starlingx/stx-puppet
Code Issues Proposed changes
stx-puppet/puppet-manifests/src/modules/platform/manifests/sysinv.pp
Samuel Toledo 3d5b46834a Remove rabbitmq dependencies from sysinv puppet 
Continuing the efforts from [1], this review consists in removing all
dependencies related to amqp classes as well as initializations for
rabbitmq variables. This removal can be done because sysinv does not
use rabbitmq.

Test plan
PASS - Perform fresh install and bootstrap in an AIO-SX successfully
PASS - Perform fresh install and bootstrap in an AIO-DX successfully
PASS - Run any system command successfully (system host-list, system application-list, etc)

Story: 2010802
Task: 48578

[1] - https://storyboard.openstack.org/#!/story/2010802

Change-Id: I5da60b97ac8808d95d5b76ade065ea521e62e251
Signed-off-by: Samuel Toledo <samuel.presatoledo@windriver.com>
2023-08-31 19:43:12 +00:00

186 lines
5.9 KiB
Puppet
Raw Blame History

class platform::sysinv::params (
$api_port = undef,
$region_name = undef,
$service_create = false,
$fm_catalog_info = 'faultmanagement:fm:internalURL',
$server_timeout = '600s',
) { }
class platform::sysinv
inherits ::platform::sysinv::params {
Anchor['platform::services'] -> Class[$name]
include ::platform::params
include ::platform::drbd::platform::params
# sysinv-agent is started on all hosts
include ::sysinv::agent
$keystone_key_repo_path = "${::platform::drbd::platform::params::mountpoint}/keystone"
group { 'sysinv':
ensure => 'present',
gid => '168',
}
-> user { 'sysinv':
ensure => 'present',
comment => 'sysinv Daemons',
gid => '168',
groups => ['nobody', 'sysinv', 'sys_protected'],
home => '/var/lib/sysinv',
password => '!!',
password_max_age => '-1',
password_min_age => '-1',
shell => '/sbin/nologin',
uid => '168',
}
-> file { '/etc/sysinv':
ensure => 'directory',
owner => 'sysinv',
group => 'sysinv',
mode => '0750',
}
-> class { '::sysinv':
fm_catalog_info => $fm_catalog_info,
fernet_key_repository => "${keystone_key_repo_path}/fernet-keys",
}
# Note: The log format strings are prefixed with "sysinv" because it is
# interpreted as the program by syslog-ng, which allows the sysinv logs to be
# filtered and directed to their own file.
# TODO(mpeters): update puppet-sysinv to permit configuration of log formats
# once the log configuration has been moved to oslo::log
sysinv_config {
'DEFAULT/logging_context_format_string': value =>
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s';
'DEFAULT/logging_default_format_string': value =>
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s';
}
}
class platform::sysinv::conductor {
Class['::platform::drbd::platform'] -> Class[$name]
include ::sysinv::conductor
}
class platform::sysinv::haproxy
inherits ::platform::sysinv::params {
include ::platform::params
include ::platform::haproxy::params
platform::haproxy::proxy { 'sysinv-restapi':
server_name => 's-sysinv',
public_port => $api_port,
private_port => $api_port,
server_timeout => $server_timeout,
}
# Configure rules for DC https enabled admin endpoint.
if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
$::platform::params::distributed_cloud_role == 'subcloud') {
platform::haproxy::proxy { 'sysinv-restapi-admin':
https_ep_type => 'admin',
server_name => 's-sysinv',
public_ip_address => $::platform::haproxy::params::private_dc_ip_address,
public_port => $api_port + 1,
private_port => $api_port,
server_timeout => $server_timeout,
}
}
}
class platform::sysinv::api
inherits ::platform::sysinv::params {
include ::platform::params
include ::sysinv::api
if ($::platform::sysinv::params::service_create and
$::platform::params::init_keystone) {
include ::sysinv::keystone::auth
# Cleanup the endpoints created at bootstrap if they are not in
# the subcloud region.
if ($::platform::params::distributed_cloud_role == 'subcloud' and
$::platform::params::region_2_name != 'RegionOne') {
Keystone_endpoint["${platform::params::region_2_name}/sysinv::platform"] -> Keystone_endpoint['RegionOne/sysinv::platform']
keystone_endpoint { 'RegionOne/sysinv::platform':
ensure => 'absent',
name => 'sysinv',
type => 'platform',
region => 'RegionOne',
public_url => 'http://127.0.0.1:6385/v1',
admin_url => 'http://127.0.0.1:6385/v1',
internal_url => 'http://127.0.0.1:6385/v1'
}
}
}
if $::platform::params::distributed_cloud_role =='systemcontroller' {
sysinv_config{
'DEFAULT/sysinv_api_workers': value => min($::platform::params::eng_workers_by_5, 6);
}
} else {
# TODO(mpeters): move to sysinv puppet module parameters
sysinv_config {
'DEFAULT/sysinv_api_workers': value => $::platform::params::eng_workers_by_5;
}
}
include ::platform::sysinv::haproxy
}
class platform::sysinv::bootstrap (
$dc_sysinv_user_id = undef,
) {
include ::sysinv::db::postgresql
include ::sysinv::keystone::auth
include ::platform::client::params
if $dc_sysinv_user_id {
exec { 'update keystone sysinv assignment actor_id to match system controller':
command => "psql -d keystone -c \"update public.assignment set actor_id='${dc_sysinv_user_id}' from public.local_user where\
public.assignment.actor_id=public.local_user.user_id and public.local_user.name='sysinv'\"",
user => 'postgres',
require => Class['::sysinv::keystone::auth'],
}
-> exec { 'update keystone sysinv user id to match system controller':
command => "psql -d keystone -c \"update public.user set id='${dc_sysinv_user_id}' from public.local_user where\
public.user.id=public.local_user.user_id and public.local_user.name='sysinv'\"",
user => 'postgres',
}
}
include ::platform::sysinv
class { '::sysinv::api':
enabled => true
}
class { '::sysinv::conductor':
enabled => true
}
# set sysinv ignore_lockout_failure_attempts option to true to
# exempt it from auth fail lockout.
Class['::sysinv::keystone::auth']
-> openstack::keystone::user::option { 'Set sysinv user option':
admin_username => $::platform::client::params::admin_username,
admin_password => $::platform::client::params::admin_password,
auth_url => $::platform::client::params::identity_auth_url,
username => $::sysinv::keystone::auth::auth_name,
option => 'ignore_lockout_failure_attempts',
option_value => bool2str(true),
}
}
View Git Blame Copy Permalink