From 71148d64002e4451cf9d535fb092ed409b0bd13d Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Mon, 16 Mar 2015 14:47:20 +0100 Subject: [PATCH 01/41] Fix bug and changelog URLs in the README file Change-Id: I215e7e2653a6437eccedfe94ea1dee9339624328 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c39f82b3..063103ff 100644 --- a/README.md +++ b/README.md @@ -139,7 +139,7 @@ The best way to get help with this set of modules is to email the group associat Issues should be opened here: - https://github.com/enovance/puppet-openstack-cloud/issues + https://bugs.launchpad.net/puppet-openstack-cloud/+filebug ## Contributors @@ -148,4 +148,4 @@ Issues should be opened here: ## Release Notes -See [CHANGELOG](https://github.com/enovance/puppet-openstack-cloud/blob/master/CHANGELOG.md) file. +See [CHANGELOG](https://github.com/stackforge/puppet-openstack-cloud/blob/master/CHANGELOG.md) file. From 14a06ed3f8e4e83424f2a9cd5af6e91eab3db780 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 20 Mar 2015 10:31:21 -0400 Subject: [PATCH 02/41] Puppetfile: update partial module Change-Id: I814746ceb34fb26859eeaac1e3604ccdebc183da --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 8d330944..9aa45333 100644 --- a/Puppetfile +++ b/Puppetfile @@ -159,7 +159,7 @@ mod 'pacemaker', :ref => '56bbb3580bb7fa62bf57c2ed7a30b938e42b8cc3' mod 'partial', :git => 'git://github.com/enovance/puppet-partial.git', - :ref => '7d3115a4a4233b12420722f449dbed5f0be4bbff' + :ref => '611a6812cd68874fcddfcc768988ca70ee8c4434' mod 'postgresql', :git => 'git://github.com/enovance/puppetlabs-postgresql.git', :ref => '0b483a2796e77d670e326a01fce57465d2c08774' From 3f3e2fd90cefe74fa7f80ec98c578d708d30dfb2 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Fri, 20 Mar 2015 16:48:08 +0100 Subject: [PATCH 03/41] Use operatingsystemmajrelease in cloud::database::sql::mysql At the moment it is not possible to use cloud::database::sql::mysql on CentOS 7 because of the following error: Error: Could not retrieve catalog from remote server: Error 400 on SERVER: comparison of String with 7 failed at /etc/puppet/modules/cloud/manifests/database/sql/mysql.pp:366 Replacing operatingsystemrelease with operatingsystemmajrelease in the file manifests/database/sql/mysql.pp solves this issue. Change-Id: I941f0a3ebdfa70171a1a7ea6757d78c42d773717 --- manifests/database/sql/mysql.pp | 2 +- spec/classes/cloud_database_sql_mysql_spec.rb | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 7978bf77..9e959ec9 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -363,7 +363,7 @@ require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]] } - if $::operatingsystemrelease >= 7 { + if $::operatingsystemmajrelease >= 7 { file { "/etc/systemd/system/${mysql_service_name}.service.d" : ensure => directory, } diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb index 09ed68c2..feec90a1 100644 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ b/spec/classes/cloud_database_sql_mysql_spec.rb @@ -98,7 +98,7 @@ before :each do facts.merge!( :hostname => 'os-ci-test1', :osfamily => 'RedHat', - :operatingsystemrelease => 7 ) + :operatingsystemmajrelease => 7 ) end before :each do params.merge!(:mysql_systemd_override_settings => { 'LimitNOFILE' => 666 }) @@ -113,7 +113,7 @@ before :each do facts.merge!( :hostname => 'os-ci-test1', :osfamily => 'RedHat', - :operatingsystemrelease => 7 ) + :operatingsystemmajrelease => 7 ) end before :each do params.merge!(:open_files_limit => 666) @@ -300,7 +300,7 @@ context 'on RedHat platforms' do let :facts do { :osfamily => 'RedHat', - :operatingsystemrelease => 7 } + :operatingsystemmajrelease => 7 } end let :platform_params do From d7a95eb84027e82c251ef6296ac4656a367f06af Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Sat, 21 Mar 2015 21:43:24 +0100 Subject: [PATCH 04/41] Change default value of 'galera_clustercheck_dbuser' to 'clustercheck' The current default value of galera_clustercheck_dbuser in the class cloud::database::sql::mysql does not makes sense because of the following issue. Parameter name failed on Mysql_user[clustercheckdbuser@localhost]: MySQL usernames are limited to a maximum of 16 characters Change-Id: I5be0c5d1cccc3f054e134602239b91d59e863492 --- manifests/database/sql/mysql.pp | 4 ++-- spec/classes/cloud_database_sql_mysql_spec.rb | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 7978bf77..1b819ec8 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -159,7 +159,7 @@ # # [*galera_clustercheck_dbuser*] # (optional) The MySQL username for Galera cluster check (using monitoring database) -# Defaults to 'clustercheckdbuser' +# Defaults to 'clustercheck' # # [*galera_clustercheck_dbpassword*] # (optional) The MySQL password for Galera cluster check @@ -218,7 +218,7 @@ $trove_db_allowed_hosts = ['127.0.0.1'], $mysql_root_password = 'rootpassword', $mysql_sys_maint_password = 'sys_maint', - $galera_clustercheck_dbuser = 'clustercheckdbuser', + $galera_clustercheck_dbuser = 'clustercheck', $galera_clustercheck_dbpassword = 'clustercheckpassword', $galera_clustercheck_ipaddress = '127.0.0.1', $open_files_limit = 65535, diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb index 09ed68c2..d271d9d3 100644 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ b/spec/classes/cloud_database_sql_mysql_spec.rb @@ -62,7 +62,7 @@ :trove_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], :mysql_root_password => 'secrete', :mysql_sys_maint_password => 'sys', - :galera_clustercheck_dbuser => 'clustercheckuser', + :galera_clustercheck_dbuser => 'clustercheck', :galera_clustercheck_dbpassword => 'clustercheckpassword!', :galera_clustercheck_ipaddress => '10.0.0.1' } From 8f9d4130bc1ca13f51e95d3e04e3993231dcfbb4 Mon Sep 17 00:00:00 2001 From: Christian Berendt Date: Fri, 20 Mar 2015 16:42:24 +0100 Subject: [PATCH 05/41] Use full path for test in cloud::database::sql::mysql At the moment it is not possible to use cloud::database::sql::mysql on CentOS 7 because of the following error when trying to call the binary 'test' in 'bootstrap-mysql'. 'test -d /var/lib/mysql/mysql' is not qualified and no path was specified. Please qualify the command or specify a path. Change-Id: I937ee32400da3f9c6154bc75ae8897e5c44dfab2 --- manifests/database/sql/mysql.pp | 2 +- spec/classes/cloud_database_sql_mysql_spec.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 7978bf77..9dde713c 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -358,7 +358,7 @@ # but MariaDB is not packaged for Red Hat / CentOS 7 in MariaDB repository. exec { 'bootstrap-mysql': command => '/usr/bin/mysql_install_db --rpm --user=mysql', - unless => 'test -d /var/lib/mysql/mysql', + unless => '/usr/bin/test -d /var/lib/mysql/mysql', before => Service['mysqld'], require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]] } diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb index 09ed68c2..3b89d7c3 100644 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ b/spec/classes/cloud_database_sql_mysql_spec.rb @@ -222,7 +222,7 @@ it 'configure mysql database' do is_expected.to contain_exec('bootstrap-mysql').with( :command => '/usr/bin/mysql_install_db --rpm --user=mysql', - :unless => "test -d /var/lib/mysql/mysql", + :unless => "/usr/bin/test -d /var/lib/mysql/mysql", :before => 'Service[mysqld]' ) end From 81137e735e723e7f237b1e135157febb33c274ab Mon Sep 17 00:00:00 2001 From: Dan Radez Date: Thu, 19 Mar 2015 10:51:21 -0400 Subject: [PATCH 06/41] allow the loadbalancer keepalived ids to be user defined Change-Id: I8675d19305cc6056197579038b664ec5e183e2b3 Signed-off-by: Dan Radez --- manifests/loadbalancer.pp | 16 ++++++++++++++-- spec/classes/cloud_loadbalancer_spec.rb | 2 ++ 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 1c189202..10bae21d 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -42,6 +42,16 @@ # Should be an array. # Defaults to false (disabled) # +# [*keepalived_public_id*] +# (optional) used for the keepalived public virtual_router_id. +# Should be numeric. +# Defaults to '1' +# +# [*keepalived_internal_id*] +# (optional) used for the keepalived internal virtual_router_id. +# Should be numeric. +# Defaults to '2' +# # [*keepalived_auth_type*] # (optional) Authentication method. # Supported methods are simple Passwd (PASS) or IPSEC AH (AH). @@ -527,8 +537,10 @@ $keepalived_vrrp_interface = false, $keepalived_public_interface = 'eth0', $keepalived_public_ipvs = ['127.0.0.1'], + $keepalived_public_id = '1', $keepalived_internal_interface = 'eth1', $keepalived_internal_ipvs = false, + $keepalived_internal_id = '2', $keepalived_auth_type = false, $keepalived_auth_pass = false, $ceilometer_bind_options = [], @@ -620,7 +632,7 @@ script => $::cloud::params::keepalived_vrrp_script, } - keepalived::instance { '1': + keepalived::instance { $keepalived_public_id: interface => $keepalived_vrrp_interface_real, virtual_ips => unique(split(join(flatten([$keepalived_public_ipvs, ['']]), " dev ${keepalived_public_interface},"), ',')), state => $keepalived_state, @@ -642,7 +654,7 @@ } else { $keepalived_vrrp_interface_internal = $keepalived_vrrp_interface } - keepalived::instance { '2': + keepalived::instance { $keepalived_internal_id: interface => $keepalived_vrrp_interface_internal, virtual_ips => unique(split(join(flatten([$keepalived_internal_ipvs, ['']]), " dev ${keepalived_internal_interface},"), ',')), state => $keepalived_state, diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 93ac18b2..ef63232e 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -63,7 +63,9 @@ :keepalived_vrrp_interface => false, :keepalived_public_interface => 'eth0', :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], + :keepalived_public_id => '1', :keepalived_internal_ipvs => false, + :keepalived_internal_id => '2', :keepalived_auth_type => 'PASS', :keepalived_auth_pass => 'secret', :horizon_port => '80', From 9a53dcde2091540a7799d470cd14c011c7a0348c Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 30 Mar 2015 22:41:36 -0400 Subject: [PATCH 07/41] Puppetfile: update partial ref Change-Id: Ic25cc7abbe2d844b94ed8819e121745c531ea91a --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 9aa45333..2adb0515 100644 --- a/Puppetfile +++ b/Puppetfile @@ -159,7 +159,7 @@ mod 'pacemaker', :ref => '56bbb3580bb7fa62bf57c2ed7a30b938e42b8cc3' mod 'partial', :git => 'git://github.com/enovance/puppet-partial.git', - :ref => '611a6812cd68874fcddfcc768988ca70ee8c4434' + :ref => '1308d5341872911359e884fd84e4dd175fda632f' mod 'postgresql', :git => 'git://github.com/enovance/puppetlabs-postgresql.git', :ref => '0b483a2796e77d670e326a01fce57465d2c08774' From 735a760c4031e0b32a9aac2f5bcf7af634be7176 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Wed, 8 Apr 2015 12:11:57 +0200 Subject: [PATCH 08/41] Do not recreate Galera cluster Currently if the Galera master node is rebooted after installation process a new Galera cluster is build because of the --wsrep-new-cluster present in the systemd.service file. This commit aims to update this behavior accordingly. Closes-bug: #1439197 Change-Id: I3e4c339ea073bd18177bd0625d694ddd0151b14c --- lib/facter/galera_bootstrapped.rb | 22 ++++++++++++++++++++++ manifests/database/sql/mysql.pp | 12 +++++++++++- templates/database/etc_initd_mysql_RedHat | 2 +- 3 files changed, 34 insertions(+), 2 deletions(-) create mode 100644 lib/facter/galera_bootstrapped.rb diff --git a/lib/facter/galera_bootstrapped.rb b/lib/facter/galera_bootstrapped.rb new file mode 100644 index 00000000..6a786304 --- /dev/null +++ b/lib/facter/galera_bootstrapped.rb @@ -0,0 +1,22 @@ +# +# Copyright (C) 2014 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Fact: galera_bootstrapped +# +Facter.add('galera_bootstrapped') do + setcode do + FileTest.exists?('/var/lib/mysql/grastate.dat') + end +end diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index b0140fec..29517de5 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -339,6 +339,11 @@ if $::hostname == $galera_master_name { $mysql_service_name = 'mysql-bootstrap' + if !str2bool($::galera_bootstrapped) { + $wsrep_new_cluster = '--wsrep-new-cluster' + } else { + $wsrep_new_cluster = '' + } } else { $mysql_service_name = 'mariadb' } @@ -424,12 +429,17 @@ # To check that the mysqld support the options you can : # strings `which mysqld` | grep wsrep-new-cluster # TODO: to be remove as soon as the API 25 is packaged, ie galera 3 ... + if $::osfamily == 'RedHat' and $::operatingsystemmajrelease >= 7 { + $mysql_service_notify = Exec['mariadb-sysctl-daemon-reload'] + } else { + $mysql_service_notify = Service['mysqld'] + } file { $mysql_init_file : content => template("cloud/database/etc_initd_mysql_${::osfamily}"), owner => 'root', mode => '0755', group => 'root', - notify => Service['mysqld'], + notify => $mysql_service_notify, before => Package[$mysql_server_package_name], } diff --git a/templates/database/etc_initd_mysql_RedHat b/templates/database/etc_initd_mysql_RedHat index ec2a168a..79a8b36e 100755 --- a/templates/database/etc_initd_mysql_RedHat +++ b/templates/database/etc_initd_mysql_RedHat @@ -32,7 +32,7 @@ Group=mysql ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n # Note: we set --basedir to prevent probes that might trigger SELinux alarms, # per bug #547485 -ExecStart=/usr/bin/mysqld_safe --wsrep-new-cluster --basedir=/usr +ExecStart=/usr/bin/mysqld_safe <%= @wsrep_new_cluster %> --basedir=/usr ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID # Give a reasonable amount of time for the server to start up/shut down From 17684bd1e39044b93d7ea41db7fdaabaa6655349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Charlier?= Date: Wed, 8 Apr 2015 17:12:09 +0200 Subject: [PATCH 09/41] update the mysql/galera and haproxy timeouts Update the database timeouts to higher values to prevent the services from disconnecting too frequently: - set the Galera HAProxy timeout to 90 minutes (with parameter) - set the database_idle_timeout to 5000 seconds (83 minutes) to allow the services to drop the connection before HAProxy does - add `on-marked-down shutdown-sessions` to Galera HAProxy balancer members to allow shutting down sessions when a Galera host goes down. Change-Id: I62c70c906a009df43acaf172eb27729d5d257b0f --- manifests/compute.pp | 32 +++++++----- manifests/database/dbaas.pp | 6 +++ manifests/database/sql/mysql.pp | 4 +- manifests/identity.pp | 7 ++- manifests/image/api.pp | 6 +++ manifests/image/registry.pp | 36 +++++++------ manifests/loadbalancer.pp | 16 ++++-- manifests/network/controller.pp | 27 ++++++---- manifests/orchestration.pp | 38 ++++++++------ manifests/volume.pp | 8 ++- spec/classes/cloud_compute_api_spec.rb | 25 ++++----- spec/classes/cloud_compute_cert_spec.rb | 25 ++++----- spec/classes/cloud_compute_conductor_spec.rb | 25 ++++----- .../classes/cloud_compute_consoleauth_spec.rb | 25 ++++----- .../cloud_compute_consoleproxy_spec.rb | 25 ++++----- spec/classes/cloud_compute_hypervisor_spec.rb | 51 ++++++++++--------- spec/classes/cloud_compute_scheduler_spec.rb | 25 ++++----- spec/classes/cloud_database_dbaas_api_spec.rb | 1 + .../cloud_database_dbaas_conductor_spec.rb | 1 + .../cloud_database_dbaas_taskmanager_spec.rb | 1 + spec/classes/cloud_identity_spec.rb | 3 +- spec/classes/cloud_image_api_spec.rb | 1 + spec/classes/cloud_image_registry_spec.rb | 1 + spec/classes/cloud_loadbalancer_spec.rb | 8 +-- spec/classes/cloud_network_controller_spec.rb | 17 ++++--- spec/classes/cloud_orchestration_api_spec.rb | 31 +++++------ .../cloud_orchestration_engine_spec.rb | 31 +++++------ spec/classes/cloud_volume_api_spec.rb | 9 ++-- spec/classes/cloud_volume_scheduler_spec.rb | 9 ++-- spec/classes/cloud_volume_storage_spec.rb | 9 ++-- 30 files changed, 291 insertions(+), 212 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 33b10c07..23b8a395 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -36,6 +36,10 @@ # (optional) Password to connect to nova database # Defaults to 'novapassword' # +# [*nova_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*rabbit_hosts*] # (optional) List of RabbitMQ servers. Should be an array. # Defaults to ['127.0.0.1:5672'] @@ -105,6 +109,7 @@ $nova_db_use_slave = false, $nova_db_user = 'nova', $nova_db_password = 'novapassword', + $nova_db_idle_timeout = 5000, $rabbit_hosts = ['127.0.0.1:5672'], $rabbit_password = 'rabbitpassword', $ks_glance_internal_host = '127.0.0.1', @@ -146,19 +151,20 @@ $encoded_password = uriescape($nova_db_password) class { 'nova': - database_connection => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}/nova?charset=utf8", - mysql_module => '2.2', - rabbit_userid => 'nova', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", - memcached_servers => $memcache_servers, - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - nova_shell => '/bin/bash', + database_connection => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}/nova?charset=utf8", + database_idle_timeout => $nova_db_idle_timeout, + mysql_module => '2.2', + rabbit_userid => 'nova', + rabbit_hosts => $rabbit_hosts, + rabbit_password => $rabbit_password, + glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", + memcached_servers => $memcache_servers, + verbose => $verbose, + debug => $debug, + log_dir => $log_dir, + log_facility => $log_facility, + use_syslog => $use_syslog, + nova_shell => '/bin/bash', } if $nova_db_use_slave { diff --git a/manifests/database/dbaas.pp b/manifests/database/dbaas.pp index 2c1ee47b..ec941a65 100644 --- a/manifests/database/dbaas.pp +++ b/manifests/database/dbaas.pp @@ -31,6 +31,10 @@ # (optional) Password to connect to trove database # Defaults to 'trovepassword' # +# [*trove_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*rabbit_hosts*] # (optional) List of RabbitMQ servers. Should be an array. # Defaults to ['127.0.0.1:5672'] @@ -55,6 +59,7 @@ $trove_db_host = '127.0.0.1', $trove_db_user = 'trove', $trove_db_password = 'trovepassword', + $trove_db_idle_timeout = 5000, $rabbit_hosts = ['127.0.0.1:5672'], $rabbit_password = 'rabbitpassword', $nova_admin_username = 'trove', @@ -67,6 +72,7 @@ class { 'trove': database_connection => "mysql://${encoded_user}:${encoded_password}@${trove_db_host}/trove?charset=utf8", + database_idle_timeout => $trove_db_idle_timeout, mysql_module => '2.2', rabbit_hosts => $rabbit_hosts, rabbit_password => $rabbit_password, diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 29517de5..7ec08364 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -553,7 +553,7 @@ ipaddresses => $api_eth, ports => '3306', options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname != @galera_master_name -%>backup<% end %>') + inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname != @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') } @@haproxy::balancermember{"${::fqdn}-readonly": @@ -562,6 +562,6 @@ ipaddresses => $api_eth, ports => '3306', options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname == @galera_master_name -%>backup<% end %>') + inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname == @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') } } diff --git a/manifests/identity.pp b/manifests/identity.pp index 088d6d4f..f5be1e38 100644 --- a/manifests/identity.pp +++ b/manifests/identity.pp @@ -35,6 +35,10 @@ # (optional) Password to connect to keystone database # Defaults to 'keystonepassword' # +# [*keystone_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*memcache_servers*] # (optionnal) Memcached servers used by Keystone. Should be an array. # Defaults to ['127.0.0.1:11211'] @@ -421,6 +425,7 @@ $keystone_db_host = '127.0.0.1', $keystone_db_user = 'keystone', $keystone_db_password = 'keystonepassword', + $keystone_db_idle_timeout = 5000, $memcache_servers = ['127.0.0.1:11211'], $ks_admin_email = 'no-reply@keystone.openstack', $ks_admin_password = 'adminpassword', @@ -536,7 +541,7 @@ admin_token => $ks_admin_token, compute_port => $ks_nova_public_port, debug => $debug, - database_idle_timeout => 60, + database_idle_timeout => $keystone_db_idle_timeout, log_facility => $log_facility, database_connection => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone?charset=utf8", token_provider => 'keystone.token.providers.uuid.Provider', diff --git a/manifests/image/api.pp b/manifests/image/api.pp index a420a3d1..64d7f4d5 100644 --- a/manifests/image/api.pp +++ b/manifests/image/api.pp @@ -31,6 +31,10 @@ # (optional) Password to connect to glance database # Defaults to 'glancepassword' # +# [*glance_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 + # [*ks_keystone_internal_host*] # (optional) Internal Hostname or IP to connect to Keystone API # Defaults to '127.0.0.1' @@ -139,6 +143,7 @@ $glance_db_host = '127.0.0.1', $glance_db_user = 'glance', $glance_db_password = 'glancepassword', + $glance_db_idle_timeout = 5000, $ks_keystone_internal_host = '127.0.0.1', $ks_keystone_internal_proto = 'http', $ks_glance_internal_host = '127.0.0.1', @@ -187,6 +192,7 @@ class { 'glance::api': database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", + database_idle_timeout => $glance_db_idle_timeout, mysql_module => '2.2', registry_host => $openstack_vip, registry_port => $ks_glance_registry_internal_port, diff --git a/manifests/image/registry.pp b/manifests/image/registry.pp index 8351ae91..52c858c5 100644 --- a/manifests/image/registry.pp +++ b/manifests/image/registry.pp @@ -31,6 +31,10 @@ # (optional) Password to connect to glance database # Defaults to 'glancepassword' # +# [*glance_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults 5000 +# # [*ks_keystone_internal_host*] # (optional) Internal Hostname or IP to connect to Keystone API # Defaults to '127.0.0.1' @@ -80,6 +84,7 @@ $glance_db_host = '127.0.0.1', $glance_db_user = 'glance', $glance_db_password = 'glancepassword', + $glance_db_idle_timeout = 5000, $ks_keystone_internal_host = '127.0.0.1', $ks_keystone_internal_proto = 'http', $ks_glance_internal_host = '127.0.0.1', @@ -114,21 +119,22 @@ $encoded_glance_password = uriescape($glance_db_password) class { 'glance::registry': - database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", - mysql_module => '2.2', - verbose => $verbose, - debug => $debug, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - keystone_password => $ks_glance_password, - keystone_tenant => 'services', - keystone_user => 'glance', - bind_host => $api_eth, - log_dir => $log_dir, - log_file => $log_file_registry, - bind_port => $ks_glance_registry_internal_port, - use_syslog => $use_syslog, - log_facility => $log_facility, + database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", + database_idle_timeout => $glance_db_idle_timeout, + mysql_module => '2.2', + verbose => $verbose, + debug => $debug, + auth_host => $ks_keystone_internal_host, + auth_protocol => $ks_keystone_internal_proto, + keystone_password => $ks_glance_password, + keystone_tenant => 'services', + keystone_user => 'glance', + bind_host => $api_eth, + log_dir => $log_dir, + log_file => $log_file_registry, + bind_port => $ks_glance_registry_internal_port, + use_syslog => $use_syslog, + log_facility => $log_facility, } glance_registry_config { diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 10bae21d..f4fe36c1 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -478,6 +478,13 @@ # (optional) Port of redis service. # Defaults to '6379' # +# [*galera_timeout*] +# (optional) Timeout for galera connections +# Defaults to '90m'. +# Note: when changing this parameter you should also change the +# *_db_idle_timeout for all services to be a little less +# than this timeout. +# # [*vip_public_ip*] # (optional) Array or string for public VIP # Should be part of keepalived_public_ips @@ -594,6 +601,7 @@ $sensu_dashboard_port = 3000, $sensu_api_port = 4568, $redis_port = 6379, + $galera_timeout = '90m', $vip_public_ip = ['127.0.0.1'], $vip_internal_ip = false, $vip_monitor_ip = false, @@ -945,8 +953,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '400s', - 'timeout server' => '400s', + 'timeout client' => $galera_timeout, + 'timeout server' => $galera_timeout, }, bind_options => $galera_bind_options, } @@ -968,8 +976,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '400s', - 'timeout server' => '400s', + 'timeout client' => $galera_timeout, + 'timeout server' => $galera_timeout, }, bind_options => $galera_bind_options, } diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp index 092b960c..5e138999 100644 --- a/manifests/network/controller.pp +++ b/manifests/network/controller.pp @@ -29,6 +29,10 @@ # (optional) Password that will be used for the neutron db user. # Defaults to 'neutronpassword' # +# [*neutron_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*ks_neutron_password*] # (optional) Password used by Neutron to connect to Keystone API # Defaults to 'neutronpassword' @@ -57,7 +61,6 @@ # (optional) Admin tenant name in Keystone # Defaults to 'admin' # -# # [*nova_url*] # (optional) URL for connection to nova (Only supports one nova region # currently). @@ -160,6 +163,7 @@ $neutron_db_host = '127.0.0.1', $neutron_db_user = 'neutron', $neutron_db_password = 'neutronpassword', + $neutron_db_idle_timeout = 5000, $ks_neutron_password = 'neutronpassword', $ks_keystone_admin_host = '127.0.0.1', $ks_keystone_admin_proto = 'http', @@ -207,16 +211,17 @@ } class { 'neutron::server': - auth_password => $ks_neutron_password, - auth_host => $ks_keystone_admin_host, - auth_protocol => $ks_keystone_admin_proto, - auth_port => $ks_keystone_public_port, - database_connection => "mysql://${encoded_user}:${encoded_password}@${neutron_db_host}/neutron?charset=utf8", - mysql_module => '2.2', - api_workers => $::processorcount, - agent_down_time => '60', - l3_ha => $l3_ha, - router_distributed => $router_distributed, + auth_password => $ks_neutron_password, + auth_host => $ks_keystone_admin_host, + auth_protocol => $ks_keystone_admin_proto, + auth_port => $ks_keystone_public_port, + database_connection => "mysql://${encoded_user}:${encoded_password}@${neutron_db_host}/neutron?charset=utf8", + database_idle_timeout => $neutron_db_idle_timeout, + mysql_module => '2.2', + api_workers => $::processorcount, + agent_down_time => '60', + l3_ha => $l3_ha, + router_distributed => $router_distributed, } case $plugin { diff --git a/manifests/orchestration.pp b/manifests/orchestration.pp index 1435b11a..e19f71d4 100644 --- a/manifests/orchestration.pp +++ b/manifests/orchestration.pp @@ -67,6 +67,10 @@ # (optional) Password to connect to heat database # Defaults to 'heatpassword' # +# [*heat_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*rabbit_hosts*] # (optional) List of RabbitMQ servers. Should be an array. # Defaults to ['127.0.0.1:5672'] @@ -108,6 +112,7 @@ $heat_db_host = '127.0.0.1', $heat_db_user = 'heat', $heat_db_password = 'heatpassword', + $heat_db_idle_timeout = 5000, $rabbit_hosts = ['127.0.0.1:5672'], $rabbit_password = 'rabbitpassword', $verbose = true, @@ -134,22 +139,23 @@ $encoded_password = uriescape($heat_db_password) class { 'heat': - keystone_host => $ks_keystone_admin_host, - keystone_port => $ks_keystone_admin_port, - keystone_protocol => $ks_keystone_admin_proto, - keystone_password => $ks_heat_password, - auth_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - keystone_ec2_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0/ec2tokens", - sql_connection => "mysql://${encoded_user}:${encoded_password}@${heat_db_host}/heat?charset=utf8", - mysql_module => '2.2', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'heat', - verbose => $verbose, - debug => $debug, - log_facility => $log_facility, - use_syslog => $use_syslog, - log_dir => $log_dir, + keystone_host => $ks_keystone_admin_host, + keystone_port => $ks_keystone_admin_port, + keystone_protocol => $ks_keystone_admin_proto, + keystone_password => $ks_heat_password, + auth_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", + keystone_ec2_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0/ec2tokens", + database_connection => "mysql://${encoded_user}:${encoded_password}@${heat_db_host}/heat?charset=utf8", + database_idle_timeout => $heat_db_idle_timeout, + mysql_module => '2.2', + rabbit_hosts => $rabbit_hosts, + rabbit_password => $rabbit_password, + rabbit_userid => 'heat', + verbose => $verbose, + debug => $debug, + log_facility => $log_facility, + use_syslog => $use_syslog, + log_dir => $log_dir, } # Note(EmilienM): diff --git a/manifests/volume.pp b/manifests/volume.pp index 45bb58e0..72bd2911 100644 --- a/manifests/volume.pp +++ b/manifests/volume.pp @@ -32,6 +32,10 @@ # (optional) Cinder database password # Defaults to 'cinderpassword' # +# [*cinder_db_idle_timeout*] +# (optional) Timeout before idle SQL connections are reaped. +# Defaults to 5000 +# # [*rabbit_hosts*] # (optional) List of RabbitMQ servers. Should be an array. # Defaults to ['127.0.0.1:5672'] @@ -68,6 +72,7 @@ $cinder_db_host = '127.0.0.1', $cinder_db_user = 'cinder', $cinder_db_password = 'cinderpassword', + $cinder_db_idle_timeout = 5000, $rabbit_hosts = ['127.0.0.1:5672'], $rabbit_password = 'rabbitpassword', $verbose = true, @@ -96,7 +101,8 @@ class { 'cinder': - sql_connection => "mysql://${encoded_user}:${encoded_password}@${cinder_db_host}/cinder?charset=utf8", + database_connection => "mysql://${encoded_user}:${encoded_password}@${cinder_db_host}/cinder?charset=utf8", + database_idle_timeout => $cinder_db_idle_timeout, mysql_module => '2.2', rabbit_userid => 'cinder', rabbit_hosts => $rabbit_hosts, diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb index fe10fc7e..96f0a2ec 100644 --- a/spec/classes/cloud_compute_api_spec.rb +++ b/spec/classes/cloud_compute_api_spec.rb @@ -57,18 +57,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb index ba1b469a..4e3347dc 100644 --- a/spec/classes/cloud_compute_cert_spec.rb +++ b/spec/classes/cloud_compute_cert_spec.rb @@ -45,18 +45,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb index 44840f9d..1ec26b0c 100644 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ b/spec/classes/cloud_compute_conductor_spec.rb @@ -45,18 +45,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb index bb63c0fe..b05f46e3 100644 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ b/spec/classes/cloud_compute_consoleauth_spec.rb @@ -45,18 +45,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index 14e7c51b..37992ed2 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -49,18 +49,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index c415682f..da537049 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -65,35 +65,36 @@ class { 'cloud::network': end let :params do - { :libvirt_type => 'kvm', - :server_proxyclient_address => '7.0.0.1', - :spice_port => '6082', - :nova_ssh_private_key => 'secrete', - :nova_ssh_public_key => 'public', - :ks_nova_public_proto => 'http', - :ks_console_public_proto => 'https', - :ks_console_public_host => '10.0.0.2', - :vm_rbd => false, - :volume_rbd => false, - :nova_shell => false, - :ks_nova_public_host => '10.0.0.1' } + { :libvirt_type => 'kvm', + :server_proxyclient_address => '7.0.0.1', + :spice_port => '6082', + :nova_ssh_private_key => 'secrete', + :nova_ssh_public_key => 'public', + :ks_nova_public_proto => 'http', + :ks_console_public_proto => 'https', + :ks_console_public_host => '10.0.0.2', + :vm_rbd => false, + :volume_rbd => false, + :nova_shell => false, + :ks_nova_public_host => '10.0.0.1' } end it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false, - :nova_shell => '/bin/bash' + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false, + :nova_shell => '/bin/bash' ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb index 5a096c11..de186207 100644 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ b/spec/classes/cloud_compute_scheduler_spec.rb @@ -51,18 +51,19 @@ it 'configure nova common' do is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false + :verbose => true, + :debug => true, + :use_syslog => true, + :log_facility => 'LOG_LOCAL0', + :rabbit_userid => 'nova', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :rabbit_virtual_host => '/', + :memcached_servers => ['10.0.0.1','10.0.0.2'], + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_database_dbaas_api_spec.rb b/spec/classes/cloud_database_dbaas_api_spec.rb index 66c27a57..3c774002 100644 --- a/spec/classes/cloud_database_dbaas_api_spec.rb +++ b/spec/classes/cloud_database_dbaas_api_spec.rb @@ -55,6 +55,7 @@ :nova_proxy_admin_user => 'trove', :nova_proxy_admin_tenant_name => 'services', :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', + :database_idle_timeout => '5000', ) end diff --git a/spec/classes/cloud_database_dbaas_conductor_spec.rb b/spec/classes/cloud_database_dbaas_conductor_spec.rb index 374542b2..4af4ec03 100644 --- a/spec/classes/cloud_database_dbaas_conductor_spec.rb +++ b/spec/classes/cloud_database_dbaas_conductor_spec.rb @@ -53,6 +53,7 @@ :nova_proxy_admin_user => 'trove', :nova_proxy_admin_tenant_name => 'services', :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', + :database_idle_timeout => '5000', ) end diff --git a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb b/spec/classes/cloud_database_dbaas_taskmanager_spec.rb index cc025633..3801557a 100644 --- a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb +++ b/spec/classes/cloud_database_dbaas_taskmanager_spec.rb @@ -53,6 +53,7 @@ :nova_proxy_admin_user => 'trove', :nova_proxy_admin_tenant_name => 'services', :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', + :database_idle_timeout => '5000', ) end diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb index ac7fc2a4..1f7dcee9 100644 --- a/spec/classes/cloud_identity_spec.rb +++ b/spec/classes/cloud_identity_spec.rb @@ -124,9 +124,10 @@ :compute_port => '8774', :debug => true, :verbose => true, - :database_idle_timeout => '60', + :database_idle_timeout => '5000', :log_facility => 'LOG_LOCAL0', :database_connection => 'mysql://keystone:secrete@10.0.0.1/keystone?charset=utf8', + :database_idle_timeout => '5000', :token_driver => 'keystone.token.persistence.backends.sql.Token', :token_provider => 'keystone.token.providers.uuid.Provider', :use_syslog => true, diff --git a/spec/classes/cloud_image_api_spec.rb b/spec/classes/cloud_image_api_spec.rb index e581c4a2..fd9d39d9 100644 --- a/spec/classes/cloud_image_api_spec.rb +++ b/spec/classes/cloud_image_api_spec.rb @@ -53,6 +53,7 @@ it 'configure glance-api' do is_expected.to contain_class('glance::api').with( :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', + :database_idle_timeout => '5000', :keystone_password => 'secrete', :registry_host => '10.0.0.42', :registry_port => '9191', diff --git a/spec/classes/cloud_image_registry_spec.rb b/spec/classes/cloud_image_registry_spec.rb index 2dd38749..df58e4b2 100644 --- a/spec/classes/cloud_image_registry_spec.rb +++ b/spec/classes/cloud_image_registry_spec.rb @@ -41,6 +41,7 @@ it 'configure glance-registry' do is_expected.to contain_class('glance::registry').with( :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', + :database_idle_timeout => '5000', :keystone_password => 'secrete', :keystone_tenant => 'services', :keystone_user => 'glance', diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index ef63232e..5cb77d4f 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -233,8 +233,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '400s', - 'timeout server' => '400s' + 'timeout client' => '90m', + 'timeout server' => '90m' } )} end # configure monitor haproxy listen @@ -255,8 +255,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '400s', - 'timeout server' => '400s' + 'timeout client' => '90m', + 'timeout server' => '90m' } )} end # configure monitor haproxy listen diff --git a/spec/classes/cloud_network_controller_spec.rb b/spec/classes/cloud_network_controller_spec.rb index bc7f0b50..a976079d 100644 --- a/spec/classes/cloud_network_controller_spec.rb +++ b/spec/classes/cloud_network_controller_spec.rb @@ -84,13 +84,14 @@ it 'configure neutron server' do is_expected.to contain_class('neutron::server').with( - :auth_password => 'secrete', - :auth_host => '10.0.0.1', - :auth_port => '5000', - :auth_protocol => 'https', - :database_connection => 'mysql://neutron:secrete@10.0.0.1/neutron?charset=utf8', - :api_workers => '2', - :agent_down_time => '60' + :auth_password => 'secrete', + :auth_host => '10.0.0.1', + :auth_port => '5000', + :auth_protocol => 'https', + :database_connection => 'mysql://neutron:secrete@10.0.0.1/neutron?charset=utf8', + :database_idle_timeout => '5000', + :api_workers => '2', + :agent_down_time => '60' ) end @@ -210,7 +211,7 @@ ) end end - + context 'with L3 HA and DVR' do before :each do params.merge!(:router_distributed => true, diff --git a/spec/classes/cloud_orchestration_api_spec.rb b/spec/classes/cloud_orchestration_api_spec.rb index cf6ffa77..a79b8962 100644 --- a/spec/classes/cloud_orchestration_api_spec.rb +++ b/spec/classes/cloud_orchestration_api_spec.rb @@ -53,21 +53,22 @@ it 'configure heat common' do is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :sql_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :log_dir => false + :verbose => true, + :debug => true, + :log_facility => 'LOG_LOCAL0', + :use_syslog => true, + :rabbit_userid => 'heat', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :keystone_host => '10.0.0.1', + :keystone_port => '5000', + :keystone_protocol => 'http', + :keystone_password => 'secrete', + :auth_uri => 'http://10.0.0.1:5000/v2.0', + :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', + :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', + :database_idle_timeout => '5000', + :log_dir => false ) end diff --git a/spec/classes/cloud_orchestration_engine_spec.rb b/spec/classes/cloud_orchestration_engine_spec.rb index a33084bf..35b50ac2 100644 --- a/spec/classes/cloud_orchestration_engine_spec.rb +++ b/spec/classes/cloud_orchestration_engine_spec.rb @@ -57,21 +57,22 @@ it 'configure heat common' do is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :sql_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :log_dir => false + :verbose => true, + :debug => true, + :log_facility => 'LOG_LOCAL0', + :use_syslog => true, + :rabbit_userid => 'heat', + :rabbit_hosts => ['10.0.0.1'], + :rabbit_password => 'secrete', + :keystone_host => '10.0.0.1', + :keystone_port => '5000', + :keystone_protocol => 'http', + :keystone_password => 'secrete', + :auth_uri => 'http://10.0.0.1:5000/v2.0', + :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', + :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', + :database_idle_timeout => '5000', + :log_dir => false ) is_expected.to contain_heat_config('clients/endpoint_type').with('value' => 'internalURL') end diff --git a/spec/classes/cloud_volume_api_spec.rb b/spec/classes/cloud_volume_api_spec.rb index 81a731ac..91a2c604 100644 --- a/spec/classes/cloud_volume_api_spec.rb +++ b/spec/classes/cloud_volume_api_spec.rb @@ -27,6 +27,7 @@ cinder_db_host => '10.0.0.1', cinder_db_user => 'cinder', cinder_db_password => 'secrete', + cinder_db_idle_timeout => 5000, rabbit_hosts => ['10.0.0.1'], rabbit_password => 'secrete', verbose => true, @@ -53,15 +54,17 @@ it 'configure cinder common' do is_expected.to contain_class('cinder').with( - :verbose => true, - :debug => true, + :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', + :database_idle_timeout => '5000', :rabbit_userid => 'cinder', :rabbit_hosts => ['10.0.0.1'], :rabbit_password => 'secrete', :rabbit_virtual_host => '/', + :verbose => true, + :debug => true, :log_facility => 'LOG_LOCAL0', - :use_syslog => true, :log_dir => false, + :use_syslog => true, :storage_availability_zone => 'nova' ) is_expected.to contain_class('cinder::ceilometer') diff --git a/spec/classes/cloud_volume_scheduler_spec.rb b/spec/classes/cloud_volume_scheduler_spec.rb index fcf4b997..e54fd67c 100644 --- a/spec/classes/cloud_volume_scheduler_spec.rb +++ b/spec/classes/cloud_volume_scheduler_spec.rb @@ -27,6 +27,7 @@ cinder_db_host => '10.0.0.1', cinder_db_user => 'cinder', cinder_db_password => 'secrete', + cinder_db_idle_timeout => 5000, rabbit_hosts => ['10.0.0.1'], rabbit_password => 'secrete', verbose => true, @@ -43,15 +44,17 @@ it 'configure cinder common' do is_expected.to contain_class('cinder').with( - :verbose => true, - :debug => true, + :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', + :database_idle_timeout => '5000', :rabbit_userid => 'cinder', :rabbit_hosts => ['10.0.0.1'], :rabbit_password => 'secrete', :rabbit_virtual_host => '/', + :verbose => true, + :debug => true, :log_facility => 'LOG_LOCAL0', - :use_syslog => true, :log_dir => false, + :use_syslog => true, :storage_availability_zone => 'nova' ) is_expected.to contain_class('cinder::ceilometer') diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb index f2c1d77e..fcea91db 100644 --- a/spec/classes/cloud_volume_storage_spec.rb +++ b/spec/classes/cloud_volume_storage_spec.rb @@ -27,6 +27,7 @@ cinder_db_host => '10.0.0.1', cinder_db_user => 'cinder', cinder_db_password => 'secret', + cinder_db_idle_timeout => 5000, rabbit_hosts => ['10.0.0.1'], rabbit_password => 'secret', verbose => true, @@ -104,15 +105,17 @@ it 'configure cinder common' do is_expected.to contain_class('cinder').with( - :verbose => true, - :debug => true, + :database_connection => 'mysql://cinder:secret@10.0.0.1/cinder?charset=utf8', + :database_idle_timeout => '5000', :rabbit_userid => 'cinder', :rabbit_hosts => ['10.0.0.1'], :rabbit_password => 'secret', :rabbit_virtual_host => '/', + :verbose => true, + :debug => true, :log_facility => 'LOG_LOCAL0', - :use_syslog => true, :log_dir => false, + :use_syslog => true, :storage_availability_zone => 'nova' ) From 254fffd28d653ad686b2e1f757abe39d60900276 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 10 Apr 2015 12:02:40 -0400 Subject: [PATCH 10/41] Puppetfile: update Swift & Neutron refs * Fix race condition is Swift with auditor * Fix race condition in Neutron with db_sync Change-Id: I9343d42451ff18dbc912ba3dd460f438297781df --- Puppetfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Puppetfile b/Puppetfile index 2adb0515..273a0634 100644 --- a/Puppetfile +++ b/Puppetfile @@ -40,13 +40,13 @@ mod 'keystone', :ref => 'e41f9d5b306d48bbe3418bcda33f4d6817fc6672' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => 'a2899fb8e924f070f9d73cbb8012ef2773a43bea' + :ref => '5500e4c0b2bce10ebc91a9685309cf854db2d2dc' mod 'nova', :git => 'git://github.com/enovance/puppet-nova.git', :ref => '2a5c1eac6b34ea29bbd3e28d7ee56839f10d83d9' mod 'swift', :git => 'git://github.com/enovance/puppet-swift.git', - :ref => '60968fc1feb64148938661102e999359186a2846' + :ref => '9a8e28d4ad91b9d638dc2e1e2f4e037ac2831864' mod 'tempest', :git => 'git://github.com/enovance/puppet-tempest.git', :ref => 'f5e87cad5de119bd483006f06efcd22a34d8bdc4' From a8e71e7b338663ed0f833019e108f0d85292065c Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Thu, 9 Apr 2015 10:19:56 -0400 Subject: [PATCH 11/41] loadbalancer: use TCP checks for API services While we don't have HTTP healthcheck in OpenStack [1], let's use TCP-connection level to validate a service is up and running. The reason is when "option httpchk" is specified, a complete HTTP request is sent once the TCP connection is established, and responses 2xx and 3xx are considered valid. So given that, OpenStack APIs are responding with 401 or 500, this healthcheck appears to be self-defeating [2]. Also introduce a new parameter to allow flexible timeout: api_timeout (beside galera_timeout). Sources: [1] http://specs.openstack.org/openstack/oslo-specs/specs/kilo/oslo-middleware-healthcheck.html [2] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20httpchk Change-Id: I0121d28daafa2f509162880e9934eb3e08ae4543 --- manifests/loadbalancer.pp | 86 ++++++++++++++----------- spec/classes/cloud_loadbalancer_spec.rb | 37 ++++++----- 2 files changed, 69 insertions(+), 54 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index f4fe36c1..0a922e57 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -485,6 +485,10 @@ # *_db_idle_timeout for all services to be a little less # than this timeout. # +# [*api_timeout*] +# (optional) Timeout for API services connections +# Defaults to '90m'. +# # [*vip_public_ip*] # (optional) Array or string for public VIP # Should be part of keepalived_public_ips @@ -602,6 +606,7 @@ $sensu_api_port = 4568, $redis_port = 6379, $galera_timeout = '90m', + $api_timeout = '90m', $vip_public_ip = ['127.0.0.1'], $vip_internal_ip = false, $vip_monitor_ip = false, @@ -612,6 +617,14 @@ include cloud::params + $common_tcp_options = { + 'mode' => 'tcp', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'balance' => 'source', + 'timeout server' => $api_timeout, + 'timeout client' => $api_timeout, + } + if $keepalived_vrrp_interface { $keepalived_vrrp_interface_real = $keepalived_vrrp_interface } else { @@ -706,12 +719,14 @@ cloud::loadbalancer::binding { 'keystone_api_cluster': ip => $keystone_api, port => $ks_keystone_public_port, + options => $common_tcp_options, bind_options => $keystone_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'keystone_api_admin_cluster': ip => $keystone_api_admin, port => $ks_keystone_admin_port, + options => $common_tcp_options, bind_options => $keystone_admin_bind_options, firewall_settings => $firewall_settings, } @@ -725,18 +740,21 @@ cloud::loadbalancer::binding { 'nova_api_cluster': ip => $nova_api, port => $ks_nova_public_port, + options => $common_tcp_options, bind_options => $nova_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'ec2_api_cluster': ip => $ec2_api, port => $ks_ec2_public_port, + options => $common_tcp_options, bind_options => $ec2_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'metadata_api_cluster': ip => $metadata_api, port => $ks_metadata_public_port, + options => $common_tcp_options, bind_options => $metadata_bind_options, firewall_settings => $firewall_settings, } @@ -762,26 +780,14 @@ cloud::loadbalancer::binding { 'spice_cluster': ip => $spice, port => $spice_port, - options => { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'source', - 'timeout server' => '120m', - 'timeout client' => '120m', - }, + options => $common_tcp_options, bind_options => $spice_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'novnc_cluster': ip => $novnc, port => $novnc_port, - options => { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'source', - 'timeout server' => '120m', - 'timeout client' => '120m', - }, + options => $common_tcp_options, bind_options => $novnc_bind_options, firewall_settings => $firewall_settings, } @@ -789,9 +795,11 @@ ip => $rabbitmq, port => $rabbitmq_port, options => { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'roundrobin', + 'mode' => 'tcp', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'balance' => 'roundrobin', + 'timeout server' => $api_timeout, + 'timeout client' => $api_timeout, }, bind_options => $rabbitmq_bind_options, firewall_settings => $firewall_settings, @@ -799,18 +807,13 @@ cloud::loadbalancer::binding { 'trove_api_cluster': ip => $trove_api, port => $ks_trove_public_port, + options => $common_tcp_options, bind_options => $trove_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'glance_api_cluster': ip => $glance_api, - options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '120m', - 'timeout client' => '120m', - }, + options => $common_tcp_options, port => $ks_glance_api_public_port, bind_options => $glance_api_bind_options, firewall_settings => $firewall_settings, @@ -818,45 +821,51 @@ cloud::loadbalancer::binding { 'glance_registry_cluster': ip => $glance_registry, port => $ks_glance_registry_internal_port, + options => $common_tcp_options, bind_options => $glance_registry_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'neutron_api_cluster': ip => $neutron_api, port => $ks_neutron_public_port, + options => $common_tcp_options, bind_options => $neutron_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'cinder_api_cluster': ip => $cinder_api, port => $ks_cinder_public_port, + options => $common_tcp_options, bind_options => $cinder_bind_options, firewall_settings => $firewall_settings, } cloud::loadbalancer::binding { 'ceilometer_api_cluster': ip => $ceilometer_api, port => $ks_ceilometer_public_port, + options => $common_tcp_options, bind_options => $ceilometer_bind_options, firewall_settings => $firewall_settings, } if 'ssl' in $heat_api_bind_options { - $heat_api_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } + $heat_api_options = merge($common_tcp_options, { + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + }) } else { - $heat_api_options = {} + $heat_api_options = $common_tcp_options } cloud::loadbalancer::binding { 'heat_api_cluster': ip => $heat_api, port => $ks_heat_public_port, - bind_options => $heat_api_bind_options, options => $heat_api_options, + bind_options => $heat_api_bind_options, firewall_settings => $firewall_settings, } if 'ssl' in $heat_cfn_bind_options { - $heat_cfn_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } + $heat_cfn_options = merge($common_tcp_options, { + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + }) } else { - $heat_cfn_options = { } + $heat_cfn_options = $common_tcp_options } cloud::loadbalancer::binding { 'heat_cfn_api_cluster': ip => $heat_cfn_api, @@ -866,10 +875,11 @@ firewall_settings => $firewall_settings, } if 'ssl' in $heat_cloudwatch_bind_options { - $heat_cloudwatch_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' } + $heat_cloudwatch_options = merge($common_tcp_options, { + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + }) } else { - $heat_cloudwatch_options = { } + $heat_cloudwatch_options = $common_tcp_options } cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster': ip => $heat_cloudwatch_api, @@ -953,8 +963,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => $galera_timeout, - 'timeout server' => $galera_timeout, + 'timeout client' => '90m', + 'timeout server' => '90m', }, bind_options => $galera_bind_options, } @@ -976,8 +986,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => $galera_timeout, - 'timeout server' => $galera_timeout, + 'timeout client' => '90m', + 'timeout server' => '90m', }, bind_options => $galera_bind_options, } diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 5cb77d4f..2ccbc287 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -269,8 +269,8 @@ 'mode' => 'tcp', 'balance' => 'source', 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '120m', - 'timeout client' => '120m' + 'timeout server' => '90m', + 'timeout client' => '90m' } )} end @@ -289,8 +289,8 @@ 'mode' => 'tcp', 'balance' => 'source', 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '120m', - 'timeout client' => '120m' + 'timeout server' => '90m', + 'timeout client' => '90m' } )} end @@ -404,10 +404,11 @@ :ipaddress => [params[:vip_public_ip]], :ports => '8774', :options => { - 'mode' => 'http', - 'option' => ['tcpka','forwardfor','tcplog','httpchk'], - 'http-check' => 'expect ! rstatus ^5', - 'balance' => 'roundrobin', + 'mode' => 'tcp', + 'balance' => 'source', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'timeout server' => '90m', + 'timeout client' => '90m' }, :bind_options => ['ssl', 'crt'] )} @@ -423,10 +424,11 @@ :ipaddress => [params[:vip_public_ip]], :ports => '8776', :options => { - 'mode' => 'http', - 'option' => ['tcpka','forwardfor','tcplog', 'httpchk'], - 'http-check' => 'expect ! rstatus ^5', - 'balance' => 'roundrobin', + 'mode' => 'tcp', + 'balance' => 'source', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'timeout server' => '90m', + 'timeout client' => '90m' }, :bind_options => ['something not secure'] )} @@ -499,11 +501,12 @@ :ipaddress => [params[:vip_public_ip]], :ports => '8004', :options => { + 'mode' => 'tcp', 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'mode' => 'http', - 'option' => ['tcpka','forwardfor','tcplog', 'httpchk'], - 'http-check' => 'expect ! rstatus ^5', - 'balance' => 'roundrobin' + 'balance' => 'source', + 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'timeout server' => '90m', + 'timeout client' => '90m' }, :bind_options => ['ssl', 'crt'] )} @@ -519,6 +522,8 @@ 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'timeout server' => '90m', + 'timeout client' => '90m', } )} end From 353d1bf857e87a09ea39fabec1224fee33d87a3f Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 10 Apr 2015 18:39:03 -0400 Subject: [PATCH 12/41] Puppetfile/keystone: bump to last stable commit To reduce the API timeout. Change-Id: Id224a1bf45c51ba6a9e0224268d38eb9d280d557 --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 273a0634..5a0360cb 100644 --- a/Puppetfile +++ b/Puppetfile @@ -37,7 +37,7 @@ mod 'horizon', :ref => '72e83fa859c4224fcf7772654bdc7464a0bbedde' mod 'keystone', :git => 'git://github.com/enovance/puppet-keystone.git', - :ref => 'e41f9d5b306d48bbe3418bcda33f4d6817fc6672' + :ref => '9b540464869ecf20a012ba15ebde2aaa6b99be09' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', :ref => '5500e4c0b2bce10ebc91a9685309cf854db2d2dc' From 3ab3b139fd85f5f13d9481c6f0d450ef771c49f7 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Tue, 14 Apr 2015 15:25:49 -0400 Subject: [PATCH 13/41] nfs: Ensure nova/glance permissions on nfs mount Ensure filesystem_store_datadir is a directory with nova or glance permissions before creating the nfs mount. Change-Id: I06a0d95af3829cd803b0af0ebc52fd17b18ff2b3 Closes-Bug: #1443994 --- manifests/compute/hypervisor.pp | 8 +++++++- manifests/image/api.pp | 8 +++++++- spec/classes/cloud_compute_hypervisor_spec.rb | 6 ++++++ spec/classes/cloud_image_api_spec.rb | 6 ++++++ 4 files changed, 26 insertions(+), 2 deletions(-) diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 241375a7..4351593e 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -170,6 +170,12 @@ # We mount the NFS share in filesystem_store_datadir to fake the # backend. if $nfs_device { + file { $filesystem_store_datadir: + ensure => 'directory', + owner => 'nova', + group => 'nova', + mode => '0755' + } nova_config { 'DEFAULT/instances_path': value => $filesystem_store_datadir; } $nfs_mount = { "${filesystem_store_datadir}" => { @@ -180,7 +186,7 @@ } } ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount) + create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) # Not using /var/lib/nova/instances may cause side effects. if $filesystem_store_datadir != '/var/lib/nova/instances' { diff --git a/manifests/image/api.pp b/manifests/image/api.pp index 64d7f4d5..61a4ac0a 100644 --- a/manifests/image/api.pp +++ b/manifests/image/api.pp @@ -260,6 +260,12 @@ # We mount the NFS share in filesystem_store_datadir to fake the # backend. if $nfs_device { + file { $filesystem_store_datadir: + ensure => 'directory', + owner => 'glance', + group => 'glance', + mode => '0755' + } -> class { 'glance::backend::file': filesystem_store_datadir => $filesystem_store_datadir } @@ -272,7 +278,7 @@ } } ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount) + create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) } else { fail('When running NFS backend, you need to provide nfs_device parameter.') } diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index da537049..83a2366b 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -424,6 +424,12 @@ class { 'cloud::network': :nfs_options => 'noacl,fsid=123' ) end it 'configure nova instances path and NFS mount' do + is_expected.to contain_file('/var/lib/nova/instances').with( + 'ensure' => 'directory', + 'owner' => 'nova', + 'group' => 'nova', + 'mode' => '0755' + ) is_expected.to contain_nova_config('DEFAULT/instances_path').with('value' => '/var/lib/nova/instances') is_expected.to contain_mount('/var/lib/nova/instances').with({ 'ensure' => 'mounted', diff --git a/spec/classes/cloud_image_api_spec.rb b/spec/classes/cloud_image_api_spec.rb index fd9d39d9..d6bbe2e3 100644 --- a/spec/classes/cloud_image_api_spec.rb +++ b/spec/classes/cloud_image_api_spec.rb @@ -125,6 +125,12 @@ it 'configure Glance with NFS backend' do is_expected.to contain_class('glance::backend::file') is_expected.not_to contain_class('glance::backend::rbd') + is_expected.to contain_file('/srv/images/').with( + 'ensure' => 'directory', + 'owner' => 'glance', + 'group' => 'glance', + 'mode' => '0755' + ) is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with('value' => '/srv/images/') is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'file') is_expected.to contain_mount('/srv/images/').with({ From 9267538fc81b73ffa574cf873b9e5fc96b629bc1 Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Tue, 14 Apr 2015 09:29:14 -0400 Subject: [PATCH 14/41] Changing who is affected by the sysctl tunning Only the swift-nodes need to be tuned according to https://bugs.launchpad.net/swift/+bug/1075606. And enlarge the local port range on the controller can overlap with the listening services. Changing the local range port We must don't overlap the local range port and the listening ports. Listening port on swift nodes are around 6800. With a bad ordering or a restart we can face a already used port problem. Co-Authored-By: Emilien Macchi Change-Id: I5e875403946a22ec8c5848af259d3afa84db4e35 --- manifests/object.pp | 2 -- manifests/object/storage.pp | 2 ++ manifests/object/tweaking.pp | 2 +- spec/classes/cloud_object_storage_spec.rb | 4 ++++ 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/manifests/object.pp b/manifests/object.pp index 0ad00e70..d7d9e917 100644 --- a/manifests/object.pp +++ b/manifests/object.pp @@ -30,6 +30,4 @@ swift_hash_suffix => $swift_hash_suffix, } - class {'cloud::object::tweaking': } - } diff --git a/manifests/object/storage.pp b/manifests/object/storage.pp index 5d755943..ae19ef7a 100644 --- a/manifests/object/storage.pp +++ b/manifests/object/storage.pp @@ -75,6 +75,8 @@ include 'cloud::object' + include 'cloud::object::tweaking' + class { 'swift::storage': storage_local_net_ip => $storage_eth, } diff --git a/manifests/object/tweaking.pp b/manifests/object/tweaking.pp index 17f54f42..ff5e552b 100644 --- a/manifests/object/tweaking.pp +++ b/manifests/object/tweaking.pp @@ -22,7 +22,7 @@ 'net.ipv4.tcp_tw_recycle' => { value => 1 }, 'net.ipv4.tcp_tw_reuse' => { value => 1 }, 'net.ipv4.tcp_syncookies' => { value => 0 }, - 'net.ipv4.ip_local_port_range' => { value => "1024\t65000" }, + 'net.ipv4.ip_local_port_range' => { value => "10000\t65000" }, 'net.core.netdev_max_backlog' => { value => 300000 }, 'net.ipv4.tcp_sack' => { value => 0 }, } diff --git a/spec/classes/cloud_object_storage_spec.rb b/spec/classes/cloud_object_storage_spec.rb index 766e2121..f62605ac 100644 --- a/spec/classes/cloud_object_storage_spec.rb +++ b/spec/classes/cloud_object_storage_spec.rb @@ -39,6 +39,10 @@ 'storage_local_net_ip' => '127.0.0.1', }) + is_expected.to contain_sysctl('net.ipv4.ip_local_port_range').with( + :val => "10000\t65000", + ) + is_expected.to contain_swift__storage__server('6000').with({ 'type' => 'object', 'config_file_path' => 'object-server.conf', From eb01c01e9937c862fccd440826f39d7b361dd7f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Charlier?= Date: Mon, 20 Apr 2015 14:34:14 +0200 Subject: [PATCH 15/41] Puppetfile: update puppetlabs-rabbitmq ref Closes bug #1443891 Change-Id: I1b449aaaf5fc0594137e83ca4382c7d8d83dde1f --- Puppetfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Puppetfile b/Puppetfile index 5a0360cb..006b2cd3 100644 --- a/Puppetfile +++ b/Puppetfile @@ -169,11 +169,10 @@ mod 'puppetdb', mod 'puppetdbquery', :git => 'git://github.com/enovance/puppet-puppetdbquery.git', :ref => '89194917744f929bb600c31d7d6f822b529f5f03' -# TODO(EmilienM) come back o upstream after -# https://github.com/puppetlabs/puppetlabs-rabbitmq/pull/306 +# TODO(emilienM) https://tickets.puppetlabs.com/browse/PDB-1223 mod 'rabbitmq', :git => 'git://github.com/enovance/puppetlabs-rabbitmq.git', - :ref => '77a79e46f0de3ae10869ccf1b5873fe0bc67e8eb' + :ref => 'b1bd3cf9052fe78c47f66b500418c84d130cdead' mod 'redis', :git => 'git://github.com/arioch/puppet-redis.git', :ref => '51e35cc9a743dd8f992effae25d92e18aafe8b46' From ec42d717c5d6b3521dcb471bb8e49b72d80db690 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 21 Apr 2015 17:26:49 -0400 Subject: [PATCH 16/41] Puppetfile: fix RabbitMQ git The J.1.2.0 branch of puppetlabs-rabbitmq eNovance fork has a new commit and the old one changed the ID due to a push -f. This commits just update the commit ID so we have the right commit and RabbitMQ will work correctly. Change-Id: Ib2b8eee1d853880de0802d5b91e14d726d374c9a --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 006b2cd3..979432c9 100644 --- a/Puppetfile +++ b/Puppetfile @@ -172,7 +172,7 @@ mod 'puppetdbquery', # TODO(emilienM) https://tickets.puppetlabs.com/browse/PDB-1223 mod 'rabbitmq', :git => 'git://github.com/enovance/puppetlabs-rabbitmq.git', - :ref => 'b1bd3cf9052fe78c47f66b500418c84d130cdead' + :ref => '7d3a3a1859d344c4e49d4c257c4ea0b9b0460c33' mod 'redis', :git => 'git://github.com/arioch/puppet-redis.git', :ref => '51e35cc9a743dd8f992effae25d92e18aafe8b46' From 5e07f511b4dbe979745751ac30b4347209467d2d Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Sat, 25 Apr 2015 13:39:14 -0400 Subject: [PATCH 17/41] Fix errors in puppet-syntax-future puppet-syntax-future job is failing because of a syntax error in the manifests. This patch aims to fix it. Change-Id: Ib471e862bb7a9f735c5c6f045f4c627723dd6c3a --- manifests/database/sql/mysql.pp | 2 +- manifests/network.pp | 2 +- manifests/network/controller.pp | 2 +- manifests/network/vswitch.pp | 2 +- spec/classes/cloud_network_vswitch_spec.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 7ec08364..0c1d67e6 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -417,7 +417,7 @@ } } # Debian default: { - err "${::osfamily} not supported yet" + fail("${::osfamily} not supported yet") } } diff --git a/manifests/network.pp b/manifests/network.pp index 0b16f7bc..b4873ab7 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -89,7 +89,7 @@ $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp index 5e138999..cb79f6c7 100644 --- a/manifests/network/controller.pp +++ b/manifests/network/controller.pp @@ -259,7 +259,7 @@ } default: { - err "${plugin} plugin is not supported." + fail("${plugin} plugin is not supported.") } } diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp index 10d663d6..0a00ce6c 100644 --- a/manifests/network/vswitch.pp +++ b/manifests/network/vswitch.pp @@ -215,7 +215,7 @@ } default: { - err "${driver} driver is not supported." + fail("${driver} driver is not supported.") } } diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb index 6078ad50..d101b76e 100644 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ b/spec/classes/cloud_network_vswitch_spec.rb @@ -133,7 +133,7 @@ before :each do params.merge!(:driver => 'Something') end - it { should compile.and_raise_error(/Something plugin is not supported./) } + it_raises 'a Puppet::Error', /Something driver is not supported./ end context 'with default firewall enabled' do From a29ff731533b45ca65d6a82b90d90f376fa468af Mon Sep 17 00:00:00 2001 From: Cedric Lecomte Date: Thu, 23 Apr 2015 08:36:57 -0400 Subject: [PATCH 18/41] Fix ceph keyring permissions When ceph osd are not on same nodes than cinder a keyring permissions problem appear. With this ordering the problem doesn't appear anymore and all node get the right permissions for the ceph keyring file. Change-Id: Ib8c5394f56f06192911669d84c172e74d388fafa --- manifests/compute/hypervisor.pp | 22 +++++++++---------- manifests/volume/backend/rbd.pp | 14 +++++------- spec/classes/cloud_compute_hypervisor_spec.rb | 5 +++++ spec/classes/cloud_volume_storage_spec.rb | 5 +++++ 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 4351593e..33579ca3 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -365,18 +365,16 @@ # Configure Ceph keyring Ceph::Key <<| title == $cinder_rbd_user |>> - if defined(Ceph::Key[$cinder_rbd_user]) { - ensure_resource( - 'file', - "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$cinder_rbd_user], - notify => Service['nova-compute'], - } - ) - } + ensure_resource( + 'file', + "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$cinder_rbd_user], + notify => Service['nova-compute'], + } + ) Concat::Fragment <<| title == 'ceph-client-os' |>> } else { diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp index cf33d08b..c6115003 100644 --- a/manifests/volume/backend/rbd.pp +++ b/manifests/volume/backend/rbd.pp @@ -84,14 +84,12 @@ # Configure Ceph keyring Ceph::Key <<| title == $rbd_user |>> - if defined(Ceph::Key[$rbd_user]) { - ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$rbd_user], - }) - } + ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { + owner => 'root', + group => 'cephkeyring', + mode => '0440', + require => Ceph::Key[$rbd_user], + }) Concat::Fragment <<| title == 'ceph-client-os' |>> diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index 83a2366b..c14270ca 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -384,6 +384,11 @@ class { 'cloud::network': :command => 'usermod -a -G cephkeyring nova', :unless => 'groups nova | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end it 'configure libvirt driver' do diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb index fcea91db..c7b5f012 100644 --- a/spec/classes/cloud_volume_storage_spec.rb +++ b/spec/classes/cloud_volume_storage_spec.rb @@ -157,6 +157,11 @@ :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], :unless => 'groups cinder | grep cephkeyring' ) + is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ + 'owner' => 'root', + 'group' => 'cephkeyring', + 'mode' => '0440', + }) end end From 7f2ae4f10560d77040f559046b1571ec508c9c1d Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 30 Mar 2015 12:08:11 -0400 Subject: [PATCH 19/41] messaging: enable HA queues when HAproxy binding is enabled If HAproxy binding is enabled for RabbitMQ service, we need to ensure queres are replicated and this is done by a specific policy. Since OpenStack is already tagging queues with rabbit_ha_queues=True parameter everywhere, we just create the policy and the queues by themselves. This is enabled only if HAproxy binding is enabled for now, because the feature seems required when using RabbitMQ load-balancing. The other use-case (when using Oslo messaging to failover to another RabbitMQ node) does not require this policy. If a node is down, OpenStack will fallback to another RabbitMQ node in the list from parameters. This patch allows you to configure 'exactly' or 'all' RabbitMQ HA policy modes. Why using 'exactly' mode ? To let operators scale up/down the replication accross an exact number of nodes. How it works ? Queue is mirrored to count nodes in the cluster. If there are less than count nodes in the cluster, the queue is mirrored to all nodes. If there are more than count nodes in the cluster, and a node containing a mirror goes down, then a new mirror will be created on another node. Also change the Puppetfile to have latest commits in puppetlabs-rabbitmq to have some fix related to rabbitmq_policy provider. Without this fix, some parameters are not integers but string, and we need integer. Closes-bug #1434474 Change-Id: I3f732360f83e10e0ae525573f9afdb7f68475149 --- manifests/messaging.pp | 30 ++++++++++++++++++++++ spec/classes/cloud_messaging_spec.rb | 38 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/manifests/messaging.pp b/manifests/messaging.pp index ffb95ac7..3d038a73 100644 --- a/manifests/messaging.pp +++ b/manifests/messaging.pp @@ -32,6 +32,17 @@ # Could be set to 'disk' or 'ram'. # Defaults to 'disc' # +# [*cluster_count*] +# (optional) Queue is mirrored to count nodes in the cluster. +# If there are less than count nodes in the cluster, the queue +# is mirrored to all nodes. If there are more than count nodes +# in the cluster, and a node containing a mirror goes down, +# then a new mirror will be created on another node. +# If a value is set, RabbitMQ policy will be 'exactly'. +# Otherwise, undef will set the policy to 'all' by default. +# To enable this feature, you need 'haproxy_binding' to true. +# Defaults to undef +# # [*haproxy_binding*] # (optional) Enable or not HAproxy binding for load-balancing. # Defaults to false @@ -58,6 +69,7 @@ class cloud::messaging( $erlang_cookie, $cluster_node_type = 'disc', + $cluster_count = undef, $rabbit_names = $::hostname, $rabbit_password = 'rabbitpassword', $haproxy_binding = false, @@ -140,6 +152,24 @@ } if $haproxy_binding { + + if $cluster_count { + $policy_name = "ha-exactly-${cluster_count}@/" + $definition = { + 'ha-mode' => 'exactly', + 'ha-params' => $cluster_count, + } + } else { + $policy_name = 'ha-all@/' + $definition = { + 'ha-mode' => 'all', + } + } + rabbitmq_policy { $policy_name: + pattern => '^(?!amq\.).*', + definition => $definition, + } + @@haproxy::balancermember{"${::fqdn}-rabbitmq": listening_service => 'rabbitmq_cluster', server_names => $::hostname, diff --git a/spec/classes/cloud_messaging_spec.rb b/spec/classes/cloud_messaging_spec.rb index 4f370cd8..42b58572 100644 --- a/spec/classes/cloud_messaging_spec.rb +++ b/spec/classes/cloud_messaging_spec.rb @@ -29,6 +29,7 @@ :rabbit_password => 'secrete', :erlang_cookie => 'MY_COOKIE', :rabbitmq_ip => '10.0.0.1', + :haproxy_binding => false, } end @@ -90,6 +91,43 @@ ) end end + + context 'with HAproxy binding and HA policy to exactly' do + before :each do + params.merge!( + :haproxy_binding => true, + :cluster_count => 3, + ) + end + + it 'configure ha-exactly rabbitmq_policy' do + is_expected.to contain_rabbitmq_policy('ha-exactly-3@/').with( + :pattern => '^(?!amq\.).*', + :definition => { + 'ha-mode' => 'exactly', + 'ha-params' => 3, + }, + ) + end + end + + context 'with HAproxy binding and HA policy to all' do + before :each do + params.merge!( + :haproxy_binding => true, + ) + end + + it 'configure ha-exactly rabbitmq_policy' do + is_expected.to contain_rabbitmq_policy('ha-all@/').with( + :pattern => '^(?!amq\.).