starlingx
/
config
Code Issues Proposed changes

Fix puppet-lint warnings and errors 

This update addresses the following errors and warnings
from puppet-lint, with most corrections done automatically
using puppet-lint --fix:
- 2sp_soft_tabs
- arrow_alignment
- arrow_on_right_operand_line
- double_quoted_strings
- hard_tabs
- only_variable_string
- quoted_booleans
- star_comments
- trailing_whitespace
- variables_not_enclosed

Change-Id: I7a2b0109534dd4715d459635fa33b09e7fd0a6a6
Story: 2004515
Task: 28683
Signed-off-by: Don Penney <don.penney@windriver.com>
This commit is contained in:
Don Penney 2018-12-27 10:16:59 -06:00
parent 4bf75f16ce
commit e6c0e0af8c
102 changed files with 2637 additions and 2659 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
puppet-manifests/src/manifests/controller.pp
View File

@ -118,7 +118,7 @@ include ::openstack::ironic
include ::openstack::ironic::api include ::openstack::ironic::api
include ::platform::dcmanager include ::platform::dcmanager
include ::platform::dcmanager::manager include ::platform::dcmanager::manager
include ::platform::dcorch include ::platform::dcorch
include ::platform::dcorch::engine include ::platform::dcorch::engine

28
puppet-manifests/src/modules/openstack/manifests/aodh.pp
View File

@ -31,18 +31,18 @@ class openstack::aodh
} }
class { '::aodh': class { '::aodh':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
# WRS register aodh-expirer-active in cron to run daily at the 35 minute mark # WRS register aodh-expirer-active in cron to run daily at the 35 minute mark
cron { 'aodh-expirer': cron { 'aodh-expirer':
ensure => 'present', ensure => 'present',
command => '/usr/bin/aodh-expirer-active', command => '/usr/bin/aodh-expirer-active',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '35', minute => '35',
hour => '*/24', hour => '*/24',
user => 'root', user => 'root',
} }
} }
} }
@ -62,8 +62,8 @@ class openstack::aodh::haproxy
inherits ::openstack::aodh::params { inherits ::openstack::aodh::params {
platform::haproxy::proxy { 'aodh-restapi': platform::haproxy::proxy { 'aodh-restapi':
server_name => 's-aodh-restapi', server_name => 's-aodh-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -96,11 +96,11 @@ class openstack::aodh::api
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
} -> }
class { '::aodh::api': -> class { '::aodh::api':
host => $api_host, host => $api_host,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
enable_proxy_headers_parsing => true, enable_proxy_headers_parsing => true,
} }
include ::openstack::aodh::firewall include ::openstack::aodh::firewall
@ -113,7 +113,7 @@ class openstack::aodh::runtime {
include ::platform::amqp::params include ::platform::amqp::params
class { '::aodh': class { '::aodh':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
} }

28
puppet-manifests/src/modules/openstack/manifests/barbican.pp
View File

@ -28,12 +28,12 @@ class openstack::barbican
} }
cron { 'barbican-cleaner': cron { 'barbican-cleaner':
ensure => 'present', ensure => 'present',
command => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log', command => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '50', minute => '50',
hour => '*/24', hour => '*/24',
user => 'root', user => 'root',
} }
} }
} }
@ -53,8 +53,8 @@ class openstack::barbican::haproxy
inherits ::openstack::barbican::params { inherits ::openstack::barbican::params {
platform::haproxy::proxy { 'barbican-restapi': platform::haproxy::proxy { 'barbican-restapi':
server_name => 's-barbican-restapi', server_name => 's-barbican-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -104,13 +104,13 @@ class openstack::barbican::api
include ::platform::amqp::params include ::platform::amqp::params
class { '::barbican::api': class { '::barbican::api':
bind_host => $api_host, bind_host => $api_host,
bind_port => $api_port, bind_port => $api_port,
host_href => $url_host, host_href => $url_host,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
enable_proxy_headers_parsing => true, enable_proxy_headers_parsing => true,
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
class { '::barbican::keystone::notification': class { '::barbican::keystone::notification':

182
puppet-manifests/src/modules/openstack/manifests/ceilometer.pp
View File

@ -13,8 +13,8 @@ class openstack::ceilometer {
include ::platform::kubernetes::params include ::platform::kubernetes::params
class { '::ceilometer': class { '::ceilometer':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
rabbit_qos_prefetch_count => 100, rabbit_qos_prefetch_count => 100,
} }
@ -28,7 +28,7 @@ class openstack::ceilometer {
class { '::ceilometer::db::sync': class { '::ceilometer::db::sync':
extra_params => '--skip-metering-database', extra_params => '--skip-metering-database',
require => [Keystone::Resource::Service_identity["ceilometer", "gnocchi"]] require => [Keystone::Resource::Service_identity['ceilometer', 'gnocchi']]
} }
if $::platform::params::vswitch_type !~ '^ovs' { if $::platform::params::vswitch_type !~ '^ovs' {
@ -44,16 +44,16 @@ class openstack::ceilometer {
$os_password = $::gnocchi::keystone::authtoken::password $os_password = $::gnocchi::keystone::authtoken::password
$os_interface = 'internalURL' $os_interface = 'internalURL'
Class['::ceilometer::db::sync'] -> Class['::ceilometer::db::sync']
exec { 'Creating vswitch resource types': -> exec { 'Creating vswitch resource types':
command => 'gnocchi resource-type create vswitch_engine \ command => 'gnocchi resource-type create vswitch_engine \
-a cpu_id:number:true:min=0 \ -a cpu_id:number:true:min=0 \
-a host:string:true:max_length=64; -a host:string:true:max_length=64;
gnocchi resource-type create vswitch_interface_and_port \ gnocchi resource-type create vswitch_interface_and_port \
-a host:string:false:max_length=64 \ -a host:string:false:max_length=64 \
-a network_uuid:string:false:max_length=255 \ -a network_uuid:string:false:max_length=255 \
-a network_id:string:false:max_length=255 \ -a network_id:string:false:max_length=255 \
-a link-speed:number:false:min=0', -a link-speed:number:false:min=0',
environment => ["OS_AUTH_URL=${os_auth_url}", environment => ["OS_AUTH_URL=${os_auth_url}",
"OS_USERNAME=${os_username}", "OS_USERNAME=${os_username}",
"OS_USER_DOMAIN_NAME=${os_user_domain}", "OS_USER_DOMAIN_NAME=${os_user_domain}",
@ -92,15 +92,15 @@ class openstack::ceilometer {
$memcache_ip_version = $::platform::memcached::params::listen_ip_version $memcache_ip_version = $::platform::memcached::params::listen_ip_version
$memcache_servers = $memcache_ip_version ? { $memcache_servers = $memcache_ip_version ? {
4 => "'$memcache_ip:$memcache_port'", 4 => "'${memcache_ip}:${memcache_port}'",
6 => "'inet6:[$memcache_ip]:$memcache_port'", 6 => "'inet6:[${memcache_ip}]:${memcache_port}'",
} }
oslo::cache { 'ceilometer_config': oslo::cache { 'ceilometer_config':
enabled => true, enabled => true,
backend => 'dogpile.cache.memcached', backend => 'dogpile.cache.memcached',
memcache_servers => $memcache_servers, memcache_servers => $memcache_servers,
expiration_time => 86400, expiration_time => 86400,
} }
} }
@ -113,8 +113,8 @@ class openstack::ceilometer {
# skip the check if cinder region name has not been configured # skip the check if cinder region name has not been configured
if ($::openstack::cinder::params::region_name != undef and if ($::openstack::cinder::params::region_name != undef and
$::openstack::cinder::params::region_name != $::platform::params::region_2_name) { $::openstack::cinder::params::region_name != $::platform::params::region_2_name) {
$shared_service_cinder = [$::openstack::cinder::params::service_type, $shared_service_cinder = [$::openstack::cinder::params::service_type,
$::openstack::cinder::params::service_type_v2, $::openstack::cinder::params::service_type_v2,
$::openstack::cinder::params::service_type_v3] $::openstack::cinder::params::service_type_v3]
} else { } else {
$shared_service_cinder = [] $shared_service_cinder = []
@ -137,41 +137,41 @@ class openstack::ceilometer::agent::notification {
$ceilometer_directory_csv = "${ceilometer_directory}/csv" $ceilometer_directory_csv = "${ceilometer_directory}/csv"
$ceilometer_directory_versioned = "${ceilometer_directory}/${::platform::params::software_version}" $ceilometer_directory_versioned = "${ceilometer_directory}/${::platform::params::software_version}"
file { "/etc/ceilometer/pipeline.yaml": file { '/etc/ceilometer/pipeline.yaml':
ensure => 'present', ensure => 'present',
content => template('openstack/pipeline.yaml.erb'), content => template('openstack/pipeline.yaml.erb'),
mode => '0640', mode => '0640',
owner => 'root', owner => 'root',
group => 'ceilometer', group => 'ceilometer',
tag => 'ceilometer-yamls', tag => 'ceilometer-yamls',
} -> }
file { "${ceilometer_directory}": -> file { $ceilometer_directory:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ceilometer_directory_csv}": -> file { $ceilometer_directory_csv:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ceilometer_directory_versioned}": -> file { $ceilometer_directory_versioned:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ceilometer_directory_versioned}/pipeline.yaml": -> file { "${ceilometer_directory_versioned}/pipeline.yaml":
ensure => 'file',
source => '/etc/ceilometer/pipeline.yaml', source => '/etc/ceilometer/pipeline.yaml',
ensure => 'file', owner => 'root',
owner => 'root', group => 'root',
group => 'root', mode => '0640',
mode => '0640',
} }
file { "/etc/ceilometer/gnocchi_resources.yaml": file { '/etc/ceilometer/gnocchi_resources.yaml':
ensure => 'present', ensure => 'present',
content => template('openstack/gnocchi_resources.yaml.erb'), content => template('openstack/gnocchi_resources.yaml.erb'),
mode => '0640', mode => '0640',
@ -191,7 +191,7 @@ class openstack::ceilometer::agent::notification {
# FIXME(mpeters): generic parameter can be moved to the puppet module # FIXME(mpeters): generic parameter can be moved to the puppet module
ceilometer_config { ceilometer_config {
'DEFAULT/csv_location': value => "${ceilometer_directory_csv}"; 'DEFAULT/csv_location': value => $ceilometer_directory_csv;
'DEFAULT/csv_location_strict': value => true; 'DEFAULT/csv_location_strict': value => true;
'notification/workers': value => $agent_workers_count; 'notification/workers': value => $agent_workers_count;
'notification/batch_size': value => 100; 'notification/batch_size': value => 100;
@ -209,55 +209,55 @@ class openstack::ceilometer::polling (
$image_polling_interval = 600, $image_polling_interval = 600,
$volume_polling_interval = 600, $volume_polling_interval = 600,
) { ) {
include ::platform::params include ::platform::params
include ::platform::kubernetes::params include ::platform::kubernetes::params
file { "/etc/ceilometer/polling.yaml": file { '/etc/ceilometer/polling.yaml':
ensure => 'present', ensure => 'present',
content => template('openstack/polling.yaml.erb'), content => template('openstack/polling.yaml.erb'),
mode => '0640', mode => '0640',
owner => 'root', owner => 'root',
group => 'ceilometer', group => 'ceilometer',
tag => 'ceilometer-yamls', tag => 'ceilometer-yamls',
} }
if $::personality == 'controller' { if $::personality == 'controller' {
$central_namespace = true $central_namespace = true
} else { } else {
$central_namespace = false $central_namespace = false
} }
if (str2bool($::disable_worker_services) or if (str2bool($::disable_worker_services) or
$::platform::kubernetes::params::enabled) { $::platform::kubernetes::params::enabled) {
$agent_enable = false $agent_enable = false
$compute_namespace = false $compute_namespace = false
file { '/etc/pmon.d/ceilometer-polling.conf': file { '/etc/pmon.d/ceilometer-polling.conf':
ensure => absent, ensure => absent,
} }
} else { } else {
$agent_enable = true $agent_enable = true
if str2bool($::is_worker_subfunction) { if str2bool($::is_worker_subfunction) {
$pmon_target = "/etc/ceilometer/ceilometer-polling-compute.conf.pmon" $pmon_target = '/etc/ceilometer/ceilometer-polling-compute.conf.pmon'
$compute_namespace = true $compute_namespace = true
} else { } else {
$pmon_target = "/etc/ceilometer/ceilometer-polling.conf.pmon" $pmon_target = '/etc/ceilometer/ceilometer-polling.conf.pmon'
$compute_namespace = false $compute_namespace = false
} }
file { "/etc/pmon.d/ceilometer-polling.conf": file { '/etc/pmon.d/ceilometer-polling.conf':
ensure => link, ensure => link,
target => $pmon_target, target => $pmon_target,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
} }
} }
class { '::ceilometer::agent::polling': class { '::ceilometer::agent::polling':
enabled => $agent_enable, enabled => $agent_enable,
central_namespace => $central_namespace, central_namespace => $central_namespace,
compute_namespace => $compute_namespace, compute_namespace => $compute_namespace,
} }
} }

116
puppet-manifests/src/modules/openstack/manifests/cinder.pp
View File

@ -77,7 +77,7 @@ class openstack::cinder::params (
} else { } else {
$is_initial_cinder_ceph = false $is_initial_cinder_ceph = false
} }
# Cinder needs to be running on initial configuration of either Ceph or LVM # Cinder needs to be running on initial configuration of either Ceph or LVM
if str2bool($::is_controller_active) and ($is_initial_cinder_lvm or $is_initial_cinder_ceph) { if str2bool($::is_controller_active) and ($is_initial_cinder_lvm or $is_initial_cinder_ceph) {
$enable_cinder_service = true $enable_cinder_service = true
@ -139,32 +139,32 @@ class openstack::cinder
} }
if $service_enabled { if $service_enabled {
file { "${cinder_directory}": file { $cinder_directory:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${cinder_image_conversion_dir}": -> file { $cinder_image_conversion_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${cinder_directory}/data": -> file { "${cinder_directory}/data":
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} else { } else {
file { "${cinder_directory}": file { $cinder_directory:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${cinder_directory}/data": -> file { "${cinder_directory}/data":
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -189,7 +189,7 @@ class openstack::cinder
include ::openstack::cinder::backup include ::openstack::cinder::backup
include ::platform::multipath::params include ::platform::multipath::params
# TODO(mpeters): move to puppet module formal parameters # TODO(mpeters): move to puppet module formal parameters
cinder_config { cinder_config {
'DEFAULT/my_ip': value => $controller_address; 'DEFAULT/my_ip': value => $controller_address;
@ -294,24 +294,24 @@ class openstack::cinder::lvm::filesystem::drbd (
$ha_primary = true $ha_primary = true
$initial_setup = true $initial_setup = true
$service_enable = true $service_enable = true
$service_ensure = "running" $service_ensure = 'running'
} else { } else {
$ha_primary = false $ha_primary = false
$initial_setup = false $initial_setup = false
$service_enable = false $service_enable = false
$service_ensure = "stopped" $service_ensure = 'stopped'
} }
if $is_node_cinder_lvm { if $is_node_cinder_lvm {
# prepare disk for drbd # prepare disk for drbd
file { '/etc/udev/mount.blacklist': file { '/etc/udev/mount.blacklist':
ensure => present, ensure => present,
mode => '0644', mode => '0644',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
file_line { 'blacklist ${cinder_disk} automount': -> file_line { 'blacklist ${cinder_disk} automount':
ensure => present, ensure => present,
line => $cinder_disk, line => $cinder_disk,
path => '/etc/udev/mount.blacklist', path => '/etc/udev/mount.blacklist',
@ -357,33 +357,33 @@ class openstack::cinder::lvm::filesystem::drbd (
# Note: Cinder disk replacement is triggered from sysinv by removing # Note: Cinder disk replacement is triggered from sysinv by removing
# the checkpoint file behind is_node_cinder_lvm. # the checkpoint file behind is_node_cinder_lvm.
physical_volume { $device: physical_volume { $device:
ensure => present, ensure => present,
require => Drbd::Resource[$drbd_resource] require => Drbd::Resource[$drbd_resource]
} -> }
volume_group { $vg_name: -> volume_group { $vg_name:
ensure => present, ensure => present,
physical_volumes => $device, physical_volumes => $device,
} -> }
# Create an initial LV, because the LVM ocf resource does not work with # Create an initial LV, because the LVM ocf resource does not work with
# an empty VG. # an empty VG.
logical_volume { 'anchor-lv': -> logical_volume { 'anchor-lv':
ensure => present, ensure => present,
volume_group => $vg_name, volume_group => $vg_name,
size => '1M', size => '1M',
size_is_minsize => true, size_is_minsize => true,
} -> }
# Deactivate the VG now. If this isn't done, it prevents DRBD from # Deactivate the VG now. If this isn't done, it prevents DRBD from
# being stopped later by the SM. # being stopped later by the SM.
exec { 'Deactivate VG': -> exec { 'Deactivate VG':
command => "vgchange -a ln ${vg_name}", command => "vgchange -a ln ${vg_name}",
} -> }
# Make sure the primary resource is in the correct state so that on swact to # Make sure the primary resource is in the correct state so that on swact to
# controller-1 sm has the resource in an acceptable state to become managed # controller-1 sm has the resource in an acceptable state to become managed
# and primary. But, if this primary is a single controller we will restart # and primary. But, if this primary is a single controller we will restart
# SM so keep it primary # SM so keep it primary
# TODO (rchurch): fix up the drbd_handoff logic. # TODO (rchurch): fix up the drbd_handoff logic.
exec { 'Set $drbd_resource role': -> exec { 'Set $drbd_resource role':
command => str2bool($drbd_handoff) ? {true => "drbdadm secondary ${drbd_resource}", default => '/bin/true'}, command => str2bool($drbd_handoff) ? {true => "drbdadm secondary ${drbd_resource}", default => '/bin/true'},
unless => "drbdadm role ${drbd_resource} | egrep '^Secondary'", unless => "drbdadm role ${drbd_resource} | egrep '^Secondary'",
} }
@ -420,8 +420,8 @@ class openstack::cinder::lvm(
group => 'root', group => 'root',
mode => '0755', mode => '0755',
require => File[$cinder_directory], require => File[$cinder_directory],
} -> }
file { "${cinder_directory}/iscsi-target/saveconfig.json": -> file { "${cinder_directory}/iscsi-target/saveconfig.json":
ensure => 'present', ensure => 'present',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -434,23 +434,23 @@ class openstack::cinder::lvm(
} }
if $lvm_type == 'thin' { if $lvm_type == 'thin' {
$iscsi_lvm_config = { $iscsi_lvm_config = {
'lvm/iscsi_target_flags' => {'value' => 'direct'}, 'lvm/iscsi_target_flags' => {'value' => 'direct'},
'lvm/lvm_type' => {'value' => 'thin'}, 'lvm/lvm_type' => {'value' => 'thin'},
'DEFAULT/max_over_subscription_ratio' => {'value' => 1.0} 'DEFAULT/max_over_subscription_ratio' => {'value' => 1.0}
} }
} else { } else {
$iscsi_lvm_config = { $iscsi_lvm_config = {
'lvm/iscsi_target_flags' => {'value' => 'direct'}, 'lvm/iscsi_target_flags' => {'value' => 'direct'},
'lvm/lvm_type' => {'value' => 'default'}, 'lvm/lvm_type' => {'value' => 'default'},
'lvm/volume_clear' => {'value' => 'none'} 'lvm/volume_clear' => {'value' => 'none'}
} }
} }
cinder::backend::iscsi { 'lvm': cinder::backend::iscsi { 'lvm':
iscsi_ip_address => $iscsi_ip_address, iscsi_ip_address => $iscsi_ip_address,
extra_options => $iscsi_lvm_config , extra_options => $iscsi_lvm_config ,
volumes_dir => "${cinder_directory}/data/volumes", volumes_dir => "${cinder_directory}/data/volumes",
} }
} }
@ -464,9 +464,9 @@ define openstack::cinder::backend::ceph(
if $backend_enabled { if $backend_enabled {
cinder::backend::rbd {$backend_name: cinder::backend::rbd {$backend_name:
backend_host => '$host', backend_host => '$host',
rbd_pool => $rbd_pool, rbd_pool => $rbd_pool,
rbd_user => $rbd_user, rbd_user => $rbd_user,
rbd_ceph_conf => $rbd_ceph_conf, rbd_ceph_conf => $rbd_ceph_conf,
} }
} else { } else {
@ -521,11 +521,11 @@ define openstack::cinder::backend::hpe3par
$feature_enabled = "openstack::cinder::${name}::feature_enabled" $feature_enabled = "openstack::cinder::${name}::feature_enabled"
create_resources('cinder_config', hiera_hash($hiera_params, {})) create_resources('cinder_config', hiera_hash($hiera_params, {}))
if $feature_enabled { if $feature_enabled {
exec {"Including $name configuration": exec {"Including ${name} configuration":
path => [ '/usr/bin', '/usr/sbin', '/bin', '/sbin' ], path => [ '/usr/bin', '/usr/sbin', '/bin', '/sbin' ],
command => "echo Including $name configuration", command => "echo Including ${name} configuration",
} }
} }
} }
@ -561,7 +561,7 @@ class openstack::cinder::firewall
if $service_enabled { if $service_enabled {
platform::firewall::rule { 'cinder-api': platform::firewall::rule { 'cinder-api':
service_name => 'cinder', service_name => 'cinder',
ports => $api_port, ports => $api_port,
} }
} }
} }
@ -572,8 +572,8 @@ class openstack::cinder::haproxy
if $service_enabled { if $service_enabled {
platform::haproxy::proxy { 'cinder-restapi': platform::haproxy::proxy { 'cinder-restapi':
server_name => 's-cinder', server_name => 's-cinder',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -644,10 +644,10 @@ class openstack::cinder::api
} }
class { '::cinder::api': class { '::cinder::api':
bind_host => $api_host, bind_host => $api_host,
service_workers => $api_workers, service_workers => $api_workers,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
enabled => str2bool($enable_cinder_service) enabled => str2bool($enable_cinder_service)
} }
if $::openstack::cinder::params::configure_endpoint { if $::openstack::cinder::params::configure_endpoint {
@ -674,7 +674,7 @@ class openstack::cinder::pre {
if $::platform::params::distributed_cloud_role =='systemcontroller' and $enabled { if $::platform::params::distributed_cloud_role =='systemcontroller' and $enabled {
# need to enable cinder-api-proxy in order to apply the cinder manifest # need to enable cinder-api-proxy in order to apply the cinder manifest
exec { 'Enable Dcorch Cinder API Proxy': exec { 'Enable Dcorch Cinder API Proxy':
command => "systemctl enable dcorch-cinder-api-proxy; systemctl start dcorch-cinder-api-proxy", command => 'systemctl enable dcorch-cinder-api-proxy; systemctl start dcorch-cinder-api-proxy',
} }
} }
} }
@ -704,7 +704,7 @@ class openstack::cinder::post
# To workaround an upstream bug in rbd code, we need to create # To workaround an upstream bug in rbd code, we need to create
# an empty file /etc/ceph/ceph.client.None.keyring in order to # an empty file /etc/ceph/ceph.client.None.keyring in order to
# do cinder backup and restore. # do cinder backup and restore.
file { "/etc/ceph/ceph.client.None.keyring": file { '/etc/ceph/ceph.client.None.keyring':
ensure => file, ensure => file,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -723,14 +723,14 @@ class openstack::cinder::post
# To allow for the transition it must be explicitly stopped. Once puppet # To allow for the transition it must be explicitly stopped. Once puppet
# can directly handle SM managed services, then this can be removed. # can directly handle SM managed services, then this can be removed.
exec { 'Disable OpenStack - Cinder API': exec { 'Disable OpenStack - Cinder API':
command => "systemctl stop openstack-cinder-api; systemctl disable openstack-cinder-api", command => 'systemctl stop openstack-cinder-api; systemctl disable openstack-cinder-api',
require => Class['openstack::cinder'], require => Class['openstack::cinder'],
} }
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
# stop and disable the cinder api proxy to allow SM to manage the service # stop and disable the cinder api proxy to allow SM to manage the service
exec { 'Disable Dcorch Cinder API Proxy': exec { 'Disable Dcorch Cinder API Proxy':
command => "systemctl stop dcorch-cinder-api-proxy; systemctl disable dcorch-cinder-api-proxy", command => 'systemctl stop dcorch-cinder-api-proxy; systemctl disable dcorch-cinder-api-proxy',
require => Class['openstack::cinder'], require => Class['openstack::cinder'],
} }
} }

12
puppet-manifests/src/modules/openstack/manifests/client.pp
View File

@ -4,22 +4,22 @@ class openstack::client
include ::platform::client::credentials::params include ::platform::client::credentials::params
$keyring_file = $::platform::client::credentials::params::keyring_file $keyring_file = $::platform::client::credentials::params::keyring_file
file {"/etc/nova/openrc": file {'/etc/nova/openrc':
ensure => "present", ensure => 'present',
mode => '0640', mode => '0640',
owner => 'nova', owner => 'nova',
group => 'root', group => 'root',
content => template('openstack/openrc.admin.erb'), content => template('openstack/openrc.admin.erb'),
} }
file {"/etc/nova/ldap_openrc_template": file {'/etc/nova/ldap_openrc_template':
ensure => "present", ensure => 'present',
mode => '0644', mode => '0644',
content => template('openstack/openrc.ldap.erb'), content => template('openstack/openrc.ldap.erb'),
} }
file {"/etc/bash_completion.d/openstack": file {'/etc/bash_completion.d/openstack':
ensure => "present", ensure => 'present',
mode => '0644', mode => '0644',
content => generate('/usr/bin/openstack', 'complete'), content => generate('/usr/bin/openstack', 'complete'),
} }

58
puppet-manifests/src/modules/openstack/manifests/glance.pp
View File

@ -24,25 +24,25 @@ class openstack::glance
include ::platform::params include ::platform::params
include ::platform::amqp::params include ::platform::amqp::params
file { "${glance_directory}": file { $glance_directory:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${glance_directory}/image-cache": -> file { "${glance_directory}/image-cache":
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${glance_directory}/images": -> file { "${glance_directory}/images":
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${glance_image_conversion_dir}": -> file { $glance_image_conversion_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -55,7 +55,7 @@ class openstack::glance
} }
if $::platform::params::init_database { if $::platform::params::init_database {
class { "::glance::db::postgresql": class { '::glance::db::postgresql':
encoding => 'UTF8', encoding => 'UTF8',
} }
} }
@ -79,13 +79,13 @@ class openstack::glance
} }
cron { 'glance-cleaner': cron { 'glance-cleaner':
ensure => 'present', ensure => 'present',
command => "/usr/bin/glance-cleaner --config-file /etc/glance/glance-api.conf --delete-interval $glance_delete_interval", command => "/usr/bin/glance-cleaner --config-file /etc/glance/glance-api.conf --delete-interval ${glance_delete_interval}",
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '35', minute => '35',
hour => "*/$glance_delete_interval", hour => "*/${glance_delete_interval}",
user => 'root', user => 'root',
} }
# In glance cached mode run the pruner once every 6 hours to clean # In glance cached mode run the pruner once every 6 hours to clean
# stale or orphaned images # stale or orphaned images
@ -101,7 +101,7 @@ class openstack::glance
} }
class { '::glance::notify::rabbitmq': class { '::glance::notify::rabbitmq':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
@ -117,7 +117,7 @@ class openstack::glance::firewall
platform::firewall::rule { 'glance-api': platform::firewall::rule { 'glance-api':
service_name => 'glance', service_name => 'glance',
ports => $api_port, ports => $api_port,
} }
} }
@ -126,9 +126,9 @@ class openstack::glance::haproxy
inherits ::openstack::glance::params { inherits ::openstack::glance::params {
platform::haproxy::proxy { 'glance-restapi': platform::haproxy::proxy { 'glance-restapi':
server_name => 's-glance', server_name => 's-glance',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
private_ip_address => $api_host, private_ip_address => $api_host,
} }
} }
@ -139,7 +139,7 @@ class openstack::glance::api
include ::platform::params include ::platform::params
if $service_enabled { if $service_enabled {
if ($::openstack::glance::params::service_create and if ($::openstack::glance::params::service_create and
$::platform::params::init_keystone) { $::platform::params::init_keystone) {
include ::glance::keystone::auth include ::glance::keystone::auth
} }
@ -170,19 +170,19 @@ class openstack::glance::api
} }
class { '::glance::api': class { '::glance::api':
bind_host => $api_host, bind_host => $api_host,
use_user_token => $api_use_user_token, use_user_token => $api_use_user_token,
registry_host => $registry_host, registry_host => $registry_host,
remote_registry_region_name => $remote_registry_region_name, remote_registry_region_name => $remote_registry_region_name,
workers => $api_workers, workers => $api_workers,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
show_image_direct_url => $show_image_direct_url, show_image_direct_url => $show_image_direct_url,
} }
if 'rbd' in $enabled_backends { if 'rbd' in $enabled_backends {
class { '::glance::backend::rbd': class { '::glance::backend::rbd':
rbd_store_pool => $rbd_store_pool, rbd_store_pool => $rbd_store_pool,
rbd_store_ceph_conf => $rbd_store_ceph_conf, rbd_store_ceph_conf => $rbd_store_ceph_conf,
} }
} }

