From 219cf98b4f64ae162ca25b56b933625242f17168 Mon Sep 17 00:00:00 2001 From: Gael Chamoulaud Date: Mon, 6 Oct 2014 11:37:22 +0200 Subject: [PATCH] Adds Hiera implementation within Packstack Packstack configures Hiera as data backend. Packstack puppet templates are now using hiera() and hiera_array() functions to fetch data from hiera backend. Packstack generates a defaults.yaml file in the /var/tmp/packstack directory. Firewall rules for each openstack components are inserted into the hiera backend as hash and created by the create_resources function. Change-Id: Iab553a71264b0fc0f26d33a6304b545ad302f664 Fixes: rhbz#1145223 Signed-off-by: Gael Chamoulaud --- packstack/installer/basedefs.py | 2 + packstack/modules/ospluginutils.py | 15 +++ packstack/plugins/amqp_002.py | 30 +++-- packstack/plugins/ceilometer_800.py | 38 ++++-- packstack/plugins/cinder_250.py | 72 ++++++---- packstack/plugins/dashboard_500.py | 16 +-- packstack/plugins/glance_200.py | 23 ++-- packstack/plugins/heat_750.py | 60 ++++++--- packstack/plugins/keystone_100.py | 20 +-- packstack/plugins/mariadb_003.py | 20 +-- packstack/plugins/nagios_910.py | 22 +-- packstack/plugins/neutron_350.py | 116 +++++++++------- packstack/plugins/nova_300.py | 100 +++++++++----- packstack/plugins/openstack_client_400.py | 2 +- packstack/plugins/prescript_000.py | 2 +- packstack/plugins/provision_700.py | 4 +- packstack/plugins/puppet_950.py | 28 +++- packstack/plugins/swift_600.py | 39 +++--- packstack/puppet/templates/amqp.pp | 89 +++++++------ packstack/puppet/templates/ceilometer.pp | 30 ++--- .../templates/ceilometer_nova_disabled.pp | 4 +- packstack/puppet/templates/ceilometer_qpid.pp | 18 +-- .../puppet/templates/ceilometer_rabbitmq.pp | 14 +- packstack/puppet/templates/chrony.pp | 56 ++++---- packstack/puppet/templates/cinder.pp | 35 +++-- packstack/puppet/templates/cinder_backup.pp | 9 +- packstack/puppet/templates/cinder_gluster.pp | 6 +- packstack/puppet/templates/cinder_lvm.pp | 18 +-- .../templates/cinder_netapp_7mode_iscsi.pp | 20 +-- .../templates/cinder_netapp_7mode_nfs.pp | 22 +-- .../templates/cinder_netapp_cdot_iscsi.pp | 18 +-- .../templates/cinder_netapp_cdot_nfs.pp | 24 ++-- .../puppet/templates/cinder_netapp_eseries.pp | 22 +-- packstack/puppet/templates/cinder_nfs.pp | 2 +- packstack/puppet/templates/cinder_qpid.pp | 22 +-- packstack/puppet/templates/cinder_rabbitmq.pp | 18 +-- packstack/puppet/templates/cinder_vmdk.pp | 6 +- packstack/puppet/templates/firewall.pp | 11 -- packstack/puppet/templates/glance.pp | 41 +++--- .../templates/glance_ceilometer_qpid.pp | 10 +- .../templates/glance_ceilometer_rabbitmq.pp | 10 +- packstack/puppet/templates/glance_file.pp | 2 +- packstack/puppet/templates/glance_swift.pp | 7 +- packstack/puppet/templates/global.pp | 2 +- packstack/puppet/templates/heat.pp | 23 ++-- packstack/puppet/templates/heat_cfn.pp | 13 +- packstack/puppet/templates/heat_cloudwatch.pp | 3 +- packstack/puppet/templates/heat_qpid.pp | 30 +++-- packstack/puppet/templates/heat_rabbitmq.pp | 26 ++-- packstack/puppet/templates/heat_trusts.pp | 1 + packstack/puppet/templates/horizon.pp | 73 +++++----- packstack/puppet/templates/keystone.pp | 62 +++++---- .../puppet/templates/keystone_ceilometer.pp | 10 +- packstack/puppet/templates/keystone_cinder.pp | 12 +- packstack/puppet/templates/keystone_glance.pp | 12 +- packstack/puppet/templates/keystone_heat.pp | 30 +++-- .../puppet/templates/keystone_neutron.pp | 12 +- packstack/puppet/templates/keystone_nova.pp | 14 +- packstack/puppet/templates/keystone_swift.pp | 6 +- .../templates/mariadb_cinder_install.pp | 10 +- .../templates/mariadb_cinder_noinstall.pp | 38 +++--- .../templates/mariadb_glance_install.pp | 10 +- .../templates/mariadb_glance_noinstall.pp | 38 +++--- .../puppet/templates/mariadb_heat_install.pp | 10 +- .../templates/mariadb_heat_noinstall.pp | 38 +++--- packstack/puppet/templates/mariadb_install.pp | 49 ++++--- .../templates/mariadb_keystone_install.pp | 12 +- .../templates/mariadb_keystone_noinstall.pp | 38 +++--- .../templates/mariadb_neutron_install.pp | 12 +- .../templates/mariadb_neutron_noinstall.pp | 43 +++--- .../puppet/templates/mariadb_noinstall.pp | 3 +- .../puppet/templates/mariadb_nova_install.pp | 10 +- .../templates/mariadb_nova_noinstall.pp | 38 +++--- packstack/puppet/templates/mongodb.pp | 7 +- packstack/puppet/templates/nagios_nrpe.pp | 67 +++++----- packstack/puppet/templates/nagios_server.pp | 126 ++++++++++-------- packstack/puppet/templates/neutron.pp | 13 +- packstack/puppet/templates/neutron_api.pp | 21 +-- packstack/puppet/templates/neutron_dhcp.pp | 5 +- packstack/puppet/templates/neutron_l3.pp | 8 +- .../puppet/templates/neutron_lb_agent.pp | 2 +- .../puppet/templates/neutron_lb_plugin.pp | 4 +- packstack/puppet/templates/neutron_lbaas.pp | 4 +- .../puppet/templates/neutron_metadata.pp | 16 ++- .../templates/neutron_metering_agent.pp | 4 +- .../puppet/templates/neutron_ml2_plugin.pp | 29 ++-- .../puppet/templates/neutron_notifications.pp | 14 +- .../puppet/templates/neutron_ovs_agent_gre.pp | 16 ++- .../templates/neutron_ovs_agent_local.pp | 8 +- .../templates/neutron_ovs_agent_vlan.pp | 8 +- .../templates/neutron_ovs_agent_vxlan.pp | 19 +-- .../puppet/templates/neutron_ovs_bridge.pp | 10 +- .../templates/neutron_ovs_plugin_gre.pp | 6 +- .../templates/neutron_ovs_plugin_local.pp | 4 +- .../templates/neutron_ovs_plugin_vlan.pp | 4 +- .../templates/neutron_ovs_plugin_vxlan.pp | 8 +- .../puppet/templates/neutron_ovs_port.pp | 8 +- packstack/puppet/templates/neutron_qpid.pp | 16 +-- .../puppet/templates/neutron_rabbitmq.pp | 14 +- packstack/puppet/templates/nova_api.pp | 10 +- packstack/puppet/templates/nova_ceilometer.pp | 9 +- .../puppet/templates/nova_ceilometer_qpid.pp | 16 +-- .../templates/nova_ceilometer_rabbitmq.pp | 14 +- packstack/puppet/templates/nova_cert.pp | 4 +- .../puppet/templates/nova_common_nopw.pp | 9 ++ .../{nova_common.pp => nova_common_pw.pp} | 4 +- .../puppet/templates/nova_common_qpid.pp | 36 ++--- .../puppet/templates/nova_common_rabbitmq.pp | 32 ++--- packstack/puppet/templates/nova_compute.pp | 91 +++++++------ .../puppet/templates/nova_compute_libvirt.pp | 61 ++++----- .../puppet/templates/nova_compute_vmware.pp | 8 +- packstack/puppet/templates/nova_conductor.pp | 4 +- packstack/puppet/templates/nova_network.pp | 68 ++++++---- .../puppet/templates/nova_network_libvirt.pp | 9 +- packstack/puppet/templates/nova_neutron.pp | 20 +-- packstack/puppet/templates/nova_sched.pp | 18 +-- packstack/puppet/templates/nova_vncproxy.pp | 20 +-- packstack/puppet/templates/ntpd.pp | 66 +++++---- .../puppet/templates/openstack_client.pp | 59 ++++---- .../puppet/templates/persist_ovs_bridge.pp | 13 +- packstack/puppet/templates/prescript.pp | 4 +- packstack/puppet/templates/provision_demo.pp | 64 ++++----- .../puppet/templates/provision_demo_glance.pp | 8 +- .../puppet/templates/provision_tempest.pp | 86 ++++++------ packstack/puppet/templates/sshkey.pp | 8 +- packstack/puppet/templates/swift_builder.pp | 14 +- packstack/puppet/templates/swift_common.pp | 7 +- packstack/puppet/templates/swift_loopback.pp | 6 +- packstack/puppet/templates/swift_proxy.pp | 47 ++++--- packstack/puppet/templates/swift_storage.pp | 22 +-- requirements.txt | 1 + setup.py | 2 +- 132 files changed, 1706 insertions(+), 1376 deletions(-) delete mode 100644 packstack/puppet/templates/firewall.pp create mode 100644 packstack/puppet/templates/nova_common_nopw.pp rename packstack/puppet/templates/{nova_common.pp => nova_common_pw.pp} (56%) diff --git a/packstack/installer/basedefs.py b/packstack/installer/basedefs.py index 6ebebf05f..9e213236a 100644 --- a/packstack/installer/basedefs.py +++ b/packstack/installer/basedefs.py @@ -43,6 +43,8 @@ VAR_DIR = tempfile.mkdtemp(prefix=_tmpdirprefix, dir=PACKSTACK_VAR_DIR) DIR_LOG = VAR_DIR PUPPET_MANIFEST_RELATIVE = "manifests" PUPPET_MANIFEST_DIR = os.path.join(VAR_DIR, PUPPET_MANIFEST_RELATIVE) +HIERADATA_FILE_RELATIVE = "hieradata" +HIERADATA_DIR = os.path.join(VAR_DIR, HIERADATA_FILE_RELATIVE) FILE_INSTALLER_LOG = "setup.log" diff --git a/packstack/modules/ospluginutils.py b/packstack/modules/ospluginutils.py index d69581ea0..2830bf3e5 100644 --- a/packstack/modules/ospluginutils.py +++ b/packstack/modules/ospluginutils.py @@ -2,6 +2,7 @@ import logging import os import re +import yaml from packstack.installer import basedefs from packstack.installer.setup_controller import Controller @@ -11,6 +12,7 @@ controller = Controller() PUPPET_DIR = os.path.join(basedefs.DIR_PROJECT_DIR, "puppet") PUPPET_TEMPLATE_DIR = os.path.join(PUPPET_DIR, "templates") +HIERA_DEFAULTS_YAML = os.path.join(basedefs.HIERADATA_DIR, "defaults.yaml") class NovaConfig(object): @@ -80,6 +82,19 @@ def appendManifestFile(manifest_name, data, marker=''): manifestfiles.addFile(manifest_name, marker, data) +def generateHieraDataFile(): + os.mkdir(basedefs.HIERADATA_DIR, 0700) + with open(HIERA_DEFAULTS_YAML, 'w') as outfile: + outfile.write(yaml.dump(controller.CONF, + explicit_start=True, + default_flow_style=False)) + + +def createFirewallResources(hiera_key, default_value='{}'): + hiera_function = "hiera('%s', %s)" % (hiera_key, default_value) + return "create_resources(packstack::firewall, %s)\n\n" % hiera_function + + def gethostlist(CONF): hosts = [] for key, value in CONF.items(): diff --git a/packstack/plugins/amqp_002.py b/packstack/plugins/amqp_002.py index 618c15d7e..5038bd19e 100644 --- a/packstack/plugins/amqp_002.py +++ b/packstack/plugins/amqp_002.py @@ -15,7 +15,8 @@ from packstack.installer import utils from packstack.modules.common import filtered_hosts from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -219,7 +220,7 @@ def initSequences(controller): def create_manifest(config, messages): server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': - config['CONFIG_AMQP_ENABLE_SSL'] = 'true' + config['CONFIG_AMQP_ENABLE_SSL'] = True config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y': @@ -234,10 +235,10 @@ def create_manifest(config, messages): # Set default values config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_SSL_PORT'] = "5671" - config['CONFIG_AMQP_SSL_CERT_FILE'] = "" - config['CONFIG_AMQP_SSL_KEY_FILE'] = "" - config['CONFIG_AMQP_NSS_CERTDB_PW'] = "" - config['CONFIG_AMQP_ENABLE_SSL'] = 'false' + config['CONFIG_AMQP_SSL_CERT_FILE'] = '' + config['CONFIG_AMQP_SSL_KEY_FILE'] = '' + config['CONFIG_AMQP_NSS_CERTDB_PW'] = '' + config['CONFIG_AMQP_ENABLE_SSL'] = False config['CONFIG_AMQP_PROTOCOL'] = 'tcp' if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': @@ -247,14 +248,17 @@ def create_manifest(config, messages): manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestdata = getManifestTemplate('amqp.pp') + fw_details = dict() # All hosts should be able to talk to amqp - config['FIREWALL_SERVICE_NAME'] = "amqp" - config['FIREWALL_PORTS'] = "['5671', '5672']" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' for host in filtered_hosts(config, exclude=False): - config['FIREWALL_ALLOWED'] = "'%s'" % host - config['FIREWALL_SERVICE_ID'] = "amqp_%s" % host - manifestdata += getManifestTemplate("firewall.pp") + key = "amqp_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % host + fw_details[key]['service_name'] = "amqp" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['5671', '5672'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_AMQP_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') diff --git a/packstack/plugins/ceilometer_800.py b/packstack/plugins/ceilometer_800.py index 3ae344ffb..a99d010fa 100644 --- a/packstack/plugins/ceilometer_800.py +++ b/packstack/plugins/ceilometer_800.py @@ -13,7 +13,8 @@ from packstack.installer import validators from packstack.installer import processors from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -112,13 +113,17 @@ def create_manifest(config, messages): manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer.pp") - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api' - config['FIREWALL_SERVICE_ID'] = 'ceilometer_api' - config['FIREWALL_PORTS'] = "'8777'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "ceilometer_api" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "ceilometer-api" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8777'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_CEILOMETER_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') + # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': @@ -129,11 +134,18 @@ def create_manifest(config, messages): def create_mongodb_manifest(config, messages): manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST'] manifestdata = getManifestTemplate("mongodb.pp") - config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST'] - config['FIREWALL_SERVICE_NAME'] = 'mongodb-server' - config['FIREWALL_PORTS'] = "'27017'" - config['FIREWALL_PROTOCOL'] = 'tcp' - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "mongodb_server" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] + fw_details[key]['service_name'] = "mongodb-server" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['27017'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_MONGODB_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') diff --git a/packstack/plugins/cinder_250.py b/packstack/plugins/cinder_250.py index 2c84e8f0b..a03bfe3eb 100644 --- a/packstack/plugins/cinder_250.py +++ b/packstack/plugins/cinder_250.py @@ -20,7 +20,8 @@ from packstack.installer import utils from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) from packstack.installer import exceptions from packstack.installer import output_messages @@ -125,10 +126,10 @@ def initConfig(controller): "domain:/vol-name "), "PROMPT": ("Enter a single or comma separated list of gluster " "volume shares to use with Cinder"), - "OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'", - "^'[a-zA-Z0-9][\-\.\w]*:/.*'"], + "OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*", + "^[a-zA-Z0-9][\-\.\w]*:/.*"], "VALIDATORS": [validators.validate_multi_regexp], - "PROCESSORS": [processors.process_add_quotes_around_values], + "PROCESSORS": [], "DEFAULT_VALUE": "", "MASK_INPUT": False, "LOOSE_VALIDATION": True, @@ -144,9 +145,9 @@ def initConfig(controller): "mount, eg: ip-address:/export-name "), "PROMPT": ("Enter a single or comma seprated list of NFS exports " "to use with Cinder"), - "OPTION_LIST": ["^'([\d]{1,3}\.){3}[\d]{1,3}:/.*'"], + "OPTION_LIST": ["^([\d]{1,3}\.){3}[\d]{1,3}:/.*"], "VALIDATORS": [validators.validate_multi_regexp], - "PROCESSORS": [processors.process_add_quotes_around_values], + "PROCESSORS": [], "DEFAULT_VALUE": "", "MASK_INPUT": False, "LOOSE_VALIDATION": True, @@ -592,10 +593,16 @@ def initSequences(controller): if config['CONFIG_CINDER_INSTALL'] != 'y': return - config['CONFIG_CINDER_BACKEND'] = str( + config['CONFIG_CINDER_BACKEND'] = ( [i.strip() for i in config['CONFIG_CINDER_BACKEND'].split(',') if i] ) + for key in ('CONFIG_CINDER_NETAPP_VOLUME_LIST', + 'CONFIG_CINDER_GLUSTER_MOUNTS', + 'CONFIG_CINDER_NFS_MOUNTS'): + if key in config: + config[key] = [i.strip() for i in config[key].split(',') if i] + cinder_steps = [ {'title': 'Adding Cinder Keystone manifest entries', 'functions': [create_keystone_manifest]}, @@ -711,8 +718,7 @@ def create_manifest(config, messages): manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder.pp") - backends = config['CONFIG_CINDER_BACKEND'].strip('[]') - backends = [i.strip('\' ') for i in backends.split(',')] + backends = config['CONFIG_CINDER_BACKEND'] if 'netapp' in backends: backends.remove('netapp') puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp" @@ -740,24 +746,36 @@ def create_manifest(config, messages): if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup.pp') - config['FIREWALL_SERVICE_NAME'] = "cinder" - config['FIREWALL_PORTS'] = "['3260']" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - if (config['CONFIG_NOVA_INSTALL'] == 'y' and + fw_details = dict() + for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): + if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): - for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): - config['FIREWALL_ALLOWED'] = "'%s'" % host - config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host - manifestdata += getManifestTemplate("firewall.pp") - else: - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "cinder_ALL" - manifestdata += getManifestTemplate("firewall.pp") + key = "cinder_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % host + else: + key = "cinder_all" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + + fw_details[key]['service_name'] = "cinder" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['3260'] + fw_details[key]['proto'] = "tcp" + + config['FIREWALL_CINDER_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') + # cinder API should be open for everyone - config['FIREWALL_SERVICE_NAME'] = "cinder-api" - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "cinder_API" - config['FIREWALL_PORTS'] = "['8776']" - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "cinder_api" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "cinder-api" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8776'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_CINDER_API_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') + appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/dashboard_500.py b/packstack/plugins/dashboard_500.py index 8d4f42dc3..f8c95b4b9 100644 --- a/packstack/plugins/dashboard_500.py +++ b/packstack/plugins/dashboard_500.py @@ -123,11 +123,11 @@ def create_manifest(config, messages): manifestfile = "%s_horizon.pp" % horizon_host proto = "http" - config["CONFIG_HORIZON_PORT"] = "'80'" + config["CONFIG_HORIZON_PORT"] = 80 sslmanifestdata = '' if config["CONFIG_HORIZON_SSL"] == 'y': - config["CONFIG_HORIZON_SSL"] = 'true' - config["CONFIG_HORIZON_PORT"] = "'443'" + config["CONFIG_HORIZON_SSL"] = True + config["CONFIG_HORIZON_PORT"] = 443 proto = "https" # Are we using the users cert/key files @@ -160,16 +160,16 @@ def create_manifest(config, messages): "/etc/httpd/conf.d/ssl.conf on %s to use a CA signed cert." % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) else: - config["CONFIG_HORIZON_SSL"] = 'false' + config["CONFIG_HORIZON_SSL"] = False - config["CONFIG_HORIZON_NEUTRON_LB"] = 'false' - config["CONFIG_HORIZON_NEUTRON_FW"] = 'false' + config["CONFIG_HORIZON_NEUTRON_LB"] = False + config["CONFIG_HORIZON_NEUTRON_FW"] = False if config['CONFIG_NEUTRON_INSTALL'] == 'y': if config["CONFIG_LBAAS_INSTALL"] == 'y': - config["CONFIG_HORIZON_NEUTRON_LB"] = 'true' + config["CONFIG_HORIZON_NEUTRON_LB"] = True if config["CONFIG_NEUTRON_FWAAS"] == 'y': - config["CONFIG_HORIZON_NEUTRON_FW"] = 'true' + config["CONFIG_HORIZON_NEUTRON_FW"] = True manifestdata = getManifestTemplate("horizon.pp") appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/glance_200.py b/packstack/plugins/glance_200.py index 3377bb245..56b1cd3db 100644 --- a/packstack/plugins/glance_200.py +++ b/packstack/plugins/glance_200.py @@ -15,7 +15,8 @@ from packstack.installer.utils import split_hosts from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -126,15 +127,15 @@ def create_manifest(config, messages): mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) - manifestdata += getManifestTemplate( - 'glance_%s.pp' % config['CONFIG_GLANCE_BACKEND']) - - config['FIREWALL_SERVICE_NAME'] = "glance" - config['FIREWALL_PORTS'] = "'9292'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "glance_API" - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "glance_api" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "glance" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['9292'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_GLANCE_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/heat_750.py b/packstack/plugins/heat_750.py index b0fd68600..d00f6faa1 100644 --- a/packstack/plugins/heat_750.py +++ b/packstack/plugins/heat_750.py @@ -15,7 +15,8 @@ from packstack.installer import processors from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (getManifestTemplate, manifestfiles, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -193,13 +194,18 @@ def create_manifest(config, messages): manifestdata += getManifestTemplate("heat.pp") if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': manifestdata += getManifestTemplate("heat_trusts.pp") - config['FIREWALL_SERVICE_NAME'] = "heat" - config['FIREWALL_PORTS'] = "'8004'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "heat" - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "heat" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "heat" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8004'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_HEAT_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata) @@ -217,13 +223,18 @@ def create_cloudwatch_manifest(config, messages): manifestfile = "%s_heatcw.