*', + :definition => { + 'ha-mode' => 'all', + }, + ) + end + end + end context 'on Debian platforms' do From c4da5b97778d2e16d58142bbf85a581afa310690 Mon Sep 17 00:00:00 2001 From: AlexandreNo Date: Wed, 15 Apr 2015 11:48:00 +0200 Subject: [PATCH 20/41] Add nfs_mount_options to cinder when using NetApp as a backend. Allow to pass NFS options when using NetApp as a backend for cinder. Change-Id: Ieb18350bf92ee354fce1e1e333ae7c616eb8ded5 Closes-Bug: #1444374 Depends-On: I619305890327ed09b0951582f34fe5eab7f8c427 --- Puppetfile | 2 +- manifests/volume/backend/netapp.pp | 7 +++++++ spec/classes/cloud_volume_storage_spec.rb | 4 +++- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Puppetfile b/Puppetfile index 979432c9..5e269a27 100644 --- a/Puppetfile +++ b/Puppetfile @@ -25,7 +25,7 @@ mod 'ceilometer', :ref => 'c5c7f4a6a7afd4b9c558e17e5a755e836e182dbe' mod 'cinder', :git => 'git://github.com/enovance/puppet-cinder.git', - :ref => 'bde992600a63a3debba4b06a27d7cde9119f23ed' + :ref => '3247b8e9844afa0b7b1ddc0bff5361c6f0811e5d' mod 'glance', :git => 'git://github.com/enovance/puppet-glance.git', :ref => '9fb3db4a693b6839c2caa45df4cd37f9c21451de' diff --git a/manifests/volume/backend/netapp.pp b/manifests/volume/backend/netapp.pp index 273f84f1..83cbec5f 100644 --- a/manifests/volume/backend/netapp.pp +++ b/manifests/volume/backend/netapp.pp @@ -111,6 +111,11 @@ # (optional) File with the list of available NFS shares # Defaults to '' # +# [*nfs_mount_options*] +# (optional) Mount options passed to the nfs client. See section +# of the nfs man page for details. +# Defaults to undef + define cloud::volume::backend::netapp ( $netapp_login, $netapp_password, @@ -128,6 +133,7 @@ $thres_avl_size_perc_start = '20', $thres_avl_size_perc_stop = '60', $nfs_shares_config = '', + $nfs_mount_options = undef, ) { @@ -147,6 +153,7 @@ thres_avl_size_perc_start => $thres_avl_size_perc_start, thres_avl_size_perc_stop => $thres_avl_size_perc_stop, nfs_shares_config => $nfs_shares_config, + nfs_mount_options => $nfs_mount_options, } @cinder::type { $volume_backend_name: diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb index fcea91db..8f8ed89c 100644 --- a/spec/classes/cloud_volume_storage_spec.rb +++ b/spec/classes/cloud_volume_storage_spec.rb @@ -54,7 +54,8 @@ 'premium' => { 'netapp_server_hostname' => 'netapp-server.host', 'netapp_login' => 'joe', - 'netapp_password' => 'secret' + 'netapp_password' => 'secret', + 'nfs_mount_options' => 'rw,proto=tcp,sec=sys', } }, 'iscsi' => { @@ -166,6 +167,7 @@ is_expected.to contain_cinder_config('premium/netapp_login').with_value('joe') is_expected.to contain_cinder_config('premium/netapp_password').with_value('secret') is_expected.to contain_cinder_config('premium/netapp_server_hostname').with_value('netapp-server.host') + is_expected.to contain_cinder_config('premium/nfs_mount_options').with_value('rw,proto=tcp,sec=sys') is_expected.to contain_cinder__type('premium').with( :set_key => 'volume_backend_name', :set_value => 'premium', From ef4cc0f0d0125a620020226470ef630e8ff8f2c2 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 28 Apr 2015 22:42:23 -0400 Subject: [PATCH 21/41] MySQL: change default MySQL collate to utf8_general_ci Install & configure MySQL database by using utf8_general_ci collation which is the way documented in OpenStack [1] and already the default in puppetlabs-mysql [2]. [1] http://goo.gl/GA5gyZ [2] https://github.com/puppetlabs/puppetlabs-mysql/blob/master/manifests/db.pp#L7 This is affecting Puppetfile to update all modules to stable/juno that contains this commit. Also affecting MySQL monitoring database to make sure we have the right collation. Also updating puppet-nova manifest for MySQL Slave connection and use nova::db. Also updating nova-compute libvirt class. Change-Id: Ib8ce10949038b915ebd70f1b22ca3c147b7b149b --- Puppetfile | 22 +++++------ manifests/compute.pp | 37 ++++++++++--------- manifests/compute/hypervisor.pp | 14 +++---- manifests/database/sql/mysql.pp | 2 +- spec/classes/cloud_compute_api_spec.rb | 6 ++- spec/classes/cloud_compute_cert_spec.rb | 6 ++- spec/classes/cloud_compute_conductor_spec.rb | 6 ++- .../classes/cloud_compute_consoleauth_spec.rb | 6 ++- .../cloud_compute_consoleproxy_spec.rb | 6 ++- spec/classes/cloud_compute_hypervisor_spec.rb | 7 ++-- spec/classes/cloud_compute_scheduler_spec.rb | 6 ++- 11 files changed, 67 insertions(+), 51 deletions(-) diff --git a/Puppetfile b/Puppetfile index 5e269a27..1aacad81 100644 --- a/Puppetfile +++ b/Puppetfile @@ -19,40 +19,40 @@ forge 'http://forge.puppetlabs.com' # OpenStack projects mod 'openstacklib', :git => 'git://github.com/enovance/puppet-openstacklib.git', - :ref => '999f7849a3e0653f46f7336ee0fa9c2e38630b7b' + :ref => '176d7d65911eafab9d04d2053e77c69ff2c40e44' mod 'ceilometer', :git => 'git://github.com/enovance/puppet-ceilometer.git', - :ref => 'c5c7f4a6a7afd4b9c558e17e5a755e836e182dbe' + :ref => '64d8cfb8c1637871bba8c692d0c8184b75aceba2' mod 'cinder', :git => 'git://github.com/enovance/puppet-cinder.git', - :ref => '3247b8e9844afa0b7b1ddc0bff5361c6f0811e5d' + :ref => '8d9524fac34daf7ef0ac336ef32fd3f75b6bddb1' mod 'glance', :git => 'git://github.com/enovance/puppet-glance.git', - :ref => '9fb3db4a693b6839c2caa45df4cd37f9c21451de' + :ref => '57685754d3e96cfaf863c9a98bf6b517e4ddb334' mod 'heat', :git => 'git://github.com/enovance/puppet-heat.git', - :ref => '46b45265cc2cc3da6d45a89097357a976f045948' + :ref => 'f2d08f6c340e19ad39d257f7a82c57afe6e342cc' mod 'horizon', :git => 'git://github.com/enovance/puppet-horizon.git', - :ref => '72e83fa859c4224fcf7772654bdc7464a0bbedde' + :ref => 'f04c63881735c59a4d74390f20a35edd3a69e71e' mod 'keystone', :git => 'git://github.com/enovance/puppet-keystone.git', - :ref => '9b540464869ecf20a012ba15ebde2aaa6b99be09' + :ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => '5500e4c0b2bce10ebc91a9685309cf854db2d2dc' + :ref => 'd5628a9ca16140e3c08c98d56feecaf56e898f35' mod 'nova', :git => 'git://github.com/enovance/puppet-nova.git', - :ref => '2a5c1eac6b34ea29bbd3e28d7ee56839f10d83d9' + :ref => '43ad85285634f75e8faf082981416ca12c4e3ff3' mod 'swift', :git => 'git://github.com/enovance/puppet-swift.git', - :ref => '9a8e28d4ad91b9d638dc2e1e2f4e037ac2831864' + :ref => '1e4ebee1e88f946dfe4ed078437dc20b28698b53' mod 'tempest', :git => 'git://github.com/enovance/puppet-tempest.git', :ref => 'f5e87cad5de119bd483006f06efcd22a34d8bdc4' mod 'trove', :git => 'git://github.com/enovance/puppet-trove.git', - :ref => '9e5b82fcdacc07b0f1028cb2928292f8d68ae075' + :ref => '' # Dependency mod 'apache', diff --git a/manifests/compute.pp b/manifests/compute.pp index 23b8a395..1a1d391f 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -150,27 +150,30 @@ $encoded_user = uriescape($nova_db_user) $encoded_password = uriescape($nova_db_password) - class { 'nova': + if $nova_db_use_slave { + $slave_connection_url = "mysql://${encoded_user}:${encoded_password}@${nova_db_host}:3307/nova?charset=utf8" + } else { + $slave_connection_url = false + } + + class { 'nova::db': database_connection => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}/nova?charset=utf8", + slave_connection => $slave_connection_url, database_idle_timeout => $nova_db_idle_timeout, - mysql_module => '2.2', - rabbit_userid => 'nova', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", - memcached_servers => $memcache_servers, - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - nova_shell => '/bin/bash', } - if $nova_db_use_slave { - nova_config {'database/slave_connection': value => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}:3307/nova?charset=utf8" } - } else { - nova_config {'database/slave_connection': ensure => absent } + class { 'nova': + rabbit_userid => 'nova', + rabbit_hosts => $rabbit_hosts, + rabbit_password => $rabbit_password, + glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", + memcached_servers => $memcache_servers, + verbose => $verbose, + debug => $debug, + log_dir => $log_dir, + log_facility => $log_facility, + use_syslog => $use_syslog, + nova_shell => '/bin/bash', } class { 'nova::network::neutron': diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 33579ca3..6cb838ec 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -382,18 +382,18 @@ } class { 'nova::compute::libvirt': - libvirt_type => $libvirt_type, + libvirt_type => $libvirt_type, # Needed to support migration but we still use Spice: - vncserver_listen => '0.0.0.0', - migration_support => true, - libvirt_disk_cachemodes => $libvirt_disk_cachemodes_real, - libvirt_service_name => $::cloud::params::libvirt_service_name, + vncserver_listen => '0.0.0.0', + migration_support => true, + libvirt_disk_cachemodes => $libvirt_disk_cachemodes_real, + libvirt_service_name => $::cloud::params::libvirt_service_name, + libvirt_inject_key => false, + libvirt_inject_partition => '-2', } # Extra config for nova-compute nova_config { - 'libvirt/inject_key': value => false; - 'libvirt/inject_partition': value => '-2'; 'libvirt/live_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST'; 'libvirt/block_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC'; } diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 0c1d67e6..4d9b1245 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -298,7 +298,7 @@ mysql_database { 'monitoring': ensure => 'present', charset => 'utf8', - collate => 'utf8_unicode_ci', + collate => 'utf8_general_ci', require => File['/root/.my.cnf'] } mysql_user { "${galera_clustercheck_dbuser}@localhost": diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb index 96f0a2ec..3e4c0735 100644 --- a/spec/classes/cloud_compute_api_spec.rb +++ b/spec/classes/cloud_compute_api_spec.rb @@ -66,11 +66,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb index 4e3347dc..71659be6 100644 --- a/spec/classes/cloud_compute_cert_spec.rb +++ b/spec/classes/cloud_compute_cert_spec.rb @@ -54,11 +54,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb index 1ec26b0c..0c061b75 100644 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ b/spec/classes/cloud_compute_conductor_spec.rb @@ -54,11 +54,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb index b05f46e3..66d3c5ca 100644 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ b/spec/classes/cloud_compute_consoleauth_spec.rb @@ -54,11 +54,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index 37992ed2..f4bbacaf 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -58,11 +58,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index c14270ca..2f6c74cb 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -90,11 +90,12 @@ class { 'cloud::network': :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], + :glance_api_servers => 'http://10.0.0.1:9292', + :log_dir => false + ) + is_expected.to contain_class('nova::db').with( :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', :database_idle_timeout => '5000', - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false, - :nova_shell => '/bin/bash' ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb index de186207..e35e0d34 100644 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ b/spec/classes/cloud_compute_scheduler_spec.rb @@ -60,11 +60,13 @@ :rabbit_password => 'secrete', :rabbit_virtual_host => '/', :memcached_servers => ['10.0.0.1','10.0.0.2'], - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', :glance_api_servers => 'http://10.0.0.1:9292', :log_dir => false ) + is_expected.to contain_class('nova::db').with( + :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', + :database_idle_timeout => '5000', + ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') From e22400fb45f04fff4756fc1e2dd056e28701279e Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 5 May 2015 12:20:56 -0400 Subject: [PATCH 22/41] logging: enable HTTP CORS for fluentd ES instance Elasticsearch package has been upgrade to 1.4.x in J.1.1.0 and J.1.2.0 (1.0.3 in J.1.0.0) but kibana web interface is not compatible with elasticsearch 1.4.x or higher if you don't change the configuration on the service. Change-Id: I19c1a0b08aa63ca0fad6b1a2c390e13775efa443 Closes-bug: #1451828 --- manifests/logging/server.pp | 7 ++++++- spec/classes/cloud_logging_server_spec.rb | 4 +++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/manifests/logging/server.pp b/manifests/logging/server.pp index b7bb7c89..bca3a9ad 100644 --- a/manifests/logging/server.pp +++ b/manifests/logging/server.pp @@ -40,7 +40,12 @@ include ::kibana3 include cloud::database::nosql::elasticsearch include cloud::logging::agent - elasticsearch::instance {'fluentd' : } + + # Elasticsearch 1.4 ships with a security setting that prevents Kibana from connecting. + # We need to allow http cors in fluentd instance. + elasticsearch::instance {'fluentd' : + config => { 'http' => { 'cors.enabled' => true } } + } @@haproxy::balancermember{"${::fqdn}-kibana": listening_service => 'kibana', diff --git a/spec/classes/cloud_logging_server_spec.rb b/spec/classes/cloud_logging_server_spec.rb index c00485e4..f66e7036 100644 --- a/spec/classes/cloud_logging_server_spec.rb +++ b/spec/classes/cloud_logging_server_spec.rb @@ -39,7 +39,9 @@ end it 'configure an elasticsearch instance' do - is_expected.to contain_elasticsearch__instance('fluentd') + is_expected.to contain_elasticsearch__instance('fluentd').with( + :config => { 'http' => { 'cors.enabled' => true } } + ) end context 'with default firewall enabled' do From 62f3f263cadfd026ed5ad269958062ed43743413 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 8 May 2015 10:36:47 -0400 Subject: [PATCH 23/41] vswitch: add 2 parameters for l2_pop and tunnelling Allow to disable L2_pop and tunnelling. Change-Id: If0007ed1ee67ec6573645ea8e8af024d2f0a038a --- manifests/network/vswitch.pp | 19 ++++++++++++++++--- spec/classes/cloud_network_vswitch_spec.rb | 22 ++++++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp index 0a00ce6c..3c175c7d 100644 --- a/manifests/network/vswitch.pp +++ b/manifests/network/vswitch.pp @@ -133,6 +133,17 @@ # (optional) N1000 KV Domain ID (does nothing?) # Defaults to 1000 # +# [*enable_tunneling*] +# (optional) Enable or not tunneling. +# Should be disable if using VLAN but enabled if using GRE or VXLAN. +# Defailts to true +# +# [*l2_population*] +# (optional) Enable or not L2 population. +# If enabled, should be part of mechanism_drivers in cloud::network::controller. +# Should be disabled if running L3 HA with VRRP in Juno. +# Defaults to true +# # [*firewall_settings*] # (optional) Allow to add custom parameters to firewall rules # Should be an hash. @@ -148,6 +159,8 @@ # common to ml2 $tunnel_types = ['gre'], $tunnel_eth = '127.0.0.1', + $enable_tunneling = true, + $l2_population = true, # ml2_ovs $provider_bridge_mappings = ['public:br-pub'], $enable_distributed_routing = false, @@ -168,8 +181,8 @@ case $driver { 'ml2_ovs': { class { 'neutron::agents::ml2::ovs': - enable_tunneling => true, - l2_population => true, + enable_tunneling => $enable_tunneling, + l2_population => $l2_population, polling_interval => '15', tunnel_types => $tunnel_types, bridge_mappings => $provider_bridge_mappings, @@ -184,7 +197,7 @@ 'ml2_lb': { class { 'neutron::agents::ml2::linuxbridge': - l2_population => true, + l2_population => $l2_population, polling_interval => '15', tunnel_types => $tunnel_types, local_ip => $tunnel_eth diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb index d101b76e..8d7b81bc 100644 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ b/spec/classes/cloud_network_vswitch_spec.rb @@ -87,6 +87,28 @@ end end + context 'when running ML2 plugin with OVS driver and without tunelling' do + before :each do + params.merge!(:enable_tunneling => false) + end + it 'configure neutron vswitch without tunneling' do + is_expected.to contain_class('neutron::agents::ml2::ovs').with( + :enable_tunneling => false, + ) + end + end + + context 'when running ML2 plugin with OVS driver and without l2 population' do + before :each do + params.merge!(:l2_population => false) + end + it 'configure neutron vswitch without l2 population' do + is_expected.to contain_class('neutron::agents::ml2::ovs').with( + :l2_population => false, + ) + end + end + context 'when running Cisco N1KV plugin with VEM driver' do before do facts.merge!( :osfamily => 'RedHat' ) From 6a71eddc941c1a275028c192582eb04c8d3d46fb Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 8 May 2015 16:33:58 -0400 Subject: [PATCH 24/41] telemetry: allow to install collector separately from mongodb Stop to require MongoDB validation (this provider requies MongoDB working on the same node) so we can install MongoDB nodes outside Telemetry Collector service. This patch is a workaround until: https://github.com/puppetlabs/puppetlabs-mongodb/pull/200 is merged so we can use the code in this module. See https://review.openstack.org/179824 Change-Id: I80b102c3801efea262e6572fce1f64eb8a9a67ad --- manifests/telemetry/collector.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/telemetry/collector.pp b/manifests/telemetry/collector.pp index ffc6190d..10032d92 100644 --- a/manifests/telemetry/collector.pp +++ b/manifests/telemetry/collector.pp @@ -46,7 +46,6 @@ class { 'ceilometer::db': database_connection => $db_conn, sync_db => true, - require => Mongodb_conn_validator['mongodb'], } class { 'ceilometer::collector': } From 809473b7b0d6cd4de4c84d1172d9db55bdc5e968 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Fri, 13 Feb 2015 17:19:29 -0500 Subject: [PATCH 25/41] loadbalancer: Adapt number of process of Haproxy Currently we only use one process for Haproxy. This patch allow to adapt the number of process of Haproxy to the number of processor. Change-Id: Id5a211b72c397bb6cef0f81f7759702f65f9e828 --- manifests/loadbalancer.pp | 21 ++++++++++++++++++++- spec/classes/cloud_loadbalancer_spec.rb | 25 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 0a922e57..874098df 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -241,6 +241,10 @@ # (optional) The HTTP sytle basic credentials (using login:password form) # Defaults to 'admin:changeme' # +# [*haproxy_options*] +# (optional) The haproxy global options +# Defaults to {} +# # [*keepalived_state*] # (optional) TODO # Defaults to 'BACKUP' @@ -543,6 +547,7 @@ $sensu_api = true, $redis = true, $haproxy_auth = 'admin:changeme', + $haproxy_options = {}, $keepalived_state = 'BACKUP', $keepalived_priority = '50', $keepalived_vrrp_interface = false, @@ -642,10 +647,24 @@ fail('galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs.') } + # TODO : Use global_options in puppetlabs-haproxy as merge in params.pp + $haproxy_default_options = { + 'log' => "${::ipaddress} local0", + 'chroot' => '/var/lib/haproxy', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => '4000', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + 'nbproc' => $::processorcount + } + $haproxy_global_options = merge($haproxy_default_options,$haproxy_options) # Ensure Keepalived is started before HAproxy to avoid binding errors. class { 'keepalived': } -> class { 'haproxy': - service_manage => true + service_manage => true, + global_options => $haproxy_global_options } keepalived::vrrp_script { 'haproxy': diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 2ccbc287..1159732a 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -110,6 +110,31 @@ is_expected.not_to contain_keepalived__instance('2') end + context 'with 4 processors' do + before :each do + facts.merge!( + :processorcount => '4', + :ipaddress => '10.10.0.1' + ) + end + it 'configure haproxy server' do + is_expected.to contain_class('haproxy').with( + :service_manage => true, + :global_options => { + 'log' => '10.10.0.1 local0', + 'chroot' => '/var/lib/haproxy', + 'pidfile' => '/var/run/haproxy.pid', + 'maxconn' => '4000', + 'user' => 'haproxy', + 'group' => 'haproxy', + 'daemon' => '', + 'stats' => 'socket /var/lib/haproxy/stats', + 'nbproc' => '4' + } + ) + end + end # configure haproxy server + context 'configure an internal VIP with the same VIP as public network' do before do params.merge!(:keepalived_internal_ipvs => ['10.0.0.1', '10.0.0.2']) From 862d0499851d75d3711c3429fecfe2a99df69236 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 11 May 2015 17:31:57 -0400 Subject: [PATCH 26/41] compute: do not manage nova db sync in this module Nova DB sync is already managed by puppet-nova so to avoid race condition when deploying Nova, we should drop the nova_db_sync exec in this module and let puppet-nova does it job with the right orchestration. Change-Id: Ia4d93cf84accd10a22b33f03e041d0c23aecca38 Closes-bug: #1453968 --- manifests/compute.pp | 13 ------------- spec/classes/cloud_compute_api_spec.rb | 9 --------- spec/classes/cloud_compute_cert_spec.rb | 9 --------- spec/classes/cloud_compute_conductor_spec.rb | 9 --------- spec/classes/cloud_compute_consoleauth_spec.rb | 9 --------- spec/classes/cloud_compute_consoleproxy_spec.rb | 9 --------- spec/classes/cloud_compute_hypervisor_spec.rb | 9 --------- spec/classes/cloud_compute_scheduler_spec.rb | 9 --------- 8 files changed, 76 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 1a1d391f..00360c1e 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -191,17 +191,4 @@ 'DEFAULT/cinder_catalog_info': value => "volume:cinder:${cinder_endpoint_type}"; } - # Note(EmilienM): - # We check if DB tables are created, if not we populate Nova DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'nova_db_sync': - command => 'nova-manage db sync', - user => 'nova', - path => '/usr/bin', - unless => "/usr/bin/mysql nova -h ${nova_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - } diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb index 3e4c0735..81ae4ab1 100644 --- a/spec/classes/cloud_compute_api_spec.rb +++ b/spec/classes/cloud_compute_api_spec.rb @@ -106,15 +106,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-api' do is_expected.to contain_class('nova::api').with( :enabled => true, diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb index 71659be6..20d042e3 100644 --- a/spec/classes/cloud_compute_cert_spec.rb +++ b/spec/classes/cloud_compute_cert_spec.rb @@ -76,15 +76,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-cert' do is_expected.to contain_class('nova::cert').with(:enabled => true) end diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb index 0c061b75..95991d07 100644 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ b/spec/classes/cloud_compute_conductor_spec.rb @@ -76,15 +76,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-conductor' do is_expected.to contain_class('nova::conductor').with(:enabled => true) end diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb index 66d3c5ca..a1bfc5ea 100644 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ b/spec/classes/cloud_compute_consoleauth_spec.rb @@ -76,15 +76,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-consoleauth' do is_expected.to contain_class('nova::consoleauth').with(:enabled => true) end diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index f4bbacaf..f1d73610 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -80,15 +80,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-vncproxy' do is_expected.to contain_class('nova::vncproxy').with( :enabled => true, diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb index 2f6c74cb..7ed80f0a 100644 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ b/spec/classes/cloud_compute_hypervisor_spec.rb @@ -175,15 +175,6 @@ class { 'cloud::network': ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :path => '/usr/bin', - :user => 'nova', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-compute' do is_expected.to contain_class('nova::compute').with( :enabled => true, diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb index e35e0d34..a310cf22 100644 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ b/spec/classes/cloud_compute_scheduler_spec.rb @@ -82,15 +82,6 @@ ) end - it 'checks if Nova DB is populated' do - is_expected.to contain_exec('nova_db_sync').with( - :command => 'nova-manage db sync', - :user => 'nova', - :path => '/usr/bin', - :unless => '/usr/bin/mysql nova -h 10.0.0.1 -u nova -psecrete -e "show tables" | /bin/grep Tables' - ) - end - it 'configure nova-scheduler' do is_expected.to contain_class('nova::scheduler').with(:enabled => true) end From 25b6b07399d2bf56640d06b3b0718cf7425f93de Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 12 May 2015 19:57:58 -0400 Subject: [PATCH 27/41] identity: don't validate Keystone service The exec is broken so we need to disable it to save time during the deployment. Change-Id: Ia57438e0c88609e70860179f16bb457290eac5ab --- manifests/identity.pp | 1 - spec/classes/cloud_identity_spec.rb | 1 - 2 files changed, 2 deletions(-) diff --git a/manifests/identity.pp b/manifests/identity.pp index f5be1e38..c091e042 100644 --- a/manifests/identity.pp +++ b/manifests/identity.pp @@ -557,7 +557,6 @@ token_expiration => $ks_token_expiration, admin_endpoint => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/", public_endpoint => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}/", - validate_service => true, } keystone_config { diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb index 1f7dcee9..f846c404 100644 --- a/spec/classes/cloud_identity_spec.rb +++ b/spec/classes/cloud_identity_spec.rb @@ -141,7 +141,6 @@ :admin_endpoint => 'https://10.0.0.1:35357/', :public_endpoint => 'https://10.0.0.1:5000/' ) - is_expected.to contain_exec('validate_keystone_connection') is_expected.to contain_keystone_config('ec2/driver').with('value' => 'keystone.contrib.ec2.backends.sql.Ec2') is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') From 5ada89ae7929f38b916b2cf7b047ad063e8c3a13 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Sat, 6 Jun 2015 16:20:14 +0200 Subject: [PATCH 28/41] Puppetfile: Fix missing trove commit Currently the puppet-trove repository is pointing to an empty (ie. '') commit in the Puppetfile causing r10k to fail with : failed while running: Cannot check out unresolvable ref '' at /etc/puppet/modules/trove Change-Id: Id37cccf2cb390e5b36acc1ada1b2b7e42eddfaec --- Puppetfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 1aacad81..99022cd2 100644 --- a/Puppetfile +++ b/Puppetfile @@ -52,7 +52,7 @@ mod 'tempest', :ref => 'f5e87cad5de119bd483006f06efcd22a34d8bdc4' mod 'trove', :git => 'git://github.com/enovance/puppet-trove.git', - :ref => '' + :ref => '16e82e68ea62efec3ec7e11d7b9887e16b773372' # Dependency mod 'apache', From b74f306ba17858dce1c52a6a88355062202b526c Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 4 May 2015 11:57:34 -0400 Subject: [PATCH 29/41] Validate MongoDB is running before Ceilometer DB config With a new util, we can validate MongoDB cluster is up and running so let's use it when configuring Ceilometer DB on Collector nodes. It makes sure we don't try to configure Ceilometer DB while MongoDB is not ready. Change-Id: Iad3c4d152e1536427de0741d3ff16bf7dae724a0 Closes-bug: #1451461 --- Puppetfile | 2 +- manifests/telemetry/collector.pp | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Puppetfile b/Puppetfile index 99022cd2..0a0711c8 100644 --- a/Puppetfile +++ b/Puppetfile @@ -142,7 +142,7 @@ mod 'memcached', :ref => 'd009260de3c7623003318555ec5ca61217ea3ca1' mod 'mongodb', :git => 'git://github.com/enovance/puppetlabs-mongodb.git', - :ref => 'cb8db6aafa7c55729adb7b35db02315f784ff2ec' + :ref => '030100a176a72a32e265b77790d8d15407a13729' mod 'mysql', :git => 'git://github.com/enovance/puppetlabs-mysql.git', :ref => '8b814d4d2cb5786a15e8e37fb3b7444d5d5f0d3f' diff --git a/manifests/telemetry/collector.pp b/manifests/telemetry/collector.pp index 10032d92..e6cc354a 100644 --- a/manifests/telemetry/collector.pp +++ b/manifests/telemetry/collector.pp @@ -43,6 +43,10 @@ $db_conn = "mongodb://${s_mongo_nodes}/ceilometer" } + mongodb_conn_validator { $mongo_nodes: + before => Class['ceilometer::db'] + } + class { 'ceilometer::db': database_connection => $db_conn, sync_db => true, From 1b6bd9247f76f3e8e634ab92d907a30f9c1f46b6 Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Thu, 11 Jun 2015 15:54:44 -0400 Subject: [PATCH 30/41] Allow to override the max connections for MySQL In large deployment when we want to launch more than 100 vms at the same time we reach the maximum of connections in haproxy and MySQL. This patch increase the default value from 1000 to 4096 and allow to override this value with Hiera. Change-Id: I1f0d02c3125ce27266ac1198e32e39b1a34ce670 --- manifests/database/sql/mysql.pp | 5 +++++ manifests/loadbalancer.pp | 9 +++++++-- spec/classes/cloud_database_sql_mysql_spec.rb | 12 ++++++++++++ spec/classes/cloud_loadbalancer_spec.rb | 5 +++-- templates/database/mysql.conf.erb | 2 +- 5 files changed, 28 insertions(+), 5 deletions(-) diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp index 4d9b1245..e8fc7663 100644 --- a/manifests/database/sql/mysql.pp +++ b/manifests/database/sql/mysql.pp @@ -173,6 +173,10 @@ # (optional) An integer that specifies the open_files_limit for MySQL # Defaults to 65535 # +# [*max_connections*] +# (optional) An integer that specifies the max_connections for MySQL +# Defaults to 4096 +# # [*mysql_systemd_override_settings*] # (optional) An hash of setting to override for MariaDB unit file. # Defaults to {} @@ -222,6 +226,7 @@ $galera_clustercheck_dbpassword = 'clustercheckpassword', $galera_clustercheck_ipaddress = '127.0.0.1', $open_files_limit = 65535, + $max_connections = 4096, $mysql_systemd_override_settings = {}, $firewall_settings = {}, ) { diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 874098df..74b1aa8e 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -489,6 +489,10 @@ # *_db_idle_timeout for all services to be a little less # than this timeout. # +# [*galera_connections*] +# (optional) An integer that specifies the maxconn for MySQL +# Defaults to '4096' +# # [*api_timeout*] # (optional) Timeout for API services connections # Defaults to '90m'. @@ -611,6 +615,7 @@ $sensu_api_port = 4568, $redis_port = 6379, $galera_timeout = '90m', + $galera_connections = '4096', $api_timeout = '90m', $vip_public_ip = ['127.0.0.1'], $vip_internal_ip = false, @@ -978,7 +983,7 @@ ipaddress => $galera_ip, ports => 3306, options => { - 'maxconn' => '1000', + 'maxconn' => $galera_connections, 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 @@ -1001,7 +1006,7 @@ ipaddress => $galera_ip, ports => 3307, options => { - 'maxconn' => '1000', + 'maxconn' => $galera_connections, 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb index c5c76a1b..8f6efdc0 100644 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ b/spec/classes/cloud_database_sql_mysql_spec.rb @@ -122,6 +122,18 @@ it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } end + context 'configure max_connections' do + before :each do + facts.merge!( :hostname => 'os-ci-test1', + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7 ) + end + before :each do + params.merge!(:max_connections => 2048) + end + it { is_expected.to contain_file('/etc/my.cnf').with_content(/max_connections = 2048/) } + end + context 'configure databases on the galera master server' do before :each do diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 1159732a..1083af87 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -73,6 +73,7 @@ :vip_public_ip => '10.0.0.1', :galera_ip => '10.0.0.2', :galera_slave => false, + :galera_connections => '4096', :horizon_ssl => false, :horizon_ssl_port => false, :ks_ceilometer_public_port => '8777', @@ -254,7 +255,7 @@ :ipaddress => params[:galera_ip], :ports => '3306', :options => { - 'maxconn' => '1000', + 'maxconn' => params[:galera_connections], 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka','tcplog','httpchk'], @@ -276,7 +277,7 @@ :ipaddress => params[:galera_ip], :ports => '3307', :options => { - 'maxconn' => '1000', + 'maxconn' => params[:galera_connections], 'mode' => 'tcp', 'balance' => 'roundrobin', 'option' => ['tcpka','tcplog','httpchk'], diff --git a/templates/database/mysql.conf.erb b/templates/database/mysql.conf.erb index cba4d7d4..2a9848cc 100644 --- a/templates/database/mysql.conf.erb +++ b/templates/database/mysql.conf.erb @@ -7,7 +7,7 @@ default_storage_engine = innodb collation_server = utf8_general_ci init_connect = 'SET NAMES utf8' character_set_server = utf8 -max_connections = 1000 +max_connections = <%= @max_connections %> skip_name_resolve = 1 connect_timeout = 5 wait_timeout = 600 From c751451dd7410658a0bf3d84a6be282e8106c174 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 16 Jun 2015 12:51:36 -0400 Subject: [PATCH 31/41] Backport VNC fix Backport https://review.openstack.org/#/c/168545/ Closes-bug: #1462531 Change-Id: I34878f406087e45f511361f2ff2a7533454f5874 --- Puppetfile | 2 +- manifests/compute.pp | 1 - manifests/compute/hypervisor.pp | 3 ++- spec/classes/cloud_compute_api_spec.rb | 1 - spec/classes/cloud_compute_cert_spec.rb | 1 - spec/classes/cloud_compute_conductor_spec.rb | 1 - spec/classes/cloud_compute_consoleauth_spec.rb | 1 - spec/classes/cloud_compute_consoleproxy_spec.rb | 1 - spec/classes/cloud_compute_scheduler_spec.rb | 1 - 9 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Puppetfile b/Puppetfile index 0a0711c8..65f1e9bf 100644 --- a/Puppetfile +++ b/Puppetfile @@ -43,7 +43,7 @@ mod 'neutron', :ref => 'd5628a9ca16140e3c08c98d56feecaf56e898f35' mod 'nova', :git => 'git://github.com/enovance/puppet-nova.git', - :ref => '43ad85285634f75e8faf082981416ca12c4e3ff3' + :ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4' mod 'swift', :git => 'git://github.com/enovance/puppet-swift.git', :ref => '1e4ebee1e88f946dfe4ed078437dc20b28698b53' diff --git a/manifests/compute.pp b/manifests/compute.pp index 00360c1e..5cbdcc83 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -185,7 +185,6 @@ nova_config { 'DEFAULT/resume_guests_state_on_host_boot': value => true; - 'DEFAULT/default_availability_zone': value => $availability_zone; 'DEFAULT/servicegroup_driver': value => 'mc'; 'DEFAULT/glance_num_retries': value => '10'; 'DEFAULT/cinder_catalog_info': value => "volume:cinder:${cinder_endpoint_type}"; diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index 6cb838ec..a04c064b 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -268,7 +268,8 @@ vncproxy_protocol => $ks_console_public_proto, vncproxy_port => $novnc_port, virtio_nic => false, - neutron_enabled => true + neutron_enabled => true, + default_availability_zone => $::cloud::compute::availability_zone, } if $::osfamily == 'RedHat' { diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb index 81ae4ab1..ceb05e76 100644 --- a/spec/classes/cloud_compute_api_spec.rb +++ b/spec/classes/cloud_compute_api_spec.rb @@ -74,7 +74,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb index 20d042e3..5bc21fb9 100644 --- a/spec/classes/cloud_compute_cert_spec.rb +++ b/spec/classes/cloud_compute_cert_spec.rb @@ -62,7 +62,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb index 95991d07..dd17a0e4 100644 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ b/spec/classes/cloud_compute_conductor_spec.rb @@ -62,7 +62,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb index a1bfc5ea..27cd5364 100644 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ b/spec/classes/cloud_compute_consoleauth_spec.rb @@ -62,7 +62,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index f1d73610..953e27c1 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -66,7 +66,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb index a310cf22..1bca9378 100644 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ b/spec/classes/cloud_compute_scheduler_spec.rb @@ -68,7 +68,6 @@ :database_idle_timeout => '5000', ) is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') end From 360ddfaae8d88a601420e30332a8b97bfc78fb8e Mon Sep 17 00:00:00 2001 From: Dimitri Savineau Date: Wed, 17 Jun 2015 15:36:59 -0400 Subject: [PATCH 32/41] compute: Fix nova vncproxy protocol https://review.openstack.org/#/c/190464/ introduced a new parameter for nova::vncproxy with a default value set to http. To be able to configure vncproxy with https we need to add also a new parameter in cloud::compute::consoleproxy Change-Id: I91a85cf22fdbdf762e9a59d8087b32bcedb7e085 --- manifests/compute/consoleproxy.pp | 28 ++++++++++++------- .../cloud_compute_consoleproxy_spec.rb | 7 +++-- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp index 6b517f66..bfd815d1 100644 --- a/manifests/compute/consoleproxy.pp +++ b/manifests/compute/consoleproxy.pp @@ -27,6 +27,10 @@ # (optional) Nova's console type (spice or novnc) # Defaults to 'novnc' # +# [*protocol*] +# (optional) Nova's console protocol. +# Defaults to 'http' +# # [*novnc_port*] # (optional) TCP port to bind Nova novnc service. # Defaults to '6080' @@ -43,6 +47,7 @@ class cloud::compute::consoleproxy( $api_eth = '127.0.0.1', $console = 'novnc', + $protocol = 'http', $novnc_port = '6080', $spice_port = '6082', $firewall_settings = {}, @@ -52,24 +57,27 @@ case $console { 'spice': { - $port = $spice_port - $proxy = 'spicehtml5proxy' + $port = $spice_port + class { 'nova::spicehtml5proxy': + enabled => true, + host => $api_eth, + port => $port + } } 'novnc': { - $port = $novnc_port - $proxy = 'vncproxy' + $port = $novnc_port + class { 'nova::vncproxy': + enabled => true, + host => $api_eth, + port => $port, + vncproxy_protocol => $protocol + } } default: { fail("Unsupported console type ${console}") } } - class { "nova::${proxy}": - enabled => true, - host => $api_eth, - port => $port - } - if $::cloud::manage_firewall { cloud::firewall::rule{ "100 allow ${console} access": port => $port, diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb index 953e27c1..8856f920 100644 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ b/spec/classes/cloud_compute_consoleproxy_spec.rb @@ -81,9 +81,10 @@ it 'configure nova-vncproxy' do is_expected.to contain_class('nova::vncproxy').with( - :enabled => true, - :host => '10.0.0.1', - :port => '6080' + :enabled => true, + :host => '10.0.0.1', + :port => '6080', + :vncproxy_protocol => 'http' ) end From eba6f7446e9d0cbf46093341c67f6c2e361aeead Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Mon, 22 Jun 2015 10:57:23 -0400 Subject: [PATCH 33/41] loadbalancer/heat: use HTTP binding options when running SSL Heat does not support TCP binding when running SSL termination. That means we need to make sure using HTTP is configured in HAproxy options when SSL is part of binding options, defined by the deployer. Closes-bug: #1467515 Change-Id: I621c2ee624d3d16394529daa4ca6c96ab1c7a067 --- manifests/loadbalancer.pp | 21 +++++++++++++++------ spec/classes/cloud_loadbalancer_spec.rb | 9 +++++---- 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 74b1aa8e..e1c23008 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -871,9 +871,12 @@ firewall_settings => $firewall_settings, } if 'ssl' in $heat_api_bind_options { - $heat_api_options = merge($common_tcp_options, { + $heat_api_options = { 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - }) + 'balance' => 'source', + 'timeout server' => $api_timeout, + 'timeout client' => $api_timeout, + } } else { $heat_api_options = $common_tcp_options } @@ -885,9 +888,12 @@ firewall_settings => $firewall_settings, } if 'ssl' in $heat_cfn_bind_options { - $heat_cfn_options = merge($common_tcp_options, { + $heat_cfn_options = { 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - }) + 'balance' => 'source', + 'timeout server' => $api_timeout, + 'timeout client' => $api_timeout, + } } else { $heat_cfn_options = $common_tcp_options } @@ -899,9 +905,12 @@ firewall_settings => $firewall_settings, } if 'ssl' in $heat_cloudwatch_bind_options { - $heat_cloudwatch_options = merge($common_tcp_options, { + $heat_cloudwatch_options = { 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - }) + 'balance' => 'source', + 'timeout server' => $api_timeout, + 'timeout client' => $api_timeout, + } } else { $heat_cloudwatch_options = $common_tcp_options } diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb index 1083af87..488fa3c1 100644 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ b/spec/classes/cloud_loadbalancer_spec.rb @@ -527,12 +527,13 @@ :ipaddress => [params[:vip_public_ip]], :ports => '8004', :options => { - 'mode' => 'tcp', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + 'mode' => 'http', 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], + 'option' => ['tcpka', 'forwardfor', 'tcplog', 'httpchk'], + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', 'timeout server' => '90m', - 'timeout client' => '90m' + 'timeout client' => '90m', + 'http-check' => 'expect ! rstatus ^5', }, :bind_options => ['ssl', 'crt'] )} From 1159275582a8c4d9539e6e3a416fb83dd8cb1f43 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Thu, 4 Jun 2015 16:47:18 +0200 Subject: [PATCH 34/41] Cassandra: Initial commit Allow puppet-openstack-cloud to deploy Cassandra nodes and hence cluster. Change-Id: I5c9b64def9406357a817d48a415e986401b90fa9 --- Puppetfile | 3 + manifests/database/nosql/cassandra.pp | 40 ++++++++++ .../cloud_database_nosql_cassandra_spec.rb | 79 +++++++++++++++++++ 3 files changed, 122 insertions(+) create mode 100644 manifests/database/nosql/cassandra.pp create mode 100644 spec/classes/cloud_database_nosql_cassandra_spec.rb diff --git a/Puppetfile b/Puppetfile index 65f1e9bf..e61fdeaa 100644 --- a/Puppetfile +++ b/Puppetfile @@ -74,6 +74,9 @@ mod 'cloud', mod 'common', :git => 'git://github.com/enovance/puppet-module-common.git', :ref => '2d0606fce1078222dd483e731ec32807f5b4ca53' +mod 'cassandra', + :git => 'git://github.com/enovance/cassandra.git', + :ref => '124f472128d178f52e2233d6aa8a0f1285f73c49' mod 'concat', :git => 'git://github.com/enovance/puppet-concat.git', :ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5' diff --git a/manifests/database/nosql/cassandra.pp b/manifests/database/nosql/cassandra.pp new file mode 100644 index 00000000..abcacd38 --- /dev/null +++ b/manifests/database/nosql/cassandra.pp @@ -0,0 +1,40 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::database::nosql::cassandra +# +# Install a Cassandra node +# +# === Parameters: +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::database::nosql::cassandra ( + $firewall_settings = {}, +){ + + include ::cassandra + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow cassandra access': + port => '7000', + extras => $firewall_settings, + } + } + +} diff --git a/spec/classes/cloud_database_nosql_cassandra_spec.rb b/spec/classes/cloud_database_nosql_cassandra_spec.rb new file mode 100644 index 00000000..1445eccd --- /dev/null +++ b/spec/classes/cloud_database_nosql_cassandra_spec.rb @@ -0,0 +1,79 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::cache::cassandra +# + +require 'spec_helper' + +describe 'cloud::database::nosql::cassandra' do + + shared_examples_for 'cassandra server' do + + let :params do + { } + end + + it 'configure cassandra with some params' do + is_expected.to contain_class('cassandra') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure cassandra firewall rules' do + is_expected.to contain_firewall('100 allow cassandra access').with( + :port => '7000', + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure cassandra firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow cassandra access').with( + :port => '7000', + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'cassandra server' + end + +end From 4401fce0d0046872a2ae79f1b690111e31238f25 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Thu, 4 Jun 2015 21:17:45 +0200 Subject: [PATCH 35/41] Zookeeper: Initial commit Change-Id: I29d92e07528a4484b7db0872a1598ccf1e5bc6cc --- Puppetfile | 3 + manifests/database/nosql/zookeeper.pp | 40 ++++++++++ .../cloud_database_nosql_zookeeper_spec.rb | 80 +++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 manifests/database/nosql/zookeeper.pp create mode 100644 spec/classes/cloud_database_nosql_zookeeper_spec.rb diff --git a/Puppetfile b/Puppetfile index e61fdeaa..2091de27 100644 --- a/Puppetfile +++ b/Puppetfile @@ -227,3 +227,6 @@ mod 'openstack_extras', mod 'staging', :git => 'git://github.com/enovance/puppet-staging.git', :ref => 'bc434a71e19aae54223d57c274e2e1a7f9546d5e' +mod 'zookeeper', + :git => 'git://github.com/enovance/puppet-zookeeper-1.git', + :ref => '2617a4e5e01aaa7b597c533a3229cba71db4517b' diff --git a/manifests/database/nosql/zookeeper.pp b/manifests/database/nosql/zookeeper.pp new file mode 100644 index 00000000..843579f7 --- /dev/null +++ b/manifests/database/nosql/zookeeper.pp @@ -0,0 +1,40 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::database::nosql::zookeeper +# +# Install a Zookeeper node +# +# === Parameters: +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::database::nosql::zookeeper ( + $firewall_settings = {}, +){ + + include ::zookeeper + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow zookeeper access': + port => '2181', + extras => $firewall_settings, + } + } + +} diff --git a/spec/classes/cloud_database_nosql_zookeeper_spec.rb b/spec/classes/cloud_database_nosql_zookeeper_spec.rb new file mode 100644 index 00000000..a70d8b27 --- /dev/null +++ b/spec/classes/cloud_database_nosql_zookeeper_spec.rb @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::cache::zookeeper +# + +require 'spec_helper' + +describe 'cloud::database::nosql::zookeeper' do + + shared_examples_for 'zookeeper server' do + + let :params do + { } + end + + it 'configure zookeeper with some params' do + is_expected.to contain_class('zookeeper') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure zookeeper firewall rules' do + is_expected.to contain_firewall('100 allow zookeeper access').with( + :port => '2181', + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure zookeeper firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow zookeeper access').with( + :port => '2181', + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'zookeeper server' + end + +end From b0ddb6d1bac3df566a92643bb9263ec0618de790 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Mon, 8 Jun 2015 08:13:45 +0200 Subject: [PATCH 36/41] Kafka: Initial commit Change-Id: Ia10a35b4e02928282e2f579d00fad902718bb9c0 --- Puppetfile | 3 + manifests/database/nosql/kafka.pp | 40 +++++++++ .../cloud_database_nosql_kafka_spec.rb | 85 +++++++++++++++++++ 3 files changed, 128 insertions(+) create mode 100644 manifests/database/nosql/kafka.pp create mode 100644 spec/classes/cloud_database_nosql_kafka_spec.rb diff --git a/Puppetfile b/Puppetfile index 2091de27..5f94bdaa 100644 --- a/Puppetfile +++ b/Puppetfile @@ -116,6 +116,9 @@ mod 'haproxy', mod 'inifile', :git => 'git://github.com/enovance/puppetlabs-inifile.git', :ref => 'ae23a4db97d2815ec305d0529912685f07746d3c' +mod 'kafka', + :git => 'git://github.com/enovance/puppet-kafka.git', + :ref => '9ed9993ef53e4c1f2897e5191ee7fccfac866dfe' mod 'keepalived', :git => 'git://github.com/enovance/puppet-module-keepalived.git', :ref => 'eb345b6d3b25106cbe166028f2b8dd9974a10230' diff --git a/manifests/database/nosql/kafka.pp b/manifests/database/nosql/kafka.pp new file mode 100644 index 00000000..490a7f72 --- /dev/null +++ b/manifests/database/nosql/kafka.pp @@ -0,0 +1,40 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::database::nosql::kafka +# +# Install a Kafka broket +# +# === Parameters: +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::database::nosql::kafka ( + $firewall_settings = {}, +){ + + include ::kafka::broker + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow kafka access': + port => '9092', + extras => $firewall_settings, + } + } + +} diff --git a/spec/classes/cloud_database_nosql_kafka_spec.rb b/spec/classes/cloud_database_nosql_kafka_spec.rb new file mode 100644 index 00000000..65e5ffa0 --- /dev/null +++ b/spec/classes/cloud_database_nosql_kafka_spec.rb @@ -0,0 +1,85 @@ +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::cache::kafka +# + +require 'spec_helper' + +describe 'cloud::database::nosql::kafka' do + + shared_examples_for 'kafka server' do + + let :params do + { } + end + + it 'configure kafka with some params' do + is_expected.to contain_class('kafka') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure kafka firewall rules' do + is_expected.to contain_firewall('100 allow kafka access').with( + :port => '9092', + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure kafka firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow kafka access').with( + :port => '9092', + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { + :osfamily => 'Debian', + :operatingsystem => 'Debian' + + } + end + end + + context 'on RedHat platforms' do + let :facts do + { + :osfamily => 'RedHat', + :operatingsystem => 'RedHat' + } + end + + it_configures 'kafka server' + end + +end From c8da335df3f04eeca177973181d1e7680aad9a05 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Thu, 25 Jun 2015 15:43:44 +0200 Subject: [PATCH 37/41] Gemfile: Pin puppet-lint-paramdoc 1.1.0 New version of puppet-lint-paramdoc fails if defines parameters are not documented. In order not to block backport we stick to 1.1.0. Change-Id: I17aaeb3c65b0cb68ffe83cd40d823fe9f8833ce0 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 6ffa3b35..11c670ac 100644 --- a/Gemfile +++ b/Gemfile @@ -2,7 +2,7 @@ source 'https://rubygems.org' group :development, :test do gem 'puppetlabs_spec_helper' - gem 'puppet-lint-param-docs' + gem 'puppet-lint-param-docs', '1.1.0' gem 'metadata-json-lint' gem 'json' gem 'webmock' From 610927499e305e54ca13f12f4fb56f7929d1f80c Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Sat, 6 Jun 2015 20:32:31 +0200 Subject: [PATCH 38/41] contrail: Initial commit This commit introduces the management of a new component opencontrail[1]. Opencontrail is a Sofware Defined Network solution. A new approach has been taken here to include it. Since not every deployment will need to manage an opencontrail solution, every related file have been put into 'manifests/network/contrail' (including the HA bits). The HA bits are then included in loadbalancer.pp and not created (ie. set to false) by default. [1] http://www.opencontrail.org/ Change-Id: I135f575560b0dde707a28e995da5b00b7aa6d765 --- Puppetfile | 5 +- files/qemu/qemu.conf | 2 +- manifests/compute/hypervisor.pp | 10 +- manifests/loadbalancer.pp | 1 + manifests/network.pp | 13 +- manifests/network/contrail/analytics.pp | 59 ++++++ manifests/network/contrail/config.pp | 78 ++++++++ manifests/network/contrail/control.pp | 40 ++++ manifests/network/contrail/database.pp | 46 +++++ manifests/network/contrail/haproxy.pp | 183 ++++++++++++++++++ manifests/network/contrail/rabbitmq.pp | 79 ++++++++ manifests/network/contrail/vrouter.pp | 27 +++ manifests/network/contrail/webui.pp | 79 ++++++++ manifests/network/controller.pp | 122 ++++++++---- manifests/network/metadata.pp | 21 +- .../cloud_network_contrail_analytics_spec.rb | 80 ++++++++ .../cloud_network_contrail_config_spec.rb | 80 ++++++++ .../cloud_network_contrail_database_spec.rb | 80 ++++++++ .../cloud_network_contrail_haproxy_spec.rb | 65 +++++++ .../cloud_network_contrail_rabbitmq_spec.rb | 65 +++++++ .../cloud_network_contrail_vrouter_spec.rb | 50 +++++ .../cloud_network_contrail_webui_spec.rb | 80 ++++++++ 22 files changed, 1214 insertions(+), 51 deletions(-) create mode 100644 manifests/network/contrail/analytics.pp create mode 100644 manifests/network/contrail/config.pp create mode 100644 manifests/network/contrail/control.pp create mode 100644 manifests/network/contrail/database.pp create mode 100644 manifests/network/contrail/haproxy.pp create mode 100644 manifests/network/contrail/rabbitmq.pp create mode 100644 manifests/network/contrail/vrouter.pp create mode 100644 manifests/network/contrail/webui.pp create mode 100644 spec/classes/cloud_network_contrail_analytics_spec.rb create mode 100644 spec/classes/cloud_network_contrail_config_spec.rb create mode 100644 spec/classes/cloud_network_contrail_database_spec.rb create mode 100644 spec/classes/cloud_network_contrail_haproxy_spec.rb create mode 100644 spec/classes/cloud_network_contrail_rabbitmq_spec.rb create mode 100644 spec/classes/cloud_network_contrail_vrouter_spec.rb create mode 100644 spec/classes/cloud_network_contrail_webui_spec.rb diff --git a/Puppetfile b/Puppetfile index 5f94bdaa..d49e5d2d 100644 --- a/Puppetfile +++ b/Puppetfile @@ -40,7 +40,7 @@ mod 'keystone', :ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => 'd5628a9ca16140e3c08c98d56feecaf56e898f35' + :ref => '183541d3890cd212db5a581470bdf98c21c40ad7' mod 'nova', :git => 'git://github.com/enovance/puppet-nova.git', :ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4' @@ -80,6 +80,9 @@ mod 'cassandra', mod 'concat', :git => 'git://github.com/enovance/puppet-concat.git', :ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5' +mod 'contrail', + :git => 'git://github.com/enovance/puppet-contrail.git', + :ref => '2b135d5b9f00c26b357bf2f55082701f01e0670a' mod 'corosync', :git => 'git://github.com/enovance/puppetlabs-corosync.git', :ref => '7bbdcd8c57beab6ba24b06ef5aaee2462f8d3d24' diff --git a/files/qemu/qemu.conf b/files/qemu/qemu.conf index 5090f409..93f1ff42 100644 --- a/files/qemu/qemu.conf +++ b/files/qemu/qemu.conf @@ -8,4 +8,4 @@ cgroup_device_acl = [ "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet", "/dev/net/tun", ] -clear_emulator_capabilities = 0 +clear_emulator_capabilities = 1 diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp index a04c064b..cef7ab55 100644 --- a/manifests/compute/hypervisor.pp +++ b/manifests/compute/hypervisor.pp @@ -122,6 +122,10 @@ # (optional) Hostname or IP used to connect to console service. # Defaults to false (use nova_public_host) # +# [*include_vswitch*] +# (optional) Should the class cloud::network::vswitch should be included. +# Defaults to true +# # [*firewall_settings*] # (optional) Allow to add custom parameters to firewall rules # Should be an hash. @@ -147,6 +151,7 @@ $manage_tso = true, $nova_shell = false, $firewall_settings = {}, + $include_vswitch = true, # when using NFS storage backend $nfs_enabled = false, $nfs_device = false, @@ -158,7 +163,10 @@ include 'cloud::params' include 'cloud::telemetry' include 'cloud::network' - include 'cloud::network::vswitch' + + if $include_vswitch { + include 'cloud::network::vswitch' + } if $libvirt_type == 'kvm' and ! $::vtx { fail('libvirt_type is set to KVM and VTX seems to be disabled on this node.') diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp index 74b1aa8e..2bdee0bf 100644 --- a/manifests/loadbalancer.pp +++ b/manifests/loadbalancer.pp @@ -626,6 +626,7 @@ ){ include cloud::params + include cloud::network::contrail::haproxy $common_tcp_options = { 'mode' => 'tcp', diff --git a/manifests/network.pp b/manifests/network.pp index b4873ab7..53ea908f 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -53,9 +53,14 @@ # # [*plugin*] # (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv'. +# Supported values: 'ml2', 'n1kv', 'opencontrail'. # Defaults to 'ml2' # +# [*service_plugins*] +# (optional) List of service plugin entrypoints to be loaded from the neutron +# service_plugins namespace +# Defaults to ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'] +# class cloud::network( $verbose = true, $debug = true, @@ -66,6 +71,7 @@ $log_facility = 'LOG_LOCAL0', $dhcp_lease_duration = '120', $plugin = 'ml2', + $service_plugins = ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], ) { # Disable twice logging if syslog is enabled @@ -88,6 +94,9 @@ 'n1kv': { $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' } + 'opencontrail': { + $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' + } default: { fail("${plugin} plugin is not supported.") } @@ -106,7 +115,7 @@ use_syslog => $use_syslog, dhcp_agents_per_network => '2', core_plugin => $core_plugin, - service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], + service_plugins => $service_plugins, log_dir => $log_dir, dhcp_lease_duration => $dhcp_lease_duration, report_interval => '30', diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp new file mode 100644 index 00000000..2a19b810 --- /dev/null +++ b/manifests/network/contrail/analytics.pp @@ -0,0 +1,59 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::analytics +# +# Install a Contrail analytics node +# +# === Parameters: +# +# [*bind_ip*] +# (optional) Address on which the Contrail analytics api is listening on +# Defaults to '127.0.0.1' +# +# [*port*] +# (optional) Port where Contrail analytics api is bound to +# Used for firewall purpose. +# Default to 8081 +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::analytics ( + $bind_ip = '127.0.0.1', + $port = 8081, + $firewall_settings = {}, +){ + + include ::contrail::analytics + + @@haproxy::balancermember{"${::fqdn}-contrail-analytics-api": + listening_service => 'contrail_analytics_api', + server_names => $::hostname, + ipaddresses => $bind_ip, + ports => $port, + options => 'check inter 2000 rise 2 fall 5' + } + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow contrail analytics access': + port => [$port, '8086'], + extras => $firewall_settings, + } + } + +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp new file mode 100644 index 00000000..cc0c543d --- /dev/null +++ b/manifests/network/contrail/config.pp @@ -0,0 +1,78 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::config +# +# Install a Contrail config node +# +# === Parameters: +# +# [*api_bind_ip*] +# (optional) Address on which the Contrail config api is listening on +# Defaults to '127.0.0.1' +# +# [*discovery_bind_ip*] +# (optional) Address on which the Contrail discovery is listening on +# Defaults to '127.0.0.1' +# +# [*api_port*] +# (optional) Port where Contrail config api is bound to +# Used for firewall purpose. +# Default to 9100 +# +# [*discovery_port*] +# (optional) Port where Contrail discovery is bound to +# Used for firewall purpose. +# Default to 9110 +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::config ( + $api_bind_ip = '127.0.0.1', + $discovery_bind_ip = '127.0.0.1', + $api_port = 9100, + $discovery_port = 9110, + $firewall_settings = {}, +){ + + include ::contrail::config + + @@haproxy::balancermember{"${::fqdn}-contrail-config-api": + listening_service => 'contrail_config_api', + server_names => $::hostname, + ipaddresses => $api_bind_ip, + ports => $api_port, + options => 'check inter 2000 rise 2 fall 5' + } + + @@haproxy::balancermember{"${::fqdn}-contrail-config-discovery": + listening_service => 'contrail_config_discovery', + server_names => $::hostname, + ipaddresses => $discovery_bind_ip, + ports => $discovery_port, + options => 'check inter 2000 rise 2 fall 5' + } + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow contrail config access': + port => ['8443', '8087', '8088', $discovery_port, $api_port], + extras => $firewall_settings, + } + } + +} diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp new file mode 100644 index 00000000..76bf5d1b --- /dev/null +++ b/manifests/network/contrail/control.pp @@ -0,0 +1,40 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::control +# +# Install a Contrail control node +# +# === Parameters: +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::control ( + $firewall_settings = {}, +){ + + include ::contrail::control + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow contrail control access': + port => ['8083', '5269', '8092', '8093'], + extras => $firewall_settings, + } + } + +} diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp new file mode 100644 index 00000000..d8be7be0 --- /dev/null +++ b/manifests/network/contrail/database.pp @@ -0,0 +1,46 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::database +# +# Install a Contrail database node +# +# === Parameters: +# +# [*port*] +# (optional) Port where Kafka is bound to +# Used for firewall purpose. +# Default to 9042 +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::database ( + $port = 9042, + $firewall_settings = {}, +){ + + include ::contrail::database + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow contrail database access': + port => $port, + extras => $firewall_settings, + } + } + +} diff --git a/manifests/network/contrail/haproxy.pp b/manifests/network/contrail/haproxy.pp new file mode 100644 index 00000000..41ab345f --- /dev/null +++ b/manifests/network/contrail/haproxy.pp @@ -0,0 +1,183 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::haproxy +# +# Create the haproxy stanzas for Contrail related services +# +# === Parameters: +# +# [*contrail_analytics_api*] +# (optional) Enable or not Contrail analytics api public binding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure +# Defaults to false +# +# [*contrail_config_api*] +# (optional) Enable or not Contrail config api binding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure. +# Defaults to false +# +# [*contrail_config_discovery*] +# (optional) Enable or not Contrail discoverybinding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure. +# Defaults to false +# +# [*contrail_webui_http*] +# (optional) Enable or not Contrail webui http binding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure. +# Defaults to true +# +# [*contrail_webui_https*] +# (optional) Enable or not Contrail webui https binding. +# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. +# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. +# If set to false, no binding will be configure +# Defaults to true +# +# [*contrail_analytics_api_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# +# [*contrail_config_api_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# +# [*contrail_config_discovery_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# +# [*contrail_webui_http_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# +# [*contrail_webui_https_bind_options*] +# (optional) A hash of options that are inserted into the HAproxy listening +# service configuration block. +# Defaults to [] +# +# [*contrail_analytics_api_port*] +# (optional) TCP port to connect to Contrail analytics api from public network +# Defaults to '8081' +# +# [*contrail_config_api_port*] +# (optional) TCP port to connect to Contrail config api from public network +# Defaults to '8082' +# +# [*contrail_config_discovery_port*] +# (optional) TCP port to connect to Contrail discovery from public network +# Defaults to '5998' +# +# [*contrail_webui_http_port*] +# (optional) TCP port to connect to Contrail webui http from public network +# Defaults to '8079' +# +# [*contrail_webui_https_port*] +# (optional) TCP port to connect to Contrail webui https from public network +# Defaults to '8143' +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::haproxy ( + $contrail_analytics_api = false, + $contrail_config_api = false, + $contrail_config_discovery = false, + $contrail_webui_http = false, + $contrail_webui_https = false, + $contrail_analytics_api_bind_options = [], + $contrail_config_api_bind_options = [], + $contrail_config_discovery_bind_options = [], + $contrail_webui_http_bind_options = [], + $contrail_webui_https_bind_options = [], + $contrail_analytics_api_port = 8081, + $contrail_config_api_port = 8082, + $contrail_config_discovery_port = 5998, + $contrail_webui_http_port = 8079, + $contrail_webui_https_port = 8143, + $firewall_settings = {}, +){ + + cloud::loadbalancer::binding { 'contrail_analytics_api': + ip => $contrail_analytics_api, + port => $contrail_analytics_api_port, + bind_options => $contrail_analytics_api_bind_options, + firewall_settings => $firewall_settings, + options => { + 'balance' => 'roundrobin', + 'option' => ['nolinger', 'tcp-check'], + 'default-server' => 'error-limit 1 on-error mark-down', + }, + } + + cloud::loadbalancer::binding { 'contrail_config_api': + ip => $contrail_config_api, + port => $contrail_config_api_port, + bind_options => $contrail_config_api_bind_options, + firewall_settings => $firewall_settings, + options => { + 'balance' => 'roundrobin', + 'option' => ['nolinger'], + }, + } + + cloud::loadbalancer::binding { 'contrail_config_discovery': + ip => $contrail_config_discovery, + port => $contrail_config_discovery_port, + bind_options => $contrail_config_discovery_bind_options, + firewall_settings => $firewall_settings, + options => { + 'balance' => 'roundrobin', + 'option' => ['nolinger'], + }, + } + + cloud::loadbalancer::binding { 'contrail_webui_http': + ip => $contrail_webui_http, + port => $contrail_webui_http_port, + bind_options => $contrail_webui_http_bind_options, + firewall_settings => $firewall_settings, + options => { + 'balance' => 'source', + }, + } + + cloud::loadbalancer::binding { 'contrail_webui_https': + ip => $contrail_webui_https, + port => $contrail_webui_https_port, + bind_options => $contrail_webui_https_bind_options, + httpchk => 'ssl-hello-chk', + firewall_settings => $firewall_settings, + options => { + 'mode' => 'tcp', + 'balance' => 'source', + 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', + } + } + +} diff --git a/manifests/network/contrail/rabbitmq.pp b/manifests/network/contrail/rabbitmq.pp new file mode 100644 index 00000000..cae9b4ec --- /dev/null +++ b/manifests/network/contrail/rabbitmq.pp @@ -0,0 +1,79 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::rabbitmq +# +# This resource creates RabbitMQ resources for Contrail +# +# == Parameters: +# +# [*user*] +# (optional) The username to use when connecting to Rabbit +# Defaults to 'contrail' +# +# [*password*] +# (optional) The password to use when connecting to Rabbit +# Defaults to 'contrailpassword' +# +# [*vhost*] +# (optional) The virtual host to use when connecting to Rabbit +# Defaults to '/' +# +# [*is_admin*] +# (optional) If the user should be admin or not +# Defaults to true +# +# [*configure_permission*] +# (optional) Define configure permission +# Defaults to '.*' +# +# [*write_permission*] +# (optional) Define write permission +# Defaults to '.*' +# +# [*read_permission*] +# (optional) Define read permission +# Defaults to '.*' +# +class cloud::network::contrail::rabbitmq ( + $user = 'contrail', + $password = 'contrailpassword', + $vhost = '/', + $is_admin = true, + $configure_permission = '.*', + $write_permission = '.*', + $read_permission = '.*', +) { + + rabbitmq_user { $user : + admin => $is_admin, + password => $password, + provider => 'rabbitmqctl', + } + + if !defined(Rabbitmq_vhost[$vhost]) { + rabbitmq_vhost { $vhost : + provider => 'rabbitmqctl', + } + } + + rabbitmq_user_permissions { "${user}@${vhost}" : + configure_permission => $configure_permission, + write_permission => $write_permission, + read_permission => $read_permission, + provider => 'rabbitmqctl', + } + +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 00000000..2a2a0177 --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,27 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::vrouter +# +# Install a Contrail vrouter agent on the node +# +# === Parameters: +# +class cloud::network::contrail::vrouter ( +){ + + include ::contrail::vrouter + +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp new file mode 100644 index 00000000..c725d764 --- /dev/null +++ b/manifests/network/contrail/webui.pp @@ -0,0 +1,79 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: cloud::network::contrail::webui +# +# Install a Contrail webui node +# +# === Parameters: +# +# [*http_bind_ip*] +# (optional) Address on which the Contrail webui http service is listening on +# Defaults to '127.0.0.1' +# +# [*https_bind_ip*] +# (optional) Address on which the Contrail webui https service is listening on +# Defaults to '127.0.0.1' +# +# [*http_port*] +# (optional) Port where Contrail webui http service is bound to +# Used for firewall purpose. +# Default to 9100 +# +# [*https_port*] +# (optional) Port where Contrail webui https is bound to +# Used for firewall purpose. +# Default to 9110 +# +# [*firewall_settings*] +# (optional) Allow to add custom parameters to firewall rules +# Should be an hash. +# Default to {} +# +class cloud::network::contrail::webui ( + $http_bind_ip = '127.0.0.1', + $https_bind_ip = '127.0.0.1', + $http_port = 8080, + $https_port = 8143, + $firewall_settings = {}, + $firewall_settings = {}, +){ + + include ::contrail::webui + + @@haproxy::balancermember{"${::fqdn}-contrail-webui-http": + listening_service => 'contrail_webui_http', + server_names => $::hostname, + ipaddresses => $http_bind_ip, + ports => $http_port, + options => 'check inter 2000 rise 2 fall 5' + } + + @@haproxy::balancermember{"${::fqdn}-contrail-webui-https": + listening_service => 'contrail_webui_https', + server_names => $::hostname, + ipaddresses => $https_bind_ip, + ports => $https_port, + options => 'check inter 2000 rise 2 fall 5' + } + + if $::cloud::manage_firewall { + cloud::firewall::rule{ '100 allow contrail webui access': + port => [$http_port, $https_port], + extras => $firewall_settings, + } + } + +} diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp index cb79f6c7..a53c7855 100644 --- a/manifests/network/controller.pp +++ b/manifests/network/controller.pp @@ -108,7 +108,7 @@ # # [*plugin*] # (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv'. +# Supported values: 'ml2', 'n1kv', 'opencontrail'. # Defaults to 'ml2' # # [*l3_ha*] @@ -124,6 +124,18 @@ # (optional) TCP port to connect to Keystone API from admin network # Defaults to '35357' # +# [*ks_keystone_admin_user*] +# (optional) Admin user to connect to Keystone API +# Defaults to 'admin' +# +# [*ks_keystone_admin_password*] +# (optional) Password for admin user to connect to Keystone API +# Defaults to 'password' +# +# [*ks_keystone_admin_token*] +# (optional) Token to connect to Keystone API as admin user +# Defaults to undef +# # [*provider_vlan_ranges*] # (optionnal) VLAN range for provider networks # Defaults to ['physnet1:1000:2999'] @@ -151,7 +163,25 @@ # [*vni_ranges*] # (optional) VxLan Network ID range. used by the ml2 plugin # List of colon-separated id ranges -# Defautls to ['1:10000'] +# Defaults to ['1:10000'] +# +# [*contrail_api_server_ip*] +# (optional) IP address of the Contrail API +# Defaults to 127.0.0.1 +# +# [*contrail_api_server_port*] +# (optional) Port of the Contrail API +# Defaults to 8082 +# +# [*contrail_multi_tenancy*] +# (optional) Should Contrail support multi tenancy +# Boolean. +# Defaults to true +# +# [*contrail_extensions*] +# (optional) Array of extensions enabled for Contrail +# Array of extensions +# Defaults to [''] # # [*mechanism_drivers*] # (optional) Neutron mechanism drivers to run @@ -160,43 +190,52 @@ # Defaults to ['linuxbridge', 'openvswitch','l2population'] # class cloud::network::controller( - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_idle_timeout = 5000, - $ks_neutron_password = 'neutronpassword', - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_public_port = 5000, - $ks_neutron_public_port = 9696, - $api_eth = '127.0.0.1', - $ks_admin_tenant = 'admin', - $nova_url = 'http://127.0.0.1:8774/v2', - $nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0', - $nova_admin_username = 'nova', - $nova_admin_tenant_name = 'services', - $nova_admin_password = 'novapassword', - $nova_region_name = 'RegionOne', - $manage_ext_network = false, - $firewall_settings = {}, - $flat_networks = ['public'], - $tenant_network_types = ['gre'], - $type_drivers = ['gre', 'vlan', 'flat'], - $provider_vlan_ranges = ['physnet1:1000:2999'], - $plugin = 'ml2', - $mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'], - $l3_ha = false, - $router_distributed = false, + $neutron_db_host = '127.0.0.1', + $neutron_db_user = 'neutron', + $neutron_db_password = 'neutronpassword', + $neutron_db_idle_timeout = 5000, + $ks_neutron_password = 'neutronpassword', + $ks_keystone_admin_host = '127.0.0.1', + $ks_keystone_admin_proto = 'http', + $ks_keystone_admin_port = 35357, + $ks_keystone_admin_user = 'admin', + $ks_admin_tenant = 'admin', + $ks_keystone_admin_password = 'password', + $ks_keystone_admin_token = undef, + $ks_keystone_public_port = 5000, + $ks_neutron_public_port = 9696, + $api_eth = '127.0.0.1', + $nova_url = 'http://127.0.0.1:8774/v2', + $nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0', + $nova_admin_username = 'nova', + $nova_admin_tenant_name = 'services', + $nova_admin_password = 'novapassword', + $nova_region_name = 'RegionOne', + $manage_ext_network = false, + $firewall_settings = {}, + $flat_networks = ['public'], + $tenant_network_types = ['gre'], + $type_drivers = ['gre', 'vlan', 'flat'], + $provider_vlan_ranges = ['physnet1:1000:2999'], + $plugin = 'ml2', + $mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'], + $l3_ha = false, + $router_distributed = false, # only needed by cisco n1kv plugin - $n1kv_vsm_ip = '127.0.0.1', - $n1kv_vsm_password = 'secrete', - $ks_keystone_admin_port = 35357, + $n1kv_vsm_ip = '127.0.0.1', + $n1kv_vsm_password = 'secrete', # only needed by ml2 plugin - $tunnel_id_ranges = ['1:10000'], - $vni_ranges = ['1:10000'], + $tunnel_id_ranges = ['1:10000'], + $vni_ranges = ['1:10000'], + # only needed by opencontrail plugin + $contrail_api_server_ip = '127.0.0.1', + $contrail_api_server_port = '8082', + $contrail_multi_tenancy = true, + $contrail_extensions = [''], ) { include 'cloud::network' + include ::neutron::quota $encoded_user = uriescape($neutron_db_user) $encoded_password = uriescape($neutron_db_password) @@ -258,6 +297,21 @@ } } + 'opencontrail': { + $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' + class { 'neutron::plugins::opencontrail': + api_server_ip => $contrail_api_server_ip , + api_server_port => $contrail_api_server_port, + multi_tenancy => $contrail_multi_tenancy, + contrail_extensions => $contrail_extensions, + keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/", + keystone_admin_user => $ks_keystone_admin_user, + keystone_admin_tenant_name => $ks_admin_tenant, + keystone_admin_password => $ks_keystone_admin_password, + keystone_admin_token => $ks_keystone_admin_token, + } + } + default: { fail("${plugin} plugin is not supported.") } diff --git a/manifests/network/metadata.pp b/manifests/network/metadata.pp index 4f0c22d3..56d55437 100644 --- a/manifests/network/metadata.pp +++ b/manifests/network/metadata.pp @@ -76,18 +76,15 @@ include 'cloud::network::vswitch' class { 'neutron::agents::metadata': - enabled => $enabled, - shared_secret => $neutron_metadata_proxy_shared_secret, - debug => $debug, - metadata_ip => $nova_metadata_server, - auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", - auth_password => $ks_neutron_password, - auth_region => $auth_region, - metadata_workers => $::processorcount - } - - neutron_metadata_agent_config { - 'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto; + enabled => $enabled, + shared_secret => $neutron_metadata_proxy_shared_secret, + debug => $debug, + metadata_ip => $nova_metadata_server, + auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", + auth_password => $ks_neutron_password, + auth_region => $auth_region, + metadata_workers => $::processorcount, + metadata_protocol => $ks_nova_internal_proto, } } diff --git a/spec/classes/cloud_network_contrail_analytics_spec.rb b/spec/classes/cloud_network_contrail_analytics_spec.rb new file mode 100644 index 00000000..ec177223 --- /dev/null +++ b/spec/classes/cloud_network_contrail_analytics_spec.rb @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::analytics +# + +require 'spec_helper' + +describe 'cloud::network::contrail::analytics' do + + shared_examples_for 'contrail-analytics server' do + + let :params do + { } + end + + it 'configure contrail-analytics' do + is_expected.to contain_class('contrail::analytics') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure contrail-analytics firewall rules' do + is_expected.to contain_firewall('100 allow contrail analytics access').with( + :port => ['8081', '8086'], + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure contrail-analytics firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow contrail analytics access').with( + :port => ['8081', '8086'], + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-analytics server' + end + +end diff --git a/spec/classes/cloud_network_contrail_config_spec.rb b/spec/classes/cloud_network_contrail_config_spec.rb new file mode 100644 index 00000000..05e57b15 --- /dev/null +++ b/spec/classes/cloud_network_contrail_config_spec.rb @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::config +# + +require 'spec_helper' + +describe 'cloud::network::contrail::config' do + + shared_examples_for 'contrail-config server' do + + let :params do + { } + end + + it 'configure contrail-config' do + is_expected.to contain_class('contrail::config') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure contrail-config firewall rules' do + is_expected.to contain_firewall('100 allow contrail config access').with( + :port => ['8443', '8087', '8088', '9110', '9100'], + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure contrail-config firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow contrail config access').with( + :port => ['8443', '8087', '8088', '9110', '9100'], + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-config server' + end + +end diff --git a/spec/classes/cloud_network_contrail_database_spec.rb b/spec/classes/cloud_network_contrail_database_spec.rb new file mode 100644 index 00000000..22914815 --- /dev/null +++ b/spec/classes/cloud_network_contrail_database_spec.rb @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::database +# + +require 'spec_helper' + +describe 'cloud::network::contrail::database' do + + shared_examples_for 'contrail-database server' do + + let :params do + { } + end + + it 'configure contrail-database' do + is_expected.to contain_class('contrail::database') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure contrail-database firewall rules' do + is_expected.to contain_firewall('100 allow contrail database access').with( + :port => '9042', + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure contrail-database firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow contrail database access').with( + :port => '9042', + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-database server' + end + +end diff --git a/spec/classes/cloud_network_contrail_haproxy_spec.rb b/spec/classes/cloud_network_contrail_haproxy_spec.rb new file mode 100644 index 00000000..55a41c4d --- /dev/null +++ b/spec/classes/cloud_network_contrail_haproxy_spec.rb @@ -0,0 +1,65 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::haproxy +# + +require 'spec_helper' + +describe 'cloud::network::contrail::haproxy' do + + shared_examples_for 'contrail-haproxy stanzas' do + + let :params do + { } + end + + it { is_expected.to contain_cloud__loadbalancer__binding('contrail_analytics_api').with( + :port => '8081' + )} + + it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_api').with( + :port => '8082' + )} + + it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_discovery').with( + :port => '5998' + )} + + it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_http').with( + :port => '8079' + )} + + it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_https').with( + :port => '8143' + )} + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-haproxy stanzas' + end + +end diff --git a/spec/classes/cloud_network_contrail_rabbitmq_spec.rb b/spec/classes/cloud_network_contrail_rabbitmq_spec.rb new file mode 100644 index 00000000..15c55f25 --- /dev/null +++ b/spec/classes/cloud_network_contrail_rabbitmq_spec.rb @@ -0,0 +1,65 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::rabbitmq +# + +require 'spec_helper' + +describe 'cloud::network::contrail::rabbitmq' do + + shared_examples_for 'contrail-rabbitmq settings' do + + let :params do + { } + end + + + it 'configure the contrail rabbitmq-user' do + is_expected.to contain_rabbitmq_user('contrail').with( + :admin => 'true', + :password => 'contrailpassword', + :provider => 'rabbitmqctl', + ) + end + + it 'configure the contrail rabbitmq-user-permissions' do + is_expected.to contain_rabbitmq_user_permissions('contrail@/').with( + :configure_permission => '.*', + :write_permission => '.*', + :read_permission => '.*', + :provider => 'rabbitmqctl', + ) + end + + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-rabbitmq settings' + end + +end diff --git a/spec/classes/cloud_network_contrail_vrouter_spec.rb b/spec/classes/cloud_network_contrail_vrouter_spec.rb new file mode 100644 index 00000000..ef265168 --- /dev/null +++ b/spec/classes/cloud_network_contrail_vrouter_spec.rb @@ -0,0 +1,50 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::vrouter +# + +require 'spec_helper' + +describe 'cloud::network::contrail::vrouter' do + + shared_examples_for 'contrail-vrouter server' do + + let :params do + { } + end + + it 'configure contrail-vrouter' do + is_expected.to contain_class('contrail::vrouter') + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-vrouter server' + end + +end diff --git a/spec/classes/cloud_network_contrail_webui_spec.rb b/spec/classes/cloud_network_contrail_webui_spec.rb new file mode 100644 index 00000000..48045c5e --- /dev/null +++ b/spec/classes/cloud_network_contrail_webui_spec.rb @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Unit tests for cloud::network::contrail::webui +# + +require 'spec_helper' + +describe 'cloud::network::contrail::webui' do + + shared_examples_for 'contrail-webui server' do + + let :params do + { } + end + + it 'configure contrail-webui' do + is_expected.to contain_class('contrail::webui') + end + + context 'with default firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + it 'configure contrail-webui firewall rules' do + is_expected.to contain_firewall('100 allow contrail webui access').with( + :port => ['8080', '8143'], + :proto => 'tcp', + :action => 'accept', + ) + end + end + + context 'with custom firewall enabled' do + let :pre_condition do + "class { 'cloud': manage_firewall => true }" + end + before :each do + params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) + end + it 'configure contrail-webui firewall rules with custom parameter' do + is_expected.to contain_firewall('100 allow contrail webui access').with( + :port => ['8080', '8143'], + :proto => 'tcp', + :action => 'accept', + :limit => '50/sec', + ) + end + end + + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian' } + end + + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat' } + end + + it_configures 'contrail-webui server' + end + +end From 5ee34b04c28fe72e2d1691b97bcc06d523869450 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Wed, 1 Jul 2015 12:15:24 +0200 Subject: [PATCH 39/41] contrail::webui: Remove duplicate parameter Remove firewall_settings that has been duplicated here. Change-Id: Ie0a62267b3177286f7582a5bb0f95c0623fa8142 --- manifests/network/contrail/webui.