10
puppet-manifests/src/modules/openstack/manifests/gnocchi.pp
View File

@ -40,8 +40,8 @@ class openstack::gnocchi::haproxy
inherits ::openstack::gnocchi::params { inherits ::openstack::gnocchi::params {
platform::haproxy::proxy { 'gnocchi-restapi': platform::haproxy::proxy { 'gnocchi-restapi':
server_name => 's-gnocchi-restapi', server_name => 's-gnocchi-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -79,7 +79,7 @@ class openstack::gnocchi::api
# gnocchi::keystone::auth::configure_endpoint which is # gnocchi::keystone::auth::configure_endpoint which is
# set via sysinv puppet # set via sysinv puppet
if $::openstack::gnocchi::params::service_create and if $::openstack::gnocchi::params::service_create and
$::platform::params::init_keystone { $::platform::params::init_keystone {
include ::gnocchi::keystone::auth include ::gnocchi::keystone::auth
} }
@ -104,9 +104,9 @@ class openstack::gnocchi::api
$sacks_number = $::openstack::gnocchi::metricd::metricd_workers + 2 $sacks_number = $::openstack::gnocchi::metricd::metricd_workers + 2
if $::platform::params::init_database { if $::platform::params::init_database {
$options = "--sacks-number $sacks_number" $options = "--sacks-number ${sacks_number}"
} else { } else {
$options = "--sacks-number $sacks_number --skip-index --skip-archive-policies-creation" $options = "--sacks-number ${sacks_number} --skip-index --skip-archive-policies-creation"
} }
class { '::gnocchi::db::sync': class { '::gnocchi::db::sync':

52
puppet-manifests/src/modules/openstack/manifests/heat.pp
View File

@ -8,7 +8,7 @@ class openstack::heat::params (
$domain_pwd = undef, $domain_pwd = undef,
$service_name = 'openstack-heat', $service_name = 'openstack-heat',
$service_tenant = undef, $service_tenant = undef,
$default_endpoint_type = "internalURL", $default_endpoint_type = 'internalURL',
$service_create = false, $service_create = false,
$service_enabled = true, $service_enabled = true,
) { ) {
@ -34,10 +34,10 @@ class openstack::heat
include ::heat::keystone::authtoken include ::heat::keystone::authtoken
class { '::heat': class { '::heat':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
heat_clients_endpoint_type => $default_endpoint_type, heat_clients_endpoint_type => $default_endpoint_type,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
} }
class { '::heat::engine': class { '::heat::engine':
@ -69,7 +69,7 @@ class openstack::heat
keystone_tenant { $service_tenant: keystone_tenant { $service_tenant:
ensure => present, ensure => present,
enabled => true, enabled => true,
description => "Tenant for $::platform::params::region_2_name", description => "Tenant for ${::platform::params::region_2_name}",
} }
class { '::heat::keystone::domain': class { '::heat::keystone::domain':
domain_name => $domain_name, domain_name => $domain_name,
@ -91,8 +91,8 @@ class openstack::heat
} }
} else { } else {
keystone_user_role { 'admin@admin': keystone_user_role { 'admin@admin':
ensure => present, ensure => present,
roles => ['admin', '_member_', 'heat_stack_owner'], roles => ['admin', '_member_', 'heat_stack_owner'],
} }
} }
@ -103,15 +103,15 @@ class openstack::heat
class { '::heat::keystone::domain': class { '::heat::keystone::domain':
manage_domain => true, manage_domain => true,
manage_user => true, manage_user => true,
manage_role => true, manage_role => true,
} }
} else { } else {
# Second controller does not invoke keystone, but does need configuration # Second controller does not invoke keystone, but does need configuration
class { '::heat::keystone::domain': class { '::heat::keystone::domain':
manage_domain => false, manage_domain => false,
manage_user => false, manage_user => false,
manage_role => false, manage_role => false,
} }
} }
} }
@ -124,18 +124,18 @@ class openstack::heat
'clients_glance/endpoint_type': value => $default_endpoint_type; 'clients_glance/endpoint_type': value => $default_endpoint_type;
'clients_cinder/endpoint_type': value => $default_endpoint_type; 'clients_cinder/endpoint_type': value => $default_endpoint_type;
'clients_ceilometer/endpoint_type':value => $default_endpoint_type; 'clients_ceilometer/endpoint_type':value => $default_endpoint_type;
'clients_heat/endpoint_type': value => "publicURL"; 'clients_heat/endpoint_type': value => 'publicURL';
'clients_keystone/endpoint_type': value => $default_endpoint_type; 'clients_keystone/endpoint_type': value => $default_endpoint_type;
} }
# Run heat-manage purge_deleted daily at the 20 minute mark # Run heat-manage purge_deleted daily at the 20 minute mark
cron { 'heat-purge-deleted': cron { 'heat-purge-deleted':
ensure => 'present', ensure => 'present',
command => '/usr/bin/heat-purge-deleted-active', command => '/usr/bin/heat-purge-deleted-active',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '20', minute => '20',
hour => '*/24', hour => '*/24',
user => 'root', user => 'root',
} }
} }
} }
@ -166,20 +166,20 @@ class openstack::heat::haproxy
inherits ::openstack::heat::params { inherits ::openstack::heat::params {
platform::haproxy::proxy { 'heat-restapi': platform::haproxy::proxy { 'heat-restapi':
server_name => 's-heat', server_name => 's-heat',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
platform::haproxy::proxy { 'heat-cfn-restapi': platform::haproxy::proxy { 'heat-cfn-restapi':
server_name => 's-heat-cfn', server_name => 's-heat-cfn',
public_port => $cfn_port, public_port => $cfn_port,
private_port => $cfn_port, private_port => $cfn_port,
} }
platform::haproxy::proxy { 'heat-cloudwatch': platform::haproxy::proxy { 'heat-cloudwatch':
server_name => 's-heat-cloudwatch', server_name => 's-heat-cloudwatch',
public_port => $cloudwatch_port, public_port => $cloudwatch_port,
private_port => $cloudwatch_port, private_port => $cloudwatch_port,
} }
} }
@ -203,17 +203,17 @@ class openstack::heat::api
if $service_enabled { if $service_enabled {
class { '::heat::api': class { '::heat::api':
bind_host => $api_host, bind_host => $api_host,
workers => $api_workers, workers => $api_workers,
} }
class { '::heat::api_cfn': class { '::heat::api_cfn':
bind_host => $api_host, bind_host => $api_host,
workers => $api_workers, workers => $api_workers,
} }
class { '::heat::api_cloudwatch': class { '::heat::api_cloudwatch':
bind_host => $api_host, bind_host => $api_host,
workers => $api_workers, workers => $api_workers,
} }
include ::openstack::heat::firewall include ::openstack::heat::firewall

54
puppet-manifests/src/modules/openstack/manifests/horizon.pp
View File

@ -47,33 +47,33 @@ class openstack::horizon
groups => ['wrs_protected'], groups => ['wrs_protected'],
} }
file { "/www/tmp": file { '/www/tmp':
path => "/www/tmp",
ensure => directory, ensure => directory,
path => '/www/tmp',
mode => '1700', mode => '1700',
} }
file {"/www/var": file {'/www/var':
path => "/www/var", ensure => directory,
ensure => directory, path => '/www/var',
owner => "www", owner => 'www',
require => User['www'] require => User['www']
} }
file {"/www/var/log": file {'/www/var/log':
path => "/www/var/log", ensure => directory,
ensure => directory, path => '/www/var/log',
owner => "www", owner => 'www',
require => User['www'] require => User['www']
} }
file {"/etc/lighttpd/lighttpd.conf": file {'/etc/lighttpd/lighttpd.conf':
ensure => present, ensure => present,
content => template('openstack/lighttpd.conf.erb') content => template('openstack/lighttpd.conf.erb')
} }
file {"/etc/lighttpd/lighttpd-inc.conf": file {'/etc/lighttpd/lighttpd-inc.conf':
ensure => present, ensure => present,
content => template('openstack/lighttpd-inc.conf.erb') content => template('openstack/lighttpd-inc.conf.erb')
} }
@ -95,7 +95,7 @@ class openstack::horizon
if str2bool($::is_initial_config) { if str2bool($::is_initial_config) {
exec { 'Stop lighttpd': exec { 'Stop lighttpd':
command => "systemctl stop lighttpd; systemctl disable lighttpd", command => 'systemctl stop lighttpd; systemctl disable lighttpd',
require => User['www'] require => User['www']
} }
} }
@ -112,8 +112,8 @@ class openstack::horizon
include ::horizon::params include ::horizon::params
file { '/etc/openstack-dashboard/horizon-config.ini': file { '/etc/openstack-dashboard/horizon-config.ini':
content => template('openstack/horizon-params.erb'),
ensure => present, ensure => present,
content => template('openstack/horizon-params.erb'),
mode => '0644', mode => '0644',
owner => 'root', owner => 'root',
group => $::horizon::params::apache_group, group => $::horizon::params::apache_group,
@ -132,8 +132,8 @@ class openstack::horizon
$region_2_name = $::platform::params::region_2_name $region_2_name = $::platform::params::region_2_name
$region_openstack_host = $openstack_host $region_openstack_host = $openstack_host
file { '/etc/openstack-dashboard/region-config.ini': file { '/etc/openstack-dashboard/region-config.ini':
content => template('openstack/horizon-region-config.erb'),
ensure => present, ensure => present,
content => template('openstack/horizon-region-config.erb'),
mode => '0644', mode => '0644',
} }
} else { } else {
@ -162,8 +162,8 @@ class openstack::horizon
'enable_firewall' => $neutron_enable_firewall, 'enable_firewall' => $neutron_enable_firewall,
'enable_vpn' => $neutron_enable_vpn 'enable_vpn' => $neutron_enable_vpn
}, },
configure_apache => false, configure_apache => false,
compress_offline => false, compress_offline => false,
} }
# hack for memcached, for now we bind to localhost on ipv6 # hack for memcached, for now we bind to localhost on ipv6
@ -177,12 +177,12 @@ class openstack::horizon
# Run clearsessions daily at the 40 minute mark # Run clearsessions daily at the 40 minute mark
cron { 'clearsessions': cron { 'clearsessions':
ensure => 'present', ensure => 'present',
command => '/usr/bin/horizon-clearsessions', command => '/usr/bin/horizon-clearsessions',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '40', minute => '40',
hour => '*/24', hour => '*/24',
user => 'root', user => 'root',
} }
include ::openstack::horizon::firewall include ::openstack::horizon::firewall
@ -216,11 +216,11 @@ class openstack::horizon::reload {
# Remove all active Horizon user sessions # Remove all active Horizon user sessions
# so that we don't use any stale cached data # so that we don't use any stale cached data
# such as endpoints # such as endpoints
exec { "remove-Horizon-user-sessions": exec { 'remove-Horizon-user-sessions':
path => ['/usr/bin'], path => ['/usr/bin'],
command => "/usr/bin/rm -f /var/tmp/sessionid*", command => '/usr/bin/rm -f /var/tmp/sessionid*',
} }
platform::sm::restart {'horizon': } platform::sm::restart {'horizon': }
platform::sm::restart {'lighttpd': } platform::sm::restart {'lighttpd': }
} }

128
puppet-manifests/src/modules/openstack/manifests/ironic.pp
View File

@ -2,8 +2,8 @@ class openstack::ironic::params (
$api_port = 6485, $api_port = 6485,
$service_enabled = false, $service_enabled = false,
$service_name = 'openstack-ironic', $service_name = 'openstack-ironic',
$region_name = undef, $region_name = undef,
$default_endpoint_type = "internalURL", $default_endpoint_type = 'internalURL',
$tftp_server = undef, $tftp_server = undef,
$provisioning_network = undef, $provisioning_network = undef,
$controller_0_if = undef, $controller_0_if = undef,
@ -15,7 +15,7 @@ class openstack::ironic::params (
include ::platform::params include ::platform::params
$sw_version = $::platform::params::software_version $sw_version = $::platform::params::software_version
$ironic_basedir = "/opt/cgcs/ironic" $ironic_basedir = '/opt/cgcs/ironic'
$ironic_versioned_dir = "${ironic_basedir}/${sw_version}" $ironic_versioned_dir = "${ironic_basedir}/${sw_version}"
$ironic_tftpboot_dir = "${ironic_versioned_dir}/tftpboot" $ironic_tftpboot_dir = "${ironic_versioned_dir}/tftpboot"
} }
@ -37,17 +37,17 @@ class openstack::ironic::haproxy
if $service_enabled { if $service_enabled {
platform::haproxy::proxy { 'ironic-restapi': platform::haproxy::proxy { 'ironic-restapi':
server_name => 's-ironic-restapi', server_name => 's-ironic-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
platform::haproxy::proxy { 'ironic-tftp-restapi': platform::haproxy::proxy { 'ironic-tftp-restapi':
server_name => 's-ironic-tftp-restapi', server_name => 's-ironic-tftp-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
public_ip_address => $tftp_server, public_ip_address => $tftp_server,
enable_https => false, enable_https => false,
} }
} }
} }
@ -70,13 +70,13 @@ class openstack::ironic
} }
class {'::ironic': class {'::ironic':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
sync_db => false, sync_db => false,
my_ip => $api_host, my_ip => $api_host,
} }
if $tftp_server != undef { if $tftp_server != undef {
$ipa_api_url = "http://$tftp_server:$api_port" $ipa_api_url = "http://${tftp_server}:${api_port}"
} }
else { else {
$ipa_api_url = undef $ipa_api_url = undef
@ -84,53 +84,53 @@ class openstack::ironic
# provisioning and cleaning networks are intentionally the same # provisioning and cleaning networks are intentionally the same
class {'::ironic::conductor': class {'::ironic::conductor':
provisioning_network => $provisioning_network, provisioning_network => $provisioning_network,
cleaning_network => $provisioning_network, cleaning_network => $provisioning_network,
api_url => $ipa_api_url, api_url => $ipa_api_url,
} }
$tftp_master_path = "${ironic_tftpboot_dir}/master_images" $tftp_master_path = "${ironic_tftpboot_dir}/master_images"
class {'::ironic::drivers::pxe': class {'::ironic::drivers::pxe':
tftp_server => $tftp_server, tftp_server => $tftp_server,
tftp_root => $ironic_tftpboot_dir, tftp_root => $ironic_tftpboot_dir,
tftp_master_path => $tftp_master_path, tftp_master_path => $tftp_master_path,
pxe_append_params => 'nofb nomodeset vga=normal console=ttyS0,115200n8', pxe_append_params => 'nofb nomodeset vga=normal console=ttyS0,115200n8',
} }
# configure tftp root directory # configure tftp root directory
if $::platform::params::init_database { if $::platform::params::init_database {
$ironic_tftp_root_dir = "/opt/cgcs/ironic/${sw_version}" $ironic_tftp_root_dir = "/opt/cgcs/ironic/${sw_version}"
file { "${$ironic_basedir}": file { $ironic_basedir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ironic_versioned_dir}": -> file { $ironic_versioned_dir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ironic_tftpboot_dir}": -> file { $ironic_tftpboot_dir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} }
if str2bool($::is_controller_active) { if str2bool($::is_controller_active) {
file { "${ironic_tftpboot_dir}/pxelinux.0": file { "${ironic_tftpboot_dir}/pxelinux.0":
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
source => "/usr/share/syslinux/pxelinux.0" source => '/usr/share/syslinux/pxelinux.0'
} }
file { "${ironic_tftpboot_dir}/chain.c32": file { "${ironic_tftpboot_dir}/chain.c32":
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
source => "/usr/share/syslinux/chain.c32" source => '/usr/share/syslinux/chain.c32'
} }
} }
} }
@ -152,25 +152,25 @@ class openstack::ironic::api
} }
class openstack::ironic::upgrade class openstack::ironic::upgrade
inherits ::openstack::ironic::params{ inherits ::openstack::ironic::params{
file { "${$ironic_basedir}": file { $ironic_basedir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ironic_versioned_dir}": -> file { $ironic_versioned_dir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${ironic_tftpboot_dir}": -> file { $ironic_tftpboot_dir:
ensure => 'directory', ensure => 'directory',
owner => 'ironic', owner => 'ironic',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} }

142
puppet-manifests/src/modules/openstack/manifests/keystone.pp
View File

@ -29,7 +29,7 @@ class openstack::keystone (
# In the case of a Distributed Cloud deployment, apply the Keystone # In the case of a Distributed Cloud deployment, apply the Keystone
# controller configuration for each SubCloud, since Keystone is also # controller configuration for each SubCloud, since Keystone is also
# a localized service. # a localized service.
if (!$::platform::params::region_config or if (!$::platform::params::region_config or
$::platform::params::distributed_cloud_role == 'subcloud') { $::platform::params::distributed_cloud_role == 'subcloud') {
include ::platform::amqp::params include ::platform::amqp::params
include ::platform::network::mgmt::params include ::platform::network::mgmt::params
@ -55,12 +55,12 @@ class openstack::keystone (
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client'] Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
include ::keystone::client include ::keystone::client
# Configure keystone graceful shutdown timeout # Configure keystone graceful shutdown timeout
# TODO(mpeters): move to puppet-keystone for module configuration # TODO(mpeters): move to puppet-keystone for module configuration
keystone_config { keystone_config {
"DEFAULT/graceful_shutdown_timeout": value => 15; 'DEFAULT/graceful_shutdown_timeout': value => 15;
} }
# (Pike Rebase) Disable token post expiration window since this # (Pike Rebase) Disable token post expiration window since this
@ -68,28 +68,28 @@ class openstack::keystone (
# TODO(knasim): move this to puppet-keystone along with graceful # TODO(knasim): move this to puppet-keystone along with graceful
# shutdown timeout param # shutdown timeout param
keystone_config { keystone_config {
"token/allow_expired_window": value => 0; 'token/allow_expired_window': value => 0;
} }
file { "/etc/keystone/keystone-extra.conf": file { '/etc/keystone/keystone-extra.conf':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'keystone', group => 'keystone',
mode => '0640', mode => '0640',
content => template('openstack/keystone-extra.conf.erb'), content => template('openstack/keystone-extra.conf.erb'),
} -> }
class { '::keystone': -> class { '::keystone':
enabled => $enabled, enabled => $enabled,
enable_fernet_setup => false, enable_fernet_setup => false,
fernet_key_repository => "$keystone_key_repo_path/fernet-keys", fernet_key_repository => "${keystone_key_repo_path}/fernet-keys",
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
service_name => $service_name, service_name => $service_name,
token_expiration => $token_expiration, token_expiration => $token_expiration,
} }
# create keystone policy configuration # create keystone policy configuration
file { "/etc/keystone/policy.json": file { '/etc/keystone/policy.json':
ensure => present, ensure => present,
owner => 'keystone', owner => 'keystone',
group => 'keystone', group => 'keystone',
@ -97,7 +97,7 @@ class openstack::keystone (
content => template('openstack/keystone-policy.json.erb'), content => template('openstack/keystone-policy.json.erb'),
} }
# Keystone users can only be added to the SQL backend (write support for # Keystone users can only be added to the SQL backend (write support for
# the LDAP backend has been removed). We can therefore set password rules # the LDAP backend has been removed). We can therefore set password rules
# irrespective of the backend # irrespective of the backend
if ! str2bool($::is_restore_in_progress) { if ! str2bool($::is_restore_in_progress) {
@ -175,15 +175,15 @@ class openstack::keystone::api
# the subcloud region. # the subcloud region.
if ($::platform::params::distributed_cloud_role == 'subcloud' and if ($::platform::params::distributed_cloud_role == 'subcloud' and
$::platform::params::region_2_name != 'RegionOne') { $::platform::params::region_2_name != 'RegionOne') {
Keystone_endpoint["${platform::params::region_2_name}/keystone::identity"] -> Keystone_endpoint["RegionOne/keystone::identity"] Keystone_endpoint["${platform::params::region_2_name}/keystone::identity"] -> Keystone_endpoint['RegionOne/keystone::identity']
keystone_endpoint { "RegionOne/keystone::identity": keystone_endpoint { 'RegionOne/keystone::identity':
ensure => "absent", ensure => 'absent',
name => "keystone", name => 'keystone',
type => "identity", type => 'identity',
region => "RegionOne", region => 'RegionOne',
public_url => "http://127.0.0.1:5000/v3", public_url => 'http://127.0.0.1:5000/v3',
admin_url => "http://127.0.0.1:5000/v3", admin_url => 'http://127.0.0.1:5000/v3',
internal_url => "http://127.0.0.1:5000/v3" internal_url => 'http://127.0.0.1:5000/v3'
} }
} }
} }
@ -203,7 +203,7 @@ class openstack::keystone::bootstrap(
$keystone_key_repo_path = "${::platform::drbd::cgcs::params::mountpoint}/keystone" $keystone_key_repo_path = "${::platform::drbd::cgcs::params::mountpoint}/keystone"
$eng_workers = $::platform::params::eng_workers $eng_workers = $::platform::params::eng_workers
$bind_host = '0.0.0.0' $bind_host = '0.0.0.0'
# In the case of a classical Multi-Region deployment, apply the Keystone # In the case of a classical Multi-Region deployment, apply the Keystone
# controller configuration for Primary Region ONLY # controller configuration for Primary Region ONLY
# (i.e. on which region_config is False), since Keystone is a Shared service # (i.e. on which region_config is False), since Keystone is a Shared service
@ -212,35 +212,35 @@ class openstack::keystone::bootstrap(
# controller configuration for each SubCloud, since Keystone is also # controller configuration for each SubCloud, since Keystone is also
# a localized service. # a localized service.
if ($::platform::params::init_keystone and if ($::platform::params::init_keystone and
(!$::platform::params::region_config or (!$::platform::params::region_config or
$::platform::params::distributed_cloud_role == 'subcloud')) { $::platform::params::distributed_cloud_role == 'subcloud')) {
include ::keystone::db::postgresql include ::keystone::db::postgresql
Class[$name] -> Class['::platform::client'] -> Class['::openstack::client'] Class[$name] -> Class['::platform::client'] -> Class['::openstack::client']
# Create the parent directory for fernet keys repository # Create the parent directory for fernet keys repository
file { "${keystone_key_repo_path}": file { $keystone_key_repo_path:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
require => Class['::platform::drbd::cgcs'], require => Class['::platform::drbd::cgcs'],
} -> }
file { "/etc/keystone/keystone-extra.conf": -> file { '/etc/keystone/keystone-extra.conf':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'keystone', group => 'keystone',
mode => '0640', mode => '0640',
content => template('openstack/keystone-extra.conf.erb'), content => template('openstack/keystone-extra.conf.erb'),
} -> }
class { '::keystone': -> class { '::keystone':
enabled => true, enabled => true,
enable_bootstrap => true, enable_bootstrap => true,
fernet_key_repository => "$keystone_key_repo_path/fernet-keys", fernet_key_repository => "${keystone_key_repo_path}/fernet-keys",
sync_db => true, sync_db => true,
default_domain => $default_domain, default_domain => $default_domain,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
include ::keystone::client include ::keystone::client
@ -290,29 +290,29 @@ class openstack::keystone::endpointgroup
group => 'keystone', group => 'keystone',
mode => '0640', mode => '0640',
content => template('openstack/keystone-defaultregion-filter.erb'), content => template('openstack/keystone-defaultregion-filter.erb'),
} -> }
file { "/etc/keystone/keystone-${system_controller_region}-filter.conf": -> file { "/etc/keystone/keystone-${system_controller_region}-filter.conf":
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'keystone', group => 'keystone',
mode => '0640', mode => '0640',
content => template('openstack/keystone-systemcontroller-filter.erb'), content => template('openstack/keystone-systemcontroller-filter.erb'),
} -> }
exec { 'endpointgroup-${reference_region}-command': -> exec { 'endpointgroup-${reference_region}-command':
cwd => '/etc/keystone', cwd => '/etc/keystone',
logoutput => true, logoutput => true,
provider => shell, provider => shell,
require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ], require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ],
command => template('openstack/keystone-defaultregion.erb'), command => template('openstack/keystone-defaultregion.erb'),
path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'], path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'],
} -> }
exec { 'endpointgroup-${system_controller_region}-command': -> exec { 'endpointgroup-${system_controller_region}-command':
cwd => '/etc/keystone', cwd => '/etc/keystone',
logoutput => true, logoutput => true,
provider => shell, provider => shell,
require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ], require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ],
command => template('openstack/keystone-systemcontroller.erb'), command => template('openstack/keystone-systemcontroller.erb'),
path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'], path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'],
} }
} }
} }
@ -438,28 +438,28 @@ class openstack::keystone::upgrade (
# Need to create the parent directory for fernet keys repository # Need to create the parent directory for fernet keys repository
# This is a workaround to a puppet bug. # This is a workaround to a puppet bug.
file { "${keystone_key_repo}": file { $keystone_key_repo:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755' mode => '0755'
} -> }
file { "/etc/keystone/keystone-extra.conf": -> file { '/etc/keystone/keystone-extra.conf':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'keystone', group => 'keystone',
mode => '0640', mode => '0640',
content => template('openstack/keystone-extra.conf.erb'), content => template('openstack/keystone-extra.conf.erb'),
} -> }
class { '::keystone': -> class { '::keystone':
upgrade_token_cmd => $upgrade_token_cmd, upgrade_token_cmd => $upgrade_token_cmd,
upgrade_token_file => $upgrade_token_file, upgrade_token_file => $upgrade_token_file,
enable_fernet_setup => true, enable_fernet_setup => true,
enable_bootstrap => false, enable_bootstrap => false,
fernet_key_repository => "$keystone_key_repo/fernet-keys", fernet_key_repository => "${keystone_key_repo}/fernet-keys",
sync_db => false, sync_db => false,
default_domain => undef, default_domain => undef,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
# Add service account and endpoints for any new R6 services... # Add service account and endpoints for any new R6 services...

