key*] -# (optional) The PEM file with private key for SSL connection to OVN-SB-DB -# Defaults to $::os_service_default -# -# [*ovn_sb_certificate*] -# (optional) The PEM file with certificate that certifies the -# private key specified in ovn_sb_private_key -# Defaults to $::os_service_default -# -# [*ovn_sb_ca_cert*] -# (optional) The PEM file with CA certificate that OVN should use to -# verify certificates presented to it by SSL peers -# Defaults to $::os_service_default -# -# [*protocol*] -# (optional) Protocol use in communication with dbs -# Defaults to tcp -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*neutron_dns_integration*] -# (Optional) Configure neutron to use the supplied unbound resolver nodes. -# Defaults to false -# -# [*unbound_resolvers*] -# (Optional) Unbound resolvers if configured. -# Defaults to lookup('unbound_node_ips', undef, undef, undef) -# -# [*dns_servers*] -# (Optional) Heat template defined dns servers if provided. -# Defaults to lookup('neutron::plugins::ml2::ovn', undef, undef, $::os_service_default) -# -class tripleo::profile::base::neutron::plugins::ml2::ovn ( - $ovn_db_host = lookup('ovn_dbs_vip', undef, undef, undef), - $ovn_db_node_ips = lookup('ovn_dbs_node_ips', undef, undef, undef), - $ovn_db_clustered = lookup('ovn_db_clustered', undef, undef, false), - $ovn_nb_port = lookup('ovn::northbound::port'), - $ovn_sb_port = lookup('ovn::southbound::port'), - $ovn_nb_private_key = $::os_service_default, - $ovn_nb_certificate = $::os_service_default, - $ovn_nb_ca_cert = $::os_service_default, - $ovn_sb_private_key = $::os_service_default, - $ovn_sb_certificate = $::os_service_default, - $ovn_sb_ca_cert = $::os_service_default, - $protocol = 'tcp', - $step = Integer(lookup('step')), - $neutron_dns_integration = false, - $unbound_resolvers = lookup('unbound_node_ips', undef, undef, undef), - $dns_servers = lookup('neutron::plugins::ml2::ovn::dns_servers', undef, undef, $::os_service_default), -) { - - if $step >= 4 { - if $ovn_db_clustered { - $db_hosts = any2array($ovn_db_node_ips) - } else { - $db_hosts = any2array($ovn_db_host) - } - $sb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port}"], ':') } - $nb_conn = $db_hosts.map |$h| { join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port}"], ':') } - - if $neutron_dns_integration and $unbound_resolvers { - $unbound_resolvers_real = $unbound_resolvers - } else { - $unbound_resolvers_real = $dns_servers - } - - class { 'neutron::plugins::ml2::ovn': - ovn_nb_connection => join(any2array($nb_conn), ','), - ovn_sb_connection => join(any2array($sb_conn), ','), - ovn_nb_private_key => $ovn_nb_private_key, - ovn_nb_certificate => $ovn_nb_certificate, - ovn_nb_ca_cert => $ovn_nb_ca_cert, - ovn_sb_private_key => $ovn_sb_private_key, - ovn_sb_certificate => $ovn_sb_certificate, - ovn_sb_ca_cert => $ovn_sb_ca_cert, - dns_servers => $unbound_resolvers_real - } - } -} - diff --git a/manifests/profile/base/neutron/plugins/ml2/vts.pp b/manifests/profile/base/neutron/plugins/ml2/vts.pp deleted file mode 100644 index 706a67cf4..000000000 --- a/manifests/profile/base/neutron/plugins/ml2/vts.pp +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2017 Cisco, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::ml2::vts -# -# Cisco VTS Controller Neutron ML2 plugin profile for TripleO -# -# === Parameters -# -# -# [*vts_url_ip*] -# (Optional) IP address of the VTS Server -# Defaults to lookup('vts::vts_ip', undef, undef, undef) -# -# [*vts_port*] -# (Optional) VTS Server Neutron service port -# Defaults to lookup('vts::vts_port', undef, undef, 8888) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::plugins::ml2::vts ( - $vts_url_ip = lookup('vts::vts_ip', undef, undef, undef), - $vts_port = lookup('vts::vts_port', undef, undef, 8888), - $step = Integer(lookup('step')), -) { - - if $step >= 4 { - - if $vts_url_ip != undef { - $vts_url_ip_out = normalize_ip_for_uri($vts_url_ip) - - class { 'neutron::plugins::ml2::cisco::vts': - vts_url => "https://${vts_url_ip_out}:${vts_port}/api/running/openstack" - } - } - } -} diff --git a/manifests/profile/base/neutron/plugins/opencontrail.pp b/manifests/profile/base/neutron/plugins/opencontrail.pp deleted file mode 100644 index 953ed2d9c..000000000 --- a/manifests/profile/base/neutron/plugins/opencontrail.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::plugins::opencontrail -# -# Opencontrail Neutron profile for tripleo -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('contrail_neutron_plugin_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::plugins::opencontrail ( - $bootstrap_node = lookup('contrail_neutron_plugin_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::neutron - - if $step >= 4 or ( $step >= 3 and $sync_db ) { - include neutron::plugins::opencontrail - } -} diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp deleted file mode 100644 index e6662c767..000000000 --- a/manifests/profile/base/neutron/server.pp +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright 2014 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::server -# -# Neutron server profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('neutron_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*dvr_enabled*] -# (Optional) Is dvr enabled, used when no override is passed to -# l3_ha_override to calculate enabling l3 HA. -# Defaults to lookup('neutron::server::router_distributed', undef, undef, false) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*l3_ha_override*] -# (Optional) Override the calculated value for neutron::server::l3_ha -# by default this is calculated to enable when DVR is not enabled -# and the number of nodes running neutron api is more than one. -# Defaults to '' which aligns with the t-h-t default, and means use -# the calculated value. Other possible values are 'true' or 'false' -# -# [*l3_nodes*] -# (Optional) List of nodes running the l3 agent, used when no override -# is passed to l3_ha_override to calculate enabling l3 HA. -# Defaults to lookup('neutron_l3_short_node_names', undef, undef, []) -# (we need to default neutron_l3_short_node_names to an empty list -# because some neutron backends disable the l3 agent) -# -# [*neutron_network*] -# (Optional) The network name where the neutron endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('neutron_api_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*tls_proxy_bind_ip*] -# IP on which the TLS proxy will listen on. Required only if -# enable_internal_tls is set. -# Defaults to undef -# -# [*tls_proxy_fqdn*] -# fqdn on which the tls proxy will listen on. required only used if -# enable_internal_tls is set. -# defaults to undef -# -# [*tls_proxy_port*] -# port on which the tls proxy will listen on. Only used if -# enable_internal_tls is set. -# defaults to 9696 -# -# [*designate_api_enabled*] -# (Optional) Indicate whether Designate is available in the deployment. -# Defaults to lookup('designate_api_enabled', undef, undef, false) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::neutron::server ( - $bootstrap_node = lookup('neutron_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $dvr_enabled = lookup('neutron::server::router_distributed', undef, undef, false), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $l3_ha_override = '', - $l3_nodes = lookup('neutron_l3_short_node_names', undef, undef, []), - $neutron_network = lookup('neutron_api_network', undef, undef, undef), - $step = Integer(lookup('step')), - $tls_proxy_bind_ip = undef, - $tls_proxy_fqdn = undef, - $tls_proxy_port = 9696, - $designate_api_enabled = lookup('designate_api_enabled', undef, undef, false), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::neutron - include tripleo::profile::base::neutron::authtoken - - if $enable_internal_tls { - if !$neutron_network { - fail('neutron_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${neutron_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${neutron_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - # Calculate neutron::server::l3_ha based on the number of API nodes - # combined with if DVR is enabled. - if $l3_ha_override != '' { - $l3_ha = str2bool($l3_ha_override) - } elsif ! str2bool($dvr_enabled) { - $l3_ha = size($l3_nodes) > 1 - } else { - $l3_ha = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $configure_apache { - include tripleo::profile::base::apache - if $enable_internal_tls { - ::tripleo::tls_proxy { 'neutron-api': - servername => $tls_proxy_fqdn, - ip => $tls_proxy_bind_ip, - port => $tls_proxy_port, - tls_cert => $tls_certfile, - tls_key => $tls_keyfile, - } - Tripleo::Tls_proxy['neutron-api'] ~> Anchor<| title == 'neutron::service::begin' |> - } else { - class { 'neutron::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } - if $designate_api_enabled { - include neutron::designate - } - } - # We start neutron-server on the bootstrap node first, because - # it will try to populate tables and we need to make sure this happens - # before it starts on other nodes - if $step >= 4 and $sync_db or $step >= 5 and !$sync_db { - - include neutron::server::notifications - include neutron::server::notifications::nova - include neutron::server::placement - # We need to override the hiera value neutron::server::sync_db which is set - # to true - class { 'neutron::server': - sync_db => $sync_db, - l3_ha => $l3_ha, - } - include neutron::db - include neutron::healthcheck - include neutron::quota - } -} diff --git a/manifests/profile/base/neutron/sfc.pp b/manifests/profile/base/neutron/sfc.pp deleted file mode 100644 index e729bf8f3..000000000 --- a/manifests/profile/base/neutron/sfc.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2017 Red Hat Inc. -# -# Author: Tim Rozet -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::bgpvpn -# -# Neutron SFC Service plugin profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::neutron::sfc ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::services::sfc - } -} diff --git a/manifests/profile/base/neutron/sriov.pp b/manifests/profile/base/neutron/sriov.pp deleted file mode 100644 index b1a2e36d5..000000000 --- a/manifests/profile/base/neutron/sriov.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::sriov -# -# Neutron SR-IOV nic Agent profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::neutron::sriov( - $step = Integer(lookup('step')) -) { - - include tripleo::profile::base::neutron - - if $step >= 4 { - include neutron::agents::ml2::sriov - } -} diff --git a/manifests/profile/base/neutron/wrappers/dibbler_client.pp b/manifests/profile/base/neutron/wrappers/dibbler_client.pp deleted file mode 100644 index bd0cec80f..000000000 --- a/manifests/profile/base/neutron/wrappers/dibbler_client.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::neutron::wrappers::dibbler_client -# -# Generates wrapper script for running dibbler in a container. -# -# === Parameters -# -# [*dibbler_process_wrapper*] -# Filename for dibbler wrapper script. -# -# [*dibbler_image*] -# Container image name for dibbler. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. -# -define tripleo::profile::base::neutron::wrappers::dibbler_client ( - $dibbler_process_wrapper, - $dibbler_image, - Boolean $debug, - $container_cli, -) { - file { $dibbler_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/dibbler-client.epp', { - 'image_name' => $dibbler_image, - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/neutron/wrappers/dnsmasq.pp b/manifests/profile/base/neutron/wrappers/dnsmasq.pp deleted file mode 100644 index fe8d64ca0..000000000 --- a/manifests/profile/base/neutron/wrappers/dnsmasq.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::neutron::wrappers::dnsmasq -# -# Generates wrapper script for running dnsmasq in a container. -# -# === Parameters -# -# [*dnsmasq_process_wrapper*] -# Filename for dnsmasq wrapper script. -# -# [*dnsmasq_image*] -# Container image name for dnsmasq. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. -# -define tripleo::profile::base::neutron::wrappers::dnsmasq ( - $dnsmasq_process_wrapper, - $dnsmasq_image, - Boolean $debug, - $container_cli, -) { - file { $dnsmasq_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/dnsmasq.epp', { - 'image_name' => $dnsmasq_image, - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/neutron/wrappers/haproxy.pp b/manifests/profile/base/neutron/wrappers/haproxy.pp deleted file mode 100644 index 447448640..000000000 --- a/manifests/profile/base/neutron/wrappers/haproxy.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::neutron::wrappers::haproxy -# -# Generates wrapper script for running haproxy in a container. -# -# === Parameters -# -# [*haproxy_process_wrapper*] -# Filename for haproxy wrapper script. -# -# [*haproxy_image*] -# Container image name for haproxy. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. -# -define tripleo::profile::base::neutron::wrappers::haproxy ( - $haproxy_process_wrapper, - $haproxy_image, - Boolean $debug, - $container_cli, -) { - file { $haproxy_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/haproxy.epp', { - 'image_name' => $haproxy_image, - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/neutron/wrappers/keepalived.pp b/manifests/profile/base/neutron/wrappers/keepalived.pp deleted file mode 100644 index 467edfa37..000000000 --- a/manifests/profile/base/neutron/wrappers/keepalived.pp +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::neutron::wrappers::keepalived -# -# Generates wrapper script for running keepalived in a container. -# -# === Parameters -# -# [*keepalived_process_wrapper*] -# Filename for keepalived wrapper script. -# -# [*keepalived_image*] -# Container image name for keepalived. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. -# -define tripleo::profile::base::neutron::wrappers::keepalived ( - $keepalived_process_wrapper, - $keepalived_image, - Boolean $debug, - $container_cli, -) { - file { $keepalived_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/keepalived.epp', { - 'image_name' => $keepalived_image, - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp b/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp deleted file mode 100644 index 93ed2ded3..000000000 --- a/manifests/profile/base/neutron/wrappers/keepalived_state_change.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::neutron::wrappers::keepalived_state_change -# -# Generates wrapper script for running keepalived-state-change daemon in a container. -# -# === Parameters -# -# [*keepalived_state_change_wrapper*] -# Filename for neutron-keepalived-state-change wrapper script. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. -# -define tripleo::profile::base::neutron::wrappers::keepalived_state_change ( - $keepalived_state_change_wrapper, - Boolean $debug, - $container_cli, -) { - file { $keepalived_state_change_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/neutron-keepalived-state-change.epp', { - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/neutron/wrappers/radvd.pp b/manifests/profile/base/neutron/wrappers/radvd.pp deleted file mode 100644 index eb84f5c81..000000000 --- a/manifests/profile/base/neutron/wrappers/radvd.pp +++ /dev/null @@ -1,49 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::neutron::wrappers::radvd -# -# Generates wrapper script for running radvd in a container. -# -# === Parameters -# -# [*radvd_process_wrapper*] -# Filename for radvd wrapper script. -# -# [*radvd_image*] -# Container image name for radvd. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -# [*container_cli*] -# Host containers runtime system to use. - -# -define tripleo::profile::base::neutron::wrappers::radvd ( - $radvd_process_wrapper, - $radvd_image, - Boolean $debug, - $container_cli, -) { - file { $radvd_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/neutron/radvd.epp', { - 'image_name' => $radvd_image, - 'debug' => $debug, - 'container_cli' => $container_cli, - }) - } -} diff --git a/manifests/profile/base/nova.pp b/manifests/profile/base/nova.pp deleted file mode 100644 index 190549ad1..000000000 --- a/manifests/profile/base/nova.pp +++ /dev/null @@ -1,180 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova -# -# Nova base profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('nova_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*oslomsg_notify_proto*] -# Protocol driver for the oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_notify_hosts*] -# list of the oslo messaging notify host fqdns -# Defaults to any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)) -# -# [*oslomsg_notify_port*] -# IP port for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_port', undef, undef, '5672') -# -# [*oslomsg_notify_username*] -# Username for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_user_name', undef, undef, 'guest') -# -# [*oslomsg_notify_password*] -# Password for oslo messaging notify service -# Defaults to lookup('oslo_messaging_notify_password') -# -# [*oslomsg_notify_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_notify_use_ssl', undef, undef, '0') -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*cache_backend*] -# (Optional) oslo.cache backend used for caching. -# Defaults to lookup('nova::cache::backend', undef, undef, false) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::nova ( - $bootstrap_node = lookup('nova_api_short_bootstrap_node_name', undef, undef, undef), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $oslomsg_notify_proto = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $oslomsg_notify_hosts = any2array(lookup('oslo_messaging_notify_node_names', undef, undef, undef)), - $oslomsg_notify_password = lookup('oslo_messaging_notify_password'), - $oslomsg_notify_port = lookup('oslo_messaging_notify_port', undef, undef, '5672'), - $oslomsg_notify_username = lookup('oslo_messaging_notify_user_name', undef, undef, 'guest'), - $oslomsg_notify_use_ssl = lookup('oslo_messaging_notify_use_ssl', undef, undef, '0'), - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $cache_backend = lookup('nova::cache::backend', undef, undef, false), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - $oslomsg_notify_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_notify_use_ssl))) - if lookup('nova_is_additional_cell', undef, undef, undef) { - $oslomsg_rpc_hosts_real = any2array(lookup('oslo_messaging_rpc_cell_node_names', undef, undef, undef)) - } else { - $oslomsg_rpc_hosts_real = $oslomsg_rpc_hosts - } - - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - if $cache_backend in ['oslo_cache.memcache_pool', 'dogpile.cache.memcached'] { - # NOTE(tkajinm): The inet6 prefix is required for backends using - # python-memcached - $cache_memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - # NOTE(tkajinam): The other backends like pymemcache don't require - # the inet6 prefix - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - } else { - $cache_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcached_hosts_real)), ":${memcached_port}") - } - - include nova::config - include nova::logging - class { 'nova::cache': - memcache_servers => $cache_memcache_servers - } - class { 'nova': - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts_real, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - notification_transport_url => os_transport_url({ - 'transport' => $oslomsg_notify_proto, - 'hosts' => $oslomsg_notify_hosts, - 'port' => $oslomsg_notify_port, - 'username' => $oslomsg_notify_username, - 'password' => $oslomsg_notify_password, - 'ssl' => $oslomsg_notify_use_ssl_real, - }), - } - include nova::cinder - include nova::glance - include nova::placement - include nova::keystone::service_user - } -} diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp deleted file mode 100644 index fd41bfaa7..000000000 --- a/manifests/profile/base/nova/api.pp +++ /dev/null @@ -1,124 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::api -# -# Nova API profile for tripleo -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('nova_api_short_bootstrap_node_name') -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*nova_api_network*] -# (Optional) The network name where the nova API endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('nova_api_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*nova_enable_db_archive*] -# (Optional) Whether to enable db archiving -# Defaults to lookup('nova_enable_db_archive', undef, undef, true) -# -# [*nova_enable_db_purge*] -# (Optional) Whether to enable db purging -# Defaults to lookup('nova_enable_db_purge', undef, undef, true) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) - -class tripleo::profile::base::nova::api ( - $bootstrap_node = lookup('nova_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $nova_api_network = lookup('nova_api_network', undef, undef, undef), - $step = Integer(lookup('step')), - $nova_enable_db_archive = lookup('nova_enable_db_archive', undef, undef, true), - $nova_enable_db_purge = lookup('nova_enable_db_purge', undef, undef, true), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::nova - include tripleo::profile::base::nova::authtoken - - if $step >= 4 or ($step >= 3 and $sync_db) { - class { 'nova::api': - sync_db => $sync_db, - sync_db_api => $sync_db, - nova_metadata_wsgi_enabled => true - } - include nova::cors - include nova::quota - include nova::keystone - include nova::network::neutron - include nova::pci - include nova::vendordata - } - - if $enable_internal_tls { - if !$nova_api_network { - fail('nova_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_api_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_api_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $configure_apache { - include tripleo::profile::base::apache - class { 'nova::wsgi::apache_api': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } - - if $step >= 5 { - if $nova_enable_db_archive { - include nova::cron::archive_deleted_rows - if $nova_enable_db_purge { - include nova::cron::purge_shadow_tables - } - } - } -} - diff --git a/manifests/profile/base/nova/authtoken.pp b/manifests/profile/base/nova/authtoken.pp deleted file mode 100644 index e09d49830..000000000 --- a/manifests/profile/base/nova/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::authtoken -# -# Nova authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::nova::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+nova") - } else { - $hashed_secret_key = undef - } - - class { 'nova::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/nova/compute.pp b/manifests/profile/base/nova/compute.pp deleted file mode 100644 index a64da6b81..000000000 --- a/manifests/profile/base/nova/compute.pp +++ /dev/null @@ -1,81 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::compute -# -# Nova Compute profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*cinder_nfs_backend*] -# (Optional) Whether or not Cinder is backed by NFS. -# Defaults to lookup('cinder_enable_nfs_backend', undef, undef, false) -# -# [*nova_nfs_enabled*] -# (Optional) Whether or not Nova is backed by NFS. -# Defaults to lookup('nova_nfs_enabled', undef, undef, false) -# -class tripleo::profile::base::nova::compute ( - $step = Integer(lookup('step')), - $cinder_nfs_backend = lookup('cinder_enable_nfs_backend', undef, undef, false), - $nova_nfs_enabled = lookup('nova_nfs_enabled', undef, undef, false), -) { - - if $step >= 4 { - # deploy basic bits for nova - include tripleo::profile::base::nova - include nova::compute::image_cache - include nova::vendordata - include nova::compute::provider - include nova::key_manager - include nova::key_manager::barbican - - # NOTE(tkajinam): Policies are used in some features in nova-compute, - # For example when connecting an instance to an external - # network - include nova::policy - - # deploy basic bits for nova-compute - include nova::compute - - include nova::compute::pci - # If Service['nova-conductor'] is in catalog, make sure we start it - # before nova-compute. - Service<| title == 'nova-conductor' |> -> Service['nova-compute'] - - - # deploy bits to connect nova compute to neutron - include nova::network::neutron - - } - - # If NFS is used as a Cinder or Nova backend - if $cinder_nfs_backend or $nova_nfs_enabled { - ensure_packages('nfs-utils', { ensure => present }) - Package['nfs-utils'] -> Service['nova-compute'] - if str2bool($::selinux) { - selboolean { 'virt_use_nfs': - value => on, - persistent => true, - } - Selboolean['virt_use_nfs'] -> Package['nfs-utils'] - } - } - -} diff --git a/manifests/profile/base/nova/compute/ironic.pp b/manifests/profile/base/nova/compute/ironic.pp deleted file mode 100644 index a24879f7d..000000000 --- a/manifests/profile/base/nova/compute/ironic.pp +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::compute::ironic -# -# Nova Compute Ironic profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::nova::compute::ironic ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::nova::compute - include nova::compute::ironic - include nova::network::neutron - } -} diff --git a/manifests/profile/base/nova/compute/libvirt.pp b/manifests/profile/base/nova/compute/libvirt.pp deleted file mode 100644 index 0d33b4ae7..000000000 --- a/manifests/profile/base/nova/compute/libvirt.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::compute::libvirt -# -# Nova Compute Libvirt profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::nova::compute::libvirt ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::nova::compute - include tripleo::profile::base::nova::migration::client - } - include tripleo::profile::base::nova::compute_libvirt_shared - -} diff --git a/manifests/profile/base/nova/compute/libvirt_guests.pp b/manifests/profile/base/nova/compute/libvirt_guests.pp deleted file mode 100644 index a85d3dfe1..000000000 --- a/manifests/profile/base/nova/compute/libvirt_guests.pp +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::compute::libvirt_guests -# -# Configures libvirt-guests service. -# -# === Parameters: -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*enabled*] -# (Optional) Whether libvirt-guests should be configured and enabled or not. -# Defaults to undef -# -class tripleo::profile::base::nova::compute::libvirt_guests ( - $step = Integer(lookup('step')), - $enabled = undef, -) { - # only configure libvirt-guests if enabled - if $step >= 4 and $enabled { - class { 'nova::compute::libvirt_guests': - enabled => $enabled, - } - include nova::compute::libvirt_guests - } -} diff --git a/manifests/profile/base/nova/compute_libvirt_shared.pp b/manifests/profile/base/nova/compute_libvirt_shared.pp deleted file mode 100644 index 04515a72a..000000000 --- a/manifests/profile/base/nova/compute_libvirt_shared.pp +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::compute_libvirt_shared -# -# Libvirt profile for tripleo. It will deploy Libvirt service and configure it. -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*rbd_ephemeral_storage*] -# (Optional) Use Ceph as ephemeral disk backend. -# Defaults to lookup('nova::compute::rbd::ephemeral_storage', undef, undef, false) -# -# [*rbd_persistent_storage*] -# (Optional) Use Ceph as volume backend. -# Defaults to lookup('rbd_persistent_storage', undef, undef, false) -# -# [*rbd_disk_cachemodes*] -# (Optional) Cache mode of rbd volumes. -# Defaults to lookup('rbd_disk_cachemodes', undef, undef, ['network=writeback']) -# -class tripleo::profile::base::nova::compute_libvirt_shared ( - $step = Integer(lookup('step')), - $rbd_ephemeral_storage = lookup('nova::compute::rbd::ephemeral_storage', undef, undef, false), - $rbd_persistent_storage = lookup('rbd_persistent_storage', undef, undef, false), - $rbd_disk_cachemodes = lookup('rbd_disk_cachemodes', undef, undef, ['network=writeback']), -) { - if $step >= 4 { - # Ceph + Libvirt - if $rbd_ephemeral_storage or $rbd_persistent_storage { - include nova::compute::rbd - } - - if $rbd_ephemeral_storage { - class { 'nova::compute::libvirt': - disk_cachemodes => $rbd_disk_cachemodes, - hw_disk_discard => 'unmap', - } - } else { - include nova::compute::libvirt - } - } -} diff --git a/manifests/profile/base/nova/conductor.pp b/manifests/profile/base/nova/conductor.pp deleted file mode 100644 index 3f624ca8f..000000000 --- a/manifests/profile/base/nova/conductor.pp +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::conductor -# -# Nova Conductor profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('nova_conductor_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::nova::conductor ( - $bootstrap_node = lookup('nova_conductor_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::nova - include nova::db - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 3 and $sync_db { - include nova::db::sync - } - if $step >= 4 { - include nova::conductor - include nova::network::neutron - } -} diff --git a/manifests/profile/base/nova/libvirt.pp b/manifests/profile/base/nova/libvirt.pp deleted file mode 100644 index 3d57a6829..000000000 --- a/manifests/profile/base/nova/libvirt.pp +++ /dev/null @@ -1,179 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::libvirt -# -# Libvirt profile for tripleo. It will deploy Libvirt service and configure it. -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*libvirtd_config*] -# (Optional) Overrides for libvirtd config options -# Defaults to {} -# -# [*virtlogd_config*] -# (Optional) Overrides for virtlogd config options -# Defaults to {} -# -# [*tls_password*] -# (Optional) SASL Password for libvirtd TLS connections -# Defaults to '' (disabled) -# -# [*virtproxyd_config*] -# (Optional) Overrides for virtproxyd config options -# Defaults to {} -# -# [*virtqemud_config*] -# (Optional) Overrides for virtqemud config options -# Defaults to {} -# -# [*virtnodedevd_config*] -# (Optional) Overrides for virtnodedevd config options -# Defaults to {} -# -# [*virtstoraged_config*] -# (Optional) Overrides for virtstoraged config options -# Defaults to {} -# -# [*virtsecretd_config*] -# (Optional) Overrides for virtsecretd config options -# Defaults to {} -# -# DEPRECATED PARAMETERS -# -# [*modular_libvirt*] -# (Optional) Whether to enable modular libvirt daemons or not. -# Defaults to false -# -class tripleo::profile::base::nova::libvirt ( - $step = Integer(lookup('step')), - $libvirtd_config = {}, - $virtlogd_config = {}, - $virtproxyd_config = {}, - $virtqemud_config = {}, - $virtnodedevd_config = {}, - $virtstoraged_config = {}, - $virtsecretd_config = {}, - $tls_password = '', - # DEPRECATED PARAMETERS - $modular_libvirt = false, -) { - include tripleo::profile::base::nova::compute_libvirt_shared - - if $step >= 4 { - include tripleo::profile::base::nova - include tripleo::profile::base::nova::migration::client - include nova::compute::libvirt::virtlogd - include nova::compute::libvirt::services - - $libvirt_daemon_config_default = { - unix_sock_group => {value => '"libvirt"'}, - auth_unix_ro => {value => '"none"'}, - auth_unix_rw => {value => '"none"'}, - unix_sock_ro_perms => {value => '"0444"'}, - unix_sock_rw_perms => {value => '"0770"'} - } - - if $modular_libvirt { - include nova::compute::libvirt::virtproxyd - include nova::compute::libvirt::virtqemud - include nova::compute::libvirt::virtnodedevd - include nova::compute::libvirt::virtstoraged - include nova::compute::libvirt::virtsecretd - - $virtproxyd_config_default = $libvirt_daemon_config_default - $virtqemud_config_default = $libvirt_daemon_config_default - $virtnodedevd_config_default = $libvirt_daemon_config_default - $virtstoraged_config_default = $libvirt_daemon_config_default - $virtsecretd_config_default = $libvirt_daemon_config_default - - class { 'nova::compute::libvirt::config': - virtlogd_config => $virtlogd_config, - virtproxyd_config => merge($virtproxyd_config_default, $virtproxyd_config), - virtqemud_config => merge($virtqemud_config_default, $virtqemud_config), - virtnodedevd_config => merge($virtnodedevd_config_default, $virtnodedevd_config), - virtstoraged_config => merge($virtstoraged_config_default, $virtstoraged_config), - virtsecretd_config => merge($virtsecretd_config_default, $virtsecretd_config), - } - - } else { - $libvirtd_config_default = $libvirt_daemon_config_default - - class { 'nova::compute::libvirt::config': - virtlogd_config => $virtlogd_config, - libvirtd_config => merge($libvirtd_config_default, $libvirtd_config), - } - } - - include nova::compute::libvirt::qemu - include nova::migration::qemu - - $libvirt_sasl_conf = " -mech_list: scram-sha-1 -sasldb_path: /etc/libvirt/passwd.db -" - - package { 'cyrus-sasl-scram': - ensure => present - } - ->file { '/etc/sasl2/libvirt.conf': - content => $libvirt_sasl_conf, - mode => '0644', - owner => 'root', - group => 'root', - require => Package['libvirt'], - notify => Service['libvirt'], - } - - if !empty($tls_password) { - $libvirt_sasl_command = "echo \"\${TLS_PASSWORD}\" | saslpasswd2 -p -a libvirt -u overcloud migration" - $libvirt_auth_ensure = present - $libvirt_auth_conf = " -[credentials-overcloud] -authname=migration@overcloud -password=${tls_password} - -[auth-libvirt-default] -credentials=overcloud -" - } - else { - $libvirt_sasl_command = 'saslpasswd2 -d -a libvirt -u overcloud migration' - $libvirt_auth_ensure = absent - $libvirt_auth_conf = '' - } - - exec{ 'set libvirt sasl credentials': - environment => ["TLS_PASSWORD=${tls_password}"], - command => $libvirt_sasl_command, - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], - require => File['/etc/sasl2/libvirt.conf'], - tag => ['libvirt_tls_password'] - } - - file { '/etc/libvirt/auth.conf': - ensure => $libvirt_auth_ensure, - content => $libvirt_auth_conf, - mode => '0600', - owner => 'root', - group => 'root', - notify => Service['libvirt'] - } - } -} diff --git a/manifests/profile/base/nova/metadata.pp b/manifests/profile/base/nova/metadata.pp deleted file mode 100644 index 1c9a0d757..000000000 --- a/manifests/profile/base/nova/metadata.pp +++ /dev/null @@ -1,94 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::metadata -# -# Nova Placement API profile for tripleo -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('nova_metadata_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*nova_metadata_network*] -# (Optional) The network name where the nova metadata endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('nova_metadata_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) - -class tripleo::profile::base::nova::metadata ( - $bootstrap_node = lookup('nova_metadata_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $nova_metadata_network = lookup('nova_metadata_network', undef, undef, undef), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - include tripleo::profile::base::nova - include tripleo::profile::base::nova::authtoken - - if $enable_internal_tls { - if !$nova_metadata_network { - fail('nova_metadata_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${nova_metadata_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${nova_metadata_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - include nova::cors - include nova::network::neutron - include nova::metadata - include nova::vendordata - if $configure_apache { - include tripleo::profile::base::apache - class { 'nova::wsgi::apache_metadata': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} diff --git a/manifests/profile/base/nova/migration.pp b/manifests/profile/base/nova/migration.pp deleted file mode 100644 index 67c62ac8b..000000000 --- a/manifests/profile/base/nova/migration.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::migration -# -# Nova migration profile for tripleo, common to both client and target. -# -# === Parameters -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# - -class tripleo::profile::base::nova::migration ( - $step = Integer(lookup('step')), -) { - if $step >= 3 { - package { 'openstack-nova-migration': - ensure => present, - tag => ['openstack', 'nova-package'], - } - } -} diff --git a/manifests/profile/base/nova/migration/client.pp b/manifests/profile/base/nova/migration/client.pp deleted file mode 100644 index fd1457ab7..000000000 --- a/manifests/profile/base/nova/migration/client.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::migration -# -# Nova migration client profile for tripleo -# -# === Parameters -# -# [*libvirt_enabled*] -# (Optional) Whether or not Libvirt is enabled. -# Defaults to false -# -# [*nova_compute_enabled*] -# (Optional) Whether or not nova-compute is enabled. -# Defaults to false -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*ssh_private_key*] -# (Optional) SSH private_key for migration SSH tunnel. -# Defaults to '' -# -# [*ssh_port*] -# (Optional) Port that SSH target services is listening on. -# Defaults to 22 -# -# [*libvirt_tls*] -# (Optional) Whether or not libvirt TLS service is enabled. -# Defaults to false - -class tripleo::profile::base::nova::migration::client ( - $libvirt_enabled = false, - $nova_compute_enabled = false, - $step = Integer(lookup('step')), - $ssh_private_key = '', - $ssh_port = 22, - $libvirt_tls = false, -) { - - include tripleo::profile::base::nova::migration - - if $step >= 4 { - - # Libvirt setup (live-migration) - if $libvirt_tls { - class { 'nova::migration::libvirt': - transport => 'tls', - configure_libvirt => $libvirt_enabled, - configure_nova => $nova_compute_enabled, - auth => 'sasl' - } - } else { - # Reuse the cold-migration SSH tunnel when TLS is not enabled - class { 'nova::migration::libvirt': - transport => 'ssh', - configure_libvirt => $libvirt_enabled, - configure_nova => $nova_compute_enabled, - client_user => 'nova_migration', - client_extraparams => {'keyfile' => '/etc/nova/migration/identity'}, - client_port => $ssh_port - } - } - - if !empty($ssh_private_key) { - # Nova SSH tunnel setup (cold-migration) - $migration_identity = $ssh_private_key - } - else { - $migration_identity = '# Migration over SSH disabled by TripleO' - } - - file { '/etc/nova/migration/identity': - content => $migration_identity, - mode => '0600', - owner => 'nova', - group => 'nova', - require => Package['openstack-nova-migration'] - } - - file_line { 'nova_ssh_port': - ensure => present, - path => '/var/lib/nova/.ssh/config', - after => '^Host \*$', - line => " Port ${ssh_port}", - } - } -} diff --git a/manifests/profile/base/nova/migration/target.pp b/manifests/profile/base/nova/migration/target.pp deleted file mode 100644 index b89446608..000000000 --- a/manifests/profile/base/nova/migration/target.pp +++ /dev/null @@ -1,87 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::migration::target -# -# Nova migration target profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*ssh_authorized_keys*] -# (Optional) List of SSH public keys authorized for migration. -# If no keys are provided then migration over ssh will be disabled. -# Defaults to [] -# -# [*wrapper_command*] -# (Internal) Used to override the wrapper command when proxying -# Defaults to /bin/nova-migration-wrapper -# -class tripleo::profile::base::nova::migration::target ( - $step = Integer(lookup('step')), - $ssh_authorized_keys = [], - $wrapper_command = '/bin/nova-migration-wrapper', -) { - - include tripleo::profile::base::nova::migration - - validate_legacy(Array, 'validate_array', $ssh_authorized_keys) - $ssh_authorized_keys_real = join($ssh_authorized_keys, '\n') - - if $step >= 4 { - if !empty($ssh_authorized_keys_real) { - ssh::server::match_block { 'nova_migration': - name => 'nova_migration', - type => 'User', - order => 1, - options => { - 'ForceCommand' => $wrapper_command, - 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' - }, - notify => Service['sshd'] - } - - $migration_authorized_keys = $ssh_authorized_keys_real - $migration_user_shell = '/bin/bash' - } - else { - # Remove the keys and prevent login when migration over SSH is not enabled - $migration_authorized_keys = '# Migration over SSH disabled by TripleO' - $migration_user_shell = '/sbin/nologin' - } - - file { '/etc/nova/migration/authorized_keys': - content => $migration_authorized_keys, - mode => '0640', - owner => 'root', - group => 'nova_migration', - require => Package['openstack-nova-migration'] - } - - user {'nova_migration': - shell => $migration_user_shell, - require => Package['openstack-nova-migration'] - } - - file_line { 'nova_migration_logindefs': - ensure => present, - path => '/etc/login.defs', - line => 'UMASK 022', - match => '^UMASK', - } - } -} diff --git a/manifests/profile/base/nova/scheduler.pp b/manifests/profile/base/nova/scheduler.pp deleted file mode 100644 index e642ce96f..000000000 --- a/manifests/profile/base/nova/scheduler.pp +++ /dev/null @@ -1,34 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::scheduler -# -# Nova Scheduler profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::nova::scheduler ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::nova - include nova::scheduler - include nova::scheduler::filter - } -} diff --git a/manifests/profile/base/nova/virtlogd_wrapper.pp b/manifests/profile/base/nova/virtlogd_wrapper.pp deleted file mode 100644 index e91ec198e..000000000 --- a/manifests/profile/base/nova/virtlogd_wrapper.pp +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::virtlogd_wrapper -# -# Generates wrapper scripts for running virtlogd in container. -# -# === Parameters -# -# [*enable_wrapper*] -# (Optional) If true, generates a wrapper for running virtlogd in a container. -# Defaults to false -# -# [*virtlogd_process_wrapper*] -# (Optional) Filename for virtlogd wrapper in the specified file. -# Defaults to undef -# -# [*virtlogd_image*] -# (Optional) Container image name for virtlogd. Required if -# virtlogd_wrapper is set. -# Defaults to undef -# -# [*debug*] -# (Optional) Debug messages for the wrapper scripts. -# Defaults to False. -# -class tripleo::profile::base::nova::virtlogd_wrapper ( - $enable_wrapper = false, - $virtlogd_process_wrapper = undef, - $virtlogd_image = undef, - Boolean $debug = false, -) { - if $enable_wrapper { - unless $virtlogd_image and $virtlogd_process_wrapper{ - fail('The container image for virtlogd and wrapper filename must be provided when generating virtlogd wrappers') - } - tripleo::profile::base::nova::wrappers::virtlogd{'nova_virtlogd_wrapper': - virtlogd_process_wrapper => $virtlogd_process_wrapper, - virtlogd_image => $virtlogd_image, - debug => $debug, - } - } -} diff --git a/manifests/profile/base/nova/vncproxy.pp b/manifests/profile/base/nova/vncproxy.pp deleted file mode 100644 index 556170f16..000000000 --- a/manifests/profile/base/nova/vncproxy.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::nova::vncproxy -# -# Nova vncproxy profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::nova::vncproxy ( - $step = Integer(lookup('step')), -) { - if $step >= 4 { - include tripleo::profile::base::nova - include nova::vncproxy - } -} diff --git a/manifests/profile/base/nova/wrappers/virtlogd.pp b/manifests/profile/base/nova/wrappers/virtlogd.pp deleted file mode 100644 index c680b788f..000000000 --- a/manifests/profile/base/nova/wrappers/virtlogd.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == define: tripleo::profile::base::nova::wrappers::virtlogd -# -# Generates wrapper script for running virtlogd in a container. -# -# === Parameters -# -# [*virtlogd_process_wrapper*] -# Filename for virtlogd wrapper script. -# -# [*virtlogd_image*] -# Container image name for virtlogd. -# -# [*debug*] -# Enable debug messages for the wrapper script. -# -define tripleo::profile::base::nova::wrappers::virtlogd ( - $virtlogd_process_wrapper, - $virtlogd_image, - Boolean $debug, -) { - file { $virtlogd_process_wrapper: - ensure => file, - mode => '0755', - content => epp('tripleo/nova/virtlogd.epp', { - 'image_name' => $virtlogd_image, - 'debug' => $debug, - }) - } -} diff --git a/manifests/profile/base/octavia.pp b/manifests/profile/base/octavia.pp deleted file mode 100644 index b6388e44b..000000000 --- a/manifests/profile/base/octavia.pp +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia -# -# Octavia server profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit') -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, '5672') -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*enable_driver_agent*] -# Enable the driver agent -# Defaults to false -# -class tripleo::profile::base::octavia ( - $step = Integer(lookup('step')), - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $enable_driver_agent = false -) { - if $step >= 3 { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - class { 'octavia' : - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => sprintf('%s', $oslomsg_rpc_port), - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - } - include octavia::config - include octavia::db - include octavia::logging - include octavia::networking - include octavia::service_auth - - if $enable_driver_agent { - include octavia::driver_agent - } - } -} diff --git a/manifests/profile/base/octavia/api.pp b/manifests/profile/base/octavia/api.pp deleted file mode 100644 index 1b3442f21..000000000 --- a/manifests/profile/base/octavia/api.pp +++ /dev/null @@ -1,123 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::api -# -# Octavia API server profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('octavia_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*octavia_network*] -# (Optional) The network name where the barbican endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('octavia_api_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# DEPRECATED PARAMETERS -# -# [*ovn_db_host*] -# (Optional) The IP-Address where OVN DBs are listening. -# Defaults to undef -# -# [*ovn_nb_port*] -# (Optional) Port number on which northbound database is listening -# Defaults to undef -# -# [*neutron_driver*] -# (Optional) The neutron driver for ml2 currently default tripleo value is ovn. -# Defaults to undef -# Not used any more. -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::octavia::api ( - $bootstrap_node = lookup('octavia_api_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $octavia_network = lookup('octavia_api_network', undef, undef, undef), - $step = Integer(lookup('step')), - $ovn_db_host = undef, - $ovn_nb_port = undef, - $neutron_driver = undef, - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - include tripleo::profile::base::octavia - include tripleo::profile::base::octavia::authtoken - - if $step >= 4 or ($step >= 3 and $sync_db) { - if $enable_internal_tls { - if !$octavia_network { - fail('octavia_api_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${octavia_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${octavia_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - } - # We start the Octavia API server on the bootstrap node first, because - # it will try to populate tables and we need to make sure this happens - # before it starts on other nodes - if ($step >= 4 and $sync_db) or ($step >= 5 and !$sync_db) { - include octavia::controller - if $ovn_db_host or $ovn_nb_port { - warning('The ovn_db_host and ovn_nb_port parameters are deprecated from tripleo::profile::base::octavia::api. \ -Use tripleo::profile::base::octavia::provider::ovn.') - } - class { 'octavia::api': - sync_db => $sync_db, - } - include octavia::healthcheck - if $configure_apache { - include tripleo::profile::base::apache - class { 'octavia::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile - } - } - } -} diff --git a/manifests/profile/base/octavia/authtoken.pp b/manifests/profile/base/octavia/authtoken.pp deleted file mode 100644 index e99b1e57f..000000000 --- a/manifests/profile/base/octavia/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::authtoken -# -# Octavia authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::octavia::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+octavia") - } else { - $hashed_secret_key = undef - } - - class { 'octavia::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp deleted file mode 100644 index 7f55847dc..000000000 --- a/manifests/profile/base/octavia/health_manager.pp +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::health_manager -# -# Octavia Health Manager server for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::octavia::health_manager ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::octavia - if $step >= 5 { - include octavia::controller - include octavia::nova - include octavia::health_manager - include octavia::certificates - include octavia::neutron - include octavia::glance - include octavia::cinder - include octavia::task_flow - } -} diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp deleted file mode 100644 index e214350f8..000000000 --- a/manifests/profile/base/octavia/housekeeping.pp +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::housekeeping -# -# Octavia Housekeeping profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::octavia::housekeeping ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::octavia - - if $step >= 5 { - include octavia::controller - include octavia::nova - include octavia::housekeeping - include octavia::certificates - include octavia::neutron - include octavia::glance - include octavia::cinder - include octavia::task_flow - } -} diff --git a/manifests/profile/base/octavia/provider/ovn.pp b/manifests/profile/base/octavia/provider/ovn.pp deleted file mode 100644 index b3fd44d73..000000000 --- a/manifests/profile/base/octavia/provider/ovn.pp +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::provider::ovn -# -# Octavia OVN provider profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*protocol*] -# (optional) Protocol use in communication with dbs -# Defaults to tcp -# -# [*ovn_db_host*] -# (Optional) The IP-Address where OVN DBs are listening. -# Defaults to lookup('ovn_dbs_vip') -# -# [*ovn_db_node_ips*] -# (Optional) The OVN DBs node ip addresses are listening. -# Defaults to lookup('ovn_dbs_node_ips', undef, undef, undef) -# -# [*ovn_db_clustered*] -# (Optional) Boolean indicating if we're running with ovn db clustering -# or pacemaker. Defaults to false for backwards compatibility -# Defaults to lookup('ovn_db_clustered', undef, undef, false) -# -# [*ovn_nb_port*] -# (Optional) Port number on which northbound database is listening -# Defaults to lookup('ovn::northbound::port', undef, undef, undef) -# -# [*ovn_sb_port*] -# (Optional) Port number on which southbound database is listening -# Defaults to lookup('ovn::southbound::port', undef, undef, undef) -# -# [*ovn_nb_private_key*] -# (optional) The PEM file with private key for SSL connection to OVN-NB-DB -# Defaults to $::os_service_default -# -# [*ovn_nb_certificate*] -# (optional) The PEM file with certificate that certifies the private -# key specified in ovn_nb_private_key -# Defaults to $::os_service_default -# -# [*ovn_nb_ca_cert*] -# (optional) The PEM file with CA certificate that OVN should use to -# verify certificates presented to it by SSL peers -# Defaults to $::os_service_default -# -# [*ovn_sb_private_key*] -# (optional) The PEM file with private key for SSL connection to OVN-SB-DB -# Defaults to $::os_service_default -# -# [*ovn_sb_certificate*] -# (optional) The PEM file with certificate that certifies the -# private key specified in ovn_sb_private_key -# Defaults to $::os_service_default -# -# [*ovn_sb_ca_cert*] -# (optional) The PEM file with CA certificate that OVN should use to -# verify certificates presented to it by SSL peers -# Defaults to $::os_service_default -# -class tripleo::profile::base::octavia::provider::ovn ( - $step = Integer(lookup('step')), - $protocol = lookup('ovn_nb_connection_protocol', undef, undef, 'tcp'), - $ovn_db_host = lookup('ovn_dbs_vip', undef, undef, undef), - $ovn_db_node_ips = lookup('ovn_dbs_node_ips', undef, undef, undef), - $ovn_db_clustered = lookup('ovn_db_clustered', undef, undef, false), - $ovn_nb_port = lookup('ovn::northbound::port', undef, undef, undef), - $ovn_sb_port = lookup('ovn::southbound::port', undef, undef, undef), - $ovn_nb_private_key = $::os_service_default, - $ovn_nb_certificate = $::os_service_default, - $ovn_nb_ca_cert = $::os_service_default, - $ovn_sb_private_key = $::os_service_default, - $ovn_sb_certificate = $::os_service_default, - $ovn_sb_ca_cert = $::os_service_default, -) { - - include tripleo::profile::base::octavia::api - - if ($step >= 4) { - # For backward compatibility - # TODO(tkajinam): Remove these deprecated parameters - if $::tripleo::profile::base::octavia::api::ovn_db_host and !is_service_default(::tripleo::profile::base::octavia::api::ovn_db_host) { - $ovn_db_hosts_real = any2array($::tripleo::profile::base::octavia::api::ovn_db_host) - $ovn_nb_port_real = $::tripleo::profile::base::octavia::api::ovn_nb_port - # NOTE(beagles): there is no backwards compatible case for the sb_port but I'm - # adding this line for consistency. - $ovn_sb_port_real = $ovn_sb_port - } elsif $ovn_db_clustered { - $ovn_db_hosts_real = any2array($ovn_db_node_ips) - $ovn_nb_port_real = $ovn_nb_port - $ovn_sb_port_real = $ovn_sb_port - } else { - $ovn_db_hosts_real = any2array($ovn_db_host) - $ovn_nb_port_real = $ovn_nb_port - $ovn_sb_port_real = $ovn_sb_port - } - - if ! empty($ovn_db_hosts_real) { - $nb_conn = $ovn_db_hosts_real.map |$h| { - join([$protocol, normalize_ip_for_uri($h), "${ovn_nb_port_real}"].filter |$c| { !$c.empty() }, ':') - } - $sb_conn = $ovn_db_hosts_real.map |$h| { - join([$protocol, normalize_ip_for_uri($h), "${ovn_sb_port_real}"].filter |$c| { !$c.empty() }, ':') - } - class { 'octavia::provider::ovn': - ovn_nb_connection => join(any2array($nb_conn), ','), - ovn_sb_connection => join(any2array($sb_conn), ','), - ovn_nb_private_key => $ovn_nb_private_key, - ovn_nb_certificate => $ovn_nb_certificate, - ovn_nb_ca_cert => $ovn_nb_ca_cert, - ovn_sb_private_key => $ovn_sb_private_key, - ovn_sb_certificate => $ovn_sb_certificate, - ovn_sb_ca_cert => $ovn_sb_ca_cert, - } - } - } -} diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp deleted file mode 100644 index 50b941b3c..000000000 --- a/manifests/profile/base/octavia/worker.pp +++ /dev/null @@ -1,41 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::octavia::worker -# -# Octavia Worker profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::octavia::worker ( - $step = Integer(lookup('step')), -) { - include tripleo::profile::base::octavia - - if $step >= 5 { - include octavia::controller - include octavia::nova - include octavia::worker - include octavia::certificates - include octavia::neutron - include octavia::glance - include octavia::cinder - include octavia::task_flow - } -} diff --git a/manifests/profile/base/pacemaker.pp b/manifests/profile/base/pacemaker.pp deleted file mode 100644 index c3e98c1ed..000000000 --- a/manifests/profile/base/pacemaker.pp +++ /dev/null @@ -1,285 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::pacemaker -# -# Pacemaker profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*pcs_user*] -# (Optional) The user to set up pcsd with -# Defaults to 'hacluster' -# -# [*pcs_password*] -# (Optional) The password to be used for the pcs_user. While it is -# optional as a parameter, the hiera key 'hacluster_pwd' *must* not -# be undefined or an error will be generated. -# Defaults to lookup('hacluster_pwd', undef, undef, undef) -# -# [*remote_short_node_names*] -# (Optional) List of short node names for pacemaker remote nodes -# Defaults to lookup('pacemaker_remote_short_node_names', undef, undef, []) -# -# [*remote_node_ips*] -# (Optional) List of node ips for pacemaker remote nodes -# Defaults to lookup('pacemaker_remote_node_ips', undef, undef, []) -# -# [*remote_authkey*] -# (Optional) Authkey for pacemaker remote nodes -# Defaults to undef -# -# [*remote_reconnect_interval*] -# (Optional) Reconnect interval for the remote -# Defaults to lookup('pacemaker_remote_reconnect_interval', undef, undef, 60) -# -# [*remote_monitor_interval*] -# (Optional) Monitor interval for the remote -# Defaults to lookup('pacemaker_monitor_reconnect_interval', undef, undef, 20) -# -# [*remote_tries*] -# (Optional) Number of tries for the remote resource creation -# Defaults to lookup('pacemaker_remote_tries', undef, undef, 5) -# -# [*remote_try_sleep*] -# (Optional) Number of seconds to sleep between remote creation tries -# Defaults to lookup('pacemaker_remote_try_sleep', undef, undef, 60) -# -# [*cluster_recheck_interval*] -# (Optional) Set the cluster-wide cluster-recheck-interval property -# If the hiera key does not exist or if it is set to undef, the property -# won't be changed from its default value when there are no pacemaker_remote -# nodes. In presence of pacemaker_remote nodes and an undef value it will -# be set to 60s. -# Defaults to lookup('pacemaker_cluster_recheck_interval', undef, undef, undef) -# -# [*encryption*] -# (Optional) Whether or not to enable encryption of the pacemaker traffic -# Defaults to true -# -# [*resource_op_defaults*] -# (Optional) A hash allowing to override pacemaker resource op defaults -# Defaults to undef -# -# [*enable_instanceha*] -# (Optional) Boolean driving the Instance HA controlplane configuration -# Defaults to lookup('tripleo::instanceha', undef, undef, false) -# -# [*pcsd_bind_addr*] -# (Optional) List of IP addresses pcsd should bind to -# Defaults to undef -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*cluster_properties*] -# (optional) Cluster-wide properties that can be set by an operator via hiera -# Defaults to {} - -class tripleo::profile::base::pacemaker ( - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $pcs_user = 'hacluster', - $pcs_password = lookup('hacluster_pwd', undef, undef, undef), - $remote_short_node_names = lookup('pacemaker_remote_short_node_names', undef, undef, []), - $remote_node_ips = lookup('pacemaker_remote_node_ips', undef, undef, []), - $remote_authkey = undef, - $remote_reconnect_interval = lookup('pacemaker_remote_reconnect_interval', undef, undef, 60), - $remote_monitor_interval = lookup('pacemaker_remote_monitor_interval', undef, undef, 20), - $remote_tries = lookup('pacemaker_remote_tries', undef, undef, 5), - $remote_try_sleep = lookup('pacemaker_remote_try_sleep', undef, undef, 60), - $cluster_recheck_interval = lookup('pacemaker_cluster_recheck_interval', undef, undef, undef), - $encryption = true, - $resource_op_defaults = undef, - $enable_instanceha = lookup('tripleo::instanceha', undef, undef, false), - $pcsd_bind_addr = undef, - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $cluster_properties = {}, -) { - - if count($remote_short_node_names) != count($remote_node_ips) { - fail("Count of ${remote_short_node_names} is not equal to count of ${remote_node_ips}") - } - validate_legacy(Hash, 'validate_hash', $cluster_properties) - - if $pcs_password == undef { - fail('The $pcs_password param is undefined, did you forget to include tripleo::profile::base::pacemaker in your role?') - } - # During FFU when override keys are set we need to use the old authkey style - # This should be kept until FFU from CentOS 7->8 is being supported - if count(lookup('pacemaker_node_ips_override', undef, undef, [])) > 0 { - $force_old_style_remotes_real = true - } else { - $force_old_style_remotes_real = false - } - - - Pcmk_resource <| |> { - tries => 10, - try_sleep => 3, - } - - if $::hostname == downcase(lookup('pacemaker_short_bootstrap_node_name')) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - # enable_fencing guides the enablement of the stonith-enabled cluster-wide property - # enable_stonith_resources drives the creation of the stonith resources themselves and happens at - # step2. The reason for step2 is the following: - # During step1 the cluster is created (and also the pcmk remote resources in case of IHA) - # Since stonith resources are created on each node separately we need to have the guarantee that - # all cluster nodes + remote exist before creating stonith resources for them - $enable_fencing = str2bool(lookup('enable_fencing', undef, undef, false)) and $step >= 5 - $enable_stonith_resources = str2bool(lookup('enable_fencing', undef, undef, false)) and $step >= 2 - - if $step >= 1 { - if (lookup('pacemaker_short_node_names_override', undef, undef, undef)) { - $pacemaker_short_node_names = join(lookup('pacemaker_short_node_names_override'), ',') - } else { - $pacemaker_short_node_names = join(lookup('pacemaker_short_node_names'), ',') - } - - $pacemaker_cluster_members = downcase(regsubst($pacemaker_short_node_names, ',', ' ', 'G')) - $cluster_setup_extras = { - "totem token=${lookup('corosync_token_timeout', undef, undef, 1000)}" => '', - } - # If pacemaker_node_ips is not empty we want to create the array - # for puppet pacemaker to use as addresses list which is an array of arrays. - $pacemaker_node_ips = lookup('pacemaker_node_ips_override', undef, undef, - lookup('pacemaker_node_ips', undef, undef, [])) - if count($pacemaker_node_ips) > 0 { - $pacemaker_node_ips_real = $pacemaker_node_ips.map |$x| { Array([$x]) } - } else { - $pacemaker_node_ips_real = [] - } - - class { 'pacemaker': - hacluster_pwd => $pcs_password, - } - -> class { 'pacemaker::corosync': - cluster_members => $pacemaker_cluster_members, - setup_cluster => $pacemaker_master, - cluster_setup_extras => $cluster_setup_extras, - remote_authkey => $remote_authkey, - force_authkey => $force_old_style_remotes_real, - cluster_members_addr => $pacemaker_node_ips_real, - pcsd_bind_addr => $pcsd_bind_addr, - tls_priorities => $tls_priorities, - } - - if $pacemaker_master { - class { 'pacemaker::stonith': - disable => !$enable_fencing, - tries => $pcs_tries, - } - Class['pacemaker::stonith'] -> Exec<|tag == 'pacemaker-scaleup'|> - } - if $enable_stonith_resources { - include tripleo::fencing - - # enable stonith after all Pacemaker resources have been created - Pcmk_resource<||> -> Class['tripleo::fencing'] - Pcmk_constraint<||> -> Class['tripleo::fencing'] - Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] - # enable stonith after all fencing devices have been created - Class['tripleo::fencing'] -> Pcmk_property<|title == 'Enable STONITH'|> - } - # We have pacemaker remote nodes configured so let's add them as resources - # We do this during step 1 right after wait-for-settle, because during step 2 - # resources might already be created on pacemaker remote nodes and we need - # a guarantee that remote nodes are already up - if $pacemaker_master and count($remote_short_node_names) > 0 { - # Creates a { "node" => "ip_address", ...} hash - $remotes_hash = hash(zip($remote_short_node_names, $remote_node_ips)) - $remote_short_node_names.each |String $remote_short_node| { - pacemaker::resource::remote { $remote_short_node: - remote_address => $remotes_hash[$remote_short_node], - reconnect_interval => $remote_reconnect_interval, - op_params => "monitor interval=${remote_monitor_interval}", - tries => $remote_tries, - try_sleep => $remote_try_sleep, - pcs_user => $pcs_user, - pcs_password => $pcs_password, - # When we force the use of old style remotes we must also use --force - force => $force_old_style_remotes_real, - force_oldstyle => $force_old_style_remotes_real, - before => Exec["exec-wait-for-${remote_short_node}"], - notify => Exec["exec-wait-for-${remote_short_node}"], - } - $check_command = "pcs status | grep -q -e \"${remote_short_node}[[:blank:]].*Started\"" - exec { "exec-wait-for-${remote_short_node}": - path => '/usr/sbin:/usr/bin:/sbin:/bin', - command => $check_command, - unless => $check_command, - timeout => 30, - tries => 180, - try_sleep => 10, - tag => 'remote_ready', - } - } - } - } - - if $enable_instanceha and $pacemaker_master { - include tripleo::profile::base::pacemaker::instance_ha - } - - if ($step >= 2 and $pacemaker_master) { - create_resources('pacemaker::property', $cluster_properties) - - if ! $enable_instanceha { - include pacemaker::resource_defaults - } - # Set pacemaker resource op defaults only when specified - if $resource_op_defaults != undef { - class { 'pacemaker::resource_op_defaults': - tries => $pcs_tries, - defaults => $resource_op_defaults, - } - } - # When we have a non-zero number of pacemaker remote nodes we - # want to set the cluster-recheck-interval property to something - # lower (unless the operator has explicitly set a value) - if count($remote_short_node_names) > 0 and $cluster_recheck_interval == undef { - pacemaker::property{ 'cluster-recheck-interval-property': - property => 'cluster-recheck-interval', - value => '60s', - tries => $pcs_tries, - } - } elsif $cluster_recheck_interval != undef { - pacemaker::property{ 'cluster-recheck-interval-property': - property => 'cluster-recheck-interval', - value => $cluster_recheck_interval, - tries => $pcs_tries, - } - } - # See LP#1948032. We want to ensure that we set the default resource time out - # before we create any bundles. Because the default timeout affects how long - # we wait for podman, and on a starved system the default of 20s might bite us - # too early on - Pcmk_resource_default<||> -> Pcmk_bundle<||> - } -} diff --git a/manifests/profile/base/pacemaker/instance_ha.pp b/manifests/profile/base/pacemaker/instance_ha.pp deleted file mode 100644 index d3bd79626..000000000 --- a/manifests/profile/base/pacemaker/instance_ha.pp +++ /dev/null @@ -1,166 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::pacemaker::instance_ha -# -# Pacemaker profile for configuring instance HA on the control plane in tripleo -# Note that this class is included under the condition $pacemaker_master and $enable_instanceha -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*keystone_endpoint_url*] -# The keystone public endpoint url -# Defaults to lookup('keystone::endpoint::public_url') -# -# [*keystone_password*] -# The keystone admin password -# Defaults to lookup('keystone::admin_password') -# -# [*keystone_admin*] -# The keystone admin username -# Defaults to lookup('keystone::roles::admin::admin_tenant', undef, undef, 'admin') -# -# [*keystone_tenant*] -# The keystone tenant -# Defaults to lookup('keystone::roles::admin::admin_tenant', undef, undef, 'admin') -# -# [*keystone_domain*] -# The keystone domain -# Defaults to lookup('tripleo::clouddomain', undef, undef, 'localdomain') -# -# [*user_domain*] -# The keystone user domain for nova -# Defaults to lookup('nova::keystone::authtoken::user_domain_name', undef, undef, 'Default') -# -# [*project_domain*] -# The keystone project domain for nova -# Defaults to lookup('nova::keystone::authtoken::project_domain_name', undef, undef, 'Default') -# -# [*region_name*] -# (Optional) String. Region name for authenticating to Keystone. -# Defaults to lookup('nova::keystone::authtoken::region_name', undef, undef, 'regionOne') -# -# [*no_shared_storage*] -# Variable that defines the no_shared_storage for the nova evacuate resource -# Defaults to lookup('tripleo::instanceha::no_shared_storage', undef, undef, true) -# -# [*evacuate_delay*] -# (Optional) Integer, seconds to wait before starting the nova evacuate -# Defaults to lookup('tripleo::instanceha::evacuate_delay', undef, undef, 0) -# -# [*deep_compare_fencing*] -# (Optional) Boolean, should fence_compute be deep compared in order to -# update the existing fencing resource when puppet is being rerun -# Defaults to lookup('tripleo::fencing', undef, undef, true) -# -# [*deep_compare_ocf*] -# (Optional) Boolean, should the IHA ocf resource nova evacuate be deep -# compared in order to update the resource when puppet is being rerun -# Defaults to lookup('pacemaker::resource::ocf::deep_compare', undef, undef, true) -# -class tripleo::profile::base::pacemaker::instance_ha ( - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $keystone_endpoint_url = lookup('keystone::endpoint::public_url'), - $keystone_password = lookup('keystone::admin_password'), - $keystone_admin = lookup('keystone::roles::admin::admin_tenant', undef, undef, 'admin'), - $keystone_tenant = lookup('keystone::roles::admin::admin_tenant', undef, undef, 'admin'), - $keystone_domain = lookup('tripleo::clouddomain', undef, undef, 'localdomain'), - $user_domain = lookup('nova::keystone::authtoken::user_domain_name', undef, undef, 'Default'), - $project_domain = lookup('nova::keystone::authtoken::project_domain_name', undef, undef, 'Default'), - $region_name = lookup('nova::keystone::authtoken::region_name', undef, undef, 'regionOne'), - $no_shared_storage = lookup('tripleo::instanceha::no_shared_storage', undef, undef, true), - $evacuate_delay = lookup('tripleo::instanceha::evacuate_delay', undef, undef, 0), - $deep_compare_fencing = lookup('tripleo::fencing', undef, undef, true), - $deep_compare_ocf = lookup('pacemaker::resource::ocf::deep_compare', undef, undef, true), -) { - if $step >= 2 { - class { 'pacemaker::resource_defaults': - tries => $pcs_tries, - defaults => { - 'fencing-default' => { - name => 'requires', - value => 'fencing', - }, - }, - } - } - # We need the guarantee that keystone is configured before creating the next resources - if $step >= 4 { - # This passes the explicit host list of compute nodes that the fence_compute stonith device - # is in charge of - $compute_list = downcase(join(any2array(lookup('compute_instanceha_short_node_names', undef, undef, '')), ',')) - pacemaker::stonith::fence_compute { 'fence-nova': - auth_url => $keystone_endpoint_url, - login => $keystone_admin, - passwd => $keystone_password, - tenant_name => $keystone_admin, - project_domain => $project_domain, - user_domain => $user_domain, - domain => $keystone_domain, - region_name => $region_name, - record_only => 1, - meta_attr => 'provides=unfencing', - pcmk_host_list => $compute_list, - tries => $pcs_tries, - deep_compare => $deep_compare_fencing, - } - - pacemaker::resource::ocf { 'compute-unfence-trigger': - ocf_agent_name => 'pacemaker:Dummy', - meta_params => 'requires=unfencing', - clone_params => true, - op_params => 'stop timeout=20 on-fail=block', - tries => $pcs_tries, - deep_compare => $deep_compare_ocf, - location_rule => { - resource_discovery => 'never', - score => '-INFINITY', - expression => ['compute-instanceha-role ne true'], - } - } - if $no_shared_storage { - $iha_no_shared_storage = 'no_shared_storage=true' - } else { - $iha_no_shared_storage = 'no_shared_storage=false' - } - if $evacuate_delay > 0 { - $evacuate_param = " evacuate_delay=${evacuate_delay}" - } else { - $evacuate_param = '' - } - pacemaker::resource::ocf { 'nova-evacuate': - ocf_agent_name => 'openstack:NovaEvacuate', - # lint:ignore:140chars - resource_params => "auth_url=${keystone_endpoint_url} username=${keystone_admin} password=${keystone_password} user_domain=${user_domain} project_domain=${project_domain} tenant_name=${keystone_tenant} region_name=${region_name} ${iha_no_shared_storage}${evacuate_param}", - # lint:endignore - tries => $pcs_tries, - deep_compare => $deep_compare_ocf, - location_rule => { - resource_discovery => 'never', - score => '-INFINITY', - expression => ['compute-instanceha-role eq true'], - } - } - } -} diff --git a/manifests/profile/base/pacemaker_remote.pp b/manifests/profile/base/pacemaker_remote.pp deleted file mode 100644 index 9635d8c70..000000000 --- a/manifests/profile/base/pacemaker_remote.pp +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::pacemaker_remote -# -# Pacemaker remote profile for tripleo -# -# === Parameters -# -# [*remote_authkey*] -# Authkey for pacemaker remote nodes -# Defaults to unset -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*pcs_user*] -# (Optional) The user to set up pcsd with -# Defaults to 'hacluster' -# -# [*pcs_password*] -# (Optional) The password to be used for the pcs_user. While it is -# optional as a parameter, the hiera key 'hacluster_pwd' *must* not -# be undefined or an error will be generated. -# Defaults to lookup('hacluster_pwd', undef, undef, undef) -# -# [*enable_fencing*] -# (Optional) Whether or not to manage stonith devices for nodes -# Defaults to lookup('enable_fencing', undef, undef, false) -# -# [*pcsd_bind_addr*] -# (Optional) List of IP addresses pcsd should bind to -# Defaults to undef -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::pacemaker_remote ( - $remote_authkey, - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $pcs_user = 'hacluster', - $pcs_password = lookup('hacluster_pwd', undef, undef, undef), - $enable_fencing = lookup('enable_fencing', undef, undef, false), - $pcsd_bind_addr = undef, - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $step = Integer(lookup('step')), -) { - if $pcs_password == undef { - fail('The $pcs_password param is and the hiera key "hacluster_pwd" hiera key are both undefined, this is not allowed') - } - # During FFU when override keys are set we need to use the old authkey style - # This should be kept until FFU from CentOS 7->8 is being supported - if count(lookup('pacemaker_remote_node_ips_override', undef, undef, [])) > 0 { - $force_authkey = true - } else { - $force_authkey = false - } - class { 'pacemaker::remote': - pcs_user => $pcs_user, - pcs_password => $pcs_password, - remote_authkey => $remote_authkey, - use_pcsd => true, - pcsd_bind_addr => $pcsd_bind_addr, - force_authkey => $force_authkey, - tls_priorities => $tls_priorities, - } - - $enable_fencing_real = str2bool($enable_fencing) and $step >= 5 - - if $enable_fencing_real { - include tripleo::fencing - - # enable stonith after all Pacemaker resources have been created - Pcmk_resource<||> -> Class['tripleo::fencing'] - Pcmk_constraint<||> -> Class['tripleo::fencing'] - Exec <| tag == 'pacemaker_constraint' |> -> Class['tripleo::fencing'] - } -} diff --git a/manifests/profile/base/placement.pp b/manifests/profile/base/placement.pp deleted file mode 100644 index 853caa0fe..000000000 --- a/manifests/profile/base/placement.pp +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::placement -# -# Placement base profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('nova_api_short_bootstrap_node_name', undef, undef, undef) -# -# [*step*] -# (Optional) The current step of the deployment -# Defaults to Integer(lookup('step')) - -class tripleo::profile::base::placement ( - $bootstrap_node = lookup('placement_api_short_bootstrap_node_name', undef, undef, undef), - $step = Integer(lookup('step')), -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $sync_db = true - } else { - $sync_db = false - } - - if $step >= 4 or ($step >= 3 and $sync_db) { - include placement - include placement::config - include placement::db - include placement::logging - } -} diff --git a/manifests/profile/base/placement/api.pp b/manifests/profile/base/placement/api.pp deleted file mode 100644 index 9051ddf22..000000000 --- a/manifests/profile/base/placement/api.pp +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::placement::api -# -# Placement API profile for tripleo -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('placement_short_bootstrap_node_name', undef, undef, undef) -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*placement_network*] -# (Optional) The network name where the nova placement endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('placement_network', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::placement::api ( - $bootstrap_node = lookup('placement_short_bootstrap_node_name', undef, undef, undef), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $placement_network = lookup('placement_network', undef, undef, undef), - $step = Integer(lookup('step')), - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - - include tripleo::profile::base::placement - include tripleo::profile::base::placement::authtoken - - if $enable_internal_tls { - if !$placement_network { - fail('placement_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${placement_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${placement_network}"]['service_key'] - } else { - $tls_certfile = undef - $tls_keyfile = undef - } - - if $step >= 4 or ( $step >= 3 and $is_bootstrap ) { - if $configure_apache { - include tripleo::profile::base::apache - include placement::api - class { 'placement::wsgi::apache': - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - } - } - } -} - diff --git a/manifests/profile/base/placement/authtoken.pp b/manifests/profile/base/placement/authtoken.pp deleted file mode 100644 index 05812ad93..000000000 --- a/manifests/profile/base/placement/authtoken.pp +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::placement::authtoken -# -# Placement authtoken profile for TripleO -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcached_hosts*] -# (Optional) Array of hostnames, ipv4 or ipv6 addresses for memcache. -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*memcached_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_authtoken_port', undef, undef, 11211) -# -# [*memcached_ipv6*] -# (Optional) Whether Memcached uses IPv6 network instead of IPv4 network. -# Defaults to lookup('memcached_ipv6', undef, undef, false) -# -# [*security_strategy*] -# (Optional) Memcached (authtoken) security strategy. -# Defaults to lookup('memcached_authtoken_security_strategy', undef, undef, undef) -# -# [*secret_key*] -# (Optional) Memcached (authtoken) secret key, used with security_strategy. -# The key is hashed with a salt, to isolate services. -# Defaults to lookup('memcached_authtoken_secret_key', undef, undef, undef) -# -# DEPRECATED PARAMETERS -# -# [*memcached_ips*] -# (Optional) Array of ipv4 or ipv6 addresses for memcache. -# Defaults to undef -# -class tripleo::profile::base::placement::authtoken ( - $step = Integer(lookup('step')), - $memcached_hosts = lookup('memcached_node_names', undef, undef, []), - $memcached_port = lookup('memcached_authtoken_port', undef, undef, 11211), - $memcached_ipv6 = lookup('memcached_ipv6', undef, undef, false), - $security_strategy = lookup('memcached_authtoken_security_strategy', undef, undef, undef), - $secret_key = lookup('memcached_authtoken_secret_key', undef, undef, undef), - # DEPRECATED PARAMETERS - $memcached_ips = undef -) { - $memcached_hosts_real = any2array(pick($memcached_ips, $memcached_hosts)) - - if $step >= 3 { - if $memcached_ipv6 or $memcached_hosts_real[0] =~ Stdlib::Compat::Ipv6 { - $memcache_servers = $memcached_hosts_real.map |$server| { "inet6:[${server}]:${memcached_port}" } - } else { - $memcache_servers = suffix($memcached_hosts_real, ":${memcached_port}") - } - - if $secret_key { - $hashed_secret_key = sha256("${secret_key}+placement") - } else { - $hashed_secret_key = undef - } - - class { 'placement::keystone::authtoken': - memcached_servers => $memcache_servers, - memcache_security_strategy => $security_strategy, - memcache_secret_key => $hashed_secret_key, - } - } -} diff --git a/manifests/profile/base/qdr.pp b/manifests/profile/base/qdr.pp deleted file mode 100644 index 2b62f573b..000000000 --- a/manifests/profile/base/qdr.pp +++ /dev/null @@ -1,156 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::qdr -# -# Qpid dispatch router profile for tripleo -# -# === Parameters -# -# [*qdr_username*] -# Username for the qdrouter daemon -# Defaults to undef -# -# [*qdr_password*] -# Password for the qdrouter daemon -# Defaults to undef -# -# [*qdr_listener_port*] -# Port for the listener (note that we do not use qdr::listener_port -# directly because it requires a string and we have a number. -# Defaults to 5672 -# -# [*listener_require_ssl*] -# (optional) Require the use of SSL on the connection -# Defaults to false -# -# [*listener_ssl_cert_db*] -# (optional) Path to certificate db -# Defaults to undef -# -# [*listener_ssl_cert_file*] -# (optional) Path to certificate file -# Defaults to undef -# -# [*listener_ssl_key_file*] -# (optional) Path to private key file -# Defaults to undef -# -# [*qdr_log_enable*] -# Log level for the qdrouterd module -# Defaults to 'info+' -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to lookup('oslo_messaging_rpc_node_names', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::qdr ( - $qdr_username = undef, - $qdr_password = undef, - $qdr_listener_port = 5672, - $listener_require_ssl = false, - $listener_ssl_cert_db = undef, - $listener_ssl_cert_file = undef, - $listener_ssl_key_file = undef, - $qdr_log_enable = 'info+', - $oslomsg_rpc_hosts = lookup('oslo_messaging_rpc_node_names', undef, undef, undef), - $step = Integer(lookup('step')), -) { - $qdr_node_names = $oslomsg_rpc_hosts - - if $listener_require_ssl { - $ssl_opts = {'sslProfile' => "Router.${::fqdn}"} - } else { - $ssl_opts = {} - } - - if $step >= 1 { - # For multi-node deployments of the dispatch router, a mesh of - # inter-router links is created. Bi-directional links must - # not be configured. - # - # Example: For nodes A, B, C - # Node Inter-Router Link - # A: [] - # B: [A] - # C: [A,B] - # - # NB: puppet 4.8 introduces break(), which would be favored to - # the following - $connectors = $qdr_node_names.reduce([]) |$memo, $node| { - if $::hostname in $node { - $memo + true - } else { - if true in $memo { - $memo - } else { - $memo + [merge($ssl_opts, - { 'host' => $node, - 'role' => 'inter-router', - 'port' => '31460'})] - } - } - } - true - - $router_mode = size($qdr_node_names) ? { - 1 => 'standalone', - default => 'interior', - } - - $extra_listeners = size($qdr_node_names) ? { - 1 => [], - default => [merge($ssl_opts, - { 'host' => '0.0.0.0', - 'port' => '31460', - 'role' => 'inter-router'})], - } - - $extra_addresses = [{'prefix' => 'openstack.org/om/rpc/multicast', - 'distribution' => 'multicast'}, - {'prefix' => 'openstack.org/om/rpc/unicast', - 'distribution' => 'closest'}, - {'prefix' => 'openstack.org/om/rpc/anycast', - 'distribution' => 'balanced'}, - {'prefix' => 'openstack.org/om/notify/multicast', - 'distribution' => 'multicast'}, - {'prefix' => 'openstack.org/om/notify/unicast', - 'distribution' => 'closest'}, - {'prefix' => 'openstack.org/om/notify/anycast', - 'distribution' => 'balanced'}] - - class { 'qdr': - listener_addr => '0.0.0.0', - listener_port => "${qdr_listener_port}", - listener_require_ssl => $listener_require_ssl, - listener_ssl_cert_db => $listener_ssl_cert_db, - listener_ssl_cert_file => $listener_ssl_cert_file, - listener_ssl_key_file => $listener_ssl_key_file, - router_mode => $router_mode, - connectors => $connectors, - extra_listeners => $extra_listeners, - extra_addresses => $extra_addresses, - log_enable => "${qdr_log_enable}", - } - - qdr_user { $qdr_username: - ensure => present, - password => $qdr_password, - } - } -} diff --git a/manifests/profile/base/rabbitmq.pp b/manifests/profile/base/rabbitmq.pp deleted file mode 100644 index ccb38087e..000000000 --- a/manifests/profile/base/rabbitmq.pp +++ /dev/null @@ -1,277 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::rabbitmq -# -# RabbitMQ profile for tripleo -# -# === Parameters -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate -# it will create. Note that the certificate nickname must be 'mysql' in -# the case of this service. -# Example with hiera: -# tripleo::profile::base::database::mysql::certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "mysql/" -# Defaults to {}. -# -# [*config_variables*] -# (Optional) RabbitMQ environment. -# Defaults to lookup('rabbitmq_config_variables'). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to undef -# -# [*fips_mode*] -# (Optional) Whether the erlang crypto app is configured for FIPS mode or not. -# Defaults to false -# -# [*ssl_versions*] -# (Optional) When enable_internal_tls is in use, list the enabled -# TLS protocol version. -# Defaults to ['tlsv1.2', 'tlsv1.3'] -# -# [*inter_node_ciphers*] -# (Optional) When enable_internal_tls is in use, list the allowed ciphers -# for the encrypted inter-node communication. -# Defaults to '' -# -# [*rabbitmq_cacert*] -# (Optional) When internal tls is enabled this should point to the CA file -# Defaults to lookup('rabbitmq::ssl_cacert', undef, undef, undef) -# -# [*verify_server_peer*] -# (Optional) Server verify peer -# Defaults to 'verify_none' -# -# [*verify_client_peer*] -# (Optional) Client verify peer -# Defaults to 'verify_peer' -# -# [*environment*] -# (Optional) RabbitMQ environment. -# Defaults to lookup('rabbitmq_environment'). -# -# [*additional_erl_args*] -# (Optional) Additional string to be passed to RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS -# Defaults to undef -# -# [*inet_dist_interface*] -# (Optional) Address to bind the inter-cluster interface -# to. It is the inet_dist_use_interface option in the kernel variables -# Defaults to lookup('rabbitmq::interface', undef, undef, undef). -# -# [*ipv6*] -# (Optional) Whether to deploy RabbitMQ on IPv6 network. -# Defaults to str2bool(lookup('rabbit_ipv6', undef, undef, false)). -# -# [*kernel_variables*] -# (Optional) RabbitMQ environment. -# Defaults to lookup('rabbitmq_environment'). -# -# [*rpc_scheme*] -# (Optional) Protocol for oslo messaging rpc backend. -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'). -# -# [*rpc_nodes*] -# (Optional) Array of host(s) for oslo messaging rpc nodes. -# Defaults to lookup('oslo_messaging_rpc_node_names', undef, undef, []). -# -# [*rpc_bootstrap_node*] -# (Optional) The hostname of the rpc node for bootstrapping tasks -# Defaults to lookup('oslo_messaging_rpc_short_bootstrap_node_name') -# -# [*notify_scheme*] -# (Optional) oslo messaging notify backend indicator. -# Defaults to lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'). -# -# [*notify_nodes*] -# (Optional) Array of host(s) for oslo messaging notify nodes. -# Defaults to lookup('oslo_messaging_notify_node_names', undef, undef, []). -# -# [*notify_bootstrap_node*] -# (Optional) The hostname of the notify node for bootstrapping tasks -# Defaults to lookup('oslo_messaging_notify_short_bootstrap_node_name') -# -# [*rabbitmq_pass*] -# (Optional) RabbitMQ Default Password. -# Defaults to lookup('rabbitmq::default_pass') -# -# [*rabbitmq_user*] -# (Optional) RabbitMQ Default User. -# Defaults to lookup('rabbitmq::default_user') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::rabbitmq ( - $certificate_specs = {}, - $config_variables = lookup('rabbitmq_config_variables'), - $enable_internal_tls = undef, - $fips_mode = false, - $environment = lookup('rabbitmq_environment'), - $additional_erl_args = undef, - $ssl_versions = ['tlsv1.2', 'tlsv1.3'], - $inter_node_ciphers = '', - $rabbitmq_cacert = lookup('rabbitmq::ssl_cacert', undef, undef, undef), - $verify_server_peer = 'verify_none', - $verify_client_peer = 'verify_peer', - $inet_dist_interface = lookup('rabbitmq::interface', undef, undef, undef), - $ipv6 = str2bool(lookup('rabbit_ipv6', undef, undef, false)), - $kernel_variables = lookup('rabbitmq_kernel_variables'), - $rpc_scheme = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $rpc_nodes = lookup('oslo_messaging_rpc_node_names', undef, undef, []), - $rpc_bootstrap_node = lookup('oslo_messaging_rpc_short_bootstrap_node_name'), - $notify_scheme = lookup('oslo_messaging_notify_scheme', undef, undef, 'rabbit'), - $notify_nodes = lookup('oslo_messaging_notify_node_names', undef, undef, []), - $notify_bootstrap_node = lookup('oslo_messaging_notify_short_bootstrap_node_name'), - $rabbitmq_pass = lookup('rabbitmq::default_pass'), - $rabbitmq_user = lookup('rabbitmq::default_user'), - $step = Integer(lookup('step')), -) { - if $rpc_scheme == 'rabbit' { - $nodes = $rpc_nodes - $bootstrap_node = $rpc_bootstrap_node - } elsif $notify_scheme == 'rabbit' { - $nodes = $notify_nodes - $bootstrap_node = $notify_bootstrap_node - } else { - $nodes = [] - } - - if $enable_internal_tls { - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - - # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we - # want to strip leading and trailing ' chars. - if $additional_erl_args != undef { - $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G') - } else { - $additional_erl_args_real = '' - } - # lint:ignore:140chars - $rabbitmq_additional_erl_args = "\"${additional_erl_args_real} -ssl_dist_optfile /etc/rabbitmq/ssl-dist.conf -crypto fips_mode ${fips_mode}\"" - # lint:endignore - $rabbitmq_client_additional_erl_args = "\"${additional_erl_args_real}\"" - $environment_real = merge($environment, { - 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args, - 'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args, - 'LANG' => 'en_US.UTF-8', - 'LC_ALL' => 'en_US.UTF-8' - }) - $configured_ssl_versions = $ssl_versions - } else { - $tls_certfile = undef - $tls_keyfile = undef - if $additional_erl_args != undef { - # Historically in THT the default value of RabbitAdditionalErlArgs was "'+sbwt none'", we - # want to strip leading and trailing ' chars. - $additional_erl_args_real = regsubst($additional_erl_args, "(^'|'$)", '', 'G') - $rabbitmq_additional_erl_args = "\"${additional_erl_args_real}\"" - $environment_real = merge($environment, { - 'RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS' => $rabbitmq_additional_erl_args, - 'RABBITMQ_CTL_ERL_ARGS' => $rabbitmq_additional_erl_args, - }) - } else { - $environment_real = $environment - } - $configured_ssl_versions = undef - } - - if $inet_dist_interface { - $real_kernel_variables = merge( - $kernel_variables, - { 'inet_dist_use_interface' => ip_to_erl_format($inet_dist_interface) } - ) - } else { - $real_kernel_variables = $kernel_variables - } - - $manage_service = lookup('rabbitmq::service_manage', undef, undef, true) - if $step >= 1 { - file { '/etc/rabbitmq/ssl-dist.conf': - ensure => file, - content => template('tripleo/rabbitmq/ssl-dist.conf.erb'), - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0640', - } - # Specific configuration for multi-nodes or when running with Pacemaker. - if count($nodes) > 1 or ! $manage_service { - class { 'rabbitmq': - config_cluster => $manage_service, - cluster_nodes => $nodes, - config_kernel_variables => $real_kernel_variables, - config_variables => $config_variables, - environment_variables => $environment_real, - # TLS options - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - ssl_versions => $configured_ssl_versions, - ssl_verify => $verify_server_peer, - ipv6 => $ipv6, - } - - # when running multi-nodes without Pacemaker - if $manage_service { - rabbitmq_policy { 'ha-all@/': - pattern => '^(?!amq\.).