Merge "dcdbsync for containerized openstack services - puppet"

modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_openstack_config/ini_setting.rb

@@ -0,0 +1,37 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Jan 2019 Creation based off puppet-sysinv
+#
+
+Puppet::Type.type(:dcdbsync_openstack_config).provide(
+  :ini_setting,
+  :parent => Puppet::Type.type(:ini_setting).provider(:ruby)
+) do
+
+  def section
+    resource[:name].split('/', 2).first
+  end
+
+  def setting
+    resource[:name].split('/', 2).last
+  end
+
+  def separator
+    '='
+  end
+
+  def self.file_path
+    '/etc/dcdbsync/dcdbsync_openstack.conf'
+  end
+
+  # added for backwards compatibility with older versions of inifile
+  def file_path
+    self.class.file_path
+  end
+
+end

modules/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_openstack_config.rb

@@ -0,0 +1,52 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Jan 2019 Creation based off puppet-sysinv
+#
+
+Puppet::Type.newtype(:dcdbsync_openstack_config) do
+
+  ensurable
+
+  newparam(:name, :namevar => true) do
+    desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync_openstack.conf'
+    newvalues(/\S+\/\S+/)
+  end
+
+  newproperty(:value) do
+    desc 'The value of the setting to be defined.'
+    munge do |value|
+      value = value.to_s.strip
+      value.capitalize! if value =~ /^(true|false)$/i
+      value
+    end
+
+    def is_to_s( currentvalue )
+      if resource.secret?
+        return '[old secret redacted]'
+      else
+        return currentvalue
+      end
+    end
+
+    def should_to_s( newvalue )
+      if resource.secret?
+        return '[new secret redacted]'
+      else
+        return newvalue
+      end
+    end
+  end
+
+  newparam(:secret, :boolean => true) do
+    desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
+
+    newvalues(:true, :false)
+
+    defaultto false
+  end
+end

modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_api.pp

@@ -0,0 +1,176 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# == Class: dcdbsync::api
+#
+# Setup and configure the dcdbsync API endpoint
+#
+# === Parameters
+#
+# [*keystone_password*]
+#   The password to use for authentication (keystone)
+#
+# [*keystone_enabled*]
+#   (optional) Use keystone for authentification
+#   Defaults to true
+#
+# [*keystone_tenant*]
+#   (optional) The tenant of the auth user
+#   Defaults to services
+#
+# [*keystone_user*]
+#   (optional) The name of the auth user
+#   Defaults to dcdbsync
+#
+# [*keystone_auth_host*]
+#   (optional) The keystone host
+#   Defaults to localhost
+#
+# [*keystone_auth_port*]
+#   (optional) The keystone auth port
+#   Defaults to 5000
+#
+# [*keystone_auth_protocol*]
+#   (optional) The protocol used to access the auth host
+#   Defaults to http.
+#
+# [*keystone_auth_admin_prefix*]
+#   (optional) The admin_prefix used to admin endpoint of the auth host
+#   This allow admin auth URIs like http://auth_host:5000/keystone.
+#   (where '/keystone' is the admin prefix)
+#   Defaults to false for empty. If defined, should be a string with a
+#   leading '/' and no trailing '/'.
+#
+# [*keystone_user_domain*]
+#   (Optional) domain name for auth user.
+#   Defaults to 'Default'.
+#
+# [*keystone_project_domain*]
+#   (Optional) domain name for auth project.
+#   Defaults to 'Default'.
+#
+# [*auth_type*]
+#   (Optional) Authentication type to load.
+#   Defaults to 'password'.
+#
+# [*bind_port*]
+#   (optional) The dcorch dbsync api port
+#   Defaults to 8220
+#
+# [*package_ensure*]
+#   (optional) The state of the package
+#   Defaults to present
+#
+# [*bind_host*]
+#   (optional) The dcorch dbsync api bind address
+#   Defaults to 0.0.0.0
+#
+# [*enabled*]
+#   (optional) The state of the service
+#   Defaults to true
+#
+
+# dcdbsync instance for containerized openstack services
+class dcdbsync::openstack_api (
+  $keystone_password          = '',
+  $keystone_enabled           = true,
+  $keystone_tenant            = 'service',
+  $keystone_user              = 'dcdbsync',
+  $keystone_auth_host         = 'keystone.openstack.svc.cluster.local',
+  $keystone_auth_port         = '80',
+  $keystone_auth_protocol     = 'http',
+  $keystone_auth_admin_prefix = false,
+  $keystone_auth_uri          = false,
+  $keystone_auth_version      = false,
+  $keystone_identity_uri      = false,
+  $keystone_user_domain       = 'Default',
+  $keystone_project_domain    = 'Default',
+  $auth_type                  = 'password',
+  $package_ensure             = 'latest',
+  $bind_host                  = '0.0.0.0',
+  $bind_port                  = 8220,
+  $enabled                    = false
+) {
+
+  include dcdbsync::params
+
+  Dcdbsync_openstack_config<||> ~> Service['dcdbsync-openstack-api']
+
+  dcdbsync_openstack_config {
+    'DEFAULT/bind_host': value => $bind_host;
+    'DEFAULT/bind_port': value => $bind_port;
+  }
+
+  if $keystone_identity_uri {
+    dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; }
+    dcdbsync_openstack_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; }
+  } else {
+    dcdbsync_openstack_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3"; }
+  }
+
+  if $keystone_auth_uri {
+    dcdbsync_openstack_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; }
+  } else {
+    dcdbsync_openstack_config {
+      'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:${keystone_auth_port}/v3";
+    }
+  }
+
+  if $keystone_auth_version {
+    dcdbsync_openstack_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; }
+  } else {
+    dcdbsync_openstack_config { 'keystone_authtoken/auth_version': ensure => absent; }
+  }
+
+  if $keystone_enabled {
+    dcdbsync_openstack_config {
+      'DEFAULT/auth_strategy':     value => 'keystone' ;
+    }
+    dcdbsync_openstack_config {
+      'keystone_authtoken/auth_type':    value => $auth_type;
+      'keystone_authtoken/project_name': value => $keystone_tenant;
+      'keystone_authtoken/username':     value => $keystone_user;
+      'keystone_authtoken/password':     value => $keystone_password, secret=> true;
+      'keystone_authtoken/user_domain_name':  value => $keystone_user_domain;
+      'keystone_authtoken/project_domain_name':  value => $keystone_project_domain;
+    }
+
+    if $keystone_auth_admin_prefix {
+      validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$')
+      dcdbsync_openstack_config {
+        'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix;
+      }
+    } else {
+      dcdbsync_openstack_config {
+        'keystone_authtoken/auth_admin_prefix': ensure => absent;
+      }
+    }
+  }
+  else
+  {
+    dcdbsync_openstack_config {
+      'DEFAULT/auth_strategy':     value => 'noauth' ;
+    }
+  }
+
+  if $enabled {
+    $ensure = 'running'
+  } else {
+    $ensure = 'stopped'
+  }
+
+  service { 'dcdbsync-openstack-api':
+    ensure     => $ensure,
+    name       => $::dcdbsync::params::api_openstack_service,
+    enable     => $enabled,
+    hasstatus  => true,
+    hasrestart => true,
+    tag        => 'dcdbsync-openstack-api',
+  }
+  Keystone_endpoint<||> -> Service['dcdbsync-openstack-api']
+}

modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_cleanup.pp

@@ -0,0 +1,23 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Jan 2019 Creation based off puppet-sysinv
+#
+
+#
+# == Parameters
+#
+
+# cleanup openstack dcdbsync instance
+class dcdbsync::openstack_cleanup {
+
+  include dcdbsync::params
+
+  file { $::dcdbsync::params::openstack_conf_file:
+    ensure => absent,
+  }
+}