10
puppet-manifests/src/modules/openstack/manifests/magnum.pp
View File

@ -27,8 +27,8 @@ class openstack::magnum
include ::magnum::certificates include ::magnum::certificates
class {'::magnum': class {'::magnum':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
if $::platform::params::init_database { if $::platform::params::init_database {
@ -53,8 +53,8 @@ class openstack::magnum::haproxy
if $service_enabled { if $service_enabled {
platform::haproxy::proxy { 'magnum-restapi': platform::haproxy::proxy { 'magnum-restapi':
server_name => 's-magnum', server_name => 's-magnum',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -74,7 +74,7 @@ class openstack::magnum::api
class { '::magnum::api': class { '::magnum::api':
enabled => false, enabled => false,
host => $api_host, host => $api_host,
sync_db => false, sync_db => false,
} }

148
puppet-manifests/src/modules/openstack/manifests/murano.pp
View File

@ -38,9 +38,9 @@ class openstack::murano::firewall
ports => 5671, ports => 5671,
} }
platform::firewall::rule { 'murano-rabbit-regular': platform::firewall::rule { 'murano-rabbit-regular':
service_name => 'murano-rabbit-regular',
ports => 5672,
ensure => absent, ensure => absent,
ports => 5672,
service_name => 'murano-rabbit-regular',
} }
} else { } else {
platform::firewall::rule { 'murano-rabbit-regular': platform::firewall::rule { 'murano-rabbit-regular':
@ -48,21 +48,21 @@ class openstack::murano::firewall
ports => 5672, ports => 5672,
} }
platform::firewall::rule { 'murano-rabbit-ssl': platform::firewall::rule { 'murano-rabbit-ssl':
service_name => 'murano-rabbit-ssl',
ports => 5671,
ensure => absent, ensure => absent,
ports => 5671,
service_name => 'murano-rabbit-ssl',
} }
} }
} else { } else {
platform::firewall::rule { 'murano-rabbit-regular': platform::firewall::rule { 'murano-rabbit-regular':
service_name => 'murano-rabbit-regular',
ports => 5672,
ensure => absent, ensure => absent,
ports => 5672,
service_name => 'murano-rabbit-regular',
} }
platform::firewall::rule { 'murano-rabbit-ssl': platform::firewall::rule { 'murano-rabbit-ssl':
service_name => 'murano-rabbit-ssl',
ports => 5671,
ensure => absent, ensure => absent,
ports => 5671,
service_name => 'murano-rabbit-ssl',
} }
} }
} }
@ -73,8 +73,8 @@ class openstack::murano::haproxy
if $service_enabled { if $service_enabled {
platform::haproxy::proxy { 'murano-restapi': platform::haproxy::proxy { 'murano-restapi':
server_name => 's-murano-restapi', server_name => 's-murano-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -115,24 +115,24 @@ class openstack::murano
include ::murano::params include ::murano::params
class {'::murano': class {'::murano':
use_syslog => true, use_syslog => true,
log_facility => 'local2', log_facility => 'local2',
service_host => $::platform::network::mgmt::params::controller_address, service_host => $::platform::network::mgmt::params::controller_address,
service_port => '8082', service_port => '8082',
database_idle_timeout => $database_idle_timeout, database_idle_timeout => $database_idle_timeout,
database_max_pool_size => $database_max_pool_size, database_max_pool_size => $database_max_pool_size,
database_max_overflow => $database_max_overflow, database_max_overflow => $database_max_overflow,
sync_db => false, sync_db => false,
rabbit_own_user => $::openstack::murano::params::auth_user, rabbit_own_user => $::openstack::murano::params::auth_user,
rabbit_own_password => $::openstack::murano::params::auth_password, rabbit_own_password => $::openstack::murano::params::auth_password,
rabbit_own_host => $::platform::network::oam::params::controller_address, rabbit_own_host => $::platform::network::oam::params::controller_address,
rabbit_own_port => $murano_rabbit_port, rabbit_own_port => $murano_rabbit_port,
rabbit_own_vhost => "/", rabbit_own_vhost => '/',
rabbit_own_use_ssl => $ssl, rabbit_own_use_ssl => $ssl,
rabbit_own_ca_certs => $murano_cacert, rabbit_own_ca_certs => $murano_cacert,
disable_murano_agent => $disable_murano_agent, disable_murano_agent => $disable_murano_agent,
api_workers => $::platform::params::eng_workers_by_4, api_workers => $::platform::params::eng_workers_by_4,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
# this rabbitmq is separate from the main one and used only for murano # this rabbitmq is separate from the main one and used only for murano
@ -169,11 +169,11 @@ define enable_murano_agent_rabbitmq {
# Rabbit configuration parameters # Rabbit configuration parameters
$amqp_platform_sw_version = $::platform::params::software_version $amqp_platform_sw_version = $::platform::params::software_version
$kombu_ssl_ca_certs = "$::openstack::murano::params::rabbit_certs_dir/ca-cert.pem" $kombu_ssl_ca_certs = "${::openstack::murano::params::rabbit_certs_dir}/ca-cert.pem"
$kombu_ssl_keyfile = "$::openstack::murano::params::rabbit_certs_dir/key.pem" $kombu_ssl_keyfile = "${::openstack::murano::params::rabbit_certs_dir}/key.pem"
$kombu_ssl_certfile = "$::openstack::murano::params::rabbit_certs_dir/cert.pem" $kombu_ssl_certfile = "${::openstack::murano::params::rabbit_certs_dir}/cert.pem"
$murano_rabbit_dir = "/var/lib/rabbitmq/murano" $murano_rabbit_dir = '/var/lib/rabbitmq/murano'
$rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}" $rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}"
$mnesia_base = "${rabbit_home}/mnesia" $mnesia_base = "${rabbit_home}/mnesia"
$rabbit_node = $::platform::amqp::params::node $rabbit_node = $::platform::amqp::params::node
@ -196,33 +196,33 @@ define enable_murano_agent_rabbitmq {
$rabbit_tcp_listen_options = $::openstack::murano::params::rabbit_tcp_listen_options $rabbit_tcp_listen_options = $::openstack::murano::params::rabbit_tcp_listen_options
# murano rabbit ssl certificates are placed here # murano rabbit ssl certificates are placed here
file { "$::openstack::murano::params::rabbit_certs_dir": file { $::openstack::murano::params::rabbit_certs_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
if $::platform::params::init_database { if $::platform::params::init_database {
file { "${murano_rabbit_dir}": file { $murano_rabbit_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${rabbit_home}": -> file { $rabbit_home:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${mnesia_base}": -> file { $mnesia_base:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> Class['::rabbitmq'] } -> Class['::rabbitmq']
} }
@ -240,7 +240,7 @@ define enable_murano_agent_rabbitmq {
$rabbitmq_conf_template= 'openstack/murano-rabbitmq.config.erb' $rabbitmq_conf_template= 'openstack/murano-rabbitmq.config.erb'
} }
file { "/etc/rabbitmq/murano-rabbitmq.config": file { '/etc/rabbitmq/murano-rabbitmq.config':
ensure => present, ensure => present,
owner => 'rabbitmq', owner => 'rabbitmq',
group => 'rabbitmq', group => 'rabbitmq',
@ -248,7 +248,7 @@ define enable_murano_agent_rabbitmq {
content => template($rabbitmq_conf_template), content => template($rabbitmq_conf_template),
} }
file { "/etc/rabbitmq/murano-rabbitmq-env.conf": file { '/etc/rabbitmq/murano-rabbitmq-env.conf':
ensure => present, ensure => present,
owner => 'rabbitmq', owner => 'rabbitmq',
group => 'rabbitmq', group => 'rabbitmq',
@ -261,28 +261,28 @@ class openstack::murano::upgrade {
include ::platform::params include ::platform::params
$amqp_platform_sw_version = $::platform::params::software_version $amqp_platform_sw_version = $::platform::params::software_version
$murano_rabbit_dir = "/var/lib/rabbitmq/murano" $murano_rabbit_dir = '/var/lib/rabbitmq/murano'
$rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}" $rabbit_home = "${murano_rabbit_dir}/${amqp_platform_sw_version}"
$mnesia_base = "${rabbit_home}/mnesia" $mnesia_base = "${rabbit_home}/mnesia"
file { "${murano_rabbit_dir}": file { $murano_rabbit_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${rabbit_home}": -> file { $rabbit_home:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${mnesia_base}": -> file { $mnesia_base:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} }

141
puppet-manifests/src/modules/openstack/manifests/neutron.pp
View File

@ -18,7 +18,7 @@ class openstack::neutron
include ::neutron::logging include ::neutron::logging
class { '::neutron': class { '::neutron':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
} }
@ -50,14 +50,14 @@ define openstack::neutron::sdn::controller (
platform::firewall::rule { $name: platform::firewall::rule { $name:
service_name => $name, service_name => $name,
table => 'nat', table => 'nat',
chain => 'POSTROUTING', chain => 'POSTROUTING',
proto => $firewall_proto_transport, proto => $firewall_proto_transport,
outiface => $oam_interface, outiface => $oam_interface,
tosource => $oam_address, tosource => $oam_address,
destination => $ip_address, destination => $ip_address,
host => $mgmt_subnet, host => $mgmt_subnet,
jump => 'SNAT', jump => 'SNAT',
} }
} }
} }
@ -80,9 +80,9 @@ class openstack::neutron::odl
create_resources('openstack::neutron::sdn::controller', $controller_config, {}) create_resources('openstack::neutron::sdn::controller', $controller_config, {})
} }
class {'::neutron::plugins::ml2::opendaylight': class {'::neutron::plugins::ml2::opendaylight':
odl_username => $username, odl_username => $username,
odl_password => $password, odl_password => $password,
odl_url => $url, odl_url => $url,
port_binding_controller => $port_binding_controller, port_binding_controller => $port_binding_controller,
} }
} }
@ -91,7 +91,7 @@ class openstack::neutron::odl
class openstack::neutron::bgp class openstack::neutron::bgp
inherits ::openstack::neutron::params { inherits ::openstack::neutron::params {
if $bgp_router_id { if $bgp_router_id {
class {'::neutron::bgp': class {'::neutron::bgp':
bgp_router_id => $bgp_router_id, bgp_router_id => $bgp_router_id,
} }
@ -100,38 +100,38 @@ class openstack::neutron::bgp
} }
exec { 'systemctl enable neutron-bgp-dragent.service': exec { 'systemctl enable neutron-bgp-dragent.service':
command => "systemctl enable neutron-bgp-dragent.service", command => 'systemctl enable neutron-bgp-dragent.service',
} }
exec { 'systemctl restart neutron-bgp-dragent.service': exec { 'systemctl restart neutron-bgp-dragent.service':
command => "systemctl restart neutron-bgp-dragent.service", command => 'systemctl restart neutron-bgp-dragent.service',
} }
file { '/etc/pmon.d/': file { '/etc/pmon.d/':
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
file { "/etc/pmon.d/neutron-bgp-dragent.conf": file { '/etc/pmon.d/neutron-bgp-dragent.conf':
ensure => link, ensure => link,
target => "/etc/neutron/pmon/neutron-bgp-dragent.conf", target => '/etc/neutron/pmon/neutron-bgp-dragent.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} }
} else { } else {
exec { 'pmon-stop neutron-bgp-dragent': exec { 'pmon-stop neutron-bgp-dragent':
command => "pmon-stop neutron-bgp-dragent", command => 'pmon-stop neutron-bgp-dragent',
} -> }
exec { 'rm -f /etc/pmon.d/neutron-bgp-dragent.conf': -> exec { 'rm -f /etc/pmon.d/neutron-bgp-dragent.conf':
command => "rm -f /etc/pmon.d/neutron-bgp-dragent.conf", command => 'rm -f /etc/pmon.d/neutron-bgp-dragent.conf',
} -> }
exec { 'systemctl disable neutron-bgp-dragent.service': -> exec { 'systemctl disable neutron-bgp-dragent.service':
command => "systemctl disable neutron-bgp-dragent.service", command => 'systemctl disable neutron-bgp-dragent.service',
} -> }
exec { 'systemctl stop neutron-bgp-dragent.service': -> exec { 'systemctl stop neutron-bgp-dragent.service':
command => "systemctl stop neutron-bgp-dragent.service", command => 'systemctl stop neutron-bgp-dragent.service',
} }
} }
} }
@ -148,12 +148,12 @@ class openstack::neutron::sfc (
if $sfc_drivers { if $sfc_drivers {
class {'::neutron::sfc': class {'::neutron::sfc':
sfc_drivers => $sfc_drivers, sfc_drivers => $sfc_drivers,
flowclassifier_drivers => $flowclassifier_drivers, flowclassifier_drivers => $flowclassifier_drivers,
quota_flow_classifier => $sfc_quota_flow_classifier, quota_flow_classifier => $sfc_quota_flow_classifier,
quota_port_chain => $sfc_quota_port_chain, quota_port_chain => $sfc_quota_port_chain,
quota_port_pair_group => $sfc_quota_port_pair_group, quota_port_pair_group => $sfc_quota_port_pair_group,
quota_port_pair => $sfc_quota_port_pair, quota_port_pair => $sfc_quota_port_pair,
} }
} }
} }
@ -174,12 +174,12 @@ class openstack::neutron::server {
class { '::neutron::server': class { '::neutron::server':
api_workers => $::platform::params::eng_workers_by_2, api_workers => $::platform::params::eng_workers_by_2,
rpc_workers => $::platform::params::eng_workers_by_2, rpc_workers => $::platform::params::eng_workers_by_2,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
} }
file { '/etc/neutron/api-paste.ini': file { '/etc/neutron/api-paste.ini':
ensure => file, ensure => file,
mode => '0640', mode => '0640',
} }
Class['::neutron::server'] -> File['/etc/neutron/api-paste.ini'] Class['::neutron::server'] -> File['/etc/neutron/api-paste.ini']
@ -238,28 +238,28 @@ class openstack::neutron::agents
} }
} }
file { "/etc/pmon.d/neutron-dhcp-agent.conf": file { '/etc/pmon.d/neutron-dhcp-agent.conf':
ensure => $pmon_ensure, ensure => $pmon_ensure,
target => "/etc/neutron/pmon/neutron-dhcp-agent.conf", target => '/etc/neutron/pmon/neutron-dhcp-agent.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
file { "/etc/pmon.d/neutron-metadata-agent.conf": file { '/etc/pmon.d/neutron-metadata-agent.conf':
ensure => $pmon_ensure, ensure => $pmon_ensure,
target => "/etc/neutron/pmon/neutron-metadata-agent.conf", target => '/etc/neutron/pmon/neutron-metadata-agent.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
file { "/etc/pmon.d/neutron-sriov-nic-agent.conf": file { '/etc/pmon.d/neutron-sriov-nic-agent.conf':
ensure => $pmon_ensure, ensure => $pmon_ensure,
target => "/etc/neutron/pmon/neutron-sriov-nic-agent.conf", target => '/etc/neutron/pmon/neutron-sriov-nic-agent.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} }
@ -272,19 +272,18 @@ class openstack::neutron::firewall
ports => $api_port, ports => $api_port,
} }
if $bgp_router_id { if $bgp_router_id {
platform::firewall::rule { 'ryu-bgp-port': platform::firewall::rule { 'ryu-bgp-port':
service_name => 'neutron', service_name => 'neutron',
ports => $bgp_port, ports => $bgp_port,
} }
} else { } else {
platform::firewall::rule { 'ryu-bgp-port': platform::firewall::rule { 'ryu-bgp-port':
service_name => 'neutron', service_name => 'neutron',
ports => $bgp_port, ports => $bgp_port,
ensure => absent ensure => absent
} }
} }
} }
@ -292,8 +291,8 @@ class openstack::neutron::haproxy
inherits ::openstack::neutron::params { inherits ::openstack::neutron::params {
platform::haproxy::proxy { 'neutron-restapi': platform::haproxy::proxy { 'neutron-restapi':
server_name => 's-neutron', server_name => 's-neutron',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }

260
puppet-manifests/src/modules/openstack/manifests/nova.pp
View File

@ -42,7 +42,7 @@ class openstack::nova {
$metadata_host = $::platform::network::mgmt::params::controller_address $metadata_host = $::platform::network::mgmt::params::controller_address
class { '::nova': class { '::nova':
rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, rabbit_use_ssl => $::platform::amqp::params::ssl_enabled,
default_transport_url => $::platform::amqp::params::transport_url, default_transport_url => $::platform::amqp::params::transport_url,
} }
@ -68,9 +68,9 @@ class openstack::nova::sshd
enable => true, enable => true,
} }
file { "/etc/ssh/sshd_config": file { '/etc/ssh/sshd_config':
notify => Service['sshd'],
ensure => 'present' , ensure => 'present' ,
notify => Service['sshd'],
mode => '0600', mode => '0600',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -79,7 +79,7 @@ class openstack::nova::sshd
} }
class openstack::nova::controller class openstack::nova::controller
inherits ::openstack::nova::params { inherits ::openstack::nova::params {
include ::platform::params include ::platform::params
@ -108,12 +108,12 @@ class openstack::nova::controller
# Run nova-manage to purge deleted rows daily at 15 minute mark # Run nova-manage to purge deleted rows daily at 15 minute mark
cron { 'nova-purge-deleted': cron { 'nova-purge-deleted':
ensure => 'present', ensure => 'present',
command => '/usr/bin/nova-purge-deleted-active', command => '/usr/bin/nova-purge-deleted-active',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => '15', minute => '15',
hour => '*/24', hour => '*/24',
user => 'root', user => 'root',
} }
} }
@ -142,9 +142,9 @@ class openstack::nova::compute (
include ::openstack::nova::sshd include ::openstack::nova::sshd
$host_private_key_file = $host_key_type ? { $host_private_key_file = $host_key_type ? {
'ssh-rsa' => "/etc/ssh/ssh_host_rsa_key", 'ssh-rsa' => '/etc/ssh/ssh_host_rsa_key',
'ssh-dsa' => "/etc/ssh/ssh_host_dsa_key", 'ssh-dsa' => '/etc/ssh/ssh_host_dsa_key',
'ssh-ecdsa' => "/etc/ssh/ssh_host_ecdsa_key", 'ssh-ecdsa' => '/etc/ssh/ssh_host_ecdsa_key',
default => undef default => undef
} }
@ -153,9 +153,9 @@ class openstack::nova::compute (
} }
$host_public_key_file = $host_key_type ? { $host_public_key_file = $host_key_type ? {
'ssh-rsa' => "/etc/ssh/ssh_host_rsa_key.pub", 'ssh-rsa' => '/etc/ssh/ssh_host_rsa_key.pub',
'ssh-dsa' => "/etc/ssh/ssh_host_dsa_key.pub", 'ssh-dsa' => '/etc/ssh/ssh_host_dsa_key.pub',
'ssh-ecdsa' => "/etc/ssh/ssh_host_ecdsa_key.pub", 'ssh-ecdsa' => '/etc/ssh/ssh_host_ecdsa_key.pub',
default => undef default => undef
} }
@ -164,20 +164,20 @@ class openstack::nova::compute (
} }
file { '/etc/ssh': file { '/etc/ssh':
ensure => directory, ensure => directory,
mode => '0700', mode => '0700',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
file { $host_private_key_file: -> file { $host_private_key_file:
content => $host_private_key, content => $host_private_key,
mode => '0600', mode => '0600',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
file { $host_public_key_file: -> file { $host_public_key_file:
content => "${host_public_header} ${host_public_key}", content => "${host_public_header} ${host_public_key}",
mode => '0644', mode => '0644',
owner => 'root', owner => 'root',
@ -200,20 +200,20 @@ class openstack::nova::compute (
"command=\"/usr/bin/nova_authorized_cmds\"" ] "command=\"/usr/bin/nova_authorized_cmds\"" ]
file { '/root/.ssh': file { '/root/.ssh':
ensure => directory, ensure => directory,
mode => '0700', mode => '0700',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
file { $migration_private_key_file: -> file { $migration_private_key_file:
content => $migration_private_key, content => $migration_private_key,
mode => '0600', mode => '0600',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
ssh_authorized_key { 'nova-migration-key-authorization': -> ssh_authorized_key { 'nova-migration-key-authorization':
ensure => present, ensure => present,
key => $migration_public_key, key => $migration_public_key,
type => $migration_key_type, type => $migration_key_type,
@ -253,17 +253,17 @@ class openstack::nova::compute (
} }
include ::openstack::glance::params include ::openstack::glance::params
if "rbd" in $::openstack::glance::params::enabled_backends { if 'rbd' in $::openstack::glance::params::enabled_backends {
$libvirt_inject_partition = "-2" $libvirt_inject_partition = '-2'
$libvirt_images_type = "rbd" $libvirt_images_type = 'rbd'
} else { } else {
$libvirt_inject_partition = "-1" $libvirt_inject_partition = '-1'
$libvirt_images_type = "default" $libvirt_images_type = 'default'
} }
class { '::nova::compute::libvirt': class { '::nova::compute::libvirt':
libvirt_virt_type => $libvirt_virt_type, libvirt_virt_type => $libvirt_virt_type,
vncserver_listen => $libvirt_vnc_bind_host, vncserver_listen => $libvirt_vnc_bind_host,
libvirt_inject_partition => $libvirt_inject_partition, libvirt_inject_partition => $libvirt_inject_partition,
} }
@ -277,32 +277,32 @@ class openstack::nova::compute (
'libvirt/volume_use_multipath': value => $::platform::multipath::params::enabled; 'libvirt/volume_use_multipath': value => $::platform::multipath::params::enabled;
# enable auto-converge by default # enable auto-converge by default
'libvirt/live_migration_permit_auto_converge': value => "True"; 'libvirt/live_migration_permit_auto_converge': value => 'True';
# Change the nfs mount options to provide faster detection of unclean # Change the nfs mount options to provide faster detection of unclean
# shutdown (e.g. if controller is powered down). # shutdown (e.g. if controller is powered down).
"DEFAULT/nfs_mount_options": value => $::platform::params::nfs_mount_options; 'DEFAULT/nfs_mount_options': value => $::platform::params::nfs_mount_options;
# WRS extension: compute_resource_debug # WRS extension: compute_resource_debug
"DEFAULT/compute_resource_debug": value => "False"; 'DEFAULT/compute_resource_debug': value => 'False';
# WRS extension: reap running deleted VMs # WRS extension: reap running deleted VMs
"DEFAULT/running_deleted_instance_action": value => "reap"; 'DEFAULT/running_deleted_instance_action': value => 'reap';
"DEFAULT/running_deleted_instance_poll_interval": value => "60"; 'DEFAULT/running_deleted_instance_poll_interval': value => '60';
# Delete rbd_user, for now # Delete rbd_user, for now
"DEFAULT/rbd_user": ensure => 'absent'; 'DEFAULT/rbd_user': ensure => 'absent';
# write metadata to a special configuration drive # write metadata to a special configuration drive
"DEFAULT/mkisofs_cmd": value => "/usr/bin/genisoimage"; 'DEFAULT/mkisofs_cmd': value => '/usr/bin/genisoimage';
# configure metrics # configure metrics
"DEFAULT/compute_available_monitors": 'DEFAULT/compute_available_monitors':
value => "nova.compute.monitors.all_monitors"; value => 'nova.compute.monitors.all_monitors';
"DEFAULT/compute_monitors": value => $compute_monitors; 'DEFAULT/compute_monitors': value => $compute_monitors;
# need retries under heavy I/O loads # need retries under heavy I/O loads
"DEFAULT/network_allocate_retries": value => 2; 'DEFAULT/network_allocate_retries': value => 2;
# TODO(mpeters): confirm if this is still required - deprecated # TODO(mpeters): confirm if this is still required - deprecated
'DEFAULT/volume_api_class': value => 'nova.volume.cinder.API'; 'DEFAULT/volume_api_class': value => 'nova.volume.cinder.API';
@ -310,7 +310,7 @@ class openstack::nova::compute (
'DEFAULT/default_ephemeral_format': value => 'ext4'; 'DEFAULT/default_ephemeral_format': value => 'ext4';
# turn on service tokens # turn on service tokens
'service_user/send_service_user_token': value => 'true'; 'service_user/send_service_user_token': value => true;
'service_user/project_name': value => $::nova::keystone::authtoken::project_name; 'service_user/project_name': value => $::nova::keystone::authtoken::project_name;
'service_user/password': value => $::nova::keystone::authtoken::password; 'service_user/password': value => $::nova::keystone::authtoken::password;
'service_user/username': value => $::nova::keystone::authtoken::username; 'service_user/username': value => $::nova::keystone::authtoken::username;
@ -323,57 +323,57 @@ class openstack::nova::compute (
file_line {'cgroup_controllers': file_line {'cgroup_controllers':
ensure => present, ensure => present,
path => '/etc/libvirt/qemu.conf', path => '/etc/libvirt/qemu.conf',
line => 'cgroup_controllers = [ "cpu", "cpuacct" ]', line => 'cgroup_controllers = [ "cpu", "cpuacct" ]',
match => '^cgroup_controllers = .*', match => '^cgroup_controllers = .*',
} }
if $iscsi_initiator_name { if $iscsi_initiator_name {
$initiator_content = "InitiatorName=${iscsi_initiator_name}\n" $initiator_content = "InitiatorName=${iscsi_initiator_name}\n"
file { "/etc/iscsi/initiatorname.iscsi": file { '/etc/iscsi/initiatorname.iscsi':
ensure => 'present', ensure => 'present',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
content => $initiator_content, content => $initiator_content,
} -> }
exec { "Restart iscsid.service": -> exec { 'Restart iscsid.service':
command => "bash -c 'systemctl restart iscsid.service'", command => "bash -c 'systemctl restart iscsid.service'",
onlyif => "systemctl status iscsid.service", onlyif => 'systemctl status iscsid.service',
} }
} }
} }
define openstack::nova::storage::wipe_new_pv { define openstack::nova::storage::wipe_new_pv {
$cmd = join(["/sbin/pvs --nosuffix --noheadings ",$name," 2>/dev/null | grep nova-local || true"]) $cmd = join(['/sbin/pvs --nosuffix --noheadings ',$name,' 2>/dev/null | grep nova-local || true'])
$result = generate("/bin/sh", "-c", $cmd) $result = generate('/bin/sh', '-c', $cmd)
if $result !~ /nova-local/ { if $result !~ /nova-local/ {
exec { "Wipe New PV not in VG - $name": exec { "Wipe New PV not in VG - ${name}":
provider => shell, provider => shell,
command => "wipefs -a $name", command => "wipefs -a ${name}",
before => Lvm::Volume[instances_lv], before => Lvm::Volume[instances_lv],
require => Exec['remove device mapper mapping'] require => Exec['remove device mapper mapping']
} }
} }
} }
define openstack::nova::storage::wipe_pv_and_format { define openstack::nova::storage::wipe_pv_and_format {
if $name !~ /part/ { if $name !~ /part/ {
exec { "Wipe removing PV $name": exec { "Wipe removing PV ${name}":
provider => shell, provider => shell,
command => "wipefs -a $name", command => "wipefs -a ${name}",
require => File_line[disable_old_lvg_disks] require => File_line[disable_old_lvg_disks]
} -> }
exec { "GPT format disk PV - $name": -> exec { "GPT format disk PV - ${name}":
provider => shell, provider => shell,
command => "parted -a optimal --script $name -- mktable gpt", command => "parted -a optimal --script ${name} -- mktable gpt",
} }
} }
else { else {
exec { "Wipe removing PV $name": exec { "Wipe removing PV ${name}":
provider => shell, provider => shell,
command => "wipefs -a $name", command => "wipefs -a ${name}",
require => File_line[disable_old_lvg_disks] require => File_line[disable_old_lvg_disks]
} }
} }
} }
@ -389,8 +389,8 @@ class openstack::nova::storage (
$images_rbd_pool = 'ephemeral', $images_rbd_pool = 'ephemeral',
$images_rbd_ceph_conf = '/etc/ceph/ceph.conf' $images_rbd_ceph_conf = '/etc/ceph/ceph.conf'
) { ) {
$adding_pvs_str = join($adding_pvs," ") $adding_pvs_str = join($adding_pvs,' ')
$removing_pvs_str = join($removing_pvs," ") $removing_pvs_str = join($removing_pvs,' ')
# Ensure partitions update prior to local storage configuration # Ensure partitions update prior to local storage configuration
Class['::platform::partitions'] -> Class[$name] Class['::platform::partitions'] -> Class[$name]
@ -418,7 +418,7 @@ class openstack::nova::storage (
} }
nova_config { nova_config {
"DEFAULT/concurrent_disk_operations": value => $concurrent_disk_operations; 'DEFAULT/concurrent_disk_operations': value => $concurrent_disk_operations;
} }
::openstack::nova::storage::wipe_new_pv { $adding_pvs: } ::openstack::nova::storage::wipe_new_pv { $adding_pvs: }
@ -428,56 +428,56 @@ class openstack::nova::storage (
path => '/etc/lvm/lvm.conf', path => '/etc/lvm/lvm.conf',
line => " global_filter = ${lvm_update_filter}", line => " global_filter = ${lvm_update_filter}",
match => '^[ ]*global_filter =', match => '^[ ]*global_filter =',
} -> }
nova_config { -> nova_config {
"libvirt/images_type": value => $images_type; 'libvirt/images_type': value => $images_type;
"libvirt/images_volume_group": value => $images_volume_group; 'libvirt/images_volume_group': value => $images_volume_group;
"libvirt/images_rbd_pool": value => $images_rbd_pool_real; 'libvirt/images_rbd_pool': value => $images_rbd_pool_real;
"libvirt/images_rbd_ceph_conf": value => $images_rbd_ceph_conf_real; 'libvirt/images_rbd_ceph_conf': value => $images_rbd_ceph_conf_real;
} -> }
exec { 'umount /var/lib/nova/instances': -> exec { 'umount /var/lib/nova/instances':
command => 'umount /var/lib/nova/instances; true', command => 'umount /var/lib/nova/instances; true',
} -> }
exec { 'umount /dev/nova-local/instances_lv': -> exec { 'umount /dev/nova-local/instances_lv':
command => 'umount /dev/nova-local/instances_lv; true', command => 'umount /dev/nova-local/instances_lv; true',
} -> }
exec { 'remove udev leftovers': -> exec { 'remove udev leftovers':
unless => 'vgs nova-local', unless => 'vgs nova-local',
command => 'rm -rf /dev/nova-local || true', command => 'rm -rf /dev/nova-local || true',
} -> }
exec { 'remove device mapper mapping': -> exec { 'remove device mapper mapping':
command => "dmsetup remove /dev/mapper/nova--local-instances_lv || true", command => 'dmsetup remove /dev/mapper/nova--local-instances_lv || true',
} -> }
file_line { 'disable_old_lvg_disks': -> file_line { 'disable_old_lvg_disks':
path => '/etc/lvm/lvm.conf', path => '/etc/lvm/lvm.conf',
line => " global_filter = ${lvm_global_filter}", line => " global_filter = ${lvm_global_filter}",
match => '^[ ]*global_filter =', match => '^[ ]*global_filter =',
} -> }
exec { 'add device mapper mapping': -> exec { 'add device mapper mapping':
command => 'lvchange -ay /dev/nova-local/instances_lv || true', command => 'lvchange -ay /dev/nova-local/instances_lv || true',
} -> }
lvm::volume { 'instances_lv': -> lvm::volume { 'instances_lv':
ensure => 'present', ensure => 'present',
vg => 'nova-local', vg => 'nova-local',
pv => $final_pvs, pv => $final_pvs,
size => 'max', size => 'max',
round_to_extent => $round_to_extent, round_to_extent => $round_to_extent,
allow_reduce => true, allow_reduce => true,
nuke_fs_on_resize_failure => true, nuke_fs_on_resize_failure => true,
} -> }
filesystem { '/dev/nova-local/instances_lv': -> filesystem { '/dev/nova-local/instances_lv':
ensure => present, ensure => present,
fs_type => 'ext4', fs_type => 'ext4',
options => '-F -F', options => '-F -F',
require => Logical_volume['instances_lv'] require => Logical_volume['instances_lv']
} -> }
file { '/var/lib/nova/instances': -> file { '/var/lib/nova/instances':
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
exec { 'mount /dev/nova-local/instances_lv': -> exec { 'mount /dev/nova-local/instances_lv':
unless => 'mount | grep -q /var/lib/nova/instances', unless => 'mount | grep -q /var/lib/nova/instances',
command => 'mount -t ext4 /dev/nova-local/instances_lv /var/lib/nova/instances', command => 'mount -t ext4 /dev/nova-local/instances_lv /var/lib/nova/instances',
} }
@ -523,30 +523,30 @@ class openstack::nova::haproxy
inherits ::openstack::nova::params { inherits ::openstack::nova::params {
platform::haproxy::proxy { 'nova-restapi': platform::haproxy::proxy { 'nova-restapi':
server_name => 's-nova', server_name => 's-nova',
public_port => $nova_api_port, public_port => $nova_api_port,
private_port => $nova_api_port, private_port => $nova_api_port,
} }
platform::haproxy::proxy { 'placement-restapi': platform::haproxy::proxy { 'placement-restapi':
server_name => 's-placement', server_name => 's-placement',
public_port => $placement_port, public_port => $placement_port,
private_port => $placement_port, private_port => $placement_port,
} }
platform::haproxy::proxy { 'nova-novnc': platform::haproxy::proxy { 'nova-novnc':
server_name => 's-nova-novnc', server_name => 's-nova-novnc',
public_port => $nova_novnc_port, public_port => $nova_novnc_port,
private_port => $nova_novnc_port, private_port => $nova_novnc_port,
x_forwarded_proto => false, x_forwarded_proto => false,
} }
platform::haproxy::proxy { 'nova-serial': platform::haproxy::proxy { 'nova-serial':
server_name => 's-nova-serial', server_name => 's-nova-serial',
public_port => $nova_serial_port, public_port => $nova_serial_port,
private_port => $nova_serial_port, private_port => $nova_serial_port,
server_timeout => $timeout, server_timeout => $timeout,
client_timeout => $timeout, client_timeout => $timeout,
x_forwarded_proto => false, x_forwarded_proto => false,
} }
} }
@ -564,10 +564,10 @@ class openstack::nova::api::services
include ::nova_api_proxy::config include ::nova_api_proxy::config
class {'::nova::api': class {'::nova::api':
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
sync_db_api => $::platform::params::init_database, sync_db_api => $::platform::params::init_database,
osapi_compute_workers => $::platform::params::eng_workers, osapi_compute_workers => $::platform::params::eng_workers,
metadata_workers => $::platform::params::eng_workers_by_2, metadata_workers => $::platform::params::eng_workers_by_2,
} }
} }
@ -597,7 +597,7 @@ class openstack::nova::api
class openstack::nova::conductor::reload { class openstack::nova::conductor::reload {
exec { 'signal-nova-conductor': exec { 'signal-nova-conductor':
command => "pkill -HUP nova-conductor", command => 'pkill -HUP nova-conductor',
} }
} }
@ -646,7 +646,7 @@ class openstack::nova::compute::pci
# empty string if the list is empty, causing the nova-compute process to fail. # empty string if the list is empty, causing the nova-compute process to fail.
if $pci_sriov_whitelist { if $pci_sriov_whitelist {
class { '::nova::compute::pci': class { '::nova::compute::pci':
passthrough => generate("/usr/bin/nova-sriov", passthrough => generate('/usr/bin/nova-sriov',
$pci_pt_whitelist, $pci_sriov_whitelist), $pci_pt_whitelist, $pci_sriov_whitelist),
} }
} else { } else {
@ -662,7 +662,7 @@ class openstack::nova::compute::reload {
if $::platform::kubernetes::params::enabled != true { if $::platform::kubernetes::params::enabled != true {
exec { 'pmon-restart-nova-compute': exec { 'pmon-restart-nova-compute':
command => "pmon-restart nova-compute", command => 'pmon-restart nova-compute',
} }
} }
} }