*', - definition => { - 'ha-mode' => 'all', - }, - } - } - } else { - # Standard configuration - class { 'rabbitmq': - config_kernel_variables => $kernel_variables, - config_variables => $config_variables, - environment_variables => $environment, - # TLS options - ssl_cert => $tls_certfile, - ssl_key => $tls_keyfile, - ssl_versions => $configured_ssl_versions, - ipv6 => $ipv6, - } - } - } - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $rabbitmq_bootstrapnode = true - } else { - $rabbitmq_bootstrapnode = false - } - - if $rabbitmq_bootstrapnode and $step >= 2 { - # When need to enforce the rabbitmq user inside a bootstrap node check for two reasons: - # a) on HA the users get replicated by the cluster anyway - # b) in the pacemaker profiles for rabbitmq we have an Exec['rabbitmq-ready'] -> Rabbitmq_User<||> collector - # which is applied only on the bootstrap node (because enforcing the readiness on all nodes can be problematic - # in situations like controller replacement) - # Required for changing password on update scenario. Password will be changed only when - # called explicitly, THT enforces that the rabbitmq service is already running when we call this. - rabbitmq_user { $rabbitmq_user : - password => $rabbitmq_pass, - admin => true, - } - } -} diff --git a/manifests/profile/base/rsyslog/sidecar.pp b/manifests/profile/base/rsyslog/sidecar.pp deleted file mode 100644 index f43f793ac..000000000 --- a/manifests/profile/base/rsyslog/sidecar.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::rsyslog::sidecar -# -# Configure the rsyslog sidecar container configuration. -# -# === Parameters -# -# [*socket_path*] -# (Optional) Path to the socket that rsyslog with read from. -# Defaults to '/sockets/log' -# -class tripleo::profile::base::rsyslog::sidecar ( - $socket_path = '/sockets/log' -) { - file { '/etc/rsyslog.conf': - ensure => file, - content => template('tripleo/rsyslog_sidecar/rsyslog.conf.erb'), - owner => 'root', - group => 'root', - mode => '0440', - } -} diff --git a/manifests/profile/base/snmp.pp b/manifests/profile/base/snmp.pp deleted file mode 100644 index e04df0f54..000000000 --- a/manifests/profile/base/snmp.pp +++ /dev/null @@ -1,83 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::snmp -# -# SNMP profile for tripleo -# -# === Parameters -# -# [*snmpd_config*] -# An array of snmp config. -# Example: -# snmpd_config: -# - 'createUser ro_snmp_user MD5 "secrete"', -# - 'rouser ro_snmp_user' -# - 'proc neutron-server' -# - 'proc nova-api' -# Note: since we give total freedom to configure snmpd_config and don't -# verify the content, the user will have to ensure that the parameters -# related to user / password in the array, are the same given to -# THT via SnmpdReadonlyUserName and SnmpdReadonlyUserPassword. -# Defaults to undef. -# -# [*snmpd_auth_type*] -# The SNMP auth type -# Defaults to lookup('snmpd_readonly_user_authtype', undef, undef, 'MD5') -# -# [*snmpd_password*] -# The SNMP password -# Defaults to lookup('snmpd_readonly_user_password') -# -# [*snmpd_user*] -# The SNMP username -# Defaults to lookup('snmpd_readonly_user_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::snmp ( - $snmpd_config = undef, - $snmpd_auth_type = lookup('snmpd_readonly_user_authtype', undef, undef, 'MD5'), - $snmpd_password = lookup('snmpd_readonly_user_password'), - $snmpd_user = lookup('snmpd_readonly_user_name'), - $step = Integer(lookup('step')), -) { - if $step >= 4 { - snmp::snmpv3_user { $snmpd_user: - authtype => $snmpd_auth_type, - authpass => $snmpd_password, - } - if $snmpd_config { - validate_legacy(Array, 'validate_array', $snmpd_config) - class { 'snmp': - snmpd_config => $snmpd_config, - } - } else { - class { 'snmp': - snmpd_config => [ join(['createUser ', $snmpd_user, ' ', $snmpd_auth_type, ' "', $snmpd_password, '"']), - join(['rouser ', $snmpd_user]), - 'proc cron', - 'includeAllDisks 10%', - 'master agentx', - 'iquerySecName internalUser', - 'rouser internalUser', - 'defaultMonitors yes', - 'linkUpDownNotifications yes' ], - } - } - } -} diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp deleted file mode 100644 index 6933d8542..000000000 --- a/manifests/profile/base/sshd.pp +++ /dev/null @@ -1,92 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::sshd -# -# SSH composable service for TripleO -# -# === Parameters -# -# [*options*] -# Hash of SSHD options to set. See the puppet-ssh module documentation for -# details. -# Defaults to {} -# -# [*listen*] -# List of addresses to which sshd daemon listens. -# Defaults to [] -# -# [*port*] -# SSH port or list of ports to bind to -# Defaults to [22] -# -# [*password_authentication*] -# Whether or not disable password authentication -# Defaults to 'no' - -class tripleo::profile::base::sshd ( - $options = {}, - $listen = [], - $port = [22], - $password_authentication = 'no', -) { - - if $options['ListenAddress'] { - $sshd_options_listen = {'ListenAddress' => unique(concat(any2array($options['ListenAddress']), $listen))} - } elsif !empty($listen) { - $sshd_options_listen = {'ListenAddress' => unique(any2array($listen))} - } else { - $sshd_options_listen = {} - } - - if $options['Port'] { - $sshd_options_port = {'Port' => unique(concat(any2array($options['Port']), $port))} - } else { - $sshd_options_port = {'Port' => unique(any2array($port))} - } - - # Prevent error messages on sshd startup - $basic_options = { - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ] - } - - $password_auth_options = { - 'PasswordAuthentication' => $password_authentication - } - - $sshd_options = merge( - $options, - $basic_options, - $sshd_options_port, - $sshd_options_listen, - $password_auth_options, - ) - - # NB (owalsh) in puppet-ssh hiera takes precedence over the class param - # we need to control this, so error if it's set in hiera - if lookup('ssh::server::options', undef, undef, undef) { - err('ssh::server::options must not be set, use tripleo::profile::base::sshd::options') - } - class { 'ssh': - storeconfigs_enabled => false, - server_options => $sshd_options, - # NOTE: Force disabling client configuration. - client_options => {}, - } -} diff --git a/manifests/profile/base/swift.pp b/manifests/profile/base/swift.pp deleted file mode 100644 index d0eb5d2f0..000000000 --- a/manifests/profile/base/swift.pp +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::swift -# -# Swift common profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*memcache_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -class tripleo::profile::base::swift ( - $step = Integer(lookup('step')), - $memcache_port = lookup('memcached_port', undef, undef, 11211), - $memcache_servers = lookup('memcached_node_names', undef, undef, []), -) { - if $step >= 4 { - $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") - class { 'swift::objectexpirer': - pipeline => ['catch_errors', 'cache', 'proxy-server'], - memcache_servers => $swift_memcache_servers - } - } -} diff --git a/manifests/profile/base/swift/add_devices.pp b/manifests/profile/base/swift/add_devices.pp deleted file mode 100644 index a23b49b06..000000000 --- a/manifests/profile/base/swift/add_devices.pp +++ /dev/null @@ -1,61 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# == Function: tripleo::profile::base::swift::add_devices -# -# Swift add_devices helper function -# -# === Parameters -# -# [*swift_zones*] -# (Optional) The number of swift zones. -# -define tripleo::profile::base::swift::add_devices( - $swift_zones = '1' -){ - # NOTE(dprince): Swift zones is not yet properly wired into the Heat - # templates. See: https://review.openstack.org/#/c/97758/3 - # For now our regex supports the r1z1-192.0.2.6:%PORT%/d1 syntax or the - # newer r1z%%-192.0.2.6:%PORT%/d1 syntax. - $server_num_or_device = regsubst($name,'^r1z%+[A-Za-z]*([0-9]+)%+-(.*)$','\1') - if $server_num_or_device =~ Stdlib::Compat::Integer { - $server_num = $server_num_or_device - } else { - $server_num = '1' - } - # Function to place server in its zone. Zone is calculated by - # server number in heat template modulo the number of zones + 1. - $zone = (($server_num%$swift_zones) + 1) - - # add the rings - $base_notnormal = regsubst($name,'^r1.*-(.*)$','\1') - $ip_notnormal = regsubst($base_notnormal, ':%PORT%.*', '') - $ip = normalize_ip_for_uri($ip_notnormal) - $base = regsubst($base_notnormal, $ip_notnormal, $ip) - $object = regsubst($base, '%PORT%', '6000') - ring_object_device { $object: - zone => '1', - weight => 100, - } - $container = regsubst($base, '%PORT%', '6001') - ring_container_device { $container: - zone => '1', - weight => 100, - } - $account = regsubst($base, '%PORT%', '6002') - ring_account_device { $account: - zone => '1', - weight => 100, - } -} diff --git a/manifests/profile/base/swift/dispersion.pp b/manifests/profile/base/swift/dispersion.pp deleted file mode 100644 index 8b1da8acc..000000000 --- a/manifests/profile/base/swift/dispersion.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::swift::dispersion -# -# Swift dispersion profile for tripleo -# -# === Parameters -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -class tripleo::profile::base::swift::dispersion ( - $step = Integer(lookup('step')), -) { - if $step >= 5 { - include swift::client - include swift::dispersion - } -} diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp deleted file mode 100644 index e18231fab..000000000 --- a/manifests/profile/base/swift/proxy.pp +++ /dev/null @@ -1,206 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::swift::proxy -# -# Swift proxy profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('swift_proxy_short_bootstrap_node_name', undef, undef, undef) -# -# [*ceilometer_enabled*] -# Whether the ceilometer pipeline is enabled. -# Defaults to true -# -# [*oslomsg_rpc_proto*] -# Protocol driver for the oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_scheme', undef, undef, rabbit) -# -# [*oslomsg_rpc_hosts*] -# list of the oslo messaging rpc host fqdns -# Defaults to any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)) -# -# [*oslomsg_rpc_port*] -# IP port for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_port', undef, undef, 5672) -# -# [*oslomsg_rpc_username*] -# Username for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest') -# -# [*oslomsg_rpc_password*] -# Password for oslo messaging rpc service -# Defaults to lookup('oslo_messaging_rpc_password') -# -# [*oslomsg_rpc_use_ssl*] -# Enable ssl oslo messaging services -# Defaults to lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0') -# -# [*certificates_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# apache_certificates_specs: -# httpd-internal_api: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('apache_certificates_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*memcache_port*] -# (Optional) Memcached port to use. -# Defaults to lookup('memcached_port', undef, undef, 11211) -# -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to lookup('memcached_node_names', undef, undef, []) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*swift_proxy_network*] -# (Optional) The network name where the swift proxy endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('swift_proxy_network', undef, undef, undef) -# -# [*tls_proxy_bind_ip*] -# IP on which the TLS proxy will listen on. Required only if -# enable_internal_tls is set. -# Defaults to undef -# -# [*tls_proxy_fqdn*] -# fqdn on which the tls proxy will listen on. required only used if -# enable_internal_tls is set. -# defaults to undef -# -# [*tls_proxy_port*] -# port on which the tls proxy will listen on. Only used if -# enable_internal_tls is set. -# defaults to 8080 -# -# [*audit_enabled*] -# Whether the pycadf audit middleware is is enabled. -# Defaults to false -# -# [*configure_apache*] -# (Optional) Whether apache is configured via puppet or not. -# Defaults to lookup('configure_apache', undef, undef, true) -# -class tripleo::profile::base::swift::proxy ( - $bootstrap_node = lookup('swift_proxy_short_bootstrap_node_name', undef, undef, undef), - $ceilometer_enabled = true, - $oslomsg_rpc_proto = lookup('oslo_messaging_rpc_scheme', undef, undef, 'rabbit'), - $oslomsg_rpc_hosts = any2array(lookup('oslo_messaging_rpc_node_names', undef, undef, undef)), - $oslomsg_rpc_password = lookup('oslo_messaging_rpc_password'), - $oslomsg_rpc_port = lookup('oslo_messaging_rpc_port', undef, undef, '5672'), - $oslomsg_rpc_username = lookup('oslo_messaging_rpc_user_name', undef, undef, 'guest'), - $oslomsg_rpc_use_ssl = lookup('oslo_messaging_rpc_use_ssl', undef, undef, '0'), - $certificates_specs = lookup('apache_certificates_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $memcache_port = lookup('memcached_port', undef, undef, 11211), - $memcache_servers = lookup('memcached_node_names', undef, undef, []), - $step = Integer(lookup('step')), - $swift_proxy_network = lookup('swift_proxy_network', undef, undef, undef), - $tls_proxy_bind_ip = undef, - $tls_proxy_fqdn = undef, - $tls_proxy_port = 8080, - $audit_enabled = false, - $configure_apache = lookup('configure_apache', undef, undef, true), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $is_bootstrap = true - } else { - $is_bootstrap = false - } - if $step >= 4 or ($step >= 3 and $is_bootstrap) { - if $enable_internal_tls { - if !$swift_proxy_network { - fail('swift_proxy_network is not set in the hieradata.') - } - $tls_certfile = $certificates_specs["httpd-${swift_proxy_network}"]['service_certificate'] - $tls_keyfile = $certificates_specs["httpd-${swift_proxy_network}"]['service_key'] - - if $configure_apache { - ::tripleo::tls_proxy { 'swift-proxy-api': - servername => $tls_proxy_fqdn, - ip => $tls_proxy_bind_ip, - port => $tls_proxy_port, - tls_cert => $tls_certfile, - tls_key => $tls_keyfile, - } - Tripleo::Tls_proxy['swift-proxy-api'] ~> Anchor<| title == 'swift::service::begin' |> - include tripleo::profile::base::apache - } - } - } - include tripleo::profile::base::swift - if $step >= 4 { - $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") - include swift - include swift::config - include swift::proxy - include swift::proxy::catch_errors - include swift::proxy::gatekeeper - include swift::proxy::healthcheck - include swift::proxy::proxy_logging - class { 'swift::proxy::cache': - memcache_servers => $swift_memcache_servers - } - include swift::proxy::listing_formats - include swift::proxy::ratelimit - include swift::proxy::bulk - include swift::proxy::tempurl - include swift::proxy::formpost - include swift::proxy::authtoken - include swift::proxy::s3api - include swift::proxy::s3token - include swift::proxy::keystone - include swift::proxy::staticweb - include swift::proxy::copy - include swift::proxy::container_quotas - include swift::proxy::account_quotas - include swift::proxy::slo - include swift::proxy::dlo - include swift::proxy::versioned_writes - if $ceilometer_enabled { - $oslomsg_rpc_use_ssl_real = sprintf('%s', bool2num(str2bool($oslomsg_rpc_use_ssl))) - class { 'swift::proxy::ceilometer': - default_transport_url => os_transport_url({ - 'transport' => $oslomsg_rpc_proto, - 'hosts' => $oslomsg_rpc_hosts, - 'port' => $oslomsg_rpc_port, - 'username' => $oslomsg_rpc_username, - 'password' => $oslomsg_rpc_password, - 'ssl' => $oslomsg_rpc_use_ssl_real, - }), - } - } - include swift::proxy::kms_keymaster - include swift::proxy::encryption - include swift::keymaster - if $audit_enabled { - include swift::proxy::audit - } - } -} diff --git a/manifests/profile/base/swift/ringbuilder.pp b/manifests/profile/base/swift/ringbuilder.pp deleted file mode 100644 index 4294ceb7c..000000000 --- a/manifests/profile/base/swift/ringbuilder.pp +++ /dev/null @@ -1,175 +0,0 @@ -# Copyright 2015 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# == Class: tripleo::profile::base::swift::ringbuilder -# -# Swift ringbuilder profile for tripleo -# -# === Parameters -# -# [*replicas*] -# replicas -# -# [*build_ring*] = true, -# (Optional) Whether to build the ring -# Defaults to true -# -# [*devices*] -# (Optional) DEPRECATED The swift devices -# Should pass raw_disk_prefix, raw_disks and swift_storage_node_ips instead -# Defaults to '' -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*swift_zones*] -# (Optional) The swift zones -# Defaults to 1 -# -# [*raw_disk_prefix*] -# (Optional) Disk prefix used to create devices list -# Defaults to 'r1z1-' -# -# [*raw_disks*] -# (Optional) list of raw disks in format -# [':%PORT%/device1', ':%PORT%/device2'] -# Combined with raw_disk_prefix and swift_storage_node_ips -# to create devices list -# Defaults to an empty list -# -# [*swift_storage_node_ips*] -# (Optional) list of ip addresses for nodes running swift_storage service -# Defaults to lookup('swift_storage_node_ips', undef, undef, []) -# -# [*part_power*] -# (Optional) The total number of partitions that should exist in the ring. -# This is expressed as a power of 2. -# Defaults to undef -# -# [*min_part_hours*] -# Minimum amount of time before partitions can be moved. -# Defaults to undef -# -# [*swift_ring_get_tempurl*] -# GET tempurl to fetch Swift rings from -# Defaults to lookup('swift_ring_get_tempurl', undef, undef, '') -# -# [*swift_ring_put_tempurl*] -# PUT tempurl to upload Swift rings to -# Defaults to lookup('swift_ring_put_tempurl', undef, undef, '') -# -# [*skip_consistency_check*] -# If set to true, skip the recon check to ensure rings are identical on all -# nodes. Defaults to false -# -class tripleo::profile::base::swift::ringbuilder ( - $replicas, - $build_ring = true, - $devices = undef, - $step = Integer(lookup('step')), - $swift_zones = '1', - $raw_disk_prefix = 'r1z1-', - $raw_disks = [], - $swift_storage_node_ips = lookup('swift_storage_node_ips', undef, undef, []), - $part_power = undef, - $min_part_hours = undef, - $swift_ring_get_tempurl = lookup('swift_ring_get_tempurl', undef, undef, ''), - $swift_ring_put_tempurl = lookup('swift_ring_put_tempurl', undef, undef, ''), - $skip_consistency_check = false, -) { - - if $step >= 2 and $swift_ring_get_tempurl != '' { - exec{'fetch_swift_ring_tarball': - path => ['/usr/bin'], - command => "curl -g --insecure --silent --retry 3 '${swift_ring_get_tempurl}' -o /tmp/swift-rings.tar.gz", - returns => [0, 3], - timeout => 30, - tries => 3, - } - ~> exec{'extract_swift_ring_tarball': - path => ['/bin'], - command => 'tar xzf /tmp/swift-rings.tar.gz -C /', - returns => [0, 2] - } - } - - if $step >= 2 { - # pre-install swift here so we can build rings - include swift - } - - if $step >= 3 { - validate_legacy(Boolean, 'validate_bool', $build_ring) - - if $build_ring { - if $devices { - $device_array = strip(split(rstrip($devices), ',')) - } else { - $device_array = tripleo_swift_devices($raw_disk_prefix, $swift_storage_node_ips, $raw_disks) - } - - # create local rings - swift::ringbuilder::create{ ['object', 'account', 'container']: - part_power => $part_power, - replicas => min(count($device_array), $replicas), - min_part_hours => $min_part_hours, - } - - # add all other devices - -> tripleo::profile::base::swift::add_devices {$device_array: - swift_zones => $swift_zones, - } - - # rebalance - -> swift::ringbuilder::rebalance{ ['object', 'account', 'container']: - seed => '999', - } - - Ring_object_device<| |> ~> Exec['rebalance_object'] - Ring_account_device<| |> ~> Exec['rebalance_account'] - Ring_container_device<| |> ~> Exec['rebalance_container'] - } - } - - if $step >= 5 and $build_ring and $swift_ring_put_tempurl != '' { - if $skip_consistency_check { - exec{'create_swift_ring_tarball': - path => ['/bin', '/usr/bin'], - command => 'tar cvzf /tmp/swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/', - } - } else { - exec{'create_swift_ring_tarball': - path => ['/bin', '/usr/bin'], - command => 'tar cvzf /tmp/swift-rings.tar.gz /etc/swift/*.builder /etc/swift/*.ring.gz /etc/swift/backups/', - unless => 'swift-recon --md5 | grep -q "doesn\'t match"', - } - } - exec{'upload_swift_ring_tarball': - path => ['/usr/bin'], - command => "curl -g --insecure --silent --retry 3 -X PUT '${$swift_ring_put_tempurl}' --data-binary @/tmp/swift-rings.tar.gz", - require => Exec['create_swift_ring_tarball'], - refreshonly => true, - timeout => 30, - tries => 3, - } - - Exec['rebalance_account'] ~> Exec['create_swift_ring_tarball'] - Exec['rebalance_container'] ~> Exec['create_swift_ring_tarball'] - Exec['rebalance_object'] ~> Exec['create_swift_ring_tarball'] - - Exec['create_swift_ring_tarball'] ~> Exec['upload_swift_ring_tarball'] - } -} diff --git a/manifests/profile/base/swift/storage.pp b/manifests/profile/base/swift/storage.pp deleted file mode 100644 index fe5a1206d..000000000 --- a/manifests/profile/base/swift/storage.pp +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::base::swift::storage -# -# Swift storage profile for tripleo -# -# === Parameters -# -# [*enable_swift_storage*] -# (Optional) enable_swift_storage -# Deprecated: defaults to true -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*use_local_dir*] -# (Optional) Creates a local directory to store data on the system disk -# Defaults to true -# -# [*local_dir*] -# (Optional) Defines the directory name to use for the local storage -# Defaults to /srv/node/d1 -# -class tripleo::profile::base::swift::storage ( - # Deprecated conditional to support ControllerEnableSwiftStorage parameter - $enable_swift_storage = true, - $step = Integer(lookup('step')), - $use_local_dir = true, - $local_dir = '/srv/node/d1', -) { - include tripleo::profile::base::swift - if $step >= 4 { - if $enable_swift_storage { - include swift - include swift::config - include swift::storage::disks - include swift::storage::loopbacks - include swift::storage::all - include swift::storage::cron::recon - if(!defined(File['/srv/node'])) { - file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['swift'], - } - } - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - if $use_local_dir { - ensure_resource('file', $local_dir, { - ensure => 'directory', - owner => 'swift', - group => 'swift', - require => Package['swift'], - }) - } - } - } -} diff --git a/manifests/profile/pacemaker/ceph_nfs.pp b/manifests/profile/pacemaker/ceph_nfs.pp deleted file mode 100644 index c28b83633..000000000 --- a/manifests/profile/pacemaker/ceph_nfs.pp +++ /dev/null @@ -1,153 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::ceph_nfs -# -# Ganesha Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ceph_nfs_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -class tripleo::profile::pacemaker::ceph_nfs ( - $bootstrap_node = lookup('ceph_nfs_short_bootstrap_node_name'), - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - $ganesha_vip = lookup('ganesha_vip') - # NB: Until the IPaddr2 RA has a fix for https://bugzilla.redhat.com/show_bug.cgi?id=1445628 - # we need to specify the nic when creating the ipv6 vip. - if $ganesha_vip =~ Stdlib::Compat::Ipv6 { - $netmask = '128' - $nic = interface_for_ip($ganesha_vip) - $ipv6_addrlabel = '99' - } else { - $netmask = '32' - $nic = '' - $ipv6_addrlabel = '' - } - - - Service <| tag == 'ceph-nfs' |> { - hasrestart => true, - restart => '/bin/true', - start => '/bin/true', - stop => '/bin/true', - } - - if $step >= 2 { - if $pacemaker_master { - # At step2 we only create the node property on master so that - # both VIP and (later at step5) ceph-nfs service can start on master - # node only. This way we can guarantee that the VIP and ceph-nfs are - # colocated. Later we expand the properties on all nodes where ceph_nfs - # is supposed to run. - pacemaker::property { 'ceph-nfs-role-node-property': - property => 'ceph-nfs-role', - value => true, - tries => $pcs_tries, - node => $::hostname, - } - pacemaker::resource::ip { 'ganesha_vip': - ip_address => $ganesha_vip, - cidr_netmask => $netmask, - nic => $nic, - ipv6_addrlabel => $ipv6_addrlabel, - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['ceph-nfs-role eq true'], - }, - } - } - } - - # When we create manila-share resource at step 5 we need the ceph-nfs pcmk resource up - # and running. But since we moved to pcs commands invoked on host, manila-share at step5 - # gets created *before* ceph-nfs (as it is invoked via step_config vs docker_config) - if $step >= 4 and $pacemaker_master { - pacemaker::resource::service { 'ceph-nfs' : - service_name => 'ceph-nfs@pacemaker', - op_params => 'start timeout=200s stop timeout=200s', - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['ceph-nfs-role eq true'], - }, - } - - pacemaker::constraint::colocation { 'ganesha_vip-with-ganesha': - source => "ip-${ganesha_vip}", - target => 'ceph-nfs', - score => 'INFINITY', - tries => $pcs_tries, - } - - pacemaker::constraint::order { 'ganesha_vip-then-ganesha': - first_resource => "ip-${ganesha_vip}", - second_resource => 'ceph-nfs', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - tries => $pcs_tries, - tag => 'pacemaker_constraint', - } - - # See comment on pacemaker::property at step2 - if (lookup('ceph_nfs_short_node_names_override', undef, undef, undef)) { - $ceph_nfs_short_node_names = lookup('ceph_nfs_short_node_names_override') - } else { - $ceph_nfs_short_node_names = lookup('ceph_nfs_short_node_names') - } - - $ceph_nfs_short_node_names.each |String $node_name| { - # We only set the properties for the non-bootstrap nodes - # because we set the property for the bootstrap node at step 2 - # already - if $node_name != $bootstrap_node { - pacemaker::property { "ceph-nfs-role-${node_name}": - property => 'ceph-nfs-role', - value => true, - tries => $pcs_tries, - node => $node_name, - } - } - } - - Pacemaker::Resource::Ip['ganesha_vip'] - -> Pacemaker::Resource::Service['ceph-nfs'] - -> Pacemaker::Constraint::Order['ganesha_vip-then-ganesha'] - -> Pacemaker::Constraint::Colocation['ganesha_vip-with-ganesha'] - -> Pacemaker::Property<||> - } -} diff --git a/manifests/profile/pacemaker/cinder/backup_bundle.pp b/manifests/profile/pacemaker/cinder/backup_bundle.pp deleted file mode 100644 index 368f1b48c..000000000 --- a/manifests/profile/pacemaker/cinder/backup_bundle.pp +++ /dev/null @@ -1,243 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::cinder::backup_bundle -# -# Containerized Redis Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*cinder_backup_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef -# -# [*docker_volumes*] -# (Optional) The list of volumes to be mounted in the docker container -# Defaults to [] -# -# [*docker_environment*] -# (Optional) List or Hash of environment variables set in the docker container -# Defaults to {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'} -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('redis_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/openstack-cinder-backup.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -# [*ceph_conf_path*] -# (optional) The path where the Ceph Cluster config files are stored on the host -# Defaults to '/etc/ceph' -# -class tripleo::profile::pacemaker::cinder::backup_bundle ( - $bootstrap_node = lookup('cinder_backup_short_bootstrap_node_name'), - $cinder_backup_docker_image = undef, - $docker_volumes = [], - $docker_environment = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'}, - $container_backend = 'podman', - $ceph_conf_path = '/etc/ceph', - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/openstack-cinder-backup.log', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $step = Integer(lookup('step')), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - - include tripleo::profile::base::cinder::backup - - if $step >= 2 and $pacemaker_master { - $cinder_backup_short_node_names = lookup('cinder_backup_short_node_names') - if (lookup('pacemaker_short_node_names_override', undef, undef, undef)) { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names_override') - } else { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names') - } - - $pcmk_cinder_backup_nodes = intersection($cinder_backup_short_node_names, $pacemaker_short_node_names) - $pcmk_cinder_backup_nodes.each |String $node_name| { - pacemaker::property { "cinder-backup-role-${node_name}": - property => 'cinder-backup-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle[$::cinder::params::backup_service], - } - } - } - - if $step >= 5 { - if $pacemaker_master { - $docker_vol_arr = delete(any2array($docker_volumes), '').flatten() - - unless empty($docker_vol_arr) { - $storage_maps = docker_volumes_to_storage_maps($docker_vol_arr, 'cinder-backup') - } else { - notice('Using fixed list of docker volumes for cinder-backup bundle') - # Default to previous hard-coded list - $storage_maps = { - 'cinder-backup-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/cinder_backup.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'cinder-backup-cfg-data' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'cinder-backup-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'cinder-backup-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'cinder-backup-dev' => { - 'source-dir' => '/dev', - 'target-dir' => '/dev', - 'options' => 'rw', - }, - 'cinder-backup-run' => { - 'source-dir' => '/run', - 'target-dir' => '/run', - 'options' => 'rw', - }, - 'cinder-backup-sys' => { - 'source-dir' => '/sys', - 'target-dir' => '/sys', - 'options' => 'rw', - }, - 'cinder-backup-lib-modules' => { - 'source-dir' => '/lib/modules', - 'target-dir' => '/lib/modules', - 'options' => 'ro', - }, - 'cinder-backup-iscsi' => { - 'source-dir' => '/etc/iscsi', - 'target-dir' => '/var/lib/kolla/config_files/src-iscsid', - 'options' => 'ro', - }, - 'cinder-backup-var-lib-cinder' => { - 'source-dir' => '/var/lib/cinder', - 'target-dir' => '/var/lib/cinder', - 'options' => 'rw,z', - }, - 'cinder-backup-pki-extracted' => { - 'source-dir' => '/etc/pki/ca-trust/extracted', - 'target-dir' => '/etc/pki/ca-trust/extracted', - 'options' => 'ro', - }, - 'cinder-backup-pki-ca-bundle-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'options' => 'ro', - }, - 'cinder-backup-pki-ca-bundle-trust-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'options' => 'ro', - }, - 'cinder-backup-pki-cert' => { - 'source-dir' => '/etc/pki/tls/cert.pem', - 'target-dir' => '/etc/pki/tls/cert.pem', - 'options' => 'ro', - }, - 'cinder-backup-var-log' => { - 'source-dir' => '/var/log/containers/cinder', - 'target-dir' => '/var/log/cinder', - 'options' => 'rw,z', - }, - 'cinder-backup-ceph-cfg-dir' => { - 'source-dir' => $ceph_conf_path, - 'target-dir' => '/var/lib/kolla/config_files/src-ceph', - 'options' => 'ro', - }, - } - } - - if $docker_environment =~ Hash { - $docker_env = join($docker_environment.map |$index, $value| { "-e ${index}=${value}" }, ' ') - } else { - $docker_env_arr = delete(any2array($docker_environment), '').flatten() - $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') - } - - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - pacemaker::resource::bundle { $::cinder::params::backup_service : - image => $cinder_backup_docker_image, - replicas => 1, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['cinder-backup-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver}${log_file_real} ${docker_env}${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - storage_maps => $storage_maps, - container_backend => $container_backend, - } - } - } -} diff --git a/manifests/profile/pacemaker/cinder/volume_bundle.pp b/manifests/profile/pacemaker/cinder/volume_bundle.pp deleted file mode 100644 index 5f639a823..000000000 --- a/manifests/profile/pacemaker/cinder/volume_bundle.pp +++ /dev/null @@ -1,243 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::cinder::volume_bundle -# -# Containerized Redis Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*cinder_volume_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults undef -# -# [*docker_volumes*] -# (Optional) The list of volumes to be mounted in the docker container -# Defaults to [] -# -# [*docker_environment*] -# (Optional) List or Hash of environment variables set in the docker container -# Defaults to {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'} -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('redis_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*ceph_conf_path*] -# (optional) The path where the Ceph Cluster config files are stored on the host -# Defaults to '/etc/ceph' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/openstack-cinder-volume.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -class tripleo::profile::pacemaker::cinder::volume_bundle ( - $bootstrap_node = lookup('cinder_volume_short_bootstrap_node_name'), - $cinder_volume_docker_image = undef, - $docker_volumes = [], - $docker_environment = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'}, - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $step = Integer(lookup('step')), - $container_backend = 'podman', - $ceph_conf_path = '/etc/ceph', - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/openstack-cinder-volume.log', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - include tripleo::profile::base::cinder::volume - - if $step >= 2 and $pacemaker_master { - $cinder_volume_short_node_names = lookup('cinder_volume_short_node_names') - - if (lookup('pacemaker_short_node_names_override', undef, undef, undef)) { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names_override') - } else { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names') - } - - $pcmk_cinder_volume_nodes = intersection($cinder_volume_short_node_names, $pacemaker_short_node_names) - $pcmk_cinder_volume_nodes.each |String $node_name| { - pacemaker::property { "cinder-volume-role-${node_name}": - property => 'cinder-volume-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle[$::cinder::params::volume_service], - } - } - } - - if $step >= 5 { - if $pacemaker_master { - $docker_vol_arr = delete(any2array($docker_volumes), '').flatten() - - unless empty($docker_vol_arr) { - $storage_maps = docker_volumes_to_storage_maps($docker_vol_arr, 'cinder-volume') - } else { - notice('Using fixed list of docker volumes for cinder-volume bundle') - # Default to previous hard-coded list - $storage_maps = { - 'cinder-volume-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/cinder_volume.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'cinder-volume-cfg-data' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/cinder/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'cinder-volume-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'cinder-volume-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'cinder-volume-dev' => { - 'source-dir' => '/dev', - 'target-dir' => '/dev', - 'options' => 'rw', - }, - 'cinder-volume-run' => { - 'source-dir' => '/run', - 'target-dir' => '/run', - 'options' => 'rw', - }, - 'cinder-volume-sys' => { - 'source-dir' => '/sys', - 'target-dir' => '/sys', - 'options' => 'rw', - }, - 'cinder-volume-lib-modules' => { - 'source-dir' => '/lib/modules', - 'target-dir' => '/lib/modules', - 'options' => 'ro', - }, - 'cinder-volume-iscsi' => { - 'source-dir' => '/etc/iscsi', - 'target-dir' => '/var/lib/kolla/config_files/src-iscsid', - 'options' => 'ro', - }, - 'cinder-volume-var-lib-cinder' => { - 'source-dir' => '/var/lib/cinder', - 'target-dir' => '/var/lib/cinder', - 'options' => 'rw,z', - }, - 'cinder-volume-pki-extracted' => { - 'source-dir' => '/etc/pki/ca-trust/extracted', - 'target-dir' => '/etc/pki/ca-trust/extracted', - 'options' => 'ro', - }, - 'cinder-volume-pki-ca-bundle-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'options' => 'ro', - }, - 'cinder-volume-pki-ca-bundle-trust-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'options' => 'ro', - }, - 'cinder-volume-pki-cert' => { - 'source-dir' => '/etc/pki/tls/cert.pem', - 'target-dir' => '/etc/pki/tls/cert.pem', - 'options' => 'ro', - }, - 'cinder-volume-var-log' => { - 'source-dir' => '/var/log/containers/cinder', - 'target-dir' => '/var/log/cinder', - 'options' => 'rw,z', - }, - 'cinder-volume-ceph-cfg-dir' => { - 'source-dir' => $ceph_conf_path, - 'target-dir' => '/var/lib/kolla/config_files/src-ceph/', - 'options' => 'ro', - }, - } - } - - if $docker_environment =~ Hash { - $docker_env = join($docker_environment.map |$index, $value| { "-e ${index}=${value}" }, ' ') - } else { - $docker_env_arr = delete(any2array($docker_environment), '').flatten() - $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') - } - - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - pacemaker::resource::bundle { $::cinder::params::volume_service: - image => $cinder_volume_docker_image, - replicas => 1, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['cinder-volume-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver}${log_file_real} ${docker_env}${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - storage_maps => $storage_maps, - container_backend => $container_backend, - } - } - } -} diff --git a/manifests/profile/pacemaker/clustercheck.pp b/manifests/profile/pacemaker/clustercheck.pp deleted file mode 100644 index 50584c5d7..000000000 --- a/manifests/profile/pacemaker/clustercheck.pp +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::clustercheck -# -# Clustercheck, galera health check profile for tripleo -# -# === Parameters -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*bind_address*] -# (Optional) The address that the local mysql instance should bind to. -# Defaults to lookup('mysql_bind_host') -# -# [*clustercheck_user*] -# (Optional) The name of the clustercheck user. -# Defaults to 'clustercheck' -# -# [*clustercheck_password*] -# (Optional) The password for the clustercheck user. -# Defaults to lookup('mysql_clustercheck_password') -# -# -class tripleo::profile::pacemaker::clustercheck ( - $step = Integer(lookup('step')), - $clustercheck_user = 'clustercheck', - $clustercheck_password = lookup('mysql_clustercheck_password'), - $bind_address = lookup('mysql_bind_host'), -) { - - if $step >= 1 { - # configuration used by the galera resource agent, - # and by the clustercheck service when it is configured - # to listen via socat - if $bind_address =~ Stdlib::Compat::Ipv6 { - $socat_listen_type = 'tcp6-listen' - } else { - $socat_listen_type = 'tcp4-listen' - } - file { '/etc/sysconfig/clustercheck' : - ensure => file, - mode => '0600', - owner => 'mysql', - group => 'mysql', - content => "MYSQL_USERNAME=${clustercheck_user}\n -MYSQL_PASSWORD='${clustercheck_password}'\n -MYSQL_HOST=localhost\n -TRIPLEO_SOCAT_BIND='${socat_listen_type}:9200,bind=\"${bind_address}\",reuseaddr,fork'\n", - } - - # configuration used when clustercheck is run via xinet - xinetd::service { 'galera-monitor' : - bind => $bind_address, - port => '9200', - server => '/usr/bin/clustercheck', - per_source => 'UNLIMITED', - log_on_success => '', - log_on_failure => 'HOST', - flags => 'REUSE', - service_type => 'UNLISTED', - user => 'mysql', - group => 'mysql', - } - } -} diff --git a/manifests/profile/pacemaker/compute_instanceha.pp b/manifests/profile/pacemaker/compute_instanceha.pp deleted file mode 100644 index 4e279d34d..000000000 --- a/manifests/profile/pacemaker/compute_instanceha.pp +++ /dev/null @@ -1,33 +0,0 @@ -# == Class: tripleo::profile::pacemaker::compute_instanceha -# -# Configures Compute nodes for Instance HA -# -# === Parameters: -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*enable_instanceha*] -# (Optional) Boolean driving the Instance HA controlplane configuration -# Defaults to false -# -class tripleo::profile::pacemaker::compute_instanceha ( - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $enable_instanceha = lookup('tripleo::instanceha', undef, undef, false), -) { - if $step >= 2 and $enable_instanceha { - pacemaker::property { 'compute-instanceha-role-node-property': - property => 'compute-instanceha-role', - value => true, - tries => $pcs_tries, - node => $::hostname, - } - } -} diff --git a/manifests/profile/pacemaker/database/mysql_bundle.pp b/manifests/profile/pacemaker/database/mysql_bundle.pp deleted file mode 100644 index 91892cb14..000000000 --- a/manifests/profile/pacemaker/database/mysql_bundle.pp +++ /dev/null @@ -1,709 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::mysql_bundle -# -# Containerized Mysql Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*mysql_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef -# -# [*control_port*] -# (Optional) The bundle's pacemaker_remote control port on the host -# Defaults to 3123 -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('mysql_short_bootstrap_node_name') -# -# [*bind_address*] -# (Optional) The address that the local mysql instance should bind to. -# Defaults to $::hostname -# -# [*ca_file*] -# (Optional) The path to the CA file that will be used for the TLS -# configuration. It's only used if internal TLS is enabled. -# Defaults to undef -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate -# it will create. Note that the certificate nickname must be 'mysql' in -# the case of this service. -# Example with hiera: -# tripleo::profile::base::database::mysql::certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "mysql/" -# Defaults to lookup('tripleo::profile::base::database::mysql::certificate_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*gmcast_listen_addr*] -# (Optional) This variable defines the address on which the node listens to -# connections from other nodes in the cluster. -# Defaults to lookup('mysql_bind_host') -# -# [*innodb_flush_log_at_trx_commit*] -# (Optional) Disk flush behavior for MySQL under Galera. A value of -# '1' indicates flush to disk per transaction. A value of '2' indicates -# flush to disk every second, flushing all unflushed transactions in -# one step. -# Defaults to lookup('innodb_flush_log_at_trx_commit', undef, undef, '1') -# -# [*clustercheck_user*] -# (Optional) The name of the clustercheck user. -# Defaults to 'clustercheck' -# -# [*clustercheck_password*] -# (Optional) The password for the clustercheck user. -# Defaults to lookup('mysql_clustercheck_password') -# -# [*sst_method*] -# (Optional) Method used by galera to perform State Snapshot Transfers -# Defaults to 'rsync' -# -# [*mariabackup_user*] -# (Optional) When sst_method is set to mariabackup, the name of the -# mariabackup user -# Defaults to 'mariabackup' -# -# [*mariabackup_password*] -# (Optional) When sst_method is set to mariabackup, the password for -# the mariabackup user -# Defaults to '' -# -# [*cipher_list*] -# (Optional) When enable_internal_tls is true, defines the list of allowed -# ciphers for the mysql server and Galera (including SST). -# Defaults to '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1' -# -# [*gcomm_cipher*] -# (Optional) When enable_internal_tls is true, defines the cipher -# used by Galera for the gcomm replication traffic. -# Defaults to 'AES128-SHA256' -# -# [*sst_tls_cipher*] -# (Optional) When enable_internal_tls is true, defines the list of -# ciphers that the socat may use to tunnel SST connections. Deprecated, -# now socat is configured based on option cipher_list. -# Defaults to undef -# -# [*sst_tls_options*] -# (Optional) When enable_internal_tls is true, defines additional -# parameters to be passed to socat for tunneling SST connections. -# Defaults to undef -# -# [*two_node_mode*] -# (Optional) Whether to configure the resource agent in special -# 2-node cluster mode, to allow recovering from a network partition. -# Defaults to false -# -# [*ipv6*] -# (Optional) Whether to deploy MySQL on IPv6 network. -# Defaults to str2bool(lookup('mysql_ipv6', undef, undef, false)) -# -# [*mysql_server_options*] -# (Optional) Extras options to deploy MySQL. Useful when deploying Galera cluster. -# Should be an hash. -# Defaults to lookup('tripleo::profile::base::database::mysql::mysql_server_options', {} -# -# [*mysql_auth_ed25519*] -# (Optional) Use MariaDB's ed25519 authentication plugin to authenticate -# a user when connecting to the server -# Defaults to lookup('mysql_auth_ed25519', undef, undef, false) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/galera-bundle.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -# [*open_files_limit*] -# (Optional) Maximum value for open-files-limit -# Defaults to 16384 -# -# [*start_timeout*] -# (Optional) Maximum time in second for initializing a galera server -# before pacemaker considers the operation timed out. -# Defaults to undef (use the default value in resource agent) -# -# [*promote_timeout*] -# (Optional) Maximum time in second for starting up a galera server -# before pacemaker considers the operation timed out. -# Defaults to 300 -# -# [*monitor_timeout*] -# (Optional) Maximum time in second for monitoring a galera server -# before pacemaker considers the operation timed out. -# Defaults to undef (use the default value in resource agent) -# -# [*demote_timeout*] -# (Optional) Maximum time in second for stopping a galera server -# before pacemaker considers the operation timed out. -# Defaults to undef (use the default value in resource agent) -# -# [*stop_timeout*] -# (Optional) Maximum time in second for ensuring a galera server is stopped -# before pacemaker considers the operation timed out. -# Defaults to undef (use the default value in resource agent) -# -# [*force_ocf*] -# (optional) Use --force when creating the ocf resource via pcs -# Defaults to false -# -# [*gcache_size*] -# (optional) Controls the gcache size. -# Defaults to undef -# -# [*gcache_recover*] -# (optional) Recover gcache on galera startup. -# Defaults to false -# -# [*provider_options*] -# (optional) Allows passing extra options to wsrep_provider_options. -# Defaults to undef -# -# [*pids_limit*] -# (optional) Tune the container's pids limit. Set to 0 to have unlimited -# pids for the container. The default is 4096 on systems that support -# "pids" cgroup controller. -# Defaults to undef -# -class tripleo::profile::pacemaker::database::mysql_bundle ( - $mysql_docker_image = undef, - $control_port = 3123, - $bootstrap_node = lookup('mysql_short_bootstrap_node_name'), - $bind_address = $::hostname, - $ca_file = undef, - $cipher_list = '!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES:!SSLv3:!TLSv1', - $gcomm_cipher = 'AES128-SHA256', - $certificate_specs = lookup('tripleo::profile::base::database::mysql::certificate_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $gmcast_listen_addr = lookup('mysql_bind_host'), - $innodb_flush_log_at_trx_commit = lookup('innodb_flush_log_at_trx_commit', undef, undef, '1'), - $clustercheck_user = 'clustercheck', - $clustercheck_password = lookup('mysql_clustercheck_password'), - $sst_method = 'rsync', - $mariabackup_user = 'mariabackup', - $mariabackup_password = '', - $sst_tls_cipher = undef, - $sst_tls_options = undef, - $ipv6 = str2bool(lookup('mysql_ipv6', undef, undef, false)), - $mysql_server_options = lookup('tripleo::profile::base::database::mysql::mysql_server_options', undef, undef, {}), - $mysql_auth_ed25519 = lookup('mysql_auth_ed25519', undef, undef, false), - $two_node_mode = false, - $container_backend = 'podman', - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/galera-bundle.log', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $step = Integer(lookup('step')), - $open_files_limit = 16384, - $start_timeout = undef, - $promote_timeout = 300, - $monitor_timeout = undef, - $demote_timeout = undef, - $stop_timeout = undef, - $force_ocf = false, - $gcache_size = undef, - $gcache_recover = false, - $provider_options = undef, - $pids_limit = undef, -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - # FQDN are lowercase in /etc/hosts, so are pacemaker node names - $galera_node_names_lookup = downcase( - lookup('mysql_short_node_names_override', undef, undef, - lookup('mysql_short_node_names', undef, undef, $::hostname))) - if (lookup('mysql_node_names_override', undef, undef, undef)) { - $galera_fqdns_names_lookup = downcase(lookup('mysql_node_names_override')) - } else { - # is this an additional nova cell? - if lookup('nova_is_additional_cell', undef, undef, undef) { - $galera_fqdns_names_lookup = downcase(lookup('mysql_cell_node_names', undef, undef, $::hostname)) - } else { - $galera_fqdns_names_lookup = downcase(lookup('mysql_node_names', undef, undef, $::hostname)) - } - } - - $galera_nodes = join(any2array($galera_fqdns_names_lookup), ',') - $galera_nodes_array = split($galera_nodes, ',') - $galera_nodes_count = count($galera_nodes_array) - - # construct a galera-pacemaker name mapping for the resource agent - # [galera-0:galera-0.internalapi.local, ...] - $host_map_array_tmp = zip($galera_node_names_lookup, $galera_fqdns_names_lookup) - $host_map_array = $host_map_array_tmp.map |$i| { - "${i[0]}:${i[1]}" - } - $cluster_host_map_string = join($host_map_array, ';') - - if $gcache_size { - $gcache_size_opt = "gcache.size=${gcache_size};" - } else { - $gcache_size_opt = '' - } - $gcache_recover_opt = "gcache.recover=${$gcache_recover ? { false => 'no', default => 'yes' }};" - $gcache_options = "${gcache_size_opt}${gcache_recover_opt}" - - if $sst_method == 'mariabackup' { - $wsrep_sst_method = 'mariabackup' - $mysqld_sst_auth = { - 'mysqld' => { 'wsrep_sst_auth' => "${mariabackup_user}:${mariabackup_password}" } - } - } else { - if $enable_internal_tls { - $wsrep_sst_method = 'rsync_tunnel' - } else { - $wsrep_sst_method = 'rsync' - } - $mysqld_sst_auth = {} - } - if $enable_internal_tls { - if $sst_method == 'mariabackup' { - $tcert = 'ssl-cert' - $tkey = 'ssl-key' - $tca = 'ssl-ca' - } else { - $tcert = 'tcert' - $tkey = 'tkey' - $tca = 'tca' - } - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - $sst_tls = { - $tcert => $tls_certfile, - $tkey => $tls_keyfile, - } - if $ca_file { - $tls_ca_options = "socket.ssl_ca=${ca_file}" - $sst_tca = { $tca => $ca_file } - } else { - $tls_ca_options = '' - $sst_tca = {} - } - $tls_options = "socket.ssl_key=${tls_keyfile};socket.ssl_cert=${tls_certfile};socket.ssl_cipher=${gcomm_cipher};${tls_ca_options};" - if $sst_method == 'mariabackup' { - $sst_encrypt = { 'encrypt' => 3 } - } else { - $sst_encrypt = {} - } - if $ipv6 { - $sst_ipv6 = 'pf=ip6' - } else { - $sst_ipv6 = undef - } - if defined(sst_tls_cipher) { - warning('The sst_tls_cipher parameter is deprecated, use cipher_list') - $sst_cipher = $sst_tls_cipher - } else { - $sst_cipher = $cipher_list - } - $all_sst_options = ["cipher=${sst_cipher}", $sst_tls_options, $sst_ipv6] - $sst_sockopt = { - 'sockopt' => join(delete_undef_values($all_sst_options), ',') - } - $mysqld_options_sst = { 'sst' => merge($sst_tls, $sst_tca, $sst_sockopt, $sst_encrypt) } - } else { - $tls_options = '' - if $sst_method == 'mariabackup' { - if $ipv6 { - $mysqld_options_sst = { 'sst' => { 'sockopt' => 'pf=ip6' } } - } else { - $mysqld_options_sst = {} - } - } else { - $mysqld_options_sst = {} - } - } - if $provider_options { - $extra_options = "${provider_options};" - } else { - $extra_options = '' - } - if $ipv6 { - $wsrep_provider_options = "${extra_options}${gcache_options}gmcast.listen_addr=tcp://[::]:4567;${tls_options}" - } else { - $wsrep_provider_options = "${extra_options}${gcache_options}gmcast.listen_addr=tcp://${gmcast_listen_addr}:4567;${tls_options}" - } - - $mysqld_options_mysqld = { - 'mysqld' => { - 'pid-file' => '/var/lib/mysql/mariadb.pid', - 'skip-name-resolve' => '1', - 'binlog_format' => 'ROW', - 'default-storage-engine' => 'innodb', - 'innodb_autoinc_lock_mode' => '2', - 'innodb_locks_unsafe_for_binlog' => '1', - 'innodb_flush_log_at_trx_commit' => $innodb_flush_log_at_trx_commit, - 'wsrep_on' => 'ON', - 'wsrep_provider' => '/usr/lib64/galera/libgalera_smm.so', - 'wsrep_cluster_name' => 'galera_cluster', - 'wsrep_cluster_address' => "gcomm://${galera_nodes}", - 'wsrep_slave_threads' => '1', - 'wsrep_certify_nonPK' => '1', - 'wsrep_debug' => '0', - 'wsrep_convert_LOCK_to_trx' => '0', - 'wsrep_retry_autocommit' => '1', - 'wsrep_auto_increment_control' => '1', - 'wsrep_drupal_282555_workaround' => '0', - 'wsrep_causal_reads' => '0', - 'wsrep_sst_method' => $wsrep_sst_method, - 'wsrep_provider_options' => $wsrep_provider_options, - }, - 'mysqld_safe' => { - 'pid-file' => '/var/lib/mysql/mariadb.pid', - } - } - - $mysqld_options = deep_merge($mysqld_options_mysqld, $mysqld_options_sst, - $mysqld_sst_auth, $mysql_server_options) - - # remove_default_accounts parameter will execute some mysql commands - # to remove the default accounts created by MySQL package. - # We need MySQL running to run the commands successfully, so better to - # wait step 2 before trying to run the commands. - if $step >= 2 and $pacemaker_master { - $remove_default_accounts = true - } else { - $remove_default_accounts = false - } - - $mysql_root_password = lookup('mysql::server::root_password') - - if $step >= 1 { - # Kolla sets the root password, expose it to the MySQL package - # so that it can initialize the database (e.g. create users) - file { '/root/.my.cnf' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "[client] -user=root -password=\"${mysql_root_password}\" - -[mysql] -user=root -password=\"${mysql_root_password}\"", - } - - # Resource agent uses those credentials to poll galera state - file { '/etc/sysconfig/clustercheck' : - ensure => file, - mode => '0600', - owner => 'root', - group => 'root', - content => "MYSQL_USERNAME=${clustercheck_user}\n -MYSQL_PASSWORD='${clustercheck_password}'\n -MYSQL_HOST=localhost\n", - } - } - - if $step >= 2 { - # need that class to create all openstack credentials - # we don't include it in step 1 because the kolla bootstrap - # happens after step 1 baremetal - class { 'tripleo::profile::base::database::mysql': - bind_address => $bind_address, - bootstrap_node => $bootstrap_node, - manage_resources => false, - remove_default_accounts => $remove_default_accounts, - mysql_server_options => $mysqld_options, - cipher_list => $cipher_list - } - - if $pacemaker_master { - if (lookup('mysql_short_node_names_override', undef, undef, undef)) { - $mysql_short_node_names = lookup('mysql_short_node_names_override') - } else { - $mysql_short_node_names = lookup('mysql_short_node_names') - } - - $mysql_short_node_names.each |String $node_name| { - # lint:ignore:puppet-lint-2.0.1 does not work with multiline strings - # and blocks (remove this when we move to 2.2.0 where this works) - pacemaker::property { "galera-role-${node_name}": - property => 'galera-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle['galera-bundle'], - } - # lint:endignore - } - - $storage_maps = { - 'mysql-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/mysql.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'mysql-cfg-data' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/mysql/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'mysql-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'mysql-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'mysql-lib' => { - 'source-dir' => '/var/lib/mysql', - 'target-dir' => '/var/lib/mysql', - 'options' => 'rw,z', - }, - # NOTE: we cannot remove this bind mount until the resource-agent - # can use the configured log-file for initial bootstrap operations - 'mysql-log-mariadb' => { - 'source-dir' => '/var/log/mariadb', - 'target-dir' => '/var/log/mariadb', - 'options' => 'rw,z', - }, - 'mysql-log' => { - 'source-dir' => '/var/log/containers/mysql', - 'target-dir' => '/var/log/mysql', - 'options' => 'rw,z', - }, - 'mysql-dev-log' => { - 'source-dir' => '/dev/log', - 'target-dir' => '/dev/log', - 'options' => 'rw', - }, - } - - if $pids_limit != undef { - $pids_limit_real = " --pids-limit ${pids_limit}" - } else { - $pids_limit_real = '' - } - if $enable_internal_tls { - $mysql_storage_maps_tls = { - 'mysql-pki-gcomm-key' => { - 'source-dir' => '/etc/pki/tls/private/mysql.key', - 'target-dir' => '/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/mysql.key', - 'options' => 'ro', - }, - 'mysql-pki-gcomm-cert' => { - 'source-dir' => '/etc/pki/tls/certs/mysql.crt', - 'target-dir' => '/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/mysql.crt', - 'options' => 'ro', - }, - } - if $ca_file { - $ca_storage_maps_tls = { - 'mysql-pki-gcomm-ca' => { - 'source-dir' => $ca_file, - 'target-dir' => "/var/lib/kolla/config_files/src-tls${ca_file}", - 'options' => 'ro', - }, - } - } else { - $ca_storage_maps_tls = {} - } - $storage_maps_tls = merge($mysql_storage_maps_tls, $ca_storage_maps_tls) - } else { - $storage_maps_tls = {} - } - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - if $two_node_mode == true { - $two_node_mode_opt = ' two_node_mode=true' - } else { - $two_node_mode_opt = '' - } - - pacemaker::resource::bundle { 'galera-bundle': - image => $mysql_docker_image, - replicas => $galera_nodes_count, - masters => $galera_nodes_count, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['galera-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--user=${bundle_user}${pids_limit_real} --log-driver=${log_driver}${log_file_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - network => "control-port=${control_port}", - storage_maps => merge($storage_maps, $storage_maps_tls), - container_backend => $container_backend, - tries => $pcs_tries, - before => Exec['galera-ready'], - } - - $op_start_params = $start_timeout ? { - undef => undef, - default => "start timeout=${start_timeout}s" - } - $op_promote_params = $promote_timeout ? { - undef => 'promote on-fail=block', - default => "promote timeout=${promote_timeout}s on-fail=block" - } - $op_monitor_params = $monitor_timeout ? { - undef => undef, - default => "monitor timeout=${monitor_timeout}s" - } - $op_demote_params = $demote_timeout ? { - undef => undef, - default => "demote timeout=${demote_timeout}s" - } - $op_stop_params = $stop_timeout ? { - undef => undef, - default => "stop timeout=${stop_timeout}s" - } - # lint:ignore:140chars - $op_params = join(delete_undef_values([$op_start_params, $op_promote_params, $op_monitor_params, $op_demote_params, $op_stop_params]), ' ') - # lint:endignore - - pacemaker::resource::ocf { 'galera': - ocf_agent_name => 'heartbeat:galera', - master_params => '', - meta_params => "master-max=${galera_nodes_count} ordered=true container-attribute-target=host", - op_params => $op_params, - resource_params => "log='/var/log/mysql/mysqld.log' additional_parameters='--open-files-limit=${open_files_limit}' enable_creation=true wsrep_cluster_address='gcomm://${galera_nodes}' cluster_host_map='${cluster_host_map_string}'${two_node_mode_opt}", - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['galera-role eq true'], - }, - bundle => 'galera-bundle', - require => [Class['mysql::server']], - before => Exec['galera-ready'], - force => $force_ocf, - } - - # Resource relation: we normally want the bundle resource to - # be run before the OCF one, as the latter depends on the former - # at creation time. - # However during scale up, both resources change, and the bundle - # one shouldn't be updated prior to the OCF one, otherwise - # pacemaker could spawn additional replicas before the necessary - # info is updated in the OCF resource, which would confuse the - # galera resource agent and cause spurious errors. - $replicas=pacemaker_bundle_replicas('galera-bundle') - if ($replicas > 0) and ($galera_nodes_count > $replicas) { - Pacemaker::Resource::Ocf['galera'] -> Pacemaker::Resource::Bundle['galera-bundle'] - } else { - Pacemaker::Resource::Bundle['galera-bundle'] -> Pacemaker::Resource::Ocf['galera'] - } - - exec { 'galera-ready' : - command => '/usr/bin/clustercheck >/dev/null', - timeout => 30, - tries => 180, - try_sleep => 10, - environment => ['AVAILABLE_WHEN_READONLY=0'], - tag => 'galera_ready' - } - File['/etc/sysconfig/clustercheck'] -> Exec['galera-ready'] - - # If the root password is to be updated: - # . hiera contains the new password - # . .my.cnf still contains the current root credentials - # so changing the root password can only happen before - # .my.cnf is re-generated by puppet - mysql_user { 'root@localhost': - ensure => present, - password_hash => mysql::password($mysql_root_password), - } - Mysql_user['root@localhost'] -> File['/root/.my.cnf'] - - # make sure to update all root users in the mysql DB - mysql_user { 'root@%': - ensure => present, - password_hash => mysql::password($mysql_root_password), - } - - # declare the clustercheck user resource to configure - # ed25519 authentication on stack creation or update. - if ($mysql_auth_ed25519) { - $clustercheck_resource_config = { - plugin => 'ed25519', - password_hash => mysql_ed25519_password($clustercheck_password), - } - } else { - $clustercheck_resource_config = { - password_hash => mysql::password($clustercheck_password), - } - } - mysql_user { 'clustercheck@localhost': - ensure => present, - * => $clustercheck_resource_config, - } - - # We create databases and users for services at step 2 as well. This ensures - # Galera is up and ready before those get created - File['/root/.my.cnf'] -> Mysql_database<||> - File['/root/.my.cnf'] -> Mysql_user<|title!='root@localhost'|> - File['/root/.my.cnf'] -> Mysql_grant<||> - Exec['galera-ready'] -> Mysql_database<||> - Exec['galera-ready'] -> Mysql_user<||> - Exec['galera-ready'] -> Mysql_grant<||> - } - } -} diff --git a/manifests/profile/pacemaker/database/redis_bundle.pp b/manifests/profile/pacemaker/database/redis_bundle.pp deleted file mode 100644 index e555b44a4..000000000 --- a/manifests/profile/pacemaker/database/redis_bundle.pp +++ /dev/null @@ -1,370 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::database::redis_bundle -# -# Containerized Redis Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*redis_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef -# -# [*redis_docker_control_port*] -# (Optional) The bundle's pacemaker_remote control port on the host -# Defaults to 3124 -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('redis_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*certificate_specs*] -# (Optional) The specifications to give to certmonger for the certificate(s) -# it will create. -# Example with hiera: -# redis_certificate_specs: -# hostname: -# service_certificate: -# service_key: -# principal: "haproxy/" -# Defaults to lookup('redis_certificate_specs', undef, undef, {}). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*redis_network*] -# (Optional) The network name where the redis endpoint is listening on. -# This is set by t-h-t. -# Defaults to lookup('redis_network', undef, undef, undef) -# -# [*extra_config_file*] -# (Optional) When TLS proxy is in use, name of a host-specific Redis -# config file that configures tunnel connection. -# This is set by t-h-t. -# Defaults to '/etc/redis-tls.conf' -# -# [*tls_tunnel_local_name*] -# (Optional) When TLS proxy is in use, name of the localhost to forward -# unencryption Redis traffic to. -# This is set by t-h-t. -# Defaults to 'localhost' -# -# [*tls_tunnel_base_port*] -# (Optional) When TLS proxy is in use, a base integer value that is used -# to generate a unique port number for each peer in the Redis cluster. -# Defaults to '6660' -# -# [*tls_proxy_bind_ip*] -# IP on which the TLS proxy will listen on. Required only if -# enable_internal_tls is set. -# Defaults to undef -# -# [*tls_proxy_fqdn*] -# fqdn on which the tls proxy will listen on. required only used if -# enable_internal_tls is set. -# defaults to undef -# -# [*tls_proxy_port*] -# port on which the tls proxy will listen on. Only used if -# enable_internal_tls is set. -# defaults to 6379 -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/redis-bundle.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -# [*force_ocf*] -# (optional) Use --force when creating the ocf resource via pcs -# Defaults to false -class tripleo::profile::pacemaker::database::redis_bundle ( - $certificate_specs = lookup('redis_certificate_specs', undef, undef, {}), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $bootstrap_node = lookup('redis_short_bootstrap_node_name'), - $redis_docker_image = undef, - $redis_docker_control_port = 3124, - $container_backend = 'podman', - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/redis-bundle.log', - $step = Integer(lookup('step')), - $redis_network = lookup('redis_network', undef, undef, undef), - $extra_config_file = '/etc/redis-tls.conf', - $tls_tunnel_local_name = 'localhost', - $tls_tunnel_base_port = 6660, - $tls_proxy_bind_ip = undef, - $tls_proxy_fqdn = undef, - $tls_proxy_port = 6379, - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $force_ocf = false, -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - - class { 'tripleo::profile::base::database::redis': - pacemaker_managed => true, - tls_tunnel_local_name => $tls_tunnel_local_name, - tls_proxy_bind_ip => $tls_proxy_bind_ip, - tls_proxy_fqdn => $tls_proxy_fqdn, - tls_proxy_port => $tls_proxy_port, - } - - if $step >= 1 { - if $enable_internal_tls { - # certificate_specs is validated by the base redis class - $tls_certfile = $certificate_specs['service_certificate'] - $tls_keyfile = $certificate_specs['service_key'] - - $redis_node_names = lookup('redis_short_node_names', undef, undef, [$::hostname]) - $redis_node_ips = lookup('redis_node_ips', undef, undef, [$tls_proxy_bind_ip]) - - # keep a mapping of [node name, node ip, replication port] - $replication_tuples = zip($redis_node_names, $redis_node_ips).map |$index, $pair| { - $pair.concat($tls_tunnel_base_port+$index) - } - - # encrypted endpoints for outgoing redis replication traffic - $redis_peers = $replication_tuples.filter |$tuple| {$tuple[1] != $tls_proxy_bind_ip} - $redis_peers.each |$tuple| { - tripleo::stunnel::service_proxy { "redis_peer_${tuple[2]}": - client => 'yes', - accept_host => $tls_tunnel_local_name, - accept_port => $tuple[2], - connect_host => $tuple[1], - connect_port => $tls_proxy_port, - certificate => $tls_certfile, - key => $tls_keyfile, - notify => Class['redis'], - } - } - - # redis slave advertise itself as running on a specific - # that uniquely identifies it. This value is - # used by the master as is, and points the outgoing stunnel - # endpoint to target this slave. - - $local_tuple = $replication_tuples.filter |$tuple| { - $tuple[1] == $tls_proxy_bind_ip - } - if length($local_tuple)!=1 { - fail("could not determine local TLS replication port (local ip: '${tls_proxy_bind_ip}', assigned ports: '${replication_tuples}')") - } - - # NOTE: config parameters slave-announce-* are not exposed by - # puppet-redis, so for now we configure them via an additional - # host-specific config file - File {"${extra_config_file}": - ensure => present, - # owner => $::redis::config_owner, - # group => $::redis::config_group, - # mode => $::redis::config_file_mode, - content => "# Host-specific configuration for TLS -slave-announce-ip ${tls_tunnel_local_name} -slave-announce-port ${local_tuple[0][2]} -", - } - } else { - $replication_tuples = [] - } - } - - if $step >= 2 { - if $pacemaker_master { - if (lookup('redis_short_node_names_override', undef, undef, undef)) { - $redis_short_node_names = lookup('redis_short_node_names_override') - } else { - $redis_short_node_names = lookup('redis_short_node_names') - } - - $redis_nodes_count = count($redis_short_node_names) - $redis_short_node_names.each |String $node_name| { - pacemaker::property { "redis-role-${node_name}": - property => 'redis-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle['redis-bundle'], - } - } - - $storage_maps = { - 'redis-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/redis.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'redis-cfg-data-redis' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/redis/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'redis-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'redis-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'redis-lib' => { - 'source-dir' => '/var/lib/redis', - 'target-dir' => '/var/lib/redis', - 'options' => 'rw,z', - }, - 'redis-log' => { - 'source-dir' => '/var/log/containers/redis', - 'target-dir' => '/var/log/redis', - 'options' => 'rw,z', - }, - 'redis-run' => { - 'source-dir' => '/var/run/redis', - 'target-dir' => '/var/run/redis', - 'options' => 'rw,z', - }, - # TODO check whether those tls mappings are necessary - 'redis-pki-extracted' => { - 'source-dir' => '/etc/pki/ca-trust/extracted', - 'target-dir' => '/etc/pki/ca-trust/extracted', - 'options' => 'ro', - }, - 'redis-pki-ca-bundle-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'options' => 'ro', - }, - 'redis-pki-ca-bundle-trust-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'options' => 'ro', - }, - 'redis-pki-cert' => { - 'source-dir' => '/etc/pki/tls/cert.pem', - 'target-dir' => '/etc/pki/tls/cert.pem', - 'options' => 'ro', - }, - 'redis-dev-log' => { - 'source-dir' => '/dev/log', - 'target-dir' => '/dev/log', - 'options' => 'rw', - }, - } - - if $enable_internal_tls { - $redis_storage_maps_tls = { - 'redis-pki-gcomm-key' => { - 'source-dir' => '/etc/pki/tls/private/redis.key', - 'target-dir' => '/var/lib/kolla/config_files/src-tls/etc/pki/tls/private/redis.key', - 'options' => 'ro', - }, - 'redis-pki-gcomm-cert' => { - 'source-dir' => '/etc/pki/tls/certs/redis.crt', - 'target-dir' => '/var/lib/kolla/config_files/src-tls/etc/pki/tls/certs/redis.crt', - 'options' => 'ro', - }, - } - $storage_maps_tls = $redis_storage_maps_tls - } else { - $storage_maps_tls = {} - } - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - pacemaker::resource::bundle { 'redis-bundle': - image => $redis_docker_image, - replicas => $redis_nodes_count, - masters => 1, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['redis-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--user=${bundle_user} --log-driver=${log_driver}${log_file_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - network => "control-port=${redis_docker_control_port}", - storage_maps => merge($storage_maps, $storage_maps_tls), - container_backend => $container_backend, - tries => $pcs_tries, - } - - if length($replication_tuples)>1 { - $tunnel_map = $replication_tuples.map |$tuple| {"${tuple[0]}:${tuple[2]}"} - $tunnel_opt = " tunnel_port_map='${tunnel_map.join(';')}' tunnel_host='${tls_tunnel_local_name}'" - } else { - $tunnel_opt='' - } - pacemaker::resource::ocf { 'redis': - ocf_agent_name => 'heartbeat:redis', - resource_params => "wait_last_known_master=true${tunnel_opt}", - master_params => '', - meta_params => 'notify=true ordered=true interleave=true container-attribute-target=host', - op_params => 'start timeout=200s stop timeout=200s', - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['redis-role eq true'], - }, - bundle => 'redis-bundle', - require => [Pacemaker::Resource::Bundle['redis-bundle']], - force => $force_ocf, - } - - } - } -} diff --git a/manifests/profile/pacemaker/haproxy_bundle.pp b/manifests/profile/pacemaker/haproxy_bundle.pp deleted file mode 100644 index 350c2a07a..000000000 --- a/manifests/profile/pacemaker/haproxy_bundle.pp +++ /dev/null @@ -1,373 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::haproxy -# -# HAproxy with Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*haproxy_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to lookup('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef, undef, undef) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('haproxy_short_bootstrap_node_name') -# -# [*enable_load_balancer*] -# (Optional) Whether load balancing is enabled for this cluster -# Defaults to lookup('enable_load_balancer', undef, undef, true) -# -# [*ca_bundle*] -# (Optional) The path to the CA file that will be used for the TLS -# configuration. It's only used if internal TLS is enabled. -# Defaults to lookup('tripleo::haproxy::ca_bundle', undef, undef, undef) -# -# [*crl_file*] -# (Optional) The path to the file that contains the certificate -# revocation list. It's only used if internal TLS is enabled. -# Defaults to lookup('tripleo::haproxy::crl_file', undef, undef, undef) -# -# [*deployed_ssl_cert_path*] -# (Optional) The filepath of the certificate as it will be stored in -# the controller. -# Defaults to lookup('tripleo::haproxy::service_certificate', undef, undef, undef) -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*internal_certs_directory*] -# (Optional) Directory the holds the certificates to be used when -# when TLS is enabled in the internal network -# Defaults to undef -# -# [*internal_keys_directory*] -# (Optional) Directory the holds the certificates to be used when -# when TLS is enabled in the internal network -# Defaults to undef -# -# [*meta_params*] -# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*op_params*] -# (optional) Additional op parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/haproxy-bundle.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -# [*force_nic*] -# (optional) Force a specific nic interface name when creating all the VIPs -# The listening nic can be customized on a per-VIP basis by creating a hiera -# dict called: force_vip_nic_overrides[] = 'dummy' -# Defaults to lookup('tripleo::pacemaker::force_nic', undef, undef, undef) -# -class tripleo::profile::pacemaker::haproxy_bundle ( - $haproxy_docker_image = lookup('tripleo::profile::pacemaker::haproxy::haproxy_docker_image', undef, undef, undef), - $bootstrap_node = lookup('haproxy_short_bootstrap_node_name'), - $enable_load_balancer = lookup('enable_load_balancer', undef, undef, true), - $ca_bundle = lookup('tripleo::haproxy::ca_bundle', undef, undef, undef), - $crl_file = lookup('tripleo::haproxy::crl_file', undef, undef, undef), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $internal_certs_directory = undef, - $internal_keys_directory = undef, - $deployed_ssl_cert_path = lookup('tripleo::haproxy::service_certificate', undef, undef, undef), - $meta_params = '', - $op_params = '', - $container_backend = 'podman', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $force_nic = lookup('tripleo::pacemaker::force_nic', undef, undef, undef), - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/haproxy-bundle.log', - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), -) { - include tripleo::profile::base::haproxy - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - $force_vip_nic_overrides = lookup('force_vip_nic_overrides', undef, undef, {}) - validate_legacy(Hash, 'validate_hash', $force_vip_nic_overrides) - - if $step >= 2 and $enable_load_balancer { - if $pacemaker_master { - if (lookup('haproxy_short_node_names_override', undef, undef, undef)) { - $haproxy_short_node_names = lookup('haproxy_short_node_names_override') - } else { - $haproxy_short_node_names = lookup('haproxy_short_node_names') - } - - $haproxy_short_node_names.each |String $node_name| { - pacemaker::property { "haproxy-role-${node_name}": - property => 'haproxy-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle['haproxy-bundle'], - } - } - $haproxy_location_rule = { - resource_discovery => 'exclusive', - score => 0, - expression => ['haproxy-role eq true'], - } - # FIXME: we should not have to access tripleo::haproxy class - # parameters here to configure pacemaker VIPs. The configuration - # of pacemaker VIPs could move into puppet-tripleo or we should - # make use of less specific hiera parameters here for the settings. - $haproxy_nodes = lookup('haproxy_short_node_names') - $haproxy_nodes_count = count($haproxy_nodes) - - - $storage_maps = { - 'haproxy-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/haproxy.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'haproxy-cfg-data' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/haproxy/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'haproxy-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'haproxy-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'haproxy-var-lib' => { - 'source-dir' => '/var/lib/haproxy', - 'target-dir' => '/var/lib/haproxy', - 'options' => 'rw,z', - }, - 'haproxy-pki-extracted' => { - 'source-dir' => '/etc/pki/ca-trust/extracted', - 'target-dir' => '/etc/pki/ca-trust/extracted', - 'options' => 'ro', - }, - 'haproxy-pki-ca-bundle-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'options' => 'ro', - }, - 'haproxy-pki-ca-bundle-trust-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'options' => 'ro', - }, - 'haproxy-pki-cert' => { - 'source-dir' => '/etc/pki/tls/cert.pem', - 'target-dir' => '/etc/pki/tls/cert.pem', - 'options' => 'ro', - }, - 'haproxy-dev-log' => { - 'source-dir' => '/dev/log', - 'target-dir' => '/dev/log', - 'options' => 'rw', - }, - }; - - if $deployed_ssl_cert_path { - $cert_storage_maps = { - 'haproxy-cert' => { - 'source-dir' => $deployed_ssl_cert_path, - 'target-dir' => "/var/lib/kolla/config_files/src-tls${deployed_ssl_cert_path}", - 'options' => 'ro', - }, - } - } else { - $cert_storage_maps = {} - } - - if $enable_internal_tls { - $haproxy_storage_maps = { - 'haproxy-pki-certs' => { - 'source-dir' => $internal_certs_directory, - 'target-dir' => "/var/lib/kolla/config_files/src-tls${internal_certs_directory}", - 'options' => 'ro', - }, - 'haproxy-pki-keys' => { - 'source-dir' => $internal_keys_directory, - 'target-dir' => "/var/lib/kolla/config_files/src-tls${internal_keys_directory}", - 'options' => 'ro', - }, - } - if $ca_bundle { - $ca_storage_maps = { - 'haproxy-pki-ca-file' => { - 'source-dir' => $ca_bundle, - 'target-dir' => "/var/lib/kolla/config_files/src-tls${ca_bundle}", - 'options' => 'ro', - }, - } - } else { - $ca_storage_maps = {} - } - if $crl_file { - $crl_storage_maps = { - 'haproxy-pki-crl-file' => { - 'source-dir' => $crl_file, - 'target-dir' => $crl_file, - 'options' => 'ro', - }, - } - } else { - $crl_storage_maps = {} - } - $storage_maps_internal_tls = merge($haproxy_storage_maps, $ca_storage_maps, $crl_storage_maps) - } else { - $storage_maps_internal_tls = {} - } - - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - pacemaker::resource::bundle { 'haproxy-bundle': - image => $haproxy_docker_image, - replicas => $haproxy_nodes_count, - location_rule => $haproxy_location_rule, - container_options => 'network=host', - # lint:ignore:140chars - options => "--user=${bundle_user} --log-driver=${log_driver}${log_file_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - storage_maps => merge($storage_maps, $cert_storage_maps, $storage_maps_internal_tls), - container_backend => $container_backend, - tries => $pcs_tries, - } - $control_vip = lookup('controller_virtual_ip') - if has_key($force_vip_nic_overrides, 'controller_virtual_ip') { - $control_vip_nic = $force_vip_nic_overrides['controller_virtual_ip'] - } else { - $control_vip_nic = $force_nic - } - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip': - vip_name => 'control', - ip_address => $control_vip, - location_rule => $haproxy_location_rule, - meta_params => $meta_params, - op_params => $op_params, - nic => $control_vip_nic, - pcs_tries => $pcs_tries, - } - - $public_vip = lookup('public_virtual_ip') - if has_key($force_vip_nic_overrides, 'public_virtual_ip') { - $public_vip_nic = $force_vip_nic_overrides['public_virtual_ip'] - } else { - $public_vip_nic = $force_nic - } - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip': - ensure => $public_vip and $public_vip != $control_vip, - vip_name => 'public', - ip_address => $public_vip, - location_rule => $haproxy_location_rule, - meta_params => $meta_params, - op_params => $op_params, - nic => $public_vip_nic, - pcs_tries => $pcs_tries, - } - - $redis = lookup('redis_enabled', undef, undef, false) - if $redis { - $redis_vip = lookup('redis_vip') - if has_key($force_vip_nic_overrides, 'redis_vip') { - $redis_vip_nic = $force_vip_nic_overrides['redis_vip'] - } else { - $redis_vip_nic = $force_nic - } - tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip': - ensure => $redis_vip and $redis_vip != $control_vip, - vip_name => 'redis', - ip_address => $redis_vip, - location_rule => $haproxy_location_rule, - meta_params => $meta_params, - op_params => $op_params, - nic => $redis_vip_nic, - pcs_tries => $pcs_tries, - } - } - - # Set up all vips for isolated networks - $network_vips = lookup('network_virtual_ips', undef, undef, {}) - $network_vips.each |String $net_name, $vip_info| { - $virtual_ip = $vip_info[ip_address] - if has_key($force_vip_nic_overrides, $net_name) { - $vip_nic = $force_vip_nic_overrides[$net_name] - } else { - $vip_nic = $force_nic - } - tripleo::pacemaker::haproxy_with_vip {"haproxy_and_${net_name}_vip": - ensure => $virtual_ip and $virtual_ip != $control_vip, - vip_name => $net_name, - ip_address => $virtual_ip, - location_rule => $haproxy_location_rule, - meta_params => $meta_params, - op_params => $op_params, - nic => $vip_nic, - pcs_tries => $pcs_tries, - } - } - } - } - -} diff --git a/manifests/profile/pacemaker/manila/share_bundle.pp b/manifests/profile/pacemaker/manila/share_bundle.pp deleted file mode 100644 index edf7f711e..000000000 --- a/manifests/profile/pacemaker/manila/share_bundle.pp +++ /dev/null @@ -1,290 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::manila::share_bundle -# -# Containerized Redis Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*ceph_nfs_enabled*] -# (Optional) Whether or not the ceph_nfs service is enabled -# Defaults to lookup('ceph_nfs_enabled', undef, undef, false) -# -# [*manila_share_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef, -# -# [*docker_volumes*] -# (Optional) The list of volumes to be mounted in the docker container -# Defaults to [] -# -# [*docker_environment*] -# (Optional) List or Hash of environment variables set in the docker container -# Defaults to {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'} -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('redis_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*ceph_conf_path*] -# (optional) The path where the Ceph Cluster config files are stored on the host -# Defaults to '/etc/ceph' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/openstack-manila-share.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -class tripleo::profile::pacemaker::manila::share_bundle ( - $bootstrap_node = lookup('manila_share_short_bootstrap_node_name'), - $manila_share_docker_image = undef, - $docker_volumes = [], - $docker_environment = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'}, - $ceph_nfs_enabled = lookup('ceph_nfs_enabled', undef, undef, false), - $container_backend = 'podman', - $ceph_conf_path = '/etc/ceph', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/openstack-manila-share.log', - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $step = Integer(lookup('step')), -) { - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - include tripleo::profile::base::manila::share - - if $step >= 2 and $pacemaker_master { - $manila_share_short_node_names = lookup('manila_share_short_node_names') - - if (lookup('pacemaker_short_node_names_override', undef, undef, undef)) { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names_override') - } else { - $pacemaker_short_node_names = lookup('pacemaker_short_node_names') - } - - $pcmk_cinder_volume_nodes = intersection($manila_share_short_node_names, $pacemaker_short_node_names) - $pcmk_cinder_volume_nodes.each |String $node_name| { - pacemaker::property { "manila-share-role-${node_name}": - property => 'manila-share-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle[$::manila::params::share_service], - } - } - } - - if $step >= 5 { - if $pacemaker_master { - $manila_cephfs_protocol_helper_type = lookup('manila::backend::cephfs::cephfs_protocol_helper_type', undef, undef, '') - $docker_vol_arr = delete(any2array($docker_volumes), '').flatten() - - unless empty($docker_vol_arr) { - $storage_maps = docker_volumes_to_storage_maps($docker_vol_arr, 'manila-share') - } else { - notice('Using fixed list of docker volumes for manila-share bundle') - # Default to previous hard-coded list - $default_storage_maps = { - 'manila-share-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/manila_share.