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index c725d764..5f291343 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -48,7 +48,6 @@ $http_port = 8080, $https_port = 8143, $firewall_settings = {}, - $firewall_settings = {}, ){ include ::contrail::webui From e8d6d0ff25384d59b5702382e4dd2952b00565e2 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Fri, 3 Jul 2015 11:31:34 -0400 Subject: [PATCH 40/41] Puppetfile: use latest stable/juno ref Change-Id: I8cb8544d872a9738c2769f503f679b977c670c4d --- Puppetfile | 2 +- manifests/network/metadata.pp | 21 ++++++++++++--------- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/Puppetfile b/Puppetfile index d49e5d2d..b6ef4f43 100644 --- a/Puppetfile +++ b/Puppetfile @@ -40,7 +40,7 @@ mod 'keystone', :ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b' mod 'neutron', :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => '183541d3890cd212db5a581470bdf98c21c40ad7' + :ref => 'e981bc2533b349fae3e06ca3989f1bceece94610' mod 'nova', :git => 'git://github.com/enovance/puppet-nova.git', :ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4' diff --git a/manifests/network/metadata.pp b/manifests/network/metadata.pp index 56d55437..7cf5a38a 100644 --- a/manifests/network/metadata.pp +++ b/manifests/network/metadata.pp @@ -76,15 +76,18 @@ include 'cloud::network::vswitch' class { 'neutron::agents::metadata': - enabled => $enabled, - shared_secret => $neutron_metadata_proxy_shared_secret, - debug => $debug, - metadata_ip => $nova_metadata_server, - auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", - auth_password => $ks_neutron_password, - auth_region => $auth_region, - metadata_workers => $::processorcount, - metadata_protocol => $ks_nova_internal_proto, + enabled => $enabled, + shared_secret => $neutron_metadata_proxy_shared_secret, + debug => $debug, + metadata_ip => $nova_metadata_server, + auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", + auth_password => $ks_neutron_password, + auth_region => $auth_region, + metadata_workers => $::processorcount, + } + + neutron_metadata_agent_config { + 'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto; } } From 4fc947806096a83444b2311e9f0a7a6d1f44f983 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Sat, 17 Oct 2015 16:04:23 -0400 Subject: [PATCH 41/41] Retire stackforge/puppet-openstack-cloud --- .forgeignore | 14 - .gitignore | 9 - .gitreview | 4 - .travis.yml | 15 - CHANGELOG.md | 120 -- Gemfile | 19 - LICENSE | 176 --- Puppetfile | 238 ---- README.md | 151 --- README.rst | 7 + Rakefile | 80 -- files/qemu/qemu.conf | 11 - lib/facter/edeploy.rb | 40 - lib/facter/galera_bootstrapped.rb | 22 - lib/facter/vtx.rb | 27 - manifests/clustering.pp | 151 --- manifests/clustering/pacemaker_colocation.pp | 55 - manifests/clustering/pacemaker_order.pp | 55 - manifests/clustering/pacemaker_service.pp | 111 -- manifests/compute.pp | 193 --- manifests/compute/api.pp | 140 --- manifests/compute/cert.pp | 26 - manifests/compute/conductor.pp | 26 - manifests/compute/consoleauth.pp | 26 - manifests/compute/consoleproxy.pp | 95 -- manifests/compute/hypervisor.pp | 423 ------- manifests/compute/scheduler.pp | 40 - manifests/dashboard.pp | 211 ---- manifests/database/dbaas.pp | 92 -- manifests/database/dbaas/api.pp | 104 -- manifests/database/dbaas/conductor.pp | 65 - manifests/database/dbaas/taskmanager.pp | 65 - manifests/database/nosql/cassandra.pp | 40 - manifests/database/nosql/elasticsearch.pp | 58 - manifests/database/nosql/kafka.pp | 40 - manifests/database/nosql/memcached.pp | 48 - manifests/database/nosql/mongodb/mongod.pp | 64 - manifests/database/nosql/mongodb/mongos.pp | 69 -- manifests/database/nosql/redis/sentinel.pp | 67 -- manifests/database/nosql/redis/server.pp | 59 - manifests/database/nosql/zookeeper.pp | 40 - manifests/database/sql/mysql.pp | 572 --------- manifests/firewall/post.pp | 51 - manifests/firewall/pre.pp | 57 - manifests/firewall/rule.pp | 46 - manifests/identity.pp | 756 ------------ manifests/image/api.pp | 306 ----- manifests/image/registry.pp | 166 --- manifests/init.pp | 253 ---- manifests/install/puppetdb/config.pp | 24 - manifests/install/puppetdb/server.pp | 41 - manifests/loadbalancer.pp | 1052 ----------------- manifests/loadbalancer/binding.pp | 79 -- manifests/loadbalancer/listen_http.pp | 45 - manifests/logging.pp | 24 - manifests/logging/agent.pp | 73 -- manifests/logging/server.pp | 65 - manifests/messaging.pp | 182 --- manifests/monitoring/agent/sensu.pp | 21 - manifests/monitoring/server/sensu.pp | 134 --- manifests/network.pp | 124 -- manifests/network/contrail/analytics.pp | 59 - manifests/network/contrail/config.pp | 78 -- manifests/network/contrail/control.pp | 40 - manifests/network/contrail/database.pp | 46 - manifests/network/contrail/haproxy.pp | 183 --- manifests/network/contrail/rabbitmq.pp | 79 -- manifests/network/contrail/vrouter.pp | 27 - manifests/network/contrail/webui.pp | 78 -- manifests/network/controller.pp | 366 ------ manifests/network/dhcp.pp | 87 -- manifests/network/l3.pp | 132 --- manifests/network/lbaas.pp | 43 - manifests/network/metadata.pp | 93 -- manifests/network/vpn.pp | 25 - manifests/network/vswitch.pp | 259 ---- manifests/object.pp | 33 - manifests/object/controller.pp | 178 --- manifests/object/ringbuilder.pp | 70 -- manifests/object/set_io_scheduler.pp | 26 - manifests/object/storage.pp | 172 --- manifests/object/tweaking.pp | 70 -- manifests/orchestration.pp | 177 --- manifests/orchestration/api.pp | 115 -- manifests/orchestration/engine.pp | 75 -- manifests/params.pp | 77 -- manifests/selinux.pp | 98 -- manifests/storage/rbd.pp | 49 - manifests/storage/rbd/key.pp | 37 - manifests/storage/rbd/monitor.pp | 61 - manifests/storage/rbd/osd.pp | 73 -- manifests/storage/rbd/pools.pp | 153 --- manifests/telemetry.pp | 134 --- manifests/telemetry/alarmevaluator.pp | 25 - manifests/telemetry/alarmnotifier.pp | 25 - manifests/telemetry/api.pp | 92 -- manifests/telemetry/centralagent.pp | 26 - manifests/telemetry/collector.pp | 56 - manifests/telemetry/notification.pp | 24 - manifests/volume.pp | 138 --- manifests/volume/api.pp | 113 -- manifests/volume/backend/emc_vnx.pp | 71 -- manifests/volume/backend/eqlx.pp | 100 -- manifests/volume/backend/glusterfs.pp | 60 - manifests/volume/backend/iscsi.pp | 45 - manifests/volume/backend/netapp.pp | 164 --- manifests/volume/backend/nfs.pp | 87 -- manifests/volume/backend/rbd.pp | 101 -- manifests/volume/backup.pp | 45 - manifests/volume/scheduler.pp | 26 - manifests/volume/storage.pp | 167 --- metadata.json | 34 - scripts/bootstrap.pp | 30 - spec/classes/cloud_clustering_spec.rb | 149 --- spec/classes/cloud_compute_api_spec.rb | 228 ---- spec/classes/cloud_compute_cert_spec.rb | 99 -- spec/classes/cloud_compute_conductor_spec.rb | 99 -- .../classes/cloud_compute_consoleauth_spec.rb | 99 -- .../cloud_compute_consoleproxy_spec.rb | 153 --- spec/classes/cloud_compute_hypervisor_spec.rb | 531 --------- spec/classes/cloud_compute_scheduler_spec.rb | 116 -- spec/classes/cloud_dashboard_spec.rb | 180 --- spec/classes/cloud_database_dbaas_api_spec.rb | 130 -- .../cloud_database_dbaas_conductor_spec.rb | 86 -- .../cloud_database_dbaas_taskmanager_spec.rb | 86 -- .../cloud_database_nosql_cassandra_spec.rb | 79 -- .../cloud_database_nosql_elasticsearch.rb | 81 -- .../cloud_database_nosql_kafka_spec.rb | 85 -- .../cloud_database_nosql_memcached_spec.rb | 84 -- ...loud_database_nosql_mongodb_mongod_spec.rb | 117 -- ...loud_database_nosql_mongodb_mongos_spec.rb | 108 -- ...loud_database_nosql_redis_sentinel_spec.rb | 86 -- .../cloud_database_nosql_redis_server_spec.rb | 79 -- .../cloud_database_nosql_zookeeper_spec.rb | 80 -- spec/classes/cloud_database_sql_mysql_spec.rb | 328 ----- spec/classes/cloud_identity_spec.rb | 424 ------- spec/classes/cloud_image_api_spec.rb | 228 ---- spec/classes/cloud_image_registry_spec.rb | 120 -- spec/classes/cloud_init_spec.rb | 227 ---- .../cloud_install_puppetdb_config_spec.rb | 28 - .../cloud_install_puppetdb_server_spec.rb | 32 - spec/classes/cloud_loadbalancer_spec.rb | 662 ----------- spec/classes/cloud_logging_agent.rb | 147 --- spec/classes/cloud_logging_server_spec.rb | 103 -- spec/classes/cloud_messaging_spec.rb | 173 --- .../cloud_monitoring_agent_sensu_spec.rb | 47 - .../cloud_monitoring_server_sensu_spec.rb | 43 - .../cloud_network_contrail_analytics_spec.rb | 80 -- .../cloud_network_contrail_config_spec.rb | 80 -- .../cloud_network_contrail_database_spec.rb | 80 -- .../cloud_network_contrail_haproxy_spec.rb | 65 - .../cloud_network_contrail_rabbitmq_spec.rb | 65 - .../cloud_network_contrail_vrouter_spec.rb | 50 - .../cloud_network_contrail_webui_spec.rb | 80 -- spec/classes/cloud_network_controller_spec.rb | 250 ---- spec/classes/cloud_network_dhcp_spec.rb | 188 --- spec/classes/cloud_network_l3_spec.rb | 201 ---- spec/classes/cloud_network_lbaas_spec.rb | 108 -- spec/classes/cloud_network_metadata_spec.rb | 103 -- spec/classes/cloud_network_vpn_spec.rb | 78 -- spec/classes/cloud_network_vswitch_spec.rb | 209 ---- spec/classes/cloud_object_ringbuilder_spec.rb | 58 - spec/classes/cloud_object_storage_spec.rb | 184 --- spec/classes/cloud_orchestration_api_spec.rb | 174 --- .../cloud_orchestration_engine_spec.rb | 109 -- spec/classes/cloud_selinux_spec.rb | 107 -- spec/classes/cloud_storage_rbd_mon_spec.rb | 102 -- spec/classes/cloud_storage_rbd_osd_spec.rb | 110 -- .../cloud_telemetry_alarmevaluator_spec.rb | 84 -- .../cloud_telemetry_alarmnotifier_spec.rb | 83 -- spec/classes/cloud_telemetry_api_spec.rb | 135 --- .../cloud_telemetry_centralagent_spec.rb | 65 - .../classes/cloud_telemetry_collector_spec.rb | 107 -- .../cloud_telemetry_notification_spec.rb | 84 -- spec/classes/cloud_volume_api_spec.rb | 167 --- spec/classes/cloud_volume_scheduler_spec.rb | 97 -- spec/classes/cloud_volume_storage_spec.rb | 333 ------ spec/classes/coverage_spec.rb | 5 - ...ud_clustering_pacemaker_colocation_spec.rb | 47 - .../cloud_clustering_pacemaker_order_spec.rb | 49 - ...cloud_clustering_pacemaker_service_spec.rb | 92 -- spec/shared_examples.rb | 5 - spec/spec_helper.rb | 16 - templates/database/clustercheck.erb | 57 - templates/database/debian.cnf.erb | 14 - templates/database/etc_initd_mysql_Debian | 200 ---- templates/database/etc_initd_mysql_RedHat | 45 - templates/database/mysql.conf.erb | 70 -- templates/database/mysqlchk.erb | 24 - templates/database/redis-notifications.sh.erb | 30 - templates/database/systemd-custom.conf.erb | 4 - templates/installserver/autosign.conf.erb | 5 - templates/loadbalancer/monitor.erb | 79 -- templates/network/dnsmasq-neutron.conf.erb | 1 - templates/selinux/sysconfig_selinux.erb | 11 - templates/storage/ceph/ceph-client.conf.erb | 8 - templates/storage/ceph/secret-compute.xml.erb | 6 - 197 files changed, 7 insertions(+), 21703 deletions(-) delete mode 100644 .forgeignore delete mode 100644 .gitignore delete mode 100644 .gitreview delete mode 100644 .travis.yml delete mode 100644 CHANGELOG.md delete mode 100644 Gemfile delete mode 100644 LICENSE delete mode 100644 Puppetfile delete mode 100644 README.md create mode 100644 README.rst delete mode 100644 Rakefile delete mode 100644 files/qemu/qemu.conf delete mode 100644 lib/facter/edeploy.rb delete mode 100644 lib/facter/galera_bootstrapped.rb delete mode 100644 lib/facter/vtx.rb delete mode 100644 manifests/clustering.pp delete mode 100644 manifests/clustering/pacemaker_colocation.pp delete mode 100644 manifests/clustering/pacemaker_order.pp delete mode 100644 manifests/clustering/pacemaker_service.pp delete mode 100644 manifests/compute.pp delete mode 100644 manifests/compute/api.pp delete mode 100644 manifests/compute/cert.pp delete mode 100644 manifests/compute/conductor.pp delete mode 100644 manifests/compute/consoleauth.pp delete mode 100644 manifests/compute/consoleproxy.pp delete mode 100644 manifests/compute/hypervisor.pp delete mode 100644 manifests/compute/scheduler.pp delete mode 100644 manifests/dashboard.pp delete mode 100644 manifests/database/dbaas.pp delete mode 100644 manifests/database/dbaas/api.pp delete mode 100644 manifests/database/dbaas/conductor.pp delete mode 100644 manifests/database/dbaas/taskmanager.pp delete mode 100644 manifests/database/nosql/cassandra.pp delete mode 100644 manifests/database/nosql/elasticsearch.pp delete mode 100644 manifests/database/nosql/kafka.pp delete mode 100644 manifests/database/nosql/memcached.pp delete mode 100644 manifests/database/nosql/mongodb/mongod.pp delete mode 100644 manifests/database/nosql/mongodb/mongos.pp delete mode 100644 manifests/database/nosql/redis/sentinel.pp delete mode 100644 manifests/database/nosql/redis/server.pp delete mode 100644 manifests/database/nosql/zookeeper.pp delete mode 100644 manifests/database/sql/mysql.pp delete mode 100644 manifests/firewall/post.pp delete mode 100644 manifests/firewall/pre.pp delete mode 100644 manifests/firewall/rule.pp delete mode 100644 manifests/identity.pp delete mode 100644 manifests/image/api.pp delete mode 100644 manifests/image/registry.pp delete mode 100644 manifests/init.pp delete mode 100644 manifests/install/puppetdb/config.pp delete mode 100644 manifests/install/puppetdb/server.pp delete mode 100644 manifests/loadbalancer.pp delete mode 100644 manifests/loadbalancer/binding.pp delete mode 100644 manifests/loadbalancer/listen_http.pp delete mode 100644 manifests/logging.pp delete mode 100644 manifests/logging/agent.pp delete mode 100644 manifests/logging/server.pp delete mode 100644 manifests/messaging.pp delete mode 100644 manifests/monitoring/agent/sensu.pp delete mode 100644 manifests/monitoring/server/sensu.pp delete mode 100644 manifests/network.pp delete mode 100644 manifests/network/contrail/analytics.pp delete mode 100644 manifests/network/contrail/config.pp delete mode 100644 manifests/network/contrail/control.pp delete mode 100644 manifests/network/contrail/database.pp delete mode 100644 manifests/network/contrail/haproxy.pp delete mode 100644 manifests/network/contrail/rabbitmq.pp delete mode 100644 manifests/network/contrail/vrouter.pp delete mode 100644 manifests/network/contrail/webui.pp delete mode 100644 manifests/network/controller.pp delete mode 100644 manifests/network/dhcp.pp delete mode 100644 manifests/network/l3.pp delete mode 100644 manifests/network/lbaas.pp delete mode 100644 manifests/network/metadata.pp delete mode 100644 manifests/network/vpn.pp delete mode 100644 manifests/network/vswitch.pp delete mode 100644 manifests/object.pp delete mode 100644 manifests/object/controller.pp delete mode 100644 manifests/object/ringbuilder.pp delete mode 100644 manifests/object/set_io_scheduler.pp delete mode 100644 manifests/object/storage.pp delete mode 100644 manifests/object/tweaking.pp delete mode 100644 manifests/orchestration.pp delete mode 100644 manifests/orchestration/api.pp delete mode 100644 manifests/orchestration/engine.pp delete mode 100644 manifests/params.pp delete mode 100644 manifests/selinux.pp delete mode 100644 manifests/storage/rbd.pp delete mode 100644 manifests/storage/rbd/key.pp delete mode 100644 manifests/storage/rbd/monitor.pp delete mode 100644 manifests/storage/rbd/osd.pp delete mode 100644 manifests/storage/rbd/pools.pp delete mode 100644 manifests/telemetry.pp delete mode 100644 manifests/telemetry/alarmevaluator.pp delete mode 100644 manifests/telemetry/alarmnotifier.pp delete mode 100644 manifests/telemetry/api.pp delete mode 100644 manifests/telemetry/centralagent.pp delete mode 100644 manifests/telemetry/collector.pp delete mode 100644 manifests/telemetry/notification.pp delete mode 100644 manifests/volume.pp delete mode 100644 manifests/volume/api.pp delete mode 100644 manifests/volume/backend/emc_vnx.pp delete mode 100644 manifests/volume/backend/eqlx.pp delete mode 100644 manifests/volume/backend/glusterfs.pp delete mode 100644 manifests/volume/backend/iscsi.pp delete mode 100644 manifests/volume/backend/netapp.pp delete mode 100644 manifests/volume/backend/nfs.pp delete mode 100644 manifests/volume/backend/rbd.pp delete mode 100644 manifests/volume/backup.pp delete mode 100644 manifests/volume/scheduler.pp delete mode 100644 manifests/volume/storage.pp delete mode 100644 metadata.json delete mode 100644 scripts/bootstrap.pp delete mode 100644 spec/classes/cloud_clustering_spec.rb delete mode 100644 spec/classes/cloud_compute_api_spec.rb delete mode 100644 spec/classes/cloud_compute_cert_spec.rb delete mode 100644 spec/classes/cloud_compute_conductor_spec.rb delete mode 100644 spec/classes/cloud_compute_consoleauth_spec.rb delete mode 100644 spec/classes/cloud_compute_consoleproxy_spec.rb delete mode 100644 spec/classes/cloud_compute_hypervisor_spec.rb delete mode 100644 spec/classes/cloud_compute_scheduler_spec.rb delete mode 100644 spec/classes/cloud_dashboard_spec.rb delete mode 100644 spec/classes/cloud_database_dbaas_api_spec.rb delete mode 100644 spec/classes/cloud_database_dbaas_conductor_spec.rb delete mode 100644 spec/classes/cloud_database_dbaas_taskmanager_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_cassandra_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_elasticsearch.rb delete mode 100644 spec/classes/cloud_database_nosql_kafka_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_memcached_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_redis_sentinel_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_redis_server_spec.rb delete mode 100644 spec/classes/cloud_database_nosql_zookeeper_spec.rb delete mode 100644 spec/classes/cloud_database_sql_mysql_spec.rb delete mode 100644 spec/classes/cloud_identity_spec.rb delete mode 100644 spec/classes/cloud_image_api_spec.rb delete mode 100644 spec/classes/cloud_image_registry_spec.rb delete mode 100644 spec/classes/cloud_init_spec.rb delete mode 100644 spec/classes/cloud_install_puppetdb_config_spec.rb delete mode 100644 spec/classes/cloud_install_puppetdb_server_spec.rb delete mode 100644 spec/classes/cloud_loadbalancer_spec.rb delete mode 100644 spec/classes/cloud_logging_agent.rb delete mode 100644 spec/classes/cloud_logging_server_spec.rb delete mode 100644 spec/classes/cloud_messaging_spec.rb delete mode 100644 spec/classes/cloud_monitoring_agent_sensu_spec.rb delete mode 100644 spec/classes/cloud_monitoring_server_sensu_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_analytics_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_config_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_database_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_haproxy_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_rabbitmq_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_vrouter_spec.rb delete mode 100644 spec/classes/cloud_network_contrail_webui_spec.rb delete mode 100644 spec/classes/cloud_network_controller_spec.rb delete mode 100644 spec/classes/cloud_network_dhcp_spec.rb delete mode 100644 spec/classes/cloud_network_l3_spec.rb delete mode 100644 spec/classes/cloud_network_lbaas_spec.rb delete mode 100644 spec/classes/cloud_network_metadata_spec.rb delete mode 100644 spec/classes/cloud_network_vpn_spec.rb delete mode 100644 spec/classes/cloud_network_vswitch_spec.rb delete mode 100644 spec/classes/cloud_object_ringbuilder_spec.rb delete mode 100644 spec/classes/cloud_object_storage_spec.rb delete mode 100644 spec/classes/cloud_orchestration_api_spec.rb delete mode 100644 spec/classes/cloud_orchestration_engine_spec.rb delete mode 100644 spec/classes/cloud_selinux_spec.rb delete mode 100644 spec/classes/cloud_storage_rbd_mon_spec.rb delete mode 100644 spec/classes/cloud_storage_rbd_osd_spec.rb delete mode 100644 spec/classes/cloud_telemetry_alarmevaluator_spec.rb delete mode 100644 spec/classes/cloud_telemetry_alarmnotifier_spec.rb delete mode 100644 spec/classes/cloud_telemetry_api_spec.rb delete mode 100644 spec/classes/cloud_telemetry_centralagent_spec.rb delete mode 100644 spec/classes/cloud_telemetry_collector_spec.rb delete mode 100644 spec/classes/cloud_telemetry_notification_spec.rb delete mode 100644 spec/classes/cloud_volume_api_spec.rb delete mode 100644 spec/classes/cloud_volume_scheduler_spec.rb delete mode 100644 spec/classes/cloud_volume_storage_spec.rb delete mode 100644 spec/classes/coverage_spec.rb delete mode 100644 spec/defines/cloud_clustering_pacemaker_colocation_spec.rb delete mode 100644 spec/defines/cloud_clustering_pacemaker_order_spec.rb delete mode 100644 spec/defines/cloud_clustering_pacemaker_service_spec.rb delete mode 100644 spec/shared_examples.rb delete mode 100644 spec/spec_helper.rb delete mode 100644 templates/database/clustercheck.erb delete mode 100644 templates/database/debian.cnf.erb delete mode 100755 templates/database/etc_initd_mysql_Debian delete mode 100755 templates/database/etc_initd_mysql_RedHat delete mode 100644 templates/database/mysql.conf.erb delete mode 100644 templates/database/mysqlchk.erb delete mode 100644 templates/database/redis-notifications.sh.erb delete mode 100644 templates/database/systemd-custom.conf.erb delete mode 100644 templates/installserver/autosign.conf.erb delete mode 100644 templates/loadbalancer/monitor.erb delete mode 100644 templates/network/dnsmasq-neutron.conf.erb delete mode 100644 templates/selinux/sysconfig_selinux.erb delete mode 100644 templates/storage/ceph/ceph-client.conf.erb delete mode 100644 templates/storage/ceph/secret-compute.xml.erb diff --git a/.forgeignore b/.forgeignore deleted file mode 100644 index 76033ecf..00000000 --- a/.forgeignore +++ /dev/null @@ -1,14 +0,0 @@ -- pkg/ -- spec/ -- Rakefile -- Puppetfile -- coverage/ -- .git/ -- .forgeignore -- .travis.yml -- .gitignore -- doc/ -- .yardoc/ -- Gemfile -- Gemfile.lock -- .fixtures.yml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index e9cf8062..00000000 --- a/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -*.swp -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp -Gemfile.lock -.vendor -doc/ -.yardoc -.librarian/ -.tmp/ diff --git a/.gitreview b/.gitreview deleted file mode 100644 index d238e955..00000000 --- a/.gitreview +++ /dev/null @@ -1,4 +0,0 @@ -[gerrit] -host=review.openstack.org -port=29418 -project=stackforge/puppet-openstack-cloud.git diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b445b4c9..00000000 --- a/.travis.yml +++ /dev/null @@ -1,15 +0,0 @@ -language: ruby -script: "bundle exec rake test COV=y SPEC_OPTS='--format documentation --color --backtrace'" -rvm: - - 1.9.3 - - 2.0.0 -matrix: - fast_finish: true -env: - matrix: - - PUPPET_GEM_VERSION="~> 3.3.0" - - PUPPET_GEM_VERSION="~> 3.4.0" - - PUPPET_GEM_VERSION="~> 3.6.0" - - PUPPET_GEM_VERSION="~> 3.7.0" -notifications: - email: false diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index b7e06eb0..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,120 +0,0 @@ -##2014-10-24 - Features release 2.2.0 -###Summary -* Sensu as first implementation of monitoring system -* Glance now supports NFS image storage backend -* Cinder now supports EMC VNX & iSCSI volume backends -* Nova now supports NFS instance storage backend -* Neutron now supports Cisco plugins with N1KV hardware (experimental) -* RabbitMQ can now be load-balanced by HAproxy -* Keystone roles for Heat are now created automatically -* Support for keepalived authentification -* MongoDB replicaset is now an option, so MongoDB can be standalone -* MySQL Galera has been tweaked to have better performances at scale -* Nova configuration has been tweaked to use read-only database feature and have better performances at scale -* Trove has been disabled by default since it's still in experimental status -* HAproxy: Allow user to bind multiple public/private IPs -* keepalived: allow vrrp traffic on a dedicated interface -* When running KVM, we check if VTX is really enabled -* HAproxy checks have been improve for OpenStack services -* Neutron: allow to specify tunnel type (i.e. VXLAN) -* Horizon: ALLOWED_HOST can now be controlled by the module -* Horizon: Allow user to speficy broader apache vhost settings -* Nova/RBD: support for RHEL 7 - -####Bugfixes -* Fix correct Puppet Ceph dependencies which could lead to bootstrap issues -* Fix issues with instance live migration support (nova configuration) -* Fix HAproxy checks for Spice (TCP instead of HTTP) - -####Known Bugs -* No known bugs - -##2014-07-15 - Features release 2.1.0 -###Summary -* Advanced logging support with kibana3, elasticsearch and fluentd -* Improve SSL termination support -* File backend support for Glance -* OpenStack Database as a Service support (Trove) as experimental -* Pacemaker support in Red-Hat -* heat-engine is no more managed as a single point of failure - -####Bugfixes -* Fix heat-cfn & heat-cloudwatch HAproxy binding -* Fix issues when using SSL termination - -####Known Bugs -* No known bugs - -##2014-06-19 - Features release 2.0.0 -###Summary -* Icehouse release support -* OpenStack Object Storage support (Swift) -* Neutron Metadata multi-worker -* RBD flexibility on compute nodes -* Keystone and Nova v3 API support -* SSL termination support - -####Bugfixes -* Fix nova-compute service when using RBD backend -* Fix cinder-volume service when creating a volume type -* Enable to have Swift Storage & Ceph OSD on same nodes - -####Known Bugs -* No known bugs - -##2014-05-06 - Features release 1.3.0 -###Summary -* High Availability refactorization -* OpenStack services separation in different classes -* DHCP Agent: Add support of DNS server declaration -* Defaults values for all puppet parameters, can now support Hiera. -* Fix all unit tests to pass Travis - -####Bugfixes -* Fix HAproxy configuration for Heat API binding - -####Known Bugs -* When using RBD as Nova Backend, nova-compute should be notified -* When creating a volume type, cinder-volume should be notified -* Impossible to attach a volume backend by RBD if not using RBD backend for Nova - -##2014-04-22 - Features release 1.2.0 -###Summary -* Now supports Ubuntu 12.04 -* Now supports Now supports Red Hat OpenStack Platform 4 -* Can be deployed on 3 nodes -* Add cluster note type support for RabbitMQ configuration -* Block storage can now be backend by multiple RBD pools - -####Bugfixes -* Fix a bug in Horizon in HTTP/HTTPS binding - -####Known Bugs -* No known bugs - -##2014-04-01 - Features release 1.1.0 -###Summary -* Updated puppetlabs-rabbitmq to 3.1.0 (RabbitMQ to 3.2.4) -* Add Cinder Muli-backend support -* NetApp support for Cinder as a backend -* Keystone uses now MySQL for tokens storage (due to several issues with Memcache backend) -* Back to upstream puppet-horizon from stackforge -* Servername parameter support in Horizon configuration to allow SSL redirections -* puppet-openstack-cloud module QA is done by Travis -* network: add dhcp\_lease\_duration parameter support - -####Bugfixes -* neutron: increase agent polling interval - -####Known Bugs -* Bug in Horizon in HTTP/HTTPS binding (fixed in 1.2.0) - -##2014-03-13 - First stable version 1.0.0 -###Summary -* First stable version. - -####Bugfixes -* No - -####Known Bugs -* No known bugs diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 11c670ac..00000000 --- a/Gemfile +++ /dev/null @@ -1,19 +0,0 @@ -source 'https://rubygems.org' - -group :development, :test do - gem 'puppetlabs_spec_helper' - gem 'puppet-lint-param-docs', '1.1.0' - gem 'metadata-json-lint' - gem 'json' - gem 'webmock' - gem 'r10k' - gem 'librarian-puppet-simple', '~> 0.0.3' -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a0..00000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/Puppetfile b/Puppetfile deleted file mode 100644 index b6ef4f43..00000000 --- a/Puppetfile +++ /dev/null @@ -1,238 +0,0 @@ -# -# Copyright 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Puppetfile -forge 'http://forge.puppetlabs.com' - -# OpenStack projects -mod 'openstacklib', - :git => 'git://github.com/enovance/puppet-openstacklib.git', - :ref => '176d7d65911eafab9d04d2053e77c69ff2c40e44' -mod 'ceilometer', - :git => 'git://github.com/enovance/puppet-ceilometer.git', - :ref => '64d8cfb8c1637871bba8c692d0c8184b75aceba2' -mod 'cinder', - :git => 'git://github.com/enovance/puppet-cinder.git', - :ref => '8d9524fac34daf7ef0ac336ef32fd3f75b6bddb1' -mod 'glance', - :git => 'git://github.com/enovance/puppet-glance.git', - :ref => '57685754d3e96cfaf863c9a98bf6b517e4ddb334' -mod 'heat', - :git => 'git://github.com/enovance/puppet-heat.git', - :ref => 'f2d08f6c340e19ad39d257f7a82c57afe6e342cc' -mod 'horizon', - :git => 'git://github.com/enovance/puppet-horizon.git', - :ref => 'f04c63881735c59a4d74390f20a35edd3a69e71e' -mod 'keystone', - :git => 'git://github.com/enovance/puppet-keystone.git', - :ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b' -mod 'neutron', - :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => 'e981bc2533b349fae3e06ca3989f1bceece94610' -mod 'nova', - :git => 'git://github.com/enovance/puppet-nova.git', - :ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4' -mod 'swift', - :git => 'git://github.com/enovance/puppet-swift.git', - :ref => '1e4ebee1e88f946dfe4ed078437dc20b28698b53' -mod 'tempest', - :git => 'git://github.com/enovance/puppet-tempest.git', - :ref => 'f5e87cad5de119bd483006f06efcd22a34d8bdc4' -mod 'trove', - :git => 'git://github.com/enovance/puppet-trove.git', - :ref => '16e82e68ea62efec3ec7e11d7b9887e16b773372' - -# Dependency -mod 'apache', - :git => 'git://github.com/enovance/puppetlabs-apache.git', - :ref => 'e4ec6d4985fdb23e26c809e0d5786823d0689f90' -mod 'apt', - :git => 'git://github.com/enovance/puppetlabs-apt.git', - :ref => '9b001af8775c7231ea2656b7eb43d6141b536f49' -mod 'boolean', - :git => 'git://github.com/enovance/puppet-boolean.git', - :ref => '157011a4eaa27f1202a9d94335ee4876b26d377e' -mod 'ceph', - :git => 'git://github.com/enovance/puppet-ceph.git', - :ref => '3b58acf9fdf567bf40d17b3c803c940f1ddc70d1' -#FIXME -mod 'cloud', - :git => 'git://github.com/stackforge/puppet-openstack-cloud.git', - :ref => 'master' -mod 'common', - :git => 'git://github.com/enovance/puppet-module-common.git', - :ref => '2d0606fce1078222dd483e731ec32807f5b4ca53' -mod 'cassandra', - :git => 'git://github.com/enovance/cassandra.git', - :ref => '124f472128d178f52e2233d6aa8a0f1285f73c49' -mod 'concat', - :git => 'git://github.com/enovance/puppet-concat.git', - :ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5' -mod 'contrail', - :git => 'git://github.com/enovance/puppet-contrail.git', - :ref => '2b135d5b9f00c26b357bf2f55082701f01e0670a' -mod 'corosync', - :git => 'git://github.com/enovance/puppetlabs-corosync.git', - :ref => '7bbdcd8c57beab6ba24b06ef5aaee2462f8d3d24' -mod 'dnsclient', - :git => 'git://github.com/enovance/puppet-module-dnsclient.git', - :ref => '4158b30f4660623f98dcdbd1ce9b482556180b57' -mod 'datacat', - :git => 'git://github.com/enovance/puppet-datacat.git', - :ref => '6a2017b31a8808de35b89d90b9e2b681ef9a0918' -mod 'elasticsearch', - :git => 'git://github.com/enovance/puppet-elasticsearch.git', - :ref => '6d08442e8382f0f47388d4185122992c2d73cd9b' -mod 'gcc', - :git => 'git://github.com/enovance/puppetlabs-gcc.git', - :ref => '272e6595a2f4824dafa71a2b751960659c05c35d' -mod 'git', - :git => 'git://github.com/enovance/puppetlabs-git.git', - :ref => '0df1f62130a7752c728efb7555f2b07ca178ee5b' -mod 'hiera', - :git => 'git://github.com/enovance/puppet-hiera.git', - :ref => '1d407be61d800034409e4595a6fb73004b10f70f' -mod 'java', - :git => 'git://github.com/enovance/puppetlabs-java.git', - :ref => '5f60d5e2c041848b4c3e71c0aa6ba99b87774d4a' -mod 'firewall', - :git => 'git://github.com/enovance/puppetlabs-firewall.git', - :ref => '4ed1b43e1629c1b6108133b0fc3be603d03ffe6c' -mod 'fluentd', - :git => 'git://github.com/enovance/puppet-fluentd.git', - :ref => 'f77c3f27e0b91a60c1ee413aa0f4f5704c97955a' -mod 'haproxy', - :git => 'git://github.com/enovance/puppetlabs-haproxy.git', - :ref => 'fc1166f28d411dfd4f59d4bfd6936595c014a11b' -mod 'inifile', - :git => 'git://github.com/enovance/puppetlabs-inifile.git', - :ref => 'ae23a4db97d2815ec305d0529912685f07746d3c' -mod 'kafka', - :git => 'git://github.com/enovance/puppet-kafka.git', - :ref => '9ed9993ef53e4c1f2897e5191ee7fccfac866dfe' -mod 'keepalived', - :git => 'git://github.com/enovance/puppet-module-keepalived.git', - :ref => 'eb345b6d3b25106cbe166028f2b8dd9974a10230' -mod 'kibana3', - :git => 'git://github.com/enovance/kibana3.git', - :ref => '1c448ef538bb08236cad382b2621d6d09bee1f63' -mod 'vcsrepo', - :git => 'git://github.com/enovance/puppetlabs-vcsrepo.git', - :ref => '4592bfd59cd5d4795069798a14b483e16c98c1ff' -mod 'kmod', - :git => 'git://github.com/enovance/puppet-kmod.git', - :ref => 'accc40093e6f8ee9cc472e9eb6ba3bab4bad3a1f' -mod 'kwalify', - :git => 'git://github.com/puppetlabs/puppetlabs-kwalify.git', - :ref => 'e0079c6485d7cbfc846d956e650913e1b3ccfb6d' -mod 'libvirt', - :git => 'git://github.com/enovance/puppetlabs-libvirt.git', - :ref => '05808874715ca3e899861a0af139e6a48255d3cb' -mod 'limits', - :git => 'git://github.com/enovance/puppet-limits.git', - :ref => '8cb15495e55ce86bacf17f6a80a8c70ac35fc9c0' -mod 'logrotate', - :git => 'git://github.com/enovance/puppet-logrotate.git', - :ref => 'f4d12356301fa2992f51dc7225037bb07556cb28' -mod 'memcached', - :git => 'git://github.com/enovance/puppet-memcached.git', - :ref => 'd009260de3c7623003318555ec5ca61217ea3ca1' -mod 'mongodb', - :git => 'git://github.com/enovance/puppetlabs-mongodb.git', - :ref => '030100a176a72a32e265b77790d8d15407a13729' -mod 'mysql', - :git => 'git://github.com/enovance/puppetlabs-mysql.git', - :ref => '8b814d4d2cb5786a15e8e37fb3b7444d5d5f0d3f' -# TODO(EmilienM) Come back to upstream after -# https://github.com/ghoneycutt/puppet-module-nfs/pull/43 got merged. -mod 'nfs', - :git => 'git://github.com/enovance/puppet-module-nfs.git', - :ref => '6f840a522679c6a8ebe340d86f9c4325a2103629' -mod 'ntp', - :git => 'git://github.com/enovance/puppetlabs-ntp.git', - :ref => 'eb02ba2937ce86fb609ae41499767244b78ec58d' -mod 'pacemaker', - :git => 'git://github.com/enovance/puppet-pacemaker.git', - :ref => '56bbb3580bb7fa62bf57c2ed7a30b938e42b8cc3' -mod 'partial', - :git => 'git://github.com/enovance/puppet-partial.git', - :ref => '1308d5341872911359e884fd84e4dd175fda632f' -mod 'postgresql', - :git => 'git://github.com/enovance/puppetlabs-postgresql.git', - :ref => '0b483a2796e77d670e326a01fce57465d2c08774' -mod 'puppetdb', - :git => 'git://github.com/enovance/puppetlabs-puppetdb.git', - :ref => 'b482ad8efa94283099cee0aaedd194f50753f7b0' -mod 'puppetdbquery', - :git => 'git://github.com/enovance/puppet-puppetdbquery.git', - :ref => '89194917744f929bb600c31d7d6f822b529f5f03' -# TODO(emilienM) https://tickets.puppetlabs.com/browse/PDB-1223 -mod 'rabbitmq', - :git => 'git://github.com/enovance/puppetlabs-rabbitmq.git', - :ref => '7d3a3a1859d344c4e49d4c257c4ea0b9b0460c33' -mod 'redis', - :git => 'git://github.com/arioch/puppet-redis.git', - :ref => '51e35cc9a743dd8f992effae25d92e18aafe8b46' -mod 'rhnreg_ks', - :git => 'git://github.com/enovance/puppet-rhnreg_ks.git', - :ref => '8fdc051992b44a09f39d3b510d7cd6db5ed5ff66' -mod 'rpcbind', - :git => 'git://github.com/enovance/puppet-module-rpcbind.git', - :ref => 'da943d26f09f9658159c1190e058bf1af88f465d' -mod 'rsync', - :git => 'git://github.com/enovance/puppetlabs-rsync.git', - :ref => '7122983d89bf68bc4170415cc03212f6a8a4636e' -mod 'sensu', - :git => 'git://github.com/enovance/sensu-puppet.git', - :ref => '4a16ebf3503bfc9ae6192ae3120cb29b9e5c8445' -mod 'ssh', - :git => 'git://github.com/enovance/puppet-ssh.git', - :ref => '3906425ff06bcabc4d677a3f01372d8a26f93e94' -mod 'rsyslog', - :git => 'git://github.com/enovance/puppet-rsyslog.git', - :ref => '67c7c501b916ebd1a27a8a218d49602339526c4f' -mod 'stdlib', - :git => 'git://github.com/enovance/puppetlabs-stdlib.git', - :ref => 'fb42396c75d90ce3a9473e2a7ed22682266ea03f' -mod 'sudo', - :git => 'git://github.com/enovance/puppet-sudo.git', - :ref => '6875e3c16bb17149fb24d49d45e8dc32bacbdfaf' -mod 'sysctl', - :git => 'git://github.com/enovance/puppet-sysctl.git', - :ref => 'aca277a3d407359ced96267cd2b3205bd8ab9c48' -mod 'types', - :git => 'git://github.com/enovance/puppet-module-types.git', - :ref => '4c58ae8b6cdb1a9da3da9654a35375e274019dfb' -mod 'uchiwa', - :git => 'git://github.com/enovance/yelp-uchiwa.git', - :ref => '8eafd8167ff7d4f1cd696e4d098e3e1497c28279' -mod 'vswitch', - :git => 'git://github.com/enovance/puppet-vswitch.git', - :ref => '49dbaff15e8f017dbe365ebf08eb505472b695a1' -mod 'wget', - :git => 'git://github.com/enovance/puppet-wget.git', - :ref => '1c3ea6f1c822a99b52defb87305ea5977cba4293' -mod 'xinetd', - :git => 'git://github.com/enovance/puppetlabs-xinetd.git', - :ref => '0740f5343b54523d9ed27f65c05f6c9f045f022b' -mod 'openstack_extras', - :git => 'git://github.com/enovance/puppet-openstack_extras.git', - :ref => '537ed9e3750178fcfffa3ae476727cb1f4e65fb9' -mod 'staging', - :git => 'git://github.com/enovance/puppet-staging.git', - :ref => 'bc434a71e19aae54223d57c274e2e1a7f9546d5e' -mod 'zookeeper', - :git => 'git://github.com/enovance/puppet-zookeeper-1.git', - :ref => '2617a4e5e01aaa7b597c533a3229cba71db4517b' diff --git a/README.md b/README.md deleted file mode 100644 index 063103ff..00000000 --- a/README.md +++ /dev/null @@ -1,151 +0,0 @@ -# puppet-openstack-cloud - -[![Build Status](https://api.travis-ci.org/enovance/puppet-openstack-cloud.svg?branch=master)](https://travis-ci.org/enovance/puppet-openstack-cloud) -[![Puppet Forge](http://img.shields.io/puppetforge/v/eNovance/cloud.svg)](https://forge.puppetlabs.com/eNovance/cloud) -[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) - -#### Table of Contents - -1. [Overview - What is the cloud module?](#overview) -2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with puppet-openstack-cloud](#setup) -4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Getting Involved - How to go deeper](#involved) -7. [Development - Guide for contributing to the module](#development) -8. [Contributors - Those with commits](#contributors) -9. [Release Notes - Notes on the most recent updates to the module](#release-notes) - -## Overview - -The [puppet-openstack-cloud](https://wiki.openstack.org/wiki/Puppet-openstack/puppet-openstack-cloud) module is a flexible Puppet composition layer capable of configuring the core [OpenStack](http://docs.openstack.org/) services: - -* [Nova](https://github.com/stackforge/puppet-nova) (compute) -* [Glance](https://github.com/stackforge/puppet-glance) (image) -* [Keystone](https://github.com/stackforge/puppet-keystone) (identity) -* [Cinder](https://github.com/stackforge/puppet-cinder) (volume) -* [Horizon](https://github.com/stackforge/puppet-horizon) (dashboard) -* [Heat](https://github.com/stackforge/puppet-heat) (orchestration) -* [Ceilometer](https://github.com/stackforge/puppet-ceilometer) (telemetry) -* [Neutron](https://github.com/stackforge/puppet-neutron) (networking) -* [Swift](https://github.com/stackforge/puppet-swift) (object storage) -* [Trove](https://github.com/stackforge/puppet-trove) (database as a service) - -Cinder, Glance and Nova can use Ceph as backend storage, using [puppet-ceph](https://github.com/enovance/puppet-ceph). - -Only KVM and QEMU are supported as hypervisors, for now. - -Neutron use ML2 plugin with GRE and Open-vSwitch drivers. - -Cinder has multi-backend support: - -* RBD (default) -* NetAPP -* iSCSI -* EMC VNX direct -* NFS - -Glance supports different backends: - -* RBD (default) -* file -* NFS (mount a NFS share by using file backend) -* Swift - -Neutron supports: - -* ML2 plugin with OVS agent (GRE + VXLAN supported) -* Cisco plugin with N1KV agent (non-ML2) - -Trove support is now experimental. - -[Puppet Modules](http://docs.puppetlabs.com/learning/modules1.html#modules) are a collection of related contents that can be used to model the configuration of a discrete service. - -These Puppet modules are based on the [openstack documentation](http://docs.openstack.org/). - -## Module Description - -There are a lot of moving pieces in OpenStack, consequently there are several Puppet modules needed to cover all these pieces. Each module is then made up of several class definitions, resource declarations, defined resources, and custom types/providers. A common pattern to reduce this complexity in Puppet is to create a composite module that bundles all these component type modules into a common set of configurations. The cloud module is doing this compositing and exposing a set of variables needed to be successful in getting a functional stack up and running. - -### Pre-module Dependencies - -* [Puppet](http://docs.puppetlabs.com/puppet/) 3 or greater -* [Facter](http://www.puppetlabs.com/puppet/related-projects/facter/) 1.6.1 or greater (versions that support the osfamily fact) - -### Notes about Puppet3 - -Puppet 3.x isn't yet available on Debian/RedHat stable osfamily, but hopefully puppet provides a Official repository, please see [this page](http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html) for the setup. - -**Platforms** - -These modules have been fully tested on Ubuntu Precise and Debian Wheezy and RHEL 6. - -## Setup - -**What the cloud module affects** - -* The entirety of OpenStack! - -### Installing Puppet - -Puppet Labs provides two tools for getting started with managing configuration modeling with Puppet, Puppet Enterprise or its underlying opensource projects, i.e. Puppet and MCollective. - -* [Puppet Enterprise](http://docs.puppetlabs.com/#puppet-enterprisepelatest) is a complete configuration management platform, with an optimized set of components proven to work well together. Is free up to 10 nodes so if you're just using Puppet for OpenStack management this might just work perfectly. It will come configured with a handful of extra components that make for a richer experience, like a web interface for managing the orchestration of Puppet and certificate management. -* [Puppet](http://docs.puppetlabs.com/#puppetpuppet) manages your servers: you describe machine configurations in an easy-to-read declarative language, and Puppet will bring your systems into the desired state and keep them there. This is the opensource version of Puppet and should be available in your operating system's package repositories but it is generally suggested you use the [yum](http://yum.puppetlabs.com) or [apt](http://apt.puppetlabs.com) repositories from Puppet Labs if possible. - -Consult the documentation linked above to help you make your decision but don't fret about the choice to much, opensource Puppet agents are compatible with Puppet Enterprise Puppet masters. - -### Optional Puppet features - -The swift portions of this module needs Puppet's [exported resources](http://docs.puppetlabs.com/puppet/3/reference/lang_exported.html). Exported resources leverages the PuppetDB to export and share data across other Puppet managed nodes. - -### Installing latest unstable cloud module from source - - cd /etc/puppet/modules - git clone git@github.com:redhat-openstack/openstack-puppet-modules.git modules - cd modules - git checkout -b puppet-openstack-cloud origin/enovance - gem install --no-ri --no-rdoc r10k - # a debian package is available in jessie - PUPPETFILE=./Puppetfile PUPPETFILE_DIR=../ r10k --verbose 3 puppetfile install - -**Pre-puppet setup** - -The things that follow can be handled by Puppet but are out of scope of this document and are not included in the cloud module. - -### Beginning with puppet-openstack-cloud - -Utilization of this module can come in many forms. It was designed to be capable of deploying all services to a single node or distributed across several. This is not an exhaustive list, we recommend you consult and understand all the manifests included in this module and the [core openstack](http://docs.openstack.org) documentation. - - -## Implementation - -(more doc should be written here) - -## Limitations - -* Deploys only with rabbitmq and mysql RPC/data backends. -* Not backwards compatible with pre-2.x release of the cloud modules. - -## Getting Involved - -Need a feature? Found a bug? Let us know! - -We are extremely interested in growing a community of OpenStack experts and users around these modules so they can serve as an example of consolidated best practices of how to deploy OpenStack. - -The best way to get help with this set of modules is to email the group associated with this project: - - dev [at] enovance [dot] com - -Issues should be opened here: - - https://bugs.launchpad.net/puppet-openstack-cloud/+filebug - - -## Contributors - -* http://stackalytics.com/?project_type=stackforge&module=puppet-openstack-cloud&release=all&metric=commits - -## Release Notes - -See [CHANGELOG](https://github.com/stackforge/puppet-openstack-cloud/blob/master/CHANGELOG.md) file. diff --git a/README.rst b/README.rst new file mode 100644 index 00000000..9006052a --- /dev/null +++ b/README.rst @@ -0,0 +1,7 @@ +This project is no longer maintained. + +The contents of this repository are still available in the Git source code +management system. To see the contents of this repository before it reached +its end of life, please check out the previous commit with +"git checkout HEAD^1". + diff --git a/Rakefile b/Rakefile deleted file mode 100644 index 447199e3..00000000 --- a/Rakefile +++ /dev/null @@ -1,80 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : -# -NAME = 'eNovance-cloud' -TDIR = File.expand_path(File.dirname(__FILE__)) - -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' -require 'puppet-syntax/tasks/puppet-syntax' - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -# for manifest loadbalancer.pp +39 (default value as an array of variables) -PuppetLint.configuration.send('disable_class_parameter_defaults') -# manifests/image/api.pp - WARNING: string containing only a variable on line 189 -PuppetLint.configuration.send('disable_only_variable_string') -# For stonith-enabled (it's a string not a bool) -PuppetLint.configuration.send('disable_quoted_booleans') -# Ignore all upstream modules -exclude_paths = ['spec/**/*','pkg/**/*','vendor/**/*'] -exclude_lint_paths = exclude_paths - -PuppetLint.configuration.ignore_paths = exclude_lint_paths -PuppetSyntax.exclude_paths = exclude_paths - - -task(:default).clear -task :default => :test - -desc 'Run syntax, lint and spec tests' -task :test => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec] - -desc 'Run syntax, lint and spec tests (without fixture purge = train/airplane)' -task :test_keep => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec_prep,:spec_standalone] - -if ENV['COV'] - desc 'Run syntax, lint, spec tests and coverage' - task :cov => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec_prep,:spec_standalone] -end - -desc "Validate the Puppetfile syntax" -task :validate_puppetfile do - $stderr.puts "---> syntax:puppetfile" - sh "r10k puppetfile check" -end - -desc "Validate the metadata.json syntax" -task :validate_metadata_json do - $stderr.puts "---> syntax:metadata.json" - sh "metadata-json-lint metadata.json" -end - -namespace :module do - desc "Build #{NAME} module (in a clean env) Please use this for puppetforge" - task :build do - exec "rsync -rv --exclude-from=#{TDIR}/.forgeignore . /tmp/#{NAME};cd /tmp/#{NAME};puppet module build" - end -end - -Rake::Task[:spec_prep].clear -desc 'Create the fixtures directory' -task :spec_prep do - FileUtils::mkdir_p('spec/fixtures/modules') - FileUtils::mkdir_p('spec/fixtures/manifests') - FileUtils::touch('spec/fixtures/manifests/site.pp') - sh 'librarian-puppet install --path=spec/fixtures/modules' - if File.exists?('spec/fixtures/modules/cloud') - FileUtils::rm_rf('spec/fixtures/modules/cloud') - FileUtils::ln_s(TDIR, 'spec/fixtures/modules/cloud') - end -end - -Rake::Task[:spec_clean].clear -desc 'Clean up the fixtures directory' -task :spec_clean do - sh 'librarian-puppet clean --path=spec/fixtures/modules' - if File.zero?('spec/fixtures/manifests/site.pp') - FileUtils::rm_f('spec/fixtures/manifests/site.pp') - end -end diff --git a/files/qemu/qemu.conf b/files/qemu/qemu.conf deleted file mode 100644 index 93f1ff42..00000000 --- a/files/qemu/qemu.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Managed by Puppet -# Module cloud::compute::hypervisor -user = "root" -group = "root" -cgroup_device_acl = [ - "/dev/null", "/dev/full", "/dev/zero", - "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", "/dev/kqemu", - "/dev/rtc", "/dev/hpet", "/dev/net/tun", -] -clear_emulator_capabilities = 1 diff --git a/lib/facter/edeploy.rb b/lib/facter/edeploy.rb deleted file mode 100644 index 58ece7c4..00000000 --- a/lib/facter/edeploy.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Fact: edeploy -# -Facter.add('edeploy_role_version') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy version') - end - end -end - -Facter.add('edeploy_role_name') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy role') - end - end -end - -Facter.add('edeploy_profile') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy profile') - end - end -end diff --git a/lib/facter/galera_bootstrapped.rb b/lib/facter/galera_bootstrapped.rb deleted file mode 100644 index 6a786304..00000000 --- a/lib/facter/galera_bootstrapped.rb +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Fact: galera_bootstrapped -# -Facter.add('galera_bootstrapped') do - setcode do - FileTest.exists?('/var/lib/mysql/grastate.dat') - end -end diff --git a/lib/facter/vtx.rb b/lib/facter/vtx.rb deleted file mode 100644 index faec42d5..00000000 --- a/lib/facter/vtx.rb +++ /dev/null @@ -1,27 +0,0 @@ -# Fact: vtx -# -# Purpose: -# Determine whether VT-X is enabled on the node. -# -# Resolution: -# Checks for vmx (intel) or svm (amd) is part of /proc/cpuinfo flags -# -# Caveats: -# - -# Author: Emilien Macchi - -Facter.add('vtx') do - confine :kernel => :linux - setcode do - result = false - begin - # test on Intel and AMD plateforms - if File.read('/proc/cpuinfo') =~ /(vmx|svm)/ - result = true - end - rescue - end - result - end -end diff --git a/manifests/clustering.pp b/manifests/clustering.pp deleted file mode 100644 index f5d6c3b9..00000000 --- a/manifests/clustering.pp +++ /dev/null @@ -1,151 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -# == Class: cloud::clustering -# -# Initialize Pacemaker / Corosync cluster -# -# === Parameters: -# -# [*cluster_members*] -# (required) Array of hostnames of cluster nodes -# -# [*cluster_ip*] -# (optional) IP address used by Corosync to send multicast traffic -# Defaults to '127.0.0.1' -# -# [*cluster_auth*] -# (optional) Controls corosync's ability to authenticate and encrypt -# multicast messages. -# Defaults to false -# -# [*cluster_authkey*] -# (optional) Specifies the path to the CA which is used to sign Corosync's -# certificate. -# Defaults to '/var/lib/puppet/ssl/certs/ca.pem' -# -# [*cluster_recheck_interval*] -# (optional) This tells the cluster to periodically recalculate the ideal -# state of the cluster. -# Defaults to 5min -# -# [*pe_warn_series_max*] -# (optional) The number of PE inputs resulting in WARNINGs to save. Used when -# reporting problems. -# Defaults to 1000 -# -# [*pe_input_series_max*] -# (optional) The number of "normal" PE inputs to save. Used when reporting -# problems. -# Defaults to 1000 -# -# [*pe_error_series_max*] -# (optional) The number of PE inputs resulting in ERRORs to save. Used when -# reporting problems. -# Defaults to 1000 -# -# [*multicast_address*] -# (optionnal) IP address used to send multicast traffic -# Defaults to '239.192.168.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be a hash. -# Default to {} -# -class cloud::clustering ( - $cluster_members, - $cluster_ip = '127.0.0.1', - $cluster_auth = false, - $cluster_authkey = '/var/lib/puppet/ssl/certs/ca.pem', - $cluster_recheck_interval = '5min', - $pe_warn_series_max = 1000, - $pe_input_series_max = 1000, - $pe_error_series_max = 1000, - $multicast_address = '239.192.168.1', - $firewall_settings = {}, -) { - - if $::osfamily == 'RedHat' { - $packages = ['corosync', 'pacemaker', 'pcs'] - $set_votequorum = true - - Service['pcsd'] -> Cs_property<||> - Service['pacemaker'] -> Cs_property<||> - - service { 'pcsd': - ensure => 'running', - enable => true, - require => Class['corosync'], - } -> service { 'pacemaker': - ensure => 'running', - enable => true, - require => Class['corosync'], - } - } else { - $packages = ['corosync', 'pacemaker'] - $set_votequorum = false - } - - class { 'corosync': - enable_secauth => $cluster_auth, - authkey => $cluster_authkey, - bind_address => $cluster_ip, - multicast_address => $multicast_address, - packages => $packages, - set_votequorum => $set_votequorum, - quorum_members => $cluster_members, - } - - corosync::service { 'pacemaker': - version => '0', - } - - Package['corosync'] -> Cs_property<||> - cs_property { - # Doesn't work with pcs yet (Fedora20), but will work in future: - # -> https://github.com/feist/pcs/issues/20 - #'cluster-recheck-interval': value => $cluster_recheck_interval; - 'pe-warn-series-max': value => $pe_warn_series_max; - 'pe-input-series-max': value => $pe_input_series_max; - 'pe-error-series-max': value => $pe_error_series_max; - } - if count($cluster_members) < 3 { - # stonith is not required for less then 3 nodes, also quorum can be hold - # only with three or more nodes - cs_property { - 'no-quorum-policy': value => 'ignore'; - 'stonith-enabled': value => 'false'; - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow vrrp access': - port => undef, - proto => 'vrrp', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow corosync tcp access': - port => ['2224', '3121', '21064'], - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow corosync udp access': - port => ['5404', '5405'], - proto => 'udp', - extras => $firewall_settings, - } - } -} diff --git a/manifests/clustering/pacemaker_colocation.pp b/manifests/clustering/pacemaker_colocation.pp deleted file mode 100644 index 0a823243..00000000 --- a/manifests/clustering/pacemaker_colocation.pp +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a Pacemaker colocation rule -# -# === Parameters -# -# [*service*] -# (required) Name of the service to be colocated with others -# Defaults to $name -# -# [*colocated_with*] -# (optional) List of services to be colocated with service1 -# Should be an array. -# Defaults to [] -# -# [*order*] -# (optional) Do not use in a manifest. It is used to iterate -# through the list of services to be colocated with $service. -# Defaults to '0' -define cloud::clustering::pacemaker_colocation( - $service = $name, - $colocated_with = [], - $order = '0' -) { - $service1 = inline_template('<%= @colocated_with[@order.to_i] %>') - if $service1 { - $colocation_name = "${service}-with-${service1}" - - cs_colocation { $colocation_name : - primitives => [ "p_${service}", "p_${service1}" ], - } - - $neworder = inline_template('<%= @order.to_i + 1 %>') - - cloud::clustering::pacemaker_colocation { "${service}-${neworder}": - service => $service, - colocated_with => $colocated_with, - order => $neworder - } - } -} - diff --git a/manifests/clustering/pacemaker_order.pp b/manifests/clustering/pacemaker_order.pp deleted file mode 100644 index 4459b949..00000000 --- a/manifests/clustering/pacemaker_order.pp +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a Pacemaker order constraint -# -# === Parameters -# -# [*first*] -# (required) List of services to be executed before $service -# Should be an array. -# Defaults to [] -# -# [*service*] -# (optional) Service to be executed after all services in $first -# Defaults to $name -# -# [*order*] -# (optional) Do not use in a manifest. It is used to iterate -# through the list of services to be executed before $service. -# Defaults to '0' -define cloud::clustering::pacemaker_order( - $first = [], - $service = $name, - $order = '0' -) { - $service1 = inline_template('<%= @first[@order.to_i] %>') - if $service1 { - $order_name = "${service1}-before-${service}" - - cs_order { $order_name : - first => "p_${service1}", - second => "p_${service}", - } - - $neworder = inline_template('<%= @order.to_i + 1 %>') - - cloud::clustering::pacemaker_order { "${service}-${neworder}": - first => $first, - service => $service, - order => $neworder - } - } -} diff --git a/manifests/clustering/pacemaker_service.pp b/manifests/clustering/pacemaker_service.pp deleted file mode 100644 index 48b4d9c3..00000000 --- a/manifests/clustering/pacemaker_service.pp +++ /dev/null @@ -1,111 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a service to be controlled by Pacemaker -# -# -# === Parameters -# -# [*service_name*] -# (optional) Name of the service to be put under Pacemaker control -# Defaults to $name -# -# [*primitive_class*] -# (optional) Pacemaker primitive class -# Defaults to 'systemd' -# -# [*primitive_provider*] -# (optional) Pacemaker primitive provider for OCF scripts -# Examples: 'ocf','heartbeat' -# Defaults to false -# -# [*primitive_type*] -# (optional) The type of the primitive: OCF file name, or operating -# system-native service if using systemd, upstart or lsb as -# primitive_class -# Defaults to $service_name -# -# [*clone*] -# (optional) Create a cloned resource -# Defaults to false -# -# [*colocated_services*] -# (optional) A list of resources that should be colocated with this -# one -# Example: ["service2","service3"] -# Defaults to [] -# -# [*start_after*] -# (optional) A list of resources that should be started before this -# resource can be started. This will create a set of order constraints -# where every resourece in $start_after should be started before this -# resource can start -# Example: ["service2","service3"] -# Defaults to [] -# -# [*requires*] -# (optional) A list of required Puppet resources -# Defaults to [] -# -# Example: -# cloud::clustering::pacemaker_service { 'openstack-glance-api' : -# service_name => 'openstack-glance-api', -# primitive_class => 'systemd', -# primitive_provider => false, -# primitive_type => 'openstack-glance-api', -# clone => false, -# colocated_services => ["openstack-keystone"], -# start_after => ["openstack-keystone"], -# requires => Package['openstack-glance'], -# } -define cloud::clustering::pacemaker_service ( - $service_name = $name, - $primitive_class = 'systemd', - $primitive_provider = false, - $primitive_type = $service_name, - $clone = false, - $colocated_services = [], - $start_after = [], - $requires = [], -) { - - openstack_extras::pacemaker::service { $service_name : - ensure => present, - metadata => {}, - ms_metadata => {}, - operations => {}, - parameters => {}, - primitive_class => $primitive_class, - primitive_provider => $primitive_provider, - primitive_type => $primitive_type, - use_handler => false, - clone => $clone, - require => $requires, - } - - if $colocated_services { - cloud::clustering::pacemaker_colocation { $service_name : - service => $service_name, - colocated_with => $colocated_services - } - } - - if $start_after { - cloud::clustering::pacemaker_order { $service_name : - first => $start_after, - service => $service_name - } - } -} diff --git a/manifests/compute.pp b/manifests/compute.pp deleted file mode 100644 index 5cbdcc83..00000000 --- a/manifests/compute.pp +++ /dev/null @@ -1,193 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute -# -# Common class for compute nodes -# -# === Parameters: -# -# [*nova_db_host*] -# (optional) Hostname or IP address to connect to nova database -# Defaults to '127.0.0.1' -# -# [*nova_db_use_slave*] -# (optional) Enable slave connection for nova, this assume -# the haproxy is used and mysql loadbalanced port for read operation is 3307 -# Defaults to false -# -# [*nova_db_user*] -# (optional) Username to connect to nova database -# Defaults to 'nova' -# -# [*nova_db_password*] -# (optional) Password to connect to nova database -# Defaults to 'novapassword' -# -# [*nova_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_internal_proto*] -# (optional) Internal protocol to connect to Glance API -# Defaults to 'http' -# -# [*glance_api_port*] -# (optional) TCP port to connect to Glance API -# Defaults to '9292' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*neutron_endpoint*] -# (optional) Host running auth service. -# Defaults to '127.0.0.1' -# -# [*neutron_protocol*] -# (optional) Protocol to connect to Neutron service. -# Defaults to 'http' -# -# [*neutron_password*] -# (optional) Password to connect to Neutron service. -# Defaults to 'neutronpassword' -# -# [*neutron_region_name*] -# (optional) Name of the Neutron Region. -# Defaults to 'RegionOne' -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*availability_zone*] -# (optional) Name of the default Nova availability zone. -# Defaults to 'RegionOne' -# -# [*cinder_endpoint_type*] -# (optional) Cinder endpoint type to use. -# Defaults to 'publicURL' -# -class cloud::compute( - $nova_db_host = '127.0.0.1', - $nova_db_use_slave = false, - $nova_db_user = 'nova', - $nova_db_password = 'novapassword', - $nova_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_internal_proto = 'http', - $glance_api_port = 9292, - $verbose = true, - $debug = true, - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $neutron_endpoint = '127.0.0.1', - $neutron_protocol = 'http', - $neutron_password = 'neutronpassword', - $neutron_region_name = 'RegionOne', - $memcache_servers = ['127.0.0.1:11211'], - $availability_zone = 'RegionOne', - $cinder_endpoint_type = 'publicURL' -) { - - if !defined(Resource['nova_config']) { - resources { 'nova_config': - purge => true; - } - } - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - nova_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/nova' - } - - $encoded_user = uriescape($nova_db_user) - $encoded_password = uriescape($nova_db_password) - - if $nova_db_use_slave { - $slave_connection_url = "mysql://${encoded_user}:${encoded_password}@${nova_db_host}:3307/nova?charset=utf8" - } else { - $slave_connection_url = false - } - - class { 'nova::db': - database_connection => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}/nova?charset=utf8", - slave_connection => $slave_connection_url, - database_idle_timeout => $nova_db_idle_timeout, - } - - class { 'nova': - rabbit_userid => 'nova', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", - memcached_servers => $memcache_servers, - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - nova_shell => '/bin/bash', - } - - class { 'nova::network::neutron': - neutron_admin_password => $neutron_password, - neutron_admin_auth_url => "${neutron_protocol}://${neutron_endpoint}:35357/v2.0", - neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696", - neutron_region_name => $neutron_region_name - } - - nova_config { - 'DEFAULT/resume_guests_state_on_host_boot': value => true; - 'DEFAULT/servicegroup_driver': value => 'mc'; - 'DEFAULT/glance_num_retries': value => '10'; - 'DEFAULT/cinder_catalog_info': value => "volume:cinder:${cinder_endpoint_type}"; - } - -} diff --git a/manifests/compute/api.pp b/manifests/compute/api.pp deleted file mode 100644 index cef710a7..00000000 --- a/manifests/compute/api.pp +++ /dev/null @@ -1,140 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::api -# -# Install a Nova-API node -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_password*] -# (optional) Password used by Nova to connect to Keystone API -# Defaults to 'novapassword' -# -# [*neutron_metadata_proxy_shared_secret*] -# (optional) Shared secret to validate proxies Neutron metadata requests -# Defaults to 'metadatapassword' -# -# [*api_eth*] -# (optional) Hostname or IP to bind Nova API. -# Defaults to '127.0.0.1' -# -# [*ks_nova_public_port*] -# (optional) TCP port for bind Nova API. -# Defaults to '8774' -# -# [*ks_ec2_public_port*] -# (optional) TCP port for bind Nova EC2 API. -# Defaults to '8773' -# -# [*ks_metadata_public_port*] -# (optional) TCP port for bind Nova metadata API. -# Defaults to '8775' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -# [*pacemaker_enabled*] -# (optional) Manage Nova API with Pacemaker or not. -# Default to false -# -class cloud::compute::api( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_nova_password = 'novapassword', - $neutron_metadata_proxy_shared_secret = 'metadatapassword', - $api_eth = '127.0.0.1', - $ks_nova_public_port = '8774', - $ks_ec2_public_port = '8773', - $ks_metadata_public_port = '8775', - $firewall_settings = {}, - $pacemaker_enabled = false, -){ - - include cloud::compute - include cloud::params - include nova::params - - class { 'nova::api': - enabled => true, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - admin_password => $ks_nova_password, - api_bind_address => $api_eth, - metadata_listen => $api_eth, - neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_shared_secret, - osapi_v3 => true, - } - - if $pacemaker_enabled { - cloud::clustering::pacemaker_service { $::nova::params::api_service_name: - service_name => $::nova::params::api_service_name, - primitive_class => $::cloud::params::service_provider, - requires => Package[$::nova::params::api_package_name], - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow nova-api access': - port => $ks_nova_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow nova-metadata access': - port => $ks_metadata_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow nova-ec2 access': - port => $ks_ec2_public_port, - extras => $firewall_settings, - } - } - - include 'nova::cron::archive_deleted_rows' - - @@haproxy::balancermember{"${::fqdn}-compute_api_ec2": - listening_service => 'ec2_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_ec2_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-compute_api_nova": - listening_service => 'nova_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_nova_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-compute_api_metadata": - listening_service => 'metadata_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_metadata_public_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/compute/cert.pp b/manifests/compute/cert.pp deleted file mode 100644 index e9770fc7..00000000 --- a/manifests/compute/cert.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Certificate node -# -class cloud::compute::cert { - - include 'cloud::compute' - - class { 'nova::cert': - enabled => true, - } - -} diff --git a/manifests/compute/conductor.pp b/manifests/compute/conductor.pp deleted file mode 100644 index 4ac4031d..00000000 --- a/manifests/compute/conductor.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Conductor node -# -class cloud::compute::conductor { - - include 'cloud::compute' - - class { 'nova::conductor': - enabled => true, - } - -} diff --git a/manifests/compute/consoleauth.pp b/manifests/compute/consoleauth.pp deleted file mode 100644 index 4e282598..00000000 --- a/manifests/compute/consoleauth.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Authenfication Console node -# -class cloud::compute::consoleauth { - - include 'cloud::compute' - - class { 'nova::consoleauth': - enabled => true, - } - -} diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp deleted file mode 100644 index bfd815d1..00000000 --- a/manifests/compute/consoleproxy.pp +++ /dev/null @@ -1,95 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::consoleproxy -# -# Compute Proxy Console node -# -# === Parameters: -# -# [*api_eth*] -# (optional) Hostname or IP to bind Nova spicehtmlproxy service. -# Defaults to '127.0.0.1' -# -# [*console*] -# (optional) Nova's console type (spice or novnc) -# Defaults to 'novnc' -# -# [*protocol*] -# (optional) Nova's console protocol. -# Defaults to 'http' -# -# [*novnc_port*] -# (optional) TCP port to bind Nova novnc service. -# Defaults to '6080' -# -# [*spice_port*] -# (optional) TCP port to bind Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::compute::consoleproxy( - $api_eth = '127.0.0.1', - $console = 'novnc', - $protocol = 'http', - $novnc_port = '6080', - $spice_port = '6082', - $firewall_settings = {}, -){ - - include 'cloud::compute' - - case $console { - 'spice': { - $port = $spice_port - class { 'nova::spicehtml5proxy': - enabled => true, - host => $api_eth, - port => $port - } - } - 'novnc': { - $port = $novnc_port - class { 'nova::vncproxy': - enabled => true, - host => $api_eth, - port => $port, - vncproxy_protocol => $protocol - } - } - default: { - fail("Unsupported console type ${console}") - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ "100 allow ${console} access": - port => $port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-compute_${console}": - listening_service => "${console}_cluster", - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp deleted file mode 100644 index cef7ab55..00000000 --- a/manifests/compute/hypervisor.pp +++ /dev/null @@ -1,423 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::hypervisor -# -# Hypervisor Compute node -# -# === Parameters: -# -# [*server_proxyclient_address*] -# (optional) The IP address of the server running the console proxy client -# Defaults to '127.0.0.1' -# -# [*libvirt_type*] -# (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen -# Replaces libvirt_type -# Defaults to 'kvm' -# -# [*ks_nova_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_public_host*] -# (optional) Public Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*nova_ssh_public_key*] -# (optional) Install public key in .ssh/authorized_keys for the 'nova' user. -# Note: this parameter use the 'content' provider of Puppet, in consequence -# you must provide the entire ssh public key in this parameter. -# Defaults to undef -# -# [*nova_ssh_private_key*] -# (optional) Install private key into .ssh/id_rsa. -# Note: this parameter use the 'content' provider of Puppet, in consequence -# you must provide the entire ssh privatekey in this parameter. -# Defaults to undef -# -# [*console*] -# (optional) Nova's console type (spice or novnc) -# Defaults to 'novnc' -# -# [*novnc_port*] -# (optional) TCP port to connect to Nova vncproxy service. -# Defaults to '6080' -# -# [*spice_port*] -# (optional) TCP port to connect to Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*cinder_rbd_user*] -# (optional) The RADOS client name for accessing rbd volumes. -# Defaults to 'cinder' -# -# [*nova_rbd_pool*] -# (optional) The RADOS pool in which rbd volumes are stored. -# Defaults to 'vms' -# -# [*nova_rbd_secret_uuid*] -# (optional) The libvirt uuid of the secret for the cinder_rbd_user. -# Defaults to undef -# -# [*vm_rbd*] -# (optional) Enable or not ceph capabilities on compute node to store -# nova instances on ceph storage. -# Default to false. -# -# [*volume_rbd*] -# (optional) Enable or not ceph capabilities on compute node to attach -# cinder volumes backend by ceph on nova instances. -# Default to false. -# -# [*manage_tso*] -# (optional) Allow to manage or not TSO issue. -# Default to true. -# -# [*nfs_enabled*] -# (optional) Store (or not) instances on a NFS share. -# Defaults to false -# -# [*nfs_device*] -# (optional) NFS device to mount -# Example: 'nfs.example.com:/vol1' -# Required when nfs_enabled is at true. -# Defaults to false -# -# [*nfs_options*] -# (optional) NFS mount options -# Example: 'nfsvers=3,noacl' -# Defaults to 'defaults' -# -# [*filesystem_store_datadir*] -# (optional) Full path of data directory to store the instances. -# Don't modify this parameter if you don't know what you do. -# You may have side effects (SElinux for example). -# Defaults to '/var/lib/nova/instances' -# -# [*nova_shell*] -# (optional) Full path of shell to run for nova user. -# To disable live migration & resize, set it to '/bin/nologin' or false. -# Otherwise, set the value to '/bin/bash'. -# Need to be a valid shell path. -# Defaults to false -# -# [*ks_console_public_proto*] -# (optional) Protocol used to connect to console service. -# Defaults to false (use nova_public_proto) -# -# [*ks_console_public_host*] -# (optional) Hostname or IP used to connect to console service. -# Defaults to false (use nova_public_host) -# -# [*include_vswitch*] -# (optional) Should the class cloud::network::vswitch should be included. -# Defaults to true -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::compute::hypervisor( - $server_proxyclient_address = '127.0.0.1', - $libvirt_type = 'kvm', - $ks_nova_public_proto = 'http', - $ks_nova_public_host = '127.0.0.1', - $nova_ssh_private_key = undef, - $nova_ssh_public_key = undef, - $console = 'novnc', - $novnc_port = '6080', - $spice_port = '6082', - $ks_console_public_proto = 'http', - $ks_console_public_host = '127.0.0.1', - $cinder_rbd_user = 'cinder', - $nova_rbd_pool = 'vms', - $nova_rbd_secret_uuid = undef, - $vm_rbd = false, - $volume_rbd = false, - $manage_tso = true, - $nova_shell = false, - $firewall_settings = {}, - $include_vswitch = true, - # when using NFS storage backend - $nfs_enabled = false, - $nfs_device = false, - $nfs_options = 'defaults', - $filesystem_store_datadir = '/var/lib/nova/instances', -) inherits cloud::params { - - include 'cloud::compute' - include 'cloud::params' - include 'cloud::telemetry' - include 'cloud::network' - - if $include_vswitch { - include 'cloud::network::vswitch' - } - - if $libvirt_type == 'kvm' and ! $::vtx { - fail('libvirt_type is set to KVM and VTX seems to be disabled on this node.') - } - - if $nfs_enabled { - if ! $vm_rbd { - # There is no NFS backend in Nova. - # We mount the NFS share in filesystem_store_datadir to fake the - # backend. - if $nfs_device { - file { $filesystem_store_datadir: - ensure => 'directory', - owner => 'nova', - group => 'nova', - mode => '0755' - } - nova_config { 'DEFAULT/instances_path': value => $filesystem_store_datadir; } - $nfs_mount = { - "${filesystem_store_datadir}" => { - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => $nfs_device, - 'options' => $nfs_options - } - } - ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) - - # Not using /var/lib/nova/instances may cause side effects. - if $filesystem_store_datadir != '/var/lib/nova/instances' { - warning('filesystem_store_datadir is not /var/lib/nova/instances so you may have side effects (SElinux, etc)') - } - } else { - fail('When running NFS backend, you need to provide nfs_device parameter.') - } - } else { - fail('When running NFS backend, vm_rbd parameter cannot be set to true.') - } - } - - file{ '/var/lib/nova/.ssh': - ensure => directory, - mode => '0700', - owner => 'nova', - group => 'nova', - require => Class['nova'] - } -> - file{ '/var/lib/nova/.ssh/id_rsa': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => $nova_ssh_private_key - } -> - file{ '/var/lib/nova/.ssh/authorized_keys': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => $nova_ssh_public_key - } -> - file{ '/var/lib/nova/.ssh/config': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => " -Host * - StrictHostKeyChecking no -" - } - - if $nova_shell { - ensure_resource ('user', 'nova', { - 'ensure' => 'present', - 'system' => true, - 'home' => '/var/lib/nova', - 'managehome' => false, - 'shell' => $nova_shell, - }) - } - - case $console { - 'spice': { - $vnc_enabled = false - class { 'nova::compute::spice': - server_listen => '0.0.0.0', - server_proxyclient_address => $server_proxyclient_address, - proxy_host => $ks_console_public_host, - proxy_protocol => $ks_console_public_proto, - proxy_port => $spice_port, - } - } - 'novnc': { - $vnc_enabled = true - } - default: { - fail("unsupported console type ${console}") - } - } - class { 'nova::compute': - enabled => true, - vnc_enabled => $vnc_enabled, - vncserver_proxyclient_address => $server_proxyclient_address, - vncproxy_host => $ks_console_public_host, - vncproxy_protocol => $ks_console_public_proto, - vncproxy_port => $novnc_port, - virtio_nic => false, - neutron_enabled => true, - default_availability_zone => $::cloud::compute::availability_zone, - } - - if $::osfamily == 'RedHat' { - file { '/etc/libvirt/qemu.conf': - ensure => file, - source => 'puppet:///modules/cloud/qemu/qemu.conf', - owner => root, - group => root, - mode => '0644', - notify => Service['libvirtd'] - } - if $vm_rbd and ($::operatingsystemmajrelease < 7) { - fail("RBD image backend in Nova is not supported in RHEL ${::operatingsystemmajrelease}.") - } - } - - # Disabling TSO/GSO/GRO - if $manage_tso { - if $::osfamily == 'Debian' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/update-rc.d disable-tso defaults', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } elsif $::osfamily == 'RedHat' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/chkconfig disable-tso on', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - ensure_resource ('exec','start-tso-script', { - 'command' => '/etc/init.d/disable-tso start', - 'unless' => '/usr/bin/test -f /var/run/disable-tso.pid', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - - if $::osfamily == 'Debian' { - service { 'dbus': - ensure => running, - enable => true, - before => Class['nova::compute::libvirt'], - } - } - - Service<| title == 'dbus' |> { enable => true } - - Service<| title == 'libvirt-bin' |> { enable => true } - - class { 'nova::compute::neutron': } - - if $vm_rbd or $volume_rbd { - - include 'cloud::storage::rbd' - - $libvirt_disk_cachemodes_real = ['network=writeback'] - - # when nova uses ceph for instances storage - if $vm_rbd { - class { 'nova::compute::rbd': - libvirt_rbd_user => $cinder_rbd_user, - libvirt_images_rbd_pool => $nova_rbd_pool - } - } else { - # when nova only needs to attach ceph volumes to instances - nova_config { - 'libvirt/rbd_user': value => $cinder_rbd_user; - } - } - # we don't want puppet-nova manages keyring - nova_config { - 'libvirt/rbd_secret_uuid': value => $nova_rbd_secret_uuid; - } - - File <<| tag == 'ceph_compute_secret_file' |>> - Exec <<| tag == 'get_or_set_virsh_secret' |>> - - # After setting virsh key, we need to restart nova-compute - # otherwise nova will fail to connect to RADOS. - Exec <<| tag == 'set_secret_value_virsh' |>> ~> Service['nova-compute'] - - # If Cinder & Nova reside on the same node, we need a group - # where nova & cinder users have read permissions. - ensure_resource('group', 'cephkeyring', { - ensure => 'present' - }) - - ensure_resource ('exec','add-nova-to-group', { - 'command' => 'usermod -a -G cephkeyring nova', - 'path' => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - 'unless' => 'groups nova | grep cephkeyring' - }) - - # Configure Ceph keyring - Ceph::Key <<| title == $cinder_rbd_user |>> - ensure_resource( - 'file', - "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$cinder_rbd_user], - notify => Service['nova-compute'], - } - ) - - Concat::Fragment <<| title == 'ceph-client-os' |>> - } else { - $libvirt_disk_cachemodes_real = [] - } - - class { 'nova::compute::libvirt': - libvirt_type => $libvirt_type, - # Needed to support migration but we still use Spice: - vncserver_listen => '0.0.0.0', - migration_support => true, - libvirt_disk_cachemodes => $libvirt_disk_cachemodes_real, - libvirt_service_name => $::cloud::params::libvirt_service_name, - libvirt_inject_key => false, - libvirt_inject_partition => '-2', - } - - # Extra config for nova-compute - nova_config { - 'libvirt/live_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST'; - 'libvirt/block_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC'; - } - - class { 'ceilometer::agent::compute': } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow instances console access': - port => '5900-5999', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow instances migration access': - port => ['16509', '49152-49215'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/compute/scheduler.pp b/manifests/compute/scheduler.pp deleted file mode 100644 index 7ec4e72e..00000000 --- a/manifests/compute/scheduler.