24
puppet-manifests/src/modules/openstack/manifests/panko.pp
View File

@ -30,13 +30,13 @@ class openstack::panko
# WRS register panko-expirer-active in cron to run once each hour # WRS register panko-expirer-active in cron to run once each hour
cron { 'panko-expirer': cron { 'panko-expirer':
ensure => 'present', ensure => 'present',
command => '/usr/bin/panko-expirer-active', command => '/usr/bin/panko-expirer-active',
environment => 'PATH=/bin:/usr/bin:/usr/sbin', environment => 'PATH=/bin:/usr/bin:/usr/sbin',
minute => 10, minute => 10,
hour => '*', hour => '*',
monthday => '*', monthday => '*',
user => 'root', user => 'root',
} }
} }
} }
@ -55,8 +55,8 @@ class openstack::panko::haproxy
inherits ::openstack::panko::params { inherits ::openstack::panko::params {
platform::haproxy::proxy { 'panko-restapi': platform::haproxy::proxy { 'panko-restapi':
server_name => 's-panko-restapi', server_name => 's-panko-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -74,7 +74,7 @@ class openstack::panko::api
# panko::keystone::auth::configure_endpoint which is # panko::keystone::auth::configure_endpoint which is
# set via sysinv puppet # set via sysinv puppet
if $::openstack::panko::params::service_create and if $::openstack::panko::params::service_create and
$::platform::params::init_keystone { $::platform::params::init_keystone {
include ::panko::keystone::auth include ::panko::keystone::auth
} }
@ -96,9 +96,9 @@ class openstack::panko::api
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
} -> }
class { '::panko::api': -> class { '::panko::api':
host => $api_host, host => $api_host,
workers => $api_workers, workers => $api_workers,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
} }

8
puppet-manifests/src/modules/openstack/manifests/swift.pp
View File

@ -13,7 +13,7 @@ class openstack::swift::firewall
platform::firewall::rule { 'swift-api': platform::firewall::rule { 'swift-api':
service_name => 'swift', service_name => 'swift',
ports => $api_port, ports => $api_port,
} }
} }
@ -22,8 +22,8 @@ class openstack::swift::haproxy
inherits ::openstack::swift::params { inherits ::openstack::swift::params {
platform::haproxy::proxy { 'swift-restapi': platform::haproxy::proxy { 'swift-restapi':
server_name => 's-swift', server_name => 's-swift',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -43,7 +43,7 @@ class openstack::swift
if $service_enabled { if $service_enabled {
if str2bool($::is_controller_active) or if str2bool($::is_controller_active) or
str2bool($::is_standalone_controller) { str2bool($::is_standalone_controller) {
class { '::swift::keystone::auth': class { '::swift::keystone::auth':
configure_s3_endpoint => false, configure_s3_endpoint => false,
} }

2
puppet-manifests/src/modules/openstack/templates/murano-rabbitmq.config.erb
View File

@ -12,7 +12,7 @@
{default_pass, <<"<%= @default_pass %>">>} {default_pass, <<"<%= @default_pass %>">>}
]}, ]},
{kernel, [ {kernel, [
]} ]}
]. ].
% EOF % EOF

2
puppet-manifests/src/modules/openstack/templates/murano-rabbitmq.config.ssl.erb
View File

@ -24,7 +24,7 @@
{default_pass, <<"<%= @default_pass %>">>} {default_pass, <<"<%= @default_pass %>">>}
]}, ]},
{kernel, [ {kernel, [
]} ]}
]. ].
% EOF % EOF

6
puppet-manifests/src/modules/platform/files/docker-distribution
View File

@ -15,7 +15,7 @@ status()
RETVAL=0 RETVAL=0
echo "$DESC is running" echo "$DESC is running"
return return
else else
echo "$DESC is Not running" echo "$DESC is Not running"
RETVAL=1 RETVAL=1
fi fi
@ -33,7 +33,7 @@ start()
rm -f $PIDFILE rm -f $PIDFILE
fi fi
fi fi
echo "Starting $SERVICE..." echo "Starting $SERVICE..."
systemctl start $SERVICE systemctl start $SERVICE
@ -45,7 +45,7 @@ start()
echo "$SERVICE failed!" echo "$SERVICE failed!"
RETVAL=1 RETVAL=1
fi fi
} }
stop() stop()

6
puppet-manifests/src/modules/platform/files/etcd
View File

@ -27,7 +27,7 @@ status()
RETVAL=0 RETVAL=0
echo "$DESC is running" echo "$DESC is running"
return return
else else
echo "$DESC is Not running" echo "$DESC is Not running"
RETVAL=1 RETVAL=1
fi fi
@ -45,7 +45,7 @@ start()
rm -f $PIDFILE rm -f $PIDFILE
fi fi
fi fi
echo "Starting $SERVICE..." echo "Starting $SERVICE..."
systemctl start $SERVICE systemctl start $SERVICE
@ -57,7 +57,7 @@ start()
echo "$SERVICE failed!" echo "$SERVICE failed!"
RETVAL=1 RETVAL=1
fi fi
} }
stop() stop()

2
puppet-manifests/src/modules/platform/lib/facter/is_initial_cinder_ceph_config.rb
View File

@ -1,4 +1,4 @@
# Returns true if cinder ceph needs to be configured # Returns true if cinder ceph needs to be configured
Facter.add("is_initial_cinder_ceph_config") do Facter.add("is_initial_cinder_ceph_config") do
setcode do setcode do

2
puppet-manifests/src/modules/platform/lib/facter/is_initial_cinder_lvm_config.rb
View File

@ -1,4 +1,4 @@
# Returns true if cinder lvm needs to be configured # Returns true if cinder lvm needs to be configured
Facter.add("is_initial_cinder_lvm_config") do Facter.add("is_initial_cinder_lvm_config") do
setcode do setcode do

2
puppet-manifests/src/modules/platform/lib/facter/is_standalone_controller.rb
View File

@ -1,5 +1,5 @@
# Returns true is this is the only configured controller in the system else # Returns true is this is the only configured controller in the system else
# return false if both controllers are configured. # return false if both controllers are configured.
Facter.add("is_standalone_controller") do Facter.add("is_standalone_controller") do
setcode do setcode do

68
puppet-manifests/src/modules/platform/manifests/amqp.pp
View File

@ -50,20 +50,20 @@ class platform::amqp::rabbitmq (
$rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}"
class { '::rabbitmq': class { '::rabbitmq':
port => $port, port => $port,
ssl => $ssl_enabled, ssl => $ssl_enabled,
default_user => $auth_user, default_user => $auth_user,
default_pass => $auth_password, default_pass => $auth_password,
service_ensure => $service_ensure, service_ensure => $service_ensure,
rabbitmq_home => $rabbit_dbdir, rabbitmq_home => $rabbit_dbdir,
environment_variables => { environment_variables => {
'RABBITMQ_NODENAME' => $node, 'RABBITMQ_NODENAME' => $node,
'RABBITMQ_MNESIA_BASE' => "${rabbit_dbdir}/mnesia", 'RABBITMQ_MNESIA_BASE' => "${rabbit_dbdir}/mnesia",
'HOME' => $rabbit_dbdir, 'HOME' => $rabbit_dbdir,
}, },
config_variables => { config_variables => {
'disk_free_limit' => '100000000', 'disk_free_limit' => '100000000',
'heartbeat' => '30', 'heartbeat' => '30',
'tcp_listen_options' => '[binary, 'tcp_listen_options' => '[binary,
{packet,raw}, {packet,raw},
{reuseaddr,true}, {reuseaddr,true},
@ -83,7 +83,7 @@ class platform::amqp::post {
# To allow for the transition it must be explicitely stopped. Once puppet # To allow for the transition it must be explicitely stopped. Once puppet
# can directly handle SM managed services, then this can be removed. # can directly handle SM managed services, then this can be removed.
exec { 'stop rabbitmq-server service': exec { 'stop rabbitmq-server service':
command => "systemctl stop rabbitmq-server; systemctl disable rabbitmq-server", command => 'systemctl stop rabbitmq-server; systemctl disable rabbitmq-server',
} }
} }
@ -99,38 +99,38 @@ class platform::amqp::bootstrap {
# Ensure the rabbit data directory is created in the rabbit filesystem. # Ensure the rabbit data directory is created in the rabbit filesystem.
$rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}"
file { "${rabbit_dbdir}": file { $rabbit_dbdir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> Class['::rabbitmq'] } -> Class['::rabbitmq']
rabbitmq_policy {'notifications_queues_maxlen@/': rabbitmq_policy {'notifications_queues_maxlen@/':
require => Class['::rabbitmq'], require => Class['::rabbitmq'],
pattern => '.*notifications.*', pattern => '.*notifications.*',
priority => 0, priority => 0,
applyto => 'queues', applyto => 'queues',
definition => { definition => {
'max-length' => '10000', 'max-length' => '10000',
}, },
} }
rabbitmq_policy {'sample_queues_maxlen@/': rabbitmq_policy {'sample_queues_maxlen@/':
require => Class['::rabbitmq'], require => Class['::rabbitmq'],
pattern => '.*sample$', pattern => '.*sample$',
priority => 0, priority => 0,
applyto => 'queues', applyto => 'queues',
definition => { definition => {
'max-length' => '100000', 'max-length' => '100000',
}, },
} }
rabbitmq_policy {'all_queues_ttl@/': rabbitmq_policy {'all_queues_ttl@/':
require => Class['::rabbitmq'], require => Class['::rabbitmq'],
pattern => '.*', pattern => '.*',
priority => 0, priority => 0,
applyto => 'queues', applyto => 'queues',
definition => { definition => {
'expires' => '14400000', 'expires' => '14400000',
} }
@ -146,11 +146,11 @@ class platform::amqp::upgrade {
# Ensure the rabbit data directory is created in the rabbit filesystem. # Ensure the rabbit data directory is created in the rabbit filesystem.
$rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}"
file { "${rabbit_dbdir}": file { $rabbit_dbdir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> Class['::rabbitmq'] } -> Class['::rabbitmq']
} }

4
puppet-manifests/src/modules/platform/manifests/anchors.pp
View File

@ -1,4 +1,4 @@
class platform::anchors { class platform::anchors {
anchor { 'platform::networking': } -> anchor { 'platform::networking': }
anchor { 'platform::services': } -> anchor { 'platform::services': }
} }

150
puppet-manifests/src/modules/platform/manifests/ceph.pp
View File

@ -63,35 +63,35 @@ class platform::ceph
} }
class { '::ceph': class { '::ceph':
fsid => $cluster_uuid, fsid => $cluster_uuid,
authentication_type => $authentication_type, authentication_type => $authentication_type,
mon_initial_members => $mon_initial_members mon_initial_members => $mon_initial_members
} -> }
ceph_config { -> ceph_config {
"mon/mon clock drift allowed": value => ".1"; 'mon/mon clock drift allowed': value => '.1';
"client.restapi/public_addr": value => $restapi_public_addr; 'client.restapi/public_addr': value => $restapi_public_addr;
} }
if $system_type == 'All-in-one' { if $system_type == 'All-in-one' {
# 1 and 2 node configurations have a single monitor # 1 and 2 node configurations have a single monitor
if 'duplex' in $system_mode { if 'duplex' in $system_mode {
# Floating monitor, running on active controller. # Floating monitor, running on active controller.
Class['::ceph'] -> Class['::ceph']
ceph_config { -> ceph_config {
"mon.${floating_mon_host}/host": value => $floating_mon_host; "mon.${floating_mon_host}/host": value => $floating_mon_host;
"mon.${floating_mon_host}/mon_addr": value => $floating_mon_addr; "mon.${floating_mon_host}/mon_addr": value => $floating_mon_addr;
} }
} else { } else {
# Simplex case, a single monitor binded to the controller. # Simplex case, a single monitor binded to the controller.
Class['::ceph'] -> Class['::ceph']
ceph_config { -> ceph_config {
"mon.${mon_0_host}/host": value => $mon_0_host; "mon.${mon_0_host}/host": value => $mon_0_host;
"mon.${mon_0_host}/mon_addr": value => $mon_0_addr; "mon.${mon_0_host}/mon_addr": value => $mon_0_addr;
} }
} }
} else { } else {
# Multinode has 3 monitors. # Multinode has 3 monitors.
Class['::ceph'] -> Class['::ceph']
ceph_config { -> ceph_config {
"mon.${mon_0_host}/host": value => $mon_0_host; "mon.${mon_0_host}/host": value => $mon_0_host;
"mon.${mon_0_host}/mon_addr": value => $mon_0_addr; "mon.${mon_0_host}/mon_addr": value => $mon_0_addr;
"mon.${mon_1_host}/host": value => $mon_1_host; "mon.${mon_1_host}/host": value => $mon_1_host;
@ -111,11 +111,11 @@ class platform::ceph::post
inherits ::platform::ceph::params { inherits ::platform::ceph::params {
# Enable ceph process recovery after all configuration is done # Enable ceph process recovery after all configuration is done
file { $ceph_config_ready_path: file { $ceph_config_ready_path:
ensure => present, ensure => present,
content => '', content => '',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} }
if $service_enabled { if $service_enabled {
@ -134,19 +134,19 @@ class platform::ceph::monitor
$system_type = $::platform::params::system_type $system_type = $::platform::params::system_type
if $service_enabled { if $service_enabled {
if $system_type == 'All-in-one' and 'duplex' in $system_mode { if $system_type == 'All-in-one' and 'duplex' in $system_mode {
if str2bool($::is_controller_active) { if str2bool($::is_controller_active) {
# Ceph mon is configured on a DRBD partition, on the active controller, # Ceph mon is configured on a DRBD partition, on the active controller,
# when 'ceph' storage backend is added in sysinv. # when 'ceph' storage backend is added in sysinv.
# Then SM takes care of starting ceph after manifests are applied. # Then SM takes care of starting ceph after manifests are applied.
$configure_ceph_mon = true $configure_ceph_mon = true
} else { } else {
$configure_ceph_mon = false $configure_ceph_mon = false
} }
} else { } else {
# Simplex, multinode. Ceph is pmon managed. # Simplex, multinode. Ceph is pmon managed.
$configure_ceph_mon = true $configure_ceph_mon = true
} }
} }
else { else {
$configure_ceph_mon = false $configure_ceph_mon = false
@ -154,18 +154,18 @@ class platform::ceph::monitor
if $configure_ceph_mon { if $configure_ceph_mon {
file { '/var/lib/ceph': file { '/var/lib/ceph':
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
if $system_type == 'All-in-one' and 'duplex' in $system_mode { if $system_type == 'All-in-one' and 'duplex' in $system_mode {
# ensure DRBD config is complete before enabling the ceph monitor # ensure DRBD config is complete before enabling the ceph monitor
Drbd::Resource <| |> -> Class['::ceph'] Drbd::Resource <| |> -> Class['::ceph']
} else { } else {
File['/var/lib/ceph'] -> File['/var/lib/ceph']
platform::filesystem { $mon_lv_name: -> platform::filesystem { $mon_lv_name:
lv_name => $mon_lv_name, lv_name => $mon_lv_name,
lv_size => $mon_lv_size, lv_size => $mon_lv_size,
mountpoint => $mon_mountpoint, mountpoint => $mon_mountpoint,
@ -173,12 +173,12 @@ class platform::ceph::monitor
fs_options => $mon_fs_options, fs_options => $mon_fs_options,
} -> Class['::ceph'] } -> Class['::ceph']
file { "/etc/pmon.d/ceph.conf": file { '/etc/pmon.d/ceph.conf':
ensure => link, ensure => link,
target => "/etc/ceph/ceph.conf.pmon", target => '/etc/ceph/ceph.conf.pmon',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
} }
} }
@ -188,9 +188,9 @@ class platform::ceph::monitor
# Start service on AIO SX and on active controller # Start service on AIO SX and on active controller
# to allow in-service configuration. # to allow in-service configuration.
if str2bool($::is_controller_active) or $system_type == 'All-in-one' { if str2bool($::is_controller_active) or $system_type == 'All-in-one' {
$service_ensure = "running" $service_ensure = 'running'
} else { } else {
$service_ensure = "stopped" $service_ensure = 'stopped'
} }
# default configuration for all ceph monitor resources # default configuration for all ceph monitor resources
@ -215,23 +215,23 @@ class platform::ceph::monitor
# and set the drbd role to secondary, so that the handoff to # and set the drbd role to secondary, so that the handoff to
# SM is done properly once we swact to the standby controller. # SM is done properly once we swact to the standby controller.
# TODO: Remove this once SM supports in-service config reload. # TODO: Remove this once SM supports in-service config reload.
Ceph::Mon <| |> -> Ceph::Mon <| |>
exec { "Stop Ceph monitor": -> exec { 'Stop Ceph monitor':
command =>"/etc/init.d/ceph stop mon", command =>'/etc/init.d/ceph stop mon',
onlyif => "/etc/init.d/ceph status mon", onlyif => '/etc/init.d/ceph status mon',
logoutput => true,
} ->
exec { "umount ceph-mon partition":
command => "umount $mon_mountpoint",
onlyif => "mount | grep -q $mon_mountpoint",
logoutput => true,
} ->
exec { 'Set cephmon secondary':
command => "drbdadm secondary drbd-cephmon",
unless => "drbdadm role drbd-cephmon | egrep '^Secondary'",
logoutput => true, logoutput => true,
} }
} -> exec { 'umount ceph-mon partition':
command => "umount ${mon_mountpoint}",
onlyif => "mount | grep -q ${mon_mountpoint}",
logoutput => true,
}
-> exec { 'Set cephmon secondary':
command => 'drbdadm secondary drbd-cephmon',
unless => "drbdadm role drbd-cephmon | egrep '^Secondary'",
logoutput => true,
}
}
} else { } else {
if $::hostname == $mon_0_host { if $::hostname == $mon_0_host {
ceph::mon { $mon_0_host: ceph::mon { $mon_0_host:
@ -270,16 +270,16 @@ define platform_ceph_osd(
} }
file { "/var/lib/ceph/osd/ceph-${osd_id}": file { "/var/lib/ceph/osd/ceph-${osd_id}":
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
ceph::osd { $disk_path: -> ceph::osd { $disk_path:
uuid => $osd_uuid, uuid => $osd_uuid,
} -> }
exec { "configure journal location ${name}": -> exec { "configure journal location ${name}":
logoutput => true, logoutput => true,
command => template('platform/ceph.journal.location.erb') command => template('platform/ceph.journal.location.erb')
} }
} }
@ -290,7 +290,7 @@ define platform_ceph_journal(
) { ) {
exec { "configure journal partitions ${name}": exec { "configure journal partitions ${name}":
logoutput => true, logoutput => true,
command => template('platform/ceph.journal.partitions.erb') command => template('platform/ceph.journal.partitions.erb')
} }
} }
@ -304,8 +304,8 @@ class platform::ceph::storage(
Class['::platform::partitions'] -> Class[$name] Class['::platform::partitions'] -> Class[$name]
file { '/var/lib/ceph/osd': file { '/var/lib/ceph/osd':
path => '/var/lib/ceph/osd',
ensure => 'directory', ensure => 'directory',
path => '/var/lib/ceph/osd',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
@ -390,12 +390,12 @@ class platform::ceph::rgw
ceph_config { ceph_config {
# increase limit for single operation uploading to 50G (50*1024*1024*1024) # increase limit for single operation uploading to 50G (50*1024*1024*1024)
"client.$rgw_client_name/rgw_max_put_size": value => $rgw_max_put_size; "client.${rgw_client_name}/rgw_max_put_size": value => $rgw_max_put_size;
# increase frequency and scope of garbage collection # increase frequency and scope of garbage collection
"client.$rgw_client_name/rgw_gc_max_objs": value => $rgw_gc_max_objs; "client.${rgw_client_name}/rgw_gc_max_objs": value => $rgw_gc_max_objs;
"client.$rgw_client_name/rgw_gc_obj_min_wait": value => $rgw_gc_obj_min_wait; "client.${rgw_client_name}/rgw_gc_obj_min_wait": value => $rgw_gc_obj_min_wait;
"client.$rgw_client_name/rgw_gc_processor_max_time": value => $rgw_gc_processor_max_time; "client.${rgw_client_name}/rgw_gc_processor_max_time": value => $rgw_gc_processor_max_time;
"client.$rgw_client_name/rgw_gc_processor_period": value => $rgw_gc_processor_period; "client.${rgw_client_name}/rgw_gc_processor_period": value => $rgw_gc_processor_period;
} }
} }
@ -446,9 +446,9 @@ class platform::ceph::controller::runtime {
# Make sure ceph-rest-api is running as it is needed by sysinv config # Make sure ceph-rest-api is running as it is needed by sysinv config
# TODO(oponcea): Remove when sm supports in-service config reload # TODO(oponcea): Remove when sm supports in-service config reload
if str2bool($::is_controller_active) { if str2bool($::is_controller_active) {
Ceph::Mon <| |> -> Ceph::Mon <| |>
exec { "/etc/init.d/ceph-rest-api start": -> exec { '/etc/init.d/ceph-rest-api start':
command => "/etc/init.d/ceph-rest-api start" command => '/etc/init.d/ceph-rest-api start'
} }
} }
} }

34
puppet-manifests/src/modules/platform/manifests/client.pp
View File

@ -15,8 +15,8 @@ class platform::client
include ::platform::client::credentials::params include ::platform::client::credentials::params
$keyring_file = $::platform::client::credentials::params::keyring_file $keyring_file = $::platform::client::credentials::params::keyring_file
file {"/etc/platform/openrc": file {'/etc/platform/openrc':
ensure => "present", ensure => 'present',
mode => '0640', mode => '0640',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -33,25 +33,25 @@ class platform::client::credentials::params (
class platform::client::credentials class platform::client::credentials
inherits ::platform::client::credentials::params { inherits ::platform::client::credentials::params {
Class['::platform::drbd::platform'] -> Class['::platform::drbd::platform']
file { "${keyring_base}": -> file { $keyring_base:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${keyring_directory}": -> file { $keyring_directory:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { "${keyring_file}": -> file { $keyring_file:
ensure => 'file', ensure => 'file',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
content => "keyring get CGCS admin" content => 'keyring get CGCS admin'
} }
} }

54
puppet-manifests/src/modules/platform/manifests/collectd.pp
View File

@ -1,45 +1,45 @@
class platform::collectd::params ( class platform::collectd::params (
$interval = undef, $interval = undef,
$timeout = undef, $timeout = undef,
$read_threads = undef, $read_threads = undef,
$write_threads = undef, $write_threads = undef,
$write_queue_limit_high = undef, $write_queue_limit_high = undef,
$write_queue_limit_low = undef, $write_queue_limit_low = undef,
$server_addrs = [], $server_addrs = [],
$server_port = undef, $server_port = undef,
$max_read_interval = undef, $max_read_interval = undef,
# python plugin controls # python plugin controls
$module_path = undef, $module_path = undef,
$plugins = [], $plugins = [],
$mtce_notifier_port = undef, $mtce_notifier_port = undef,
$log_traces = undef, $log_traces = undef,
$encoding = undef, $encoding = undef,
$collectd_d_dir = undef, $collectd_d_dir = undef,
) {} ) {}
class platform::collectd class platform::collectd
inherits ::platform::collectd::params { inherits ::platform::collectd::params {
file { "/etc/collectd.conf": file { '/etc/collectd.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/collectd.conf.erb'), content => template('platform/collectd.conf.erb'),
} -> # now start collectd } # now start collectd
# ensure that collectd is running # ensure that collectd is running
service { 'collectd': -> service { 'collectd':
ensure => running, ensure => running,
enable => true, enable => true,
provider => 'systemd' provider => 'systemd'
} -> # now get pmond to monitor the process } # now get pmond to monitor the process
# ensure pmon soft link for process monitoring # ensure pmon soft link for process monitoring
file { "/etc/pmon.d/collectd.conf": -> file { '/etc/pmon.d/collectd.conf':
ensure => 'link', ensure => 'link',
target => "/opt/collectd/extensions/config/collectd.conf.pmon", target => '/opt/collectd/extensions/config/collectd.conf.pmon',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
@ -53,7 +53,7 @@ class platform::collectd::runtime {
# restart target # restart target
class platform::collectd::restart { class platform::collectd::restart {
include ::platform::collectd include ::platform::collectd
exec { "collectd-restart": exec { 'collectd-restart':
command => '/usr/local/sbin/pmon-restart collect' command => '/usr/local/sbin/pmon-restart collect'
} }
} }

