From 047eda8ea5c91ac3b71e61737b6cbd239457d117 Mon Sep 17 00:00:00 2001
From: Andy Ning <andy.ning@windriver.com>
Date: Thu, 20 Dec 2018 11:22:14 -0500
Subject: [PATCH] Keystone DB sync - update puppet manifest for dcdbsync
 service

This commit adds dcorch dbsync sysinv puppet plugin. It also updates
controller manifest to deploy and configure the service, and sm
manifest to manage the service. With this commit, dbsync service will
be deployed, configured, and started after config_controller.

Story: 2002842
Task: 22787

Depends-On: https://review.openstack.org/#/c/642125
Depends-On: https://review.openstack.org/#/c/641779

Change-Id: I5e24a7d5c7126a691fe0a8ff46b0c14ab3185660
Signed-off-by: Andy Ning <andy.ning@windriver.com>
---
 puppet-manifests/centos/build_srpm.data       |   2 +-
 puppet-manifests/centos/puppet-manifests.spec |   1 +
 .../src/hieradata/controller.yaml             |   5 +
 puppet-manifests/src/manifests/controller.pp  |   3 +
 .../templates/keystone-policy.json.erb        |   3 +-
 .../modules/platform/manifests/dcdbsync.pp    |  44 ++++++++
 .../src/modules/platform/manifests/sm.pp      |  25 +++++
 sysinv/sysinv/sysinv/setup.cfg                |  13 +--
 .../sysinv/sysinv/sysinv/puppet/dcdbsync.py   | 101 ++++++++++++++++++
 9 files changed, 189 insertions(+), 8 deletions(-)
 create mode 100644 puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
 create mode 100644 sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py

diff --git a/puppet-manifests/centos/build_srpm.data b/puppet-manifests/centos/build_srpm.data
index 9d22d52d33..e7b9de50b5 100644
--- a/puppet-manifests/centos/build_srpm.data
+++ b/puppet-manifests/centos/build_srpm.data
@@ -1,2 +1,2 @@
 SRC_DIR="src"
-TIS_PATCH_VER=80
+TIS_PATCH_VER=81
diff --git a/puppet-manifests/centos/puppet-manifests.spec b/puppet-manifests/centos/puppet-manifests.spec
index 407850ee6c..38c1b3b4e9 100644
--- a/puppet-manifests/centos/puppet-manifests.spec
+++ b/puppet-manifests/centos/puppet-manifests.spec
@@ -22,6 +22,7 @@ Requires: puppet-sysinv
 Requires: puppet-sshd
 Requires: puppet-smapi
 Requires: puppet-fm
+Requires: puppet-dcdbsync
 
 # Openstack puppet modules
 Requires: puppet-aodh
diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml
index ef0ab3bf11..39935c856e 100644
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@@ -536,6 +536,11 @@ dcmanager::use_syslog: true
 dcmanager::log_facility: 'local2'
 dcmanager::debug: false
 
+# Dcdbsync
+dbsync::use_syslog: true
+dbsync::log_facility: 'local2'
+dbsync::debug: false
+
 # FM
 fm::use_syslog: true
 fm::log_facility: 'local2'
diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp
index a4a18273ae..526146472e 100644
--- a/puppet-manifests/src/manifests/controller.pp
+++ b/puppet-manifests/src/manifests/controller.pp
@@ -133,6 +133,9 @@ include ::platform::dcmanager::api
 
 include ::platform::dcorch::snmp
 
+include ::platform::dcdbsync
+include ::platform::dcdbsync::api
+
 include ::platform::smapi
 
 include ::openstack::swift
diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
index 42f858aaff..73fc031831 100644
--- a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
+++ b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb
@@ -27,7 +27,8 @@
                            ["'murano':%(target.user.name)s"],
                            ["'panko':%(target.user.name)s"],
                            ["'gnocchi':%(target.user.name)s"],
-                           ["'fm':%(target.user.name)s"]],
+                           ["'fm':%(target.user.name)s"],
+                           ["'dcdbsync':%(target.user.name)s"]],
 
