diff --git a/deployment_scripts/puppet/manifests/midonet-cleanup-masquerade.pp b/deployment_scripts/puppet/manifests/midonet-cleanup-masquerade.pp index 233b9b0..217cf1b 100644 --- a/deployment_scripts/puppet/manifests/midonet-cleanup-masquerade.pp +++ b/deployment_scripts/puppet/manifests/midonet-cleanup-masquerade.pp @@ -14,7 +14,6 @@ if($old_config != 'notfound') $access_data = $old_config['access'] $keystone_admin_tenant = $access_data['tenant'] $net_metadata = $old_config['network_metadata'] - $node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = $old_config['quantum_settings'] $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-cleanup-static.pp b/deployment_scripts/puppet/manifests/midonet-cleanup-static.pp index ac0bc1f..20489b2 100644 --- a/deployment_scripts/puppet/manifests/midonet-cleanup-static.pp +++ b/deployment_scripts/puppet/manifests/midonet-cleanup-static.pp @@ -14,7 +14,6 @@ if($old_config != 'notfound') $access_data = $old_config['access'] $keystone_admin_tenant = $access_data['tenant'] $net_metadata = $old_config['network_metadata'] - $node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = $old_config['quantum_settings'] $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static-per-host.pp b/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static-per-host.pp index cba4e1c..08fb0dd 100644 --- a/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static-per-host.pp +++ b/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static-per-host.pp @@ -19,7 +19,6 @@ include ::stdlib $access_data = hiera_hash('access') $keystone_admin_tenant = $access_data['tenant'] $net_metadata = hiera_hash('network_metadata') -$node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = hiera('neutron_config') $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static.pp b/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static.pp index 847080f..5977474 100644 --- a/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static.pp +++ b/deployment_scripts/puppet/manifests/midonet-edge-router-setup-static.pp @@ -17,8 +17,6 @@ include ::stdlib # Extract data from hiera $access_data = hiera_hash('access') $keystone_admin_tenant = $access_data['tenant'] -$net_metadata = hiera_hash('network_metadata') -$node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = hiera('neutron_config') $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-edge-router-setup.pp b/deployment_scripts/puppet/manifests/midonet-edge-router-setup.pp index 2d3d0f4..6b6c87f 100644 --- a/deployment_scripts/puppet/manifests/midonet-edge-router-setup.pp +++ b/deployment_scripts/puppet/manifests/midonet-edge-router-setup.pp @@ -16,8 +16,6 @@ notice('MODULAR: midonet-edge-router-setup.pp') # Extract data from hiera $access_data = hiera_hash('access') $keystone_admin_tenant = $access_data['tenant'] -$net_metadata = hiera_hash('network_metadata') -$node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = hiera('neutron_config') $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-horizon-lb-firewall.pp b/deployment_scripts/puppet/manifests/midonet-horizon-lb-firewall.pp new file mode 100644 index 0000000..a787602 --- /dev/null +++ b/deployment_scripts/puppet/manifests/midonet-horizon-lb-firewall.pp @@ -0,0 +1,35 @@ +# Copyright 2016 Midokura, SARL. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +notice('MODULAR: midonet-horizon-lb-firewall.pp') +include ::stdlib + +service { 'apache2': + ensure => running, + enable => true, + hasrestart => true, + hasstatus => true, +} + +file_line { 'firewall enable horizon': + path => '/etc/openstack-dashboard/local_settings.py', + line => " 'enable_firewall': True,", + match => '^\ \ \ \ \'enable_firewall.