132
puppet-manifests/src/modules/platform/manifests/compute.pp
View File

@ -10,8 +10,8 @@ class platform::compute::params (
class platform::compute::config class platform::compute::config
inherits ::platform::compute::params { inherits ::platform::compute::params {
file { "/etc/platform/worker_reserved.conf": file { '/etc/platform/worker_reserved.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/worker_reserved.conf.erb') content => template('platform/worker_reserved.conf.erb')
} }
@ -32,7 +32,7 @@ class platform::compute::grub::params (
} }
if $::is_gb_page_supported { if $::is_gb_page_supported {
$gb_hugepages = "hugepagesz=1G hugepages=$::number_of_numa_nodes" $gb_hugepages = "hugepagesz=1G hugepages=${::number_of_numa_nodes}"
} else { } else {
$gb_hugepages = '' $gb_hugepages = ''
} }
@ -43,25 +43,25 @@ class platform::compute::grub::params (
class platform::compute::grub::update class platform::compute::grub::update
inherits ::platform::compute::grub::params { inherits ::platform::compute::grub::params {
notice("Updating grub configuration") notice('Updating grub configuration')
$to_be_removed = join($keys, " ") $to_be_removed = join($keys, ' ')
exec { "Remove the cpu arguments": exec { 'Remove the cpu arguments':
command => "grubby --update-kernel=ALL --remove-args='$to_be_removed'", command => "grubby --update-kernel=ALL --remove-args='${to_be_removed}'",
} -> }
exec { "Add the cpu arguments": -> exec { 'Add the cpu arguments':
command => "grubby --update-kernel=ALL --args='$grub_updates'", command => "grubby --update-kernel=ALL --args='${grub_updates}'",
} }
} }
class platform::compute::grub::recovery { class platform::compute::grub::recovery {
notice("Update Grub and Reboot") notice('Update Grub and Reboot')
class {'platform::compute::grub::update': } -> Exec['reboot-recovery'] class {'platform::compute::grub::update': } -> Exec['reboot-recovery']
exec { "reboot-recovery": exec { 'reboot-recovery':
command => "reboot", command => 'reboot',
} }
} }
@ -70,29 +70,31 @@ class platform::compute::grub::audit
if ! str2bool($::is_initial_config_primary) { if ! str2bool($::is_initial_config_primary) {
notice("Audit CPU and Grub Configuration") notice('Audit CPU and Grub Configuration')
$expected_n_cpus = $::number_of_logical_cpus $expected_n_cpus = Integer($::number_of_logical_cpus)
$n_cpus_ok = ("$n_cpus" == "$expected_n_cpus") $n_cpus_ok = ($n_cpus == $expected_n_cpus)
$cmd_ok = check_grub_config($grub_updates) $cmd_ok = check_grub_config($grub_updates)
if $cmd_ok and $n_cpus_ok { if $cmd_ok and $n_cpus_ok {
$ensure = present $ensure = present
notice("CPU and Boot Argument audit passed.") notice('CPU and Boot Argument audit passed.')
} else { } else {
$ensure = absent $ensure = absent
if !$cmd_ok { if !$cmd_ok {
notice("Kernel Boot Argument Mismatch") notice('Kernel Boot Argument Mismatch')
include ::platform::compute::grub::recovery include ::platform::compute::grub::recovery
} else {
notice("Mismatched CPUs: Found=${n_cpus}, Expected=${expected_n_cpus}")
} }
} }
file { "/var/run/worker_goenabled": file { '/var/run/worker_goenabled':
ensure => $ensure, ensure => $ensure,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} }
} }
} }
@ -106,47 +108,47 @@ class platform::compute::hugetlbf {
if str2bool($::is_hugetlbfs_enabled) { if str2bool($::is_hugetlbfs_enabled) {
$fs_list = generate("/bin/bash", "-c", "ls -1d /sys/kernel/mm/hugepages/hugepages-*") $fs_list = generate('/bin/bash', '-c', 'ls -1d /sys/kernel/mm/hugepages/hugepages-*')
$array = split($fs_list, '\n') $array = split($fs_list, '\n')
$array.each | String $val | { $array.each | String $val | {
$page_name = generate("/bin/bash", "-c", "basename $val") $page_name = generate('/bin/bash', '-c', "basename ${val}")
$page_size = strip(regsubst($page_name, 'hugepages-', '')) $page_size = strip(regsubst($page_name, 'hugepages-', ''))
$hugemnt ="/mnt/huge-$page_size" $hugemnt ="/mnt/huge-${page_size}"
$options = "pagesize=${page_size}" $options = "pagesize=${page_size}"
# TODO: Once all the code is switched over to use the /dev # TODO: Once all the code is switched over to use the /dev
# mount point we can get rid of this mount point. # mount point we can get rid of this mount point.
notice("Mounting hugetlbfs at: $hugemnt") notice("Mounting hugetlbfs at: ${hugemnt}")
exec { "create $hugemnt": exec { "create ${hugemnt}":
command => "mkdir -p ${hugemnt}", command => "mkdir -p ${hugemnt}",
onlyif => "test ! -d ${hugemnt}", onlyif => "test ! -d ${hugemnt}",
} -> }
mount { "${hugemnt}": -> mount { $hugemnt:
name => "${hugemnt}", ensure => 'mounted',
device => 'none', device => 'none',
fstype => 'hugetlbfs', fstype => 'hugetlbfs',
ensure => 'mounted', name => $hugemnt,
options => "${options}", options => $options,
atboot => 'yes', atboot => 'yes',
remounts => true, remounts => true,
} }
# The libvirt helm chart expects hugepages to be mounted # The libvirt helm chart expects hugepages to be mounted
# under /dev so let's do that. # under /dev so let's do that.
$hugemnt2 ="/dev/huge-$page_size" $hugemnt2 ="/dev/huge-${page_size}"
notice("Mounting hugetlbfs at: $hugemnt2") notice("Mounting hugetlbfs at: ${hugemnt2}")
file { "${hugemnt2}": file { $hugemnt2:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
}-> }
mount { "${hugemnt2}": -> mount { $hugemnt2:
name => "${hugemnt2}", ensure => 'mounted',
device => 'none', device => 'none',
fstype => 'hugetlbfs', fstype => 'hugetlbfs',
ensure => 'mounted', name => $hugemnt2,
options => "${options}", options => $options,
atboot => 'yes', atboot => 'yes',
remounts => true, remounts => true,
} }
@ -157,20 +159,20 @@ class platform::compute::hugetlbf {
# Once we upstream a fix to the helm chart to automatically determine # Once we upstream a fix to the helm chart to automatically determine
# the mountpoint then we can remove this. # the mountpoint then we can remove this.
$page_size = '2M' $page_size = '2M'
$hugemnt ="/dev/hugepages" $hugemnt ='/dev/hugepages'
$options = "pagesize=${page_size}" $options = "pagesize=${page_size}"
notice("Mounting hugetlbfs at: $hugemnt") notice("Mounting hugetlbfs at: ${hugemnt}")
exec { "create $hugemnt": exec { "create ${hugemnt}":
command => "mkdir -p ${hugemnt}", command => "mkdir -p ${hugemnt}",
onlyif => "test ! -d ${hugemnt}", onlyif => "test ! -d ${hugemnt}",
} -> }
mount { "${hugemnt}": -> mount { $hugemnt:
name => "${hugemnt}", ensure => 'mounted',
device => 'none', device => 'none',
fstype => 'hugetlbfs', fstype => 'hugetlbfs',
ensure => 'mounted', name => $hugemnt,
options => "${options}", options => $options,
atboot => 'yes', atboot => 'yes',
remounts => true, remounts => true,
} }
@ -193,8 +195,8 @@ define allocate_pages (
$page_count, $page_count,
) { ) {
exec { "Allocate ${page_count} ${path}": exec { "Allocate ${page_count} ${path}":
command => "echo $page_count > $path", command => "echo ${page_count} > ${path}",
onlyif => "test -f $path", onlyif => "test -f ${path}",
} }
} }
@ -218,7 +220,7 @@ class platform::compute::allocate
$node = $per_node_2M[0] $node = $per_node_2M[0]
$page_size = $per_node_2M[1] $page_size = $per_node_2M[1]
allocate_pages { "Start ${node} ${page_size}": allocate_pages { "Start ${node} ${page_size}":
path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages", path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages",
page_count => $per_node_2M[2], page_count => $per_node_2M[2],
} }
} }
@ -233,7 +235,7 @@ class platform::compute::allocate
$node = $per_node_1G[0] $node = $per_node_1G[0]
$page_size = $per_node_1G[1] $page_size = $per_node_1G[1]
allocate_pages { "Start ${node} ${page_size}": allocate_pages { "Start ${node} ${page_size}":
path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages", path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages",
page_count => $per_node_1G[2], page_count => $per_node_1G[2],
} }
} }
@ -246,8 +248,8 @@ class platform::compute::extend
# nova-compute reads on init, extended nova compute options # nova-compute reads on init, extended nova compute options
# used with nova accounting # used with nova accounting
file { "/etc/nova/compute_extend.conf": file { '/etc/nova/compute_extend.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/compute_extend.conf.erb') content => template('platform/compute_extend.conf.erb')
} }
@ -257,11 +259,11 @@ class platform::compute::extend
class platform::compute::resctrl { class platform::compute::resctrl {
if str2bool($::is_resctrl_supported) { if str2bool($::is_resctrl_supported) {
mount { "/sys/fs/resctrl": mount { '/sys/fs/resctrl':
name => '/sys/fs/resctrl', ensure => 'mounted',
device => 'resctrl', device => 'resctrl',
fstype => 'resctrl', fstype => 'resctrl',
ensure => 'mounted', name => '/sys/fs/resctrl',
atboot => 'yes', atboot => 'yes',
remounts => true, remounts => true,
} }
@ -278,22 +280,22 @@ class platform::compute::pmqos (
if str2bool($::is_worker_subfunction) and str2bool($::is_lowlatency_subfunction) { if str2bool($::is_worker_subfunction) and str2bool($::is_lowlatency_subfunction) {
$script = "/usr/bin/set-cpu-wakeup-latency.sh" $script = '/usr/bin/set-cpu-wakeup-latency.sh'
if $low_wakeup_cpus != '""' { if $low_wakeup_cpus != '""' {
# Set low wakeup latency (shallow C-state) for vswitch CPUs using PM QoS interface # Set low wakeup latency (shallow C-state) for vswitch CPUs using PM QoS interface
exec { "low-wakeup-latency": exec { 'low-wakeup-latency':
command => "${script} low ${low_wakeup_cpus}", command => "${script} low ${low_wakeup_cpus}",
onlyif => "test -f ${script}", onlyif => "test -f ${script}",
logoutput => true, logoutput => true,
} }
} }
if $hight_wakeup_cpus != '""' { if $hight_wakeup_cpus != '""' {
#Set high wakeup latency (deep C-state) for non-vswitch CPUs using PM QoS interface #Set high wakeup latency (deep C-state) for non-vswitch CPUs using PM QoS interface
exec { "high-wakeup-latency": exec { 'high-wakeup-latency':
command => "${script} high ${hight_wakeup_cpus}", command => "${script} high ${hight_wakeup_cpus}",
onlyif => "test -f ${script}", onlyif => "test -f ${script}",
logoutput => true, logoutput => true,
} }
} }

142
puppet-manifests/src/modules/platform/manifests/config.pp
View File

@ -4,18 +4,18 @@ class platform::config::params (
$timezone = 'UTC', $timezone = 'UTC',
) { } ) { }
class platform::config class platform::config
inherits ::platform::config::params { inherits ::platform::config::params {
include ::platform::params include ::platform::params
include ::platform::anchors include ::platform::anchors
stage { 'pre': stage { 'pre':
before => Stage["main"], before => Stage['main'],
} }
stage { 'post': stage { 'post':
require => Stage["main"], require => Stage['main'],
} }
class { '::platform::config::pre': class { '::platform::config::pre':
@ -43,32 +43,32 @@ class platform::config::file {
$platform_conf = '/etc/platform/platform.conf' $platform_conf = '/etc/platform/platform.conf'
file_line { "${platform_conf} sw_version": file_line { "${platform_conf} sw_version":
path => $platform_conf, path => $platform_conf,
line => "sw_version=${::platform::params::software_version}", line => "sw_version=${::platform::params::software_version}",
match => '^sw_version=', match => '^sw_version=',
} }
if $management_interface { if $management_interface {
file_line { "${platform_conf} management_interface": file_line { "${platform_conf} management_interface":
path => $platform_conf, path => $platform_conf,
line => "management_interface=${management_interface}", line => "management_interface=${management_interface}",
match => '^management_interface=', match => '^management_interface=',
} }
} }
if $infrastructure_interface { if $infrastructure_interface {
file_line { "${platform_conf} infrastructure_interface": file_line { "${platform_conf} infrastructure_interface":
path => '/etc/platform/platform.conf', path => '/etc/platform/platform.conf',
line => "infrastructure_interface=${infrastructure_interface}", line => "infrastructure_interface=${infrastructure_interface}",
match => '^infrastructure_interface=', match => '^infrastructure_interface=',
} }
} }
if $oam_interface { if $oam_interface {
file_line { "${platform_conf} oam_interface": file_line { "${platform_conf} oam_interface":
path => $platform_conf, path => $platform_conf,
line => "oam_interface=${oam_interface}", line => "oam_interface=${oam_interface}",
match => '^oam_interface=', match => '^oam_interface=',
} }
} }
@ -82,80 +82,80 @@ class platform::config::file {
if $::platform::params::system_type { if $::platform::params::system_type {
file_line { "${platform_conf} system_type": file_line { "${platform_conf} system_type":
path => $platform_conf, path => $platform_conf,
line => "system_type=${::platform::params::system_type}", line => "system_type=${::platform::params::system_type}",
match => '^system_type=*', match => '^system_type=*',
} }
} }
if $::platform::params::system_mode { if $::platform::params::system_mode {
file_line { "${platform_conf} system_mode": file_line { "${platform_conf} system_mode":
path => $platform_conf, path => $platform_conf,
line => "system_mode=${::platform::params::system_mode}", line => "system_mode=${::platform::params::system_mode}",
match => '^system_mode=*', match => '^system_mode=*',
} }
} }
if $::platform::params::security_profile { if $::platform::params::security_profile {
file_line { "${platform_conf} security_profile": file_line { "${platform_conf} security_profile":
path => $platform_conf, path => $platform_conf,
line => "security_profile=${::platform::params::security_profile}", line => "security_profile=${::platform::params::security_profile}",
match => '^security_profile=*', match => '^security_profile=*',
} }
} }
if $::platform::params::sdn_enabled { if $::platform::params::sdn_enabled {
file_line { "${platform_conf}f sdn_enabled": file_line { "${platform_conf}f sdn_enabled":
path => $platform_conf, path => $platform_conf,
line => "sdn_enabled=yes", line => 'sdn_enabled=yes',
match => '^sdn_enabled=', match => '^sdn_enabled=',
} }
} }
else { else {
file_line { "${platform_conf} sdn_enabled": file_line { "${platform_conf} sdn_enabled":
path => $platform_conf, path => $platform_conf,
line => 'sdn_enabled=no', line => 'sdn_enabled=no',
match => '^sdn_enabled=', match => '^sdn_enabled=',
} }
} }
if $::platform::params::region_config { if $::platform::params::region_config {
file_line { "${platform_conf} region_config": file_line { "${platform_conf} region_config":
path => $platform_conf, path => $platform_conf,
line => 'region_config=yes', line => 'region_config=yes',
match => '^region_config=', match => '^region_config=',
} }
file_line { "${platform_conf} region_1_name": file_line { "${platform_conf} region_1_name":
path => $platform_conf, path => $platform_conf,
line => "region_1_name=${::platform::params::region_1_name}", line => "region_1_name=${::platform::params::region_1_name}",
match => '^region_1_name=', match => '^region_1_name=',
} }
file_line { "${platform_conf} region_2_name": file_line { "${platform_conf} region_2_name":
path => $platform_conf, path => $platform_conf,
line => "region_2_name=${::platform::params::region_2_name}", line => "region_2_name=${::platform::params::region_2_name}",
match => '^region_2_name=', match => '^region_2_name=',
} }
} else { } else {
file_line { "${platform_conf} region_config": file_line { "${platform_conf} region_config":
path => $platform_conf, path => $platform_conf,
line => 'region_config=no', line => 'region_config=no',
match => '^region_config=', match => '^region_config=',
} }
} }
if $::platform::params::distributed_cloud_role { if $::platform::params::distributed_cloud_role {
file_line { "${platform_conf} distributed_cloud_role": file_line { "${platform_conf} distributed_cloud_role":
path => $platform_conf, path => $platform_conf,
line => "distributed_cloud_role=${::platform::params::distributed_cloud_role}", line => "distributed_cloud_role=${::platform::params::distributed_cloud_role}",
match => '^distributed_cloud_role=', match => '^distributed_cloud_role=',
} }
} }
if $::platform::params::security_feature { if $::platform::params::security_feature {
file_line { "${platform_conf} security_feature": file_line { "${platform_conf} security_feature":
path => $platform_conf, path => $platform_conf,
line => "security_feature=\"${::platform::params::security_feature}\"", line => "security_feature=\"${::platform::params::security_feature}\"",
match => '^security_feature=*', match => '^security_feature=*',
} }
} }
@ -165,18 +165,18 @@ class platform::config::file {
class platform::config::hostname { class platform::config::hostname {
include ::platform::params include ::platform::params
file { "/etc/hostname": file { '/etc/hostname':
ensure => present, ensure => present,
owner => root, owner => root,
group => root, group => root,
mode => '0644', mode => '0644',
content => "${::platform::params::hostname}\n", content => "${::platform::params::hostname}\n",
notify => Exec["set-hostname"], notify => Exec['set-hostname'],
} }
exec { "set-hostname": exec { 'set-hostname':
command => 'hostname -F /etc/hostname', command => 'hostname -F /etc/hostname',
unless => "test `hostname` = `cat /etc/hostname`", unless => 'test `hostname` = `cat /etc/hostname`',
} }
} }
@ -214,11 +214,11 @@ class platform::config::tpm {
# iterate through each tpm_cert creating it if it doesn't exist # iterate through each tpm_cert creating it if it doesn't exist
$tpm_certs.each |String $key, String $value| { $tpm_certs.each |String $key, String $value| {
file { "create-TPM-cert-${key}": file { "create-TPM-cert-${key}":
path => $key, ensure => present,
ensure => present, path => $key,
owner => root, owner => root,
group => root, group => root,
mode => '0644', mode => '0644',
content => $value, content => $value,
} }
} }
@ -280,44 +280,44 @@ class platform::config::controller::post
} }
} }
file { "/etc/platform/.initial_controller_config_complete": file { '/etc/platform/.initial_controller_config_complete':
ensure => present, ensure => present,
} }
file { "/var/run/.controller_config_complete": file { '/var/run/.controller_config_complete':
ensure => present, ensure => present,
} }
} }
class platform::config::worker::post class platform::config::worker::post
{ {
file { "/etc/platform/.initial_worker_config_complete": file { '/etc/platform/.initial_worker_config_complete':
ensure => present, ensure => present,
} }
file { "/var/run/.worker_config_complete": file { '/var/run/.worker_config_complete':
ensure => present, ensure => present,
} }
} }
class platform::config::storage::post class platform::config::storage::post
{ {
file { "/etc/platform/.initial_storage_config_complete": file { '/etc/platform/.initial_storage_config_complete':
ensure => present, ensure => present,
} }
file { "/var/run/.storage_config_complete": file { '/var/run/.storage_config_complete':
ensure => present, ensure => present,
} }
} }
class platform::config::bootstrap { class platform::config::bootstrap {
stage { 'pre': stage { 'pre':
before => Stage["main"], before => Stage['main'],
} }
stage { 'post': stage { 'post':
require => Stage["main"], require => Stage['main'],
} }
include ::platform::params include ::platform::params

18
puppet-manifests/src/modules/platform/manifests/dcmanager.pp
View File

@ -5,7 +5,7 @@ class platform::dcmanager::params (
$domain_admin = undef, $domain_admin = undef,
$domain_pwd = undef, $domain_pwd = undef,
$service_name = 'dcmanager', $service_name = 'dcmanager',
$default_endpoint_type = "internalURL", $default_endpoint_type = 'internalURL',
$service_create = false, $service_create = false,
) { ) {
include ::platform::params include ::platform::params
@ -18,7 +18,7 @@ class platform::dcmanager::params (
class platform::dcmanager class platform::dcmanager
inherits ::platform::dcmanager::params { inherits ::platform::dcmanager::params {
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
include ::platform::params include ::platform::params
include ::platform::amqp::params include ::platform::amqp::params
if $::platform::params::init_database { if $::platform::params::init_database {
@ -26,9 +26,9 @@ class platform::dcmanager
} }
class { '::dcmanager': class { '::dcmanager':
rabbit_host => $::platform::amqp::params::host_url, rabbit_host => $::platform::amqp::params::host_url,
rabbit_port => $::platform::amqp::params::port, rabbit_port => $::platform::amqp::params::port,
rabbit_userid => $::platform::amqp::params::auth_user, rabbit_userid => $::platform::amqp::params::auth_user,
rabbit_password => $::platform::amqp::params::auth_password, rabbit_password => $::platform::amqp::params::auth_password,
} }
} }
@ -37,7 +37,7 @@ class platform::dcmanager
class platform::dcmanager::firewall class platform::dcmanager::firewall
inherits ::platform::dcmanager::params { inherits ::platform::dcmanager::params {
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
platform::firewall::rule { 'dcmanager-api': platform::firewall::rule { 'dcmanager-api':
service_name => 'dcmanager', service_name => 'dcmanager',
ports => $api_port, ports => $api_port,
@ -50,8 +50,8 @@ class platform::dcmanager::haproxy
inherits ::platform::dcmanager::params { inherits ::platform::dcmanager::params {
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
platform::haproxy::proxy { 'dcmanager-restapi': platform::haproxy::proxy { 'dcmanager-restapi':
server_name => 's-dcmanager', server_name => 's-dcmanager',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -74,7 +74,7 @@ class platform::dcmanager::api
class { '::dcmanager::api': class { '::dcmanager::api':
bind_host => $api_host, bind_host => $api_host,
} }
include ::platform::dcmanager::firewall include ::platform::dcmanager::firewall
include ::platform::dcmanager::haproxy include ::platform::dcmanager::haproxy

52
puppet-manifests/src/modules/platform/manifests/dcorch.pp
View File

@ -5,7 +5,7 @@ class platform::dcorch::params (
$domain_admin = undef, $domain_admin = undef,
$domain_pwd = undef, $domain_pwd = undef,
$service_name = 'dcorch', $service_name = 'dcorch',
$default_endpoint_type = "internalURL", $default_endpoint_type = 'internalURL',
$service_create = false, $service_create = false,
$neutron_api_proxy_port = 29696, $neutron_api_proxy_port = 29696,
$nova_api_proxy_port = 28774, $nova_api_proxy_port = 28774,
@ -33,11 +33,11 @@ class platform::dcorch
} }
class { '::dcorch': class { '::dcorch':
rabbit_host => $::platform::amqp::params::host_url, rabbit_host => $::platform::amqp::params::host_url,
rabbit_port => $::platform::amqp::params::port, rabbit_port => $::platform::amqp::params::port,
rabbit_userid => $::platform::amqp::params::auth_user, rabbit_userid => $::platform::amqp::params::auth_user,
rabbit_password => $::platform::amqp::params::auth_password, rabbit_password => $::platform::amqp::params::auth_password,
proxy_bind_host => $api_host, proxy_bind_host => $api_host,
proxy_remote_host => $api_host, proxy_remote_host => $api_host,
} }
} }
@ -54,29 +54,29 @@ class platform::dcorch::firewall
} }
platform::firewall::rule { 'dcorch-sysinv-api-proxy': platform::firewall::rule { 'dcorch-sysinv-api-proxy':
service_name => 'dcorch-sysinv-api-proxy', service_name => 'dcorch-sysinv-api-proxy',
ports => $sysinv_api_proxy_port, ports => $sysinv_api_proxy_port,
} }
platform::firewall::rule { 'dcorch-nova-api-proxy': platform::firewall::rule { 'dcorch-nova-api-proxy':
service_name => 'dcorch-nova-api-proxy', service_name => 'dcorch-nova-api-proxy',
ports => $nova_api_proxy_port, ports => $nova_api_proxy_port,
} }
platform::firewall::rule { 'dcorch-neutron-api-proxy': platform::firewall::rule { 'dcorch-neutron-api-proxy':
service_name => 'dcorch-neutron-api-proxy', service_name => 'dcorch-neutron-api-proxy',
ports => $neutron_api_proxy_port, ports => $neutron_api_proxy_port,
} }
if $::openstack::cinder::params::service_enabled { if $::openstack::cinder::params::service_enabled {
platform::firewall::rule { 'dcorch-cinder-api-proxy': platform::firewall::rule { 'dcorch-cinder-api-proxy':
service_name => 'dcorch-cinder-api-proxy', service_name => 'dcorch-cinder-api-proxy',
ports => $cinder_api_proxy_port, ports => $cinder_api_proxy_port,
} }
} }
platform::firewall::rule { 'dcorch-patch-api-proxy': platform::firewall::rule { 'dcorch-patch-api-proxy':
service_name => 'dcorch-patch-api-proxy', service_name => 'dcorch-patch-api-proxy',
ports => $patch_api_proxy_port, ports => $patch_api_proxy_port,
} }
platform::firewall::rule { 'dcorch-identity-api-proxy': platform::firewall::rule { 'dcorch-identity-api-proxy':
service_name => 'dcorch-identity-api-proxy', service_name => 'dcorch-identity-api-proxy',
ports => $identity_api_proxy_port, ports => $identity_api_proxy_port,
} }
} }
} }
@ -87,48 +87,48 @@ class platform::dcorch::haproxy
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
include ::openstack::cinder::params include ::openstack::cinder::params
platform::haproxy::proxy { 'dcorch-neutron-api-proxy': platform::haproxy::proxy { 'dcorch-neutron-api-proxy':
server_name => 's-dcorch-neutron-api-proxy', server_name => 's-dcorch-neutron-api-proxy',
public_port => $neutron_api_proxy_port, public_port => $neutron_api_proxy_port,
private_port => $neutron_api_proxy_port, private_port => $neutron_api_proxy_port,
} }
platform::haproxy::proxy { 'dcorch-nova-api-proxy': platform::haproxy::proxy { 'dcorch-nova-api-proxy':
server_name => 's-dcorch-nova-api-proxy', server_name => 's-dcorch-nova-api-proxy',
public_port => $nova_api_proxy_port, public_port => $nova_api_proxy_port,
private_port => $nova_api_proxy_port, private_port => $nova_api_proxy_port,
} }
platform::haproxy::proxy { 'dcorch-sysinv-api-proxy': platform::haproxy::proxy { 'dcorch-sysinv-api-proxy':
server_name => 's-dcorch-sysinv-api-proxy', server_name => 's-dcorch-sysinv-api-proxy',
public_port => $sysinv_api_proxy_port, public_port => $sysinv_api_proxy_port,
private_port => $sysinv_api_proxy_port, private_port => $sysinv_api_proxy_port,
} }
if $::openstack::cinder::params::service_enabled { if $::openstack::cinder::params::service_enabled {
platform::haproxy::proxy { 'dcorch-cinder-api-proxy': platform::haproxy::proxy { 'dcorch-cinder-api-proxy':
server_name => 's-cinder-dc-api-proxy', server_name => 's-cinder-dc-api-proxy',
public_port => $cinder_api_proxy_port, public_port => $cinder_api_proxy_port,
private_port => $cinder_api_proxy_port, private_port => $cinder_api_proxy_port,
} }
} }
platform::haproxy::proxy { 'dcorch-patch-api-proxy': platform::haproxy::proxy { 'dcorch-patch-api-proxy':
server_name => 's-dcorch-patch-api-proxy', server_name => 's-dcorch-patch-api-proxy',
public_port => $patch_api_proxy_port, public_port => $patch_api_proxy_port,
private_port => $patch_api_proxy_port, private_port => $patch_api_proxy_port,
} }
platform::haproxy::proxy { 'dcorch-identity-api-proxy': platform::haproxy::proxy { 'dcorch-identity-api-proxy':
server_name => 's-dcorch-identity-api-proxy', server_name => 's-dcorch-identity-api-proxy',
public_port => $identity_api_proxy_port, public_port => $identity_api_proxy_port,
private_port => $identity_api_proxy_port, private_port => $identity_api_proxy_port,
} }
} }
} }
class platform::dcorch::engine class platform::dcorch::engine
inherits ::platform::dcorch::params { inherits ::platform::dcorch::params {
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
include ::dcorch::engine include ::dcorch::engine
} }
} }
class platform::dcorch::snmp class platform::dcorch::snmp
inherits ::platform::dcorch::params { inherits ::platform::dcorch::params {
if $::platform::params::distributed_cloud_role =='systemcontroller' { if $::platform::params::distributed_cloud_role =='systemcontroller' {
class { '::dcorch::snmp': class { '::dcorch::snmp':