modules/puppet-dcdbsync/src/dcdbsync/manifests/openstack_init.pp

@@ -0,0 +1,78 @@
+#
+# Files in this package are licensed under Apache; see LICENSE file.
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Jan 2019 Creation based off puppet-sysinv
+#
+
+#
+# == Parameters
+#
+# [use_syslog]
+#   Use syslog for logging.
+#   (Optional) Defaults to false.
+#
+# [log_facility]
+#   Syslog facility to receive log lines.
+#   (Optional) Defaults to LOG_USER.
+
+# dcdbsync instance for containerized openstack services
+class dcdbsync::openstack_init (
+  $database_connection         = '',
+  $database_idle_timeout       = 3600,
+  $database_max_pool_size      = 5,
+  $database_max_overflow       = 10,
+  $package_ensure              = 'present',
+  $use_stderr                  = false,
+  $log_file                    = 'dcdbsync_openstack.log',
+  $log_dir                     = '/var/log/dcdbsync',
+  $use_syslog                  = false,
+  $log_facility                = 'LOG_USER',
+  $verbose                     = false,
+  $debug                       = false,
+  $region_name                 = 'RegionOne',
+) {
+
+  include dcdbsync::params
+
+  file { $::dcdbsync::params::openstack_conf_file:
+    ensure => present,
+    mode   => '0600',
+  }
+
+  dcdbsync_openstack_config {
+    'DEFAULT/verbose':             value => $verbose;
+    'DEFAULT/debug':               value => $debug;
+  }
+
+  # Automatically add psycopg2 driver to postgresql (only does this if it is missing)
+  $real_connection = regsubst($database_connection,'^mysql:','mysql+pymysql:')
+
+  dcdbsync_openstack_config {
+    'database/connection':    value => $real_connection, secret => true;
+    'database/idle_timeout':  value => $database_idle_timeout;
+    'database/max_pool_size': value => $database_max_pool_size;
+    'database/max_overflow':  value => $database_max_overflow;
+  }
+
+  if $use_syslog {
+    dcdbsync_openstack_config {
+      'DEFAULT/use_syslog':           value => true;
+      'DEFAULT/syslog_log_facility':  value => $log_facility;
+    }
+  } else {
+    dcdbsync_openstack_config {
+      'DEFAULT/use_syslog':           value => false;
+      'DEFAULT/use_stderr':           value => false;
+      'DEFAULT/log_file'  :           value => $log_file;
+      'DEFAULT/log_dir'   :           value => $log_dir;
+    }
+  }
+
+  dcdbsync_openstack_config {
+    'keystone_authtoken/region_name':  value => $region_name;
+  }
+}

modules/puppet-dcdbsync/src/dcdbsync/manifests/params.pp

@@ -11,17 +11,20 @@ class dcdbsync::params {
 
   $conf_dir = '/etc/dcdbsync'
   $conf_file = '/etc/dcdbsync/dcdbsync.conf'
+  $openstack_conf_file = '/etc/dcdbsync/dcdbsync_openstack.conf'
 
   if $::osfamily == 'Debian' {
     $package_name           = 'distributedcloud-dcdbsync'
     $api_package            = 'distributedcloud-dcdbsync'
     $api_service            = 'dcdbsync-api'
+    $api_openstack_service  = 'dcdbsync-openstack-api'
 
   } elsif($::osfamily == 'RedHat') {
 
     $package_name           = 'distributedcloud-dcdbsync'
     $api_package            = false
     $api_service            = 'dcdbsync-api'
+    $api_openstack_service  = 'dcdbsync-openstack-api'
 
   } else {
     fail("Unsupported osfamily ${::osfamily}")

puppet-manifests/src/hieradata/controller.yaml

@@ -211,10 +211,14 @@ dcmanager::use_syslog: true
 dcmanager::log_facility: 'local2'
 dcmanager::debug: false
 