     "identity:delete_service": "rule:admin_required and not rule:protected_services",
 
diff --git a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
new file mode 100644
index 0000000000..dafc15d14a
--- /dev/null
+++ b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp
@@ -0,0 +1,44 @@
+class platform::dcdbsync::params (
+  $api_port = 8219,
+  $region_name = undef,
+  $service_create = false,
+  $service_enabled = false,
+  $default_endpoint_type = 'internalURL',
+) {
+  include ::platform::params
+}
+
+class platform::dcdbsync
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      if $::platform::params::init_keystone {
+        include ::dcdbsync::keystone::auth
+      }
+
+      class { '::dcdbsync': }
+    }
+  }
+}
+
+class platform::dcdbsync::api
+  inherits ::platform::dcdbsync::params {
+  if ($::platform::params::distributed_cloud_role == 'systemcontroller' or
+      $::platform::params::distributed_cloud_role == 'subcloud') {
+    if $service_create {
+      include ::platform::network::mgmt::params
+
+      $api_host = $::platform::network::mgmt::params::controller_address
+      $api_fqdn = $::platform::params::controller_hostname
+      $url_host = "http://${api_fqdn}:${api_port}"
+
+      class { '::dcdbsync::api':
+        bind_host => $api_host,
+        bind_port => $api_port,
+        enabled   => $service_enabled,
+      }
+    }
+  }
+}
+
diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp
index 2e9351adda..35fd6104e9 100644
--- a/puppet-manifests/src/modules/platform/manifests/sm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sm.pp
@@ -572,6 +572,22 @@ class platform::sm
     if $::platform::params::distributed_cloud_role =='subcloud' {
       $configure_keystone = true
 
+      # Provision and configure dcorch dbsync when running as a subcloud
+      exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)':
+        command => 'sm-provision service-domain-member controller distributed-cloud-services',
+      }
+      -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)':
+        command => 'sm-provision service-group distributed-cloud-services',
+      }
+      -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+        command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+      }
+      -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+        command => 'sm-provision service dcdbsync-api',
+      }
+      -> exec { 'Configure OpenStack - DCDBsync-API':
+        command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+      }
       # Deprovision Horizon when running as a subcloud
       exec { 'Deprovision OpenStack - Horizon (service-group-member)':
         command => 'sm-deprovision service-group-member web-services horizon',
@@ -1698,6 +1714,12 @@ class platform::sm
     -> exec { 'Provision DCOrch-Patch-Api-Proxy in SM (service dcorch-patch-api-proxy)':
       command => 'sm-provision service dcorch-patch-api-proxy',
     }
+    -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)':
+      command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api',
+    }
+    -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)':
+      command => 'sm-provision service dcdbsync-api',
+    }
     -> exec { 'Configure Platform - DCManager-Manager':
       command => "sm-configure service_instance dcmanager-manager dcmanager-manager \"\"",
     }
@@ -1725,6 +1747,9 @@ class platform::sm
     -> exec { 'Configure OpenStack - DCOrch-patch-api-proxy':
       command => "sm-configure service_instance dcorch-patch-api-proxy dcorch-patch-api-proxy \"\"",
     }
+    -> exec { 'Configure OpenStack - DCDBsync-API':
+      command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"",
+    }
     if $cinder_service_enabled {
       notice('Enable cinder-api-proxy')
       exec { 'Provision DCOrch-Cinder-Api-Proxy (service-group-member dcorch-cinder-api-proxy)':
diff --git a/sysinv/sysinv/sysinv/setup.cfg b/sysinv/sysinv/sysinv/setup.cfg
index 379260ad05..8eadab1cf8 100644
--- a/sysinv/sysinv/sysinv/setup.cfg
+++ b/sysinv/sysinv/sysinv/setup.cfg
@@ -66,12 +66,13 @@ systemconfig.puppet_plugins =
     026_panko = sysinv.puppet.panko:PankoPuppet
     027_dcmanager = sysinv.puppet.dcmanager:DCManagerPuppet
     028_dcorch = sysinv.puppet.dcorch:DCOrchPuppet
-    029_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
-    030_smapi = sysinv.puppet.smapi:SmPuppet
-    031_fm = sysinv.puppet.fm:FmPuppet
-    032_swift = sysinv.puppet.swift:SwiftPuppet
-    033_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
-    034_barbican = sysinv.puppet.barbican:BarbicanPuppet
+    029_dcdbsync = sysinv.puppet.dcdbsync:DCDBsyncPuppet
+    030_kubernetes = sysinv.puppet.kubernetes:KubernetesPuppet
+    031_smapi = sysinv.puppet.smapi:SmPuppet
+    032_fm = sysinv.puppet.fm:FmPuppet
+    033_swift = sysinv.puppet.swift:SwiftPuppet
+    034_service_parameter = sysinv.puppet.service_parameter:ServiceParamPuppet
+    035_barbican = sysinv.puppet.barbican:BarbicanPuppet
 