26
puppet-manifests/src/modules/platform/manifests/devices.pp
View File

@ -2,23 +2,23 @@ define qat_device_files(
$qat_idx, $qat_idx,
$device_id, $device_id,
) { ) {
if $device_id == "dh895xcc"{ if $device_id == 'dh895xcc'{
file { "/etc/dh895xcc_dev${qat_idx}.conf": file { "/etc/dh895xcc_dev${qat_idx}.conf":
ensure => 'present', ensure => 'present',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
notify => Service['qat_service'], notify => Service['qat_service'],
} }
} }
if $device_id == "c62x"{ if $device_id == 'c62x'{
file { "/etc/c62x_dev${qat_idx}.conf": file { "/etc/c62x_dev${qat_idx}.conf":
ensure => 'present', ensure => 'present',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0640', mode => '0640',
notify => Service['qat_service'], notify => Service['qat_service'],
} }
} }
} }
@ -35,7 +35,7 @@ class platform::devices::qat (
ensure => 'running', ensure => 'running',
enable => true, enable => true,
hasrestart => true, hasrestart => true,
notify => Service['sysinv-agent'], notify => Service['sysinv-agent'],
} }
} }
} }

6
puppet-manifests/src/modules/platform/manifests/dhclient.pp
View File

@ -10,11 +10,11 @@ class platform::dhclient
$infra_interface = $::platform::network::infra::params::interface_name $infra_interface = $::platform::network::infra::params::interface_name
$infra_subnet_version = $::platform::network::infra::params::subnet_version $infra_subnet_version = $::platform::network::infra::params::subnet_version
file { "/etc/dhcp/dhclient.conf": file { '/etc/dhcp/dhclient.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/dhclient.conf.erb'), content => template('platform/dhclient.conf.erb'),
before => Class['::platform::network::apply'], before => Class['::platform::network::apply'],
} }
} }

8
puppet-manifests/src/modules/platform/manifests/dns.pp
View File

@ -63,8 +63,8 @@ class platform::dns::dnsmasq {
} }
} }
file { "/etc/dnsmasq.conf": file { '/etc/dnsmasq.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/dnsmasq.conf.erb'), content => template('platform/dnsmasq.conf.erb'),
} }
@ -74,8 +74,8 @@ class platform::dns::dnsmasq {
class platform::dns::resolv ( class platform::dns::resolv (
$servers, $servers,
) { ) {
file { "/etc/resolv.conf": file { '/etc/resolv.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/resolv.conf.erb') content => template('platform/resolv.conf.erb')
} }

20
puppet-manifests/src/modules/platform/manifests/docker.pp
View File

@ -2,7 +2,7 @@ class platform::docker::params (
$package_name = 'docker-ce', $package_name = 'docker-ce',
) { } ) { }
class platform::docker::config class platform::docker::config
inherits ::platform::docker::params { inherits ::platform::docker::params {
include ::platform::kubernetes::params include ::platform::kubernetes::params
@ -12,23 +12,23 @@ class platform::docker::config
Class['::platform::filesystem::docker'] ~> Class[$name] Class['::platform::filesystem::docker'] ~> Class[$name]
service { 'docker': service { 'docker':
ensure => 'running', ensure => 'running',
name => 'docker', name => 'docker',
enable => true, enable => true,
require => Package['docker'] require => Package['docker']
} -> }
exec { 'enable-docker': -> exec { 'enable-docker':
command => '/usr/bin/systemctl enable docker.service', command => '/usr/bin/systemctl enable docker.service',
} }
} }
} }
class platform::docker::install class platform::docker::install
inherits ::platform::docker::params { inherits ::platform::docker::params {
package { 'docker': package { 'docker':
ensure => 'installed', ensure => 'installed',
name => $package_name, name => $package_name,
} }
} }

40
puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp
View File

@ -12,21 +12,21 @@ class platform::dockerdistribution::config
# currently docker registry is running insecure mode # currently docker registry is running insecure mode
# when proper authentication is implemented, this would go away # when proper authentication is implemented, this would go away
file { "/etc/docker": file { '/etc/docker':
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0700', mode => '0700',
} -> }
file { "/etc/docker/daemon.json": -> file { '/etc/docker/daemon.json':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
content => template('platform/insecuredockerregistry.conf.erb'), content => template('platform/insecuredockerregistry.conf.erb'),
} -> }
file { "/etc/docker-distribution/registry/config.yml": -> file { '/etc/docker-distribution/registry/config.yml':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
@ -36,10 +36,10 @@ class platform::dockerdistribution::config
# copy the startup script to where it is supposed to be # copy the startup script to where it is supposed to be
file {'docker_distribution_initd_script': file {'docker_distribution_initd_script':
path => '/etc/init.d/docker-distribution', ensure => 'present',
ensure => 'present', path => '/etc/init.d/docker-distribution',
mode => '0755', mode => '0755',
source => "puppet:///modules/${module_name}/docker-distribution" source => "puppet:///modules/${module_name}/docker-distribution"
} }
} }
} }
@ -57,13 +57,13 @@ class platform::dockerdistribution::compute
# currently docker registry is running insecure mode # currently docker registry is running insecure mode
# when proper authentication is implemented, this would go away # when proper authentication is implemented, this would go away
file { "/etc/docker": file { '/etc/docker':
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0700', mode => '0700',
} -> }
file { "/etc/docker/daemon.json": -> file { '/etc/docker/daemon.json':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',

150
puppet-manifests/src/modules/platform/manifests/drbd.pp
View File

@ -76,10 +76,10 @@ define platform::drbd::filesystem (
volume_group => $vg_name, volume_group => $vg_name,
size => "${lv_size}G", size => "${lv_size}G",
size_is_minsize => true, size_is_minsize => true,
} -> }
drbd::resource { $title: -> drbd::resource { $title:
disk => "/dev/${vg_name}/${lv_name}", disk => "/dev/${vg_name}/${lv_name}",
port => $port, port => $port,
device => $device, device => $device,
@ -111,13 +111,13 @@ define platform::drbd::filesystem (
# NOTE: The DRBD file system can only be resized immediately if not peering, # NOTE: The DRBD file system can only be resized immediately if not peering,
# otherwise it must wait for the peer backing storage device to be # otherwise it must wait for the peer backing storage device to be
# resized before issuing the resize locally. # resized before issuing the resize locally.
Drbd::Resource[$title] -> Drbd::Resource[$title]
exec { "drbd resize ${title}": -> exec { "drbd resize ${title}":
command => "drbdadm -- --assume-peer-has-space resize ${title}", command => "drbdadm -- --assume-peer-has-space resize ${title}",
} -> }
exec { "resize2fs ${title}": -> exec { "resize2fs ${title}":
command => "resize2fs ${device}", command => "resize2fs ${device}",
} }
} }
@ -163,12 +163,12 @@ class platform::drbd::rabbit ()
inherits ::platform::drbd::rabbit::params { inherits ::platform::drbd::rabbit::params {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => 'drbd-pgsql', resync_after => 'drbd-pgsql',
} }
} }
@ -188,12 +188,12 @@ class platform::drbd::platform ()
inherits ::platform::drbd::platform::params { inherits ::platform::drbd::platform::params {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => 'drbd-rabbit', resync_after => 'drbd-rabbit',
} }
} }
@ -213,12 +213,12 @@ class platform::drbd::cgcs ()
inherits ::platform::drbd::cgcs::params { inherits ::platform::drbd::cgcs::params {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => 'drbd-platform', resync_after => 'drbd-platform',
} }
} }
@ -251,12 +251,12 @@ class platform::drbd::extension (
} }
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => $resync_after, resync_after => $resync_after,
} }
} }
@ -289,17 +289,17 @@ class platform::drbd::patch_vault (
if $service_enabled { if $service_enabled {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => 'drbd-extension', resync_after => 'drbd-extension',
manage_override => $drbd_manage, manage_override => $drbd_manage,
ha_primary_override => $drbd_primary, ha_primary_override => $drbd_primary,
initial_setup_override => $drbd_initial, initial_setup_override => $drbd_initial,
automount_override => $drbd_automount, automount_override => $drbd_automount,
} }
} }
} }
@ -335,17 +335,17 @@ class platform::drbd::etcd (
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => undef, resync_after => undef,
manage_override => $drbd_manage, manage_override => $drbd_manage,
ha_primary_override => $drbd_primary, ha_primary_override => $drbd_primary,
initial_setup_override => $drbd_initial, initial_setup_override => $drbd_initial,
automount_override => $drbd_automount, automount_override => $drbd_automount,
} }
} }
} }
@ -379,17 +379,17 @@ class platform::drbd::dockerdistribution ()
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => undef, resync_after => undef,
manage_override => $drbd_manage, manage_override => $drbd_manage,
ha_primary_override => $drbd_primary, ha_primary_override => $drbd_primary,
initial_setup_override => $drbd_initial, initial_setup_override => $drbd_initial,
automount_override => $drbd_automount, automount_override => $drbd_automount,
} }
} }
} }
@ -436,17 +436,17 @@ class platform::drbd::cephmon ()
if ($::platform::ceph::params::service_enabled and if ($::platform::ceph::params::service_enabled and
$system_type == 'All-in-one' and 'duplex' in $system_mode) { $system_type == 'All-in-one' and 'duplex' in $system_mode) {
platform::drbd::filesystem { $resource_name: platform::drbd::filesystem { $resource_name:
vg_name => $vg_name, vg_name => $vg_name,
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $::platform::ceph::params::mon_lv_size, lv_size => $::platform::ceph::params::mon_lv_size,
port => $port, port => $port,
device => $device, device => $device,
mountpoint => $mountpoint, mountpoint => $mountpoint,
resync_after => undef, resync_after => undef,
manage_override => true, manage_override => true,
ha_primary_override => $drbd_primary, ha_primary_override => $drbd_primary,
initial_setup_override => $drbd_initial, initial_setup_override => $drbd_initial,
automount_override => $drbd_automount, automount_override => $drbd_automount,
} -> Class['::ceph'] } -> Class['::ceph']
} }
} }
@ -488,9 +488,9 @@ class platform::drbd(
include ::platform::drbd::cephmon include ::platform::drbd::cephmon
# network changes need to be applied prior to DRBD resources # network changes need to be applied prior to DRBD resources
Anchor['platform::networking'] -> Anchor['platform::networking']
Drbd::Resource <| |> -> -> Drbd::Resource <| |>
Anchor['platform::services'] -> Anchor['platform::services']
} }
@ -503,9 +503,9 @@ class platform::drbd::bootstrap {
# override the defaults to initialize and activate the file systems # override the defaults to initialize and activate the file systems
class { '::platform::drbd::params': class { '::platform::drbd::params':
ha_primary => true, ha_primary => true,
initial_setup => true, initial_setup => true,
automount => true, automount => true,
} }
include ::platform::drbd::pgsql include ::platform::drbd::pgsql

82
puppet-manifests/src/modules/platform/manifests/etcd.pp
View File

@ -1,46 +1,46 @@
class platform::etcd::params ( class platform::etcd::params (
$bind_address = '0.0.0.0', $bind_address = '0.0.0.0',
$port = 2379, $port = 2379,
$node = "controller", $node = 'controller',
) )
{ {
include ::platform::params include ::platform::params
$sw_version = $::platform::params::software_version $sw_version = $::platform::params::software_version
$etcd_basedir = "/opt/etcd" $etcd_basedir = '/opt/etcd'
$etcd_versioned_dir = "${etcd_basedir}/${sw_version}" $etcd_versioned_dir = "${etcd_basedir}/${sw_version}"
} }
# Modify the systemd service file for etcd and # Modify the systemd service file for etcd and
# create an init.d script for SM to manage the service # create an init.d script for SM to manage the service
class platform::etcd::setup { class platform::etcd::setup {
file {'etcd_override_dir': file {'etcd_override_dir':
path => '/etc/systemd/system/etcd.service.d',
ensure => directory, ensure => directory,
path => '/etc/systemd/system/etcd.service.d',
mode => '0755', mode => '0755',
} -> }
file {'etcd_override': -> file {'etcd_override':
path => '/etc/systemd/system/etcd.service.d/etcd-override.conf', ensure => present,
ensure => present, path => '/etc/systemd/system/etcd.service.d/etcd-override.conf',
mode => '0644', mode => '0644',
source => "puppet:///modules/${module_name}/etcd-override.conf" source => "puppet:///modules/${module_name}/etcd-override.conf"
} -> }
file {'etcd_initd_script': -> file {'etcd_initd_script':
path => '/etc/init.d/etcd', ensure => 'present',
ensure => 'present', path => '/etc/init.d/etcd',
mode => '0755', mode => '0755',
source => "puppet:///modules/${module_name}/etcd" source => "puppet:///modules/${module_name}/etcd"
} -> }
exec { 'systemd-reload-daemon': -> exec { 'systemd-reload-daemon':
command => '/usr/bin/systemctl daemon-reload', command => '/usr/bin/systemctl daemon-reload',
} -> }
Service['etcd'] -> Service['etcd']
} }
class platform::etcd::init class platform::etcd::init
inherits ::platform::etcd::params { inherits ::platform::etcd::params {
$client_url = "http://${bind_address}:${port}" $client_url = "http://${bind_address}:${port}"
if str2bool($::is_initial_config_primary) { if str2bool($::is_initial_config_primary) {
@ -51,16 +51,16 @@ class platform::etcd::init
} }
class { 'etcd': class { 'etcd':
ensure => 'present', ensure => 'present',
etcd_name => $node, etcd_name => $node,
service_enable => false, service_enable => false,
service_ensure => $service_ensure, service_ensure => $service_ensure,
cluster_enabled => false, cluster_enabled => false,
listen_client_urls => $client_url, listen_client_urls => $client_url,
advertise_client_urls => $client_url, advertise_client_urls => $client_url,
data_dir => "${etcd_versioned_dir}/${node}.etcd", data_dir => "${etcd_versioned_dir}/${node}.etcd",
proxy => "off", proxy => 'off',
} }
} }
@ -70,30 +70,30 @@ class platform::etcd
include ::platform::kubernetes::params include ::platform::kubernetes::params
Class['::platform::drbd::etcd'] -> Class[$name] Class['::platform::drbd::etcd'] -> Class[$name]
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
include ::platform::etcd::datadir include ::platform::etcd::datadir
include ::platform::etcd::setup include ::platform::etcd::setup
include ::platform::etcd::init include ::platform::etcd::init
Class['::platform::etcd::datadir'] -> Class['::platform::etcd::datadir']
Class['::platform::etcd::setup'] -> -> Class['::platform::etcd::setup']
Class['::platform::etcd::init'] -> Class['::platform::etcd::init']
} }
} }
class platform::etcd::datadir class platform::etcd::datadir
inherits ::platform::etcd::params { inherits ::platform::etcd::params {
Class['::platform::drbd::etcd'] -> Class[$name] Class['::platform::drbd::etcd'] -> Class[$name]
if $::platform::params::init_database { if $::platform::params::init_database {
file { "${etcd_versioned_dir}": file { $etcd_versioned_dir:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} }
} }
} }

22
puppet-manifests/src/modules/platform/manifests/exports.pp
View File

@ -3,17 +3,17 @@ class platform::exports {
include ::platform::params include ::platform::params
file { '/etc/exports': file { '/etc/exports':
ensure => present, ensure => present,
mode => '0600', mode => '0600',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
} -> }
file_line { '/etc/exports /etc/platform': -> file_line { '/etc/exports /etc/platform':
path => '/etc/exports', path => '/etc/exports',
line => "/etc/platform\t\t ${::platform::params::mate_ipaddress}(no_root_squash,no_subtree_check,rw)", line => "/etc/platform\t\t ${::platform::params::mate_ipaddress}(no_root_squash,no_subtree_check,rw)",
match => '^/etc/platform\s', match => '^/etc/platform\s',
} -> }
exec { 'Re-export filesystems': -> exec { 'Re-export filesystems':
command => 'exportfs -r', command => 'exportfs -r',
} }
} }

118
puppet-manifests/src/modules/platform/manifests/filesystem.pp
View File

@ -25,46 +25,46 @@ define platform::filesystem (
# use all available space # use all available space
$size = undef $size = undef
$fs_size_is_minsize = false $fs_size_is_minsize = false
} }
# create logical volume # create logical volume
logical_volume { $lv_name: logical_volume { $lv_name:
ensure => present, ensure => present,
volume_group => $vg_name, volume_group => $vg_name,
size => $size, size => $size,
size_is_minsize => $fs_size_is_minsize, size_is_minsize => $fs_size_is_minsize,
} -> }
# create filesystem # create filesystem
filesystem { $device: -> filesystem { $device:
ensure => present, ensure => present,
fs_type => $fs_type, fs_type => $fs_type,
options => $fs_options, options => $fs_options,
} -> }
file { $mountpoint: -> file { $mountpoint:
ensure => 'directory', ensure => 'directory',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => $mode, mode => $mode,
} -> }
mount { $name: -> mount { $name:
name => "$mountpoint", ensure => 'mounted',
atboot => 'yes', atboot => 'yes',
ensure => 'mounted', name => $mountpoint,
device => "${device}", device => $device,
options => 'defaults', options => 'defaults',
fstype => $fs_type, fstype => $fs_type,
} -> }
# The above mount resource doesn't actually remount devices that were already present in /etc/fstab, but were # The above mount resource doesn't actually remount devices that were already present in /etc/fstab, but were
# unmounted during manifest application. To get around this, we attempt to mount them again, if they are not # unmounted during manifest application. To get around this, we attempt to mount them again, if they are not
# already mounted. # already mounted.
exec { "mount $device": -> exec { "mount ${device}":
unless => "mount | awk '{print \$3}' | grep -Fxq $mountpoint", unless => "mount | awk '{print \$3}' | grep -Fxq ${mountpoint}",
command => "mount $mountpoint", command => "mount ${mountpoint}",
path => "/usr/bin" path => '/usr/bin'
} }
} }
@ -80,24 +80,24 @@ define platform::filesystem::resize(
$device = "/dev/${vg_name}/${lv_name}" $device = "/dev/${vg_name}/${lv_name}"
# TODO (rchurch): Fix this... Allowing return code 5 so that lvextends using the same size doesn't blow up # TODO (rchurch): Fix this... Allowing return code 5 so that lvextends using the same size doesn't blow up
exec { "lvextend $device": exec { "lvextend ${device}":
command => "lvextend -L${lv_size}G ${device}", command => "lvextend -L${lv_size}G ${device}",
returns => [0, 5] returns => [0, 5]
} -> }
# After a partition extend, make sure that there is no leftover drbd # After a partition extend, make sure that there is no leftover drbd
# type metadata from a previous install. Drbd writes its meta at the # type metadata from a previous install. Drbd writes its meta at the
# very end of a block device causing confusion for blkid. # very end of a block device causing confusion for blkid.
exec { "wipe end of device $device": -> exec { "wipe end of device ${device}":
command => "dd if=/dev/zero of=${device} bs=512 seek=$(($(blockdev --getsz ${device}) - 34)) count=34", command => "dd if=/dev/zero of=${device} bs=512 seek=$(($(blockdev --getsz ${device}) - 34)) count=34",
onlyif => "blkid ${device} | grep TYPE=\\\"drbd\\\"", onlyif => "blkid ${device} | grep TYPE=\\\"drbd\\\"",
} -> }
exec { "resize2fs $devmapper": -> exec { "resize2fs ${devmapper}":
command => "resize2fs $devmapper", command => "resize2fs ${devmapper}",
onlyif => "blkid -s TYPE -o value $devmapper | grep -v xfs", onlyif => "blkid -s TYPE -o value ${devmapper} | grep -v xfs",
} -> }
exec { "xfs_growfs $devmapper": -> exec { "xfs_growfs ${devmapper}":
command => "xfs_growfs $devmapper", command => "xfs_growfs ${devmapper}",
onlyif => "blkid -s TYPE -o value $devmapper | grep xfs", onlyif => "blkid -s TYPE -o value ${devmapper} | grep xfs",
} }
} }
@ -115,10 +115,10 @@ class platform::filesystem::backup
inherits ::platform::filesystem::backup::params { inherits ::platform::filesystem::backup::params {
platform::filesystem { $lv_name: platform::filesystem { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
mountpoint => $mountpoint, mountpoint => $mountpoint,
fs_type => $fs_type, fs_type => $fs_type,
fs_options => $fs_options fs_options => $fs_options
} }
} }
@ -136,10 +136,10 @@ class platform::filesystem::scratch
inherits ::platform::filesystem::scratch::params { inherits ::platform::filesystem::scratch::params {
platform::filesystem { $lv_name: platform::filesystem { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
mountpoint => $mountpoint, mountpoint => $mountpoint,
fs_type => $fs_type, fs_type => $fs_type,
fs_options => $fs_options fs_options => $fs_options
} }
} }
@ -157,10 +157,10 @@ class platform::filesystem::gnocchi
inherits ::platform::filesystem::gnocchi::params { inherits ::platform::filesystem::gnocchi::params {
platform::filesystem { $lv_name: platform::filesystem { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
mountpoint => $mountpoint, mountpoint => $mountpoint,
fs_type => $fs_type, fs_type => $fs_type,
fs_options => $fs_options fs_options => $fs_options
} }
} }
@ -182,13 +182,13 @@ class platform::filesystem::docker
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
platform::filesystem { $lv_name: platform::filesystem { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
mountpoint => $mountpoint, mountpoint => $mountpoint,
fs_type => $fs_type, fs_type => $fs_type,
fs_options => $fs_options, fs_options => $fs_options,
fs_use_all => $fs_use_all, fs_use_all => $fs_use_all,
mode => '0711', mode => '0711',
} }
} }
} }
@ -224,8 +224,8 @@ class platform::filesystem::storage {
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
class {'platform::filesystem::docker::params' : class {'platform::filesystem::docker::params' :
lv_size => 10 lv_size => 10
} -> }
class {'platform::filesystem::docker' : -> class {'platform::filesystem::docker' :
} }
Class['::platform::lvm::vg::cgts_vg'] -> Class['::platform::filesystem::docker'] Class['::platform::lvm::vg::cgts_vg'] -> Class['::platform::filesystem::docker']
@ -240,8 +240,8 @@ class platform::filesystem::compute {
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
class {'platform::filesystem::docker::params' : class {'platform::filesystem::docker::params' :
fs_use_all => true fs_use_all => true
} -> }
class {'platform::filesystem::docker' : -> class {'platform::filesystem::docker' :
} }
Class['::platform::lvm::vg::cgts_vg'] -> Class['::platform::filesystem::docker'] Class['::platform::lvm::vg::cgts_vg'] -> Class['::platform::filesystem::docker']
@ -265,8 +265,8 @@ class platform::filesystem::backup::runtime {
$devmapper = $::platform::filesystem::backup::params::devmapper $devmapper = $::platform::filesystem::backup::params::devmapper
platform::filesystem::resize { $lv_name: platform::filesystem::resize { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
devmapper => $devmapper, devmapper => $devmapper,
} }
} }
@ -280,8 +280,8 @@ class platform::filesystem::scratch::runtime {
$devmapper = $::platform::filesystem::scratch::params::devmapper $devmapper = $::platform::filesystem::scratch::params::devmapper
platform::filesystem::resize { $lv_name: platform::filesystem::resize { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
devmapper => $devmapper, devmapper => $devmapper,
} }
} }
@ -295,8 +295,8 @@ class platform::filesystem::gnocchi::runtime {
$devmapper = $::platform::filesystem::gnocchi::params::devmapper $devmapper = $::platform::filesystem::gnocchi::params::devmapper
platform::filesystem::resize { $lv_name: platform::filesystem::resize { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
devmapper => $devmapper, devmapper => $devmapper,
} }
} }
@ -310,8 +310,8 @@ class platform::filesystem::docker::runtime {
$devmapper = $::platform::filesystem::docker::params::devmapper $devmapper = $::platform::filesystem::docker::params::devmapper
platform::filesystem::resize { $lv_name: platform::filesystem::resize { $lv_name:
lv_name => $lv_name, lv_name => $lv_name,
lv_size => $lv_size, lv_size => $lv_size,
devmapper => $devmapper, devmapper => $devmapper,
} }
} }