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cloudwatch.pp") - config['FIREWALL_SERVICE_NAME'] = "heat api cloudwatch" - config['FIREWALL_PORTS'] = "'8003'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "heat_api_cloudwatch" - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "heat_api_cloudwatch" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "heat api cloudwatch" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8003'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_HEAT_CLOUDWATCH_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_HEAT_CLOUDWATCH_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat') @@ -231,11 +242,16 @@ def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn.pp") - config['FIREWALL_SERVICE_NAME'] = "heat_cfn" - config['FIREWALL_PORTS'] = "'8000'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "heat_cfn" - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "heat_cfn" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "heat cfn" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8000'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_HEAT_CFN_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat') diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index 39dfe3ea5..e5965c72a 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -13,7 +13,8 @@ from packstack.installer import basedefs from packstack.installer import utils from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -142,12 +143,15 @@ def create_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone.pp") - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_NAME'] = "keystone" - config['FIREWALL_SERVICE_ID'] = "keystone" - config['FIREWALL_PORTS'] = "['5000', '35357']" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "keystone" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "keystone" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['5000', '35357'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_KEYSTONE_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES') appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/mariadb_003.py b/packstack/plugins/mariadb_003.py index 81dbee64e..030180b00 100644 --- a/packstack/plugins/mariadb_003.py +++ b/packstack/plugins/mariadb_003.py @@ -14,7 +14,8 @@ from packstack.installer.utils import split_hosts from packstack.modules.common import filtered_hosts from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -114,13 +115,16 @@ def create_manifest(config, messages): hosts = filtered_hosts(config, exclude=False, dbhost=True) - config['FIREWALL_SERVICE_NAME'] = "mariadb" - config['FIREWALL_PORTS'] = "'3306'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' + fw_details = dict() for host in hosts: - config['FIREWALL_ALLOWED'] = "'%s'" % host - config['FIREWALL_SERVICE_ID'] = "mariadb_%s" % host - manifestdata.append(getManifestTemplate("firewall.pp")) + key = "mariadb_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % host + fw_details[key]['service_name'] = "mariadb" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['3306'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_MARIADB_RULES'] = fw_details + manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES')) appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre') diff --git a/packstack/plugins/nagios_910.py b/packstack/plugins/nagios_910.py index 491548c70..5ee30f3b7 100644 --- a/packstack/plugins/nagios_910.py +++ b/packstack/plugins/nagios_910.py @@ -14,7 +14,8 @@ from packstack.installer import utils from packstack.modules.common import filtered_hosts from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -185,14 +186,19 @@ def create_nrpe_manifests(config, messages): config['CONFIG_NRPE_HOST'] = hostname manifestfile = "%s_nagios_nrpe.pp" % hostname manifestdata = getManifestTemplate("nagios_nrpe.pp") + # Only the Nagios host is allowed to talk to nrpe - config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST'] - config['FIREWALL_SERVICE_NAME'] = "nagios-nrpe" - config['FIREWALL_SERVICE_ID'] = "nagios_nrpe" - config['FIREWALL_PORTS'] = '5666' - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "nagios_nrpe" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] + fw_details[key]['service_name'] = "nagios-nrpe" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['5666'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_NAGIOS_NRPE_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_NAGIOS_NRPE_RULES') appendManifestFile(manifestfile, manifestdata) messages.append("To use Nagios, browse to " diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py index 05a5bae21..de45c1f3b 100644 --- a/packstack/plugins/neutron_350.py +++ b/packstack/plugins/neutron_350.py @@ -19,7 +19,8 @@ from packstack.installer.utils import split_hosts from packstack.modules.common import filtered_hosts from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile) + appendManifestFile, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -569,9 +570,12 @@ def initSequences(controller): 'CONFIG_NEUTRON_ML2_VLAN_RANGES', 'CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES', 'CONFIG_NEUTRON_ML2_VNI_RANGES'): - config[key] = str([i.strip() for i in config[key].split(',') if i]) + if config[key] == '': + config[key] = [] + else: + config[key] = [i.strip() for i in config[key].split(',') if i] key = 'CONFIG_NEUTRON_ML2_VXLAN_GROUP' - config[key] = "'%s'" % config[key] if config[key] else 'undef' + config[key] = "%s" % config[key] if config[key] else '' config['CONFIG_NEUTRON_L2_DBNAME'] = plugin_db config['CONFIG_NEUTRON_CORE_PLUGIN'] = plugin_path @@ -702,8 +706,7 @@ def get_agent_type(config): # "vlan,gre" or "vlan,vxlan" so that VLANs are used if available, # but tunnels are used if not. tenant_types = config.get('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES', - "['local']").strip('[]') - tenant_types = [i.strip('"\'') for i in tenant_types.split(',')] + "local") for i in ['gre', 'vxlan', 'vlan']: if i in tenant_types: @@ -737,7 +740,7 @@ def create_manifests(config, messages): 'neutron.services.firewall.fwaas_plugin.FirewallPlugin' ) - config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins + config['SERVICE_PLUGINS'] = (service_plugins if service_plugins else 'undef') if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch': @@ -765,33 +768,44 @@ def create_manifests(config, messages): # XXX I am not completely sure about this, but it seems necessary: manifest_data += getManifestTemplate(plugin_manifest) - #Firewall - config['FIREWALL_SERVICE_NAME'] = "neutron server" - config['FIREWALL_PORTS'] = "'9696'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = ("neutron_server_%s" - % (host)) - manifest_data += getManifestTemplate("firewall.pp") + # Firewall + fw_details = dict() + key = "neutron_server_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "neutron server" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['9696'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_NEUTRON_SERVER_RULES'] = fw_details + manifest_data += createFirewallResources( + 'FIREWALL_NEUTRON_SERVER_RULES' + ) appendManifestFile(manifest_file, manifest_data, 'neutron') # We also need to open VXLAN/GRE port for agent if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): + fw_details = dict() + key = "neutron_tunnel" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "neutron tunnel port" + fw_details[key]['chain'] = "INPUT" + if use_openvswitch_vxlan(config): - config['FIREWALL_PROTOCOL'] = 'udp' - tunnel_port = ("'%s'" - % config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT']) + fw_details[key]['proto'] = 'udp' + tun_port = "%s" % config['CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'] else: - config['FIREWALL_PROTOCOL'] = 'gre' - tunnel_port = 'undef' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_NAME'] = "neutron tunnel port" - config['FIREWALL_SERVICE_ID'] = ("neutron_tunnel") - config['FIREWALL_PORTS'] = tunnel_port - config['FIREWALL_CHAIN'] = "INPUT" - manifest_data = getManifestTemplate('firewall.pp') + fw_details[key]['proto'] = 'gre' + tun_port = 'undef' + + fw_details[key]['ports'] = tun_port + config['FIREWALL_NEUTRON_TUNNEL_RULES'] = fw_details + + manifest_data = createFirewallResources( + 'FIREWALL_NEUTRON_TUNNEL_RULES' + ) appendManifestFile(manifest_file, manifest_data, 'neutron') @@ -839,21 +853,32 @@ def create_dhcp_manifests(config, messages): manifest_data = getManifestTemplate("neutron_dhcp.pp") manifest_file = "%s_neutron.pp" % (host,) # Firewall Rules for dhcp in - config['FIREWALL_PROTOCOL'] = 'udp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: " - config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host - config['FIREWALL_PORTS'] = "'67'" - config['FIREWALL_CHAIN'] = "INPUT" - manifest_data += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "neutron_dhcp_in_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "neutron dhcp in" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['67'] + fw_details[key]['proto'] = "udp" + config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details + manifest_data += createFirewallResources( + 'FIREWALL_NEUTRON_DHCPIN_RULES' + ) + # Firewall Rules for dhcp out - config['FIREWALL_PROTOCOL'] = 'udp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: " - config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host - config['FIREWALL_PORTS'] = "'68'" - config['FIREWALL_CHAIN'] = "OUTPUT" - manifest_data += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "neutron_dhcp_out_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "neutron dhcp out" + fw_details[key]['chain'] = "OUTPUT" + fw_details[key]['ports'] = ['68'] + fw_details[key]['proto'] = "udp" + config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details + manifest_data += createFirewallResources( + 'FIREWALL_NEUTRON_DHCPOUT_RULES' + ) appendManifestFile(manifest_file, manifest_data, 'neutron') @@ -895,12 +920,11 @@ def create_l2_agent_manifests(config, messages): # for other plugin template generation if ('l2population' in config.get('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS', [])): - config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'true' + config['CONFIG_NEUTRON_USE_L2POPULATION'] = True else: - config['CONFIG_NEUTRON_USE_L2POPULATION'] = 'false' + config['CONFIG_NEUTRON_USE_L2POPULATION'] = False if agent == "openvswitch": - host_var = 'CONFIG_NEUTRON_OVS_HOST' if plugin == agent: # monolithic plugin installation ovs_type = 'CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE' @@ -919,7 +943,7 @@ def create_l2_agent_manifests(config, messages): # expects this parameter to be an array, this parameter must be # properly formatted by packstack, then consumed by the puppet module. # For example, the input string 'A, B' should formatted as '['A','B']'. - config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = str(bm_arr) + config["CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS"] = bm_arr elif agent == "linuxbridge": host_var = 'CONFIG_NEUTRON_LB_HOST' template_name = 'neutron_lb_agent.pp' @@ -927,9 +951,9 @@ def create_l2_agent_manifests(config, messages): raise KeyError("Unknown layer2 agent") for host in network_hosts | compute_hosts: - config[host_var] = host manifestfile = "%s_neutron.pp" % (host,) - manifestdata = getManifestTemplate(template_name) + manifestdata = "$cfg_neutron_ovs_host = '%s'\n" % host + manifestdata += getManifestTemplate(template_name) appendManifestFile(manifestfile, manifestdata + "\n") # neutron ovs port only on network hosts if ( diff --git a/packstack/plugins/nova_300.py b/packstack/plugins/nova_300.py index 42baa1936..23ae134ed 100644 --- a/packstack/plugins/nova_300.py +++ b/packstack/plugins/nova_300.py @@ -15,7 +15,8 @@ from packstack.installer.exceptions import ScriptRuntimeError from packstack.modules.shortcuts import get_mq from packstack.modules.ospluginutils import (NovaConfig, getManifestTemplate, - appendManifestFile, manifestfiles) + appendManifestFile, manifestfiles, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -427,16 +428,21 @@ def create_api_manifest(config, messages): config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef' else: config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \ - "'%s'" % config['CONFIG_NEUTRON_METADATA_PW'] + "%s" % config['CONFIG_NEUTRON_METADATA_PW'] manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("nova_api.pp") - config['FIREWALL_SERVICE_NAME'] = "nova api" - config['FIREWALL_PORTS'] = "['8773', '8774', '8775']" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "nova_api" - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "nova_api" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "nova api" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8773', '8774', '8775'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_NOVA_API_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES') + appendManifestFile(manifestfile, manifestdata, 'novaapi') @@ -473,6 +479,8 @@ def create_compute_manifest(config, messages): ) ssh_hostkeys = '' + + ssh_keys_details = {} for host in compute_hosts: try: hostname, aliases, addrs = socket.gethostbyaddr(host) @@ -485,27 +493,33 @@ def create_compute_manifest(config, messages): continue _, host_key_type, host_key_data = hostkey.split() - config['SSH_HOST_NAME'] = hostname - config['SSH_HOST_ALIASES'] = ','.join( - '"%s"' % addr for addr in aliases + addrs - ) - config['SSH_HOST_KEY'] = host_key_data - config['SSH_HOST_KEY_TYPE'] = host_key_type - ssh_hostkeys += getManifestTemplate("sshkey.pp") + key = "%s.%s" % (host_key_type, hostname) + ssh_keys_details.setdefault(key, {}) + ssh_keys_details[key]['ensure'] = 'present' + ssh_keys_details[key]['host_aliases'] = aliases + addrs + ssh_keys_details[key]['key'] = host_key_data + ssh_keys_details[key]['type'] = host_key_type + + config['SSH_KEYS'] = ssh_keys_details + ssh_hostkeys += getManifestTemplate("sshkey.pp") for host in compute_hosts: config["CONFIG_NOVA_COMPUTE_HOST"] = host manifestdata = getManifestTemplate("nova_compute.pp") + fw_details = dict() + cf_fw_qemu_mig_key = "FIREWALL_NOVA_QEMU_MIG_RULES_%s" % host for c_host in compute_hosts: - config['FIREWALL_SERVICE_NAME'] = "nova qemu migration" - config['FIREWALL_PORTS'] = ['16509', '49152-49215'] - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'%s'" % c_host - config['FIREWALL_SERVICE_ID'] = ("nova_qemu_migration_%s_%s" - % (host, c_host)) - manifestdata += getManifestTemplate("firewall.pp") + key = "nova_qemu_migration_%s_%s" % (host, c_host) + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % c_host + fw_details[key]['service_name'] = "nova qemu migration" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['16509', '49152-49215'] + fw_details[key]['proto'] = "tcp" + + config[cf_fw_qemu_mig_key] = fw_details + manifestdata += createFirewallResources(cf_fw_qemu_mig_key) if config['CONFIG_VMWARE_BACKEND'] == 'y': manifestdata += getManifestTemplate("nova_compute_vmware.pp") @@ -540,14 +554,19 @@ def create_compute_manifest(config, messages): manifestdata += getManifestTemplate(mq_template) manifestdata += getManifestTemplate("nova_ceilometer.pp") - config['FIREWALL_PORTS'] = ['5900-5999'] - config['FIREWALL_ALLOWED'] = "'%s'" % config['CONFIG_CONTROLLER_HOST'] - config['FIREWALL_SERVICE_NAME'] = "nova compute" - config['FIREWALL_SERVICE_ID'] = "nova_compute" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - manifestdata += getManifestTemplate("firewall.pp") + fw_details = dict() + key = "nova_compute" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] + fw_details[key]['service_name'] = "nova compute" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['5900-5999'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_NOVA_COMPUTE_RULES'] = fw_details + manifestdata += "\n" + createFirewallResources( + 'FIREWALL_NOVA_COMPUTE_RULES' + ) manifestdata += "\n" + nova_config_options.getManifestEntry() manifestdata += "\n" + ssh_hostkeys appendManifestFile(manifestfile, manifestdata) @@ -617,6 +636,7 @@ def create_common_manifest(config, messages): dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): + pw_in_sqlconn = False if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() @@ -625,10 +645,17 @@ def create_common_manifest(config, messages): # we should omit password in case we are installing only # nova-compute to the host perms = "nova" + pw_in_sqlconn = False else: - perms = "nova:%(CONFIG_NOVA_DB_PW)s" - sqlconn = "mysql://%s@%%(CONFIG_MARIADB_HOST)s/nova" % perms - config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config + perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] + pw_in_sqlconn = True + + sqlconn = "mysql://%s@%s/nova" % (perms, + config['CONFIG_MARIADB_HOST']) + if pw_in_sqlconn: + config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn + else: + config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host @@ -640,7 +667,10 @@ def create_common_manifest(config, messages): config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) - data += getManifestTemplate("nova_common.pp") + if pw_in_sqlconn: + data += getManifestTemplate("nova_common_pw.pp") + else: + data += getManifestTemplate("nova_common_nopw.pp") appendManifestFile(os.path.split(manifestfile)[1], data) diff --git a/packstack/plugins/openstack_client_400.py b/packstack/plugins/openstack_client_400.py index 5c3562171..30421c1df 100644 --- a/packstack/plugins/openstack_client_400.py +++ b/packstack/plugins/openstack_client_400.py @@ -62,7 +62,7 @@ def create_manifest(config, messages): no_root_allinone = (client_host == utils.get_localhost_ip() and root_home != homedir) - config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and 'true' or 'false' + config['NO_ROOT_USER_ALLINONE'] = no_root_allinone and True or False manifestdata = getManifestTemplate("openstack_client.pp") appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/plugins/prescript_000.py b/packstack/plugins/prescript_000.py index 28df91b7e..35266f1cf 100644 --- a/packstack/plugins/prescript_000.py +++ b/packstack/plugins/prescript_000.py @@ -666,7 +666,7 @@ def discover(config, messages): def create_manifest(config, messages): key = 'CONFIG_DEBUG_MODE' - config[key] = config[key] == 'y' and 'true' or 'false' + config[key] = config[key] == 'y' and True or False for hostname in filtered_hosts(config): manifestfile = "%s_prescript.pp" % hostname diff --git a/packstack/plugins/provision_700.py b/packstack/plugins/provision_700.py index dbbf3a9a6..ca19e9f69 100644 --- a/packstack/plugins/provision_700.py +++ b/packstack/plugins/provision_700.py @@ -246,9 +246,9 @@ def initSequences(controller): def marshall_conf_bool(conf, key): if conf[key] == 'y': - conf[key] = 'true' + conf[key] = True else: - conf[key] = 'false' + conf[key] = False def using_heat(config): diff --git a/packstack/plugins/puppet_950.py b/packstack/plugins/puppet_950.py index 1a3d34c49..e5ae008f0 100644 --- a/packstack/plugins/puppet_950.py +++ b/packstack/plugins/puppet_950.py @@ -15,7 +15,8 @@ from packstack.installer import basedefs, output_messages from packstack.installer.exceptions import ScriptRuntimeError, PuppetError from packstack.modules.common import filtered_hosts -from packstack.modules.ospluginutils import manifestfiles +from packstack.modules.ospluginutils import (manifestfiles, + generateHieraDataFile) from packstack.modules.puppet import scan_logfile, validate_logfile @@ -129,7 +130,7 @@ def run_cleanup(config, messages): def install_deps(config, messages): - deps = ["puppet", "openssh-clients", "tar", "nc"] + deps = ["puppet", "hiera", "openssh-clients", "tar", "nc"] modules_pkg = 'openstack-puppet-modules' local = utils.ScriptRunner() @@ -157,6 +158,18 @@ def install_deps(config, messages): # yum does not fail if one of the packages is missing for package in deps: server.append("rpm -q --whatprovides %s" % (package)) + + # To avoid warning messages such as + # "Warning: Config file /etc/puppet/hiera.yaml not found, using Hiera + # defaults". We create a symbolic link to /etc/hiera.yaml. + server.append('[[ ! -L /etc/puppet/hiera.yaml ]] && ' + 'ln -s /etc/hiera.yaml /etc/puppet/hiera.yaml || ' + 'echo "hiera.yaml symlink already created"') + + server.append("sed -i 's;:datadir:.*;:datadir: " + "%s/hieradata;g' /etc/puppet/hiera.yaml" + % config['HOST_DETAILS'][hostname]['tmpdir']) + server.execute() @@ -170,12 +183,21 @@ def copy_puppet_modules(config, messages): 'vcsrepo', 'vlan', 'vswitch', 'xinetd', 'openstacklib')) - # write puppet manifest to disk + # write puppet manifest to disk manifestfiles.writeManifests() + # write hieradata file to disk + generateHieraDataFile() server = utils.ScriptRunner() for hostname in filtered_hosts(config): host_dir = config['HOST_DETAILS'][hostname]['tmpdir'] + # copy hiera defaults.yaml file + server.append("cd %s" % basedefs.HIERADATA_DIR) + server.append("tar --dereference -cpzf - ../hieradata | " + "ssh -o StrictHostKeyChecking=no " + "-o UserKnownHostsFile=/dev/null " + "root@%s tar -C %s -xpzf -" % (hostname, host_dir)) + # copy Packstack manifests server.append("cd %s/puppet" % basedefs.DIR_PROJECT_DIR) server.append("cd %s" % basedefs.PUPPET_MANIFEST_DIR) diff --git a/packstack/plugins/swift_600.py b/packstack/plugins/swift_600.py index 7ebc5d0f5..f07565118 100644 --- a/packstack/plugins/swift_600.py +++ b/packstack/plugins/swift_600.py @@ -18,7 +18,8 @@ from packstack.installer import utils from packstack.installer.utils import split_hosts from packstack.modules.ospluginutils import (getManifestTemplate, - appendManifestFile, manifestfiles) + appendManifestFile, manifestfiles, + createFirewallResources) #------------------ oVirt installer initialization ------------------ @@ -287,13 +288,18 @@ def create_builder_manifest(config, messages): def create_proxy_manifest(config, messages): manifestfile = "%s_swift.