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::scheduler -# -# Compute Scheduler node -# -# === Parameters: -# -# [*scheduler_default_filters*] -# (optional) A comma separated list of filters to be used by default -# Defaults to false -# -class cloud::compute::scheduler( - $scheduler_default_filters = false -){ - - include 'cloud::compute' - - class { 'nova::scheduler': - enabled => true, - } - - class { 'nova::scheduler::filter': - scheduler_default_filters => $scheduler_default_filters, - } - -} diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp deleted file mode 100644 index 383097f2..00000000 --- a/manifests/dashboard.pp +++ /dev/null @@ -1,211 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::dashboard -# -# Installs the OpenStack Dashboard (Horizon) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal address for endpoint. -# Defaults to '127.0.0.1' -# -# [*secret_key*] -# (optional) Secret key. This is used by Django to provide cryptographic -# signing, and should be set to a unique, unpredictable value. -# Defaults to 'secrete' -# -# [*horizon_port*] -# (optional) Port used to connect to OpenStack Dashboard -# Defaults to '80' -# -# [*horizon_ssl_port*] -# (optional) Port used to connect to OpenStack Dashboard using SSL -# Defaults to '443' -# -# [*api_eth*] -# (optional) Which interface we bind the Horizon server. -# Defaults to '127.0.0.1' -# -# [*servername*] -# (optional) DNS name used to connect to OpenStack Dashboard. -# Default value fqdn. -# -# [*listen_ssl*] -# (optional) Enable SSL on OpenStack Dashboard vhost -# It requires SSL files (keys and certificates) -# Defaults false -# -# [*keystone_proto*] -# (optional) Protocol (http or https) of keystone endpoint. -# Defaults to 'http' -# -# [*keystone_host*] -# (optional) IP / Host of keystone endpoint. -# Defaults '127.0.0.1' -# -# [*keystone_port*] -# (optional) TCP port of keystone endpoint. -# Defaults to '5000' -# -# [*debug*] -# (optional) Enable debug or not. -# Defaults to true -# -# [*horizon_cert*] -# (required with listen_ssl) Certificate to use for SSL support. -# -# [*horizon_key*] -# (required with listen_ssl) Private key to use for SSL support. -# -# [*horizon_ca*] -# (required with listen_ssl) CA certificate to use for SSL support. -# -# [*ssl_forward*] -# (optional) Forward HTTPS proto in the headers -# Useful when activating SSL binding on HAproxy and not in Horizon. -# Defaults to false -# -# [*os_endpoint_type*] -# (optional) endpoint type to use for the endpoints in the Keystone -# service catalog. Defaults to 'undef'. -# -# [*allowed_hosts*] -# (optional) List of hosts which will be set as value of ALLOWED_HOSTS -# parameter in settings_local.py. This is used by Django for -# security reasons. Can be set to * in environments where security is -# deemed unimportant. -# Defaults to ::fqdn. -# -# [*vhost_extra_params*] -# (optionnal) extra parameter to pass to the apache::vhost class -# Defaults to {} -# -# [*neutron_extra_options*] -# (optional) Enable optional services provided by neutron -# Useful when using cisco n1kv plugin, vpnaas or fwaas. -# Default to {} -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::dashboard( - $ks_keystone_internal_host = '127.0.0.1', - $secret_key = 'secrete', - $horizon_port = 80, - $horizon_ssl_port = 443, - $servername = $::fqdn, - $api_eth = '127.0.0.1', - $keystone_host = '127.0.0.1', - $keystone_proto = 'http', - $keystone_port = 5000, - $debug = true, - $listen_ssl = false, - $horizon_cert = undef, - $horizon_key = undef, - $horizon_ca = undef, - $ssl_forward = false, - $os_endpoint_type = undef, - $allowed_hosts = $::fqdn, - $vhost_extra_params = {}, - $neutron_extra_options = {}, - $firewall_settings = {}, -) { - - # We build the param needed for horizon class - $keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0" - - # Apache2 specific configuration - if $ssl_forward { - $setenvif = ['X-Forwarded-Proto https HTTPS=1'] - } else { - $setenvif = [] - } - $extra_params = { - 'add_listen' => true, - 'setenvif' => $setenvif - } - $vhost_extra_params_real = merge ($extra_params, $vhost_extra_params) - - $neutron_options = { - 'enable_lb' => true - } - $neutron_options_real = merge ($neutron_options, $neutron_extra_options) - - class { 'horizon': - secret_key => $secret_key, - servername => $servername, - bind_address => $api_eth, - keystone_url => $keystone_url, - cache_server_ip => false, - django_debug => $debug, - neutron_options => $neutron_options_real, - listen_ssl => $listen_ssl, - horizon_cert => $horizon_cert, - horizon_key => $horizon_key, - horizon_ca => $horizon_ca, - vhost_extra_params => $vhost_extra_params_real, - openstack_endpoint_type => $os_endpoint_type, - allowed_hosts => $allowed_hosts, - } - - if ($::osfamily == 'Debian') { - # TODO(Goneri): HACK to ensure Horizon can cache its files - $horizon_var_dir = ['/var/lib/openstack-dashboard/static/js','/var/lib/openstack-dashboard/static/css'] - file {$horizon_var_dir: - ensure => directory, - owner => 'horizon', - group => 'horizon', - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow horizon access': - port => $horizon_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-horizon": - listening_service => 'horizon_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $horizon_port, - options => "check inter 2000 rise 2 fall 5 cookie ${::hostname}" - } - - if $listen_ssl { - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow horizon ssl access': - port => $horizon_ssl_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-horizon-ssl": - listening_service => 'horizon_ssl_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $horizon_ssl_port, - options => "check inter 2000 rise 2 fall 5 cookie ${::hostname}" - } - - } - -} diff --git a/manifests/database/dbaas.pp b/manifests/database/dbaas.pp deleted file mode 100644 index ec941a65..00000000 --- a/manifests/database/dbaas.pp +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas -# -# Common class to install OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*trove_db_host*] -# (optional) Hostname or IP address to connect to trove database -# Defaults to '127.0.0.1' -# -# [*trove_db_user*] -# (optional) Username to connect to trove database -# Defaults to 'trove' -# -# [*trove_db_password*] -# (optional) Password to connect to trove database -# Defaults to 'trovepassword' -# -# [*trove_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*nova_admin_username*] -# (optional) Trove username used to connect to nova. -# Defaults to 'trove' -# -# [*nova_admin_password*] -# (optional) Trove password used to connect to nova. -# Defaults to 'trovepassword' -# -# [*nova_admin_tenant_name*] -# (optional) Trove tenant name used to connect to nova. -# Defaults to 'services' -# -class cloud::database::dbaas( - $trove_db_host = '127.0.0.1', - $trove_db_user = 'trove', - $trove_db_password = 'trovepassword', - $trove_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $nova_admin_username = 'trove', - $nova_admin_tenant_name = 'services', - $nova_admin_password = 'trovepassword', -) { - - $encoded_user = uriescape($trove_db_user) - $encoded_password = uriescape($trove_db_password) - - class { 'trove': - database_connection => "mysql://${encoded_user}:${encoded_password}@${trove_db_host}/trove?charset=utf8", - database_idle_timeout => $trove_db_idle_timeout, - mysql_module => '2.2', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'trove', - nova_proxy_admin_pass => $nova_admin_password, - nova_proxy_admin_user => $nova_admin_username, - nova_proxy_admin_tenant_name => $nova_admin_tenant_name - } - - exec {'trove_db_sync': - command => 'trove-manage db_sync', - user => 'trove', - path => '/usr/bin', - unless => "/usr/bin/mysql trove -h ${trove_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - -} diff --git a/manifests/database/dbaas/api.pp b/manifests/database/dbaas/api.pp deleted file mode 100644 index 1c7b4b11..00000000 --- a/manifests/database/dbaas/api.pp +++ /dev/null @@ -1,104 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::api -# -# Class to install API service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_trove_password*] -# (required) Password used by trove for Keystone authentication. -# Default: 'trovepassword' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -# [*api_eth*] -# (optional) Hostname or IP to bind Trove API. -# Defaults to '127.0.0.1' -# -# [*ks_trove_public_port*] -# (optional) TCP public port used to connect to Trove API. -# Defaults to '8779' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::dbaas::api( - $ks_trove_password = 'trovepassword', - $verbose = true, - $debug = true, - $use_syslog = true, - $api_eth = '127.0.0.1', - $ks_trove_public_port = '8779', - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $firewall_settings = {}, -) { - - include 'cloud::database::dbaas' - - class { 'trove::api': - verbose => $verbose, - debug => $debug, - use_syslog => $use_syslog, - bind_host => $api_eth, - bind_port => $ks_trove_public_port, - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - keystone_password => $ks_trove_password, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow trove-api access': - port => $ks_trove_public_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-trove_api": - listening_service => 'trove_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_trove_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/database/dbaas/conductor.pp b/manifests/database/dbaas/conductor.pp deleted file mode 100644 index 6787b0ba..00000000 --- a/manifests/database/dbaas/conductor.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::conductor -# -# Class to install Conductor service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -class cloud::database::dbaas::conductor( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $verbose = true, - $debug = true, - $use_syslog = true, -) { - - include 'cloud::database::dbaas' - - class { 'trove::conductor': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - debug => $debug, - verbose => $verbose, - use_syslog => $use_syslog - } - -} diff --git a/manifests/database/dbaas/taskmanager.pp b/manifests/database/dbaas/taskmanager.pp deleted file mode 100644 index 47b72785..00000000 --- a/manifests/database/dbaas/taskmanager.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::taskmanager -# -# Class to install Taskmanager service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -class cloud::database::dbaas::taskmanager( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $debug = true, - $verbose = true, - $use_syslog = true -) { - - include 'cloud::database::dbaas' - - class { 'trove::taskmanager': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - debug => $debug, - verbose => $verbose, - use_syslog => $use_syslog - } - -} diff --git a/manifests/database/nosql/cassandra.pp b/manifests/database/nosql/cassandra.pp deleted file mode 100644 index abcacd38..00000000 --- a/manifests/database/nosql/cassandra.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::cassandra -# -# Install a Cassandra node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::cassandra ( - $firewall_settings = {}, -){ - - include ::cassandra - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow cassandra access': - port => '7000', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/elasticsearch.pp b/manifests/database/nosql/elasticsearch.pp deleted file mode 100644 index c4383a0a..00000000 --- a/manifests/database/nosql/elasticsearch.pp +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::elasticsearch -# -# Install an ElasticSearch server -# -# === Parameters: -# -# [*listen_port*] -# (optional) Port on which ElasticSearch instance should listen -# Defaults to '9200' -# -# [*listen_ip*] -# (optional) IP address on which ElasticSearch instance should listen -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::elasticsearch ( - $listen_port = '9200', - $listen_ip = '127.0.0.1', - $firewall_settings = {}, -){ - - include ::elasticsearch - - @@haproxy::balancermember{"${::fqdn}-es_cluster": - listening_service => 'elasticsearch', - server_names => $::hostname, - ipaddresses => $listen_ip, - ports => $listen_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow elasticsearch access': - port => $listen_port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/kafka.pp b/manifests/database/nosql/kafka.pp deleted file mode 100644 index 490a7f72..00000000 --- a/manifests/database/nosql/kafka.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::kafka -# -# Install a Kafka broket -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::kafka ( - $firewall_settings = {}, -){ - - include ::kafka::broker - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow kafka access': - port => '9092', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/memcached.pp b/manifests/database/nosql/memcached.pp deleted file mode 100644 index 7cb675c2..00000000 --- a/manifests/database/nosql/memcached.pp +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::memcached -# -# Install a Memcached server (used by OpenStack services) -# -# === Parameters: -# -# [*listen_ip*] -# (optional) IP address on which memcached instance should listen -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::memcached ( - $listen_ip = '127.0.0.1', - $firewall_settings = {}, -){ - - class { '::memcached': - listen_ip => $listen_ip, - max_memory => '60%', - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow memcached access': - port => '11211', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/mongodb/mongod.pp b/manifests/database/nosql/mongodb/mongod.pp deleted file mode 100644 index 69285527..00000000 --- a/manifests/database/nosql/mongodb/mongod.pp +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::mongodb::mongod -# -# Install a MongoDB server & the replicasets -# -# === Parameters: -# -# [*enable*] -# (optional) Should mongod be running. -# Defaults to 'true' -# -# [*replset*] -# (optional) MongoDB replicaset to configure -# Define the replset to enable on the mongodb server -# Example: -# { 'ceilometer' => { 'members' => '10.0.0.1:27017' }} -# Defaults to {} -# -# [*mongod_port*] -# (optional) Port for the firewall to enable -# Based on the mode the mongod process is started with, the port -# it will listen on might change. -# Defaults to '27017' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Defaults to {} -# -class cloud::database::nosql::mongodb::mongod( - $enable = true, - $replset = {}, - $mongod_port = '27017', - $firewall_settings = {}, -) { - - if $enable { - include ::mongodb::globals - include ::mongodb::server - create_resources('mongodb_replset', $replset) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow mongod access': - port => $mongod_port, - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/database/nosql/mongodb/mongos.pp b/manifests/database/nosql/mongodb/mongos.pp deleted file mode 100644 index 7d57dc24..00000000 --- a/manifests/database/nosql/mongodb/mongos.pp +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::mongodb::mongos -# -# Install and configure mongos (daemon responsible for sharding in MongoDB) -# -# === Parameters: -# -# [*enable*] -# (optional) Should mongos be running. -# Defaults to 'true' -# -# [*shards*] -# (optional) Hash of shards to create -# Example : -# { 'ceilometer' => -# { -# 'member' => 'ceilometer/10.0.0.1:27018', -# 'keys' => [{'ceilometer.name' => { 'name' => 1 }}, {'ceilometer.foo' => { 'bar' => 1 }}] -# } -# } -# Defaults to {} -# -# [*mongos_port*] -# (optional) Port for the firewall to enable -# Based on the mode the mongos process is started with, the port -# it will listen on might change. -# Defaults to '27017' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Defaults to {} -# -# -class cloud::database::nosql::mongodb::mongos( - $enable = true, - $shards = {}, - $mongos_port = '27017', - $firewall_settings = {}, -) { - - if $enable { - include ::mongodb::globals - include ::mongodb::mongos - create_resources('mongodb_shard', $shards) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow mongos access': - port => $mongos_port, - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/database/nosql/redis/sentinel.pp b/manifests/database/nosql/redis/sentinel.pp deleted file mode 100644 index 9ee65d43..00000000 --- a/manifests/database/nosql/redis/sentinel.pp +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::redis::sentinel -# -# Install a Redis sentinel node (used by OpenStack & monitoring services) -# -# === Parameters: -# -# [*port*] -# (optional) Port where Redis is binded. -# Used for firewall purpose. -# Default to 26379 -# -# [*haproxy_monitor_ip*] -# (optional) IP on which the HAProxy API is listening on -# Used for redis master failover purpose -# Default to 127.0.0.1 -# -# [*haproxy_monitor_port*] -# (optional) Port on which the HAProxy API is listening on -# Used for redis master failover purpose -# Default to 10300 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::redis::sentinel( - $port = 26379, - $haproxy_monitor_ip = '127.0.0.1', - $haproxy_monitor_port = '10300', - $firewall_settings = {}, -) { - - include ::redis::sentinel - - file { '/bin/redis-notifications.sh': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - content => template('cloud/database/redis-notifications.sh.erb'), - before => Service['redis-sentinel'], - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow redis sentinel access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/redis/server.pp b/manifests/database/nosql/redis/server.pp deleted file mode 100644 index cb627e7e..00000000 --- a/manifests/database/nosql/redis/server.pp +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::redis::server -# -# Install a Redis server (used by OpenStack & monitoring services) -# -# === Parameters: -# -# [*bind_ip*] -# (optional) Address on which Redis is listening on -# Defaults to '127.0.0.1' -# -# [*port*] -# (optional) Port where Redis is binded. -# Used for firewall purpose. -# Default to 6379 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::redis::server( - $bind_ip = '127.0.0.1', - $port = 6379, - $firewall_settings = {}, -) { - - include ::redis - - @@haproxy::balancermember{"${::fqdn}-redis": - listening_service => 'redis_cluster', - server_names => $::hostname, - ipaddresses => $bind_ip, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow redis server access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/zookeeper.pp b/manifests/database/nosql/zookeeper.pp deleted file mode 100644 index 843579f7..00000000 --- a/manifests/database/nosql/zookeeper.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::zookeeper -# -# Install a Zookeeper node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::zookeeper ( - $firewall_settings = {}, -){ - - include ::zookeeper - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow zookeeper access': - port => '2181', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp deleted file mode 100644 index e8fc7663..00000000 --- a/manifests/database/sql/mysql.pp +++ /dev/null @@ -1,572 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless optional by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# MySQL Galera Node -# -# === Parameters -# -# [*api_eth*] -# (optional) Hostname or IP to bind MySQL daemon. -# Defaults to '127.0.0.1' -# -# [*galera_master_name*] -# (optional) Hostname or IP of the Galera master node, databases and users -# resources are created on this node and propagated on the cluster. -# Defaults to 'mgmt001' -# -# [*galera_internal_ips*] -# (optional) Array of internal ip of the galera nodes. -# Defaults to ['127.0.0.1'] -# -# [*galera_gcache*] -# (optional) Size of the Galera gcache -# wsrep_provider_options, for master/slave mode -# Defaults to '1G' -# -# [*keystone_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*keystone_db_user*] -# (optional) Name of keystone DB user. -# Defaults to trove -# -# [*keystone_db_password*] -# (optional) Password that will be used for the Keystone db user. -# Defaults to 'keystonepassword' -# -# [*keystone_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*cinder_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*cinder_db_user*] -# (optional) Name of cinder DB user. -# Defaults to trove -# -# [*cinder_db_password*] -# (optional) Password that will be used for the cinder db user. -# Defaults to 'cinderpassword' -# -# [*cinder_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*glance_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*glance_db_user*] -# (optional) Name of glance DB user. -# Defaults to trove -# -# [*glance_db_password*] -# (optional) Password that will be used for the glance db user. -# Defaults to 'glancepassword' -# -# [*glance_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*heat_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*heat_db_user*] -# (optional) Name of heat DB user. -# Defaults to trove -# -# [*heat_db_password*] -# (optional) Password that will be used for the heat db user. -# Defaults to 'heatpassword' -# -# [*heat_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*nova_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*nova_db_user*] -# (optional) Name of nova DB user. -# Defaults to trove -# -# [*nova_db_password*] -# (optional) Password that will be used for the nova db user. -# Defaults to 'novapassword' -# -# [*nova_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*neutron_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*neutron_db_user*] -# (optional) Name of neutron DB user. -# Defaults to trove -# -# [*neutron_db_password*] -# (optional) Password that will be used for the neutron db user. -# Defaults to 'neutronpassword' -# -# [*neutron_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*trove_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*trove_db_user*] -# (optional) Name of trove DB user. -# Defaults to trove -# -# [*trove_db_password*] -# (optional) Password that will be used for the trove db user. -# Defaults to 'trovepassword' -# -# [*trove_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*mysql_root_password*] -# (optional) The MySQL root password. -# Puppet will attempt to set the root password and update `/root/.my.cnf` with it. -# Defaults to 'rootpassword' -# -# [*mysql_sys_maint_password*] -# (optional) The MySQL debian-sys-maint password. -# Debian only parameter. -# Defaults to 'sys_maint' -# -# [*galera_clustercheck_dbuser*] -# (optional) The MySQL username for Galera cluster check (using monitoring database) -# Defaults to 'clustercheck' -# -# [*galera_clustercheck_dbpassword*] -# (optional) The MySQL password for Galera cluster check -# Defaults to 'clustercheckpassword' -# -# [*galera_clustercheck_ipaddress*] -# (optional) The name or ip address of host running monitoring database (clustercheck) -# Defaults to '127.0.0.1' -# -# [*open_files_limit*] -# (optional) An integer that specifies the open_files_limit for MySQL -# Defaults to 65535 -# -# [*max_connections*] -# (optional) An integer that specifies the max_connections for MySQL -# Defaults to 4096 -# -# [*mysql_systemd_override_settings*] -# (optional) An hash of setting to override for MariaDB unit file. -# Defaults to {} -# Example : { 'LimitNOFILE' => 'infinity', 'LimitNPROC' => 4, 'TimeoutSec' => '30' } -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::sql::mysql ( - $api_eth = '127.0.0.1', - $galera_master_name = 'mgmt001', - $galera_internal_ips = ['127.0.0.1'], - $galera_gcache = '1G', - $keystone_db_host = '127.0.0.1', - $keystone_db_user = 'keystone', - $keystone_db_password = 'keystonepassword', - $keystone_db_allowed_hosts = ['127.0.0.1'], - $cinder_db_host = '127.0.0.1', - $cinder_db_user = 'cinder', - $cinder_db_password = 'cinderpassword', - $cinder_db_allowed_hosts = ['127.0.0.1'], - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_allowed_hosts = ['127.0.0.1'], - $heat_db_host = '127.0.0.1', - $heat_db_user = 'heat', - $heat_db_password = 'heatpassword', - $heat_db_allowed_hosts = ['127.0.0.1'], - $nova_db_host = '127.0.0.1', - $nova_db_user = 'nova', - $nova_db_password = 'novapassword', - $nova_db_allowed_hosts = ['127.0.0.1'], - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_allowed_hosts = ['127.0.0.1'], - $trove_db_host = '127.0.0.1', - $trove_db_user = 'trove', - $trove_db_password = 'trovepassword', - $trove_db_allowed_hosts = ['127.0.0.1'], - $mysql_root_password = 'rootpassword', - $mysql_sys_maint_password = 'sys_maint', - $galera_clustercheck_dbuser = 'clustercheck', - $galera_clustercheck_dbpassword = 'clustercheckpassword', - $galera_clustercheck_ipaddress = '127.0.0.1', - $open_files_limit = 65535, - $max_connections = 4096, - $mysql_systemd_override_settings = {}, - $firewall_settings = {}, -) { - - include 'xinetd' - - if $mysql_systemd_override_settings['LimitNOFILE'] { - $open_files_limit_real = $mysql_systemd_override_settings['LimitNOFILE'] - $mysql_systemd_override_settings_real = $mysql_systemd_override_settings - } else { - $open_files_limit_real = $open_files_limit - $mysql_systemd_override_settings_real = merge($mysql_systemd_override_settings, { 'LimitNOFILE' => $open_files_limit}) - } - - $gcomm_definition = inline_template('<%= @galera_internal_ips.join(",") + "?pc.wait_prim=no" -%>') - - # Specific to the Galera master node - if $::hostname == $galera_master_name { - - $mysql_root_password_real = $mysql_root_password - - # OpenStack DB - class { 'keystone::db::mysql': - dbname => 'keystone', - user => $keystone_db_user, - password => $keystone_db_password, - host => $keystone_db_host, - allowed_hosts => $keystone_db_allowed_hosts, - } - class { 'glance::db::mysql': - dbname => 'glance', - user => $glance_db_user, - password => $glance_db_password, - host => $glance_db_host, - allowed_hosts => $glance_db_allowed_hosts, - } - class { 'nova::db::mysql': - dbname => 'nova', - user => $nova_db_user, - password => $nova_db_password, - host => $nova_db_host, - allowed_hosts => $nova_db_allowed_hosts, - } - class { 'cinder::db::mysql': - dbname => 'cinder', - user => $cinder_db_user, - password => $cinder_db_password, - host => $cinder_db_host, - allowed_hosts => $cinder_db_allowed_hosts, - } - class { 'neutron::db::mysql': - dbname => 'neutron', - user => $neutron_db_user, - password => $neutron_db_password, - host => $neutron_db_host, - allowed_hosts => $neutron_db_allowed_hosts, - } - class { 'heat::db::mysql': - dbname => 'heat', - user => $heat_db_user, - password => $heat_db_password, - host => $heat_db_host, - allowed_hosts => $heat_db_allowed_hosts, - } - class { 'trove::db::mysql': - dbname => 'trove', - user => $trove_db_user, - password => $trove_db_password, - host => $trove_db_host, - allowed_hosts => $trove_db_allowed_hosts, - } - - # Monitoring DB - mysql_database { 'monitoring': - ensure => 'present', - charset => 'utf8', - collate => 'utf8_general_ci', - require => File['/root/.my.cnf'] - } - mysql_user { "${galera_clustercheck_dbuser}@localhost": - ensure => 'present', - # can not change password in clustercheck script - password_hash => mysql_password($galera_clustercheck_dbpassword), - require => File['/root/.my.cnf'] - } - mysql_grant { "${galera_clustercheck_dbuser}@localhost/monitoring": - ensure => 'present', - options => ['GRANT'], - privileges => ['ALL'], - table => 'monitoring.*', - user => "${galera_clustercheck_dbuser}@localhost", - } - - Database_user<<| |>> - } else { - # NOTE(sileht): Only the master must create the password - # into the database, slave nodes must just use the password. - # The one in the database have been retrieved via galera. - file { "${::root_home}/.my.cnf": - content => "[client]\nuser=root\nhost=localhost\npassword=${mysql_root_password}\n", - owner => 'root', - mode => '0600', - } - } - - # Specific to Red Hat or Debian systems: - case $::osfamily { - 'RedHat': { - # Specific to Red Hat - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb' - $wsrep_provider = '/usr/lib64/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/my.cnf' - $mysql_init_file = '/usr/lib/systemd/system/mysql-bootstrap.service' - - if $::hostname == $galera_master_name { - $mysql_service_name = 'mysql-bootstrap' - if !str2bool($::galera_bootstrapped) { - $wsrep_new_cluster = '--wsrep-new-cluster' - } else { - $wsrep_new_cluster = '' - } - } else { - $mysql_service_name = 'mariadb' - } - - $dirs = [ '/var/run/mysqld', '/var/log/mysql' ] - - file { $dirs: - ensure => directory, - mode => '0750', - before => Service['mysqld'], - owner => 'mysql' - } - - # In Red Hat, the package does not perform the mysql db installation. - # We need to do this manually. - # Note: in MariaDB repository, package perform this action in post-install, - # but MariaDB is not packaged for Red Hat / CentOS 7 in MariaDB repository. - exec { 'bootstrap-mysql': - command => '/usr/bin/mysql_install_db --rpm --user=mysql', - unless => '/usr/bin/test -d /var/lib/mysql/mysql', - before => Service['mysqld'], - require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]] - } - - if $::operatingsystemmajrelease >= 7 { - file { "/etc/systemd/system/${mysql_service_name}.service.d" : - ensure => directory, - } - file { "/etc/systemd/system/${mysql_service_name}.service.d/custom.conf" : - content => template('cloud/database/systemd-custom.conf.erb'), - owner => 'root', - mode => '0755', - group => 'root', - notify => [Service['mysqld'], Exec['mariadb-sysctl-daemon-reload']], - } - exec { 'mariadb-sysctl-daemon-reload' : - command => '/usr/bin/systemctl daemon-reload', - refreshonly => true, - notify => Service['mysqld'], - } - } - - } # RedHat - 'Debian': { - # Specific to Debian / Ubuntu - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb-client' - $wsrep_provider = '/usr/lib/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/mysql/my.cnf' - $mysql_init_file = '/etc/init.d/mysql-bootstrap' - - if $::hostname == $galera_master_name { - $mysql_service_name = 'mysql-bootstrap' - } else { - $mysql_service_name = 'mysql' - } - - mysql_user { 'debian-sys-maint@localhost': - ensure => 'present', - password_hash => mysql_password($mysql_sys_maint_password), - require => File['/root/.my.cnf'] - } - - file{'/etc/mysql/debian.cnf': - ensure => file, - content => template('cloud/database/debian.cnf.erb'), - owner => 'root', - group => 'root', - mode => '0600', - require => Exec['clean-mysql-binlog'], - } - } # Debian - default: { - fail("${::osfamily} not supported yet") - } - } - - # This is due to this bug: https://bugs.launchpad.net/codership-mysql/+bug/1087368 - # The backport to API 23 requires a command line option --wsrep-new-cluster: - # http://bazaar.launchpad.net/~codership/codership-mysql/wsrep-5.5/revision/3844?start_revid=3844 - # and the mysql init script cannot have arguments passed to the daemon - # using /etc/default/mysql standart mechanism. - # To check that the mysqld support the options you can : - # strings `which mysqld` | grep wsrep-new-cluster - # TODO: to be remove as soon as the API 25 is packaged, ie galera 3 ... - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease >= 7 { - $mysql_service_notify = Exec['mariadb-sysctl-daemon-reload'] - } else { - $mysql_service_notify = Service['mysqld'] - } - file { $mysql_init_file : - content => template("cloud/database/etc_initd_mysql_${::osfamily}"), - owner => 'root', - mode => '0755', - group => 'root', - notify => $mysql_service_notify, - before => Package[$mysql_server_package_name], - } - - if $::osfamily == 'Debian' { - # The startup time can be longer than the default 30s so we take - # care of it there. Until this bug is not resolved - # https://mariadb.atlassian.net/browse/MDEV-5540, we have to do it - # the ugly way. - file_line { 'debian_increase_mysql_startup_time': - line => 'MYSQLD_STARTUP_TIMEOUT=120', - path => '/etc/init.d/mysql', - after => '^CONF=', - require => Package[$mysql_server_package_name], - notify => Service['mysqld'], - } - } - - class { 'mysql::server': - manage_config_file => false, - config_file => $mysql_server_config_file, - package_name => $mysql_server_package_name, - service_name => $mysql_service_name, - override_options => { - 'mysqld' => { - 'bind-address' => $api_eth - } - }, - root_password => $mysql_root_password_real, - notify => Service['xinetd'], - } - - file { $mysql_server_config_file: - content => template('cloud/database/mysql.conf.erb'), - mode => '0644', - owner => 'root', - group => 'root', - notify => [Service['mysqld'],Exec['clean-mysql-binlog']], - require => Package[$mysql_server_package_name], - } - - class { 'mysql::client': - package_name => $mysql_client_package_name, - } - - # Haproxy http monitoring - augeas { 'mysqlchk': - context => '/files/etc/services', - changes => [ - 'ins service-name after service-name[last()]', - 'set service-name[last()] "mysqlchk"', - 'set service-name[. = "mysqlchk"]/port 8200', - 'set service-name[. = "mysqlchk"]/protocol tcp', - ], - onlyif => 'match service-name[. = "mysqlchk"] size == 0', - notify => [ Service['xinetd'], Exec['reload_xinetd'] ] - } - - file { - '/etc/xinetd.d/mysqlchk': - content => template('cloud/database/mysqlchk.erb'), - owner => 'root', - group => 'root', - mode => '0755', - require => File['/usr/bin/clustercheck'], - notify => [ Service['xinetd'], Exec['reload_xinetd'] ]; - '/usr/bin/clustercheck': - ensure => present, - content => template('cloud/database/clustercheck.erb'), - mode => '0755', - owner => 'root', - group => 'root'; - } - - # The puppet-xinetd module do not correctly reload - # the configuration on “notify” - # TODO(Goneri): remove this once https://github.com/puppetlabs/puppetlabs-xinetd/pull/9 - # get merged - exec{ 'reload_xinetd': - command => '/usr/bin/pkill -F /var/run/xinetd.pid --signal HUP', - refreshonly => true, - require => Service['xinetd'], - } - - exec{'clean-mysql-binlog': - # first sync take a long time - command => "/bin/bash -c '/usr/bin/mysqladmin --defaults-file=/root/.my.cnf shutdown ; /bin/rm ${::mysql::params::datadir}/ib_logfile*'", - path => '/usr/bin', - notify => Service['mysqld'], - refreshonly => true, - onlyif => "stat ${::mysql::params::datadir}/ib_logfile0 && test `du -sh ${::mysql::params::datadir}/ib_logfile0 | cut -f1` != '256M'", - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera access': - port => ['3306', '4567', '4568', '4444'], - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow mysqlchk access': - port => '8200', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow mysql rsync access': - port => '873', - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{$::fqdn: - listening_service => 'galera_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => '3306', - options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname != @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') - } - - @@haproxy::balancermember{"${::fqdn}-readonly": - listening_service => 'galera_readonly_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => '3306', - options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname == @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') - } -} diff --git a/manifests/firewall/post.pp b/manifests/firewall/post.pp deleted file mode 100644 index 33a80bbe..00000000 --- a/manifests/firewall/post.pp +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::firewall::post -# -# Firewall rules during 'post' Puppet stage -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::firewall::post( - $debug = false, - $firewall_settings = {}, -){ - - if $debug { - warning('debug is enabled, the traffic is not blocked.') - } else { - firewall { '998 log all': - proto => 'all', - jump => 'LOG', - } - cloud::firewall::rule{ '999 drop all': - proto => 'all', - action => 'drop', - extras => $firewall_settings, - } - notice('At this stage, all network traffic is blocked.') - } - -} diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp deleted file mode 100644 index 9d9b73f3..00000000 --- a/manifests/firewall/pre.pp +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::firewall::pre -# -# Firewall rules during 'pre' Puppet stage -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::firewall::pre( - $firewall_settings = {}, -){ - - # ensure the correct packages are installed - include firewall - - # defaults 'pre' rules - cloud::firewall::rule{ '000 accept related established rules': - proto => 'all', - state => ['RELATED', 'ESTABLISHED'], - extras => $firewall_settings, - } - - cloud::firewall::rule{ '001 accept all icmp': - proto => 'icmp', - extras => $firewall_settings, - } - - cloud::firewall::rule{ '002 accept all to lo interface': - proto => 'all', - iniface => 'lo', - extras => $firewall_settings, - } - - cloud::firewall::rule{ '003 accept ssh': - port => '22', - extras => $firewall_settings, - } - -} diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp deleted file mode 100644 index 2dc97ef8..00000000 --- a/manifests/firewall/rule.pp +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Define:: -# -# cloud::firewall -# -define cloud::firewall::rule ( - $port = undef, - $proto = 'tcp', - $action = 'accept', - $state = ['NEW'], - $source = '0.0.0.0/0', - $iniface = undef, - $chain = 'INPUT', - $extras = {}, -) { - - $basic = { - 'port' => $port, - 'proto' => $proto, - 'action' => $action, - 'state' => $state, - 'source' => $source, - 'iniface' => $iniface, - 'chain' => $chain, - } - - $rule = merge($basic, $extras) - validate_hash($rule) - - create_resources('firewall', { "${title}" => $rule }) - -} diff --git a/manifests/identity.pp b/manifests/identity.pp deleted file mode 100644 index c091e042..00000000 --- a/manifests/identity.pp +++ /dev/null @@ -1,756 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::identity -# -# Install Identity Server (Keystone) -# -# === Parameters: -# -# [*identity_roles_addons*] -# (optional) Extra keystone roles to create -# Defaults to ['SwiftOperator', 'ResellerAdmin'] -# -# [*keystone_db_host*] -# (optional) Hostname or IP address to connect to keystone database -# Defaults to '127.0.0.1' -# -# [*keystone_db_user*] -# (optional) Username to connect to keystone database -# Defaults to 'keystone' -# -# [*keystone_db_password*] -# (optional) Password to connect to keystone database -# Defaults to 'keystonepassword' -# -# [*keystone_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*ks_admin_email*] -# (optional) Email address of admin user in Keystone -# Defaults to 'no-reply@keystone.openstack' -# -# [*ks_admin_password*] -# (optional) Password of admin user in Keystone -# Defaults to 'adminpassword' -# -# [*ks_admin_tenant*] -# (optional) Admin tenant name in Keystone -# Defaults to 'admin' -# -# [*ks_admin_token*] -# (required) Admin token used by Keystone. -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_admin_host*] -# (optional) Admin Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_public_host*] -# (optional) Public Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_internal_host*] -# (optional) Internal Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_admin_host*] -# (optional) Admin Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_public_host*] -# (optional) Public Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_public_host*] -# (optional) Public Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_nova_internal_host*] -# (optional) Internal Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_nova_admin_host*] -# (optional) Admin Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_nova_public_host*] -# (optional) Public Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_internal_host*] -# (optional) Internal Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_admin_host*] -# (optional) Admin Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_public_host*] -# (optional) Public Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_trove_internal_host*] -# (optional) Internal Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_trove_admin_host*] -# (optional) Admin Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_trove_public_host*] -# (optional) Public Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_internal_host*] -# (optional) Internal Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_admin_host*] -# (optional) Admin Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_public_host*] -# (optional) Public Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_heat_internal_host*] -# (optional) Internal Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_admin_host*] -# (optional) Admin Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_swift_internal_host*] -# (optional) Internal Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_swift_admin_host*] -# (optional) Admin Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_swift_public_host*] -# (optional) Public Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_trove_password*] -# (optional) Password used by Trove to connect to Keystone API -# Defaults to 'trovepassword' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*ks_swift_password*] -# (optional) Password used by Swift to connect to Keystone API -# Defaults to 'swiftpassword' -# -# [*ks_nova_password*] -# (optional) Password used by Nova to connect to Keystone API -# Defaults to 'novapassword' -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'cinderpassword' -# -# [*ks_swift_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_public_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_public_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_swift_public_port*] -# (optional) TCP port to connect to Swift API from public network -# Defaults to '8080' -# -# [*ks_trove_public_port*] -# (optional) TCP port to connect to Trove API from public network -# Defaults to '8779' -# -# [*ks_nova_public_port*] -# (optional) TCP port to connect to Nova API from public network -# Defaults to '8774' -# -# [*ks_ec2_public_port*] -# (optional) TCP port to connect to EC2 API from public network -# Defaults to '8773' -# -# [*ks_swift_dispersion_password*] -# (optional) Password of the dispersion tenant, used for swift-dispersion-report -# and swift-dispersion-populate tools. -# Defaults to 'dispersion' -# -# [*ks_cinder_public_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*ks_heat_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_glance_api_public_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*api_eth*] -# (optional) Which interface we bind the Keystone server. -# Defaults to '127.0.0.1' -# -# [*region*] -# (optional) OpenStack Region Name -# Defaults to 'RegionOne' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*token_driver*] -# (optional) Driver to store tokens -# Defaults to 'keystone.token.persistence.backends.sql.Token' -# -# [*token_expiration*] -# (optional) Amount of time a token should remain valid (in seconds) -# Defaults to '3600' (1 hour) -# -# [*cinder_enabled*] -# (optional) Enable or not Cinder (Block Storage Service) -# Defaults to true -# -# [*trove_enabled*] -# (optional) Enable or not Trove (Database as a Service) -# Experimental feature. -# Defaults to false -# -# [*swift_enabled*] -# (optional) Enable or not OpenStack Swift (Stockage as a Service) -# Defaults to true -# -# [*ks_token_expiration*] -# (optional) Amount of time a token should remain valid (seconds). -# Defaults to 3600 (1 hour). -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::identity ( - $swift_enabled = true, - $cinder_enabled = true, - $trove_enabled = false, - $identity_roles_addons = ['SwiftOperator', 'ResellerAdmin'], - $keystone_db_host = '127.0.0.1', - $keystone_db_user = 'keystone', - $keystone_db_password = 'keystonepassword', - $keystone_db_idle_timeout = 5000, - $memcache_servers = ['127.0.0.1:11211'], - $ks_admin_email = 'no-reply@keystone.openstack', - $ks_admin_password = 'adminpassword', - $ks_admin_tenant = 'admin', - $ks_admin_token = undef, - $ks_ceilometer_admin_host = '127.0.0.1', - $ks_ceilometer_internal_host = '127.0.0.1', - $ks_ceilometer_password = 'ceilometerpassword', - $ks_ceilometer_public_host = '127.0.0.1', - $ks_ceilometer_public_port = 8777, - $ks_ceilometer_public_proto = 'http', - $ks_ceilometer_admin_proto = 'http', - $ks_ceilometer_internal_proto = 'http', - $ks_cinder_admin_host = '127.0.0.1', - $ks_cinder_internal_host = '127.0.0.1', - $ks_cinder_password = 'cinderpassword', - $ks_cinder_public_host = '127.0.0.1', - $ks_cinder_public_proto = 'http', - $ks_cinder_admin_proto = 'http', - $ks_cinder_internal_proto = 'http', - $ks_cinder_public_port = 8776, - $ks_glance_admin_host = '127.0.0.1', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_password = 'glancepassword', - $ks_glance_public_host = '127.0.0.1', - $ks_glance_public_proto = 'http', - $ks_glance_internal_proto = 'http', - $ks_glance_admin_proto = 'http', - $ks_glance_api_public_port = 9292, - $ks_heat_admin_host = '127.0.0.1', - $ks_heat_internal_host = '127.0.0.1', - $ks_heat_password = 'heatpassword', - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_admin_proto = 'http', - $ks_heat_internal_proto = 'http', - $ks_heat_public_port = 8004, - $ks_heat_cfn_public_port = 8000, - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = 35357, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = 5000, - $ks_keystone_public_host = '127.0.0.1', - $ks_keystone_public_port = 5000, - $ks_keystone_public_proto = 'http', - $ks_neutron_admin_host = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_internal_proto = 'http', - $ks_neutron_internal_host = '127.0.0.1', - $ks_neutron_password = 'neutronpassword', - $ks_neutron_public_host = '127.0.0.1', - $ks_neutron_public_proto = 'http', - $ks_neutron_admin_proto = 'http', - $ks_neutron_internal_proto = 'http', - $ks_neutron_public_port = 9696, - $ks_nova_admin_host = '127.0.0.1', - $ks_nova_internal_host = '127.0.0.1', - $ks_nova_password = 'novapassword', - $ks_nova_public_host = '127.0.0.1', - $ks_nova_public_proto = 'http', - $ks_nova_internal_proto = 'http', - $ks_nova_admin_proto = 'http', - $ks_nova_public_port = 8774, - $ks_ec2_public_port = 8773, - $ks_swift_dispersion_password = 'dispersion', - $ks_swift_internal_host = '127.0.0.1', - $ks_swift_admin_host = '127.0.0.1', - $ks_swift_password = 'swiftpassword', - $ks_swift_public_host = '127.0.0.1', - $ks_swift_public_port = 8080, - $ks_swift_public_proto = 'http', - $ks_swift_admin_proto = 'http', - $ks_swift_internal_proto = 'http', - $ks_trove_admin_host = '127.0.0.1', - $ks_trove_internal_host = '127.0.0.1', - $ks_trove_password = 'trovepassword', - $ks_trove_public_host = '127.0.0.1', - $ks_trove_public_port = 8779, - $ks_trove_public_proto = 'http', - $ks_trove_admin_proto = 'http', - $ks_trove_internal_proto = 'http', - $api_eth = '127.0.0.1', - $region = 'RegionOne', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $ks_token_expiration = 3600, - $token_driver = 'keystone.token.persistence.backends.sql.Token', - $firewall_settings = {}, -){ - - $encoded_user = uriescape($keystone_db_user) - $encoded_password = uriescape($keystone_db_password) - - if $use_syslog { - $log_dir = false - $log_file = false - keystone_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/keystone' - $log_file = 'keystone.log' - } - -# Configure Keystone - class { 'keystone': - enabled => true, - admin_token => $ks_admin_token, - compute_port => $ks_nova_public_port, - debug => $debug, - database_idle_timeout => $keystone_db_idle_timeout, - log_facility => $log_facility, - database_connection => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone?charset=utf8", - token_provider => 'keystone.token.providers.uuid.Provider', - use_syslog => $use_syslog, - verbose => $verbose, - public_bind_host => $api_eth, - admin_bind_host => $api_eth, - log_dir => $log_dir, - log_file => $log_file, - public_port => $ks_keystone_public_port, - admin_port => $ks_keystone_admin_port, - token_driver => $token_driver, - token_expiration => $ks_token_expiration, - admin_endpoint => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/", - public_endpoint => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}/", - } - - keystone_config { - 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; - } - - -# Keystone Endpoints + Users - class { 'keystone::roles::admin': - email => $ks_admin_email, - password => $ks_admin_password, - admin_tenant => $ks_admin_tenant, - } - - keystone_role { $identity_roles_addons: ensure => present } - - class {'keystone::endpoint': - public_url => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}", - internal_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}", - admin_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}", - region => $region, - } - - # TODO(EmilienM) Disable WSGI - bug #98 - #include 'apache' - # class {'keystone::wsgi::apache': - # servername => $::fqdn, - # admin_port => $ks_keystone_admin_port, - # public_port => $ks_keystone_public_port, - # # TODO(EmilienM) not sure workers is useful when using WSGI backend - # workers => $::processorcount, - # ssl => false - # } - - if $swift_enabled { - class {'swift::keystone::auth': - password => $ks_swift_password, - public_address => $ks_swift_public_host, - public_port => $ks_swift_public_port, - public_protocol => $ks_swift_public_proto, - admin_protocol => $ks_swift_admin_proto, - internal_protocol => $ks_swift_internal_proto, - admin_address => $ks_swift_admin_host, - internal_address => $ks_swift_internal_host, - region => $region - } - - class {'swift::keystone::dispersion': - auth_pass => $ks_swift_dispersion_password - } - } - - class {'ceilometer::keystone::auth': - admin_address => $ks_ceilometer_admin_host, - internal_address => $ks_ceilometer_internal_host, - public_address => $ks_ceilometer_public_host, - public_protocol => $ks_ceilometer_public_proto, - admin_protocol => $ks_ceilometer_admin_proto, - internal_protocol => $ks_ceilometer_internal_proto, - port => $ks_ceilometer_public_port, - region => $region, - password => $ks_ceilometer_password - } - - class { 'nova::keystone::auth': - admin_address => $ks_nova_admin_host, - internal_address => $ks_nova_internal_host, - public_address => $ks_nova_public_host, - compute_port => $ks_nova_public_port, - public_protocol => $ks_nova_public_proto, - admin_protocol => $ks_nova_admin_proto, - internal_protocol => $ks_nova_internal_proto, - ec2_port => $ks_ec2_public_port, - region => $region, - password => $ks_nova_password - } - - class { 'neutron::keystone::auth': - admin_address => $ks_neutron_admin_host, - internal_address => $ks_neutron_internal_host, - public_address => $ks_neutron_public_host, - public_protocol => $ks_neutron_public_proto, - internal_protocol => $ks_neutron_internal_proto, - admin_protocol => $ks_neutron_admin_proto, - port => $ks_neutron_public_port, - region => $region, - password => $ks_neutron_password - } - - if $cinder_enabled { - class { 'cinder::keystone::auth': - admin_address => $ks_cinder_admin_host, - internal_address => $ks_cinder_internal_host, - public_address => $ks_cinder_public_host, - port => $ks_cinder_public_port, - public_protocol => $ks_cinder_public_proto, - admin_protocol => $ks_cinder_admin_proto, - internal_protocol => $ks_cinder_internal_proto, - region => $region, - password => $ks_cinder_password - } - } - - class { 'glance::keystone::auth': - admin_address => $ks_glance_admin_host, - internal_address => $ks_glance_internal_host, - public_address => $ks_glance_public_host, - port => $ks_glance_api_public_port, - public_protocol => $ks_glance_public_proto, - internal_protocol => $ks_glance_internal_proto, - admin_protocol => $ks_glance_admin_proto, - region => $region, - password => $ks_glance_password - } - - class { 'heat::keystone::auth': - admin_address => $ks_heat_admin_host, - internal_address => $ks_heat_internal_host, - public_address => $ks_heat_public_host, - port => $ks_heat_public_port, - public_protocol => $ks_heat_public_proto, - internal_protocol => $ks_heat_internal_proto, - admin_protocol => $ks_heat_admin_proto, - region => $region, - password => $ks_heat_password - } - - class { 'heat::keystone::auth_cfn': - admin_address => $ks_heat_admin_host, - internal_address => $ks_heat_internal_host, - public_address => $ks_heat_public_host, - port => $ks_heat_cfn_public_port, - public_protocol => $ks_heat_public_proto, - internal_protocol => $ks_heat_internal_proto, - admin_protocol => $ks_heat_admin_proto, - region => $region, - password => $ks_heat_password - } - - if $trove_enabled { - class {'trove::keystone::auth': - admin_address => $ks_trove_admin_host, - internal_address => $ks_trove_internal_host, - public_address => $ks_trove_public_host, - public_protocol => $ks_trove_public_proto, - admin_protocol => $ks_trove_admin_proto, - internal_protocol => $ks_trove_internal_proto, - port => $ks_trove_public_port, - region => $region, - password => $ks_trove_password - } - } - - # Purge expored tokens every days at midnight - class { 'keystone::cron::token_flush': } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Keystone DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'keystone_db_sync': - command => 'keystone-manage db_sync', - path => '/usr/bin', - user => 'keystone', - unless => "/usr/bin/mysql keystone -h ${keystone_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow keystone access': - port => $ks_keystone_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow keystone admin access': - port => $ks_keystone_admin_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-keystone_api": - listening_service => 'keystone_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_keystone_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-keystone_api_admin": - listening_service => 'keystone_api_admin_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_keystone_admin_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/image/api.pp b/manifests/image/api.pp deleted file mode 100644 index 61a4ac0a..00000000 --- a/manifests/image/api.pp +++ /dev/null @@ -1,306 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::api -# -# Install API Image Server (Glance API) -# -# === Parameters: -# -# [*glance_db_host*] -# (optional) Hostname or IP address to connect to glance database -# Defaults to '127.0.0.1' -# -# [*glance_db_user*] -# (optional) Username to connect to glance database -# Defaults to 'glance' -# -# [*glance_db_password*] -# (optional) Password to connect to glance database -# Defaults to 'glancepassword' -# -# [*glance_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 - -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance -# Defaults to '127.0.0.1' -# -# [*ks_glance_api_internal_port*] -# (optional) TCP port to connect to Glance API from internal network -# Defaults to '9292' -# -# [*ks_glance_registry_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance Registry from internal network -# Defaults to '9191' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*rabbit_host*] -# (optional) IP or Hostname of one RabbitMQ server. -# Defaults to '127.0.0.1' -# -# [*rabbit_password*] -# (optional) Password to connect to glance queue. -# Defaults to 'rabbitpassword' -# -# [*api_eth*] -# (optional) Which interface we bind the Glance API server. -# Defaults to '127.0.0.1' -# -# [*openstack_vip*] -# (optional) Hostname of IP used to connect to Glance registry -# Defaults to '127.0.0.1' -# -# [*glance_rbd_pool*] -# (optional) Name of the Ceph pool which which store the glance images -# Defaults to 'images' -# -# [*glance_rbd_user*] -# (optional) User name used to acces to the glance rbd pool -# Defaults to 'glance' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*backend*] -# (optionnal) Backend to use to store images -# Can be 'rbd', 'file', 'nfs' or 'swift' -# Defaults to 'rbd' -# -# [*known_stores*] -# (optionnal) Tell to Glance API which backends can be used -# Can be 'rbd', 'http', 'file', or and 'swift'. -# Should be an array. -# Defaults to ['rbd', 'http'] -# -# [*filesystem_store_datadir*] -# (optional) Full path of data directory to store the images. -# Defaults to '/var/lib/glance/images/' -# -# [*nfs_device*] -# (optionnal) NFS device to mount -# Example: 'nfs.example.com:/vol1' -# Required when running 'nfs' backend. -# Defaults to false -# -# [*nfs_options*] -# (optional) NFS mount options -# Example: 'nfsvers=3,noacl' -# Defaults to 'defaults' -# -# [*pipeline*] -# (optional) Partial name of a pipeline in your paste configuration file with the -# service name removed. -# Defaults to 'keystone'. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::image::api( - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_idle_timeout = 5000, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_api_internal_port = '9292', - $ks_glance_registry_internal_port = '9191', - $ks_glance_registry_internal_proto = 'http', - $ks_glance_password = 'glancepassword', - $rabbit_password = 'rabbit_password', - $rabbit_host = '127.0.0.1', - $api_eth = '127.0.0.1', - $openstack_vip = '127.0.0.1', - $glance_rbd_pool = 'images', - $glance_rbd_user = 'glance', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $backend = 'rbd', - $known_stores = ['rbd', 'http'], - $filesystem_store_datadir = '/var/lib/glance/images/', - $nfs_device = false, - $nfs_options = 'defaults', - $pipeline = 'keystone', - $firewall_settings = {}, -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - $log_file_api = false - $log_file_registry = false - glance_api_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/glance' - $log_file_api = '/var/log/glance/api.log' - $log_file_registry = '/var/log/glance/registry.log' - } - - $encoded_glance_user = uriescape($glance_db_user) - $encoded_glance_password = uriescape($glance_db_password) - - class { 'glance::api': - database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", - database_idle_timeout => $glance_db_idle_timeout, - mysql_module => '2.2', - registry_host => $openstack_vip, - registry_port => $ks_glance_registry_internal_port, - verbose => $verbose, - debug => $debug, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - registry_client_protocol => $ks_glance_registry_internal_proto, - keystone_password => $ks_glance_password, - keystone_tenant => 'services', - keystone_user => 'glance', - show_image_direct_url => true, - log_dir => $log_dir, - log_file => $log_file_api, - log_facility => $log_facility, - bind_host => $api_eth, - bind_port => $ks_glance_api_internal_port, - use_syslog => $use_syslog, - pipeline => 'keystone', - known_stores => $known_stores, - } - - # TODO(EmilienM) Disabled for now - # Follow-up: https://github.com/enovance/puppet-openstack-cloud/issues/160 - # - # class { 'glance::notify::rabbitmq': - # rabbit_password => $rabbit_password, - # rabbit_userid => 'glance', - # rabbit_host => $rabbit_host, - # } - glance_api_config { - 'DEFAULT/notifier_driver': value => 'noop'; - # TODO(EmilienM) Drop this line when https://review.openstack.org/#/c/133521/ has been merged. - 'keystone_authtoken/identity_uri': value => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357"; - } - - if ($backend == 'rbd') { - class { 'glance::backend::rbd': - rbd_store_user => $glance_rbd_user, - rbd_store_pool => $glance_rbd_pool - } - - Ceph::Key <<| title == $glance_rbd_user |>> -> - file { '/etc/ceph/ceph.client.glance.keyring': - owner => 'glance', - group => 'glance', - mode => '0400', - require => Ceph::Key[$glance_rbd_user], - notify => Service['glance-api','glance-registry'] - } - Concat::Fragment <<| title == 'ceph-client-os' |>> - } elsif ($backend == 'file') { - class { 'glance::backend::file': - filesystem_store_datadir => $filesystem_store_datadir - } - } elsif ($backend == 'swift') { - class { 'glance::backend::swift': - swift_store_user => 'services:glance', - swift_store_key => $ks_glance_password, - swift_store_auth_address => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357/v2.0/", - swift_store_create_container_on_put => true, - } - } elsif ($backend == 'nfs') { - # There is no NFS backend in Glance. - # We mount the NFS share in filesystem_store_datadir to fake the - # backend. - if $nfs_device { - file { $filesystem_store_datadir: - ensure => 'directory', - owner => 'glance', - group => 'glance', - mode => '0755' - } -> - class { 'glance::backend::file': - filesystem_store_datadir => $filesystem_store_datadir - } - $nfs_mount = { - "${filesystem_store_datadir}" => { - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => $nfs_device, - 'options' => $nfs_options - } - } - ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) - } else { - fail('When running NFS backend, you need to provide nfs_device parameter.') - } - } else { - fail("${backend} is not a Glance supported backend.") - } - - class { 'glance::cache::cleaner': } - class { 'glance::cache::pruner': } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow glance-api access': - port => $ks_glance_api_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-glance_api": - listening_service => 'glance_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_glance_api_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/image/registry.pp b/manifests/image/registry.pp deleted file mode 100644 index 52c858c5..00000000 --- a/manifests/image/registry.pp +++ /dev/null @@ -1,166 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::registry -# -# Install Registry Image Server (Glance Registry) -# -# === Parameters: -# -# [*glance_db_host*] -# (optional) Hostname or IP address to connect to glance database -# Defaults to '127.0.0.1' -# -# [*glance_db_user*] -# (optional) Username to connect to glance database -# Defaults to 'glance' -# -# [*glance_db_password*] -# (optional) Password to connect to glance database -# Defaults to 'glancepassword' -# -# [*glance_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults 5000 -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance -# Defaults to '127.0.0.1' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance Registry from internal network -# Defaults to '9191' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*api_eth*] -# (optional) Which interface we bind the Glance API server. -# Defaults to '127.0.0.1' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::image::registry( - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_idle_timeout = 5000, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_registry_internal_port = '9191', - $ks_glance_password = 'glancepassword', - $api_eth = '127.0.0.1', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $firewall_settings = {}, -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - $log_file_api = false - $log_file_registry = false - glance_registry_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/glance' - $log_file_api = '/var/log/glance/api.log' - $log_file_registry = '/var/log/glance/registry.log' - } - - $encoded_glance_user = uriescape($glance_db_user) - $encoded_glance_password = uriescape($glance_db_password) - - class { 'glance::registry': - database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", - database_idle_timeout => $glance_db_idle_timeout, - mysql_module => '2.2', - verbose => $verbose, - debug => $debug, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - keystone_password => $ks_glance_password, - keystone_tenant => 'services', - keystone_user => 'glance', - bind_host => $api_eth, - log_dir => $log_dir, - log_file => $log_file_registry, - bind_port => $ks_glance_registry_internal_port, - use_syslog => $use_syslog, - log_facility => $log_facility, - } - - glance_registry_config { - # TODO(EmilienM) Drop this line when https://review.openstack.org/#/c/133521/ been merged. - 'keystone_authtoken/identity_uri': value => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357"; - } - - exec {'glance_db_sync': - command => 'glance-manage db_sync', - user => 'glance', - path => '/usr/bin', - unless => "/usr/bin/mysql glance -h ${glance_db_host} -u ${encoded_glance_user} -p${encoded_glance_password} -e \"show tables\" | /bin/grep Tables" - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow glance-registry access': - port => $ks_glance_registry_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-glance_registry": - listening_service => 'glance_registry_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_glance_registry_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index fbfbac88..00000000 --- a/manifests/init.pp +++ /dev/null @@ -1,253 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud -# -# Installs the system requirements -# -# === Parameters: -# -# [*rhn_registration*] -# (optional) The RedHat network authentication token -# Defaults to undef -# -# [*root_password*] -# (optional) Unix root password -# Defaults to 'root' -# -# [*dns_ips*] -# (optional) Hostname or IP of the Domain Name Server (dns) used -# Should by an array. -# Defaults to google public dns ['8.8.8.8', '8.8.4.4'] -# -# [*site_domain*] -# (optional) Domain name (used for search and domain fields -# of resolv.conf configuration file -# Defaults to 'mydomain' -# -# [*motd_title*] -# (optional) A string used in the top of the server's motd -# Defaults to 'eNovance IT Operations' -# -# [*selinux_mode*] -# (optional) SELinux mode the system should be in -# Defaults to 'permissive' -# Possible values : disabled, permissive, enforcing -# -# [*selinux_directory*] -# (optional) Path where to find the SELinux modules -# Defaults to '/usr/share/selinux' -# -# [*selinux_booleans*] -# (optional) Set of booleans to persistently enables -# SELinux booleans are the one getsebool -a returns -# Defaults [] -# Example: ['rsync_full_access', 'haproxy_connect_any'] -# -# [*selinux_modules*] -# (optional) Set of modules to load on the system -# Defaults [] -# Example: ['module1', 'module2'] -# Note: Those module should be in the $directory path -# -# [*limits*] -# (optional) Set of limits to set in /etc/security/limits.d/ -# Defaults {} -# Example: -# { -# 'mysql_nofile' => { -# 'ensure' => 'present', -# 'user' => 'mysql', -# 'limit_type' => 'nofile', -# 'both' => '16384', -# }, -# } -# -# [*sysctl*] -# (optional) Set of sysctl values to set. -# Defaults {} -# Example: -# { -# 'net.ipv4.ip_forward' => { -# 'value' => '1', -# }, -# 'net.ipv6.conf.all.forwarding => { -# 'value' => '1', -# }, -# } -# -# [*manage_firewall*] -# (optional) Completely enable or disable firewall settings -# (false means disabled, and true means enabled) -# Defaults to false -# -# [*firewall_rules*] -# (optional) Allow to add custom firewall rules -# Should be an hash. -# Default to {} -# -# [*purge_firewall_rules*] -# (optional) Boolean, purge all firewall resources -# Defaults to false -# -# [*firewall_pre_extras*] -# (optional) Allow to add custom parameters to firewall rules (pre stage) -# Should be an hash. -# Default to {} -# -# [*firewall_post_extras*] -# (optional) Allow to add custom parameters to firewall rules (post stage) -# Should be an hash. -# Default to {} -# -class cloud( - $rhn_registration = undef, - $root_password = 'root', - $dns_ips = ['8.8.8.8', '8.8.4.4'], - $site_domain = 'mydomain', - $motd_title = 'eNovance IT Operations', - $selinux_mode = 'permissive', - $selinux_directory = '/usr/share/selinux', - $selinux_booleans = [], - $selinux_modules = [], - $limits = {}, - $sysctl = {}, - $manage_firewall = false, - $firewall_rules = {}, - $purge_firewall_rules = false, - $firewall_pre_extras = {}, - $firewall_post_extras = {}, -) { - - include ::stdlib - - if ! ($::osfamily in [ 'RedHat', 'Debian' ]) { - fail("OS family unsuppored yet (${::osfamily}), module puppet-openstack-cloud only support RedHat or Debian") - } - - # motd - file - { - '/etc/motd': - ensure => file, - mode => '0644', - content => " -############################################################################ -# ${motd_title} # -############################################################################ -# # -# *** RESTRICTED ACCESS *** # -# Only the authorized users may access this system. # -# Any attempted unauthorized access or any action affecting this computer # -# system is punishable by the law of local country. # -# # -############################################################################ -This node is under the control of Puppet ${::puppetversion}. -"; - } - - # DNS - class { 'dnsclient': - nameservers => $dns_ips, - domain => $site_domain - } - - # Sudo - include ::sudo - include ::sudo::configs - - # NTP - include ::ntp - - # Security Limits - include ::limits - create_resources('limits::limits', $limits) - - # sysctl values - include ::sysctl::base - create_resources('sysctl::value', $sysctl) - - # SELinux - if $::osfamily == 'RedHat' { - class {'cloud::selinux' : - mode => $selinux_mode, - booleans => $selinux_booleans, - modules => $selinux_modules, - directory => $selinux_directory, - stage => 'setup', - } - } - - # Strong root password for all servers - user { 'root': - ensure => 'present', - gid => '0', - password => $root_password, - uid => '0', - } - - $cron_service_name = $::osfamily ? { - 'RedHat' => 'crond', - default => 'cron', - } - - service { 'cron': - ensure => running, - name => $cron_service_name, - enable => true - } - - if $::osfamily == 'RedHat' and $rhn_registration { - create_resources('rhn_register', { - "rhn-${::hostname}" => $rhn_registration - } ) - } - - if $manage_firewall { - - # Only purges IPv4 rules - if $purge_firewall_rules { - resources { 'firewall': - purge => true - } - } - - # anyone can add your own rules - # example with Hiera: - # - # cloud::firewall::rules: - # '300 allow custom application 1': - # port: 999 - # proto: udp - # action: accept - # '301 allow custom application 2': - # port: 8081 - # proto: tcp - # action: accept - # - create_resources('cloud::firewall::rule', $firewall_rules) - - ensure_resource('class', 'cloud::firewall::pre', { - 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', - }) - - ensure_resource('class', 'cloud::firewall::post', { - 'stage' => 'runtime', - 'firewall_settings' => $firewall_post_extras, - }) - } - -} diff --git a/manifests/install/puppetdb/config.pp b/manifests/install/puppetdb/config.pp deleted file mode 100644 index c9eb3e82..00000000 --- a/manifests/install/puppetdb/config.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::install::puppetdb::config -# -# Configure the puppetdb connection -# -class cloud::install::puppetdb::config { - - include ::puppetdb::master::config - -} diff --git a/manifests/install/puppetdb/server.pp b/manifests/install/puppetdb/server.pp deleted file mode 100644 index da0ed239..00000000 --- a/manifests/install/puppetdb/server.pp +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::install::puppetdb::server -# -# Configure the puppetdb server -# -class cloud::install::puppetdb::server { - - include ::puppetdb - include ::apache - - apache::vhost { 'puppetdb' : - docroot => '/tmp', - ssl => true, - ssl_cert => '/etc/puppet/ssl/puppetdb.pem', - ssl_key => '/etc/puppet/ssl/puppetdb.pem', - port => '8081', - servername => $::fqdn, - proxy_pass => [ - { - 'path' => '/', - 'url' => 'http://localhost:8080/' - } - ], - require => Class['::puppetdb'], - } - -} diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp deleted file mode 100644 index 26e134c7..00000000 --- a/manifests/loadbalancer.pp +++ /dev/null @@ -1,1052 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::loadbalancer -# -# Install Load-Balancer node (HAproxy + Keepalived) -# -# === Parameters: -# -# [*keepalived_vrrp_interface*] -# (optional) Networking interface to bind the vrrp traffic. -# Defaults to false (disabled) -# -# [*keepalived_public_interface*] -# (optional) Networking interface to bind the VIP connected to public network. -# Defaults to 'eth0' -# -# [*keepalived_internal_interface*] -# (optional) Networking interface to bind the VIP connected to internal network. -# keepalived_internal_ipvs should be configured to enable the internal VIP. -# Defaults to 'eth1' -# -# [*keepalived_public_ipvs*] -# (optional) IP address of the VIP connected to public network. -# Should be an array. -# Defaults to ['127.0.0.1'] -# -# [*keepalived_internal_ipvs*] -# (optional) IP address of the VIP connected to internal network. -# Should be an array. -# Defaults to false (disabled) -# -# [*keepalived_public_id*] -# (optional) used for the keepalived public virtual_router_id. -# Should be numeric. -# Defaults to '1' -# -# [*keepalived_internal_id*] -# (optional) used for the keepalived internal virtual_router_id. -# Should be numeric. -# Defaults to '2' -# -# [*keepalived_auth_type*] -# (optional) Authentication method. -# Supported methods are simple Passwd (PASS) or IPSEC AH (AH). -# Defaults to undef -# -# [*keepalived_auth_pass*] -# (optional) Authentication password. -# Password string (up to 8 characters). -# Defaults to undef -# -# [*swift_api*] -# (optional) Enable or not Swift public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*ceilometer_api*] -# (optional) Enable or not Ceilometer public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*cinder_api*] -# (optional) Enable or not Cinder public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*glance_api*] -# (optional) Enable or not Glance API public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*glance_registry*] -# (optional) Enable or not Glance Registry public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*neutron_api*] -# (optional) Enable or not Neutron public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_api*] -# (optional) Enable or not Heat public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_cfn_api*] -# (optional) Enable or not Heat CFN public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_cloudwatch_api*] -# (optional) Enable or not Heat Cloudwatch public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*nova_api*] -# (optional) Enable or not Nova public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*trove_api*] -# (optional) Enable or not Trove public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*horizon*] -# (optional) Enable or not Horizon public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*horizon_ssl*] -# (optional) Enable or not Horizon SSL public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*ec2_api*] -# (optional) Enable or not EC2 public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*spice*] -# (optional) Enable or not spice binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*novnc*] -# (optional) Enable or not novnc binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*elasticsearch*] -# (optional) Enable or not ElasticSearch binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*kibana*] -# (optional) Enable or not kibana binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*redis*] -# (optional) Enable or not redis binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*metadata_api*] -# (optional) Enable or not Metadata public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*keystone_api*] -# (optional) Enable or not Keystone public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*rabbitmq*] -# (optional) Enable or not RabbitMQ binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*sensu_dashboard*] -# (optional) Enable or not sensu_dashboard binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*sensu_api*] -# (optional) Enable or not sensu_api binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*keystone_api_admin*] -# (optional) Enable or not Keystone admin binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*haproxy_auth*] -# (optional) The HTTP sytle basic credentials (using login:password form) -# Defaults to 'admin:changeme' -# -# [*haproxy_options*] -# (optional) The haproxy global options -# Defaults to {} -# -# [*keepalived_state*] -# (optional) TODO -# Defaults to 'BACKUP' -# -# [*keepalived_priority*] -# (optional) TODO -# Defaults to '50' -# -# [*ceilometer_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*cinder_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*ec2_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*glance_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*glance_registry_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_cfn_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_cloudwatch_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*keystone_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*keystone_admin_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*metadata_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*neutron_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*nova_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*trove_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*swift_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*spice_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*novnc_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*horizon_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*horizon_ssl_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*rabbitmq_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*elasticsearch_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*kibana_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*sensu_dashboard_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*sensu_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*redis_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*galera_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*ks_ceilometer_public_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*ks_cinder_public_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_ec2_public_port*] -# (optional) TCP port to connect to EC2 API from public network -# Defaults to '8773' -# -# [*ks_glance_api_public_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9191' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*ks_heat_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone Admin API from public network -# Defaults to '35357' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_metadata_public_port*] -# (optional) TCP port to connect to Keystone metadata API from public network -# Defaults to '8775' -# -# [*ks_swift_public_port*] -# (optional) TCP port to connect to Swift API from public network -# Defaults to '8080' -# -# [*ks_trove_public_port*] -# (optional) TCP port to connect to Trove API from public network -# Defaults to '8779' -# -# [*ks_nova_public_port*] -# (optional) TCP port to connect to Nova API from public network -# Defaults to '8774' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*horizon_port*] -# (optional) Port used to connect to OpenStack Dashboard -# Defaults to '80' -# -# [*horizon_ssl_port*] -# (optional) Port used to connect to OpenStack Dashboard using SSL -# Defaults to '443' -# -# [*spice_port*] -# (optional) TCP port to connect to Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*novnc_port*] -# (optional) TCP port to connect to Nova vncproxy service. -# Defaults to '6080' -# -# [*rabbitmq_port*] -# (optional) Port of RabbitMQ service. -# Defaults to '5672' -# -# [*elasticsearch_port*] -# (optional) Port of ElasticSearch service. -# Defaults to '9200' -# -# [*kibana_port*] -# (optional) Port of Kibana service. -# Defaults to '8300' -# [*sensu_dashboard_port*] -# (optional) Port of Sensu Dashboard service. -# Defaults to '3000' -# -# [*sensu_api_port*] -# (optional) Port of Sensu API service. -# Defaults to '4568' -# -# [*redis_port*] -# (optional) Port of redis service. -# Defaults to '6379' -# -# [*galera_timeout*] -# (optional) Timeout for galera connections -# Defaults to '90m'. -# Note: when changing this parameter you should also change the -# *_db_idle_timeout for all services to be a little less -# than this timeout. -# -# [*galera_connections*] -# (optional) An integer that specifies the maxconn for MySQL -# Defaults to '4096' -# -# [*api_timeout*] -# (optional) Timeout for API services connections -# Defaults to '90m'. -# -# [*vip_public_ip*] -# (optional) Array or string for public VIP -# Should be part of keepalived_public_ips -# Defaults to '127.0.0.2' -# -# [*vip_internal_ip*] -# (optional) Array or string for internal VIP -# Should be part of keepalived_internal_ips -# Defaults to false -# -# [*vip_monitor_ip*] -# (optional) Array or string for monitor VIP -# Defaults to false -# -# [*galera_ip*] -# (optional) An array of Galera IP -# Defaults to ['127.0.0.1'] -# -# [*galera_slave*] -# (optional) A boolean to configure galera slave -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::loadbalancer( - $swift_api = true, - $ceilometer_api = true, - $cinder_api = true, - $glance_api = true, - $glance_registry = true, - $neutron_api = true, - $heat_api = true, - $heat_cfn_api = true, - $heat_cloudwatch_api = true, - $nova_api = true, - $ec2_api = true, - $metadata_api = true, - $keystone_api = true, - $keystone_api_admin = true, - $trove_api = true, - $horizon = true, - $horizon_ssl = false, - $rabbitmq = false, - $spice = false, - $novnc = true, - $elasticsearch = true, - $kibana = true, - $sensu_dashboard = true, - $sensu_api = true, - $redis = true, - $haproxy_auth = 'admin:changeme', - $haproxy_options = {}, - $keepalived_state = 'BACKUP', - $keepalived_priority = '50', - $keepalived_vrrp_interface = false, - $keepalived_public_interface = 'eth0', - $keepalived_public_ipvs = ['127.0.0.1'], - $keepalived_public_id = '1', - $keepalived_internal_interface = 'eth1', - $keepalived_internal_ipvs = false, - $keepalived_internal_id = '2', - $keepalived_auth_type = false, - $keepalived_auth_pass = false, - $ceilometer_bind_options = [], - $cinder_bind_options = [], - $ec2_bind_options = [], - $glance_api_bind_options = [], - $glance_registry_bind_options = [], - $heat_cfn_bind_options = [], - $heat_cloudwatch_bind_options = [], - $heat_api_bind_options = [], - $keystone_bind_options = [], - $keystone_admin_bind_options = [], - $metadata_bind_options = [], - $neutron_bind_options = [], - $nova_bind_options = [], - $trove_bind_options = [], - $swift_bind_options = [], - $spice_bind_options = [], - $novnc_bind_options = [], - $horizon_bind_options = [], - $horizon_ssl_bind_options = [], - $rabbitmq_bind_options = [], - $galera_bind_options = [], - $elasticsearch_bind_options = [], - $kibana_bind_options = [], - $sensu_dashboard_bind_options = [], - $sensu_api_bind_options = [], - $redis_bind_options = [], - $ks_ceilometer_public_port = 8777, - $ks_cinder_public_port = 8776, - $ks_ec2_public_port = 8773, - $ks_glance_api_public_port = 9292, - $ks_glance_registry_internal_port = 9191, - $ks_heat_cfn_public_port = 8000, - $ks_heat_cloudwatch_public_port = 8003, - $ks_heat_public_port = 8004, - $ks_keystone_admin_port = 35357, - $ks_keystone_public_port = 5000, - $ks_metadata_public_port = 8775, - $ks_neutron_public_port = 9696, - $ks_nova_public_port = 8774, - $ks_swift_public_port = 8080, - $ks_trove_public_port = 8779, - $rabbitmq_port = 5672, - $horizon_port = 80, - $horizon_ssl_port = 443, - $spice_port = 6082, - $novnc_port = 6080, - $elasticsearch_port = 9200, - $kibana_port = 8300, - $sensu_dashboard_port = 3000, - $sensu_api_port = 4568, - $redis_port = 6379, - $galera_timeout = '90m', - $galera_connections = '4096', - $api_timeout = '90m', - $vip_public_ip = ['127.0.0.1'], - $vip_internal_ip = false, - $vip_monitor_ip = false, - $galera_ip = ['127.0.0.1'], - $galera_slave = false, - $firewall_settings = {}, -){ - - include cloud::params - include cloud::network::contrail::haproxy - - $common_tcp_options = { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - - if $keepalived_vrrp_interface { - $keepalived_vrrp_interface_real = $keepalived_vrrp_interface - } else { - $keepalived_vrrp_interface_real = $keepalived_public_interface - } - - # Fail if OpenStack and Galera VIP are not in the VIP list - if $vip_public_ip and !