188
puppet-manifests/src/modules/platform/manifests/firewall.pp
View File

@ -39,38 +39,38 @@ define platform::firewall::rule (
# NAT rule # NAT rule
if $jump == 'SNAT' or $jump == 'MASQUERADE' { if $jump == 'SNAT' or $jump == 'MASQUERADE' {
firewall { "500 ${service_name} ${heading} ${title}": firewall { "500 ${service_name} ${heading} ${title}":
chain => $chain, ensure => $ensure,
table => $table, table => $table,
proto => $proto, proto => $proto,
outiface => $outiface, outiface => $outiface,
jump => $jump, jump => $jump,
tosource => $tosource, tosource => $tosource,
destination => $destination, destination => $destination,
source => $source, source => $source,
provider => $provider, provider => $provider,
ensure => $ensure, chain => $chain,
} }
} }
else { else {
if $ports == undef { if $ports == undef {
firewall { "500 ${service_name} ${heading} ${title}": firewall { "500 ${service_name} ${heading} ${title}":
chain => $chain, ensure => $ensure,
proto => $proto, proto => $proto,
action => 'accept', action => 'accept',
source => $source, source => $source,
provider => $provider, provider => $provider,
ensure => $ensure, chain => $chain,
} }
} }
else { else {
firewall { "500 ${service_name} ${heading} ${title}": firewall { "500 ${service_name} ${heading} ${title}":
chain => $chain, ensure => $ensure,
proto => $proto, proto => $proto,
dport => $ports, dport => $ports,
action => 'accept', action => 'accept',
source => $source, source => $source,
provider => $provider, provider => $provider,
ensure => $ensure, chain => $chain,
} }
} }
} }
@ -85,74 +85,74 @@ define platform::firewall::common (
$provider = $version ? {'ipv4' => 'iptables', 'ipv6' => 'ip6tables'} $provider = $version ? {'ipv4' => 'iptables', 'ipv6' => 'ip6tables'}
firewall { "000 platform accept non-oam ${version}": firewall { "000 platform accept non-oam ${version}":
proto => 'all', proto => 'all',
iniface => "! ${$interface}", iniface => "! ${$interface}",
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "001 platform accept related ${version}": firewall { "001 platform accept related ${version}":
proto => 'all', proto => 'all',
state => ['RELATED', 'ESTABLISHED'], state => ['RELATED', 'ESTABLISHED'],
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
# explicitly drop some types of traffic without logging # explicitly drop some types of traffic without logging
firewall { "800 platform drop tcf-agent udp ${version}": firewall { "800 platform drop tcf-agent udp ${version}":
proto => 'udp', proto => 'udp',
dport => 1534, dport => 1534,
action => 'drop', action => 'drop',
provider => $provider, provider => $provider,
} }
firewall { "800 platform drop tcf-agent tcp ${version}": firewall { "800 platform drop tcf-agent tcp ${version}":
proto => 'tcp', proto => 'tcp',
dport => 1534, dport => 1534,
action => 'drop', action => 'drop',
provider => $provider, provider => $provider,
} }
firewall { "800 platform drop all avahi-daemon ${version}": firewall { "800 platform drop all avahi-daemon ${version}":
proto => 'udp', proto => 'udp',
dport => 5353, dport => 5353,
action => 'drop', action => 'drop',
provider => $provider, provider => $provider,
} }
firewall { "999 platform log dropped ${version}": firewall { "999 platform log dropped ${version}":
proto => 'all', proto => 'all',
limit => '2/min', limit => '2/min',
jump => 'LOG', jump => 'LOG',
log_prefix => "${provider}-in-dropped: ", log_prefix => "${provider}-in-dropped: ",
log_level => 4, log_level => 4,
provider => $provider, provider => $provider,
} }
firewall { "000 platform forward non-oam ${version}": firewall { "000 platform forward non-oam ${version}":
chain => 'FORWARD', chain => 'FORWARD',
proto => 'all', proto => 'all',
iniface => "! ${interface}", iniface => "! ${interface}",
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "001 platform forward related ${version}": firewall { "001 platform forward related ${version}":
chain => 'FORWARD', chain => 'FORWARD',
proto => 'all', proto => 'all',
state => ['RELATED', 'ESTABLISHED'], state => ['RELATED', 'ESTABLISHED'],
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "999 platform log dropped ${version} forwarded": firewall { "999 platform log dropped ${version} forwarded":
chain => 'FORWARD', chain => 'FORWARD',
proto => 'all', proto => 'all',
limit => '2/min', limit => '2/min',
jump => 'LOG', jump => 'LOG',
log_prefix => "${provider}-fwd-dropped: ", log_prefix => "${provider}-fwd-dropped: ",
log_level => 4, log_level => 4,
provider => $provider, provider => $provider,
} }
} }
@ -171,58 +171,58 @@ define platform::firewall::services (
# Provider specific service rules # Provider specific service rules
firewall { "010 platform accept sm ${version}": firewall { "010 platform accept sm ${version}":
proto => 'udp', proto => 'udp',
dport => [2222, 2223], dport => [2222, 2223],
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "011 platform accept ssh ${version}": firewall { "011 platform accept ssh ${version}":
proto => 'tcp', proto => 'tcp',
dport => 22, dport => 22,
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "200 platform accept icmp ${version}": firewall { "200 platform accept icmp ${version}":
proto => $proto_icmp, proto => $proto_icmp,
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "201 platform accept ntp ${version}": firewall { "201 platform accept ntp ${version}":
proto => 'udp', proto => 'udp',
dport => 123, dport => 123,
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "202 platform accept snmp ${version}": firewall { "202 platform accept snmp ${version}":
proto => 'udp', proto => 'udp',
dport => 161, dport => 161,
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "202 platform accept snmp trap ${version}": firewall { "202 platform accept snmp trap ${version}":
proto => 'udp', proto => 'udp',
dport => 162, dport => 162,
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
firewall { "203 platform accept ptp ${version}": firewall { "203 platform accept ptp ${version}":
proto => 'udp', proto => 'udp',
dport => [319, 320], dport => [319, 320],
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
# allow IGMP Query traffic if IGMP Snooping is # allow IGMP Query traffic if IGMP Snooping is
# enabled on the TOR switch # enabled on the TOR switch
firewall { "204 platform accept igmp ${version}": firewall { "204 platform accept igmp ${version}":
proto => 'igmp', proto => 'igmp',
action => 'accept', action => 'accept',
provider => $provider, provider => $provider,
} }
} }
@ -236,21 +236,21 @@ define platform::firewall::hooks (
$input_pre_chain = 'INPUT-custom-pre' $input_pre_chain = 'INPUT-custom-pre'
$input_post_chain = 'INPUT-custom-post' $input_post_chain = 'INPUT-custom-post'
firewallchain { "$input_pre_chain:filter:$protocol": firewallchain { "${input_pre_chain}:filter:${protocol}":
ensure => present, ensure => present,
}-> }
firewallchain { "$input_post_chain:filter:$protocol": -> firewallchain { "${input_post_chain}:filter:${protocol}":
ensure => present, ensure => present,
}-> }
firewall { "100 $input_pre_chain $version": -> firewall { "100 ${input_pre_chain} ${version}":
proto => 'all', proto => 'all',
chain => 'INPUT', chain => 'INPUT',
jump => "$input_pre_chain" jump => $input_pre_chain
}-> }
firewall { "900 $input_post_chain $version": -> firewall { "900 ${input_post_chain} ${version}":
proto => 'all', proto => 'all',
chain => 'INPUT', chain => 'INPUT',
jump => "$input_post_chain" jump => $input_post_chain
} }
} }
@ -266,16 +266,16 @@ class platform::firewall::custom (
platform::firewall::hooks { '::platform:firewall:hooks': platform::firewall::hooks { '::platform:firewall:hooks':
version => $version, version => $version,
} -> }
exec { 'Flush firewall custom pre rules': -> exec { 'Flush firewall custom pre rules':
command => "iptables --flush INPUT-custom-pre", command => 'iptables --flush INPUT-custom-pre',
} -> }
exec { 'Flush firewall custom post rules': -> exec { 'Flush firewall custom post rules':
command => "iptables --flush INPUT-custom-post", command => 'iptables --flush INPUT-custom-post',
} -> }
exec { 'Apply firewall custom rules': -> exec { 'Apply firewall custom rules':
command => "$restore --noflush $rules_file", command => "${restore} --noflush ${rules_file}",
} }
} }
@ -295,12 +295,12 @@ class platform::firewall::oam (
platform::firewall::common { 'platform:firewall:ipv4': platform::firewall::common { 'platform:firewall:ipv4':
interface => $interface_name, interface => $interface_name,
version => 'ipv4', version => 'ipv4',
} }
platform::firewall::common { 'platform:firewall:ipv6': platform::firewall::common { 'platform:firewall:ipv6':
interface => $interface_name, interface => $interface_name,
version => 'ipv6', version => 'ipv6',
} }
platform::firewall::services { 'platform:firewall:services': platform::firewall::services { 'platform:firewall:services':
@ -312,34 +312,34 @@ class platform::firewall::oam (
ensure => present, ensure => present,
policy => drop, policy => drop,
before => undef, before => undef,
purge => false, purge => false,
} }
firewallchain { 'INPUT:filter:IPv6': firewallchain { 'INPUT:filter:IPv6':
ensure => present, ensure => present,
policy => drop, policy => drop,
before => undef, before => undef,
purge => false, purge => false,
} }
firewallchain { 'FORWARD:filter:IPv4': firewallchain { 'FORWARD:filter:IPv4':
ensure => present, ensure => present,
policy => drop, policy => drop,
before => undef, before => undef,
purge => false, purge => false,
} }
firewallchain { 'FORWARD:filter:IPv6': firewallchain { 'FORWARD:filter:IPv6':
ensure => present, ensure => present,
policy => drop, policy => drop,
before => undef, before => undef,
purge => false, purge => false,
} }
if $rules_file { if $rules_file {
class { '::platform::firewall::custom': class { '::platform::firewall::custom':
version => $version, version => $version,
rules_file => $rules_file, rules_file => $rules_file,
} }
} }

30
puppet-manifests/src/modules/platform/manifests/fm.pp
View File

@ -15,9 +15,9 @@ class platform::fm::config
$trap_dest_str = join($trap_destinations,',') $trap_dest_str = join($trap_destinations,',')
class { '::fm': class { '::fm':
region_name => $region_name, region_name => $region_name,
system_name => $system_name, system_name => $system_name,
trap_destinations => $trap_dest_str, trap_destinations => $trap_dest_str,
sysinv_catalog_info => $sysinv_catalog_info, sysinv_catalog_info => $sysinv_catalog_info,
} }
} }
@ -50,17 +50,17 @@ class platform::fm::haproxy
include ::platform::haproxy::params include ::platform::haproxy::params
platform::haproxy::proxy { 'fm-api-internal': platform::haproxy::proxy { 'fm-api-internal':
server_name => 's-fm-api-internal', server_name => 's-fm-api-internal',
public_ip_address => $::platform::haproxy::params::private_ip_address, public_ip_address => $::platform::haproxy::params::private_ip_address,
public_port => $api_port, public_port => $api_port,
private_ip_address => $api_host, private_ip_address => $api_host,
private_port => $api_port, private_port => $api_port,
public_api => false, public_api => false,
} }
platform::haproxy::proxy { 'fm-api-public': platform::haproxy::proxy { 'fm-api-public':
server_name => 's-fm-api-public', server_name => 's-fm-api-public',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -79,9 +79,9 @@ class platform::fm::api
include ::platform::params include ::platform::params
class { '::fm::api': class { '::fm::api':
host => $api_host, host => $api_host,
workers => $::platform::params::eng_workers, workers => $::platform::params::eng_workers,
sync_db => $::platform::params::init_database, sync_db => $::platform::params::init_database,
} }
include ::platform::fm::firewall include ::platform::fm::firewall
@ -94,8 +94,8 @@ class platform::fm::runtime {
require ::platform::fm::config require ::platform::fm::config
exec { 'notify-fm-mgr': exec { 'notify-fm-mgr':
command => "/usr/bin/pkill -HUP fmManager", command => '/usr/bin/pkill -HUP fmManager',
onlyif => "pgrep fmManager" onlyif => 'pgrep fmManager'
} }
} }

12
puppet-manifests/src/modules/platform/manifests/fstab.pp
View File

@ -4,16 +4,16 @@ class platform::fstab {
if $::personality != 'controller' { if $::personality != 'controller' {
exec { 'Unmount NFS filesystems': exec { 'Unmount NFS filesystems':
command => 'umount -a -t nfs ; sleep 5 ;', command => 'umount -a -t nfs ; sleep 5 ;',
} -> }
mount { '/opt/platform': -> mount { '/opt/platform':
device => 'controller-platform-nfs:/opt/platform',
fstype => 'nfs',
ensure => 'present', ensure => 'present',
fstype => 'nfs',
device => 'controller-platform-nfs:/opt/platform',
options => "${::platform::params::nfs_mount_options},_netdev", options => "${::platform::params::nfs_mount_options},_netdev",
atboot => 'yes', atboot => 'yes',
remounts => true, remounts => true,
} -> }
exec { 'Remount NFS filesystems': -> exec { 'Remount NFS filesystems':
command => 'umount -a -t nfs ; sleep 1 ; mount -a -t nfs', command => 'umount -a -t nfs ; sleep 1 ; mount -a -t nfs',
} }
} }

22
puppet-manifests/src/modules/platform/manifests/grub.pp
View File

@ -1,24 +1,24 @@
class platform::grub class platform::grub
{ {
include ::platform::params include ::platform::params
$managed_security_params = "nopti nospectre_v2" $managed_security_params = 'nopti nospectre_v2'
# Run grubby to update params # Run grubby to update params
# First, remove all the parameters we manage, then we add back in the ones # First, remove all the parameters we manage, then we add back in the ones
# we want to use # we want to use
exec { 'removing managed security kernel params from command line': exec { 'removing managed security kernel params from command line':
command => "grubby --update-kernel=`grubby --default-kernel` --remove-args=\"$managed_security_params\"", command => "grubby --update-kernel=`grubby --default-kernel` --remove-args=\"${managed_security_params}\"",
} -> }
exec { 'removing managed security kernel params from command line for EFI': -> exec { 'removing managed security kernel params from command line for EFI':
command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --remove-args=\"$managed_security_params\"", command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --remove-args=\"${managed_security_params}\"",
} -> }
exec { 'adding requested security kernel params to command line ': -> exec { 'adding requested security kernel params to command line ':
command => "grubby --update-kernel=`grubby --default-kernel` --args=\"${::platform::params::security_feature}\"", command => "grubby --update-kernel=`grubby --default-kernel` --args=\"${::platform::params::security_feature}\"",
onlyif => "test -n \"${::platform::params::security_feature}\"" onlyif => "test -n \"${::platform::params::security_feature}\""
} -> }
exec { 'adding requested security kernel params to command line for EFI': -> exec { 'adding requested security kernel params to command line for EFI':
command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --args=\"${::platform::params::security_feature}\"", command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --args=\"${::platform::params::security_feature}\"",
onlyif => "test -n \"${::platform::params::security_feature}\"" onlyif => "test -n \"${::platform::params::security_feature}\""
} }
} }

28
puppet-manifests/src/modules/platform/manifests/haproxy.pp
View File

@ -22,12 +22,12 @@ define platform::haproxy::proxy (
$public_api = true, $public_api = true,
) { ) {
include ::platform::haproxy::params include ::platform::haproxy::params
if $enable_https != undef { if $enable_https != undef {
$https_enabled = $enable_https $https_enabled = $enable_https
} else { } else {
$https_enabled = $::platform::haproxy::params::enable_https $https_enabled = $::platform::haproxy::params::enable_https
} }
if $x_forwarded_proto { if $x_forwarded_proto {
if $https_enabled and $public_api { if $https_enabled and $public_api {
@ -67,15 +67,15 @@ define platform::haproxy::proxy (
haproxy::frontend { $name: haproxy::frontend { $name:
collect_exported => false, collect_exported => false,
name => "${name}", name => $name,
bind => { bind => {
"${public_ip}:${public_port}" => $ssl_option, "${public_ip}:${public_port}" => $ssl_option,
}, },
options => { options => {
'default_backend' => "${name}-internal", 'default_backend' => "${name}-internal",
'reqadd' => $proto, 'reqadd' => $proto,
'timeout' => $real_client_timeout, 'timeout' => $real_client_timeout,
'rspadd' => $hsts_option, 'rspadd' => $hsts_option,
}, },
} }
@ -87,9 +87,9 @@ define platform::haproxy::proxy (
haproxy::backend { $name: haproxy::backend { $name:
collect_exported => false, collect_exported => false,
name => "${name}-internal", name => "${name}-internal",
options => { options => {
'server' => "${server_name} ${private_ip}:${private_port}", 'server' => "${server_name} ${private_ip}:${private_port}",
'timeout' => $timeout_option, 'timeout' => $timeout_option,
} }
} }
@ -106,9 +106,9 @@ class platform::haproxy::server {
$tpm_object = $::platform::haproxy::params::tpm_object $tpm_object = $::platform::haproxy::params::tpm_object
$tpm_engine = $::platform::haproxy::params::tpm_engine $tpm_engine = $::platform::haproxy::params::tpm_engine
if $tpm_object != undef { if $tpm_object != undef {
$tpm_options = {'tpm-object' => $tpm_object, 'tpm-engine' => $tpm_engine} $tpm_options = {'tpm-object' => $tpm_object, 'tpm-engine' => $tpm_engine}
$global_options = merge($::platform::haproxy::params::global_options, $tpm_options) $global_options = merge($::platform::haproxy::params::global_options, $tpm_options)
} else { } else {
$global_options = $::platform::haproxy::params::global_options $global_options = $::platform::haproxy::params::global_options
} }

88
puppet-manifests/src/modules/platform/manifests/helm.pp
View File

@ -6,69 +6,69 @@ class platform::helm
if $::platform::kubernetes::params::enabled { if $::platform::kubernetes::params::enabled {
if str2bool($::is_initial_config_primary) { if str2bool($::is_initial_config_primary) {
Class['::platform::kubernetes::master'] -> Class['::platform::kubernetes::master']
# TODO(jrichard): Upversion tiller image to v2.11.1 once released. # TODO(jrichard): Upversion tiller image to v2.11.1 once released.
exec { "load tiller docker image": -> exec { 'load tiller docker image':
command => "docker image pull gcr.io/kubernetes-helm/tiller@sha256:022ce9d4a99603be1d30a4ca96a7fa57a45e6f2ef11172f4333c18aaae407f5b", command => 'docker image pull gcr.io/kubernetes-helm/tiller@sha256:022ce9d4a99603be1d30a4ca96a7fa57a45e6f2ef11172f4333c18aaae407f5b',
logoutput => true, logoutput => true,
} -> }
# TODO(tngo): If and when tiller image is upversioned, please ensure armada compatibility as part of the test # TODO(tngo): If and when tiller image is upversioned, please ensure armada compatibility as part of the test
exec { "load armada docker image": -> exec { 'load armada docker image':
command => "docker image pull quay.io/airshipit/armada:f807c3a1ec727c883c772ffc618f084d960ed5c9", command => 'docker image pull quay.io/airshipit/armada:f807c3a1ec727c883c772ffc618f084d960ed5c9',
logoutput => true, logoutput => true,
} -> }
exec { "create service account for tiller": -> exec { 'create service account for tiller':
command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf create serviceaccount --namespace kube-system tiller", command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf create serviceaccount --namespace kube-system tiller',
logoutput => true, logoutput => true,
} -> }
exec { "create cluster role binding for tiller service account": -> exec { 'create cluster role binding for tiller service account':
command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller", command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller',
logoutput => true, logoutput => true,
} -> }
# TODO(jrichard): Upversion tiller image to v2.11.1 once released. # TODO(jrichard): Upversion tiller image to v2.11.1 once released.
exec { 'initialize helm': -> exec { 'initialize helm':
environment => [ "KUBECONFIG=/etc/kubernetes/admin.conf", "HOME=/home/wrsroot" ], environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
command => 'helm init --skip-refresh --service-account tiller --node-selectors "node-role.kubernetes.io/master"="" --tiller-image=gcr.io/kubernetes-helm/tiller@sha256:022ce9d4a99603be1d30a4ca96a7fa57a45e6f2ef11172f4333c18aaae407f5b', command => 'helm init --skip-refresh --service-account tiller --node-selectors "node-role.kubernetes.io/master"="" --tiller-image=gcr.io/kubernetes-helm/tiller@sha256:022ce9d4a99603be1d30a4ca96a7fa57a45e6f2ef11172f4333c18aaae407f5b',
logoutput => true, logoutput => true,
user => 'wrsroot', user => 'wrsroot',
group => 'wrs', group => 'wrs',
require => User['wrsroot'] require => User['wrsroot']
} -> }
file {"/www/pages/helm_charts": -> file {'/www/pages/helm_charts':
path => "/www/pages/helm_charts", ensure => directory,
ensure => directory, path => '/www/pages/helm_charts',
owner => "www", owner => 'www',
require => User['www'] require => User['www']
} -> }
exec { "restart lighttpd for helm": -> exec { 'restart lighttpd for helm':
require => File["/etc/lighttpd/lighttpd.conf"], require => File['/etc/lighttpd/lighttpd.conf'],
command => "systemctl restart lighttpd.service", command => 'systemctl restart lighttpd.service',
logoutput => true, logoutput => true,
} -> }
exec { "generate helm repo index": -> exec { 'generate helm repo index':
command => "helm repo index /www/pages/helm_charts", command => 'helm repo index /www/pages/helm_charts',
logoutput => true, logoutput => true,
user => 'www', user => 'www',
group => 'www', group => 'www',
require => User['www'] require => User['www']
} -> }
exec { "add local starlingx helm repo": -> exec { 'add local starlingx helm repo':
before => Exec['Stop lighttpd'], before => Exec['Stop lighttpd'],
environment => [ "KUBECONFIG=/etc/kubernetes/admin.conf" , "HOME=/home/wrsroot"], environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/wrsroot'],
command => "helm repo add starlingx http://127.0.0.1/helm_charts", command => 'helm repo add starlingx http://127.0.0.1/helm_charts',
logoutput => true, logoutput => true,
user => 'wrsroot', user => 'wrsroot',
group => 'wrs', group => 'wrs',
require => User['wrsroot'] require => User['wrsroot']
} }
} }
} }

62
puppet-manifests/src/modules/platform/manifests/influxdb.pp
View File

@ -1,60 +1,60 @@
class platform::influxdb::params ( class platform::influxdb::params (
$bind_address = undef, $bind_address = undef,
$database = undef, $database = undef,
$typesdb = undef, $typesdb = undef,
$batch_size = undef, $batch_size = undef,
$batch_pending = undef, $batch_pending = undef,
$batch_timeout = undef, $batch_timeout = undef,
$read_buffer = undef, $read_buffer = undef,
) {} ) {}
class platform::influxdb class platform::influxdb
inherits ::platform::influxdb::params { inherits ::platform::influxdb::params {
user { 'influxdb': ensure => present, } -> user { 'influxdb': ensure => present, }
group { 'influxdb': ensure => present, } -> -> group { 'influxdb': ensure => present, }
# make a pid dir for influxdb username and group # make a pid dir for influxdb username and group
file { "/var/run/influxdb": -> file { '/var/run/influxdb':
ensure => 'directory', ensure => 'directory',
owner => 'influxdb', owner => 'influxdb',
group => 'influxdb', group => 'influxdb',
mode => '0755', mode => '0755',
} -> }
# make a log dir for influxdb username and group # make a log dir for influxdb username and group
file { "/var/log/influxdb": -> file { '/var/log/influxdb':
ensure => 'directory', ensure => 'directory',
owner => 'influxdb', owner => 'influxdb',
group => 'influxdb', group => 'influxdb',
mode => '0755', mode => '0755',
} -> }
# make a lib dir for influxdb username and group # make a lib dir for influxdb username and group
file { "/var/lib/influxdb": -> file { '/var/lib/influxdb':
ensure => 'directory', ensure => 'directory',
owner => 'influxdb', owner => 'influxdb',
group => 'influxdb', group => 'influxdb',
mode => '0755', mode => '0755',
} -> # now configure influxdb } # now configure influxdb
file { "/etc/influxdb/influxdb.conf": -> file { '/etc/influxdb/influxdb.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/influxdb.conf.erb'), content => template('platform/influxdb.conf.erb'),
} -> # now make sure that influxdb is started } # now make sure that influxdb is started
# ensure that influxdb is running # ensure that influxdb is running
service { 'influxdb': -> service { 'influxdb':
ensure => running, ensure => running,
enable => true, enable => true,
provider => 'systemd' provider => 'systemd'
} -> # now ask pmon to monitor the process } # now ask pmon to monitor the process
# ensure pmon soft link for process monitoring # ensure pmon soft link for process monitoring
file { "/etc/pmon.d/influxdb.conf": -> file { '/etc/pmon.d/influxdb.conf':
ensure => 'link', ensure => 'link',
target => "/etc/influxdb/influxdb.conf.pmon", target => '/etc/influxdb/influxdb.conf.pmon',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
@ -68,17 +68,17 @@ class platform::influxdb::runtime {
class platform::influxdb::logrotate::params ( class platform::influxdb::logrotate::params (
$log_file_name = undef, $log_file_name = undef,
$log_file_size = undef, $log_file_size = undef,
$log_file_rotate = undef, $log_file_rotate = undef,
) {} ) {}
class platform::influxdb::logrotate class platform::influxdb::logrotate
inherits ::platform::influxdb::logrotate::params { inherits ::platform::influxdb::logrotate::params {
file { "/etc/logrotate.d/influxdb": file { '/etc/logrotate.d/influxdb':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/logrotate.erb'), content => template('platform/logrotate.erb'),
} }
} }

182
puppet-manifests/src/modules/platform/manifests/kubernetes.pp
View File

@ -25,46 +25,46 @@ class platform::kubernetes::kubeadm {
# repo. # repo.
file { '/etc/yum.repos.d/kubernetes.repo': file { '/etc/yum.repos.d/kubernetes.repo':
ensure => file, ensure => file,
content => "$repo_file", content => $repo_file,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} -> }
# Update iptables config. This is required based on: # Update iptables config. This is required based on:
# https://kubernetes.io/docs/tasks/tools/install-kubeadm # https://kubernetes.io/docs/tasks/tools/install-kubeadm
# This probably belongs somewhere else - initscripts package? # This probably belongs somewhere else - initscripts package?
file { '/etc/sysctl.d/k8s.conf': -> file { '/etc/sysctl.d/k8s.conf':
ensure => file, ensure => file,
content => "$iptables_file", content => $iptables_file,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} -> }
exec { "update kernel parameters for iptables": -> exec { 'update kernel parameters for iptables':
command => "sysctl --system", command => 'sysctl --system',
} -> }
# TODO: Update /etc/resolv.conf.k8s to be controlled by sysinv, as is done # TODO: Update /etc/resolv.conf.k8s to be controlled by sysinv, as is done
# for /etc/resolv.conf. Is should contain all the user-specified DNS # for /etc/resolv.conf. Is should contain all the user-specified DNS
# servers, but not the coredns IP. # servers, but not the coredns IP.
# Create custom resolv.conf file for kubelet # Create custom resolv.conf file for kubelet
file { "/etc/resolv.conf.k8s": -> file { '/etc/resolv.conf.k8s':
ensure => file, ensure => file,
content => "nameserver 8.8.8.8", content => 'nameserver 8.8.8.8',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} -> }
# Start kubelet. # Start kubelet.
service { 'kubelet': -> service { 'kubelet':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
} -> }
# A seperate enable is required since we have modified the service resource # A seperate enable is required since we have modified the service resource
# to never enable services. # to never enable services.
exec { 'enable-kubelet': -> exec { 'enable-kubelet':
command => '/usr/bin/systemctl enable kubelet.service', command => '/usr/bin/systemctl enable kubelet.service',
} }
} }
@ -83,35 +83,35 @@ class platform::kubernetes::master::init
file_line { "${resolv_conf} nameserver 8.8.8.8": file_line { "${resolv_conf} nameserver 8.8.8.8":
path => $resolv_conf, path => $resolv_conf,
line => 'nameserver 8.8.8.8', line => 'nameserver 8.8.8.8',
} -> }
# Configure the master node. # Configure the master node.
file { "/etc/kubernetes/kubeadm.yaml": -> file { '/etc/kubernetes/kubeadm.yaml':
ensure => file, ensure => file,
content => template('platform/kubeadm.yaml.erb'), content => template('platform/kubeadm.yaml.erb'),
} -> }
exec { "configure master node": -> exec { 'configure master node':
command => "kubeadm init --config=/etc/kubernetes/kubeadm.yaml", command => 'kubeadm init --config=/etc/kubernetes/kubeadm.yaml',
logoutput => true, logoutput => true,
} -> }
# Update ownership/permissions for file created by "kubeadm init". # Update ownership/permissions for file created by "kubeadm init".
# We want it readable by sysinv and wrsroot. # We want it readable by sysinv and wrsroot.
file { "/etc/kubernetes/admin.conf": -> file { '/etc/kubernetes/admin.conf':
ensure => file, ensure => file,
owner => 'root', owner => 'root',
group => $::platform::params::protected_group_name, group => $::platform::params::protected_group_name,
mode => '0640', mode => '0640',
} -> }
# Add a bash profile script to set a k8s env variable # Add a bash profile script to set a k8s env variable
file {'bash_profile_k8s': -> file {'bash_profile_k8s':
path => '/etc/profile.d/kubeconfig.sh', ensure => file,
ensure => file, path => '/etc/profile.d/kubeconfig.sh',
mode => '0644', mode => '0644',
source => "puppet:///modules/${module_name}/kubeconfig.sh" source => "puppet:///modules/${module_name}/kubeconfig.sh"
} -> }
# Configure calico networking using the Kubernetes API datastore. This is # Configure calico networking using the Kubernetes API datastore. This is
# beta functionality and has this limitation: # beta functionality and has this limitation:
@ -120,35 +120,35 @@ class platform::kubernetes::master::init
# with Kubernetes pod CIDR assignments instead. # with Kubernetes pod CIDR assignments instead.
# See https://docs.projectcalico.org/v3.2/getting-started/kubernetes/ # See https://docs.projectcalico.org/v3.2/getting-started/kubernetes/
# installation/calico for more info. # installation/calico for more info.
file { "/etc/kubernetes/rbac-kdd.yaml": -> file { '/etc/kubernetes/rbac-kdd.yaml':
ensure => file, ensure => file,
content => template('platform/rbac-kdd.yaml.erb'), content => template('platform/rbac-kdd.yaml.erb'),
} -> }
exec { "configure calico RBAC": -> exec { 'configure calico RBAC':
command => command =>
"kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/rbac-kdd.yaml", 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/rbac-kdd.yaml',
logoutput => true, logoutput => true,
} -> }
file { "/etc/kubernetes/calico.yaml": -> file { '/etc/kubernetes/calico.yaml':
ensure => file, ensure => file,
content => template('platform/calico.yaml.erb'), content => template('platform/calico.yaml.erb'),
} -> }
exec { "install calico networking": -> exec { 'install calico networking':
command => command =>
"kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml", 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml',
logoutput => true, logoutput => true,
} -> }
# kubernetes 1.12 uses coredns rather than kube-dns. # kubernetes 1.12 uses coredns rather than kube-dns.
# Restrict the dns pod to master nodes # Restrict the dns pod to master nodes
exec { "restrict coredns to master nodes": -> exec { 'restrict coredns to master nodes':
command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'',
logoutput => true, logoutput => true,
} -> }
# Remove the taint from the master node # Remove the taint from the master node
exec { "remove taint from master node": -> exec { 'remove taint from master node':
command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master-", command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master-",
logoutput => true, logoutput => true,
} }
} else { } else {
@ -157,80 +157,80 @@ class platform::kubernetes::master::init
# existing certificates. # existing certificates.
# Create necessary certificate files # Create necessary certificate files
file { "/etc/kubernetes/pki": file { '/etc/kubernetes/pki':
ensure => directory, ensure => directory,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0755', mode => '0755',
} -> }
file { '/etc/kubernetes/pki/ca.crt': -> file { '/etc/kubernetes/pki/ca.crt':
ensure => file, ensure => file,
content => "$ca_crt", content => $ca_crt,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
} -> }
file { '/etc/kubernetes/pki/ca.key': -> file { '/etc/kubernetes/pki/ca.key':
ensure => file, ensure => file,
content => "$ca_key", content => $ca_key,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} -> }
file { '/etc/kubernetes/pki/sa.key': -> file { '/etc/kubernetes/pki/sa.key':
ensure => file, ensure => file,
content => "$sa_key", content => $sa_key,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} -> }
file { '/etc/kubernetes/pki/sa.pub': -> file { '/etc/kubernetes/pki/sa.pub':
ensure => file, ensure => file,
content => "$sa_pub", content => $sa_pub,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} -> }
# Configure the master node. # Configure the master node.
file { "/etc/kubernetes/kubeadm.yaml": -> file { '/etc/kubernetes/kubeadm.yaml':
ensure => file, ensure => file,
content => template('platform/kubeadm.yaml.erb'), content => template('platform/kubeadm.yaml.erb'),
} -> }
exec { "configure master node": -> exec { 'configure master node':
command => "kubeadm init --config=/etc/kubernetes/kubeadm.yaml", command => 'kubeadm init --config=/etc/kubernetes/kubeadm.yaml',
logoutput => true, logoutput => true,
} -> }
# Update ownership/permissions for file created by "kubeadm init". # Update ownership/permissions for file created by "kubeadm init".
# We want it readable by sysinv and wrsroot. # We want it readable by sysinv and wrsroot.
file { "/etc/kubernetes/admin.conf": -> file { '/etc/kubernetes/admin.conf':
ensure => file, ensure => file,
owner => 'root', owner => 'root',
group => $::platform::params::protected_group_name, group => $::platform::params::protected_group_name,
mode => '0640', mode => '0640',
} -> }
# Add a bash profile script to set a k8s env variable # Add a bash profile script to set a k8s env variable
file {'bash_profile_k8s': -> file {'bash_profile_k8s':
path => '/etc/profile.d/kubeconfig.sh', ensure => present,
ensure => present, path => '/etc/profile.d/kubeconfig.sh',
mode => '0644', mode => '0644',
source => "puppet:///modules/${module_name}/kubeconfig.sh" source => "puppet:///modules/${module_name}/kubeconfig.sh"
} -> }
# kubernetes 1.12 uses coredns rather than kube-dns. # kubernetes 1.12 uses coredns rather than kube-dns.
# Restrict the dns pod to master nodes. It seems that each time # Restrict the dns pod to master nodes. It seems that each time
# kubeadm init is run, it undoes any changes to the deployment. # kubeadm init is run, it undoes any changes to the deployment.
exec { "restrict coredns to master nodes": -> exec { 'restrict coredns to master nodes':
command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'',
logoutput => true, logoutput => true,
} -> }
# Remove the taint from the master node # Remove the taint from the master node
exec { "remove taint from master node": -> exec { 'remove taint from master node':
command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master-", command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master-",
logoutput => true, logoutput => true,
} }
} }
@ -247,9 +247,9 @@ class platform::kubernetes::master
Class['::platform::etcd'] -> Class[$name] Class['::platform::etcd'] -> Class[$name]
Class['::platform::docker::config'] -> Class[$name] Class['::platform::docker::config'] -> Class[$name]
Class['::platform::kubernetes::kubeadm'] -> Class['::platform::kubernetes::kubeadm']
Class['::platform::kubernetes::master::init'] -> -> Class['::platform::kubernetes::master::init']
Class['::platform::kubernetes::firewall'] -> Class['::platform::kubernetes::firewall']
} }
} }
@ -264,10 +264,10 @@ class platform::kubernetes::worker::init
# Configure the worker node. Only do this once, so check whether the # Configure the worker node. Only do this once, so check whether the
# kubelet.conf file has already been created (by the join). # kubelet.conf file has already been created (by the join).
exec { "configure worker node": exec { 'configure worker node':
command => "$join_cmd", command => $join_cmd,
logoutput => true, logoutput => true,
unless => 'test -f /etc/kubernetes/kubelet.conf', unless => 'test -f /etc/kubernetes/kubelet.conf',
} }
} }
@ -280,13 +280,13 @@ class platform::kubernetes::worker
contain ::platform::kubernetes::kubeadm contain ::platform::kubernetes::kubeadm
contain ::platform::kubernetes::worker::init contain ::platform::kubernetes::worker::init
Class['::platform::kubernetes::kubeadm'] -> Class['::platform::kubernetes::kubeadm']
Class['::platform::kubernetes::worker::init'] -> Class['::platform::kubernetes::worker::init']
} }
if $enabled { if $enabled {
file { "/var/run/.disable_worker_services": file { '/var/run/.disable_worker_services':
ensure => file, ensure => file,
replace => no, replace => no,
} }
# TODO: The following exec is a workaround. Once kubernetes becomes the # TODO: The following exec is a workaround. Once kubernetes becomes the
@ -294,7 +294,7 @@ class platform::kubernetes::worker
# the load. # the load.
exec { 'Update PMON libvirtd.conf': exec { 'Update PMON libvirtd.conf':
command => "/bin/sed -i 's#mode = passive#mode = ignore #' /etc/pmon.d/libvirtd.conf", command => "/bin/sed -i 's#mode = passive#mode = ignore #' /etc/pmon.d/libvirtd.conf",
onlyif => '/usr/bin/test -e /etc/pmon.d/libvirtd.conf' onlyif => '/usr/bin/test -e /etc/pmon.d/libvirtd.conf'
} }
} }
} }
@ -333,6 +333,6 @@ class platform::kubernetes::firewall
destination => $d_mgmt_subnet, destination => $d_mgmt_subnet,
source => $s_mgmt_subnet, source => $s_mgmt_subnet,
tosource => $oam_float_ip tosource => $oam_float_ip
} }
} }
} }