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("swift_proxy.pp") - config['FIREWALL_SERVICE_NAME'] = "swift proxy" - config['FIREWALL_PORTS'] = "'8080'" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' - config['FIREWALL_ALLOWED'] = "'ALL'" - config['FIREWALL_SERVICE_ID'] = "swift_proxy" - manifestdata += getManifestTemplate("firewall.pp") + + fw_details = dict() + key = "swift_proxy" + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "ALL" + fw_details[key]['service_name'] = "swift proxy" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['8080'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details + + manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES') appendManifestFile(manifestfile, manifestdata) @@ -324,15 +330,18 @@ def create_storage_manifest(config, messages): if config['CONFIG_NOVA_INSTALL'] == 'y': hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS']) - config['FIREWALL_SERVICE_NAME'] = "swift storage and rsync" - config['FIREWALL_PORTS'] = "['6000', '6001', '6002', '873']" - config['FIREWALL_CHAIN'] = "INPUT" - config['FIREWALL_PROTOCOL'] = 'tcp' + fw_details = dict() for host in hosts: - config['FIREWALL_ALLOWED'] = "'%s'" % host - config['FIREWALL_SERVICE_ID'] = "swift_storage_and_rsync_%s" % host - manifestdata += getManifestTemplate("firewall.pp") + key = "swift_storage_and_rsync_%s" % host + fw_details.setdefault(key, {}) + fw_details[key]['host'] = "%s" % host + fw_details[key]['service_name'] = "swift storage and rsync" + fw_details[key]['chain'] = "INPUT" + fw_details[key]['ports'] = ['6000', '6001', '6002', '873'] + fw_details[key]['proto'] = "tcp" + config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details + manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES') appendManifestFile(manifestfile, manifestdata) diff --git a/packstack/puppet/templates/amqp.pp b/packstack/puppet/templates/amqp.pp index ea253cfff..931e36708 100644 --- a/packstack/puppet/templates/amqp.pp +++ b/packstack/puppet/templates/amqp.pp @@ -1,42 +1,43 @@ -$amqp = '%(CONFIG_AMQP_BACKEND)s' +$amqp = hiera('CONFIG_AMQP_BACKEND') + case $amqp { 'qpid': { - enable_qpid {"qpid": - enable_ssl => %(CONFIG_AMQP_ENABLE_SSL)s, - enable_auth => '%(CONFIG_AMQP_ENABLE_AUTH)s', + enable_qpid { 'qpid': + enable_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'), + enable_auth => hiera('CONFIG_AMQP_ENABLE_AUTH'), } } 'rabbitmq': { - enable_rabbitmq {"rabbitmq":} - + enable_rabbitmq { 'rabbitmq': } } + default: {} } define enable_rabbitmq { - package { "erlang": - ensure => "installed" + package { 'erlang': + ensure => 'installed', } - class {"rabbitmq": - port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - ssl_management_port => '%(CONFIG_AMQP_SSL_PORT)s', - ssl => %(CONFIG_AMQP_ENABLE_SSL)s, - ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s', - ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s', - default_user => '%(CONFIG_AMQP_AUTH_USER)s', - default_pass => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - package_provider => 'yum', - admin_enable => false, + class { 'rabbitmq': + port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + ssl_management_port => hiera('CONFIG_AMQP_SSL_PORT'), + ssl => hiera('CONFIG_AMQP_ENABLE_SSL'), + ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'), + ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'), + default_user => hiera('CONFIG_AMQP_AUTH_USER'), + default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + package_provider => 'yum', + admin_enable => false, } - Package['erlang']->Class['rabbitmq'] + Package['erlang'] -> Class['rabbitmq'] } define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') { case $::operatingsystem { 'Fedora': { - if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == "Rawhide" { + if (is_integer($::operatingsystemrelease) and $::operatingsystemrelease >= 20) or $::operatingsystemrelease == 'Rawhide' { $config = '/etc/qpid/qpidd.conf' } else { $config = '/etc/qpidd.conf' @@ -56,18 +57,18 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') { } } - class {"qpid::server": - config_file => $config, - auth => $enable_auth ? { - 'y' => 'yes', - default => 'no', - }, - clustered => false, - ssl_port => '%(CONFIG_AMQP_SSL_PORT)s', - ssl => %(CONFIG_AMQP_ENABLE_SSL)s, - ssl_cert => '%(CONFIG_AMQP_SSL_CERT_FILE)s', - ssl_key => '%(CONFIG_AMQP_SSL_KEY_FILE)s', - ssl_database_password => '%(CONFIG_AMQP_NSS_CERTDB_PW)s', + class { 'qpid::server': + config_file => $config, + auth => $enable_auth ? { + 'y' => 'yes', + default => 'no', + }, + clustered => false, + ssl_port => hiera('CONFIG_AMQP_SSL_PORT'), + ssl => hiera('CONFIG_AMQP_ENABLE_SSL'), + ssl_cert => hiera('CONFIG_AMQP_SSL_CERT_FILE'), + ssl_key => hiera('CONFIG_AMQP_SSL_KEY_FILE'), + ssl_database_password => hiera('CONFIG_AMQP_NSS_CERTDB_PW'), } if $enable_ssl { @@ -82,25 +83,27 @@ define enable_qpid($enable_ssl = 'n', $enable_auth = 'n') { } if $enable_auth == 'y' { - add_qpid_user {"qpid_user":} + add_qpid_user { 'qpid_user': } } } define add_qpid_user { - qpid_user { '%(CONFIG_AMQP_AUTH_USER)s': - password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - file => '/var/lib/qpidd/qpidd.sasldb', - realm => 'QPID', - provider => 'saslpasswd2', - require => Class['qpid::server'], + $config_amqp_auth_user = hiera('CONFIG_AMQP_AUTH_USER') + qpid_user { $config_amqp_auth_user: + password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + file => '/var/lib/qpidd/qpidd.sasldb', + realm => 'QPID', + provider => 'saslpasswd2', + require => Class['qpid::server'], } file { 'sasldb_file': - path => '/var/lib/qpidd/qpidd.sasldb', - ensure => file, - owner => 'qpidd', - group => 'qpidd', + ensure => file, + path => '/var/lib/qpidd/qpidd.sasldb', + owner => 'qpidd', + group => 'qpidd', require => Package['qpid-cpp-server'], } } + diff --git a/packstack/puppet/templates/ceilometer.pp b/packstack/puppet/templates/ceilometer.pp index d7d3c43a2..7955c3709 100644 --- a/packstack/puppet/templates/ceilometer.pp +++ b/packstack/puppet/templates/ceilometer.pp @@ -1,28 +1,28 @@ +$config_mongodb_host = hiera('CONFIG_MONGODB_HOST') + class { 'ceilometer::db': - database_connection => 'mongodb://%(CONFIG_MONGODB_HOST)s:27017/ceilometer', + database_connection => "mongodb://${config_mongodb_host}:27017/ceilometer", } -class { 'ceilometer::collector': -} +class { 'ceilometer::collector': } -class { 'ceilometer::agent::notification': -} +class { 'ceilometer::agent::notification': } + +$config_controller_host = hiera('CONFIG_CONTROLLER_HOST') class { 'ceilometer::agent::auth': - auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - auth_password => '%(CONFIG_CEILOMETER_KS_PW)s', + auth_url => "http://${config_controller_host}:35357/v2.0", + auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), } -class { 'ceilometer::agent::central': -} +class { 'ceilometer::agent::central': } -class { 'ceilometer::alarm::notifier': -} +class { 'ceilometer::alarm::notifier':} -class { 'ceilometer::alarm::evaluator': -} +class { 'ceilometer::alarm::evaluator':} class { 'ceilometer::api': - keystone_host => '%(CONFIG_CONTROLLER_HOST)s', - keystone_password => '%(CONFIG_CEILOMETER_KS_PW)s', + keystone_host => hiera('CONFIG_CONTROLLER_HOST'), + keystone_password => hiera('CONFIG_CEILOMETER_KS_PW'), } + diff --git a/packstack/puppet/templates/ceilometer_nova_disabled.pp b/packstack/puppet/templates/ceilometer_nova_disabled.pp index fa360ac54..9bf319b21 100644 --- a/packstack/puppet/templates/ceilometer_nova_disabled.pp +++ b/packstack/puppet/templates/ceilometer_nova_disabled.pp @@ -1,5 +1,5 @@ -group { "nova": - ensure => present, +group { 'nova': + ensure => present, } Group['nova'] -> Class['ceilometer'] diff --git a/packstack/puppet/templates/ceilometer_qpid.pp b/packstack/puppet/templates/ceilometer_qpid.pp index fa54c6f68..900be2d6e 100644 --- a/packstack/puppet/templates/ceilometer_qpid.pp +++ b/packstack/puppet/templates/ceilometer_qpid.pp @@ -1,11 +1,11 @@ class { 'ceilometer': - metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', - qpid_hostname => '%(CONFIG_AMQP_HOST)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s' + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid', + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), } diff --git a/packstack/puppet/templates/ceilometer_rabbitmq.pp b/packstack/puppet/templates/ceilometer_rabbitmq.pp index 914c6bc10..ad0c2df47 100644 --- a/packstack/puppet/templates/ceilometer_rabbitmq.pp +++ b/packstack/puppet/templates/ceilometer_rabbitmq.pp @@ -1,9 +1,9 @@ class { 'ceilometer': - metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', - rabbit_host => '%(CONFIG_AMQP_HOST)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + rabbit_host => hiera('CONFIG_AMQP_HOST'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), } diff --git a/packstack/puppet/templates/chrony.pp b/packstack/puppet/templates/chrony.pp index 3a732d57f..cdcbfb25b 100644 --- a/packstack/puppet/templates/chrony.pp +++ b/packstack/puppet/templates/chrony.pp @@ -1,7 +1,10 @@ +$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF') +$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS') + $config_content = " # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). -%(CONFIG_NTP_SERVER_DEF)s +${cfg_ntp_server_def} # Ignore stratum in source selection. stratumweight 0 @@ -44,38 +47,43 @@ logdir /var/log/chrony #log measurements statistics tracking " -package {'chrony': - ensure => 'installed', - name => 'chrony', +package { 'chrony': + ensure => 'installed', + name => 'chrony', } -package {'ntpdate': - ensure => 'installed', - name => 'ntpdate', +package { 'ntpdate': + ensure => 'installed', + name => 'ntpdate', } -file {'chrony_conf': - path => '/etc/chrony.conf', - ensure => file, - mode => '0644', - content => $config_content, +file { 'chrony_conf': + ensure => file, + path => '/etc/chrony.conf', + mode => '0644', + content => $config_content, } -exec {'stop-chronyd': - command => '/usr/bin/systemctl stop chronyd.service', +exec { 'stop-chronyd': + command => '/usr/bin/systemctl stop chronyd.service', } -exec {'ntpdate': - command => '/usr/sbin/ntpdate %(CONFIG_NTP_SERVERS)s', - tries => 3, +exec { 'ntpdate': + command => "/usr/sbin/ntpdate ${cfg_ntp_servers}", + tries => 3, } -service {'chronyd': - ensure => 'running', - enable => true, - name => 'chronyd', - hasstatus => true, - hasrestart => true, +service { 'chronyd': + ensure => running, + enable => true, + name => 'chronyd', + hasstatus => true, + hasrestart => true, } -Package['chrony'] -> Package['ntpdate'] -> File['chrony_conf'] -> Exec['stop-chronyd'] -> Exec['ntpdate'] -> Service['chronyd'] +Package['chrony'] -> +Package['ntpdate'] -> +File['chrony_conf'] -> +Exec['stop-chronyd'] -> +Exec['ntpdate'] -> +Service['chronyd'] diff --git a/packstack/puppet/templates/cinder.pp b/packstack/puppet/templates/cinder.pp index 247f289ef..8b63b5ea8 100644 --- a/packstack/puppet/templates/cinder.pp +++ b/packstack/puppet/templates/cinder.pp @@ -1,35 +1,34 @@ cinder_config { - "DEFAULT/glance_host": value => "%(CONFIG_STORAGE_HOST)s"; + 'DEFAULT/glance_host': value => hiera('CONFIG_STORAGE_HOST'); } -package {'python-keystone': +package { 'python-keystone': notify => Class['cinder::api'], } -class {'cinder::api': - keystone_password => '%(CONFIG_CINDER_KS_PW)s', - keystone_tenant => "services", - keystone_user => "cinder", - keystone_auth_host => "%(CONFIG_CONTROLLER_HOST)s", +class { 'cinder::api': + keystone_password => hiera('CONFIG_CINDER_KS_PW'), + keystone_tenant => 'services', + keystone_user => 'cinder', + keystone_auth_host => hiera('CONFIG_CONTROLLER_HOST'), } -class {'cinder::scheduler': -} +class { 'cinder::scheduler': } -class {'cinder::volume': -} +class { 'cinder::volume': } -class {'cinder::client': -} +class { 'cinder::client': } + +$cinder_config_controller_host = hiera('CONFIG_CONTROLLER_HOST') # Cinder::Type requires keystone credentials Cinder::Type { - os_password => '%(CONFIG_CINDER_KS_PW)s', - os_tenant_name => "services", - os_username => "cinder", - os_auth_url => "http://%(CONFIG_CONTROLLER_HOST)s:5000/v2.0/", + os_password => hiera('CONFIG_CINDER_KS_PW'), + os_tenant_name => 'services', + os_username => 'cinder', + os_auth_url => "http://${cinder_config_controller_host}:5000/v2.0/", } class { 'cinder::backends': - enabled_backends => %(CONFIG_CINDER_BACKEND)s, + enabled_backends => hiera_array('CONFIG_CINDER_BACKEND'), } diff --git a/packstack/puppet/templates/cinder_backup.pp b/packstack/puppet/templates/cinder_backup.pp index 1b5f41c22..5618bb481 100644 --- a/packstack/puppet/templates/cinder_backup.pp +++ b/packstack/puppet/templates/cinder_backup.pp @@ -1,8 +1,11 @@ -class { 'cinder::backup': -} +class { 'cinder::backup': } + +$cinder_backup_conf_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') class { 'cinder::backup::swift': - backup_swift_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8080/v1/AUTH_' + backup_swift_url => "http://${cinder_config_controller_host}:8080/v1/AUTH_", } Class['cinder::api'] ~> Service['cinder-backup'] + + diff --git a/packstack/puppet/templates/cinder_gluster.pp b/packstack/puppet/templates/cinder_gluster.pp index 6b2e292cc..4ed6d7cac 100644 --- a/packstack/puppet/templates/cinder_gluster.pp +++ b/packstack/puppet/templates/cinder_gluster.pp @@ -1,7 +1,9 @@ -package { 'glusterfs-fuse': ensure => present } +package { 'glusterfs-fuse': + ensure => present, +} cinder::backend::glusterfs { 'gluster': - glusterfs_shares => [%(CONFIG_CINDER_GLUSTER_MOUNTS)s], + glusterfs_shares => hiera_array('CONFIG_CINDER_GLUSTER_MOUNTS'), require => Package['glusterfs-fuse'], glusterfs_shares_config => '/etc/cinder/glusterfs_shares.conf', } diff --git a/packstack/puppet/templates/cinder_lvm.pp b/packstack/puppet/templates/cinder_lvm.pp index 4cce3ac0a..7b52e842b 100644 --- a/packstack/puppet/templates/cinder_lvm.pp +++ b/packstack/puppet/templates/cinder_lvm.pp @@ -1,12 +1,12 @@ class { 'cinder::setup_test_volume': - size => '%(CONFIG_CINDER_VOLUMES_SIZE)s', + size => hiera('CONFIG_CINDER_VOLUMES_SIZE'), loopback_device => '/dev/loop2', - volume_path => '/var/lib/cinder', - volume_name => 'cinder-volumes', + volume_path => '/var/lib/cinder', + volume_name => 'cinder-volumes', } # Add loop device on boot -$el_releases = ["RedHat", "CentOS", "Scientific"] +$el_releases = ['RedHat', 'CentOS', 'Scientific'] if $::operatingsystem in $el_releases and $::operatingsystemmajrelease < 7 { file_line{ 'rc.local_losetup_cinder_volume': @@ -44,12 +44,12 @@ RequiredBy=openstack-cinder-volume.service', exec { '/usr/bin/systemctl daemon-reload': refreshonly => true, - before => Service['openstack-losetup'], + before => Service['openstack-losetup'], } service { 'openstack-losetup': - ensure => running, - enable => true, + ensure => running, + enable => true, require => Class['cinder::setup_test_volume'], } @@ -70,8 +70,8 @@ file_line { 'snapshot_autoextend_percent': } cinder::backend::iscsi { 'lvm': - iscsi_ip_address => '%(CONFIG_STORAGE_HOST)s', - require => Package['lvm2'], + iscsi_ip_address => hiera('CONFIG_STORAGE_HOST'), + require => Package['lvm2'], } cinder::type { 'iscsi': diff --git a/packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp b/packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp index 79f74a1bd..33f4a71a3 100644 --- a/packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp +++ b/packstack/puppet/templates/cinder_netapp_7mode_iscsi.pp @@ -3,16 +3,16 @@ package { 'iscsi-initiator-utils': ensure => present } cinder::backend::netapp { 'netapp': - netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", - netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", - netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", - netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", - netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s", - netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", - netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", - netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", - netapp_vfiler => "%(CONFIG_CINDER_NETAPP_VFILER)s", - netapp_volume_list => ["%(CONFIG_CINDER_NETAPP_VOLUME_LIST)s"], + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vfiler => hiera('CONFIG_CINDER_NETAPP_VFILER'), + netapp_volume_list => hiera_array('CONFIG_CINDER_NETAPP_VOLUME_LIST'), require => Package['iscsi-initiator-utils'], } diff --git a/packstack/puppet/templates/cinder_netapp_7mode_nfs.pp b/packstack/puppet/templates/cinder_netapp_7mode_nfs.pp index 960badaa9..5dc2906c3 100644 --- a/packstack/puppet/templates/cinder_netapp_7mode_nfs.pp +++ b/packstack/puppet/templates/cinder_netapp_7mode_nfs.pp @@ -3,17 +3,17 @@ package { 'nfs-utils': ensure => present } cinder::backend::netapp { 'netapp': - netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", - netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", - netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", - netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", - netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", - netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", - netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", - expiry_thres_minutes => "%(CONFIG_CINDER_EXPIRY_THRES_MINUTES)s", - thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s", - thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s", - nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s", + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + expiry_thres_minutes => hiera('CONFIG_CINDER_EXPIRY_THRES_MINUTES'), + thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), + thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), + nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), require => Package['nfs-utils'], } diff --git a/packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp b/packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp index de373396c..b33383adf 100644 --- a/packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp +++ b/packstack/puppet/templates/cinder_netapp_cdot_iscsi.pp @@ -3,15 +3,15 @@ package { 'iscsi-initiator-utils': ensure => present } cinder::backend::netapp { 'netapp': - netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", - netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", - netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", - netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", - netapp_size_multiplier => "%(CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER)s", - netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", - netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", - netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", - netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s", + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_size_multiplier => hiera('CONFIG_CINDER_NETAPP_SIZE_MULTIPLIER'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), require => Package['iscsi-initiator-utils'], } diff --git a/packstack/puppet/templates/cinder_netapp_cdot_nfs.pp b/packstack/puppet/templates/cinder_netapp_cdot_nfs.pp index d4fc0eb3e..63b0e014b 100644 --- a/packstack/puppet/templates/cinder_netapp_cdot_nfs.pp +++ b/packstack/puppet/templates/cinder_netapp_cdot_nfs.pp @@ -3,18 +3,18 @@ package { 'nfs-utils': ensure => present } cinder::backend::netapp { 'netapp': - netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", - netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", - netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", - netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", - netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", - netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", - netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", - netapp_vserver => "%(CONFIG_CINDER_NETAPP_VSERVER)s", - expiry_thres_minutes => "%(CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES)s", - thres_avl_size_perc_start => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START)s", - thres_avl_size_perc_stop => "%(CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP)s", - nfs_shares_config => "%(CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG)s", + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_vserver => hiera('CONFIG_CINDER_NETAPP_VSERVER'), + expiry_thres_minutes => hiera('CONFIG_CINDER_NETAPP_EXPIRY_THRES_MINUTES'), + thres_avl_size_perc_start => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_START'), + thres_avl_size_perc_stop => hiera('CONFIG_CINDER_NETAPP_THRES_AVL_SIZE_PERC_STOP'), + nfs_shares_config => hiera('CONFIG_CINDER_NETAPP_NFS_SHARES_CONFIG'), require => Package['nfs-utils'], } diff --git a/packstack/puppet/templates/cinder_netapp_eseries.pp b/packstack/puppet/templates/cinder_netapp_eseries.pp index 01e92fccb..dee48de2f 100644 --- a/packstack/puppet/templates/cinder_netapp_eseries.pp +++ b/packstack/puppet/templates/cinder_netapp_eseries.pp @@ -3,17 +3,17 @@ package { 'iscsi-initiator-utils': ensure => present } cinder::backend::netapp { 'netapp': - netapp_login => "%(CONFIG_CINDER_NETAPP_LOGIN)s", - netapp_password => "%(CONFIG_CINDER_NETAPP_PASSWORD)s", - netapp_server_hostname => "%(CONFIG_CINDER_NETAPP_HOSTNAME)s", - netapp_server_port => "%(CONFIG_CINDER_NETAPP_SERVER_PORT)s", - netapp_storage_family => "%(CONFIG_CINDER_NETAPP_STORAGE_FAMILY)s", - netapp_storage_protocol => "%(CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL)s", - netapp_transport_type => "%(CONFIG_CINDER_NETAPP_TRANSPORT_TYPE)s", - netapp_controller_ips => "%(CONFIG_CINDER_NETAPP_CONTROLLER_IPS)s", - netapp_sa_password => "%(CONFIG_CINDER_NETAPP_SA_PASSWORD)s", - netapp_storage_pools => "%(CONFIG_CINDER_NETAPP_STORAGE_POOLS)s", - netapp_webservice_path => "%(CONFIG_CINDER_NETAPP_WEBSERVICE_PATH)s", + netapp_login => hiera('CONFIG_CINDER_NETAPP_LOGIN'), + netapp_password => hiera('CONFIG_CINDER_NETAPP_PASSWORD'), + netapp_server_hostname => hiera('CONFIG_CINDER_NETAPP_HOSTNAME'), + netapp_server_port => hiera('CONFIG_CINDER_NETAPP_SERVER_PORT'), + netapp_storage_family => hiera('CONFIG_CINDER_NETAPP_STORAGE_FAMILY'), + netapp_storage_protocol => hiera('CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'), + netapp_transport_type => hiera('CONFIG_CINDER_NETAPP_TRANSPORT_TYPE'), + netapp_controller_ips => hiera('CONFIG_CINDER_NETAPP_CONTROLLER_IPS'), + netapp_sa_password => hiera('CONFIG_CINDER_NETAPP_SA_PASSWORD'), + netapp_storage_pools => hiera('CONFIG_CINDER_NETAPP_STORAGE_POOLS'), + netapp_webservice_path => hiera('CONFIG_CINDER_NETAPP_WEBSERVICE_PATH'), require => Package['iscsi-initiator-utils'], } diff --git a/packstack/puppet/templates/cinder_nfs.pp b/packstack/puppet/templates/cinder_nfs.pp index fffc9be51..7d6a6b0c0 100644 --- a/packstack/puppet/templates/cinder_nfs.pp +++ b/packstack/puppet/templates/cinder_nfs.pp @@ -1,7 +1,7 @@ package { 'nfs-utils': ensure => present } cinder::backend::nfs { 'nfs': - nfs_servers => [%(CONFIG_CINDER_NFS_MOUNTS)s], + nfs_servers => hiera_array('CONFIG_CINDER_NFS_MOUNTS'), require => Package['nfs-utils'], nfs_shares_config => '/etc/cinder/nfs_shares.conf', } diff --git a/packstack/puppet/templates/cinder_qpid.pp b/packstack/puppet/templates/cinder_qpid.pp index 8bce730f2..e31f3df6d 100644 --- a/packstack/puppet/templates/cinder_qpid.pp +++ b/packstack/puppet/templates/cinder_qpid.pp @@ -1,13 +1,15 @@ +$cinder_qpid_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW') +$cinder_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST') class {'cinder': - rpc_backend => 'cinder.openstack.common.rpc.impl_qpid', - qpid_hostname => "%(CONFIG_AMQP_HOST)s", - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder", - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - mysql_module => '2.2', + rpc_backend => 'cinder.openstack.common.rpc.impl_qpid', + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + sql_connection => "mysql://cinder:${cinder_qpid_cfg_cinder_db_pw}@${cinder_qpid_cfg_mariadb_host}/cinder", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + mysql_module => '2.2', } diff --git a/packstack/puppet/templates/cinder_rabbitmq.pp b/packstack/puppet/templates/cinder_rabbitmq.pp index 2045fdc5b..58102c208 100644 --- a/packstack/puppet/templates/cinder_rabbitmq.pp +++ b/packstack/puppet/templates/cinder_rabbitmq.pp @@ -1,11 +1,13 @@ +$cinder_rab_cfg_cinder_db_pw = hiera('CONFIG_CINDER_DB_PW') +$cinder_rab_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST') class {'cinder': - rabbit_host => "%(CONFIG_AMQP_HOST)s", - rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - sql_connection => "mysql://cinder:%(CONFIG_CINDER_DB_PW)s@%(CONFIG_MARIADB_HOST)s/cinder", - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - mysql_module => '2.2', + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + sql_connection => "mysql://cinder:${cinder_rab_cfg_cinder_db_pw}@${cinder_rab_cfg_mariadb_host}/cinder", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + mysql_module => '2.2', } diff --git a/packstack/puppet/templates/cinder_vmdk.pp b/packstack/puppet/templates/cinder_vmdk.pp index ff01b302a..7d9405fba 100644 --- a/packstack/puppet/templates/cinder_vmdk.pp +++ b/packstack/puppet/templates/cinder_vmdk.pp @@ -1,7 +1,7 @@ cinder::backend::vmdk { 'vmdk': - host_ip => "%(CONFIG_VCENTER_HOST)s", - host_username => "%(CONFIG_VCENTER_USER)s", - host_password => "%(CONFIG_VCENTER_PASSWORD)s", + host_ip => hiera('CONFIG_VCENTER_HOST'), + host_username => hiera('CONFIG_VCENTER_USER'), + host_password => hiera('CONFIG_VCENTER_PASSWORD'), } cinder::type { 'vmdk': diff --git a/packstack/puppet/templates/firewall.pp b/packstack/puppet/templates/firewall.pp deleted file mode 100644 index a52d793f6..000000000 --- a/packstack/puppet/templates/firewall.pp +++ /dev/null @@ -1,11 +0,0 @@ -# Create firewall rules to allow only the FIREWALL_ALLOWED -# hosts that need to connect via FIREWALL_PORTS -# using FIREWALL_CHAIN - -packstack::firewall {'%(FIREWALL_SERVICE_ID)s': - host => %(FIREWALL_ALLOWED)s, - service_name => '%(FIREWALL_SERVICE_NAME)s', - chain => '%(FIREWALL_CHAIN)s', - ports => %(FIREWALL_PORTS)s, - proto => '%(FIREWALL_PROTOCOL)s', -} diff --git a/packstack/puppet/templates/glance.pp b/packstack/puppet/templates/glance.pp index f46fad32e..2417fc3a6 100644 --- a/packstack/puppet/templates/glance.pp +++ b/packstack/puppet/templates/glance.pp @@ -1,23 +1,26 @@ +$glance_ks_pw = hiera('CONFIG_GLANCE_DB_PW') +$glance_mariadb_host = hiera('CONFIG_MARIADB_HOST') -class {"glance::api": - auth_host => "%(CONFIG_CONTROLLER_HOST)s", - keystone_tenant => "services", - keystone_user => "glance", - keystone_password => "%(CONFIG_GLANCE_KS_PW)s", - pipeline => 'keystone', - sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance", - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - mysql_module => '2.2', +class { 'glance::api': + auth_host => hiera('CONFIG_CONTROLLER_HOST'), + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => hiera('CONFIG_GLANCE_KS_PW'), + pipeline => 'keystone', + sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + mysql_module => '2.2', } -class {"glance::registry": - auth_host => "%(CONFIG_CONTROLLER_HOST)s", - keystone_tenant => "services", - keystone_user => "glance", - keystone_password => "%(CONFIG_GLANCE_KS_PW)s", - sql_connection => "mysql://glance:%(CONFIG_GLANCE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/glance", - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - mysql_module => '2.2', +class { 'glance::registry': + auth_host => hiera('CONFIG_CONTROLLER_HOST'), + keystone_tenant => 'services', + keystone_user => 'glance', + keystone_password => hiera('CONFIG_GLANCE_KS_PW'), + sql_connection => "mysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + mysql_module => '2.2', } + diff --git a/packstack/puppet/templates/glance_ceilometer_qpid.pp b/packstack/puppet/templates/glance_ceilometer_qpid.pp index ab5d0fa3e..86b622f24 100644 --- a/packstack/puppet/templates/glance_ceilometer_qpid.pp +++ b/packstack/puppet/templates/glance_ceilometer_qpid.pp @@ -1,8 +1,8 @@ class { 'glance::notify::qpid': - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_hostname => '%(CONFIG_AMQP_HOST)s', - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s' + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), } diff --git a/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp b/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp index 57c6beda9..0d3eb1c2a 100644 --- a/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp +++ b/packstack/puppet/templates/glance_ceilometer_rabbitmq.pp @@ -1,9 +1,9 @@ class { 'glance::notify::rabbitmq': - rabbit_host => '%(CONFIG_AMQP_HOST)s', - rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - rabbit_use_ssl => %(CONFIG_AMQP_ENABLE_SSL)s, - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_use_ssl => hiera('CONFIG_AMQP_ENABLE_SSL'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), } diff --git a/packstack/puppet/templates/glance_file.pp b/packstack/puppet/templates/glance_file.pp index 4212023f2..2623a988b 100644 --- a/packstack/puppet/templates/glance_file.pp +++ b/packstack/puppet/templates/glance_file.pp @@ -1,5 +1,5 @@ # TO-DO: Make this configurable class { 'glance::backend::file': - filesystem_store_datadir => '/var/lib/glance/images/' + filesystem_store_datadir => '/var/lib/glance/images/', } diff --git a/packstack/puppet/templates/glance_swift.pp b/packstack/puppet/templates/glance_swift.pp index 45f553f9c..1eb1bf118 100644 --- a/packstack/puppet/templates/glance_swift.pp +++ b/packstack/puppet/templates/glance_swift.pp @@ -1,10 +1,11 @@ +$gla_bd_ct_h = hiera('CONFIG_CONTROLLER_HOST') class { 'glance::backend::swift': swift_store_user => 'services:glance', - swift_store_key => '%(CONFIG_GLANCE_KS_PW)s', - swift_store_auth_address => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/', + swift_store_key => hiera('CONFIG_GLANCE_KS_PW'), + swift_store_auth_address => "http://${gla_bd_ct_h}:35357/v2.0/", swift_store_container => 'glance', swift_store_auth_version => '2', swift_store_large_object_size => '5120', - swift_store_create_container_on_put => true + swift_store_create_container_on_put => true, } diff --git a/packstack/puppet/templates/global.pp b/packstack/puppet/templates/global.pp index c2aaad10c..58dd4470c 100644 --- a/packstack/puppet/templates/global.pp +++ b/packstack/puppet/templates/global.pp @@ -1 +1 @@ -Exec { timeout => %(DEFAULT_EXEC_TIMEOUT)s } +Exec { timeout => hiera('DEFAULT_EXEC_TIMEOUT') } diff --git a/packstack/puppet/templates/heat.pp b/packstack/puppet/templates/heat.pp index fe54c55b1..2d19d3caf 100644 --- a/packstack/puppet/templates/heat.pp +++ b/packstack/puppet/templates/heat.pp @@ -1,21 +1,22 @@ -class { 'heat::api': -} +class { 'heat::api': } + +$heat_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') class { 'heat::engine': - heat_metadata_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000', - heat_waitcondition_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8000/v1/waitcondition', - heat_watch_server_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8003', - auth_encryption_key => '%(CONFIG_HEAT_AUTH_ENC_KEY)s', + heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000", + heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition", + heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003", + auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'), } class { 'heat::keystone::domain': - auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', + auth_url => "http://${heat_cfg_ctrl_host}:35357/v2.0", keystone_admin => 'admin', - keystone_password => '%(CONFIG_KEYSTONE_ADMIN_PW)s', + keystone_password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), keystone_tenant => 'admin', - domain_name => '%(CONFIG_HEAT_DOMAIN)s', - domain_admin => '%(CONFIG_HEAT_DOMAIN_ADMIN)s', - domain_password => '%(CONFIG_HEAT_DOMAIN_PASSWORD)s', + domain_name => hiera('CONFIG_HEAT_DOMAIN'), + domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'), + domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'), } diff --git a/packstack/puppet/templates/heat_cfn.pp b/packstack/puppet/templates/heat_cfn.pp index 0c94116f1..cbfeaa761 100644 --- a/packstack/puppet/templates/heat_cfn.pp +++ b/packstack/puppet/templates/heat_cfn.pp @@ -1,11 +1,12 @@ -class { 'heat::api_cfn': -} +class { 'heat::api_cfn': } + +$heat_cfn_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') class { 'heat::keystone::auth_cfn': - admin_address => '%(CONFIG_CONTROLLER_HOST)s', - public_address => '%(CONFIG_CONTROLLER_HOST)s', - internal_address => '%(CONFIG_CONTROLLER_HOST)s', - password => '%(CONFIG_HEAT_KS_PW)s' + admin_address => $heat_cfn_cfg_ctrl_host, + public_address => $heat_cfn_cfg_ctrl_host, + internal_address => $heat_cfn_cfg_ctrl_host, + password => hiera('CONFIG_HEAT_KS_PW'), } diff --git a/packstack/puppet/templates/heat_cloudwatch.pp b/packstack/puppet/templates/heat_cloudwatch.pp index d1d02015f..32eabfcf0 100644 --- a/packstack/puppet/templates/heat_cloudwatch.pp +++ b/packstack/puppet/templates/heat_cloudwatch.pp @@ -1,4 +1,3 @@ -class { 'heat::api_cloudwatch': -} +class { 'heat::api_cloudwatch': } diff --git a/packstack/puppet/templates/heat_qpid.pp b/packstack/puppet/templates/heat_qpid.pp index efbf2b1a1..ae7888421 100644 --- a/packstack/puppet/templates/heat_qpid.pp +++ b/packstack/puppet/templates/heat_qpid.pp @@ -1,15 +1,19 @@ +$heat_qpid_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') +$heat_qpid_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW') +$heat_qpid_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST') + class { 'heat': - keystone_host => '%(CONFIG_CONTROLLER_HOST)s', - keystone_password => '%(CONFIG_HEAT_KS_PW)s', - auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - rpc_backend => 'heat.openstack.common.rpc.impl_qpid', - qpid_hostname => '%(CONFIG_AMQP_HOST)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat", + keystone_host => $heat_cfn_cfg_ctrl_host, + keystone_password => hiera('CONFIG_HEAT_KS_PW'), + auth_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0", + keystone_ec2_uri => "http://${heat_qpid_cfg_ctrl_host}:35357/v2.0", + rpc_backend => 'heat.openstack.common.rpc.impl_qpid', + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + sql_connection => "mysql://heat:${heat_qpid_cfg_heat_db_pw}@${heat_qpid_cfg_mariadb_host}/heat", } diff --git a/packstack/puppet/templates/heat_rabbitmq.pp b/packstack/puppet/templates/heat_rabbitmq.pp index 08f7913a2..e75e3e165 100644 --- a/packstack/puppet/templates/heat_rabbitmq.pp +++ b/packstack/puppet/templates/heat_rabbitmq.pp @@ -1,13 +1,17 @@ +$heat_rabbitmq_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') +$heat_rabbitmq_cfg_heat_db_pw = hiera('CONFIG_HEAT_DB_PW') +$heat_rabbitmq_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST') + class { 'heat': - keystone_host => '%(CONFIG_CONTROLLER_HOST)s', - keystone_password => '%(CONFIG_HEAT_KS_PW)s', - auth_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - keystone_ec2_uri => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - rpc_backend => 'heat.openstack.common.rpc.impl_kombu', - rabbit_host => '%(CONFIG_AMQP_HOST)s', - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - sql_connection => "mysql://heat:%(CONFIG_HEAT_DB_PW)s@%(CONFIG_MARIADB_HOST)s/heat", + keystone_host => $heat_rabbitmq_cfg_ctrl_host, + keystone_password => hiera('CONFIG_HEAT_KS_PW'), + auth_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0", + keystone_ec2_uri => "http://${heat_rabbitmq_cfg_ctrl_host}:35357/v2.0", + rpc_backend => 'heat.openstack.common.rpc.impl_kombu', + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + sql_connection => "mysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat", } diff --git a/packstack/puppet/templates/heat_trusts.pp b/packstack/puppet/templates/heat_trusts.pp index 87ac7aebe..5ec87aa35 100644 --- a/packstack/puppet/templates/heat_trusts.pp +++ b/packstack/puppet/templates/heat_trusts.pp @@ -8,3 +8,4 @@ keystone_user_role { 'admin@admin': ensure => present, roles => ['admin', '_member_', 'heat_stack_owner'], } + diff --git a/packstack/puppet/templates/horizon.pp b/packstack/puppet/templates/horizon.pp index 270039284..e7214c5b3 100644 --- a/packstack/puppet/templates/horizon.pp +++ b/packstack/puppet/templates/horizon.pp @@ -1,40 +1,47 @@ include packstack::apache_common -$horizon_packages = ["python-memcached", "python-netaddr"] +$horizon_packages = ['python-memcached', 'python-netaddr'] -package {$horizon_packages: - notify => Class["horizon"], - ensure => present, +package { $horizon_packages: + ensure => present, + notify => Class['horizon'], +} + +$is_django_debug = hiera('CONFIG_DEBUG_MODE') ? { + true => 'True', + false => 'False', } class {'horizon': - secret_key => '%(CONFIG_HORIZON_SECRET_KEY)s', - keystone_host => '%(CONFIG_CONTROLLER_HOST)s', + secret_key => hiera('CONFIG_HORIZON_SECRET_KEY'), + keystone_host => hiera('CONFIG_CONTROLLER_HOST'), keystone_default_role => '_member_', - #fqdn => ['%(CONFIG_CONTROLLER_HOST)s', "$::fqdn", 'localhost'], + # fqdn => [hiera('CONFIG_CONTROLLER_HOST'), "$::fqdn", 'localhost'], # TO-DO: Parameter fqdn is used both for ALLOWED_HOSTS in settings_local.py - # and for ServerAlias directives in vhost.conf which is breaking server - # accessibility. We need ALLOWED_HOSTS values, but we have to avoid - # ServerAlias definitions. For now we will use this wildcard hack until - # puppet-horizon will have separate parameter for each config. - fqdn => '*', + # and for ServerAlias directives in vhost.conf which is breaking server + # accessibility. We need ALLOWED_HOSTS values, but we have to avoid + # ServerAlias definitions. For now we will use this wildcard hack until + # puppet-horizon will have separate parameter for each config. + fqdn => '*', can_set_mount_point => 'False', - django_debug => %(CONFIG_DEBUG_MODE)s ? {true => 'True', false => 'False'}, - listen_ssl => %(CONFIG_HORIZON_SSL)s, - horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt', - horizon_key => '/etc/pki/tls/private/ssl_ps_server.key', - horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt', - neutron_options => { - 'enable_lb' => %(CONFIG_HORIZON_NEUTRON_LB)s, - 'enable_firewall' => %(CONFIG_HORIZON_NEUTRON_FW)s + django_debug => $is_django_debug, + listen_ssl => hiera('CONFIG_HORIZON_SSL'), + horizon_cert => '/etc/pki/tls/certs/ssl_ps_server.crt', + horizon_key => '/etc/pki/tls/private/ssl_ps_server.key', + horizon_ca => '/etc/pki/tls/certs/ssl_ps_chain.crt', + neutron_options => { + 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'), + 'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'), }, } -if %(CONFIG_HORIZON_SSL)s { +$is_horizon_ssl = hiera('CONFIG_HORIZON_SSL') + +if $is_horizon_ssl == true { file {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh': + ensure => present, content => template('packstack/ssl/generate_ssl_certs.sh.erb'), - ensure => present, - mode => '755', + mode => '0755', } exec {'/etc/pki/tls/certs/ps_generate_ssl_certs.ssh': @@ -62,19 +69,19 @@ if %(CONFIG_HORIZON_SSL)s { } } -class {'memcached':} +class { 'memcached': } -$firewall_port = %(CONFIG_HORIZON_PORT)s +$firewall_port = hiera('CONFIG_HORIZON_PORT') firewall { "001 horizon ${firewall_port} incoming": - proto => 'tcp', - dport => [%(CONFIG_HORIZON_PORT)s], - action => 'accept', + proto => 'tcp', + dport => [$firewall_port], + action => 'accept', } -if ($::selinux != "false"){ - selboolean{'httpd_can_network_connect': - value => on, - persistent => true, - } +if ($::selinux != false) { + selboolean{ 'httpd_can_network_connect': + value => on, + persistent => true, + } } diff --git a/packstack/puppet/templates/keystone.pp b/packstack/puppet/templates/keystone.pp index 9d25f4254..2047cf14e 100644 --- a/packstack/puppet/templates/keystone.pp +++ b/packstack/puppet/templates/keystone.pp @@ -1,44 +1,50 @@ $keystone_use_ssl = false +$keystone_service_name = hiera('CONFIG_KEYSTONE_SERVICE_NAME') +$keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') +$keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST') -class {"keystone": - admin_token => "%(CONFIG_KEYSTONE_ADMIN_TOKEN)s", - sql_connection => "mysql://keystone_admin:%(CONFIG_KEYSTONE_DB_PW)s@%(CONFIG_MARIADB_HOST)s/keystone", - token_format => "%(CONFIG_KEYSTONE_TOKEN_FORMAT)s", - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - mysql_module => '2.2', - service_name => '%(CONFIG_KEYSTONE_SERVICE_NAME)s', - enable_ssl => $keystone_use_ssl, +class { 'keystone': + admin_token => hiera('CONFIG_KEYSTONE_ADMIN_TOKEN'), + sql_connection => "mysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", + token_format => hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + mysql_module => '2.2', + service_name => $keystone_service_name, + enable_ssl => $keystone_use_ssl, } -if '%(CONFIG_KEYSTONE_SERVICE_NAME)s' == 'httpd' { +if $keystone_service_name == 'httpd' { include packstack::apache_common - class {"keystone::wsgi::apache": + + class { 'keystone::wsgi::apache': ssl => $keystone_use_ssl, } } -class {"keystone::roles::admin": - email => "root@localhost", - password => "%(CONFIG_KEYSTONE_ADMIN_PW)s", - admin_tenant => "admin" +class { 'keystone::roles::admin': + email => 'root@localhost', + password => hiera('CONFIG_KEYSTONE_ADMIN_PW'), + admin_tenant => 'admin', } -class {"keystone::endpoint": - region => "%(CONFIG_KEYSTONE_REGION)s", - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", +class { 'keystone::endpoint': + region => hiera('CONFIG_KEYSTONE_REGION'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), } # Run token flush every minute (without output so we won't spam admins) cron { 'token-flush': - ensure => 'present', - command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1', - minute => '*/1', - user => 'keystone', - require => [User['keystone'], Group['keystone']], -} -> service { 'crond': - ensure => 'running', - enable => true, + ensure => 'present', + command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1', + minute => '*/1', + user => 'keystone', + require => [User['keystone'], Group['keystone']], +} -> +service { 'crond': + ensure => 'running', + enable => true, } + diff --git a/packstack/puppet/templates/keystone_ceilometer.pp b/packstack/puppet/templates/keystone_ceilometer.pp index 5fbf12fc5..37c495093 100644 --- a/packstack/puppet/templates/keystone_ceilometer.pp +++ b/packstack/puppet/templates/keystone_ceilometer.pp @@ -1,8 +1,8 @@ class { 'ceilometer::keystone::auth': - region => '%(CONFIG_KEYSTONE_REGION)s', - password => '%(CONFIG_CEILOMETER_KS_PW)s', - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_CEILOMETER_KS_PW'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), } diff --git a/packstack/puppet/templates/keystone_cinder.pp b/packstack/puppet/templates/keystone_cinder.pp index 2074777b5..e96907834 100644 --- a/packstack/puppet/templates/keystone_cinder.pp +++ b/packstack/puppet/templates/keystone_cinder.pp @@ -1,9 +1,9 @@ -class {"cinder::keystone::auth": - region => "%(CONFIG_KEYSTONE_REGION)s", - password => "%(CONFIG_CINDER_KS_PW)s", - public_address => "%(CONFIG_STORAGE_HOST)s", - admin_address => "%(CONFIG_STORAGE_HOST)s", - internal_address => "%(CONFIG_STORAGE_HOST)s", +class { 'cinder::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_CINDER_KS_PW'), + public_address => hiera('CONFIG_STORAGE_HOST'), + admin_address => hiera('CONFIG_STORAGE_HOST'), + internal_address => hiera('CONFIG_STORAGE_HOST'), } diff --git a/packstack/puppet/templates/keystone_glance.pp b/packstack/puppet/templates/keystone_glance.pp index 1d907acf2..8fd6a7f3b 100644 --- a/packstack/puppet/templates/keystone_glance.pp +++ b/packstack/puppet/templates/keystone_glance.pp @@ -1,8 +1,8 @@ -class {"glance::keystone::auth": - region => "%(CONFIG_KEYSTONE_REGION)s", - password => "%(CONFIG_GLANCE_KS_PW)s", - public_address => "%(CONFIG_STORAGE_HOST)s", - admin_address => "%(CONFIG_STORAGE_HOST)s", - internal_address => "%(CONFIG_STORAGE_HOST)s", +class { 'glance::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_GLANCE_KS_PW'), + public_address => hiera('CONFIG_STORAGE_HOST'), + admin_address => hiera('CONFIG_STORAGE_HOST'), + internal_address => hiera('CONFIG_STORAGE_HOST'), } diff --git a/packstack/puppet/templates/keystone_heat.pp b/packstack/puppet/templates/keystone_heat.pp index d05acd11f..2698a2d8d 100644 --- a/packstack/puppet/templates/keystone_heat.pp +++ b/packstack/puppet/templates/keystone_heat.pp @@ -1,18 +1,20 @@ # heat::keystone::auth -class {"heat::keystone::auth": - region => "%(CONFIG_KEYSTONE_REGION)s", - password => "%(CONFIG_HEAT_KS_PW)s", - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", +class { 'heat::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_HEAT_KS_PW'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), } -if '%(CONFIG_HEAT_CFN_INSTALL)s' == 