(member(any2array($keepalived_public_ipvs), $vip_public_ip)) { - fail('vip_public_ip should be part of keepalived_public_ipvs.') - } - if $vip_internal_ip and !(member(any2array($keepalived_internal_ipvs),$vip_internal_ip)) { - fail('vip_internal_ip should be part of keepalived_internal_ipvs.') - } - if $galera_ip and !((member(any2array($keepalived_public_ipvs),$galera_ip)) or (member(any2array($keepalived_internal_ipvs),$galera_ip))) { - fail('galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs.') - } - - # TODO : Use global_options in puppetlabs-haproxy as merge in params.pp - $haproxy_default_options = { - 'log' => "${::ipaddress} local0", - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats', - 'nbproc' => $::processorcount - } - $haproxy_global_options = merge($haproxy_default_options,$haproxy_options) - # Ensure Keepalived is started before HAproxy to avoid binding errors. - class { 'keepalived': } -> - class { 'haproxy': - service_manage => true, - global_options => $haproxy_global_options - } - - keepalived::vrrp_script { 'haproxy': - name_is_process => $::cloud::params::keepalived_name_is_process, - script => $::cloud::params::keepalived_vrrp_script, - } - - keepalived::instance { $keepalived_public_id: - interface => $keepalived_vrrp_interface_real, - virtual_ips => unique(split(join(flatten([$keepalived_public_ipvs, ['']]), " dev ${keepalived_public_interface},"), ',')), - state => $keepalived_state, - track_script => ['haproxy'], - priority => $keepalived_priority, - auth_type => $keepalived_auth_type, - auth_pass => $keepalived_auth_pass, - notify_master => $::cloud::params::start_haproxy_service, - } - - - # If using an internal VIP, allow to use a dedicated interface for VRRP traffic. - # First we check if internal binding is enabled - if $keepalived_internal_ipvs { - # Then we validate this is not the same as public binding - if !empty(difference(any2array($keepalived_internal_ipvs), any2array($keepalived_public_ipvs))) { - if ! $keepalived_vrrp_interface { - $keepalived_vrrp_interface_internal = $keepalived_internal_interface - } else { - $keepalived_vrrp_interface_internal = $keepalived_vrrp_interface - } - keepalived::instance { $keepalived_internal_id: - interface => $keepalived_vrrp_interface_internal, - virtual_ips => unique(split(join(flatten([$keepalived_internal_ipvs, ['']]), " dev ${keepalived_internal_interface},"), ',')), - state => $keepalived_state, - track_script => ['haproxy'], - priority => $keepalived_priority, - auth_type => $keepalived_auth_type, - auth_pass => $keepalived_auth_pass, - notify_master => $::cloud::params::start_haproxy_service, - } - } - } - - logrotate::rule { 'haproxy': - path => '/var/log/haproxy.log', - rotate => 7, - rotate_every => 'day', - missingok => true, - ifempty => false, - delaycompress => true, - compress => true, - } - - if $vip_monitor_ip { - $vip_monitor_ip_real = $vip_monitor_ip - } else { - $vip_monitor_ip_real = $vip_public_ip - } - - haproxy::listen { 'monitor': - ipaddress => $vip_monitor_ip_real, - ports => '10300', - options => { - 'mode' => 'http', - 'monitor-uri' => '/status', - 'stats' => ['enable','uri /admin','realm Haproxy\ Statistics',"auth ${haproxy_auth}", 'refresh 5s' ], - '' => template('cloud/loadbalancer/monitor.erb'), - } - } - - # Instanciate HAproxy binding - cloud::loadbalancer::binding { 'keystone_api_cluster': - ip => $keystone_api, - port => $ks_keystone_public_port, - options => $common_tcp_options, - bind_options => $keystone_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'keystone_api_admin_cluster': - ip => $keystone_api_admin, - port => $ks_keystone_admin_port, - options => $common_tcp_options, - bind_options => $keystone_admin_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'swift_api_cluster': - ip => $swift_api, - port => $ks_swift_public_port, - bind_options => $swift_bind_options, - httpchk => 'httpchk /healthcheck', - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'nova_api_cluster': - ip => $nova_api, - port => $ks_nova_public_port, - options => $common_tcp_options, - bind_options => $nova_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'ec2_api_cluster': - ip => $ec2_api, - port => $ks_ec2_public_port, - options => $common_tcp_options, - bind_options => $ec2_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'metadata_api_cluster': - ip => $metadata_api, - port => $ks_metadata_public_port, - options => $common_tcp_options, - bind_options => $metadata_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'sensu_dashboard': - ip => $sensu_dashboard, - port => $sensu_dashboard_port, - bind_options => $sensu_dashboard_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - }, - } - cloud::loadbalancer::binding { 'sensu_api': - ip => $sensu_api, - port => $sensu_api_port, - bind_options => $sensu_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - 'rspadd' => ['Access-Control-Allow-Origin:\ *', 'Access-Control-Allow-Headers:\ origin,\ x-requested-with,\ content-type', 'Access-Control-Allow-Methods:\ PUT,\ GET,\ POST,\ DELETE,\ OPTIONS'], - }, - } - cloud::loadbalancer::binding { 'spice_cluster': - ip => $spice, - port => $spice_port, - options => $common_tcp_options, - bind_options => $spice_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'novnc_cluster': - ip => $novnc, - port => $novnc_port, - options => $common_tcp_options, - bind_options => $novnc_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'rabbitmq_cluster': - ip => $rabbitmq, - port => $rabbitmq_port, - options => { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'roundrobin', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - }, - bind_options => $rabbitmq_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'trove_api_cluster': - ip => $trove_api, - port => $ks_trove_public_port, - options => $common_tcp_options, - bind_options => $trove_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'glance_api_cluster': - ip => $glance_api, - options => $common_tcp_options, - port => $ks_glance_api_public_port, - bind_options => $glance_api_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'glance_registry_cluster': - ip => $glance_registry, - port => $ks_glance_registry_internal_port, - options => $common_tcp_options, - bind_options => $glance_registry_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'neutron_api_cluster': - ip => $neutron_api, - port => $ks_neutron_public_port, - options => $common_tcp_options, - bind_options => $neutron_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'cinder_api_cluster': - ip => $cinder_api, - port => $ks_cinder_public_port, - options => $common_tcp_options, - bind_options => $cinder_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'ceilometer_api_cluster': - ip => $ceilometer_api, - port => $ks_ceilometer_public_port, - options => $common_tcp_options, - bind_options => $ceilometer_bind_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_api_bind_options { - $heat_api_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_api_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_api_cluster': - ip => $heat_api, - port => $ks_heat_public_port, - options => $heat_api_options, - bind_options => $heat_api_bind_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_cfn_bind_options { - $heat_cfn_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_cfn_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_cfn_api_cluster': - ip => $heat_cfn_api, - port => $ks_heat_cfn_public_port, - bind_options => $heat_cfn_bind_options, - options => $heat_cfn_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_cloudwatch_bind_options { - $heat_cloudwatch_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_cloudwatch_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster': - ip => $heat_cloudwatch_api, - port => $ks_heat_cloudwatch_public_port, - bind_options => $heat_cloudwatch_bind_options, - options => $heat_cloudwatch_options, - firewall_settings => $firewall_settings, - } - - $horizon_ssl_options = { - 'mode' => 'tcp', - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn' - } - - if 'ssl' in $horizon_bind_options { - $horizon_options = { - 'cookie' => 'sessionid prefix', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'leastconn' - } - } else { - $horizon_options = { - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn' - } - } - - cloud::loadbalancer::binding { 'horizon_cluster': - ip => $horizon, - port => $horizon_port, - httpchk => "httpchk GET /${::cloud::params::horizon_auth_url} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-${::hostname}\"", - options => $horizon_options, - bind_options => $horizon_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'horizon_ssl_cluster': - ip => $horizon_ssl, - port => $horizon_ssl_port, - httpchk => 'ssl-hello-chk', - options => $horizon_ssl_options, - bind_options => $horizon_ssl_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'elasticsearch': - ip => $elasticsearch, - port => $elasticsearch_port, - bind_options => $elasticsearch_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'kibana': - ip => $kibana, - port => $kibana_port, - bind_options => $kibana_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'redis_cluster': - ip => $redis, - port => $redis_port, - options => { - 'mode' => 'tcp', - 'balance' => 'first', - 'option' => ['tcp-check',], - 'tcp-check' => ['send info\ replication\r\n','expect string role:master'], - }, - bind_options => $redis_bind_options, - firewall_settings => $firewall_settings, - } - - if (member(any2array($keepalived_public_ipvs), $galera_ip)) { - warning('Exposing Galera cluster to public network is a security issue.') - } - haproxy::listen { 'galera_cluster': - ipaddress => $galera_ip, - ports => 3306, - options => { - 'maxconn' => $galera_connections, - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '90m', - 'timeout server' => '90m', - }, - bind_options => $galera_bind_options, - } - - if $galera_slave { - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera-slave binding access': - port => '3307', - extras => $firewall_settings, - } - } - - haproxy::listen { 'galera_readonly_cluster': - ipaddress => $galera_ip, - ports => 3307, - options => { - 'maxconn' => $galera_connections, - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '90m', - 'timeout server' => '90m', - }, - bind_options => $galera_bind_options, - } - } - - # Allow HAProxy to bind to a non-local IP address - $haproxy_sysctl_settings = { - 'net.ipv4.ip_nonlocal_bind' => { value => 1 } - } - create_resources(sysctl::value,$haproxy_sysctl_settings) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera binding access': - port => '3306', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow haproxy monitor access': - port => '10300', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow keepalived access': - port => undef, - proto => 'vrrp', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/loadbalancer/binding.pp b/manifests/loadbalancer/binding.pp deleted file mode 100644 index c3b0ca84..00000000 --- a/manifests/loadbalancer/binding.pp +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Author: Emilien Macchi -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: cloud::loadbalancer::binding -# -define cloud::loadbalancer::binding ( - $ip, - $port, - $httpchk = undef, - $options = undef, - $bind_options = undef, - $firewall_settings = {}, -){ - - include cloud::loadbalancer - - # join all VIP together - $vip_public_ip_array = any2array($::cloud::loadbalancer::vip_public_ip) - $vip_internal_ip_array = any2array($::cloud::loadbalancer::vip_internal_ip) - if $::cloud::loadbalancer::vip_public_ip and $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = union($vip_public_ip_array, $vip_internal_ip_array) - } - if $::cloud::loadbalancer::vip_public_ip and ! $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = $vip_public_ip_array - } - if ! $::cloud::loadbalancer::vip_public_ip and $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = $vip_internal_ip_array - } - if ! $::cloud::loadbalancer::vip_internal_ip and ! $::cloud::loadbalancer::vip_public_ip { - fail('vip_public_ip and vip_internal_ip are both set to false, no binding is possible.') - } - - # when we do not want binding - if ($ip == false) { - notice("no HAproxy binding for ${name} has been enabled.") - } else { - # when we want both internal & public binding - if ($ip == true) { - $listen_ip_real = $all_vip_array - } else { - # when binding is specified in parameter - if (member($all_vip_array, $ip)) { - $listen_ip_real = $ip - } else { - fail("${ip} is not part of VIP pools.") - } - } - cloud::loadbalancer::listen_http { $name : - ports => $port, - httpchk => $httpchk, - options => $options, - listen_ip => $listen_ip_real, - bind_options => $bind_options; - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ "100 allow ${name} binding access": - port => $port, - extras => $firewall_settings, - } - } - - } - -} diff --git a/manifests/loadbalancer/listen_http.pp b/manifests/loadbalancer/listen_http.pp deleted file mode 100644 index bb1a26da..00000000 --- a/manifests/loadbalancer/listen_http.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Define:: -# -# cloud::loadbalancer::listen_http -# -define cloud::loadbalancer::listen_http( - $ports = 'unset', - $httpchk = 'httpchk', - $options = {}, - $bind_options = [], - $listen_ip = ['0.0.0.0']) { - - $options_basic = {'mode' => 'http', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'forwardfor', 'tcplog', $httpchk] } - - $options_custom = merge($options_basic, $options) - - if $options_custom['mode'] == 'http' { - $final_options = merge($options_custom, { 'http-check' => 'expect ! rstatus ^5' }) - } else { - $final_options = $options_custom - } - - haproxy::listen { $name: - ipaddress => $listen_ip, - ports => $ports, - options => $final_options, - bind_options => $bind_options, - } -} diff --git a/manifests/logging.pp b/manifests/logging.pp deleted file mode 100644 index 2af0c11e..00000000 --- a/manifests/logging.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging -# -# Configure common logging -# -class cloud::logging{ - - include ::fluentd - -} diff --git a/manifests/logging/agent.pp b/manifests/logging/agent.pp deleted file mode 100644 index 167caf7c..00000000 --- a/manifests/logging/agent.pp +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging::agent -# -# Configure logging agent -# -# === Parameters: -# -# [*syslog_enable*] -# (optional) Enable the configuration of rsyslog -# Defaults to false -# -# [*sources*] -# (optional) Fluentd sources -# Defaults to empty hash -# -# [*matches*] -# (optional) Fluentd matches -# Defaults to empty hash -# -# [*plugins*] -# (optional) Fluentd plugins to install -# Defaults to empty hash -# -# [*logrotate_rule*] -# (optional) A log rotate rule for the logging agent -# Defaults to empty hash -# -class cloud::logging::agent( - $syslog_enable = false, - $sources = {}, - $matches = {}, - $plugins = {}, - $logrotate_rule = $cloud::params::logging_agent_logrotate_rule, -) inherits cloud::params { - - include cloud::logging - - if $syslog_enable { - include rsyslog::client - } - - file { '/var/db': - ensure => directory, - } -> - file { '/var/db/td-agent': - ensure => 'directory', - owner => 'td-agent', - group => 'td-agent', - require => Class['fluentd'], - } - - ensure_resource('fluentd::configfile', keys($sources)) - ensure_resource('fluentd::configfile', keys($matches)) - create_resources('fluentd::source', $sources, {'require' => 'File[/var/db/td-agent]', 'notify' => 'Service[td-agent]'}) - create_resources('fluentd::match', $matches, {'notify' => 'Service[td-agent]'}) - create_resources('fluentd::install_plugin', $plugins) - create_resources('logrotate::rule', $logrotate_rule) - -} diff --git a/manifests/logging/server.pp b/manifests/logging/server.pp deleted file mode 100644 index bca3a9ad..00000000 --- a/manifests/logging/server.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging::server -# -# [*kibana_port*] -# (optional) Port of Kibana service. -# Defaults to '8300' -# -# [*kibana_bind_ip*] -# (optional) Address on which kibana is listening on -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::logging::server( - $kibana_port = '8300', - $kibana_bind_ip = '127.0.0.1', - $firewall_settings = {}, -) { - - Class['cloud::database::nosql::elasticsearch'] -> Class['kibana3'] - Class['cloud::database::nosql::elasticsearch'] -> Class['cloud::logging::agent'] - - include ::kibana3 - include cloud::database::nosql::elasticsearch - include cloud::logging::agent - - # Elasticsearch 1.4 ships with a security setting that prevents Kibana from connecting. - # We need to allow http cors in fluentd instance. - elasticsearch::instance {'fluentd' : - config => { 'http' => { 'cors.enabled' => true } } - } - - @@haproxy::balancermember{"${::fqdn}-kibana": - listening_service => 'kibana', - server_names => $::hostname, - ipaddresses => $kibana_bind_ip, - ports => $kibana_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow kibana access': - port => $kibana_port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/messaging.pp b/manifests/messaging.pp deleted file mode 100644 index 3d038a73..00000000 --- a/manifests/messaging.pp +++ /dev/null @@ -1,182 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::messaging -# -# Install Messsaging Server (RabbitMQ) -# -# === Parameters: -# -# [*rabbit_names*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to $::hostname -# -# [*rabbit_password*] -# (optional) Password to connect to OpenStack queues. -# Defaults to 'rabbitpassword' -# -# [*cluster_node_type*] -# (optional) Store the queues on the disc or in the RAM. -# Could be set to 'disk' or 'ram'. -# Defaults to 'disc' -# -# [*cluster_count*] -# (optional) Queue is mirrored to count nodes in the cluster. -# If there are less than count nodes in the cluster, the queue -# is mirrored to all nodes. If there are more than count nodes -# in the cluster, and a node containing a mirror goes down, -# then a new mirror will be created on another node. -# If a value is set, RabbitMQ policy will be 'exactly'. -# Otherwise, undef will set the policy to 'all' by default. -# To enable this feature, you need 'haproxy_binding' to true. -# Defaults to undef -# -# [*haproxy_binding*] -# (optional) Enable or not HAproxy binding for load-balancing. -# Defaults to false -# -# [*rabbitmq_ip*] -# (optional) IP address of RabbitMQ interface. -# Required when using HAproxy binding. -# Defaults to $::ipaddress -# -# [*rabbitmq_port*] -# (optional) Port of RabbitMQ service. -# Defaults to '5672' -# -# [*erlang_cookie*] -# (required) Erlang cookie to use. -# When running a cluster, this value should be the same for all -# the nodes. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::messaging( - $erlang_cookie, - $cluster_node_type = 'disc', - $cluster_count = undef, - $rabbit_names = $::hostname, - $rabbit_password = 'rabbitpassword', - $haproxy_binding = false, - $rabbitmq_ip = $::ipaddress, - $rabbitmq_port = '5672', - $firewall_settings = {}, -){ - - # we ensure having an array - $array_rabbit_names = any2array($rabbit_names) - - Class['rabbitmq'] -> Rabbitmq_vhost <<| |>> - Class['rabbitmq'] -> Rabbitmq_user <<| |>> - Class['rabbitmq'] -> Rabbitmq_user_permissions <<| |>> - - # Packaging issue: https://bugzilla.redhat.com/show_bug.cgi?id=1033305 - if $::osfamily == 'RedHat' { - $package_provider = 'yum' - file {'/usr/sbin/rabbitmq-plugins': - ensure => link, - target => '/usr/lib/rabbitmq/bin/rabbitmq-plugins' - } - - file {'/usr/sbin/rabbitmq-env': - ensure => link, - target => '/usr/lib/rabbitmq/bin/rabbitmq-env' - } - } - else { - $package_provider = $rabbitmq::params::package_provider - } - - class { 'rabbitmq': - delete_guest_user => true, - config_cluster => true, - cluster_nodes => $array_rabbit_names, - wipe_db_on_cookie_change => true, - cluster_node_type => $cluster_node_type, - node_ip_address => $rabbitmq_ip, - port => $rabbitmq_port, - erlang_cookie => $erlang_cookie, - package_provider => $package_provider, - } - - rabbitmq_vhost { ['/', '/sensu']: - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat','trove', 'sensu']: - admin => true, - password => $rabbit_password, - provider => 'rabbitmqctl', - require => Class['rabbitmq'] - } - rabbitmq_user_permissions {[ - 'nova@/', - 'glance@/', - 'neutron@/', - 'cinder@/', - 'ceilometer@/', - 'heat@/', - 'trove@/', - 'sensu@/sensu', - ]: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow rabbitmq access': - port => $rabbitmq_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow rabbitmq management access': - port => '55672', - extras => $firewall_settings, - } - } - - if $haproxy_binding { - - if $cluster_count { - $policy_name = "ha-exactly-${cluster_count}@/" - $definition = { - 'ha-mode' => 'exactly', - 'ha-params' => $cluster_count, - } - } else { - $policy_name = 'ha-all@/' - $definition = { - 'ha-mode' => 'all', - } - } - rabbitmq_policy { $policy_name: - pattern => '^(?!amq\.).*', - definition => $definition, - } - - @@haproxy::balancermember{"${::fqdn}-rabbitmq": - listening_service => 'rabbitmq_cluster', - server_names => $::hostname, - ipaddresses => $rabbitmq_ip, - ports => $rabbitmq_port, - options => 'check inter 5s rise 2 fall 3' - } - } - -} diff --git a/manifests/monitoring/agent/sensu.pp b/manifests/monitoring/agent/sensu.pp deleted file mode 100644 index 743a0e86..00000000 --- a/manifests/monitoring/agent/sensu.pp +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -class cloud::monitoring::agent::sensu { - - Package['sensu'] -> Sensu::Plugin <<| |>> - - include ::sensu -} diff --git a/manifests/monitoring/server/sensu.pp b/manifests/monitoring/server/sensu.pp deleted file mode 100644 index b9191f73..00000000 --- a/manifests/monitoring/server/sensu.pp +++ /dev/null @@ -1,134 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# [*checks*] -# (optionnal) Hash of checks and their respective options -# Defaults to {}. -# Example : -# $checks = { -# 'ntp' => { -# 'command' => '/etc/sensu/plugins/check-ntp.sh'}, -# 'http' => { -# 'command' => '/etc/sensu/plugins/check-http.sh'}, -# } -# -# [*handlers*] -# (optionnal) Hash of handlers and their respective options -# Defaults to {}. -# Example : -# $handlers = { -# 'mail' => { -# 'command' => 'mail -s "Sensu Alert" contact@example.com'}, -# } -# -# [*plugins*] -# (optionnal) Hash of handlers and their respective options -# Defaults to {}. -# Example : -# $plugins = { -# 'http://www.example.com/ntp.sh' => { -# 'type' => 'url', -# 'install_path' => '/etc/sensu/plugins', -# } -# } -# -# [*manage_sensu_plugins*] -# (optionnal) A boolean that determines if the Sensu plugins resources should be exported -# from this node -# Defaults to 'false' -# -# [*sensu_api_ip*] -# (optionnal) IP address to bind the sensu_api to -# Defaults to '%{::ipaddress}' -# -# [*sensu_api_port*] -# (optionnal) Port to bind the sensu_api to -# Defaults to '4568' -# -# [*uchiwa_ip*] -# (optionnal) IP address to bind uchiwa to -# Defaults to '%{::ipaddress}' -# -# [*uchiwa_port*] -# (optionnal) Port to bind uchiwa to -# Defaults to '3000' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::monitoring::server::sensu ( - $checks = {}, - $handlers = {}, - $plugins = {}, - $manage_sensu_plugins = false, - $sensu_api_ip = $::ipaddress, - $sensu_api_port = '4568', - $uchiwa_ip = $::ipaddress, - $uchiwa_port = '3000', - $firewall_settings = {}, -) { - - include cloud::params - - Service['sensu-api'] -> Service['uchiwa'] - Service['sensu-server'] -> Service['uchiwa'] - Service['sensu-server'] -> Sensu::Plugin <<| |>> - - include cloud::monitoring::agent::sensu - - create_resources('sensu::check', $checks) - create_resources('sensu::handler', $handlers) - - if $manage_sensu_plugins { - create_resources('@@sensu::plugin', $plugins) - } - - include ::uchiwa - uchiwa::api { 'OpenStack' : - host => $sensu_api_ip, - port => $sensu_api_port, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow sensu_dashboard access': - port => $uchiwa_port, - extras => $firewall_settings, - } - - cloud::firewall::rule{ '100 allow sensu_api access': - port => $sensu_api_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-sensu_dashboard": - listening_service => 'sensu_dashboard', - server_names => $::hostname, - ipaddresses => $uchiwa_ip, - ports => $uchiwa_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-sensu_api": - listening_service => 'sensu_api', - server_names => $::hostname, - ipaddresses => $sensu_api_ip, - ports => $sensu_api_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/network.pp b/manifests/network.pp deleted file mode 100644 index 53ea908f..00000000 --- a/manifests/network.pp +++ /dev/null @@ -1,124 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network -# -# Common class for network nodes -# -# === Parameters: -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*api_eth*] -# (optional) Which interface we bind the Neutron API server. -# Defaults to '127.0.0.1' -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*dhcp_lease_duration*] -# (optional) DHCP Lease duration (in seconds) -# Defaults to '120' -# -# [*plugin*] -# (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv', 'opencontrail'. -# Defaults to 'ml2' -# -# [*service_plugins*] -# (optional) List of service plugin entrypoints to be loaded from the neutron -# service_plugins namespace -# Defaults to ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'] -# -class cloud::network( - $verbose = true, - $debug = true, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $api_eth = '127.0.0.1', - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $dhcp_lease_duration = '120', - $plugin = 'ml2', - $service_plugins = ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - neutron_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/neutron' - } - - case $plugin { - 'ml2': { - $core_plugin = 'neutron.plugins.ml2.plugin.Ml2Plugin' - } - 'n1kv': { - $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' - } - 'opencontrail': { - $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' - } - default: { - fail("${plugin} plugin is not supported.") - } - } - - class { 'neutron': - allow_overlapping_ips => true, - verbose => $verbose, - debug => $debug, - rabbit_user => 'neutron', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_virtual_host => '/', - bind_host => $api_eth, - log_facility => $log_facility, - use_syslog => $use_syslog, - dhcp_agents_per_network => '2', - core_plugin => $core_plugin, - service_plugins => $service_plugins, - log_dir => $log_dir, - dhcp_lease_duration => $dhcp_lease_duration, - report_interval => '30', - } - -} diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp deleted file mode 100644 index 2a19b810..00000000 --- a/manifests/network/contrail/analytics.pp +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::analytics -# -# Install a Contrail analytics node -# -# === Parameters: -# -# [*bind_ip*] -# (optional) Address on which the Contrail analytics api is listening on -# Defaults to '127.0.0.1' -# -# [*port*] -# (optional) Port where Contrail analytics api is bound to -# Used for firewall purpose. -# Default to 8081 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::analytics ( - $bind_ip = '127.0.0.1', - $port = 8081, - $firewall_settings = {}, -){ - - include ::contrail::analytics - - @@haproxy::balancermember{"${::fqdn}-contrail-analytics-api": - listening_service => 'contrail_analytics_api', - server_names => $::hostname, - ipaddresses => $bind_ip, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail analytics access': - port => [$port, '8086'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp deleted file mode 100644 index cc0c543d..00000000 --- a/manifests/network/contrail/config.pp +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::config -# -# Install a Contrail config node -# -# === Parameters: -# -# [*api_bind_ip*] -# (optional) Address on which the Contrail config api is listening on -# Defaults to '127.0.0.1' -# -# [*discovery_bind_ip*] -# (optional) Address on which the Contrail discovery is listening on -# Defaults to '127.0.0.1' -# -# [*api_port*] -# (optional) Port where Contrail config api is bound to -# Used for firewall purpose. -# Default to 9100 -# -# [*discovery_port*] -# (optional) Port where Contrail discovery is bound to -# Used for firewall purpose. -# Default to 9110 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::config ( - $api_bind_ip = '127.0.0.1', - $discovery_bind_ip = '127.0.0.1', - $api_port = 9100, - $discovery_port = 9110, - $firewall_settings = {}, -){ - - include ::contrail::config - - @@haproxy::balancermember{"${::fqdn}-contrail-config-api": - listening_service => 'contrail_config_api', - server_names => $::hostname, - ipaddresses => $api_bind_ip, - ports => $api_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-contrail-config-discovery": - listening_service => 'contrail_config_discovery', - server_names => $::hostname, - ipaddresses => $discovery_bind_ip, - ports => $discovery_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail config access': - port => ['8443', '8087', '8088', $discovery_port, $api_port], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp deleted file mode 100644 index 76bf5d1b..00000000 --- a/manifests/network/contrail/control.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::control -# -# Install a Contrail control node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::control ( - $firewall_settings = {}, -){ - - include ::contrail::control - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail control access': - port => ['8083', '5269', '8092', '8093'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp deleted file mode 100644 index d8be7be0..00000000 --- a/manifests/network/contrail/database.pp +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::database -# -# Install a Contrail database node -# -# === Parameters: -# -# [*port*] -# (optional) Port where Kafka is bound to -# Used for firewall purpose. -# Default to 9042 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::database ( - $port = 9042, - $firewall_settings = {}, -){ - - include ::contrail::database - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail database access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/haproxy.pp b/manifests/network/contrail/haproxy.pp deleted file mode 100644 index 41ab345f..00000000 --- a/manifests/network/contrail/haproxy.pp +++ /dev/null @@ -1,183 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::haproxy -# -# Create the haproxy stanzas for Contrail related services -# -# === Parameters: -# -# [*contrail_analytics_api*] -# (optional) Enable or not Contrail analytics api public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to false -# -# [*contrail_config_api*] -# (optional) Enable or not Contrail config api binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*contrail_config_discovery*] -# (optional) Enable or not Contrail discoverybinding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*contrail_webui_http*] -# (optional) Enable or not Contrail webui http binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*contrail_webui_https*] -# (optional) Enable or not Contrail webui https binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*contrail_analytics_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_config_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_config_discovery_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_webui_http_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_webui_https_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_analytics_api_port*] -# (optional) TCP port to connect to Contrail analytics api from public network -# Defaults to '8081' -# -# [*contrail_config_api_port*] -# (optional) TCP port to connect to Contrail config api from public network -# Defaults to '8082' -# -# [*contrail_config_discovery_port*] -# (optional) TCP port to connect to Contrail discovery from public network -# Defaults to '5998' -# -# [*contrail_webui_http_port*] -# (optional) TCP port to connect to Contrail webui http from public network -# Defaults to '8079' -# -# [*contrail_webui_https_port*] -# (optional) TCP port to connect to Contrail webui https from public network -# Defaults to '8143' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::haproxy ( - $contrail_analytics_api = false, - $contrail_config_api = false, - $contrail_config_discovery = false, - $contrail_webui_http = false, - $contrail_webui_https = false, - $contrail_analytics_api_bind_options = [], - $contrail_config_api_bind_options = [], - $contrail_config_discovery_bind_options = [], - $contrail_webui_http_bind_options = [], - $contrail_webui_https_bind_options = [], - $contrail_analytics_api_port = 8081, - $contrail_config_api_port = 8082, - $contrail_config_discovery_port = 5998, - $contrail_webui_http_port = 8079, - $contrail_webui_https_port = 8143, - $firewall_settings = {}, -){ - - cloud::loadbalancer::binding { 'contrail_analytics_api': - ip => $contrail_analytics_api, - port => $contrail_analytics_api_port, - bind_options => $contrail_analytics_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger', 'tcp-check'], - 'default-server' => 'error-limit 1 on-error mark-down', - }, - } - - cloud::loadbalancer::binding { 'contrail_config_api': - ip => $contrail_config_api, - port => $contrail_config_api_port, - bind_options => $contrail_config_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger'], - }, - } - - cloud::loadbalancer::binding { 'contrail_config_discovery': - ip => $contrail_config_discovery, - port => $contrail_config_discovery_port, - bind_options => $contrail_config_discovery_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger'], - }, - } - - cloud::loadbalancer::binding { 'contrail_webui_http': - ip => $contrail_webui_http, - port => $contrail_webui_http_port, - bind_options => $contrail_webui_http_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - }, - } - - cloud::loadbalancer::binding { 'contrail_webui_https': - ip => $contrail_webui_https, - port => $contrail_webui_https_port, - bind_options => $contrail_webui_https_bind_options, - httpchk => 'ssl-hello-chk', - firewall_settings => $firewall_settings, - options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - } - } - -} diff --git a/manifests/network/contrail/rabbitmq.pp b/manifests/network/contrail/rabbitmq.pp deleted file mode 100644 index cae9b4ec..00000000 --- a/manifests/network/contrail/rabbitmq.pp +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::rabbitmq -# -# This resource creates RabbitMQ resources for Contrail -# -# == Parameters: -# -# [*user*] -# (optional) The username to use when connecting to Rabbit -# Defaults to 'contrail' -# -# [*password*] -# (optional) The password to use when connecting to Rabbit -# Defaults to 'contrailpassword' -# -# [*vhost*] -# (optional) The virtual host to use when connecting to Rabbit -# Defaults to '/' -# -# [*is_admin*] -# (optional) If the user should be admin or not -# Defaults to true -# -# [*configure_permission*] -# (optional) Define configure permission -# Defaults to '.*' -# -# [*write_permission*] -# (optional) Define write permission -# Defaults to '.*' -# -# [*read_permission*] -# (optional) Define read permission -# Defaults to '.*' -# -class cloud::network::contrail::rabbitmq ( - $user = 'contrail', - $password = 'contrailpassword', - $vhost = '/', - $is_admin = true, - $configure_permission = '.*', - $write_permission = '.*', - $read_permission = '.*', -) { - - rabbitmq_user { $user : - admin => $is_admin, - password => $password, - provider => 'rabbitmqctl', - } - - if !defined(Rabbitmq_vhost[$vhost]) { - rabbitmq_vhost { $vhost : - provider => 'rabbitmqctl', - } - } - - rabbitmq_user_permissions { "${user}@${vhost}" : - configure_permission => $configure_permission, - write_permission => $write_permission, - read_permission => $read_permission, - provider => 'rabbitmqctl', - } - -} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp deleted file mode 100644 index 2a2a0177..00000000 --- a/manifests/network/contrail/vrouter.pp +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::vrouter -# -# Install a Contrail vrouter agent on the node -# -# === Parameters: -# -class cloud::network::contrail::vrouter ( -){ - - include ::contrail::vrouter - -} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp deleted file mode 100644 index 5f291343..00000000 --- a/manifests/network/contrail/webui.pp +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::webui -# -# Install a Contrail webui node -# -# === Parameters: -# -# [*http_bind_ip*] -# (optional) Address on which the Contrail webui http service is listening on -# Defaults to '127.0.0.1' -# -# [*https_bind_ip*] -# (optional) Address on which the Contrail webui https service is listening on -# Defaults to '127.0.0.1' -# -# [*http_port*] -# (optional) Port where Contrail webui http service is bound to -# Used for firewall purpose. -# Default to 9100 -# -# [*https_port*] -# (optional) Port where Contrail webui https is bound to -# Used for firewall purpose. -# Default to 9110 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::webui ( - $http_bind_ip = '127.0.0.1', - $https_bind_ip = '127.0.0.1', - $http_port = 8080, - $https_port = 8143, - $firewall_settings = {}, -){ - - include ::contrail::webui - - @@haproxy::balancermember{"${::fqdn}-contrail-webui-http": - listening_service => 'contrail_webui_http', - server_names => $::hostname, - ipaddresses => $http_bind_ip, - ports => $http_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-contrail-webui-https": - listening_service => 'contrail_webui_https', - server_names => $::hostname, - ipaddresses => $https_bind_ip, - ports => $https_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail webui access': - port => [$http_port, $https_port], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp deleted file mode 100644 index a53c7855..00000000 --- a/manifests/network/controller.pp +++ /dev/null @@ -1,366 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network Controller node (API + Scheduler) -# -# === Parameters: -# -# [*neutron_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*neutron_db_user*] -# (optional) Name of neutron DB user. -# Defaults to trove -# -# [*neutron_db_password*] -# (optional) Password that will be used for the neutron db user. -# Defaults to 'neutronpassword' -# -# [*neutron_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*api_eth*] -# (optional) Which interface we bind the Neutron server. -# Defaults to '127.0.0.1' -# -# [*ks_admin_tenant*] -# (optional) Admin tenant name in Keystone -# Defaults to 'admin' -# -# [*nova_url*] -# (optional) URL for connection to nova (Only supports one nova region -# currently). -# Defaults to 'http://127.0.0.1:8774/v2' -# -# [*nova_admin_auth_url*] -# (optional) Authorization URL for connection to nova in admin context. -# Defaults to 'http://127.0.0.1:5000/v2.0' -# -# [*nova_admin_username*] -# (optional) Username for connection to nova in admin context -# Defaults to 'nova' -# -# [*nova_admin_tenant_name*] -# (optional) The name of the admin nova tenant -# Defaults to 'services' -# -# [*nova_admin_password*] -# (optional) Password for connection to nova in admin context. -# Defaults to 'novapassword' -# -# [*nova_region_name*] -# (optional) Name of nova region to use. Useful if keystone manages more than -# one region. -# Defaults to 'RegionOne' -# -# [*manage_ext_network*] -# (optionnal) Manage or not external network with provider network API -# Defaults to false. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -# [*tenant_network_types*] -# (optional) Handled tenant network types -# Defaults to ['gre'] -# Possible value ['local', 'flat', 'vlan', 'gre', 'vxlan'] -# -# [*type_drivers*] -# (optional) Drivers to load -# Defaults to ['gre', 'vlan', 'flat'] -# Possible value ['local', 'flat', 'vlan', 'gre', 'vxlan'] -# -# [*plugin*] -# (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv', 'opencontrail'. -# Defaults to 'ml2' -# -# [*l3_ha*] -# (optional) Enable L3 agent HA -# Defaults to false. -# -# [*router_distributed*] -# (optional) Create distributed tenant routers by default -# Right now, DVR is not compatible with l3_ha -# Defaults to false -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_admin_user*] -# (optional) Admin user to connect to Keystone API -# Defaults to 'admin' -# -# [*ks_keystone_admin_password*] -# (optional) Password for admin user to connect to Keystone API -# Defaults to 'password' -# -# [*ks_keystone_admin_token*] -# (optional) Token to connect to Keystone API as admin user -# Defaults to undef -# -# [*provider_vlan_ranges*] -# (optionnal) VLAN range for provider networks -# Defaults to ['physnet1:1000:2999'] -# -# [*flat_networks*] -# (optionnal) List of physical_network names with which flat networks -# can be created. Use * to allow flat networks with arbitrary -# physical_network names. -# Should be an array. -# Default to ['public']. -# -# [*n1kv_vsm_ip*] -# (required) N1KV VSM (Virtual Supervisor Module) VM's IP. -# Defaults to 127.0.0.1 -# -# [*n1kv_vsm_password*] -# (required) N1KV VSM (Virtual Supervisor Module) password. -# Defaults to secrete -# -# [*tunnel_id_ranges*] -# (optional) GRE tunnel id ranges. used by he ml2 plugin -# List of colon-separated id ranges -# Defaults to ['1:10000'] -# -# [*vni_ranges*] -# (optional) VxLan Network ID range. used by the ml2 plugin -# List of colon-separated id ranges -# Defaults to ['1:10000'] -# -# [*contrail_api_server_ip*] -# (optional) IP address of the Contrail API -# Defaults to 127.0.0.1 -# -# [*contrail_api_server_port*] -# (optional) Port of the Contrail API -# Defaults to 8082 -# -# [*contrail_multi_tenancy*] -# (optional) Should Contrail support multi tenancy -# Boolean. -# Defaults to true -# -# [*contrail_extensions*] -# (optional) Array of extensions enabled for Contrail -# Array of extensions -# Defaults to [''] -# -# [*mechanism_drivers*] -# (optional) Neutron mechanism drivers to run -# List of drivers. -# Note: if l3-ha is True, do not include l2population (not compatible in Juno). -# Defaults to ['linuxbridge', 'openvswitch','l2population'] -# -class cloud::network::controller( - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_idle_timeout = 5000, - $ks_neutron_password = 'neutronpassword', - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_admin_port = 35357, - $ks_keystone_admin_user = 'admin', - $ks_admin_tenant = 'admin', - $ks_keystone_admin_password = 'password', - $ks_keystone_admin_token = undef, - $ks_keystone_public_port = 5000, - $ks_neutron_public_port = 9696, - $api_eth = '127.0.0.1', - $nova_url = 'http://127.0.0.1:8774/v2', - $nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0', - $nova_admin_username = 'nova', - $nova_admin_tenant_name = 'services', - $nova_admin_password = 'novapassword', - $nova_region_name = 'RegionOne', - $manage_ext_network = false, - $firewall_settings = {}, - $flat_networks = ['public'], - $tenant_network_types = ['gre'], - $type_drivers = ['gre', 'vlan', 'flat'], - $provider_vlan_ranges = ['physnet1:1000:2999'], - $plugin = 'ml2', - $mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'], - $l3_ha = false, - $router_distributed = false, - # only needed by cisco n1kv plugin - $n1kv_vsm_ip = '127.0.0.1', - $n1kv_vsm_password = 'secrete', - # only needed by ml2 plugin - $tunnel_id_ranges = ['1:10000'], - $vni_ranges = ['1:10000'], - # only needed by opencontrail plugin - $contrail_api_server_ip = '127.0.0.1', - $contrail_api_server_port = '8082', - $contrail_multi_tenancy = true, - $contrail_extensions = [''], -) { - - include 'cloud::network' - include ::neutron::quota - - $encoded_user = uriescape($neutron_db_user) - $encoded_password = uriescape($neutron_db_password) - - if $l3_ha and $router_distributed { - fail 'l3_ha and router_distributed are mutually exclusive, only one of them can be set to true' - } - - validate_array($mechanism_drivers) - if $l3_ha and member($mechanism_drivers, 'l2population') { - fail 'l3_ha does not work with l2population mechanism driver in Juno.' - } - - class { 'neutron::server': - auth_password => $ks_neutron_password, - auth_host => $ks_keystone_admin_host, - auth_protocol => $ks_keystone_admin_proto, - auth_port => $ks_keystone_public_port, - database_connection => "mysql://${encoded_user}:${encoded_password}@${neutron_db_host}/neutron?charset=utf8", - database_idle_timeout => $neutron_db_idle_timeout, - mysql_module => '2.2', - api_workers => $::processorcount, - agent_down_time => '60', - l3_ha => $l3_ha, - router_distributed => $router_distributed, - } - - case $plugin { - 'ml2': { - $core_plugin = 'neutron.plugins.ml2.plugin.Ml2Plugin' - class { 'neutron::plugins::ml2': - type_drivers => $type_drivers, - tenant_network_types => $tenant_network_types, - network_vlan_ranges => $provider_vlan_ranges, - tunnel_id_ranges => $tunnel_id_ranges, - vni_ranges => $vni_ranges, - flat_networks => $flat_networks, - mechanism_drivers => $mechanism_drivers, - enable_security_group => true - } - } - - 'n1kv': { - $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' - class { 'neuton::plugins::cisco': - database_user => $neutron_db_user, - database_password => $neutron_db_password, - database_host => $neutron_db_host, - keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/", - keystone_password => $ks_neutron_password, - vswitch_plugin => 'neutron.plugins.cisco.n1kv.n1kv_neutron_plugin.N1kvNeutronPluginV2', - } - neutron_plugin_cisco { - 'securitygroup/firewall_driver': value => 'neutron.agent.firewall.NoopFirewallDriver'; - "N1KV:${n1kv_vsm_ip}/username": value => 'admin'; - "N1KV:${n1kv_vsm_ip}/password": value => $n1kv_vsm_password; - # TODO (EmilienM) not sure about this one: - 'database/connection': value => "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/neutron"; - } - } - - 'opencontrail': { - $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' - class { 'neutron::plugins::opencontrail': - api_server_ip => $contrail_api_server_ip , - api_server_port => $contrail_api_server_port, - multi_tenancy => $contrail_multi_tenancy, - contrail_extensions => $contrail_extensions, - keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/", - keystone_admin_user => $ks_keystone_admin_user, - keystone_admin_tenant_name => $ks_admin_tenant, - keystone_admin_password => $ks_keystone_admin_password, - keystone_admin_token => $ks_keystone_admin_token, - } - } - - default: { - fail("${plugin} plugin is not supported.") - } - } - - class { 'neutron::server::notifications': - nova_url => $nova_url, - nova_admin_auth_url => $nova_admin_auth_url, - nova_admin_username => $nova_admin_username, - nova_admin_tenant_name => $nova_admin_tenant_name, - nova_admin_password => $nova_admin_password, - nova_region_name => $nova_region_name - } - - if $manage_ext_network { - neutron_network {'public': - provider_network_type => 'flat', - provider_physical_network => 'public', - shared => true, - router_external => true - } - } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Neutron DB. - # It's a hack to fit with our setup where we run MySQL/Galera - Neutron_config<| |> -> - exec {'neutron_db_sync': - command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - path => '/usr/bin', - user => 'neutron', - unless => "/usr/bin/mysql neutron -h ${neutron_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables", - require => 'Neutron_config[DEFAULT/service_plugins]', - notify => Service['neutron-server'] - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow neutron-server access': - port => $ks_neutron_public_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-neutron_api": - listening_service => 'neutron_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_neutron_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/network/dhcp.pp b/manifests/network/dhcp.pp deleted file mode 100644 index 45da0dd1..00000000 --- a/manifests/network/dhcp.pp +++ /dev/null @@ -1,87 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network DHCP node -# -# === Parameters: -# -# [*veth_mtu*] -# (optional) Enforce the default virtual interface MTU (option 26) -# Defaults to 1500 -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*dnsmasq_dns_servers*] -# (optional) An array of DNS IP used to configure Virtual server resolver -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::dhcp( - $veth_mtu = 1500, - $debug = true, - $dnsmasq_dns_servers = false, - $firewall_settings = {}, -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::dhcp': - debug => $debug, - dnsmasq_config_file => '/etc/neutron/dnsmasq-neutron.conf', - enable_isolated_metadata => true - } - - if $dnsmasq_dns_servers { - neutron_dhcp_agent_config { 'DEFAULT/dnsmasq_dns_servers': - value => join($dnsmasq_dns_servers, ',') - } - } else { - neutron_dhcp_agent_config { 'DEFAULT/dnsmasq_dns_servers': - ensure => absent - } - } - - file { '/etc/neutron/dnsmasq-neutron.conf': - content => template('cloud/network/dnsmasq-neutron.conf.erb'), - owner => 'root', - mode => '0755', - group => 'root', - notify => Service['neutron-dhcp-agent'] - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow dhcp in access': - port => '67', - proto => 'udp', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow dhcp out access': - port => '68', - proto => 'udp', - chain => 'OUTPUT', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/l3.pp b/manifests/network/l3.pp deleted file mode 100644 index e59fd646..00000000 --- a/manifests/network/l3.pp +++ /dev/null @@ -1,132 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network L3 node -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*ext_provider_net*] -# (optional) Manage L3 with another provider -# Defaults to false -# -# [*external_int*] -# (optional) The name of the external nic -# Defaults to eth1 -# -# [*manage_tso*] -# (optional) Disable TSO on Neutron interfaces -# Defaults to true -# -# [*ha_enabled*] -# (optional) Enable HA for L3 agent or not. -# Defaults to false -# -# [*ha_vrrp_auth_type*] -# (optional) VRRP authentication type. Can be AH or PASS. -# Defaults to "PASS" -# -# [*ha_vrrp_auth_password*] -# (optional) VRRP authentication password. Required if ha_enabled = true. -# Defaults to undef -# -# [*allow_automatic_l3agent_failover*] -# (optional) Automatically reschedule routers from offline L3 agents to online -# L3 agents. -# Defaults to 'False' -# -# [*agent_mode*] -# (optional) The working mode for the agent. -# 'legacy': default behavior (without DVR) -# 'dvr': enable DVR for an L3 agent running on compute node (DVR in production) -# 'dvr_snat': enable DVR with centralized SNAT support (DVR for single-host, for testing only) -# Right now, DVR is not compatible with ha_enabled -# Defaults to 'legacy' -# -class cloud::network::l3( - $external_int = 'eth1', - $ext_provider_net = false, - $debug = true, - $manage_tso = true, - $ha_enabled = false, - $ha_vrrp_auth_type = 'PASS', - $ha_vrrp_auth_password = undef, - $allow_automatic_l3agent_failover = false, - $agent_mode = 'legacy', - -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - if $ha_enabled and $agent_mode != 'legacy' { - fail 'ha_enabled requires agent_mode to be set to legacy' - } - - if ! $ext_provider_net { - vs_bridge{'br-ex': - external_ids => 'bridge-id=br-ex', - } -> - vs_port{$external_int: - ensure => present, - bridge => 'br-ex' - } - $external_network_bridge_real = 'br-ex' - } else { - $external_network_bridge_real = '' - } - - class { 'neutron::agents::l3': - debug => $debug, - external_network_bridge => $external_network_bridge_real, - ha_enabled => $ha_enabled, - ha_vrrp_auth_type => $ha_vrrp_auth_type, - ha_vrrp_auth_password => $ha_vrrp_auth_password, - allow_automatic_l3agent_failover => $allow_automatic_l3agent_failover, - agent_mode => $agent_mode, - } - - class { 'neutron::agents::metering': - debug => $debug, - } - - # Disabling TSO/GSO/GRO - if $manage_tso { - if $::osfamily == 'Debian' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/update-rc.d disable-tso defaults', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } elsif $::osfamily == 'RedHat' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/chkconfig disable-tso on', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - ensure_resource ('exec','start-tso-script', { - 'command' => '/etc/init.d/disable-tso start', - 'unless' => '/usr/bin/test -f /var/run/disable-tso.pid', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - -} diff --git a/manifests/network/lbaas.pp b/manifests/network/lbaas.pp deleted file mode 100644 index c65a4f23..00000000 --- a/manifests/network/lbaas.pp +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network LBaaS node -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*manage_haproxy_pkg*] -# (optional) Manage or not HAproxy package -# Defaults to true -# -class cloud::network::lbaas( - $debug = true, - $manage_haproxy_pkg = true -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::lbaas': - manage_haproxy_package => $manage_haproxy_pkg, - debug => $debug, - } - -} diff --git a/manifests/network/metadata.pp b/manifests/network/metadata.pp deleted file mode 100644 index 7cf5a38a..00000000 --- a/manifests/network/metadata.pp +++ /dev/null @@ -1,93 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::metadata -# -# Network Metadata node -# -# === Parameters: -# -# [*enabled*] -# (optional) State of the metadata service. -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*neutron_metadata_proxy_shared_secret*] -# (optional) Shared secret to validate proxies Neutron metadata requests -# Defaults to 'metadatapassword' -# -# [*nova_metadata_server*] -# (optional) Hostname or IP of the Nova metadata server -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_nova_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*auth_region*] -# (optional) OpenStack Region Name -# Defaults to 'RegionOne' -# -class cloud::network::metadata( - $enabled = true, - $debug = true, - $ks_neutron_password = 'neutronpassword', - $neutron_metadata_proxy_shared_secret = 'asecreteaboutneutron', - $nova_metadata_server = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_admin_port = 35357, - $ks_keystone_admin_host = '127.0.0.1', - $auth_region = 'RegionOne', - $ks_nova_internal_proto = 'http' -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::metadata': - enabled => $enabled, - shared_secret => $neutron_metadata_proxy_shared_secret, - debug => $debug, - metadata_ip => $nova_metadata_server, - auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", - auth_password => $ks_neutron_password, - auth_region => $auth_region, - metadata_workers => $::processorcount, - } - - neutron_metadata_agent_config { - 'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto; - } - -} diff --git a/manifests/network/vpn.pp b/manifests/network/vpn.pp deleted file mode 100644 index f351f592..00000000 --- a/manifests/network/vpn.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network VPNaaS node -# -class cloud::network::vpn{ - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::vpnaas': } - -} diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp deleted file mode 100644 index 3c175c7d..00000000 --- a/manifests/network/vswitch.pp +++ /dev/null @@ -1,259 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network vswitch class -# -# === Parameters: -# -# [*driver*] -# (optional) Neutron vswitch driver -# Supported values: 'ml2_ovs', 'ml2_lb', 'n1kv_vem'. -# Note: 'n1kv_vem' currently works only on Red Hat systems. -# Defaults to 'ml2_ovs' -# -# [*external_int*] -# (optionnal) Network interface to bind the external provider network -# Defaults to 'eth1'. -# -# [*external_bridge*] -# (optionnal) OVS bridge used to bind external provider network -# Defaults to 'br-pub'. -# -# [*manage_ext_network*] -# (optionnal) Manage or not external network with provider network API -# Defaults to false. -# -# [*tunnel_eth*] -# (optional) Interface IP used to build the tunnels -# Defaults to '127.0.0.1' -# -# [*tunnel_typeis] -# (optional) List of types of tunnels to use when utilizing tunnels -# Defaults to ['gre'] -# -# [*provider_bridge_mappings*] -# (optional) List of : -# -# [*enable_distributed_routing*] -# (optional) Enable support for distributed routing on L2 agent. -# Defaults to false. -# -# [*n1kv_vsm_ip*] -# (required) N1KV VSM (Virtual Supervisor Module) VM's IP. -# Defaults to 127.0.0.1 -# -# [*n1kv_vsm_domainid*] -# (required) N1KV VSM DomainID. -# Defaults to 1000 -# -# [*host_mgmt_intf*] -# (required) Management Interface of node where VEM will be installed. -# Defaults to eth1 -# -# [*uplink_profile*] -# (optional) Uplink Interfaces that will be managed by VEM. The uplink -# port-profile that configures these interfaces should also be specified. -# (format) -# $uplink_profile = { 'eth1' => 'profile1', -# 'eth2' => 'profile2' -# }, -# Defaults to empty -# -# [*vtep_config*] -# (optional) Virtual tunnel interface configuration. -# Eg:VxLAN tunnel end-points. -# (format) -# $vtep_config = { 'vtep1' => { 'profile' => 'virtprof1', -# 'ipmode' => 'dhcp' -# }, -# 'vtep2' => { 'profile' => 'virtprof2', -# 'ipmode' => 'static', -# 'ipaddress' => '192.168.1.1', -# 'netmask' => '255.255.255.0' -# } -# }, -# Defaults to empty -# -# [*node_type*] -# (optional). Specify the type of node: 'compute' (or) 'network'. -# Defaults to 'compute' -# -# All the above parameter values will be used in the config file: n1kv.conf -# -# [*vteps_in_same_subnet*] -# (optional) -# The VXLAN tunnel interfaces created on VEM can belong to same IP-subnet. -# In such case, set this parameter to true. This results in below -# 'sysctl:ipv4' values to be modified. -# rp_filter (reverse path filtering) set to 2(Loose).Default is 1(Strict) -# arp_ignore (arp reply mode) set to 1:reply only if target ip matches -# that of incoming interface. Default is 0 -# Please refer Linux Documentation for detailed description -# http://lxr.free-electrons.com/source/Documentation/networking/ip-sysctl.txt -# -# If the tunnel interfaces are not in same subnet set this parameter to false. -# Note that setting to false causes no change in the sysctl settings and does -# not revert the changes made if it was originally set to true on a previous -# catalog run. -# -# Defaults to false -# -# [*n1kv_source*] -# (optional) -# n1kv_source ==> VEM package location. One of below -# A)URL of yum repository that hosts VEM package. -# B)VEM RPM/DPKG file name, If present locally in 'files' folder -# C)If not specified, assumes that VEM image is available in -# default enabled repositories. -# Defaults to empty -# -# [*n1kv_version*] -# (optional). Specify VEM package version to be installed. -# Not applicable if 'n1kv_source' is a file. (Option-B above) -# Defaults to 'present' -# -# [*tunnel_types*] -# (optional) List of types of tunnels to use when utilizing tunnels. -# Supported tunnel types are: vxlan. -# Defaults to ['gre'] -# -# [*n1kv_vsm_domain_id*] -# (optional) N1000 KV Domain ID (does nothing?) -# Defaults to 1000 -# -# [*enable_tunneling*] -# (optional) Enable or not tunneling. -# Should be disable if using VLAN but enabled if using GRE or VXLAN. -# Defailts to true -# -# [*l2_population*] -# (optional) Enable or not L2 population. -# If enabled, should be part of mechanism_drivers in cloud::network::controller. -# Should be disabled if running L3 HA with VRRP in Juno. -# Defaults to true -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::vswitch( - # common - $driver = 'ml2_ovs', - $manage_ext_network = false, - $external_int = 'eth1', - $external_bridge = 'br-pub', - $firewall_settings = {}, - # common to ml2 - $tunnel_types = ['gre'], - $tunnel_eth = '127.0.0.1', - $enable_tunneling = true, - $l2_population = true, - # ml2_ovs - $provider_bridge_mappings = ['public:br-pub'], - $enable_distributed_routing = false, - # n1kv_vem - $n1kv_vsm_ip = '127.0.0.1', - $n1kv_vsm_domain_id = 1000, - $host_mgmt_intf = 'eth1', - $uplink_profile = {}, - $vtep_config = {}, - $node_type = 'compute', - $vteps_in_same_subnet = false, - $n1kv_source = '', - $n1kv_version = 'present', -) { - - include 'cloud::network' - - case $driver { - 'ml2_ovs': { - class { 'neutron::agents::ml2::ovs': - enable_tunneling => $enable_tunneling, - l2_population => $l2_population, - polling_interval => '15', - tunnel_types => $tunnel_types, - bridge_mappings => $provider_bridge_mappings, - local_ip => $tunnel_eth, - enable_distributed_routing => $enable_distributed_routing - } - - if $::osfamily == 'RedHat' { - kmod::load { 'ip_gre': } - } - } - - 'ml2_lb': { - class { 'neutron::agents::ml2::linuxbridge': - l2_population => $l2_population, - polling_interval => '15', - tunnel_types => $tunnel_types, - local_ip => $tunnel_eth - } - - if $::osfamily == 'RedHat' { - kmod::load { 'ip_gre': } - } - } - - 'n1kv_vem': { - # We don't check if we are on Red Hat system - # (already done by puppet-neutron) - class { 'neutron::agents::n1kv_vem': - n1kv_vsm_ip => $n1kv_vsm_ip, - n1kv_vsm_domain_id => $n1kv_vsm_domain_id, - host_mgmt_intf => $host_mgmt_intf, - uplink_profile => $uplink_profile, - vtep_config => $vtep_config, - node_type => $node_type, - vteps_in_same_subnet => $vteps_in_same_subnet, - n1kv_source => $n1kv_source, - n1kv_version => $n1kv_version, - } - ensure_resource('package', 'nexus1000v', { - ensure => present - }) - } - - default: { - fail("${driver} driver is not supported.") - } - } - - if $manage_ext_network { - vs_port {$external_int: - ensure => present, - bridge => $external_bridge - } - } - - if $::cloud::manage_firewall { - if ('gre' in $tunnel_types) { - cloud::firewall::rule{ '100 allow gre access': - port => undef, - proto => 'gre', - extras => $firewall_settings, - } - } - if ('vxlan' in $tunnel_types) { - cloud::firewall::rule{ '100 allow vxlan access': - port => '4789', - proto => 'udp', - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/object.pp b/manifests/object.pp deleted file mode 100644 index d7d9e917..00000000 --- a/manifests/object.pp +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object -# -# Common class for object storage nodes -# -# === Parameters: -# -# [*swift_hash_suffix*] -# (required) String of text to be used as a salt when hashing to determine mappings in the ring. -# -class cloud::object( - $swift_hash_suffix = undef -) { - - class { 'swift': - swift_hash_suffix => $swift_hash_suffix, - } - -} diff --git a/manifests/object/controller.pp b/manifests/object/controller.pp deleted file mode 100644 index 9fccd07c..00000000 --- a/manifests/object/controller.pp +++ /dev/null @@ -1,178 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::controller -# -# Swift Proxy node -# -# === Parameters: -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_internal_port*] -# (optional) TCP port to connect to Swift from internal network -# Defaults to '8080' -# -# [*ks_swift_password*] -# (optional) Password used by Swift to connect to Keystone API -# Defaults to 'swiftpassword' -# -# [*ks_swift_dispersion_password*] -# (optional) Password of the dispersion tenant, used for swift-dispersion-report -# and swift-dispersion-populate tools. -# Defaults to 'dispersion' -# -# [*api_eth*] -# (optional) Which interface we bind the Swift proxy server. -# Defaults to '127.0.0.1' -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*statsd_host*] -# (optional) Hostname or IP of the statd server. -# Defaults to '127.0.0.1' -# -# [*statsd_port*] -# (optional) TCP port of the statd server -# Defaults to '4125' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::object::controller( - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = 35357, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = 5000, - $ks_swift_dispersion_password = 'dispersion', - $ks_swift_internal_port = 8080, - $ks_keystone_internal_proto = 'http', - $ks_keystone_admin_proto = 'http', - $ks_swift_password = 'swiftpassword', - $statsd_host = '127.0.0.1', - $statsd_port = 4125, - $memcache_servers = ['127.0.0.1:11211'], - $api_eth = '127.0.0.1', - $firewall_settings = {}, -) { - - include 'cloud::object' - - class { 'swift::proxy': - proxy_local_net_ip => $api_eth, - port => $ks_swift_internal_port, - pipeline => [ - 'catch_errors', 'healthcheck', 'cache', 'bulk', 'ratelimit', - 'swift3', 's3token', 'container_quotas', 'account_quotas', 'tempurl', - 'formpost', 'authtoken', 'keystone', 'staticweb', - 'proxy-logging', 'proxy-server'], - account_autocreate => true, - log_level => 'DEBUG', - workers => inline_template('<%= @processorcount.to_i * 2 %> -cors_allow_origin = <%= scope.lookupvar("swift_cors_allow_origin") %> -log_statsd_host = <%= scope.lookupvar("statsd_host") %> -log_statsd_port = <%= scope.lookupvar("statsd_port") %> -log_statsd_default_sample_rate = 1 -'), - } - - class{'swift::proxy::cache': - memcache_servers => inline_template( - '<%= scope.lookupvar("memcache_servers").join(",") %>'), - } - class { 'swift::proxy::account_quotas': } - class { 'swift::proxy::bulk': } - class { 'swift::proxy::catch_errors': } - class { 'swift::proxy::container_quotas': } - class { 'swift::proxy::formpost': } - class { 'swift::proxy::healthcheck': } - class { 'swift::proxy::proxy_logging': } - class { 'swift::proxy::ratelimit': } - class { 'swift::proxy::slo': } - class { 'swift::proxy::staticweb': } - class { 'swift::proxy::tempurl': } - - class { 'swift::proxy::keystone': - operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], - } - - class { 'swift::proxy::authtoken': - admin_password => $ks_swift_password, - auth_host => $ks_keystone_admin_host, - auth_port => $ks_keystone_admin_port, - auth_protocol => $ks_keystone_admin_proto, - delay_auth_decision => inline_template('1 -cache = swift.cache') - } - class { 'swift::proxy::swift3': - ensure => 'latest', - } - class { 'swift::proxy::s3token': - auth_host => $ks_keystone_admin_host, - auth_port => $ks_keystone_admin_port, - auth_protocol => $ks_keystone_internal_proto - } - - class { 'swift::dispersion': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - swift_dir => '/etc/swift', - auth_pass => $ks_swift_dispersion_password, - endpoint_type => 'internalURL' - } - - Swift::Ringsync<<| |>> #~> Service["swift-proxy"] - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow swift-proxy access': - port => $ks_swift_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-swift_api": - listening_service => 'swift_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_swift_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/object/ringbuilder.pp b/manifests/object/ringbuilder.pp deleted file mode 100644 index 6519dbd2..00000000 --- a/manifests/object/ringbuilder.pp +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::ringbuilder -# -# Swift ring builder node -# -# === Parameters: -# -# [*enabled*] -# (optional) Enable or not the Swift ringbuilder rsync server -# Defaults to false -# -# [*rsyncd_ipaddress*] -# (optional) Hostname or IP of the swift ringbuilder rsync daemon -# Defaults to '127.0.0.1' -# -# [*replicas*] -# (optional) Number of replicas to kept -# Defaults to '3' -# -# [*swift_rsync_max_connections*] -# (optional) Max number of connections to the rsync daemon -# Defaults to '5' -# -class cloud::object::ringbuilder( - $enabled = false, - $rsyncd_ipaddress = '127.0.0.1', - $replicas = 3, - $swift_rsync_max_connections = 5, -) { - - include cloud::object - - if $enabled { - Ring_object_device <<| |>> - Ring_container_device <<| |>> - Ring_account_device <<| |>> - - class {'swift::ringbuilder' : - part_power => 15, - replicas => $replicas, - min_part_hours => 24, - } - - class {'swift::ringserver' : - local_net_ip => $rsyncd_ipaddress, - max_connections => $swift_rsync_max_connections, - } - - # exports rsync gets that can be used to sync the ring files - @@swift::ringsync { ['account', 'object', 'container']: - ring_server => $rsyncd_ipaddress, - } - } - -} - diff --git a/manifests/object/set_io_scheduler.pp b/manifests/object/set_io_scheduler.pp deleted file mode 100644 index 8f0d0a7a..00000000 --- a/manifests/object/set_io_scheduler.