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'manila-share-cfg-data' => { - 'source-dir' => '/var/lib/config-data/puppet-generated/manila/', - 'target-dir' => '/var/lib/kolla/config_files/src', - 'options' => 'ro', - }, - 'manila-share-hosts' => { - 'source-dir' => '/etc/hosts', - 'target-dir' => '/etc/hosts', - 'options' => 'ro', - }, - 'manila-share-localtime' => { - 'source-dir' => '/etc/localtime', - 'target-dir' => '/etc/localtime', - 'options' => 'ro', - }, - 'manila-share-dev' => { - 'source-dir' => '/dev', - 'target-dir' => '/dev', - 'options' => 'rw', - }, - 'manila-share-run' => { - 'source-dir' => '/run', - 'target-dir' => '/run', - 'options' => 'rw', - }, - 'manila-share-sys' => { - 'source-dir' => '/sys', - 'target-dir' => '/sys', - 'options' => 'rw', - }, - 'manila-share-lib-modules' => { - 'source-dir' => '/lib/modules', - 'target-dir' => '/lib/modules', - 'options' => 'ro', - }, - 'manila-share-var-lib-manila' => { - 'source-dir' => '/var/lib/manila', - 'target-dir' => '/var/lib/manila', - 'options' => 'rw,z', - }, - 'manila-share-pki-extracted' => { - 'source-dir' => '/etc/pki/ca-trust/extracted', - 'target-dir' => '/etc/pki/ca-trust/extracted', - 'options' => 'ro', - }, - 'manila-share-pki-ca-bundle-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.crt', - 'options' => 'ro', - }, - 'manila-share-pki-ca-bundle-trust-crt' => { - 'source-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'target-dir' => '/etc/pki/tls/certs/ca-bundle.trust.crt', - 'options' => 'ro', - }, - 'manila-share-pki-cert' => { - 'source-dir' => '/etc/pki/tls/cert.pem', - 'target-dir' => '/etc/pki/tls/cert.pem', - 'options' => 'ro', - }, - 'manila-share-var-log' => { - 'source-dir' => '/var/log/containers/manila', - 'target-dir' => '/var/log/manila', - 'options' => 'rw,z', - }, - 'manila-share-ceph-cfg-dir' => { - 'source-dir' => $ceph_conf_path, - 'target-dir' => '/etc/ceph', - 'options' => 'ro', - }, - } - - # if ceph-nfs backend is used, then DBus is used for dynamic - # creation of NFS exports and DBus socket has to be mounted - # both to manila-share and ganesha containers so they can talk - # to each other - if $ceph_nfs_enabled { - $extra_storage_maps = { - 'manila-share-dbus-docker' => { - 'source-dir' => '/var/run/dbus/system_bus_socket', - 'target-dir' => '/var/run/dbus/system_bus_socket', - 'options' => 'rw', - }, - 'manila-share-etc-ganesha' => { - 'source-dir' => '/etc/ganesha', - 'target-dir' => '/etc/ganesha', - 'options' => 'rw', - }, - } - } else { - $extra_storage_maps = {} - } - - $storage_maps = merge($default_storage_maps, $extra_storage_maps) - } - - if $docker_environment =~ Hash { - $docker_env = join($docker_environment.map |$index, $value| { "-e ${index}=${value}" }, ' ') - } else { - $docker_env_arr = delete(any2array($docker_environment), '').flatten() - $docker_env = join($docker_env_arr.map |$var| { "-e ${var}" }, ' ') - } - - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - pacemaker::resource::bundle { $::manila::params::share_service: - image => $manila_share_docker_image, - replicas => 1, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['manila-share-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--ipc=host --privileged=true --user=${bundle_user} --log-driver=${log_driver}${log_file_real} ${docker_env}${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - storage_maps => $storage_maps, - container_backend => $container_backend, - } - - if $ceph_nfs_enabled { - pacemaker::constraint::order { 'ceph-nfs-then-manila-share': - first_resource => 'ceph-nfs', - second_resource => 'openstack-manila-share', - first_action => 'start', - second_action => 'start', - constraint_params => 'kind=Optional', - tries => $pcs_tries, - tag => 'pacemaker_constraint', - } - - pacemaker::constraint::colocation { 'openstack-manila-share-with-ceph-nfs': - source => 'openstack-manila-share', - target => 'ceph-nfs', - score => 'INFINITY', - tries => $pcs_tries, - tag => 'pacemaker_constraint', - } - - Pacemaker::Resource::Bundle['openstack-manila-share'] - -> Pacemaker::Constraint::Colocation['openstack-manila-share-with-ceph-nfs'] - -> Pacemaker::Constraint::Order['ceph-nfs-then-manila-share'] - } - } - } -} diff --git a/manifests/profile/pacemaker/ovn_dbs_bundle.pp b/manifests/profile/pacemaker/ovn_dbs_bundle.pp deleted file mode 100644 index ef2d5588c..000000000 --- a/manifests/profile/pacemaker/ovn_dbs_bundle.pp +++ /dev/null @@ -1,372 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::ml2::ovn -# -# Neutron ML2 driver Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*ovn_dbs_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef -# -# [*ovn_dbs_control_port*] -# (Optional) The bundle's pacemaker_remote control port on the host -# Defaults to 3125 -# -# [*bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# Defaults to lookup('ovn_dbs_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*ovn_dbs_vip*] -# (Optional) The vip to be used for OVN DB servers. It is expected that -# the vip resource to be created before calling this class. -# Defaults to lookup('ovn_dbs_vip') -# -# [*nb_db_port*] -# The TCP port in which the OVN Northbound DB listens to. -# Defaults to 6641 -# -# [*sb_db_port*] -# The TCP port in which the OVN Southbound DB listens to. -# Defaults to 6642 -# -# [*meta_params*] -# (optional) Additional meta parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*op_params*] -# (optional) Additional op parameters to pass to "pcs resource create" for the VIP -# Defaults to '' -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/ovn-dbs-bundle.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to undef -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*ca_file*] -# (Optional) The path to the CA file that will be used for the TLS -# configuration. It's only used if internal TLS is enabled. -# Defaults to undef -# -# [*dbs_timeout*] -# (Optional) timeout for monitor of ovn dbs resource -# Defaults to 60 -# -# [*listen_on_master_ip_only*] -# (Optional) t If set to yes, the OVNDBs will listen on master IP. Otherwise, -# it will listen on 0.0.0.0. Set to yes when using pacemaker managed vip resource -# as MASTER_IP; set to no when using external LB VIP. -# Defaults to 'yes' -# -# [*force_ocf*] -# (optional) Use --force when creating the ocf resource via pcs -# Defaults to false -# -# [*force_nic*] -# (optional) Force a specific nic interface name when creating all the VIPs -# The listening nic can be customized on a per-VIP basis by creating a hiera -# dict called: force_vip_nic_overrides[] = 'dummy' -# Defaults to lookup('tripleo::pacemaker::force_nic', undef, undef, undef) -# -# [*monitor_interval_master*] -# (Optional) monitor interval for ovn dbs resource -# Defaults to 10 -# -# [*monitor_interval_slave*] -# (Optional) monitor interval for ovn dbs resource -# Defaults to 30 -# -# [*replication_probe_interval*] -# (Optional) probe interval for ovsdb-server. It configure probe interval for connection for ovsdb-server when it is -# in backup mode and connects to the active ovsdb-server for replication -# Defaults to 60000 -# - -class tripleo::profile::pacemaker::ovn_dbs_bundle ( - $ovn_dbs_docker_image = undef, - $ovn_dbs_control_port = 3125, - $bootstrap_node = lookup('ovn_dbs_short_bootstrap_node_name'), - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $ovn_dbs_vip = lookup('ovn_dbs_vip'), - $nb_db_port = 6641, - $sb_db_port = 6642, - $meta_params = '', - $op_params = '', - $container_backend = 'podman', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = undef, - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/ovn-dbs-bundle.log', - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $ca_file = undef, - $dbs_timeout = 60, - $listen_on_master_ip_only = 'yes', - $force_ocf = false, - $force_nic = lookup('tripleo::pacemaker::force_nic', undef, undef, undef), - $monitor_interval_master = 10, - $monitor_interval_slave = 30, - $replication_probe_interval = 60000, -) { - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - $force_vip_nic_overrides = lookup('force_vip_nic_overrides', undef, undef, {}) - validate_legacy(Hash, 'validate_hash', $force_vip_nic_overrides) - if $step >= 3 { - - if $pacemaker_master { - $ovndb_servers_resource_name = 'ovndb_servers' - $ovndb_servers_ocf_name = 'ovn:ovndb-servers' - $ovndb_vip_resource_name = "ip-${ovn_dbs_vip}" - $storage_maps = { - 'ovn-dbs-cfg-files' => { - 'source-dir' => '/var/lib/kolla/config_files/ovn_dbs.json', - 'target-dir' => '/var/lib/kolla/config_files/config.json', - 'options' => 'ro', - }, - 'ovn-dbs-mod-files' => { - 'source-dir' => '/lib/modules', - 'target-dir' => '/lib/modules', - 'options' => 'ro', - }, - 'ovn-dbs-run-files' => { - 'source-dir' => '/var/lib/openvswitch/ovn', - 'target-dir' => '/run/openvswitch', - 'options' => 'rw,z', - }, - 'ovn-dbs-new-run-files' => { - 'source-dir' => '/var/lib/openvswitch/ovn', - 'target-dir' => '/run/ovn', - 'options' => 'rw,z', - }, - 'ovn-dbs-log-files' => { - 'source-dir' => '/var/log/containers/openvswitch', - 'target-dir' => '/var/log/openvswitch', - 'options' => 'rw,z', - }, - 'ovn-dbs-new-log-files' => { - 'source-dir' => '/var/log/containers/openvswitch', - 'target-dir' => '/var/log/ovn', - 'options' => 'rw,z', - }, - 'ovn-dbs-db-path' => { - 'source-dir' => '/var/lib/openvswitch/ovn', - 'target-dir' => '/etc/openvswitch', - 'options' => 'rw,z', - }, - 'ovn-dbs-new-db-path' => { - 'source-dir' => '/var/lib/openvswitch/ovn', - 'target-dir' => '/etc/ovn', - 'options' => 'rw,z', - }, - 'ovn-dbs-dev-log' => { - 'source-dir' => '/dev/log', - 'target-dir' => '/dev/log', - 'options' => 'rw', - }, - } - if (lookup('ovn_dbs_short_node_names_override', undef, undef, undef)) { - $ovn_dbs_short_node_names = lookup('ovn_dbs_short_node_names_override') - } else { - $ovn_dbs_short_node_names = lookup('ovn_dbs_short_node_names') - } - $ovn_dbs_nodes_count = count($ovn_dbs_short_node_names) - $ovn_dbs_short_node_names.each |String $node_name| { - pacemaker::property { "ovn-dbs-role-${node_name}": - property => 'ovn-dbs-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle['ovn-dbs-bundle'], - } - } - $ovn_dbs_vip_norm = normalize_ip_for_uri($ovn_dbs_vip) - $resource_params = "master_ip=${ovn_dbs_vip_norm} nb_master_port=${nb_db_port} \ -sb_master_port=${sb_db_port} manage_northd=yes inactive_probe_interval=180000 \ -listen_on_master_ip_only=${listen_on_master_ip_only} inactive_probe_interval_to_master=${replication_probe_interval}" - $ovn_dbs_location_rule = { - resource_discovery => 'exclusive', - score => 0, - expression => ['ovn-dbs-role eq true'], - } - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - if $enable_internal_tls { - $ovn_storage_maps_tls = { - 'ovn-dbs-pki-' => { - 'source-dir' => '/etc/pki/tls/private/ovn_dbs.key', - 'target-dir' => '/etc/pki/tls/private/ovn_dbs.key', - 'options' => 'ro', - }, - 'ovn-dbs-cert' => { - 'source-dir' => '/etc/pki/tls/certs/ovn_dbs.crt', - 'target-dir' => '/etc/pki/tls/certs/ovn_dbs.crt', - 'options' => 'ro', - }, - 'ovn-dbs-cacert' => { - 'source-dir' => "${ca_file}", - 'target-dir' => "${ca_file}", - 'options' => 'ro', - }, - } - $tls_params = " ovn_nb_db_privkey=/etc/pki/tls/private/ovn_dbs.key ovn_nb_db_cert=/etc/pki/tls/certs/ovn_dbs.crt \ -ovn_nb_db_cacert=${ca_file} ovn_sb_db_privkey=/etc/pki/tls/private/ovn_dbs.key \ -ovn_sb_db_cert=/etc/pki/tls/certs/ovn_dbs.crt ovn_sb_db_cacert=${ca_file} \ -nb_master_protocol=ssl sb_master_protocol=ssl" - } else { - $tls_params = '' - $ovn_storage_maps_tls = {} - } - if $bundle_user == undef { - $bundle_user_real = '' - } else { - $bundle_user_real = "--user=${bundle_user} " - } - $resource_map = "${resource_params}${tls_params}" - pacemaker::resource::bundle { 'ovn-dbs-bundle': - image => $ovn_dbs_docker_image, - replicas => $ovn_dbs_nodes_count, - masters => 1, - location_rule => $ovn_dbs_location_rule, - container_options => 'network=host', - # lint:ignore:140chars - options => "${bundle_user_real}--log-driver=${log_driver}${log_file_real} -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - network => "control-port=${ovn_dbs_control_port}", - storage_maps => merge($storage_maps, $ovn_storage_maps_tls), - container_backend => $container_backend, - tries => $pcs_tries, - } - - pacemaker::resource::ocf { "${ovndb_servers_resource_name}": - ocf_agent_name => "${ovndb_servers_ocf_name}", - master_params => '', - op_params => "start timeout=200s stop timeout=200s \ -monitor interval=${monitor_interval_master}s role=Master timeout=${dbs_timeout}s \ -monitor interval=${monitor_interval_slave}s role=Slave timeout=${dbs_timeout}s", - resource_params => $resource_map, - tries => $pcs_tries, - location_rule => $ovn_dbs_location_rule, - meta_params => 'notify=true container-attribute-target=host', - bundle => 'ovn-dbs-bundle', - force => $force_ocf, - } - - if downcase($listen_on_master_ip_only) == 'yes' { - if has_key($force_vip_nic_overrides, 'ovn_dbs_vip') { - $ovn_dbs_vip_nic = $force_vip_nic_overrides['ovn_dbs_vip'] - } else { - $ovn_dbs_vip_nic = $force_nic - } - - # We create a separate VIP by default now in OVN (since train) - if $ovn_dbs_vip =~ Stdlib::Compat::Ipv6 { - $netmask = '128' - $vip_nic = interface_for_ip($ovn_dbs_vip) - $ipv6_addrlabel = '99' - } else { - $netmask = '32' - $vip_nic = '' - $ipv6_addrlabel = '' - } - - if $ovn_dbs_vip_nic != undef { - $nic_real = $ovn_dbs_vip_nic - } else { - $nic_real = $vip_nic - } - - pacemaker::resource::ip { "${ovndb_vip_resource_name}": - ip_address => $ovn_dbs_vip, - cidr_netmask => $netmask, - nic => $nic_real, - ipv6_addrlabel => $ipv6_addrlabel, - location_rule => $ovn_dbs_location_rule, - meta_params => "resource-stickiness=INFINITY ${meta_params}", - op_params => $op_params, - tries => $pcs_tries, - } - - pacemaker::constraint::colocation { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": - source => "${ovndb_vip_resource_name}", - target => 'ovn-dbs-bundle', - master_slave => true, - score => 'INFINITY', - tries => $pcs_tries, - } - - pacemaker::constraint::order { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": - first_resource => 'ovn-dbs-bundle', - second_resource => "${ovndb_vip_resource_name}", - first_action => 'promote', - second_action => 'start', - constraint_params => 'kind=Optional', - tries => $pcs_tries, - } - } # Only run when enable_load_balancer is set to true - - Pcmk_bundle<| title == 'ovn-dbs-bundle' |> - -> Pcmk_resource<| title == "${ovndb_servers_resource_name}" |> - -> Pcmk_resource<| title == "${ovndb_vip_resource_name}" |> - -> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |> - -> Pcmk_constraint<| title == "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}" |> - } - } -} diff --git a/manifests/profile/pacemaker/ovn_northd.pp b/manifests/profile/pacemaker/ovn_northd.pp deleted file mode 100644 index b8feb81ac..000000000 --- a/manifests/profile/pacemaker/ovn_northd.pp +++ /dev/null @@ -1,100 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::neutron::plugins::ml2::ovn -# -# Neutron ML2 driver Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*pacemaker_master*] -# (Optional) The hostname of the pacemaker master -# Defaults to lookup('ovn_dbs_short_bootstrap_node_name') -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*ovn_dbs_vip*] -# (Optional) The vip to be used for OVN DB servers. It is expected that -# the vip resource to be created before calling this class. -# Defaults to lookup('ovn_dbs_vip') -# -# [*nb_db_port*] -# The TCP port in which the OVN Northbound DB listens to. -# Defaults to 6641 -# -# [*sb_db_port*] -# The TCP port in which the OVN Southbound DB listens to. -# Defaults to 6642 -# - -class tripleo::profile::pacemaker::ovn_northd ( - $pacemaker_master = lookup('ovn_dbs_short_bootstrap_node_name'), - $step = Integer(lookup('step')), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $ovn_dbs_vip = lookup('ovn_dbs_vip'), - $nb_db_port = 6641, - $sb_db_port = 6642 -) { - - if $step >= 2 { - pacemaker::property { 'ovndb-role-node-property': - property => 'ovndb-role', - value => true, - tries => $pcs_tries, - node => $::hostname, - } - } - - if $step >= 3 and downcase($::hostname) == $pacemaker_master { - $ovndb_servers_resource_name = 'ovndb_servers' - $ovndb_servers_ocf_name = 'ovn:ovndb-servers' - $ovndb_vip_resource_name = "ip-${ovn_dbs_vip}" - $ovn_dbs_vip_norm = normalize_ip_for_uri($ovn_dbs_vip) - # By step 3, all the VIPs would have been created. - # After creating ovn ocf resource, colocate it with the - # VIP - ip-${ovn_dbs_vip}. - pacemaker::resource::ocf { "${ovndb_servers_resource_name}": - ocf_agent_name => "${ovndb_servers_ocf_name}", - master_params => '', - op_params => 'start timeout=200s stop timeout=200s', - resource_params => "master_ip=${ovn_dbs_vip_norm} nb_master_port=${nb_db_port} \ -sb_master_port=${sb_db_port} manage_northd=yes inactive_probe_interval=180000", - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['ovndb-role eq true'], - }, - meta_params => 'notify=true' - } - - pacemaker::constraint::colocation { "${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}": - source => "${ovndb_vip_resource_name}", - target => "${ovndb_servers_resource_name}-master", - master_slave => true, - score => 'INFINITY', - tries => $pcs_tries, - } - - Pacemaker::Resource::Ocf["${ovndb_servers_resource_name}"] - -> Pacemaker::Constraint::Colocation["${ovndb_vip_resource_name}-with-${ovndb_servers_resource_name}"] - } -} diff --git a/manifests/profile/pacemaker/rabbitmq_bundle.pp b/manifests/profile/pacemaker/rabbitmq_bundle.pp deleted file mode 100644 index dcefb1802..000000000 --- a/manifests/profile/pacemaker/rabbitmq_bundle.pp +++ /dev/null @@ -1,427 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::profile::pacemaker::rabbitmq_bundle -# -# Containerized RabbitMQ Pacemaker HA profile for tripleo -# -# === Parameters -# -# [*rabbitmq_docker_image*] -# (Optional) The docker image to use for creating the pacemaker bundle -# Defaults to undef -# -# [*rabbitmq_docker_control_port*] -# (Optional) The bundle's pacemaker_remote control port on the host -# Defaults to 3122 -# -# [*docker_volumes*] -# (Optional) The list of volumes to be mounted in the docker container -# Defaults to [] -# -# [*docker_environment*] -# (Optional) List or Hash of environment variables set in the docker container -# Defaults to {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'} -# -# [*erlang_cookie*] -# (Optional) Content of erlang cookie. -# Defaults to lookup('rabbitmq::erlang_cookie'). -# -# [*user_ha_queues*] -# (Optional) The number of HA queues in to be configured in rabbitmq -# Defaults to lookup('rabbitmq::nr_ha_queues'), which is usually 0 meaning -# that the queues number will be CEIL(N/2) where N is the number of rabbitmq -# nodes. -# -# [*rpc_scheme*] -# (Optional) Protocol for oslo messaging rpc backend. -# Defaults to lookup('oslo_messaging_rpc_scheme'). -# -# [*rpc_bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# when rabbit is configured for rpc messaging backend -# Defaults to lookup('oslo_messaging_rpc_bootstrap_node_name') -# -# [*rpc_nodes*] -# (Optional) Array of host(s) for oslo messaging rpc nodes. -# Defaults to lookup('oslo_messaging_rpc_node_names', undef, undef, []). -# -# [*notify_scheme*] -# (Optional) oslo messaging notify backend indicator. -# Defaults to lookup('oslo_messaging_notify_scheme'). -# -# [*notify_bootstrap_node*] -# (Optional) The hostname of the node responsible for bootstrapping tasks -# when rabbit is configured for rpc messaging backend -# Defaults to lookup('oslo_messaging_notify_bootstrap_node_name') -# -# [*notify_nodes*] -# (Optional) Array of host(s) for oslo messaging notify nodes. -# Defaults to lookup('oslo_messaging_notify_node_names', undef, undef, []). -# -# [*enable_internal_tls*] -# (Optional) Whether TLS in the internal network is enabled or not. -# Defaults to lookup('enable_internal_tls', undef, undef, false) -# -# [*rabbitmq_cacert*] -# (Optional) When internal tls is enabled this should point to the CA file -# Defaults to lookup('rabbitmq::ssl_cacert', undef, undef, '/etc/ipa/ca.crt') -# -# [*rabbitmq_extra_policies*] -# (Optional) Hash of extra policies for the HA queues -# Defaults to lookup('rabbitmq_extra_policies', {'ha-promote-on-shutdown' => 'always'}) -# -# [*pcs_tries*] -# (Optional) The number of times pcs commands should be retried. -# Defaults to lookup('pcs_tries', undef, undef, 20) -# -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to Integer(lookup('step')) -# -# [*container_backend*] -# (optional) Container backend to use when creating the bundle -# Defaults to 'podman' -# -# [*log_driver*] -# (optional) Container log driver to use. -# Defaults to 'k8s-file' -# -# [*log_file*] -# (optional) Container log file to use. Only relevant when log_driver is -# set to 'k8s-file'. -# Defaults to '/var/log/containers/stdouts/rabbitmq-bundle.log' -# -# [*tls_priorities*] -# (optional) Sets PCMK_tls_priorities in /etc/sysconfig/pacemaker when set -# Defaults to lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef) -# -# [*bundle_user*] -# (optional) Set the --user= switch to be passed to pcmk -# Defaults to 'root' -# -# [*force_ocf*] -# (optional) Use --force when creating the ocf resource via pcs -# Defaults to false -# -# [*debug*] -# (optional) Enable it when creating the ocf resource via pcs to get extra -# logging. Defaults to false -# -# [*master_max*] -# (optional) Limit the number of promotable masters of the ocf resource -# Defaults to undef (will take the number of cluster nodes) -# -# [*use_masterslave_rabbitmqra*] -# (optional) If set to true it uses the rabbimtq-server-ha upstream RA -# Defaults to false -# -# [*start_timeout*] -# (Optional) Maximum time in second for starting up a rabbitmq server -# before pacemaker considers the operation timed out. -# Defaults to 200 -# -# [*monitor_timeout*] -# (Optional) Maximum time in second for monitoring a rabbitmq server -# before pacemaker considers the operation timed out. -# Defaults to undef (use the default value in resource agent) -# -# [*stop_timeout*] -# (Optional) Maximum time in second for stopping a rabbitmq server -# before pacemaker considers the operation timed out. -# Defaults to 200 -# -class tripleo::profile::pacemaker::rabbitmq_bundle ( - $rabbitmq_docker_image = undef, - $rabbitmq_docker_control_port = 3122, - $docker_volumes = [], - $docker_environment = {'KOLLA_CONFIG_STRATEGY' => 'COPY_ALWAYS'}, - $erlang_cookie = lookup('rabbitmq::erlang_cookie'), - $user_ha_queues = lookup('rabbitmq::nr_ha_queues', undef, undef, 0), - $rpc_scheme = lookup('oslo_messaging_rpc_scheme'), - $rpc_bootstrap_node = lookup('oslo_messaging_rpc_short_bootstrap_node_name'), - $rpc_nodes = lookup('oslo_messaging_rpc_node_names_override', undef, undef, - lookup('oslo_messaging_rpc_node_names', undef, undef, [])), - $notify_scheme = lookup('oslo_messaging_notify_scheme'), - $notify_bootstrap_node = lookup('oslo_messaging_notify_short_bootstrap_node_name'), - $notify_nodes = lookup('oslo_messaging_notify_node_names_override', undef, undef, - lookup('oslo_messaging_notify_node_names', undef, undef, [])), - $enable_internal_tls = lookup('enable_internal_tls', undef, undef, false), - $rabbitmq_cacert = lookup('rabbitmq::ssl_cacert', undef, undef, '/etc/ipa/ca.crt'), - $rabbitmq_extra_policies = lookup('rabbitmq_extra_policies', undef, undef, - {'ha-promote-on-shutdown' => 'always'}), - $pcs_tries = lookup('pcs_tries', undef, undef, 20), - $step = Integer(lookup('step')), - $container_backend = 'podman', - $log_driver = 'k8s-file', - $log_file = '/var/log/containers/stdouts/rabbitmq-bundle.log', - $tls_priorities = lookup('tripleo::pacemaker::tls_priorities', undef, undef, undef), - $bundle_user = 'root', - $force_ocf = false, - $debug = false, - $master_max = undef, - $use_masterslave_rabbitmqra = false, - $start_timeout = 200, - $monitor_timeout = undef, - $stop_timeout = 200, -) { - # is this an additional nova cell? - if lookup('nova_is_additional_cell', undef, undef, undef) { - $rpc_nodes_real = lookup('oslo_messaging_rpc_cell_node_names', undef, undef, []) - } else { - $rpc_nodes_real = $rpc_nodes - } - - if $rpc_scheme == 'rabbit' { - $bootstrap_node = $rpc_bootstrap_node - $rabbit_nodes = $rpc_nodes_real - $rabbit_short_nodes = lookup('oslo_messaging_rpc_short_node_names', undef, undef, []) - } elsif $notify_scheme == 'rabbit' { - $bootstrap_node = $notify_bootstrap_node - $rabbit_nodes = $notify_nodes - $rabbit_short_nodes = lookup('oslo_messaging_notify_short_node_names', undef, undef, []) - } else { - $bootstrap_node = undef - $rabbit_nodes = [] - $rabbit_short_nodes = [] - } - - if $bootstrap_node and $::hostname == downcase($bootstrap_node) { - $pacemaker_master = true - } else { - $pacemaker_master = false - } - - if $log_driver == 'k8s-file' { - $log_file_real = " --log-opt path=${log_file}" - } else { - $log_file_real = '' - } - include tripleo::profile::base::rabbitmq - - file { '/var/lib/rabbitmq/.erlang.cookie': - ensure => file, - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0400', - content => $erlang_cookie, - replace => true, - require => Class['rabbitmq'], - } - - file_line { 'rabbitmq-pamd-systemd': - ensure => absent, - path => '/etc/pam.d/system-auth', - match => '^-session\s+optional\s+pam_systemd.so', - match_for_absence => true, - } - file_line { 'rabbitmq-pamd-quiet': - ensure => present, - path => '/etc/pam.d/system-auth', - line => 'session required pam_unix.so quiet', - match => '^session\s+required\s+pam_unix.so$' - } - - if $step >= 2 { - if $pacemaker_master { - if $rpc_scheme == 'rabbit' { - $rabbitmq_short_node_names = lookup( - 'oslo_messaging_rpc_short_node_names_override', - undef, undef, - lookup('oslo_messaging_rpc_short_node_names')) - } elsif $notify_scheme == 'rabbit' { - $rabbitmq_short_node_names = lookup( - 'oslo_messaging_notify_short_node_names_override', - undef, undef, - lookup('oslo_messaging_notify_short_node_names')) - } - $rabbitmq_nodes_count = count($rabbitmq_short_node_names) - $rabbitmq_short_node_names.each |String $node_name| { - pacemaker::property { "rabbitmq-role-${node_name}": - property => 'rabbitmq-role', - value => true, - tries => $pcs_tries, - node => downcase($node_name), - before => Pacemaker::Resource::Bundle['rabbitmq-bundle'], - } - } - - $docker_vol_arr = delete(any2array($docker_volumes), '').flatten() - $storage_maps = docker_volumes_to_storage_maps($docker_vol_arr, 'rabbitmq') - - $docker_env = join($docker_environment.map |$index, $value| { "-e ${index}=${value}" }, ' ') - - if $tls_priorities != undef { - $tls_priorities_real = " -e PCMK_tls_priorities=${tls_priorities}" - } else { - $tls_priorities_real = '' - } - - # The default nr of ha queues is ceiling(N/2) - if $user_ha_queues == 0 { - $nr_rabbit_nodes = size($rabbit_nodes) - $nr_ha_queues = $nr_rabbit_nodes / 2 + ($nr_rabbit_nodes % 2) - $ha_queues_policy = { 'ha-mode' => 'exactly', 'ha-params' => $nr_ha_queues } - } elsif $user_ha_queues == -1 { - $ha_queues_policy = { 'ha-mode' => 'all' } - } else { - $nr_ha_queues = $user_ha_queues - $ha_queues_policy = { 'ha-mode' => 'exactly', 'ha-params' => $nr_ha_queues } - } - $ha_policy = merge($ha_queues_policy, $rabbitmq_extra_policies) - $ocf_params = "set_policy='ha-all ^(?!(amq\\.)|(.*_fanout)|(reply_)).* ${to_json($ha_policy)}'" - - if $use_masterslave_rabbitmqra { - if length($rabbit_short_nodes) > 0 { - $allowed_cluster_nodes = join($rabbit_short_nodes, ' ') - $allowed_cluster_string = " allowed_cluster_nodes='${allowed_cluster_nodes}'" - } else { - $allowed_cluster_string = '' - } - pacemaker::resource::bundle { 'rabbitmq-bundle': - image => $rabbitmq_docker_image, - replicas => $rabbitmq_nodes_count, - masters => $rabbitmq_nodes_count, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['rabbitmq-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--user=${bundle_user} --log-driver=${log_driver}${log_file_real} ${docker_env}${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - network => "control-port=${rabbitmq_docker_control_port}", - storage_maps => $storage_maps, - container_backend => $container_backend, - tries => $pcs_tries, - } - # Needs an RA which has https://github.com/rabbitmq/rabbitmq-server/pull/2853 - if $master_max != undef { - $rabbitmq_nodes_count_real = $master_max - } else { - $rabbitmq_nodes_count_real = $rabbitmq_nodes_count - } - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'rabbitmq:rabbitmq-server-ha', - # no need to call set policy as we do so below anyway - resource_params => "debug=${debug} avoid_using_iptables=true${allowed_cluster_string}", - # lint:ignore:140chars - meta_params => "notify=true container-attribute-target=host master-max=${rabbitmq_nodes_count_real} master-node-max=${rabbitmq_nodes_count_real} ordered=false interleave=false", - op_params => 'start timeout=360s stop timeout=120s promote timeout=120s notify timeout=180s monitor interval=30 timeout=60 monitor interval=27 role=Master timeout=60', - # lint:endignore - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['rabbitmq-role eq true'], - }, - bundle => 'rabbitmq-bundle', - require => [Class['rabbitmq'], - Pacemaker::Resource::Bundle['rabbitmq-bundle']], - before => Exec['rabbitmq-ready'], - force => $force_ocf, - } - } else { - $op_start_params = $start_timeout ? { - undef => undef, - default => "start timeout=${start_timeout}s" - } - $op_monitor_params = $monitor_timeout ? { - undef => undef, - default => "monitor timeout=${monitor_timeout}s" - } - $op_stop_params = $stop_timeout ? { - undef => undef, - default => "stop timeout=${stop_timeout}s" - } - $op_params = join(delete_undef_values([$op_start_params, $op_monitor_params, $op_stop_params]), ' ') - pacemaker::resource::bundle { 'rabbitmq-bundle': - image => $rabbitmq_docker_image, - replicas => $rabbitmq_nodes_count, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['rabbitmq-role eq true'], - }, - container_options => 'network=host', - # lint:ignore:140chars - options => "--user=${bundle_user} --log-driver=${log_driver}${log_file_real} ${docker_env}${tls_priorities_real}", - # lint:endignore - run_command => '/bin/bash /usr/local/bin/kolla_start', - network => "control-port=${rabbitmq_docker_control_port}", - storage_maps => $storage_maps, - container_backend => $container_backend, - tries => $pcs_tries, - } - pacemaker::resource::ocf { 'rabbitmq': - ocf_agent_name => 'heartbeat:rabbitmq-cluster', - resource_params => $ocf_params, - meta_params => 'notify=true container-attribute-target=host', - op_params => $op_params, - tries => $pcs_tries, - location_rule => { - resource_discovery => 'exclusive', - score => 0, - expression => ['rabbitmq-role eq true'], - }, - bundle => 'rabbitmq-bundle', - require => [Class['rabbitmq'], - Pacemaker::Resource::Bundle['rabbitmq-bundle']], - before => Exec['rabbitmq-ready'], - force => $force_ocf, - } - } - - if size($rabbit_nodes) == 1 { - $check_command = 'rabbitmqctl eval "lists:keymember(rabbit, 1, application:which_applications())." | grep -q true' - } else { - # This grep makes sure the rabbit app in erlang is up and running - # which is enough to guarantee that the user will eventually get - # replicated around the cluster - $cmd1 = 'rabbitmqctl eval "rabbit_nodes:is_running(node(), rabbit)." | grep -q true' - $cmd2 = 'rabbitmqctl eval "rabbit_mnesia:is_clustered()." | grep -q true' - $check_command = "${cmd1} && ${cmd2}" - } - - exec { 'rabbitmq-ready': - path => '/usr/sbin:/usr/bin:/sbin:/bin', - command => $check_command, - unless => $check_command, - timeout => 30, - tries => 180, - try_sleep => 10, - tag => 'rabbitmq_ready', - } - - # Set the HA queue policy here, because the rabbitmq resource - # agent do so very early in the bootstrap process, and it - # doesn't seem to work reliably. - # Note: rabbitmq_policy expects all the hash values passed - # to 'definition' to be strings - rabbitmq_policy { 'ha-all@/': - applyto => 'queues', - pattern => '^(?!amq\.).*', - definition => hash($ha_policy.map |$k, $v| {[$k, "${v}"]}), - } - - # Make sure that if we create rabbitmq users at the same step it happens - # after the cluster is up - Exec['rabbitmq-ready'] -> Rabbitmq_user<||> - Exec['rabbitmq-ready'] -> Rabbitmq_policy<||> - } - } -} diff --git a/manifests/stunnel.pp b/manifests/stunnel.pp deleted file mode 100644 index 2d75aafab..000000000 --- a/manifests/stunnel.pp +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::stunnel -# -# Installs and starts stunnel -# -# [*foreground*] -# (Optional) Sets the configuration for stunnel to run the process in -# the foreground. This is useful when trying to run stunnel in a -# container. -# Defaults to 'no' -# -# [*debug*] -# (Optional) Sets the debug level in stunnel.conf -# Defaults to '4' which translates to 'warning'. -# -class tripleo::stunnel ( - $foreground = 'no', - $debug = 'warning', -){ - package { 'stunnel': - ensure => 'present' - } - - concat { '/etc/stunnel/stunnel.conf': - ensure => present, - } - concat::fragment { 'stunnel-foreground': - target => '/etc/stunnel/stunnel.conf', - order => '10-foreground-config', - content => template('tripleo/stunnel/foreground.erb'), - } -} diff --git a/manifests/stunnel/service_proxy.pp b/manifests/stunnel/service_proxy.pp deleted file mode 100644 index 80dc12357..000000000 --- a/manifests/stunnel/service_proxy.pp +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -# == Class: tripleo::stunnel::service_proxy -# -# Configures a TLS proxy for a service. -# -# === Parameters -# -# [*accept_host*] -# Host or IP where the tunnel will be accepting connections. -# -# [*accept_port*] -# Port where the tunnel will be accepting connections. -# -# [*connect_port*] -# Port where the tunnel will be proxying to. -# -# [*certificate*] -# Cert that the TLS proxy will be using for the TLS connection. -# -# [*key*] -# Key that the TLS proxy will be using for the TLS connection. -# -# [*client*] -# Whether this proxy is meant for client connections. -# Defaults to 'no' -# -# [*connect_host*] -# Host where the tunnel will be proxying to. -# Defaults to 'localhost' -# -# [*ssl_version*] -# (Optional) select the TLS protocol version -# Defaults to 'TLSv1.2' -# -define tripleo::stunnel::service_proxy ( - $accept_host, - $accept_port, - $connect_port, - $certificate, - $key, - $client = 'no', - $connect_host = 'localhost', - $ssl_version = 'TLSv1.2' -) { - concat::fragment { "stunnel-service-${name}": - target => '/etc/stunnel/stunnel.conf', - order => "20-${name}", - content => template('tripleo/stunnel/service.erb'), - } -} diff --git a/manifests/tls_proxy.pp b/manifests/tls_proxy.pp deleted file mode 100644 index 7e9ebe10c..000000000 --- a/manifests/tls_proxy.pp +++ /dev/null @@ -1,76 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::tls_proxy -# -# Sets up a TLS proxy using mod_proxy that redirects towards localhost. -# -# === Parameters -# -# [*ip*] -# (Required) The IP address that the proxy will be listening on. -# -# [*port*] -# (Required) The port that the proxy will be listening on. -# -# [*servername*] -# (Required) The vhost servername that contains the FQDN to identify -# the virtual host. -# -# [*tls_cert*] -# (Required) The path to the TLS certificate that the proxy will be serving. -# -# [*tls_key*] -# (Required) The path to the key used for the specified certificate. -# -# [*preserve_host*] -# (Optional) Whether the Host header is preserved in proxied requests. -# See the Apache ProxyPreserveHost directive docs. -# Defaults to false -# -# [*proxy_pass_host*] -# (Optional) The host to connect to. -# Defaults to lookup('localhost_address', undef, undef, 'localhost') -# -define tripleo::tls_proxy( - $ip, - $port, - $servername, - $tls_cert, - $tls_key, - $preserve_host = false, - $proxy_pass_host = lookup('localhost_address', undef, undef, 'localhost') -) { - include apache - ::apache::vhost { "${title}-proxy": - ensure => 'present', - docroot => false, # This is required by the manifest - manage_docroot => false, - servername => $servername, - ip => $ip, - # NOTE(tkajinam): apache::vhost::port no longer accepts a string value - # since v8.0.0. - port => Integer($port), - ssl => true, - ssl_cert => $tls_cert, - ssl_key => $tls_key, - request_headers => ['set X-Forwarded-Proto "https"'], - proxy_preserve_host => $preserve_host, - proxy_pass => { - path => '/', - url => "http://${proxy_pass_host}:${port}/", - params => {retry => '10'}, - } - } -} diff --git a/manifests/trusted_ca.pp b/manifests/trusted_ca.pp deleted file mode 100644 index 4e6241819..000000000 --- a/manifests/trusted_ca.pp +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::trusted_ca -# -# Does the necessary action to deploy and trust a CA certificate. -# -# === Parameters -# -# [*content*] -# The content of the CA certificate in PEM format. -# -define tripleo::trusted_ca( - $content, -) { - file { "/etc/pki/ca-trust/source/anchors/${name}.pem": - content => $content, - mode => '0644', - owner => 'root', - group => 'root', - } - exec { "trust-ca-${name}": - command => 'update-ca-trust extract', - path => '/usr/bin', - subscribe => File["/etc/pki/ca-trust/source/anchors/${name}.pem"], - refreshonly => true, - } -} diff --git a/manifests/trusted_cas.pp b/manifests/trusted_cas.pp deleted file mode 100644 index 265a700ac..000000000 --- a/manifests/trusted_cas.pp +++ /dev/null @@ -1,28 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: tripleo::trusted_cas -# -# Does the necessary actions to deploy and trust a set of CA certificates. -# -# === Parameters -# -# [*ca_map*] -# The content of the CA certificate in PEM format. -# -class tripleo::trusted_cas( - $ca_map = {}, -) { - create_resources('::tripleo::trusted_ca', $ca_map) -} diff --git a/metadata.json b/metadata.json deleted file mode 100644 index d8ba55217..000000000 --- a/metadata.json +++ /dev/null @@ -1,41 +0,0 @@ -{ - "name": "openstack-tripleo", - "version": "18.0.0", - "author": "OpenStack Contributors", - "summary": "Puppet module for TripleO", - "license": "Apache-2.0", - "source": "https://opendev.org/openstack/puppet-tripleo.git", - "project_page": "https://launchpad.net/puppet-tripleo", - "issues_url": "https://bugs.launchpad.net/tripleo", - "description": "Installs and configures Tripleo.", - "requirements": [ - { - "name": "puppet", - "version_requirement": ">= 6.0.0 < 8.0.0" - } - ], - "operatingsystem_support": [ - { - "operatingsystem": "RedHat", - "operatingsystemrelease": ["9"] - }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": ["9"] - } - ], - "dependencies": [ - { - "name": "puppetlabs/stdlib", - "version_requirement": ">= 5.0.0 <9.0.0" - }, - { - "name": "puppetlabs/mysql", - "version_requirement": ">= 6.0.0 <14.0.0" - }, - { - "name": "openstack/openstacklib", - "version_requirement": ">=21.0.0 <22.0.0" - } - ] -} diff --git a/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml b/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml deleted file mode 100644 index c41deabaa..000000000 --- a/releasenotes/notes/6.2.0-64eaf596539f3ed1.yaml +++ /dev/null @@ -1,64 +0,0 @@ ---- -features: - - Add networking-fujitsu support to Neutron ML2 profile. - - Split OVN plugin and northd configuration. - - Introduce tripleo::tls_proxy used to set up a TLS proxy using - mod_proxy that redirects towards localhost. - - HPELeftHandISCSIDriver support for Cinder Volume profile. - - Add support for CollectD profile, for performance monitoring. - - Configure Nova Cells v2 database, required in Ocata. - - Configure the basic setup for Nova Cells v2. - - Support for opendalight_v2 mechanism_driver in Neutron ML2 profile. - - Support for Ceph MDS service profile. - - Add IPv6 support to Firewall rules. It will create both IPv4 & IPv6 rules - at the same time. It automatically converts icmp rules to ipv6-icmp. When - a source or destination is specified, it will only create rules to the - right version of IP that is needed. - - Add support for not using admin_token in Ceph/RGW profile. - - Add Docker Registry profile. - - Add Nova Placement API profile. - - Add NTP profile. - - Add etcd profile, used by networking-vpp ML2 plugin. - - Add profiles for Octavia services. - - Enable object-expirer on Swift proxy profile. - - Set memcache_servers in /etc/swift/object-expirer.conf. - - Add support for fence_ironic fencing agent. - - Add a noop_resource function, which allow to disable any resource type - in a catalog, with --tags option to puppet apply. - - Add Ceph RBD mirrog Pacemaker profile. - - Remove Glance Registry profile, not used anymore. Glance API v1 is not - available anymore. - - Add Nova EC2API profile. - - Add support for Pacemaker Remote with a new profile. - - Updates Pacemaker profiles for Composable HA architecture. - - Add Tacker profile. - - Add Congress profile. - - Add a default rule for dhcpv6 traffic. - - Re-organizes Contrail services to the correct roles. - - Set innodb_file_per_table to ON for MySQL / Galera - - Switch Nova / Libvirt VNC server binding to use the IP address - provided in Hiera instead of 0.0.0.0. - - Proxy API endpoints that TripleO UI uses. - - Rebranding of Eqlx to Dell EMC PS Series. - - Add support for ScaleIO backend in Cinder Volume profile. - - Add support to changing the Rabbitmq password on stack-update. -deprecations: - - Remove tripleo::vip_hosts class, no longer used. -security: - - CVE-2016-9599 Enforce Firewall TCP / UDP rules management, by - sanitizing dynamic HAproxy endpoints firewall rules, securing - firewall rules creations (disallow TCP/UDP rules without sport or - dport), but allow to open all traffic for TCP/UDP when actually - desired. -fixes: - - Fixes `bug 1648736 - `__ so swift-proxy - is decoupled from ceilometer packages. - - Fixes `bug 1652107 - `__ so we ensure - package updates don't happen unexpectedly. - - Fixes `bug 1645898 - `__ so we ensure - to bind the rabbit inter-cluster to a specific interface. -other: - - Introduce more Puppet rspec tests that improve testing quality. diff --git a/releasenotes/notes/Add-CRL-resource-d2263462d40f01c0.yaml b/releasenotes/notes/Add-CRL-resource-d2263462d40f01c0.yaml deleted file mode 100644 index 7826b87d1..000000000 --- a/releasenotes/notes/Add-CRL-resource-d2263462d40f01c0.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - The resource ::tripleo::certmonger::ca::crl was added. The purpose of this - resource is to fetch a CRL file and set up a cron job to refresh that file. diff --git a/releasenotes/notes/Add-support-for-ibm_svf-driver-01924479bb11063c.yaml b/releasenotes/notes/Add-support-for-ibm_svf-driver-01924479bb11063c.yaml deleted file mode 100644 index 70ca1f3f0..000000000 --- a/releasenotes/notes/Add-support-for-ibm_svf-driver-01924479bb11063c.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support for Cinder IBM Spectrum virtualize family (Svf) driver. diff --git a/releasenotes/notes/Composable_role_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml b/releasenotes/notes/Composable_role_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml deleted file mode 100644 index 20e59942f..000000000 --- a/releasenotes/notes/Composable_role_for_neutron_lbaas-acdf08f1a9dfd3fe.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Adds composable service interface for Neutron LBaaSv2 service. diff --git a/releasenotes/notes/Fixes-SRIOV-upper-case-name-checks-306011421f53131d.yaml b/releasenotes/notes/Fixes-SRIOV-upper-case-name-checks-306011421f53131d.yaml deleted file mode 100644 index 9a75a0b79..000000000 --- a/releasenotes/notes/Fixes-SRIOV-upper-case-name-checks-306011421f53131d.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Allow using upper case names for SRIOV interface names. diff --git a/releasenotes/notes/HAProxy-CRL-d05b555f92ff55ed.yaml b/releasenotes/notes/HAProxy-CRL-d05b555f92ff55ed.yaml deleted file mode 100644 index cdfb85990..000000000 --- a/releasenotes/notes/HAProxy-CRL-d05b555f92ff55ed.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -security: - - If the crl_file parameter is given to the ::tripleo::haproxy resource and - TLS is enabled in the internal network, it will configure the CRL file for - all the nodes it's proxying and thus properly handle revocation of the - server certificates. diff --git a/releasenotes/notes/No-TLS-v1.0-0edeac680bb51f94.yaml b/releasenotes/notes/No-TLS-v1.0-0edeac680bb51f94.yaml deleted file mode 100644 index 674b152f7..000000000 --- a/releasenotes/notes/No-TLS-v1.0-0edeac680bb51f94.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -security: - - | - TLS v1.0 connections are no longer accepted by our HAProxy configuration. diff --git a/releasenotes/notes/Support-ceph_volume_mode-parameter-220b1026aebd9e3b.yaml b/releasenotes/notes/Support-ceph_volume_mode-parameter-220b1026aebd9e3b.yaml deleted file mode 100644 index 75f0547d9..000000000 --- a/releasenotes/notes/Support-ceph_volume_mode-parameter-220b1026aebd9e3b.yaml +++ /dev/null @@ -1,5 +0,0 @@ -features: - - | - Support setting values for ``cephfs_volume_mode`` parameter which controls - the rwx mode of the cephfs volumes, snapshots, and groups of these - that back manila shares. diff --git a/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml b/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml deleted file mode 100644 index 2f981a1b0..000000000 --- a/releasenotes/notes/TLS-for-haproxy-stats-3ce3b7780f0ef5b7.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - When TLS everywhere is enabled, the HAProxy stats interface will also use - TLS. This requires the user to access the interface through the ctlplane - FQDN (which is configured by the CloudNameCtlplane parameter in - tripleo-heat-templates). Note that one can still use the - haproxy_stats_certificate parameter from the haproxy class, and that one - will take precedence if set. diff --git a/releasenotes/notes/Use-encryption-for-pacemaker-by-default-ca887dca02a21705.yaml b/releasenotes/notes/Use-encryption-for-pacemaker-by-default-ca887dca02a21705.yaml deleted file mode 100644 index 65b0316e8..000000000 --- a/releasenotes/notes/Use-encryption-for-pacemaker-by-default-ca887dca02a21705.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Encryption is used for pacemaker traffic by default. This is achieved by - using a pre shared key for all the pacemaker cluster nodes (same as the one - that was used for the pacemaker remote communication). diff --git a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml b/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml deleted file mode 100644 index 3b9f1897a..000000000 --- a/releasenotes/notes/add-bagpipe-driver-9163f5b22096fde0.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add support for Bagpipe Neutron driver as backend in BGPVPN scenarios - - Add ML2 plugin configuration for Bagpipe BGPVPN extension diff --git a/releasenotes/notes/add-barbican-backends-2412df7eef07038e.yaml b/releasenotes/notes/add-barbican-backends-2412df7eef07038e.yaml deleted file mode 100644 index 36e865051..000000000 --- a/releasenotes/notes/add-barbican-backends-2412df7eef07038e.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added code to select plugin configuration based on tripleo heat - template dynamic variables for each backend, depending on if the - backend is enabled. Multiple backends can now be configured. diff --git a/releasenotes/notes/add-bgpvpn-support-77676690fb6dd17b.yaml b/releasenotes/notes/add-bgpvpn-support-77676690fb6dd17b.yaml deleted file mode 100644 index 2af6aa721..000000000 --- a/releasenotes/notes/add-bgpvpn-support-77676690fb6dd17b.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add support for BGPVPN Neutron service plugin diff --git a/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml b/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml deleted file mode 100644 index 5ab15d548..000000000 --- a/releasenotes/notes/add-ceilo-polling-agent-53fab550a09a6196.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - Add support for ceilometer polling agent. The central, compute and ipmi - agent services should use polling agent with namespace. This has been - done in packaging already since few releases now. Let puppet do it - correctly as well. diff --git a/releasenotes/notes/add-cinder-backend-az-parameters-f9ab30b42b4df37b.yaml b/releasenotes/notes/add-cinder-backend-az-parameters-f9ab30b42b4df37b.yaml deleted file mode 100644 index 09b612984..000000000 --- a/releasenotes/notes/add-cinder-backend-az-parameters-f9ab30b42b4df37b.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add the ability to override the "backend_availability_zone" - parameter in every cinder volume backend. diff --git a/releasenotes/notes/add-cinder-nfs-snapshot-support-ac547f24dddf97e8.yaml b/releasenotes/notes/add-cinder-nfs-snapshot-support-ac547f24dddf97e8.yaml deleted file mode 100644 index e3b5e7f56..000000000 --- a/releasenotes/notes/add-cinder-nfs-snapshot-support-ac547f24dddf97e8.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add the ability to configure the nfs_snapshot_support parameter associated - with Cinder's NFS backend. diff --git a/releasenotes/notes/add-dateext-and-related-parameters-58dd288c74b818f7.yaml b/releasenotes/notes/add-dateext-and-related-parameters-58dd288c74b818f7.yaml deleted file mode 100644 index 1cca10c1b..000000000 --- a/releasenotes/notes/add-dateext-and-related-parameters-58dd288c74b818f7.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -other: - - | - Add dateext and related paramters for containerized logrotate service to - find easily when logfiles were rotated. diff --git a/releasenotes/notes/add-keystone-notifications-queue-for-barbican-72477b0b45bcfbd7.yaml b/releasenotes/notes/add-keystone-notifications-queue-for-barbican-72477b0b45bcfbd7.yaml deleted file mode 100644 index 2da791bb7..000000000 --- a/releasenotes/notes/add-keystone-notifications-queue-for-barbican-72477b0b45bcfbd7.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add keystone notification topic for barbican keystone listener to consume. diff --git a/releasenotes/notes/add-ldap-backend-48e875e971343e2a.yaml b/releasenotes/notes/add-ldap-backend-48e875e971343e2a.yaml deleted file mode 100644 index 0fb9271a6..000000000 --- a/releasenotes/notes/add-ldap-backend-48e875e971343e2a.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add keystone::ldap_backend call as resource when is trigged to setup a LDAP - backend as keystone domain. This allows per-domain LDAP backends for - keystone. diff --git a/releasenotes/notes/add-manila-backend-az-parameters-de4d7e84fc65a3ed.yaml b/releasenotes/notes/add-manila-backend-az-parameters-de4d7e84fc65a3ed.yaml deleted file mode 100644 index 65adf150b..000000000 --- a/releasenotes/notes/add-manila-backend-az-parameters-de4d7e84fc65a3ed.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add the ability to override the "backend_availability_zone" - parameter in every Manila share backend. diff --git a/releasenotes/notes/add-memcache-security-92060c4fe540774c.yaml b/releasenotes/notes/add-memcache-security-92060c4fe540774c.yaml deleted file mode 100644 index 68ccbab9e..000000000 --- a/releasenotes/notes/add-memcache-security-92060c4fe540774c.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add ability to specify the memcache_security_strategy and - memcache_secret_key for keystone authtoken middleware. The keys - used by individual services are hashed with a salt (the service - name), to isolate them. diff --git a/releasenotes/notes/add-memcached-port-048959c2f58f0a57.yaml b/releasenotes/notes/add-memcached-port-048959c2f58f0a57.yaml deleted file mode 100644 index 91fd9c664..000000000 --- a/releasenotes/notes/add-memcached-port-048959c2f58f0a57.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add ability to specify memcached port for all services. The port defaults - to hiera('memcached_authtoken_port', 11211) for authtoken middleware and - hiera('memcached_port', 11211) for other uses. diff --git a/releasenotes/notes/add-mistral-event-engine-05097cb76834f09d.yaml b/releasenotes/notes/add-mistral-event-engine-05097cb76834f09d.yaml deleted file mode 100644 index 29768c051..000000000 --- a/releasenotes/notes/add-mistral-event-engine-05097cb76834f09d.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add support for Mistral event engine. - diff --git a/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml b/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml deleted file mode 100644 index 8359456e7..000000000 --- a/releasenotes/notes/add-mysql_maxconn-to-haproxy-84a5ad07d8d14ddd.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added new parameter mysql_maxconn to the tripleo::haproxy class, - allowing haproxy maxconn to be configured for the MySQL server. diff --git a/releasenotes/notes/add-neutron-agent-wrappers-bf84104f3607264b.yaml b/releasenotes/notes/add-neutron-agent-wrappers-bf84104f3607264b.yaml deleted file mode 100644 index 5f0bbf8b2..000000000 --- a/releasenotes/notes/add-neutron-agent-wrappers-bf84104f3607264b.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - Added parameters to generate wrapper scripts for the neutron dhcp and l3 agents - to run dnsmasq and keepalived, respectively, in separate containers. - - Added `tripleo::profile::base::docker::additional_sockets` to allow configuring - additional domain sockets bindings on dockerd. This facilitates creating - containers that need to access dockerd without having to mount /run. diff --git a/releasenotes/notes/add-neutron-tls-8d020c63f14408d0.yaml b/releasenotes/notes/add-neutron-tls-8d020c63f14408d0.yaml deleted file mode 100644 index 255c37929..000000000 --- a/releasenotes/notes/add-neutron-tls-8d020c63f14408d0.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Adds neutron key/certificate generation for using with Neutron agents for - communication with OVS. diff --git a/releasenotes/notes/add-octavia-auth-to-keystone-d0353544c0e27b57.yaml b/releasenotes/notes/add-octavia-auth-to-keystone-d0353544c0e27b57.yaml deleted file mode 100644 index f2836d574..000000000 --- a/releasenotes/notes/add-octavia-auth-to-keystone-d0353544c0e27b57.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Octavia is now properly registered with keystone when deployed. diff --git a/releasenotes/notes/add-octavia-ovn-nb-connection-9d5bc428c4ff35af.yaml b/releasenotes/notes/add-octavia-ovn-nb-connection-9d5bc428c4ff35af.yaml deleted file mode 100644 index e9e185f49..000000000 --- a/releasenotes/notes/add-octavia-ovn-nb-connection-9d5bc428c4ff35af.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Adds ovn_db_host and ovn_nb_port to configure ovn nb connection string - for OVN Provider driver. - diff --git a/releasenotes/notes/add-octavia-provider-ovn-6734aa08af4772e4.yaml b/releasenotes/notes/add-octavia-provider-ovn-6734aa08af4772e4.yaml deleted file mode 100644 index fdf855b3c..000000000 --- a/releasenotes/notes/add-octavia-provider-ovn-6734aa08af4772e4.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added tripleo::profile::base::octavia::provider::ovn for configuring OVN driver - properties, including protocol. diff --git a/releasenotes/notes/add-octavia-service-auth-config-acc4adb3e6c4542d.yaml b/releasenotes/notes/add-octavia-service-auth-config-acc4adb3e6c4542d.yaml deleted file mode 100644 index 706141a0f..000000000 --- a/releasenotes/notes/add-octavia-service-auth-config-acc4adb3e6c4542d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Configuration of Octavia 'service_auth' section is now enabled for configuring - service-to-service communication. diff --git a/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml b/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml deleted file mode 100644 index e0a6d3553..000000000 --- a/releasenotes/notes/add-opendaylight-ha-47a40c03917faf9c.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Adds OpenDaylight HA support. Now when ODL is applied to three or - more nodes ODL will be deployed as a cluster in HA, rather than - the previous behavior of only running on the first node. diff --git a/releasenotes/notes/add-purge-tables-4f2de7c7e12ccf0c.yaml b/releasenotes/notes/add-purge-tables-4f2de7c7e12ccf0c.yaml deleted file mode 100644 index 7e3f4fc73..000000000 --- a/releasenotes/notes/add-purge-tables-4f2de7c7e12ccf0c.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Adds a new parameter to validate whether run - the archive or purge manifest for deleted instances - in Nova. diff --git a/releasenotes/notes/add-sfc-support-a1eb6d2bbadcf074.yaml b/releasenotes/notes/add-sfc-support-a1eb6d2bbadcf074.yaml deleted file mode 100644 index 7899de101..000000000 --- a/releasenotes/notes/add-sfc-support-a1eb6d2bbadcf074.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add support for configuring service function - chaining with neutron networking-sfc project diff --git a/releasenotes/notes/add-support-for-IPv6-deployment-988400c781b92066.yaml b/releasenotes/notes/add-support-for-IPv6-deployment-988400c781b92066.yaml deleted file mode 100644 index 67ee7034f..000000000 --- a/releasenotes/notes/add-support-for-IPv6-deployment-988400c781b92066.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to enable ODL deployment on IPv6 networks \ No newline at end of file diff --git a/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml b/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml deleted file mode 100644 index 62744e0b4..000000000 --- a/releasenotes/notes/add-support-for-octavia-f1e472af89e9a05c.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add profiles for the Octavia LBaaS service. diff --git a/releasenotes/notes/add-support-for-proxying-ironic-inspector-via-apache-ea70e9fa1ad04553.yaml b/releasenotes/notes/add-support-for-proxying-ironic-inspector-via-apache-ea70e9fa1ad04553.yaml deleted file mode 100644 index 940c20e6b..000000000 --- a/releasenotes/notes/add-support-for-proxying-ironic-inspector-via-apache-ea70e9fa1ad04553.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Added variables for endpoint_proxy_ironic_inspector, - endpoint_config_ironic_inspector, and Apache mod_proxy configuration to - proxy ironic-inspector service just like similar services diff --git a/releasenotes/notes/add-support-for-pure-cinder-d45e6aaf3e243c91.yaml b/releasenotes/notes/add-support-for-pure-cinder-d45e6aaf3e243c91.yaml deleted file mode 100644 index da326e4d4..000000000 --- a/releasenotes/notes/add-support-for-pure-cinder-d45e6aaf3e243c91.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added Pure Storage FlashArray iSCSI and FC backend support for cinder diff --git a/releasenotes/notes/add-tls-opendaylight-a3f943a0f6012424.yaml b/releasenotes/notes/add-tls-opendaylight-a3f943a0f6012424.yaml deleted file mode 100644 index d28fe0dc8..000000000 --- a/releasenotes/notes/add-tls-opendaylight-a3f943a0f6012424.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Adds support for deploying OpenDaylight with TLS. Open vSwitch is also - configured with TLS in this deployment. diff --git a/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml b/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml deleted file mode 100644 index a1a04c196..000000000 --- a/releasenotes/notes/add-tunnel-timeout-for-haproxy-ui-0705dfd671f9f487.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Add a tunnel timeout to the HAProxy tripleo-ui configuration to ensure - Zaqar WebSocket tunnels persist longer than two minutes - https://bugs.launchpad.net/tripleo/+bug/1672826 diff --git a/releasenotes/notes/add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml b/releasenotes/notes/add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml deleted file mode 100644 index 9f5039a28..000000000 --- a/releasenotes/notes/add_cisco_vts_ml2-786d7d8cc6eb7d14.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add tripleo puppet manifest to support the configuration of the cisco VTS controller ml2 plugin. \ No newline at end of file diff --git a/releasenotes/notes/adding-octavia-haproxy-endpoint-8d20b5bfd11f8d89.yaml b/releasenotes/notes/adding-octavia-haproxy-endpoint-8d20b5bfd11f8d89.yaml deleted file mode 100644 index f45b31662..000000000 --- a/releasenotes/notes/adding-octavia-haproxy-endpoint-8d20b5bfd11f8d89.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - | - Added missing haproxy endpoint for the Octavia API. diff --git a/releasenotes/notes/aide-removed-14f41082b1424a53.yaml b/releasenotes/notes/aide-removed-14f41082b1424a53.yaml deleted file mode 100644 index b652654d9..000000000 --- a/releasenotes/notes/aide-removed-14f41082b1424a53.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - The aide puppet manifest for `aide` was removed. The heat template - invoking this manifest has been converted to Ansible. diff --git a/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml b/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml deleted file mode 100644 index f2fc2f2f3..000000000 --- a/releasenotes/notes/allow-missing-pci-dev-for-sriov-bbc29f62fcac10ff.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Allow VF configuration files to be written for non-existent PCI devices to - allow updates while physical functions are currently in use by a guest. diff --git a/releasenotes/notes/apache_mpm_tuning-deafdf6610ce57b2.yaml b/releasenotes/notes/apache_mpm_tuning-deafdf6610ce57b2.yaml deleted file mode 100644 index 9b3a464fa..000000000 --- a/releasenotes/notes/apache_mpm_tuning-deafdf6610ce57b2.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Added new parameter 'mpm_module' for the base Apache profile to configure - the used MPM module. Defaults to 'prefork', which is also the default - value for the config files installed with the package. diff --git a/releasenotes/notes/auto-select-migration-proxy-2400e9c69fc620ba.yaml b/releasenotes/notes/auto-select-migration-proxy-2400e9c69fc620ba.yaml deleted file mode 100644 index 8c9ac6550..000000000 --- a/releasenotes/notes/auto-select-migration-proxy-2400e9c69fc620ba.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -upgrade: - - | - When support for CentOS stream 9 and rhel 9 was being developed the - nova migration wrapper script in the RDO distgit repo did not support - the virt-ssh-helper command for live migration. To work around that - the netcat proxy was hardcoded in 04a97f92e4d944ce51492011584e2ec1126042a1. - Since then the nova-distgit repo has been updated with support for - virt-ssh-helper and netcat has been removed from the nova live migration - target container. As a result its not currently possible to live migrate - with rhel9 images As reported in `bugzilla 2089520`_. To support upgrades - this has now been reverted and we no longer hardcode the proxy to netcat. - - .. _`bugzilla 2089520`: https://bugzilla.redhat.com/show_bug.cgi?id=2089520 diff --git a/releasenotes/notes/bug-1831767-allow-configuring-enabled-protocols-manila-86b6662a8b617866.yaml b/releasenotes/notes/bug-1831767-allow-configuring-enabled-protocols-manila-86b6662a8b617866.yaml deleted file mode 100644 index a7731e7a1..000000000 --- a/releasenotes/notes/bug-1831767-allow-configuring-enabled-protocols-manila-86b6662a8b617866.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - It is now possible to override the ``enabled_share_protocols`` - configuration for the Shared File Systems service (manila) with the - hiera parameter ``manila_enabled_share_protocols``. diff --git a/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml b/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml deleted file mode 100644 index 0eb90de28..000000000 --- a/releasenotes/notes/bugfix-1664561-50d76b25addb08dd.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Bugfix 1664561. Removing the string cast when using - the os_transport_url function. diff --git a/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml b/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml deleted file mode 100644 index 1e6c32723..000000000 --- a/releasenotes/notes/calculate-dhcp-agents-per-network-3089c5e7b15f8b7b.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Unless a non-default value is provided, the dhcp_agents_per_network - neutron configuration variable is set to the number of deployed - neutron dhcp agents. diff --git a/releasenotes/notes/ceph_dashboard_endpoint-10035021352fc190.yaml b/releasenotes/notes/ceph_dashboard_endpoint-10035021352fc190.yaml deleted file mode 100644 index d247e3054..000000000 --- a/releasenotes/notes/ceph_dashboard_endpoint-10035021352fc190.yaml +++ /dev/null @@ -1,6 +0,0 @@ - ---- -features: - - | - Adds ceph_dashboard endpoint and ceph_dashboard_port to properly - expose the ceph-dashboard frontend service diff --git a/releasenotes/notes/ceph_grafana_endpoint-0e220cb59ee679e0.yaml b/releasenotes/notes/ceph_grafana_endpoint-0e220cb59ee679e0.yaml deleted file mode 100644 index d01e0686c..000000000 --- a/releasenotes/notes/ceph_grafana_endpoint-0e220cb59ee679e0.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Adds ceph_grafana endpoint and ceph_grafana_port to configure - the ceph-dashboard service diff --git a/releasenotes/notes/change-default-cinder-rbd-backend-host-2b37388637756c80.yaml b/releasenotes/notes/change-default-cinder-rbd-backend-host-2b37388637756c80.yaml deleted file mode 100644 index 2dd4bd465..000000000 --- a/releasenotes/notes/change-default-cinder-rbd-backend-host-2b37388637756c80.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -upgrade: - - | - The tripleo::profile::base::cinder::volume::rbd::cinder_rbd_backend_host - default value has changed, and no longer defaults to "hostgroup" when - other hiera variables (cinder::backend_host and cinder::host) are - undefined. This ensures cinder's RBD backend_host is only set for - pacemaker (HA) deployments, when tripleo-heat-templates sets - cinder::backend_host to "hostgroup". - - When upgrading an existing non-HA deployment, the old "hostgroup" default - value can be preserved by assigning the hiera variable - tripleo::profile::base::cinder::volume::rbd::cinder_rbd_backend_host. - New non-HA deployments should leave this variable unset. diff --git a/releasenotes/notes/cinder-backup-gcs-s3-backends-52503ffa22c0b83d.yaml b/releasenotes/notes/cinder-backup-gcs-s3-backends-52503ffa22c0b83d.yaml deleted file mode 100644 index 7120ba3b3..000000000 --- a/releasenotes/notes/cinder-backup-gcs-s3-backends-52503ffa22c0b83d.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - New ``tripleo::profile::base::cinder::backup::gcs`` and - ``tripleo::profile::base::cinder::backup::s3`` classes add support for - configuring the cinder backup service's GCS (Google Cloud service) and - Amazon S3 backends. diff --git a/releasenotes/notes/cinder-backup-nfs-backend-59bf771a58af65f6.yaml b/releasenotes/notes/cinder-backup-nfs-backend-59bf771a58af65f6.yaml deleted file mode 100644 index bc3a4926b..000000000 --- a/releasenotes/notes/cinder-backup-nfs-backend-59bf771a58af65f6.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add the ability to deploy an NFS backend for the Cinder Backup service. diff --git a/releasenotes/notes/cinder-default-volume-type-a344cea7ab4b4b2a.yaml b/releasenotes/notes/cinder-default-volume-type-a344cea7ab4b4b2a.yaml deleted file mode 100644 index 3be9342a7..000000000 --- a/releasenotes/notes/cinder-default-volume-type-a344cea7ab4b4b2a.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add the ability to create Cinder's default volume type. This capability - will be used to fix `bug 1782217 - `__. diff --git a/releasenotes/notes/cinder-dellsc-excluded-domain_ips-1004544d96796e76.yaml b/releasenotes/notes/cinder-dellsc-excluded-domain_ips-1004544d96796e76.yaml deleted file mode 100644 index 85de79bcb..000000000 --- a/releasenotes/notes/cinder-dellsc-excluded-domain_ips-1004544d96796e76.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -upgrade: - - | - The following hieradata updates for cinder dell sc to be done. - cinder::backend::dellsc::excluded_domain_ip to be deprecated, use - comma separated cinder::backend::netapp::excluded_domain_ips instead. diff --git a/releasenotes/notes/cinder-netapp-hieradata-changes-3004544d96796e76.yaml b/releasenotes/notes/cinder-netapp-hieradata-changes-3004544d96796e76.yaml deleted file mode 100644 index ac13b5798..000000000 --- a/releasenotes/notes/cinder-netapp-hieradata-changes-3004544d96796e76.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -upgrade: - - | - The following hieradata updates for cinder netapp integration should be done. - cinder::backend::netapp::netapp_pool_name_search_pattern should be used as - cinder::backend::netapp::netapp_storage_pools and - cinder::backend::netapp::netapp_volume_list have been removed. - cinder::backend::netapp::netapp_host_type should be configured instead of - cinder::backend::netapp::netapp_eseries_host_type diff --git a/releasenotes/notes/cinder-rbd-extra-options-c13a1e84b6452fac.yaml b/releasenotes/notes/cinder-rbd-extra-options-c13a1e84b6452fac.yaml deleted file mode 100644 index a3006c749..000000000 --- a/releasenotes/notes/cinder-rbd-extra-options-c13a1e84b6452fac.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - A new ``tripleo::profile::base::cinder::volume::rbd::extra_options`` - parameter adds the ability to configure additional options for use - with cinder RBD backends. diff --git a/releasenotes/notes/cinder-rbd-multiconfig-285d1542ef08fa10.yaml b/releasenotes/notes/cinder-rbd-multiconfig-285d1542ef08fa10.yaml deleted file mode 100644 index 41e2809d1..000000000 --- a/releasenotes/notes/cinder-rbd-multiconfig-285d1542ef08fa10.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add support for configuring multiple cinder RBD backends, each associated - with a different ceph cluster. - diff --git a/releasenotes/notes/cinder-volume-active-active-ffaa12e6ba862f51.yaml b/releasenotes/notes/cinder-volume-active-active-ffaa12e6ba862f51.yaml deleted file mode 100644 index 3298c39fd..000000000 --- a/releasenotes/notes/cinder-volume-active-active-ffaa12e6ba862f51.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add the ability to configure the cinder-volume service to run in - active-active mode using the specified cluster name. Note that - active-active mode requires the etcd service be enabled, as it's used by - the cinder-volume service for its Distributed Lock Manager (DLM). diff --git a/releasenotes/notes/cleanup_odl_clustering-7efdd58639df88a5.yaml b/releasenotes/notes/cleanup_odl_clustering-7efdd58639df88a5.yaml deleted file mode 100644 index 3434377b9..000000000 --- a/releasenotes/notes/cleanup_odl_clustering-7efdd58639df88a5.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -deprecations: - - Deprecates and removes workaround OpenDaylight - clustering function and class. Clustering config - is now handled by puppet-opendaylight. - - Removes deprecated opendaylight parameter - 'ha_node_index' which is no longer needed to - configure clustering. diff --git a/releasenotes/notes/cold_migration_security-1543136408c76459.yaml b/releasenotes/notes/cold_migration_security-1543136408c76459.yaml deleted file mode 100644 index aaea57e99..000000000 --- a/releasenotes/notes/cold_migration_security-1543136408c76459.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Restrict nova migration ssh tunnel - * The ssh authorized_keys file is only writeable by root. - * Creates a new user for migration instead of using root/nova. - * Disables SSH forwarding for this user. - * Restricts the networks that this user can connect from. - * Uses an ssh wrapper command to whitelist the commands that this user can run over ssh. - Adds new parameter "tripleo::profile::base::nova::migration_ssh_localaddrs" to specify which incoming IPs are allow for SSH tunnel connections. diff --git a/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml b/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml deleted file mode 100644 index 00b779904..000000000 --- a/releasenotes/notes/cold_migration_setup-dc4ebd834920c27f.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Configure ssh tunneling for nova cold-migration. Re-use the tunnel for - libvirt live-migration unless TLS is enabled. diff --git a/releasenotes/notes/composable-network-vips-a1b9b738561a8214.yaml b/releasenotes/notes/composable-network-vips-a1b9b738561a8214.yaml deleted file mode 100644 index c29f1859a..000000000 --- a/releasenotes/notes/composable-network-vips-a1b9b738561a8214.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -deprecations: - - The hardcoded parameter names for network vips in hiera have been - deprecated and replaced with the network_virtual_ips dict that includes - composable networks. Likewise the hardcoded network parameters to - class tripleo::keepalived have been deprecated. -fixes: - - The new network_virtual_ips hiera parameter is used to generate all - network VIP resources in haproxy, haproxy_bundle, and keepalived - manifests. Since additional custom networks may be added, the - virtual_router_ids in keepalived have been reordered. diff --git a/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml b/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml deleted file mode 100644 index 2505c5444..000000000 --- a/releasenotes/notes/contrail-move-traffic-to-internal_api-ddc96d24c7018b81.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -fixes: - - | - Traffic between Contrail nodes used the public network. This release will - move the traffic to the internal_api network per default and also allows - to optionally use the storage_mgmt network. This is in preparation for - for composable networks, where Contrail will have its own network. -features: - - | - This release allows to enable Contrail DPDK on the compute nodes. diff --git a/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml b/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml deleted file mode 100644 index 07407f206..000000000 --- a/releasenotes/notes/create-ceilo-user-for-gnocchi-b8a4d5ea2f2375a9.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - We need ceilometer user in cases where ceilometer API is disabled. - This is to ensure other ceilometer services can still authenticate - with keystone. diff --git a/releasenotes/notes/dellsc-driver-b7cd300a24a64b01.yaml b/releasenotes/notes/dellsc-driver-b7cd300a24a64b01.yaml deleted file mode 100644 index d79eb7a84..000000000 --- a/releasenotes/notes/dellsc-driver-b7cd300a24a64b01.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added Dell EMC SC multipath support - This change adds support for - cinder::backend::dellsc_iscsi::use_multipath_for_image_xfer. diff --git a/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml b/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml deleted file mode 100644 index a50a27d3a..000000000 --- a/releasenotes/notes/deploy-heat-APIs-over-httpd-46b111d0a4a4eed4.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Heat APIs (api, cfn and cloudwatch) are now deployed over httpd. diff --git a/releasenotes/notes/deployment_user-6df5c1c2fe8b7b6b.yaml b/releasenotes/notes/deployment_user-6df5c1c2fe8b7b6b.yaml deleted file mode 100644 index 5d34bfa61..000000000 --- a/releasenotes/notes/deployment_user-6df5c1c2fe8b7b6b.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Configure the deployment_user to be part of docker group, required for - openstack container commands. diff --git a/releasenotes/notes/deprecate-ovn-from-octavia-api-15e33154a31f20ec.yaml b/releasenotes/notes/deprecate-ovn-from-octavia-api-15e33154a31f20ec.yaml deleted file mode 100644 index 6887eb769..000000000 --- a/releasenotes/notes/deprecate-ovn-from-octavia-api-15e33154a31f20ec.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -deprecations: - - | - ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::api - are now deprecated and will be removed in the future release. Please use - ovn_db_host and ovn_nb_port from tripleo::profile::base::octavia::provider::ovn - instead. diff --git a/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml b/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml deleted file mode 100644 index a362abcd4..000000000 --- a/releasenotes/notes/deprecate-redis-file-limit-4a60fa0fde4667ef.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -deprecations: - - | - The redis_file_limit hiera parameter is now deprecated. Use the - redis::ulimit parameter instead. diff --git a/releasenotes/notes/designate-redis-coordination-b4afdcc8855cc0ca.yaml b/releasenotes/notes/designate-redis-coordination-b4afdcc8855cc0ca.yaml deleted file mode 100644 index 4d0de2655..000000000 --- a/releasenotes/notes/designate-redis-coordination-b4afdcc8855cc0ca.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - Designate producers will no longer be deployed in standalone mode and - produce duplicates as they are now configured to coordinate via redis. diff --git a/releasenotes/notes/disable-odl-port-status-117c1d9c2f3235e9.yaml b/releasenotes/notes/disable-odl-port-status-117c1d9c2f3235e9.yaml deleted file mode 100644 index 1bc03a4b9..000000000 --- a/releasenotes/notes/disable-odl-port-status-117c1d9c2f3235e9.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Adds workaround to disable port status feature for OpenDaylight which - is currently broken in OpenDaylight. This fixes the inability to - launch nova instances. diff --git a/releasenotes/notes/disable-opendaylight-ha-port-status-0a97e10e6456661c.yaml b/releasenotes/notes/disable-opendaylight-ha-port-status-0a97e10e6456661c.yaml deleted file mode 100644 index 9206b0d99..000000000 --- a/releasenotes/notes/disable-opendaylight-ha-port-status-0a97e10e6456661c.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Disables port status feature with OpenDaylight when deployed as HA until - it can be properly supported in an HA environment. diff --git a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml b/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml deleted file mode 100644 index ddbf175d1..000000000 --- a/releasenotes/notes/docker_profile-8571ae260eec69b8.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Added a new profile to configure the docker service diff --git a/releasenotes/notes/docker_registry-163bf23bc95761a8.yaml b/releasenotes/notes/docker_registry-163bf23bc95761a8.yaml deleted file mode 100644 index 5097cf2bd..000000000 --- a/releasenotes/notes/docker_registry-163bf23bc95761a8.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -deprecations: - - | - tripleo::profile::base::docker(_registry) are deprecated (replaced by ansible-role-container-registry) - and will be removed in the next release. diff --git a/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml b/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml deleted file mode 100644 index 2f7939d80..000000000 --- a/releasenotes/notes/enable-languages-in-ui-88a8caa6db9b4dd7.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - The undercloud UI is available in multiple languages, which can now - be configured via the manifest. All available languages are enabled - by default. diff --git a/releasenotes/notes/enable-octavia-certificate-configuration-d8924916efc3054b.yaml b/releasenotes/notes/enable-octavia-certificate-configuration-d8924916efc3054b.yaml deleted file mode 100644 index abb80e5e8..000000000 --- a/releasenotes/notes/enable-octavia-certificate-configuration-d8924916efc3054b.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Enable configuration of octavia certificate related properties to support - secure communication with amphorae. diff --git a/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml b/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml deleted file mode 100644 index 83b05bbbd..000000000 --- a/releasenotes/notes/enable-support-for-external-swift-proxy-f12c99b34516a023.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added support for external swift proxy. Users may need to - configure endpoints pointing to swift proxy service - already available. diff --git a/releasenotes/notes/enables_opendaylight_port_status-1ee052b299b36b83.yaml b/releasenotes/notes/enables_opendaylight_port_status-1ee052b299b36b83.yaml deleted file mode 100644 index 35e649703..000000000 --- a/releasenotes/notes/enables_opendaylight_port_status-1ee052b299b36b83.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixes OpenDaylight port status to now work correctly via websocket - connection. diff --git a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml b/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml deleted file mode 100644 index 92f2360ac..000000000 --- a/releasenotes/notes/ensure-ssl-conf-2f32c6ead6f3bb0e.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -fixes: - - | - With having package mod_ssl by default installed in images we introduced - issue with mod_ssl package update. In case of SSL not being used or - provided by HAproxy the puppet-apache module by default purges the - ssl.conf file. The package update then recreates the file with default - Listen 443 option. This causes conflict on 443 port during httpd restart. - If we include ::apache::mod::ssl the ssl.conf file will be configured and - the Listen option will be used only if there is vhost set to use SSL. diff --git a/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml b/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml deleted file mode 100644 index d04126776..000000000 --- a/releasenotes/notes/etcd-tls-bb8605c91ff8a94c.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Enable internal network TLS for etcd diff --git a/releasenotes/notes/firewall-chain-updates-f2b9d6ced9bde846.yaml b/releasenotes/notes/firewall-chain-updates-f2b9d6ced9bde846.yaml deleted file mode 100644 index b4fbbdcce..000000000 --- a/releasenotes/notes/firewall-chain-updates-f2b9d6ced9bde846.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add ability to update firewall chains with the tripleo::firewall class. diff --git a/releasenotes/notes/firewall-rules-support-ipversion-c9e2adeca34b2fd0.yaml b/releasenotes/notes/firewall-rules-support-ipversion-c9e2adeca34b2fd0.yaml deleted file mode 100644 index e5bb86f0d..000000000 --- a/releasenotes/notes/firewall-rules-support-ipversion-c9e2adeca34b2fd0.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -features: - - | - The ``ipversion`` parameter was added to tripleo::firewall:rule. Allowing - the user to provide the IP version (``ipv4`` or ``ipv6``) for firewall - rules. With the default (``undef``) the rule will be created in both - *iptables* and *ip6tables*. - Bug: `1845153 `_. - diff --git a/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml b/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml deleted file mode 100644 index fa269069a..000000000 --- a/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Adds support for standard puppet separator. The "." separator does - not work in puppet-rpsec, so we can't get proper unit tests on the - firewall service_rules definition. -fixes: - - Partly fixes `bug 1737086 - `__ in oder to get unit - tests on firewall service_rules definition diff --git a/releasenotes/notes/firewall_table-f58ec47de40ec62d.yaml b/releasenotes/notes/firewall_table-f58ec47de40ec62d.yaml deleted file mode 100644 index e6f47fd1b..000000000 --- a/releasenotes/notes/firewall_table-f58ec47de40ec62d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Add support for specifying a table name when creating IPtables rules - with the firewall class. diff --git a/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml b/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml deleted file mode 100644 index 5c200ddbb..000000000 --- a/releasenotes/notes/fix-horizon-configuration-during-updates-aecfab9a4aa8770b.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixes horizon getting temporarily deconfigured during a stack update due - to the apache configuration occuring in step 3 but the horizon - configuration not occuring until step 4. diff --git a/releasenotes/notes/fix-masquerade-networks-c9ab4affb17627e1.yaml b/releasenotes/notes/fix-masquerade-networks-c9ab4affb17627e1.yaml deleted file mode 100644 index 36ed33641..000000000 --- a/releasenotes/notes/fix-masquerade-networks-c9ab4affb17627e1.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Masquerading and forwarding rules are now correctly created when using - routed networks. - (See `bug: 1797455 `_.) \ No newline at end of file diff --git a/releasenotes/notes/fix-neutron-cert-perms-4a034bb516be6f9f.yaml b/releasenotes/notes/fix-neutron-cert-perms-4a034bb516be6f9f.yaml deleted file mode 100644 index 657b7998e..000000000 --- a/releasenotes/notes/fix-neutron-cert-perms-4a034bb516be6f9f.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -fixes: - - | - Removes neutron ownership of certificates. diff --git a/releasenotes/notes/fix-odl-haproxy-check-ce000de26141fa7e.yaml b/releasenotes/notes/fix-odl-haproxy-check-ce000de26141fa7e.yaml deleted file mode 100644 index 1182ee784..000000000 --- a/releasenotes/notes/fix-odl-haproxy-check-ce000de26141fa7e.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixes HA Proxy with OpenDaylight to use the correct HTTP URL for backend - check. See https://bugs.launchpad.net/tripleo/+bug/1768037 diff --git a/releasenotes/notes/fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml b/releasenotes/notes/fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml deleted file mode 100644 index 5fc747cf2..000000000 --- a/releasenotes/notes/fix-odl-ovs-flows-sync-7b2cb7a29f0c89ec.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixes an issue where OVS may be missing flows post-deployment with - OpenDaylight. For more information see - https://bugs.launchpad.net/tripleo/+bug/1775436 diff --git a/releasenotes/notes/fix-odl-ovs-openflow-port-resync-79b5f69b71740a6c.yaml b/releasenotes/notes/fix-odl-ovs-openflow-port-resync-79b5f69b71740a6c.yaml deleted file mode 100644 index dd427fc43..000000000 --- a/releasenotes/notes/fix-odl-ovs-openflow-port-resync-79b5f69b71740a6c.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Fixes issue where OpenFlow port for an ODL deployment would be set - incorrectly to 6640 instead of 6653 in OVS. For more information see - https://bugs.launchpad.net/tripleo/+bug/1786037 diff --git a/releasenotes/notes/fix-odl-ovs-pipeline-check-7622d3e5a6ed2ee1.yaml b/releasenotes/notes/fix-odl-ovs-pipeline-check-7622d3e5a6ed2ee1.yaml deleted file mode 100644 index 7bea2f8fb..000000000 --- a/releasenotes/notes/fix-odl-ovs-pipeline-check-7622d3e5a6ed2ee1.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Resolves deployment bug where OVS OpenFlow pipeline with OpenDaylight - deployments was failing due to missing table 17. For more information, - see https://bugs.launchpad.net/tripleo/+bug/1781616 diff --git a/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml b/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml deleted file mode 100644 index 4b6353638..000000000 --- a/releasenotes/notes/fix-odl-tls-owner-77d2d71fe39ea3e7.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixes a bug where TLS certificates for ODL could not be generated correctly - for deployment due to wrong owner/group applied to the files. diff --git a/releasenotes/notes/fix-opendaylight-websocket-haproxy-7220b0c25ff13faa.yaml b/releasenotes/notes/fix-opendaylight-websocket-haproxy-7220b0c25ff13faa.yaml deleted file mode 100644 index b10727051..000000000 --- a/releasenotes/notes/fix-opendaylight-websocket-haproxy-7220b0c25ff13faa.