'y' { - # heat::keystone::cfn - class {"heat::keystone::auth_cfn": - password => "%(CONFIG_HEAT_KS_PW)s", - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", - } +$is_heat_cfn_install = hiera('CONFIG_HEAT_CFN_INSTALL') + +if $is_heat_cfn_install == 'y' { + # heat::keystone::cfn + class { "heat::keystone::auth_cfn": + password => hiera('CONFIG_HEAT_KS_PW'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), + } } diff --git a/packstack/puppet/templates/keystone_neutron.pp b/packstack/puppet/templates/keystone_neutron.pp index 07842c84f..9e8bf93cf 100644 --- a/packstack/puppet/templates/keystone_neutron.pp +++ b/packstack/puppet/templates/keystone_neutron.pp @@ -1,8 +1,8 @@ -class {"neutron::keystone::auth": - region => "%(CONFIG_KEYSTONE_REGION)s", - password => "%(CONFIG_NEUTRON_KS_PW)s", - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", +class { 'neutron::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_NEUTRON_KS_PW'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), } diff --git a/packstack/puppet/templates/keystone_nova.pp b/packstack/puppet/templates/keystone_nova.pp index f544bf933..498678776 100644 --- a/packstack/puppet/templates/keystone_nova.pp +++ b/packstack/puppet/templates/keystone_nova.pp @@ -1,9 +1,9 @@ -class {"nova::keystone::auth": - region => "%(CONFIG_KEYSTONE_REGION)s", - password => "%(CONFIG_NOVA_KS_PW)s", - public_address => "%(CONFIG_CONTROLLER_HOST)s", - admin_address => "%(CONFIG_CONTROLLER_HOST)s", - internal_address => "%(CONFIG_CONTROLLER_HOST)s", - cinder => true, +class { 'nova::keystone::auth': + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_NOVA_KS_PW'), + public_address => hiera('CONFIG_CONTROLLER_HOST'), + admin_address => hiera('CONFIG_CONTROLLER_HOST'), + internal_address => hiera('CONFIG_CONTROLLER_HOST'), + cinder => true, } diff --git a/packstack/puppet/templates/keystone_swift.pp b/packstack/puppet/templates/keystone_swift.pp index be71587eb..f07db840c 100644 --- a/packstack/puppet/templates/keystone_swift.pp +++ b/packstack/puppet/templates/keystone_swift.pp @@ -1,5 +1,5 @@ class { 'swift::keystone::auth': - public_address => '%(CONFIG_CONTROLLER_HOST)s', - region => '%(CONFIG_KEYSTONE_REGION)s', - password => '%(CONFIG_SWIFT_KS_PW)s', + public_address => hiera('CONFIG_CONTROLLER_HOST'), + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_SWIFT_KS_PW'), } diff --git a/packstack/puppet/templates/mariadb_cinder_install.pp b/packstack/puppet/templates/mariadb_cinder_install.pp index 4a10614f5..5dfa4ae94 100644 --- a/packstack/puppet/templates/mariadb_cinder_install.pp +++ b/packstack/puppet/templates/mariadb_cinder_install.pp @@ -1,7 +1,7 @@ -class {"cinder::db::mysql": - password => "%(CONFIG_CINDER_DB_PW)s", - host => "%%", - allowed_hosts => "%%", - charset => "utf8", +class { 'cinder::db::mysql': + password => hiera('CONFIG_CINDER_DB_PW'), + host => '%%', + allowed_hosts => '%%', + charset => 'utf8', mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_cinder_noinstall.pp b/packstack/puppet/templates/mariadb_cinder_noinstall.pp index c5c7ae5ad..8e02eb808 100644 --- a/packstack/puppet/templates/mariadb_cinder_noinstall.pp +++ b/packstack/puppet/templates/mariadb_cinder_noinstall.pp @@ -1,27 +1,29 @@ remote_database { 'cinder': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } +$mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW') + remote_database_user { 'cinder@%%': - password_hash => mysql_password('%(CONFIG_CINDER_DB_PW)s'), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['cinder'], + password_hash => mysql_password($mariadb_cinder_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['cinder'], } remote_database_grant { 'cinder@%%/cinder': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['cinder@%%'], + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['cinder@%%'], } diff --git a/packstack/puppet/templates/mariadb_glance_install.pp b/packstack/puppet/templates/mariadb_glance_install.pp index 6c868da53..b2fe2951a 100644 --- a/packstack/puppet/templates/mariadb_glance_install.pp +++ b/packstack/puppet/templates/mariadb_glance_install.pp @@ -1,7 +1,7 @@ -class {"glance::db::mysql": - password => "%(CONFIG_GLANCE_DB_PW)s", - host => "%%", - allowed_hosts => "%%", - charset => "utf8", +class { 'glance::db::mysql': + password => hiera('CONFIG_GLANCE_DB_PW'), + host => '%%', + allowed_hosts => '%%', + charset => 'utf8', mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_glance_noinstall.pp b/packstack/puppet/templates/mariadb_glance_noinstall.pp index defd85e0c..510f04213 100644 --- a/packstack/puppet/templates/mariadb_glance_noinstall.pp +++ b/packstack/puppet/templates/mariadb_glance_noinstall.pp @@ -1,27 +1,29 @@ remote_database { 'glance': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } +$mariadb_glance_noinstall_db_pw = hiera('CONFIG_GLANCE_DB_PW') + remote_database_user { 'glance@%%': - password_hash => mysql_password('%(CONFIG_GLANCE_DB_PW)s' ), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['glance'], + password_hash => mysql_password($mariadb_glance_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['glance'], } remote_database_grant { 'glance@%%/glance': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['glance@%%'], + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['glance@%%'], } diff --git a/packstack/puppet/templates/mariadb_heat_install.pp b/packstack/puppet/templates/mariadb_heat_install.pp index 19aa67b28..ef99a2ae0 100644 --- a/packstack/puppet/templates/mariadb_heat_install.pp +++ b/packstack/puppet/templates/mariadb_heat_install.pp @@ -1,7 +1,7 @@ -class {"heat::db::mysql": - password => "%(CONFIG_HEAT_DB_PW)s", - host => "%%", - allowed_hosts => "%%", - charset => "utf8", +class { 'heat::db::mysql': + password => hiera('CONFIG_HEAT_DB_PW'), + host => '%%', + allowed_hosts => '%%', + charset => 'utf8', mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_heat_noinstall.pp b/packstack/puppet/templates/mariadb_heat_noinstall.pp index f0964e9ce..d59242fe9 100644 --- a/packstack/puppet/templates/mariadb_heat_noinstall.pp +++ b/packstack/puppet/templates/mariadb_heat_noinstall.pp @@ -1,27 +1,29 @@ remote_database { 'heat': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } +$mariadb_heat_noinstall_db_pw = hiera('CONFIG_HEAT_DB_PW') + remote_database_user { 'heat@%%': - password_hash => mysql_password('%(CONFIG_HEAT_DB_PW)s'), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['heat'], + password_hash => mysql_password($mariadb_heat_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['heat'], } remote_database_grant { 'heat@%%/heat': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['heat@%%'], + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['heat@%%'], } diff --git a/packstack/puppet/templates/mariadb_install.pp b/packstack/puppet/templates/mariadb_install.pp index 9e96054d7..26dccb790 100644 --- a/packstack/puppet/templates/mariadb_install.pp +++ b/packstack/puppet/templates/mariadb_install.pp @@ -1,36 +1,41 @@ # Package mariadb-server conflicts with mariadb-galera-server -package {"mariadb-server": - ensure => absent, +package { 'mariadb-server': + ensure => absent, } -class {"mysql::server": - package_name => "mariadb-galera-server", - restart => true, - root_password => "%(CONFIG_MARIADB_PW)s", - require => Package['mariadb-server'], - override_options => { - 'mysqld' => { bind_address => "0.0.0.0", - default_storage_engine => "InnoDB", - max_connections => "1024", - open_files_limit => '-1', - } +class { 'mysql::server': + package_name => 'mariadb-galera-server', + restart => true, + root_password => hiera('CONFIG_MARIADB_PW'), + require => Package['mariadb-server'], + override_options => { + 'mysqld' => { bind_address => '0.0.0.0', + default_storage_engine => 'InnoDB', + max_connections => '1024', + open_files_limit => '-1', } + } } # deleting database users for security # this is done in mysql::server::account_security but has problems # when there is no fqdn, so we're defining a slightly different one here database_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%%' ]: - ensure => 'absent', require => Class['mysql::server'], + ensure => 'absent', + require => Class['mysql::server'], } -if ($::fqdn != "" and $::fqdn != "localhost") { - database_user { [ "root@${::fqdn}", "@${::fqdn}"]: - ensure => 'absent', require => Class['mysql::server'], - } + +if ($::fqdn != '' and $::fqdn != 'localhost') { + database_user { [ "root@${::fqdn}", "@${::fqdn}"]: + ensure => 'absent', + require => Class['mysql::server'], + } } -if ($::fqdn != $::hostname and $::hostname != "localhost") { - database_user { ["root@${::hostname}", "@${::hostname}"]: - ensure => 'absent', require => Class['mysql::server'], - } +if ($::fqdn != $::hostname and $::hostname != 'localhost') { + database_user { ["root@${::hostname}", "@${::hostname}"]: + ensure => 'absent', + require => Class['mysql::server'], + } } + diff --git a/packstack/puppet/templates/mariadb_keystone_install.pp b/packstack/puppet/templates/mariadb_keystone_install.pp index 2ef9bdbff..1534bde63 100644 --- a/packstack/puppet/templates/mariadb_keystone_install.pp +++ b/packstack/puppet/templates/mariadb_keystone_install.pp @@ -1,7 +1,7 @@ -class {"keystone::db::mysql": - user => 'keystone_admin', - password => "%(CONFIG_KEYSTONE_DB_PW)s", - allowed_hosts => "%%", - charset => "utf8", - mysql_module => '2.2', +class { 'keystone::db::mysql': + user => 'keystone_admin', + password => hiera('CONFIG_KEYSTONE_DB_PW'), + allowed_hosts => '%%', + charset => 'utf8', + mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_keystone_noinstall.pp b/packstack/puppet/templates/mariadb_keystone_noinstall.pp index 71a562443..e454edbb3 100644 --- a/packstack/puppet/templates/mariadb_keystone_noinstall.pp +++ b/packstack/puppet/templates/mariadb_keystone_noinstall.pp @@ -1,27 +1,29 @@ remote_database { 'keystone': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } +$mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') + remote_database_user { 'keystone_admin@%%': - password_hash => mysql_password('%(CONFIG_KEYSTONE_DB_PW)s' ), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['keystone'], + password_hash => mysql_password($mariadb_keystone_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['keystone'], } remote_database_grant { 'keystone_admin@%%/keystone': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['keystone_admin@%%'], + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['keystone_admin@%%'], } diff --git a/packstack/puppet/templates/mariadb_neutron_install.pp b/packstack/puppet/templates/mariadb_neutron_install.pp index 3070dfa74..6bcad4ef7 100644 --- a/packstack/puppet/templates/mariadb_neutron_install.pp +++ b/packstack/puppet/templates/mariadb_neutron_install.pp @@ -1,8 +1,8 @@ -class {"neutron::db::mysql": - password => "%(CONFIG_NEUTRON_DB_PW)s", - host => "%%", - allowed_hosts => "%%", - dbname => '%(CONFIG_NEUTRON_L2_DBNAME)s', - charset => "utf8", +class { 'neutron::db::mysql': + password => hiera('CONFIG_NEUTRON_DB_PW'), + host => '%%', + allowed_hosts => '%%', + dbname => hiera('CONFIG_NEUTRON_L2_DBNAME'), + charset => 'utf8', mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_neutron_noinstall.pp b/packstack/puppet/templates/mariadb_neutron_noinstall.pp index 3ddac8ac6..fd38d27a3 100644 --- a/packstack/puppet/templates/mariadb_neutron_noinstall.pp +++ b/packstack/puppet/templates/mariadb_neutron_noinstall.pp @@ -1,27 +1,30 @@ -remote_database { '%(CONFIG_NEUTRON_L2_DBNAME)s': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', +$mariadb_neutron_noinstall_db_pw = hiera('CONFIG_NEUTRON_DB_PW') +$mariadb_neutron_noinstall_l2_dbname = hiera('CONFIG_NEUTRON_L2_DBNAME') + +remote_database { $mariadb_neutron_noinstall_l2_dbname: + ensure => present, + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } remote_database_user { 'neutron@%%': - password_hash => mysql_password('%(CONFIG_NEUTRON_DB_PW)s' ), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['%(CONFIG_NEUTRON_L2_DBNAME)s'], + password_hash => mysql_password($mariadb_neutron_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database[$mariadb_neutron_noinstall_l2_dbname], } -remote_database_grant { 'neutron@%%/%(CONFIG_NEUTRON_L2_DBNAME)s': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['neutron@%%'], +remote_database_grant { "neutron@%%/${mariadb_neutron_noinstall_l2_dbname}": + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['neutron@%%'], } diff --git a/packstack/puppet/templates/mariadb_noinstall.pp b/packstack/puppet/templates/mariadb_noinstall.pp index 626ee88fa..cc13afc3e 100644 --- a/packstack/puppet/templates/mariadb_noinstall.pp +++ b/packstack/puppet/templates/mariadb_noinstall.pp @@ -1,3 +1,2 @@ -class { 'remote::db': -} +class { 'remote::db': } diff --git a/packstack/puppet/templates/mariadb_nova_install.pp b/packstack/puppet/templates/mariadb_nova_install.pp index 2049beeaa..7f18565ae 100644 --- a/packstack/puppet/templates/mariadb_nova_install.pp +++ b/packstack/puppet/templates/mariadb_nova_install.pp @@ -1,7 +1,7 @@ -class {"nova::db::mysql": - password => "%(CONFIG_NOVA_DB_PW)s", - host => "%%", - allowed_hosts => "%%", - charset => "utf8", +class { 'nova::db::mysql': + password => hiera('CONFIG_NOVA_DB_PW'), + host => '%%', + allowed_hosts => '%%', + charset => 'utf8', mysql_module => '2.2', } diff --git a/packstack/puppet/templates/mariadb_nova_noinstall.pp b/packstack/puppet/templates/mariadb_nova_noinstall.pp index f4ccf4531..28b685107 100644 --- a/packstack/puppet/templates/mariadb_nova_noinstall.pp +++ b/packstack/puppet/templates/mariadb_nova_noinstall.pp @@ -1,27 +1,29 @@ remote_database { 'nova': - ensure => 'present', - charset => 'utf8', - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', } +$mariadb_nova_noinstall_db_pw = hiera('CONFIG_NOVA_DB_PW') + remote_database_user { 'nova@%%': - password_hash => mysql_password('%(CONFIG_NOVA_DB_PW)s' ), - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database['nova'], + password_hash => mysql_password($mariadb_nova_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['nova'], } remote_database_grant { 'nova@%%/nova': - privileges => "all", - db_host => '%(CONFIG_MARIADB_HOST)s', - db_user => '%(CONFIG_MARIADB_USER)s', - db_password => '%(CONFIG_MARIADB_PW)s', - provider => 'mysql', - require => Remote_database_user['nova@%%'], + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['nova@%%'], } diff --git a/packstack/puppet/templates/mongodb.pp b/packstack/puppet/templates/mongodb.pp index 490ce4ba1..5343400d4 100644 --- a/packstack/puppet/templates/mongodb.pp +++ b/packstack/puppet/templates/mongodb.pp @@ -1,4 +1,7 @@ +$mongodb_host = hiera('CONFIG_MONGODB_HOST') + class { 'mongodb::server': - smallfiles => true, - bind_ip => ['%(CONFIG_MONGODB_HOST)s'], + smallfiles => true, + bind_ip => [$mongodb_host], } + diff --git a/packstack/puppet/templates/nagios_nrpe.pp b/packstack/puppet/templates/nagios_nrpe.pp index 1aeaada65..30997b225 100644 --- a/packstack/puppet/templates/nagios_nrpe.pp +++ b/packstack/puppet/templates/nagios_nrpe.pp @@ -1,43 +1,48 @@ -package{'nrpe': - ensure => present, - before => Class['nagios_configs'] +package{ 'nrpe': + ensure => present, + before => Class['nagios_configs'], } -file{'/etc/nagios/nrpe.cfg': - ensure => 'present', - mode => '0644', - owner => 'nagios', - group => 'nagios', - require => Package['nrpe'], +file{ '/etc/nagios/nrpe.cfg': + ensure => 'present', + mode => '0644', + owner => 'nagios', + group => 'nagios', + require => Package['nrpe'], } -class nagios_configs(){ - file_line{'allowed_hosts': - path => '/etc/nagios/nrpe.cfg', - match => 'allowed_hosts=', - line => 'allowed_hosts=%(CONFIG_CONTROLLER_HOST)s', - } +class nagios_configs () { + $nagios_configs_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') - # 5 minute load average - file_line{'load5': - path => '/etc/nagios/nrpe.cfg', - match => 'command\[load5\]=', - line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', - } + file_line{'allowed_hosts': + path => '/etc/nagios/nrpe.cfg', + match => 'allowed_hosts=', + line => "allowed_hosts=${nagios_configs_cfg_ctrl_host}", + } - # disk used on /var - file_line{'df_var': - path => '/etc/nagios/nrpe.cfg', - match => "command\[df_var\]=", - line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'", - } + # 5 minute load average + file_line{'load5': + path => '/etc/nagios/nrpe.cfg', + match => 'command\[load5\]=', + line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', + } + + # disk used on /var + file_line{'df_var': + path => '/etc/nagios/nrpe.cfg', + match => "command\[df_var\]=", + line => "command[df_var]=df /var/ | sed -re 's/.* ([0-9]+)%%.*/\\1/' | grep -E '^[0-9]'", + } } + class{'nagios_configs': - notify => Service['nrpe'], + notify => Service['nrpe'], } service{'nrpe': - ensure => running, - enable => true, - hasstatus => true, + ensure => running, + enable => true, + hasstatus => true, } + + diff --git a/packstack/puppet/templates/nagios_server.pp b/packstack/puppet/templates/nagios_server.pp index 68ab5af8e..c9c39e342 100644 --- a/packstack/puppet/templates/nagios_server.pp +++ b/packstack/puppet/templates/nagios_server.pp @@ -1,81 +1,99 @@ include packstack::apache_common -package{['nagios', 'nagios-plugins-nrpe']: - ensure => present, - before => Class['nagios_configs'] +package { ['nagios', 'nagios-plugins-nrpe']: + ensure => present, + before => Class['nagios_configs'], } # We need to preferably install nagios-plugins-ping exec { 'nagios-plugins-ping': - path => '/usr/bin', - command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping', - onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0', - before => Class['nagios_configs'] + path => '/usr/bin', + command => 'yum install -y -d 0 -e 0 monitoring-plugins-ping', + onlyif => 'yum install -y -d 0 -e 0 nagios-plugins-ping &> /dev/null && exit 1 || exit 0', + before => Class['nagios_configs'] } class nagios_configs(){ - file{['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']: - ensure => 'present', - mode => '0644', - owner => 'nagios', - group => 'nagios', - } + file { ['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']: + ensure => 'present', + mode => '0644', + owner => 'nagios', + group => 'nagios', + } - # Remove the entry for localhost, it contains services we're not - # monitoring - file{['/etc/nagios/objects/localhost.cfg']: - ensure => 'present', - content => '', - } + # Remove the entry for localhost, it contains services we're not + # monitoring + file { ['/etc/nagios/objects/localhost.cfg']: + ensure => 'present', + content => '', + } - file_line{'nagios_host': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_host.cfg', - } + file_line { 'nagios_host': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_host.cfg', + } - file_line{'nagios_command': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_command.cfg', - } + file_line { 'nagios_command': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_command.cfg', + } - file_line{'nagios_service': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_service.cfg', - } + file_line { 'nagios_service': + path => '/etc/nagios/nagios.cfg', + line => 'cfg_file=/etc/nagios/nagios_service.cfg', + } - nagios_command{'check_nrpe': - command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$', - } + nagios_command { 'check_nrpe': + command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$', + } - exec{'nagiospasswd': - command => '/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin %(CONFIG_NAGIOS_PW)s', - } + $cfg_nagios_pw = hiera('CONFIG_NAGIOS_PW') - file {"/etc/nagios/keystonerc_admin": - ensure => "present", owner => "nagios", mode => '0600', - content => "export OS_USERNAME=admin + exec { 'nagiospasswd': + command => "/usr/bin/htpasswd -b /etc/nagios/passwd nagiosadmin ${cfg_nagios_pw}", + } + + $nagios_cfg_ks_adm_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') + $nagios_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') + + file { '/etc/nagios/keystonerc_admin': + ensure => 'present', + owner => 'nagios', + mode => '0600', + content => "export OS_USERNAME=admin export OS_TENANT_NAME=admin -export OS_PASSWORD=%(CONFIG_KEYSTONE_ADMIN_PW)s -export OS_AUTH_URL=http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0/ ",} +export OS_PASSWORD=${nagios_cfg_ks_adm_pw} +export OS_AUTH_URL=http://${nagios_cfg_ctrl_host}:35357/v2.0/ ", + } - %(CONFIG_NAGIOS_MANIFEST_CONFIG)s + %(CONFIG_NAGIOS_MANIFEST_CONFIG)s } -class{'nagios_configs': - notify => [Service['nagios'], Service['httpd']], +class { 'nagios_configs': + notify => [Service['nagios'], Service['httpd']], } -include ::apache -class {'apache::mod::php': } +include concat::setup -service{['nagios']: - ensure => running, - enable => true, - hasstatus => true, +class { 'apache': + purge_configs => false, +} + +class { 'apache::mod::php': } + +service { ['nagios']: + ensure => running, + enable => true, + hasstatus => true, } firewall { '001 nagios incoming': - proto => 'tcp', - dport => ['80'], - action => 'accept', + proto => 'tcp', + dport => ['80'], + action => 'accept', +} + +# ensure that we won't stop listening on 443 if horizon has ssl enabled +if hiera('CONFIG_HORIZON_SSL') { + apache::listen { '443': } } diff --git a/packstack/puppet/templates/neutron.pp b/packstack/puppet/templates/neutron.pp index ab4243786..085d7bfe7 100644 --- a/packstack/puppet/templates/neutron.pp +++ b/packstack/puppet/templates/neutron.pp @@ -1,9 +1,8 @@ -$neutron_db_host = '%(CONFIG_MARIADB_HOST)s' -$neutron_db_name = '%(CONFIG_NEUTRON_L2_DBNAME)s' -$neutron_db_user = 'neutron' -$neutron_db_password = '%(CONFIG_NEUTRON_DB_PW)s' -$neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" - -$neutron_user_password = '%(CONFIG_NEUTRON_KS_PW)s' +$neutron_db_host = hiera('CONFIG_MARIADB_HOST') +$neutron_db_name = hiera('CONFIG_NEUTRON_L2_DBNAME') +$neutron_db_user = 