-# Dcdbsync
-dbsync::use_syslog: true
-dbsync::log_facility: 'local2'
-dbsync::debug: false
+# Dcdbsync instance for platform services
+dcdbsync::use_syslog: true
+dcdbsync::log_facility: 'local2'
+dcdbsync::debug: false
+# Dcdbsync instance for containerized openstack services
+dcdbsync::openstack_init::use_syslog: true
+dcdbsync::openstack_init::log_facility: 'local3'
+dcdbsync::openstack_init::debug: false
 
 # FM
 fm::use_syslog: true

puppet-manifests/src/modules/platform/manifests/dcdbsync.pp

@@ -1,5 +1,6 @@
 class platform::dcdbsync::params (
   $api_port = 8219,
+  $api_openstack_port = 8220,
   $region_name = undef,
   $service_create = false,
   $service_enabled = false,
@@ -42,3 +43,30 @@ class platform::dcdbsync::api
   }
 }
 
+class platform::dcdbsync::stx_openstack::runtime
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create and
+      $::platform::params::stx_openstack_applied {
+
+      include ::platform::network::mgmt::params
+
+      $api_host = $::platform::network::mgmt::params::controller_address
+      $api_fqdn = $::platform::params::controller_hostname
+      $url_host = "http://${api_fqdn}:${api_openstack_port}"
+
+      class { '::dcdbsync::openstack_init': }
+      class { '::dcdbsync::openstack_api':
+        keystone_tenant         => 'service',
+        keystone_user_domain    => 'service',
+        keystone_project_domain => 'service',
+        bind_host               => $api_host,
+        bind_port               => $api_openstack_port,
+        enabled                 => $service_enabled,
+      }
+    } else {
+      class { '::dcdbsync::openstack_cleanup': }
+    }
+  }
+}

puppet-manifests/src/modules/platform/manifests/sm.pp

@@ -424,6 +424,9 @@ class platform::sm
       -> exec { 'Configure OpenStack - DCDBsync-API':
         command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
       }
+      -> exec { 'Configure OpenStack - DCDBsync-openstack-API':
+        command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
+      }
       # Deprovision Horizon when running as a subcloud
       exec { 'Deprovision OpenStack - Horizon (service-group-member)':
         command => 'sm-deprovision service-group-member web-services horizon',
@@ -896,6 +899,9 @@ class platform::sm
     -> exec { 'Configure OpenStack - DCDBsync-API':
       command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
     }
+    -> exec { 'Configure OpenStack - DCDBsync-openstack-API':
+      command => "sm-configure service_instance dcdbsync-openstack-api dcdbsync-openstack-api \"config=/etc/dcdbsync/dcdbsync_openstack.conf\"",
+    }
   }
 
   # lint:endignore:140chars
@@ -960,6 +966,13 @@ class platform::sm::stx_openstack::runtime {
     exec { 'provision guest-agent service group member':
         command => 'sm-provision service-group-member controller-services guest-agent --apply'
     }
+    # Configure openstack dcdbsync for systemcontroller and subcloud
+    if ($::platform::params::distributed_cloud_role =='systemcontroller') or
+      ($::platform::params::distributed_cloud_role =='subcloud') {
+        exec { 'provision distributed-cloud service group member':
+          command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
+        }
+    }
   } else {
     exec { 'deprovision service group member':
         command => 'sm-deprovision service-group-member cloud-services dbmon --apply'
@@ -967,6 +980,14 @@ class platform::sm::stx_openstack::runtime {
     exec { 'deprovision guest-agent service group member':
         command => 'sm-deprovision service-group-member controller-services guest-agent --apply'
     }
+    exec { 'deprovision distributed-cloud service group member':
+        command => 'sm-deprovision service-group-member distributed-cloud-services dcdbsync-openstack-api --apply'
+    }
+    -> exec { 'stop distributed-cloud service group member':
+      environment => ['OCF_FUNCTIONS_DIR=/usr/lib/ocf/lib/heartbeat/',
+        'OCF_RESKEY_pid=/var/run/resource-agents/dcdbsync-openstack-api.pid'],
+      command     => '/usr/lib/ocf/resource.d/openstack/dcdbsync-api stop',
+    }
   }
 }