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Fixes OpenDaylight Websocket HA Proxy configuration to use transparent - binding type. See https://bugs.launchpad.net/tripleo/+bug/1764514 diff --git a/releasenotes/notes/fix-sriov-neutron-base-3e32bd667886c474.yaml b/releasenotes/notes/fix-sriov-neutron-base-3e32bd667886c474.yaml deleted file mode 100644 index 012a16c80..000000000 --- a/releasenotes/notes/fix-sriov-neutron-base-3e32bd667886c474.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -fixes: - - Fixes missing neutron base class in sriov diff --git a/releasenotes/notes/flashblade_driver-bd6df03b7f140071.yaml b/releasenotes/notes/flashblade_driver-bd6df03b7f140071.yaml deleted file mode 100644 index 9476a409b..000000000 --- a/releasenotes/notes/flashblade_driver-bd6df03b7f140071.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Pure Storage FlashBlade Manila backend. diff --git a/releasenotes/notes/galera-install-rsync-b2f2504f12cc0cfd.yaml b/releasenotes/notes/galera-install-rsync-b2f2504f12cc0cfd.yaml deleted file mode 100644 index 4b2fe0dab..000000000 --- a/releasenotes/notes/galera-install-rsync-b2f2504f12cc0cfd.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - The mysql pacemaker profile now makes sure that the - rsync package is installed since it configures - wsrep_sst_method for galera to use rsync. See - https://bugs.launchpad.net/tripleo/+bug/1693003 diff --git a/releasenotes/notes/glance-multistore-766022d470827d1d.yaml b/releasenotes/notes/glance-multistore-766022d470827d1d.yaml deleted file mode 100644 index 269f1c8dc..000000000 --- a/releasenotes/notes/glance-multistore-766022d470827d1d.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - Add support for configuring the glance-api service with multiple store - backends. The primary backend becomes the service's default backend, and - additional backends may be specified using an optional 'multistore_config' - hash. - diff --git a/releasenotes/notes/haproxy-basic-auth-e2839941c806c615.yaml b/releasenotes/notes/haproxy-basic-auth-e2839941c806c615.yaml deleted file mode 100644 index 3ab4f1bd9..000000000 --- a/releasenotes/notes/haproxy-basic-auth-e2839941c806c615.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - Adds Basic Authentication support for HAProxy endpoints. -fixes: - - Fixes `bug 1736132 - `__ by implementing - Basic Authentication in HAProxy endpoint. diff --git a/releasenotes/notes/haproxy-custom-bind-opts-09226d990c62063d.yaml b/releasenotes/notes/haproxy-custom-bind-opts-09226d990c62063d.yaml deleted file mode 100644 index 75bbd413d..000000000 --- a/releasenotes/notes/haproxy-custom-bind-opts-09226d990c62063d.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Two custom per-service hiera keys are added - tripleo::haproxy::::internal_bind_options and - tripleo::haproxy::::public_bind_options. They control additional - custom options that can be added to the bind line of a specific service configuration - in haproxy. One use case is to force older TLS versions for internal APIs that - end up pointing to devices that do not support the latest TLS standard. - They accept a single string or an array of strings. diff --git a/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml b/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml deleted file mode 100644 index d777fe1a9..000000000 --- a/releasenotes/notes/haproxy-facility-8196cc8e1299d79b.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add new parameter haproxy_log_facility. diff --git a/releasenotes/notes/haproxy-frontend-backend-e3719b323e84fd2c.yaml b/releasenotes/notes/haproxy-frontend-backend-e3719b323e84fd2c.yaml deleted file mode 100644 index 767d7daba..000000000 --- a/releasenotes/notes/haproxy-frontend-backend-e3719b323e84fd2c.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -features: - - | - Haproxy configuration file can now use the frontend and backend - keywords to describe a service, rather than using the listen - keyword. The new format can be enabled via hiera parameter - `haproxy_backend_syntax`. When enabled, any frontend or backend - configuration can be overriden on a per service-basis via new - hiera keys `tripleo::haproxy::::frontend_options` and - `tripleo::haproxy::::frontend_options`. The original - hiera key `tripleo::haproxy::::options` has no effect - on the frontend and backend sections. diff --git a/releasenotes/notes/haproxy-leastconn-overrides-bdb2068ef794ff1d.yaml b/releasenotes/notes/haproxy-leastconn-overrides-bdb2068ef794ff1d.yaml deleted file mode 100644 index 090fe21fb..000000000 --- a/releasenotes/notes/haproxy-leastconn-overrides-bdb2068ef794ff1d.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -upgrade: - - | - Since Heat API can be given longrunning API requests its backends will - become load-balanced based on LRU 'leastconn' algorithm and its sessions - will also benefit from the TCP-keepalive feature of HAProxy. - - Some of the other services with the longrunning requests notion will start - using the 'leastconn' LRU LB as well. diff --git a/releasenotes/notes/haproxy-logging-13b333a7e9d9558e.yaml b/releasenotes/notes/haproxy-logging-13b333a7e9d9558e.yaml deleted file mode 100644 index c0b4aee3a..000000000 --- a/releasenotes/notes/haproxy-logging-13b333a7e9d9558e.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Added new parameter to tripleo::haproxy: activate_httplog - This allows to activate the HTTP full logs in HAProxy. - -fixes: - - Fixes `bug 1733801 - `__ so we can activate - haproxy logs. diff --git a/releasenotes/notes/haproxy-remove-activate_httplog-87325732ab9ca721.yaml b/releasenotes/notes/haproxy-remove-activate_httplog-87325732ab9ca721.yaml deleted file mode 100644 index 0b990d41d..000000000 --- a/releasenotes/notes/haproxy-remove-activate_httplog-87325732ab9ca721.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -deprecations: - - | - activate_httplog parameter of haproxy.pp is deprecated because - httplog is always enabled for all http endpoints regardless of - this parameter. diff --git a/releasenotes/notes/haproxy-service-endpoints-4351bd4666dfe9a7.yaml b/releasenotes/notes/haproxy-service-endpoints-4351bd4666dfe9a7.yaml deleted file mode 100644 index 5811ed5fd..000000000 --- a/releasenotes/notes/haproxy-service-endpoints-4351bd4666dfe9a7.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -features: - - | - Adds support for puppet standard separator notation in order to be - able to have unit tests. The "." separator notation doesn't work in - puppet-rspec, probably because "hiera" isn't called per se. This new - feature allows to get two hashes, they are merged in the definition. -fixes: - - Partly fixes `bug 1737086 - `__ for unit tests on - haproxy service_endpoints diff --git a/releasenotes/notes/haproxy_cell_server_names-5cc0e81836d568b7.yaml b/releasenotes/notes/haproxy_cell_server_names-5cc0e81836d568b7.yaml deleted file mode 100644 index 1d81f44e6..000000000 --- a/releasenotes/notes/haproxy_cell_server_names-5cc0e81836d568b7.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - In case of a multicell deployment the mysql and nova novncproxy backend - servers need to use the SERVICE_cell_node_names. - Also the novncproxy did use the nova_api_vip and nova_api_node_[ips|names] - information insteand of nova_vnc_proxy_vip and nova_vnc_proxy_node_[ips|names] diff --git a/releasenotes/notes/haproxy_dynamic_endpoints-bf618ef45674bea4.yaml b/releasenotes/notes/haproxy_dynamic_endpoints-bf618ef45674bea4.yaml deleted file mode 100644 index 1156047a8..000000000 --- a/releasenotes/notes/haproxy_dynamic_endpoints-bf618ef45674bea4.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - This change allows to dynamically create new service endpoints, either using hiera - in heat, or with some new service profile you can then include in the roles_data.yml -fixes: - - | - Allow to add custom backends in HAProxy (1721832) diff --git a/releasenotes/notes/haproxy_globals_override-7a573da1c8633f01.yaml b/releasenotes/notes/haproxy_globals_override-7a573da1c8633f01.yaml deleted file mode 100644 index a6b6bfb18..000000000 --- a/releasenotes/notes/haproxy_globals_override-7a573da1c8633f01.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - This new parameter allows to set/override HAProxy global - options in a convenient way. diff --git a/releasenotes/notes/haproxy_socket_access-ba72ad281ca64287.yaml b/releasenotes/notes/haproxy_socket_access-ba72ad281ca64287.yaml deleted file mode 100644 index cce638adc..000000000 --- a/releasenotes/notes/haproxy_socket_access-ba72ad281ca64287.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Provides a way to set HAProxy socket access level. - This will allow people to manage HAProxy directly through - command-line, for example in order to temporarly disable - backends. diff --git a/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml b/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml deleted file mode 100644 index a3b7d91b6..000000000 --- a/releasenotes/notes/heat_api_timeout-cbb01242534cec79.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - For Heat API, increase the HAproxy timeout from 2 minutes to 10 minutes so - we give a chance to Heat to use the rpc_response_timeout value which is set - to 600 by default in TripleO. diff --git a/releasenotes/notes/hpelefthand_8474c416b0d411e6.yaml b/releasenotes/notes/hpelefthand_8474c416b0d411e6.yaml deleted file mode 100644 index a92cbae77..000000000 --- a/releasenotes/notes/hpelefthand_8474c416b0d411e6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added hpelefthand_iscsi backend support for cinder diff --git a/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml b/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml deleted file mode 100644 index 4c9d76392..000000000 --- a/releasenotes/notes/httpchk-for-haproxy-http-services-ace7d9bf94610ed9.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Enabled httpdchk in HAProxy for http based services to reduce situtations - where the port may be open but the service is not actively serving http - requests. diff --git a/releasenotes/notes/innodb_buffer_pool_size-6fa946cf008a4606.yaml b/releasenotes/notes/innodb_buffer_pool_size-6fa946cf008a4606.yaml deleted file mode 100644 index b4663eb8b..000000000 --- a/releasenotes/notes/innodb_buffer_pool_size-6fa946cf008a4606.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Enable innodb_buffer_pool_size configuration for all MySQL databases. diff --git a/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml b/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml deleted file mode 100644 index e0b7c3c51..000000000 --- a/releasenotes/notes/innodb_file_per_table-f925b3bbf29d44ea.yaml +++ /dev/null @@ -1,20 +0,0 @@ ---- -features: - - Enable innodb_file_per_table for MySQL/MariaDB databases -upgrade: - - | - Newly created MySQL database tables will be stored in their own datafiles, - instead of in a single monolithic ibdata file. - - | - Existing MySQL database tables that are persisted within the monolithic - ibdata file will remain so unless the database is migrated as well. - - | - Migration of all current database tables out of the monolithic ibdata - file is possible by dumping and restoring the whole database to a new data - directory, however when using Galera the entire cluster must be shut - down and upgraded at once. - - | - Migration of individual tables to datafiles is possible using the - MySQL command "ALTER TABLE . ENGINE=InnoDB;", - however this will not shrink the ibdata file and also is not safe to run - on a running Galera cluster for large tables. diff --git a/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml b/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml deleted file mode 100644 index 7dbd5a7d4..000000000 --- a/releasenotes/notes/innodb_flush_log_at_trx_commit-eb7d99749ca3c911.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -features: - - | - Enable innodb_flush_log_at_trx_commit configuration for Galera only. -upgrade: - - | - Setting the innodb_flush_log_at_trx_commit flag to the value of "2" instead - of its default value of "1" means that the underlying MySQL/MariaDB engine - will no longer flush transactions to disk on a per-transaction basis; - instead, flushes occur once per second. This leads to far fewer - disk writes and can dramatically improve write performance, at the cost - of durability (e.g. will lose the last second's worth of transactions) - if the database engine is ungracefully shut down. The - clustered nature of Galera mitigates this risk in that transactions - are replicated to other nodes before completion, and the setting of - "2" is considered to be generally safe for a Galera cluster, with the - exception case of simultaneous power loss for all nodes. diff --git a/releasenotes/notes/introduce-mysql-user-interface-e16d62f3743128a0.yaml b/releasenotes/notes/introduce-mysql-user-interface-e16d62f3743128a0.yaml deleted file mode 100644 index 671b2e698..000000000 --- a/releasenotes/notes/introduce-mysql-user-interface-e16d62f3743128a0.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - The interface ``tripleo::::mysql_user`` was created. It - allows service writes to create databases, database users and grants via - hieradata instead of having to modify puppet-tripleo. diff --git a/releasenotes/notes/ironic-inspector-disjoint-inspection-ip-range-f10297dd32f3721b.yaml b/releasenotes/notes/ironic-inspector-disjoint-inspection-ip-range-f10297dd32f3721b.yaml deleted file mode 100644 index 7efee9f69..000000000 --- a/releasenotes/notes/ironic-inspector-disjoint-inspection-ip-range-f10297dd32f3721b.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Adds support to configure disjoint address pools for Ironic Inspector. When - Inspector is deployed as a HA service disjoint address pools should be - served by the DHCP instances to avoid address conflict issues. diff --git a/releasenotes/notes/ironic-networking-baremetal-ebb19eca5fa235bc.yaml b/releasenotes/notes/ironic-networking-baremetal-ebb19eca5fa235bc.yaml deleted file mode 100644 index 2604ad6f9..000000000 --- a/releasenotes/notes/ironic-networking-baremetal-ebb19eca5fa235bc.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Adds support for Ironic Networking Baremetal. Networking Baremetal - is used to integrate the Bare Metal service with the Networking service. diff --git a/releasenotes/notes/ironic-ssh-removal-e5f40b477cf7357c.yaml b/releasenotes/notes/ironic-ssh-removal-e5f40b477cf7357c.yaml deleted file mode 100644 index 206ed1214..000000000 --- a/releasenotes/notes/ironic-ssh-removal-e5f40b477cf7357c.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - Out-of-box support for Ironic ``*_ssh`` drivers was removed. These drivers - were deprecated in the Newton release. diff --git a/releasenotes/notes/isilon_driver_bfa347d073cd11e7.yaml b/releasenotes/notes/isilon_driver_bfa347d073cd11e7.yaml deleted file mode 100644 index e6dad75f9..000000000 --- a/releasenotes/notes/isilon_driver_bfa347d073cd11e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC Isilon backend diff --git a/releasenotes/notes/keepalived-test-f3eddf57a5b4d433.yaml b/releasenotes/notes/keepalived-test-f3eddf57a5b4d433.yaml deleted file mode 100644 index 55e909185..000000000 --- a/releasenotes/notes/keepalived-test-f3eddf57a5b4d433.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -other: - - | - Added unit test for tripleo::keepalived class. - - | - Added network_vips parameter to the tripleo::keepalived class where - previously it was only exposed via the network_virtual_ips hiera data key. - The new parameter still uses the network_virtual_ips hiera data for the - default value or falls back to an empty hash. diff --git a/releasenotes/notes/keepalived_deprecated-199df5a0f3f35189.yaml b/releasenotes/notes/keepalived_deprecated-199df5a0f3f35189.yaml deleted file mode 100644 index 4ccf12a75..000000000 --- a/releasenotes/notes/keepalived_deprecated-199df5a0f3f35189.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - | - Keepalived is deprecated in Ussuri and will be removed in the next cycle. diff --git a/releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml b/releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml deleted file mode 100644 index 84bb5ef51..000000000 --- a/releasenotes/notes/key-manager-backend-e8bd95b728bb0d0e.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -deprecations: - - | - The keymgr_api_class parameter is deprecated in favor of an equivalent - keymgr_backend option. The deprecated keymgr_api_class is still supported - for backward compatibility. diff --git a/releasenotes/notes/keystone-notification-topics-5b155e7b5e60b7fd.yaml b/releasenotes/notes/keystone-notification-topics-5b155e7b5e60b7fd.yaml deleted file mode 100644 index 3986c6fca..000000000 --- a/releasenotes/notes/keystone-notification-topics-5b155e7b5e60b7fd.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - keystone notification topics are now configured via the - keystone_notification_topics hiera key. Which aggregates - all the keys that match this. It's useful for dynamically - configuring the topics and not always sending them. diff --git a/releasenotes/notes/keystone_member-70065ba9269c4bfd.yaml b/releasenotes/notes/keystone_member-70065ba9269c4bfd.yaml deleted file mode 100644 index f1f786417..000000000 --- a/releasenotes/notes/keystone_member-70065ba9269c4bfd.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Allow to let puppet-keystone managing _member_ role which is required - by Horizon. Can be enabled with keystone_enable_member parameter (disabled - by default.) diff --git a/releasenotes/notes/l2gw_agent_support-2bc24b539da738a8.yaml b/releasenotes/notes/l2gw_agent_support-2bc24b539da738a8.yaml deleted file mode 100644 index 66e8f3537..000000000 --- a/releasenotes/notes/l2gw_agent_support-2bc24b539da738a8.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add support for l2 gateway Neutron agent support. diff --git a/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml b/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml deleted file mode 100644 index 694f492a4..000000000 --- a/releasenotes/notes/l2gw_plugin_support-e0b1faafe8e1135f.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add support for l2 gateway Neutron service plugin. diff --git a/releasenotes/notes/login_defs-1d1b32c233a33b2f.yaml b/releasenotes/notes/login_defs-1d1b32c233a33b2f.yaml deleted file mode 100644 index eebaec5a7..000000000 --- a/releasenotes/notes/login_defs-1d1b32c233a33b2f.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Enables management of the login.defs file and its values around - password functionality (such as max days, min days, warning age, - fail retry times) -security: - - | - Operators using this puppet module, can change values that - influence password security. diff --git a/releasenotes/notes/logrotate-containers-compress-96934a4e76b9689d.yaml b/releasenotes/notes/logrotate-containers-compress-96934a4e76b9689d.yaml deleted file mode 100644 index 11765e3ec..000000000 --- a/releasenotes/notes/logrotate-containers-compress-96934a4e76b9689d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -other: - - | - Add the compress option for the containerized logrotate service to - compress rotated logs by default. diff --git a/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml b/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml deleted file mode 100644 index d8dc9c51e..000000000 --- a/releasenotes/notes/logrotate-containers-purge-56143a979ba80b51.yaml +++ /dev/null @@ -1,38 +0,0 @@ ---- -upgrade: - - | - Rotated logs of containerized services in /var/log/containers - will be purged with the next containerized logrotate run - triggered via cron, if the rotated logs have been kept longer - than `purge_after_days` (defaults to a 14 days). - - The logrotate maxage parameter is set to `purge_after_days` - as well. - - The size parameter does not honor time-based - constraints and is disabled as not GDPR compliant. From now on, - it configures maxsize instead. Minsize is set to a 1 byte to - put all /var/log/containers logs under the containerized - logrotate control. - - New param `rotation` additionally allows to alter logrotate - rotation interval, like 'hourly' or 'weekly'. -security: - - | - Retention rules of files in /var/log/containers additionally - defined in the containerized logrotate postrotate script and - based on any of the listed criteria met: - - * time of last access of contents (atime) exceeds - `purge_after_days`, - * time of last modification of contents (mtime) exceeds - `purge_after_days`, - * time of last modification of the inode (metadata, ctime) - exceeds `purge_after_days`. - - Expired files will be purged forcibly with each containerized - logrotate run triggered via cron. Note that the files creation - time (the Birth attribute) is not taken into account as it - cannot be accessed normally by system operators (depends on FS - type). Retention policies based on the creation time must - be managed elsewhere. diff --git a/releasenotes/notes/logrotate-copytruncate-hourly-f0851bec551f5f5f.yaml b/releasenotes/notes/logrotate-copytruncate-hourly-f0851bec551f5f5f.yaml deleted file mode 100644 index 1e9e716a1..000000000 --- a/releasenotes/notes/logrotate-copytruncate-hourly-f0851bec551f5f5f.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - Logrotate's copytruncate is used by default for containerized services logs - rotation. The default period to keep old logs remains unchanged (14 days). diff --git a/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml b/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml deleted file mode 100644 index b6f211c22..000000000 --- a/releasenotes/notes/messaging-amqp-7efec1bcb435e7cf.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Include the amqp messaging class when the oslo.messaging rpc - protocol is enabled for AMQP 1.0. diff --git a/releasenotes/notes/messaging-rabbitmq-or-oslo-messaging-services-f29943b2eafd24e6.yaml b/releasenotes/notes/messaging-rabbitmq-or-oslo-messaging-services-f29943b2eafd24e6.yaml deleted file mode 100644 index 80d4920da..000000000 --- a/releasenotes/notes/messaging-rabbitmq-or-oslo-messaging-services-f29943b2eafd24e6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add support for either rabbitmq server nodes or new - oslo.messaging service nodes for separated rpc and notify - communications diff --git a/releasenotes/notes/metadata-file-creation-for-glance-netapp-47668bb602316024.yaml b/releasenotes/notes/metadata-file-creation-for-glance-netapp-47668bb602316024.yaml deleted file mode 100644 index 5badfb49c..000000000 --- a/releasenotes/notes/metadata-file-creation-for-glance-netapp-47668bb602316024.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Add support for configuring the metadata file used by - Glance Netapp NFS backend. diff --git a/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml b/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml deleted file mode 100644 index ae6401fb5..000000000 --- a/releasenotes/notes/mistral-mod-wsgi-1a1d3eb279daa7fd.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - Move Mistral API to use mod_wsgi under Apache. -upgrade: - - Mistral API systemd service will be stopped and - disabled. - diff --git a/releasenotes/notes/modular-libvirt-c19ccf0f0118c88c.yaml b/releasenotes/notes/modular-libvirt-c19ccf0f0118c88c.yaml deleted file mode 100644 index 9eeddb1a1..000000000 --- a/releasenotes/notes/modular-libvirt-c19ccf0f0118c88c.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -features: - - | - This change adds functionality to enable modular libvirt daemons - support. Also all the daemons runs in separate containers, so the - configuration is done for all the daemon containers. - Here is the list of daemons added in this change. - - virtnodedevd - - virtproxyd - - virtqemud - - virtsecretd - - virtstoraged - - More information regarding modular libvirt daemons is available here. - `Libvirt Daemons ` _. diff --git a/releasenotes/notes/mongodb_drop-02daffbfe4975cb9.yaml b/releasenotes/notes/mongodb_drop-02daffbfe4975cb9.yaml deleted file mode 100644 index 3caeb0808..000000000 --- a/releasenotes/notes/mongodb_drop-02daffbfe4975cb9.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -other: - - | - MongoDB hasn't been supported since Pike, it's time to remove the - deployment files. Starting in Stein, it's not possible to deploy MongoDB - anymore. It already changes the default zaqar management_store to - sqlalchemy and the zaqar messaging_store to redis, which is already - set by TripleO Heat Templates. diff --git a/releasenotes/notes/monitor_interval_ovndbs-6af18ba7f4a17cc5.yaml b/releasenotes/notes/monitor_interval_ovndbs-6af18ba7f4a17cc5.yaml deleted file mode 100644 index 3e7497f84..000000000 --- a/releasenotes/notes/monitor_interval_ovndbs-6af18ba7f4a17cc5.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add parameter for setting monitor interval for ovndbs (default is 30s) diff --git a/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml b/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml deleted file mode 100644 index 1899db9c5..000000000 --- a/releasenotes/notes/move-ceilo-upgrade-out-3318df875de5cd00.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - Since collector is deprecated, move the ceilo upgrade in step5 - out of collector profile and into cielometer base. This way - ceilo upgrade can run even when collector is disabled which is - the default in pike. diff --git a/releasenotes/notes/multiple-cinder-rbd-backend-ef2767baf771b741.yaml b/releasenotes/notes/multiple-cinder-rbd-backend-ef2767baf771b741.yaml deleted file mode 100644 index dd41990c2..000000000 --- a/releasenotes/notes/multiple-cinder-rbd-backend-ef2767baf771b741.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add support for specifying a list of Ceph pools to be used for additional - Cinder RBD backends. This is in addition to the Ceph pool associated with - the first Cinder RBD backend. The list of extra pools is optional, and - defaults to an empty list. diff --git a/releasenotes/notes/mysql_bundle_options-b5ecf4c4472cca01.yaml b/releasenotes/notes/mysql_bundle_options-b5ecf4c4472cca01.yaml deleted file mode 100644 index c238edb99..000000000 --- a/releasenotes/notes/mysql_bundle_options-b5ecf4c4472cca01.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -features: - - | - Add support for injecting arbitrary arguments into the wsrep_provider_options - string. - Operators should be extremely careful in doing so as there is no validation - or syntax checking whatsoever. - diff --git a/releasenotes/notes/networking-ansible-741fd4a6c8374db8.yaml b/releasenotes/notes/networking-ansible-741fd4a6c8374db8.yaml deleted file mode 100644 index 674ec25e4..000000000 --- a/releasenotes/notes/networking-ansible-741fd4a6c8374db8.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added support for networking-ansible ML2 plugin. diff --git a/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml b/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml deleted file mode 100644 index daaf6f4eb..000000000 --- a/releasenotes/notes/neutron-bigswitch-agent-profile-1250bb1518199a67.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - Moves bigswitch neutron agent configuration to a new tripleo profile - tripleo::profile::base::neutron::agents::bigswitch diff --git a/releasenotes/notes/neutron_iptables-9ea317c73b79929d.yaml b/releasenotes/notes/neutron_iptables-9ea317c73b79929d.yaml deleted file mode 100644 index d45ac41e6..000000000 --- a/releasenotes/notes/neutron_iptables-9ea317c73b79929d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - IPtables rules managed by Neutron won't be persistent on the host anymore. - Instead, they'll be removed (if exist) from /etc/sysconfig/iptables. diff --git a/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml b/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml deleted file mode 100644 index 9aad5ee97..000000000 --- a/releasenotes/notes/nf_conntrack_proto_sctp-a64300a3fc7b4e55.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -issues: - - | - Ignore failures if nf_conntrack_proto_sctp module failed to load. - Since RHEL 7.4, nf_conntrack_proto_sctp module is compiled into the - kernel instead of as a module as the sctp support. - TripleO will still try to load the module to support RHEL 7.3, but - in the future will remove the module management and rely on the kernel - provided in newer versions of RHEL. diff --git a/releasenotes/notes/nokolla-7898fe76cf623a0c.yaml b/releasenotes/notes/nokolla-7898fe76cf623a0c.yaml deleted file mode 100644 index d5f0c5838..000000000 --- a/releasenotes/notes/nokolla-7898fe76cf623a0c.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -other: - - | - - The default for - tripleo::profile::base::docker_registry::enable_container_images_build is - now false by default, so any users relying on this to install - openstack-kolla will need to explicitly set this to true in their local - hieradata. diff --git a/releasenotes/notes/nova-cache-in-tht-533e048fd6ccc65f.yaml b/releasenotes/notes/nova-cache-in-tht-533e048fd6ccc65f.yaml deleted file mode 100644 index 2e6b438d2..000000000 --- a/releasenotes/notes/nova-cache-in-tht-533e048fd6ccc65f.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -deprecations: - - | - The ``enable_cache`` and ``cache_backend`` in - ``tripleo::profile::base::nova`` class were removed because now these - parameters are defined in tripleo-heat-templates. diff --git a/releasenotes/notes/nova-endpoint-a957a840ee653307.yaml b/releasenotes/notes/nova-endpoint-a957a840ee653307.yaml deleted file mode 100644 index 51cc874bf..000000000 --- a/releasenotes/notes/nova-endpoint-a957a840ee653307.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added variables for endpoint_proxy_nova, endpoint_config_nova, and Apache - mod_proxy configuration to proxy nova service just like similar services diff --git a/releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml b/releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml deleted file mode 100644 index bb2515fcb..000000000 --- a/releasenotes/notes/nova-metadata-wsgi-ssl-a64c2b9a99deb7a9.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - With nova metadata api running via wsgi we do not need the ssl proxy when - configure tls-everywhere as we terminate ssl direct in the httpd wsgi. - With this change we only create the ssl proxy vhost if we do not run nova - metadata via wsgi. diff --git a/releasenotes/notes/nova-remove-wsgi-enabled-5899b7d6d77a4fd4.yaml b/releasenotes/notes/nova-remove-wsgi-enabled-5899b7d6d77a4fd4.yaml deleted file mode 100644 index 532f55d10..000000000 --- a/releasenotes/notes/nova-remove-wsgi-enabled-5899b7d6d77a4fd4.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -deprecations: - - | - tripleo::profile::base::nova::api::nova_api_wsgi_enabled and - tripleo::profile::base::nova::api::nova_metadata_api_wsgi_enabled are - removed, because the issue in nova was already resolved and using - standalone eventlet server is discouraged. diff --git a/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml b/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml deleted file mode 100644 index 79439b2df..000000000 --- a/releasenotes/notes/nova_cells_setup-2c3e3344d8adcc26.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Configure the basic cells setup for Nova, now required in Ocata. diff --git a/releasenotes/notes/nova_compute_include_metadata-21757b44cb976e5d.yaml b/releasenotes/notes/nova_compute_include_metadata-21757b44cb976e5d.yaml deleted file mode 100644 index 4263f997b..000000000 --- a/releasenotes/notes/nova_compute_include_metadata-21757b44cb976e5d.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - The old DEFAULT/dhcp_domain setting was moved to api/dhcp_domain. - nova::network::neutron::dhcp_domain will be removed later in the cycle. - We need include nova::metadata which sets the new [api]/dhcp_domain - as this is used by the virt driver to generate the config drive. diff --git a/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml b/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml deleted file mode 100644 index 553f21728..000000000 --- a/releasenotes/notes/nova_compute_live_migration_force_nc-f903a09955164ad9.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -fixes: - - | - libvirt 6.8.0 introduces virt-ssh-helper which prepends the libvirt - ssh command with a "which virt-ssh-helper". libvirt used to first - check for `nc` (netcat). But these two libvirt commits[1][2] have now - changed it to first look for `virt-ssh-helper`, if it not available, - then fall back to `nc`. This trips up the 'nova-migration-wrapper' as - it does not support virt-ssh-helper atm. - Until this is implemented, this change force to use "netcat" (`nc`) by - appending to the migration URI: "&proxy=netcat" - [1] https://libvirt.org/git/?p=libvirt.git;a=commit;h=f8ec7c842d (rpc: - use new virt-ssh-helper binary for remote tunnelling, 2020-07-08) - [2] https://libvirt.org/git/?p=libvirt.git;a=commit;h=7d959c302d (rpc: - Fix virt-ssh-helper detection, 2020-10-27) diff --git a/releasenotes/notes/nova_metadata_wsgi-bbc8e5e053282a83.yaml b/releasenotes/notes/nova_metadata_wsgi-bbc8e5e053282a83.yaml deleted file mode 100644 index 72dc1bde2..000000000 --- a/releasenotes/notes/nova_metadata_wsgi-bbc8e5e053282a83.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Usage of eventlet of all the WSGI-run nova services get - deprecated, including nova-api and nova-metadata-api. - See https://review.opendev.org/#/c/549510/ for more details. - With this change we move nova-metadata to run via httpd wsgi. diff --git a/releasenotes/notes/nova_metadata_wsgi-cleanup-4b4877fe73f25c2e.yaml b/releasenotes/notes/nova_metadata_wsgi-cleanup-4b4877fe73f25c2e.yaml deleted file mode 100644 index 9aa08afc1..000000000 --- a/releasenotes/notes/nova_metadata_wsgi-cleanup-4b4877fe73f25c2e.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -upgrade: - - | - The following deprecated parameters in - the ``tripleo::profile::base::nova::api`` class have been removed. - - - ``nova_metadata_network`` - - ``metadata_tls_proxy_bind_ip`` - - ``metadata_tls_proxy_fqdn`` - - ``metadata_tls_proxy_port`` diff --git a/releasenotes/notes/nova_migration_qemu-fc2150565dae8d33.yaml b/releasenotes/notes/nova_migration_qemu-fc2150565dae8d33.yaml deleted file mode 100644 index 033fc12fa..000000000 --- a/releasenotes/notes/nova_migration_qemu-fc2150565dae8d33.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - With the change in https://review.openstack.org/#/c/561784/3 we need to - make sure that the new port range get applied to the qemu.conf file. diff --git a/releasenotes/notes/nova_novnc_proxy_ssl_support-507a776063403a8e.yaml b/releasenotes/notes/nova_novnc_proxy_ssl_support-507a776063403a8e.yaml deleted file mode 100644 index b35b43cf8..000000000 --- a/releasenotes/notes/nova_novnc_proxy_ssl_support-507a776063403a8e.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - with tls-everywhere enabled the connection from haproxy to the nova novnc - proxy was not encrypted. Now we request a certificate and configue haproxy - and the novnc proxy to encrypt this remaining part in a vnc connection to - be encrypted as well. diff --git a/releasenotes/notes/nova_qemu_native_tls_encryption_on_nbd_for_disk_migration-2e16003c4764a399.yaml b/releasenotes/notes/nova_qemu_native_tls_encryption_on_nbd_for_disk_migration-2e16003c4764a399.yaml deleted file mode 100644 index 282b7d40c..000000000 --- a/releasenotes/notes/nova_qemu_native_tls_encryption_on_nbd_for_disk_migration-2e16003c4764a399.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -features: - - | - Add support for native TLS encryption on NBD for disk migration - - The NBD protocol previously runs in clear text, offering no security - protection for the data transferred, unless it is tunnelled over some - external transport like SSH. Such tunnelling is inefficient and - inconvenient to manage. Support for TLS to the NBD clients & servers - provided by QEMU was added. In tls-everywhere use case we want to - take advantage of this feature to create the certificates and configure - qemu to use nbd tls. diff --git a/releasenotes/notes/nova_remove_nova-consoleauth-c126434b3dbda106.yaml b/releasenotes/notes/nova_remove_nova-consoleauth-c126434b3dbda106.yaml deleted file mode 100644 index cb94de095..000000000 --- a/releasenotes/notes/nova_remove_nova-consoleauth-c126434b3dbda106.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -fixes: - - | - As of Rocky [1], the nova-consoleauth service has been deprecated and - cell databases are used for storing token authorizations. All new consoles - will be supported by the database backend and existing consoles will be - reset. Console proxies must be run per cell because the new console token - authorizations are stored in cell databases. - - nova-consoleauth was deprecated in tripleo with: - I68485a6c4da4476d07ec0ab5e7b5a4c528820a4f - - This change now removes the NovaConsoleauth Service. - - [1] https://docs.openstack.org/releasenotes/nova/rocky.html diff --git a/releasenotes/notes/nova_virtlogd_wrapper-43c6c319db2a36ef.yaml b/releasenotes/notes/nova_virtlogd_wrapper-43c6c319db2a36ef.yaml deleted file mode 100644 index af09fa9e9..000000000 --- a/releasenotes/notes/nova_virtlogd_wrapper-43c6c319db2a36ef.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -features: - - | - When nova_virtlogd container gets restarted the instance console auth files - will not be reopened again by virtlogd. As a result either instances need - to be restarted or live migrated to a different compute node to get new - console logs messages logged again. - Usually on receipt of SIGUSR1, virtlogd will re-exec() its binary, while - maintaining all current logs and clients. This allows for live upgrades of - the virtlogd service on non containerized environments where updates just - by doing an RPM update. - To reduce the likelihood in a containerized environment virtlogd should - only be restarted on manual request, or on compute node reboot. It should - not be restarted on a minor update without migration off instances. - This introduces a nova_virtlogd_wrapper container and virtlogd wrapper - script, to only restart virtlogd on either manual or compute node restart. diff --git a/releasenotes/notes/oslo-messaging-separate-backends-69aabd30ba470e61.yaml b/releasenotes/notes/oslo-messaging-separate-backends-69aabd30ba470e61.yaml deleted file mode 100644 index 48da1e111..000000000 --- a/releasenotes/notes/oslo-messaging-separate-backends-69aabd30ba470e61.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Support separate oslo.messaging services for RPC and Notifications. - Enable separate messaging backend servers. diff --git a/releasenotes/notes/ovn-ha-c7668c26aefb8f2d.yaml b/releasenotes/notes/ovn-ha-c7668c26aefb8f2d.yaml deleted file mode 100644 index 09c5111e9..000000000 --- a/releasenotes/notes/ovn-ha-c7668c26aefb8f2d.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Support HA for OVN db servers and ovn-northd using Pacemaker - diff --git a/releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml b/releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml deleted file mode 100644 index 265c28958..000000000 --- a/releasenotes/notes/ovn-ssl-298db2d617d7cc5e.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -features: - - | - This patch introduces parameters which support SSL to connect to - OVN_Northbound DB and OVN_Southbound DB. This can be set by: - * 'ovn_nb_private_key': The PEM file with private key for SSL connection to OVN-NB-DB - * 'ovn_nb_certificate': The PEM file with certificate that certifies the private - key specified in ovn_nb_private_key - * 'ovn_nb_ca_cert': The PEM file with CA certificate that OVN should use to - verify certificates presented to it by SSL peers - * 'ovn_sb_private_key': The PEM file with private key for SSL connection to OVN-SB-DB, - * 'ovn_sb_certificate': The PEM file with certificate that certifies the - private key specified in ovn_sb_private_key' - * 'ovn_sb_ca_cert': The PEM file with CA certificate that OVN should use to - verify certificates presented to it by SSL peers - * 'protocol': Protocol use in communication with dbs \ No newline at end of file diff --git a/releasenotes/notes/ovn_metadata_remote_probe_interval-6fcbdb1e2c9a9a33.yaml b/releasenotes/notes/ovn_metadata_remote_probe_interval-6fcbdb1e2c9a9a33.yaml deleted file mode 100644 index 425839c15..000000000 --- a/releasenotes/notes/ovn_metadata_remote_probe_interval-6fcbdb1e2c9a9a33.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -features: - - | - This parameter sets inactive probe interval of the JSON session - from ovn-metadata to the OVN SB database. By default this it - is 5s which not be sufficient in loaded systems or during high - control-plane activity spikes, leading to unnecessary reconnections - to OVSDB server. Now it is extended by default to 1 min and it is - configurable by param OVNRemoteProbeInterval. \ No newline at end of file diff --git a/releasenotes/notes/ovs-hw-offload-89a49899af3b9892.yaml b/releasenotes/notes/ovs-hw-offload-89a49899af3b9892.yaml deleted file mode 100644 index 4cdcf46f0..000000000 --- a/releasenotes/notes/ovs-hw-offload-89a49899af3b9892.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Allows to configure SR-IOV NIC to switchdev mode. - This feature requires kernel 4.10 and above. diff --git a/releasenotes/notes/pacemaker-selinux-8dc0344afd5d64bd.yaml b/releasenotes/notes/pacemaker-selinux-8dc0344afd5d64bd.yaml deleted file mode 100644 index a734ad6d3..000000000 --- a/releasenotes/notes/pacemaker-selinux-8dc0344afd5d64bd.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - Services managed by Pacemaker will be restarted when this change is applied - as an Update or Upgrade process. diff --git a/releasenotes/notes/per-service-options-haproxy-75f5f00cf5243ecb.yaml b/releasenotes/notes/per-service-options-haproxy-75f5f00cf5243ecb.yaml deleted file mode 100644 index fec8210ab..000000000 --- a/releasenotes/notes/per-service-options-haproxy-75f5f00cf5243ecb.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -features: - - | - Add support via hiera keys like 'tripleo::haproxy::${name}::listen_options' to - customize the options of an haproxy service stanza. For example passing the by setting - the 'tripleo::haproxy::cinder::options' hiera key to a hash made composed of: - 'timeout client': '90m' - 'timeout server': '90m' - diff --git a/releasenotes/notes/powerflex-driver-f728e372280c44e6.yaml b/releasenotes/notes/powerflex-driver-f728e372280c44e6.yaml deleted file mode 100644 index 5014fdafd..000000000 --- a/releasenotes/notes/powerflex-driver-f728e372280c44e6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add PowerFlex Cinder driver support. diff --git a/releasenotes/notes/powermax-driver-d428e372280c44e6.yaml b/releasenotes/notes/powermax-driver-d428e372280c44e6.yaml deleted file mode 100644 index d0f586df2..000000000 --- a/releasenotes/notes/powermax-driver-d428e372280c44e6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add new PowerMax backend Cinder driver options. - Supports both iSCSI and FC volume drivers and - multiple backends as well. diff --git a/releasenotes/notes/powerstore-driver-e428e372280c44e6.yaml b/releasenotes/notes/powerstore-driver-e428e372280c44e6.yaml deleted file mode 100644 index 8f6461a9e..000000000 --- a/releasenotes/notes/powerstore-driver-e428e372280c44e6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Add new PowerStore backend Cinder driver options. diff --git a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml b/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml deleted file mode 100644 index 63830e5df..000000000 --- a/releasenotes/notes/proxy-api-endpoints-359e5fb64d80d400.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - Added ability to proxy API service endpoints through - Apache mod_rewrite rules by creating ProxyPass and - ProxyPassReverse directives for each API service - diff --git a/releasenotes/notes/ps-san-private_key-5a9f11e7907ba600.yaml b/releasenotes/notes/ps-san-private_key-5a9f11e7907ba600.yaml deleted file mode 100644 index 635933119..000000000 --- a/releasenotes/notes/ps-san-private_key-5a9f11e7907ba600.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Added new parameter san_private_key to configure SSH Private Key - for the PS Series cinder backend diff --git a/releasenotes/notes/ptp-062b1d1f2d9f2275.yaml b/releasenotes/notes/ptp-062b1d1f2d9f2275.yaml deleted file mode 100644 index fd0ee5418..000000000 --- a/releasenotes/notes/ptp-062b1d1f2d9f2275.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - Precision Time Protocol (PTP) is a protocol used to synchronize clocks - throughout a network. When used in conjunction with hardware support, - PTP is capable of sub-microsecond accuracy which is far better than is - normally obtainable with NTP. diff --git a/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml b/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml deleted file mode 100644 index 9eb7c79d7..000000000 --- a/releasenotes/notes/puppet-auditd-0f6cbd6a2d193aac.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Adds the ability to manage auditd.service and enter audit.rules - diff --git a/releasenotes/notes/pure_add_iscsi_cidr_list-bac3b40a3137f06d.yaml b/releasenotes/notes/pure_add_iscsi_cidr_list-bac3b40a3137f06d.yaml deleted file mode 100644 index 845e9e6b8..000000000 --- a/releasenotes/notes/pure_add_iscsi_cidr_list-bac3b40a3137f06d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Added support for iSCSI CIDR list parameter for Pure Storage - FlashArray Cinder backend. diff --git a/releasenotes/notes/pure_nvme-02263cb67d33e7f4.yaml b/releasenotes/notes/pure_nvme-02263cb67d33e7f4.yaml deleted file mode 100644 index 091a6898b..000000000 --- a/releasenotes/notes/pure_nvme-02263cb67d33e7f4.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add support for NVME transport protocol for Pure Storage - FlashArray Cinder Backend. - Add support for NVMe CIDR and NVMe CIDR list parameters - for Pure Storage FlashArray Cinder Backend. diff --git a/releasenotes/notes/pure_storage_update_cinder_params-94940d1d3ca46877.yaml b/releasenotes/notes/pure_storage_update_cinder_params-94940d1d3ca46877.yaml deleted file mode 100644 index 2d6f640c6..000000000 --- a/releasenotes/notes/pure_storage_update_cinder_params-94940d1d3ca46877.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Added support for host personality, iSCSI CIDR and - eradicate on delete parameters for Pure Storage - FlashArray Cinder backend. diff --git a/releasenotes/notes/qemu_remove_postsave_cmd-07ad04ac44d7b706.yaml b/releasenotes/notes/qemu_remove_postsave_cmd-07ad04ac44d7b706.yaml deleted file mode 100644 index 75ae9c991..000000000 --- a/releasenotes/notes/qemu_remove_postsave_cmd-07ad04ac44d7b706.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - qemu certs are note used by libvirt and therefore does not need a restart. - In case certs gets renewed, right now qemu processes (instances) need to be - restarted. This removes the postsave_cmd and also restart libvirt on cert - file change. diff --git a/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml b/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml deleted file mode 100644 index 0857f6360..000000000 --- a/releasenotes/notes/rabbitmq-user-check-95da891a2e197d89.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - The rabbitmq user check is moved to step >= 2 from step >= 1. There - is no guarantee that rabbitmq is running at step 1, especially if - updating a failed stack that never made it past step 1 to begin - with. diff --git a/releasenotes/notes/rabbitmq_extra_policies-69cbc0a4afeac963.yaml b/releasenotes/notes/rabbitmq_extra_policies-69cbc0a4afeac963.yaml deleted file mode 100644 index a885654d1..000000000 --- a/releasenotes/notes/rabbitmq_extra_policies-69cbc0a4afeac963.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -issues: - - | - Allow a hiera key to add an additional rabbitmq policy in the resource - agend. diff --git a/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml b/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml deleted file mode 100644 index 351db744f..000000000 --- a/releasenotes/notes/rabbitmq_password_change-4fce15c9ebb0e20c.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -issues: - - Invoke rabbitmq_user resource explicity to apply password change during - update, if any. diff --git a/releasenotes/notes/rbd-disk-cache-modes-b6b75fa2e52b8915.yaml b/releasenotes/notes/rbd-disk-cache-modes-b6b75fa2e52b8915.yaml deleted file mode 100644 index 6b8b19ea5..000000000 --- a/releasenotes/notes/rbd-disk-cache-modes-b6b75fa2e52b8915.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - New hiera setting `rbd_disk_cachemodes` allows to override - the disk cache modes for RBD. Defaults to ['network=writeback']. diff --git a/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml b/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml deleted file mode 100644 index c354431f0..000000000 --- a/releasenotes/notes/re-run-ceilo-upgrade-0d9ba69fe4bfe780.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - Re-run gnocchi and ceilometer upgrade in step5. This is required - for gnocchi resource types to be created in ceilometer and gnocchi - to function properly. diff --git a/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml b/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml deleted file mode 100644 index d34c3d936..000000000 --- a/releasenotes/notes/redfish-9203af1f7bf02bc5.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Support for Redfish hardware is enabled by default for overcloud Ironic - via the ``redfish`` hardware type. diff --git a/releasenotes/notes/remove-cephfsnative-0d3d76746ee928ab.yaml b/releasenotes/notes/remove-cephfsnative-0d3d76746ee928ab.yaml deleted file mode 100644 index 4add3c4a0..000000000 --- a/releasenotes/notes/remove-cephfsnative-0d3d76746ee928ab.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -upgrade: - - Use of the class manila::backend::cephfsnative is no longer supported. - manila::backend::cephfs can be used to achieve the same functionality. \ No newline at end of file diff --git a/releasenotes/notes/remove-glance-nfs-mounting-3833e08ecc83c6dc.yaml b/releasenotes/notes/remove-glance-nfs-mounting-3833e08ecc83c6dc.yaml deleted file mode 100644 index 16e0b5f17..000000000 --- a/releasenotes/notes/remove-glance-nfs-mounting-3833e08ecc83c6dc.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -deprecations: - - | - Glance nfs mount would run via ansible in t-h-t, since the common - mount task has been added to host_prep_task for both containerized - & baremetal case, puppet-tripleo glance nfs_mount.pp would no longer - be used. diff --git a/releasenotes/notes/remove-heat-api-cloudwatch-bb2b8d0cdff775e2.yaml b/releasenotes/notes/remove-heat-api-cloudwatch-bb2b8d0cdff775e2.yaml deleted file mode 100644 index 56d22b5af..000000000 --- a/releasenotes/notes/remove-heat-api-cloudwatch-bb2b8d0cdff775e2.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - Remove support for heat-api-cloudwatch service. It's been - removed from heat since Queens release. diff --git a/releasenotes/notes/remove-login_defs-408e25efb875425f.yaml b/releasenotes/notes/remove-login_defs-408e25efb875425f.yaml deleted file mode 100644 index 7f88694fc..000000000 --- a/releasenotes/notes/remove-login_defs-408e25efb875425f.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -upgrade: - - | - Management of login.defs file has been removed because now the file is - managed by ansible. diff --git a/releasenotes/notes/remove-neutron-lbaas-f6337e030a200b64.yaml b/releasenotes/notes/remove-neutron-lbaas-f6337e030a200b64.yaml deleted file mode 100644 index 886eebe7e..000000000 --- a/releasenotes/notes/remove-neutron-lbaas-f6337e030a200b64.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -upgrade: - - | - The Neutron LBaaS project was retired. Upgrading to deployment to Train - release will not upgrade Neutron LBaaS. Learn more about its retirement and - Octavia as its successor at - https://wiki.openstack.org/wiki/Neutron/LBaaS/Deprecation -deprecations: - - | - The Neutron LBaaS project was retired and support for it in TripleO - removed. - diff --git a/releasenotes/notes/remove-ntp-34d5eb69bfc231b0.yaml b/releasenotes/notes/remove-ntp-34d5eb69bfc231b0.yaml deleted file mode 100644 index b1e44933a..000000000 --- a/releasenotes/notes/remove-ntp-34d5eb69bfc231b0.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -upgrade: - - | - Remove ntp profile and puppet-ntp usage. diff --git a/releasenotes/notes/remove-odl-1ca26e0ffcbd13b5.yaml b/releasenotes/notes/remove-odl-1ca26e0ffcbd13b5.yaml deleted file mode 100644 index ed9efee4b..000000000 --- a/releasenotes/notes/remove-odl-1ca26e0ffcbd13b5.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -deprecations: - - | - Support for OpenDaylight has been removed because its templates and - environment files are already removed in tripleo-heat-templates. diff --git a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml b/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml deleted file mode 100644 index d82ff1127..000000000 --- a/releasenotes/notes/remove-old-urls-dea2b7fdcb50dd48.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -upgrade: - - | - Removed the following URL configuration variables from tripleo::ui: - - * keystone_url - * heat_url - * ironic_url - * mistral_url - * swift_url - * zaqar_websocket_url - diff --git a/releasenotes/notes/remove-stack-action-4f0eaef2405d39da.yaml b/releasenotes/notes/remove-stack-action-4f0eaef2405d39da.yaml deleted file mode 100644 index 0ca168231..000000000 --- a/releasenotes/notes/remove-stack-action-4f0eaef2405d39da.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -upgrade: - - | - The unused ``stack_action`` hiera parameter has now been removed. diff --git a/releasenotes/notes/remove-support-for-puppet-ceph-bbe044bd575d1239.yaml b/releasenotes/notes/remove-support-for-puppet-ceph-bbe044bd575d1239.yaml deleted file mode 100644 index 96e4d78da..000000000 --- a/releasenotes/notes/remove-support-for-puppet-ceph-bbe044bd575d1239.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -deprecations: - - | - Deployment of a managed Ceph cluster using puppet-ceph - is not supported from the Pike release. From the Queens - release it is not supported to use puppet-ceph when - configuring OpenStack with an external Ceph cluster. - In Rocky any support file necessary for the deployment - with puppet-ceph is removed completely. diff --git a/releasenotes/notes/remove_bootstrap_nodeid-c5109a575c538bda.yaml b/releasenotes/notes/remove_bootstrap_nodeid-c5109a575c538bda.yaml deleted file mode 100644 index 47ba3254c..000000000 --- a/releasenotes/notes/remove_bootstrap_nodeid-c5109a575c538bda.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -upgrade: - - | - All manifests no longer use the bootstrap_nodeid hiera key, since this - was generated per role and can result in multiple bootstrap nodes when - a service on more than one role. The SERVICE_short_bootstrap_node_name - key is used instead, which is automatically generated in tripleo-heat-templates - based on the service_name key of the service template role_data. diff --git a/releasenotes/notes/remove_puppet_certmonger-843205d2ef88d6e4.yaml b/releasenotes/notes/remove_puppet_certmonger-843205d2ef88d6e4.yaml deleted file mode 100644 index 8b12d42c0..000000000 --- a/releasenotes/notes/remove_puppet_certmonger-843205d2ef88d6e4.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -deprecations: - - | - Remove support for puppet_certmonger. All certificates are now managed by - the linux-system-roles.certificate ansible role configured from each - service's heat template. ::tripleo::certmonger puppet files are removed. diff --git a/releasenotes/notes/replication_probe_interval_ovn_dbs-df22bef3bb12a0f7.yaml b/releasenotes/notes/replication_probe_interval_ovn_dbs-df22bef3bb12a0f7.yaml deleted file mode 100644 index c60312643..000000000 --- a/releasenotes/notes/replication_probe_interval_ovn_dbs-df22bef3bb12a0f7.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add posibilities to configure replication_probe_interval for ovsdb-server. - It configure probe interval for connection for ovsdb-server when it is - in backup mode and connects to the active ovsdb-server for replication diff --git a/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml b/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml deleted file mode 100644 index 1186bb9b3..000000000 --- a/releasenotes/notes/restrict-mongodb-memory-c19d69638b63feb4.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - Add a way for mongodb to limit amount of memory it comsumes - with systemd. A new param memory_limit has been added to - tripleo::profile::base::database::mongodb class with - default limit of 20G. diff --git a/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml b/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml deleted file mode 100644 index 6159415aa..000000000 --- a/releasenotes/notes/rgw-keystone-v3-43ef17dd10f825be.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add support for configuring Ceph RGW to use - keystone V3 service authentication instead - of admin token authentication diff --git a/releasenotes/notes/rsyslog-205c11903ed92bdf.yaml b/releasenotes/notes/rsyslog-205c11903ed92bdf.yaml deleted file mode 100644 index 33c685057..000000000 --- a/releasenotes/notes/rsyslog-205c11903ed92bdf.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Adds profile for rsyslogd composable service which aims to replace fluentd - with the same behaviour. This means that rsyslog will be tailing OpenStack - log files and forwarding it to central log collector (ELK) diff --git a/releasenotes/notes/rsyslog-tls-dfa676eda2ec646f.yaml b/releasenotes/notes/rsyslog-tls-dfa676eda2ec646f.yaml deleted file mode 100644 index 527fd9d11..000000000 --- a/releasenotes/notes/rsyslog-tls-dfa676eda2ec646f.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added TLS support for ELasticsearch output plugin in rsyslog service. diff --git a/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml b/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml deleted file mode 100644 index c744e0f7e..000000000 --- a/releasenotes/notes/sahara_auth_v3-65bd276b39b4e284.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Sahara is now deployed with keystone_authtoken parameters and move - forward with Keystone v3 version. diff --git a/releasenotes/notes/sc-driver-a428e372280c44e6.yaml b/releasenotes/notes/sc-driver-a428e372280c44e6.yaml deleted file mode 100644 index 6fc5bbae5..000000000 --- a/releasenotes/notes/sc-driver-a428e372280c44e6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add Dell EMC SC backend Cinder driver options. - Supports both iSCSI and FC volume drivers and - multiple backends as well. diff --git a/releasenotes/notes/sc_old_driver_deprecation_2368457faab68824.yaml b/releasenotes/notes/sc_old_driver_deprecation_2368457faab68824.yaml deleted file mode 100644 index 950c2768d..000000000 --- a/releasenotes/notes/sc_old_driver_deprecation_2368457faab68824.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - Resource tripleo::profile::base::cinder::volume::dellsc - will be removed in V-Release. diff --git a/releasenotes/notes/scaleio_driver_deprecation_4468457faab68824.yaml b/releasenotes/notes/scaleio_driver_deprecation_4468457faab68824.yaml deleted file mode 100644 index b6817ce88..000000000 --- a/releasenotes/notes/scaleio_driver_deprecation_4468457faab68824.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - Resource tripleo::profile::base::cinder::volume::dellemc_vxflexos - will be removed in W-Release. diff --git a/releasenotes/notes/securetty-6a10eefd601e45ca.yaml b/releasenotes/notes/securetty-6a10eefd601e45ca.yaml deleted file mode 100644 index e5cfcf504..000000000 --- a/releasenotes/notes/securetty-6a10eefd601e45ca.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Allows granular level of control over the `/etc/securetty` file. - By allowing operators to specify the values in securetty, they - can improve security by limiting root console access. diff --git a/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml b/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml deleted file mode 100644 index 05ad7761e..000000000 --- a/releasenotes/notes/security-compliance-1f5cb3b3be9f7657.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - The security compliance manifest was included in the keystone profile. This - enables us to configure the security compliance options through t-h-t. diff --git a/releasenotes/notes/sensubility-scripts-994014edfcc2da88.yaml b/releasenotes/notes/sensubility-scripts-994014edfcc2da88.yaml deleted file mode 100644 index 8f573988b..000000000 --- a/releasenotes/notes/sensubility-scripts-994014edfcc2da88.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Added "scripts" parameters for class tripleo::profile::base::metrics::collectd::sensubility - enabling download of various scripts for usage within sensubility check definitions. - Supported transfer method is HTTP only currently. diff --git a/releasenotes/notes/setup_timeouts_ovn_dbs-630a7ccfda5976a5.yaml b/releasenotes/notes/setup_timeouts_ovn_dbs-630a7ccfda5976a5.yaml deleted file mode 100644 index 6a5d466a3..000000000 --- a/releasenotes/notes/setup_timeouts_ovn_dbs-630a7ccfda5976a5.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Under pressure, the default monitor timeout value of 20 seconds is not - enough to prevent unnecessary failovers of the ovn-dbs pacemaker resource. - While spawning a few VMs in the same time this could lead to unnecessary - movements of master DB, then re-connections of ovn-controllers (slaves are - read-only), further peaks of load on DBs, and at the end it could lead to - snowball effect. Now this value can be configurable by dbs_timeout in - tripleo::profile::pacemaker::ovn_dbs_bundle and by default is set to 60s. \ No newline at end of file diff --git a/releasenotes/notes/snmdd_config-db21f3175967be4a.yaml b/releasenotes/notes/snmdd_config-db21f3175967be4a.yaml deleted file mode 100644 index 4db033ae5..000000000 --- a/releasenotes/notes/snmdd_config-db21f3175967be4a.yaml +++ /dev/null @@ -1,11 +0,0 @@ ---- -features: - - | - Expose a new Puppet parameter to snmp profile, ``snmpd_config`` which - is an array definded to undef by default. - It can be used to override all snmpd configuration for advanced - deployments. - If used, all parameters have to be configured included users and - passwords, which should be the same as given to snmpd_password - and snmpd_user. There is no logic that will verify the content - of ``snmpd_config``. diff --git a/releasenotes/notes/split-up-neutron-lbaas-f0c248220ed872cd.yaml b/releasenotes/notes/split-up-neutron-lbaas-f0c248220ed872cd.yaml deleted file mode 100644 index 3a126475a..000000000 --- a/releasenotes/notes/split-up-neutron-lbaas-f0c248220ed872cd.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -features: - - Split up neutron-lbaas service plugin and agent - -upgrade: - - Class tripleo::profile::base::neutron::lbaas will only configure the - Neutron LBaaS service plugin from now on. Use class - tripleo::profile::base::neutron::agents::lbaas to configure the Neutron - LBaaS agent. diff --git a/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml b/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml deleted file mode 100644 index 5bcb588a8..000000000 --- a/releasenotes/notes/sriov_numvfs-40564db9e1be589b.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Added a provider to configure VFs for SR-IOV interface. - - Added a define for persistence of the VFs configuration. diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml deleted file mode 100644 index 5997289f3..000000000 --- a/releasenotes/notes/sshd-437c531301f458bb.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Added /etc/issue & /etc/issue.net parameters - - Added MOTD banner parameters - - Added external module saz-ssh to allow management of sshd_config diff --git a/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml b/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml deleted file mode 100644 index 02e0d4854..000000000 --- a/releasenotes/notes/start-httpd-step3-and-4-2bd7be9e1429ef6d.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - In order to avoid service restarts, all services deploy their httpd - configuration at the same time. Thus, httpd now starts in step 3 for the - bootstrap nodes, and step 4 for all other nodes. diff --git a/releasenotes/notes/swift-container-ring-mgmt-ecf65b9fbae0d297.yaml b/releasenotes/notes/swift-container-ring-mgmt-ecf65b9fbae0d297.yaml deleted file mode 100644 index dff2bb0bf..000000000 --- a/releasenotes/notes/swift-container-ring-mgmt-ecf65b9fbae0d297.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -fixes: - - | - Fixes the step conditions in the Swift ring building process and - also chains the tarball creation to the rebalance. Adds an option to - disable the recon check before uploading modified rings. These fixes - are required to properly manage rings when used in containerized - environments. diff --git a/releasenotes/notes/swift-create-local-dir-b00292e623d03044.yaml b/releasenotes/notes/swift-create-local-dir-b00292e623d03044.yaml deleted file mode 100644 index b49439f59..000000000 --- a/releasenotes/notes/swift-create-local-dir-b00292e623d03044.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -fixes: - - | - Swift added a requirement to ensure that storage directories exist before - using them. However, when local directories are used in Tripleo (storing - data in /srv/node/d1), these are missing by default and thus Swift won't - store any data. This fix creates this directory if needed. diff --git a/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml b/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml deleted file mode 100644 index 18c8642bf..000000000 --- a/releasenotes/notes/swift-dispersion-profile-09dc69980028e751.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Added a new profile for the setup of the Swift dispersion tool. This will - be executed in step 5 or later to ensure Swift and Keystone are already up - and running. diff --git a/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml b/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml deleted file mode 100644 index 2922f9207..000000000 --- a/releasenotes/notes/swift-proxy-add-audit-middleware-290db6db952d690f.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - | - Adds a new option "audit_enabled" to add the pycadf audit middleware to - the Swift proxy server pipeline. diff --git a/releasenotes/notes/swift-proxy-use-hash-suffix-b04c2ac17a2c8c38.yaml b/releasenotes/notes/swift-proxy-use-hash-suffix-b04c2ac17a2c8c38.yaml deleted file mode 100644 index 1e271d306..000000000 --- a/releasenotes/notes/swift-proxy-use-hash-suffix-b04c2ac17a2c8c38.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -fixes: - - | - Include the Swift base class in the proxy class, to ensure Swift hash - values are properly set in swift.conf when not applying the storage - manifest on the same node. diff --git a/releasenotes/notes/swift-ring-curl-retry-1c329d1808b7f02c.yaml b/releasenotes/notes/swift-ring-curl-retry-1c329d1808b7f02c.yaml deleted file mode 100644 index 9d3e2bc49..000000000 --- a/releasenotes/notes/swift-ring-curl-retry-1c329d1808b7f02c.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -fixes: - - | - Retry Swift ring up-/downloads on failures to improve overall - stability during deployments when there are temporary errors. - Retries are executed in case of HTTP errors (for example due to a - temporary issue between the proxy and backend servers) as well as - connection issue to the proxy itself. diff --git a/releasenotes/notes/tuned-removed-ab68a7109a1e7403.yaml b/releasenotes/notes/tuned-removed-ab68a7109a1e7403.yaml deleted file mode 100644 index 63aed5b70..000000000 --- a/releasenotes/notes/tuned-removed-ab68a7109a1e7403.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - The tuned puppet manifest for `tuned` was removed. The heat template - invoking this manifest has been converted to Ansible. diff --git a/releasenotes/notes/unity_driver_aaa347d073cd11e7.yaml b/releasenotes/notes/unity_driver_aaa347d073cd11e7.yaml deleted file mode 100644 index ccda84892..000000000 --- a/releasenotes/notes/unity_driver_aaa347d073cd11e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC VMAX Manila backend diff --git a/releasenotes/notes/unity_driver_aba347d073cd11e7.yaml b/releasenotes/notes/unity_driver_aba347d073cd11e7.yaml deleted file mode 100644 index 098e4ebed..000000000 --- a/releasenotes/notes/unity_driver_aba347d073cd11e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Added support to IPV6 and SSL parameters for Dell EMC Unity manila backend. diff --git a/releasenotes/notes/unity_driver_afa347d073cd11e7.yaml b/releasenotes/notes/unity_driver_afa347d073cd11e7.yaml deleted file mode 100644 index 09f0fa658..000000000 --- a/releasenotes/notes/unity_driver_afa347d073cd11e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC Unity backend diff --git a/releasenotes/notes/upstream-rabbitmq-server-ha-ocf-resource-agent-0db89eb7c55e64ca.yaml b/releasenotes/notes/upstream-rabbitmq-server-ha-ocf-resource-agent-0db89eb7c55e64ca.yaml deleted file mode 100644 index 8003a3256..000000000 --- a/releasenotes/notes/upstream-rabbitmq-server-ha-ocf-resource-agent-0db89eb7c55e64ca.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Introduces the tripleo::profile::pacemaker::rabbitmq_bundle::use_masterslave_rabbitmqra class - parameter to be able to use the resource agent from the rabbitmq upstream repository (as opposed - to the resource-agent maintained under the clusterlabs umbrella). diff --git a/releasenotes/notes/use-reno-80402e5526a598aa.yaml b/releasenotes/notes/use-reno-80402e5526a598aa.yaml deleted file mode 100644 index 81029627b..000000000 --- a/releasenotes/notes/use-reno-80402e5526a598aa.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -prelude: > - Release notes are generated by Reno. -features: - - Release notes are no longer maintained by hand, we now use the reno tool to - manage them. \ No newline at end of file diff --git a/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml b/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml deleted file mode 100644 index 0f98d44e8..000000000 --- a/releasenotes/notes/veritas-hyperscale-driver-profile-970b5cb72f9fdcba.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - New profile for Veritas HyperScale Cinder backend. diff --git a/releasenotes/notes/vf-lag-sriov-ec194ecd4b447a46.yaml b/releasenotes/notes/vf-lag-sriov-ec194ecd4b447a46.yaml deleted file mode 100644 index 0a314183f..000000000 --- a/releasenotes/notes/vf-lag-sriov-ec194ecd4b447a46.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Allows to configure bond over two virtual functions in mellanox interfaces. diff --git a/releasenotes/notes/vip-bind-nic-11e80207fcb78a20.yaml b/releasenotes/notes/vip-bind-nic-11e80207fcb78a20.yaml deleted file mode 100644 index 431ff55fd..000000000 --- a/releasenotes/notes/vip-bind-nic-11e80207fcb78a20.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - This change introduces two hiera keys that allow an operator to specify - which NIC (or NICs) the VIPs will be bound to. One hiera key has global effect - (tripleo::pacemaker::force_nic) and forces all VIPs to listen to that NIC. - There is also the possibility to override that for specific VIPs with the - force_vip_nic_overrides hiera hash. - This change is only useful for deployments where BGP is used to advertise - IP addresses from the host across multiple L3 networks. diff --git a/releasenotes/notes/virtlogd_config-8bc3aad489caf8a3.yaml b/releasenotes/notes/virtlogd_config-8bc3aad489caf8a3.yaml deleted file mode 100644 index 3f451474f..000000000 --- a/releasenotes/notes/virtlogd_config-8bc3aad489caf8a3.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Add support to change virtlogd config options. - New hieradata tripleo::profile::base::nova::libvirt::virtlogd_config can - be used to override virtlogd config options. diff --git a/releasenotes/notes/vmax_driver_deprecation_1368457faab68824.yaml b/releasenotes/notes/vmax_driver_deprecation_1368457faab68824.yaml deleted file mode 100644 index 1d2b4af8d..000000000 --- a/releasenotes/notes/vmax_driver_deprecation_1368457faab68824.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - Resource tripleo::profile::base::cinder::volume::dellemc_vmax_iscsi - is no longer supported. diff --git a/releasenotes/notes/vnc_tls-7e5f275217117f78.yaml b/releasenotes/notes/vnc_tls-7e5f275217117f78.yaml deleted file mode 100644 index e5ff7686f..000000000 --- a/releasenotes/notes/vnc_tls-7e5f275217117f78.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -features: - - | - Add support for libvirt VNC TLS with option of a dedicated CA - - Configures ca/certs/key for nova-novnc vencrypt. - - A dedicated IPA sub-CA can optionally be used to restrict access. - A custom certmonger helper is used to support this as certmonger currently - has limited support for IPA sub-CAs. diff --git a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml b/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml deleted file mode 100644 index 0c0f8eab0..000000000 --- a/releasenotes/notes/vncserver_listen-4417377cac38464c.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - Configure VNC server to be binded on internal network interface on compute nodes. - This value comes from tripleo-heat-templates and is configured by default to use - an IP address from the internal API network. - We use the ServiceNetMap in tripleo-heat-templates to compute the IP address, and we won't - configure 0.0.0.0 anymore as it used to open the binding to any network, which is unsecure. diff --git a/releasenotes/notes/vnx_driver_aea44d073cd161e7.yaml b/releasenotes/notes/vnx_driver_aea44d073cd161e7.yaml deleted file mode 100644 index 0c222eecf..000000000 --- a/releasenotes/notes/vnx_driver_aea44d073cd161e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC VNX backend diff --git a/releasenotes/notes/vnx_driver_bea44d073cd161e7.yaml b/releasenotes/notes/vnx_driver_bea44d073cd161e7.yaml deleted file mode 100644 index 0bb75e525..000000000 --- a/releasenotes/notes/vnx_driver_bea44d073cd161e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC VNX cinder backend diff --git a/releasenotes/notes/vnx_driver_cea44d073cd161e7.yaml b/releasenotes/notes/vnx_driver_cea44d073cd161e7.yaml deleted file mode 100644 index dd1b85382..000000000 --- a/releasenotes/notes/vnx_driver_cea44d073cd161e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Added support to IPV6 and SSL parameters for Dell EMC VNX manila backend diff --git a/releasenotes/notes/vpp-7368457faab68824.yaml b/releasenotes/notes/vpp-7368457faab68824.yaml deleted file mode 100644 index 94264c5e1..000000000 --- a/releasenotes/notes/vpp-7368457faab68824.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -features: - - | - Add profiles for VPP service. Vector Packet Processing (VPP) is a high - performance packet processing stack that runs in user space in Linux. - VPP is used as an alternative to kernel networking stack for accelerated - network data path. diff --git a/releasenotes/notes/vpp-ml2-9c1321fa30f3b172.yaml b/releasenotes/notes/vpp-ml2-9c1321fa30f3b172.yaml deleted file mode 100644 index 2f8ae146c..000000000 --- a/releasenotes/notes/vpp-ml2-9c1321fa30f3b172.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Adds support for networking-vpp ML2 mechanism driver and agent. diff --git a/releasenotes/notes/vxflexos-driver-aec8e372280c44e6.yaml b/releasenotes/notes/vxflexos-driver-aec8e372280c44e6.yaml deleted file mode 100644 index 71e840ac2..000000000 --- a/releasenotes/notes/vxflexos-driver-aec8e372280c44e6.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Added support for VxFlexOS backend driver diff --git a/releasenotes/notes/vxflexos_driver_deprecation_5568457faab68824.yaml b/releasenotes/notes/vxflexos_driver_deprecation_5568457faab68824.yaml deleted file mode 100644 index cddaf1f84..000000000 --- a/releasenotes/notes/vxflexos_driver_deprecation_5568457faab68824.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -deprecations: - - Resource tripleo::profile::base::cinder::volume::dellemc_vxflexos - will be removed in W-Release. Use the new resource - tripleo::profile::base::cinder::volume::dellemc_powerflex._ diff --git a/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml b/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml deleted file mode 100644 index fc773e4d7..000000000 --- a/releasenotes/notes/wrapper-containers-debug-f141d964548eb2ea.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -features: - - | - Neutron L3/DHCP and OVN metadata agent wrapper classes are given the - ``debug`` and ``container_cli`` parameters. The latter allows 'docker' - (deprecated) and 'podman' for Neutron L3/dhcp and OVN metadata rootwrap - containers managed by agents. When ``debug`` enabled, the wrapper - containers start writing extended outputs to its stdout, which also may be - shown via the ``podman logs`` CLI. -fixes: - - | - Neutron/OVN rootwrap containers are managed by agents and will no longer - be deleted, when the parent container restarts. -deprecations: - - | - Parameter ``bind_sockets`` is deprecated. No sockets are expected to bind - mount for podman. So it only works for the docker runtime. diff --git a/releasenotes/notes/xtremio-add-ports-option-b1e60a97ba56f21e.yaml b/releasenotes/notes/xtremio-add-ports-option-b1e60a97ba56f21e.yaml deleted file mode 100644 index 004cdb58b..000000000 --- a/releasenotes/notes/xtremio-add-ports-option-b1e60a97ba56f21e.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -fixes: - - | - `Bug #1915800 `_: - Add support for ports filtering in XtremIO driver. \ No newline at end of file diff --git a/releasenotes/notes/xtremio-driver-f428e372280c44e6.yaml b/releasenotes/notes/xtremio-driver-f428e372280c44e6.yaml deleted file mode 100644 index 66b9ee0fe..000000000 --- a/releasenotes/notes/xtremio-driver-f428e372280c44e6.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- -features: - - Add Dell EMC XtremIO backend Cinder driver options. - Supports both iSCSI and FC volume drivers and - multiple backends as well diff --git a/releasenotes/notes/xtremio-iscsi-remove-deprecated-da9224d14cef4fde.yaml b/releasenotes/notes/xtremio-iscsi-remove-deprecated-da9224d14cef4fde.yaml deleted file mode 100644 index 8aaf70225..000000000 --- a/releasenotes/notes/xtremio-iscsi-remove-deprecated-da9224d14cef4fde.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -upgrade: - - | - Remove deprecated - tripleo::profile::base::cinder::volume::dellemc_xtremio_iscsi. Use - tripleo::profile::base::cinder::volume::dellemc_xtremio instead. \ No newline at end of file diff --git a/releasenotes/notes/xtremio_driver_cea44d073cd161e7.yaml b/releasenotes/notes/xtremio_driver_cea44d073cd161e7.yaml deleted file mode 100644 index a5759757b..000000000 --- a/releasenotes/notes/xtremio_driver_cea44d073cd161e7.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - | - Add support to configure Dell EMC Xtremio iscsi cinder backend diff --git a/releasenotes/notes/xtremio_old_driver_deprecation_3368457faab68824.yaml b/releasenotes/notes/xtremio_old_driver_deprecation_3368457faab68824.yaml deleted file mode 100644 index 6e7a478f4..000000000 --- a/releasenotes/notes/xtremio_old_driver_deprecation_3368457faab68824.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -deprecations: - - Resource tripleo::profile::base::cinder::volume::dellemc_xtremio_iscsi - will be removed in V-Release. diff --git a/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml b/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml deleted file mode 100644 index cff9d65e6..000000000 --- a/releasenotes/notes/zaqar-httpd-93db7feb60622687.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -features: - - Run the Zaqar WSGI service over httpd. diff --git a/releasenotes/notes/zaqar-redis-5ff1028b66fd47a8.yaml b/releasenotes/notes/zaqar-redis-5ff1028b66fd47a8.yaml deleted file mode 100644 index 62c8f3f4b..000000000 --- a/releasenotes/notes/zaqar-redis-5ff1028b66fd47a8.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -features: - - Allow using Redis as Zaqar messaging backend. - diff --git a/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml b/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml deleted file mode 100644 index d1a463bf3..000000000 --- a/releasenotes/notes/zaqar_undercloud_backends-66c268161cf7840e.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -features: - - | - Support configurable backends Zaqar backends. - Updates the Zaqar profile so that we have support for configuring - alternate versions of the messaging and management backends. diff --git a/releasenotes/source/_static/.placeholder b/releasenotes/source/_static/.placeholder deleted file mode 100644 index e69de29bb..000000000 diff --git a/releasenotes/source/conf.py b/releasenotes/source/conf.py deleted file mode 100644 index af5d81a18..000000000 --- a/releasenotes/source/conf.py +++ /dev/null @@ -1,265 +0,0 @@ -# -*- coding: utf-8 -*- -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ------------------------------------------------ - - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be -# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom -# ones. -extensions = [ - 'openstackdocstheme', - 'reno.sphinxext', -] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -# The master toctree document. -master_doc = 'index' - -# General information about the project. -project = 'puppet-tripleo Release Notes' -copyright = '2017, Puppet TripleO Developers' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -# -# The short X.Y version. -version = '' -# The full version, including alpha/beta/rc tags. -release = '' - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -#today = '' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = [] - -# The reST default role (used for this markup: `text`) to use for all -# documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'native' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - -# If true, keep warnings as "system message" paragraphs in the built documents. -#keep_warnings = False - - -# -- Options for HTML output ---------------------------------------------- - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -html_theme = 'openstackdocs' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -#html_theme_options = {} - -# Add any paths that contain custom themes here, relative to this directory. -# html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -#html_title = None - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -#html_logo = None - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# Add any extra paths that contain custom files (such as robots.txt or -# .htaccess) here, relative to this directory. These files are copied -# directly to the root of the documentation. -#html_extra_path = [] - -# If true, SmartyPants will be used to convert quotes and dashes to -# typographically correct entities. -#html_use_smartypants = True - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -#html_split_index = False - -# If true, links to the reST sources are added to the pages. -#html_show_sourcelink = True - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g. ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'puppet-tripleoReleaseNotesdoc' - - -# -- Options for LaTeX output --------------------------------------------- - -latex_elements = { -# The paper size ('letterpaper' or 'a4paper'). -#'papersize': 'letterpaper', - -# The font size ('10pt', '11pt' or '12pt'). -#'pointsize': '10pt', - -# Additional stuff for the LaTeX preamble. -#'preamble': '', -} - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, -# author, documentclass [howto, manual, or own class]). -latex_documents = [ - ('index', 'puppet-tripleoReleaseNotes.tex', 'puppet-tripleo Release Notes Documentation', - '2017, Puppet TripleO Developers', 'manual'), -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - - -# -- Options for manual page output --------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('index', 'puppet-tripleoreleasenotes', 'puppet-tripleo Release Notes Documentation', - ['2017, Puppet TripleO Developers'], 1) -] - -# If true, show URL addresses after external links. -#man_show_urls = False - - -# -- Options for Texinfo output ------------------------------------------- - -# Grouping the document tree into Texinfo files. List of tuples -# (source start file, target name, title, author, -# dir menu entry, description, category) -texinfo_documents = [ - ('index', 'puppet-tripleoReleaseNotes', 'puppet-tripleo Release Notes Documentation', - '2017, Puppet TripleO Developers', 'puppet-tripleoReleaseNotes', 'Puppet TripleO Project.', - 'Miscellaneous'), -] - -# Documents to append as an appendix to all manuals. -#texinfo_appendices = [] - -# If false, no module index is generated. -#texinfo_domain_indices = True - -# How to display URL addresses: 'footnote', 'no', or 'inline'. -#texinfo_show_urls = 'footnote' - -# If true, do not generate a @detailmenu in the "Top" node's menu. -#texinfo_no_detailmenu = False - -# -- Options for Internationalization output ------------------------------ -locale_dirs = ['locale/'] - -# openstackdocstheme options -openstackdocs_repo_name = 'openstack/puppet-tripleo' -openstackdocs_auto_name = False -openstackdocs_bug_project = 'puppet-tripleo' -openstackdocs_bug_tag = '' diff --git a/releasenotes/source/index.rst b/releasenotes/source/index.rst deleted file mode 100644 index c68cf2801..000000000 --- a/releasenotes/source/index.rst +++ /dev/null @@ -1,17 +0,0 @@ -============================ -puppet-tripleo Release Notes -============================ - -.. toctree:: - :maxdepth: 1 - - unreleased - wallaby - victoria - ussuri - train - stein - rocky - queens - pike - ocata diff --git a/releasenotes/source/ocata.rst b/releasenotes/source/ocata.rst deleted file mode 100644 index 53fb86e38..000000000 --- a/releasenotes/source/ocata.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== - Ocata Series Release Notes -=================================== - -.. release-notes:: - :branch: stable/ocata diff --git a/releasenotes/source/pike.rst b/releasenotes/source/pike.rst deleted file mode 100644 index e43bfc0ce..000000000 --- a/releasenotes/source/pike.