'neutron' +$neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') +$neutron_sql_connection = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" +$neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') diff --git a/packstack/puppet/templates/neutron_api.pp b/packstack/puppet/templates/neutron_api.pp index 486ab03dc..66d41afd0 100644 --- a/packstack/puppet/templates/neutron_api.pp +++ b/packstack/puppet/templates/neutron_api.pp @@ -1,17 +1,18 @@ class { 'neutron::server': sql_connection => $neutron_sql_connection, - connection => $neutron_sql_connection, - auth_password => $neutron_user_password, - auth_host => '%(CONFIG_CONTROLLER_HOST)s', - enabled => true, + connection => $neutron_sql_connection, + auth_password => $neutron_user_password, + auth_host => hiera('CONFIG_CONTROLLER_HOST'), + enabled => true, mysql_module => '2.2', } exec { 'neutron-db-manage upgrade': - command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - path => '/usr/bin', - user => 'neutron', - logoutput => 'on_failure', - before => Service['neutron-server'], - require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']], + command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', + path => '/usr/bin', + user => 'neutron', + logoutput => 'on_failure', + before => Service['neutron-server'], + require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']], } + diff --git a/packstack/puppet/templates/neutron_dhcp.pp b/packstack/puppet/templates/neutron_dhcp.pp index 8880c8228..10c052b0e 100644 --- a/packstack/puppet/templates/neutron_dhcp.pp +++ b/packstack/puppet/templates/neutron_dhcp.pp @@ -1,4 +1,5 @@ class { 'neutron::agents::dhcp': - interface_driver => '%(CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER)s', - debug => %(CONFIG_DEBUG_MODE)s, + interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), + debug => hiera('CONFIG_DEBUG_MODE'), } + diff --git a/packstack/puppet/templates/neutron_l3.pp b/packstack/puppet/templates/neutron_l3.pp index 8e91c5429..35b0e3c73 100644 --- a/packstack/puppet/templates/neutron_l3.pp +++ b/packstack/puppet/templates/neutron_l3.pp @@ -1,9 +1,9 @@ class { 'neutron::agents::l3': - interface_driver => '%(CONFIG_NEUTRON_L3_INTERFACE_DRIVER)s', - external_network_bridge => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', - debug => %(CONFIG_DEBUG_MODE)s, + interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), + external_network_bridge => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'), + debug => hiera('CONFIG_DEBUG_MODE'), } sysctl::value { 'net.ipv4.ip_forward': - value => '1' + value => '1', } diff --git a/packstack/puppet/templates/neutron_lb_agent.pp b/packstack/puppet/templates/neutron_lb_agent.pp index a22c22fd6..a0a0217d7 100644 --- a/packstack/puppet/templates/neutron_lb_agent.pp +++ b/packstack/puppet/templates/neutron_lb_agent.pp @@ -1,3 +1,3 @@ class {'neutron::agents::linuxbridge': - physical_interface_mappings => '%(CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS)s', + physical_interface_mappings => hiera('CONFIG_NEUTRON_LB_INTERFACE_MAPPINGS'), } diff --git a/packstack/puppet/templates/neutron_lb_plugin.pp b/packstack/puppet/templates/neutron_lb_plugin.pp index 90ecfc4bd..e1a282d23 100644 --- a/packstack/puppet/templates/neutron_lb_plugin.pp +++ b/packstack/puppet/templates/neutron_lb_plugin.pp @@ -1,4 +1,4 @@ class { 'neutron::plugins::linuxbridge': - tenant_network_type => '%(CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE)s', - network_vlan_ranges => '%(CONFIG_NEUTRON_LB_VLAN_RANGES)s', + tenant_network_type => hiera('CONFIG_NEUTRON_LB_TENANT_NETWORK_TYPE'), + network_vlan_ranges => hiera('CONFIG_NEUTRON_LB_VLAN_RANGES'), } diff --git a/packstack/puppet/templates/neutron_lbaas.pp b/packstack/puppet/templates/neutron_lbaas.pp index 6d27267a7..fa27350f0 100644 --- a/packstack/puppet/templates/neutron_lbaas.pp +++ b/packstack/puppet/templates/neutron_lbaas.pp @@ -1,6 +1,6 @@ class { 'neutron::agents::lbaas': - interface_driver => '%(CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER)s', + interface_driver => hiera('CONFIG_NEUTRON_LBAAS_INTERFACE_DRIVER'), device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver', user_group => 'haproxy', - debug => %(CONFIG_DEBUG_MODE)s, + debug => hiera('CONFIG_DEBUG_MODE'), } diff --git a/packstack/puppet/templates/neutron_metadata.pp b/packstack/puppet/templates/neutron_metadata.pp index 9db8cc8be..7900bb5bf 100644 --- a/packstack/puppet/templates/neutron_metadata.pp +++ b/packstack/puppet/templates/neutron_metadata.pp @@ -1,8 +1,10 @@ -class {'neutron::agents::metadata': - auth_password => '%(CONFIG_NEUTRON_KS_PW)s', - auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - auth_region => '%(CONFIG_KEYSTONE_REGION)s', - shared_secret => '%(CONFIG_NEUTRON_METADATA_PW)s', - metadata_ip => '%(CONFIG_CONTROLLER_HOST)s', - debug => %(CONFIG_DEBUG_MODE)s, +$neutron_metadata_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') + +class { 'neutron::agents::metadata': + auth_password => hiera('CONFIG_NEUTRON_KS_PW'), + auth_url => "http://${neutron_metadata_cfg_ctrl_host}:35357/v2.0", + auth_region => hiera('CONFIG_KEYSTONE_REGION'), + shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'), + metadata_ip => hiera('CONFIG_CONTROLLER_HOST'), + debug => hiera('CONFIG_DEBUG_MODE'), } diff --git a/packstack/puppet/templates/neutron_metering_agent.pp b/packstack/puppet/templates/neutron_metering_agent.pp index e2f1275c2..ccae46adf 100644 --- a/packstack/puppet/templates/neutron_metering_agent.pp +++ b/packstack/puppet/templates/neutron_metering_agent.pp @@ -1,4 +1,4 @@ class { 'neutron::agents::metering': - interface_driver => '%(CONFIG_NEUTRON_METERING_IFCE_DRIVER)s', - debug => %(CONFIG_DEBUG_MODE)s, + interface_driver => hiera('CONFIG_NEUTRON_METERING_IFCE_DRIVER'), + debug => hiera('CONFIG_DEBUG_MODE'), } diff --git a/packstack/puppet/templates/neutron_ml2_plugin.pp b/packstack/puppet/templates/neutron_ml2_plugin.pp index 6e2f97ad3..b826d792e 100644 --- a/packstack/puppet/templates/neutron_ml2_plugin.pp +++ b/packstack/puppet/templates/neutron_ml2_plugin.pp @@ -1,17 +1,26 @@ +if hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') == '' { + $vxlan_group_value = undef +} else { + $vxlan_group_value = hiera('CONFIG_NEUTRON_ML2_VXLAN_GROUP') +} + class { 'neutron::plugins::ml2': - type_drivers => %(CONFIG_NEUTRON_ML2_TYPE_DRIVERS)s, - tenant_network_types => %(CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES)s, - mechanism_drivers => %(CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS)s, - flat_networks => %(CONFIG_NEUTRON_ML2_FLAT_NETWORKS)s, - network_vlan_ranges => %(CONFIG_NEUTRON_ML2_VLAN_RANGES)s, - tunnel_id_ranges => %(CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES)s, - vxlan_group => %(CONFIG_NEUTRON_ML2_VXLAN_GROUP)s, - vni_ranges => %(CONFIG_NEUTRON_ML2_VNI_RANGES)s, + type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'), + tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'), + mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'), + flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'), + network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'), + tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'), + vxlan_group => $vxlan_group_value, + vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'), enable_security_group => true, } -# For cases where "neutron-db-manage upgrade" command is called we need to fill config file first +# For cases where "neutron-db-manage upgrade" command is called +# we need to fill config file first if defined(Exec['neutron-db-manage upgrade']) { - Neutron_plugin_ml2<||> -> File['/etc/neutron/plugin.ini'] -> Exec['neutron-db-manage upgrade'] + Neutron_plugin_ml2<||> -> + File['/etc/neutron/plugin.ini'] -> + Exec['neutron-db-manage upgrade'] } diff --git a/packstack/puppet/templates/neutron_notifications.pp b/packstack/puppet/templates/neutron_notifications.pp index 36983512a..95e00951b 100644 --- a/packstack/puppet/templates/neutron_notifications.pp +++ b/packstack/puppet/templates/neutron_notifications.pp @@ -1,9 +1,11 @@ +$neutron_notif_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') + # Configure nova notifications system class { 'neutron::server::notifications': - nova_admin_username => 'nova', - nova_admin_password => '%(CONFIG_NOVA_KS_PW)s', - nova_admin_tenant_name => 'services', - nova_url => 'http://%(CONFIG_CONTROLLER_HOST)s:8774/v2', - nova_admin_auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - nova_region_name => '%(CONFIG_KEYSTONE_REGION)s', + nova_admin_username => 'nova', + nova_admin_password => hiera('CONFIG_NOVA_KS_PW'), + nova_admin_tenant_name => 'services', + nova_url => "http://${neutron_notif_cfg_ctrl_host}:8774/v2", + nova_admin_auth_url => "http://${neutron_notif_cfg_ctrl_host}:35357/v2.0", + nova_region_name => hiera('CONFIG_KEYSTONE_REGION'), } diff --git a/packstack/puppet/templates/neutron_ovs_agent_gre.pp b/packstack/puppet/templates/neutron_ovs_agent_gre.pp index fd39ef742..f9ec26120 100644 --- a/packstack/puppet/templates/neutron_ovs_agent_gre.pp +++ b/packstack/puppet/templates/neutron_ovs_agent_gre.pp @@ -1,21 +1,23 @@ -if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" { - $iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G') +$ovs_agent_gre_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF') + +if $ovs_agent_gre_cfg_neut_ovs_tun_if != '' { + $iface = regsubst($ovs_agent_gre_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') $localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>") } else { - $localip = '%(CONFIG_NEUTRON_OVS_HOST)s' + $localip = $cfg_neutron_ovs_host } -if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { +if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' { class { 'neutron::agents::ml2::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), enable_tunneling => true, tunnel_types => ['gre'], local_ip => $localip, - l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), } } else { class { 'neutron::agents::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), enable_tunneling => true, tunnel_types => ['gre'], local_ip => $localip, diff --git a/packstack/puppet/templates/neutron_ovs_agent_local.pp b/packstack/puppet/templates/neutron_ovs_agent_local.pp index 371a2c82c..f3d6f4ba6 100644 --- a/packstack/puppet/templates/neutron_ovs_agent_local.pp +++ b/packstack/puppet/templates/neutron_ovs_agent_local.pp @@ -1,12 +1,12 @@ -if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { +if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' { class { 'neutron::agents::ml2::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, - l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), } } else { class { 'neutron::agents::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), } file { 'ovs_neutron_plugin.ini': diff --git a/packstack/puppet/templates/neutron_ovs_agent_vlan.pp b/packstack/puppet/templates/neutron_ovs_agent_vlan.pp index 371a2c82c..f3d6f4ba6 100644 --- a/packstack/puppet/templates/neutron_ovs_agent_vlan.pp +++ b/packstack/puppet/templates/neutron_ovs_agent_vlan.pp @@ -1,12 +1,12 @@ -if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { +if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' { class { 'neutron::agents::ml2::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, - l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), } } else { class { 'neutron::agents::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), } file { 'ovs_neutron_plugin.ini': diff --git a/packstack/puppet/templates/neutron_ovs_agent_vxlan.pp b/packstack/puppet/templates/neutron_ovs_agent_vxlan.pp index afa38eb1a..6813afc13 100644 --- a/packstack/puppet/templates/neutron_ovs_agent_vxlan.pp +++ b/packstack/puppet/templates/neutron_ovs_agent_vxlan.pp @@ -1,27 +1,28 @@ +$ovs_agent_vxlan_cfg_neut_ovs_tun_if = hiera('CONFIG_NEUTRON_OVS_TUNNEL_IF') -if "%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s" { - $iface = regsubst('%(CONFIG_NEUTRON_OVS_TUNNEL_IF)s', '[\.\-\:]', '_', 'G') +if $ovs_agent_vxlan_cfg_neut_ovs_tun_if != '' { + $iface = regsubst($ovs_agent_vxlan_cfg_neut_ovs_tun_if, '[\.\-\:]', '_', 'G') $localip = inline_template("<%%= scope.lookupvar('::ipaddress_${iface}') %%>") } else { - $localip = '%(CONFIG_NEUTRON_OVS_HOST)s' + $localip = $cfg_neutron_ovs_host } -if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { +if hiera('CONFIG_NEUTRON_L2_PLUGIN') == 'ml2' { class { 'neutron::agents::ml2::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), enable_tunneling => true, tunnel_types => ['vxlan'], local_ip => $localip, - vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, - l2_population => %(CONFIG_NEUTRON_USE_L2POPULATION)s, + vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'), + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), } } else { class { 'neutron::agents::ovs': - bridge_mappings => %(CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS)s, + bridge_mappings => hiera_array('CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS'), enable_tunneling => true, tunnel_types => ['vxlan'], local_ip => $localip, - vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, + vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'), } file { 'ovs_neutron_plugin.ini': diff --git a/packstack/puppet/templates/neutron_ovs_bridge.pp b/packstack/puppet/templates/neutron_ovs_bridge.pp index dea5fc656..307aabded 100644 --- a/packstack/puppet/templates/neutron_ovs_bridge.pp +++ b/packstack/puppet/templates/neutron_ovs_bridge.pp @@ -1,10 +1,14 @@ -if '%(CONFIG_NEUTRON_L2_PLUGIN)s' == 'ml2' { +$ovs_bridge_cfg_neut_l2_plugin = hiera('CONFIG_NEUTRON_L2_PLUGIN') + +if $ovs_bridge_cfg_neut_l2_plugin == 'ml2' { $agent_service = 'neutron-ovs-agent-service' } else { $agent_service = 'neutron-plugin-ovs-service' } -vs_bridge { '%(CONFIG_NEUTRON_OVS_BRIDGE)s': +$config_neutron_ovs_bridge = hiera('CONFIG_NEUTRON_OVS_BRIDGE') + +vs_bridge { $config_neutron_ovs_bridge: ensure => present, - require => Service["${agent_service}"] + require => Service[$agent_service], } diff --git a/packstack/puppet/templates/neutron_ovs_plugin_gre.pp b/packstack/puppet/templates/neutron_ovs_plugin_gre.pp index 90e0e7fef..12d9f44df 100644 --- a/packstack/puppet/templates/neutron_ovs_plugin_gre.pp +++ b/packstack/puppet/templates/neutron_ovs_plugin_gre.pp @@ -1,5 +1,5 @@ class { 'neutron::plugins::ovs': - tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', - network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', - tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s', + tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'), + network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'), + tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'), } diff --git a/packstack/puppet/templates/neutron_ovs_plugin_local.pp b/packstack/puppet/templates/neutron_ovs_plugin_local.pp index 08b293093..ee515fe6a 100644 --- a/packstack/puppet/templates/neutron_ovs_plugin_local.pp +++ b/packstack/puppet/templates/neutron_ovs_plugin_local.pp @@ -1,4 +1,4 @@ class { 'neutron::plugins::ovs': - tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', - network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', + tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'), + network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'), } diff --git a/packstack/puppet/templates/neutron_ovs_plugin_vlan.pp b/packstack/puppet/templates/neutron_ovs_plugin_vlan.pp index 08b293093..ee515fe6a 100644 --- a/packstack/puppet/templates/neutron_ovs_plugin_vlan.pp +++ b/packstack/puppet/templates/neutron_ovs_plugin_vlan.pp @@ -1,4 +1,4 @@ class { 'neutron::plugins::ovs': - tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', - network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', + tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'), + network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'), } diff --git a/packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp b/packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp index 5504cb0a3..86e2b1298 100644 --- a/packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp +++ b/packstack/puppet/templates/neutron_ovs_plugin_vxlan.pp @@ -1,7 +1,7 @@ class { 'neutron::plugins::ovs': - tenant_network_type => '%(CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE)s', - network_vlan_ranges => '%(CONFIG_NEUTRON_OVS_VLAN_RANGES)s', - tunnel_id_ranges => '%(CONFIG_NEUTRON_OVS_TUNNEL_RANGES)s', - vxlan_udp_port => %(CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT)s, + tenant_network_type => hiera('CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE'), + network_vlan_ranges => hiera('CONFIG_NEUTRON_OVS_VLAN_RANGES'), + tunnel_id_ranges => hiera('CONFIG_NEUTRON_OVS_TUNNEL_RANGES'), + vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT'), } diff --git a/packstack/puppet/templates/neutron_ovs_port.pp b/packstack/puppet/templates/neutron_ovs_port.pp index 787c0510a..80015e56c 100644 --- a/packstack/puppet/templates/neutron_ovs_port.pp +++ b/packstack/puppet/templates/neutron_ovs_port.pp @@ -1,5 +1,7 @@ -vs_port { '%(CONFIG_NEUTRON_OVS_IFACE)s': - bridge => '%(CONFIG_NEUTRON_OVS_BRIDGE)s', - ensure => present +$cfg_neutron_ovs_iface = hiera('CONFIG_NEUTRON_OVS_IFACE') + +vs_port { $cfg_neutron_ovs_iface: + ensure => present, + bridge => hiera('CONFIG_NEUTRON_OVS_BRIDGE'), } diff --git a/packstack/puppet/templates/neutron_qpid.pp b/packstack/puppet/templates/neutron_qpid.pp index 9c107c86e..831e18879 100644 --- a/packstack/puppet/templates/neutron_qpid.pp +++ b/packstack/puppet/templates/neutron_qpid.pp @@ -1,14 +1,14 @@ class { 'neutron': rpc_backend => 'neutron.openstack.common.rpc.impl_qpid', - qpid_hostname => '%(CONFIG_AMQP_HOST)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', - core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s', + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), + core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'), allow_overlapping_ips => true, - service_plugins => %(SERVICE_PLUGINS)s, + service_plugins => hiera_array('SERVICE_PLUGINS'), verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, + debug => hiera('CONFIG_DEBUG_MODE'), } diff --git a/packstack/puppet/templates/neutron_rabbitmq.pp b/packstack/puppet/templates/neutron_rabbitmq.pp index e84c23408..b4f62f39e 100644 --- a/packstack/puppet/templates/neutron_rabbitmq.pp +++ b/packstack/puppet/templates/neutron_rabbitmq.pp @@ -1,12 +1,12 @@ class { 'neutron': - rabbit_host => '%(CONFIG_AMQP_HOST)s', - rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - rabbit_user => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - core_plugin => '%(CONFIG_NEUTRON_CORE_PLUGIN)s', + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_user => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + core_plugin => hiera('CONFIG_NEUTRON_CORE_PLUGIN'), allow_overlapping_ips => true, - service_plugins => %(SERVICE_PLUGINS)s, + service_plugins => hiera_array('SERVICE_PLUGINS'), verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, + debug => hiera('CONFIG_DEBUG_MODE'), } diff --git a/packstack/puppet/templates/nova_api.pp b/packstack/puppet/templates/nova_api.pp index 76fb187fc..c8379c927 100644 --- a/packstack/puppet/templates/nova_api.pp +++ b/packstack/puppet/templates/nova_api.pp @@ -1,10 +1,10 @@ require 'keystone::python' -class {"nova::api": - enabled => true, - auth_host => "%(CONFIG_CONTROLLER_HOST)s", - admin_password => "%(CONFIG_NOVA_KS_PW)s", - neutron_metadata_proxy_shared_secret => %(CONFIG_NEUTRON_METADATA_PW_UNQUOTED)s +class { 'nova::api': + enabled => true, + auth_host => hiera('CONFIG_CONTROLLER_HOST'), + admin_password => hiera('CONFIG_NOVA_KS_PW'), + neutron_metadata_proxy_shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW_UNQUOTED'), } Package<| title == 'nova-common' |> -> Class['nova::api'] diff --git a/packstack/puppet/templates/nova_ceilometer.pp b/packstack/puppet/templates/nova_ceilometer.pp index ec22d67a2..7bca6458d 100644 --- a/packstack/puppet/templates/nova_ceilometer.pp +++ b/packstack/puppet/templates/nova_ceilometer.pp @@ -1,8 +1,9 @@ +$nova_ceil_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') class { 'ceilometer::agent::auth': - auth_url => 'http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0', - auth_password => '%(CONFIG_CEILOMETER_KS_PW)s', + auth_url => "http://${nova_ceil_cfg_ctrl_host}:35357/v2.0", + auth_password => hiera('CONFIG_CEILOMETER_KS_PW'), } -class { 'ceilometer::agent::compute': -} +class { 'ceilometer::agent::compute': } + diff --git a/packstack/puppet/templates/nova_ceilometer_qpid.pp b/packstack/puppet/templates/nova_ceilometer_qpid.pp index eee1b85b2..c849a817a 100644 --- a/packstack/puppet/templates/nova_ceilometer_qpid.pp +++ b/packstack/puppet/templates/nova_ceilometer_qpid.pp @@ -1,15 +1,15 @@ class { 'ceilometer': - metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', - qpid_hostname => '%(CONFIG_AMQP_HOST)s', - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid', verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, + debug => hiera('CONFIG_DEBUG_MODE'), # for some strange reason ceilometer needs to be in nova group - require => Package['nova-common'], + require => Package['nova-common'], } diff --git a/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp b/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp index 27766e2de..7e0725e95 100644 --- a/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp +++ b/packstack/puppet/templates/nova_ceilometer_rabbitmq.pp @@ -1,12 +1,12 @@ class { 'ceilometer': - metering_secret => '%(CONFIG_CEILOMETER_SECRET)s', - rabbit_host => '%(CONFIG_AMQP_HOST)s', - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, + metering_secret => hiera('CONFIG_CEILOMETER_SECRET'), + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), # for some strange reason ceilometer needs to be in nova group - require => Package['nova-common'], + require => Package['nova-common'], } diff --git a/packstack/puppet/templates/nova_cert.pp b/packstack/puppet/templates/nova_cert.pp index 165c73431..6a63f65e5 100644 --- a/packstack/puppet/templates/nova_cert.pp +++ b/packstack/puppet/templates/nova_cert.pp @@ -1,4 +1,4 @@ -class {"nova::cert": - enabled => true, +class { 'nova::cert': + enabled => true, } diff --git a/packstack/puppet/templates/nova_common_nopw.pp b/packstack/puppet/templates/nova_common_nopw.pp new file mode 100644 index 000000000..977f36fc8 --- /dev/null +++ b/packstack/puppet/templates/nova_common_nopw.pp @@ -0,0 +1,9 @@ + +# Ensure Firewall changes happen before nova services start +# preventing a clash with rules being set by nova-compute and nova-network +Firewall <| |> -> Class['nova'] + +nova_config{ + 'DEFAULT/sql_connection': value => hiera('CONFIG_NOVA_SQL_CONN_NOPW'); + 'DEFAULT/metadata_host': value => hiera('CONFIG_CONTROLLER_HOST'); +} diff --git a/packstack/puppet/templates/nova_common.pp b/packstack/puppet/templates/nova_common_pw.pp similarity index 56% rename from packstack/puppet/templates/nova_common.pp rename to packstack/puppet/templates/nova_common_pw.pp index a417be52b..18435d604 100644 --- a/packstack/puppet/templates/nova_common.pp +++ b/packstack/puppet/templates/nova_common_pw.pp @@ -4,6 +4,6 @@ Firewall <| |> -> Class['nova'] nova_config{ - "DEFAULT/sql_connection": value => "%(CONFIG_NOVA_SQL_CONN)s"; - "DEFAULT/metadata_host": value => "%(CONFIG_CONTROLLER_HOST)s"; + 'DEFAULT/sql_connection': value => hiera('CONFIG_NOVA_SQL_CONN_PW'); + 'DEFAULT/metadata_host': value => hiera('CONFIG_CONTROLLER_HOST'); } diff --git a/packstack/puppet/templates/nova_common_qpid.pp b/packstack/puppet/templates/nova_common_qpid.pp index 192b421b5..6e23c4774 100644 --- a/packstack/puppet/templates/nova_common_qpid.pp +++ b/packstack/puppet/templates/nova_common_qpid.pp @@ -1,24 +1,26 @@ $private_key = { - type => '%(NOVA_MIGRATION_KEY_TYPE)s', - key => '%(NOVA_MIGRATION_KEY_SECRET)s', + type => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_SECRET'), } $public_key = { - type => '%(NOVA_MIGRATION_KEY_TYPE)s', - key => '%(NOVA_MIGRATION_KEY_PUBLIC)s', + type => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_PUBLIC'), } -class { "nova": - glance_api_servers => "%(CONFIG_STORAGE_HOST)s:9292", - qpid_hostname => "%(CONFIG_AMQP_HOST)s", - qpid_username => '%(CONFIG_AMQP_AUTH_USER)s', - qpid_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - rpc_backend => 'nova.openstack.common.rpc.impl_qpid', - qpid_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - qpid_protocol => '%(CONFIG_AMQP_PROTOCOL)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - nova_public_key => $public_key, - nova_private_key => $private_key, - nova_shell => '/bin/bash', +$nova_common_qpid_cfg_storage_host = hiera('CONFIG_STORAGE_HOST') + +class { 'nova': + glance_api_servers => "${nova_common_qpid_cfg_storage_host}:9292", + qpid_hostname => hiera('CONFIG_AMQP_HOST'), + qpid_username => hiera('CONFIG_AMQP_AUTH_USER'), + qpid_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + rpc_backend => 'nova.openstack.common.rpc.impl_qpid', + qpid_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + qpid_protocol => hiera('CONFIG_AMQP_PROTOCOL'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + nova_public_key => $public_key, + nova_private_key => $private_key, + nova_shell => '/bin/bash', } diff --git a/packstack/puppet/templates/nova_common_rabbitmq.pp b/packstack/puppet/templates/nova_common_rabbitmq.pp index c6e199f9f..53593217f 100644 --- a/packstack/puppet/templates/nova_common_rabbitmq.pp +++ b/packstack/puppet/templates/nova_common_rabbitmq.pp @@ -1,22 +1,24 @@ $private_key = { - type => '%(NOVA_MIGRATION_KEY_TYPE)s', - key => '%(NOVA_MIGRATION_KEY_SECRET)s', + type => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_SECRET'), } $public_key = { - type => '%(NOVA_MIGRATION_KEY_TYPE)s', - key => '%(NOVA_MIGRATION_KEY_PUBLIC)s', + type => hiera('NOVA_MIGRATION_KEY_TYPE'), + key => hiera('NOVA_MIGRATION_KEY_PUBLIC'), } -class { "nova": - glance_api_servers => "%(CONFIG_STORAGE_HOST)s:9292", - rabbit_host => "%(CONFIG_AMQP_HOST)s", - rabbit_port => '%(CONFIG_AMQP_CLIENTS_PORT)s', - rabbit_userid => '%(CONFIG_AMQP_AUTH_USER)s', - rabbit_password => '%(CONFIG_AMQP_AUTH_PASSWORD)s', - verbose => true, - debug => %(CONFIG_DEBUG_MODE)s, - nova_public_key => $public_key, - nova_private_key => $private_key, - nova_shell => '/bin/bash', +$nova_common_rabbitmq_cfg_storage_host = hiera('CONFIG_STORAGE_HOST') + +class { 'nova': + glance_api_servers => "${nova_common_rabbitmq_cfg_storage_host}:9292", + rabbit_host => hiera('CONFIG_AMQP_HOST'), + rabbit_port => hiera('CONFIG_AMQP_CLIENTS_PORT'), + rabbit_userid => hiera('CONFIG_AMQP_AUTH_USER'), + rabbit_password => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + verbose => true, + debug => hiera('CONFIG_DEBUG_MODE'), + nova_public_key => $public_key, + nova_private_key => $private_key, + nova_shell => '/bin/bash', } diff --git a/packstack/puppet/templates/nova_compute.pp b/packstack/puppet/templates/nova_compute.pp index 5e595d4a9..2cd645955 100644 --- a/packstack/puppet/templates/nova_compute.pp +++ b/packstack/puppet/templates/nova_compute.pp @@ -1,86 +1,93 @@ -package{'python-cinderclient': - before => Class["nova"] +package{ 'python-cinderclient': + before => Class['nova'] } -# Install the private key to be used for live migration. This needs to be configured -# into libvirt/live_migration_uri in nova.conf. +# Install the private key to be used for live migration. This needs to be +# configured into libvirt/live_migration_uri in nova.conf. file { '/etc/nova/ssh': ensure => directory, owner => root, group => root, - mode => 0700, + mode => '0700', } file { '/etc/nova/ssh/nova_migration_key': - content => '%(NOVA_MIGRATION_KEY_SECRET)s', - mode => 0600, + content => hiera('NOVA_MIGRATION_KEY_SECRET'), + mode => '0600', owner => root, group => root, require => File['/etc/nova/ssh'], } nova_config{ - "DEFAULT/volume_api_class": value => "nova.volume.cinder.API"; - "libvirt/live_migration_uri": value => "%(CONFIG_NOVA_COMPUTE_MIGRATE_URL)s"; + 'DEFAULT/volume_api_class': + value => 'nova.volume.cinder.API'; + 'libvirt/live_migration_uri': + value => hiera('CONFIG_NOVA_COMPUTE_MIGRATE_URL'); } -$config_horizon_ssl = '%(CONFIG_HORIZON_SSL)s' +$config_horizon_ssl = hiera('CONFIG_HORIZON_SSL') $vncproxy_proto = $config_horizon_ssl ? { - 'y' => 'https', - 'n' => 'http', + true => 'https', + false => 'http', default => 'http', } class { 'nova::compute': enabled => true, - vncproxy_host => '%(CONFIG_CONTROLLER_HOST)s', + vncproxy_host => hiera('CONFIG_CONTROLLER_HOST'), vncproxy_protocol => $vncproxy_proto, - vncserver_proxyclient_address => '%(CONFIG_NOVA_COMPUTE_HOST)s', + vncserver_proxyclient_address => hiera('CONFIG_NOVA_COMPUTE_HOST'), } # Note : remove this once we're installing a version of openstack that isn't # supported on RHEL 6.3 -if $::is_virtual_packstack == "true" and $::osfamily == "RedHat" and - $::operatingsystemrelease == "6.3"{ - file { "/usr/bin/qemu-system-x86_64": - ensure => link, - target => "/usr/libexec/qemu-kvm", - notify => Service["nova-compute"], - } +if $::is_virtual_packstack == 'true' and $::osfamily == 'RedHat' and + $::operatingsystemrelease == '6.3'{ + file { '/usr/bin/qemu-system-x86_64': + ensure => link, + target => '/usr/libexec/qemu-kvm', + notify => Service['nova-compute'], + } } # Tune the host with a virtual hosts profile -package {'tuned': - ensure => present, +package { 'tuned': + ensure => present, } -service {'tuned': - ensure => running, - require => Package['tuned'], +service { 'tuned': + ensure => running, + require => Package['tuned'], } if $::operatingsystem == 'Fedora' and $::operatingsystemrelease == 19 { - # older tuned service is sometimes stucked on Fedora 19 - exec {'tuned-update': - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], - command => 'yum update -y tuned', - logoutput => 'on_failure', - } + # older tuned service is sometimes stucked on Fedora 19 + exec { 'tuned-update': + path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], + command => 'yum update -y tuned', + logoutput => 'on_failure', + } - exec {'tuned-restart': - path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], - command => 'systemctl restart tuned.service', - logoutput => 'on_failure', - } + exec { 'tuned-restart': + path => ['/sbin', '/usr/sbin', '/bin', '/usr/bin'], + command => 'systemctl restart tuned.service', + logoutput => 'on_failure', + } - Service['tuned'] -> Exec['tuned-update'] -> Exec['tuned-restart'] -> Exec['tuned-virtual-host'] + Service['tuned'] -> + Exec['tuned-update'] -> + Exec['tuned-restart'] -> + Exec['tuned-virtual-host'] } -exec {'tuned-virtual-host': - unless => '/usr/sbin/tuned-adm active | /bin/grep virtual-host', - command => '/usr/sbin/tuned-adm profile virtual-host', - require => Service['tuned'], +exec { 'tuned-virtual-host': + unless => '/usr/sbin/tuned-adm active | /bin/grep virtual-host', + command => '/usr/sbin/tuned-adm profile virtual-host', + require => Service['tuned'], } + + diff --git a/packstack/puppet/templates/nova_compute_libvirt.pp b/packstack/puppet/templates/nova_compute_libvirt.pp index ece830d0c..59b6aa791 100644 --- a/packstack/puppet/templates/nova_compute_libvirt.pp +++ b/packstack/puppet/templates/nova_compute_libvirt.pp @@ -3,56 +3,57 @@ Firewall <| |> -> Class['nova::compute::libvirt'] # Ensure Firewall changes happen before libvirt service start # preventing a clash with rules being set by libvirt -if $::is_virtual_packstack == "true" { - $libvirt_virt_type = "qemu" - $libvirt_cpu_mode = "none" -}else{ - $libvirt_virt_type = "kvm" +if $::is_virtual_packstack == 'true' { + $libvirt_virt_type = 'qemu' + $libvirt_cpu_mode = 'none' +} else { + $libvirt_virt_type = 'kvm' } nova_config{ - "libvirt/inject_partition": value => "-1"; + 'libvirt/inject_partition': value => '-1'; } # We need to preferably install qemu-kvm-rhev exec { 'qemu-kvm': - path => '/usr/bin', - command => 'yum install -y -d 0 -e 0 qemu-kvm', - onlyif => 'yum install -y -d 0 -e 0 qemu-kvm-rhev &> /dev/null && exit 1 || exit 0', - before => Class['nova::compute::libvirt'] + path => '/usr/bin', + command => 'yum install -y -d 0 -e 0 qemu-kvm', + onlyif => 'yum install -y -d 0 -e 0 qemu-kvm-rhev &> /dev/null && exit 1 || exit 0', + before => Class['nova::compute::libvirt'], } class { 'nova::compute::libvirt': - libvirt_virt_type => "$libvirt_virt_type", - libvirt_cpu_mode => "$libvirt_cpu_mode", - vncserver_listen => "0.0.0.0", - migration_support => true, + libvirt_virt_type => $libvirt_virt_type, + libvirt_cpu_mode => $libvirt_cpu_mode, + vncserver_listen => '0.0.0.0', + migration_support => true, } -exec {'load_kvm': - user => 'root', - command => '/bin/sh /etc/sysconfig/modules/kvm.modules', - onlyif => '/usr/bin/test -e /etc/sysconfig/modules/kvm.modules', +exec { 'load_kvm': + user => 'root', + command => '/bin/sh /etc/sysconfig/modules/kvm.modules', + onlyif => '/usr/bin/test -e /etc/sysconfig/modules/kvm.modules', } -Class['nova::compute']-> Exec["load_kvm"] +Class['nova::compute'] -> Exec['load_kvm'] file_line { 'libvirt-guests': - path => '/etc/sysconfig/libvirt-guests', - line => 'ON_BOOT=ignore', - match => '^[\s#]*ON_BOOT=.*', - require => Class['nova::compute::libvirt'] + path => '/etc/sysconfig/libvirt-guests', + line => 'ON_BOOT=ignore', + match => '^[\s#]*ON_BOOT=.*', + require => Class['nova::compute::libvirt'], } -# Remove libvirt's default network (usually virbr0) as it's unnecessary and can be confusing +# Remove libvirt's default network (usually virbr0) as it's unnecessary and +# can be confusing exec {'virsh-net-destroy-default': - onlyif => '/usr/bin/virsh net-list | grep default', - command => '/usr/bin/virsh net-destroy default', - require => Package['libvirt'], + onlyif => '/usr/bin/virsh net-list | grep default', + command => '/usr/bin/virsh net-destroy default', + require => Package['libvirt'], } exec {'virsh-net-undefine-default': - onlyif => '/usr/bin/virsh net-list --inactive | grep default', - command => '/usr/bin/virsh net-undefine default', - require => Exec['virsh-net-destroy-default'], + onlyif => '/usr/bin/virsh net-list --inactive | grep default', + command => '/usr/bin/virsh net-undefine default', + require => Exec['virsh-net-destroy-default'], } diff --git a/packstack/puppet/templates/nova_compute_vmware.pp b/packstack/puppet/templates/nova_compute_vmware.pp index a1a1d08e1..e51c05efb 100644 --- a/packstack/puppet/templates/nova_compute_vmware.pp +++ b/packstack/puppet/templates/nova_compute_vmware.pp @@ -1,6 +1,6 @@ class { 'nova::compute::vmware': - host_ip => "%(CONFIG_VCENTER_HOST)s", - host_username => "%(CONFIG_VCENTER_USER)s", - host_password => "%(CONFIG_VCENTER_PASSWORD)s", - cluster_name => "%(CONFIG_VCENTER_CLUSTER_NAME)s", + host_ip => hiera('CONFIG_VCENTER_HOST'), + host_username => hiera('CONFIG_VCENTER_USER'), + host_password => hiera('CONFIG_VCENTER_PASSWORD'), + cluster_name => hiera('CONFIG_VCENTER_CLUSTER_NAME'), } diff --git a/packstack/puppet/templates/nova_conductor.pp b/packstack/puppet/templates/nova_conductor.pp index ed8750eaf..e8fdba3b1 100644 --- a/packstack/puppet/templates/nova_conductor.pp +++ b/packstack/puppet/templates/nova_conductor.pp @@ -1,4 +1,4 @@ -class {"nova::conductor": - enabled => true, +class { 'nova::conductor': + enabled => true, } diff --git a/packstack/puppet/templates/nova_network.pp b/packstack/puppet/templates/nova_network.pp index f826cdecd..1f2cd33b4 100644 --- a/packstack/puppet/templates/nova_network.pp +++ b/packstack/puppet/templates/nova_network.pp @@ -1,41 +1,55 @@ +$default_floating_pool = hiera('CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL') +$auto_assign_floating_ip = hiera('CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP') + nova_config { - "DEFAULT/default_floating_pool": value => '%(CONFIG_NOVA_NETWORK_DEFAULTFLOATINGPOOL)s'; - "DEFAULT/auto_assign_floating_ip": value => '%(CONFIG_NOVA_NETWORK_AUTOASSIGNFLOATINGIP)s'; + 'DEFAULT/default_floating_pool': value => $default_floating_pool; + 'DEFAULT/auto_assign_floating_ip': value => $auto_assign_floating_ip; } -$multihost = %(CONFIG_NOVA_NETWORK_MULTIHOST)s +$multihost = hiera('CONFIG_NOVA_NETWORK_MULTIHOST') if $multihost { - nova_config { - "DEFAULT/multi_host": value => true; - "DEFAULT/send_arp_for_ha": value => true; - } + nova_config { + 'DEFAULT/multi_host': value => true; + 'DEFAULT/send_arp_for_ha': value => true; + } } -$manager = '%(CONFIG_NOVA_NETWORK_MANAGER)s' +$manager = hiera('CONFIG_NOVA_NETWORK_MANAGER') + +$nova_net_manager_list = [ + 'nova.network.manager.VlanManager', + 'nova.network.manager.FlatDHCPManager' +] + $overrides = {} -if $manager in ['nova.network.manager.VlanManager', 'nova.network.manager.FlatDHCPManager'] { - $overrides['force_dhcp_release'] = false + +if $manager in $nova_net_manager_list { + $overrides['force_dhcp_release'] = false } + if $manager == 'nova.network.manager.VlanManager' { - $overrides['vlan_start'] = '%(CONFIG_NOVA_NETWORK_VLAN_START)s' - $net_size = '%(CONFIG_NOVA_NETWORK_SIZE)s' - $net_num = '%(CONFIG_NOVA_NETWORK_NUMBER)s' + $overrides['vlan_start'] = hiera('CONFIG_NOVA_NETWORK_VLAN_START') + $net_size = hiera('CONFIG_NOVA_NETWORK_SIZE') + $net_num = hiera('CONFIG_NOVA_NETWORK_NUMBER') } else { - $net_size = '%(CONFIG_NOVA_NETWORK_FIXEDSIZE)s' - $net_num = 1 -} -class { "nova::network": - enabled => true, - network_manager => $manager, - num_networks => $net_num , - network_size => $net_size, - private_interface => '%(CONFIG_NOVA_NETWORK_PRIVIF)s', - public_interface => '%(CONFIG_NOVA_NETWORK_PUBIF)s', - fixed_range => '%(CONFIG_NOVA_NETWORK_FIXEDRANGE)s', - floating_range => '%(CONFIG_NOVA_NETWORK_FLOATRANGE)s', - config_overrides => $overrides, + $net_size = hiera('CONFIG_NOVA_NETWORK_FIXEDSIZE') + $net_num = 1 } -package { 'dnsmasq': ensure => present } +class { 'nova::network': + enabled => true, + network_manager => $manager, + num_networks => $net_num , + network_size => $net_size, + private_interface => hiera('CONFIG_NOVA_NETWORK_PRIVIF'), + public_interface => hiera('CONFIG_NOVA_NETWORK_PUBIF'), + fixed_range => hiera('CONFIG_NOVA_NETWORK_FIXEDRANGE'), + floating_range => hiera('CONFIG_NOVA_NETWORK_FLOATRANGE'), + config_overrides => $overrides, +} + +package { 'dnsmasq': + ensure => present, +} diff --git a/packstack/puppet/templates/nova_network_libvirt.pp b/packstack/puppet/templates/nova_network_libvirt.pp index f145c73f3..a29a26090 100644 --- a/packstack/puppet/templates/nova_network_libvirt.pp +++ b/packstack/puppet/templates/nova_network_libvirt.pp @@ -1,9 +1,10 @@ -$vmware_backend = '%(CONFIG_VMWARE_BACKEND)s' +$vmware_backend = hiera('CONFIG_VMWARE_BACKEND') + if $vmware_backend == 'n' { exec { 'libvirtd_reload': - path => ['/usr/sbin/', '/sbin'], - command => 'service libvirtd reload', + path => ['/usr/sbin/', '/sbin'], + command => 'service libvirtd reload', logoutput => 'on_failure', - require => Class['nova::network'], + require => Class['nova::network'], } } diff --git a/packstack/puppet/templates/nova_neutron.pp b/packstack/puppet/templates/nova_neutron.pp index 4e4e054a7..89af616ad 100644 --- a/packstack/puppet/templates/nova_neutron.pp +++ b/packstack/puppet/templates/nova_neutron.pp @@ -1,13 +1,15 @@ -class {"nova::network::neutron": - neutron_admin_password => "%(CONFIG_NEUTRON_KS_PW)s", - neutron_auth_strategy => "keystone", - neutron_url => "http://%(CONFIG_CONTROLLER_HOST)s:9696", - neutron_admin_tenant_name => "services", - neutron_admin_auth_url => "http://%(CONFIG_CONTROLLER_HOST)s:35357/v2.0", - neutron_region_name => "%(CONFIG_KEYSTONE_REGION)s", +$nova_neutron_cfg_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') + +class { 'nova::network::neutron': + neutron_admin_password => hiera('CONFIG_NEUTRON_KS_PW'), + neutron_auth_strategy => 'keystone', + neutron_url => "http://${nova_neutron_cfg_ctrl_host}:9696", + neutron_admin_tenant_name => 'services', + neutron_admin_auth_url => "http://${nova_neutron_cfg_ctrl_host}:35357/v2.0", + neutron_region_name => hiera('CONFIG_KEYSTONE_REGION'), } -class {"nova::compute::neutron": - libvirt_vif_driver => "%(CONFIG_NOVA_LIBVIRT_VIF_DRIVER)s", +class { 'nova::compute::neutron': + libvirt_vif_driver => hiera('CONFIG_NOVA_LIBVIRT_VIF_DRIVER'), } diff --git a/packstack/puppet/templates/nova_sched.pp b/packstack/puppet/templates/nova_sched.pp index 1278568c7..7415c14d4 100644 --- a/packstack/puppet/templates/nova_sched.pp +++ b/packstack/puppet/templates/nova_sched.pp @@ -1,13 +1,13 @@ nova_config{ - # OpenStack doesn't include the CoreFilter (= CPU Filter) by default - "DEFAULT/scheduler_default_filters": - value => "RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter"; - "DEFAULT/cpu_allocation_ratio": - value => "%(CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO)s"; - "DEFAULT/ram_allocation_ratio": - value => "%(CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO)s"; + # OpenStack doesn't include the CoreFilter (= CPU Filter) by default + 'DEFAULT/scheduler_default_filters': + value => 'RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter'; + 'DEFAULT/cpu_allocation_ratio': + value => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'); + 'DEFAULT/ram_allocation_ratio': + value => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'); } -class {"nova::scheduler": - enabled => true, +class { 'nova::scheduler': + enabled => true, } diff --git a/packstack/puppet/templates/nova_vncproxy.pp b/packstack/puppet/templates/nova_vncproxy.pp index e598bcf2a..2463de0f0 100644 --- a/packstack/puppet/templates/nova_vncproxy.pp +++ b/packstack/puppet/templates/nova_vncproxy.pp @@ -1,24 +1,24 @@ -$is_using_ssl_on_horizon = '%(CONFIG_HORIZON_SSL)s' +$is_using_ssl_on_horizon = hiera('CONFIG_HORIZON_SSL') -if $is_using_ssl_on_horizon == 'y' { +if $is_using_ssl_on_horizon == true { nova_config { - 'DEFAULT/ssl_only': value => 'true'; + 'DEFAULT/ssl_only': value => true; 'DEFAULT/cert': value => '/etc/nova/nova.crt'; 'DEFAULT/key': value => '/etc/nova/nova.key'; } } -class {"nova::vncproxy": - enabled => true, +class { 'nova::vncproxy': + enabled => true, } -class {"nova::consoleauth": - enabled => true, +class { 'nova::consoleauth': + enabled => true, } firewall { '001 novncproxy incoming': - proto => 'tcp', - dport => ['6080'], - action => 'accept', + proto => 'tcp', + dport => ['6080'], + action => 'accept', } diff --git a/packstack/puppet/templates/ntpd.pp b/packstack/puppet/templates/ntpd.pp index 72dd6ef0a..1a969c2a3 100644 --- a/packstack/puppet/templates/ntpd.pp +++ b/packstack/puppet/templates/ntpd.pp @@ -1,3 +1,6 @@ +$cfg_ntp_server_def = hiera('CONFIG_NTP_SERVER_DEF') +$cfg_ntp_servers = hiera('CONFIG_NTP_SERVERS') + $config_content = " driftfile /var/lib/ntp/drift @@ -17,7 +20,7 @@ restrict -6 ::1 # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). -%(CONFIG_NTP_SERVER_DEF)s +${cfg_ntp_server_def} #broadcast 192.168.1.255 autokey # broadcast server #broadcastclient # broadcast client @@ -53,42 +56,47 @@ keys /etc/ntp/keys #statistics clockstats cryptostats loopstats peerstats " - -package {'ntp': - ensure => 'installed', - name => 'ntp', +package { 'ntp': + ensure => 'installed', + name => 'ntp', } -file {'ntp_config': - path => '/etc/ntp.conf', - ensure => file, - mode => '0644', - content => $config_content, +file { 'ntp_config': + ensure => file, + path => '/etc/ntp.conf', + mode => '0644', + content => $config_content, } -exec {'stop-ntpd': - command => $osfamily ? { - # Unfortunately, the RedHat osfamily doesn't only include RHEL and - # derivatives thereof but also Fedora so further differentiation by - # operatingsystem is necessary. - 'RedHat' => $operatingsystem ? { - 'Fedora' => '/usr/bin/systemctl stop ntpd.service', - default => '/sbin/service ntpd stop', - }, +# Unfortunately, the