 systemconfig.helm_plugins =
     aodh = sysinv.helm.aodh:AodhHelm
diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py b/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
new file mode 100644
index 0000000000..bf83c838ff
--- /dev/null
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/dcdbsync.py
@@ -0,0 +1,101 @@
+#
+# Copyright (c) 2019 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+from sysinv.common import constants
+from sysinv.puppet import openstack
+
+
+class DCDBsyncPuppet(openstack.OpenstackBasePuppet):
+    """Class to encapsulate puppet operations for dcdbsync
+     configuration"""
+
+    SERVICE_NAME = 'dcdbsync'
+    SERVICE_PORT = 8219
+    SERVICE_PATH = 'v1.0'
+    IDENTITY_SERVICE_NAME = 'keystone'
+    IDENTITY_SERVICE_DB = 'keystone'
+
+    def get_static_config(self):
+        dbuser = self._get_database_username(self.IDENTITY_SERVICE_NAME)
+
+        return {
+            'dcdbsync::db::postgresql::user': dbuser,
+        }
+
+    def get_secure_static_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        # initial bootstrap is bound to localhost
+        dburl = self._format_database_connection(self.IDENTITY_SERVICE_NAME,
+                                                 constants.LOCALHOST_HOSTNAME,
+                                                 database=self.IDENTITY_SERVICE_DB)
+        return {
+            'dcdbsync::database_connection': dburl,
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_system_config(self):
+        ksuser = self._get_service_user_name(self.SERVICE_NAME)
+
+        return {
+            # The region in which the identity server can be found
+            'dcdbsync::region_name': self._keystone_region_name(),
+
+            'dcdbsync::keystone::auth::public_url': self.get_public_url(),
+            'dcdbsync::keystone::auth::internal_url': self.get_internal_url(),
+            'dcdbsync::keystone::auth::admin_url': self.get_admin_url(),
+            'dcdbsync::keystone::auth::region': self._region_name(),
+            'dcdbsync::keystone::auth::auth_name': ksuser,
+            'dcdbsync::keystone::auth::auth_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::keystone::auth::service_name': self.SERVICE_NAME,
+            'dcdbsync::keystone::auth::tenant': self._get_service_tenant_name(),
+            'dcdbsync::api::bind_host': self._get_management_address(),
+            'dcdbsync::api::keystone_auth_uri': self._keystone_auth_uri(),
+            'dcdbsync::api::keystone_identity_uri':
+                self._keystone_identity_uri(),
+            'dcdbsync::api::keystone_tenant': self._get_service_project_name(),
+            'dcdbsync::api::keystone_user_domain':
+                self._get_service_user_domain_name(),
+            'dcdbsync::api::keystone_project_domain':
+                self._get_service_project_domain_name(),
+            'dcdbsync::api::keystone_user': ksuser,
+            'platform::dcdbsync::params::region_name': self.get_region_name(),
+            'platform::dcdbsync::params::service_create':
+                self._to_create_services(),
+        }
+
+    def get_secure_system_config(self):
+        dbpass = self._get_database_password(self.IDENTITY_SERVICE_NAME)
+        kspass = self._get_service_password(self.SERVICE_NAME)
+
+        return {
+            'dcdbsync::database_connection':
+                self._format_database_connection(
+                    self.IDENTITY_SERVICE_NAME,
+                    database=self.IDENTITY_SERVICE_DB),
+            'dcdbsync::db::postgresql::password': dbpass,
+            'dcdbsync::keystone::auth::password': kspass,
+            'dcdbsync::api::keystone_password': kspass,
+        }
+
+    def get_public_url(self):
+        return self._format_public_endpoint(self.SERVICE_PORT,
+                                            path=self.SERVICE_PATH)
+
+    def get_internal_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_admin_url(self):
+        return self._format_private_endpoint(self.SERVICE_PORT,
+                                             path=self.SERVICE_PATH)
+
+    def get_region_name(self):
+        return self._get_service_region_name(self.SERVICE_NAME)