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== - Pike Series Release Notes -=================================== - -.. release-notes:: - :branch: stable/pike diff --git a/releasenotes/source/queens.rst b/releasenotes/source/queens.rst deleted file mode 100644 index 36ac6160c..000000000 --- a/releasenotes/source/queens.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== - Queens Series Release Notes -=================================== - -.. release-notes:: - :branch: stable/queens diff --git a/releasenotes/source/rocky.rst b/releasenotes/source/rocky.rst deleted file mode 100644 index 40dd517b7..000000000 --- a/releasenotes/source/rocky.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== - Rocky Series Release Notes -=================================== - -.. release-notes:: - :branch: stable/rocky diff --git a/releasenotes/source/stein.rst b/releasenotes/source/stein.rst deleted file mode 100644 index efaceb667..000000000 --- a/releasenotes/source/stein.rst +++ /dev/null @@ -1,6 +0,0 @@ -=================================== - Stein Series Release Notes -=================================== - -.. release-notes:: - :branch: stable/stein diff --git a/releasenotes/source/train.rst b/releasenotes/source/train.rst deleted file mode 100644 index 583900393..000000000 --- a/releasenotes/source/train.rst +++ /dev/null @@ -1,6 +0,0 @@ -========================== -Train Series Release Notes -========================== - -.. release-notes:: - :branch: stable/train diff --git a/releasenotes/source/unreleased.rst b/releasenotes/source/unreleased.rst deleted file mode 100644 index 3bf0e9c95..000000000 --- a/releasenotes/source/unreleased.rst +++ /dev/null @@ -1,5 +0,0 @@ -============================== - Current Series Release Notes -============================== - - .. release-notes:: \ No newline at end of file diff --git a/releasenotes/source/ussuri.rst b/releasenotes/source/ussuri.rst deleted file mode 100644 index e21e50e0c..000000000 --- a/releasenotes/source/ussuri.rst +++ /dev/null @@ -1,6 +0,0 @@ -=========================== -Ussuri Series Release Notes -=========================== - -.. release-notes:: - :branch: stable/ussuri diff --git a/releasenotes/source/victoria.rst b/releasenotes/source/victoria.rst deleted file mode 100644 index 4efc7b6f3..000000000 --- a/releasenotes/source/victoria.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================= -Victoria Series Release Notes -============================= - -.. release-notes:: - :branch: stable/victoria diff --git a/releasenotes/source/wallaby.rst b/releasenotes/source/wallaby.rst deleted file mode 100644 index d77b56599..000000000 --- a/releasenotes/source/wallaby.rst +++ /dev/null @@ -1,6 +0,0 @@ -============================ -Wallaby Series Release Notes -============================ - -.. release-notes:: - :branch: stable/wallaby diff --git a/setup.cfg b/setup.cfg deleted file mode 100644 index d756ed948..000000000 --- a/setup.cfg +++ /dev/null @@ -1,15 +0,0 @@ -[metadata] -name = puppet-tripleo -summary = Puppet module for OpenStack TripleO -description_file = - README.md -long_description_content_type = text/markdown -author = OpenStack -author_email = openstack-discuss@lists.openstack.org -home_page = http://www.openstack.org/ -license = Apache License (2.0) -classifier = - Intended Audience :: Developers - Intended Audience :: System Administrators - License :: OSI Approved :: Apache Software License - Operating System :: POSIX :: Linux diff --git a/setup.py b/setup.py deleted file mode 100755 index 0a159f51d..000000000 --- a/setup.py +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env python -# Copyright (c) 2013 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or -# implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT -import setuptools - -setuptools.setup( - setup_requires=['pbr'], - py_modules=[], - pbr=True) \ No newline at end of file diff --git a/spec/classes/tripleo_config_spec.rb b/spec/classes/tripleo_config_spec.rb deleted file mode 100644 index cd2942a52..000000000 --- a/spec/classes/tripleo_config_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::config' do - - let :params do - { } - end - - shared_examples_for 'tripleo::config' do - context 'with glance_api service' do - before :each do - params.merge!( - :configs => { 'glance_api_config' => { 'DEFAULT' => { 'foo' => 'bar', 'foo2' => 'bar2' } } }, - ) - end - it 'configures arbitrary glance-api configurations' do - is_expected.to contain_glance_api_config('DEFAULT/foo').with_value('bar') - is_expected.to contain_glance_api_config('DEFAULT/foo2').with_value('bar2') - end - end - - context 'with glance_api service and provider filter' do - before :each do - params.merge!( - :configs => { 'glance_api_config' => { 'DEFAULT' => { 'foo' => 'bar' } }, 'nova_config' => { 'DEFAULT' => { 'foo' => 'bar' } } }, - :providers => ['glance_api_config'], - ) - end - it 'configures arbitrary glance-api configurations without nova_config' do - is_expected.to contain_glance_api_config('DEFAULT/foo').with_value('bar') - is_expected.to_not contain_nova_config('DEFAULT/foo').with_value('bar') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::config' - end - end -end diff --git a/spec/classes/tripleo_haproxy_spec.rb b/spec/classes/tripleo_haproxy_spec.rb deleted file mode 100644 index 633b161f6..000000000 --- a/spec/classes/tripleo_haproxy_spec.rb +++ /dev/null @@ -1,218 +0,0 @@ -# Copyright 2016 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::haproxy' do - - shared_examples_for 'tripleo::haproxy' do - let :params do { - :controller_virtual_ip => '10.1.0.1', - :public_virtual_ip => '192.168.0.1', - :mysql_max_conn => 100 - } - end - - describe "default settings" do - it 'should configure haproxy' do - is_expected.to contain_haproxy__listen('mysql').with( - :options => { - 'timeout client' => "90m", - 'timeout server' => "90m", - 'maxconn' => 100 - } - ) - end - end - - describe "set clustercheck" do - before :each do - params.merge!({ - :mysql_clustercheck => true, - }) - end - - it 'should configure haproxy with clustercheck' do - is_expected.to contain_haproxy__listen('mysql').with( - :options => { - 'option' => ["tcpka", "httpchk", "tcplog"], - 'timeout client' => "90m", - 'timeout server' => "90m", - 'stick-table' => "type ip size 1000", - 'stick' => "on dst", - 'maxconn' => 100 - } - ) - end - end - - describe "override maxconn with clustercheck" do - before :each do - params.merge!({ - :mysql_clustercheck => true, - :mysql_max_conn => 6500, - }) - end - - it 'should configure haproxy' do - is_expected.to contain_haproxy__listen('mysql').with( - :options => { - 'option' => ["tcpka", "httpchk", "tcplog"], - 'timeout client' => "90m", - 'timeout server' => "90m", - 'stick-table' => "type ip size 1000", - 'stick' => "on dst", - 'maxconn' => 6500 - } - ) - end - end - - describe "horizon" do - before :each do - params.merge!({ - :horizon => true, - }) - end - - it 'should configure haproxy horizon endpoint' do - is_expected.to contain_class('tripleo::haproxy::horizon_endpoint') - is_expected.to contain_haproxy__balancermember('horizon_127.0.0.1_controller-1').with( - :options => ['check', 'inter 2000', 'rise 2', 'fall 5', 'cookie controller-1'], - ) - end - end - - describe "override maxconn without clustercheck" do - before :each do - params.merge!({ - :mysql_max_conn => 6500, - }) - end - - it 'should configure haproxy' do - is_expected.to contain_haproxy__listen('mysql').with( - :options => { - 'timeout client' => "90m", - 'timeout server' => "90m", - 'maxconn' => 6500 - } - ) - end - end - - describe "default Defaults for haproxy" do - it 'should NOT activate httplog' do - is_expected.to contain_class('haproxy').with( - :defaults_options => { - "mode"=>"tcp", - "log"=>"global", - "retries"=>"3", - "timeout"=> [ - "http-request 10s", - "queue 2m", - "connect 10s", - "client 2m", - "server 2m", - "check 30s", - ], - "maxconn"=>4096, - } - ) - end - end - - describe "set log facility" do - before :each do - params.merge!({ - :haproxy_log_facility => 'local7', - }) - end - it 'should set log facility' do - is_expected.to contain_class('haproxy').with( - :global_options => { - 'log' => '/dev/log local7', - 'pidfile' => '/var/run/haproxy.pid', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'maxconn' => 20480, - 'ssl-default-bind-ciphers' => "!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES", - 'ssl-default-bind-options' => "no-sslv3 no-tlsv10", - 'stats' => [ - 'socket /var/lib/haproxy/stats mode 600 level user', - 'timeout 2m' - ], - 'daemon' => '', - } - ) - end - end - - describe "APIs with long running actions to use leastconn" do - before :each do - params.merge!({ - :neutron => true, - :cinder => true, - :swift_proxy_server => true, - :heat_api => true, - :heat_cfn => true, - :ironic_inspector => true, - :ceph_rgw => true, - }) - end - - %w(neutron cinder swift_proxy_server heat_cfn ironic-inspector ceph_rgw).each do |api| - it 'should configure haproxy ' + api + ' endpoint' do - is_expected.to contain_haproxy__listen(api) - p = catalogue.resource('tripleo::haproxy::endpoint', api).send(:parameters) - expect(p).to include(listen_options: a_hash_including('balance' => 'leastconn')) - end - end - end - - describe "source-based sticky sessions" do - before :each do - params.merge!({ - :etcd => true, - :ceph_grafana => true, - :ceph_dashboard => true, - :nova_novncproxy => true, - :nova_metadata => true, - }) - end - - %w(etcd ceph_grafana ceph_dashboard nova_novncproxy nova_metadata).each do |svc| - it 'should configure haproxy ' + svc + ' endpoint' do - is_expected.to contain_haproxy__listen(svc) - p = catalogue.resource('tripleo::haproxy::endpoint', svc).send(:parameters) - expect(p).to include(listen_options: a_hash_including( - 'balance' => 'source')) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::haproxy' - end - end - -end diff --git a/spec/classes/tripleo_haproxy_stats_spec.rb b/spec/classes/tripleo_haproxy_stats_spec.rb deleted file mode 100644 index 5e5d18f5d..000000000 --- a/spec/classes/tripleo_haproxy_stats_spec.rb +++ /dev/null @@ -1,104 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::haproxy::stats' do - - shared_examples_for 'tripleo::haproxy::stats' do - let :pre_condition do - "Haproxy::Listen { - config_file => '/etc/haproxy.cfg' - }" - end - - context 'with only required parameters' do - let(:params) do - { - :ip => '127.0.0.1', - :haproxy_listen_bind_param => ['transparent'], - } - end - it 'should configure basic stats frontend' do - is_expected.to contain_haproxy__listen('haproxy.stats').with( - :bind => { - "127.0.0.1:1993" => ['transparent'] - }, - :mode => 'http', - :options => { - 'stats' => ['enable', 'uri /'] - }, - :collect_exported => false - ) - end - end - - context 'with auth parameters' do - let(:params) do - { - :ip => '127.0.0.1', - :haproxy_listen_bind_param => ['transparent'], - :user => 'myuser', - :password => 'superdupersecret', - } - end - it 'should configure stats frontend with auth enabled' do - is_expected.to contain_haproxy__listen('haproxy.stats').with( - :bind => { - "127.0.0.1:1993" => ['transparent'] - }, - :mode => 'http', - :options => { - 'stats' => ['enable', 'uri /', 'auth myuser:superdupersecret'] - }, - :collect_exported => false - ) - end - end - - context 'with certificate parameter' do - let(:params) do - { - :ip => '127.0.0.1', - :haproxy_listen_bind_param => ['transparent'], - :certificate => '/path/to/cert', - } - end - it 'should configure stats frontend with TLS enabled' do - is_expected.to contain_haproxy__listen('haproxy.stats').with( - :bind => { - "127.0.0.1:1993" => ['transparent', 'ssl', 'crt', '/path/to/cert'] - }, - :mode => 'http', - :options => { - 'stats' => ['enable', 'uri /'] - }, - :collect_exported => false - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::haproxy::stats' - end - end -end diff --git a/spec/classes/tripleo_init_spec.rb b/spec/classes/tripleo_init_spec.rb deleted file mode 100644 index 57b45e2a4..000000000 --- a/spec/classes/tripleo_init_spec.rb +++ /dev/null @@ -1,23 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for tripleo -# - -require 'spec_helper' - -describe 'tripleo' do - -end diff --git a/spec/classes/tripleo_profile_base_aodh_api_spec.rb b/spec/classes/tripleo_profile_base_aodh_api_spec.rb deleted file mode 100644 index a3cdbbd41..000000000 --- a/spec/classes/tripleo_profile_base_aodh_api_spec.rb +++ /dev/null @@ -1,121 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh::api' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - shared_examples_for 'tripleo::profile::base::aodh::api' do - let(:pre_condition) do - "class { 'tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" - end - - context 'with step less than 3' do - let(:params) { { :step => 2 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aodh::api') - is_expected.to contain_class('tripleo::profile::base::aodh') - is_expected.to_not contain_class('aodh::api') - is_expected.to_not contain_class('aodh::healthcheck') - is_expected.to_not contain_class('aodh::wsgi::apache') - is_expected.to_not contain_class('aodh::expirer') - end - end - - context 'with step 3 and not bootstrap' do - let(:params) { { - :step => 3, - } } - - it 'should trigger complete configuration' do - is_expected.to_not contain_class('aodh::api') - is_expected.to_not contain_class('aodh::healthcheck') - is_expected.to_not contain_class('aodh::wsgi::apache') - is_expected.to_not contain_class('aodh::expirer') - end - end - - context 'with step 3 and bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::api') - is_expected.to contain_class('aodh::healthcheck') - is_expected.to contain_class('aodh::wsgi::apache') - is_expected.to_not contain_class('aodh::expirer') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::api') - is_expected.to contain_class('aodh::healthcheck') - is_expected.to contain_class('aodh::wsgi::apache') - is_expected.to_not contain_class('aodh::expirer') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::api') - is_expected.to contain_class('aodh::healthcheck') - is_expected.to contain_class('aodh::wsgi::apache') - is_expected.to contain_class('aodh::expirer') - end - end - - context 'with step 5 without expirer' do - let(:params) { { - :step => 5, - :enable_aodh_expirer => false - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::api') - is_expected.to contain_class('aodh::healthcheck') - is_expected.to contain_class('aodh::wsgi::apache') - is_expected.to_not contain_class('aodh::expirer') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_aodh_authtoken_spec.rb b/spec/classes/tripleo_profile_base_aodh_authtoken_spec.rb deleted file mode 100644 index 0f563ec98..000000000 --- a/spec/classes/tripleo_profile_base_aodh_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh::authtoken' do - shared_examples_for 'tripleo::profile::base::aodh::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::aodh::authtoken') - is_expected.to_not contain_class('aodh::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::aodh::authtoken') - is_expected.to contain_class('aodh::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::aodh::authtoken') - is_expected.to contain_class('aodh::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::aodh::authtoken') - is_expected.to contain_class('aodh::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb b/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb deleted file mode 100644 index d53e8d03e..000000000 --- a/spec/classes/tripleo_profile_base_aodh_evaluator_spec.rb +++ /dev/null @@ -1,71 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh::evaluator' do - shared_examples_for 'tripleo::profile::base::aodh::evaluator' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::aodh': - step => #{params[:step]}, - oslomsg_rpc_hosts => ['localhost.localdomain'] - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 3, - :aodh_redis_password => 'password', - :redis_vip => '127.0.0.1', - } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aodh::evaluator') - is_expected.to contain_class('tripleo::profile::base::aodh') - is_expected.to_not contain_class('aodh::coordination') - is_expected.to_not contain_class('aodh::evaluator') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :aodh_redis_password => 'password', - :redis_vip => '127.0.0.1', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::coordination').with( - :backend_url => 'redis://:password@127.0.0.1:6379/' - ) - is_expected.to contain_class('aodh::evaluator') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh::evaluator' - end - end -end diff --git a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb b/spec/classes/tripleo_profile_base_aodh_listener_spec.rb deleted file mode 100644 index 917757417..000000000 --- a/spec/classes/tripleo_profile_base_aodh_listener_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh::listener' do - shared_examples_for 'tripleo::profile::base::aodh::listener' do - let(:pre_condition) do - "class { 'tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aodh::listener') - is_expected.to contain_class('tripleo::profile::base::aodh') - is_expected.to_not contain_class('aodh::listener') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::listener') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh::listener' - end - end -end diff --git a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb b/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb deleted file mode 100644 index ef3352186..000000000 --- a/spec/classes/tripleo_profile_base_aodh_notifier_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh::notifier' do - shared_examples_for 'tripleo::profile::base::aodh::notifier' do - let(:pre_condition) do - "class { 'tripleo::profile::base::aodh': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aodh::notifier') - is_expected.to contain_class('tripleo::profile::base::aodh') - is_expected.to_not contain_class('aodh::notifier') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh::notifier') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh::notifier' - end - end -end diff --git a/spec/classes/tripleo_profile_base_aodh_spec.rb b/spec/classes/tripleo_profile_base_aodh_spec.rb deleted file mode 100644 index fbfc3ab98..000000000 --- a/spec/classes/tripleo_profile_base_aodh_spec.rb +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::aodh' do - shared_examples_for 'tripleo::profile::base::aodh' do - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::aodh') - is_expected.to_not contain_class('aodh') - is_expected.to_not contain_class('aodh::service_credentials') - is_expected.to_not contain_class('aodh::config') - is_expected.to_not contain_class('aodh::db') - is_expected.to_not contain_class('aodh::db::sync') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '127.0.0.1' ], - :oslomsg_rpc_username => 'aodh', - :oslomsg_rpc_password => 'foo', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('aodh').with( - :default_transport_url => 'rabbit://aodh:foo@127.0.0.1:5672/?ssl=0' - ) - is_expected.to contain_class('aodh::service_credentials') - is_expected.to contain_class('aodh::config') - is_expected.to contain_class('aodh::db') - is_expected.to contain_class('aodh::db::sync') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'soemthingelse.example.com' - } } - - it 'should not trigger any configuration' do - is_expected.to_not contain_class('aodh') - is_expected.to_not contain_class('aodh::service_credentials') - is_expected.to_not contain_class('aodh::config') - is_expected.to_not contain_class('aodh::db') - is_expected.to_not contain_class('aodh::db::sync') - end - end - - context 'with step 4 on other node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'somethingelse.example.com', - :oslomsg_rpc_hosts => [ '127.0.0.1' ], - :oslomsg_rpc_username => 'aodh', - :oslomsg_rpc_password => 'foo', - } } - - it 'should trigger aodh configuration without mysql grant' do - is_expected.to contain_class('aodh').with( - :default_transport_url => 'rabbit://aodh:foo@127.0.0.1:5672/?ssl=0' - ) - is_expected.to contain_class('aodh::service_credentials') - is_expected.to contain_class('aodh::config') - is_expected.to contain_class('aodh::db') - is_expected.to contain_class('aodh::db::sync') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::aodh' - end - end -end diff --git a/spec/classes/tripleo_profile_base_apache_spec.rb b/spec/classes/tripleo_profile_base_apache_spec.rb deleted file mode 100644 index c23e6e63f..000000000 --- a/spec/classes/tripleo_profile_base_apache_spec.rb +++ /dev/null @@ -1,82 +0,0 @@ -# -# Copyright (C) 2017 Camptocamp SA. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::apache' do - shared_examples_for 'tripleo::profile::base::apache' do - - context 'with default params' do - it 'should trigger complete configuration' do - is_expected.to contain_class('apache::mod::prefork') - is_expected.to contain_class('apache::mod::status') - is_expected.to contain_class('apache::mod::ssl') - is_expected.to_not contain_apache__listen('127.0.0.1:80') - end - end - - context 'Activate listener' do - let(:params) { { - :enable_status_listener => true, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('apache::mod::status') - is_expected.to contain_class('apache::mod::ssl') - is_expected.to contain_apache__listen('127.0.0.1:80') - end - end - - context 'Change listener' do - let(:params) {{ - :enable_status_listener => true, - :status_listener => '10.10.0.10:80', - }} - it 'should trigger complete configuration' do - is_expected.to contain_class('apache::mod::status') - is_expected.to contain_class('apache::mod::ssl') - is_expected.to contain_apache__listen('10.10.0.10:80') - end - end - - context 'Change MPM module' do - let(:params) {{ - :mpm_module => 'event', - }} - it 'should trigger complete configuration' do - is_expected.to contain_class('apache::mod::event') - end - end - - context 'Provide wrong value for ensure_status_listener' do - let(:params) {{ - :enable_status_listener => 'fooo', - }} - it { is_expected.to compile.and_raise_error(/expects a Boolean value/) } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::apache' - end - end -end diff --git a/spec/classes/tripleo_profile_base_barbican_api_spec.rb b/spec/classes/tripleo_profile_base_barbican_api_spec.rb deleted file mode 100644 index 2a29135a7..000000000 --- a/spec/classes/tripleo_profile_base_barbican_api_spec.rb +++ /dev/null @@ -1,112 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::barbican::api' do - shared_examples_for 'tripleo::profile::base::barbican::api' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - "class { 'tripleo::profile::base::barbican': step => #{params[:step]} }" - end - - context 'with step less than 3' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::barbican::api') - is_expected.to contain_class('tripleo::profile::base::barbican') - is_expected.to_not contain_class('barbican::api') - is_expected.to_not contain_class('barbican::api::logging') - is_expected.to_not contain_class('barbican::healthcheck') - is_expected.to_not contain_class('barbican::keystone::notification') - is_expected.to_not contain_class('barbican::quota') - is_expected.to_not contain_class('barbican::wsgi::apache') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::barbican::api') - is_expected.to contain_class('tripleo::profile::base::barbican') - is_expected.to contain_class('barbican::db::sync') - is_expected.to contain_class('barbican::api') - is_expected.to contain_class('barbican::api::logging') - is_expected.to contain_class('barbican::healthcheck') - is_expected.to contain_class('barbican::keystone::notification') - is_expected.to contain_class('barbican::quota') - is_expected.to contain_class('barbican::wsgi::apache') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it 'should not trigger any configuration' do - is_expected.to contain_class('tripleo::profile::base::barbican::api') - is_expected.to contain_class('tripleo::profile::base::barbican') - is_expected.to_not contain_class('barbican::db::sync') - is_expected.to_not contain_class('barbican::api') - is_expected.to_not contain_class('barbican::api::logging') - is_expected.to_not contain_class('barbican::healthcheck') - is_expected.to_not contain_class('barbican::keystone::notification') - is_expected.to_not contain_class('barbican::quota') - is_expected.to_not contain_class('barbican::wsgi::apache') - end - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it 'should trigger complete configuration with out db items' do - # TODO(aschultz): barbican::api includes this automatically - #is_expected.to_not contain_class('barbican::db::sync') - is_expected.to contain_class('barbican::api') - is_expected.to contain_class('barbican::api::logging') - is_expected.to contain_class('barbican::healthcheck') - is_expected.to contain_class('barbican::keystone::notification') - is_expected.to contain_class('barbican::quota') - is_expected.to contain_class('barbican::wsgi::apache') - end - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::barbican::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_barbican_authtoken_spec.rb b/spec/classes/tripleo_profile_base_barbican_authtoken_spec.rb deleted file mode 100644 index ab5dbff2f..000000000 --- a/spec/classes/tripleo_profile_base_barbican_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::barbican::authtoken' do - shared_examples_for 'tripleo::profile::base::barbican::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::barbican::authtoken') - is_expected.to_not contain_class('barbican::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::barbican::authtoken') - is_expected.to contain_class('barbican::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::barbican::authtoken') - is_expected.to contain_class('barbican::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::barbican::authtoken') - is_expected.to contain_class('barbican::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::barbican::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_barbican_backends_spec.rb b/spec/classes/tripleo_profile_base_barbican_backends_spec.rb deleted file mode 100644 index 952269f2b..000000000 --- a/spec/classes/tripleo_profile_base_barbican_backends_spec.rb +++ /dev/null @@ -1,95 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::barbican::backends' do - shared_examples_for 'tripleo::profile::base::barbican::backends' do - context 'with simple_crypto plugin only enabled' do - let(:params) { { :simple_crypto_backend_enabled => true } } - it 'should configure simple_crypto' do - is_expected.to contain_class('barbican::plugins::simple_crypto') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto') - end - end - - context 'with dogtag plugin only enabled' do - let(:params) { { :dogtag_backend_enabled => true } } - it 'should configure dogtag backend' do - is_expected.to contain_class('barbican::plugins::dogtag') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('dogtag') - end - end - - context 'with p11_crypto plugin only enabled' do - let(:params) { { :p11_crypto_backend_enabled => true } } - it 'should configure p11_crypto' do - is_expected.to contain_class('barbican::plugins::p11_crypto') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('pkcs11') - end - end - - context 'with kmip plugin only enabled' do - let(:params) { { :kmip_backend_enabled => true } } - it 'should configure kmip' do - is_expected.to contain_class('barbican::plugins::kmip') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('kmip') - end - end - - context 'with simple_crypto and dogtag enabled' do - let(:params) { { - :simple_crypto_backend_enabled => true, - :dogtag_backend_enabled => true, - } } - it 'should configure simple_crypto and dogtag' do - is_expected.to contain_class('barbican::plugins::simple_crypto') - is_expected.to contain_class('barbican::plugins::dogtag') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,dogtag') - end - end - - context 'with simple_crypto plugin and p11_crypto enabled' do - let(:params) { { - :simple_crypto_backend_enabled => true, - :p11_crypto_backend_enabled => true, - } } - it 'should configure simple_crypto and p11_crypto' do - is_expected.to contain_class('barbican::plugins::simple_crypto') - is_expected.to contain_class('barbican::plugins::p11_crypto') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be('simple_crypto,pkcs11') - end - end - - context 'with all plugins enabled' do - let(:params) { { - :simple_crypto_backend_enabled => true, - :p11_crypto_backend_enabled => true, - :dogtag_backend_enabled => true, - :kmip_backend_enabled => true, - } } - it 'should configure all plugins' do - is_expected.to contain_class('barbican::plugins::simple_crypto') - is_expected.to contain_class('barbican::plugins::p11_crypto') - is_expected.to contain_class('barbican::plugins::dogtag') - is_expected.to contain_class('barbican::plugins::kmip') - expect('tripleo::profile::base::barbican::backends::enabled_secret_stores').to be( - 'simple_crypto,dogtag,pkcs11,kmip') - end - end - - end -end diff --git a/spec/classes/tripleo_profile_base_barbican_spec.rb b/spec/classes/tripleo_profile_base_barbican_spec.rb deleted file mode 100644 index b2a159cfb..000000000 --- a/spec/classes/tripleo_profile_base_barbican_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::barbican' do - shared_examples_for 'tripleo::profile::base::barbican' do - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::barbican') - is_expected.to_not contain_class('barbican') - is_expected.to_not contain_class('barbican::config') - is_expected.to_not contain_class('barbican::db') - end - end - - context 'with step 3' do - let(:params) { { - :step => 3, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('barbican').with( - :rabbit_hosts => params[:rabbit_hosts] - ) - is_expected.to contain_class('barbican') - is_expected.to contain_class('barbican::config') - is_expected.to contain_class('barbican::db') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::barbican' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ceilometer_agent_notification_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_agent_notification_spec.rb deleted file mode 100644 index b62c0f276..000000000 --- a/spec/classes/tripleo_profile_base_ceilometer_agent_notification_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ceilometer::agent::notification' do - shared_examples_for 'tripleo::profile::base::ceilometer::agent::notification' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) do - { :step => 3 } - end - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::ceilometer::agent::notification') - is_expected.to_not contain_class('ceilometer::agent::service_credentials') - is_expected.to_not contain_class('ceilometer::agent::notification') - end - end - - context 'with step 4 and notifier configured' do - let(:params) do - { :step => 4, - :notifier_enabled => false, - :notifier_events_enabled => true, - :notifier_host_addr => '127.0.0.1', - :notifier_host_port => '5666' } - end - - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::ceilometer::agent::notification') - is_expected.to contain_class('ceilometer::agent::service_credentials') - is_expected.to contain_class('ceilometer::agent::notification').with( - :event_pipeline_publishers => ["notifier://127.0.0.1:5666/?driver=amqp&topic=ceilometer/event.sample"], - :pipeline_publishers => [] - ) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ceilometer::agent::notification' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb deleted file mode 100644 index 4c0fbbab3..000000000 --- a/spec/classes/tripleo_profile_base_ceilometer_agent_polling_spec.rb +++ /dev/null @@ -1,72 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ceilometer::agent::polling' do - shared_examples_for 'tripleo::profile::base::ceilometer::agent::polling' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - "class { 'tripleo::profile::base::ceilometer': step => #{params[:step]}, oslomsg_rpc_hosts => ['localhost.localdomain'] }" - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::ceilometer::agent::polling') - is_expected.to_not contain_class('ceilometer::agent::service_credentials') - is_expected.to_not contain_class('ceilometer::coordination') - is_expected.to_not contain_class('ceilometer::agent::polling') - end - end - - context 'with step 4 on polling agent' do - let(:params) { { - :step => 4, - :ceilometer_redis_password => 'password', - :redis_vip => '127.0.0.1', - :central_namespace => true - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('ceilometer::agent::service_credentials') - is_expected.to contain_class('ceilometer::coordination').with( - :backend_url => 'redis://:password@127.0.0.1:6379/', - ) - is_expected.to contain_class('ceilometer::agent::polling').with( - :central_namespace => true, - :compute_namespace => false, - :ipmi_namespace => false, - ) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ceilometer::agent::polling' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ceilometer_spec.rb b/spec/classes/tripleo_profile_base_ceilometer_spec.rb deleted file mode 100644 index dc57e0b5d..000000000 --- a/spec/classes/tripleo_profile_base_ceilometer_spec.rb +++ /dev/null @@ -1,117 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ceilometer' do - shared_examples_for 'tripleo::profile::base::ceilometer' do - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::ceilometer') - is_expected.to_not contain_class('ceilometer') - is_expected.to_not contain_class('ceilometer::cache') - is_expected.to_not contain_class('ceilometer::config') - end - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :oslomsg_rpc_hosts => [ '127.0.0.1' ], - :oslomsg_rpc_username => 'ceilometer', - :oslomsg_rpc_password => 'foo', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('ceilometer').with( - :default_transport_url => 'rabbit://ceilometer:foo@127.0.0.1:5672/?ssl=0' - ) - is_expected.to contain_class('ceilometer::cache').with( - :memcache_servers => ['controller-1:11211'] - ) - is_expected.to contain_class('ceilometer::config') - end - end - - context 'with step 3 and memcache ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('ceilometer::cache').with( - :memcache_servers => ['[::1]:11211'] - ) - end - end - - context 'with step 3 and memcache ipv6 and memcached backend' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('ceilometer::cache').with( - :memcache_servers => ['inet6:[::1]:11211'] - ) - end - end - - context 'with step 3 and the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('ceilometer::cache').with( - :memcache_servers => ['node.example.com:11211'] - ) - end - end - - context 'with step 3 and the ipv6 parameter and memcached backend' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('ceilometer::cache').with( - :memcache_servers => ['inet6:[node.example.com]:11211'] - ) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ceilometer' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_api_spec.rb b/spec/classes/tripleo_profile_base_cinder_api_spec.rb deleted file mode 100644 index 254cab49c..000000000 --- a/spec/classes/tripleo_profile_base_cinder_api_spec.rb +++ /dev/null @@ -1,122 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::api' do - shared_examples_for 'tripleo::profile::base::cinder::api' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - "class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }" - end - - context 'with step less than 3' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::api') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to_not contain_class('cinder::api') - is_expected.to_not contain_class('cinder::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::cinder::api') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::api').with( - :sync_db => true, - ) - is_expected.to contain_class('cinder::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it 'should not trigger any configuration' do - is_expected.to contain_class('tripleo::profile::base::cinder::api') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to_not contain_class('cinder::api') - is_expected.to_not contain_class('cinder::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - end - end - - context 'with step 4 on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::cinder::api') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::api').with( - :sync_db => true, - ) - is_expected.to contain_class('cinder::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - end - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it 'should trigger complete configuration but with no db sync' do - is_expected.to contain_class('tripleo::profile::base::cinder::api') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::api').with( - :sync_db => false, - ) - is_expected.to contain_class('cinder::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_authtoken_spec.rb b/spec/classes/tripleo_profile_base_cinder_authtoken_spec.rb deleted file mode 100644 index 04205de67..000000000 --- a/spec/classes/tripleo_profile_base_cinder_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::authtoken' do - shared_examples_for 'tripleo::profile::base::cinder::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to_not contain_class('cinder::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::cinder::authtoken') - is_expected.to contain_class('cinder::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb deleted file mode 100644 index 2900d30a6..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_ceph_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::backup::ceph' do - shared_examples_for 'tripleo::profile::base::cinder::backup::ceph' do - let(:pre_condition) do - <<-EOF - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - class { 'tripleo::profile::base::cinder::backup': step => #{params[:step]} } - EOF - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup::ceph') - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to_not contain_class('cinder::backup::ceph') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::backup::ceph') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup::ceph' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_gcs_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_gcs_spec.rb deleted file mode 100644 index 2bd8c81c7..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_gcs_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -# The JSON expected results for params[:credentials] -gcs_json_credentials = < { 'opt_1' => 'val_1', 'opt_2' => 'val_2', }, - :credential_file => 'my-gcs-backup.json', - } - end - - shared_examples_for 'tripleo::profile::base::cinder::backup::gcs' do - let(:pre_condition) do - <<-EOF - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - class { 'tripleo::profile::base::cinder::backup': step => #{params[:step]} } - EOF - end - - context 'with step less than 4' do - before do - params.merge!({ :step => 3 }) - end - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup::gcs') - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to_not contain_class('cinder::backup::google') - end - end - - context 'with step 4' do - before do - params.merge!({ :step => 4 }) - end - - it 'should trigger complete configuration' do - is_expected.to contain_file("#{params[:credential_file]}").with( - :content => gcs_json_credentials, - :owner => 'root', - :group => 'cinder', - :mode => '0640', - ) - is_expected.to contain_class('cinder::backup::google').with( - :backup_gcs_credential_file => "#{params[:credential_file]}", - ) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup::gcs' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_nfs_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_nfs_spec.rb deleted file mode 100644 index 00d58311d..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_nfs_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::backup::nfs' do - shared_examples_for 'tripleo::profile::base::cinder::backup::nfs' do - let(:pre_condition) do - <<-EOF - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - class { 'tripleo::profile::base::cinder::backup': step => #{params[:step]} } - EOF - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup::nfs') - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to_not contain_class('cinder::backup::nfs') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::backup::nfs') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup::nfs' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_s3_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_s3_spec.rb deleted file mode 100644 index 8a5ba38ab..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_s3_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::backup::s3' do - shared_examples_for 'tripleo::profile::base::cinder::backup::s3' do - let(:pre_condition) do - <<-EOF - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - class { 'tripleo::profile::base::cinder::backup': step => #{params[:step]} } - EOF - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup::s3') - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to_not contain_class('cinder::backup::s3') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::backup::s3') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup::s3' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_spec.rb deleted file mode 100644 index 43f454212..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::backup' do - shared_examples_for 'tripleo::profile::base::cinder::backup' do - let(:pre_condition) do - "class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }" - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_class('cinder::backup') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::backup') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb b/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb deleted file mode 100644 index f60ae373f..000000000 --- a/spec/classes/tripleo_profile_base_cinder_backup_swift_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::backup::swift' do - shared_examples_for 'tripleo::profile::base::cinder::backup::swift' do - let(:pre_condition) do - <<-EOF - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - class { 'tripleo::profile::base::cinder::backup': step => #{params[:step]} } - EOF - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup::swift') - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - is_expected.to_not contain_class('cinder::backup::swift') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::backup::swift') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::backup::swift' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_powerflex_spec.rb b/spec/classes/tripleo_profile_base_cinder_powerflex_spec.rb deleted file mode 100644 index 3e0e51d1d..000000000 --- a/spec/classes/tripleo_profile_base_cinder_powerflex_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (c) 2020 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_powerflex' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_powerflex' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerflex') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_powerflex('tripleo_dellemc_powerflex') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - # TODO(aschultz): check hiera parameters - is_expected.to contain_cinder__backend__dellemc_powerflex('tripleo_dellemc_powerflex') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_powerflex' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_powermax_spec.rb b/spec/classes/tripleo_profile_base_cinder_powermax_spec.rb deleted file mode 100644 index 956ae386c..000000000 --- a/spec/classes/tripleo_profile_base_cinder_powermax_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_powermax' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_powermax' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powermax') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_powermax('tripleo_dellemc_powermax') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__dellemc_powermax('tripleo_dellemc_powermax') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_powermax_1', 'tripleo_dellemc_powermax_2'], - :multi_config => { 'tripleo_dellemc_powermax_2' => { - 'CinderPowermaxStorageProtocol' => 'FC' - }}, - :step => 4, - } } - - it 'should configure each backend' do - is_expected.to contain_cinder__backend__dellemc_powermax('tripleo_dellemc_powermax_1') - is_expected.to contain_cinder_config('tripleo_dellemc_powermax_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.powermax.iscsi.PowerMaxISCSIDriver') - is_expected.to contain_cinder__backend__dellemc_powermax('tripleo_dellemc_powermax_2') - is_expected.to contain_cinder_config('tripleo_dellemc_powermax_2/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.powermax.fc.PowerMaxFCDriver') - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_powermax' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_powerstore_spec.rb b/spec/classes/tripleo_profile_base_cinder_powerstore_spec.rb deleted file mode 100644 index 18dd4223c..000000000 --- a/spec/classes/tripleo_profile_base_cinder_powerstore_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_powerstore' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_powerstore' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerstore') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_powerstore('tripleo_dellemc_powerstore') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__dellemc_powerstore('tripleo_dellemc_powerstore') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_powerstore_1', 'tripleo_dellemc_powerstore_2'], - :multi_config => { 'tripleo_dellemc_powerstore_2' => { 'CinderPowerStoreStorageProtocol' => 'FC' }}, - :step => 4, - } } - - it 'should configure each backend' do - - is_expected.to contain_cinder__backend__dellemc_powerstore('tripleo_dellemc_powerstore_1') - is_expected.to contain_cinder_config('tripleo_dellemc_powerstore_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver') - is_expected.to contain_cinder_config('tripleo_dellemc_powerstore_1/storage_protocol') - .with_value('iSCSI') - - is_expected.to contain_cinder__backend__dellemc_powerstore('tripleo_dellemc_powerstore_2') - is_expected.to contain_cinder_config('tripleo_dellemc_powerstore_2/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.powerstore.driver.PowerStoreDriver') - is_expected.to contain_cinder_config('tripleo_dellemc_powerstore_2/storage_protocol') - .with_value('FC') - - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_powerstore' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_sc_spec.rb b/spec/classes/tripleo_profile_base_cinder_sc_spec.rb deleted file mode 100644 index b3c647e26..000000000 --- a/spec/classes/tripleo_profile_base_cinder_sc_spec.rb +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_sc' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_sc' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_sc') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_sc('tripleo_dellemc_sc') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__dellemc_sc('tripleo_dellemc_sc') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_sc_1', 'tripleo_dellemc_sc_2'], - :multi_config => { 'tripleo_dellemc_sc_2' => { 'CinderSCStorageProtocol' => 'FC' }}, - :step => 4, - } } - - it 'should configure each backend' do - is_expected.to contain_cinder__backend__dellemc_sc('tripleo_dellemc_sc_1') - is_expected.to contain_cinder_config('tripleo_dellemc_sc_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.sc.storagecenter_iscsi.SCISCSIDriver') - is_expected.to contain_cinder__backend__dellemc_sc('tripleo_dellemc_sc_2') - is_expected.to contain_cinder_config('tripleo_dellemc_sc_2/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.sc.storagecenter_fc.SCFCDriver') - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_sc' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb b/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb deleted file mode 100644 index fa43a2520..000000000 --- a/spec/classes/tripleo_profile_base_cinder_scheduler_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::scheduler' do - shared_examples_for 'tripleo::profile::base::cinder::scheduler' do - let(:pre_condition) do - "class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] }" - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::scheduler') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_class('cinder::scheduler') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder::scheduler') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::scheduler' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_spec.rb b/spec/classes/tripleo_profile_base_cinder_spec.rb deleted file mode 100644 index 4b4af6e2b..000000000 --- a/spec/classes/tripleo_profile_base_cinder_spec.rb +++ /dev/null @@ -1,188 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder' do - shared_examples_for 'tripleo::profile::base::cinder' do - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_class('cinder') - is_expected.to_not contain_class('cinder::config') - is_expected.to_not contain_class('cinder::db') - is_expected.to_not contain_class('cinder::glance') - is_expected.to_not contain_class('cinder::nova') - is_expected.to_not contain_class('cinder::logging') - is_expected.to_not contain_class('cinder::quota') - is_expected.to_not contain_class('cinder::keystone::service_user') - is_expected.to_not contain_class('cinder::key_manager') - is_expected.to_not contain_class('cinder::key_manager::barbican') - is_expected.to_not contain_class('cinder:::cron::db_purge') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'cinder1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'cinder2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder').with( - :default_transport_url => 'rabbit://cinder1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://cinder2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('cinder::config') - is_expected.to contain_class('cinder::db') - is_expected.to contain_class('cinder::glance') - is_expected.to contain_class('cinder::nova') - is_expected.to contain_class('cinder::logging') - is_expected.to contain_class('cinder::quota') - is_expected.to contain_class('cinder::keystone::service_user') - is_expected.to contain_class('cinder::key_manager') - is_expected.to contain_class('cinder::key_manager::barbican') - is_expected.to_not contain_class('cinder::cron::db_purge') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'soemthingelse.example.com' - } } - - it 'should not trigger any configuration' do - is_expected.to_not contain_class('cinder') - is_expected.to_not contain_class('cinder::config') - is_expected.to_not contain_class('cinder::db') - is_expected.to_not contain_class('cinder::glance') - is_expected.to_not contain_class('cinder::nova') - is_expected.to_not contain_class('cinder::logging') - is_expected.to_not contain_class('cinder::quota') - is_expected.to_not contain_class('cinder::keystone::service_user') - is_expected.to_not contain_class('cinder::key_manager') - is_expected.to_not contain_class('cinder::key_manager::barbican') - is_expected.to_not contain_class('cinder:::cron::db_purge') - end - end - - context 'with step 4 on other node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'somethingelse.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'cinder1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'cinder2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it 'should trigger cinder configuration without mysql grant' do - is_expected.to contain_class('cinder').with( - :default_transport_url => 'rabbit://cinder1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://cinder2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('cinder::config') - is_expected.to contain_class('cinder::db') - is_expected.to contain_class('cinder::glance') - is_expected.to contain_class('cinder::nova') - is_expected.to contain_class('cinder::logging') - is_expected.to contain_class('cinder::quota') - is_expected.to contain_class('cinder::keystone::service_user') - is_expected.to contain_class('cinder::key_manager') - is_expected.to contain_class('cinder::key_manager::barbican') - is_expected.to_not contain_class('cinder:::cron::db_purge') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '127.0.0.1' ], - :oslomsg_rpc_username => 'cinder', - :oslomsg_rpc_password => 'foo', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder').with( - :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:5672/?ssl=0' - ) - is_expected.to contain_class('cinder::config') - is_expected.to contain_class('cinder::db') - is_expected.to contain_class('cinder::glance') - is_expected.to contain_class('cinder::nova') - is_expected.to contain_class('cinder::logging') - is_expected.to contain_class('cinder::quota') - is_expected.to contain_class('cinder::keystone::service_user') - is_expected.to contain_class('cinder::key_manager') - is_expected.to contain_class('cinder::key_manager::barbican') - is_expected.to contain_class('cinder::cron::db_purge') - end - end - - context 'with step 5 without db_purge' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '127.0.0.1' ], - :oslomsg_rpc_username => 'cinder', - :oslomsg_rpc_password => 'foo', - :cinder_enable_db_purge => false - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('cinder').with( - :default_transport_url => 'rabbit://cinder:foo@127.0.0.1:5672/?ssl=0' - ) - is_expected.to contain_class('cinder::config') - is_expected.to contain_class('cinder::db') - is_expected.to contain_class('cinder::glance') - is_expected.to contain_class('cinder::nova') - is_expected.to contain_class('cinder::logging') - is_expected.to contain_class('cinder::quota') - is_expected.to contain_class('cinder::keystone::service_user') - is_expected.to contain_class('cinder::key_manager') - is_expected.to contain_class('cinder::key_manager::barbican') - is_expected.to_not contain_class('cinder::cron::db_purge') - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_unity_spec.rb b/spec/classes/tripleo_profile_base_cinder_unity_spec.rb deleted file mode 100644 index 673a50acd..000000000 --- a/spec/classes/tripleo_profile_base_cinder_unity_spec.rb +++ /dev/null @@ -1,73 +0,0 @@ -# Copyright (c) 2016-2017 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_unity' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_unity' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_unity') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - # TODO(aschultz): check hiera parameters - is_expected.to contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity') - end - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_unity_1', 'tripleo_dellemc_unity_2'], - :multi_config => { 'tripleo_dellemc_unity_2' => { 'CinderDellEMCUnityStorageProtocol' => 'FC' }}, - :step => 4, - } } - it 'should configure each backend' do - is_expected.to contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity_1') - is_expected.to contain_cinder_config('tripleo_dellemc_unity_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.unity.Driver') - is_expected.to contain_cinder_config('tripleo_dellemc_unity_1/storage_protocol') - .with_value('iSCSI') - is_expected.to contain_cinder__backend__dellemc_unity('tripleo_dellemc_unity_2') - is_expected.to contain_cinder_config('tripleo_dellemc_unity_2/storage_protocol') - .with_value('FC') - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_unity' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_vnx_spec.rb b/spec/classes/tripleo_profile_base_cinder_vnx_spec.rb deleted file mode 100644 index 576bbbe02..000000000 --- a/spec/classes/tripleo_profile_base_cinder_vnx_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -# Copyright (c) 2016-2018 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_vnx' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_vnx' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_vnx') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__emc_vnx('tripleo_dellemc_vnx') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - # TODO(aschultz): check hiera parameters - is_expected.to contain_cinder__backend__emc_vnx('tripleo_dellemc_vnx') - end - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_vnx_1', 'tripleo_dellemc_vnx_2'], - :multi_config => { 'tripleo_dellemc_vnx_2' => { 'CinderDellEMCVNXStorageProtocol' => 'FC' }}, - :step => 4, - } } - it 'should configure each backend' do - is_expected.to contain_cinder__backend__emc_vnx('tripleo_dellemc_vnx_1') - is_expected.to contain_cinder_config('tripleo_dellemc_vnx_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.vnx.driver.VNXDriver') - is_expected.to contain_cinder_config('tripleo_dellemc_vnx_1/storage_protocol') - .with_value('iscsi') - is_expected.to contain_cinder__backend__emc_vnx('tripleo_dellemc_vnx_2') - is_expected.to contain_cinder_config('tripleo_dellemc_vnx_2/storage_protocol') - .with_value('FC') - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_vnx' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_ibm_svf_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_ibm_svf_spec.rb deleted file mode 100644 index 66003afe9..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_ibm_svf_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::ibm_svf' do - shared_examples_for 'tripleo::profile::base::cinder::volume::ibm_svf' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::ibm_svf') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__ibm_svf('tripleo_ibm_svf') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__ibm_svf('tripleo_ibm_svf') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_ibm_svf_1', 'tripleo_ibm_svf_2'], - :multi_config => { 'tripleo_ibm_svf_1' => { - 'CinderSvfAllowTenantQos' => 'true', - }, - 'tripleo_ibm_svf_2' => { - 'CinderSvfConnectionProtocol' => 'FC', - }, - }, - :step => 4, - } } - it 'should configure each backend' do - is_expected.to contain_cinder__backend__ibm_svf('tripleo_ibm_svf_1') - is_expected.to contain_cinder_config('tripleo_ibm_svf_1/storwize_svc_allow_tenant_qos').with_value('true') - is_expected.to contain_cinder_config('tripleo_ibm_svf_1/volume_driver').with_value('cinder.volume.drivers.ibm.storwize_svc.storwize_svc_iscsi.StorwizeSVCISCSIDriver') - is_expected.to contain_cinder__backend__ibm_svf('tripleo_ibm_svf_2') - is_expected.to contain_cinder_config('tripleo_ibm_svf_2/storwize_svc_allow_tenant_qos').with_value('') - is_expected.to contain_cinder_config('tripleo_ibm_svf_2/volume_driver').with_value('cinder.volume.drivers.ibm.storwize_svc.storwize_svc_fc.StorwizeSVCFCDriver') - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::ibm_svf' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb deleted file mode 100644 index 6d40116d1..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_iscsi_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::iscsi' do - shared_examples_for 'tripleo::profile::base::cinder::volume::iscsi' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :cinder_iscsi_address => '127.0.0.1', - :step => 3 - } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__iscsi('tripleo_iscsi') - end - end - - context 'with step 4' do - let(:params) { { - :cinder_iscsi_address => '127.0.0.1', - :step => 4, - } } - - context 'with defaults' do - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__iscsi('tripleo_iscsi').with( - :target_ip_address => '127.0.0.1', - :target_helper => 'tgtadm', - :target_protocol => 'iscsi' - ) - end - end - - context 'with customizations' do - before :each do - params.merge!( - { - :backend_availability_zone => 'my_zone', - :cinder_iscsi_address => 'fe80::fc54:ff:fe9e:7846', - }) - end - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__iscsi('tripleo_iscsi').with( - :backend_availability_zone => 'my_zone', - :target_ip_address => '[fe80::fc54:ff:fe9e:7846]', - ) - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::iscsi' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb deleted file mode 100644 index 14b998097..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_netapp_spec.rb +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::netapp' do - shared_examples_for 'tripleo::profile::base::cinder::volume::netapp' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__netapp('tripleo_netapp') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - # TODO(aschultz): check parameters via hiera - is_expected.to contain_cinder__backend__netapp('tripleo_netapp') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_netapp_1', 'tripleo_netapp_2'], - :multi_config => { 'tripleo_netapp_1' => { - 'CinderNetappStorageProtocol' => 'iscsi', - }, - 'tripleo_netapp_2' => { - 'CinderNetappNfsSharesConfig' => '/etc/cinder/shares_2.conf', - }, - }, - :step => 4, - } } - - it 'should configure each backend' do - is_expected.to contain_cinder__backend__netapp('tripleo_netapp_1') - is_expected.to contain_cinder_config('tripleo_netapp_1/netapp_storage_protocol').with_value('iscsi') - is_expected.to contain_cinder_config('tripleo_netapp_1/nfs_shares_config').with_value('/etc/cinder/shares.conf') - is_expected.to contain_cinder__backend__netapp('tripleo_netapp_2') - is_expected.to contain_cinder_config('tripleo_netapp_2/netapp_storage_protocol').with_value('nfs') - is_expected.to contain_cinder_config('tripleo_netapp_2/nfs_shares_config').with_value('/etc/cinder/shares_2.conf') - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::netapp' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb deleted file mode 100644 index e40beb947..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_nfs_spec.rb +++ /dev/null @@ -1,132 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::nfs' do - shared_examples_for 'tripleo::profile::base::cinder::volume::nfs' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :cinder_nfs_servers => ['127.0.0.1'], - :step => 3 - } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__nfs('tripleo_nfs') - end - end - - context 'with step 4' do - let(:params) { { - :cinder_nfs_servers => ['127.0.0.1'], - :step => 4, - } } - - context 'with defaults' do - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__nfs('tripleo_nfs').with( - :nfs_servers => ['127.0.0.1'], - :nfs_mount_options => '', - :nfs_shares_config => '/etc/cinder/shares-nfs.conf', - :nfs_snapshot_support => '', - :nas_secure_file_operations => '', - :nas_secure_file_permissions => '', - ) - end - end - - context 'with customizations' do - before :each do - params.merge!( - { - :backend_availability_zone => 'my_zone', - :cinder_nfs_snapshot_support => 'true', - :cinder_nas_secure_file_operations => 'false', - :cinder_nas_secure_file_permissions => 'auto', - }) - end - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__nfs('tripleo_nfs').with( - :backend_availability_zone => 'my_zone', - :nfs_snapshot_support => 'true', - :nas_secure_file_operations => 'false', - :nas_secure_file_permissions => 'auto', - ) - end - end - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_nfs_1', 'tripleo_nfs_2'], - :multi_config => { 'tripleo_nfs_1' => { - 'CinderNfsSnapshotSupport' => 'true', - }, - 'tripleo_nfs_2' => { - 'CinderNfsSharesConfig' => '/etc/cinder/shares-nfs_2.conf', - }, - }, - :step => 4, - } } - it 'should configure each backend' do - is_expected.to contain_cinder__backend__nfs('tripleo_nfs_1') - is_expected.to contain_cinder_config('tripleo_nfs_1/nfs_snapshot_support').with_value('true') - is_expected.to contain_cinder_config('tripleo_nfs_1/nfs_shares_config').with_value('/etc/cinder/shares-nfs.conf') - is_expected.to contain_cinder__backend__nfs('tripleo_nfs_2') - is_expected.to contain_cinder_config('tripleo_nfs_2/nfs_snapshot_support').with_value('') - is_expected.to contain_cinder_config('tripleo_nfs_2/nfs_shares_config').with_value('/etc/cinder/shares-nfs_2.conf') - end - end - - context 'with selinux' do - before :each do - facts.merge!({ :selinux => 'true' }) - end - it 'should configure selinux' do - is_expected.to contain_selboolean('virt_use_nfs').with( - :value => 'on', - :persistent => true, - ) - end - end - - context 'without selinux' do - before :each do - facts.merge!({ :selinux => 'false' }) - end - it 'should configure selinux' do - is_expected.to_not contain_selboolean('virt_use_nfs') - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::nfs' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_nvmeof_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_nvmeof_spec.rb deleted file mode 100644 index 810756fbf..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_nvmeof_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::nvmeof' do - shared_examples_for 'tripleo::profile::base::cinder::volume::nvmeof' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :target_ip_address => '127.0.0.1', - :target_port => '4420', - :target_helper => 'nvmet', - :target_protocol => 'nvmet_rdma', - :step => 3 - } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::nvmeof') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_class('cinder::setup_test_volume') - is_expected.to_not contain_cinder__backend__nvmeof('tripleo_nvmeof') - end - end - - context 'with step 4' do - let(:params) { { - :target_ip_address => '127.0.0.1', - :target_port => '4420', - :target_helper => 'nvmet', - :target_protocol => 'nvmet_rdma', - :step => 4, - } } - - context 'with defaults' do - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__nvmeof('tripleo_nvmeof').with( - :target_ip_address => '127.0.0.1', - :target_port => '4420', - :target_helper => 'nvmet', - :target_protocol => 'nvmet_rdma', - :nvmet_port_id => '1', - :nvmet_ns_id => '10', - ) - end - end - - context 'with customizations' do - before :each do - params.merge!( - { - :backend_availability_zone => 'my_zone', - }) - end - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__nvmeof('tripleo_nvmeof').with( - :backend_availability_zone => 'my_zone', - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::nvmeof' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_pure_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_pure_spec.rb deleted file mode 100644 index a5731a608..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_pure_spec.rb +++ /dev/null @@ -1,74 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::pure' do - shared_examples_for 'tripleo::profile::base::cinder::volume::pure' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::pure') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__pure('tripleo_pure') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - # TODO(aschultz): check hiera parameters - is_expected.to contain_cinder__backend__pure('tripleo_pure') - is_expected.to contain_cinder_config('tripleo_pure/use_chap_auth').with_value(false) - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_pure_1', 'tripleo_pure_2'], - :multi_config => { 'tripleo_pure_2' => { 'CinderPureUseChap' => true }}, - :step => 4, - } } - - it 'should configure each backend' do - is_expected.to contain_cinder__backend__pure('tripleo_pure_1') - is_expected.to contain_cinder_config('tripleo_pure_1/use_chap_auth').with_value(false) - is_expected.to contain_cinder__backend__pure('tripleo_pure_2') - is_expected.to contain_cinder_config('tripleo_pure_2/use_chap_auth').with_value(true) - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::pure' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb deleted file mode 100644 index ae7240f7e..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_rbd_spec.rb +++ /dev/null @@ -1,181 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::rbd' do - shared_examples_for 'tripleo::profile::base::cinder::volume::rbd' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__rbd('tripleo_ceph') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - context 'with defaults' do - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__rbd('tripleo_ceph').with( - :backend_host => 'node.example.com', - :rbd_ceph_conf => '/etc/ceph/ceph.conf', - :rbd_pool => 'volumes', - :rbd_user => 'openstack', - :rbd_flatten_volume_from_snapshot => '', - ) - end - end - - context 'with customizations' do - before :each do - params.merge!({ - :backend_name => 'poodles', - :backend_availability_zone => 'my_zone', - :cinder_rbd_backend_host => 'fe80::fc54:ff:fe9e:7846', - :cinder_rbd_ceph_conf => '/etc/ceph/mycluster.conf', - :cinder_rbd_pool_name => 'poolname', - :cinder_rbd_extra_pools => ['aplenty', 'galore'], - :cinder_rbd_secret_uuid => 'secretuuid', - :cinder_rbd_user_name => 'kcatsnepo', - :cinder_rbd_flatten_volume_from_snapshot => true, - :extra_options => {'poodles/param1' => { 'value' => 'value1' }}, - }) - end - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__rbd('poodles').with( - :backend_host => 'fe80::fc54:ff:fe9e:7846', - :backend_availability_zone => 'my_zone', - :rbd_ceph_conf => '/etc/ceph/mycluster.conf', - :rbd_pool => 'poolname', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - :extra_options => {'poodles/param1' => { 'value' => 'value1' }}, - ) - is_expected.to contain_cinder__backend__rbd('poodles_aplenty').with( - :backend_host => 'fe80::fc54:ff:fe9e:7846', - :backend_availability_zone => 'my_zone', - :rbd_ceph_conf => '/etc/ceph/mycluster.conf', - :rbd_pool => 'aplenty', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - # extra_options are provided with only the first RBD backend/pool - :extra_options => {}, - ) - is_expected.to contain_cinder__backend__rbd('poodles_galore').with( - :backend_host => 'fe80::fc54:ff:fe9e:7846', - :backend_availability_zone => 'my_zone', - :rbd_ceph_conf => '/etc/ceph/mycluster.conf', - :rbd_pool => 'galore', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - :extra_options => {}, - ) - end - end - - context 'with multiple backends' do - before :each do - params.merge!({ - :backend_name => ['rbd1', 'rbd2'], - :backend_availability_zone => 'zone1', - :multi_config => { - 'rbd2' => { - 'CinderRbdAvailabilityZone' => 'zone2', - 'CephClusterName' => 'ceph2', - 'CinderRbdPoolName' => 'pool2a', - 'CinderRbdExtraPools' => ['pool2b', 'pool2c'], - 'CephClusterFSID' => 'secretuuid', - 'CephClientUserName' => 'kcatsnepo', - 'CinderRbdFlattenVolumeFromSnapshot' => true, - }, - }, - :extra_options => {'poodles/param1' => { 'value' => 'value1' }}, - }) - end - it 'should configure each backend' do - is_expected.to contain_cinder__backend__rbd('rbd1').with( - :backend_host => 'node.example.com', - :backend_availability_zone => 'zone1', - :rbd_ceph_conf => '/etc/ceph/ceph.conf', - :rbd_pool => 'volumes', - :rbd_user => 'openstack', - :rbd_flatten_volume_from_snapshot => '', - :extra_options => {'poodles/param1' => { 'value' => 'value1' }}, - ) - - is_expected.to contain_cinder__backend__rbd('rbd2').with( - :backend_host => 'node.example.com', - :backend_availability_zone => 'zone2', - :rbd_ceph_conf => '/etc/ceph/ceph2.conf', - :rbd_pool => 'pool2a', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - # extra_options are provided with only the first RBD backend/pool - :extra_options => {}, - ) - - is_expected.to contain_cinder__backend__rbd('rbd2_pool2b').with( - :backend_host => 'node.example.com', - :backend_availability_zone => 'zone2', - :rbd_ceph_conf => '/etc/ceph/ceph2.conf', - :rbd_pool => 'pool2b', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - :extra_options => {}, - ) - - is_expected.to contain_cinder__backend__rbd('rbd2_pool2c').with( - :backend_host => 'node.example.com', - :backend_availability_zone => 'zone2', - :rbd_ceph_conf => '/etc/ceph/ceph2.conf', - :rbd_pool => 'pool2c', - :rbd_user => 'kcatsnepo', - :rbd_secret_uuid => 'secretuuid', - :rbd_flatten_volume_from_snapshot => true, - :extra_options => {}, - ) - end - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::rbd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb b/spec/classes/tripleo_profile_base_cinder_volume_spec.rb deleted file mode 100644 index 3bfea31c1..000000000 --- a/spec/classes/tripleo_profile_base_cinder_volume_spec.rb +++ /dev/null @@ -1,571 +0,0 @@ -# coding: utf-8 -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume' do - - shared_examples_for 'tripleo::profile::base::cinder::volume' do - # this hack allows hiera('step') to work as the spec hiera config will - # allow any included modules to automagically get the right step from - # hiera. (╯°□°)╯︵ ┻━┻ - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - " - class { 'tripleo::profile::base::cinder': step => #{params[:step]}, oslomsg_rpc_hosts => ['127.0.0.1'] } - " - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_class('cinder::volume') - is_expected.to_not contain_class('cinder::backends') - is_expected.to_not contain_class('cinder::backend::defaults') - end - end - - context 'with step 4' do - let(:params) { { :step => 4 } } - - context 'with defaults' do - it 'should configure iscsi' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_iscsi'] - ) - is_expected.to contain_class('cinder::backend::defaults') - end - it 'should not configure cinder-volume for A/A mode' do - is_expected.to contain_class('cinder::volume').with( - :cluster => '', - ) - is_expected.to_not contain_class('cinder::coordination') - end - end - - - context 'with only pure' do - before :each do - params.merge!({ - :cinder_enable_pure_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only pure' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::pure') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_pure'] - ) - end - context 'with multiple pure backends' do - # Step 5's hiera specifies two pure backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_pure_1', 'tripleo_pure_2'] - ) - end - end - end - - context 'with only xtremio' do - before :each do - params.merge!({ - :cinder_enable_dellemc_xtremio_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only xtremio' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_xtremio') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_xtremio'] - ) - end - context 'with multiple xtremio backends' do - # Step 5's hiera specifies two xtremio backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_xtremio_1', 'tripleo_dellemc_xtremio_2'] - ) - end - end - end - - context 'with only powermax' do - before :each do - params.merge!({ - :cinder_enable_dellemc_powermax_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only powermax' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powermax') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_powermax'] - ) - end - context 'with multiple powermax backends' do - # Step 5's hiera specifies two powermax backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_powermax_1', 'tripleo_dellemc_powermax_2'] - ) - end - end - end - - context 'with only powerstore' do - before :each do - params.merge!({ - :cinder_enable_dellemc_powerstore_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only powerstore' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerstore') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_powerstore'] - ) - end - context 'with multiple powerstore backends' do - # Step 5's hiera specifies two powerstore backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_powerstore_1', 'tripleo_dellemc_powerstore_2'] - ) - end - end - end - - - context 'with only sc' do - before :each do - params.merge!({ - :cinder_enable_dellemc_sc_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only sc' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_sc') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_sc'] - ) - end - context 'with multiple sc backends' do - # Step 5's hiera specifies multiple sc backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_sc_1', 'tripleo_dellemc_sc_2'] - ) - end - end - end - - context 'with only unity' do - before :each do - params.merge!({ - :cinder_enable_dellemc_unity_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only unity' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_unity') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_unity'] - ) - end - context 'with multiple unity backends' do - # Step 5's hiera specifies multiple unity backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_unity_1', 'tripleo_dellemc_unity_2'] - ) - end - end - end - - context 'with only vnx' do - before :each do - params.merge!({ - :cinder_enable_dellemc_vnx_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only vnx' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_vnx') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_vnx'] - ) - end - context 'with multiple vnx backends' do - # Step 5's hiera specifies multiple vnx backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_vnx_1', 'tripleo_dellemc_vnx_2'] - ) - end - end - end - - context 'with only powerflex' do - before :each do - params.merge!({ - :cinder_enable_dellemc_powerflex_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only powerflex' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerflex') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_dellemc_powerflex'] - ) - end - end - - context 'with only ibm_svf' do - before :each do - params.merge!({ - :cinder_enable_ibm_svf_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only ibm_svf' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::ibm_svf') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_ibm_svf'] - ) - end - context 'with multiple ibm_svf backends' do - # Step 5's hiera specifies two ibm_svf backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_ibm_svf_1', 'tripleo_ibm_svf_2'] - ) - end - end - end - - context 'with only netapp' do - before :each do - params.merge!({ - :cinder_enable_netapp_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only netapp' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_netapp'] - ) - end - context 'with multiple netapp backends' do - # Step 5's hiera specifies two netapp backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_netapp_1', 'tripleo_netapp_2'] - ) - end - end - end - - context 'with only nfs' do - before :each do - params.merge!({ - :cinder_enable_nfs_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only nfs' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_nfs'] - ) - end - context 'with multiple nfs backends' do - # Step 5's hiera specifies two nfs backend names - let(:params) { { :step => 5 } } - it 'should enable each backend' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_nfs_1', 'tripleo_nfs_2'] - ) - end - end - end - - context 'with only rbd' do - before :each do - params.merge!({ - :cinder_enable_rbd_backend => true, - :cinder_enable_iscsi_backend => false, - }) - end - it 'should configure only ceph' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['tripleo_ceph'] - ) - end - context 'additional rbd pools and an additional rbd backend' do - # Step 5's hiera specifies two rbd backends, each with additional rbd pools - let(:params) { { :step => 5 } } - it 'should configure additional rbd backends' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => [ - 'tripleo_ceph_1', 'tripleo_ceph_2', 'tripleo_ceph_1_foo', 'tripleo_ceph_1_bar', 'tripleo_ceph_2_zap', - ] - ) - end - end - end - - context 'with only user backend' do - before :each do - params.merge!({ - :cinder_enable_iscsi_backend => false, - :cinder_user_enabled_backends => 'poodles' - }) - end - it 'should configure only user backend' do - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::pure') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellemc_sc') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellemc_powerflex') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellemc_powermax') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellemc_powerstore') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::dellemc_xtremio') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::ibm_svf') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::netapp') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::nfs') - is_expected.to_not contain_class('tripleo::profile::base::cinder::volume::rbd') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['poodles'] - ) - end - end - - context 'with all tripleo backends' do - before :each do - params.merge!({ - :cinder_enable_pure_backend => true, - :cinder_enable_dellemc_sc_backend => true, - :cinder_enable_dellemc_powerflex_backend => true, - :cinder_enable_dellemc_powermax_backend => true, - :cinder_enable_dellemc_powerstore_backend => true, - :cinder_enable_dellemc_xtremio_backend => true, - :cinder_enable_ibm_svf_backend => true, - :cinder_enable_iscsi_backend => true, - :cinder_enable_netapp_backend => true, - :cinder_enable_nfs_backend => true, - :cinder_enable_rbd_backend => true, - }) - end - it 'should configure all backends' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::pure') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_sc') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerflex') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powermax') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_powerstore') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_xtremio') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::ibm_svf') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::iscsi') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::netapp') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::nfs') - is_expected.to contain_class('tripleo::profile::base::cinder::volume::rbd') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to contain_class('cinder::volume') - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => [ - 'tripleo_iscsi', - 'tripleo_ceph', - 'tripleo_pure', - 'tripleo_dellemc_sc', - 'tripleo_dellemc_powerflex', - 'tripleo_dellemc_powermax', - 'tripleo_dellemc_powerstore', - 'tripleo_dellemc_xtremio', - 'tripleo_ibm_svf', - 'tripleo_netapp', - 'tripleo_nfs' - ] - ) - end - end - - context 'with a cluster name' do - before :each do - params.merge!({ - :cinder_volume_cluster => 'tripleo-cluster', - :etcd_enabled => true, - :etcd_host => '127.0.0.1', - }) - end - it 'should configure cinder-volume for A/A mode' do - is_expected.to contain_class('cinder::volume').with( - :cluster => 'tripleo-cluster', - ) - is_expected.to contain_class('cinder::coordination').with( - :backend_url => "etcd3+http://127.0.0.1:2379?api_version=#{platform_params[:api_version]}", - ) - end - - context 'with internal tls enabled' do - before :each do - params.merge!({ - :enable_internal_tls => true, - :etcd_certificate_specs => { - 'service_certificate' => '/path/to/etcd.cert', - 'service_key' => '/path/to/etcd.key', - }, - }) - end - it 'should configure coordination backend_url with https' do - is_expected.to contain_class('cinder::coordination').with( - :backend_url => "etcd3+https://127.0.0.1:2379?api_version=#{platform_params[:api_version]}&cert_key=/path/to/etcd.key&cert_cert=/path/to/etcd.cert", - ) - end - end - - context 'with an ipv6 etcd_host' do - before :each do - params.merge!({ - :etcd_host => 'fe80::1ff:fe23:4567:890a', - }) - end - it 'should normalize it in the URI' do - is_expected.to contain_class('cinder::coordination').with( - :backend_url => "etcd3+http://[fe80::1ff:fe23:4567:890a]:2379?api_version=#{platform_params[:api_version]}", - ) - end - end - - context 'with a named etcd_host' do - before :each do - params.merge!({ - :etcd_host => 'etcdhost.localdomain', - }) - end - it 'should craft a correct URI' do - is_expected.to contain_class('cinder::coordination').with( - :backend_url => "etcd3+http://etcdhost.localdomain:2379?api_version=#{platform_params[:api_version]}", - ) - end - end - - context 'with etcd service not enabled' do - before :each do - params.merge!({ - :etcd_enabled => false, - }) - end - it 'should fail to deploy' do - is_expected.to compile.and_raise_error( - /Running cinder-volume in active-active mode with a cluster name requires the etcd service./ - ) - end - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - let(:platform_params) do - if facts[:operatingsystemmajrelease] == '8' - { :api_version => 'v3alpha' } - else - { :api_version => 'v3' } - end - end - - it_behaves_like 'tripleo::profile::base::cinder::volume' - - end - end -end diff --git a/spec/classes/tripleo_profile_base_cinder_xtremio_spec.rb b/spec/classes/tripleo_profile_base_cinder_xtremio_spec.rb deleted file mode 100644 index c904414a3..000000000 --- a/spec/classes/tripleo_profile_base_cinder_xtremio_spec.rb +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright (c) 2020 Dell Inc, or its subsidiaries -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::cinder::volume::dellemc_xtremio' do - shared_examples_for 'tripleo::profile::base::cinder::volume::dellemc_xtremio' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume::dellemc_xtremio') - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - is_expected.to contain_class('tripleo::profile::base::cinder') - is_expected.to_not contain_cinder__backend__dellemc_xtremio('tripleo_dellemc_xtremio') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it 'should trigger complete configuration' do - is_expected.to contain_cinder__backend__dellemc_xtremio('tripleo_dellemc_xtremio') - end - - context 'with multiple backends' do - let(:params) { { - :backend_name => ['tripleo_dellemc_xtremio_1', 'tripleo_dellemc_xtremio_2'], - :multi_config => { 'tripleo_dellemc_xtremio_2' => { 'CinderXtremioStorageProtocol' => 'FC' }}, - :step => 4, - } } - - it 'should configure each backend' do - is_expected.to contain_cinder__backend__dellemc_xtremio('tripleo_dellemc_xtremio_1') - is_expected.to contain_cinder_config('tripleo_dellemc_xtremio_1/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.xtremio.XtremIOISCSIDriver') - is_expected.to contain_cinder__backend__dellemc_xtremio('tripleo_dellemc_xtremio_2') - is_expected.to contain_cinder_config('tripleo_dellemc_xtremio_2/volume_driver') - .with_value('cinder.volume.drivers.dell_emc.xtremio.XtremIOFCDriver') - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::cinder::volume::dellemc_xtremio' - end - end -end diff --git a/spec/classes/tripleo_profile_base_database_mysql_client_spec.rb b/spec/classes/tripleo_profile_base_database_mysql_client_spec.rb deleted file mode 100644 index a55ca38a5..000000000 --- a/spec/classes/tripleo_profile_base_database_mysql_client_spec.rb +++ /dev/null @@ -1,97 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::database::mysql::client' do - shared_examples_for 'tripleo::profile::base::database::mysql::client' do - - context 'with defaults' do - let (:params) do - { :step => 1 } - end - - it { - is_expected.to contain_file('/etc/my.cnf.d').with(:ensure => 'directory') - is_expected.to contain_augeas('tripleo-mysql-client-conf').with( - :incl => '/etc/my.cnf.d/tripleo.cnf', - :changes => [ - 'rm tripleo/bind-address', - 'rm tripleo/ssl', - 'rm tripleo/ssl-ca', - 'rm client/ssl', - 'rm client/ssl-ca' - ] - ) - } - end - - context 'with ip address set to "" LP#1748180' do - let (:params) do - { :step => 1, - :mysql_client_bind_address => '' - } - end - - it { - is_expected.to contain_file('/etc/my.cnf.d').with(:ensure => 'directory') - is_expected.to contain_augeas('tripleo-mysql-client-conf').with( - :incl => '/etc/my.cnf.d/tripleo.cnf', - :changes => [ - 'rm tripleo/bind-address', - 'rm tripleo/ssl', - 'rm tripleo/ssl-ca', - 'rm client/ssl', - 'rm client/ssl-ca' - ] - ) - } - end - - context 'with ip address and ssl enabled' do - let (:params) do - { :step => 1, - :enable_ssl => true, - :mysql_client_bind_address => '127.0.0.1' - } - end - - it { - is_expected.to contain_file('/etc/my.cnf.d').with(:ensure => 'directory') - is_expected.to contain_augeas('tripleo-mysql-client-conf').with( - :incl => '/etc/my.cnf.d/tripleo.cnf', - :changes => [ - "set tripleo/bind-address '#{params[:mysql_client_bind_address]}'", - "set tripleo/ssl '1'", - "set tripleo/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'", - "set client/ssl '1'", - "set client/ssl-ca '/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt'" - ] - ) - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::database::mysql::client' - end - end -end diff --git a/spec/classes/tripleo_profile_base_database_mysql_spec.rb b/spec/classes/tripleo_profile_base_database_mysql_spec.rb deleted file mode 100644 index 12066c055..000000000 --- a/spec/classes/tripleo_profile_base_database_mysql_spec.rb +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::database::mysql' do - let :params do - { :step => 2, - :mysql_max_connections => 4096, - } - end - - shared_examples_for 'tripleo::profile::base::database::mysql' do - before :each do - facts.merge!