RedHat osfamily doesn't only include RHEL and +# derivatives thereof but also Fedora so further differentiation by +# operatingsystem is necessary. +$command = $osfamily ? { + 'RedHat' => $operatingsystem ? { + 'Fedora' => '/usr/bin/systemctl stop ntpd.service', + default => '/sbin/service ntpd stop', }, } -exec {'ntpdate': - command => '/usr/sbin/ntpdate %(CONFIG_NTP_SERVERS)s', - tries => 3, +exec { 'stop-ntpd': + command => $command, } -service {'ntpd': - ensure => 'running', - enable => true, - name => 'ntpd', - hasstatus => true, - hasrestart => true, +exec { 'ntpdate': + command => "/usr/sbin/ntpdate ${cfg_ntp_servers}", + tries => 3, } -Package['ntp'] -> File['ntp_config'] -> Exec['stop-ntpd'] -> Exec['ntpdate'] -> Service['ntpd'] +service { 'ntpd': + ensure => running, + enable => true, + name => 'ntpd', + hasstatus => true, + hasrestart => true, +} + +Package['ntp'] -> +File['ntp_config'] -> +Exec['stop-ntpd'] -> +Exec['ntpdate'] -> +Service['ntpd'] diff --git a/packstack/puppet/templates/openstack_client.pp b/packstack/puppet/templates/openstack_client.pp index 350c7672b..0997c33e5 100644 --- a/packstack/puppet/templates/openstack_client.pp +++ b/packstack/puppet/templates/openstack_client.pp @@ -1,43 +1,52 @@ -$clientdeps = ["python-iso8601"] +$clientdeps = ['python-iso8601'] package { $clientdeps: } -$clientlibs = ["python-novaclient", "python-keystoneclient", "python-glanceclient", "python-swiftclient", "python-cinderclient"] +$clientlibs = ['python-novaclient', 'python-keystoneclient', + 'python-glanceclient', 'python-swiftclient', + 'python-cinderclient'] + package { $clientlibs: } +$ost_cl_keystone_admin_pw = hiera('CONFIG_KEYSTONE_ADMIN_PW') +$ost_cl_ctrl_host = hiera('CONFIG_CONTROLLER_HOST') +$ost_cl_keystone_region = hiera('CONFIG_KEYSTONE_REGION') +$ost_cl_keystone_demo_pw = hiera('CONFIG_KEYSTONE_DEMO_PW') + $rcadmin_content = "export OS_USERNAME=admin export OS_TENANT_NAME=admin -export OS_PASSWORD=%(CONFIG_KEYSTONE_ADMIN_PW)s -export OS_AUTH_URL=http://%(CONFIG_CONTROLLER_HOST)s:5000/v2.0/ -export OS_REGION_NAME=%(CONFIG_KEYSTONE_REGION)s +export OS_PASSWORD=${ost_cl_keystone_admin_pw} +export OS_AUTH_URL=http://${ost_cl_ctrl_host}:5000/v2.0/ +export OS_REGION_NAME=${ost_cl_keystone_region} export PS1='[\\u@\\h \\W(keystone_admin)]\\$ ' " -file {"${::home_dir}/keystonerc_admin": - ensure => "present", - mode => '0600', - content => $rcadmin_content, +file { "${::home_dir}/keystonerc_admin": + ensure => 'present', + mode => '0600', + content => $rcadmin_content, } -if '%(CONFIG_PROVISION_DEMO)s' == 'y' { - file {"${::home_dir}/keystonerc_demo": - ensure => "present", - mode => '0600', - content => "export OS_USERNAME=demo +if hiera('CONFIG_PROVISION_DEMO') == 'y' { + file { "${::home_dir}/keystonerc_demo": + ensure => 'present', + mode => '0600', + content => "export OS_USERNAME=demo export OS_TENANT_NAME=demo -export OS_PASSWORD=%(CONFIG_KEYSTONE_DEMO_PW)s -export OS_AUTH_URL=http://%(CONFIG_CONTROLLER_HOST)s:5000/v2.0/ +export OS_PASSWORD=${ost_cl_keystone_demo_pw} +export OS_AUTH_URL=http://${ost_cl_ctrl_host}:5000/v2.0/ export PS1='[\\u@\\h \\W(keystone_demo)]\\$ ' ", - } + } } -if %(NO_ROOT_USER_ALLINONE)s { - file {"%(HOME_DIR)s/keystonerc_admin": - ensure => present, - owner => '%(NO_ROOT_USER)s', - group => '%(NO_ROOT_GROUP)s', - mode => '0600', - content => $rcadmin_content, - } +if hiera('NO_ROOT_USER_ALLINONE') == true { + $ost_cl_home_dir = hiera('HOME_DIR') + file { "${ost_cl_home_dir}/keystonerc_admin": + ensure => present, + owner => hiera('NO_ROOT_USER'), + group => hiera('NO_ROOT_GROUP'), + mode => '0600', + content => $rcadmin_content, + } } diff --git a/packstack/puppet/templates/persist_ovs_bridge.pp b/packstack/puppet/templates/persist_ovs_bridge.pp index 861479d2f..215d7b514 100644 --- a/packstack/puppet/templates/persist_ovs_bridge.pp +++ b/packstack/puppet/templates/persist_ovs_bridge.pp @@ -1,11 +1,14 @@ -$net_script = "DEVICE=%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s +$persist_ovs_br_neut_l3_ext_br = hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE') +$persist_ovs_br_ext_br_var = hiera('EXT_BRIDGE_VAR') + +$net_script = "DEVICE=${persist_ovs_br_neut_l3_ext_br} DEVICETYPE=ovs TYPE=OVSBridge BOOTPROTO=static -IPADDR=$ipaddress_%(EXT_BRIDGE_VAR)s -NETMASK=$netmask_%(EXT_BRIDGE_VAR)s +IPADDR=${ipaddress}_${persist_ovs_br_ext_br_var} +NETMASK=${netmask}_${persist_ovs_br_ext_br_var} ONBOOT=yes" -file { "/etc/sysconfig/network-scripts/ifcfg-%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s": - content => $net_script +file { "/etc/sysconfig/network-scripts/ifcfg-${persist_ovs_br_neut_l3_ext_br}": + content => $net_script, } diff --git a/packstack/puppet/templates/prescript.pp b/packstack/puppet/templates/prescript.pp index 730af9748..bde453f9e 100644 --- a/packstack/puppet/templates/prescript.pp +++ b/packstack/puppet/templates/prescript.pp @@ -8,7 +8,7 @@ include ::apache $el_releases = ['RedHat', 'CentOS', 'Scientific'] # We don't have openstack-selinux package for Fedora -if $::operatingsystem != "Fedora" { +if $::operatingsystem != 'Fedora' { package{ 'openstack-selinux': ensure => present, } @@ -16,7 +16,7 @@ if $::operatingsystem != "Fedora" { # For older RHEL-6 releases kernel/iptools does not support netns if $::operatingsystem in $el_releases and $::operatingsystemmajrelease < 7 { - $info = "The RDO kernel that includes network namespace (netns) support has been installed on host $::ipaddress." + $info = "The RDO kernel that includes network namespace (netns) support has been installed on host ${::ipaddress}." $warning = " This is a community supplied kernel and is not officially supported by Red Hat. Installing this kernel on RHEL systems may impact your ability to get support from Red Hat." class { 'packstack::netns': diff --git a/packstack/puppet/templates/provision_demo.pp b/packstack/puppet/templates/provision_demo.pp index 70d079a1a..3db71fce2 100644 --- a/packstack/puppet/templates/provision_demo.pp +++ b/packstack/puppet/templates/provision_demo.pp @@ -1,26 +1,27 @@ ## Keystone # non admin user $username = 'demo' - $password = '%(CONFIG_KEYSTONE_DEMO_PW)s' + $password = hiera('CONFIG_KEYSTONE_DEMO_PW') $tenant_name = 'demo' # admin user $admin_username = 'admin' - $admin_password = '%(CONFIG_KEYSTONE_ADMIN_PW)s' + $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') $admin_tenant_name = 'admin' # Heat Using Trusts - $heat_using_trusts = '%(CONFIG_HEAT_USING_TRUSTS)s' + $heat_using_trusts = hiera('CONFIG_HEAT_USING_TRUSTS') ## Neutron $public_network_name = 'public' $public_subnet_name = 'public_subnet' - $floating_range = '%(CONFIG_PROVISION_DEMO_FLOATRANGE)s' + $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') $private_network_name = 'private' $private_subnet_name = 'private_subnet' $fixed_range = '10.0.0.0/24' $router_name = 'router1' - $setup_ovs_bridge = %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s - $public_bridge_name = '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s' + $setup_ovs_bridge = hiera('CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE') + $public_bridge_name = hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE') + $provision_neutron_avail = hiera('PROVISION_NEUTRON_AVAILABLE') ## Users @@ -30,23 +31,22 @@ description => 'default tenant', } keystone_user { $username: - ensure => present, - enabled => true, - tenant => $tenant_name, - password => $password, + ensure => present, + enabled => true, + tenant => $tenant_name, + password => $password, } if $heat_using_trusts == 'y' { keystone_user_role { "${username}@${tenant_name}": - ensure => present, - roles => ['_member_', 'heat_stack_owner'], + ensure => present, + roles => ['_member_', 'heat_stack_owner'], } } - ## Neutron - if %(PROVISION_NEUTRON_AVAILABLE)s { + if $provision_neutron_avail { $neutron_deps = [Neutron_network[$public_network_name]] neutron_network { $public_network_name: @@ -55,11 +55,11 @@ tenant_name => $admin_tenant_name, } neutron_subnet { $public_subnet_name: - ensure => 'present', - cidr => $floating_range, - enable_dhcp => false, - network_name => $public_network_name, - tenant_name => $admin_tenant_name, + ensure => 'present', + cidr => $floating_range, + enable_dhcp => false, + network_name => $public_network_name, + tenant_name => $admin_tenant_name, } neutron_network { $private_network_name: ensure => present, @@ -92,27 +92,27 @@ } } -if %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s { +if $setup_ovs_bridge { firewall { '000 nat': - chain => 'POSTROUTING', - jump => 'MASQUERADE', - source => $::openstack::provision::floating_range, + chain => 'POSTROUTING', + jump => 'MASQUERADE', + source => $::openstack::provision::floating_range, outiface => $::gateway_device, - table => 'nat', - proto => 'all', + table => 'nat', + proto => 'all', } firewall { '000 forward out': - chain => 'FORWARD', - action => 'accept', - outiface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', - proto => 'all', + chain => 'FORWARD', + action => 'accept', + outiface => $public_bridge_name, + proto => 'all', } firewall { '000 forward in': - chain => 'FORWARD', + chain => 'FORWARD', action => 'accept', - iniface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', - proto => 'all', + iniface => $public_bridge_name, + proto => 'all', } } diff --git a/packstack/puppet/templates/provision_demo_glance.pp b/packstack/puppet/templates/provision_demo_glance.pp index 2f79b3bd0..36d1c9ffb 100644 --- a/packstack/puppet/templates/provision_demo_glance.pp +++ b/packstack/puppet/templates/provision_demo_glance.pp @@ -1,9 +1,9 @@ - + ## Images ## Glance - $image_name = 'cirros' - $image_source = 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img' - $image_ssh_user = 'cirros' + $image_name = 'cirros' + $image_source = 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img' + $image_ssh_user = 'cirros' glance_image { $image_name: ensure => present, diff --git a/packstack/puppet/templates/provision_tempest.pp b/packstack/puppet/templates/provision_tempest.pp index 3317ac900..3b93e5b55 100644 --- a/packstack/puppet/templates/provision_tempest.pp +++ b/packstack/puppet/templates/provision_tempest.pp @@ -1,24 +1,26 @@ +$provision_tempest_user = hiera('CONFIG_PROVISION_TEMPEST_USER') +$provision_demo = hiera('CONFIG_PROVISION_DEMO') -if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { +if $provision_tempest_user != '' { ## Keystone # non admin user - $username = '%(CONFIG_PROVISION_TEMPEST_USER)s' + $username = $provision_tempest_user - if '%(CONFIG_PROVISION_TEMPEST_USER)s' == 'demo' and - '%(CONFIG_PROVISION_DEMO)s' == 'y' { - $password = '%(CONFIG_KEYSTONE_DEMO_PW)s' + if $provision_tempest_user == 'demo' and + $provision_demo == 'y' { + $password = hiera('CONFIG_KEYSTONE_DEMO_PW') } else { - $password = '%(CONFIG_PROVISION_TEMPEST_USER_PW)s' + $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') } - $tenant_name = '%(CONFIG_PROVISION_TEMPEST_USER)s' + $tenant_name = $provision_tempest_user # admin user $admin_username = 'admin' - $admin_password = '%(CONFIG_KEYSTONE_ADMIN_PW)s' + $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') $admin_tenant_name = 'admin' # Heat Using Trusts - $heat_using_trusts = '%(CONFIG_HEAT_USING_TRUSTS)s' + $heat_using_trusts = hiera('CONFIG_HEAT_USING_TRUSTS') ## Glance $image_name = 'cirros' @@ -28,24 +30,24 @@ if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { ## Neutron $public_network_name = 'public' $public_subnet_name = 'public_subnet' - $floating_range = '%(CONFIG_PROVISION_DEMO_FLOATRANGE)s' + $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') $private_network_name = 'private' $private_subnet_name = 'private_subnet' $fixed_range = '10.0.0.0/24' $router_name = 'router1' - $setup_ovs_bridge = %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s - $public_bridge_name = '%(CONFIG_PROVISION_DEMO_FLOATRANGE)s' + $setup_ovs_bridge = hiera('CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE') + $public_bridge_name = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') ## Tempest - $configure_tempest = %(CONFIG_PROVISION_TEMPEST)s + $configure_tempest = hiera('CONFIG_PROVISION_TEMPEST') $image_name_alt = false $image_source_alt = false $image_ssh_user_alt = false $identity_uri = undef - $tempest_repo_uri = '%(CONFIG_PROVISION_TEMPEST_REPO_URI)s' - $tempest_repo_revision = '%(CONFIG_PROVISION_TEMPEST_REPO_REVISION)s' + $tempest_repo_uri = hiera('CONFIG_PROVISION_TEMPEST_REPO_URI') + $tempest_repo_revision = hiera('CONFIG_PROVISION_TEMPEST_REPO_REVISION') $tempest_clone_path = '/var/lib/tempest' $tempest_clone_owner = 'root' $setup_venv = false @@ -55,7 +57,7 @@ if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { $glance_available = true $heat_available = undef $horizon_available = undef - $neutron_available = %(PROVISION_NEUTRON_AVAILABLE)s + $neutron_available = hiera('PROVISION_NEUTRON_AVAILABLE') $nova_available = true $swift_available = undef @@ -68,16 +70,16 @@ if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { } keystone_user { $username: - ensure => present, - enabled => true, - tenant => $tenant_name, - password => $password, + ensure => present, + enabled => true, + tenant => $tenant_name, + password => $password, } if $heat_using_trusts == 'y' { keystone_user_role { "${username}@${tenant_name}": - ensure => present, - roles => ['_member_', 'heat_stack_owner'], + ensure => present, + roles => ['_member_', 'heat_stack_owner'], } } @@ -117,11 +119,11 @@ if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { } neutron_subnet { $public_subnet_name: - ensure => 'present', - cidr => $floating_range, - enable_dhcp => false, - network_name => $public_network_name, - tenant_name => $admin_tenant_name, + ensure => 'present', + cidr => $floating_range, + enable_dhcp => false, + network_name => $public_network_name, + tenant_name => $admin_tenant_name, } neutron_network { $private_network_name: @@ -197,38 +199,38 @@ if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' { } } - if %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s { + if hiera('CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE') { firewall { '000 nat': - chain => 'POSTROUTING', - jump => 'MASQUERADE', - source => $::openstack::provision::floating_range, + chain => 'POSTROUTING', + jump => 'MASQUERADE', + source => $::openstack::provision::floating_range, outiface => $::gateway_device, - table => 'nat', - proto => 'all', + table => 'nat', + proto => 'all', } firewall { '000 forward out': - chain => 'FORWARD', - action => 'accept', - outiface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', - proto => 'all', + chain => 'FORWARD', + action => 'accept', + outiface => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'), + proto => 'all', } firewall { '000 forward in': - chain => 'FORWARD', + chain => 'FORWARD', action => 'accept', - iniface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s', - proto => 'all', + iniface => hiera('CONFIG_NEUTRON_L3_EXT_BRIDGE'), + proto => 'all', } } } else { ## Standalone Tempest installation class { 'tempest': - tempest_repo_uri => '%(CONFIG_PROVISION_TEMPEST_REPO_URI)s', + tempest_repo_uri => hiera('CONFIG_PROVISION_TEMPEST_REPO_URI'), tempest_clone_path => '/var/lib/tempest', tempest_clone_owner => 'root', setup_venv => false, - tempest_repo_revision => '%(CONFIG_PROVISION_TEMPEST_REPO_REVISION)s', + tempest_repo_revision => hiera('CONFIG_PROVISION_TEMPEST_REPO_REVISION'), configure_images => false, configure_networks => false, cinder_available => undef, diff --git a/packstack/puppet/templates/sshkey.pp b/packstack/puppet/templates/sshkey.pp index b5dca384e..212fa8d4c 100644 --- a/packstack/puppet/templates/sshkey.pp +++ b/packstack/puppet/templates/sshkey.pp @@ -1,6 +1,2 @@ -sshkey { '%(SSH_HOST_KEY_TYPE)s.%(SSH_HOST_NAME)s': - ensure => present, - host_aliases => [%(SSH_HOST_ALIASES)s], - key => '%(SSH_HOST_KEY)s', - type => '%(SSH_HOST_KEY_TYPE)s', -} + +create_resources(sshkey, hiera('SSH_KEYS', {})) diff --git a/packstack/puppet/templates/swift_builder.pp b/packstack/puppet/templates/swift_builder.pp index 385ea8ebe..d45aed572 100644 --- a/packstack/puppet/templates/swift_builder.pp +++ b/packstack/puppet/templates/swift_builder.pp @@ -1,19 +1,19 @@ class { 'swift::ringbuilder': part_power => '18', - replicas => '%(CONFIG_SWIFT_STORAGE_REPLICAS)s', + replicas => hiera('CONFIG_SWIFT_STORAGE_REPLICAS'), min_part_hours => 1, require => Class['swift'], } # sets up an rsync db that can be used to sync the ring DB class { 'swift::ringserver': - local_net_ip => "%(CONFIG_CONTROLLER_HOST)s", + local_net_ip => hiera('CONFIG_CONTROLLER_HOST'), } -if ($::selinux != "false"){ - selboolean{'rsync_export_all_ro': - value => on, - persistent => true, - } +if ($::selinux != false) { + selboolean { 'rsync_export_all_ro': + value => on, + persistent => true, + } } diff --git a/packstack/puppet/templates/swift_common.pp b/packstack/puppet/templates/swift_common.pp index c4d79c6a7..51a47dd4b 100644 --- a/packstack/puppet/templates/swift_common.pp +++ b/packstack/puppet/templates/swift_common.pp @@ -2,8 +2,9 @@ class { 'ssh::server::install': } Class['swift'] -> Service <| |> + class { 'swift': - # not sure how I want to deal with this shared secret - swift_hash_suffix => '%(CONFIG_SWIFT_HASH)s', - package_ensure => latest, + # not sure how I want to deal with this shared secret + swift_hash_suffix => hiera('CONFIG_SWIFT_HASH'), + package_ensure => latest, } diff --git a/packstack/puppet/templates/swift_loopback.pp b/packstack/puppet/templates/swift_loopback.pp index 52eee4f12..ad5b57f5e 100644 --- a/packstack/puppet/templates/swift_loopback.pp +++ b/packstack/puppet/templates/swift_loopback.pp @@ -3,6 +3,8 @@ swift::storage::loopback { 'swift_loopback': base_dir => '/srv/loopback-device', mnt_base_dir => '/srv/node', require => Class['swift'], - fstype => '%(CONFIG_SWIFT_STORAGE_FSTYPE)s', - seek => '%(CONFIG_SWIFT_STORAGE_SEEK)s', + fstype => hiera('CONFIG_SWIFT_STORAGE_FSTYPE'), + seek => hiera('CONFIG_SWIFT_STORAGE_SEEK'), } + + diff --git a/packstack/puppet/templates/swift_proxy.pp b/packstack/puppet/templates/swift_proxy.pp index 99ab6a84c..4b3b7b4bf 100644 --- a/packstack/puppet/templates/swift_proxy.pp +++ b/packstack/puppet/templates/swift_proxy.pp @@ -1,11 +1,10 @@ package { 'curl': ensure => present } -class { 'memcached': -} +class { 'memcached': } class { 'swift::proxy': - proxy_local_net_ip => '%(CONFIG_CONTROLLER_HOST)s', + proxy_local_net_ip => hiera('CONFIG_CONTROLLER_HOST'), pipeline => [ 'catch_errors', 'bulk', @@ -28,16 +27,16 @@ class { 'swift::proxy': # configure all of the middlewares class { [ - 'swift::proxy::catch_errors', - 'swift::proxy::healthcheck', - 'swift::proxy::cache', - 'swift::proxy::crossdomain', - 'swift::proxy::staticweb', - 'swift::proxy::tempurl', - 'swift::proxy::account_quotas', - 'swift::proxy::formpost', - 'swift::proxy::slo', - 'swift::proxy::container_quotas' + 'swift::proxy::catch_errors', + 'swift::proxy::healthcheck', + 'swift::proxy::cache', + 'swift::proxy::crossdomain', + 'swift::proxy::staticweb', + 'swift::proxy::tempurl', + 'swift::proxy::account_quotas', + 'swift::proxy::formpost', + 'swift::proxy::slo', + 'swift::proxy::container_quotas' ]: } class { 'swift::proxy::bulk': @@ -48,22 +47,22 @@ class { 'swift::proxy::bulk': } class { 'swift::proxy::ratelimit': - clock_accuracy => 1000, - max_sleep_time_seconds => 60, - log_sleep_time_seconds => 0, - rate_buffer_seconds => 5, - account_ratelimit => 0 + clock_accuracy => 1000, + max_sleep_time_seconds => 60, + log_sleep_time_seconds => 0, + rate_buffer_seconds => 5, + account_ratelimit => 0 } class { 'swift::proxy::keystone': - operator_roles => ['admin', 'SwiftOperator'], + operator_roles => ['admin', 'SwiftOperator'], } class { 'swift::proxy::authtoken': - admin_user => 'swift', - admin_tenant_name => 'services', - admin_password => '%(CONFIG_SWIFT_KS_PW)s', - # assume that the controller host is the swift api server - auth_host => '%(CONFIG_CONTROLLER_HOST)s', + admin_user => 'swift', + admin_tenant_name => 'services', + admin_password => hiera('CONFIG_SWIFT_KS_PW'), + # assume that the controller host is the swift api server + auth_host => hiera('CONFIG_CONTROLLER_HOST'), } diff --git a/packstack/puppet/templates/swift_storage.pp b/packstack/puppet/templates/swift_storage.pp index b819c2d3f..5895bf6cb 100644 --- a/packstack/puppet/templates/swift_storage.pp +++ b/packstack/puppet/templates/swift_storage.pp @@ -1,22 +1,22 @@ # install all swift storage servers together class { 'swift::storage::all': - storage_local_net_ip => '%(CONFIG_CONTROLLER_HOST)s', - allow_versions => true, - require => Class['swift'], + storage_local_net_ip => hiera('CONFIG_CONTROLLER_HOST'), + allow_versions => true, + require => Class['swift'], } -if(!defined(File['/srv/node'])) { +if (!defined(File['/srv/node'])) { file { '/srv/node': - owner => 'swift', - group => 'swift', - ensure => directory, + ensure => directory, + owner => 'swift', + group => 'swift', require => Package['openstack-swift'], } } -swift::ringsync{ ["account", "container", "object"]: - ring_server => '%(CONFIG_CONTROLLER_HOST)s', - before => Class['swift::storage::all'], - require => Class['swift'], +swift::ringsync{ ['account', 'container', 'object']: + ring_server => hiera('CONFIG_CONTROLLER_HOST'), + before => Class['swift::storage::all'], + require => Class['swift'], } diff --git a/requirements.txt b/requirements.txt index 3721f7851..a4f778dfa 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1 +1,2 @@ netaddr>=0.7.6 +PyYAML>=3.10 diff --git a/setup.py b/setup.py index e3abf7422..c68a67272 100644 --- a/setup.py +++ b/setup.py @@ -90,7 +90,7 @@ setup( include_package_data=True, long_description=read('README'), zip_safe=False, - install_requires=['netaddr'], + install_requires=['netaddr', 'PyYAML'], classifiers=[ "Development Status :: 3 - Alpha", "Topic :: Utilities",