*$', +} -> + +file_line { 'lb enable horizon': + path => '/etc/openstack-dashboard/local_settings.py', + line => " 'enable_lb': True,", + match => '^\ \ \ \ \'enable_lb.*$', + notify => Service['apache2'] +} diff --git a/deployment_scripts/puppet/manifests/midonet-install-cluster.pp b/deployment_scripts/puppet/manifests/midonet-install-cluster.pp index 8d17c0b..5556694 100644 --- a/deployment_scripts/puppet/manifests/midonet-install-cluster.pp +++ b/deployment_scripts/puppet/manifests/midonet-install-cluster.pp @@ -12,10 +12,8 @@ # License for the specific language governing permissions and limitations # under the License. notice('MODULAR: midonet-install-cluster.pp') - # Extract data from hiera $ssl_hash = hiera_hash('use_ssl', {}) - $midonet_settings = hiera('midonet') $net_metadata = hiera_hash('network_metadata') $controllers_map = get_nodes_hash_by_roles($net_metadata, ['controller', 'primary-controller']) @@ -33,14 +31,11 @@ $mem = $midonet_settings['mem'] $admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') $metadata_hash = hiera_hash('quantum_settings', {}) $metadata_secret = pick($metadata_hash['metadata']['metadata_proxy_shared_secret'], 'root') - $ana_hash = get_nodes_hash_by_roles($net_metadata, ['midonet-analytics']) $ana_mgmt_ip_hash = get_node_to_ipaddr_map_by_network_role($ana_hash, 'management') $ana_mgmt_ip_list = values($ana_mgmt_ip_hash) $ana_keys = keys($ana_hash) - $ana_mgmt_ip = empty($ana_keys)? {true => $public_vip , default => $ana_mgmt_ip_list[0] } - $insights = $midonet_settings['mem_insights'] include ::stdlib @@ -59,18 +54,15 @@ class {'::midonet::cluster': max_heap_size => '2048M', heap_newsize => '1024M' } - # HA proxy configuration Haproxy::Service { use_include => true } Haproxy::Balancermember { use_include => true } - Openstack::Ha::Haproxy_service { server_names => keys($controllers_mgmt_ips), ipaddresses => values($controllers_mgmt_ips), public_virtual_ip => $public_vip, - internal_virtual_ip => $management_vip + internal_virtual_ip => $management_vip, } - openstack::ha::haproxy_service { 'midonetcluster': order => 199, listen_port => 8181, @@ -84,7 +76,6 @@ openstack::ha::haproxy_service { 'midonetcluster': }, balancermember_options => 'check', } - exec { 'haproxy reload': command => 'export OCF_ROOT="/usr/lib/ocf"; (ip netns list | grep haproxy) && ip netns exec haproxy /usr/lib/ocf/resource.d/fuel/ns_haproxy reload', path => '/usr/bin:/usr/sbin:/bin:/sbin', @@ -94,12 +85,9 @@ exec { 'haproxy reload': try_sleep => 10, returns => [0, ''], } - Haproxy::Listen <||> -> Exec['haproxy reload'] Haproxy::Balancermember <||> -> Exec['haproxy reload'] - class { 'firewall': } - firewall {'502 Midonet cluster': port => '8181', proto => 'tcp', diff --git a/deployment_scripts/puppet/manifests/midonet-install-mem.pp b/deployment_scripts/puppet/manifests/midonet-install-mem.pp index d7d5cc1..6297e71 100644 --- a/deployment_scripts/puppet/manifests/midonet-install-mem.pp +++ b/deployment_scripts/puppet/manifests/midonet-install-mem.pp @@ -13,10 +13,8 @@ # under the License. notice('MODULAR: midonet-install-mem.pp') include ::stdlib - # Extract data from hiera $ssl_hash = hiera_hash('use_ssl', {}) - $midonet_settings = hiera('midonet') $net_metadata = hiera_hash('network_metadata') $controllers_map = get_nodes_hash_by_roles($net_metadata, ['controller', 'primary-controller']) @@ -34,27 +32,19 @@ $mem = $midonet_settings['mem'] $admin_identity_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') $metadata_hash = hiera_hash('quantum_settings', {}) $metadata_secret = pick($metadata_hash['metadata']['metadata_proxy_shared_secret'], 'root') - $ana_hash = get_nodes_hash_by_roles($net_metadata, ['midonet-analytics']) $ana_mgmt_ip_hash = get_node_to_ipaddr_map_by_network_role($ana_hash, 'management') $ana_mgmt_ip_list = values($ana_mgmt_ip_hash) $ana_keys = keys($ana_hash) - $ana_mgmt_ip = empty($ana_keys)? {true => $public_vip , default => $ana_mgmt_ip_list[0] } - - -$public_ssl = hiera_hash('public_ssl') -$ssl_horizon = $public_ssl['horizon'] - +$ssl_horizon = $public_ssl_hash['horizon'] $is_insights = $midonet_settings['mem_insights'] - service { 'apache2': ensure => running, enable => true, hasrestart => true, hasstatus => true, } - #Add MEM manager class class {'midonet::mem': cluster_ip => $public_vip, @@ -67,6 +57,43 @@ class {'midonet::mem': mem_fabric_port => '', } + + +if ($public_ssl_hash['horizon']) +{ + exec { 'https override': + command => "sed -i 's/http:/https:/g' /var/www/html/midonet-manager/config/client.js", + path => '/usr/bin:/usr/sbin:/bin:/sbin', + logoutput => true, + provider => 'shell', + tries => 10, + try_sleep => 10, + returns => [0, ''], + require => File['midonet-manager-config'] + } + exec { 'wss override': + command => "sed -i 's/ws:/wss:/g' /var/www/html/midonet-manager/config/client.js", + path => '/usr/bin:/usr/sbin:/bin:/sbin', + logoutput => true, + provider => 'shell', + tries => 10, + try_sleep => 10, + returns => [0, ''], + require => File['midonet-manager-config'] + } +} +else { + exec { 'wss override': + command => "sed -i 's/wss:/ws:/g' /var/www/html/midonet-manager/config/client.js", + path => '/usr/bin:/usr/sbin:/bin:/sbin', + logoutput => true, + provider => 'shell', + tries => 10, + try_sleep => 10, + returns => [0, ''], + require => File['midonet-manager-config'] + } +} exec { 'a2enmod headers': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mod-headers', @@ -74,7 +101,6 @@ class {'midonet::mem': notify => Service['apache2'], tag => 'a2enmod-mem' } - exec { 'a2enmod proxy': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mod-proxy', @@ -82,7 +108,6 @@ class {'midonet::mem': notify => Service['apache2'], tag => 'a2enmod-mem' } - exec { 'a2enmod proxy_http': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mod-proxy-http', @@ -90,7 +115,6 @@ class {'midonet::mem': notify => Service['apache2'], tag => 'a2enmod-mem' } - exec { 'a2enmod proxy_wstunnel': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mod-proxy-wstunnel', @@ -98,7 +122,6 @@ class {'midonet::mem': notify => Service['apache2'], tag => 'a2enmod-mem' } - exec { 'a2enmod ssl': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mod-ssl', @@ -106,37 +129,31 @@ class {'midonet::mem': notify => Service['apache2'], tag => 'a2enmod-mem' } - file { 'mem-vhost': ensure => present, path => '/etc/apache2/sites-available/30-midonet-mem.conf', content => template('/etc/fuel/plugins/midonet-4.1/puppet/templates/vhost_mem_manager.erb'), } - exec { 'a2ensite 30-midonet-mem': path => '/usr/bin:/usr/sbin:/bin', alias => 'enable-mem-vhost', creates => '/etc/apache2/sites-enabled/30-midonet-mem.conf', notify => Service['apache2'], } - Exec<| tag == 'a2enmod-mem' |> -> File['mem-vhost'] -> Exec['a2ensite 30-midonet-mem'] - if ($is_insights) { # HA proxy configuration Haproxy::Service { use_include => true } Haproxy::Balancermember { use_include => true } - Openstack::Ha::Haproxy_service { server_names => keys($controllers_mgmt_ips), ipaddresses => values($controllers_mgmt_ips), public_virtual_ip => $public_vip, - internal_virtual_ip => $management_vip + internal_virtual_ip => $management_vip, } - openstack::ha::haproxy_service { 'midonetsubscriptions': order => 200, listen_port => 8007, @@ -150,7 +167,6 @@ if ($is_insights) }, balancermember_options => 'check', } - openstack::ha::haproxy_service { 'midonettrace': order => 201, listen_port => 8460, @@ -164,7 +180,6 @@ if ($is_insights) }, balancermember_options => 'check', } - openstack::ha::haproxy_service { 'midonetfabric': order => 202, listen_port => 8009, @@ -178,7 +193,6 @@ if ($is_insights) }, balancermember_options => 'check', } - exec { 'haproxy reload': command => 'export OCF_ROOT="/usr/lib/ocf"; (ip netns list | grep haproxy) && ip netns exec haproxy /usr/lib/ocf/resource.d/fuel/ns_haproxy reload', path => '/usr/bin:/usr/sbin:/bin:/sbin', @@ -188,28 +202,22 @@ if ($is_insights) try_sleep => 10, returns => [0, ''], } - Haproxy::Listen <||> -> Exec['haproxy reload'] Haproxy::Balancermember <||> -> Exec['haproxy reload'] - class { 'firewall': } - firewall {'504 Midonet subscription': port => '8007', proto => 'tcp', action => 'accept', } - firewall {'505 Midonet trace': port => '8460', proto => 'tcp', action => 'accept', } - firewall {'506 Midonet fabric': port => '8009', proto => 'tcp', action => 'accept', } - } diff --git a/deployment_scripts/puppet/manifests/midonet-neutron-networks.pp b/deployment_scripts/puppet/manifests/midonet-neutron-networks.pp index 8080687..9448ba6 100644 --- a/deployment_scripts/puppet/manifests/midonet-neutron-networks.pp +++ b/deployment_scripts/puppet/manifests/midonet-neutron-networks.pp @@ -17,7 +17,6 @@ notice('MODULAR: midonet-neutron-networks.pp') $access_data = hiera_hash('access') $keystone_admin_tenant = $access_data['tenant'] $net_metadata = hiera_hash('network_metadata') -$node_roles = $net_metadata['nodes'][$::hostname]['node_roles'] $neutron_settings = hiera('neutron_config') $external_net_name = $neutron_settings['default_floating_net'] $tenant_net_name = $neutron_settings['default_private_net'] diff --git a/deployment_scripts/puppet/manifests/midonet-nsdb.pp b/deployment_scripts/puppet/manifests/midonet-nsdb.pp index 5a92ab1..41a47b8 100644 --- a/deployment_scripts/puppet/manifests/midonet-nsdb.pp +++ b/deployment_scripts/puppet/manifests/midonet-nsdb.pp @@ -15,8 +15,8 @@ notice('MODULAR: midonet-nsdb.pp') # Extract data from hiera $fuel_settings = parseyaml($astute_settings_yaml) -$network_metadata = hiera_hash('network_metadata') -$nsdb_map = get_nodes_hash_by_roles($network_metadata, ['nsdb']) +$net_metadata = hiera_hash('network_metadata') +$nsdb_map = get_nodes_hash_by_roles($net_metadata, ['nsdb']) $zoo_hash = generate_zookeeper_hash($nsdb_map) $nsdb_mgmt_map = get_node_to_ipaddr_map_by_network_role($nsdb_map, 'management') diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml index aae3681..351b429 100644 --- a/deployment_tasks.yaml +++ b/deployment_tasks.yaml @@ -200,6 +200,8 @@ - firewall - primary-cluster-haproxy - cluster-haproxy + cross-depends: + - name: zookeeper_and_cassandra_midonet version: 2.0.0 type: puppet reexecute_on: @@ -822,6 +824,24 @@ condition: yaql_exp: "$.midonet.mem = true" +- id: mem-horizon-enable-lb + role: + - controller + - primary-controller + required_for: + - post_deployment_end + requires: + - post_deployment_start + - mem-install + version: 2.0.0 + reexecute_on: + - deploy_changes + type: puppet + parameters: + puppet_manifest: puppet/manifests/midonet-horizon-lb-firewall.pp + puppet_modules: "puppet/modules/:/etc/puppet/modules/" + timeout: 720 + - id: mem-restart-cluster role: - controller