({ :step => params[:step] }) - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::database::mysql' - end - end -end diff --git a/spec/classes/tripleo_profile_base_database_redis_spec.rb b/spec/classes/tripleo_profile_base_database_redis_spec.rb deleted file mode 100644 index a4702366a..000000000 --- a/spec/classes/tripleo_profile_base_database_redis_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::database::redis' do - shared_examples_for 'tripleo::profile::base::database::redis' do - - context 'with step less than 2' do - let(:params) { { - :step => 1, - } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::database::redis') - is_expected.to_not contain_class('redis') - is_expected.to_not contain_class('tripleo::redis_notification') - end - end - - context 'with step 2' do - let(:params) { { - :step => 2, - } } - - it 'should configure redis' do - is_expected.to contain_class('tripleo::profile::base::database::redis') - is_expected.to contain_class('redis') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::database::redis' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_api_spec.rb b/spec/classes/tripleo_profile_base_designate_api_spec.rb deleted file mode 100644 index c5cae860b..000000000 --- a/spec/classes/tripleo_profile_base_designate_api_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::api' do - shared_examples_for 'tripleo::profile::base::designate::api' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } - class { 'tripleo::profile::base::designate::authtoken': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::api') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('designate::wsgi::apache') - is_expected.to_not contain_class('designate::api') - is_expected.to_not contain_class('designate::healthcheck') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::api') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('designate::wsgi::apache') - is_expected.to contain_class('designate::api') - is_expected.to contain_class('designate::healthcheck') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_authtoken_spec.rb b/spec/classes/tripleo_profile_base_designate_authtoken_spec.rb deleted file mode 100644 index 204624bf0..000000000 --- a/spec/classes/tripleo_profile_base_designate_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::authtoken' do - shared_examples_for 'tripleo::profile::base::designate::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to_not contain_class('designate::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to contain_class('designate::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to contain_class('designate::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::authtoken') - is_expected.to contain_class('designate::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_backend_spec.rb b/spec/classes/tripleo_profile_base_designate_backend_spec.rb deleted file mode 100644 index 1fe29aa27..000000000 --- a/spec/classes/tripleo_profile_base_designate_backend_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::backend' do - shared_examples_for 'tripleo::profile::base::designate::backend' do - - context 'with step less than 4' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::backend') - is_expected.to_not contain_class('designate::backend::bind9') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::backend') - is_expected.to contain_class('designate::backend::bind9') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::backend' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_central_spec.rb b/spec/classes/tripleo_profile_base_designate_central_spec.rb deleted file mode 100644 index 5d2854bb9..000000000 --- a/spec/classes/tripleo_profile_base_designate_central_spec.rb +++ /dev/null @@ -1,123 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::central' do - shared_examples_for 'tripleo::profile::base::designate::central' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } - class { 'tripleo::profile::base::designate::coordination': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::central') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to_not contain_class('designate::db') - is_expected.to_not contain_class('designate::central') - is_expected.to_not contain_class('designate::quota') - is_expected.to_not contain_class('designate::network_api::neutron') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::central') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to contain_class('designate::db').with( - :sync_db => true - ) - is_expected.to contain_class('designate::central') - is_expected.to contain_class('designate::quota') - is_expected.to contain_class('designate::network_api::neutron') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::central') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to_not contain_class('designate::db') - is_expected.to_not contain_class('designate::central') - is_expected.to_not contain_class('designate::quota') - # TODO(tkajinam): tripleo::profile::base::designate includes - # the designate class in all nodes when step>=3, - # and the designate class now includes this class. - # Fix this once the designate class stops including - # the neutron class when puppet-designate drops - # the deprecated parameters. - #is_expected.to_not contain_class('designate::network_api::neutron') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::central') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to contain_class('designate::db').with( - :sync_db => false - ) - is_expected.to contain_class('designate::central') - is_expected.to contain_class('designate::quota') - is_expected.to contain_class('designate::network_api::neutron') - } - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::central' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_coordination_spec.rb b/spec/classes/tripleo_profile_base_designate_coordination_spec.rb deleted file mode 100644 index 486413a26..000000000 --- a/spec/classes/tripleo_profile_base_designate_coordination_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -# -# Copyright (C) 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::coordination' do - shared_examples_for 'tripleo::profile::base::designate::coordination' do - context 'with step less than 4' do - let(:params) { { - :step => 3, - :designate_redis_password => 'a_redis_password', - :redis_vip => '192.0.2.1', - } } - it { - is_expected.to_not contain_class('designate::coordination') - } - end - - context 'with step 4 and without a redis vip' do - let(:params) { { - :step => 4, - :designate_redis_password => 'a_redis_password', - # NOTE(tkajinam): Currently redis_vip is defined in test hieradata. - # Here we override the parameter to test the logic used - # when redis_vip is not set. - :redis_vip => false, - } } - it { - is_expected.to_not contain_class('designate::coordination') - } - end - - context 'with step 4 and a typical configuration no tls' do - let(:params) { { - :step => 4, - :designate_redis_password => 'a_redis_password', - :redis_vip => '192.0.2.1', - } } - it { - is_expected.to contain_class('designate::coordination').with( - :backend_url => 'redis://:a_redis_password@192.0.2.1:6379/' - ) - } - end - - context 'with 4 and a typical configuration tls enabled' do - let(:params) { { - :step => 4, - :designate_redis_password => 'a_redis_password', - :redis_vip => '192.0.2.1', - :enable_internal_tls => true - } } - it { - is_expected.to contain_class('designate::coordination').with( - :backend_url => 'redis://:a_redis_password@192.0.2.1:6379/?ssl=true' - ) - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge({ :hostname => 'node.example.com' }) - end - - it_behaves_like 'tripleo::profile::base::designate::coordination' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_mdns_spec.rb b/spec/classes/tripleo_profile_base_designate_mdns_spec.rb deleted file mode 100644 index f10095f67..000000000 --- a/spec/classes/tripleo_profile_base_designate_mdns_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::mdns' do - shared_examples_for 'tripleo::profile::base::designate::mdns' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::mdns') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to_not contain_class('designate::mdns') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::mdns') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('designate::mdns') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::mdns' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_producer_spec.rb b/spec/classes/tripleo_profile_base_designate_producer_spec.rb deleted file mode 100644 index e7822b3ed..000000000 --- a/spec/classes/tripleo_profile_base_designate_producer_spec.rb +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::producer' do - shared_examples_for 'tripleo::profile::base::designate::producer' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } - class { 'tripleo::profile::base::designate::coordination': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::producer') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to_not contain_class('designate::producer') - is_expected.to_not contain_class('designate::producer_task::delayed_notify') - is_expected.to_not contain_class('designate::producer_task::periodic_exists') - is_expected.to_not contain_class('designate::producer_task::periodic_secondary_refresh') - is_expected.to_not contain_class('designate::producer_task::worker_periodic_recovery') - is_expected.to_not contain_class('designate::producer_task::zone_purge') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::producer') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('tripleo::profile::base::designate::coordination') - is_expected.to contain_class('designate::producer') - is_expected.to contain_class('designate::producer_task::delayed_notify') - is_expected.to contain_class('designate::producer_task::periodic_exists') - is_expected.to contain_class('designate::producer_task::periodic_secondary_refresh') - is_expected.to contain_class('designate::producer_task::worker_periodic_recovery') - is_expected.to contain_class('designate::producer_task::zone_purge') - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::producer' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_sink_spec.rb b/spec/classes/tripleo_profile_base_designate_sink_spec.rb deleted file mode 100644 index 46187d97f..000000000 --- a/spec/classes/tripleo_profile_base_designate_sink_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::sink' do - shared_examples_for 'tripleo::profile::base::designate::sink' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::sink') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to_not contain_class('designate::sink') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::sink') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('designate::sink') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::sink' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_spec.rb b/spec/classes/tripleo_profile_base_designate_spec.rb deleted file mode 100644 index 29c8e7061..000000000 --- a/spec/classes/tripleo_profile_base_designate_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate' do - shared_examples_for 'tripleo::profile::base::designate' do - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to_not contain_class('designate') - is_expected.to_not contain_class('designate::config') - is_expected.to_not contain_class('designate::logging') - is_expected.to_not contain_class('designate::network_api::neutron') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_username => 'designate', - :oslomsg_rpc_password => 'foo', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('designate').with( - :default_transport_url => 'rabbit://designate:foo@localhost:5672/?ssl=0' - ) - is_expected.to contain_class('designate::config') - is_expected.to contain_class('designate::logging') - is_expected.to contain_class('designate::network_api::neutron') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate' - end - end -end diff --git a/spec/classes/tripleo_profile_base_designate_worker_spec.rb b/spec/classes/tripleo_profile_base_designate_worker_spec.rb deleted file mode 100644 index 115329f95..000000000 --- a/spec/classes/tripleo_profile_base_designate_worker_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::designate::worker' do - shared_examples_for 'tripleo::profile::base::designate::worker' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::designate': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'designate', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::worker') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to_not contain_class('designate::worker') - is_expected.to_not contain_file('designate rndc key') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::designate::worker') - is_expected.to contain_class('tripleo::profile::base::designate') - is_expected.to contain_class('designate::worker') - is_expected.to_not contain_file('designate rndc key') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::designate::worker' - end - end -end diff --git a/spec/classes/tripleo_profile_base_etcd_spec.rb b/spec/classes/tripleo_profile_base_etcd_spec.rb deleted file mode 100644 index dc7fdec99..000000000 --- a/spec/classes/tripleo_profile_base_etcd_spec.rb +++ /dev/null @@ -1,131 +0,0 @@ -# -# Copyright (C) 2020 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for tripleo -# - -require 'spec_helper' - -describe 'tripleo::profile::base::etcd' do - - shared_examples_for 'tripleo::profile::base::etcd' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 2' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to_not contain_class('etcd') - end - end - - context 'with step 2' do - let(:params) { { :step => 2 } } - - context 'with defaults' do - it 'should configure etcd with defaults' do - is_expected.to contain_class('etcd').with( - :listen_client_urls => 'http://127.0.0.1:2379', - :advertise_client_urls => 'http://127.0.0.1:2379', - :listen_peer_urls => 'http://127.0.0.1:2380', - :initial_advertise_peer_urls => 'http://127.0.0.1:2380', - :initial_cluster => [], - :proxy => 'off', - :cert_file => nil, - :key_file => nil, - :client_cert_auth => false, - :peer_cert_file => nil, - :peer_key_file => nil, - :peer_client_cert_auth => false, - ) - end - end - - context 'with overrides' do - before :each do - params.merge!({ - :bind_ip => '127.0.0.2', - :client_port => '1234', - :peer_port => '4321', - :nodes => ['node3', 'node4'] - }) - end - it 'should configure etcd with overrides' do - is_expected.to contain_class('etcd').with( - :listen_client_urls => 'http://127.0.0.2:1234', - :advertise_client_urls => 'http://127.0.0.2:1234', - :listen_peer_urls => 'http://127.0.0.2:4321', - :initial_advertise_peer_urls => 'http://127.0.0.2:4321', - :initial_cluster => ['node3=http://node3:4321', 'node4=http://node4:4321'], - ) - end - end - - context 'with TLS enabled' do - before :each do - params.merge!({ - :enable_internal_tls => true, - :certificate_specs => { - 'service_certificate' => '/path/to/etcd.cert', - 'service_key' => '/path/to/etcd.key', - }, - }) - end - it 'should configure etcd with TLS' do - is_expected.to contain_class('etcd').with( - :listen_client_urls => 'https://127.0.0.1:2379', - :advertise_client_urls => 'https://127.0.0.1:2379', - :listen_peer_urls => 'https://127.0.0.1:2380', - :initial_advertise_peer_urls => 'https://127.0.0.1:2380', - :cert_file => '/path/to/etcd.cert', - :key_file => '/path/to/etcd.key', - :client_cert_auth => true, - :peer_cert_file => '/path/to/etcd.cert', - :peer_key_file => '/path/to/etcd.key', - :peer_client_cert_auth => true, - ) - end - end - - context 'with an IPv6 bind_ip' do - before :each do - params.merge!({ - :bind_ip => 'fe80::1ff:fe23:4567:890a', - }) - end - it 'should normalize it in the URLs' do - is_expected.to contain_class('etcd').with( - :listen_client_urls => 'http://[fe80::1ff:fe23:4567:890a]:2379', - :advertise_client_urls => 'http://[fe80::1ff:fe23:4567:890a]:2379', - :listen_peer_urls => 'http://[fe80::1ff:fe23:4567:890a]:2380', - :initial_advertise_peer_urls => 'http://[fe80::1ff:fe23:4567:890a]:2380', - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::etcd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_api_spec.rb b/spec/classes/tripleo_profile_base_glance_api_spec.rb deleted file mode 100644 index 3cb1c7a25..000000000 --- a/spec/classes/tripleo_profile_base_glance_api_spec.rb +++ /dev/null @@ -1,264 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::api' do - shared_examples_for 'tripleo::profile::base::glance::api' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it 'should not configure glance' do - is_expected.to contain_class('tripleo::profile::base::glance::api') - is_expected.to_not contain_class('glance') - is_expected.to_not contain_class('glance::config') - is_expected.to_not contain_class('glance::healthcheck') - is_expected.to_not contain_class('glance::api::db') - is_expected.to_not contain_class('glance::api::logging') - is_expected.to_not contain_class('glance::api') - is_expected.to_not contain_class('glance::key_manager') - is_expected.to_not contain_class('glance::key_manager::barbican') - is_expected.to_not contain_class('glance::notify::rabbitmq') - is_expected.to_not contain_class('glance::cron::db_purge') - is_expected.to_not contain_class('glance::cache::cleaner') - is_expected.to_not contain_class('glance::cache::pruner') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'glance1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'glance2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - } } - - it 'should configure glance' do - is_expected.to contain_class('tripleo::profile::base::glance::api') - is_expected.to contain_class('glance') - is_expected.to contain_class('glance::config') - is_expected.to contain_class('glance::healthcheck') - is_expected.to contain_class('glance::api::db') - is_expected.to contain_class('glance::api::logging') - is_expected.to contain_class('glance::api') - is_expected.to contain_class('glance::key_manager') - is_expected.to contain_class('glance::key_manager::barbican') - is_expected.to contain_class('glance::notify::rabbitmq').with( - :default_transport_url => 'rabbit://glance1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://glance2:baa@192.168.0.2:5678/?ssl=0', - ) - is_expected.to_not contain_class('glance::cron::db_purge') - is_expected.to_not contain_class('glance::cache::cleaner') - is_expected.to_not contain_class('glance::cache::pruner') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it 'should not configure glance' do - is_expected.to contain_class('tripleo::profile::base::glance::api') - is_expected.to_not contain_class('glance') - is_expected.to_not contain_class('glance::config') - is_expected.to_not contain_class('glance::healthcheck') - is_expected.to_not contain_class('glance::api::db') - is_expected.to_not contain_class('glance::api::logging') - is_expected.to_not contain_class('glance::api') - is_expected.to_not contain_class('glance::key_manager') - is_expected.to_not contain_class('glance::key_manager::barbican') - is_expected.to_not contain_class('glance::notify::rabbitmq') - is_expected.to_not contain_class('glance::cron::db_purge') - is_expected.to_not contain_class('glance::cache::cleaner') - is_expected.to_not contain_class('glance::cache::pruner') - end - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'glance1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'glance2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - } } - - it 'should configure glance' do - is_expected.to contain_class('tripleo::profile::base::glance::api') - is_expected.to contain_class('glance') - is_expected.to contain_class('glance::config') - is_expected.to contain_class('glance::healthcheck') - is_expected.to contain_class('glance::api::db') - is_expected.to contain_class('glance::api::logging') - is_expected.to contain_class('glance::api').with( - :enabled_backends => ['default_backend:swift'], - :default_backend => 'default_backend', - ) - is_expected.to contain_class('glance::key_manager') - is_expected.to contain_class('glance::key_manager::barbican') - is_expected.to_not contain_class('tripleo::profile::base::glance::backend::cinder') - is_expected.to_not contain_class('tripleo::profile::base::glance::backend::file') - is_expected.to_not contain_class('tripleo::profile::base::glance::backend::rbd') - is_expected.to contain_class('tripleo::profile::base::glance::backend::swift').with( - :backend_names => ['default_backend'], - ) - is_expected.to contain_class('glance::notify::rabbitmq').with( - :default_transport_url => 'rabbit://glance1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://glance2:baa@192.168.0.2:5678/?ssl=0', - ) - is_expected.to_not contain_class('glance::cron::db_purge') - is_expected.to_not contain_class('glance::cache::cleaner') - is_expected.to_not contain_class('glance::cache::pruner') - end - - context 'with multistore_config' do - before :each do - params.merge!({ - :glance_backend => 'cinder', - :glance_backend_id => 'my_cinder', - :multistore_config => { - 'my_file' => { - 'GlanceBackend' => 'file', - }, - 'rbd1' => { - 'GlanceBackend' => 'rbd', - 'CephClusterName' => 'ceph1', - 'CephClientUserName' => 'user1', - 'GlanceRbdPoolName' => 'pool1', - }, - 'rbd2' => { - 'GlanceBackend' => 'rbd', - 'CephClusterName' => 'ceph2', - 'CephClientUserName' => 'user2', - 'GlanceRbdPoolName' => 'pool2', - }, - 'my_swift' => { - 'GlanceBackend' => 'swift', - }, - }, - }) - end - it 'should configure multiple backends' do - is_expected.to contain_class('glance::api').with( - :enabled_backends => [ - 'my_cinder:cinder', - 'my_file:file', - 'rbd1:rbd', - 'rbd2:rbd', - 'my_swift:swift' - ], - :default_backend => 'my_cinder', - ) - is_expected.to contain_class('tripleo::profile::base::glance::backend::cinder').with( - :backend_names => ['my_cinder'], - ) - is_expected.to contain_class('tripleo::profile::base::glance::backend::file').with( - :backend_names => ['my_file'], - ) - is_expected.to contain_class('tripleo::profile::base::glance::backend::rbd').with( - :backend_names => ['rbd1', 'rbd2'], - ) - is_expected.to contain_class('tripleo::profile::base::glance::backend::swift').with( - :backend_names => ['my_swift'], - ) - end - end - context 'with invalid multistore_config' do - before :each do - params.merge!({ - :multistore_config => { - 'rbd' => { - 'GlanceBackend_typo' => 'rbd', - }, - }, - }) - end - it_raises 'a Puppet::Error', / does not specify a glance_backend./ - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - } } - - it 'should configure db_purge' do - is_expected.to contain_class('glance::cron::db_purge') - end - - it 'should not configure cache' do - is_expected.to_not contain_class('glance::cache::cleaner') - is_expected.to_not contain_class('glance::cache::pruner') - end - end - - context 'with step 5 without db_purge' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :glance_enable_db_purge => false, - } } - - it 'should configure db_purge' do - is_expected.to_not contain_class('glance::cron::db_purge') - end - end - - context 'with step 5 with cache' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :glance_enable_cache => true, - } } - - it 'should configure cache' do - is_expected.to contain_class('glance::cache::cleaner') - is_expected.to contain_class('glance::cache::pruner') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_authtoken_spec.rb b/spec/classes/tripleo_profile_base_glance_authtoken_spec.rb deleted file mode 100644 index 053c2cae1..000000000 --- a/spec/classes/tripleo_profile_base_glance_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::authtoken' do - shared_examples_for 'tripleo::profile::base::glance::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::glance::authtoken') - is_expected.to_not contain_class('glance::api::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::glance::authtoken') - is_expected.to contain_class('glance::api::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::glance::authtoken') - is_expected.to contain_class('glance::api::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::glance::authtoken') - is_expected.to contain_class('glance::api::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_backend_cinder_spec.rb b/spec/classes/tripleo_profile_base_glance_backend_cinder_spec.rb deleted file mode 100644 index 50bfbff66..000000000 --- a/spec/classes/tripleo_profile_base_glance_backend_cinder_spec.rb +++ /dev/null @@ -1,137 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::backend::cinder' do - shared_examples_for 'tripleo::profile::base::glance::backend::cinder' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :backend_names => ['my_cinder'], - :step => 3, - } } - - it 'should not configure a backend' do - is_expected.to contain_class('tripleo::profile::base::glance::backend::cinder') - is_expected.to_not contain_glance__backend__multistore__cinder('my_cinder') - end - end - - context 'with step 4' do - let(:params) { { - :cinder_ca_certificates_file => '/path/to/certificates_file', - :cinder_api_insecure => true, - :cinder_catalog_info => 'volume:cinder:internalURL', - :cinder_http_retries => '10', - :cinder_endpoint_template => 'http://srv-foo:8776/v1/%(project_id)s', - :cinder_store_auth_address => '127.0.0.2:8080/v3/', - :cinder_store_project_name => 'services', - :cinder_store_user_name => 'glance', - :cinder_store_password => 'glance_password', - :cinder_os_region_name => 'regionOne', - :cinder_enforce_multipath => true, - :cinder_use_multipath => true, - :cinder_mount_point_base => '/var/lib/glance/mnt/nfs', - :cinder_volume_type => 'glance-my_cinder', - :store_description => 'Cinder store', - :backend_names => ['my_cinder'], - :step => 4, - } } - - it 'should configure the backend' do - is_expected.to contain_glance__backend__multistore__cinder('my_cinder').with( - :cinder_ca_certificates_file => '/path/to/certificates_file', - :cinder_api_insecure => true, - :cinder_catalog_info => 'volume:cinder:internalURL', - :cinder_http_retries => '10', - :cinder_endpoint_template => 'http://srv-foo:8776/v1/%(project_id)s', - :cinder_store_auth_address => '127.0.0.2:8080/v3/', - :cinder_store_project_name => 'services', - :cinder_store_user_name => 'glance', - :cinder_store_password => 'glance_password', - :cinder_os_region_name => 'regionOne', - :cinder_enforce_multipath => true, - :cinder_use_multipath => true, - :cinder_mount_point_base => '/var/lib/glance/mnt/nfs', - :cinder_volume_type => 'glance-my_cinder', - :store_description => 'Cinder store', - ) - end - - - context 'with store description and volume type in multistore_config' do - before :each do - params.merge!({ - :multistore_config => { - 'my_cinder' => { - 'GlanceCinderVolumeType' => 'glance-cinder', - 'GlanceStoreDescription' => 'My multistore cinder backend', - }, - }, - }) - end - it 'should use the multistore_config description and volume type' do - is_expected.to contain_glance__backend__multistore__cinder('my_cinder').with( - :cinder_volume_type => 'glance-cinder', - :store_description => 'My multistore cinder backend', - ) - end - end - - context 'with multiple backend_names' do - before :each do - params.merge!({ - :backend_names => ['cinder1', 'cinder2'], - :multistore_config => { - 'cinder2' => { - 'GlanceCinderVolumeType' => 'glance-cinder2', - 'GlanceStoreDescription' => 'cinder2 backend', - }, - }, - :cinder_volume_type => 'glance-cinder1', - :store_description => 'cinder1 backend', - }) - end - - it 'should configure multiple backends' do - is_expected.to contain_glance__backend__multistore__cinder('cinder1').with( - :cinder_volume_type => 'glance-cinder1', - :store_description => 'cinder1 backend', - ) - is_expected.to contain_glance__backend__multistore__cinder('cinder2').with( - :cinder_volume_type => 'glance-cinder2', - :store_description => 'cinder2 backend', - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::backend::cinder' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_backend_file_spec.rb b/spec/classes/tripleo_profile_base_glance_backend_file_spec.rb deleted file mode 100644 index cbe0c140f..000000000 --- a/spec/classes/tripleo_profile_base_glance_backend_file_spec.rb +++ /dev/null @@ -1,105 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::backend::file' do - shared_examples_for 'tripleo::profile::base::glance::backend::file' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :backend_names => ['my_file'], - :step => 3, - } } - - it 'should not configure a backend' do - is_expected.to contain_class('tripleo::profile::base::glance::backend::file') - is_expected.to_not contain_glance__backend__multistore__file('my_file') - end - end - - context 'with step 4' do - let(:params) { { - :backend_names => ['my_file'], - :filesystem_store_datadir => '/path/to/datadir', - :step => 4, - } } - - it 'should configure the backend' do - is_expected.to contain_glance__backend__multistore__file('my_file').with( - :filesystem_store_datadir => '/path/to/datadir', - :store_description => 'File store', - ) - end - - context 'with parameters overridden' do - before :each do - params.merge!({ - :filesystem_thin_provisioning => true - }) - - it 'should configure the backend with the specified parameters' do - is_expected.to contain_glance__backend__multistore__file('my_file').with( - :filesystem_store_datadir => '/path/to/datadir', - :filesystem_thin_provisioning => true, - :store_description => 'File store', - ) - end - end - end - - context 'with store description in multistore_config' do - before :each do - params.merge!({ - :multistore_config => { - 'my_file' => { - 'GlanceStoreDescription' => 'My multistore file backend', - }, - }, - }) - end - it 'should use the multistore_config description' do - is_expected.to contain_glance__backend__multistore__file('my_file').with( - :store_description => 'My multistore file backend', - ) - end - end - - context 'with multiple backend_names' do - before :each do - params.merge!({ - :backend_names => ['file1', 'file2'], - }) - end - it_raises 'a Puppet::Error', /Multiple file backends are not supported./ - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::backend::file' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb b/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb deleted file mode 100644 index deab71cd7..000000000 --- a/spec/classes/tripleo_profile_base_glance_backend_rbd_spec.rb +++ /dev/null @@ -1,134 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::backend::rbd' do - shared_examples_for 'tripleo::profile::base::glance::backend::rbd' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :backend_names => ['my_rbd'], - :step => 3, - } } - - it 'should not configure a backend' do - is_expected.to contain_class('tripleo::profile::base::glance::backend::rbd') - is_expected.to_not contain_glance__backend__multistore__rbd('my_rbd') - end - end - - context 'with step 4' do - let(:params) { { - :backend_names => ['my_rbd'], - :step => 4, - } } - - it 'should configure the backend' do - is_expected.to contain_glance__backend__multistore__rbd('my_rbd').with( - :rbd_store_ceph_conf => '/etc/ceph/ceph.conf', - :rbd_store_user => 'openstack', - :rbd_store_pool => 'images', - :store_description => 'RBD store', - ) - end - - context 'with parameters overridden' do - before :each do - params.merge!({ - :rbd_store_chunk_size => 512, - :rbd_thin_provisioning => true, - :rados_connect_timeout => 10, - }) - - it 'should configure the backend with the specified parameters' do - is_expected.to contain_glance__backend__multistore__rbd('my_rbd').with( - :rbd_store_ceph_conf => '/etc/ceph/ceph.conf', - :rbd_store_user => 'openstack', - :rbd_store_pool => 'images', - :rbd_store_chunk_size => 512, - :rbd_thin_provisioning => true, - :rados_connect_timeout => 10, - :store_description => 'RBD store', - ) - end - end - end - - context 'with store description in multistore_config' do - before :each do - params.merge!({ - :multistore_config => { - 'my_rbd' => { - 'GlanceStoreDescription' => 'My multistore RBD backend', - }, - }, - }) - end - it 'should use the multistore_config description' do - is_expected.to contain_glance__backend__multistore__rbd('my_rbd').with( - :store_description => 'My multistore RBD backend', - ) - end - end - - context 'with multiple backend_names' do - before :each do - params.merge!({ - :backend_names => ['rbd1', 'rbd2'], - :multistore_config => { - 'rbd2' => { - 'CephClusterName' => 'ceph2', - 'CephClientUserName' => 'openstack2', - 'GlanceRbdPoolName' => 'images2', - 'GlanceStoreDescription' => 'rbd2 backend', - }, - }, - :store_description => 'rbd1 backend', - }) - end - it 'should configure multiple backends' do - is_expected.to contain_glance__backend__multistore__rbd('rbd1').with( - :rbd_store_ceph_conf => '/etc/ceph/ceph.conf', - :rbd_store_user => 'openstack', - :rbd_store_pool => 'images', - :store_description => 'rbd1 backend', - ) - is_expected.to contain_glance__backend__multistore__rbd('rbd2').with( - :rbd_store_ceph_conf => '/etc/ceph/ceph2.conf', - :rbd_store_user => 'openstack2', - :rbd_store_pool => 'images2', - :store_description => 'rbd2 backend', - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::backend::rbd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_glance_backend_swift_spec.rb b/spec/classes/tripleo_profile_base_glance_backend_swift_spec.rb deleted file mode 100644 index 8093b55cd..000000000 --- a/spec/classes/tripleo_profile_base_glance_backend_swift_spec.rb +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::glance::backend::swift' do - shared_examples_for 'tripleo::profile::base::glance::backend::swift' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :backend_names => ['my_swift'], - :step => 3, - } } - - it 'should not configure a backend' do - is_expected.to contain_class('tripleo::profile::base::glance::backend::swift') - is_expected.to_not contain_glance__backend__multistore__swift('my_swift') - end - end - - context 'with step 4' do - let(:params) { { - :backend_names => ['my_swift'], - :swift_store_user => 'service:glance', - :swift_store_key => 'glance_password', - :swift_store_auth_address => '127.0.0.2:8080/v3/', - :swift_store_auth_version => 3, - :swift_store_create_container_on_put => true, - :step => 4, - } } - - it 'should configure the backend' do - is_expected.to contain_glance__backend__multistore__swift('my_swift').with( - :swift_store_user => 'service:glance', - :swift_store_key => 'glance_password', - :swift_store_auth_address => '127.0.0.2:8080/v3/', - :swift_store_auth_version => 3, - :swift_store_create_container_on_put => true, - :default_swift_reference => 'ref1', - :store_description => 'Swift store', - ) - end - - context 'with store description in multistore_config' do - before :each do - params.merge!({ - :multistore_config => { - 'my_swift' => { - 'GlanceStoreDescription' => 'My multistore swift backend', - }, - }, - }) - end - it 'should use the multistore_config description' do - is_expected.to contain_glance__backend__multistore__swift('my_swift').with( - :store_description => 'My multistore swift backend', - ) - end - end - - context 'with multiple backend_names' do - before :each do - params.merge!({ - :backend_names => ['swift1', 'swift2'], - }) - end - it_raises 'a Puppet::Error', /Multiple swift backends are not supported./ - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::glance::backend::swift' - end - end -end diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb deleted file mode 100644 index 92350effb..000000000 --- a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb +++ /dev/null @@ -1,180 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::gnocchi::api' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - shared_examples_for 'tripleo::profile::base::gnocchi::api' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::gnocchi': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 2, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to_not contain_class('gnocchi::db::sync') - is_expected.to_not contain_class('gnocchi::api') - is_expected.to_not contain_class('gnocchi::wsgi::apache') - } - end - - context 'with step 3 on bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::db::sync') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - } - end - - context 'with step 3 not on bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to_not contain_class('gnocchi::db::sync') - is_expected.to_not contain_class('gnocchi::api') - is_expected.to_not contain_class('gnocchi::wsgi::apache') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - is_expected.to contain_class('gnocchi::storage::swift') - } - end - - context 'with step 4 with file backend' do - let(:params) { { - :step => 4, - :gnocchi_backend => 'file', - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1', - :incoming_storage_driver => 'redis', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - is_expected.to contain_class('gnocchi::storage::incoming::redis').with( - :redis_url => 'redis://:gnocchi@127.0.0.1:6379/' - ) - is_expected.to contain_class('gnocchi::storage::file') - } - end - - context 'with step 4 with ceph backend' do - let(:params) { { - :step => 4, - :gnocchi_backend => 'rbd', - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1', - :incoming_storage_driver => 'redis', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - is_expected.to contain_class('gnocchi::storage::incoming::redis').with( - :redis_url => 'redis://:gnocchi@127.0.0.1:6379/' - ) - is_expected.to contain_class('gnocchi::storage::ceph') - } - end - - context 'skip incoming storage in step 4' do - let(:params) { { - :step => 4, - :gnocchi_backend => 'rbd', - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1', - :incoming_storage_driver => '', - } } - - it { - is_expected.not_to contain_class('gnocchi::storage::incoming::redis') - } - end - - context 'with step 5 on bootstrap' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::api') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::api') - is_expected.to contain_class('gnocchi::wsgi::apache') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::gnocchi::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_gnocchi_authtoken_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_authtoken_spec.rb deleted file mode 100644 index dd5c1f9c3..000000000 --- a/spec/classes/tripleo_profile_base_gnocchi_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::gnocchi::authtoken' do - shared_examples_for 'tripleo::profile::base::gnocchi::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to_not contain_class('gnocchi::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::authtoken') - is_expected.to contain_class('gnocchi::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::gnocchi::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_gnocchi_metricd_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_metricd_spec.rb deleted file mode 100644 index c1d3971c8..000000000 --- a/spec/classes/tripleo_profile_base_gnocchi_metricd_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::gnocchi::metricd' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - shared_examples_for 'tripleo::profile::base::gnocchi::metricd' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::gnocchi': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 5' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::metricd') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to_not contain_class('gnocchi::metricd') - } - end - - context 'with step 5' do - let(:params) { { - :step => 5, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::metricd') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('gnocchi::metricd') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::gnocchi::metricd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_gnocchi_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_spec.rb deleted file mode 100644 index 1e87eb5d5..000000000 --- a/spec/classes/tripleo_profile_base_gnocchi_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::gnocchi' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - shared_examples_for 'tripleo::profile::base::gnocchi' do - context 'with step less than 3' do - let(:params) { { - :step => 2, - } } - - it { - is_expected.to_not contain_class('gnocchi') - is_expected.to_not contain_class('gnocchi::config') - is_expected.to_not contain_class('gnocchi::cors') - is_expected.to_not contain_class('gnocchi::db') - is_expected.to_not contain_class('gnocchi::logging') - } - end - - context 'with step 3 on bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1', - } } - - it { - is_expected.to contain_class('gnocchi').with( - :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' - ) - is_expected.to contain_class('gnocchi::config') - is_expected.to contain_class('gnocchi::cors') - is_expected.to contain_class('gnocchi::db') - is_expected.to contain_class('gnocchi::logging') - } - end - - context 'with step 3 not on bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to_not contain_class('gnocchi') - is_expected.to_not contain_class('gnocchi::config') - is_expected.to_not contain_class('gnocchi::cors') - is_expected.to_not contain_class('gnocchi::db') - is_expected.to_not contain_class('gnocchi::logging') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :gnocchi_redis_password => 'gnocchi', - :redis_vip => '127.0.0.1', - } } - - it { - is_expected.to contain_class('gnocchi').with( - :coordination_url => 'redis://:gnocchi@127.0.0.1:6379/' - ) - is_expected.to contain_class('gnocchi::config') - is_expected.to contain_class('gnocchi::cors') - is_expected.to contain_class('gnocchi::db') - is_expected.to contain_class('gnocchi::logging') - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::gnocchi' - end - end -end - diff --git a/spec/classes/tripleo_profile_base_gnocchi_statsd_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_statsd_spec.rb deleted file mode 100644 index 0c6f61363..000000000 --- a/spec/classes/tripleo_profile_base_gnocchi_statsd_spec.rb +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::gnocchi::statsd' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - shared_examples_for 'tripleo::profile::base::gnocchi::statsd' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::gnocchi': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 5' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::statsd') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to_not contain_class('gnocchi::statsd') - } - end - - context 'with step 5' do - let(:params) { { - :step => 5, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::gnocchi::statsd') - is_expected.to contain_class('tripleo::profile::base::gnocchi') - is_expected.to contain_class('gnocchi::statsd') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::gnocchi::statsd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_heat_api_cfn_spec.rb b/spec/classes/tripleo_profile_base_heat_api_cfn_spec.rb deleted file mode 100644 index d8171ed5c..000000000 --- a/spec/classes/tripleo_profile_base_heat_api_cfn_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::heat::api_cfn' do - shared_examples_for 'tripleo::profile::base::heat::api_cfn' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::heat::authtoken': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::heat': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'heat', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api_cfn') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::api_cfn') - is_expected.to_not contain_class('heat::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('heat::wsgi::apache_api_cfn') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api_cfn') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::api_cfn') - is_expected.to contain_class('heat::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('heat::wsgi::apache_api_cfn') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api_cfn') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::api_cfn') - is_expected.to_not contain_class('heat::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('heat::wsgi::apache_api_cfn') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api_cfn') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::api_cfn') - is_expected.to contain_class('heat::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('heat::wsgi::apache_api_cfn') - } - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::heat::api_cfn' - end - end -end diff --git a/spec/classes/tripleo_profile_base_heat_api_spec.rb b/spec/classes/tripleo_profile_base_heat_api_spec.rb deleted file mode 100644 index 013fa68ee..000000000 --- a/spec/classes/tripleo_profile_base_heat_api_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::heat::api' do - shared_examples_for 'tripleo::profile::base::heat::api' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::heat::authtoken': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::heat': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'heat', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::api') - is_expected.to_not contain_class('heat::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('heat::wsgi::apache_api') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::api') - is_expected.to contain_class('heat::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('heat::wsgi::apache_api') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::api') - is_expected.to_not contain_class('heat::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('heat::wsgi::apache_api') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::api') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::api') - is_expected.to contain_class('heat::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('heat::wsgi::apache_api') - } - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::heat::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_heat_authtoken_spec.rb b/spec/classes/tripleo_profile_base_heat_authtoken_spec.rb deleted file mode 100644 index f613341f9..000000000 --- a/spec/classes/tripleo_profile_base_heat_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::heat::authtoken' do - shared_examples_for 'tripleo::profile::base::heat::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to_not contain_class('heat::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::heat::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_heat_engine_spec.rb b/spec/classes/tripleo_profile_base_heat_engine_spec.rb deleted file mode 100644 index 9cfee7d48..000000000 --- a/spec/classes/tripleo_profile_base_heat_engine_spec.rb +++ /dev/null @@ -1,101 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::heat::engine' do - shared_examples_for 'tripleo::profile::base::heat::engine' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::heat::authtoken': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::heat': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'heat', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::engine') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::engine') - is_expected.to_not contain_class('heat::policy') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::engine') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::engine') - is_expected.to contain_class('heat::policy') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::engine') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to_not contain_class('heat::engine') - is_expected.to_not contain_class('heat::policy') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::heat::engine') - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('heat::engine') - is_expected.to contain_class('heat::policy') - } - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::heat::engine' - end - end -end diff --git a/spec/classes/tripleo_profile_base_heat_spec.rb b/spec/classes/tripleo_profile_base_heat_spec.rb deleted file mode 100644 index 0013349f6..000000000 --- a/spec/classes/tripleo_profile_base_heat_spec.rb +++ /dev/null @@ -1,233 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::heat' do - shared_examples_for 'tripleo::profile::base::heat' do - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::heat::authtoken': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to_not contain_class('heat::keystone::domain') - is_expected.to_not contain_class('heat') - is_expected.to_not contain_class('heat::clients') - is_expected.to_not contain_class('heat::config') - is_expected.to_not contain_class('heat::cors') - is_expected.to_not contain_class('heat::db') - is_expected.to_not contain_class('heat::logging') - is_expected.to_not contain_class('heat::trustee') - is_expected.to_not contain_class('heat::cache') - is_expected.to_not contain_class('heat::cron::purge_deleted') - end - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'heat1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'heat2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - :memcached_hosts => '127.0.0.1', - } } - - it 'should trigger complete configuration without db_purge' do - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::domain').with( - :manage_domain => false, - :manage_user => false, - :manage_role => false - ) - is_expected.to contain_class('heat').with( - :default_transport_url => 'rabbit://heat1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://heat2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('heat::clients') - is_expected.to contain_class('heat::config') - is_expected.to contain_class('heat::cors') - is_expected.to contain_class('heat::db') - is_expected.to contain_class('heat::logging') - is_expected.to contain_class('heat::trustee') - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['127.0.0.1:11211'] - ) - is_expected.to_not contain_class('heat::cron::purge_deleted') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'heat1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'heat2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - :memcached_hosts => '127.0.0.1', - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::domain').with( - :manage_domain => false, - :manage_user => false, - :manage_role => false - ) - is_expected.to contain_class('heat').with( - :default_transport_url => 'rabbit://heat1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://heat2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('heat::clients') - is_expected.to contain_class('heat::config') - is_expected.to contain_class('heat::cors') - is_expected.to contain_class('heat::db') - is_expected.to contain_class('heat::logging') - is_expected.to contain_class('heat::trustee') - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['127.0.0.1:11211'] - ) - is_expected.to contain_class('heat::cron::purge_deleted') - end - end - - context 'with step 5 without db_purge' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'heat1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'heat2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - :manage_db_purge => false, - :memcached_hosts => '::1', - } } - - it 'should trigger complete configuration without db_purge' do - is_expected.to contain_class('tripleo::profile::base::heat') - is_expected.to contain_class('tripleo::profile::base::heat::authtoken') - is_expected.to contain_class('heat::keystone::domain').with( - :manage_domain => false, - :manage_user => false, - :manage_role => false - ) - is_expected.to contain_class('heat').with( - :default_transport_url => 'rabbit://heat1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://heat2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('heat::clients') - is_expected.to contain_class('heat::config') - is_expected.to contain_class('heat::cors') - is_expected.to contain_class('heat::db') - is_expected.to contain_class('heat::logging') - is_expected.to contain_class('heat::trustee') - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['[::1]:11211'] - ) - is_expected.to_not contain_class('heat::cron::purge_deleted') - end - end - - context 'with step 4 and memcache ipv6' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['[::1]:11211'] - ) - end - end - - context 'with step 4, memcache ipv6 and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['inet6:[::1]:11211'] - ) - end - end - - context 'with step 4 and the ipv6 parameter' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['node.example.com:11211'] - ) - end - end - - context 'with step 4, the ipv6 parameter and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('heat::cache').with( - :memcache_servers => ['inet6:[node.example.com]:11211'] - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::heat' - end - end -end diff --git a/spec/classes/tripleo_profile_base_horizon_spec.rb b/spec/classes/tripleo_profile_base_horizon_spec.rb deleted file mode 100644 index d1c3daf5a..000000000 --- a/spec/classes/tripleo_profile_base_horizon_spec.rb +++ /dev/null @@ -1,149 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::horizon' do - shared_examples_for 'tripleo::profile::base::horizon' do - context 'with step less than 3' do - let(:params) { { :step => 2 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::horizon') - is_expected.to_not contain_class('horizon') - is_expected.to_not contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - end - end - - context 'with step 3 and not bootstrap' do - let(:params) { { - :step => 3, - } } - - it 'should not configure anything' do - is_expected.to_not contain_class('horizon') - is_expected.to_not contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - is_expected.to_not contain_class('apache::mod::remoteip') - is_expected.to_not contain_class('apache::mod::status') - end - end - - context 'with step 3 and bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('horizon') - is_expected.to contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - is_expected.to contain_class('apache::mod::remoteip') - is_expected.to contain_class('apache::mod::status') - end - end - - context 'with step 4' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com' - } } - - it 'should trigger complete configuration' do - is_expected.to contain_class('horizon') - is_expected.to contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - is_expected.to contain_class('apache::mod::remoteip') - is_expected.to contain_class('apache::mod::status') - end - end - - context 'with step 4 and heat enabled' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :heat_api_enabled => true, - } } - - it 'should trigger complete configuration with heat dashboard' do - is_expected.to contain_class('horizon') - is_expected.to contain_class('horizon::policy') - is_expected.to contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - is_expected.to contain_class('apache::mod::remoteip') - is_expected.to contain_class('apache::mod::status') - end - end - - context 'with step 4 and octavia enabled' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :octavia_api_enabled => true, - } } - - it 'should trigger complete configuration with octavia dashboard' do - is_expected.to contain_class('horizon') - is_expected.to contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to contain_class('horizon::dashboards::octavia') - is_expected.to_not contain_class('horizon::dashboards::manila') - is_expected.to contain_class('apache::mod::remoteip') - is_expected.to contain_class('apache::mod::status') - end - end - - context 'with step 4 and manila enabled' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :manila_api_enabled => true, - } } - - it 'should trigger complete configuration with manila dashboard' do - is_expected.to contain_class('horizon') - is_expected.to contain_class('horizon::policy') - is_expected.to_not contain_class('horizon::dashboards::heat') - is_expected.to_not contain_class('horizon::dashboards::octavia') - is_expected.to contain_class('horizon::dashboards::manila') - is_expected.to contain_class('apache::mod::remoteip') - is_expected.to contain_class('apache::mod::status') - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::horizon' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ironic_api_spec.rb b/spec/classes/tripleo_profile_base_ironic_api_spec.rb deleted file mode 100644 index 8dbba6868..000000000 --- a/spec/classes/tripleo_profile_base_ironic_api_spec.rb +++ /dev/null @@ -1,121 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ironic::api' do - shared_examples_for 'tripleo::profile::base::ironic::api' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::ironic': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'ironic', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::api') - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to_not contain_class('ironic::api') - is_expected.to_not contain_class('ironic::cors') - is_expected.to_not contain_class('ironic::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('ironic::wsgi::apache') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::api') - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to contain_class('ironic::api') - is_expected.to contain_class('ironic::cors') - is_expected.to contain_class('ironic::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('ironic::wsgi::apache') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::api') - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to_not contain_class('ironic::api') - is_expected.to_not contain_class('ironic::cors') - is_expected.to_not contain_class('ironic::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('ironic::wsgi::apache') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::api') - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to contain_class('ironic::api') - is_expected.to contain_class('ironic::cors') - is_expected.to contain_class('ironic::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('ironic::wsgi::apache') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ironic::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ironic_authtoken_spec.rb b/spec/classes/tripleo_profile_base_ironic_authtoken_spec.rb deleted file mode 100644 index 8757ddffb..000000000 --- a/spec/classes/tripleo_profile_base_ironic_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ironic::authtoken' do - shared_examples_for 'tripleo::profile::base::ironic::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to_not contain_class('ironic::api::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('ironic::api::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('ironic::api::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic::authtoken') - is_expected.to contain_class('ironic::api::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ironic::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ironic_inspector_authtoken_spec.rb b/spec/classes/tripleo_profile_base_ironic_inspector_authtoken_spec.rb deleted file mode 100644 index aa888c69e..000000000 --- a/spec/classes/tripleo_profile_base_ironic_inspector_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ironic_inspector::authtoken' do - shared_examples_for 'tripleo::profile::base::ironic_inspector::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken') - is_expected.to_not contain_class('ironic::inspector::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken') - is_expected.to contain_class('ironic::inspector::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken') - is_expected.to contain_class('ironic::inspector::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector::authtoken') - is_expected.to contain_class('ironic::inspector::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ironic_inspector::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ironic_inspector_spec.rb b/spec/classes/tripleo_profile_base_ironic_inspector_spec.rb deleted file mode 100644 index 02d0e167c..000000000 --- a/spec/classes/tripleo_profile_base_ironic_inspector_spec.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ironic_inspector' do - shared_examples_for 'tripleo::profile::base::ironic_inspector' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector') - is_expected.to_not contain_class('ironic::inspector') - is_expected.to_not contain_class('ironic::inspector::db') - is_expected.to_not contain_class('ironic::inspector::pxe_filter') - is_expected.to_not contain_class('ironic::inspector::pxe_filter::dnsmasq') - is_expected.to_not contain_class('ironic::inspector::config') - is_expected.to_not contain_class('ironic::inspector::logging') - is_expected.to_not contain_class('ironic::inspector::ironic') - is_expected.to_not contain_class('ironic::inspector::swift') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :inspection_subnets => ['192.168.24.0/24'], - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector') - is_expected.to contain_class('ironic::inspector').with( - :dnsmasq_ip_subnets => ['192.168.24.0/24'] - ) - is_expected.to contain_class('ironic::inspector::db') - is_expected.to contain_class('ironic::inspector::pxe_filter') - is_expected.to contain_class('ironic::inspector::pxe_filter::dnsmasq') - is_expected.to contain_class('ironic::inspector::config') - is_expected.to contain_class('ironic::inspector::logging') - is_expected.to contain_class('ironic::inspector::ironic') - is_expected.to contain_class('ironic::inspector::swift') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector') - is_expected.to_not contain_class('ironic::inspector') - is_expected.to_not contain_class('ironic::inspector::db') - is_expected.to_not contain_class('ironic::inspector::pxe_filter') - is_expected.to_not contain_class('ironic::inspector::pxe_filter::dnsmasq') - is_expected.to_not contain_class('ironic::inspector::config') - is_expected.to_not contain_class('ironic::inspector::logging') - is_expected.to_not contain_class('ironic::inspector::ironic') - is_expected.to_not contain_class('ironic::inspector::swift') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - :inspection_subnets => ['192.168.24.0/24'], - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic_inspector') - is_expected.to contain_class('ironic::inspector').with( - :dnsmasq_ip_subnets => ['192.168.24.0/24'] - ) - is_expected.to contain_class('ironic::inspector::db') - is_expected.to contain_class('ironic::inspector::pxe_filter') - is_expected.to contain_class('ironic::inspector::pxe_filter::dnsmasq') - is_expected.to contain_class('ironic::inspector::config') - is_expected.to contain_class('ironic::inspector::logging') - is_expected.to contain_class('ironic::inspector::ironic') - is_expected.to contain_class('ironic::inspector::swift') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ironic_inspector' - end - end -end diff --git a/spec/classes/tripleo_profile_base_ironic_spec.rb b/spec/classes/tripleo_profile_base_ironic_spec.rb deleted file mode 100644 index 57b80f312..000000000 --- a/spec/classes/tripleo_profile_base_ironic_spec.rb +++ /dev/null @@ -1,111 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::ironic' do - shared_examples_for 'tripleo::profile::base::ironic' do - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to_not contain_class('ironic') - is_expected.to_not contain_class('ironic::config') - is_expected.to_not contain_class('ironic::cors') - is_expected.to_not contain_class('ironic::db') - is_expected.to_not contain_class('ironic::logging') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_username => 'ironic', - :oslomsg_rpc_password => 'foo', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to contain_class('ironic').with( - :default_transport_url => 'rabbit://ironic:foo@localhost:5672/?ssl=0' - ) - is_expected.to contain_class('ironic::config') - is_expected.to contain_class('ironic::cors') - is_expected.to contain_class('ironic::db') - is_expected.to contain_class('ironic::logging') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to_not contain_class('ironic') - is_expected.to_not contain_class('ironic::config') - is_expected.to_not contain_class('ironic::cors') - is_expected.to_not contain_class('ironic::db') - is_expected.to_not contain_class('ironic::logging') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::ironic') - is_expected.to contain_class('ironic').with( - :default_transport_url => /.+/, - ) - is_expected.to contain_class('ironic::config') - is_expected.to contain_class('ironic::cors') - is_expected.to contain_class('ironic::db') - is_expected.to contain_class('ironic::logging') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::ironic' - end - end -end diff --git a/spec/classes/tripleo_profile_base_iscsid_spec.rb b/spec/classes/tripleo_profile_base_iscsid_spec.rb deleted file mode 100644 index d4f8f2921..000000000 --- a/spec/classes/tripleo_profile_base_iscsid_spec.rb +++ /dev/null @@ -1,62 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::iscsid' do - shared_examples_for 'tripleo::profile::base::iscsid' do - context 'with step less than 2' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to_not contain_package('iscsi-initiator-utils') - is_expected.to_not contain_exec('sync-iqn-from-host') - is_expected.to_not contain_exec('reset-iscsi-initiator-name') - is_expected.to_not contain_file('/etc/iscsi/.initiator_reset') - is_expected.to_not contain_exec('sync-iqn-to-host') - is_expected.to_not contain_augeas('chap_algs in /etc/iscsi/iscsid.conf') - end - end - - context 'with step 2' do - let(:params) { { - :step => 2, - :chap_algs => "SHA3-256,SHA256,SHA1", - } } - - it 'should trigger complete configuration' do - is_expected.to contain_package('iscsi-initiator-utils') - is_expected.to contain_exec('sync-iqn-from-host') - is_expected.to contain_exec('reset-iscsi-initiator-name') - is_expected.to contain_file('/etc/iscsi/.initiator_reset') - is_expected.to contain_exec('sync-iqn-to-host') - is_expected.to contain_augeas('chap_algs in /etc/iscsi/iscsid.conf') - .with_changes( - ["set node.session.auth.chap_algs #{params[:chap_algs]}"]) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::iscsid' - end - end -end diff --git a/spec/classes/tripleo_profile_base_keystone_spec.rb b/spec/classes/tripleo_profile_base_keystone_spec.rb deleted file mode 100644 index fab15a18b..000000000 --- a/spec/classes/tripleo_profile_base_keystone_spec.rb +++ /dev/null @@ -1,267 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::keystone' do - - let :params do - { - :step => 5, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'keystone1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'keystone2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - :memcached_hosts => [ '192.168.0.3', '192.168.0.4', '192.168.0.5' ], - } - end - - shared_examples_for 'tripleo::profile::base::keystone' do - context 'with step less than 3' do - before do - params.merge!({ :step => 1 }) - end - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::keystone') - is_expected.to_not contain_class('keystone') - is_expected.to_not contain_class('keystone::healthcheck') - is_expected.to_not contain_class('keystone::config') - is_expected.to_not contain_class('keystone::db') - is_expected.to_not contain_class('keystone::logging') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('keystone::wsgi::apache') - is_expected.to_not contain_class('keystone::cors') - is_expected.to_not contain_class('keystone::security_compliance') - is_expected.to_not contain_class('keystone::ldap_backend') - is_expected.to_not contain_class('keystone::federation::openidc') - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 3 on bootstrap node' do - before do - params.merge!({ :step => 3 }) - end - - it 'should trigger complete configuration' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => [ '192.168.0.3:11211', '192.168.0.4:11211', '192.168.0.5:11211' ], - ) - is_expected.to contain_class('keystone').with( - :default_transport_url => 'rabbit://keystone1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://keystone2:baa@192.168.0.2:5678/?ssl=0', - ) - is_expected.to contain_class('keystone::healthcheck') - is_expected.to contain_class('keystone::config') - is_expected.to contain_class('keystone::db') - is_expected.to contain_class('keystone::logging') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('keystone::wsgi::apache') - is_expected.to contain_class('keystone::cors') - is_expected.to contain_class('keystone::security_compliance') - is_expected.to_not contain_class('keystone::ldap_backend') - is_expected.to_not contain_class('keystone::federation::openidc') - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 3 not on bootstrap node' do - before do - params.merge!( - { :step => 3, - :bootstrap_node => 'other.example.com' - } - ) - end - - it 'should not trigger any configuration' do - is_expected.to contain_class('tripleo::profile::base::keystone') - is_expected.to_not contain_class('keystone') - is_expected.to_not contain_class('keystone::healthcheck') - is_expected.to_not contain_class('keystone::config') - is_expected.to_not contain_class('keystone::db') - is_expected.to_not contain_class('keystone::logging') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('keystone::wsgi::apache') - is_expected.to_not contain_class('keystone::cors') - is_expected.to_not contain_class('keystone::security_compliance') - is_expected.to_not contain_class('keystone::ldap_backend') - is_expected.to_not contain_class('keystone::federation::openidc') - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 4 on bootstrap node' do - before do - params.merge!({ :step => 4 }) - end - - it 'should trigger keystone configuration' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => [ '192.168.0.3:11211', '192.168.0.4:11211', '192.168.0.5:11211' ], - ) - is_expected.to contain_class('keystone').with( - :default_transport_url => 'rabbit://keystone1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://keystone2:baa@192.168.0.2:5678/?ssl=0', - ) - is_expected.to contain_class('keystone::healthcheck') - is_expected.to contain_class('keystone::config') - is_expected.to contain_class('keystone::db') - is_expected.to contain_class('keystone::logging') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('keystone::wsgi::apache') - is_expected.to contain_class('keystone::cors') - is_expected.to contain_class('keystone::security_compliance') - is_expected.to_not contain_class('keystone::ldap_backend') - is_expected.to_not contain_class('keystone::federation::openidc') - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 4 on other node' do - before do - params.merge!( - { :step => 4, - :bootstrap_node => 'other.example.com' - } - ) - end - - it 'should trigger keystone configuration' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => [ '192.168.0.3:11211', '192.168.0.4:11211', '192.168.0.5:11211' ], - ) - is_expected.to contain_class('keystone').with( - :default_transport_url => 'rabbit://keystone1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://keystone2:baa@192.168.0.2:5678/?ssl=0', - ) - is_expected.to contain_class('keystone::healthcheck') - is_expected.to contain_class('keystone::config') - is_expected.to contain_class('keystone::db') - is_expected.to contain_class('keystone::logging') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('keystone::wsgi::apache') - is_expected.to contain_class('keystone::cors') - is_expected.to contain_class('keystone::security_compliance') - is_expected.to_not contain_class('keystone::ldap_backend') - is_expected.to_not contain_class('keystone::federation::openidc') - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step less than 4 and db_purge enabled' do - before do - params.merge!( - { :step => 3, - :bootstrap_node => 'other.example.com', - :manage_db_purge => true - } - ) - end - - it 'should not trigger purge configuration' do - is_expected.to_not contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 4 and db_purge enabled' do - before do - params.merge!( - { :step => 4, - :bootstrap_node => 'other.example.com', - :manage_db_purge => true - } - ) - end - - it 'should trigger purge configuration' do - is_expected.to contain_class('keystone::cron::trust_flush') - end - end - - context 'with step 4 and memcache ipv6' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => ['[::1]:11211'] - ) - end - end - - context 'with step 4, memcache ipv6 and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => ['inet6:[::1]:11211'] - ) - end - end - - context 'with step 4 and the ipv6 parameter' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => ['node.example.com:11211'] - ) - end - end - - context 'with step 4, the ipv6 parameter and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('keystone::cache').with( - :memcache_servers => ['inet6:[node.example.com]:11211'] - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::keystone' - end - end -end diff --git a/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb b/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb deleted file mode 100644 index df109b4ff..000000000 --- a/spec/classes/tripleo_profile_base_logging_logrotate_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::logging::logrotate' do - shared_examples_for 'tripleo::profile::base::logging::logrotate' do - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::logging::logrotate') - is_expected.to_not contain_cron('logrotate-crond') - is_expected.to_not contain_file('/etc/logrotate-crond.conf') - end - end - - context 'with defaults and step greater than 3' do - let(:params) { { :step => 4 } } - - it { is_expected.to contain_class('tripleo::profile::base::logging::logrotate') } - it { is_expected.to contain_cron('logrotate-crond').with( - :ensure => 'present', - :command => 'sleep `expr ${RANDOM} \\% 90`; /usr/sbin/logrotate -s ' + - '/var/lib/logrotate/logrotate-crond.status ' + - '/etc/logrotate-crond.conf 2>&1|logger -t logrotate-crond', - :user => 'root', - :minute => 0, - :hour => '*', - :monthday => '*', - :month => '*', - :weekday => '*') } - it { is_expected.to contain_file('/etc/logrotate-crond.conf') } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::logging::logrotate' - end - end -end diff --git a/spec/classes/tripleo_profile_base_logging_rsyslog_spec.rb b/spec/classes/tripleo_profile_base_logging_rsyslog_spec.rb deleted file mode 100644 index b282d14ee..000000000 --- a/spec/classes/tripleo_profile_base_logging_rsyslog_spec.rb +++ /dev/null @@ -1,152 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -horizon_access_log_conf = <<-EOS -# horizon_openstack.horizon.access -input(type="imfile" - file="/var/log/horizon/access.log" - tag="openstack.horizon.access" - startmsg.regex="^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(.[0-9]+ [0-9]+)? (DEBUG|INFO|WARNING|ERROR) " -) -EOS -horizon_test_log_conf = <<-EOS -# horizon_openstack.horizon.test -input(type="imfile" - file="/var/log/horizon/test.log" - tag="openstack.horizon.test" - startmsg.regex="^[0-9]{4}-[0-9]{2}-[0-9]{2} [0-9]{2}:[0-9]{2}:[0-9]{2}(.[0-9]+ [0-9]+)? (DEBUG|INFO|WARNING|ERROR) " -) -EOS -elastic_conf = <<-EOS -# elasticsearch -action(type="omelasticsearch" - name="elasticsearch" - tls.cacert="/etc/rsyslog.d/es-ca-cert.crt" - tls.mycert="/etc/rsyslog.d/es-client-cert.pem" - tls.myprivkey="/etc/rsyslog.d/es-client-key.pem" - ) -EOS -amqp1_conf = <<-EOS -# amqp1 -action(type="omamqp1" - name="amqp1" - host="localhost:5666" - target="rsyslog/logs" - username="bm" - password="whubbaLubba" - ) -EOS - -describe 'tripleo::profile::base::logging::rsyslog' do - shared_examples_for 'tripleo::profile::base::logging::rsyslog' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'on step 2 with elasticsearch output' do - let(:params) do - { :step => 2, - :elasticsearch => {}, - :elasticsearch_tls_ca_cert => 'cacert', - :elasticsearch_tls_client_cert => 'clientcert', - :elasticsearch_tls_client_key => 'clientkey', - } - end - - it 'should generate a rsyslog config file for horizon from hieradata and TLS certificates for Elasticsearch' do - should contain_concat__fragment('rsyslog::component::module::imfile').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => "module(load=\"imfile\")\n", - }) - should contain_concat__fragment('rsyslog::component::module::omelasticsearch').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => "module(load=\"omelasticsearch\")\n", - }) - should contain_concat__fragment('rsyslog::component::input::horizon_openstack.horizon.access').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => horizon_access_log_conf, - }) - should contain_concat__fragment('rsyslog::component::input::horizon_openstack.horizon.test').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => horizon_test_log_conf, - }) - should contain_concat__fragment('rsyslog::component::action::elasticsearch').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => elastic_conf, - }) - should contain_file('elasticsearch_ca_cert').with({ - :path => '/etc/rsyslog.d/es-ca-cert.crt', - :content => 'cacert', - }) - should contain_file('elasticsearch_client_cert').with({ - :path => '/etc/rsyslog.d/es-client-cert.pem', - :content => 'clientcert', - }) - should contain_file('elasticsearch_client_key').with({ - :path => '/etc/rsyslog.d/es-client-key.pem', - :content => 'clientkey', - }) - end - end - - context 'on step 2 with amqp1 output' do - let(:params) do - { :step => 2, - :amqp1 => { - "host" => "localhost:5666", - "target" => "rsyslog/logs", - "username" => "bm", - "password" => "whubbaLubba", - }, - } - end - - it 'should generate a rsyslog config file for horizon from hieradata and AMQP1 output connection' do - should contain_concat__fragment('rsyslog::component::module::imfile').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => "module(load=\"imfile\")\n", - }) - should contain_concat__fragment('rsyslog::component::module::omamqp1').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => "module(load=\"omamqp1\")\n", - }) - should contain_concat__fragment('rsyslog::component::input::horizon_openstack.horizon.access').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => horizon_access_log_conf, - }) - should contain_concat__fragment('rsyslog::component::input::horizon_openstack.horizon.test').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => horizon_test_log_conf, - }) - should contain_concat__fragment('rsyslog::component::action::amqp1').with({ - :target => '/etc/rsyslog.d/50_openstack_logs.conf', - :content => amqp1_conf, - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::logging::rsyslog' - end - end -end diff --git a/spec/classes/tripleo_profile_base_lvm_spec.rb b/spec/classes/tripleo_profile_base_lvm_spec.rb deleted file mode 100644 index 6b878192b..000000000 --- a/spec/classes/tripleo_profile_base_lvm_spec.rb +++ /dev/null @@ -1,53 +0,0 @@ -# coding: utf-8 -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::lvm' do - - shared_examples_for 'tripleo::profile::base::lvm' do - - context 'with default params' do - it 'should enable udev_sync and udev_rules' do - is_expected.to contain_augeas('udev options in lvm.conf') - .with_changes(["set udev_sync/int 1", - "set udev_rules/int 1"]) - end - end - - context 'with enable_udev false' do - let(:params) { { :enable_udev => false } } - - it 'should disable udev_sync and udev_rules' do - is_expected.to contain_augeas('udev options in lvm.conf') - .with_changes(["set udev_sync/int 0", - "set udev_rules/int 0"]) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::lvm' - end - end -end diff --git a/spec/classes/tripleo_profile_base_manila_api_spec.rb b/spec/classes/tripleo_profile_base_manila_api_spec.rb deleted file mode 100644 index 4f00a9d00..000000000 --- a/spec/classes/tripleo_profile_base_manila_api_spec.rb +++ /dev/null @@ -1,226 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::manila::api' do - shared_examples_for 'tripleo::profile::base::manila::api' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::manila': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'manila', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('manila::api') - is_expected.to_not contain_class('manila::healthcheck') - is_expected.to_not contain_class('manila::wsgi::apache') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :backend_generic_enabled => true - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'NFS,CIFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('manila::api') - is_expected.to_not contain_class('manila::healthcheck') - is_expected.to_not contain_class('manila::wsgi::apache') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - :backend_generic_enabled => true - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'NFS,CIFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with cephfs enabled' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :backend_generic_enabled => true, - :backend_cephfs_enabled => true - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'NFS,CIFS,CEPHFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with custom protocols' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - :backend_generic_enabled => true, - :backend_cephfs_enabled => true, - :enabled_share_protocols => ['CIFS', 'CEPHFS'], - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'CIFS,CEPHFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - :backend_generic_enabled => true - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'NFS,CIFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('manila::cron::db_purge') - } - end - - context 'with step 5 without db_purge' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - :backend_generic_enabled => true, - :manila_enable_db_purge => false, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('manila::api').with( - :enabled_share_protocols => 'NFS,CIFS' - ) - is_expected.to contain_class('manila::healthcheck') - is_expected.to contain_class('manila::wsgi::apache') - is_expected.to contain_class('tripleo::profile::base::manila::api') - is_expected.to_not contain_class('manila::cron::db_purge') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::manila::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_manila_authtoken_spec.rb b/spec/classes/tripleo_profile_base_manila_authtoken_spec.rb deleted file mode 100644 index 9fc144184..000000000 --- a/spec/classes/tripleo_profile_base_manila_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::manila::authtoken' do - shared_examples_for 'tripleo::profile::base::manila::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to_not contain_class('manila::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('manila::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('manila::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::authtoken') - is_expected.to contain_class('manila::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::manila::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_manila_scheduler_spec.rb b/spec/classes/tripleo_profile_base_manila_scheduler_spec.rb deleted file mode 100644 index 04ac474ad..000000000 --- a/spec/classes/tripleo_profile_base_manila_scheduler_spec.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::manila::scheduler' do - shared_examples_for 'tripleo::profile::base::manila::scheduler' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::manila': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'manila', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::scheduler') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to_not contain_class('manila::compute::nova') - is_expected.to_not contain_class('manila::network::neutron') - is_expected.to_not contain_class('manila::scheduler') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::scheduler') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('manila::compute::nova') - is_expected.to contain_class('manila::network::neutron') - is_expected.to contain_class('manila::scheduler') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::manila::scheduler' - end - end -end diff --git a/spec/classes/tripleo_profile_base_manila_share_spec.rb b/spec/classes/tripleo_profile_base_manila_share_spec.rb deleted file mode 100644 index 560f7ffdd..000000000 --- a/spec/classes/tripleo_profile_base_manila_share_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::manila::share' do - shared_examples_for 'tripleo::profile::base::manila::share' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::manila': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'manila', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 4' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::share') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to_not contain_class('manila::share') - is_expected.to_not contain_class('manila::volume::cinder') - is_expected.to_not contain_class('manila::backends') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila::share') - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('manila::share') - is_expected.to_not contain_class('manila::volume::cinder') - is_expected.to contain_class('manila::backends').with( - :enabled_share_backends => [] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::manila::share' - end - end -end diff --git a/spec/classes/tripleo_profile_base_manila_spec.rb b/spec/classes/tripleo_profile_base_manila_spec.rb deleted file mode 100644 index 95f6b01d5..000000000 --- a/spec/classes/tripleo_profile_base_manila_spec.rb +++ /dev/null @@ -1,127 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::manila' do - shared_examples_for 'tripleo::profile::base::manila' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'manila1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'manila2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to_not contain_class('manila') - is_expected.to_not contain_class('manila::config') - is_expected.to_not contain_class('manila::logging') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'manila1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'manila2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('manila').with( - :default_transport_url => 'rabbit://manila1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://manila2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('manila::config') - is_expected.to contain_class('manila::logging') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'note.