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Swift set_io_scheduler -# -define cloud::object::set_io_scheduler(){ - # TODO: Add it on server boot - exec{"/bin/echo deadline > /sys/block/${name}/queue/scheduler": - onlyif => [ - "/usr/bin/test '-e /sys/block/${name}/queue/scheduler'", - "/bin/grep -v -F '[deadline]' /sys/block/${name}/queue/scheduler" - ], - } -} diff --git a/manifests/object/storage.pp b/manifests/object/storage.pp deleted file mode 100644 index ae19ef7a..00000000 --- a/manifests/object/storage.pp +++ /dev/null @@ -1,172 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::storage -# -# Swift Storage node -# -# === Parameters: -# -# [*storage_eth*] -# (optional) IP or hostname of the Swift storage node -# Defaults to '127.0.0.1' -# -# [*swift_zone*] -# (optional) Name of the swift zone -# Defaults to undef -# -# [*object_port*] -# (optional) TCP port number of the Object middleware -# Defaults to '6000' -# -# [*container_port*] -# (optional) TCP port number of the container middleware -# Defaults to '6001' -# -# [*account_port*] -# (optional) TCP port number of the account middleware -# Defaults to '6002' -# -# [*fstype*] -# (optional) Name of the File-System type -# Defaults to 'xfs' -# -# [*device_config_hash*] -# (optional) A hash of options to pass to io scheduler -# Defaults to {} -# -# [*ring_container_device*] -# (optional) The name of the container device -# Defaults to 'sdb' -# -# [*ring_account_device*] -# (optional) The name of the account device -# Defaults to 'sdb' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::object::storage( - $storage_eth = '127.0.0.1', - $swift_zone = undef, - $object_port = '6000', - $container_port = '6001', - $account_port = '6002', - $fstype = 'xfs', - $device_config_hash = {}, - $ring_container_device = 'sdb', - $ring_account_device = 'sdb', - $firewall_settings = {}, -) { - - include 'cloud::object' - - include 'cloud::object::tweaking' - - class { 'swift::storage': - storage_local_net_ip => $storage_eth, - } - - Rsync::Server::Module { - incoming_chmod => 'u=rwX,go=rX', - outgoing_chmod => 'u=rwX,go=rX', - } - - Swift::Storage::Server { - #devices => $devices, - storage_local_net_ip => $storage_eth, - workers => inline_template('<%= @processorcount.to_i / 2 %>'), - replicator_concurrency => 2, - updater_concurrency => 1, - reaper_concurrency => 1, - require => Class['swift'], - mount_check => true, - } - # concurrency at 2 and 1 seems better see - # http://docs.openstack.org/trunk/openstack-object-storage/admin/content/general-service-tuning.html - - swift::storage::server { $account_port: - type => 'account', - config_file_path => 'account-server.conf', - pipeline => ['healthcheck', 'account-server'], - log_facility => 'LOG_LOCAL2', - } - - swift::storage::server { $container_port: - type => 'container', - config_file_path => 'container-server.conf', - workers => inline_template("<%= @processorcount.to_i / 2 %> -db_preallocation = on -allow_versions = on -"), # great hack :( - pipeline => ['healthcheck', 'container-server'], - log_facility => 'LOG_LOCAL4', - } - - swift::storage::server { $object_port: - type => 'object', - config_file_path => 'object-server.conf', - pipeline => ['healthcheck', 'recon', 'object-server'], - log_facility => 'LOG_LOCAL6', - } - - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - create_resources("swift::storage::${fstype}", $device_config_hash) - ensure_resource('cloud::object::set_io_scheduler', keys($device_config_hash)) - - @@ring_container_device { "${storage_eth}:${container_port}/${ring_container_device}": - zone => $swift_zone, - weight => '100.0', - } - @@ring_account_device { "${storage_eth}:${account_port}/${ring_account_device}": - zone => $swift_zone, - weight => '100.0', - } - $object_urls = prefix(keys($device_config_hash), "${storage_eth}:${object_port}/") - @@ring_object_device {$object_urls: - zone => $swift_zone, - weight => '100.0', - } - - Swift::Ringsync<<| |>> -> - Swift::Storage::Server[$container_port] -> - Swift::Storage::Server[$account_port] -> - Swift::Storage::Server[$object_port] - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow swift-container access': - port => $container_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift-account access': - port => $account_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift-object access': - port => $object_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift rsync access': - port => '873', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/object/tweaking.pp b/manifests/object/tweaking.pp deleted file mode 100644 index ff5e552b..00000000 --- a/manifests/object/tweaking.pp +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Swift tweaking -# -class cloud::object::tweaking { - kmod::load { 'ip_conntrack': } - - $swift_tuning = { - 'net.ipv4.tcp_tw_recycle' => { value => 1 }, - 'net.ipv4.tcp_tw_reuse' => { value => 1 }, - 'net.ipv4.tcp_syncookies' => { value => 0 }, - 'net.ipv4.ip_local_port_range' => { value => "10000\t65000" }, - 'net.core.netdev_max_backlog' => { value => 300000 }, - 'net.ipv4.tcp_sack' => { value => 0 }, - } - - case $::osfamily { - 'Debian' : { - $debian_swift_tuning = { - 'net.ipv4.netfilter.ip_conntrack_max' => { value => 524288 }, - 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait' => { value => 2 }, - 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait' => { value => 2 }, - } - $swift_tuning_real = merge($swift_tuning, $debian_swift_tuning) - } - default : { - $redhat_swift_tuning = { - 'net.netfilter.nf_conntrack_max' => { value => 524288 }, - 'net.netfilter.nf_conntrack_tcp_timeout_time_wait' => { value => 2 }, - 'net.netfilter.nf_conntrack_tcp_timeout_close_wait' => { value => 2 }, - } - $swift_tuning_real = merge($swift_tuning, $redhat_swift_tuning) - } - } - - $require = { - require => Kmod::Load['ip_conntrack'] - } - - create_resources(sysctl::value,$swift_tuning_real,$require) - - file { '/var/log/swift': - ensure => directory, - owner => swift, - group => swift, - } - - logrotate::rule { 'swift': - path => '/var/log/swift/*.log', - rotate => 7, - rotate_every => 'day', - missingok => true, - ifempty => false, - compress => true, - delaycompress => true, - } -} diff --git a/manifests/orchestration.pp b/manifests/orchestration.pp deleted file mode 100644 index e19f71d4..00000000 --- a/manifests/orchestration.pp +++ /dev/null @@ -1,177 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::orchestration -# -# Orchestration common node -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*heat_db_host*] -# (optional) Hostname or IP address to connect to heat database -# Defaults to '127.0.0.1' -# -# [*heat_db_user*] -# (optional) Username to connect to heat database -# Defaults to 'heat' -# -# [*heat_db_password*] -# (optional) Password to connect to heat database -# Defaults to 'heatpassword' -# -# [*heat_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to heat queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*os_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::orchestration( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = '35357', - $ks_keystone_admin_proto = 'http', - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_password = 'heatpassword', - $heat_db_host = '127.0.0.1', - $heat_db_user = 'heat', - $heat_db_password = 'heatpassword', - $heat_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $verbose = true, - $debug = true, - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $os_endpoint_type = 'publicURL' -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - heat_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/heat' - } - - $encoded_user = uriescape($heat_db_user) - $encoded_password = uriescape($heat_db_password) - - class { 'heat': - keystone_host => $ks_keystone_admin_host, - keystone_port => $ks_keystone_admin_port, - keystone_protocol => $ks_keystone_admin_proto, - keystone_password => $ks_heat_password, - auth_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - keystone_ec2_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0/ec2tokens", - database_connection => "mysql://${encoded_user}:${encoded_password}@${heat_db_host}/heat?charset=utf8", - database_idle_timeout => $heat_db_idle_timeout, - mysql_module => '2.2', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'heat', - verbose => $verbose, - debug => $debug, - log_facility => $log_facility, - use_syslog => $use_syslog, - log_dir => $log_dir, - } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Heat DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'heat_db_sync': - command => 'heat-manage --config-file /etc/heat/heat.conf db_sync', - path => '/usr/bin', - user => 'heat', - unless => "/usr/bin/mysql heat -h ${heat_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - - heat_config { - 'clients/endpoint_type': value => $os_endpoint_type; - } -} diff --git a/manifests/orchestration/api.pp b/manifests/orchestration/api.pp deleted file mode 100644 index 31df0154..00000000 --- a/manifests/orchestration/api.pp +++ /dev/null @@ -1,115 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::api -# -# Orchestration APIs node -# -# === Parameters: -# -# [*ks_heat_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_heat_cfn_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*api_eth*] -# (optional) Which interface we bind the Heat server. -# Defaults to '127.0.0.1' -# -# [*workers*] -# (optional) The number of Heat API workers -# Defaults to $::processorcount -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::orchestration::api( - $ks_heat_internal_port = 8004, - $ks_heat_cfn_internal_port = 8000, - $ks_heat_cloudwatch_internal_port = 8003, - $api_eth = '127.0.0.1', - $workers = $::processorcount, - $firewall_settings = {}, -) { - - include 'cloud::orchestration' - - class { 'heat::api': - bind_host => $api_eth, - bind_port => $ks_heat_internal_port, - workers => $workers - } - - class { 'heat::api_cfn': - bind_host => $api_eth, - bind_port => $ks_heat_cfn_internal_port, - workers => $workers - } - - class { 'heat::api_cloudwatch': - bind_host => $api_eth, - bind_port => $ks_heat_cloudwatch_internal_port, - workers => $workers - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow heat-api access': - port => $ks_heat_internal_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow heat-cfn access': - port => $ks_heat_cfn_internal_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow heat-cloudwatch access': - port => $ks_heat_cloudwatch_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-heat_api": - listening_service => 'heat_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-heat_cfn_api": - listening_service => 'heat_cfn_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_cfn_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-heat_cloudwatch_api": - listening_service => 'heat_cloudwatch_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_cloudwatch_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/orchestration/engine.pp b/manifests/orchestration/engine.pp deleted file mode 100644 index 6420cbd9..00000000 --- a/manifests/orchestration/engine.pp +++ /dev/null @@ -1,75 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::orchestration::engine -# -# Orchestration engine node -# -# === Parameters: -# -# [*enabled*] -# (optional) State of the orchestration engine service. -# Defaults to true -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*auth_encryption_key*] -# (optional) Encryption key used for authentication info in database -# Defaults to 'secrete' -# -class cloud::orchestration::engine( - $enabled = true, - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_password = 'heatpassword', - $ks_heat_cfn_public_port = 8000, - $ks_heat_cloudwatch_public_port = 8003, - $auth_encryption_key = 'secrete' -) { - - include 'cloud::orchestration' - - class { 'heat::engine': - enabled => $enabled, - auth_encryption_key => $auth_encryption_key, - heat_metadata_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cfn_public_port}", - heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cfn_public_port}/v1/waitcondition", - heat_watch_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cloudwatch_public_port}", - # TODO (EmilienM): Need to be updated in Juno - # The default deferred_auth_method of password is deprecated as of Icehouse, so although it is still the default, deployers are - # strongly encouraged to move to using deferred_auth_method=trusts, which is planned to become the default for Juno. - # 'trusts' requires Keystone API v3 enabled, otherwise we have to use 'password'. - deferred_auth_method => 'password', - } - -} diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index 5785c0d0..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,77 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::params -# -# Configure set of default parameters -# -class cloud::params { - - # cloud::logging::agent - $logging_agent_logrotate_rule = { - 'td-agent' => { - 'path' => '/var/log/td-agent/td-agent.log', - 'rotate' => 30, - 'compress' => true, - 'delaycompress' => true, - 'ifempty' => false, - 'create' => true, - 'create_mode' => '640', - 'create_owner' => 'td-agent', - 'create_group' => 'td-agent', - 'sharedscripts' => true, - 'postrotate' => ['pid=/var/run/td-agent/td-agent.pid', 'test -s $pid && kill -USR1 "$(cat $pid)"'], - } - } - - $puppetmaster_service_name = 'puppetmaster' - - case $::osfamily { - 'RedHat': { - # Specific to Red Hat - $start_haproxy_service = '"/usr/bin/systemctl start haproxy"' - $horizon_auth_url = 'dashboard' - $libvirt_service_name = 'libvirtd' - $keepalived_name_is_process = false - $keepalived_vrrp_script = 'systemctl status haproxy.service' - $puppetmaster_package_name = 'puppet-server' - $redis_service_name = 'redis' - $service_provider = 'systemd' - } # RedHat - 'Debian': { - # Specific to Debian / Ubuntu - $start_haproxy_service = '"/etc/init.d/haproxy start"' - $horizon_auth_url = 'horizon' - $keepalived_name_is_process = true - $keepalived_vrrp_script = undef - $puppetmaster_package_name = 'puppetmaster' - $redis_service_name = 'redis-server' - case $::operatingsystem { - 'Ubuntu': { - $libvirt_service_name = 'libvirt-bin' - $service_provider = 'upstart' - } - default: { - $libvirt_service_name = 'libvirtd' - $service_provider = 'lsb' - } - } - } # Debian - default: { - fail("Unsupported osfamily (${::osfamily})") - } - } - -} diff --git a/manifests/selinux.pp b/manifests/selinux.pp deleted file mode 100644 index 123d4662..00000000 --- a/manifests/selinux.pp +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::selinux -# -# Helper class to configure SELinux on nodes -# -# === Parameters: -# -# [*mode*] -# (optional) SELinux mode the system should be in -# Defaults to 'permissive' -# Possible values : disabled, permissive, enforcing -# -# [*directory*] -# (optional) Path where to find the SELinux modules -# Defaults to '/usr/share/selinux' -# -# [*booleans*] -# (optional) Set of booleans to persistently enables -# SELinux booleans are the one getsebool -a returns -# Defaults [] -# Example: ['rsync_full_access', 'haproxy_connect_any'] -# -# [*modules*] -# (optional) Set of modules to load on the system -# Defaults [] -# Example: ['module1', 'module2'] -# Note: Those module should be in the $directory path -# -class cloud::selinux ( - $mode = 'permissive', - $directory = '/usr/share/selinux/', - $booleans = [], - $modules = [], -) { - - if $::osfamily != 'RedHat' { - fail("OS family unsuppored yet (${::osfamily}), SELinux support is only limited to RedHat family OS") - } - - Selboolean { - persistent => true, - value => 'on', - } - - Selmodule { - ensure => present, - selmoduledir => $directory, - } - - file { '/etc/selinux/config': - ensure => present, - mode => '0444', - content => template('cloud/selinux/sysconfig_selinux.erb') - } - - $current_mode = $::selinux? { - 'false' => 'disabled', - false => 'disabled', - default => $::selinux_current_mode, - } - - if $current_mode != $mode { - case $mode { - /^(disabled|permissive)$/: { - if $current_mode == 'enforcing' { - exec { 'setenforce 0': } - } - } - 'enforcing': { - exec { 'setenforce 1': } - } - default: { - fail('You must specify a mode (enforcing, permissive, or disabled)') - } - } - } - - selboolean { $booleans : - persistent => true, - } - selmodule { $modules: } - -} - diff --git a/manifests/storage/rbd.pp b/manifests/storage/rbd.pp deleted file mode 100644 index 48ce025d..00000000 --- a/manifests/storage/rbd.pp +++ /dev/null @@ -1,49 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd -# -# === Parameters: -# -# [*fsid*] The cluster's fsid. -# Mandatory. Get one with `uuidgen -r`. -# -# [*cluster_network*] -# (optional) The cluster internal network -# Defaults to '127.0.0.1/24' -# -# [*public_network*] -# (optional) The cluster public (where clients are) network -# Defaults to '127.0.0.1/24' -# -class cloud::storage::rbd ( - $fsid = undef, - $cluster_network = '127.0.0.1/24', - $public_network = '127.0.0.1/24' -) { - - class { 'ceph::conf': - fsid => $fsid, - auth_type => 'cephx', - cluster_network => $cluster_network, - public_network => $public_network, - enable_service => true - } - - Exec { - path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin' - } - -} diff --git a/manifests/storage/rbd/key.pp b/manifests/storage/rbd/key.pp deleted file mode 100644 index 9fe8a19c..00000000 --- a/manifests/storage/rbd/key.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::key -# -# === Parameters: -# -# [*enabled*] -# (optional) Configure or not the ceph admin keyring -# Defaults to true -# -class cloud::storage::rbd::key ( - $enabled = false -) { - - if $enabled { - if !empty($::ceph_admin_key) { - @@ceph::key { 'admin': - secret => $::ceph_admin_key, - keyring_path => '/etc/ceph/keyring', - } - } - } - -} diff --git a/manifests/storage/rbd/monitor.pp b/manifests/storage/rbd/monitor.pp deleted file mode 100644 index 5bf7e1cb..00000000 --- a/manifests/storage/rbd/monitor.pp +++ /dev/null @@ -1,61 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::monitor -# -# Ceph monitor -# -# === Parameters: -# -# [*id*] -# (optional) Then uuid of the cluster -# Defaults to $::uniqueid -# -# [*mon_addr*] -# (optional) Which interface we bind the Ceph monitor -# Defaults to '127.0.0.1' -# -# [*monitor_secret*]] -# (optional) Password of the Ceph monitor -# Defaults to 'cephsecret' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::storage::rbd::monitor ( - $id = $::uniqueid, - $mon_addr = '127.0.0.1', - $monitor_secret = 'cephmonsecret', - $firewall_settings = {}, -) { - - include 'cloud::storage::rbd' - - ceph::mon { $id: - monitor_secret => $monitor_secret, - mon_port => 6789, - mon_addr => $mon_addr, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceph-mon access': - port => '6789', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/storage/rbd/osd.pp b/manifests/storage/rbd/osd.pp deleted file mode 100644 index 474878b2..00000000 --- a/manifests/storage/rbd/osd.pp +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::osd -# -# Ceph OSD -# -# === Parameters: -# -# [*public_address*] -# (optional) Which interface we bind the Ceph OSD -# Defaults to '127.0.0.1' -# -# [*cluster_address*] -# (optional) Which interface we bind internal the Ceph OSD -# Defaults to '127.0.0.1' -# -# [*devices*]] -# (optional) An array of device, should be full-qualified or short. -# Defaults to ['sdb','/dev/sdc'] -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::storage::rbd::osd ( - $public_address = '127.0.0.1', - $cluster_address = '127.0.0.1', - $devices = ['sdb','/dev/sdc'], - $firewall_settings = {}, -) { - - include 'cloud::storage::rbd' - - class { 'ceph::osd' : - public_address => $public_address, - cluster_address => $cluster_address, - } - - if is_array($devices) { - if '/dev/' in $devices { - ceph::osd::device { $devices: } - } - else { - $osd_ceph = prefix($devices,'/dev/') - ceph::osd::device { $osd_ceph: } - } - } - elsif is_hash($devices) { - create_resources('ceph::osd::device', $devices) - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceph-osd access': - port => '6800-6810', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp deleted file mode 100644 index 2a99da4a..00000000 --- a/manifests/storage/rbd/pools.pp +++ /dev/null @@ -1,153 +0,0 @@ -# -# Copyright (C) 2013 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::pools -# -# Configure Ceph RBD pools (images,volumes,backup,nova) -# -# === Parameters: -# -# [*setup_pools*] -# (optional) Create or not Ceph pools -# Defaults to false -# -# [*glance_rbd_pool*] -# (optional) Name of the Ceph pool which which store the glance images -# Defaults to 'images' -# -# [*glance_rbd_user*] -# (optional) User name used to acces to the glance rbd pool -# Defaults to 'glance' -# -# [*ceph_fsid*] The cluster's fsid. -# Mandatory. Get one with `uuidgen -r`. -# -# [*cinder_backup_pool*] -# (optional) Name of the Ceph pool which which store the cinder backups -# Defaults to 'volumes' -# -# [*cinder_backup_user*] -# (optional) User name used to acces to the backup rbd pool -# Defaults to 'cinder' -# -# [*cinder_rbd_pool*] -# (optional) Name of the Ceph pool which which store the cinder images -# Defaults to 'volumes' -# -# [*cinder_rbd_user*] -# (optional) User name used to acces to the cinder rbd pool -# Defaults to 'cinder' -# -# [*nova_rbd_pool*] -# (optional) The RADOS pool in which rbd volumes are stored. -# Defaults to 'vms' -# -class cloud::storage::rbd::pools( - $setup_pools = false, - $glance_rbd_user = 'glance', - $glance_rbd_pool = 'images', - $cinder_rbd_user = 'cinder', - $cinder_rbd_pool = 'volumes', - $nova_rbd_pool = 'vms', - $cinder_backup_user = 'cinder', - $cinder_backup_pool = 'cinder_backup', - $ceph_fsid = undef -) { - - if $setup_pools { - if !empty($::ceph_admin_key) { - - exec { "create_${glance_rbd_pool}_pool": - command => "rados mkpool ${glance_rbd_pool}", - unless => "rados lspools | grep -sq ${glance_rbd_pool}", - } - - exec { "create_${glance_rbd_pool}_user_and_key": - command => "ceph auth get-or-create client.${glance_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${glance_rbd_pool}'", - unless => "ceph auth list 2> /dev/null | egrep -sq '^client.${glance_rbd_user}$'", - require => Exec["create_${glance_rbd_pool}_pool"]; - } - - exec { "create_${cinder_rbd_pool}_pool": - command => "rados mkpool ${cinder_rbd_pool}", - unless => "/usr/bin/rados lspools | grep -sq ${cinder_rbd_pool}", - } - - exec { "create_${cinder_rbd_pool}_user_and_key": - # TODO: point PG num with a cluster variable - command => "ceph auth get-or-create client.${cinder_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=${glance_rbd_pool}, allow rwx pool=${cinder_rbd_pool}, allow rwx pool=${nova_rbd_pool}'", - unless => "ceph auth list 2> /dev/null | egrep -sq '^client.${cinder_rbd_user}$'", - require => Exec["create_${cinder_rbd_pool}_pool"]; - } - - # Note(EmilienM): We use the same keyring for Nova and Cinder. - exec { "create_${nova_rbd_pool}_pool": - command => "rados mkpool ${nova_rbd_pool}", - unless => "/usr/bin/rados lspools | grep -sq ${nova_rbd_pool}", - } - - if $::ceph_keyring_glance { - # NOTE(fc): Puppet needs to run a second time to enter this - @@ceph::key { $glance_rbd_user: - secret => $::ceph_keyring_glance, - keyring_path => "/etc/ceph/ceph.client.${glance_rbd_user}.keyring" - } - Ceph::Key <<| title == $glance_rbd_user |>> - } - - if $::ceph_keyring_cinder { - # NOTE(fc): Puppet needs to run a second time to enter this - @@ceph::key { $cinder_rbd_user: - secret => $::ceph_keyring_cinder, - keyring_path => "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring" - } - Ceph::Key <<| title == $cinder_rbd_user |>> - } - - $clients = [$glance_rbd_user, $cinder_rbd_user] - @@concat::fragment { 'ceph-clients-os': - target => '/etc/ceph/ceph.conf', - order => '95', - content => template('cloud/storage/ceph/ceph-client.conf.erb') - } - - @@file { '/etc/ceph/secret.xml': - content => template('cloud/storage/ceph/secret-compute.xml.erb'), - tag => 'ceph_compute_secret_file', - } - - if $::osfamily == 'RedHat' { - $libvirt_package_name = 'libvirt' - } else { - $libvirt_package_name = 'libvirt-bin' - } - - @@exec { 'get_or_set_virsh_secret': - command => 'virsh secret-define --file /etc/ceph/secret.xml', - unless => "virsh secret-list | tail -n +3 | cut -f1 -d' ' | grep -sq ${ceph_fsid}", - tag => 'ceph_compute_get_secret', - require => [Package[$libvirt_package_name],File['/etc/ceph/secret.xml']], - notify => Exec['set_secret_value_virsh'], - } - - @@exec { 'set_secret_value_virsh': - command => "virsh secret-set-value --secret ${ceph_fsid} --base64 ${::ceph_keyring_cinder}", - tag => 'ceph_compute_set_secret', - refreshonly => true, - } - - } # !empty($::ceph_admin_key) - } # if setup pools -} # class diff --git a/manifests/telemetry.pp b/manifests/telemetry.pp deleted file mode 100644 index 7048f740..00000000 --- a/manifests/telemetry.pp +++ /dev/null @@ -1,134 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::telemetry -# -# Common telemetry class, used by Controller, Storage, -# Network and Compute nodes -# -# === Parameters: -# -# [*ceilometer_secret*] -# Secret key for signing messages. -# Defaults to 'ceilometersecret' -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_public_host*] -# (optional) Public Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*region*] -# (optional) the keystone region of this node -# Defaults to 'RegionOne' -# -# [*os_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::telemetry( - $ceilometer_secret = 'ceilometersecret', - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword' , - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $ks_ceilometer_password = 'ceilometerpassword', - $region = 'RegionOne', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $os_endpoint_type = 'publicURL' -){ - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - ceilometer_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/ceilometer' - } - - class { 'ceilometer': - metering_secret => $ceilometer_secret, - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'ceilometer', - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - use_syslog => $use_syslog, - log_facility => $log_facility - } - - ceilometer_config { - 'service_credentials/os_endpoint_type': value => $os_endpoint_type; - } - - class { 'ceilometer::agent::auth': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - auth_password => $ks_ceilometer_password, - auth_region => $region - } - -} diff --git a/manifests/telemetry/alarmevaluator.pp b/manifests/telemetry/alarmevaluator.pp deleted file mode 100644 index 9f435f75..00000000 --- a/manifests/telemetry/alarmevaluator.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Alarm Evaluator nodes -# -class cloud::telemetry::alarmevaluator( -){ - - include 'cloud::telemetry' - - class { 'ceilometer::alarm::evaluator': } - -} diff --git a/manifests/telemetry/alarmnotifier.pp b/manifests/telemetry/alarmnotifier.pp deleted file mode 100644 index 59bcd6e1..00000000 --- a/manifests/telemetry/alarmnotifier.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Alarm Notifier nodes -# -class cloud::telemetry::alarmnotifier( -){ - - include 'cloud::telemetry' - - class { 'ceilometer::alarm::notifier': } - -} diff --git a/manifests/telemetry/api.pp b/manifests/telemetry/api.pp deleted file mode 100644 index 7963918a..00000000 --- a/manifests/telemetry/api.pp +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::telemetry::api -# -# Telemetry API nodes -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*ks_ceilometer_internal_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*api_eth*] -# (optional) Which interface we bind the Ceilometer API server. -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::telemetry::api( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_ceilometer_internal_port = '8777', - $ks_ceilometer_password = 'ceilometerpassword', - $api_eth = '127.0.0.1', - $firewall_settings = {}, -){ - - include 'cloud::telemetry' - - class { 'ceilometer::api': - keystone_password => $ks_ceilometer_password, - keystone_host => $ks_keystone_internal_host, - keystone_protocol => $ks_keystone_internal_proto, - host => $api_eth - } - -# Configure TTL for samples -# Purge datas older than one month -# Run the script once a day but with a random time to avoid -# issues with MongoDB access - class { 'ceilometer::expirer': - time_to_live => '2592000', - minute => '0', - hour => '0', - } - - Cron <<| title == 'ceilometer-expirer' |>> { command => "sleep $((\$RANDOM % 86400)) && ${::ceilometer::params::expirer_command}" } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceilometer-api access': - port => $ks_ceilometer_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-ceilometer_api": - listening_service => 'ceilometer_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_ceilometer_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/telemetry/centralagent.pp b/manifests/telemetry/centralagent.pp deleted file mode 100644 index bd39b83c..00000000 --- a/manifests/telemetry/centralagent.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::telemetry::centralagent -# -# Telemetry Central Agent node -# -class cloud::telemetry::centralagent{ - - include 'cloud::telemetry' - include 'ceilometer::agent::central' - -} diff --git a/manifests/telemetry/collector.pp b/manifests/telemetry/collector.pp deleted file mode 100644 index e6cc354a..00000000 --- a/manifests/telemetry/collector.pp +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::telemetry::collector -# -# Telemetry Collector nodes -# -# === Parameters: -# -# [*mongo_nodes*] -# (optional) An array of mongo db nodes -# Defaults to ['127.0.0.1:27017'] -# -# [*replicaset_enabled*] -# (optional) Enable or not mongo replicat (using ceilometer name) -# Defaults to true -# -class cloud::telemetry::collector( - $mongo_nodes = ['127.0.0.1:27017'], - $replicaset_enabled = true, -){ - - include 'cloud::telemetry' - - $s_mongo_nodes = join($mongo_nodes, ',') - - if $replicaset_enabled { - $db_conn = "mongodb://${s_mongo_nodes}/ceilometer?replicaSet=ceilometer" - } else { - $db_conn = "mongodb://${s_mongo_nodes}/ceilometer" - } - - mongodb_conn_validator { $mongo_nodes: - before => Class['ceilometer::db'] - } - - class { 'ceilometer::db': - database_connection => $db_conn, - sync_db => true, - } - class { 'ceilometer::collector': } - -} diff --git a/manifests/telemetry/notification.pp b/manifests/telemetry/notification.pp deleted file mode 100644 index e6281d47..00000000 --- a/manifests/telemetry/notification.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Notifications nodes -# -class cloud::telemetry::notification { - - include 'cloud::telemetry' - - class { 'ceilometer::agent::notification': } - -} diff --git a/manifests/volume.pp b/manifests/volume.pp deleted file mode 100644 index 72bd2911..00000000 --- a/manifests/volume.pp +++ /dev/null @@ -1,138 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::volume -# -# Common class for volume nodes -# -# === Parameters: -# -# [*cinder_db_host*] -# (optional) Cinder database host -# Defaults to '127.0.0.1' -# -# [*cinder_db_user*] -# (optional) Cinder database user -# Defaults to 'cinder' -# -# [*cinder_db_password*] -# (optional) Cinder database password -# Defaults to 'cinderpassword' -# -# [*cinder_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to cinder queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*storage_availability_zone*] -# (optional) The storage availability zone -# Defaults to 'nova' -# -# [*nova_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::volume( - $cinder_db_host = '127.0.0.1', - $cinder_db_user = 'cinder', - $cinder_db_password = 'cinderpassword', - $cinder_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $storage_availability_zone = 'nova', - $use_syslog = true, - $nova_endpoint_type = 'publicURL' -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - cinder_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/cinder' - } - - $encoded_user = uriescape($cinder_db_user) - $encoded_password = uriescape($cinder_db_password) - - - class { 'cinder': - database_connection => "mysql://${encoded_user}:${encoded_password}@${cinder_db_host}/cinder?charset=utf8", - database_idle_timeout => $cinder_db_idle_timeout, - mysql_module => '2.2', - rabbit_userid => 'cinder', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_virtual_host => '/', - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - storage_availability_zone => $storage_availability_zone - } - - cinder_config { - 'DEFAULT/nova_catalog_info': value => "compute:nova:${nova_endpoint_type}"; - } - - class { 'cinder::ceilometer': } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Cinder DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'cinder_db_sync': - command => 'cinder-manage db sync', - path => '/usr/bin', - user => 'cinder', - unless => "/usr/bin/mysql cinder -h ${cinder_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - -} diff --git a/manifests/volume/api.pp b/manifests/volume/api.pp deleted file mode 100644 index 41e9f03b..00000000 --- a/manifests/volume/api.pp +++ /dev/null @@ -1,113 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::volume::api -# -# Volume API node -# -# === Parameters: -# -# [*default_volume_type*] -# (required) default volume type to use. -# This should contain the name of the default volume type to use. -# If not configured, it produces an error when creating a volume -# without specifying a type. -# -# [*ks_cinder_internal_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'cinderpassword' -# -# [*ks_glance_api_internal_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*api_eth*] -# (optional) Which interface we bind the Cinder API server. -# Defaults to '127.0.0.1' -# -# [*ks_glance_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::volume::api( - $default_volume_type, - $ks_cinder_internal_port = 8776, - $ks_cinder_password = 'cinderpassword', - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_api_internal_port = 9292, - $api_eth = '127.0.0.1', - $ks_glance_internal_proto = 'http', - $firewall_settings = {}, -) { - - include 'cloud::volume' - - if ! $default_volume_type { - fail('default_volume_type should be defined when running Cinder Multi-Backend.') - } - - class { 'cinder::api': - keystone_password => $ks_cinder_password, - keystone_auth_host => $ks_keystone_internal_host, - keystone_auth_protocol => $ks_keystone_internal_proto, - bind_host => $api_eth, - default_volume_type => $default_volume_type - } - - class { 'cinder::glance': - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${ks_glance_api_internal_port}", - glance_request_timeout => '10', - glance_num_retries => '10' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow cinder-api access': - port => $ks_cinder_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-cinder_api": - listening_service => 'cinder_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_cinder_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/volume/backend/emc_vnx.pp b/manifests/volume/backend/emc_vnx.pp deleted file mode 100644 index 4251d897..00000000 --- a/manifests/volume/backend/emc_vnx.pp +++ /dev/null @@ -1,71 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure EMC VNX backend for Cinder -# -# -# === Parameters -# -# [*volume_backend_name*] -# (optional) Allows for the volume_backend_name to be separate of $name. -# Defaults to: $name -# -# [*san_ip*] -# (required) IP address of SAN controller. -# -# [*san_password*] -# (required) Password of SAN controller. -# -# [*san_login*] -# (optional) Login of SAN controller. -# Defaults to : 'admin' -# -# [*storage_vnx_pool_name*] -# (required) Storage pool name. -# -# [*default_timeout*] -# (optional) Default timeout for CLI operations in minutes. -# Defaults to: '10' -# -# [*max_luns_per_storage_group*] -# (optional) Default max number of LUNs in a storage group. -# Defaults to: '256' -# -define cloud::volume::backend::emc_vnx ( - $iscsi_ip_address, - $san_ip, - $san_password, - $storage_vnx_pool_name, - $default_timeout = '10', - $max_luns_per_storage_group = '256', - $san_login = 'admin', - $volume_backend_name = $name, -) { - cinder::backend::emc_vnx { $name: - default_timeout => $default_timeout, - iscsi_ip_address => $iscsi_ip_address, - max_luns_per_storage_group => $max_luns_per_storage_group, - san_ip => $san_ip, - san_login => $san_login, - san_password => $san_password, - storage_vnx_pool_name => $storage_vnx_pool_name, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/eqlx.pp b/manifests/volume/backend/eqlx.pp deleted file mode 100644 index 39694708..00000000 --- a/manifests/volume/backend/eqlx.pp +++ /dev/null @@ -1,100 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure Dell EqualLogic backend for Cinder -# -# -# === Parameters -# -# [*san_ip*] -# (required) The IP address of the Dell EqualLogic array. -# -# [*san_login*] -# (required) The account to use for issuing SSH commands. -# -# [*san_password*] -# (required) The password for the specified SSH account. -# -# [*san_thin_provision*] -# (optional) Whether or not to use thin provisioning for volumes. -# Defaults to true -# -# [*volume_backend_name*] -# (optional) The backend name. -# Defaults to the name of the resource -# -# [*eqlx_group_name*] -# (optional) The CLI prompt message without '>'. -# Defaults to 'group-0' -# -# [*eqlx_pool*] -# (optional) The pool in which volumes will be created. -# Defaults to 'default' -# -# [*eqlx_use_chap*] -# (optional) Use CHAP authentification for targets? -# Defaults to false -# -# [*eqlx_chap_login*] -# (optional) An existing CHAP account name. -# Defaults to 'chapadmin' -# -# [*eqlx_chap_password*] -# (optional) The password for the specified CHAP account name. -# Defaults to '12345' -# -# [*eqlx_cli_timeout*] -# (optional) The timeout for the Group Manager cli command execution. -# Defaults to 30 seconds -# -# [*eqlx_cli_max_retries*] -# (optional) The maximum retry count for reconnection. -# Defaults to 5 -# -define cloud::volume::backend::eqlx ( - $san_ip, - $san_login, - $san_password, - $san_thin_provision = true, - $volume_backend_name = $name, - $eqlx_group_name = 'group-0', - $eqlx_pool = 'default', - $eqlx_use_chap = false, - $eqlx_chap_login = 'chapadmin', - $eqlx_chap_password = '12345', - $eqlx_cli_timeout = 30, - $eqlx_cli_max_retries = 5, -) { - - cinder::backend::eqlx { $name: - san_ip => $san_ip, - san_login => $san_login, - san_password => $san_password, - san_thin_provision => $san_thin_provision, - eqlx_group_name => $eqlx_group_name, - eqlx_pool => $eqlx_pool, - eqlx_use_chap => $eqlx_use_chap, - eqlx_chap_login => $eqlx_chap_login, - eqlx_chap_password => $eqlx_chap_password, - eqlx_cli_timeout => $eqlx_cli_timeout, - eqlx_cli_max_retries => $eqlx_cli_max_retries, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/glusterfs.pp b/manifests/volume/backend/glusterfs.pp deleted file mode 100644 index 9bdfa8b9..00000000 --- a/manifests/volume/backend/glusterfs.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure GlusterFS backend for Cinder -# -# === Parameters -# -# [*glusterfs_shares*] -# (required) An array of GlusterFS volume locations. -# Must be an array even if there is only one volume. -# -# [*volume_backend_name*] -# (optional) Allows for the volume_backend_name to be separate of $name. -# Defaults to: $name -# -# [*glusterfs_sparsed_volumes*] -# (optional) Whether or not to use sparse (thin) volumes. -# Defaults to undef which uses the driver's default of "true". -# -# [*glusterfs_mount_point_base*] -# (optional) Where to mount the Gluster volumes. -# Defaults to undef which uses the driver's default of "$state_path/mnt". -# -# [*glusterfs_shares_config*] -# (optional) The config file to store the given $glusterfs_shares. -# Defaults to '/etc/cinder/shares.conf' -# -define cloud::volume::backend::glusterfs ( - $glusterfs_shares, - $volume_backend_name = $name, - $glusterfs_sparsed_volumes = undef, - $glusterfs_mount_point_base = undef, - $glusterfs_shares_config = '/etc/cinder/shares.conf' -) { - - cinder::backend::glusterfs { $name: - glusterfs_shares => $glusterfs_shares, - glusterfs_sparsed_volumes => $glusterfs_sparsed_volumes, - glusterfs_mount_point_base => $glusterfs_mount_point_base, - glusterfs_shares_config => $glusterfs_shares_config, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/iscsi.pp b/manifests/volume/backend/iscsi.pp deleted file mode 100644 index 9e8da91d..00000000 --- a/manifests/volume/backend/iscsi.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure iSCSI backend for Cinder -# -# -# === Parameters -# -# [*iscsi_ip_address*] -# (required) IP address of iSCSI target. -# -# [*volume_group*] -# (optional) Cinder volume group name. -# Defaults to 'cinder-volumes'. -# -define cloud::volume::backend::iscsi ( - $iscsi_ip_address, - $volume_group = 'cinder-volumes', - $volume_backend_name = $name, -) { - - - cinder::backend::iscsi { $name: - iscsi_ip_address => $iscsi_ip_address, - volume_group => $volume_group, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/netapp.pp b/manifests/volume/backend/netapp.pp deleted file mode 100644 index 83cbec5f..00000000 --- a/manifests/volume/backend/netapp.pp +++ /dev/null @@ -1,164 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure NetApp backend for Cinder -# -# -# === Parameters -# -# [*netapp_login*] -# (required) Administrative user account name used to access the storage -# system or proxy server. -# -# [*netapp_password*] -# (required) Password for the administrative user account specified in the -# netapp_login parameter. -# -# [*netapp_server_hostname*] -# (required) The hostname (or IP address) for the storage system or proxy -# server. -# -# [*netapp_server_port*] -# (optional) The TCP port to use for communication with ONTAPI on the -# storage system. Traditionally, port 80 is used for HTTP and port 443 is -# used for HTTPS; however, this value should be changed if an alternate -# port has been configured on the storage system or proxy server. -# Defaults to 80 -# -# [*netapp_size_multiplier*] -# (optional) The quantity to be multiplied by the requested volume size to -# ensure enough space is available on the virtual storage server (Vserver) to -# fulfill the volume creation request. -# Defaults to 1.2 -# -# [*netapp_storage_family*] -# (optional) The storage family type used on the storage system; valid values -# are ontap_7mode for using Data ONTAP operating in 7-Mode or ontap_cluster -# for using clustered Data ONTAP, or eseries for NetApp E-Series. -# Defaults to ontap_cluster -# -# [*netapp_storage_protocol*] -# (optional) The storage protocol to be used on the data path with the storage -# system; valid values are iscsi or nfs. -# Defaults to nfs -# -# [*netapp_transport_type*] -# (optional) The transport protocol used when communicating with ONTAPI on the -# storage system or proxy server. Valid values are http or https. -# Defaults to http -# -# [*netapp_vfiler*] -# (optional) The vFiler unit on which provisioning of block storage volumes -# will be done. This parameter is only used by the driver when connecting to -# an instance with a storage family of Data ONTAP operating in 7-Mode and the -# storage protocol selected is iSCSI. Only use this parameter when utilizing -# the MultiStore feature on the NetApp storage system. -# Defaults to '' -# -# [*netapp_volume_list*] -# (optional) This parameter is only utilized when the storage protocol is -# configured to use iSCSI. This parameter is used to restrict provisioning to -# the specified controller volumes. Specify the value of this parameter to be -# a comma separated list of NetApp controller volume names to be used for -# provisioning. -# Defaults to '' -# -# [*netapp_vserver*] -# (optional) This parameter specifies the virtual storage server (Vserver) -# name on the storage cluster on which provisioning of block storage volumes -# should occur. If using the NFS storage protocol, this parameter is mandatory -# for storage service catalog support (utilized by Cinder volume type -# extra_specs support). If this parameter is specified, the exports belonging -# to the Vserver will only be used for provisioning in the future. Block -# storage volumes on exports not belonging to the Vserver specified by -# this parameter will continue to function normally. -# Defaults to '' -# -# [*expiry_thres_minutes*] -# (optional) This parameter specifies the threshold for last access time for -# images in the NFS image cache. When a cache cleaning cycle begins, images -# in the cache that have not been accessed in the last M minutes, where M is -# the value of this parameter, will be deleted from the cache to create free -# space on the NFS share. -# Defaults to 720 -# -# [*thres_avl_size_perc_start*] -# (optional) If the percentage of available space for an NFS share has -# dropped below the value specified by this parameter, the NFS image cache -# will be cleaned. -# Defaults to 20 -# -# [*thres_avl_size_perc_stop*] -# (optional) When the percentage of available space on an NFS share has -# reached the percentage specified by this parameter, the driver will stop -# clearing files from the NFS image cache that have not been accessed in the -# last M minutes, where M is the value of the expiry_thres_minutes parameter. -# Defaults to 60 -# -# [*nfs_shares_config*] -# (optional) File with the list of available NFS shares -# Defaults to '' -# -# [*nfs_mount_options*] -# (optional) Mount options passed to the nfs client. See section -# of the nfs man page for details. -# Defaults to undef - -define cloud::volume::backend::netapp ( - $netapp_login, - $netapp_password, - $netapp_server_hostname, - $volume_backend_name = $name, - $netapp_server_port = '80', - $netapp_size_multiplier = '1.2', - $netapp_storage_family = 'ontap_cluster', - $netapp_storage_protocol = 'nfs', - $netapp_transport_type = 'http', - $netapp_vfiler = '', - $netapp_volume_list = '', - $netapp_vserver = '', - $expiry_thres_minutes = '720', - $thres_avl_size_perc_start = '20', - $thres_avl_size_perc_stop = '60', - $nfs_shares_config = '', - $nfs_mount_options = undef, -) { - - - cinder::backend::netapp { $name: - netapp_server_hostname => $netapp_server_hostname, - netapp_login => $netapp_login, - netapp_password => $netapp_password, - netapp_server_port => $netapp_server_port, - netapp_size_multiplier => $netapp_size_multiplier, - netapp_storage_family => $netapp_storage_family, - netapp_storage_protocol => $netapp_storage_protocol, - netapp_transport_type => $netapp_transport_type, - netapp_vfiler => $netapp_vfiler, - netapp_volume_list => $netapp_volume_list, - netapp_vserver => $netapp_vserver, - expiry_thres_minutes => $expiry_thres_minutes, - thres_avl_size_perc_start => $thres_avl_size_perc_start, - thres_avl_size_perc_stop => $thres_avl_size_perc_stop, - nfs_shares_config => $nfs_shares_config, - nfs_mount_options => $nfs_mount_options, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/nfs.pp b/manifests/volume/backend/nfs.pp deleted file mode 100644 index 0007dddd..00000000 --- a/manifests/volume/backend/nfs.pp +++ /dev/null @@ -1,87 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure NFS backend for Cinder -# -# -# === Parameters -# -# [*nfs_servers*] -# (required) Array of NFS servers in the form 'ipaddress:/share' -# -# [*nfs_mount_options*] -# (optional) Mount options passed to the nfs client. See section -# of the nfs man page for details. -# Defaults to undef -# -# [*nfs_disk_util*] -# (optional) Use du or df for free space calculation -# Defaults to undef -# -# [*nfs_sparsed_volumes*] -# (optional) Create volumes as sparsed files which take no space. -# If set to 'false' volume is created as regular file. -# In such case volume creation takes a lot of time. -# Defaults to undef -# -# [*nfs_mount_point_base*] -# (optional) Base dir containing mount points for nfs shares. -# Defaults to undef -# -# [*nfs_shares_config*] -# (optional) File with the list of available NFS shares. -# Defaults to '/etc/cinder/shares.conf' -# -# [*nfs_used_ratio*] -# (optional) Percent of ACTUAL usage of the underlying volume -# before no new volumes can be allocated to the volume destination. -# Defaults to 0.95 -# -# [*nfs_oversub_ratio*] -# (optional) This will compare the allocated to available space on -# the volume destination. If the ratio exceeds this number, the -# destination will no longer be valid. -# Defaults to 1.0 -# -define cloud::volume::backend::nfs( - $volume_backend_name = $name, - $nfs_servers = [], - $nfs_mount_options = undef, - $nfs_disk_util = undef, - $nfs_sparsed_volumes = undef, - $nfs_mount_point_base = undef, - $nfs_shares_config = '/etc/cinder/shares.conf', - $nfs_used_ratio = '0.95', - $nfs_oversub_ratio = '1.0', -) { - - cinder::backend::nfs { $name: - volume_backend_name => $volume_backend_name, - nfs_servers => $nfs_servers, - nfs_mount_options => $nfs_mount_options, - nfs_disk_util => $nfs_disk_util, - nfs_sparsed_volumes => $nfs_sparsed_volumes, - nfs_mount_point_base => $nfs_mount_point_base, - nfs_shares_config => $nfs_shares_config, - nfs_used_ratio => $nfs_used_ratio, - nfs_oversub_ratio => $nfs_oversub_ratio, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp deleted file mode 100644 index c6115003..00000000 --- a/manifests/volume/backend/rbd.pp +++ /dev/null @@ -1,101 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure RBD backend for Cinder -# -# -# === Parameters -# -# [*rbd_pool*] -# (required) Specifies the pool name for the block device driver. -# -# [*rbd_user*] -# (required) A required parameter to configure OS init scripts and cephx. -# -# [*volume_backend_name*] -# Allows for the volume_backend_name to be separate of $name. -# -# [*rbd_ceph_conf*] -# (optional) Path to the ceph configuration file to use -# Defaults to '/etc/ceph/ceph.conf' -# -# [*rbd_flatten_volume_from_snapshot*] -# (optional) Enable flatten volumes created from snapshots. -# Defaults to false -# -# [*rbd_secret_uuid*] -# (optional) A required parameter to use cephx. -# Defaults to false -# -# [*volume_tmp_dir*] -# (optional) Location to store temporary image files if the volume -# driver does not write them directly to the volume -# Defaults to false -# -# [*rbd_max_clone_depth*] -# (optional) Maximum number of nested clones that can be taken of a -# volume before enforcing a flatten prior to next clone. -# A value of zero disables cloning -# Defaults to '5' -# -define cloud::volume::backend::rbd ( - $rbd_pool, - $rbd_user, - $volume_backend_name = $name, - $rbd_ceph_conf = '/etc/ceph/ceph.conf', - $rbd_flatten_volume_from_snapshot = false, - $rbd_secret_uuid = false, - $rbd_max_clone_depth = '5', -) { - - cinder::backend::rbd { $volume_backend_name: - rbd_pool => $rbd_pool, - rbd_user => $rbd_user, - rbd_secret_uuid => $rbd_secret_uuid, - rbd_ceph_conf => $rbd_ceph_conf, - rbd_flatten_volume_from_snapshot => $rbd_flatten_volume_from_snapshot, - rbd_max_clone_depth => $rbd_max_clone_depth, - volume_tmp_dir => '/tmp' - } - - # If Cinder & Nova reside on the same node, we need a group - # where nova & cinder users have read permissions. - ensure_resource('group', 'cephkeyring', { - ensure => 'present' - }) - - ensure_resource ('exec','add-cinder-to-group', { - 'command' => 'usermod -a -G cephkeyring cinder', - 'path' => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - 'unless' => 'groups cinder | grep cephkeyring' - }) - - # Configure Ceph keyring - Ceph::Key <<| title == $rbd_user |>> - ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$rbd_user], - }) - - Concat::Fragment <<| title == 'ceph-client-os' |>> - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backup.pp b/manifests/volume/backup.pp deleted file mode 100644 index 26e70181..00000000 --- a/manifests/volume/backup.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Volume Backup node -# -# === Parameters -# -# [*backup_ceph_pool*] -# (optional) Name of the Ceph pool which which store the cinder backups -# Defaults to 'backup' -# -# [*backup_ceph_user*] -# (optional) User name used to acces to the backup rbd pool -# Defaults to 'cinder' -# -class cloud::volume::backup( - $backup_ceph_pool = 'backup', - $backup_ceph_user = 'cinder' -) { - - include 'cloud::volume' - - class { 'cinder::backup': } - - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - # class { 'cinder::backup::ceph': - # backup_ceph_user => $backup_ceph_user, - # backup_ceph_pool => $backup_ceph_pool - # } - -} diff --git a/manifests/volume/scheduler.pp b/manifests/volume/scheduler.pp deleted file mode 100644 index 79ba66a9..00000000 --- a/manifests/volume/scheduler.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Volume Scheduler node -# -class cloud::volume::scheduler{ - - include 'cloud::volume' - - class { 'cinder::scheduler': - scheduler_driver => 'cinder.scheduler.filter_scheduler.FilterScheduler' - } - -} diff --git a/manifests/volume/storage.pp b/manifests/volume/storage.pp deleted file mode 100644 index bc6b642b..00000000 --- a/manifests/volume/storage.pp +++ /dev/null @@ -1,167 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Volume storage -# -# === Parameters -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Default to '5000' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'secrete' -# -# [*cinder_backends*] -# (optionnal) Hash of the Cinder backends to enable -# Example: -# cinder_backends = { -# 'rbd' => { -# 'lowcost' => { 'rbd_pool' => 'slow', 'rbd_user' => 'cinder', 'rbd_secret_uuid' => '123' }, -# 'standard' => { 'rbd_pool' => 'normal', 'rbd_user' => 'cinder', 'rbd_secret_uuid' => '123' } -# }, -# 'netapp' => { -# 'premium' => { 'netapp_server_hostname' => 'netapp.host', 'netapp_login' => 'joe', 'netapp_password' => 'secret' } -# } -# } -# Defaults to undef -# -# [*cinder_rbd_pool*] -# (optional) Name of the Ceph pool which which store the cinder images -# Defaults to 'volumes' -# -# [*cinder_rbd_user*] -# (optional) User name used to acces to the cinder rbd pool -# Defaults to 'cinder' -# -# [*cinder_rbd_secret_uuid*] -# (optional) A required parameter to use cephx. -# Defaults to false -# -# [*cinder_rbd_conf*] -# (optional) Path to the ceph configuration file to use -# Defaults to '/etc/ceph/ceph.conf' -# -# [*cinder_rbd_flatten_volume_from_snapshot*] -# (optional) Enable flatten volumes created from snapshots. -# Defaults to false -# -# [*cinder_rbd_max_clone_depth*] -# (optional) Maximum number of nested clones that can be taken of a -# volume before enforcing a flatten prior to next clone. -# A value of zero disables cloning -# Defaults to '5' -# -class cloud::volume::storage( - $cinder_backends = undef, - $ks_keystone_internal_proto = 'http', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_host = '127.0.0.1', - $ks_cinder_password = 'secrete', - $cinder_rbd_pool = 'volumes', - $cinder_rbd_user = 'cinder', - $cinder_rbd_secret_uuid = undef, - $cinder_rbd_conf = '/etc/ceph/ceph.conf', - $cinder_rbd_flatten_volume_from_snapshot = false, - $cinder_rbd_max_clone_depth = '5', -) { - - include 'cloud::volume' - - include 'cinder::volume' - - if $cinder_backends { - - if has_key($cinder_backends, 'rbd') { - $rbd_backends = $cinder_backends['rbd'] - create_resources('cloud::volume::backend::rbd', $rbd_backends) - } - else { - $rbd_backends = { } - } - - if has_key($cinder_backends, 'netapp') { - $netapp_backends = $cinder_backends['netapp'] - create_resources('cloud::volume::backend::netapp', $netapp_backends) - } - else { - $netapp_backends = { } - } - - if has_key($cinder_backends, 'iscsi') { - $iscsi_backends = $cinder_backends['iscsi'] - create_resources('cloud::volume::backend::iscsi', $iscsi_backends) - } - else { - $iscsi_backends = { } - } - - if has_key($cinder_backends, 'emc_vnx') { - $emc_vnx_backends = $cinder_backends['emc_vnx'] - create_resources('cloud::volume::backend::emc_vnx', $emc_vnx_backends) - } - else { - $emc_vnx_backends = { } - } - - if has_key($cinder_backends, 'eqlx') { - $eqlx_backends = $cinder_backends['eqlx'] - create_resources('cloud::volume::backend::eqlx', $eqlx_backends) - } - else { - $eqlx_backends = { } - } - - if has_key($cinder_backends, 'glusterfs') { - $glusterfs_backends = $cinder_backends['glusterfs'] - create_resources('cloud::volume::backend::glusterfs', $glusterfs_backends) - } - else { - $glusterfs_backends = { } - } - - if has_key($cinder_backends, 'nfs') { - $nfs_backends = $cinder_backends['nfs'] - create_resources('cloud::volume::backend::nfs', $nfs_backends) - } - else { - $nfs_backends = { } - } - - class { 'cinder::backends': - enabled_backends => keys(merge($rbd_backends, $netapp_backends, $iscsi_backends, $emc_vnx_backends, $eqlx_backends, $nfs_backends, $glusterfs_backends)) - } - - # Manage Volume types. - # It allows to the end-user to choose from which backend he would like to provision a volume. - # Cinder::Type requires keystone credentials - Cinder::Type <| |> { - os_tenant_name => 'services', - os_username => 'cinder', - os_password => $ks_cinder_password, - os_auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0" - } - } - -} diff --git a/metadata.json b/metadata.json deleted file mode 100644 index 16e4664f..00000000 --- a/metadata.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "eNovance-cloud", - "version": "2.2.0", - "author": "eNovance", - "summary": "eNovance OpenStack Module", - "license": "Apache-2.0", - "source": "https://github.com/stackforge/puppet-openstack-cloud", - "project_page": "https://wiki.openstack.org/wiki/Puppet-openstack/puppet-openstack-cloud", - "issues_url": "https://bugs.launchpad.net/puppet-openstack-cloud", - "operatingsystem_support": [ - {"operatingsystem": "Debian"}, - {"operatingsystem": "Ubuntu"}, - {"operatingsystem": "CentOS"}, - {"operatingsystem": "RedHat"} - ], - "requirements": [ - {"name": "pe","version_requirement": "3.x"}, - {"name": "puppet","version_requirement": "3.x"} - ], - "description": "Puppet module that pulls together all the individual components of OpenStack, resulting is a complete and functional stack", - "dependencies": [ - {"name":"stackforge/glance","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/horizon","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/keystone","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/nova","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/cinder","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/swift","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/neutron","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/ceilometer","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/heat","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/tempest","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"eNovance/ceph", "version_requirement":">=1.1.0 <2.0.0"} - ] -} diff --git a/scripts/bootstrap.pp b/scripts/bootstrap.pp deleted file mode 100644 index fbd9c98c..00000000 --- a/scripts/bootstrap.pp +++ /dev/null @@ -1,30 +0,0 @@ -Class['hiera'] -> Class['apache'] - -class { 'hiera' : - datadir => '/etc/puppet/data', - hierarchy => [ - '%{::type}/%{::fqdn}', - '%{::type}/common', - 'common', - ] -} - -class {'::apache' : - purge_configs => false, -} -include 'apache::mod::wsgi' - -apache::vhost { 'puppetdb' : - docroot => '/tmp', - ssl => true, - ssl_cert => '/etc/puppet/ssl/puppetdb.pem', - ssl_key => '/etc/puppet/ssl/puppetdb.pem', - port => '8081', - servername => $::fqdn, - proxy_pass => [ - { - 'path' => '/', - 'url' => 'http://localhost:8080/' - } - ] -} diff --git a/spec/classes/cloud_clustering_spec.rb b/spec/classes/cloud_clustering_spec.rb deleted file mode 100644 index 871d764a..00000000 --- a/spec/classes/cloud_clustering_spec.rb +++ /dev/null @@ -1,149 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::clustering class -# - -require 'spec_helper' - -describe 'cloud::clustering' do - - let :pre_condition do - "class { 'cloud': - manage_firewall => true - }" - end - - let :params do - { :cluster_members => ['node1.test-example.org', - 'node2.test-example.org', - 'node3.test-example.org'], - :cluster_ip => '127.0.0.1', - :cluster_auth => false, - :cluster_authkey => '/var/lib/puppet/ssl/certs/ca.pem', - :cluster_recheck_interval => '5min', - :pe_warn_series_max => 1000, - :pe_input_series_max => 1000, - :pe_error_series_max => 1000, - :multicast_address => '239.192.168.1', - :firewall_settings => {} } - end - - shared_examples_for 'corosync and pacemaker' do - - context 'with default parameters' do - it 'configure corosync' do - is_expected.to contain_class('corosync').with( - :enable_secauth => params[:cluster_auth], - :authkey => params[:cluster_authkey], - :bind_address => params[:cluster_ip], - :multicast_address => params[:multicast_address], - :packages => platform_params[:packages], - #:set_votequorum => platform_params[:set_votequorum], - #:quorum_members => params[:cluster_members], - ) - - is_expected.to contain_cs_property('pe-warn-series-max').with( - :value => params[:pe_warn_series_max] - ) - is_expected.to contain_cs_property('pe-input-series-max').with( - :value => params[:pe_input_series_max] - ) - is_expected.to contain_cs_property('pe-error-series-max').with( - :value => params[:pe_error_series_max] - ) - - is_expected.to contain_corosync__service('pacemaker') - end - - it 'configure pacemaker firewall rules' do - is_expected.to contain_firewall('100 allow vrrp access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow corosync tcp access').with( - :port => ['2224', '3121', '21064'], - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow corosync udp access').with( - :port => ['5404', '5405'], - :proto => 'udp', - :action => 'accept', - ) - end - end - - context 'with two nodes only' do - before :each do - params.merge!( - :cluster_members => ['node1', 'node2'] - ) - end - - it 'disables stonith and ignores votequorum errors' do - is_expected.to contain_cs_property('no-quorum-policy').with( - :value => 'ignore' - ) - is_expected.to contain_cs_property('stonith-enabled').with( - :value => 'false' - ) - end - end - end - - shared_examples_for 'specific resources for RH platforms' do - context 'with default parameters' do - it { should contain_service('pacemaker').with( - :ensure => 'running', - :enable => true, - :require => 'Class[Corosync]', - )} - - it { should contain_service('pcsd').with( - :ensure => 'running', - :enable => true, - :require => 'Class[Corosync]', - )} - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :set_votequorum => false, - :packages => ['corosync', 'pacemaker'] } - end - - it_configures 'corosync and pacemaker' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :set_votequorum => true, - :packages => ['corosync', 'pacemaker', 'pcs']} - end - - it_configures 'corosync and pacemaker' - it_configures 'specific resources for RH platforms' - end -end diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb deleted file mode 100644 index ceb05e76..00000000 --- a/spec/classes/cloud_compute_api_spec.rb +++ /dev/null @@ -1,228 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::api class -# - -require 'spec_helper' - -describe 'cloud::compute::api' do - - shared_examples_for 'openstack compute api' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_use_slave => false, - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :ks_keystone_internal_host => '127.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_nova_password => 'novapassword', - :api_eth => '127.0.0.1', - :ks_ec2_public_port => '8773', - :ks_nova_public_port => '8774', - :ks_metadata_public_port => '8775', - :neutron_metadata_proxy_shared_secret => 'metadatapassword' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'does not configure nova db slave' do - is_expected.to contain_nova_config('database/slave_connection').with('ensure' => 'absent') - end - - context "when enabling nova db slave" do - let :pre_condition do - "class { 'cloud::compute': - nova_db_host => '10.0.0.1', - nova_db_use_slave => true, - nova_db_user => 'nova', - nova_db_password => 'secrete' }" - end - it 'configure nova db slave' do - is_expected.to contain_nova_config('database/slave_connection').with( - 'value' => 'mysql://nova:secrete@10.0.0.1:3307/nova?charset=utf8') - end - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-api' do - is_expected.to contain_class('nova::api').with( - :enabled => true, - :auth_host => '127.0.0.1', - :auth_protocol => 'https', - :admin_password => 'novapassword', - :api_bind_address => '127.0.0.1', - :metadata_listen => '127.0.0.1', - :neutron_metadata_proxy_shared_secret => 'metadatapassword', - :osapi_v3 => true, - :manage_service => true, - ) - end - - it 'configure a crontab that move deleted instance rows to another database table' do - is_expected.to contain_class('nova::cron::archive_deleted_rows') - end - - context 'when pacemaker manages nova-api' do - before :each do - params.merge!( :pacemaker_enabled => true ) - end - it 'configure nova-api without managing the service' do - is_expected.to contain_class('nova::api').with( - :manage_service => true, - ) - end - it 'should create a Pacemaker service for nova-api' do - should contain_openstack_extras__pacemaker__service(platform_params[:api_service_name]).with( - { - 'ensure' => :present, - 'primitive_class' => platform_params[:service_provider], - } - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure nova firewall rules' do - is_expected.to contain_firewall('100 allow nova-api access').with( - :port => '8774', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow nova-ec2 access').with( - :port => '8773', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow nova-metadata access').with( - :port => '8775', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure nova firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow nova-api access').with( - :port => '8774', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow nova-ec2 access').with( - :port => '8773', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow nova-metadata access').with( - :port => '8775', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian' } - end - - let :platform_params do - { :service_provider => 'lsb', - :api_service_name => 'nova-api', - } - end - - it_configures 'openstack compute api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :service_provider => 'systemd', - :api_service_name => 'openstack-nova-api', - } - end - - it_configures 'openstack compute api' - end - -end diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb deleted file mode 100644 index 5bc21fb9..00000000 --- a/spec/classes/cloud_compute_cert_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::cert class -# - -require 'spec_helper' - -describe 'cloud::compute::cert' do - - shared_examples_for 'openstack compute cert' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-cert' do - is_expected.to contain_class('nova::cert').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute cert' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute cert' - end - -end diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb deleted file mode 100644 index dd17a0e4..00000000 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::conductor class -# - -require 'spec_helper' - -describe 'cloud::compute::conductor' do - - shared_examples_for 'openstack compute conductor' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-conductor' do - is_expected.to contain_class('nova::conductor').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute conductor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute conductor' - end - -end diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb deleted file mode 100644 index 27cd5364..00000000 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::consoleauth class -# - -require 'spec_helper' - -describe 'cloud::compute::consoleauth' do - - shared_examples_for 'openstack compute consoleauth' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-consoleauth' do - is_expected.to contain_class('nova::consoleauth').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute consoleauth' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute consoleauth' - end - -end diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb deleted file mode 100644 index 8856f920..00000000 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ /dev/null @@ -1,153 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::consoleproxy class -# - -require 'spec_helper' - -describe 'cloud::compute::consoleproxy' do - - shared_examples_for 'openstack compute consoleproxy' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :api_eth => '10.0.0.1' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-vncproxy' do - is_expected.to contain_class('nova::vncproxy').with( - :enabled => true, - :host => '10.0.0.1', - :port => '6080', - :vncproxy_protocol => 'http' - ) - end - - context 'with spice console' do - before :each do - params.merge!( - :console => 'spice', - :novnc_port => '6082' ) - end - it 'configure nova-spicehtml5proxy' do - is_expected.to contain_class('nova::spicehtml5proxy').with( - :enabled => true, - :host => '10.0.0.1', - :port => '6082' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure spice firewall rules' do - is_expected.to contain_firewall('100 allow novnc access').with( - :port => '6080', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure spice firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow novnc access').with( - :port => '6080', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute consoleproxy' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute consoleproxy' - end - -end diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb deleted file mode 100644 index 7ed80f0a..00000000 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ /dev/null @@ -1,531 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::hypervisor class -# - -require 'spec_helper' - -describe 'cloud::compute::hypervisor' do - - shared_examples_for 'openstack compute hypervisor' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' } - class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true } - class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :libvirt_type => 'kvm', - :server_proxyclient_address => '7.0.0.1', - :spice_port => '6082', - :nova_ssh_private_key => 'secrete', - :nova_ssh_public_key => 'public', - :ks_nova_public_proto => 'http', - :ks_console_public_proto => 'https', - :ks_console_public_host => '10.0.0.2', - :vm_rbd => false, - :volume_rbd => false, - :nova_shell => false, - :ks_nova_public_host => '10.0.0.1' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0' - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0' - ) - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :report_interval => '30' - ) - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0' - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0' - ) - end - - it 'configure nova-compute' do - is_expected.to contain_class('nova::compute').with( - :enabled => true, - :vnc_enabled => true, - :vncserver_proxyclient_address => '7.0.0.1', - :vncproxy_host => '10.0.0.2', - :vncproxy_protocol => 'https', - :vncproxy_port => '6080', - :virtio_nic => false, - :neutron_enabled => true - ) - end - - it 'configure nova compute with neutron' do - is_expected.to contain_class('nova::compute::neutron') - end - - it 'configure ceilometer agent compute' do - is_expected.to contain_class('ceilometer::agent::compute') - end - - it 'do not configure nova shell' do - is_expected.not_to contain_user('nova') - end - - it 'should not configure nova-compute for RBD backend' do - is_expected.not_to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.not_to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - end - - it 'configure libvirt driver without disk cachemodes' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => [] - ) - end - - it 'configure nova-compute with extra parameters' do - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') - is_expected.to contain_nova_config('libvirt/inject_key').with('value' => false) - is_expected.to contain_nova_config('libvirt/inject_partition').with('value' => '-2') - is_expected.to contain_nova_config('libvirt/live_migration_flag').with('value' => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST') - is_expected.to contain_nova_config('libvirt/block_migration_flag').with('value' => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC') - end - - context 'witch spice console' do - before :each do - params.merge!( :console => 'spice' ) - end - it 'configure spice console' do - is_expected.to contain_class('nova::compute::spice').with( - :server_listen => '0.0.0.0', - :server_proxyclient_address => '7.0.0.1', - :proxy_host => '10.0.0.2', - :proxy_protocol => 'https', - :proxy_port => '6082' - ) - end - end - - context 'with dbus on Debian/Ubuntu' do - let :facts do - { :osfamily => 'Debian', - :vtx => true, - } - end - - it 'ensure dbus is running and started at boot' do - is_expected.to contain_service('dbus').with( - :ensure => 'running', - :enable => 'true' - ) - end - end - - context 'without TSO/GSO/GRO on Debian systems' do - before :each do - facts.merge!( :osfamily => 'Debian', - :operatingsystem => 'Debian', - :vtx => true ) - end - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/update-rc.d disable-tso defaults', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'without TSO/GSO/GRO on Red Hat systems' do - before :each do - facts.merge!( :osfamily => 'RedHat', - :vtx => true ) - end - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/chkconfig disable-tso on', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'when not managing TSO/GSO/GRO' do - before :each do - params.merge!( :manage_tso => false) - end - it 'ensure TSO script is not managed at boot' do - is_expected.not_to contain_exec('enable-tso-script') - end - it 'do not start TSO script' do - is_expected.not_to contain_exec('start-tso-script') - end - end - - context 'when managing nova shell' do - before :each do - params.merge!( :nova_shell => '/bin/bash') - end - it 'ensure nova shell is configured by Puppet' do - is_expected.to contain_user('nova').with( - :ensure => 'present', - :system => true, - :home => '/var/lib/nova', - :managehome => false, - :shell => '/bin/bash' - ) - end - end - - context 'with RBD backend for instances and volumes' do - before :each do - facts.merge!( :vtx => true ) - params.merge!( - :vm_rbd => true, - :volume_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_pool => 'nova', - :nova_rbd_secret_uuid => 'secrete' ) - end - - it 'configure nova-compute to support RBD backend' do - is_expected.to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - is_expected.to contain_nova_config('libvirt/images_rbd_pool').with('value' => 'nova') - is_expected.to contain_nova_config('libvirt/images_rbd_ceph_conf').with('value' => '/etc/ceph/ceph.conf') - is_expected.to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with('value' => 'secrete') - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-nova-to-group').with( - :command => 'usermod -a -G cephkeyring nova', - :unless => 'groups nova | grep cephkeyring' - ) - end - - it 'configure libvirt driver' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => ['network=writeback'] - ) - end - end - - context 'with RBD support only for volumes' do - before :each do - facts.merge!( :vtx => true ) - params.merge!( - :vm_rbd => false, - :volume_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_secret_uuid => 'secrete' ) - end - - it 'configure nova-compute to support RBD backend' do - is_expected.not_to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - is_expected.not_to contain_nova_config('libvirt/images_rbd_pool').with('value' => 'nova') - is_expected.to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with('value' => 'secrete') - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-nova-to-group').with( - :command => 'usermod -a -G cephkeyring nova', - :unless => 'groups nova | grep cephkeyring' - ) - is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ - 'owner' => 'root', - 'group' => 'cephkeyring', - 'mode' => '0440', - }) - end - - it 'configure libvirt driver' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => ['network=writeback'] - ) - end - end - - context 'when trying to enable RBD backend on RedHat OSP < 7 plaforms' do - before :each do - facts.merge!( :osfamily => 'RedHat', - :operatingsystemmajrelease => '6' ) - params.merge!( - :vm_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_pool => 'nova', - :nova_rbd_secret_uuid => 'secrete' ) - end - it_raises 'a Puppet::Error', /RBD image backend in Nova is not supported in RHEL 6./ - end - - context 'when running KVM libvirt driver without VTX enabled' do - before :each do - facts.merge!( :vtx => false ) - end - it_raises 'a Puppet::Error', /libvirt_type is set to KVM and VTX seems to be disabled on this node./ - end - - context 'when storing instances on a NFS share' do - before :each do - params.merge!( - :nfs_enabled => true, - :nfs_device => 'nfs.example.com:/vol1', - :nfs_options => 'noacl,fsid=123' ) - end - it 'configure nova instances path and NFS mount' do - is_expected.to contain_file('/var/lib/nova/instances').with( - 'ensure' => 'directory', - 'owner' => 'nova', - 'group' => 'nova', - 'mode' => '0755' - ) - is_expected.to contain_nova_config('DEFAULT/instances_path').with('value' => '/var/lib/nova/instances') - is_expected.to contain_mount('/var/lib/nova/instances').with({ - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => 'nfs.example.com:/vol1', - 'options' => 'noacl,fsid=123' - }) - end - end - - context 'when storing instances on a NFS share without nfs_device' do - before :each do - params.merge!( - :nfs_enabled => true, - :nfs_device => false ) - end - it_raises 'a Puppet::Error', /When running NFS backend, you need to provide nfs_device parameter./ - end - - context 'when storing instances on a NFS share with vm_rbd enabled' do - before :each do - params.merge!( - :nfs_enabled => true, - :vm_rbd => true, - :nfs_device => 'nfs.example.com:/vol1' ) - end - it_raises 'a Puppet::Error', /When running NFS backend, vm_rbd parameter cannot be set to true./ - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure compute firewall rules' do - is_expected.to contain_firewall('100 allow instances console access').with( - :port => '5900-5999', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow instances migration access').with( - :port => ['16509', '49152-49215'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure compute firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow instances console access').with( - :port => '5900-5999', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow instances migration access').with( - :port => ['16509', '49152-49215'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian', - :vtx => true, - # required for rpcbind module - :lsbdistid => 'Debian' - } - end - - it_configures 'openstack compute hypervisor' - it { should contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-d -l"') } - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :vtx => true, - # required for rbd support check - :operatingsystemmajrelease => '7', - # required for nfs module - :lsbmajdistrelease => '7' - } - end - - it_configures 'openstack compute hypervisor' - it { should contain_file_line('/etc/sysconfig/libvirtd libvirtd args').with(:line => 'LIBVIRTD_ARGS="--listen"') } - end - -end diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb deleted file mode 100644 index 1bca9378..00000000 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ /dev/null @@ -1,116 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::scheduler class -# - -require 'spec_helper' - -describe 'cloud::compute::scheduler' do - - shared_examples_for 'openstack compute scheduler' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { - :scheduler_default_filters => false - } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-scheduler' do - is_expected.to contain_class('nova::scheduler').with(:enabled => true) - end - - context 'openstack compute scheduler with nova-scheduler filters' do - before do - params.merge!( - :scheduler_default_filters => ['RamFilter', 'ComputeFilter'] - ) - end - it { is_expected.to contain_nova_config('DEFAULT/scheduler_default_filters').with( - 'value' => "RamFilter,ComputeFilter" - )} - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute scheduler' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute scheduler' - end - -end diff --git a/spec/classes/cloud_dashboard_spec.rb b/spec/classes/cloud_dashboard_spec.rb deleted file mode 100644 index 50ace201..00000000 --- a/spec/classes/cloud_dashboard_spec.rb +++ /dev/null @@ -1,180 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::dashboard class -# - -require 'spec_helper' - -describe 'cloud::dashboard' do - - shared_examples_for 'openstack dashboard' do - - let :params do - { :listen_ssl => false, - :ks_keystone_internal_host => 'localhost', - :ks_keystone_internal_host => 'localhost', - :secret_key => '/etc/ssl/secret', - :keystone_host => 'keystone.openstack.org', - :keystone_proto => 'http', - :keystone_port => '5000', - :debug => true, - :api_eth => '10.0.0.1', - :ssl_forward => true, - :servername => 'horizon.openstack.org', - :os_endpoint_type => 'internalURL', - :allowed_hosts => 'horizon.openstack.org'} - end - - let :pre_condition do - "class { 'apache': default_vhost => false }" - end - - it 'configure horizon' do - is_expected.to contain_class('horizon').with( - :listen_ssl => false, - :secret_key => '/etc/ssl/secret', - :bind_address => '10.0.0.1', - :servername => 'horizon.openstack.org', - :cache_server_ip => false, - :keystone_url => 'http://keystone.openstack.org:5000/v2.0', - :django_debug => true, - :neutron_options => { 'enable_lb' => true }, - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'] - }, - :openstack_endpoint_type => 'internalURL', - :allowed_hosts => 'horizon.openstack.org' - ) - is_expected.to contain_class('apache').with(:default_vhost => false) - end - - context 'with custom apache2 vhost parameters' do - before do - params.merge!