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'manila1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'manila2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to_not contain_class('manila') - is_expected.to_not contain_class('manila::config') - is_expected.to_not contain_class('manila::logging') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'manila1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'manila2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::manila') - is_expected.to contain_class('manila').with( - :default_transport_url => 'rabbit://manila1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://manila2:baa@192.168.0.2:5678/?ssl=0' - ) - is_expected.to contain_class('manila::config') - is_expected.to contain_class('manila::logging') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::manila' - end - end -end diff --git a/spec/classes/tripleo_profile_base_memcached_spec.rb b/spec/classes/tripleo_profile_base_memcached_spec.rb deleted file mode 100644 index b831f4c60..000000000 --- a/spec/classes/tripleo_profile_base_memcached_spec.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::memcached' do - shared_examples_for 'tripleo::profile::base::memcached' do - context 'with step 0' do - let(:params) { { - :step => 0, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::memcached') - is_expected.to_not contain_class('memcached') - } - end - - context 'with step 1' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::memcached') - is_expected.to contain_class('memcached').with( - :use_tls => false, - :tls_cert_chain => nil, - :tls_key => nil - ) - } - end - - context 'with step 1 and tls enabled' do - let(:params) { { - :step => 1, - :enable_internal_memcached_tls => true, - :certificate_specs => { - 'service_certificate' => '/etc/pki/cert.crt', - 'service_key' => '/etc/pki/key.pem'} - } } - - it { - is_expected.to contain_class('tripleo::profile::base::memcached') - is_expected.to contain_class('memcached').with( - :use_tls => true, - :tls_cert_chain => '/etc/pki/cert.crt', - :tls_key => '/etc/pki/key.pem' - ) - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::memcached' - end - end -end diff --git a/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb b/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb deleted file mode 100644 index d8acee00a..000000000 --- a/spec/classes/tripleo_profile_base_metrics_collectd_sensubility_spec.rb +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::metrics::collectd::sensubility' do - shared_examples_for 'tripleo::profile::base::metrics::collectd::sensubility' do - context 'with defaults and sudo rule defined' do - let(:params) do - {:exec_sudo_rule => 'ALL=(ALL) NOPASSWD:ALL'} - end - it 'has sudoers file for appropriate user with relevant rule' do - is_expected.to compile.with_all_deps - is_expected.to contain_file('/etc/sudoers.d/sensubility_collectd').with_content('collectd ALL=(ALL) NOPASSWD:ALL') - is_expected.to contain_exec('collectd-sudo-syntax-check').with( - :command => "visudo -c -f '/etc/sudoers.d/sensubility_collectd' || (rm -f '/etc/sudoers.d/sensubility_collectd' && exit 1)", - ) - end - end - - context 'with defaults and scripts for download defined' do - let(:params) do - { :workdir => '/some/path', - :scripts => { - 'scriptA' => { - 'source' => 'http://some.uri/scriptA', - 'checksum' => '227e8f542d95e416462a7f17652da655', - }, - 'scriptB' => { - 'source' => 'http://some.other.uri/scriptB', - 'checksum' => '48a404e59d4a43239ce64dee3af038b9', - 'create_bin_link' => false - } - } - } - end - - it 'requests the scripts download' do - is_expected.to compile.with_all_deps - is_expected.to contain_file('/some/path/scripts/scriptA').with( - :source => 'http://some.uri/scriptA', - :checksum_value => '227e8f542d95e416462a7f17652da655', - ) - is_expected.to contain_file('/usr/bin/sensubility_scriptA') - - is_expected.to contain_file('/some/path/scripts/scriptB').with( - :source => 'http://some.other.uri/scriptB', - :checksum_value => '48a404e59d4a43239ce64dee3af038b9', - ) - is_expected.not_to contain_file('/usr/bin/sensubility_scriptB') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::metrics::collectd::sensubility' - end - end -end diff --git a/spec/classes/tripleo_profile_base_metrics_collectd_spec.rb b/spec/classes/tripleo_profile_base_metrics_collectd_spec.rb deleted file mode 100644 index c24ed2a6e..000000000 --- a/spec/classes/tripleo_profile_base_metrics_collectd_spec.rb +++ /dev/null @@ -1,157 +0,0 @@ - -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -sensubility_conf = " -[default] - -[sensu] -connection=ampq://sensu:sensu@localhost:5672//sensu -subscriptions=default,test -tmp_base_dir=/var/lib/collectd-sensubility/checks -checks={\"standalone_check\":{\"command\":\"echo 'foobar'\",\"interval\":5}} - -[amqp1] -" - -libpodstats_typesdb = '/usr/share/collectd/types.db.libpodstats' - -libpodstats_conf = ' -LoadPlugin libpodstats - - -' - -exec_cmd = <<-EOS - Exec \"collectd:collectd\" \"collectd-sensubility\" -EOS - - -describe 'tripleo::profile::base::metrics::collectd' do - shared_examples_for 'tripleo::profile::base::metrics::collectd' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 3' do - let(:params) { { :step => 2 } } - it 'should do nothing' do - is_expected.to_not contain_class('collectd') - end - end - - context 'with enabled file_logging and step greater than 3' do - let(:params) do - { :step => 3, - :enable_file_logging => true } - end - it 'Contains both' do - is_expected.to compile.with_all_deps - is_expected.to contain_class('collectd') - is_expected.to contain_class('collectd::plugin::logfile') - end - end - - context 'with defaults and step greater than 3, amqp deploy' do - let(:params) do - { :step => 3, - :amqp_host => 'localhost' } - end - it 'has amqp class' do - is_expected.to compile.with_all_deps - is_expected.to contain_class('collectd') - is_expected.to contain_class('collectd::plugin::amqp1').with( - :manage_package => true, - ) - is_expected.to contain_service('collectd').with( - :ensure => 'running', - :enable => true, - ) - end - end - - context 'with defaults and enabled sensubility' do - let(:params) do - { :step => 3, - :amqp_host => 'localhost', - :enable_sensubility => true } - end - it 'has collectd class with exec plugin and enabled sensubility' do - is_expected.to compile.with_all_deps - is_expected.to contain_package('collectd-sensubility').with(:ensure => 'present') - is_expected.to contain_class('collectd') - is_expected.to contain_class('collectd::plugin::exec') - is_expected.to contain_concat__fragment('collectd_plugin_exec_conf_sensubility').with({ - :order => 50, - :target => '/etc/collectd.d/exec-config.conf', - :content => exec_cmd, - }) - is_expected.to contain_file('/etc/collectd-sensubility.conf').with_content(sensubility_conf) - end - end - - context 'with defaults and enabled libpodstats' do - let(:params) do - { :step => 3, - :enable_libpodstats => true } - end - it 'has libpodstats' do - is_expected.to compile.with_all_deps - is_expected.to contain_package('collectd-libpod-stats').with(:ensure => 'present') - is_expected.to contain_class('collectd').with({ - :typesdb => [ - '/usr/share/collectd/types.db', - libpodstats_typesdb, - ], - }) - is_expected.to contain_collectd__type('pod_memory').with({ - :target => libpodstats_typesdb, - :ds_type => 'GAUGE', - :min => 0, - :max => 281474976710656, - :ds_name => 'value', - }) - is_expected.to contain_collectd__type('pod_cpu').with({ - :target => libpodstats_typesdb, - :types => [{ - 'ds_type' => 'GAUGE', - 'min' => 0, - 'max' => 100.1, - 'ds_name' => 'percent', - }, - { - 'ds_type' => 'DERIVE', - 'min' => 0, - 'max' => 'U', - 'ds_name' => 'time', - }, - ], - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::metrics::collectd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb b/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb deleted file mode 100644 index 404693698..000000000 --- a/spec/classes/tripleo_profile_base_metrics_qdr_spec.rb +++ /dev/null @@ -1,235 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::metrics::qdr' do - - let :params do - { - :step => 3, - :username => 'openstack', - :password => 'secret', - } - end - - shared_examples_for 'tripleo::profile::base::metrics::qdr' do - - context 'with step 3 node in edge-only mode' do - before do - params.merge!({ - :interior_mesh_nodes => '', - :router_mode => 'edge', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should avoid setting additional listeners or connectors' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [], - :connectors => [], - ) - end - end - - context 'with step 3, edge node with defined interior_node and explicit external connectors' do - before do - params.merge!({ - :connectors => [ - {'host' => 'saf-node1.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}, - {'host' => 'saf-node2.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}], - :interior_mesh_nodes => '192.168.24.124,', - :router_mode => 'edge', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should setup connector to interior node and avoid setting explicit connectors' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [], - :connectors => [ - {'host' => '192.168.24.124','port' => '5668','role' => 'edge','verifyHostname' => false, - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}], - ) - end - end - - context 'with step 3, interior node with defined interior_node and explicit external connectors' do - before do - params.merge!({ - :listener_addr => '172.17.1.1', - :connectors => [ - {'host' => 'saf-node1.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}, - {'host' => 'saf-node2.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}], - :interior_mesh_nodes => '192.168.24.123,', - :router_mode => 'interior', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should setup explicit connectors and edge listener' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [ - {'host' => '192.168.24.123','port' => '5668','role' => 'edge','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}], - :connectors => [ - {'host' => 'saf-node1.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}, - {'host' => 'saf-node2.example.com','port' => '5666','role' => 'interior','authenticatePeer' => 'no', - 'saslMechanisms' => 'ANONYMOUS','sslProfile' => 'sslProfile'}], - ) - end - end - - context 'with step 3 and three interior nodes, on node1' do - before do - params.merge!({ - :listener_addr => '172.17.1.1', - :interior_mesh_nodes => '192.168.24.1,192.168.24.2,192.168.24.3,', - :interior_ip => '192.168.24.1', - :router_mode => 'interior', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should set edge listener, interior listener and no connectors' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [ - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.1', 'port' => '5668', - 'role' => 'edge', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}, - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.1', 'port' => '5667', - 'role' => 'inter-router', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}], - :connectors => [], - ) - end - end - - context 'with step 3 and three interior nodes, on node2' do - before do - params.merge!({ - :listener_addr => '172.17.1.2', - :interior_mesh_nodes => '192.168.24.1,192.168.24.2,192.168.24.3,', - :interior_ip => '192.168.24.2', - :router_mode => 'interior', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should set up edge listener, interior listener and one interior connector to node1' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [ - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.2', 'port' => '5668', - 'role' => 'edge', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}, - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.2', 'port' => '5667', - 'role' => 'inter-router', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}], - :connectors => [ - {'host' => '192.168.24.1','role' => 'inter-router','port' => '5667', - 'verifyHostname' => 'false','sslProfile' => 'sslProfile'}], - ) - end - end - - context 'with step 3 and three interior nodes, on node3' do - before do - params.merge!({ - :listener_addr => '172.17.1.3', - :interior_mesh_nodes => '192.168.24.1,192.168.24.2,192.168.24.3,', - :interior_ip => '192.168.24.3', - :router_mode => 'interior', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should set up edge listener, interior listener and two interior connectors to node1 and node2' do - is_expected.to contain_class('qdr').with( - :extra_listeners => [ - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.3', 'port' => '5668', - 'role' => 'edge', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}, - {'sslProfile' => 'sslProfile', 'host' => '192.168.24.3', 'port' => '5667', - 'role' => 'inter-router', 'authenticatePeer' => 'no', 'saslMechanisms' => 'ANONYMOUS'}], - :connectors => [ - {"host"=>"192.168.24.1", "role"=>"inter-router", "port"=>"5667", - "verifyHostname" => 'false',"sslProfile" => "sslProfile"}, - {"host"=>"192.168.24.2", "role"=>"inter-router", "port"=>"5667", - "verifyHostname" => 'false',"sslProfile" => "sslProfile"}], - ) - end - end - - context 'with step 3 and three interior nodes, on edge node' do - before do - params.merge!({ - :interior_mesh_nodes => '192.168.24.1,192.168.24.2,192.168.24.3,', - :router_mode => 'edge', - :ssl_internal_profile_name => 'sslProfile', - }) - end - - it 'should set up connectors to one of the interior nodes and no extra listeners' do - is_expected.to contain_class('qdr').with(:extra_listeners => []) - connectors = catalogue.resource('class', 'qdr').send(:parameters)[:connectors] - expect(connectors.length).to match 1 - end - end - - context 'with step 3 and ssl_profiles' do - before do - params.merge!({ - :ssl_cert_dir => '/tmp/certs', - :ssl_profiles => [ - {"name" => "wubba", "caCertFileContent" => "ca_wubba"}, - {"name" => "lubba", "caCertFileContent" => "ca_lubba", "caCertFile" => "whoops"}, - ] - }) - end - - it 'should set sslProfiles correctly and create appropriate certificates' do - is_expected.to contain_class('qdr').with(:ssl_profiles => [ - {"name" => "wubba", "caCertFile" => '/tmp/certs/CA_wubba.pem'}, - {"name" => "lubba", "caCertFile" => '/tmp/certs/CA_lubba.pem'}, - ]) - is_expected.to contain_file('/tmp/certs').with( - :ensure => 'directory', - :mode => '0755' - ) - is_expected.to contain_file('/tmp/certs/CA_wubba.pem').with( - :ensure => 'present', - :content => 'ca_wubba', - :mode => '0644' - ) - is_expected.to contain_file('/tmp/certs/CA_lubba.pem').with( - :ensure => 'present', - :content => 'ca_lubba', - :mode => '0644' - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::metrics::qdr' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_authtoken_spec.rb b/spec/classes/tripleo_profile_base_neutron_authtoken_spec.rb deleted file mode 100644 index a37ee94d4..000000000 --- a/spec/classes/tripleo_profile_base_neutron_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::authtoken' do - shared_examples_for 'tripleo::profile::base::neutron::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to_not contain_class('neutron::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('neutron::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('neutron::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('neutron::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb b/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb deleted file mode 100644 index 86e91ace3..000000000 --- a/spec/classes/tripleo_profile_base_neutron_dhcp_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::dhcp' do - - shared_examples_for 'tripleo::profile::base::neutron::dhcp' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') - is_expected.to_not contain_class('tripleo::profile::base::neutron') - is_expected.to_not contain_class('neutron::agents::dhcp') - end - end - - context 'with step 4 and later' do - let(:params) { { :step => 4 } } - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::dhcp').with({ - :dnsmasq_dns_servers => '' - }) - end - end - - context 'with step 4, dns integration enabled and resolvers' do - let(:params) { { - :step => 4, - :neutron_dns_integration => true, - :unbound_resolvers => ['192.168.111.111'] - } } - it 'should trigger configuration with dns integration' do - is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::dhcp').with({ - :dnsmasq_dns_servers => ['192.168.111.111'] - }) - end - end - - context 'with step 4, dns integration enabled but no resolvers' do - let(:params) { { - :step => 4, - :neutron_dns_integration => true, - } } - it 'should trigger configuration without dns integration' do - is_expected.to contain_class('tripleo::profile::base::neutron::dhcp') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::dhcp').with({ - :dnsmasq_dns_servers => '' - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::neutron::dhcp' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_l3_spec.rb b/spec/classes/tripleo_profile_base_neutron_l3_spec.rb deleted file mode 100644 index 9c409a9c2..000000000 --- a/spec/classes/tripleo_profile_base_neutron_l3_spec.rb +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::l3' do - - shared_examples_for 'tripleo::profile::base::neutron::l3' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 3 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron::l3') - is_expected.to_not contain_class('tripleo::profile::base::neutron') - is_expected.to_not contain_class('neutron::agents::l3') - end - end - - context 'with step 4 and later' do - let(:params) { { :step => 4 } } - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::l3') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::l3') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::l3' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_ml2_vts_spec.rb b/spec/classes/tripleo_profile_base_neutron_ml2_vts_spec.rb deleted file mode 100644 index 79b48646b..000000000 --- a/spec/classes/tripleo_profile_base_neutron_ml2_vts_spec.rb +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2017 Cisco, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::plugins::ml2::vts' do - let :params do - { :step => 4 - } - end - shared_examples_for 'tripleo::profile::base::neutron::plugins::ml2::vts' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with IPv4 address' do - before do - params.merge!({ - :vts_url_ip => '192.0.2.5' - }) - end - it 'should configure vts ml2 plugin ' do - is_expected.to contain_class('neutron::plugins::ml2::cisco::vts') - end - end - - context 'with IPv6 address' do - before do - params.merge!({ - :vts_url_ip => '2001:dead:beef::1' - }) - end - it 'should configure vts ml2 plugin' do - is_expected.to contain_class('neutron::plugins::ml2::cisco::vts') - end - end - - context 'with no IP address' do - it 'should not configure vts ml2 plugin' do - is_expected.not_to contain_class('neutron::plugins::ml2::cisco::vts') - end - end - - context 'with VTS IPv4 and port 9999' do - before do - params.merge!({ - :vts_url_ip => '192.0.2.5', - :vts_port => 9999 - }) - end - it 'should contain VTS URL with port 9999' do - is_expected.to contain_class('neutron::plugins::ml2::cisco::vts').with( - :vts_url => "https://192.0.2.5:9999/api/running/openstack" - - ) - end - end - - context 'with VTS IPv6 and port 9999' do - before do - params.merge!({ - :vts_url_ip => '2001:15:dead::1', - :vts_port => 9999 - }) - end - it 'should contain VTS URL with port 9999' do - is_expected.to contain_class('neutron::plugins::ml2::cisco::vts').with( - :vts_url => "https://[2001:15:dead::1]:9999/api/running/openstack" - - ) - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::plugins::ml2::vts' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb b/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb deleted file mode 100644 index 886b37602..000000000 --- a/spec/classes/tripleo_profile_base_neutron_ovs_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::ovs' do - - shared_examples_for 'tripleo::profile::base::neutron::ovs with default params' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 5 and defaults for all parameters' do - let(:params) { { :step => 4 } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to_not contain_class('neutron::agents::ml2::ovs') - is_expected.not_to contain_file('/var/lib/vhostuser_sockets') - end - end - - context 'with step 5 and defaults for all parameters' do - let(:params) { { :step => 5 } } - it 'should trigger complete configuration except for vhostuser sockets' do - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron::agents::ml2::ovs') - is_expected.not_to contain_file('/var/lib/vhostuser_sockets') - end - end - end - - shared_examples_for 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' do - - before :each do - facts.merge!({ :step => params[:step], :vhostuser_socket_dir => params[:vhostuser_socket_dir] }) - end - - context 'with vhostuser_socketdir configured' do - let :params do - { - :step => 3, - :vhostuser_socket_dir => '/var/lib/vhostuser_sockets' - } - end - - it { is_expected.to contain_class('tripleo::profile::base::neutron') } - it { is_expected.to contain_file('/var/lib/vhostuser_sockets').with( - :ensure => 'directory', - :owner => 'qemu', - :group => 'qemu', - :mode => '0775', - ) } - end - - context 'with vhostuser_socketdir and group/user specified' do - let :params do - { - :step => 3, - :vhostuser_socket_dir => '/var/lib/vhostuser_sockets', - :vhostuser_socket_group => 'hugetlbfs', - :vhostuser_socket_user => 'openvswitch' - } - end - - it { is_expected.to contain_class('tripleo::profile::base::neutron') } - it { is_expected.to contain_file('/var/lib/vhostuser_sockets').with( - :ensure => 'directory', - :owner => 'openvswitch', - :group => 'hugetlbfs', - :mode => '0775', - ) } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::ovs with default params' - it_behaves_like 'tripleo::profile::base::neutron::ovs with vhostuser_socketdir' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb b/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb deleted file mode 100644 index 2cc8fc7ee..000000000 --- a/spec/classes/tripleo_profile_base_neutron_plugins_ml2_ovn_spec.rb +++ /dev/null @@ -1,258 +0,0 @@ -# -# Copyright (C) 2022 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::plugins::ml2::ovn' do - - shared_examples_for 'tripleo::profile::base::neutron::plugins::ml2::ovn' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { - :step => 3, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_clustered => true, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron::plugins::ml2::ovn') - is_expected.to_not contain_class('neutron::plugins::ml2::ovn') - end - end - - context 'with step 4 and later and clustered ovn dbs' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_clustered => true, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - } } - it 'should configure ovn ML2 plugin with clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.111.10:998,tcp:192.168.111.11:998'], - :ovn_sb_connection => ['tcp:192.168.111.10:999,tcp:192.168.111.11:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => '' - }) - end - end - - context 'with step 4 and later and clustered ovn dbs, ssl connections' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_clustered => true, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :protocol => 'ssl', - :ovn_nb_private_key => 'nb private key', - :ovn_nb_certificate => 'nb certificate', - :ovn_sb_private_key => 'sb private key', - :ovn_sb_certificate => 'sb certificate', - :ovn_sb_ca_cert => 'sb ca cert', - :ovn_nb_ca_cert => 'nb ca cert', - } } - it 'should configure ovn ML2 plugin with clustered node ips and ssl connections' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['ssl:192.168.111.10:998,ssl:192.168.111.11:998'], - :ovn_sb_connection => ['ssl:192.168.111.10:999,ssl:192.168.111.11:999'], - :ovn_nb_private_key => 'nb private key', - :ovn_nb_certificate => 'nb certificate', - :ovn_sb_private_key => 'sb private key', - :ovn_sb_certificate => 'sb certificate', - :ovn_sb_ca_cert => 'sb ca cert', - :ovn_nb_ca_cert => 'nb ca cert', - :dns_servers => '' - }) - end - end - - context 'with step 4 and later and non clustered ovn dbs' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => '' - }) - end - end - - context 'with step 4 and dns integration enabled, unbound resolvers present' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :neutron_dns_integration => true, - :unbound_resolvers => ['10.0.0.50', '10.0.3.20'] - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => ['10.0.0.50', '10.0.3.20'] - }) - end - end - - context 'with step 4 and dns integration enabled, unbound resolvers missing' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :neutron_dns_integration => true, - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => '' - }) - end - end - - context 'with step 4 and dns integration disabled, unbound resolvers present' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :neutron_dns_integration => false, - :unbound_resolvers => ['10.0.0.50', '10.0.3.20'] - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => '' - }) - end - end - - context 'with step 4 and dns integration enabled, unbound resolvers missing, but user def DNS present' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :neutron_dns_integration => true, - :dns_servers => ['10.0.0.99'] - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => ['10.0.0.99'] - }) - end - end - - context 'with step 4 and dns integration disabled, but user def DNS present' do - let(:params) { { - :step => 4, - :ovn_db_node_ips => ['192.168.111.10', '192.168.111.11'], - :ovn_db_host => ['192.168.100.99'], - :ovn_db_clustered => false, - :ovn_sb_port => 999, - :ovn_nb_port => 998, - :neutron_dns_integration => false, - :dns_servers => ['10.0.0.99'] - } } - it 'should configure ovn ML2 plugin with non-clustered node ips' do - is_expected.to contain_class('neutron::plugins::ml2::ovn').with({ - :ovn_nb_connection => ['tcp:192.168.100.99:998'], - :ovn_sb_connection => ['tcp:192.168.100.99:999'], - :ovn_nb_private_key => '', - :ovn_nb_certificate => '', - :ovn_nb_ca_cert => '', - :ovn_sb_private_key => '', - :ovn_sb_certificate => '', - :ovn_sb_ca_cert => '', - :dns_servers => ['10.0.0.99'] - }) - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com'})) - end - it_behaves_like 'tripleo::profile::base::neutron::plugins::ml2::ovn' - end - end - -end diff --git a/spec/classes/tripleo_profile_base_neutron_server_spec.rb b/spec/classes/tripleo_profile_base_neutron_server_spec.rb deleted file mode 100644 index 543129e81..000000000 --- a/spec/classes/tripleo_profile_base_neutron_server_spec.rb +++ /dev/null @@ -1,217 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::server' do - shared_examples_for 'tripleo::profile::base::neutron::server' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::neutron': - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'neutron', - oslomsg_rpc_password => 'foo' - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :bootstrap_node => 'node.example.com', - } } - it 'should od nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('neutron::wsgi::apache') - is_expected.to_not contain_class('neutron::server::notifications') - is_expected.to_not contain_class('neutron::server::notifications::nova') - is_expected.to_not contain_class('neutron::server::placement') - is_expected.to_not contain_class('neutron::server') - is_expected.to_not contain_class('neutron::db') - is_expected.to_not contain_class('neutron::healthcheck') - is_expected.to_not contain_class('neutron::quota') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - it 'should trigger apache configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('neutron::wsgi::apache') - is_expected.to_not contain_class('neutron::server::notifications') - is_expected.to_not contain_class('neutron::server::notifications::nova') - is_expected.to_not contain_class('neutron::server::placement') - is_expected.to_not contain_class('neutron::server') - is_expected.to_not contain_class('neutron::db') - is_expected.to_not contain_class('neutron::healthcheck') - is_expected.to_not contain_class('neutron::quota') - end - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('neutron::wsgi::apache') - is_expected.to_not contain_class('neutron::server::notifications') - is_expected.to_not contain_class('neutron::server::notifications::nova') - is_expected.to_not contain_class('neutron::server::placement') - is_expected.to_not contain_class('neutron::server') - is_expected.to_not contain_class('neutron::db') - is_expected.to_not contain_class('neutron::healthcheck') - is_expected.to_not contain_class('neutron::quota') - end - end - - context 'with step 4 on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - } } - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('neutron::wsgi::apache') - is_expected.to contain_class('neutron::server::notifications') - is_expected.to contain_class('neutron::server::notifications::nova') - is_expected.to contain_class('neutron::server::placement') - is_expected.to contain_class('neutron::server').with( - :sync_db => true, - :l3_ha => false, - ) - is_expected.to contain_class('neutron::db') - is_expected.to contain_class('neutron::healthcheck') - is_expected.to contain_class('neutron::quota') - end - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - it 'should trigger apache configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('neutron::wsgi::apache') - is_expected.to_not contain_class('neutron::server::notifications') - is_expected.to_not contain_class('neutron::server::notifications::nova') - is_expected.to_not contain_class('neutron::server::placement') - is_expected.to_not contain_class('neutron::server') - is_expected.to_not contain_class('neutron::db') - is_expected.to_not contain_class('neutron::healthcheck') - is_expected.to_not contain_class('neutron::quota') - end - end - - context 'with step 5 not on bootstrap nodes' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - } } - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron::server') - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('tripleo::profile::base::neutron::authtoken') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('neutron::wsgi::apache') - is_expected.to contain_class('neutron::server::notifications') - is_expected.to contain_class('neutron::server::notifications::nova') - is_expected.to contain_class('neutron::server::placement') - is_expected.to contain_class('neutron::server').with( - :sync_db => false, - :l3_ha => false, - ) - is_expected.to contain_class('neutron::db') - is_expected.to contain_class('neutron::healthcheck') - is_expected.to contain_class('neutron::quota') - end - end - - context 'with multiple l3 nods' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :l3_nodes => ['netcont1.localdomain', 'netcont2.localdomain', 'netcont3.localdomain'], - } } - it 'should enable l3_ha' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => true, - ) - end - end - - context 'with multiple l3 nods and dvr enabled' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :l3_nodes => ['netcont1.localdomain', 'netcont2.localdomain', 'netcont3.localdomain'], - :dvr_enabled => true - } } - it 'should disable l3_ha' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => false, - ) - end - end - - context 'with l3_ha_override passed' do - let(:params) { { - :step => 5, - :bootstrap_node => 'node.example.com', - :l3_ha_override => 'true' - } } - it 'should enable l3_ha' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => true, - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::server' - end - end -end diff --git a/spec/classes/tripleo_profile_base_neutron_spec.rb b/spec/classes/tripleo_profile_base_neutron_spec.rb deleted file mode 100644 index b0b1533ac..000000000 --- a/spec/classes/tripleo_profile_base_neutron_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron' do - shared_examples_for 'tripleo::profile::base::neutron' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 3' do - let(:params) { { :step => 1 } } - it 'should od nothing' do - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to_not contain_class('neutron') - is_expected.to_not contain_class('neutron::config') - is_expected.to_not contain_class('neutron::logging') - end - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :oslomsg_rpc_hosts => [ '192.168.0.1' ], - :oslomsg_rpc_username => 'neutron1', - :oslomsg_rpc_password => 'foo', - :oslomsg_rpc_port => '1234', - :oslomsg_notify_hosts => [ '192.168.0.2' ], - :oslomsg_notify_username => 'neutron2', - :oslomsg_notify_password => 'baa', - :oslomsg_notify_port => '5678', - :dhcp_agents_per_network => 2 - } } - it 'should trigger complete configuration' do - is_expected.to contain_class('tripleo::profile::base::neutron') - is_expected.to contain_class('neutron').with( - :default_transport_url => 'rabbit://neutron1:foo@192.168.0.1:1234/?ssl=0', - :notification_transport_url => 'rabbit://neutron2:baa@192.168.0.2:5678/?ssl=0', - :dhcp_agents_per_network => 2 - ) - is_expected.to contain_class('neutron::config') - is_expected.to contain_class('neutron::logging') - end - end - - context 'when not dhcp agents per network is set' do - let(:params) { { - :step => 3, - :oslomsg_rpc_password => 'foo', - :oslomsg_notify_password => 'baa', - :dhcp_nodes => ['netcont1.localdomain', 'netcont2.localdomain', 'netcont3.localdomain'] - } } - it 'should equal the number of dhcp agents' do - is_expected.to contain_class('neutron').with( - :dhcp_agents_per_network => 3 - ) - end - end - - context 'when dhcp agents per network is greater than number of agents' do - let(:params) { { - :step => 3, - :oslomsg_rpc_password => 'foo', - :oslomsg_notify_password => 'baa', - :dhcp_nodes => ['netcont1.localdomain', 'netcont2.localdomain'], - :dhcp_agents_per_network => 5 - } } - it 'should set value and complain about not enough agents' do - is_expected.to contain_class('neutron').with( - :dhcp_agents_per_network => 5 - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_api_spec.rb b/spec/classes/tripleo_profile_base_nova_api_spec.rb deleted file mode 100644 index 4ae6e8801..000000000 --- a/spec/classes/tripleo_profile_base_nova_api_spec.rb +++ /dev/null @@ -1,180 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::api' do - shared_examples_for 'tripleo::profile::base::nova::api' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'nova', - oslomsg_rpc_password => 'foo' - } - class { 'tripleo::profile::base::nova::authtoken': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::api') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::quota') - is_expected.to_not contain_class('nova::keystone') - is_expected.to_not contain_class('nova::cors') - is_expected.to_not contain_class('nova::pci') - is_expected.to_not contain_class('nova::vendordata') - is_expected.to_not contain_class('nova::network::neutron') - is_expected.to_not contain_class('nova::wsgi::apache_api') - is_expected.to_not contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::api') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::api').with( - :nova_metadata_wsgi_enabled => true - ) - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::quota') - is_expected.to contain_class('nova::keystone') - is_expected.to contain_class('nova::pci') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::wsgi::apache_api') - is_expected.to_not contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::api') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to_not contain_class('nova::api') - is_expected.to_not contain_class('nova::cors') - is_expected.to_not contain_class('nova::quota') - is_expected.to_not contain_class('nova::keystone') - is_expected.to_not contain_class('nova::pci') - is_expected.to_not contain_class('nova::vendordata') - is_expected.to_not contain_class('nova::network::neutron') - is_expected.to_not contain_class('nova::wsgi::apache_api') - is_expected.to_not contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::api') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::api').with( - :nova_metadata_wsgi_enabled => true - ) - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::quota') - is_expected.to contain_class('nova::keystone') - is_expected.to contain_class('nova::pci') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::wsgi::apache_api') - is_expected.to_not contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('nova::cron::archive_deleted_rows') - is_expected.to contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 5 and db_purge disabled' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - :nova_enable_db_purge => false, - } } - - it { - is_expected.to contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - context 'with step 5 and db archive disabled' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - :nova_enable_db_archive => false, - } } - - it { - is_expected.to_not contain_class('nova::cron::archive_deleted_rows') - is_expected.to_not contain_class('nova::cron::purge_shadow_tables') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb b/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb deleted file mode 100644 index 48fa40037..000000000 --- a/spec/classes/tripleo_profile_base_nova_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::authtoken' do - shared_examples_for 'tripleo::profile::base::nova::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to_not contain_class('nova::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb deleted file mode 100644 index f09a8cdae..000000000 --- a/spec/classes/tripleo_profile_base_nova_compute_ironic_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::compute::ironic' do - shared_examples_for 'tripleo::profile::base::nova::compute::ironic' do - - context 'with step less than 4' do - let(:params) { { :step => 1, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute::ironic') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::compute::ironic') - is_expected.to_not contain_class('nova::network::neutron') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::compute': - step => #{params[:step]}, - } -eos - end - - let(:params) { { :step => 4, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute::ironic') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::ironic') - is_expected.to contain_class('nova::network::neutron') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::compute::ironic' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb deleted file mode 100644 index 5096f9a1e..000000000 --- a/spec/classes/tripleo_profile_base_nova_compute_libvirt_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::compute::libvirt' do - shared_examples_for 'tripleo::profile::base::nova::compute::libvirt' do - - context 'with step less than 4' do - let(:params) { { :step => 1, } } - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]}, - } -eos - end - - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute::libvirt') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('tripleo::profile::base::nova::compute') - is_expected.to_not contain_class('tripleo::profile::base::nova::migration::client') - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::nova::compute': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } -eos - end - - let(:params) { { :step => 4, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute::libvirt') - is_expected.to contain_class('tripleo::profile::base::nova::compute') - is_expected.to contain_class('tripleo::profile::base::nova::migration::client') - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::compute::libvirt' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_compute_spec.rb b/spec/classes/tripleo_profile_base_nova_compute_spec.rb deleted file mode 100644 index 95544ae0b..000000000 --- a/spec/classes/tripleo_profile_base_nova_compute_spec.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::compute' do - shared_examples_for 'tripleo::profile::base::nova::compute' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 4' do - let(:params) { { :step => 1, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::compute::image_cache') - is_expected.to_not contain_class('nova::vendordata') - is_expected.to_not contain_class('nova::key_manager') - is_expected.to_not contain_class('nova::key_manager::barbican') - is_expected.to_not contain_class('nova::policy') - is_expected.to_not contain_class('nova::compute') - is_expected.to_not contain_class('nova::network::neutron') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } -eos - end - - context 'default params' do - let(:params) { { :step => 4, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::image_cache') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('nova::key_manager') - is_expected.to contain_class('nova::key_manager::barbican') - is_expected.to contain_class('nova::policy') - is_expected.to contain_class('nova::compute') - is_expected.to contain_class('nova::network::neutron') - is_expected.to_not contain_package('nfs-utils') - } - end - - context 'cinder nfs backend' do - let(:params) { { :step => 4, :cinder_nfs_backend => true } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::image_cache') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('nova::key_manager') - is_expected.to contain_class('nova::key_manager::barbican') - is_expected.to contain_class('nova::policy') - is_expected.to contain_class('nova::compute') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_package('nfs-utils') - } - end - - context 'nova nfs enabled' do - let(:params) { { :step => 4, :nova_nfs_enabled => true } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::image_cache') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('nova::key_manager') - is_expected.to contain_class('nova::key_manager::barbican') - is_expected.to contain_class('nova::policy') - is_expected.to contain_class('nova::compute') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_package('nfs-utils') - } - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::compute' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_conductor_spec.rb b/spec/classes/tripleo_profile_base_nova_conductor_spec.rb deleted file mode 100644 index add8d8563..000000000 --- a/spec/classes/tripleo_profile_base_nova_conductor_spec.rb +++ /dev/null @@ -1,113 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::conductor' do - shared_examples_for 'tripleo::profile::base::nova::conductor' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } -eos - end - - context 'with step less than 3' do - let(:params) { { :step => 3, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::conductor') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::db::sync') - is_expected.to_not contain_class('nova::conductor') - is_expected.to_not contain_class('nova::network::neutron') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::conductor') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::db::sync') - is_expected.to_not contain_class('nova::conductor') - is_expected.to_not contain_class('nova::network::neutron') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::conductor') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::db::sync') - is_expected.to_not contain_class('nova::conductor') - is_expected.to_not contain_class('nova::network::neutron') - } - end - - context 'with step 4 on bootstap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::conductor') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::db::sync') - is_expected.to contain_class('nova::conductor') - is_expected.to contain_class('nova::network::neutron') - } - end - - context 'with step 4 not on bootstap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::conductor') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::db::sync') - is_expected.to contain_class('nova::conductor') - is_expected.to contain_class('nova::network::neutron') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::conductor' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb b/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb deleted file mode 100644 index 7638f9094..000000000 --- a/spec/classes/tripleo_profile_base_nova_libvirt_spec.rb +++ /dev/null @@ -1,242 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::libvirt' do - shared_examples_for 'tripleo::profile::base::nova::libvirt' do - - let(:libvirt_daemon_config_default) do { - "unix_sock_group" => {"value" => '"libvirt"'}, - "auth_unix_ro" => {"value" => '"none"'}, - "auth_unix_rw" => {"value" => '"none"'}, - "unix_sock_ro_perms" => {"value" => '"0444"'}, - "unix_sock_rw_perms" => {"value" => '"0770"'} - } - end - - context 'with step less than 4' do - let(:params) { { :step => 1, :modular_libvirt => false} } - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]} - } -eos - end - it { - is_expected.to contain_class('tripleo::profile::base::nova::libvirt') - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::compute::libvirt::virtlogd') - is_expected.to_not contain_class('nova::compute::libvirt::virtnodedevd') - is_expected.to_not contain_class('nova::compute::libvirt::virtproxyd') - is_expected.to_not contain_class('nova::compute::libvirt::virtqemud') - is_expected.to_not contain_class('nova::compute::libvirt::virtsecretd') - is_expected.to_not contain_class('nova::compute::libvirt::virtstoraged') - is_expected.to_not contain_class('nova::compute::libvirt::services') - is_expected.to_not contain_exec('set libvirt sasl credentials') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]} - } -eos - end - - let(:params) { { :step => 4, :modular_libvirt => false} } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::libvirt') - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::libvirt::virtlogd') - is_expected.to_not contain_class('nova::compute::libvirt::virtnodedevd') - is_expected.to_not contain_class('nova::compute::libvirt::virtproxyd') - is_expected.to_not contain_class('nova::compute::libvirt::virtqemud') - is_expected.to_not contain_class('nova::compute::libvirt::virtsecretd') - is_expected.to_not contain_class('nova::compute::libvirt::virtstoraged') - is_expected.to contain_class('nova::compute::libvirt::services') - is_expected.to contain_class('nova::compute::libvirt::qemu') - is_expected.to contain_class('nova::migration::qemu') - is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config( - libvirt_daemon_config_default) - is_expected.to contain_package('cyrus-sasl-scram') - is_expected.to contain_file('/etc/sasl2/libvirt.conf') - is_expected.to contain_file('/etc/libvirt/auth.conf').with_ensure('absent') - is_expected.to contain_exec('set libvirt sasl credentials').with_command( - 'saslpasswd2 -d -a libvirt -u overcloud migration' - ) - } - end - - - context 'modular-libvirt with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]} - } -eos - end - - let(:params) { { :step => 4, :modular_libvirt => true} } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::libvirt::virtlogd') - is_expected.to contain_class('nova::compute::libvirt::virtnodedevd') - is_expected.to contain_class('nova::compute::libvirt::virtproxyd') - is_expected.to contain_class('nova::compute::libvirt::virtqemud') - is_expected.to contain_class('nova::compute::libvirt::virtsecretd') - is_expected.to contain_class('nova::compute::libvirt::virtstoraged') - is_expected.to contain_class('nova::compute::libvirt::services') - is_expected.to contain_class('nova::compute::libvirt::qemu') - is_expected.to contain_class('nova::migration::qemu') - is_expected.to contain_class('nova::compute::libvirt::config').with_virtnodedevd_config(libvirt_daemon_config_default) - is_expected.to contain_class('nova::compute::libvirt::config').with_virtqemud_config(libvirt_daemon_config_default) - is_expected.to contain_class('nova::compute::libvirt::config').with_virtproxyd_config(libvirt_daemon_config_default) - is_expected.to contain_class('nova::compute::libvirt::config').with_virtstoraged_config(libvirt_daemon_config_default) - is_expected.to contain_class('nova::compute::libvirt::config').with_virtsecretd_config(libvirt_daemon_config_default) - is_expected.to contain_package('cyrus-sasl-scram') - is_expected.to contain_file('/etc/sasl2/libvirt.conf') - is_expected.to contain_file('/etc/libvirt/auth.conf').with_ensure('absent') - is_expected.to contain_exec('set libvirt sasl credentials').with_command( - 'saslpasswd2 -d -a libvirt -u overcloud migration' - ) - } - end - - context 'with step 4 and libvirtd_config' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]} - } -eos - end - - let(:params) { { :step => 4, :modular_libvirt => false, :libvirtd_config => { "unix_sock_group" => {"value" => '"foobar"'}} } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::libvirt') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::libvirt::virtlogd') - is_expected.to_not contain_class('nova::compute::libvirt::virtnodedevd') - is_expected.to_not contain_class('nova::compute::libvirt::virtproxyd') - is_expected.to_not contain_class('nova::compute::libvirt::virtqemud') - is_expected.to_not contain_class('nova::compute::libvirt::virtsecretd') - is_expected.to_not contain_class('nova::compute::libvirt::virtstoraged') - is_expected.to contain_class('nova::compute::libvirt::services') - is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config( - libvirt_daemon_config_default.merge(params[:libvirtd_config])) - is_expected.to contain_package('cyrus-sasl-scram') - is_expected.to contain_file('/etc/sasl2/libvirt.conf') - is_expected.to contain_file('/etc/libvirt/auth.conf').with_ensure('absent') - is_expected.to contain_exec('set libvirt sasl credentials').with_command( - 'saslpasswd2 -d -a libvirt -u overcloud migration' - ) - } - end - - context 'with step 4 and tls_password' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::migration::client': - step => #{params[:step]} - } - class { 'tripleo::profile::base::nova::compute_libvirt_shared': - step => #{params[:step]} - } -eos - end - - let(:params) { { :step => 4, :tls_password => 'foo', :modular_libvirt => false} } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::libvirt') - is_expected.to contain_class('tripleo::profile::base::nova::compute_libvirt_shared') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::compute::libvirt::virtlogd') - is_expected.to contain_class('nova::compute::libvirt::services') - is_expected.to contain_class('nova::compute::libvirt::qemu') - is_expected.to contain_class('nova::migration::qemu') - is_expected.to contain_class('nova::compute::libvirt::config').with_libvirtd_config( - libvirt_daemon_config_default) - is_expected.to contain_package('cyrus-sasl-scram') - is_expected.to contain_file('/etc/sasl2/libvirt.conf') - is_expected.to contain_file('/etc/libvirt/auth.conf').with_ensure('present') - is_expected.to contain_exec('set libvirt sasl credentials').with_command( - "echo \"\${TLS_PASSWORD}\" | saslpasswd2 -p -a libvirt -u overcloud migration" - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::libvirt' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_metadata_spec.rb b/spec/classes/tripleo_profile_base_nova_metadata_spec.rb deleted file mode 100644 index f0388e4ee..000000000 --- a/spec/classes/tripleo_profile_base_nova_metadata_spec.rb +++ /dev/null @@ -1,169 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::metadata' do - shared_examples_for 'tripleo::profile::base::nova::metadata' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ 'localhost' ], - oslomsg_rpc_username => 'nova', - oslomsg_rpc_password => 'foo' - } - class { 'tripleo::profile::base::nova::authtoken': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to_not contain_class('nova::cors') - is_expected.to_not contain_class('nova::wsgi::apache_metadata') - is_expected.to_not contain_class('nova::network::neutron') - is_expected.to_not contain_class('nova::metadata') - is_expected.to_not contain_class('nova::vendordata') - is_expected.to_not contain_class('tripleo::profile::base::apache') - } - end - - context 'with step 3 and not bootstrap_node' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to_not contain_class('nova::cors') - is_expected.to_not contain_class('nova::wsgi::apache_metadata') - is_expected.to_not contain_class('nova::network::neutron') - is_expected.to_not contain_class('nova::metadata') - is_expected.to_not contain_class('nova::vendordata') - is_expected.to_not contain_class('tripleo::profile::base::apache') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::wsgi::apache_metadata') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::metadata') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('tripleo::profile::base::apache') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::wsgi::apache_metadata') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::metadata') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('tripleo::profile::base::apache') - } - end - - context 'with step 4 not on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::wsgi::apache_metadata') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::metadata') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('tripleo::profile::base::apache') - } - end - - context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do - let(:params) { { - :step => 3, - :enable_internal_tls => true, - :nova_metadata_network => 'bar', - :bootstrap_node => 'node.example.com', - :certificates_specs => { - 'httpd-bar' => { - 'hostname' => 'foo', - 'service_certificate' => '/foo.pem', - 'service_key' => '/foo.key', - }, - } - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::metadata') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('tripleo::profile::base::nova::authtoken') - is_expected.to contain_class('nova::cors') - is_expected.to contain_class('nova::wsgi::apache_metadata').with( - :ssl_cert => '/foo.pem', - :ssl_key => '/foo.key') - is_expected.to contain_class('nova::network::neutron') - is_expected.to contain_class('nova::metadata') - is_expected.to contain_class('nova::vendordata') - is_expected.to contain_class('tripleo::profile::base::apache') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::metadata' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb deleted file mode 100644 index a444524d5..000000000 --- a/spec/classes/tripleo_profile_base_nova_migration_client_spec.rb +++ /dev/null @@ -1,190 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::migration::client' do - shared_examples_for 'tripleo::profile::base::nova::migration::client' do - - context 'with step 4' do - let(:pre_condition) { - <<-eos - include nova::compute::libvirt::services - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } -eos - } - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_class('nova::migration::libvirt').with( - :transport => 'ssh', - :configure_libvirt => false, - :configure_nova => false - ) - is_expected.to contain_file('/etc/nova/migration/identity').with( - :content => '# Migration over SSH disabled by TripleO', - :mode => '0600', - :owner => 'nova', - :group => 'nova', - ) - } - end - - context 'with step 4 with libvirt' do - let(:pre_condition) { - <<-eos - include nova::compute::libvirt::services - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } -eos - } - let(:params) { { - :step => 4, - :libvirt_enabled => true, - :nova_compute_enabled => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_class('nova::migration::libvirt').with( - :transport => 'ssh', - :configure_libvirt => params[:libvirt_enabled], - :configure_nova => params[:nova_compute_enabled] - ) - is_expected.to contain_file('/etc/nova/migration/identity').with( - :content => '# Migration over SSH disabled by TripleO', - :mode => '0600', - :owner => 'nova', - :group => 'nova', - ) - } - end - - context 'with step 4 with libvirt TLS' do - let(:pre_condition) { - <<-eos - include nova::compute::libvirt::services - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } -eos - } - let(:params) { { - :step => 4, - :libvirt_enabled => true, - :nova_compute_enabled => true, - :libvirt_tls => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_class('nova::migration::libvirt').with( - :transport => 'tls', - :configure_libvirt => params[:libvirt_enabled], - :configure_nova => params[:nova_compute_enabled], - :auth => 'sasl' - ) - is_expected.to contain_file('/etc/nova/migration/identity').with( - :content => '# Migration over SSH disabled by TripleO', - :mode => '0600', - :owner => 'nova', - :group => 'nova', - ) - } - end - - context 'with step 4 with libvirt and migration ssh key' do - let(:pre_condition) { - <<-eos - include nova::compute::libvirt::services - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } -eos - } - let(:params) { { - :step => 4, - :libvirt_enabled => true, - :nova_compute_enabled => true, - :ssh_private_key => 'foo' - } } - - it { - is_expected.to contain_class('nova::migration::libvirt').with( - :transport => 'ssh', - :configure_libvirt => params[:libvirt_enabled], - :configure_nova => params[:nova_compute_enabled] - ) - is_expected.to contain_file('/etc/nova/migration/identity').with( - :content => 'foo', - :mode => '0600', - :owner => 'nova', - :group => 'nova', - ) - } - end - - context 'with step 4 with libvirt TLS and migration ssh key' do - let(:pre_condition) { - <<-eos - include nova::compute::libvirt::services - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } -eos - } - let(:params) { { - :step => 4, - :libvirt_enabled => true, - :nova_compute_enabled => true, - :libvirt_tls => true, - :ssh_private_key => 'foo' - } } - - it { - is_expected.to contain_class('nova::migration::libvirt').with( - :transport => 'tls', - :configure_libvirt => params[:libvirt_enabled], - :configure_nova => params[:nova_compute_enabled], - :auth => 'sasl' - ) - is_expected.to contain_file('/etc/nova/migration/identity').with( - :content => 'foo', - :mode => '0600', - :owner => 'nova', - :group => 'nova', - ) - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::nova::migration::client' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_migration_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_spec.rb deleted file mode 100644 index 86c790e15..000000000 --- a/spec/classes/tripleo_profile_base_nova_migration_spec.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::migration' do - shared_examples_for 'tripleo::profile::base::nova::migration' do - - context 'with step 3' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_package('openstack-nova-migration') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - it_behaves_like 'tripleo::profile::base::nova::migration' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb b/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb deleted file mode 100644 index 4e6f93d73..000000000 --- a/spec/classes/tripleo_profile_base_nova_migration_target_spec.rb +++ /dev/null @@ -1,165 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::migration::target' do - shared_examples_for 'tripleo::profile::base::nova::migration::target' do - - context 'with step 4 without authorized_keys' do - let(:pre_condition) { - <<-eos - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'ssh': - storeconfigs_enabled => false, - server_options => {} - } -eos - } - - let(:params) { { - :step => 4, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( - :content => '# Migration over SSH disabled by TripleO', - :mode => '0640', - :owner => 'root', - :group => 'nova_migration', - ) - is_expected.to contain_user('nova_migration').with( - :shell => '/sbin/nologin' - ) - } - end - - context 'with step 4 with invalid ssh_authorized_keys' do - let(:pre_condition) { - <<-eos - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'ssh': - storeconfigs_enabled => false, - server_options => {} - } -eos - } - - let(:params) { { - :step => 4, - :ssh_authorized_keys => 'ssh-rsa bar', - } } - - it { is_expected.to_not compile } - end - - context 'with step 4 with authorized_keys' do - let(:pre_condition) { - <<-eos - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'ssh': - storeconfigs_enabled => false, - server_options => {} - } -eos - } - - let(:params) { { - :step => 4, - :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'], - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_ssh__server__match_block('nova_migration').with( - :type => 'User', - :name => 'nova_migration', - :options => { - 'ForceCommand' => '/bin/nova-migration-wrapper', - 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' - } - ) - is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( - :content => 'ssh-rsa bar\nssh-rsa baz', - :mode => '0640', - :owner => 'root', - :group => 'nova_migration', - ) - is_expected.to contain_user('nova_migration').with( - :shell => '/bin/bash' - ) - } - end - - context 'with step 4 with wrapper_command' do - let(:pre_condition) { - <<-eos - class { 'tripleo::profile::base::nova::migration': - step => #{params[:step]} - } - class { 'ssh': - storeconfigs_enabled => false, - server_options => {} - } -eos - } - - let(:params) { { - :step => 4, - :ssh_authorized_keys => ['ssh-rsa bar', 'ssh-rsa baz'], - :wrapper_command => '/bin/true' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::migration') - is_expected.to contain_ssh__server__match_block('nova_migration').with( - :type => 'User', - :name => 'nova_migration', - :options => { - 'ForceCommand' => '/bin/true', - 'AuthorizedKeysFile' => '/etc/nova/migration/authorized_keys' - } - ) - is_expected.to contain_file('/etc/nova/migration/authorized_keys').with( - :content => 'ssh-rsa bar\nssh-rsa baz', - :mode => '0640', - :owner => 'root', - :group => 'nova_migration', - ) - is_expected.to contain_user('nova_migration').with( - :shell => '/bin/bash' - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::nova::migration::target' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb b/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb deleted file mode 100644 index a784244c0..000000000 --- a/spec/classes/tripleo_profile_base_nova_scheduler_spec.rb +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::scheduler' do - shared_examples_for 'tripleo::profile::base::nova::scheduler' do - - context 'with step less than 4' do - let(:params) { { :step => 1, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::scheduler') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::scheduler') - is_expected.to_not contain_class('nova::scheduler::filter') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } -eos - end - - let(:params) { { :step => 4, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::scheduler') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::scheduler') - is_expected.to contain_class('nova::scheduler::filter') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::scheduler' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_spec.rb b/spec/classes/tripleo_profile_base_nova_spec.rb deleted file mode 100644 index b94eaae81..000000000 --- a/spec/classes/tripleo_profile_base_nova_spec.rb +++ /dev/null @@ -1,185 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova' do - shared_examples_for 'tripleo::profile::base::nova' do - - context 'with step less than 3' do - let(:params) { { - :step => 1, - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova') - is_expected.to_not contain_class('nova::config') - is_expected.to_not contain_class('nova::logging') - is_expected.to_not contain_class('nova::cache') - is_expected.to_not contain_class('nova::cinder') - is_expected.to_not contain_class('nova::glance') - is_expected.to_not contain_class('nova::placement') - is_expected.to_not contain_class('nova::keystone::service_user') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_username => 'nova', - :oslomsg_rpc_password => 'foo', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova').with( - :default_transport_url => 'rabbit://nova:foo@localhost:5672/?ssl=0' - ) - is_expected.to contain_class('nova::config') - is_expected.to contain_class('nova::logging') - is_expected.to contain_class('nova::cache').with( - :memcache_servers => ['controller-1:11211'] - ) - is_expected.to contain_class('nova::cinder') - is_expected.to contain_class('nova::glance') - is_expected.to contain_class('nova::placement') - is_expected.to contain_class('nova::keystone::service_user') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova') - is_expected.to_not contain_class('nova::config') - is_expected.to_not contain_class('nova::logging') - is_expected.to_not contain_class('nova::cache') - is_expected.to_not contain_class('nova::cinder') - is_expected.to_not contain_class('nova::glance') - is_expected.to_not contain_class('nova::placement') - is_expected.to_not contain_class('nova::keystone::service_user') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - :oslomsg_rpc_hosts => [ 'localhost' ], - :oslomsg_rpc_password => 'foo', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova').with( - :default_transport_url => /.+/, - :notification_transport_url => /.+/, - :nova_public_key => nil, - :nova_private_key => nil, - ) - is_expected.to contain_class('nova::config') - is_expected.to contain_class('nova::logging') - is_expected.to contain_class('nova::cache') - is_expected.to contain_class('nova::cinder') - is_expected.to contain_class('nova::glance') - is_expected.to contain_class('nova::placement') - is_expected.to contain_class('nova::keystone::service_user') - is_expected.to_not contain_class('nova::migration::libvirt') - is_expected.to_not contain_file('/etc/nova/migration/authorized_keys') - is_expected.to_not contain_file('/etc/nova/migration/identity') - } - end - - context 'with step 4 and memcache ipv6' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('nova::cache').with( - :memcache_servers => ['[::1]:11211'] - ) - end - end - - context 'with step 4, memcache ipv6 and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => '::1', - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('nova::cache').with( - :memcache_servers => ['inet6:[::1]:11211'] - ) - end - end - - context 'with step 4 and the ipv6 parameter' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('nova::cache').with( - :memcache_servers => ['node.example.com:11211'] - ) - end - end - - context 'with step 4, the ipv6 parameter and memcached backend' do - let(:params) { { - :step => 4, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - :cache_backend => 'dogpile.cache.memcached', - } } - - it 'should format the memcache_server parameter' do - is_expected.to contain_class('nova::cache').with( - :memcache_servers => ['inet6:[node.example.com]:11211'] - ) - end - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova' - end - end -end diff --git a/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb b/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb deleted file mode 100644 index 24a953f45..000000000 --- a/spec/classes/tripleo_profile_base_nova_vncproxy_spec.rb +++ /dev/null @@ -1,62 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::nova::vncproxy' do - shared_examples_for 'tripleo::profile::base::nova::vncproxy' do - - context 'with step less than 4' do - let(:params) { { :step => 1, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::vncproxy') - is_expected.to_not contain_class('tripleo::profile::base::nova') - is_expected.to_not contain_class('nova::vncproxy') - } - end - - context 'with step 4' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::nova': - step => #{params[:step]}, - oslomsg_rpc_hosts => [ '127.0.0.1' ], - } -eos - end - - let(:params) { { :step => 4, } } - - it { - is_expected.to contain_class('tripleo::profile::base::nova::vncproxy') - is_expected.to contain_class('tripleo::profile::base::nova') - is_expected.to contain_class('nova::vncproxy') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::nova::vncproxy' - end - end -end diff --git a/spec/classes/tripleo_profile_base_octavia_api_spec.rb b/spec/classes/tripleo_profile_base_octavia_api_spec.rb deleted file mode 100644 index 5a1b91c3f..000000000 --- a/spec/classes/tripleo_profile_base_octavia_api_spec.rb +++ /dev/null @@ -1,182 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::api' do - - shared_examples_for 'tripleo::profile::base::octavia::api' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::octavia' : - step => #{params[:step]}, - oslomsg_rpc_username => 'bugs', - oslomsg_rpc_password => 'rabbits_R_c00l', - oslomsg_rpc_hosts => ['hole.field.com'] - } - class { 'octavia::db::mysql': - password => 'some_password' - } -eos - end - - context 'with step less than 3 on bootstrap' do - let(:params) { { - :step => 2, - :bootstrap_node => 'node.example.com' - } } - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::api') - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('octavia::wsgi::apache') - end - end - - context 'with step less than 3 on non-bootstrap' do - let(:params) { { - :step => 2, - :bootstrap_node => 'other.example.com' - } } - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::api') - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('octavia::wsgi::apache') - end - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com' - } } - - it 'should start configuring database' do - is_expected.to_not contain_class('octavia::api') - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('octavia::wsgi::apache') - end - end - - context 'with step 3 on non-bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com' - } } - - it 'should do nothing' do - is_expected.to_not contain_class('octavia::api') - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('octavia::wsgi::apache') - end - end - - context 'with step 4 on bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'node.example.com' - } } - - it 'should apply configurations with syncing database' do - is_expected.to contain_class('octavia::api').with(:sync_db => true) - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('octavia::wsgi::apache') - end - end - - context 'with step 4 on non-bootstrap node' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com' - } } - - it 'should do nothing' do - is_expected.to_not contain_class('octavia::api') - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::healthcheck') - is_expected.to_not contain_class('tripleo::profile::base::apache') - is_expected.to_not contain_class('octavia::wsgi::apache') - end - end - - context 'with step 5 on non-bootstrap node' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com' - } } - - it 'should apply configurations without syncing database' do - is_expected.to contain_class('octavia::api').with(:sync_db => false) - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('octavia::wsgi::apache') - end - end - - context 'Configure internal TLS' do - let(:params) { { - :step => 5, - :bootstrap_node => 'other.example.com', - :enable_internal_tls => true, - :octavia_network => 'octavia-net', - :certificates_specs => { - 'httpd-octavia-net' => { - 'hostname' => 'somehost', - 'service_certificate' => '/foo.pem', - 'service_key' => '/foo.key', - }, - }, - } } - - it { - is_expected.to contain_class('octavia::api') - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::healthcheck') - is_expected.to contain_class('tripleo::profile::base::apache') - is_expected.to contain_class('octavia::wsgi::apache').with( - :ssl_cert => '/foo.pem', - :ssl_key => '/foo.key', - ) - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia::api' - end - end -end - diff --git a/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb b/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb deleted file mode 100644 index 604a4664a..000000000 --- a/spec/classes/tripleo_profile_base_octavia_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2019 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::authtoken' do - shared_examples_for 'tripleo::profile::base::octavia::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') - is_expected.to_not contain_class('octavia::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') - is_expected.to contain_class('octavia::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') - is_expected.to contain_class('octavia::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::octavia::authtoken') - is_expected.to contain_class('octavia::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::octavia::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_octavia_health_manager_spec.rb b/spec/classes/tripleo_profile_base_octavia_health_manager_spec.rb deleted file mode 100644 index 13e25452c..000000000 --- a/spec/classes/tripleo_profile_base_octavia_health_manager_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (C) 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::health_manager' do - - let :params do - { :step => 5 } - end - - shared_examples_for 'tripleo::profile::base::octavia::health_manager' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::octavia' : - step => #{params[:step]}, - oslomsg_rpc_username => 'bugs', - oslomsg_rpc_password => 'rabbits_R_c00l', - oslomsg_rpc_hosts => ['hole.field.com'] - } -eos - end - - context 'with step less than 5' do - before do - params.merge!({ :step => 4 }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::nova') - is_expected.to_not contain_class('octavia::health_manager') - is_expected.to_not contain_class('octavia::certificates') - is_expected.to_not contain_class('octavia::neutron') - is_expected.to_not contain_class('octavia::glance') - is_expected.to_not contain_class('octavia::cinder') - is_expected.to_not contain_class('octavia::task_flow') - end - end - - context 'with step 5' do - before do - params.merge!({ :step => 5 }) - end - - it 'should do the full configuration' do - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::nova') - is_expected.to contain_class('octavia::health_manager') - is_expected.to contain_class('octavia::certificates') - is_expected.to contain_class('octavia::neutron') - is_expected.to contain_class('octavia::glance') - is_expected.to contain_class('octavia::cinder') - is_expected.to contain_class('octavia::task_flow') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia::health_manager' - end - end -end diff --git a/spec/classes/tripleo_profile_base_octavia_housekeeping_spec.rb b/spec/classes/tripleo_profile_base_octavia_housekeeping_spec.rb deleted file mode 100644 index 6ce8fe59b..000000000 --- a/spec/classes/tripleo_profile_base_octavia_housekeeping_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (C) 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::housekeeping' do - - let :params do - { :step => 5 } - end - - shared_examples_for 'tripleo::profile::base::octavia::housekeeping' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::octavia' : - step => #{params[:step]}, - oslomsg_rpc_username => 'bugs', - oslomsg_rpc_password => 'rabbits_R_c00l', - oslomsg_rpc_hosts => ['hole.field.com'] - } -eos - end - - context 'with step less than 5' do - before do - params.merge!({ :step => 4 }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::nova') - is_expected.to_not contain_class('octavia::housekeeping') - is_expected.to_not contain_class('octavia::certificates') - is_expected.to_not contain_class('octavia::neutron') - is_expected.to_not contain_class('octavia::glance') - is_expected.to_not contain_class('octavia::cinder') - is_expected.to_not contain_class('octavia::task_flow') - end - end - - context 'with step 5' do - before do - params.merge!({ :step => 5 }) - end - - it 'should do the full configuration' do - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::nova') - is_expected.to contain_class('octavia::housekeeping') - is_expected.to contain_class('octavia::certificates') - is_expected.to contain_class('octavia::neutron') - is_expected.to contain_class('octavia::glance') - is_expected.to contain_class('octavia::cinder') - is_expected.to contain_class('octavia::task_flow') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia::housekeeping' - end - end -end diff --git a/spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb b/spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb deleted file mode 100644 index 00a185bd4..000000000 --- a/spec/classes/tripleo_profile_base_octavia_provider_ovn_spec.rb +++ /dev/null @@ -1,174 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::provider::ovn' do - - let :params do - { :step => 5, - } - end - - shared_examples_for 'tripleo::profile::base::octavia::provider::ovn' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::octavia' : - step => #{params[:step]}, - oslomsg_rpc_username => 'bugs', - oslomsg_rpc_password => 'rabbits_R_c00l', - oslomsg_rpc_hosts => ['hole.field.com'] - } - class { 'octavia::db::mysql': - password => 'some_password' - } - class { 'tripleo::profile::base::octavia::api' : - step => #{params[:step]}, - bootstrap_node => 'notbootstrap.example.com', - } -eos - end - - context 'with step less than 3' do - before do - params.merge!({ - :step => 2, - }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::provider::ovn') - end - end - - context 'with step 4 without ovn_db_host' do - before do - params.merge!({ - :step => 4, - :protocol => 'tcp', - :ovn_nb_port => '6641', - :ovn_sb_port => '6642', - }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::provider::ovn') - end - end - - context 'with step 4 with ovn default protocol' do - before do - params.merge!({ - :step => 4, - :ovn_db_host => '127.0.0.1', - :ovn_nb_port => '6641', - :ovn_sb_port => '6642', - }) - end - - it 'should set octavia provider ovn nb connection using tcp' do - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'tcp:127.0.0.1:6641') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'tcp:127.0.0.1:6642') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '') - end - end - - context 'with step 4 with ovn and tls/ssl' do - before do - params.merge!({ - :step => 4, - :protocol => 'ssl', - :ovn_db_host => '192.168.123.111', - :ovn_nb_port => '6641', - :ovn_sb_port => '6642', - :ovn_nb_private_key => '/foo.key', - :ovn_nb_certificate => '/foo.pem', - :ovn_nb_ca_cert => '/ca_foo.pem', - :ovn_sb_private_key => '/bar.key', - :ovn_sb_certificate => '/bar.pem', - :ovn_sb_ca_cert => '/ca_bar.pem', - }) - end - - it 'should set octavia provider ovn nb connection using ssl' do - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'ssl:192.168.123.111:6641') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_connection => 'ssl:192.168.123.111:6642') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_private_key => '/foo.key') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_certificate => '/foo.pem') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_ca_cert => '/ca_foo.pem') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_private_key => '/bar.key') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_certificate => '/bar.pem') - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_sb_ca_cert => '/ca_bar.pem') - end - end - - context 'with step 4 with clustered ovn db' do - before do - params.merge!({ - :step => 4, - :ovn_db_host => '127.0.0.1', - :ovn_db_node_ips => ['192.0.2.11', '192.0.2.12'], - :ovn_db_clustered => true, - :ovn_nb_port => '6641', - :ovn_sb_port => '6642', - }) - end - - it 'should set octavia provider ovn nb connection using tcp' do - is_expected.to contain_class('octavia::provider::ovn').with( - :ovn_nb_connection => 'tcp:192.0.2.11:6641,tcp:192.0.2.12:6641' - ) - is_expected.to contain_class('octavia::provider::ovn').with( - :ovn_sb_connection => 'tcp:192.0.2.11:6642,tcp:192.0.2.12:6642' - ) - end - end - - context 'with step 4 with ovn and unix socket (no ovn_nb_port)' do - before do - params.merge!({ - :step => 4, - :protocol => 'punix', - :ovn_db_host => '/run/ovn/ovnnb_db.sock', - }) - end - - it 'should set octavia provider ovn nb connection using unix socket' do - is_expected.to contain_class('octavia::provider::ovn').with(:ovn_nb_connection => 'punix:/run/ovn/ovnnb_db.sock') - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia::provider::ovn' - end - end -end - diff --git a/spec/classes/tripleo_profile_base_octavia_spec.rb b/spec/classes/tripleo_profile_base_octavia_spec.rb deleted file mode 100644 index cd7068f9e..000000000 --- a/spec/classes/tripleo_profile_base_octavia_spec.rb +++ /dev/null @@ -1,157 +0,0 @@ -# -# Copyright (C) 2016 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia' do - - let :params do - { :oslomsg_rpc_hosts => ['some.server.com'], - :step => 5 - } - end - - shared_examples_for 'tripleo::profile::base::octavia' do - - context 'with step less than 3' do - before do - params.merge!({ :step => 2 }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia') - is_expected.to_not contain_class('octavia::config') - is_expected.to_not contain_class('octavia::db') - is_expected.to_not contain_class('octavia::logging') - is_expected.to_not contain_class('octavia::networking') - is_expected.to_not contain_class('octavia::service_auth') - is_expected.to_not contain_class('octavia::driver_agent') - end - end - - context 'with step 3' do - before do - params.merge!({ :step => 3 }) - end - - it 'should provide basic initialization' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://guest:password@some.server.com:5672/?ssl=0' - ) - is_expected.to contain_class('octavia::config') - is_expected.to contain_class('octavia::db') - is_expected.to contain_class('octavia::logging') - is_expected.to contain_class('octavia::networking') - is_expected.to contain_class('octavia::service_auth') - is_expected.to_not contain_class('octavia::driver_agent') - end - end - - context 'with multiple hosts' do - before do - params.merge!({ - :step => 3, - :oslomsg_rpc_hosts => ['some.server.com', 'someother.server.com'] - }) - end - - it 'should construct a multihost URL' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://guest:password@some.server.com:5672,guest:password@someother.server.com:5672/?ssl=0' - ) - end - end - - context 'with username provided' do - before do - params.merge!({ - :step => 3, - :oslomsg_rpc_username => 'bunny' - }) - end - - it 'should construct URL with username' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://bunny:password@some.server.com:5672/?ssl=0' - ) - end - end - - context 'with username and password provided' do - before do - params.merge!({ - :step => 3, - :oslomsg_rpc_username => 'bunny', - :oslomsg_rpc_password => 'carrot' - }) - end - - it 'should construct URL with username and password' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672/?ssl=0' - ) - end - end - - context 'with multiple hosts and user info provided' do - before do - params.merge!({ - :step => 3, - :oslomsg_rpc_hosts => ['some.server.com', 'someother.server.com'], - :oslomsg_rpc_username => 'bunny', - :oslomsg_rpc_password => 'carrot' - }) - end - - it 'should distributed user info across hosts URL' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://bunny:carrot@some.server.com:5672,bunny:carrot@someother.server.com:5672/?ssl=0' - ) - end - end - - context 'with driver agent enabled' do - before do - params.merge!({ - :step => 3, - :enable_driver_agent => true - }) - end - - it 'should provide basic initialization' do - is_expected.to contain_class('octavia').with( - :default_transport_url => 'rabbit://guest:password@some.server.com:5672/?ssl=0' - ) - is_expected.to contain_class('octavia::config') - is_expected.to contain_class('octavia::db') - is_expected.to contain_class('octavia::logging') - is_expected.to contain_class('octavia::networking') - is_expected.to contain_class('octavia::service_auth') - is_expected.to contain_class('octavia::driver_agent') - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia' - end - end -end diff --git a/spec/classes/tripleo_profile_base_octavia_worker_spec.rb b/spec/classes/tripleo_profile_base_octavia_worker_spec.rb deleted file mode 100644 index 4b77af025..000000000 --- a/spec/classes/tripleo_profile_base_octavia_worker_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (C) 2021 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::octavia::worker' do - - let :params do - { :step => 5 } - end - - shared_examples_for 'tripleo::profile::base::octavia::worker' do - - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::octavia' : - step => #{params[:step]}, - oslomsg_rpc_username => 'bugs', - oslomsg_rpc_password => 'rabbits_R_c00l', - oslomsg_rpc_hosts => ['hole.field.com'] - } -eos - end - - context 'with step less than 5' do - before do - params.merge!({ :step => 4 }) - end - - it 'should not do anything' do - is_expected.to_not contain_class('octavia::controller') - is_expected.to_not contain_class('octavia::nova') - is_expected.to_not contain_class('octavia::worker') - is_expected.to_not contain_class('octavia::certificates') - is_expected.to_not contain_class('octavia::neutron') - is_expected.to_not contain_class('octavia::glance') - is_expected.to_not contain_class('octavia::cinder') - is_expected.to_not contain_class('octavia::task_flow') - end - end - - context 'with step 5' do - before do - params.merge!({ :step => 5 }) - end - - it 'should do the full configuration' do - is_expected.to contain_class('octavia::controller') - is_expected.to contain_class('octavia::nova') - is_expected.to contain_class('octavia::worker') - is_expected.to contain_class('octavia::certificates') - is_expected.to contain_class('octavia::neutron') - is_expected.to contain_class('octavia::glance') - is_expected.to contain_class('octavia::cinder') - is_expected.to contain_class('octavia::task_flow') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - it_behaves_like 'tripleo::profile::base::octavia::worker' - end - end -end diff --git a/spec/classes/tripleo_profile_base_pacemaker_spec.rb b/spec/classes/tripleo_profile_base_pacemaker_spec.rb deleted file mode 100644 index 8fb5ba028..000000000 --- a/spec/classes/tripleo_profile_base_pacemaker_spec.rb +++ /dev/null @@ -1,71 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::pacemaker' do - shared_examples_for 'tripleo::profile::base::pacemaker' do - before :each do - facts.merge!