( - :vhost_extra_params => { - 'ssl_protocol' => 'all -SSLv3 -SSLv2' - }) - end - - it 'configure horizon with custom vhost configuration' do - is_expected.to contain_class('horizon').with( - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'], - 'ssl_protocol' => 'all -SSLv3 -SSLv2' - }, - ) - end - end - - context 'with cisco plugin enabled' do - before do - params.merge!( - :neutron_extra_options => { - 'profile_support' => 'cisco' - }) - end - - it 'configure horizon with cisco support' do - is_expected.to contain_class('horizon').with( - :neutron_options => { - 'enable_lb' => true, - 'profile_support' => 'cisco' - }, - ) - end - end - - context 'with multiple allowed_hosts' do - before do - params.merge!(:allowed_hosts => ['horizon.openstack.org', 'vip.openstack.org']) - end - - it 'configure horizon with multiple allowed hosts' do - is_expected.to contain_class('horizon').with( - :listen_ssl => false, - :secret_key => '/etc/ssl/secret', - :bind_address => '10.0.0.1', - :servername => 'horizon.openstack.org', - :cache_server_ip => false, - :keystone_url => 'http://keystone.openstack.org:5000/v2.0', - :django_debug => true, - :neutron_options => { 'enable_lb' => true }, - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'] - }, - :openstack_endpoint_type => 'internalURL', - :allowed_hosts => ['horizon.openstack.org', 'vip.openstack.org'] - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'apache': default_vhost => false } - class { 'cloud': manage_firewall => true }" - end - it 'configure horizon firewall rules' do - is_expected.to contain_firewall('100 allow horizon access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'apache': default_vhost => false } - class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure horizon firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow horizon access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Ubuntu', - :operatingsystemrelease => '12.04' } - end - - it_configures 'openstack dashboard' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemrelease => '6' } - end - - it_configures 'openstack dashboard' - end - -end diff --git a/spec/classes/cloud_database_dbaas_api_spec.rb b/spec/classes/cloud_database_dbaas_api_spec.rb deleted file mode 100644 index 3c774002..00000000 --- a/spec/classes/cloud_database_dbaas_api_spec.rb +++ /dev/null @@ -1,130 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::api class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::api' do - - shared_examples_for 'openstack database dbaas api' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_trove_password => 'trovepassword', - :api_eth => '10.0.0.1', - :debug => true, - :verbose => true, - :use_syslog => true, - :ks_trove_public_port => '8779' } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove api' do - is_expected.to contain_class('trove::api').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :bind_host => '10.0.0.1', - :bind_port => '8779', - :auth_url => 'https://10.0.0.1:5000/v2.0', - :keystone_password => 'trovepassword' - ) - end - - it 'checks if Trove DB is populated' do - is_expected.to contain_exec('trove_db_sync').with( - :command => 'trove-manage db_sync', - :user => 'trove', - :path => '/usr/bin', - :unless => '/usr/bin/mysql trove -h 10.0.0.1 -u trove -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure trove-api firewall rules' do - is_expected.to contain_firewall('100 allow trove-api access').with( - :port => '8779', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure trove-api firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow trove-api access').with( - :port => '8779', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas api' - end - -end diff --git a/spec/classes/cloud_database_dbaas_conductor_spec.rb b/spec/classes/cloud_database_dbaas_conductor_spec.rb deleted file mode 100644 index 4af4ec03..00000000 --- a/spec/classes/cloud_database_dbaas_conductor_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::conductor class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::conductor' do - - shared_examples_for 'openstack database dbaas conductor' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_proto => 'https', - :debug => true, - :verbose => true, - :use_syslog => true } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove conductor' do - is_expected.to contain_class('trove::conductor').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :auth_url => 'https://10.0.0.1:5000/v2.0', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas conductor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas conductor' - end - -end diff --git a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb b/spec/classes/cloud_database_dbaas_taskmanager_spec.rb deleted file mode 100644 index 3801557a..00000000 --- a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::taskmanager class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::taskmanager' do - - shared_examples_for 'openstack database dbaas taskmanager' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_proto => 'https', - :debug => true, - :verbose => true, - :use_syslog => true } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove taskmanager' do - is_expected.to contain_class('trove::taskmanager').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :auth_url => 'https://10.0.0.1:5000/v2.0', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas taskmanager' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas taskmanager' - end - -end diff --git a/spec/classes/cloud_database_nosql_cassandra_spec.rb b/spec/classes/cloud_database_nosql_cassandra_spec.rb deleted file mode 100644 index 1445eccd..00000000 --- a/spec/classes/cloud_database_nosql_cassandra_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::cassandra -# - -require 'spec_helper' - -describe 'cloud::database::nosql::cassandra' do - - shared_examples_for 'cassandra server' do - - let :params do - { } - end - - it 'configure cassandra with some params' do - is_expected.to contain_class('cassandra') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure cassandra firewall rules' do - is_expected.to contain_firewall('100 allow cassandra access').with( - :port => '7000', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure cassandra firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow cassandra access').with( - :port => '7000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'cassandra server' - end - -end diff --git a/spec/classes/cloud_database_nosql_elasticsearch.rb b/spec/classes/cloud_database_nosql_elasticsearch.rb deleted file mode 100644 index eca9aa14..00000000 --- a/spec/classes/cloud_database_nosql_elasticsearch.rb +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::nosql::elasticsearch -# - -require 'spec_helper' - -describe 'cloud::database::nosql::elasticsearch' do - - shared_examples_for 'elasticsearch server' do - - let :params do - { :firewall_settings => {} } - end - - it 'configure elasticsearch' do - it is_expected.to contain_class('elasticsearch') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure elasticsearch firewall rules' do - is_expected.to contain_firewall('100 allow elasticsearch access').with( - :port => '9200', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure elasticsearch firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow elasticsearch access').with( - :port => '9200', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'elasticsearch server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'elasticsearch server' - end - -end diff --git a/spec/classes/cloud_database_nosql_kafka_spec.rb b/spec/classes/cloud_database_nosql_kafka_spec.rb deleted file mode 100644 index 65e5ffa0..00000000 --- a/spec/classes/cloud_database_nosql_kafka_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::kafka -# - -require 'spec_helper' - -describe 'cloud::database::nosql::kafka' do - - shared_examples_for 'kafka server' do - - let :params do - { } - end - - it 'configure kafka with some params' do - is_expected.to contain_class('kafka') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure kafka firewall rules' do - is_expected.to contain_firewall('100 allow kafka access').with( - :port => '9092', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure kafka firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow kafka access').with( - :port => '9092', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian', - :operatingsystem => 'Debian' - - } - end - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystem => 'RedHat' - } - end - - it_configures 'kafka server' - end - -end diff --git a/spec/classes/cloud_database_nosql_memcached_spec.rb b/spec/classes/cloud_database_nosql_memcached_spec.rb deleted file mode 100644 index 46b6aac0..00000000 --- a/spec/classes/cloud_database_nosql_memcached_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::memcached -# - -require 'spec_helper' - -describe 'cloud::database::nosql::memcached' do - - shared_examples_for 'memcached server' do - - let :params do - { :listen_ip => '10.0.0.1' } - end - - it 'configure memcached with some params' do - is_expected.to contain_class('memcached').with( - :listen_ip => '10.0.0.1', - :max_memory => '60%' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure memcached firewall rules' do - is_expected.to contain_firewall('100 allow memcached access').with( - :port => '11211', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure memcached firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow memcached access').with( - :port => '11211', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'memcached server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'memcached server' - end - -end diff --git a/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb b/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb deleted file mode 100644 index 48bc4515..00000000 --- a/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb +++ /dev/null @@ -1,117 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database:nosql::mongodb::mongod class -# - -require 'spec_helper' - -describe 'cloud::database::nosql::mongodb::mongod' do - - shared_examples_for 'openstack database nosql' do - - let :params do - { - :replset => { 'ceilometer' => { 'members' => ['10.0.0.1'] } } - } - end - - it 'configure mongodb::globals' do - is_expected.to contain_class('mongodb::globals') - end - - it 'configure mongodb::mongos' do - is_expected.to contain_class('mongodb::server') - end - - it 'configure mongodb replicasets' do - is_expected.to contain_mongodb_replset('ceilometer').with( - :members => ['10.0.0.1'] - ) - end - - context 'when enable is set to false' do - before :each do - params.merge!(:enable => false) - end - - it 'does not configure mongodb::globals' do - is_expected.not_to contain_class('mongodb::globals') - end - - it 'does not configure mongodb::server' do - is_expected.not_to contain_class('mongodb::server') - end - - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mongodb firewall rules' do - is_expected.to contain_firewall('100 allow mongod access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mongodb firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow mongod access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :lsbdistid => 'Debian' } - end - - let :platform_params do - { :manage_package_repo => true } - end - - it_configures 'openstack database nosql' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :manage_package_repo => false } - end - - it_configures 'openstack database nosql' - end - -end - diff --git a/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb b/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb deleted file mode 100644 index c78812a3..00000000 --- a/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'cloud::database::nosql::mongodb::mongos' do - - shared_examples_for 'mongodb mongos service' do - - let :params do - { - :enable => true, - :shards => { - 'ceilometer' => { - 'member' => 'ceilometer/10.0.0.1:27018', - } - } - } - end - - it 'configure mongodb::globals' do - is_expected.to contain_class('mongodb::globals') - end - - it 'configure mongodb::mongos' do - is_expected.to contain_class('mongodb::mongos') - end - - it 'configure the ceilometer shard' do - is_expected.to contain_mongodb_shard('ceilometer') - end - - context 'when enable is set to false' do - before :each do - params.merge!(:enable => false) - end - - it 'does not configure mongodb::globals' do - is_expected.not_to contain_class('mongodb::globals') - end - - it 'does not configure mongodb::mongos' do - is_expected.not_to contain_class('mongodb::mongos') - end - - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mongodb firewall rules' do - is_expected.to contain_firewall('100 allow mongos access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mongos firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow mongos access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', } - end - - it_configures 'mongodb mongos service' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'mongodb mongos service' - end - -end diff --git a/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb b/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb deleted file mode 100644 index a7dbc69b..00000000 --- a/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::redis::sentinel -# - -require 'spec_helper' - -describe 'cloud::database::nosql::redis::sentinel' do - - shared_examples_for 'redis sentinel' do - - let :params do - { :port => '26379' } - end - - it { should create_class('redis::sentinel') } - - it { should contain_file('/bin/redis-notifications.sh').with( - :ensure => 'present', - :owner => 'root', - :group => 'root', - :mode => '0755', - ) } - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure redis firewall rules' do - is_expected.to contain_firewall('100 allow redis sentinel access').with( - :port => '26379', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure redis firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow redis sentinel access').with( - :port => '26379', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'redis sentinel' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'redis sentinel' - end - -end diff --git a/spec/classes/cloud_database_nosql_redis_server_spec.rb b/spec/classes/cloud_database_nosql_redis_server_spec.rb deleted file mode 100644 index fee7dc3e..00000000 --- a/spec/classes/cloud_database_nosql_redis_server_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::redis::server -# - -require 'spec_helper' - -describe 'cloud::database::nosql::redis::server' do - - shared_examples_for 'redis server' do - - let :params do - { :port => '6379' } - end - - it { should create_class('redis') } - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure redis firewall rules' do - is_expected.to contain_firewall('100 allow redis server access').with( - :port => '6379', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure redis firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow redis server access').with( - :port => '6379', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'redis server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'redis server' - end - -end diff --git a/spec/classes/cloud_database_nosql_zookeeper_spec.rb b/spec/classes/cloud_database_nosql_zookeeper_spec.rb deleted file mode 100644 index a70d8b27..00000000 --- a/spec/classes/cloud_database_nosql_zookeeper_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::zookeeper -# - -require 'spec_helper' - -describe 'cloud::database::nosql::zookeeper' do - - shared_examples_for 'zookeeper server' do - - let :params do - { } - end - - it 'configure zookeeper with some params' do - is_expected.to contain_class('zookeeper') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure zookeeper firewall rules' do - is_expected.to contain_firewall('100 allow zookeeper access').with( - :port => '2181', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure zookeeper firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow zookeeper access').with( - :port => '2181', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'zookeeper server' - end - -end diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb deleted file mode 100644 index 8f6efdc0..00000000 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ /dev/null @@ -1,328 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::sql class -# - -require 'spec_helper' - -describe 'cloud::database::sql::mysql' do - - shared_examples_for 'mysql database' do - - let :pre_condition do - "include xinetd" - end - - let :params do - { - :api_eth => '10.0.0.1', - :galera_master_name => 'os-ci-test1', - :galera_internal_ips => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :galera_gcache => '1G', - :keystone_db_host => '10.0.0.1', - :keystone_db_user => 'keystone', - :keystone_db_password => 'secrete', - :keystone_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :cinder_db_host => '10.0.0.1', - :cinder_db_user => 'cinder', - :cinder_db_password => 'secrete', - :cinder_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :glance_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :heat_db_host => '10.0.0.1', - :heat_db_user => 'heat', - :heat_db_password => 'secrete', - :heat_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :nova_db_host => '10.0.0.1', - :nova_db_user => 'nova', - :nova_db_password => 'secrete', - :nova_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :neutron_db_host => '10.0.0.1', - :neutron_db_user => 'neutron', - :neutron_db_password => 'secrete', - :neutron_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :trove_db_host => '10.0.0.1', - :trove_db_user => 'trove', - :trove_db_password => 'secrete', - :trove_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :mysql_root_password => 'secrete', - :mysql_sys_maint_password => 'sys', - :galera_clustercheck_dbuser => 'clustercheck', - :galera_clustercheck_dbpassword => 'clustercheckpassword!', - :galera_clustercheck_ipaddress => '10.0.0.1' - } - end - - it 'configure mysql galera server' do - is_expected.to contain_class('mysql::client').with( - :package_name => platform_params[:mysql_client_package_name] - ) - - is_expected.to contain_class('mysql::server').with( - :package_name => platform_params[:mysql_server_package_name], - :override_options => { 'mysqld' => { 'bind-address' => '10.0.0.1' } }, - :notify => 'Service[xinetd]' - ) - - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_cluster_name\s*= "galera_cluster"$/) - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_node_address\s*= "#{params[:api_eth]}"$/) - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_node_incoming_address\s*= "#{params[:api_eth]}"$/) - - end # configure mysql galera server - - context 'configure mysqlchk http replication' do - it { is_expected.to contain_file('/etc/xinetd.d/mysqlchk').with_mode('0755') } - it { is_expected.to contain_file('/usr/bin/clustercheck').with_mode('0755') } - it { is_expected.to contain_file('/usr/bin/clustercheck').with_content(/MYSQL_USERNAME='#{params[:galera_clustercheck_dbuser]}'/)} - it { is_expected.to contain_file('/usr/bin/clustercheck').with_content(/MYSQL_PASSWORD='#{params[:galera_clustercheck_dbpassword]}'/)} - it { is_expected.to contain_file('/etc/xinetd.d/mysqlchk').with_content(/bind = #{params[:galera_clustercheck_ipaddress]}/)} - - end # configure mysqlchk http replication - - context 'configure override of systemd defaults' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:mysql_systemd_override_settings => { 'LimitNOFILE' => 666 }) - end - - it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/[Service]/) } - it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/LimitNOFILE=666/) } - it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } - end - - context 'configure open_file_limits' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:open_files_limit => 666) - end - - it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } - end - - context 'configure max_connections' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:max_connections => 2048) - end - it { is_expected.to contain_file('/etc/my.cnf').with_content(/max_connections = 2048/) } - end - - context 'configure databases on the galera master server' do - - before :each do - facts.merge!( :hostname => 'os-ci-test1' ) - end - - it 'configure mysql server' do - is_expected.to contain_class('mysql::server').with( - :package_name => platform_params[:mysql_server_package_name], - :root_password => 'secrete', - :override_options => { 'mysqld' => { 'bind-address' => '10.0.0.1' } }, - :notify => 'Service[xinetd]' - ) - end - - it 'configure keystone database' do - is_expected.to contain_class('keystone::db::mysql').with( - :dbname => 'keystone', - :user => 'keystone', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure glance database' do - is_expected.to contain_class('glance::db::mysql').with( - :dbname => 'glance', - :user => 'glance', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure nova database' do - is_expected.to contain_class('nova::db::mysql').with( - :dbname => 'nova', - :user => 'nova', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure cinder database' do - is_expected.to contain_class('cinder::db::mysql').with( - :dbname => 'cinder', - :user => 'cinder', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure neutron database' do - is_expected.to contain_class('neutron::db::mysql').with( - :dbname => 'neutron', - :user => 'neutron', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure heat database' do - is_expected.to contain_class('heat::db::mysql').with( - :dbname => 'heat', - :user => 'heat', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure trove database' do - is_expected.to contain_class('trove::db::mysql').with( - :dbname => 'trove', - :user => 'trove', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure monitoring database' do - is_expected.to contain_mysql_database('monitoring').with( - :ensure => 'present', - :charset => 'utf8' - ) - is_expected.to contain_mysql_user("#{params[:galera_clustercheck_dbuser]}@localhost").with( - :ensure => 'present', - :password_hash => '*FDC68394456829A7344C2E9D4CDFD43DCE2EFD8F' - ) - is_expected.to contain_mysql_grant("#{params[:galera_clustercheck_dbuser]}@localhost/monitoring").with( - :privileges => 'ALL' - ) - end # configure monitoring database - end # configure databases on the galera master server - - context 'Bootstrap MySQL database on RedHat plaforms' do - before :each do - facts.merge!( :osfamily => 'RedHat' ) - end - it 'configure mysql database' do - is_expected.to contain_exec('bootstrap-mysql').with( - :command => '/usr/bin/mysql_install_db --rpm --user=mysql', - :unless => "/usr/bin/test -d /var/lib/mysql/mysql", - :before => 'Service[mysqld]' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mysql firewall rules' do - is_expected.to contain_firewall('100 allow galera access').with( - :port => ['3306', '4567', '4568', '4444'], - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow mysqlchk access').with( - :port => '8200', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow mysql rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mysql firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow galera access').with( - :port => ['3306', '4567', '4568', '4444'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow mysqlchk access').with( - :port => '8200', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow mysql rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end # openstack database sql - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :mysql_server_package_name => 'mariadb-galera-server', - :mysql_client_package_name => 'mariadb-client', - :mysql_server_config_file => '/etc/mysql/my.cnf', - :wsrep_provider => '/usr/lib/galera/libgalera_smm.so' } - end - - it_configures 'mysql database' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 } - end - - let :platform_params do - { :mysql_server_package_name => 'mariadb-galera-server', - :mysql_client_package_name => 'mariadb', - :mysql_server_config_file => '/etc/my.cnf', - :wsrep_provider => '/usr/lib64/galera/libgalera_smm.so' } - end - - it_configures 'mysql database' - end - -end diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb deleted file mode 100644 index f846c404..00000000 --- a/spec/classes/cloud_identity_spec.rb +++ /dev/null @@ -1,424 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::identity class -# - -require 'spec_helper' - -describe 'cloud::identity' do - - shared_examples_for 'openstack identity' do - - let :params do - { :identity_roles_addons => ['SwiftOperator', 'ResellerAdmin'], - :swift_enabled => true, - :cinder_enabled => true, - :keystone_db_host => '10.0.0.1', - :keystone_db_user => 'keystone', - :keystone_db_password => 'secrete', - :ks_admin_email => 'admin@openstack.org', - :ks_admin_password => 'secrete', - :ks_admin_tenant => 'admin', - :ks_admin_token => 'SECRETE', - :ks_ceilometer_admin_host => '10.0.0.1', - :ks_ceilometer_internal_host => '10.0.0.1', - :ks_ceilometer_password => 'secrete', - :ks_ceilometer_public_host => '10.0.0.1', - :ks_ceilometer_public_port => '8777', - :ks_ceilometer_public_proto => 'https', - :ks_ceilometer_admin_proto => 'https', - :ks_ceilometer_internal_proto => 'https', - :ks_cinder_admin_host => '10.0.0.1', - :ks_cinder_internal_host => '10.0.0.1', - :ks_cinder_password => 'secrete', - :ks_cinder_public_host => '10.0.0.1', - :ks_cinder_public_proto => 'https', - :ks_cinder_public_proto => 'https', - :ks_cinder_admin_proto => 'https', - :ks_glance_admin_host => '10.0.0.1', - :ks_glance_internal_host => '10.0.0.1', - :ks_glance_password => 'secrete', - :ks_glance_public_host => '10.0.0.1', - :ks_glance_public_proto => 'https', - :ks_glance_admin_proto => 'https', - :ks_glance_internal_proto => 'https', - :ks_heat_admin_host => '10.0.0.1', - :ks_heat_internal_host => '10.0.0.1', - :ks_heat_password => 'secrete', - :ks_heat_public_host => '10.0.0.1', - :ks_heat_public_proto => 'https', - :ks_heat_admin_proto => 'https', - :ks_heat_internal_proto => 'https', - :ks_heat_public_port => '8004', - :ks_heat_cfn_public_port => '8000', - :ks_keystone_admin_host => '10.0.0.1', - :ks_keystone_admin_port => '35357', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_public_host => '10.0.0.1', - :ks_keystone_public_port => '5000', - :ks_keystone_public_proto => 'https', - :ks_keystone_admin_proto => 'https', - :ks_keystone_internal_proto => 'https', - :ks_neutron_admin_host => '10.0.0.1', - :ks_neutron_internal_host => '10.0.0.1', - :ks_neutron_password => 'secrete', - :ks_neutron_public_host => '10.0.0.1', - :ks_neutron_admin_proto => 'https', - :ks_neutron_internal_proto => 'https', - :ks_neutron_public_proto => 'https', - :ks_neutron_public_port => '9696', - :ks_nova_admin_host => '10.0.0.1', - :ks_nova_internal_host => '10.0.0.1', - :ks_nova_password => 'secrete', - :ks_nova_public_host => '10.0.0.1', - :ks_nova_public_proto => 'https', - :ks_nova_internal_proto => 'https', - :ks_nova_admin_proto => 'https', - :ks_nova_public_port => '8774', - :ks_ec2_public_port => '8773', - :ks_swift_dispersion_password => 'secrete', - :ks_swift_internal_host => '10.0.0.1', - :ks_swift_password => 'secrete', - :ks_swift_public_host => '10.0.0.1', - :ks_swift_public_port => '8080', - :ks_swift_public_proto => 'https', - :ks_swift_admin_proto => 'https', - :ks_swift_internal_proto => 'https', - :ks_swift_admin_host => '10.0.0.1', - :ks_trove_admin_host => '10.0.0.1', - :ks_trove_internal_host => '10.0.0.1', - :ks_trove_password => 'secrete', - :ks_trove_public_host => '10.0.0.1', - :ks_trove_public_port => '8779', - :ks_trove_public_proto => 'https', - :ks_trove_admin_proto => 'https', - :ks_trove_internal_proto => 'https', - :region => 'BigCloud', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :token_driver => 'keystone.token.persistence.backends.sql.Token', - :ks_token_expiration => '3600', - :api_eth => '10.0.0.1' } - end - - it 'configure keystone server' do - is_expected.to contain_class('keystone').with( - :enabled => true, - :admin_token => 'SECRETE', - :compute_port => '8774', - :debug => true, - :verbose => true, - :database_idle_timeout => '5000', - :log_facility => 'LOG_LOCAL0', - :database_connection => 'mysql://keystone:secrete@10.0.0.1/keystone?charset=utf8', - :database_idle_timeout => '5000', - :token_driver => 'keystone.token.persistence.backends.sql.Token', - :token_provider => 'keystone.token.providers.uuid.Provider', - :use_syslog => true, - :public_bind_host => '10.0.0.1', - :admin_bind_host => '10.0.0.1', - :public_port => '5000', - :admin_port => '35357', - :token_expiration => '3600', - :log_dir => false, - :log_file => false, - :admin_endpoint => 'https://10.0.0.1:35357/', - :public_endpoint => 'https://10.0.0.1:5000/' - ) - is_expected.to contain_keystone_config('ec2/driver').with('value' => 'keystone.contrib.ec2.backends.sql.Ec2') - is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') - is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') - end - - it 'checks if Keystone DB is populated' do - is_expected.to contain_exec('keystone_db_sync').with( - :command => 'keystone-manage db_sync', - :path => '/usr/bin', - :user => 'keystone', - :unless => '/usr/bin/mysql keystone -h 10.0.0.1 -u keystone -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure keystone admin role' do - is_expected.to contain_class('keystone::roles::admin').with( - :email => 'admin@openstack.org', - :password => 'secrete', - :admin_tenant => 'admin' - ) - end - - # TODO(EmilienM) Disable WSGI - bug #98 - # it 'configure apache to run keystone with wsgi' do - # should contain_class('keystone::wsgi::apache').with( - # :servername => 'keystone.openstack.org', - # :admin_port => '35357', - # :public_port => '5000', - # :workers => '2', - # :ssl => false - # ) - # end - - it 'configure keystone endpoint' do - is_expected.to contain_class('keystone::endpoint').with( - :public_url => 'https://10.0.0.1:5000', - :admin_url => 'https://10.0.0.1:35357', - :internal_url => 'https://10.0.0.1:5000', - :region => 'BigCloud' - ) - end - - it 'configure swift endpoints' do - is_expected.to contain_class('swift::keystone::auth').with( - :password => 'secrete', - :public_address => '10.0.0.1', - :public_port => '8080', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :region => 'BigCloud' - ) - end - - it 'configure swift dispersion' do - is_expected.to contain_class('swift::keystone::dispersion').with( :auth_pass => 'secrete' ) - end - - it 'configure ceilometer endpoints' do - is_expected.to contain_class('ceilometer::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :port => '8777', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :region => 'BigCloud' - ) - end - - it 'should not configure trove endpoint by default' do - is_expected.not_to contain_class('trove::keystone::auth') - end - - it 'configure nova endpoints' do - is_expected.to contain_class('nova::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :compute_port => '8774', - :ec2_port => '8773', - :region => 'BigCloud' - ) - end - - it 'configure neutron endpoints' do - is_expected.to contain_class('neutron::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :internal_protocol => 'https', - :admin_protocol => 'https', - :port => '9696', - :region => 'BigCloud' - ) - end - - it 'configure cinder endpoints' do - is_expected.to contain_class('cinder::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :region => 'BigCloud' - ) - end - - it 'configure glance endpoints' do - is_expected.to contain_class('glance::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '9292', - :region => 'BigCloud' - ) - end - - it 'configure heat endpoints' do - is_expected.to contain_class('heat::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '8004', - :region => 'BigCloud' - ) - end - - it 'configure heat cloudformation endpoints' do - is_expected.to contain_class('heat::keystone::auth_cfn').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '8000', - :region => 'BigCloud' - ) - end - - it 'configure a crontab to purge tokens every days at midnight' do - is_expected.to contain_class('keystone::cron::token_flush') - end - - context 'without syslog' do - before :each do - params.merge!(:use_syslog => false) - end - it 'configure keystone server' do - is_expected.to contain_class('keystone').with( - :use_syslog => false, - :log_dir => '/var/log/keystone', - :log_file => 'keystone.log' - ) - end - end - - context 'without Swift' do - before :each do - params.merge!(:swift_enabled => false) - end - it 'should not configure swift endpoints and users' do - is_expected.not_to contain_class('swift::keystone::auth') - is_expected.not_to contain_class('swift::keystone::dispersion') - end - end - - context 'without Cinder' do - before :each do - params.merge!(:cinder_enabled => false) - end - it 'should not configure cinder endpoints and users' do - is_expected.not_to contain_class('cinder::keystone::auth') - end - end - - context 'with Trove' do - before :each do - params.merge!(:trove_enabled => true) - end - it 'configure trove endpoints' do - is_expected.to contain_class('trove::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :port => '8779', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :region => 'BigCloud' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure keystone firewall rules' do - is_expected.to contain_firewall('100 allow keystone access').with( - :port => '5000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow keystone admin access').with( - :port => '35357', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure keystone firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow keystone access').with( - :port => '5000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow keystone admin access').with( - :port => '35357', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystemrelease => '12.04', - :processorcount => '2', - :fqdn => 'keystone.openstack.org' } - end - - it_configures 'openstack identity' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :processorcount => '2', - :fqdn => 'keystone.openstack.org' } - end - - it_configures 'openstack identity' - end - -end diff --git a/spec/classes/cloud_image_api_spec.rb b/spec/classes/cloud_image_api_spec.rb deleted file mode 100644 index d6bbe2e3..00000000 --- a/spec/classes/cloud_image_api_spec.rb +++ /dev/null @@ -1,228 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::image class -# -require 'spec_helper' - -describe 'cloud::image::api' do - - let :params do - { :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.1', - :openstack_vip => '10.0.0.42', - :ks_glance_api_internal_port => '9292', - :ks_glance_registry_internal_port => '9191', - :ks_glance_registry_internal_proto => 'https', - :ks_glance_password => 'secrete', - :rabbit_host => '10.0.0.1', - :rabbit_password => 'secrete', - :glance_rbd_user => 'glance', - :glance_rbd_pool => 'images', - :backend => 'rbd', - :debug => true, - :verbose => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :api_eth => '10.0.0.1' - } - end - - shared_examples_for 'openstack image api' do - - it 'should not configure firewall rule' do - is_expected.not_to contain_firewall('100 allow glance api access') - end - - it 'configure glance-api' do - is_expected.to contain_class('glance::api').with( - :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', - :database_idle_timeout => '5000', - :keystone_password => 'secrete', - :registry_host => '10.0.0.42', - :registry_port => '9191', - :registry_client_protocol => 'https', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :show_image_direct_url => true, - :verbose => true, - :debug => true, - :auth_host => '10.0.0.1', - :auth_protocol => 'https', - :log_facility => 'LOG_LOCAL0', - :bind_host => '10.0.0.1', - :bind_port => '9292', - :use_syslog => true, - :pipeline => 'keystone', - :log_dir => false, - :log_file => false, - :known_stores => ['rbd','http'], - ) - end - - # TODO(EmilienM) Disabled for now - # Follow-up https://github.com/enovance/puppet-openstack-cloud/issues/160 - # - # it 'configure glance notifications with rabbitmq backend' do - # should contain_class('glance::notify::rabbitmq').with( - # :rabbit_password => 'secrete', - # :rabbit_userid => 'glance', - # :rabbit_host => '10.0.0.1' - # ) - # end - it { is_expected.to contain_glance_api_config('DEFAULT/notifier_driver').with_value('noop') } - it { is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value('https://10.0.0.1:35357') } - - it 'configure glance rbd backend' do - is_expected.to contain_class('glance::backend::rbd').with( - :rbd_store_pool => 'images', - :rbd_store_user => 'glance' - ) - end - - it 'configure crontab to clean glance cache' do - is_expected.to contain_class('glance::cache::cleaner') - is_expected.to contain_class('glance::cache::pruner') - end - - context 'with file Glance backend' do - before :each do - params.merge!(:backend => 'file') - end - - it 'configure Glance with file backend' do - is_expected.to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with('value' => '/var/lib/glance/images/') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'file') - end - end - - context 'with NFS Glance backend' do - before :each do - params.merge!(:backend => 'nfs', - :filesystem_store_datadir => '/srv/images/', - :nfs_device => 'nfs.example.com:/vol1', - :nfs_options => 'noacl,fsid=123' ) - end - - it 'configure Glance with NFS backend' do - is_expected.to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_file('/srv/images/').with( - 'ensure' => 'directory', - 'owner' => 'glance', - 'group' => 'glance', - 'mode' => '0755' - ) - is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with('value' => '/srv/images/') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'file') - is_expected.to contain_mount('/srv/images/').with({ - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => 'nfs.example.com:/vol1', - 'options' => 'noacl,fsid=123', - }) - end - end - - context 'with Swift backend' do - before :each do - params.merge!(:backend => 'swift') - end - - it 'configure Glance with Glance backend' do - is_expected.not_to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'swift') - is_expected.to contain_glance_api_config('glance_store/swift_store_user').with('value' => 'services:glance') - is_expected.to contain_glance_api_config('glance_store/swift_store_key').with('value' => 'secrete') - is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with('value' => 'https://10.0.0.1:35357/v2.0/') - is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with('value' => true) - end - end - - context 'with missing parameter when using Glance NFS backend' do - before :each do - params.merge!(:backend => 'nfs', - :nfs_device => false ) - end - it { is_expected.to compile.and_raise_error(/When running NFS backend, you need to provide nfs_device parameter./) } - end - - context 'with wrong Glance backend' do - before :each do - params.merge!(:backend => 'Something') - end - it { is_expected.to compile.and_raise_error(/Something is not a Glance supported backend./) } - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure Glance API firewall rules' do - is_expected.to contain_firewall('100 allow glance-api access').with( - :port => '9292', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure Glance API firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow glance-api access').with( - :port => '9292', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - # required for rpcbind module - :lsbdistid => 'Debian' } - end - - it_configures 'openstack image api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - # required for nfs module - :lsbmajdistrelease => '7' } - end - - it_configures 'openstack image api' - end - -end diff --git a/spec/classes/cloud_image_registry_spec.rb b/spec/classes/cloud_image_registry_spec.rb deleted file mode 100644 index df58e4b2..00000000 --- a/spec/classes/cloud_image_registry_spec.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::image class -# -require 'spec_helper' - -describe 'cloud::image::registry' do - - let :params do - { :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.1', - :ks_glance_registry_internal_port => '9191', - :ks_glance_password => 'secrete', - :debug => true, - :verbose => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :api_eth => '10.0.0.1' - } - end - - shared_examples_for 'openstack image registry' do - - it 'configure glance-registry' do - is_expected.to contain_class('glance::registry').with( - :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', - :database_idle_timeout => '5000', - :keystone_password => 'secrete', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :verbose => true, - :debug => true, - :auth_host => '10.0.0.1', - :auth_protocol => 'https', - :log_facility => 'LOG_LOCAL0', - :bind_host => '10.0.0.1', - :bind_port => '9191', - :use_syslog => true, - :log_dir => false, - :log_file => false - ) - end - - it { is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value('https://10.0.0.1:35357') } - - it 'checks if Glance DB is populated' do - is_expected.to contain_exec('glance_db_sync').with( - :command => 'glance-manage db_sync', - :user => 'glance', - :path => '/usr/bin', - :unless => '/usr/bin/mysql glance -h 10.0.0.1 -u glance -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure Glance Registry firewall rules' do - is_expected.to contain_firewall('100 allow glance-registry access').with( - :port => '9191', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure Glance API firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow glance-registry access').with( - :port => '9191', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack image registry' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack image registry' - end - -end diff --git a/spec/classes/cloud_init_spec.rb b/spec/classes/cloud_init_spec.rb deleted file mode 100644 index ce3b671e..00000000 --- a/spec/classes/cloud_init_spec.rb +++ /dev/null @@ -1,227 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud -# - -require 'spec_helper' - -describe 'cloud' do - - let :params do - { } - end - - shared_examples_for 'cloud node' do - - let :pre_condition do - ' - include concat::setup - ' - end - - let :file_defaults do - { - :mode => '0644' - } - end - - it {is_expected.to contain_class('sudo')} - it {is_expected.to contain_class('sudo::configs')} - it {is_expected.to contain_class('ntp')} - it {is_expected.to contain_class('limits')} - - context 'with explicit limits enabled' do - before :each do - params.merge!( :limits => { - 'username_nofile' => { - 'ensure' => 'present', - 'user' => 'username', - 'limit_type' => 'nofile', - 'hard' => '16384' - } - }) - end - - it { is_expected.to contain_limits__limits('username_nofile').with( - :ensure => 'present', - :user => 'username', - :limit_type => 'nofile', - :hard => '16384', - ) } - - end - - context 'with explicit sysctl values' do - before :each do - params.merge!( :sysctl => { - 'net.ipv4.ip_forward' => { - 'value' => '1', - }, - 'net.ipv6.conf.all.forwarding' => { - 'value' => '1', - } - }) - end - - it { is_expected.to contain_sysctl('net.ipv4.ip_forward').with( - :val => '1', - ) } - it { is_expected.to contain_sysctl('net.ipv6.conf.all.forwarding').with( - :val => '1', - ) } - - end - - - it {is_expected.to contain_file('/etc/motd').with( - {:ensure => 'file'}.merge(file_defaults) - )} - - it { is_expected.to contain_service('cron').with({ - :name => platform_params[:cron_service_name], - :ensure => 'running', - :enable => true - }) } - - context 'with firewall enabled' do - before :each do - params.merge!( - :manage_firewall => true, - ) - end - - it 'configure basic pre firewall rules' do - is_expected.to contain_firewall('000 accept related established rules').with( - :proto => 'all', - :state => ['RELATED', 'ESTABLISHED'], - :action => 'accept', - ) - is_expected.to contain_firewall('001 accept all icmp').with( - :proto => 'icmp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('002 accept all to lo interface').with( - :proto => 'all', - :iniface => 'lo', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('003 accept ssh').with( - :port => '22', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - - it 'configure basic post firewall rules' do - is_expected.to contain_firewall('999 drop all').with( - :proto => 'all', - :action => 'drop', - :source => '0.0.0.0/0', - ) - end - end - - context 'with custom firewall rules' do - before :each do - params.merge!( - :manage_firewall => true, - :firewall_rules => { - '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, - '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'} - } - ) - end - it 'configure custom firewall rules' do - is_expected.to contain_firewall('300 add custom application 1').with( - :port => '999', - :proto => 'udp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('301 add custom application 2').with( - :port => '8081', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :cron_service_name => 'cron'} - end - - it_configures 'cloud node' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'redhat1' } - end - - let :platform_params do - { :cron_service_name => 'crond'} - end - - let :params do - { :rhn_registration => { "username" => "rhn", "password" => "pass" } } - end - - it_configures 'cloud node' - - xit { is_expected.to contain_rhn_register('rhn-redhat1') } - - context 'with SELinux set to enforcing' do - let :params do - { :selinux_mode => 'enforcing', - :selinux_modules => ['module1', 'module2'], - :selinux_booleans => ['foo', 'bar'], - :selinux_directory => '/path/to/modules'} - end - - it 'set SELINUX=enforcing' do - is_expected.to contain_class('cloud::selinux').with( - :mode => params[:selinux_mode], - :booleans => params[:selinux_booleans], - :modules => params[:selinux_modules], - :directory => params[:selinux_directory], - :stage => 'setup', - ) - end - end - - end - - context 'on other platforms' do - let :facts do - { :osfamily => 'Solaris' } - end - - it { is_expected.to compile.and_raise_error(/module puppet-openstack-cloud only support/) } - - end -end diff --git a/spec/classes/cloud_install_puppetdb_config_spec.rb b/spec/classes/cloud_install_puppetdb_config_spec.rb deleted file mode 100644 index 3b4b6455..00000000 --- a/spec/classes/cloud_install_puppetdb_config_spec.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'spec_helper' - -describe 'cloud::install::puppetdb::config' do - - shared_examples_for 'puppetdb' do - - it 'configure puppetdb' do - is_expected.to contain_class('puppetdb::master::config') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'puppetdb' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'puppetdb' - end -end diff --git a/spec/classes/cloud_install_puppetdb_server_spec.rb b/spec/classes/cloud_install_puppetdb_server_spec.rb deleted file mode 100644 index 899c84b7..00000000 --- a/spec/classes/cloud_install_puppetdb_server_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper' - -describe 'cloud::install::puppetdb::server' do - - shared_examples_for 'puppetdb' do - - it 'install puppetdb' do - is_expected.to contain_class('puppetdb') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '7.4'} - end - - it_configures 'puppetdb' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7.0'} - end - - it_configures 'puppetdb' - end -end diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb deleted file mode 100644 index 488fa3c1..00000000 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ /dev/null @@ -1,662 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::loadbalancer class -# - -require 'spec_helper' - -describe 'cloud::loadbalancer' do - - shared_examples_for 'openstack loadbalancer' do - - let :params do - { :ceilometer_api => true, - :cinder_api => true, - :glance_api => true, - :neutron_api => true, - :heat_api => true, - :heat_cfn_api => true, - :heat_cloudwatch_api => true, - :nova_api => true, - :ec2_api => true, - :metadata_api => true, - :swift_api => true, - :keystone_api_admin => true, - :keystone_api => true, - :trove_api => true, - :horizon => true, - :spice => false, - :novnc => true, - :ceilometer_bind_options => [], - :cinder_bind_options => [], - :ec2_bind_options => [], - :glance_api_bind_options => [], - :glance_registry_bind_options => [], - :heat_cfn_bind_options => [], - :heat_cloudwatch_bind_options => [], - :heat_api_bind_options => [], - :keystone_bind_options => [], - :keystone_admin_bind_options => [], - :metadata_bind_options => [], - :neutron_bind_options => [], - :trove_bind_options => [], - :swift_bind_options => [], - :spice_bind_options => [], - :horizon_bind_options => [], - :galera_bind_options => [], - :haproxy_auth => 'root:secrete', - :keepalived_state => 'BACKUP', - :keepalived_priority => 50, - :keepalived_vrrp_interface => false, - :keepalived_public_interface => 'eth0', - :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], - :keepalived_public_id => '1', - :keepalived_internal_ipvs => false, - :keepalived_internal_id => '2', - :keepalived_auth_type => 'PASS', - :keepalived_auth_pass => 'secret', - :horizon_port => '80', - :spice_port => '6082', - :vip_public_ip => '10.0.0.1', - :galera_ip => '10.0.0.2', - :galera_slave => false, - :galera_connections => '4096', - :horizon_ssl => false, - :horizon_ssl_port => false, - :ks_ceilometer_public_port => '8777', - :ks_nova_public_port => '8774', - :ks_ec2_public_port => '8773', - :ks_metadata_public_port => '8777', - :ks_glance_api_public_port => '9292', - :ks_glance_registry_internal_port => '9191', - :ks_swift_public_port => '8080', - :ks_keystone_public_port => '5000', - :ks_keystone_admin_port => '35357', - :ks_cinder_public_port => '8776', - :ks_neutron_public_port => '9696', - :ks_trove_public_port => '8779', - :ks_heat_public_port => '8004', - :ks_heat_cfn_public_port => '8000', - :ks_heat_cloudwatch_public_port => '8003' } - end - - it 'configure haproxy server' do - is_expected.to contain_class('haproxy') - end # configure haproxy server - - it 'configure keepalived server' do - is_expected.to contain_class('keepalived') - end # configure keepalived server - - it 'configure sysctl to allow HAproxy to bind to a non-local IP address' do - is_expected.to contain_sysctl__value('net.ipv4.ip_nonlocal_bind').with({ - :value => 1, - }) - end - - it 'do not configure an internal VRRP instance by default' do - is_expected.not_to contain_keepalived__instance('2') - end - - context 'with 4 processors' do - before :each do - facts.merge!( - :processorcount => '4', - :ipaddress => '10.10.0.1' - ) - end - it 'configure haproxy server' do - is_expected.to contain_class('haproxy').with( - :service_manage => true, - :global_options => { - 'log' => '10.10.0.1 local0', - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats', - 'nbproc' => '4' - } - ) - end - end # configure haproxy server - - context 'configure an internal VIP with the same VIP as public network' do - before do - params.merge!(:keepalived_internal_ipvs => ['10.0.0.1', '10.0.0.2']) - end - it 'shoult not configure an internal VRRP instance' do - is_expected.not_to contain_keepalived__instance('2') - end - end - - context 'configure an internal VIP' do - before do - params.merge!(:keepalived_internal_ipvs => ['192.168.0.1']) - end - it 'configure an internal VRRP instance' do - is_expected.to contain_keepalived__instance('2').with({ - 'interface' => 'eth1', - 'virtual_ips' => ['192.168.0.1 dev eth1'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end - end - - context 'configure keepalived vrrp on dedicated interface' do - before do - params.merge!(:keepalived_vrrp_interface => 'eth2') - end - it 'configure keepalived with a dedicated interface for vrrp' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => 'eth2', - }) - end - end - - context 'configure keepalived with proper haproxy track script' do - it 'configure keepalived with a proper haproxy track script' do - is_expected.to contain_keepalived__vrrp_script('haproxy').with({ - 'name_is_process' => platform_params[:keepalived_name_is_process], - 'script' => platform_params[:keepalived_vrrp_script], - }) - end - end - - context 'when keepalived and HAproxy are in backup' do - it 'configure vrrp_instance with BACKUP state' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], - 'track_script' => ['haproxy'], - 'state' => params[:keepalived_state], - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end # configure vrrp_instance with BACKUP state - it 'configure haproxy server without service managed' do - is_expected.to contain_class('haproxy').with(:service_manage => true) - end # configure haproxy server - end # configure keepalived in backup - - context 'configure keepalived in master' do - before do - params.merge!( :keepalived_state => 'MASTER' ) - end - it 'configure vrrp_instance with MASTER state' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'track_script' => ['haproxy'], - 'state' => 'MASTER', - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end - it 'configure haproxy server with service managed' do - is_expected.to contain_class('haproxy').with(:service_manage => true) - end # configure haproxy server - end # configure keepalived in master - - context 'configure logrotate rule' do - it { is_expected.to contain_logrotate__rule('haproxy').with( - :path => '/var/log/haproxy.log', - :rotate => 7, - :rotate_every => 'day', - :missingok => true, - :ifempty => false, - :delaycompress => true, - :compress => true - )} - end # configure logrotate rule - - context 'configure monitor haproxy listen' do - it { is_expected.to contain_haproxy__listen('monitor').with( - :ipaddress => params[:vip_public_ip], - :ports => '10300' - )} - end # configure monitor haproxy listen - - context 'configure monitor haproxy listen with another vip' do - before do - params.merge!( :vip_monitor_ip => ['192.168.0.1'] ) - end - it { is_expected.to contain_haproxy__listen('monitor').with( - :ipaddress => ['192.168.0.1'], - :ports => '10300' - )} - end # configure monitor haproxy listen - - context 'configure galera haproxy listen' do - it { is_expected.to contain_haproxy__listen('galera_cluster').with( - :ipaddress => params[:galera_ip], - :ports => '3306', - :options => { - 'maxconn' => params[:galera_connections], - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '90m', - 'timeout server' => '90m' - } - )} - end # configure monitor haproxy listen - - context 'not configure galera slave haproxy listen' do - it { is_expected.not_to contain_haproxy__listen('galera_readonly_cluster') } - end # configure monitor haproxy listen - - context 'configure galera slave haproxy listen' do - before do - params.merge!( :galera_slave => true ) - end - it { is_expected.to contain_haproxy__listen('galera_readonly_cluster').with( - :ipaddress => params[:galera_ip], - :ports => '3307', - :options => { - 'maxconn' => params[:galera_connections], - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '90m', - 'timeout server' => '90m' - } - )} - end # configure monitor haproxy listen - - context 'configure OpenStack Nova with novnc' do - it { is_expected.to contain_haproxy__listen('novnc_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '6080', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - } - )} - end - - context 'configure OpenStack binding on public network only' do - before do - params.merge!( - :spice => true, - :novnc => false, - :novnc_port => 6082 ) - end - it { is_expected.to contain_haproxy__listen('spice_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '6082', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - } - )} - end - - context 'configure OpenStack binding on both public and internal networks' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => '172.16.0.1', - :vip_internal_ip => '192.168.0.1', - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'], - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => ['172.16.0.1', '192.168.0.1'], - :ports => '8774' - )} - end - - context 'configure OpenStack binding on IPv4 and IPv6 public ip' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], - :vip_internal_ip => '192.168.0.1', - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334', '192.168.0.1'], - :ports => '8774' - )} - end - - context 'disable an OpenStack service binding' do - before do - params.merge!(:metadata_api => false) - end - it { is_expected.not_to contain_haproxy__listen('metadata_api_cluster') } - end - - context 'should fail to configure OpenStack binding when vip_public_ip and vip_internal_ip are missing' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => false, - :vip_internal_ip => false, - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_public_ip and vip_internal_ip are both set to false, no binding is possible./ - end - - context 'should fail to configure OpenStack binding when given VIP is not in the VIP pool list' do - before do - params.merge!( - :nova_api => '10.0.0.1', - :galera_ip => '172.16.0.1', - :vip_public_ip => '172.16.0.1', - :vip_internal_ip => false, - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'] - ) - end - it_raises 'a Puppet::Error', /10.0.0.1 is not part of VIP pools./ - end - - context 'with a public OpenStack VIP not in the keepalived VIP list' do - before do - params.merge!( - :vip_public_ip => '172.16.0.1', - :keepalived_public_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_public_ip should be part of keepalived_public_ipvs./ - end - - context 'with an internal OpenStack VIP not in the keepalived VIP list' do - before do - params.merge!( - :vip_internal_ip => '172.16.0.1', - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_internal_ip should be part of keepalived_internal_ipvs./ - end - - context 'with a Galera VIP not in the keepalived VIP list' do - before do - params.merge!( - :galera_ip => '172.16.0.1', - :vip_public_ip => '192.168.0.1', - :keepalived_public_ipvs => ['192.168.0.1', '192.168.0.2'], - :keepalived_internal_ipvs => ['192.168.1.1', '192.168.1.2'] - ) - end - it_raises 'a Puppet::Error', /galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs./ - end - - context 'configure OpenStack binding with HTTPS and SSL offloading' do - before do - params.merge!( - :nova_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8774', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - }, - :bind_options => ['ssl', 'crt'] - )} - end - - context 'configure OpenStack binding with HTTP options' do - before do - params.merge!( - :cinder_bind_options => 'something not secure', - ) - end - it { is_expected.to contain_haproxy__listen('cinder_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8776', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - }, - :bind_options => ['something not secure'] - )} - end - - context 'configure OpenStack Horizon' do - it { is_expected.to contain_haproxy__listen('horizon_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '80', - :options => { - 'mode' => 'http', - 'http-check' => 'expect ! rstatus ^5', - 'option' => ["tcpka", "forwardfor", "tcplog", "httpchk GET /#{platform_params[:auth_url]} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - } - )} - end - - context 'configure OpenStack Horizon with SSL termination on HAProxy' do - before do - params.merge!( - :horizon_port => '443', - :horizon_ssl => false, - :horizon_ssl_port => false, - :horizon_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('horizon_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '443', - :options => { - 'mode' => 'http', - 'http-check' => 'expect ! rstatus ^5', - 'option' => ["tcpka", "forwardfor", "tcplog", "httpchk GET /#{platform_params[:auth_url]} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' - }, - :bind_options => ['ssl', 'crt'] - )} - end - - context 'configure OpenStack Horizon SSL with termination on the webserver' do - before do - params.merge!( - :horizon_ssl => true, - :horizon_ssl_port => '443' - ) - end - it { is_expected.to contain_haproxy__listen('horizon_ssl_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '443', - :options => { - 'mode' => 'tcp', - 'option' => ["tcpka", "forwardfor", "tcplog", "ssl-hello-chk"], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - } - )} - end - - context 'configure OpenStack Heat API SSL binding' do - before do - params.merge!( - :heat_api_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('heat_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8004', - :options => { - 'mode' => 'http', - 'balance' => 'source', - 'option' => ['tcpka', 'forwardfor', 'tcplog', 'httpchk'], - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'timeout server' => '90m', - 'timeout client' => '90m', - 'http-check' => 'expect ! rstatus ^5', - }, - :bind_options => ['ssl', 'crt'] - )} - end - context 'configure RabbitMQ binding' do - before do - params.merge!( :rabbitmq => true ) - end - it { is_expected.to contain_haproxy__listen('rabbitmq_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '5672', - :options => { - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m', - } - )} - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure haproxy firewall rules' do - # test the firewall rule in cloud::loadbalancer::binding - is_expected.to contain_firewall('100 allow horizon_cluster binding access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - ) - # test the firewall rules in cloud::loadbalancer - is_expected.to contain_firewall('100 allow galera binding access').with( - :port => '3306', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow haproxy monitor access').with( - :port => '10300', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow keepalived access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure haproxy firewall rules with custom parameter' do - # test the firewall rule in cloud::loadbalancer::binding - is_expected.to contain_firewall('100 allow horizon_cluster binding access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - # test the firewall rules in cloud::loadbalancer - is_expected.to contain_firewall('100 allow galera binding access').with( - :port => '3306', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow haproxy monitor access').with( - :port => '10300', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow keepalived access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end # shared:: openstack loadbalancer - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'myhost' } - end - - let :platform_params do - { :auth_url => 'horizon', - :start_haproxy_service => '"/etc/init.d/haproxy start"', - :stop_haproxy_service => '"/etc/init.d/haproxy stop"', - :keepalived_name_is_process => 'true', - :keepalived_vrrp_script => nil, - } - end - - it_configures 'openstack loadbalancer' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'myhost' } - end - - let :platform_params do - { :auth_url => 'dashboard', - :start_haproxy_service => '"/usr/bin/systemctl start haproxy"', - :keepalived_name_is_process => 'false', - :keepalived_vrrp_script => 'systemctl status haproxy.service', - } - end - - it_configures 'openstack loadbalancer' - end - -end diff --git a/spec/classes/cloud_logging_agent.rb b/spec/classes/cloud_logging_agent.rb deleted file mode 100644 index fe2c93b6..00000000 --- a/spec/classes/cloud_logging_agent.rb +++ /dev/null @@ -1,147 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::logging::agent class -# - -require 'spec_helper' - -describe 'cloud::logging::agent' do - - shared_examples_for 'openstack logging agent' do - - let :pre_condition do - "class { 'cloud::logging': } - include ::fluentd" - end - - let :common_params do { - :plugins => {}, - :matches => {}, - :sources => { - 'apache' => {'type' => 'tail', 'configfile' => 'apache'}, - 'syslog' => {'type' => 'tail', 'configfile' => 'syslog'} - }, - :logrotate_rule => { - 'td-agent' => { - 'path' => '/var/log/td-agent/td-agent.log', - 'rotate' => '30', - 'compress' => 'true', - } - }, - } - end - - - context 'rsyslog is enabled' do - let :params do - common_params.merge( {:syslog_enable => 'true' } ) - end - - it 'include cloud::loging' do - it is_expected.to contain_class('cloud::logging') - end - - it 'include rsyslog::client' do - it is_expected.to contain_class('rsyglog::client') - end - - it 'create /var/db/td-agent' do - it is_expected.to contain_file('/var/db/td-agent').with({ - :ensure => 'directory', - :owner => 'td-agent', - :group => 'td-agent', - }) - end - - end - - context 'rsyslog is disabled' do - let :params do - common_params.merge( {:syslog_enable => 'false' } ) - end - - it 'include cloud::loging' do - it is_expected.to contain_class('cloud::logging') - end - - it 'include rsyslog::client' do - it is_expected.not_to contain_class('rsyglog::client') - end - - it 'create /var/db/td-agent' do - it is_expected.to contain_file('/var/db/td-agent').with({ - :ensure => 'directory', - :owner => 'td-agent', - :group => 'td-agent', - }) - end - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/var/log/td-agent/td-agent.log', - :rotate => '30', - :compress => 'true', - }) - end - - end - - context 'logrotate rule with default parameters' do - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/var/log/td-agent/td-agent.log', - :rotate => '30', - :compress => 'true', - }) - end - - end - - context 'logrotate rule with custom parameters' do - let :params do - common_params.merge!( {:logrotate_rule => { 'td-agent' => { 'path' => '/foo/bar', 'rotate' => '5', 'compress' => 'false'} }} ) - end - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/foo/bar', - :rotate => '5', - :compress => 'false', - }) - end - - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack logging agent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack logging agent' - end - -end diff --git a/spec/classes/cloud_logging_server_spec.rb b/spec/classes/cloud_logging_server_spec.rb deleted file mode 100644 index f66e7036..00000000 --- a/spec/classes/cloud_logging_server_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::logging::server class -# - -require 'spec_helper' - -describe 'cloud::logging::server' do - - shared_examples_for 'openstack logging server' do - - let :params do - { :firewall_settings => {} } - end - - it 'configure kibana' do - is_expected.to contain_class('kibana3') - end - - it 'configure the logging agent' do - is_expected.to contain_class('cloud::logging::agent') - end - - it 'configure elasticsearch' do - is_expected.to contain_class('cloud::database::nosql::elasticsearch') - end - - it 'configure an elasticsearch instance' do - is_expected.to contain_elasticsearch__instance('fluentd').with( - :config => { 'http' => { 'cors.enabled' => true } } - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure kibana firewall rules' do - is_expected.to contain_firewall('100 allow kibana access').with( - :port => '8300', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure kibana firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow kibana access').with( - :port => '8300', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '7' - } - end - - it_configures 'openstack logging server' - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7' - } - end - - it_configures 'openstack logging server' - end - -end diff --git a/spec/classes/cloud_messaging_spec.rb b/spec/classes/cloud_messaging_spec.rb deleted file mode 100644 index 42b58572..00000000 --- a/spec/classes/cloud_messaging_spec.rb +++ /dev/null @@ -1,173 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::messaging class -# - -require 'spec_helper' - -describe 'cloud::messaging' do - - shared_examples_for 'openstack messaging' do - - let :params do - { - :cluster_node_type => 'disc', - :rabbit_names => ['foo','boo','zoo'], - :rabbit_password => 'secrete', - :erlang_cookie => 'MY_COOKIE', - :rabbitmq_ip => '10.0.0.1', - :haproxy_binding => false, - } - end - - it 'configure rabbitmq-server with default values' do - is_expected.to contain_class('rabbitmq').with( - :delete_guest_user => true, - :config_cluster => true, - :cluster_nodes => params[:rabbit_names], - :wipe_db_on_cookie_change => true, - :cluster_node_type => params[:cluster_node_type], - :node_ip_address => params[:rabbitmq_ip], - :erlang_cookie => params[:erlang_cookie], - :port => '5672', - :package_provider => platform_params[:package_provider], - ) - end - - context 'with RAM mode' do - before :each do - params.merge!( :cluster_node_type => 'ram') - end - - it 'configure rabbitmq-server in RAM mode' do - is_expected.to contain_class('rabbitmq').with( :cluster_node_type => 'ram' ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure rabbitmq firewall rules' do - is_expected.to contain_firewall('100 allow rabbitmq access').with( - :port => '5672', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow rabbitmq management access').with( - :port => '55672', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure rabbitmq firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow rabbitmq management access').with( - :port => '55672', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - context 'with HAproxy binding and HA policy to exactly' do - before :each do - params.merge!( - :haproxy_binding => true, - :cluster_count => 3, - ) - end - - it 'configure ha-exactly rabbitmq_policy' do - is_expected.to contain_rabbitmq_policy('ha-exactly-3@/').with( - :pattern => '^(?!amq\.).*', - :definition => { - 'ha-mode' => 'exactly', - 'ha-params' => 3, - }, - ) - end - end - - context 'with HAproxy binding and HA policy to all' do - before :each do - params.merge!( - :haproxy_binding => true, - ) - end - - it 'configure ha-exactly rabbitmq_policy' do - is_expected.to contain_rabbitmq_policy('ha-all@/').with( - :pattern => '^(?!amq\.).*', - :definition => { - 'ha-mode' => 'all', - }, - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :package_provider => 'apt' } - end - - it_configures 'openstack messaging' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - - let :platform_params do - { :package_provider => 'yum' } - end - - let :params do - { :erlang_cookie => 'MY_COOKIE' } - end - - it_configures 'openstack messaging' - - it 'should create rabbitmq binaries symbolic links' do - is_expected.to contain_file('/usr/sbin/rabbitmq-plugins').with( - :ensure => 'link', - :target => '/usr/lib/rabbitmq/bin/rabbitmq-plugins' - ) - is_expected.to contain_file('/usr/sbin/rabbitmq-env').with( - :ensure => 'link', - :target => '/usr/lib/rabbitmq/bin/rabbitmq-env' - ) - end - end - -end diff --git a/spec/classes/cloud_monitoring_agent_sensu_spec.rb b/spec/classes/cloud_monitoring_agent_sensu_spec.rb deleted file mode 100644 index e36b144a..00000000 --- a/spec/classes/cloud_monitoring_agent_sensu_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::monitoring::agent::sensu class -# - -require 'spec_helper' - -describe 'cloud::monitoring::agent::sensu' do - - shared_examples_for 'openstack sensu monitoring agent' do - - it 'include ::sensu' do - is_expected.to contain_class('sensu') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack sensu monitoring agent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack sensu monitoring agent' - end - -end diff --git a/spec/classes/cloud_monitoring_server_sensu_spec.rb b/spec/classes/cloud_monitoring_server_sensu_spec.rb deleted file mode 100644 index 4d16c89a..00000000 --- a/spec/classes/cloud_monitoring_server_sensu_spec.rb +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::monitoring::server::sensu class -# - -require 'spec_helper' - -describe 'cloud::monitoring::server::sensu' do - - shared_examples_for 'openstack sensu monitoring server' do - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack sensu monitoring server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack sensu monitoring server' - end - -end diff --git a/spec/classes/cloud_network_contrail_analytics_spec.rb b/spec/classes/cloud_network_contrail_analytics_spec.rb deleted file mode 100644 index ec177223..00000000 --- a/spec/classes/cloud_network_contrail_analytics_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::analytics -# - -require 'spec_helper' - -describe 'cloud::network::contrail::analytics' do - - shared_examples_for 'contrail-analytics server' do - - let :params do - { } - end - - it 'configure contrail-analytics' do - is_expected.to contain_class('contrail::analytics') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-analytics firewall rules' do - is_expected.to contain_firewall('100 allow contrail analytics access').with( - :port => ['8081', '8086'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-analytics firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail analytics access').with( - :port => ['8081', '8086'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-analytics server' - end - -end diff --git a/spec/classes/cloud_network_contrail_config_spec.rb b/spec/classes/cloud_network_contrail_config_spec.rb deleted file mode 100644 index 05e57b15..00000000 --- a/spec/classes/cloud_network_contrail_config_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::config -# - -require 'spec_helper' - -describe 'cloud::network::contrail::config' do - - shared_examples_for 'contrail-config server' do - - let :params do - { } - end - - it 'configure contrail-config' do - is_expected.to contain_class('contrail::config') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-config firewall rules' do - is_expected.to contain_firewall('100 allow contrail config access').with( - :port => ['8443', '8087', '8088', '9110', '9100'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-config firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail config access').with( - :port => ['8443', '8087', '8088', '9110', '9100'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-config server' - end - -end diff --git a/spec/classes/cloud_network_contrail_database_spec.rb b/spec/classes/cloud_network_contrail_database_spec.rb deleted file mode 100644 index 22914815..00000000 --- a/spec/classes/cloud_network_contrail_database_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::database -# - -require 'spec_helper' - -describe 'cloud::network::contrail::database' do - - shared_examples_for 'contrail-database server' do - - let :params do - { } - end - - it 'configure contrail-database' do - is_expected.to contain_class('contrail::database') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-database firewall rules' do - is_expected.to contain_firewall('100 allow contrail database access').with( - :port => '9042', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-database firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail database access').with( - :port => '9042', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-database server' - end - -end diff --git a/spec/classes/cloud_network_contrail_haproxy_spec.rb b/spec/classes/cloud_network_contrail_haproxy_spec.rb deleted file mode 100644 index 55a41c4d..00000000 --- a/spec/classes/cloud_network_contrail_haproxy_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::haproxy -# - -require 'spec_helper' - -describe 'cloud::network::contrail::haproxy' do - - shared_examples_for 'contrail-haproxy stanzas' do - - let :params do - { } - end - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_analytics_api').with( - :port => '8081' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_api').with( - :port => '8082' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_discovery').with( - :port => '5998' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_http').with( - :port => '8079' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_https').with( - :port => '8143' - )} - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-haproxy stanzas' - end - -end diff --git a/spec/classes/cloud_network_contrail_rabbitmq_spec.rb b/spec/classes/cloud_network_contrail_rabbitmq_spec.rb deleted file mode 100644 index 15c55f25..00000000 --- a/spec/classes/cloud_network_contrail_rabbitmq_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::rabbitmq -# - -require 'spec_helper' - -describe 'cloud::network::contrail::rabbitmq' do - - shared_examples_for 'contrail-rabbitmq settings' do - - let :params do - { } - end - - - it 'configure the contrail rabbitmq-user' do - is_expected.to contain_rabbitmq_user('contrail').with( - :admin => 'true', - :password => 'contrailpassword', - :provider => 'rabbitmqctl', - ) - end - - it 'configure the contrail rabbitmq-user-permissions' do - is_expected.to contain_rabbitmq_user_permissions('contrail@/').with( - :configure_permission => '.*', - :write_permission => '.*', - :read_permission => '.