({ - :step => params[:step], - }) - end - - context 'with step 4 with defaults (instanceha disabled)' do - let(:params) { { - :step => 4, - } } - - it { - is_expected.to_not contain_class('tripleo::profile::base::pacemaker::instance_ha') - is_expected.to_not contain_class('pacemaker::stonith::fence_compute') - } - end - - context 'with step 4 with instanceha enabled' do - let(:params) { { - :step => 4, - :enable_instanceha => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::pacemaker::instance_ha') - is_expected.to contain_class('pacemaker::resource_defaults') - is_expected.to contain_pcmk_stonith('stonith-fence_compute-fence-nova').with({ - :stonith_type => "fence_compute", - }) - is_expected.to contain_pcmk_resource('compute-unfence-trigger').with({ - :resource_type => "ocf:pacemaker:Dummy", - :meta_params => "requires=unfencing", - }) - is_expected.to contain_pcmk_resource('nova-evacuate').with({ - :resource_type => "ocf:openstack:NovaEvacuate", - :resource_params => "auth_url=localhost:5000 username=admin password=password user_domain=Default project_domain=Default tenant_name=admin region_name=regionOne no_shared_storage=true", - }) - } - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::pacemaker' - end - end -end diff --git a/spec/classes/tripleo_profile_base_placement_api_spec.rb b/spec/classes/tripleo_profile_base_placement_api_spec.rb deleted file mode 100644 index ed2599ff1..000000000 --- a/spec/classes/tripleo_profile_base_placement_api_spec.rb +++ /dev/null @@ -1,131 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::placement::api' do - shared_examples_for 'tripleo::profile::base::placement::api' do - let(:pre_condition) do - <<-eos - class { 'tripleo::profile::base::placement': - step => #{params[:step]}, - } - class { 'tripleo::profile::base::placement::authtoken': - step => #{params[:step]}, - } -eos - end - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::api') - is_expected.to_not contain_class('placement::keystone::authtoken') - is_expected.to_not contain_class('placement::api') - is_expected.to_not contain_class('placement::wsgi::apache') - } - end - - context 'with step less than 3 and internal tls and generate certs' do - let(:params) { { - :step => 1, - :enable_internal_tls => true, - :placement_network => 'bar', - :certificates_specs => { - 'httpd-bar' => { - 'hostname' => 'foo', - 'service_certificate' => '/foo.pem', - 'service_key' => '/foo.key', - }, - } - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::api') - is_expected.to_not contain_class('placement::keystone::authtoken') - is_expected.to_not contain_class('placement::api') - is_expected.to_not contain_class('placement::wsgi::apache') - } - end - - context 'with step 3 and not bootstrap' do - let(:params) { { - :step => 3, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::api') - is_expected.to contain_class('placement::keystone::authtoken') - is_expected.to_not contain_class('placement::api') - is_expected.not_to contain_class('placement::wsgi::apache') - } - end - - context 'with step 3 and bootstrap' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com' - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::api') - is_expected.to contain_class('placement::keystone::authtoken') - is_expected.to contain_class('placement::api') - is_expected.to contain_class('placement::wsgi::apache') - } - end - - context 'with step 3 and bootstrap with enable_internal_tls and skip generate certs' do - let(:params) { { - :step => 3, - :enable_internal_tls => true, - :placement_network => 'bar', - :bootstrap_node => 'node.example.com', - :certificates_specs => { - 'httpd-bar' => { - 'hostname' => 'foo', - 'service_certificate' => '/foo.pem', - 'service_key' => '/foo.key', - }, - } - - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::api') - is_expected.to contain_class('placement::keystone::authtoken') - is_expected.to contain_class('placement::api') - is_expected.to contain_class('placement::wsgi::apache').with( - :ssl_cert => '/foo.pem', - :ssl_key => '/foo.key') - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::placement::api' - end - end -end diff --git a/spec/classes/tripleo_profile_base_placement_authtoken_spec.rb b/spec/classes/tripleo_profile_base_placement_authtoken_spec.rb deleted file mode 100644 index fb9607388..000000000 --- a/spec/classes/tripleo_profile_base_placement_authtoken_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::placement::authtoken' do - shared_examples_for 'tripleo::profile::base::placement::authtoken' do - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::authtoken') - is_expected.to_not contain_class('placement::keystone::authtoken') - } - end - - context 'with step 3' do - let(:params) { { - :step => 3, - :memcached_hosts => '127.0.0.1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::authtoken') - is_expected.to contain_class('placement::keystone::authtoken').with( - :memcached_servers => ['127.0.0.1:11211'] - ) - } - end - - context 'with step 3 with ipv6' do - let(:params) { { - :step => 3, - :memcached_hosts => '::1', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::authtoken') - is_expected.to contain_class('placement::keystone::authtoken').with( - :memcached_servers => ['inet6:[::1]:11211'] - ) - } - end - - context 'with step 3 with the ipv6 parameter' do - let(:params) { { - :step => 3, - :memcached_hosts => 'node.example.com', - :memcached_ipv6 => true, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement::authtoken') - is_expected.to contain_class('placement::keystone::authtoken').with( - :memcached_servers => ['inet6:[node.example.com]:11211'] - ) - } - end - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::placement::authtoken' - end - end -end diff --git a/spec/classes/tripleo_profile_base_placement_spec.rb b/spec/classes/tripleo_profile_base_placement_spec.rb deleted file mode 100644 index 74a05ffb5..000000000 --- a/spec/classes/tripleo_profile_base_placement_spec.rb +++ /dev/null @@ -1,93 +0,0 @@ -# -# Copyright (C) 2020 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::placement' do - shared_examples_for 'tripleo::profile::base::placement' do - - context 'with step less than 3' do - let(:params) { { - :step => 1, - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement') - is_expected.to_not contain_class('placement') - is_expected.to_not contain_class('placement::config') - is_expected.to_not contain_class('placement::db') - is_expected.to_not contain_class('placement::logging') - } - end - - context 'with step 3 on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'node.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement') - is_expected.to contain_class('placement') - is_expected.to contain_class('placement::config') - is_expected.to contain_class('placement::db') - is_expected.to contain_class('placement::logging') - } - end - - context 'with step 3 not on bootstrap node' do - let(:params) { { - :step => 3, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement') - is_expected.to_not contain_class('placement') - is_expected.to_not contain_class('placement::config') - is_expected.to_not contain_class('placement::db') - is_expected.to_not contain_class('placement::logging') - } - end - - context 'with step 4' do - let(:params) { { - :step => 4, - :bootstrap_node => 'other.example.com', - } } - - it { - is_expected.to contain_class('tripleo::profile::base::placement') - is_expected.to contain_class('placement') - is_expected.to contain_class('placement::config') - is_expected.to contain_class('placement::db') - is_expected.to contain_class('placement::logging') - } - end - - end - - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::placement' - end - end -end diff --git a/spec/classes/tripleo_profile_base_qdr_spec.rb b/spec/classes/tripleo_profile_base_qdr_spec.rb deleted file mode 100644 index df6befce5..000000000 --- a/spec/classes/tripleo_profile_base_qdr_spec.rb +++ /dev/null @@ -1,158 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::qdr' do - - let :params do - { - :step => 3, - :qdr_username => 'openstack', - :qdr_password => 'bigsecret', - } - end - - shared_examples_for 'tripleo::profile::base::qdr' do - - context 'with step 3 on single node' do - before do - facts.merge!({ - :hostname => 'node.example.com', - }) - params.merge!({ - :oslomsg_rpc_hosts => ['node.example.com'], - }) - end - - it 'should setup standalone' do - is_expected.to contain_class('qdr').with( - :router_mode => 'standalone', - :extra_listeners => [], - :connectors => [], - ) - end - end - - context 'with step 3 on node1 of multinode' do - before do - facts.merge!({ - :hostname => 'node1.example.com', - }) - params.merge!({ - :oslomsg_rpc_hosts => ['node1.example.com','node2.example.com','node3.example.com'], - }) - end - - it 'should set interior listener and no connectors' do - is_expected.to contain_class('qdr').with( - :router_mode => 'interior', - :extra_listeners => [{'host' => '0.0.0.0','port' => '31460','role' => 'inter-router'}], - :connectors => [], - ) - end - end - - context 'with step 3 on node2 of multinode' do - before do - facts.merge!({ - :hostname => 'node2.example.com', - }) - params.merge!({ - :oslomsg_rpc_hosts => ['node1.example.com','node2.example.com','node3.example.com'], - }) - end - - it 'should set up interior listener and one connector' do - is_expected.to contain_class('qdr').with( - :router_mode => 'interior', - :extra_listeners => [{'host' => '0.0.0.0','port' => '31460','role' => 'inter-router'}], - :connectors => [{"host"=>"node1.example.com", "role"=>"inter-router", "port"=>"31460"}], - ) - end - end - - context 'with step 3 on node3 of multinode' do - before do - facts.merge!({ - :hostname => 'node3.example.com', - }) - params.merge!({ - :oslomsg_rpc_hosts => ['node1.example.com','node2.example.com','node3.example.com'], - }) - end - - it 'should set up interior listener and two connectors' do - is_expected.to contain_class('qdr').with( - :router_mode => 'interior', - :extra_listeners => [{'host' => '0.0.0.0','port' => '31460','role' => 'inter-router'}], - :connectors => [ - {"host"=>"node1.example.com", "role"=>"inter-router", "port"=>"31460"}, - {"host"=>"node2.example.com", "role"=>"inter-router", "port"=>"31460"}], - ) - end - end - - context 'with step 3 on node3 of multinode with ssl' do - before do - facts.merge!({ - :hostname => 'node3.example.com', - :fqdn => 'node3.example.com', - }) - params.merge!({ - :oslomsg_rpc_hosts => ['node1.example.com','node2.example.com','node3.example.com'], - :listener_require_ssl => 'yes', - }) - end - - it 'should set up interior listener with sslProfile and two connectors with sslProfile' do - is_expected.to contain_class('qdr').with( - # this should be true instead of 'yes', because 'yes' is deprecated, - # but until we have rspec-puppet >= 2.7.9 to get: - # - # https://github.com/rodjek/rspec-puppet/commit/5e6b5e40dd22c5db5a8c7d8f21597d8ba95b1ddc - # - # Then it will throw a FrozenError. So just test with 'yes' instead. - :listener_require_ssl => 'yes', - :router_mode => 'interior', - :extra_listeners => [{'sslProfile' => 'Router.node3.example.com', - 'host' => '0.0.0.0', - 'port' => '31460', - 'role' => 'inter-router'}], - :connectors => [ - {"sslProfile" => "Router.node3.example.com", - "host" => "node1.example.com", - "role" => "inter-router", - "port" => "31460"}, - {"sslProfile" => "Router.node3.example.com", - "host" => "node2.example.com", - "role" => "inter-router", - "port" => "31460"}], - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::qdr' - end - end -end diff --git a/spec/classes/tripleo_profile_base_snmp_spec.rb b/spec/classes/tripleo_profile_base_snmp_spec.rb deleted file mode 100644 index 11cafa314..000000000 --- a/spec/classes/tripleo_profile_base_snmp_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::snmp' do - - shared_examples_for 'tripleo::profile::base::snmp' do - context 'with default configuration' do - let :params do - { - :snmpd_user => 'ro_snmp_user', - :snmpd_password => 'snmppass', - :step => 4, - } - end - - it 'should configure snmpd' do - is_expected.to contain_class('snmp').with( - :snmpd_config => [ - 'createUser ro_snmp_user MD5 "snmppass"', - 'rouser ro_snmp_user', - 'proc cron', - 'includeAllDisks 10%', - 'master agentx', - 'iquerySecName internalUser', - 'rouser internalUser', - 'defaultMonitors yes', - 'linkUpDownNotifications yes', - ] - ) - end - end - context 'with default configuration and SHA' do - let :params do - { - :snmpd_user => 'ro_snmp_user', - :snmpd_password => 'snmppass', - :snmpd_auth_type => 'SHA', - :step => 4, - } - end - - it 'should configure snmpd with SHA' do - is_expected.to contain_class('snmp').with( - :snmpd_config => [ - 'createUser ro_snmp_user SHA "snmppass"', - 'rouser ro_snmp_user', - 'proc cron', - 'includeAllDisks 10%', - 'master agentx', - 'iquerySecName internalUser', - 'rouser internalUser', - 'defaultMonitors yes', - 'linkUpDownNotifications yes', - ] - ) - end - end - context 'with snmpd_config setting' do - let :params do - { - :snmpd_user => 'ro_snmp_user', - :snmpd_password => 'snmppass', - :snmpd_config => [ - 'createUser ro_snmp_user MD5 "snmppass"', - 'rouser ro_snmp_user', - 'proc neutron-server', - ], - :step => 4, - } - end - - it 'should configure snmpd with custom parameters' do - is_expected.to contain_class('snmp').with( - :snmpd_config => [ - 'createUser ro_snmp_user MD5 "snmppass"', - 'rouser ro_snmp_user', - 'proc neutron-server', - ] - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) { - facts - } - - it_behaves_like 'tripleo::profile::base::snmp' - end - end -end diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb deleted file mode 100644 index ae00bc30b..000000000 --- a/spec/classes/tripleo_profile_base_sshd_spec.rb +++ /dev/null @@ -1,188 +0,0 @@ -# Copyright 2017 Red Hat, Inc. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for tripleo::profile::base::sshd -# - -require 'spec_helper' - -describe 'tripleo::profile::base::sshd' do - - shared_examples_for 'tripleo::profile::base::sshd' do - - context 'with defaults' do - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'Port' => [22], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - - context 'with all parameters configured' do - let(:params) {{ - :listen => '192.0.2.1', - :port => 123, - :password_authentication => 'yes' - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'ListenAddress' => ['192.0.2.1'], - 'Port' => [123], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'yes', - }, - 'client_options' => {}, - }) - end - end - - context 'with listen configured and listen option' do - let(:params) {{ - :listen => ['192.0.2.1'], - :options => { 'ListenAddress' => ['192.0.2.2'] } - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'ListenAddress' => ['192.0.2.2', '192.0.2.1'], - 'Port' => [22], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - - context 'with listen configured and same listen option' do - let(:params) {{ - :listen => ['192.0.2.1'], - :options => { 'ListenAddress' => ['192.0.2.1'] } - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'ListenAddress' => ['192.0.2.1'], - 'Port' => [22], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - - context 'with port configured and port option' do - let(:params) {{ - :port => 123, - :options => { 'Port' => 456 } - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'Port' => [456, 123], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - - context 'with port configured and same port option' do - let(:params) {{ - :port => 123, - :options => { 'Port' => 123 } - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'Port' => [123], - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - - context 'with options configured' do - let(:params) {{ - :options => { 'X11Forwarding' => 'no' } - }} - it do - is_expected.to contain_class('ssh').with({ - 'storeconfigs_enabled' => false, - 'server_options' => { - 'Port' => [22], - 'X11Forwarding' => 'no', - 'HostKey' => [ - '/etc/ssh/ssh_host_rsa_key', - '/etc/ssh/ssh_host_ecdsa_key', - '/etc/ssh/ssh_host_ed25519_key', - ], - 'PasswordAuthentication' => 'no', - }, - 'client_options' => {}, - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let (:facts) { - facts - } - it_behaves_like 'tripleo::profile::base::sshd' - end - end -end diff --git a/spec/classes/tripleo_profile_base_swift_proxy_spec.rb b/spec/classes/tripleo_profile_base_swift_proxy_spec.rb deleted file mode 100644 index fcdc91b7f..000000000 --- a/spec/classes/tripleo_profile_base_swift_proxy_spec.rb +++ /dev/null @@ -1,138 +0,0 @@ -# -# Copyright (C) 2016 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -require 'spec_helper' - -describe 'tripleo::profile::base::swift::proxy' do - - shared_examples_for 'tripleo::profile::base::swift::proxy' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let :pre_condition do - "class { 'swift': - swift_hash_path_prefix => 'foo', - } - include memcached - class { 'swift::proxy': - proxy_local_net_ip => '127.0.0.1', - } - include swift::proxy::tempauth - " - end - - context 'with ipv4 memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '192.168.0.2'], - } } - - it 'configure swift proxy cache with ipv4 ips' do - is_expected.to contain_class('swift::config') - is_expected.to contain_class('swift::proxy') - is_expected.to contain_class('swift::proxy::catch_errors') - is_expected.to contain_class('swift::proxy::gatekeeper') - is_expected.to contain_class('swift::proxy::healthcheck') - is_expected.to contain_class('swift::proxy::proxy_logging') - is_expected.to contain_class('swift::proxy::cache').with({ - :memcache_servers => ['192.168.0.1:11211', '192.168.0.2:11211'] - }) - is_expected.to contain_class('swift::proxy::listing_formats') - is_expected.to contain_class('swift::proxy::ratelimit') - is_expected.to contain_class('swift::proxy::bulk') - is_expected.to contain_class('swift::proxy::tempurl') - is_expected.to contain_class('swift::proxy::formpost') - is_expected.to contain_class('swift::proxy::authtoken') - is_expected.to contain_class('swift::proxy::s3api') - is_expected.to contain_class('swift::proxy::s3token') - is_expected.to contain_class('swift::proxy::keystone') - is_expected.to contain_class('swift::proxy::staticweb') - is_expected.to contain_class('swift::proxy::copy') - is_expected.to contain_class('swift::proxy::container_quotas') - is_expected.to contain_class('swift::proxy::account_quotas') - is_expected.to contain_class('swift::proxy::slo') - is_expected.to contain_class('swift::proxy::dlo') - is_expected.to contain_class('swift::proxy::versioned_writes') - is_expected.to contain_class('swift::proxy::ceilometer') - is_expected.to contain_class('swift::proxy::kms_keymaster') - is_expected.to contain_class('swift::proxy::encryption') - is_expected.to contain_class('swift::keymaster') - is_expected.to_not contain_class('swift::proxy::audit') - end - end - - context 'with ipv6 memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['::1', '::2'], - } } - - it 'configure swift proxy cache with ipv6 ips' do - is_expected.to contain_class('swift::proxy::cache').with({ - :memcache_servers => ['[::1]:11211', '[::2]:11211'] - }) - end - end - - context 'with ipv4, ipv6 and fqdn memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '::2', 'myserver.com'], - } } - - it 'configure swift proxy cache with ips and fqdn' do - is_expected.to contain_class('swift::proxy::cache').with({ - :memcache_servers => ['192.168.0.1:11211', '[::2]:11211', 'myserver.com:11211'] - }) - end - end - - context 'with ceilometer middleware disabled' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '192.168.0.2'], - :ceilometer_enabled => false - } } - - it 'does not configure the ceilometer middleware' do - is_expected.to_not contain_class('swift::proxy::ceilometer') - end - end - - context 'with audit middleware enabled' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '192.168.0.2'], - :audit_enabled => true - } } - - it 'configures audit middleware' do - is_expected.to contain_class('swift::proxy::audit') - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::swift::proxy' - end - end -end diff --git a/spec/classes/tripleo_profile_base_swift_ringbuilder_spec.rb b/spec/classes/tripleo_profile_base_swift_ringbuilder_spec.rb deleted file mode 100644 index e559f54e2..000000000 --- a/spec/classes/tripleo_profile_base_swift_ringbuilder_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2017 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::swift::ringbuilder' do - shared_examples_for 'tripleo::profile::base::swift::ringbuilder' do - - let :pre_condition do - "class { 'swift': - swift_hash_path_prefix => 'foo', - }" - end - - context 'with step 2 and swift_ring_get_tempurl set' do - let(:params) { { - :step => 2, - :replicas => 1, - :swift_ring_get_tempurl=> 'http://something' - } } - - it 'should fetch and extract swift rings' do - is_expected.to contain_exec('fetch_swift_ring_tarball') - is_expected.to contain_exec('extract_swift_ring_tarball') - end - end - - context 'with step 5 and swift_ring_put_tempurl set' do - let(:params) { { - :step => 5, - :replicas => 1, - :swift_ring_put_tempurl=> 'http://something' - } } - - it 'should pack and upload swift rings' do - is_expected.to contain_exec('create_swift_ring_tarball') - is_expected.to contain_exec('upload_swift_ring_tarball') - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::swift::ringbuilder' - end - end -end diff --git a/spec/classes/tripleo_profile_base_swift_spec.rb b/spec/classes/tripleo_profile_base_swift_spec.rb deleted file mode 100644 index e5e0b2ffa..000000000 --- a/spec/classes/tripleo_profile_base_swift_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2020 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -require 'spec_helper' - -describe 'tripleo::profile::base::swift' do - - shared_examples_for 'tripleo::profile::base::swift' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let :pre_condition do - "class { 'swift': - swift_hash_path_prefix => 'foo', - } - include memcached - " - end - - context 'with ipv4 memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '192.168.0.2'], - } } - - it 'configure cache with ipv4 ips' do - is_expected.to contain_class('swift::objectexpirer').with({ - :pipeline => ['catch_errors', 'cache', 'proxy-server'], - :memcache_servers => ['192.168.0.1:11211', '192.168.0.2:11211'] - }) - end - end - - context 'with ipv6 memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['::1', '::2'], - } } - - it 'configure cache with ipv6 ips' do - is_expected.to contain_class('swift::objectexpirer').with({ - :pipeline => ['catch_errors', 'cache', 'proxy-server'], - :memcache_servers => ['[::1]:11211', '[::2]:11211'] - }) - end - end - - context 'with ipv4, ipv6 and fqdn memcache servers' do - let(:params) { { - :step => 4, - :memcache_servers => ['192.168.0.1', '::2', 'myserver.com'], - } } - - it 'configure cache with ips and fqdn' do - is_expected.to contain_class('swift::objectexpirer').with({ - :pipeline => ['catch_errors', 'cache', 'proxy-server'], - :memcache_servers => ['192.168.0.1:11211', '[::2]:11211', 'myserver.com:11211'] - }) - end - end - - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::swift' - end - end -end diff --git a/spec/classes/tripleo_profile_pacemaker_cinder_backup_bundle_spec.rb b/spec/classes/tripleo_profile_pacemaker_cinder_backup_bundle_spec.rb deleted file mode 100644 index addd75c09..000000000 --- a/spec/classes/tripleo_profile_pacemaker_cinder_backup_bundle_spec.rb +++ /dev/null @@ -1,124 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::pacemaker::cinder::backup_bundle' do - shared_examples_for 'tripleo::profile::pacemaker::cinder::backup_bundle' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 2' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::backup') - end - end - - context 'with step 2 on bootstrap node' do - let(:params) { { - :step => 2, - } } - - it 'should create pacemaker properties' do - is_expected.to contain_pacemaker__property('cinder-backup-role-node.example.com') - is_expected.to_not contain_pacemaker__property('cinder-backup-role-c-bak-2') - end - end - - context 'with step 2 not on bootstrap node' do - let(:params) { { - :step => 2, - :bootstrap_node => 'other.example.com', - } } - - it 'should not create pacemaker properties' do - is_expected.to_not contain_pacemaker__property('cinder-backup-role-node.example.com') - is_expected.to_not contain_pacemaker__property('cinder-backup-role-c-bak-2') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :cinder_backup_docker_image => 'c-bak-docker-image', - :log_driver => 'journald', - } } - - context 'with default inputs' do - it 'should create default cinder-backup resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-cinder-backup').with( - :image => 'c-bak-docker-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', - ) - # The default list of storage_maps is rather long, and this - # just does a spot-check of a few key entries. The point is - # to verify the default list is used when the docker_volumes - # input parameter isn't specified. - storage_maps = catalogue.resource( - 'Pacemaker::Resource::Bundle', 'openstack-cinder-backup').send(:parameters)[:storage_maps] - expect(storage_maps).to include('cinder-backup-cfg-files', 'cinder-backup-cfg-data') - end - end - - context 'with docker volumes and environment inputs' do - before :each do - params.merge!({ - :docker_volumes => ['/src/1:/tgt/1', '/src/2:/tgt/2:ro', '/src/3:/tgt/3:ro,z'], - :docker_environment => ['RIGHT=LEFT', 'UP=DOWN'], - :log_driver => 'k8s-file', - :log_file => '/var/log/containers/stdouts/cinder_backup.log' - }) - end - it 'should create custom cinder-backup resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-cinder-backup').with( - :image => 'c-bak-docker-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=k8s-file --log-opt path=/var/log/containers/stdouts/cinder_backup.log -e RIGHT=LEFT -e UP=DOWN', - :storage_maps => { - 'cinder-backup-src-1' => { - 'source-dir' => '/src/1', - 'target-dir' => '/tgt/1', - 'options' => 'rw', - }, - 'cinder-backup-src-2' => { - 'source-dir' => '/src/2', - 'target-dir' => '/tgt/2', - 'options' => 'ro', - }, - 'cinder-backup-src-3' => { - 'source-dir' => '/src/3', - 'target-dir' => '/tgt/3', - 'options' => 'ro,z', - }, - }, - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::pacemaker::cinder::backup_bundle' - end - end -end diff --git a/spec/classes/tripleo_profile_pacemaker_cinder_volume_bundle_spec.rb b/spec/classes/tripleo_profile_pacemaker_cinder_volume_bundle_spec.rb deleted file mode 100644 index 9a47dfdb8..000000000 --- a/spec/classes/tripleo_profile_pacemaker_cinder_volume_bundle_spec.rb +++ /dev/null @@ -1,130 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::pacemaker::cinder::volume_bundle' do - shared_examples_for 'tripleo::profile::pacemaker::cinder::volume_bundle' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - let(:pre_condition) do - # Required to keep tripleo::profile::base::cinder::volume happy. - "class { 'tripleo::profile::base::cinder::volume::iscsi': step => #{params[:step]}, cinder_iscsi_address => ['127.0.0.1'] }" - end - - context 'with step less than 2' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::cinder::volume') - end - end - - context 'with step 2 on bootstrap node' do - let(:params) { { - :step => 2, - } } - - it 'should create pacemaker properties' do - is_expected.to contain_pacemaker__property('cinder-volume-role-node.example.com') - is_expected.to_not contain_pacemaker__property('cinder-volume-role-c-vol-2') - end - end - - context 'with step 2 not on bootstrap node' do - let(:params) { { - :step => 2, - :bootstrap_node => 'other.example.com', - } } - - it 'should not create pacemaker properties' do - is_expected.to_not contain_pacemaker__property('cinder-volume-role-node.example.com') - is_expected.to_not contain_pacemaker__property('cinder-volume-role-c-vol-2') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :cinder_volume_docker_image => 'c-vol-docker-image', - :log_driver => 'journald', - } } - - context 'with default inputs' do - it 'should create default cinder-volume resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-cinder-volume').with( - :image => 'c-vol-docker-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', - ) - # The default list of storage_maps is rather long, and this - # just does a spot-check of a few key entries. The point is - # to verify the default list is used when the docker_volumes - # input parameter isn't specified. - storage_maps = catalogue.resource( - 'Pacemaker::Resource::Bundle', 'openstack-cinder-volume').send(:parameters)[:storage_maps] - expect(storage_maps).to include('cinder-volume-cfg-files', - 'cinder-volume-cfg-data') - end - end - - context 'with docker volumes and environment inputs' do - before :each do - params.merge!({ - :docker_volumes => ['/src/1:/tgt/1', '/src/2:/tgt/2:ro', '/src/3:/tgt/3:ro,z'], - :docker_environment => ['RIGHT=LEFT', 'UP=DOWN'], - :log_driver => 'k8s-file', - :log_file => '/var/log/containers/stdouts/cinder_volume.log' - }) - end - it 'should create custom cinder-volume resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-cinder-volume').with( - :image => 'c-vol-docker-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=k8s-file --log-opt path=/var/log/containers/stdouts/cinder_volume.log -e RIGHT=LEFT -e UP=DOWN', - :storage_maps => { - 'cinder-volume-src-1' => { - 'source-dir' => '/src/1', - 'target-dir' => '/tgt/1', - 'options' => 'rw', - }, - 'cinder-volume-src-2' => { - 'source-dir' => '/src/2', - 'target-dir' => '/tgt/2', - 'options' => 'ro', - }, - 'cinder-volume-src-3' => { - 'source-dir' => '/src/3', - 'target-dir' => '/tgt/3', - 'options' => 'ro,z', - }, - }, - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::pacemaker::cinder::volume_bundle' - end - end -end diff --git a/spec/classes/tripleo_profile_pacemaker_manila_share_bundle_spec.rb b/spec/classes/tripleo_profile_pacemaker_manila_share_bundle_spec.rb deleted file mode 100644 index bc82d2016..000000000 --- a/spec/classes/tripleo_profile_pacemaker_manila_share_bundle_spec.rb +++ /dev/null @@ -1,143 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::pacemaker::manila::share_bundle' do - shared_examples_for 'tripleo::profile::pacemaker::manila::share_bundle' do - before :each do - facts.merge!({ :step => params[:step] }) - end - - context 'with step less than 2' do - let(:params) { { :step => 1 } } - - it 'should do nothing' do - is_expected.to contain_class('tripleo::profile::base::manila::share') - end - end - - context 'with step 2 on bootstrap node' do - let(:params) { { - :step => 2, - } } - - it 'should create pacemaker properties' do - is_expected.to contain_pacemaker__property('manila-share-role-node.example.com') - is_expected.to_not contain_pacemaker__property('manila-share-role-manila-2') - end - end - - context 'with step 2 not on bootstrap node' do - let(:params) { { - :step => 2, - :bootstrap_node => 'other.example.com', - } } - - it 'should not create pacemaker properties' do - is_expected.to_not contain_pacemaker__property('manila-share-role-node.example.com') - is_expected.to_not contain_pacemaker__property('manila-share-role-manila-2') - end - end - - context 'with step 5' do - let(:params) { { - :step => 5, - :manila_share_docker_image => 'manila-share-image', - :log_driver => 'journald', - } } - - context 'with default inputs' do - it 'should create default manila-share resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-manila-share').with( - :image => 'manila-share-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=journald -e KOLLA_CONFIG_STRATEGY=COPY_ALWAYS', - ) - # The default list of storage_maps is rather long, and this - # just does a spot-check of a few key entries. The point is - # to verify the default list is used when the docker_volumes - # input parameter isn't specified. - storage_maps = catalogue.resource( - 'Pacemaker::Resource::Bundle', 'openstack-manila-share').send(:parameters)[:storage_maps] - expect(storage_maps).to include('manila-share-cfg-files', 'manila-share-cfg-data') - # ceph-nfs is disabled by default, so ensure no resources are created. - is_expected.to_not contain_pacemaker__constraint__order('ceph-nfs-then-manila-share') - is_expected.to_not contain_pacemaker__constraint__colocation('openstack-manila-share-with-ceph-nfs') - expect(storage_maps).to_not include('manila-share-dbus-docker', 'manila-share-etc-ganesha') - end - end - - context 'with ceph-nfs enabled' do - before :each do - params.merge!({ - :ceph_nfs_enabled => true, - }) - end - it 'should include ceph-nfs docker volumes and pacemaker constraints' do - is_expected.to contain_pacemaker__constraint__order('ceph-nfs-then-manila-share') - is_expected.to contain_pacemaker__constraint__colocation('openstack-manila-share-with-ceph-nfs') - storage_maps = catalogue.resource( - 'Pacemaker::Resource::Bundle', 'openstack-manila-share').send(:parameters)[:storage_maps] - expect(storage_maps).to include('manila-share-dbus-docker', 'manila-share-etc-ganesha') - end - end - - context 'with docker volumes and environment inputs' do - before :each do - params.merge!({ - :docker_volumes => ['/src/1:/tgt/1', '/src/2:/tgt/2:ro', '/src/3:/tgt/3:ro,z'], - :docker_environment => ['RIGHT=LEFT', 'UP=DOWN'], - :log_driver => 'k8s-file', - :log_file => '/var/log/containers/stdouts/manila_share.log' - }) - end - it 'should create custom manila-share resource bundle' do - is_expected.to contain_pacemaker__resource__bundle('openstack-manila-share').with( - :image => 'manila-share-image', - :options => '--ipc=host --privileged=true --user=root --log-driver=k8s-file --log-opt path=/var/log/containers/stdouts/manila_share.log -e RIGHT=LEFT -e UP=DOWN', - :storage_maps => { - 'manila-share-src-1' => { - 'source-dir' => '/src/1', - 'target-dir' => '/tgt/1', - 'options' => 'rw', - }, - 'manila-share-src-2' => { - 'source-dir' => '/src/2', - 'target-dir' => '/tgt/2', - 'options' => 'ro', - }, - 'manila-share-src-3' => { - 'source-dir' => '/src/3', - 'target-dir' => '/tgt/3', - 'options' => 'ro,z', - }, - }, - ) - end - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::pacemaker::manila::share_bundle' - end - end -end diff --git a/spec/defines/tripleo_haproxy_endpoint_spec.rb b/spec/defines/tripleo_haproxy_endpoint_spec.rb deleted file mode 100644 index 3c04fa79f..000000000 --- a/spec/defines/tripleo_haproxy_endpoint_spec.rb +++ /dev/null @@ -1,114 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::haproxy::endpoint' do - - let(:title) { 'neutron' } - - let :pre_condition do - 'include haproxy' - end - - let :params do { - :public_virtual_ip => '192.168.0.1', - :internal_ip => '10.0.0.1', - :service_port => 9696, - :ip_addresses => ['10.0.0.2', '10.0.0.3', '10.0.0.4'], - :server_names => ['controller1', 'controller2', 'controller3'], - :public_ssl_port => 19696, - :member_options => [ 'check', 'inter 2000', 'rise 2', 'fall 5' ], - :haproxy_listen_bind_param => ['transparent'], - } - end - - shared_examples_for 'tripleo haproxy endpoint' do - context 'with basic parameters to configure neutron binding' do - it 'should configure haproxy' do - is_expected.to contain_haproxy__listen('neutron').with( - :collect_exported => false, - :bind => { "10.0.0.1:9696" => ["transparent"], - "192.168.0.1:9696" => ["transparent"] }, - :options => {'option' => [], - 'timeout client' => '90m', - 'timeout server' => '90m', - }, - ) - end - end - - context 'with dual-stack' do - before :each do - params.merge!({ - :public_virtual_ip => ['fd00:fd00:fd00:2000::14', '192.168.0.1'], - }) - end - it 'should configure haproxy' do - is_expected.to contain_haproxy__listen('neutron').with( - :collect_exported => false, - :bind => { "10.0.0.1:9696" => ["transparent"], - "fd00:fd00:fd00:2000::14:9696" => ["transparent"], - "192.168.0.1:9696" => ["transparent"] }, - ) - end - end - - context 'with userlist' do - before :each do - params.merge!({ - :authorized_userlist => 'starwars', - }) - end - let :pre_condition do - 'include haproxy - ::tripleo::haproxy::userlist {"starwars": users => ["leia password sister"]} - ' - end - it 'should configure an ACL' do - is_expected.to compile.with_all_deps - is_expected.to contain_haproxy__listen('neutron').with( - :options => { - 'option' => [], - 'timeout client' => '90m', - 'timeout server' => '90m', - 'acl' => 'acl Authneutron http_auth(starwars)', - 'http-request' => 'auth realm neutron if !Authneutron', - } - ) - end - end - - context 'with frontend/backend sections' do - before :each do - params.merge!({ - :use_backend_syntax => true, - }) - end - it 'should configure haproxy' do - is_expected.to compile.with_all_deps - is_expected.to contain_haproxy__frontend('neutron').with( - :collect_exported => false, - :bind => { "10.0.0.1:9696" => ["transparent"], - "192.168.0.1:9696" => ["transparent"] }, - :options => {'option' => [], - 'timeout client' => '90m', - 'default_backend' => 'neutron_be', - }, - ) - is_expected.to contain_haproxy__backend('neutron_be').with( - :options => {'option' => [], - 'timeout server' => '90m', - }, - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo haproxy endpoint' - end - end -end diff --git a/spec/defines/tripleo_haproxy_service_endpoints_spec.rb b/spec/defines/tripleo_haproxy_service_endpoints_spec.rb deleted file mode 100644 index c8cb970fe..000000000 --- a/spec/defines/tripleo_haproxy_service_endpoints_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::haproxy::service_endpoints' do - - - let :pre_condition do - 'include haproxy' - end - - shared_examples_for 'tripleo haproxy service_endpoints' do - context 'with basic parameters to configure neutron binding' do - let(:title) { 'dynamic-stuff' } - it 'should compile' do - is_expected.to compile.with_all_deps - end - it 'should configure haproxy' do - is_expected.to contain_tripleo__haproxy__endpoint('neutron') - end - end - context 'with non-existent hiera entry' do - let(:title) { 'non-existent' } - it 'should compile' do - is_expected.to compile.with_all_deps - end - end - context 'with userlist' do - let(:title) {'haproxy-basic-auth'} - it 'should compile' do - is_expected.to compile.with_all_deps - end - it 'should create haproxy endpoint' do - is_expected.to contain_tripleo__haproxy__endpoint('starwars') - end - it 'should create userlist' do - is_expected.to contain_tripleo__haproxy__userlist('starwars') - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo haproxy service_endpoints' - end - end -end diff --git a/spec/defines/tripleo_haproxy_userlist_spec.rb b/spec/defines/tripleo_haproxy_userlist_spec.rb deleted file mode 100644 index c68ecad8f..000000000 --- a/spec/defines/tripleo_haproxy_userlist_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::haproxy::userlist' do - - let(:title) { 'starwars' } - - let :pre_condition do - 'include haproxy' - end - - let :params do { - :groups => [ - 'aldebaran users leia,luke', - 'deathstar users anakin,sith', - ], - :users => [ - 'leia insecure-password sister', - 'luke insecure-password jedi', - 'anakin insecure-password darthvador', - 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', # mkpasswd -m sha-256 darkSideOfTheForce - ], - } - end - - shared_examples_for 'tripleo haproxy userlist' do - context 'with basic parameters to configure neutron binding' do - it 'should compile' do - is_expected.to compile.with_all_deps - end - it 'should configure haproxy' do - is_expected.to contain_haproxy__userlist('starwars').with( - :users => [ - 'leia insecure-password sister', - 'luke insecure-password jedi', - 'anakin insecure-password darthvador', - 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC', - ], - :groups => [ - 'aldebaran users leia,luke', - 'deathstar users anakin,sith', - ] - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo haproxy userlist' - end - end -end diff --git a/spec/defines/tripleo_profile_base_database_mysql_user_spec.rb b/spec/defines/tripleo_profile_base_database_mysql_user_spec.rb deleted file mode 100644 index 4a7731346..000000000 --- a/spec/defines/tripleo_profile_base_database_mysql_user_spec.rb +++ /dev/null @@ -1,43 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::profile::base::database::mysql::user' do - let(:title) { 'barbican' } - - let :pre_condition do - 'include mysql::server' - end - - let :params do { - :password => 'secrete', - :dbname => 'barbican', - :user => 'barbican', - :host => '127.0.0.1', - :charset => 'utf8', - :collate => 'utf8_general_ci' - } - end - - shared_examples_for 'tripleo profile base database mysql user' do - context 'with basic parameters to configure barbican database' do - it 'should configure mysql' do - is_expected.to contain_openstacklib__db__mysql('barbican').with( - :dbname => params[:dbname], - :user => params[:user], - :host => params[:host], - :charset => params[:charset], - :collate => params[:collate], - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo profile base database mysql user' - end - end -end diff --git a/spec/defines/tripleo_profile_base_logging_rsyslog_file_input_spec.rb b/spec/defines/tripleo_profile_base_logging_rsyslog_file_input_spec.rb deleted file mode 100644 index 8c63034af..000000000 --- a/spec/defines/tripleo_profile_base_logging_rsyslog_file_input_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -require 'spec_helper' - -foo_log_conf = <<-EOS -# foobar_foo -input(type="imfile" - file="/path/to/foo.log" - tag="foo" - startmsg.regex="test" -) -EOS -bar_log_conf = <<-EOS -# foobar_bar -input(type="imfile" - file="/path/to/bar.log" - tag="bar" - startmsg.regex="baz" -) -EOS - -describe 'tripleo::profile::base::logging::rsyslog::file_input' do - let(:title) { 'foobar' } - - let :pre_condition do - <<-EOS - include rsyslog - include rsyslog::config -EOS - end - - shared_examples_for 'tripleo::profile::base::logging::rsyslog::file_input' do - context 'with basic parameters to configure rsyslog file inputs' do - let :params do { - 'sources' => [ - {'file' => '/path/to/foo.log', 'tag' => 'foo'}, - {'file' => '/path/to/bar.log', 'tag' => 'bar', 'startmsg.regex' => 'baz'} - ], - 'default_startmsg' => 'test' - } - end - - it 'should configure the given file inputs' do - should contain_concat__fragment('rsyslog::component::input::foobar_foo').with({ - :target => '/etc/rsyslog.d/50_rsyslog.conf', - :content => foo_log_conf, - }) - should contain_concat__fragment('rsyslog::component::input::foobar_bar').with({ - :target => '/etc/rsyslog.d/50_rsyslog.conf', - :content => bar_log_conf, - }) - end - end - - context 'with non-array sources to configure rsyslog file input' do - let :params do { - 'sources' => {'file' => '/path/to/foo.log', 'tag' => 'foo'}, - 'default_startmsg' => 'test' - } - end - - it 'should configure the given file inputs' do - should contain_concat__fragment('rsyslog::component::input::foobar_foo').with({ - :target => '/etc/rsyslog.d/50_rsyslog.conf', - :content => foo_log_conf, - }) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::logging::rsyslog::file_input' - end - end -end diff --git a/spec/defines/tripleo_profile_base_metrics_collectd_sensubility_script_spec.rb b/spec/defines/tripleo_profile_base_metrics_collectd_sensubility_script_spec.rb deleted file mode 100644 index 1c62f3954..000000000 --- a/spec/defines/tripleo_profile_base_metrics_collectd_sensubility_script_spec.rb +++ /dev/null @@ -1,45 +0,0 @@ -require 'spec_helper' - -describe 'tripleo::profile::base::metrics::collectd::sensubility_script' do - let(:title) { 'test' } - - let :params do { - :scriptname => 'test', - :checksum => '227e8f542d95e416462a7f17652da655', - :user => 'collectd', - :group => 'collectd', - :source => 'http://some.uri', - :scriptsdir => '/some/path' - } - end - - shared_examples_for 'tripleo::profile::base::metrics::collectd::sensubility_script' do - context 'with basic parameters' do - it 'should download the script' do - is_expected.to contain_file('/some/path/test').with( - :ensure => 'present', - :owner => 'collectd', - :group => 'collectd', - :mode => '0700', - :source => 'http://some.uri', - :checksum_value => '227e8f542d95e416462a7f17652da655', - ) - - is_expected.to contain_file('/usr/bin/sensubility_test').with( - :ensure => 'link', - :target => '/some/path/test', - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::metrics::collectd::sensubility_script' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb deleted file mode 100644 index c5a601595..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_dibbler_client_spec.rb +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::dibbler_client' do - - let :title do - 'dibbler_client' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::dibbler_client' do - - context 'creates wrapper file for podman' do - let :params do { - :dibbler_process_wrapper => '/usr/local/bin/dibbler-client', - :dibbler_image => 'a_registry/some_container_name:some_tag', - :container_cli => 'podman', - :debug => false, - } - end - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/dibbler-client').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( - /a_registry.some_container_name.some_tag/ - ) - is_expected.to contain_file('/usr/local/bin/dibbler-client').with_content( - /CMD='\/usr\/sbin\/dibbler-client run'/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::dibbler_client' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb deleted file mode 100644 index d8f077eff..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_dnsmasq_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::dnsmasq' do - - let :title do - 'dnsmasq_wrapper' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::dnsmasq' do - - context 'creates wrapper file for podman' do - let(:params) { - { - :dnsmasq_process_wrapper => '/usr/local/bin/dnsmasq', - :dnsmasq_image => 'a_registry/some_container_name:some_tag', - :container_cli => 'podman', - :debug => false, - } - } - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/dnsmasq').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( - /a_registry.some_container_name.some_tag/ - ) - is_expected.to contain_file('/usr/local/bin/dnsmasq').with_content( - /CMD='\/usr\/sbin\/dnsmasq -k'/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::dnsmasq' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb deleted file mode 100644 index 2f737ce38..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_haproxy_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::haproxy' do - - let :title do - 'haproxy_wrapper' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::haproxy' do - - context 'creates wrapper file for podman' do - let(:params) { - { - :haproxy_process_wrapper => '/usr/local/bin/haproxy', - :haproxy_image => 'a_registry/some_container_name:some_tag', - :container_cli => 'podman', - :debug => false, - } - } - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/haproxy').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/haproxy').with_content( - /a_registry.some_container_name.some_tag/ - ) - is_expected.to contain_file('/usr/local/bin/haproxy').with_content( - /^NAME=neutron-haproxy-/ - ) - is_expected.to contain_file('/usr/local/bin/haproxy').with_content( - /.*haproxy -Ds.*haproxy -Ws.*/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::haproxy' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb deleted file mode 100644 index 41a09c7c0..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_spec.rb +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::keepalived' do - - let :title do - 'keepalived_wrapper' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived' do - - context 'creates wrapper file for podman' do - let(:params) { - { - :keepalived_process_wrapper => '/usr/local/bin/keepalived', - :keepalived_image => 'a_registry/some_container_name:some_tag', - :container_cli => 'podman', - :debug => false, - } - } - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/keepalived').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/keepalived').with_content( - /a_registry.some_container_name.some_tag/ - ) - is_expected.to contain_file('/usr/local/bin/keepalived').with_content( - /CMD='\/usr\/sbin\/keepalived -n -l -D'/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb deleted file mode 100644 index e3fe41520..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_keepalived_state_change_spec.rb +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do - - let :title do - 'keepalived_state_change' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' do - - context 'creates wrapper file for podman' do - let(:params) { - { - :keepalived_state_change_wrapper => '/usr/local/bin/keepalived-state-change', - :container_cli => 'podman', - :debug => false, - } - } - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/keepalived-state-change').with_content( - /CMD='\/usr\/bin\/neutron-keepalived-state-change'/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::keepalived_state_change' - end - end -end diff --git a/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb b/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb deleted file mode 100644 index feb9a49f7..000000000 --- a/spec/defines/tripleo_profile_base_neutron_wrappers_radvd_spec.rb +++ /dev/null @@ -1,63 +0,0 @@ -# -# Copyright (C) 2018 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'tripleo::profile::base::neutron::wrappers::radvd' do - - let :title do - 'radvd_wrapper' - end - - shared_examples_for 'tripleo::profile::base::neutron::wrappers::radvd' do - - context 'creates wrapper file for podman' do - let(:params) { - { - :radvd_process_wrapper => '/usr/local/bin/radvd', - :radvd_image => 'a_registry/some_container_name:some_tag', - :container_cli => 'podman', - :debug => false, - } - } - - it 'should generate a wrapper file' do - is_expected.to contain_file('/usr/local/bin/radvd').with( - :mode => '0755' - ) - is_expected.to contain_file('/usr/local/bin/radvd').with_content( - /a_registry.some_container_name.some_tag/ - ) - is_expected.to contain_file('/usr/local/bin/radvd').with_content( - /^NAME=neutron-radvd-/ - ) - is_expected.to contain_file('/usr/local/bin/radvd').with_content( - /CMD='\/usr\/sbin\/radvd -n'/ - ) - end - end - end - - on_supported_os.each do |os, facts| - context "on #{os}" do - let(:facts) do - facts.merge(OSDefaults.get_facts({ :hostname => 'node.example.com' })) - end - - it_behaves_like 'tripleo::profile::base::neutron::wrappers::radvd' - end - end -end diff --git a/spec/fixtures/hiera.yaml b/spec/fixtures/hiera.yaml deleted file mode 100644 index 07bc836ef..000000000 --- a/spec/fixtures/hiera.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -:backends: - - yaml -:yaml: - :datadir: './spec/fixtures/hieradata' -:hierarchy: - - 'step%{::step}' - - 'default' diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml deleted file mode 100644 index 5d775383a..000000000 --- a/spec/fixtures/hieradata/default.yaml +++ /dev/null @@ -1,225 +0,0 @@ ---- -my_hash: - network: '127.0.0.1' -not_hash: string -bootstrap_nodeid: node -# aodh profile required hieradata -aodh_api_bootstrap_node_name: node -aodh::rabbit_password: 'password' -aodh_redis_password: 'password' -aodh::service_credentials::password: 'password' -aodh::db::mysql::password: 'password' -aodh::keystone::authtoken::password: 'password' -# barbican profile required hieradata -barbican_api_bootstrap_node_name: node -barbican::api::rabbit_password: 'password' -barbican::db::mysql::password: 'password' -barbican::keystone::authtoken::password: 'password' -# ceilometer related items -ceilometer_redis_password: 'password' -ceilometer::rabbit_password: 'password' -ceilometer::agent::service_credentials::password: 'password' -# cinder related items -cinder_api_short_bootstrap_node_name: node -cinder_backup_short_bootstrap_node_name: 'node.example.com' -cinder_backup_short_node_names: - - 'node.example.com' - - 'c-bak-2' -cinder_volume_short_bootstrap_node_name: 'node.example.com' -cinder_volume_short_node_names: - - 'node.example.com' - - 'c-vol-2' -cinder::backup::nfs::backup_share: '/mnt/backup' -cinder::backup::s3::backup_s3_endpoint_url: 'http://my.s3.server' -cinder::backup::s3::backup_s3_store_access_key: 1234 -cinder::backup::s3::backup_s3_store_secret_key: 5678 -cinder::rabbit_password: 'password' -cinder::keystone::authtoken::password: 'password' -# cinder backend related items -cinder::backend::dellemc_powerflex::san_login: 'admin' -cinder::backend::dellemc_powerflex::san_password: 'password' -cinder::backend::dellemc_powerflex::san_ip: 'powerflex.example.com' -cinder::backend::dellemc_powerflex::powerflex_storage_pools: 'domain1:pool1,domain2:pool2' -cinder::backend::dellemc_powermax::san_ip: '127.0.0.2' -cinder::backend::dellemc_powermax::san_login: 'Admin' -cinder::backend::dellemc_powermax::san_password: '12345' -cinder::backend::dellemc_powermax::powermax_array: '000123456789' -cinder::backend::dellemc_powermax::powermax_srp: 'SRP_1' -cinder::backend::dellemc_powermax::powermax_port_groups: '[OS-ISCSI-PG]' -cinder::backend::dellemc_powerstore::san_ip: '172.23.8.101' -cinder::backend::dellemc_powerstore::san_login: 'Admin' -cinder::backend::dellemc_powerstore::san_password: '12345' -cinder::backend::dellemc_sc::san_ip: '172.23.8.101' -cinder::backend::dellemc_sc::san_login: 'Admin' -cinder::backend::dellemc_sc::san_password: '12345' -cinder::backend::dellemc_sc::dell_sc_ssn: '64720' -cinder::backend::dellemc_unity::san_ip: '172.23.8.101' -cinder::backend::dellemc_unity::san_login: 'Admin' -cinder::backend::dellemc_unity::san_password: 'password' -cinder::backend::dellemc_unity::storage_protocol: 'iSCSI' -cinder::backend::dellemc_xtremio::san_ip: '127.0.0.2' -cinder::backend::dellemc_xtremio::san_login: 'admin' -cinder::backend::dellemc_xtremio::san_password: 'password' -cinder::backend::dellemc_xtremio::xtremio_cluster_name: 'xtremio' -cinder::backend::emc_vnx::san_ip: '127.0.0.2' -cinder::backend::emc_vnx::san_password: 'password' -cinder::backend::emc_vnx::storage_vnx_pool_names: 'emc-storage-pool' -cinder::backend::ibm_svf::san_ip: '127.0.0.5' -cinder::backend::ibm_svf::san_login: 'ibmsvf' -cinder::backend::ibm_svf::san_password: 'password' -cinder::backend::ibm_svf::storwize_svc_volpool_name: 'svf-pool' -cinder::backend::ibm_svf::storwize_svc_connection_protocol: 'iSCSI' -cinder::backend::netapp::netapp_login: 'netapp' -cinder::backend::netapp::netapp_password: 'password' -cinder::backend::netapp::netapp_server_hostname: '127.0.0.2' -cinder::backend::pure::san_ip: '127.0.0.2' -cinder::backend::pure::pure_api_token: 'abc123def456ghi789' -# designate related items -designate_central_short_bootstrap_node_name: node -designate::keystone::authtoken::password: 'password' -designate::rabbit_password: 'password' -# glance related items -glance_api_short_bootstrap_node_name : node -glance::api::authtoken::password: 'password' -glance::backend::swift::swift_store_user: 'service:glance' -glance::backend::swift::swift_store_key: 'foo' -# gnocchi related items -gnocchi_api_short_bootstrap_node_name: node -gnocchi::keystone::authtoken::password: 'password' -gnocchi::statsd::resource_id: '0a8b55df-f90f-491c-8cb9-7cdecec6fc26' -gnocchi::statsd::flush_delay: 10 -gnocchi::storage::ceph::ceph_username: 'gnocchi' -gnocchi::storage::ceph::ceph_secret: 'password' -gnocchi_redis_password: 'password' - -# ironic related items -ironic::api::authtoken::password: 'password' -ironic_api_short_bootstrap_node_name: node -ironic::inspector::authtoken::password: 'password' -ironic_inspector_short_bootstrap_node_name: node -# haproxy related items -mysql_enabled: true -controller_node_ips: '10.1.0.1,10.1.0.2' -# heat related items -heat_api_short_bootstrap_node_name: node -heat_api_cfn_short_bootstrap_node_name: node -heat_engine_short_bootstrap_node_name: node -heat::keystone::authtoken::password: 'password' -heat::keystone::domain::domain_password: 'password' -heat::engine::auth_encryption_key: 'heat_auth_encryption_key' -# mysql related items -mysql_short_bootstrap_node_name: node -# manila related items -manila::rabbit_password: 'password' -manila::keystone::authtoken::password: 'password' -manila_share_short_bootstrap_node_name: 'node.example.com' -manila_share_short_node_names: - - 'node.example.com' - - 'manila-2' -manila_api_short_bootstrap_node_name: node -# nova related items -nova_api_short_bootstrap_node_name: node -nova_conductor_short_bootstrap_node_name: node -nova_metadata_short_bootstrap_node_name: node -nova_placement_short_bootstrap_node_name: node -nova::rabbit_password: 'password' -nova::keystone::authtoken::password: 'password' -nova::keystone::password: 'password' -nova::network::neutron::password: 'password' -# placement related items -placement_api_short_bootstrap_node_name: node -placement_short_bootstrap_node_name: node -placement::rabbit_password: 'password' -placement::keystone::authtoken::password: 'password' -# memcache related items -memcached_node_names: - - 'controller-1' -memcached::max_memory: 4096 -# octavia related items -octavia_api_short_bootstrap_node_name: node -octavia::keystone::authtoken::password: 'password' -octavia::controller::heartbeat_key: 'key' -octavia::service_auth::password: 'password' -# horizon related -horizon_short_bootstrap_node_name: node -horizon::secret_key: 'secrete' -horizon_node_ips: - - '127.0.0.1' -horizon_node_names: - - 'controller-1' -#Neutron related -neutron::rabbit_password: 'password' -neutron::keystone::authtoken::password: 'password' -neutron::server::notifications::nova::password: 'password' -neutron::server::placement::password: 'password' -# oslo.messaging related -oslo_messaging_rpc_password: 'password' -oslo_messaging_notify_password: 'password' -# Pacemaker related -pacemaker_short_bootstrap_node_name: 'node.example.com' -pacemaker_short_node_names: - - 'node.example.com' -hacluster_pwd: 'password' -pacemaker::resource_defaults::defaults: - test-default: - name: 'requires' - value: 'noop' -# pcmk instance ha -keystone::endpoint::public_url: 'localhost:5000' -keystone::admin_password: 'password' -keystone::admin_token: 'admintoken' -keystone::roles::admin::password: 'password' -tripleo::dynamic_stuff::haproxy_endpoints: - neutron: - public_virtual_ip: '192.168.0.1' - internal_ip: '10.0.0.1' - service_port: 9696 - ip_addresses: ['10.0.0.2', '10.0.0.3', '10.0.0.4'] - server_names: ['controller1', 'controller2', 'controller3'] - public_ssl_port: 19696 - member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ] - haproxy_listen_bind_param: ['transparent'] -tripleo::haproxy::neutron::options: - 'timeout client': '90m' - 'timeout server': '90m' -tripleo::haproxy::neutron::frontend_options: - 'timeout client': '90m' -tripleo::haproxy::neutron::backend_options: - 'timeout server': '90m' - -tripleo::haproxy_basic_auth::haproxy_endpoints: - starwars: - public_virtual_ip: '192.168.0.1' - internal_ip: '10.0.0.1' - service_port: 9696 - ip_addresses: ['10.0.0.2', '10.0.0.3', '10.0.0.4'] - server_names: ['controller1', 'controller2', 'controller3'] - public_ssl_port: 19696 - member_options: [ 'check', 'inter 2000', 'rise 2', 'fall 5' ] - haproxy_listen_bind_param: ['transparent'] - authorized_userlist: 'starwars' -# HAProxy userlists -tripleo::haproxy_basic_auth::haproxy_userlists: - starwars: - groups: - - 'aldebaran users leia,luke' - - 'deathstar users anakin,sith' - users: - - 'leia insecure-password sister' - - 'luke insecure-password jedi' - - 'anakin insecure-password darthvador' - - 'sith password $5$h9LsKUOeCr$UlD62CNEpuZQkGYdBoiFJLsM6TlXluRLBlhEnpjDdaC' -# redis related -redis_short_bootstrap_node_name: node -redis_vip: '127.0.0.1' -redis::bind: '10.0.0.1' -# swift related -swift_proxy_short_bootstrap_node_name: node -swift::keymaster::password: 'password' -swift::proxy::authtoken::password: 'password' -swift::proxy::ceilometer::password: 'password' -swift::proxy::s3token::password: 'password' -# required for metrics::qdr_user -ctlplane: '192.168.24.123' -# required to avoid EPEL repo management when testing collectd::sensubility -collectd::manage_repo: false diff --git a/spec/fixtures/hieradata/step1.yaml b/spec/fixtures/hieradata/step1.yaml deleted file mode 100644 index 795a4a7b4..000000000 --- a/spec/fixtures/hieradata/step1.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -step: 1 diff --git a/spec/fixtures/hieradata/step2.yaml b/spec/fixtures/hieradata/step2.yaml deleted file mode 100644 index 2de2445a1..000000000 --- a/spec/fixtures/hieradata/step2.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -step: 2 -# rsyslog tests -service_names: - - 'horizon' -tripleo_logging_sources_horizon: - - file: '/var/log/horizon/test.log' - tag: 'openstack.horizon.test' - - file: '/var/log/horizon/access.log' - tag: 'openstack.horizon.access' -rsyslog::confdir: /etc/rsyslog.d -rsyslog::target_file: 50_openstack_logs.conf diff --git a/spec/fixtures/hieradata/step3.yaml b/spec/fixtures/hieradata/step3.yaml deleted file mode 100644 index 25b42f7d3..000000000 --- a/spec/fixtures/hieradata/step3.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -step: 3 -tripleo::profile::base::metrics::collectd::sensubility::connection: 'ampq://sensu:sensu@localhost:5672//sensu' -tripleo::profile::base::metrics::collectd::sensubility::subscriptions: - - default - - test -tripleo::profile::base::metrics::collectd::sensubility::checks: - standalone_check: - command: "echo 'foobar'" - interval: 5 diff --git a/spec/fixtures/hieradata/step4.yaml b/spec/fixtures/hieradata/step4.yaml deleted file mode 100644 index c2ac06239..000000000 --- a/spec/fixtures/hieradata/step4.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -step: 4 -cinder::api::default_volume_type: 'tripleo' -# items needed for tripleo::profile::base::cinder::volume -tripleo::profile::base::cinder::volume::iscsi::cinder_iscsi_address: '127.0.0.1' -tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: - - '127.0.0.1' diff --git a/spec/fixtures/hieradata/step5.yaml b/spec/fixtures/hieradata/step5.yaml deleted file mode 100644 index 32c46d56f..000000000 --- a/spec/fixtures/hieradata/step5.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -step: 5 -tripleo::profile::base::cinder::volume::rbd::backend_name: - - 'tripleo_ceph_1' - - 'tripleo_ceph_2' -tripleo::profile::base::cinder::volume::rbd::cinder_rbd_extra_pools: - - 'foo' - - 'bar' -tripleo::profile::base::cinder::volume::rbd::multi_config: - tripleo_ceph_2: - CinderRbdExtraPools: - - 'zap' -cinder::backend::pure::volume_backend_name: - - 'tripleo_pure_1' - - 'tripleo_pure_2' -cinder::backend::dellemc_powermax::volume_backend_name: - - 'tripleo_dellemc_powermax_1' - - 'tripleo_dellemc_powermax_2' -cinder::backend::dellemc_powerstore::volume_backend_name: - - 'tripleo_dellemc_powerstore_1' - - 'tripleo_dellemc_powerstore_2' -cinder::backend::dellemc_sc::volume_backend_name: - - 'tripleo_dellemc_sc_1' - - 'tripleo_dellemc_sc_2' -cinder::backend::dellemc_unity::volume_backend_name: - - 'tripleo_dellemc_unity_1' - - 'tripleo_dellemc_unity_2' -cinder::backend::emc_vnx::volume_backend_name: - - 'tripleo_dellemc_vnx_1' - - 'tripleo_dellemc_vnx_2' -cinder::backend::dellemc_xtremio::volume_backend_name: - - 'tripleo_dellemc_xtremio_1' - - 'tripleo_dellemc_xtremio_2' -cinder::backend::ibm_svf::volume_backend_name: - - 'tripleo_ibm_svf_1' - - 'tripleo_ibm_svf_2' -cinder::backend::netapp::volume_backend_name: - - 'tripleo_netapp_1' - - 'tripleo_netapp_2' -tripleo::profile::base::cinder::volume::netapp::multi_config: - tripleo_netapp_2: - CinderNetappNfsSharesConfig: '/etc/cinder/shares_2.conf' -tripleo::profile::base::cinder::volume::nfs::backend_name: - - 'tripleo_nfs_1' - - 'tripleo_nfs_2' -tripleo::profile::base::cinder::volume::nfs::cinder_nfs_servers: - - '127.0.0.1' -tripleo::profile::base::cinder::volume::nfs::multi_config: - tripleo_nfs_2: - CinderNfsSharesConfig: '/etc/cinder/shares-nfs_2.conf' diff --git a/spec/fixtures/hieradata/step6.yaml b/spec/fixtures/hieradata/step6.yaml deleted file mode 100644 index 08ba54d10..000000000 --- a/spec/fixtures/hieradata/step6.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -step: 6 diff --git a/spec/functions/docker_volumes_to_storage_maps_spec.rb b/spec/functions/docker_volumes_to_storage_maps_spec.rb deleted file mode 100644 index 1a1a02e5a..000000000 --- a/spec/functions/docker_volumes_to_storage_maps_spec.rb +++ /dev/null @@ -1,19 +0,0 @@ -require 'spec_helper' - -describe 'docker_volumes_to_storage_maps' do - it { - should run.with_params(["/src/vol1:/tgt/vol1", "/src/vol2:/tgt/vol2:ro"], "my-prefix") - .and_return({ - "my-prefix-src-vol1" => { - "source-dir" => "/src/vol1", - "target-dir" => "/tgt/vol1", - "options" => "rw", - }, - "my-prefix-src-vol2" => { - "source-dir" => "/src/vol2", - "target-dir" => "/tgt/vol2", - "options" => "ro", - } - }) - } -end diff --git a/spec/functions/ip_to_erl_format_spec.rb b/spec/functions/ip_to_erl_format_spec.rb deleted file mode 100644 index b58716487..000000000 --- a/spec/functions/ip_to_erl_format_spec.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'spec_helper' -require 'puppet' - -describe 'ip_to_erl_format' do - it { should run.with_params('192.168.2.1').and_return('{192,168,2,1}') } - it { should run.with_params('0.0.0.0').and_return('{0,0,0,0}') } - it { should run.with_params('5a40:79cf:8251:5dc5:1624:3c03:3c04:9ba8').and_return('{23104,31183,33361,24005,5668,15363,15364,39848}') } - it { should run.with_params('fe80::204:acff:fe17:bf38').and_return('{65152,0,0,0,516,44287,65047,48952}') } - it { should run.with_params('::1:2').and_return('{0,0,0,0,0,0,1,2}') } - it { should run.with_params('192.256.0.0').and_raise_error(IPAddr::InvalidAddressError) } -end diff --git a/spec/functions/list_to_hash_spec.rb b/spec/functions/list_to_hash_spec.rb deleted file mode 100644 index 4225006ab..000000000 --- a/spec/functions/list_to_hash_spec.rb +++ /dev/null @@ -1,11 +0,0 @@ -require 'spec_helper' - -describe 'list_to_hash' do - it { - should run.with_params(['192.168.0.1:5000', '192.168.0.2:5000'], ['transparent']) - .and_return({ - '192.168.0.1:5000' => ['transparent'], - '192.168.0.2:5000' => ['transparent'], - }) - } -end diff --git a/spec/functions/noop_resource_spec.rb b/spec/functions/noop_resource_spec.rb deleted file mode 100644 index 9bee175e5..000000000 --- a/spec/functions/noop_resource_spec.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'spec_helper' - -describe 'noop_resource' do - it { - should run.with_params('nova_config').and_return(true) - } - context 'noop a puppet resource' do - let (:pre_condition) { - 'noop_resource("file") - file { "bar": path => "/baz" }' - } - it { - expect(-> {catalogue}).to contain_file('bar') - } - end -end diff --git a/spec/functions/tripleo_swift_devices_spec.rb b/spec/functions/tripleo_swift_devices_spec.rb deleted file mode 100644 index 7fb7762e6..000000000 --- a/spec/functions/tripleo_swift_devices_spec.rb +++ /dev/null @@ -1,13 +0,0 @@ -require 'spec_helper' - -describe 'tripleo_swift_devices' do - it { - should run.with_params('r1z1-', ['192.168.1.12', '192.168.1.13'], [':%PORT%/device1', ':%PORT%/device2']) - .and_return([ - 'r1z1-192.168.1.12:%PORT%/device1', - 'r1z1-192.168.1.12:%PORT%/device2', - 'r1z1-192.168.1.13:%PORT%/device1', - 'r1z1-192.168.1.13:%PORT%/device2', - ]) - } -end diff --git a/spec/shared_examples.rb b/spec/shared_examples.rb deleted file mode 100644 index fec0eacc9..000000000 --- a/spec/shared_examples.rb +++ /dev/null @@ -1,5 +0,0 @@ -shared_examples_for "a Puppet::Error" do |description| - it "with message matching #{description.inspect}" do - expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 4fa8cc31b..000000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1,26 +0,0 @@ -# Load libraries from openstacklib here to simulate how they live together in a real puppet run (for provider unit tests) -$LOAD_PATH.push(File.join(File.dirname(__FILE__), 'fixtures', 'modules', 'openstacklib', 'lib')) -require 'puppetlabs_spec_helper/module_spec_helper' -require 'shared_examples' - -require 'puppet-openstack_spec_helper/defaults' -require 'rspec-puppet-facts' -include RspecPuppetFacts - -fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures')) - -RSpec.configure do |c| - c.alias_it_should_behave_like_to :it_configures, 'configures' - c.alias_it_should_behave_like_to :it_raises, 'raises' - - c.hiera_config = File.join(fixture_path, 'hiera.yaml') - c.module_path = File.join(fixture_path, 'modules') - c.manifest_dir = File.join(fixture_path, 'manifests') - - # custom global facts for all rspec tests - add_custom_fact :concat_basedir, '/var/lib/puppet/concat' - # needed for testing Puppet Openstack modules - add_custom_fact :os_service_default, '' -end - -at_exit { RSpec::Puppet::Coverage.report! } diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb deleted file mode 100644 index d51dfdbf6..000000000 --- a/spec/spec_helper_acceptance.rb +++ /dev/null @@ -1 +0,0 @@ -require 'puppet-openstack_spec_helper/litmus_spec_helper' diff --git a/templates/designate/rndc.key.erb b/templates/designate/rndc.key.erb deleted file mode 100644 index ef6da7324..000000000 --- a/templates/designate/rndc.key.erb +++ /dev/null @@ -1,4 +0,0 @@ -key "rndc-key" { - algorithm hmac-sha256; - secret "<%= @rndc_key %>"; -}; diff --git a/templates/logrotate/containers_logrotate.conf.erb b/templates/logrotate/containers_logrotate.conf.erb deleted file mode 100644 index 624318b86..000000000 --- a/templates/logrotate/containers_logrotate.conf.erb +++ /dev/null @@ -1,33 +0,0 @@ -/var/log/containers/*/*log /var/log/containers/*/*/*log /var/log/containers/*/*err { - <%= @rotation %> - rotate <%= @rotate %> - maxage <%= @purge_after_days %> - # minsize 1 is required for GDPR compliance, all files in - # /var/log/containers not managed with logrotate will be purged! - minsize <%= @minsize %> - # Do not use size as it's not compatible with time-based rotation rules - # required for GDPR compliance. - maxsize <%= @maxsize %> - missingok -<%- if @notifempty -%> - notifempty -<%- end -%> -<%- if @copytruncate -%> - copytruncate -<%- end -%> -<%- if @delaycompress -%> - delaycompress -<%- end -%> -<%- if @compress -%> - compress -<%- end -%> -<%- if @dateext -%> - dateext -<%- if @dateformat -%> - dateformat <%= @dateformat %> -<%- end -%> -<%- if @dateyesterday -%> - dateyesterday -<%- end -%> -<%- end -%> -} diff --git a/templates/metrics/collectd-sensubility.conf.epp b/templates/metrics/collectd-sensubility.conf.epp deleted file mode 100644 index 697b787dd..000000000 --- a/templates/metrics/collectd-sensubility.conf.epp +++ /dev/null @@ -1,74 +0,0 @@ -<%- | Optional[String] $log_file, - Optional[String] $log_level, - Optional[String] $connection, - Optional[Array] $subscriptions, - Optional[String] $client_name, - Optional[String] $client_address, - Optional[Integer] $keepalive_interval, - Optional[String] $tmp_base_dir, - Optional[String] $shell_path, - Optional[Integer] $worker_count, - Optional[String] $checks, - Optional[String] $amqp_host, - Optional[Integer] $amqp_port, - Optional[String] $amqp_user, - Optional[String] $amqp_password, - Optional[String] $results_format, - Optional[String] $results_channel, - Variant[Enum['sensu','amqp1']] $transport -| -%> - -[default] -<% unless $log_file =~ Undef { -%> -log_file=<%=$log_file%> -<%- } -%> -<% unless $log_level =~ Undef { -%> -log_level=<%=$log_level%> -<%- } -%> - -[sensu] -<% if $transport == 'sensu' { -%> -<% unless $connection =~ Undef { -%> -connection=<%=$connection%> -<%- } -%> -<% unless $subscriptions =~ Undef { -%> -subscriptions=<%=$subscriptions.join(',')%> -<%- } -%> -<% unless $client_name =~ Undef { -%> -client_name=<%=$client_name%> -<%- } -%> -<% unless $client_address =~ Undef { -%> -client_address=<%=$client_address%> -<%- } -%> -<%- } -%> -<% unless $keepalive_interval =~ Undef { -%> -keepalive_interval=<%=$keepalive_interval%> -<%- } -%> -<% unless $tmp_base_dir =~ Undef { -%> -tmp_base_dir=<%=$tmp_base_dir%> -<%- } -%> -<% unless $shell_path =~ Undef { -%> -shell_path=<%=$shell_path%> -<%- } -%> -<% unless $worker_count =~ Undef { -%> -worker_count=<%=$worker_count%> -<%- } -%> -<% unless $checks =~ Undef { -%> -checks=<%=$checks%> -<%- } -%> - -[amqp1] -<% if $transport == 'amqp1' { -%> -<% unless $client_address =~ Undef and $amqp_port =~ Undef { -%> -connection=amqp://<%=$client_address%>:<%=$amqp_port%> -<%- } -%> -<% unless $results_channel =~ Undef { -%> -results_channel=<%=$results_channel%> -<%- } -%> -<% unless $client_name =~ Undef { -%> -client_name=<%=$client_name%> -<%- } -%> -<% unless $results_format =~ Undef { -%> -results_format=<%=$results_format%> -<%- } -%> -<%- } -%> diff --git a/templates/metrics/libpodstats.conf.epp b/templates/metrics/libpodstats.conf.epp deleted file mode 100644 index 6a2a39592..000000000 --- a/templates/metrics/libpodstats.conf.epp +++ /dev/null @@ -1,4 +0,0 @@ - -LoadPlugin libpodstats - - diff --git a/templates/neutron/dibbler-client.epp b/templates/neutron/dibbler-client.epp deleted file mode 100644 index c952381e4..000000000 --- a/templates/neutron/dibbler-client.epp +++ /dev/null @@ -1,57 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -# we want to "eat" the "start" command given by neutron and run -# this in the foreground. -shift -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETNS=$(ip netns identify) -NAME=neutron-dibbler-${NETNS} -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -CMD='/usr/sbin/dibbler-client run' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> -LIST=$($CLI ps -a --filter name=neutron-dibbler- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') - -# Find orphaned containers left for dead after its main process terminated by neutron parent process -# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 -ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") -if [ -n "${ORPHANTS}" ]; then - for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do - echo "Removing orphaned container ${orphant}" - $CLI stop ${orphant} || true - $CLI rm -f ${orphant} || true - done -fi - -# If the NAME is already taken by a container, give it an unique name -printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" -echo "Starting a new child container ${NAME}" -$CLI run --detach ${LOGGING} \ - -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron:shared \ - -v /dev/log:/dev/log \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - $CMD $ARGS diff --git a/templates/neutron/dnsmasq.epp b/templates/neutron/dnsmasq.epp deleted file mode 100644 index 3961842d0..000000000 --- a/templates/neutron/dnsmasq.epp +++ /dev/null @@ -1,54 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETNS=$(ip netns identify) -NAME=neutron-dnsmasq-${NETNS} -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -CMD='/usr/sbin/dnsmasq -k' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> -LIST=$($CLI ps -a --filter name=neutron-dnsmasq- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') - -# Find orphaned containers left for dead after its main process terminated by neutron parent process -# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 -ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") -if [ -n "${ORPHANTS}" ]; then - for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do - echo "Removing orphaned container ${orphant}" - $CLI stop ${orphant} || true - $CLI rm -f ${orphant} || true - done -fi - -# If the NAME is already taken by a container, give it an unique name -printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" -echo "Starting a new child container ${NAME}" -$CLI run --detach ${LOGGING} \ - -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron:shared \ - -v /dev/log:/dev/log \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - $CMD $ARGS diff --git a/templates/neutron/haproxy.epp b/templates/neutron/haproxy.epp deleted file mode 100644 index cd5473a8f..000000000 --- a/templates/neutron/haproxy.epp +++ /dev/null @@ -1,55 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETNS=$(ip netns identify) -NAME=neutron-haproxy-${NETNS} -HAPROXY_CMD='$(if [ -f /usr/sbin/haproxy-systemd-wrapper ]; then echo "/usr/sbin/haproxy -Ds"; else echo "/usr/sbin/haproxy -Ws"; fi)' -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -CMD='$HAPROXY' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> -LIST=$($CLI ps -a --filter name=neutron-haproxy- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') - -# Find orphaned containers left for dead after its main process terminated by neutron parent process -# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 -ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") -if [ -n "${ORPHANTS}" ]; then - for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do - echo "Removing orphaned container ${orphant}" - $CLI stop ${orphant} || true - $CLI rm -f ${orphant} || true - done -fi - -# If the NAME is already taken by a container, give it an unique name -printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" -echo "Starting a new child container ${NAME}" -$CLI run --detach ${LOGGING} \ - -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron:shared \ - -v /dev/log:/dev/log \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - /bin/bash -c "HAPROXY=\"$HAPROXY_CMD\"; exec $CMD $ARGS" diff --git a/templates/neutron/keepalived.epp b/templates/neutron/keepalived.epp deleted file mode 100644 index 0cfcd225d..000000000 --- a/templates/neutron/keepalived.epp +++ /dev/null @@ -1,56 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETNS=$(ip netns identify) -NAME=neutron-keepalived-${NETNS} -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -CMD='/usr/sbin/keepalived -n -l -D' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> -LIST=$($CLI ps -a --filter name=neutron-keepalived- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') - -# Find orphaned containers left for dead after its main process terminated by neutron parent process -# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 -ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") -if [ -n "${ORPHANTS}" ]; then - for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do - echo "Removing orphaned container ${orphant}" - $CLI stop ${orphant} || true - $CLI rm -f ${orphant} || true - done -fi - -# If the NAME is already taken by a container, give it an unique name -printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" -echo "Starting a new child container ${NAME}" -$CLI run --detach ${LOGGING} \ - -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /lib/modules:/lib/modules:ro \ - -v /sbin/modprobe:/sbin/modprobe:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron:shared \ - -v /dev/log:/dev/log \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - $CMD $ARGS diff --git a/templates/neutron/neutron-keepalived-state-change.epp b/templates/neutron/neutron-keepalived-state-change.epp deleted file mode 100644 index 487cb4a3d..000000000 --- a/templates/neutron/neutron-keepalived-state-change.epp +++ /dev/null @@ -1,40 +0,0 @@ -<%- | Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETNS=$(ip netns identify) -NAME=neutron-keepalived-${NETNS} -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman exec" -CMD='/usr/bin/neutron-keepalived-state-change' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> - -# The state change daemon only runs as a daemon for the moment so we need to -# run it within an existing container with a sensibly matching lifetime. The -# related keepalived container seems an obvious choice. - -container_id=$($CLI ps --filter name=$NAME --format "{{.ID}}") - -if [[ -z $container_id ]]; -then - echo "WARNING: keepalived container is not running." - exit 0 -fi - -$CLI -u root \ - --privileged \ - $NAME \ - $CMD $ARGS diff --git a/templates/neutron/radvd.epp b/templates/neutron/radvd.epp deleted file mode 100644 index 868ddb745..000000000 --- a/templates/neutron/radvd.epp +++ /dev/null @@ -1,54 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug, - String $container_cli = '' -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } -%> - -ARGS="$@" - -# Extract the network namespace UUID from the command line args provided by -# neutron. Typically of the form (with dnsmasq as an example): -# -# dnsmasq --no-hosts --no-resolv --except-interface=lo \ -# --pid-file=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/pid \ -# --dhcp-hostsfile=/var/lib/neutron/dhcp/317716b8-919a-4a6f-8db1-78128ec3b100/host ... -NETWORK_ID=$(echo $ARGS| awk '{if (match($0, /(\w{8}-\w{4}-\w{4}-\w{4}-\w{12})/,m)) print m[0] }') -NAME=neutron-radvd-${NETWORK_ID} -<%- if $container_cli == 'podman' { -%> -CLI="nsenter --net=/run/netns/${NETNS} --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -CMD='/usr/sbin/radvd -n' -<%- } else { -%> -CLI='echo noop' -CMD='echo noop' -<%- } -%> -LIST=$($CLI ps -a --filter name=neutron-radvd- --format '{{.ID}}:{{.Names}}:{{.Status}}' | awk '{print $1}') - -# Find orphaned containers left for dead after its main process terminated by neutron parent process -# FIXME(cjeanner): https://github.com/containers/libpod/issues/1703 -ORPHANTS=$(printf "%s\n" "${LIST}" | grep -E ":(Exited|Created)") -if [ -n "${ORPHANTS}" ]; then - for orphant in $(printf "%s\n" "${ORPHANTS}" | awk -F':' '{print $1}'); do - echo "Removing orphaned container ${orphant}" - $CLI stop ${orphant} || true - $CLI rm -f ${orphant} || true - done -fi - -# If the NAME is already taken by a container, give it an unique name -printf "%s\n" "${LIST}" | grep -q "${NAME}$" && NAME="${NAME}-$(date +%Y-%m-%d-%H%M%S-%N)" -echo "Starting a new child container ${NAME}" -$CLI run --detach ${LOGGING} \ - -v /var/lib/config-data/puppet-generated/neutron/etc/neutron:/etc/neutron:ro \ - -v /run/netns:/run/netns:shared \ - -v /var/lib/neutron:/var/lib/neutron:shared \ - -v /dev/log:/dev/log \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - $CMD $ARGS diff --git a/templates/nova/virtlogd.epp b/templates/nova/virtlogd.epp deleted file mode 100644 index f38276f08..000000000 --- a/templates/nova/virtlogd.epp +++ /dev/null @@ -1,53 +0,0 @@ -<%- | String $image_name = '', - Boolean $debug -| -%> -#!/bin/bash -<%- if $debug { -%>set -x<%- } %> -ARGS="$@" -NAME=nova_virtlogd -CMD='/usr/sbin/virtlogd --config /etc/libvirt/virtlogd.conf' -CLI="nsenter --preserve-credentials -m -t 1 podman" -LOGGING="--log-driver k8s-file --log-opt path=/var/log/containers/stdouts/${NAME}.log" -VIRTLOGD_CONTAINER=$(${CLI} ps -a --filter name="^${NAME}$" --format '{{.ID}}:{{.Status}}') - -CONTAINER_ID=$(echo $VIRTLOGD_CONTAINER | awk -F: '{print $1}') -CONTAINER_STATUS=$(echo $VIRTLOGD_CONTAINER | awk -F: '{print $2}') -CONTAINER_STATUS_SHORT=$(echo $CONTAINER_STATUS | awk '{print $1}' | tr '[A-Z]' '[a-z]' ) - -case ${CONTAINER_STATUS_SHORT} in - up) - echo "Container ${NAME} with id ${CONTAINER_ID} is already running!" - ;; - exited| created) - echo "Removing orphaned ${NAME} container ${CONTAINER_ID}" - $CLI stop ${CONTAINER_ID} || true - $CLI rm -f ${CONTAINER_ID} || true - ;& - *) - echo "Starting a new child container ${NAME}" - $CLI run --rm --detach ${LOGGING} \ - -v /etc/hosts:/etc/hosts:ro \ - -v /etc/localtime:/etc/localtime:ro \ - -v /var/lib/config-data/nova_libvirt/etc/libvirt:/etc/libvirt:ro \ - -v /lib/modules:/lib/modules:ro \ - -v /dev/log:/dev/log \ - -v /run:/run \ - -v /sys/fs/cgroup:/sys/fs/cgroup \ - -v /run/libvirt:/run/libvirt:shared \ - -v /var/lib/libvirt:/var/lib/libvirt \ - -v /var/log/containers/libvirt:/var/log/libvirt:shared,z \ - -v /var/log/containers/libvirt:/var/log/swtpm/libvirt:shared,z \ - -v /var/lib/nova:/var/lib/nova:shared \ - --net host \ - --pid host \ - --cgroupns host \ - --privileged \ - -u root \ - --name $NAME \ - <%=$image_name%> \ - $CMD $ARGS - ;; - -esac - -sleep infinity diff --git a/templates/rabbitmq/ssl-dist.conf.erb b/templates/rabbitmq/ssl-dist.conf.erb deleted file mode 100644 index feb0c1217..000000000 --- a/templates/rabbitmq/ssl-dist.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -% This file managed by Puppet -% Template Path: <%= @module_name %>/templates/rabbitmq/ssl-dist.conf -[{server, - [{certfile, "<%= @tls_certfile %>"}, - {keyfile, "<%= @tls_keyfile %>"}, - {cacertfile, "<%= @rabbitmq_cacert %>"}, - {verify, <%= @verify_server_peer %>}, -<%- if @inter_node_ciphers and @inter_node_ciphers != '' -%> - {server_ciphers, "<%= @inter_node_ciphers %>"}, -<%- end -%> - {versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]}, - {secure_renegotiate, true} - ]}, - {client, - [{cacertfile, "<%= @rabbitmq_cacert %>"}, - {verify, <%= @verify_client_peer %>}, - {secure_renegotiate, true}, - {versions, [<%= @ssl_versions.sort.map { |v| "'#{v}'" }.join(', ') %>]} - ]} -]. -% EOF diff --git a/templates/rsyslog_sidecar/rsyslog.conf.erb b/templates/rsyslog_sidecar/rsyslog.conf.erb deleted file mode 100644 index f8f2025da..000000000 --- a/templates/rsyslog_sidecar/rsyslog.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -module(load="imuxsock" syssock.Use="off") - -input(type="imuxsock" socket="<%= @socket_path %>") - -template(name="messageonly" type="string" string="%msg%\n") - -action(type="omfile" file="/dev/stdout" template="messageonly") diff --git a/templates/stunnel/foreground.erb b/templates/stunnel/foreground.erb deleted file mode 100644 index 8b09f4c4d..000000000 --- a/templates/stunnel/foreground.erb +++ /dev/null @@ -1,2 +0,0 @@ -foreground = <%= @foreground %> -debug = <%= @debug %> diff --git a/templates/stunnel/service.erb b/templates/stunnel/service.erb deleted file mode 100644 index 63f298c50..000000000 --- a/templates/stunnel/service.erb +++ /dev/null @@ -1,7 +0,0 @@ -[<%= @name %>] -client = <%= @client %> -accept=<%= @accept_host %>:<%= @accept_port %> -connect=<%= @connect_host %>:<%= @connect_port %> -cert=<%= @certificate %> -key=<%= @key %> -sslVersion = <%= @ssl_version %> diff --git a/tox.ini b/tox.ini deleted file mode 100644 index 84eef706f..000000000 --- a/tox.ini +++ /dev/null @@ -1,12 +0,0 @@ -[tox] -minversion = 2.0 -skipsdist = True -envlist = releasenotes - -[testenv] -install_command = pip install -c{env:TOX_CONSTRAINTS_FILE:https://git.openstack.org/cgit/openstack/requirements/plain/upper-constraints.txt} {opts} {packages} - -[testenv:releasenotes] -basepython = python3 -deps = -r{toxinidir}/doc/requirements.txt -commands = sphinx-build -a -E -W -d releasenotes/build/doctrees -b html releasenotes/source releasenotes/build/html diff --git a/zuul.d/layout.yaml b/zuul.d/layout.yaml deleted file mode 100644 index 84a0ec8a8..000000000 --- a/zuul.d/layout.yaml +++ /dev/null @@ -1,33 +0,0 @@ -- project: - queue: tripleo - templates: - - puppet-openstack-check-jobs - - puppet-openstack-module-unit-jobs - - tripleo-undercloud-jobs-pipeline - - tripleo-multinode-container-minimal-pipeline - - release-notes-jobs-python3 - - tripleo-standalone-scenarios-pipeline - - tripleo-standalone-multinode-ipa-pipeline - - tripleo-upgrades-master-pipeline - check: - jobs: - - tripleo-ci-centos-9-content-provider - - tripleo-ci-centos-9-scenario007-multinode-oooq-container: - vars: &multi_consumer_vars - consumer_job: true - build_container_images: false - remove_tags: - - build - dependencies: &deps_cprovider - - tripleo-ci-centos-9-content-provider - files: - - ^manifests/profile/pacemaker/ovn.*$ - - ^manifests/profile/(base|pacemaker)/neutron/plugins/ml2/ovn.*$ - - ^manifests/profile/(base|pacemaker)/neutron/agents/ovn.*$ - - ^manifests/profile/(base|pacemaker)/neutron/ovn.*$ - - puppet-openstack-lint-ubuntu-jammy: - voting: false - gate: - jobs: - - puppet-openstack-lint-ubuntu-jammy: - voting: false