*', - :provider => 'rabbitmqctl', - ) - end - - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-rabbitmq settings' - end - -end diff --git a/spec/classes/cloud_network_contrail_vrouter_spec.rb b/spec/classes/cloud_network_contrail_vrouter_spec.rb deleted file mode 100644 index ef265168..00000000 --- a/spec/classes/cloud_network_contrail_vrouter_spec.rb +++ /dev/null @@ -1,50 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::vrouter -# - -require 'spec_helper' - -describe 'cloud::network::contrail::vrouter' do - - shared_examples_for 'contrail-vrouter server' do - - let :params do - { } - end - - it 'configure contrail-vrouter' do - is_expected.to contain_class('contrail::vrouter') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-vrouter server' - end - -end diff --git a/spec/classes/cloud_network_contrail_webui_spec.rb b/spec/classes/cloud_network_contrail_webui_spec.rb deleted file mode 100644 index 48045c5e..00000000 --- a/spec/classes/cloud_network_contrail_webui_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::webui -# - -require 'spec_helper' - -describe 'cloud::network::contrail::webui' do - - shared_examples_for 'contrail-webui server' do - - let :params do - { } - end - - it 'configure contrail-webui' do - is_expected.to contain_class('contrail::webui') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-webui firewall rules' do - is_expected.to contain_firewall('100 allow contrail webui access').with( - :port => ['8080', '8143'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-webui firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail webui access').with( - :port => ['8080', '8143'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-webui server' - end - -end diff --git a/spec/classes/cloud_network_controller_spec.rb b/spec/classes/cloud_network_controller_spec.rb deleted file mode 100644 index a976079d..00000000 --- a/spec/classes/cloud_network_controller_spec.rb +++ /dev/null @@ -1,250 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::controller class -# -require 'spec_helper' - -describe 'cloud::network::controller' do - - shared_examples_for 'openstack network controller' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :neutron_db_host => '10.0.0.1', - :neutron_db_user => 'neutron', - :neutron_db_password => 'secrete', - :ks_neutron_password => 'secrete', - :ks_keystone_admin_host => '10.0.0.1', - :ks_keystone_admin_proto => 'https', - :ks_keystone_public_port => '5000', - :nova_url => 'http://127.0.0.1:8774/v2', - :nova_admin_auth_url => 'http://127.0.0.1:5000/v2.0', - :nova_admin_username => 'nova', - :nova_admin_tenant_name => 'services', - :nova_admin_password => 'novapassword', - :nova_region_name => 'RegionOne', - :manage_ext_network => false, - :api_eth => '10.0.0.1' } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - is_expected.to contain_class('neutron::plugins::ml2').with( - :type_drivers => ['gre', 'vlan', 'flat'], - :tenant_network_types => ['gre'], - :mechanism_drivers => ['linuxbridge','openvswitch','l2population'], - :tunnel_id_ranges => ['1:10000'], - :vni_ranges => ['1:10000'], - :network_vlan_ranges => ['physnet1:1000:2999'], - :flat_networks => ['public'], - :enable_security_group => true - ) - end - - it 'configure neutron server' do - is_expected.to contain_class('neutron::server').with( - :auth_password => 'secrete', - :auth_host => '10.0.0.1', - :auth_port => '5000', - :auth_protocol => 'https', - :database_connection => 'mysql://neutron:secrete@10.0.0.1/neutron?charset=utf8', - :database_idle_timeout => '5000', - :api_workers => '2', - :agent_down_time => '60' - ) - end - - it 'configure neutron server notifications to nova' do - is_expected.to contain_class('neutron::server::notifications').with( - :nova_url => 'http://127.0.0.1:8774/v2', - :nova_admin_auth_url => 'http://127.0.0.1:5000/v2.0', - :nova_admin_username => 'nova', - :nova_admin_tenant_name => 'services', - :nova_admin_password => 'novapassword', - :nova_region_name => 'RegionOne' - ) - end - it 'checks if Neutron DB is populated' do - is_expected.to contain_exec('neutron_db_sync').with( - :command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - :path => '/usr/bin', - :user => 'neutron', - :unless => '/usr/bin/mysql neutron -h 10.0.0.1 -u neutron -psecrete -e "show tables" | /bin/grep Tables', - :require => 'Neutron_config[DEFAULT/service_plugins]', - :notify => 'Service[neutron-server]' - ) - end - - it 'should not configure provider external network' do - is_expected.not_to contain__neutron_network('public') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure neutron-server firewall rules' do - is_expected.to contain_firewall('100 allow neutron-server access').with( - :port => '9696', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure neutrons-server firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow neutron-server access').with( - :port => '9696', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - context 'with custom ml2 parameters' do - before :each do - params.merge!( - :tenant_network_types => ['vxlan'], - :type_drivers => ['gre', 'vlan', 'flat', 'vxlan'], - :tunnel_id_ranges => ['100:300'], - :vni_ranges => ['42:51','53:69'], - ) - end - it 'contains correct parameters' do - is_expected.to contain_class('neutron::plugins::ml2').with( - :type_drivers => ['gre', 'vlan', 'flat', 'vxlan'], - :tenant_network_types => ['vxlan'], - :mechanism_drivers => ['linuxbridge', 'openvswitch','l2population'], - :tunnel_id_ranges => ['100:300'], - :vni_ranges => ['42:51','53:69'], - :network_vlan_ranges => ['physnet1:1000:2999'], - :flat_networks => ['public'], - :enable_security_group => true - ) - end - end - - context 'with L3 HA' do - before :each do - params.merge!(:l3_ha => true, - :mechanism_drivers => ['openvswitch']) - end - it 'should configure L3 HA' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => true - ) - end - end - - context 'without L3 HA' do - it 'should not configure L3 HA' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => false - ) - end - end - - context 'with DVR' do - before :each do - params.merge!(:router_distributed => true) - end - it 'should enable distributed routing' do - is_expected.to contain_class('neutron::server').with( - :router_distributed => true - ) - end - end - - context 'without DVR' do - it 'should not enable distributed routing' do - is_expected.to contain_class('neutron::server').with( - :router_distributed => false - ) - end - end - - context 'with L3 HA and DVR' do - before :each do - params.merge!(:router_distributed => true, - :l3_ha => true) - end - it_raises 'a Puppet::Error', /l3_ha and router_distributed are mutually exclusive, only one of them can be set to true/ - end - - context 'with L3 HA and l2population enabled' do - before :each do - params.merge!(:l3_ha => true, - :mechanism_drivers => ['openvswitch', 'l2population']) - end - it_raises 'a Puppet::Error', /l3_ha does not work with l2population mechanism driver in Juno./ - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '2' } - end - - it_configures 'openstack network controller' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '2' } - end - - it_configures 'openstack network controller' - end - -end diff --git a/spec/classes/cloud_network_dhcp_spec.rb b/spec/classes/cloud_network_dhcp_spec.rb deleted file mode 100644 index 9f0cfe98..00000000 --- a/spec/classes/cloud_network_dhcp_spec.rb +++ /dev/null @@ -1,188 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::dhcp class -# -require 'spec_helper' - -describe 'cloud::network::dhcp' do - - shared_examples_for 'openstack network dhcp' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :veth_mtu => '1400', - :debug => true } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron dhcp' do - is_expected.to contain_class('neutron::agents::dhcp').with( - :debug => true, - :dnsmasq_config_file => '/etc/neutron/dnsmasq-neutron.conf', - :enable_isolated_metadata => true - ) - - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_ensure('absent') - - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with( - :mode => '0755', - :owner => 'root', - :group => 'root' - ) - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with_content(/^dhcp-option-force=26,1400$/) - end - end - - shared_examples_for 'openstack network dhcp with custom nameserver' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :veth_mtu => '1400', - :debug => true, - :dnsmasq_dns_servers => ['1.2.3.4'] } - end - - it 'configure neutron dhcp' do - is_expected.to contain_class('neutron::agents::dhcp').with( - :debug => true - ) - - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_config_file').with_value('/etc/neutron/dnsmasq-neutron.conf') - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/enable_isolated_metadata').with_value(true) - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_value('1.2.3.4') - - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with( - :mode => '0755', - :owner => 'root', - :group => 'root' - ) - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with_content(/^dhcp-option-force=26,1400$/) - - end - - context 'with more than one dns server' do - before { params.merge!(:dnsmasq_dns_servers => ['1.2.3.4','4.3.2.1','2.2.2.2']) } - it { is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_value('1.2.3.4,4.3.2.1,2.2.2.2') } - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure neutron-server firewall rules' do - is_expected.to contain_firewall('100 allow dhcp in access').with( - :port => '67', - :proto => 'udp', - :chain => 'INPUT', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow dhcp out access').with( - :port => '68', - :proto => 'udp', - :chain => 'OUTPUT', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure neutrons-server firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow dhcp in access').with( - :port => '67', - :proto => 'udp', - :chain => 'INPUT', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow dhcp out access').with( - :port => '68', - :proto => 'udp', - :chain => 'OUTPUT', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network dhcp' - it_configures 'openstack network dhcp with custom nameserver' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network dhcp' - it_configures 'openstack network dhcp with custom nameserver' - end - -end diff --git a/spec/classes/cloud_network_l3_spec.rb b/spec/classes/cloud_network_l3_spec.rb deleted file mode 100644 index 01480400..00000000 --- a/spec/classes/cloud_network_l3_spec.rb +++ /dev/null @@ -1,201 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::l3 class -# -require 'spec_helper' - -describe 'cloud::network::l3' do - - shared_examples_for 'openstack network l3' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :external_int => 'eth1', - :allow_automatic_l3agent_failover => false } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron l3' do - is_expected.to contain_class('neutron::agents::l3').with( - :debug => true, - :external_network_bridge => 'br-ex', - :allow_automatic_l3agent_failover => params[:allow_automatic_l3agent_failover] - ) - end - it 'configure br-ex bridge' do - is_expected.not_to contain__vs_bridge('br-ex') - end - - it 'configure neutron metering agent' do - is_expected.to contain_class('neutron::agents::metering').with( - :debug => true - ) - end - - context 'without TSO/GSO/GRO on Red Hat systems' do - before :each do - facts.merge!( :osfamily => 'RedHat') - end - - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/chkconfig disable-tso on', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'without TSO/GSO/GRO on Debian systems' do - before :each do - facts.merge!( :osfamily => 'Debian') - end - - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/update-rc.d disable-tso defaults', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'when not managing TSO/GSO/GRO' do - before :each do - params.merge!( :manage_tso => false) - end - it 'ensure TSO script is not enabled at boot' do - is_expected.not_to contain_exec('enable-tso-script') - end - it 'do not start TSO script' do - is_expected.not_to contain_exec('start-tso-script') - end - end - - context 'when configuring L3 HA' do - before :each do - params.merge!(:ha_enabled => true, - :ha_vrrp_auth_type => 'PASS', - :ha_vrrp_auth_password => 'test') - end - it 'should configure L3 HA' do - is_expected.to contain_class('neutron::agents::l3').with( - :ha_enabled => true, - :ha_vrrp_auth_type => 'PASS', - :ha_vrrp_auth_password => 'test' - ) - end - end - - context 'when not configuring L3 HA' do - it 'should not configure L3 HA' do - is_expected.to contain_class('neutron::agents::l3').with( - :ha_enabled => false, - ) - end - end - - context 'when enabling DVR' do - before :each do - params.merge!(:agent_mode => 'dvr') - end - it 'should enable DVR' do - is_expected.to contain_class('neutron::agents::l3').with( - :agent_mode => 'dvr', - ) - end - end - - context 'when not enabling DVR' do - it 'should not enable DVR' do - is_expected.to contain_class('neutron::agents::l3').with( - :agent_mode => 'legacy', - ) - end - end - - context 'with L3 HA and DVR' do - before :each do - params.merge!(:agent_mode => 'dvr', - :ha_enabled => true) - end - it_raises 'a Puppet::Error', /ha_enabled requires agent_mode to be set to legacy/ - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network l3' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network l3' - end - -end diff --git a/spec/classes/cloud_network_lbaas_spec.rb b/spec/classes/cloud_network_lbaas_spec.rb deleted file mode 100644 index 869a8cd8..00000000 --- a/spec/classes/cloud_network_lbaas_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::lbaas class -# -require 'spec_helper' - -describe 'cloud::network::lbaas' do - - shared_examples_for 'openstack network lbaas' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :manage_haproxy_pkg => true } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron lbaas' do - is_expected.to contain_class('neutron::agents::lbaas').with( - :debug => true, - :manage_haproxy_package => true - ) - end - - context 'when not managing HAproxy package' do - let :pre_condition do - "package {'haproxy': ensure => 'present'} - class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - before :each do - params.merge!(:manage_haproxy_pkg => false) - end - it 'configure neutron lbaas agent without managing haproxy package' do - is_expected.to contain_class('neutron::agents::lbaas').with(:manage_haproxy_package => false) - is_expected.to contain_package('haproxy').with(:ensure => 'present') - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network lbaas' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network lbaas' - end - -end diff --git a/spec/classes/cloud_network_metadata_spec.rb b/spec/classes/cloud_network_metadata_spec.rb deleted file mode 100644 index 0c9beeac..00000000 --- a/spec/classes/cloud_network_metadata_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::metadata class -# -require 'spec_helper' - -describe 'cloud::network::metadata' do - - shared_examples_for 'openstack network metadata' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :enabled => true, - :neutron_metadata_proxy_shared_secret => 'secrete', - :auth_region => 'MyRegion', - :ks_neutron_password => 'secrete', - :nova_metadata_server => '10.0.0.1', - :ks_keystone_admin_proto => 'http', - :ks_keystone_admin_port => '35357', - :ks_nova_internal_proto => 'https', - :ks_keystone_admin_host => '10.0.0.1' } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron metadata' do - is_expected.to contain_class('neutron::agents::metadata').with( - :debug => true, - :enabled => true, - :shared_secret => 'secrete', - :metadata_ip => '10.0.0.1', - :auth_url => 'http://10.0.0.1:35357/v2.0', - :auth_password => 'secrete', - :auth_region => 'MyRegion', - :metadata_workers => '8' - ) - is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_protocol').with(:value => 'https') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '8' } - end - - it_configures 'openstack network metadata' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '8' } - end - - it_configures 'openstack network metadata' - end - -end diff --git a/spec/classes/cloud_network_vpn_spec.rb b/spec/classes/cloud_network_vpn_spec.rb deleted file mode 100644 index c3076947..00000000 --- a/spec/classes/cloud_network_vpn_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::vpnaas class -# -require 'spec_helper' - -describe 'cloud::network::vpn' do - - shared_examples_for 'openstack network vpnaas' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron vpnaas' do - is_expected.to contain_class('neutron::agents::vpnaas') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network vpnaas' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network vpnaas' - end - -end diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb deleted file mode 100644 index 8d7b81bc..00000000 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ /dev/null @@ -1,209 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::vswitch class -# -require 'spec_helper' - -describe 'cloud::network::vswitch' do - - shared_examples_for 'openstack network vswitch' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { - :tunnel_eth => '10.0.1.1' - } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - context 'when running ML2 plugin with OVS driver' do - it 'configure neutron vswitch' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => true, - :tunnel_types => ['gre'], - :bridge_mappings => ['public:br-pub'], - :local_ip => '10.0.1.1', - :enable_distributed_routing => false - ) - end - end - - context 'when running ML2 plugin with OVS driver and distributed routing' do - before :each do - params.merge!(:enable_distributed_routing => true) - end - it 'configure neutron vswitch with distributed routing' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => true, - :tunnel_types => ['gre'], - :bridge_mappings => ['public:br-pub'], - :local_ip => '10.0.1.1', - :enable_distributed_routing => true - ) - end - end - - context 'when running ML2 plugin with OVS driver and without tunelling' do - before :each do - params.merge!(:enable_tunneling => false) - end - it 'configure neutron vswitch without tunneling' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => false, - ) - end - end - - context 'when running ML2 plugin with OVS driver and without l2 population' do - before :each do - params.merge!(:l2_population => false) - end - it 'configure neutron vswitch without l2 population' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :l2_population => false, - ) - end - end - - context 'when running Cisco N1KV plugin with VEM driver' do - before do - facts.merge!( :osfamily => 'RedHat' ) - params.merge!( - :driver => 'n1kv_vem', - :n1kv_vsm_ip => '10.0.1.1' - ) - end - it 'configure neutron n1kv agent' do - should contain_class('neutron::agents::n1kv_vem').with( - :n1kv_vsm_ip => '10.0.1.1', - :n1kv_vsm_domain_id => '1000', - :host_mgmt_intf => 'eth1', - :node_type => 'compute' - ) - end - it 'ensure cisco VEM package is present' do - should contain_package('nexus1000v').with( - :ensure => 'present' - ) - end - end - - context 'when using provider external network' do - before do - params.merge!( - :manage_ext_network => true, - ) - end - - it 'configure br-pub bridge' do - is_expected.to contain_vs_bridge('br-pub') - end - it 'configure eth1 in br-pub' do - is_expected.to contain_vs_port('eth1').with( - :ensure => 'present', - :bridge => 'br-pub' - ) - end - - end - - context 'with unsupported Neutron driver' do - before :each do - params.merge!(:driver => 'Something') - end - it_raises 'a Puppet::Error', /Something driver is not supported./ - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure gre firewall rules' do - is_expected.to contain_firewall('100 allow gre access').with( - :port => nil, - :proto => 'gre', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure gre firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow gre access').with( - :port => nil, - :proto => 'gre', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network vswitch' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network vswitch' - end - -end diff --git a/spec/classes/cloud_object_ringbuilder_spec.rb b/spec/classes/cloud_object_ringbuilder_spec.rb deleted file mode 100644 index 9356f73a..00000000 --- a/spec/classes/cloud_object_ringbuilder_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -require 'spec_helper' - -describe 'cloud::object::ringbuilder' do - - shared_examples_for 'openstack swift ringbuilder' do - - let :params do - { - :rsyncd_ipaddress => '127.0.0.1', - :replicas => 3, - :swift_rsync_max_connections => 5, - :enabled => true - } - end - - it 'create the three rings' do - is_expected.to contain_class('swift::ringbuilder').with({ - 'part_power' => '15', - 'replicas' => '3', - 'min_part_hours' => '24', - }) - end - - it 'create the ring rsync server' do - is_expected.to contain_class('swift::ringserver').with({ - 'local_net_ip' => '127.0.0.1', - 'max_connections' => '5', - }) - end - - context 'when ringbuilder is not enabled' do - before do - params.merge!( - :enabled => false - ) - end - it 'should not configure swift ring builder' do - is_expected.not_to contain_class('swift::ringbuilder') - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack swift ringbuilder' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack swift ringbuilder' - end - -end diff --git a/spec/classes/cloud_object_storage_spec.rb b/spec/classes/cloud_object_storage_spec.rb deleted file mode 100644 index f62605ac..00000000 --- a/spec/classes/cloud_object_storage_spec.rb +++ /dev/null @@ -1,184 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::object::storage class -# - -require 'spec_helper' - -describe 'cloud::object::storage' do - - shared_examples_for 'openstack storage configuration' do - let :params do - { :storage_eth => '127.0.0.1', - :swift_zone => 'undef', - :object_port => '6000', - :container_port => '6001', - :account_port => '6002', - :fstype => 'xfs', - :device_config_hash => {'sdc' => {}, 'sdd' => {}}, - :ring_container_device => 'sdb', - :ring_account_device => 'sdb' } - end - - it 'create and configure storage server' do - - is_expected.to contain_class('swift::storage').with({ - 'storage_local_net_ip' => '127.0.0.1', - }) - - is_expected.to contain_sysctl('net.ipv4.ip_local_port_range').with( - :val => "10000\t65000", - ) - - is_expected.to contain_swift__storage__server('6000').with({ - 'type' => 'object', - 'config_file_path' => 'object-server.conf', - 'log_facility' => 'LOG_LOCAL6', - 'pipeline' => ['healthcheck', 'recon', 'object-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - is_expected.to contain_swift__storage__server('6001').with({ - 'type' => 'container', - 'config_file_path' => 'container-server.conf', - 'log_facility' => 'LOG_LOCAL4', - 'pipeline' => ['healthcheck', 'container-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - is_expected.to contain_swift__storage__server('6002').with({ - 'type' => 'account', - 'config_file_path' => 'account-server.conf', - 'log_facility' => 'LOG_LOCAL2', - 'pipeline' => ['healthcheck', 'account-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - end - - it 'create and configure the hard drive' do - is_expected.to contain_swift__storage__xfs('sdc') - is_expected.to contain_swift__storage__xfs('sdd') - is_expected.to contain_cloud__object__set_io_scheduler('sdc') - is_expected.to contain_cloud__object__set_io_scheduler('sdd') - end - - ['account', 'container', 'object'].each do |swift_component| - it "configures #{swift_component} filter" do - is_expected.to contain_swift__storage__filter__recon(swift_component) - is_expected.to contain_swift__storage__filter__healthcheck(swift_component) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure swift-storage firewall rules' do - is_expected.to contain_firewall('100 allow swift-container access').with( - :port => '6001', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift-account access').with( - :port => '6002', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift-object access').with( - :port => '6000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure swift-storage firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow swift-container access').with( - :port => '6001', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift-account access').with( - :port => '6002', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift-object access').with( - :port => '6000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian' , - } - end - - it_configures 'openstack storage configuration' - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat' - } - end - it_configures 'openstack storage configuration' - end -end diff --git a/spec/classes/cloud_orchestration_api_spec.rb b/spec/classes/cloud_orchestration_api_spec.rb deleted file mode 100644 index a79b8962..00000000 --- a/spec/classes/cloud_orchestration_api_spec.rb +++ /dev/null @@ -1,174 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::orchestration::api class -# - -require 'spec_helper' - -describe 'cloud::orchestration::api' do - - shared_examples_for 'openstack orchestration api' do - - let :pre_condition do - "class { 'cloud::orchestration': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_keystone_admin_host => '10.0.0.1', - ks_keystone_admin_port => '5000', - ks_keystone_admin_proto => 'http', - ks_heat_public_host => '10.0.0.1', - ks_heat_public_proto => 'http', - ks_heat_password => 'secrete', - heat_db_host => '10.0.0.1', - heat_db_user => 'heat', - heat_db_password => 'secrete', - verbose => true, - log_facility => 'LOG_LOCAL0', - use_syslog => true, - debug => true }" - end - - let :params do - { :ks_heat_internal_port => '8004', - :ks_heat_cfn_internal_port => '8000', - :ks_heat_cloudwatch_internal_port => '8003', - :api_eth => '10.0.0.1' } - end - - it 'configure heat common' do - is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :database_idle_timeout => '5000', - :log_dir => false - ) - end - - it 'configure heat api' do - is_expected.to contain_class('heat::api').with( - :bind_host => '10.0.0.1', - :bind_port => '8004', - :workers => '8' - ) - is_expected.to contain_class('heat::api_cfn').with( - :bind_host => '10.0.0.1', - :bind_port => '8000', - :workers => '8' - ) - is_expected.to contain_class('heat::api_cloudwatch').with( - :bind_host => '10.0.0.1', - :bind_port => '8003', - :workers => '8' - ) - end - - it 'checks if Heat DB is populated' do - is_expected.to contain_exec('heat_db_sync').with( - :command => 'heat-manage --config-file /etc/heat/heat.conf db_sync', - :user => 'heat', - :path => '/usr/bin', - :unless => '/usr/bin/mysql heat -h 10.0.0.1 -u heat -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure heat api firewall rules' do - is_expected.to contain_firewall('100 allow heat-api access').with( - :port => '8004', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow heat-cfn access').with( - :port => '8000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow heat-cloudwatch access').with( - :port => '8003', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure heat firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow heat-api access').with( - :port => '8004', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow heat-cfn access').with( - :port => '8000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow heat-cloudwatch access').with( - :port => '8003', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '8' } - end - - it_configures 'openstack orchestration api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '8' } - end - - it_configures 'openstack orchestration api' - end - -end diff --git a/spec/classes/cloud_orchestration_engine_spec.rb b/spec/classes/cloud_orchestration_engine_spec.rb deleted file mode 100644 index 35b50ac2..00000000 --- a/spec/classes/cloud_orchestration_engine_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::orchestration::engine class -# - -require 'spec_helper' - -describe 'cloud::orchestration::engine' do - - shared_examples_for 'openstack orchestration engine' do - - let :pre_condition do - "class { 'cloud::orchestration': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_keystone_admin_host => '10.0.0.1', - ks_keystone_admin_port => '5000', - ks_keystone_admin_proto => 'http', - ks_heat_public_host => '10.0.0.1', - ks_heat_public_proto => 'http', - ks_heat_password => 'secrete', - heat_db_host => '10.0.0.1', - heat_db_user => 'heat', - heat_db_password => 'secrete', - verbose => true, - log_facility => 'LOG_LOCAL0', - use_syslog => true, - debug => true, - os_endpoint_type => 'internalURL' }" - end - - let :params do - { :enabled => true, - :auth_encryption_key => 'secrete', - :ks_heat_public_host => '10.0.0.1', - :ks_heat_public_proto => 'http', - :ks_heat_cfn_public_port => '8000', - :ks_heat_cloudwatch_public_port => '8003', - :ks_heat_password => 'secrete' } - end - - it 'configure heat common' do - is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :database_idle_timeout => '5000', - :log_dir => false - ) - is_expected.to contain_heat_config('clients/endpoint_type').with('value' => 'internalURL') - end - - it 'configure heat engine' do - is_expected.to contain_class('heat::engine').with( - :enabled => true, - :auth_encryption_key => 'secrete', - :heat_metadata_server_url => 'http://10.0.0.1:8000', - :heat_waitcondition_server_url => 'http://10.0.0.1:8000/v1/waitcondition', - :heat_watch_server_url => 'http://10.0.0.1:8003', - :deferred_auth_method => 'password', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack orchestration engine' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack orchestration engine' - end - -end diff --git a/spec/classes/cloud_selinux_spec.rb b/spec/classes/cloud_selinux_spec.rb deleted file mode 100644 index 788fc6ba..00000000 --- a/spec/classes/cloud_selinux_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::selinux -# - -require 'spec_helper' - -describe 'cloud::selinux' do - - shared_examples_for 'manage selinux' do - - context 'with selinux enforcing' do - before :each do - facts.merge!( :selinux_current_mode => 'enforcing' ) - end - - let :params do - { :mode => 'disabled', - :booleans => ['foo', 'bar'], - :modules => ['module1', 'module2'], - :directory => '/path/to/modules'} - end - - it 'runs setenforce 0' do - is_expected.to contain_exec('setenforce 0') - end - - it 'enables the SELinux boolean' do - is_expected.to contain_selboolean('foo').with( - :persistent => true, - :value => 'on', - ) - end - - it 'enables the SELinux modules' do - is_expected.to contain_selmodule('module1').with( - :ensure => 'present', - :selmoduledir => '/path/to/modules', - ) - end - - end - - context 'with selinux disabled' do - before :each do - facts.merge!( :selinux => 'false' ) - end - - let :params do - { :mode => 'enforcing', - :booleans => ['foo', 'bar'], - :modules => ['module1', 'module2'], - :directory => '/path/to/modules'} - end - - it 'runs setenforce 1' do - is_expected.to contain_exec('setenforce 1') - end - - it 'enables the SELinux boolean' do - is_expected.to contain_selboolean('foo').with( - :persistent => true, - :value => 'on', - ) - end - - it 'enables the SELinux modules' do - is_expected.to contain_selmodule('module1').with( - :ensure => 'present', - :selmoduledir => '/path/to/modules', - ) - end - - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_raises 'a Puppet::Error', /OS family unsuppored yet \(Debian\), SELinux support is only limited to RedHat family OS/ - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'manage selinux' - end - -end diff --git a/spec/classes/cloud_storage_rbd_mon_spec.rb b/spec/classes/cloud_storage_rbd_mon_spec.rb deleted file mode 100644 index b9aa8a4c..00000000 --- a/spec/classes/cloud_storage_rbd_mon_spec.rb +++ /dev/null @@ -1,102 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::storage::rbd::monitor class -# - -require 'spec_helper' - -describe 'cloud::storage::rbd::monitor' do - - shared_examples_for 'ceph monitor' do - - let :pre_condition do - "class { 'cloud::storage::rbd': - fsid => '123', - cluster_network => '10.0.0.0/24', - public_network => '192.168.0.0/24' }" - end - - let :params do - { :mon_addr => '10.0.0.1', - :monitor_secret => 'secret' } - end - - it 'configure ceph common' do - is_expected.to contain_class('ceph::conf').with( - :fsid => '123', - :auth_type => 'cephx', - :cluster_network => '10.0.0.0/24', - :public_network => '192.168.0.0/24', - :enable_service => true - ) - end - - it 'configure ceph mon' do - is_expected.to contain_ceph__mon('123').with( - :monitor_secret => 'secret', - :mon_port => '6789', - :mon_addr => '10.0.0.1' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceph monitor firewall rules' do - is_expected.to contain_firewall('100 allow ceph-mon access').with( - :port => '6789', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceph monitor firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceph-mon access').with( - :port => '6789', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'ceph monitor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'ceph monitor' - end - -end diff --git a/spec/classes/cloud_storage_rbd_osd_spec.rb b/spec/classes/cloud_storage_rbd_osd_spec.rb deleted file mode 100644 index 63229940..00000000 --- a/spec/classes/cloud_storage_rbd_osd_spec.rb +++ /dev/null @@ -1,110 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::storage::rbd::osd class -# - -require 'spec_helper' - -describe 'cloud::storage::rbd::osd' do - - shared_examples_for 'ceph osd' do - - let :pre_condition do - "class { 'cloud::storage::rbd': - fsid => '123', - cluster_network => '10.0.0.0/24', - public_network => '192.168.0.0/24' }" - end - - let :params do - { :public_address => '10.0.0.1', - :cluster_address => '192.168.0.1' } - end - - it 'configure ceph common' do - is_expected.to contain_class('ceph::conf').with( - :fsid => '123', - :auth_type => 'cephx', - :cluster_network => '10.0.0.0/24', - :public_network => '192.168.0.0/24', - :enable_service => true - ) - end - - it 'configure ceph osd' do - is_expected.to contain_class('ceph::osd').with( - :public_address => '10.0.0.1', - :cluster_address => '192.168.0.1' - ) - end - - context 'without specified journal' do - before :each do - params.merge!( :devices => ['sdb','sdc','sdd'] ) - end - - it 'configure ceph osd with a mixed full-qualified and short device name' do - is_expected.to contain_ceph__osd__device('/dev/sdb','/dev/sdc','sdd') - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceph osd firewall rules' do - is_expected.to contain_firewall('100 allow ceph-osd access').with( - :port => '6800-6810', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceph osd firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceph-osd access').with( - :port => '6800-6810', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - it_configures 'ceph osd' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'ceph osd' - end - -end diff --git a/spec/classes/cloud_telemetry_alarmevaluator_spec.rb b/spec/classes/cloud_telemetry_alarmevaluator_spec.rb deleted file mode 100644 index 41b775d0..00000000 --- a/spec/classes/cloud_telemetry_alarmevaluator_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::alarmevaluator class -# - -require 'spec_helper' - -describe 'cloud::telemetry::alarmevaluator' do - - shared_examples_for 'openstack telemetry alarmevaluator' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer alarm evaluator' do - is_expected.to contain_class('ceilometer::alarm::evaluator') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmevaluator' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmevaluator' - end - -end diff --git a/spec/classes/cloud_telemetry_alarmnotifier_spec.rb b/spec/classes/cloud_telemetry_alarmnotifier_spec.rb deleted file mode 100644 index caa021cf..00000000 --- a/spec/classes/cloud_telemetry_alarmnotifier_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::alarmnotifier class -# - -require 'spec_helper' - -describe 'cloud::telemetry::alarmnotifier' do - - shared_examples_for 'openstack telemetry alarmnotifier' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer alarm notifier' do - is_expected.to contain_class('ceilometer::alarm::notifier') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmnotifier' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmnotifier' - end - -end diff --git a/spec/classes/cloud_telemetry_api_spec.rb b/spec/classes/cloud_telemetry_api_spec.rb deleted file mode 100644 index b486ae6d..00000000 --- a/spec/classes/cloud_telemetry_api_spec.rb +++ /dev/null @@ -1,135 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::api class -# - -require 'spec_helper' - -describe 'cloud::telemetry::api' do - - shared_examples_for 'openstack telemetry api' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - let :params do - { :ks_keystone_internal_host => '127.0.0.1', - :ks_keystone_internal_proto => 'http', - :ks_ceilometer_internal_port => '8777', - :ks_ceilometer_password => 'rabbitpassword', - :api_eth => '127.0.0.1' } - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer-api' do - is_expected.to contain_class('ceilometer::api').with( - :keystone_password => 'rabbitpassword', - :keystone_host => '127.0.0.1', - :keystone_protocol => 'http', - :host => '127.0.0.1' - ) - end - - it 'configure ceilometer-expirer' do - is_expected.to contain_class('ceilometer::expirer').with( - :time_to_live => '2592000', - :minute => '0', - :hour => '0' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceilometer firewall rules' do - is_expected.to contain_firewall('100 allow ceilometer-api access').with( - :port => '8777', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceilometer firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceilometer-api access').with( - :port => '8777', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry api' - end - -end diff --git a/spec/classes/cloud_telemetry_centralagent_spec.rb b/spec/classes/cloud_telemetry_centralagent_spec.rb deleted file mode 100644 index 30eaf600..00000000 --- a/spec/classes/cloud_telemetry_centralagent_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::centralagent class -# - -require 'spec_helper' - -describe 'cloud::telemetry::centralagent' do - - shared_examples_for 'openstack telemetry centralagent' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer central agent' do - is_expected.to contain_class('ceilometer::agent::central') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry centralagent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry centralagent' - end - -end diff --git a/spec/classes/cloud_telemetry_collector_spec.rb b/spec/classes/cloud_telemetry_collector_spec.rb deleted file mode 100644 index bb101f9e..00000000 --- a/spec/classes/cloud_telemetry_collector_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::collector class -# - -require 'spec_helper' - -describe 'cloud::telemetry::collector' do - - shared_examples_for 'openstack telemetry collector' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - let :params do - { :mongo_nodes => ['node1', 'node2', 'node3'] } - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer collector' do - is_expected.to contain_class('ceilometer::collector') - end - - it 'synchronize ceilometer db indexes' do - is_expected.to contain_class('ceilometer::db').with( - :sync_db => true, - :database_connection => 'mongodb://node1,node2,node3/ceilometer?replicaSet=ceilometer' - ) - end - - context 'without replica set' do - before :each do - params.merge!( :replicaset_enabled => false, - :mongo_nodes => ['node1'] ) - end - it 'do not configure mongodb replicasets' do - is_expected.to contain_class('ceilometer::db').with( - :sync_db => true, - :database_connection => 'mongodb://node1/ceilometer' - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry collector' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry collector' - end - -end diff --git a/spec/classes/cloud_telemetry_notification_spec.rb b/spec/classes/cloud_telemetry_notification_spec.rb deleted file mode 100644 index 9fa7fb6d..00000000 --- a/spec/classes/cloud_telemetry_notification_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::notification class -# - -require 'spec_helper' - -describe 'cloud::telemetry::notification' do - - shared_examples_for 'openstack telemetry notification' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer notification agent' do - is_expected.to contain_class('ceilometer::agent::notification') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry notification' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry notification' - end - -end diff --git a/spec/classes/cloud_volume_api_spec.rb b/spec/classes/cloud_volume_api_spec.rb deleted file mode 100644 index 91a2c604..00000000 --- a/spec/classes/cloud_volume_api_spec.rb +++ /dev/null @@ -1,167 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::api class -# - -require 'spec_helper' - -describe 'cloud::volume::api' do - - shared_examples_for 'openstack volume api' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secrete', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true, - nova_endpoint_type => 'internalURL' }" - end - - let :params do - { :ks_cinder_password => 'secrete', - :ks_cinder_internal_port => '8776', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.2', - :ks_glance_api_internal_port => '9292', - :default_volume_type => 'ceph', - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - #:backup_ceph_user => 'cinder', - #:backup_ceph_pool => 'ceph_backup_cinder', - :api_eth => '10.0.0.1' } - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_cinder_config('DEFAULT/nova_catalog_info').with('value' => 'compute:nova:internalURL') - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder glance backend' do - is_expected.to contain_class('cinder::glance').with( - :glance_api_servers => 'http://10.0.0.2:9292', - :glance_request_timeout => '10', - :glance_num_retries => '10' - ) - end - - it 'configure cinder api' do - is_expected.to contain_class('cinder::api').with( - :keystone_password => 'secrete', - :keystone_auth_host => '10.0.0.1', - :keystone_auth_protocol => 'https', - :bind_host => '10.0.0.1', - :default_volume_type => 'ceph', - ) - end - - context 'without default volume type' do - before :each do - params.delete(:default_volume_type) - end - it 'should raise an error and fail' do - is_expected.not_to compile - end - end - - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - #it 'configure cinder backup using ceph backend' do - # should contain_class('cinder::backup') - # should contain_class('cinder::backup::ceph').with( - # :backup_ceph_user => 'cinder', - # :backup_ceph_pool => 'ceph_backup_cinder' - # ) - #end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure cinder firewall rules' do - is_expected.to contain_firewall('100 allow cinder-api access').with( - :port => '8776', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure cinder firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow cinder-api access').with( - :port => '8776', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume api' - end - -end diff --git a/spec/classes/cloud_volume_scheduler_spec.rb b/spec/classes/cloud_volume_scheduler_spec.rb deleted file mode 100644 index e54fd67c..00000000 --- a/spec/classes/cloud_volume_scheduler_spec.rb +++ /dev/null @@ -1,97 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::controller class -# - -require 'spec_helper' - -describe 'cloud::volume::scheduler' do - - shared_examples_for 'openstack volume scheduler' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secrete', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true, - nova_endpoint_type => 'internalURL' }" - end - - let :params do - {} - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_cinder_config('DEFAULT/nova_catalog_info').with('value' => 'compute:nova:internalURL') - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder scheduler' do - is_expected.to contain_class('cinder::scheduler').with( - :scheduler_driver => 'cinder.scheduler.filter_scheduler.FilterScheduler' - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume scheduler' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume scheduler' - end - -end diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb deleted file mode 100644 index a50d7af3..00000000 --- a/spec/classes/cloud_volume_storage_spec.rb +++ /dev/null @@ -1,333 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::storage class -# - -require 'spec_helper' - -describe 'cloud::volume::storage' do - - shared_examples_for 'openstack volume storage' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secret', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secret', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true }" - end - - let :params do - { :cinder_rbd_pool => 'ceph_cinder', - :cinder_rbd_user => 'cinder', - :cinder_rbd_secret_uuid => 'secret', - :cinder_rbd_max_clone_depth => '10', - :cinder_backends => { - 'rbd' => { - 'lowcost' => { - 'rbd_pool' => 'ceph_cinder', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret' - } - }, - 'netapp' => { - 'premium' => { - 'netapp_server_hostname' => 'netapp-server.host', - 'netapp_login' => 'joe', - 'netapp_password' => 'secret', - 'nfs_mount_options' => 'rw,proto=tcp,sec=sys', - } - }, - 'iscsi' => { - 'fast' => { - 'iscsi_ip_address' => '10.0.0.1', - 'volume_group' => 'fast-vol' - } - }, - 'emc_vnx' => { - 'very-fast' => { - 'iscsi_ip_address' => '10.0.0.1', - 'san_ip' => '10.0.0.2', - 'san_password' => 'secrete', - 'storage_vnx_pool_name' => 'emc-volumes', - } - }, - 'eqlx' => { - 'dell' => { - 'san_ip' => '10.0.0.1', - 'san_login' => 'admin', - 'san_password' => 'secrete', - 'eqlx_group_name' => 'dell-volumes', - } - }, - 'glusterfs' => { - 'gluster' => { - 'glusterfs_shares' => ['/mnt/share'], - 'glusterfs_shares_config' => '/etc/cinder/shares-gluster.conf', - } - }, - 'nfs' => { - 'freenas' => { - 'nfs_servers' => ['10.0.0.1:/myshare'], - 'nfs_mount_options' => 'defaults', - 'nfs_disk_util' => 'df', - 'nfs_mount_point_base' => '/mnt/shares', - 'nfs_shares_config' => '/etc/cinder/shares.conf', - 'nfs_used_ratio' => '0.6', - 'nfs_oversub_ratio' => '1.0' - } - } - }, - :ks_keystone_internal_proto => 'http', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_host => 'keystone.host', - :ks_cinder_password => 'secret' } - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secret@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secret', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - - is_expected.to contain_cinder_config('DEFAULT/notification_driver').with('value' => 'cinder.openstack.common.notifier.rpc_notifier') - - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecret -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder volume service' do - is_expected.to contain_class('cinder::volume') - end - - context 'with RBD backend' do - it 'configures rbd volume driver' do - is_expected.to contain_cinder_config('lowcost/volume_backend_name').with_value('lowcost') - is_expected.to contain_cinder_config('lowcost/rbd_pool').with_value('ceph_cinder') - is_expected.to contain_cinder_config('lowcost/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('lowcost/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('lowcost/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('lowcost').with( - :set_key => 'volume_backend_name', - :set_value => 'lowcost', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-cinder-to-group').with( - :command => 'usermod -a -G cephkeyring cinder', - :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - :unless => 'groups cinder | grep cephkeyring' - ) - is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ - 'owner' => 'root', - 'group' => 'cephkeyring', - 'mode' => '0440', - }) - end - end - - context 'with NetApp backend' do - it 'configures netapp volume driver' do - is_expected.to contain_cinder_config('premium/volume_backend_name').with_value('premium') - is_expected.to contain_cinder_config('premium/netapp_login').with_value('joe') - is_expected.to contain_cinder_config('premium/netapp_password').with_value('secret') - is_expected.to contain_cinder_config('premium/netapp_server_hostname').with_value('netapp-server.host') - is_expected.to contain_cinder_config('premium/nfs_mount_options').with_value('rw,proto=tcp,sec=sys') - is_expected.to contain_cinder__type('premium').with( - :set_key => 'volume_backend_name', - :set_value => 'premium', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with iSCSI backend' do - it 'configures iSCSI volume driver' do - is_expected.to contain_cinder_config('fast/volume_backend_name').with_value('fast') - is_expected.to contain_cinder_config('fast/iscsi_ip_address').with_value('10.0.0.1') - is_expected.to contain_cinder_config('fast/volume_group').with_value('fast-vol') - is_expected.to contain_cinder__type('fast').with( - :set_key => 'volume_backend_name', - :set_value => 'fast', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with EMC VNX backend' do - it 'configures EMC VNX volume driver' do - should contain_cinder_config('very-fast/volume_backend_name').with_value('very-fast') - should contain_cinder_config('very-fast/iscsi_ip_address').with_value('10.0.0.1') - should contain_cinder_config('very-fast/san_ip').with_value('10.0.0.2') - should contain_cinder_config('very-fast/san_password').with_value('secrete') - should contain_cinder_config('very-fast/storage_vnx_pool_name').with_value('emc-volumes') - should contain_cinder__type('very-fast').with( - :set_key => 'volume_backend_name', - :set_value => 'very-fast', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with EQLX backend' do - it 'configures EQLX volume driver' do - should contain_cinder_config('dell/volume_backend_name').with_value('dell') - should contain_cinder_config('dell/san_ip').with_value('10.0.0.1') - should contain_cinder_config('dell/san_login').with_value('admin') - should contain_cinder_config('dell/san_password').with_value('secrete') - should contain_cinder_config('dell/eqlx_group_name').with_value('dell-volumes') - should contain_cinder__type('dell').with( - :set_key => 'volume_backend_name', - :set_value => 'dell', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with GlusterFS backend' do - it 'configures GlusterFS volume driver' do - should contain_cinder_config('gluster/volume_backend_name').with_value('gluster') - should contain_cinder_config('gluster/glusterfs_shares_config').with_value('/etc/cinder/shares-gluster.conf') - should contain_cinder__type('gluster').with( - :set_key => 'volume_backend_name', - :set_value => 'gluster', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with NFS backend' do - it 'configures NFS volume driver' do - is_expected.to contain_cinder_config('freenas/volume_backend_name').with_value('freenas') - is_expected.to contain_cinder_config('freenas/nfs_mount_options').with_value('defaults') - is_expected.to contain_cinder_config('freenas/nfs_mount_point_base').with_value('/mnt/shares') - is_expected.to contain_cinder_config('freenas/nfs_disk_util').with_value('df') - is_expected.to contain_cinder_config('freenas/nfs_shares_config').with_value('/etc/cinder/shares.conf') - is_expected.to contain_cinder_config('freenas/nfs_used_ratio').with_value('0.6') - is_expected.to contain_cinder_config('freenas/nfs_oversub_ratio').with_value('1.0') - is_expected.to contain_cinder__type('freenas').with( - :set_key => 'volume_backend_name', - :set_value => 'freenas', - :notify => 'Service[cinder-volume]' - ) - should contain_file('/etc/cinder/shares.conf').with_content(/^10.0.0.1:\/myshare$/) - end - end - - context 'with two RBD backends' do - before :each do - params.merge!( - :cinder_backends => { - 'rbd' => { - 'lowcost' => { - 'rbd_pool' => 'low', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret', - }, - 'normal' => { - 'rbd_pool' => 'normal', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret', - } - } - } - ) - end - - it 'configures two rbd volume backends' do - is_expected.to contain_cinder_config('lowcost/volume_backend_name').with_value('lowcost') - is_expected.to contain_cinder_config('lowcost/rbd_pool').with_value('low') - is_expected.to contain_cinder_config('lowcost/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('lowcost/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('lowcost/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('lowcost').with( - :set_key => 'volume_backend_name', - :set_value => 'lowcost', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - is_expected.to contain_cinder_config('normal/volume_backend_name').with_value('normal') - is_expected.to contain_cinder_config('normal/rbd_pool').with_value('normal') - is_expected.to contain_cinder_config('normal/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('normal/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('normal/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('normal').with( - :set_key => 'volume_backend_name', - :set_value => 'normal', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - end - end - - context 'with all backends enabled' do - it 'configure all cinder backends' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['lowcost', 'premium', 'fast', 'very-fast', 'dell', 'freenas', 'gluster'] - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume storage' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume storage' - end - -end diff --git a/spec/classes/coverage_spec.rb b/spec/classes/coverage_spec.rb deleted file mode 100644 index fbe09652..00000000 --- a/spec/classes/coverage_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'spec_helper' - -if ENV['COV'] - at_exit { RSpec::Puppet::Coverage.report! } -end diff --git a/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb b/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb deleted file mode 100644 index d8736aeb..00000000 --- a/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_colocation - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_colocation', :type => :define do - - let (:title) { 'service1' } - - let :params do - { - :service => 'service1', - :colocated_with => ['service2','service3'] - } - end - - context 'with default parameters' do - it 'should create a colocation constraint' do - should contain_cs_colocation('service1-with-service2').with( - { - 'primitives' => ["p_service1", "p_service2"], - } - ) - - should contain_cs_colocation('service1-with-service3').with( - { - 'primitives' => ["p_service1", "p_service3"], - } - ) - end - end -end diff --git a/spec/defines/cloud_clustering_pacemaker_order_spec.rb b/spec/defines/cloud_clustering_pacemaker_order_spec.rb deleted file mode 100644 index 6beb6994..00000000 --- a/spec/defines/cloud_clustering_pacemaker_order_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_order - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_order', :type => :define do - - let (:title) { 'service1' } - - let :params do - { - :service => 'service1', - :first => ['service2','service3'] - } - end - - context 'with default parameters' do - it 'should create two order constraints' do - should contain_cs_order('service2-before-service1').with( - { - 'first' => "p_service2", - 'second' => "p_service1" - } - ) - - should contain_cs_order('service3-before-service1').with( - { - 'first' => "p_service3", - 'second' => "p_service1" - } - ) - end - end -end diff --git a/spec/defines/cloud_clustering_pacemaker_service_spec.rb b/spec/defines/cloud_clustering_pacemaker_service_spec.rb deleted file mode 100644 index bb224434..00000000 --- a/spec/defines/cloud_clustering_pacemaker_service_spec.rb +++ /dev/null @@ -1,92 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_service - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_service', :type => :define do - - let :pre_condition do - "service { ['foo-api','bar-api']: - ensure => running - }" - end - - let (:title) { 'foo-api' } - - let :params do - { - :service_name => 'foo-api', - :primitive_class => 'systemd', - :primitive_provider => false, - :primitive_type => 'foo-api', - :clone => false, - :colocated_services => [], - :start_after => [], - :requires => [] - } - end - - context 'with default parameters' do - it 'should create a Pacemaker service' do - should contain_openstack_extras__pacemaker__service('foo-api').with( - { - 'ensure' => :present, - 'primitive_class' => params[:primitive_class], - 'primitive_provider' => params[:primitive_provider], - 'primitive_type' => params[:primitive_type], - 'clone' => params[:clone], - 'require' => params[:requires] - } - ) - end - end - - context 'with colocated services and start ordering' do - before :each do - params.merge!( - :colocated_services => ["bar-api"], - :start_after => ["foo-api"], - ) - end - - it 'creates a colocation constraint' do - is_expected.to contain_cloud__clustering__pacemaker_colocation('foo-api') - end - - it 'creates an order constraint' do - is_expected.to contain_cloud__clustering__pacemaker_order('foo-api') - end - end - - context 'with clone=true' do - before :each do - params.merge!( - :clone => true, - ) - end - - it 'creates a cloned resource' do - is_expected.to contain_openstack_extras__pacemaker__service('foo-api').with( - { - 'clone' => :true - } - ) - end - end - -end diff --git a/spec/shared_examples.rb b/spec/shared_examples.rb deleted file mode 100644 index fec0eacc..00000000 --- a/spec/shared_examples.rb +++ /dev/null @@ -1,5 +0,0 @@ -shared_examples_for "a Puppet::Error" do |description| - it "with message matching #{description.inspect}" do - expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 0171d5dd..00000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'puppetlabs_spec_helper/module_spec_helper' -require 'shared_examples' - -RSpec.configure do |c| - c.alias_it_should_behave_like_to :it_configures, 'configures' - c.alias_it_should_behave_like_to :it_raises, 'raises' - - c.default_facts = { - :kernel => 'Linux', - :concat_basedir => '/var/lib/puppet/concat', - :memorysize => '1000 MB', - :processorcount => '1', - :puppetversion => '3.7.3', - :uniqueid => '123' - } -end diff --git a/templates/database/clustercheck.erb b/templates/database/clustercheck.erb deleted file mode 100644 index 5336bac6..00000000 --- a/templates/database/clustercheck.erb +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# Managed by puppet -# Module cloud -# -# Script to make a proxy (ie HAProxy) capable of monitoring Percona XtraDB Cluster nodes properly -# -# Author: Olaf van Zandwijk -# Mehdi Abaakouk -# -# Documentation and download: https://github.com/olafz/percona-clustercheck -# -# Based on the original script from Unai Rodriguez -# -MYSQL_USERNAME='<%= @galera_clustercheck_dbuser %>' -MYSQL_PASSWORD='<%= @galera_clustercheck_dbpassword %>' - -TIMEOUT=10 -ERR_FILE="/dev/null" -AVAILABLE_WHEN_DONOR=0 - -MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} " - -mysql_get_status(){ - ( $MYSQL_CMDLINE -e "SHOW STATUS LIKE '$1';" | tail -1 ) 2>>${ERR_FILE} -} -mysql_get_var(){ - ( $MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE '$1';" | tail -1 ) 2>>${ERR_FILE} -} - -http_response(){ - status=$1 - shift - msg="$@" - if [ "$status" == 200 ]; then - /bin/echo -en "HTTP/1.1 200 OK\r\n" - else - /bin/echo -en "HTTP/1.1 503 Service Unavailable\r\n" - fi - /bin/echo -en "Content-Type: text/plain\r\n" - /bin/echo -en "\r\n" - /bin/echo -en "$msg\r\n" - /bin/echo -en "\r\n" -} - - -WSREP_LOCAL_STATE=$(mysql_get_status wsrep_local_state) -WSREP_READY=$(mysql_get_status wsrep_ready) -WSREP_CONNECTED=$(mysql_get_status wsrep_connected) -READY_ONLY=$(mysql_get_var read_only) - -case ${AVAILABLE_WHEN_DONOR}-${WSREP_LOCAL_STATE}-${WSREP_READY}-${WSREP_CONNECTED}-${READY_ONLY} in - 1-2-ON-ON-OFF|0-4-ON-ON-OFF) http_response 200 "Mariadb Cluster Node is synced, ready and connected." ;; - *-*-OFF-*-*) http_response 503 "Mariadb Cluster Node is not ready." ;; - *-*-*-OFF-*) http_response 503 "Mariadb Cluster Node is not connected" ;; - *-*-*-*-ON) http_response 503 "Mariadb Cluster Node is readonly" ;; - *) http_response 503 "Mariadb Cluster Node is not synced" ;; -esac diff --git a/templates/database/debian.cnf.erb b/templates/database/debian.cnf.erb deleted file mode 100644 index 11d258aa..00000000 --- a/templates/database/debian.cnf.erb +++ /dev/null @@ -1,14 +0,0 @@ -# Managed by Puppet -# Module cloud::database::sql -# -[client] -host = localhost -user = debian-sys-maint -password = <%= @mysql_sys_maint_password %> -socket = /var/run/mysqld/mysqld.sock -[mysql_upgrade] -host = localhost -user = debian-sys-maint -password = <%= @mysql_sys_maint_password %> -socket = /var/run/mysqld/mysqld.sock -basedir = /usr diff --git a/templates/database/etc_initd_mysql_Debian b/templates/database/etc_initd_mysql_Debian deleted file mode 100755 index 3b4c3c6a..00000000 --- a/templates/database/etc_initd_mysql_Debian +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/bash -# -### BEGIN INIT INFO -# Provides: mysql-bootstrap -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: $network $named $time -# Should-Stop: $network $named $time -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start and stop the mysql database server daemon -# Description: Controls the main MariaDB database server daemon "mysqld" -# and its wrapper script "mysqld_safe". -### END INIT INFO -# -MYSQLD_STARTUP_TIMEOUT=${MYSQLD_STARTUP_TIMEOUT:-60} -[ -e /etc/mysql/my.cnf ] && \ - MYSQLD_DATA_DIR=$(awk -F= '/^datadir/{print $2}' /etc/mysql/my.cnf | sed -e 's/^ *//') -MYSQLD_DATA_DIR=${MYSQLD_DATA_DIR:-<%= scope.lookupvar('::mysql::datadir') %>} -set -e -set -u -${DEBIAN_SCRIPT_DEBUG:+ set -v -x} - -test -x /usr/sbin/mysqld || exit 0 - -. /lib/lsb/init-functions - -SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) -CONF=/etc/mysql/my.cnf -MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" - -# priority can be overriden and "-s" adds output to stderr -ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" - -# Safeguard (relative paths, core dumps..) -cd / -umask 077 - -# mysqladmin likes to read /root/.my.cnf. This is usually not what I want -# as many admins e.g. only store a password without a username there and -# so break my scripts. -export HOME=/etc/mysql/ - -## Fetch a particular option from mysql's invocation. -# -# Usage: void mysqld_get_param option -mysqld_get_param() { - /usr/sbin/mysqld --print-defaults \ - | tr " " "\n" \ - | grep -- "--$1" \ - | tail -n 1 \ - | cut -d= -f2 -} - -## Do some sanity checks before even trying to start mysqld. -sanity_checks() { - # check for config file - if [ ! -r /etc/mysql/my.cnf ]; then - log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" - echo "WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" | $ERR_LOGGER - fi - - # check for diskspace shortage - datadir=`mysqld_get_param datadir` - if LC_ALL=C BLOCKSIZE= df --portability $datadir/. | tail -n 1 | awk '{ exit ($4>4096) }'; then - log_failure_msg "$0: ERROR: The partition with $datadir is too full!" - echo "ERROR: The partition with $datadir is too full!" | $ERR_LOGGER - exit 1 - fi -} - -## Checks if there is a server running and if so if it is accessible. -# -# check_alive insists on a pingable server -# check_dead also fails if there is a lost mysqld in the process list -# -# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] -mysqld_status () { - ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) - - ps_alive=0 - pidfile=`mysqld_get_param pid-file` - if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi - - if [ "$1" = "check_alive" -a $ping_alive = 1 ] || - [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then - return 0 # EXIT_SUCCESS - else - if [ "$2" = "warn" ]; then - echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug - fi - return 1 # EXIT_FAILURE - fi -} - -# -# main() -# - -case "${1:-''}" in - 'start') - sanity_checks; - # Start daemon - log_daemon_msg "Starting MariaDB database server" "mysqld" - if mysqld_status check_alive nowarn; then - log_progress_msg "already running" - log_end_msg 0 - else - # Could be removed during boot - test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld - - # Start MariaDB! in a Galera setup we want to use - # new-cluster only when the galera cluster hasn't been - # bootstraped - if [ -e ${MYSQLD_DATA_DIR}/grastate.dat ]; then - # normal boot - /usr/bin/mysqld_safe "${@:2}" > /dev/null 2>&1 & - else - # bootstrap boot - log_progress_msg " (Galera bootstrap) " - /usr/bin/mysqld_safe "${@:2}" --wsrep-new-cluster > /dev/null 2>&1 & - fi - - # 6s was reported in #352070 to be too few when using ndbcluster - for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do - sleep 1 - if mysqld_status check_alive nowarn ; then break; fi - log_progress_msg "." - done - if mysqld_status check_alive warn; then - log_end_msg 0 - # Now start mysqlcheck or whatever the admin wants. - output=$(/etc/mysql/debian-start) - [ -n "$output" ] && log_action_msg "$output" - else - log_end_msg 1 - log_failure_msg "Please take a look at the syslog" - fi - fi - ;; - - 'stop') - # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible - # at least for cron, we can rely on it here, too. (although we have - # to specify it explicit as e.g. sudo environments points to the normal - # users home and not /root) - log_daemon_msg "Stopping MariaDB database server" "mysqld" - if ! mysqld_status check_dead nowarn; then - set +e - shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? - set -e - if [ "$r" -ne 0 ]; then - log_end_msg 1 - [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" - log_daemon_msg "Killing MariaDB database server by signal" "mysqld" - killall -15 mysqld - server_down= - for i in `seq 1 600`; do - sleep 1 - if mysqld_status check_dead nowarn; then server_down=1; break; fi - done - if test -z "$server_down"; then killall -9 mysqld; fi - fi - fi - - if ! mysqld_status check_dead warn; then - log_end_msg 1 - log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-5.5/README.Debian.gz!" - exit -1 - else - log_end_msg 0 - fi - ;; - - 'restart') - set +e; $SELF stop; set -e - $SELF start - ;; - - 'reload'|'force-reload') - log_daemon_msg "Reloading MariaDB database server" "mysqld" - $MYADMIN reload - log_end_msg 0 - ;; - - 'status') - if mysqld_status check_alive nowarn; then - log_action_msg "$($MYADMIN version)" - else - log_action_msg "MariaDB is stopped." - exit 3 - fi - ;; - - *) - echo "Usage: $SELF start|stop|restart|reload|force-reload|status" - exit 1 - ;; -esac - diff --git a/templates/database/etc_initd_mysql_RedHat b/templates/database/etc_initd_mysql_RedHat deleted file mode 100755 index 79a8b36e..00000000 --- a/templates/database/etc_initd_mysql_RedHat +++ /dev/null @@ -1,45 +0,0 @@ -# It's not recommended to modify this file in-place, because it will be -# overwritten during package upgrades. If you want to customize, the -# best way is to create a file "/etc/systemd/system/mariadb.service", -# containing -# .include /lib/systemd/system/mariadb.service -# ...make your changes here... -# or create a file "/etc/systemd/system/mariadb.service.d/foo.conf", -# which doesn't need to include ".include" call and which will be parsed -# after the file mariadb.service itself is parsed. -# -# For more info about custom unit files, see systemd.unit(5) or -# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F -# For example, if you want to increase mysql's open-files-limit to 10000, -# you need to increase systemd's LimitNOFILE setting, so create a file named -# "/etc/systemd/system/mariadb.service.d/limits.conf" containing: -# [Service] -# LimitNOFILE=10000 -# Note: /usr/lib/... is recommended in the .include line though /lib/... -# still works. -# Don't forget to reload systemd daemon after you change unit configuration: -# root> systemctl --system daemon-reload - -[Unit] -Description=MariaDB database server -After=syslog.target -After=network.target - -[Service] -Type=simple -User=mysql -Group=mysql -ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n -# Note: we set --basedir to prevent probes that might trigger SELinux alarms, -# per bug #547485 -ExecStart=/usr/bin/mysqld_safe <%= @wsrep_new_cluster %> --basedir=/usr -ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID - -# Give a reasonable amount of time for the server to start up/shut down -TimeoutSec=60 - -# Place temp files in a secure directory, not /tmp -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/database/mysql.conf.erb b/templates/database/mysql.conf.erb deleted file mode 100644 index 2a9848cc..00000000 --- a/templates/database/mysql.conf.erb +++ /dev/null @@ -1,70 +0,0 @@ -# MANAGED BY PUPPET -# Module:: cloud::database::sql -# -[mysqld] -bind-address = <%= @api_eth %> -default_storage_engine = innodb -collation_server = utf8_general_ci -init_connect = 'SET NAMES utf8' -character_set_server = utf8 -max_connections = <%= @max_connections %> -skip_name_resolve = 1 -connect_timeout = 5 -wait_timeout = 600 -max_allowed_packet = 64M -thread_cache_size = 128 -sort_buffer_size = 4M -bulk_insert_buffer_size = 16M -tmp_table_size = 512M -max_heap_table_size = 128M -query_cache_type = 0 -myisam_recover = BACKUP -key_buffer_size = 16M -open_files_limit = <%= @open_files_limit_real %> -table_open_cache = 1024 -table_definition_cache = 500 -myisam_sort_buffer_size = 512M -concurrent_insert = 2 -read_buffer_size = 2M -read_rnd_buffer_size = 1M -slow_query_log = 1 -slow_query_log_file = /var/log/mysql/slow.log -log_error = /var/log/mysql/error.log -long_query_time = 1 -log_slow_verbosity = query_plan -innodb_buffer_pool_size = 512M -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_thread_concurrency = 48 -innodb_file_per_table = 1 -innodb_open_files = <%= @open_files_limit_real %> -innodb_io_capacity = 1000 -innodb_file_format = Barracuda -innodb_file_format_max = Barracuda -innodb_max_dirty_pages_pct = 50 -binlog_format = ROW -innodb_autoinc_lock_mode = 2 -innodb_locks_unsafe_for_binlog = 1 -wsrep_provider = "<%= @wsrep_provider %>" -wsrep_cluster_name = "galera_cluster" -wsrep_cluster_address = "gcomm://<%= @gcomm_definition %>" -wsrep_sst_auth = root:<%= @mysql_root_password %> -wsrep_drupal_282555_workaround = 0 -wsrep_sst_method = rsync -wsrep_node_address = "<%= @api_eth %>" -wsrep_node_incoming_address = "<%= @api_eth %>" -# This is the minimal value (proc*2) -wsrep_slave_threads = "<%= @processorcount.to_i * 2 %>" - -# Thoses TWEAK assume that the galera cluster is used in master/slave mode -wsrep_provider_options = "gcache.size=<%= @galera_gcache %>;gcs.fc_master_slave=1;gcs.fc_limit=256;gcs.fc_factor=0.9" - -# this value here are used by /usr/bin/innobackupex -# and wsrep_sst_xtrabackup take only one configuration file and use the last one -# (/etc/mysql/my.cnf is not used) -datadir = /var/lib/mysql -tmpdir = /tmp/ -innodb_flush_method = O_DIRECT -innodb_log_buffer_size = 32M -innodb_log_file_size = 256M -innodb_log_files_in_group = 2 diff --git a/templates/database/mysqlchk.erb b/templates/database/mysqlchk.erb deleted file mode 100644 index 2786eb88..00000000 --- a/templates/database/mysqlchk.erb +++ /dev/null @@ -1,24 +0,0 @@ -# Managed by puppet -# Module cloud -# -# default: on -# description: mysqlchk -service mysqlchk -{ -# this is a config for xinetd, place it in /etc/xinetd.d/ - disable = no - flags = REUSE - socket_type = stream - port = 8200 - wait = no - user = nobody - server = /usr/bin/clustercheck - log_on_failure += USERID - log_on_success = - #FIXME(sbadia) Security: Restrict this parameter to HAProxy pool. - only_from = 0.0.0.0/0 - bind = <%= @galera_clustercheck_ipaddress %> - # recommended to put the IPs that need - # to connect exclusively (security purposes) - per_source = UNLIMITED -} diff --git a/templates/database/redis-notifications.sh.erb b/templates/database/redis-notifications.sh.erb deleted file mode 100644 index fc5d9474..00000000 --- a/templates/database/redis-notifications.sh.erb +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -HAPROXY="<%= @haproxy_monitor_ip %>:<%= @haproxy_monitor_port %>" -CMD="$1" -ARGS="$2" -ARG1=`echo $ARGS | awk '{print $1}'` - - -call_curl () { - DATA=`echo "s=$1&action=$2&b=%234" | sed -e s/:/%3A/` - curl --silent -o /dev/null $HAPROXY --data "$DATA" - echo curl $HAPROXY --data "$DATA" - return 0 -} - - -[ "$CMD" = "+odown" ] && [ "$ARG1" = "master" ] && \ - call_curl `echo $ARGS | awk '{print $2 ":" $3 ":" $4}'` 'disable' - -[ "$CMD" = "+sdown" ] && [ "$ARG1" = "slave" ] && \ - call_curl `echo $ARGS | awk '{print $6 ":" $3 ":" $4}'` 'disable' - -[ "$CMD" = "+switch-master" ] && \ - call_curl `echo $ARGS | awk '{print $1 ":" $4 ":" $5}'` 'enable' && - call_curl `echo $ARGS | awk '{print $1 ":" $2 ":" $3}'` 'disable' - -[ "$CMD" = "-odown" ] && [ "$ARG1" = "master" ] && \ - call_curl `echo $ARGS | awk '{print $2 ":" $3 ":" $4}'` 'enable' - -# without exit code, sentinel thinks the script is still running and locks any further execution -exit 0 diff --git a/templates/database/systemd-custom.conf.erb b/templates/database/systemd-custom.conf.erb deleted file mode 100644 index 3e88a5de..00000000 --- a/templates/database/systemd-custom.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -<% @mysql_systemd_override_settings_real.each do |key, value| -%> -<%= key -%>=<%= value %> -<% end -%> diff --git a/templates/installserver/autosign.conf.erb b/templates/installserver/autosign.conf.erb deleted file mode 100644 index d7ae0e10..00000000 --- a/templates/installserver/autosign.conf.erb +++ /dev/null @@ -1,5 +0,0 @@ -<% if @autosign_domains -%> -<% @autosign_domains.each do | domain | -%> -<%= domain %> -<% end -%> -<% end -%> diff --git a/templates/loadbalancer/monitor.erb b/templates/loadbalancer/monitor.erb deleted file mode 100644 index a8fbc604..00000000 --- a/templates/loadbalancer/monitor.erb +++ /dev/null @@ -1,79 +0,0 @@ -<%- if @swift_api -%> -acl swift_api_dead nbsrv(swift_api_cluster) lt 1 -monitor fail if swift_api_dead -<%- end -%> -<%- if @keystone_api -%> -acl keystone_api_dead nbsrv(keystone_api_cluster) lt 1 -monitor fail if keystone_api_dead -<% end -%> -<%- if @keystone_api_admin -%> -acl keystone_api_admin_dead nbsrv(keystone_api_admin_cluster) lt 1 -monitor fail if keystone_api_admin_dead -<% end -%> -<%- if @galera -%> -acl galera_dead nbsrv(galera_cluster) lt 1 -monitor fail if galera_dead -<%- end -%> -<%- if @neutron_api -%> -acl neutron_api_dead nbsrv(neutron_api_cluster) lt 1 -monitor fail if neutron_api_dead -<%- end -%> -<%- if @cinder_api -%> -acl cinder_api_dead nbsrv(cinder_api_cluster) lt 1 -monitor fail if cinder_api_dead -<%- end -%> -<%- if @nova_api -%> -acl nova_api_dead nbsrv(nova_api_cluster) lt 1 -monitor fail if nova_api_dead -<%- end -%> -<%- if @ec2_api -%> -acl ec2_api_dead nbsrv(ec2_api_cluster) lt 1 -monitor fail if ec2_api_dead -<%- end -%> -<%- if @metadata_api -%> -acl metadata_api_dead nbsrv(metadata_api_cluster) lt 1 -monitor fail if metadata_api_dead -<%- end -%> -<%- if @spice -%> -acl spice_dead nbsrv(spice_cluster) lt 1 -monitor fail if spice_dead -<%- end -%> -<%- if @rabbitmq -%> -acl rabbitmq_dead nbsrv(rabbitmq_cluster) lt 1 -monitor fail if rabbitmq_dead -<%- end -%> -<%- if @glance_api -%> -acl glance_api_dead nbsrv(glance_api_cluster) lt 1 -monitor fail if glance_api_dead -<%- end -%> -<%- if @glance_registry -%> -acl glance_registry_dead nbsrv(glance_registry_cluster) lt 1 -monitor fail if glance_registry_dead -<%- end -%> -<%- if @ceilometer_api -%> -acl ceilometer_api_dead nbsrv(ceilometer_api_cluster) lt 1 -monitor fail if ceilometer_api_dead -<%- end -%> -<%- if @heat_api -%> -acl heat_api_dead nbsrv(heat_api_cluster) lt 1 -monitor fail if heat_api_dead -<%- end -%> -<%- if @heat_cfn_api -%> -acl heat_cfn_api_dead nbsrv(heat_cfn_api_cluster) lt 1 -monitor fail if heat_cfn_api_dead -<%- end -%> -<%- if @heat_cloudwatch_api -%> -acl heat_cloudwatch_api_dead nbsrv(heat_cloudwatch_api_cluster) lt 1 -monitor fail if heat_cloudwatch_api_dead -<%- end -%> -<%- if @horizon -%> -acl horizon_dead nbsrv(horizon_cluster) lt 1 -monitor fail if horizon_dead -<%- end -%> -<%- if @trove_api -%> -acl trove_api_dead nbsrv(trove_api_cluster) lt 1 -monitor fail if trove_api_dead -<%- end -%> - -# Used when forwarding SSL in http headers -acl is-ssl dst_port 443 diff --git a/templates/network/dnsmasq-neutron.conf.erb b/templates/network/dnsmasq-neutron.conf.erb deleted file mode 100644 index 979bd1a1..00000000 --- a/templates/network/dnsmasq-neutron.conf.erb +++ /dev/null @@ -1 +0,0 @@ -dhcp-option-force=26,<%= @veth_mtu %> diff --git a/templates/selinux/sysconfig_selinux.erb b/templates/selinux/sysconfig_selinux.erb deleted file mode 100644 index e3bc2f85..00000000 --- a/templates/selinux/sysconfig_selinux.erb +++ /dev/null @@ -1,11 +0,0 @@ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=<%= @mode %> -# SELINUXTYPE= can take one of these two values: -# targeted - Targeted processes are protected, -# minimum - Modification of targeted policy. Only selected processes are protected. -# mls - Multi Level Security protection. -SELINUXTYPE=targeted diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb deleted file mode 100644 index 7272d165..00000000 --- a/templates/storage/ceph/ceph-client.conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -<% if @clients %> -<% @clients.each do |client| %> - -[client.<%= client %>] - keyring = /etc/ceph/ceph.client.<%= client %>.keyring - -<% end %> -<% end %> diff --git a/templates/storage/ceph/secret-compute.xml.erb b/templates/storage/ceph/secret-compute.xml.erb deleted file mode 100644 index 52459f1d..00000000 --- a/templates/storage/ceph/secret-compute.xml.erb +++ /dev/null @@ -1,6 +0,0 @@ - - - client.<%= @cinder_rbd_user %> secret - - <%= @ceph_fsid %> -