74
puppet-manifests/src/modules/platform/manifests/ldap.pp
View File

@ -11,7 +11,7 @@ class platform::ldap::params (
class platform::ldap::server class platform::ldap::server
inherits ::platform::ldap::params { inherits ::platform::ldap::params {
if ! $ldapserver_remote { if ! $ldapserver_remote {
include ::platform::ldap::server::local include ::platform::ldap::server::local
} }
} }
@ -38,7 +38,7 @@ class platform::ldap::server::local
service { 'openldap': service { 'openldap':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => "slapd", name => 'slapd',
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
} }
@ -55,47 +55,47 @@ class platform::ldap::server::local
-e 's:^rootpw .*:rootpw ${admin_hashed_pw}:' \\ -e 's:^rootpw .*:rootpw ${admin_hashed_pw}:' \\
-e 's:modulepath .*:modulepath /usr/lib64/openldap:' \\ -e 's:modulepath .*:modulepath /usr/lib64/openldap:' \\
/etc/openldap/slapd.conf", /etc/openldap/slapd.conf",
onlyif => '/usr/bin/test -e /etc/openldap/slapd.conf' onlyif => '/usr/bin/test -e /etc/openldap/slapd.conf'
} }
# don't populate the adminpw if binding anonymously # don't populate the adminpw if binding anonymously
if ! $bind_anonymous { if ! $bind_anonymous {
file { "/usr/local/etc/ldapscripts/ldapscripts.passwd": file { '/usr/local/etc/ldapscripts/ldapscripts.passwd':
content => $admin_pw, content => $admin_pw,
} }
} }
file { "/usr/share/cracklib/cracklib-small": file { '/usr/share/cracklib/cracklib-small':
ensure => link, ensure => link,
target => "/usr/share/cracklib/cracklib-small.pwd", target => '/usr/share/cracklib/cracklib-small.pwd',
} }
# start openldap with updated config and updated nsswitch # start openldap with updated config and updated nsswitch
# then convert slapd config to db format. Note, slapd must have run and created the db prior to this. # then convert slapd config to db format. Note, slapd must have run and created the db prior to this.
Exec['stop-openldap'] -> Exec['stop-openldap']
Exec['update-slapd-conf'] -> -> Exec['update-slapd-conf']
Service['nscd'] -> -> Service['nscd']
Service['nslcd'] -> -> Service['nslcd']
Service['openldap'] -> -> Service['openldap']
Exec['slapd-convert-config'] -> -> Exec['slapd-convert-config']
Exec['slapd-conf-move-backup'] -> Exec['slapd-conf-move-backup']
} }
class platform::ldap::client class platform::ldap::client
inherits ::platform::ldap::params { inherits ::platform::ldap::params {
file { "/etc/openldap/ldap.conf": file { '/etc/openldap/ldap.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/ldap.conf.erb'), content => template('platform/ldap.conf.erb'),
} }
file { "/etc/nslcd.conf": file { '/etc/nslcd.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/nslcd.conf.erb'), content => template('platform/nslcd.conf.erb'),
} -> }
service { 'nslcd': -> service { 'nslcd':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => 'nslcd', name => 'nslcd',
@ -104,7 +104,7 @@ class platform::ldap::client
} }
if $::personality == 'controller' { if $::personality == 'controller' {
file { "/usr/local/etc/ldapscripts/ldapscripts.conf": file { '/usr/local/etc/ldapscripts/ldapscripts.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/ldapscripts.conf.erb'), content => template('platform/ldapscripts.conf.erb'),
@ -127,30 +127,30 @@ class platform::ldap::bootstrap
exec { 'populate initial ldap configuration': exec { 'populate initial ldap configuration':
command => "ldapadd -D ${dn} -w ${admin_pw} -f /etc/openldap/initial_config.ldif" command => "ldapadd -D ${dn} -w ${admin_pw} -f /etc/openldap/initial_config.ldif"
} -> }
exec { "create ldap admin user": -> exec { 'create ldap admin user':
command => "ldapadduser admin root" command => 'ldapadduser admin root'
} -> }
exec { "create ldap operator user": -> exec { 'create ldap operator user':
command => "ldapadduser operator users" command => 'ldapadduser operator users'
} -> }
exec { 'create ldap protected group': -> exec { 'create ldap protected group':
command => "ldapaddgroup ${::platform::params::protected_group_name} ${::platform::params::protected_group_id}" command => "ldapaddgroup ${::platform::params::protected_group_name} ${::platform::params::protected_group_id}"
} -> }
exec { "add admin to wrs protected group" : -> exec { 'add admin to wrs protected group' :
command => "ldapaddusertogroup admin ${::platform::params::protected_group_name}", command => "ldapaddusertogroup admin ${::platform::params::protected_group_name}",
} -> }
exec { "add operator to wrs protected group" : -> exec { 'add operator to wrs protected group' :
command => "ldapaddusertogroup operator ${::platform::params::protected_group_name}", command => "ldapaddusertogroup operator ${::platform::params::protected_group_name}",
} -> }
# Change operator shell from default to /usr/local/bin/cgcs_cli # Change operator shell from default to /usr/local/bin/cgcs_cli
file { "/tmp/ldap.cgcs-shell.ldif": -> file { '/tmp/ldap.cgcs-shell.ldif':
ensure => present, ensure => present,
replace => true, replace => true,
source => "puppet:///modules/${module_name}/ldap.cgcs-shell.ldif" source => "puppet:///modules/${module_name}/ldap.cgcs-shell.ldif"
} -> }
exec { 'ldap cgcs-cli shell update': -> exec { 'ldap cgcs-cli shell update':
command => command =>
"ldapmodify -D ${dn} -w ${admin_pw} -f /tmp/ldap.cgcs-shell.ldif" "ldapmodify -D ${dn} -w ${admin_pw} -f /tmp/ldap.cgcs-shell.ldif"
} }

12
puppet-manifests/src/modules/platform/manifests/lldp.pp
View File

@ -13,18 +13,18 @@ class platform::lldp
$system = $::platform::params::system_name $system = $::platform::params::system_name
$version = $::platform::params::software_version $version = $::platform::params::software_version
file { "/etc/lldpd.conf": file { '/etc/lldpd.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/lldp.conf.erb'), content => template('platform/lldp.conf.erb'),
notify => Service['lldpd'], notify => Service['lldpd'],
} }
file { "/etc/default/lldpd": file { '/etc/default/lldpd':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/lldpd.default.erb'), content => template('platform/lldpd.default.erb'),
notify => Service['lldpd'], notify => Service['lldpd'],
} }
service { 'lldpd': service { 'lldpd':

50
puppet-manifests/src/modules/platform/manifests/lvm.pp
View File

@ -10,20 +10,20 @@ class platform::lvm
# Mask socket unit as well to make sure # Mask socket unit as well to make sure
# systemd socket activation does not happen # systemd socket activation does not happen
service { 'lvm2-lvmetad.socket': service { 'lvm2-lvmetad.socket':
enable => mask,
ensure => 'stopped', ensure => 'stopped',
} -> enable => mask,
}
# Masking service unit ensures that it is not started again # Masking service unit ensures that it is not started again
service { 'lvm2-lvmetad': -> service { 'lvm2-lvmetad':
enable => mask,
ensure => 'stopped', ensure => 'stopped',
} -> enable => mask,
}
# Since masking is changing unit symlinks to point to /dev/null, # Since masking is changing unit symlinks to point to /dev/null,
# we need to reload systemd configuration # we need to reload systemd configuration
exec { 'lvmetad-systemd-daemon-reload': -> exec { 'lvmetad-systemd-daemon-reload':
command => "systemctl daemon-reload", command => 'systemctl daemon-reload',
} -> }
file_line { 'use_lvmetad': -> file_line { 'use_lvmetad':
path => '/etc/lvm/lvm.conf', path => '/etc/lvm/lvm.conf',
match => '^[^#]*use_lvmetad = 1', match => '^[^#]*use_lvmetad = 1',
line => ' use_lvmetad = 0', line => ' use_lvmetad = 0',
@ -32,17 +32,17 @@ class platform::lvm
define platform::lvm::global_filter($filter) { define platform::lvm::global_filter($filter) {
file_line { "$name: update lvm global_filter": file_line { "${name}: update lvm global_filter":
path => '/etc/lvm/lvm.conf', path => '/etc/lvm/lvm.conf',
line => " global_filter = $filter", line => " global_filter = ${filter}",
match => '^[ ]*global_filter =', match => '^[ ]*global_filter =',
} }
} }
define platform::lvm::umount { define platform::lvm::umount {
exec { "umount disk $name": exec { "umount disk ${name}":
command => "umount $name; true", command => "umount ${name}; true",
} }
} }
@ -53,12 +53,12 @@ class platform::lvm::vg::cgts_vg(
) inherits platform::lvm::params { ) inherits platform::lvm::params {
::platform::lvm::umount { $physical_volumes: ::platform::lvm::umount { $physical_volumes:
} -> }
physical_volume { $physical_volumes: -> physical_volume { $physical_volumes:
ensure => present,
} ->
volume_group { $vg_name:
ensure => present, ensure => present,
}
-> volume_group { $vg_name:
ensure => present,
physical_volumes => $physical_volumes, physical_volumes => $physical_volumes,
} }
} }
@ -90,13 +90,13 @@ class platform::lvm::controller::vgs {
class platform::lvm::controller class platform::lvm::controller
inherits ::platform::lvm::params { inherits ::platform::lvm::params {
::platform::lvm::global_filter { "transition filter": ::platform::lvm::global_filter { 'transition filter':
filter => $transition_filter, filter => $transition_filter,
before => Class['::platform::lvm::controller::vgs'] before => Class['::platform::lvm::controller::vgs']
} }
::platform::lvm::global_filter { "final filter": ::platform::lvm::global_filter { 'final filter':
filter => $final_filter, filter => $final_filter,
require => Class['::platform::lvm::controller::vgs'] require => Class['::platform::lvm::controller::vgs']
} }
@ -125,13 +125,13 @@ class platform::lvm::compute::vgs {
class platform::lvm::compute class platform::lvm::compute
inherits ::platform::lvm::params { inherits ::platform::lvm::params {
::platform::lvm::global_filter { "transition filter": ::platform::lvm::global_filter { 'transition filter':
filter => $transition_filter, filter => $transition_filter,
before => Class['::platform::lvm::compute::vgs'] before => Class['::platform::lvm::compute::vgs']
} }
::platform::lvm::global_filter { "final filter": ::platform::lvm::global_filter { 'final filter':
filter => $final_filter, filter => $final_filter,
require => Class['::platform::lvm::compute::vgs'] require => Class['::platform::lvm::compute::vgs']
} }
@ -155,7 +155,7 @@ class platform::lvm::storage::vgs {
class platform::lvm::storage class platform::lvm::storage
inherits ::platform::lvm::params { inherits ::platform::lvm::params {
::platform::lvm::global_filter { "final filter": ::platform::lvm::global_filter { 'final filter':
filter => $final_filter, filter => $final_filter,
before => Class['::platform::lvm::storage::vgs'] before => Class['::platform::lvm::storage::vgs']
} }

24
puppet-manifests/src/modules/platform/manifests/memcached.pp
View File

@ -1,13 +1,13 @@
class platform::memcached::params( class platform::memcached::params(
$package_ensure = 'present', $package_ensure = 'present',
$logfile = '/var/log/memcached.log', $logfile = '/var/log/memcached.log',
# set CACHESIZE in /etc/sysconfig/memcached # set CACHESIZE in /etc/sysconfig/memcached
$max_memory = false, $max_memory = false,
$tcp_port = 11211, $tcp_port = 11211,
$udp_port = 11211, $udp_port = 11211,
# set MAXCONN in /etc/sysconfig/memcached # set MAXCONN in /etc/sysconfig/memcached
$max_connections = 8192, $max_connections = 8192,
$service_restart = true, $service_restart = true,
) { ) {
include ::platform::params include ::platform::params
$controller_0_hostname = $::platform::params::controller_0_hostname $controller_0_hostname = $::platform::params::controller_0_hostname
@ -43,9 +43,9 @@ class platform::memcached
max_connections => $max_connections, max_connections => $max_connections,
max_memory => $max_memory, max_memory => $max_memory,
service_restart => $service_restart, service_restart => $service_restart,
} -> }
exec { 'systemctl enable memcached.service': -> exec { 'systemctl enable memcached.service':
command => "/usr/bin/systemctl enable memcached.service", command => '/usr/bin/systemctl enable memcached.service',
} }
} }

28
puppet-manifests/src/modules/platform/manifests/mtce.pp
View File

@ -31,7 +31,7 @@ class platform::mtce
include ::platform::client::credentials::params include ::platform::client::credentials::params
$keyring_directory = $::platform::client::credentials::params::keyring_directory $keyring_directory = $::platform::client::credentials::params::keyring_directory
file { "/etc/mtc.ini": file { '/etc/mtc.ini':
ensure => present, ensure => present,
mode => '0755', mode => '0755',
content => template('mtce/mtc_ini.erb'), content => template('mtce/mtc_ini.erb'),
@ -39,10 +39,10 @@ class platform::mtce
$boot_device = $::boot_disk_device_path $boot_device = $::boot_disk_device_path
file { "/etc/rmonfiles.d/static.conf": file { '/etc/rmonfiles.d/static.conf':
ensure => present, ensure => present,
mode => '0644', mode => '0644',
content => template('mtce/static_conf.erb'), content => template('mtce/static_conf.erb'),
} }
} }
@ -53,17 +53,17 @@ class platform::mtce::agent
if $::platform::params::init_keystone { if $::platform::params::init_keystone {
# configure a mtce keystone user # configure a mtce keystone user
keystone_user { $auth_username: keystone_user { $auth_username:
password => $auth_pw,
ensure => present, ensure => present,
password => $auth_pw,
enabled => true, enabled => true,
} }
# assign an admin role for this mtce user on the services tenant # assign an admin role for this mtce user on the services tenant
keystone_user_role { "${auth_username}@${auth_project}": keystone_user_role { "${auth_username}@${auth_project}":
ensure => present, ensure => present,
user_domain => $auth_user_domain, user_domain => $auth_user_domain,
project_domain => $auth_project_domain, project_domain => $auth_project_domain,
roles => ['admin'], roles => ['admin'],
} }
} }
} }
@ -71,19 +71,19 @@ class platform::mtce::agent
class platform::mtce::reload { class platform::mtce::reload {
exec {'signal-mtc-agent': exec {'signal-mtc-agent':
command => "pkill -HUP mtcAgent", command => 'pkill -HUP mtcAgent',
} }
exec {'signal-hbs-agent': exec {'signal-hbs-agent':
command => "pkill -HUP hbsAgent", command => 'pkill -HUP hbsAgent',
} }
# mtcClient and hbsClient don't currently reload all configuration, # mtcClient and hbsClient don't currently reload all configuration,
# therefore they must be restarted. Move to HUP if daemon updated. # therefore they must be restarted. Move to HUP if daemon updated.
exec {'pmon-restart-hbs-client': exec {'pmon-restart-hbs-client':
command => "pmon-restart hbsClient", command => 'pmon-restart hbsClient',
} }
exec {'pmon-restart-mtc-client': exec {'pmon-restart-mtc-client':
command => "pmon-restart mtcClient", command => 'pmon-restart mtcClient',
} }
} }

18
puppet-manifests/src/modules/platform/manifests/multipath.pp
View File

@ -9,16 +9,16 @@ class platform::multipath
file { '/etc/multipath.conf': file { '/etc/multipath.conf':
ensure => 'present', ensure => 'present',
mode => '0644', mode => '0644',
content => template("platform/multipath.conf.erb") content => template('platform/multipath.conf.erb')
} -> }
service { 'start-multipathd': -> service { 'start-multipathd':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => 'multipathd', name => 'multipathd',
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
} -> }
exec { 'systemctl-enable-multipathd': -> exec { 'systemctl-enable-multipathd':
command => '/usr/bin/systemctl enable multipathd.service', command => '/usr/bin/systemctl enable multipathd.service',
} }
} else { } else {
@ -28,11 +28,11 @@ class platform::multipath
name => 'multipathd', name => 'multipathd',
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
} -> }
exec { 'systemctl-disable-multipathd': -> exec { 'systemctl-disable-multipathd':
command => '/usr/bin/systemctl disable multipathd.service', command => '/usr/bin/systemctl disable multipathd.service',
} -> }
file { '/etc/multipath.conf': -> file { '/etc/multipath.conf':
ensure => 'absent', ensure => 'absent',
} }
} }

20
puppet-manifests/src/modules/platform/manifests/network.pp
View File

@ -100,7 +100,7 @@ define network_address (
# will configure them on the active controller. # will configure them on the active controller.
exec { "Configuring ${name} IP address": exec { "Configuring ${name} IP address":
command => "ip addr replace ${address} dev ${ifname} ${options}", command => "ip addr replace ${address} dev ${ifname} ${options}",
onlyif => "test -f /etc/platform/simplex", onlyif => 'test -f /etc/platform/simplex',
} }
} }
@ -123,18 +123,18 @@ class platform::network::apply {
include ::platform::interfaces include ::platform::interfaces
include ::platform::addresses include ::platform::addresses
Network_config <| |> -> Network_config <| |>
Exec['apply-network-config'] -> -> Exec['apply-network-config']
Network_address <| |> -> -> Network_address <| |>
Anchor['platform::networking'] -> Anchor['platform::networking']
# Adding Network_route dependency separately, in case it's empty, # Adding Network_route dependency separately, in case it's empty,
# as puppet bug will remove dependency altogether if # as puppet bug will remove dependency altogether if
# Network_route is empty. See below. # Network_route is empty. See below.
# https://projects.puppetlabs.com/issues/18399 # https://projects.puppetlabs.com/issues/18399
Network_config <| |> -> Network_config <| |>
Network_route <| |> -> -> Network_route <| |>
Exec['apply-network-config'] -> Exec['apply-network-config']
exec {'apply-network-config': exec {'apply-network-config':
command => 'apply_network_config.sh', command => 'apply_network_config.sh',
@ -161,7 +161,7 @@ class platform::network (
exec { 'connectivity-test-management': exec { 'connectivity-test-management':
command => "${testcmd} -t 70 -i ${management_interface} controller-platform-nfs; /bin/true", command => "${testcmd} -t 70 -i ${management_interface} controller-platform-nfs; /bin/true",
require => Anchor['platform::networking'], require => Anchor['platform::networking'],
onlyif => "test ! -f /etc/platform/simplex", onlyif => 'test ! -f /etc/platform/simplex',
} }
} }
@ -169,7 +169,7 @@ class platform::network (
exec { 'connectivity-test-infrastructure': exec { 'connectivity-test-infrastructure':
command => "${testcmd} -t 120 -i ${infrastructure_interface} controller-nfs; /bin/true", command => "${testcmd} -t 120 -i ${infrastructure_interface} controller-nfs; /bin/true",
require => Anchor['platform::networking'], require => Anchor['platform::networking'],
onlyif => "test ! -f /etc/platform/simplex", onlyif => 'test ! -f /etc/platform/simplex',
} }
} }
} }

4
puppet-manifests/src/modules/platform/manifests/nfv.pp
View File

@ -77,8 +77,8 @@ class platform::nfv::haproxy
inherits ::platform::nfv::params { inherits ::platform::nfv::params {
platform::haproxy::proxy { 'vim-restapi': platform::haproxy::proxy { 'vim-restapi':
server_name => 's-vim-restapi', server_name => 's-vim-restapi',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }

46
puppet-manifests/src/modules/platform/manifests/ntp.pp
View File

@ -9,37 +9,37 @@ class platform::ntp (
$pmon_ensure = 'absent' $pmon_ensure = 'absent'
} }
File['ntp_config'] -> File['ntp_config']
File['ntp_config_initial'] -> -> File['ntp_config_initial']
file {'ntpdate_override_dir': -> file {'ntpdate_override_dir':
ensure => directory, ensure => directory,
path => '/etc/systemd/system/ntpdate.service.d', path => '/etc/systemd/system/ntpdate.service.d',
mode => '0755', mode => '0755',
} -> }
file { 'ntpdate_tis_override': -> file { 'ntpdate_tis_override':
ensure => file, ensure => file,
path => '/etc/systemd/system/ntpdate.service.d/tis_override.conf', path => '/etc/systemd/system/ntpdate.service.d/tis_override.conf',
mode => '0644', mode => '0644',
content => template('platform/ntp.override.erb'), content => template('platform/ntp.override.erb'),
} -> }
file { 'ntp_pmon_config': -> file { 'ntp_pmon_config':
ensure => file, ensure => file,
path => '/etc/ntp.pmon.conf', path => '/etc/ntp.pmon.conf',
mode => '0644', mode => '0644',
content => template('platform/ntp.pmon.conf.erb'), content => template('platform/ntp.pmon.conf.erb'),
} -> }
exec { 'systemd-daemon-reload': -> exec { 'systemd-daemon-reload':
command => '/usr/bin/systemctl daemon-reload', command => '/usr/bin/systemctl daemon-reload',
} -> }
exec { 'stop-ntpdate': -> exec { 'stop-ntpdate':
command => '/usr/bin/systemctl stop ntpdate.service', command => '/usr/bin/systemctl stop ntpdate.service',
returns => [ 0, 1 ], returns => [ 0, 1 ],
} -> }
exec { 'stop-ntpd': -> exec { 'stop-ntpd':
command => '/usr/bin/systemctl stop ntpd.service', command => '/usr/bin/systemctl stop ntpd.service',
returns => [ 0, 1 ], returns => [ 0, 1 ],
} -> }
file { 'ntp_pmon_link': -> file { 'ntp_pmon_link':
ensure => $pmon_ensure, ensure => $pmon_ensure,
path => '/etc/pmon.d/ntpd.conf', path => '/etc/pmon.d/ntpd.conf',
target => '/etc/ntp.pmon.conf', target => '/etc/ntp.pmon.conf',
@ -52,16 +52,16 @@ class platform::ntp (
exec { 'enable-ntpdate': exec { 'enable-ntpdate':
command => '/usr/bin/systemctl enable ntpdate.service', command => '/usr/bin/systemctl enable ntpdate.service',
require => File['ntp_pmon_link'], require => File['ntp_pmon_link'],
} -> }
exec { 'enable-ntpd': -> exec { 'enable-ntpd':
command => '/usr/bin/systemctl enable ntpd.service', command => '/usr/bin/systemctl enable ntpd.service',
} -> }
exec { 'start-ntpdate': -> exec { 'start-ntpdate':
command => '/usr/bin/systemctl start ntpdate.service', command => '/usr/bin/systemctl start ntpdate.service',
returns => [ 0, 1 ], returns => [ 0, 1 ],
onlyif => "test ! -f /etc/platform/simplex || grep -q '^server' /etc/ntp.conf", onlyif => "test ! -f /etc/platform/simplex || grep -q '^server' /etc/ntp.conf",
} -> }
service { 'ntpd': -> service { 'ntpd':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => 'ntpd', name => 'ntpd',
@ -72,8 +72,8 @@ class platform::ntp (
exec { 'disable-ntpdate': exec { 'disable-ntpdate':
command => '/usr/bin/systemctl disable ntpdate.service', command => '/usr/bin/systemctl disable ntpdate.service',
require => File['ntp_pmon_link'], require => File['ntp_pmon_link'],
} -> }
exec { 'disable-ntpd': -> exec { 'disable-ntpd':
command => '/usr/bin/systemctl disable ntpd.service', command => '/usr/bin/systemctl disable ntpd.service',
} }
} }

6
puppet-manifests/src/modules/platform/manifests/params.pp
View File

@ -27,7 +27,7 @@ class platform::params (
$ipv4 = 4 $ipv4 = 4
$ipv6 = 6 $ipv6 = 6
$nfs_mount_options = "timeo=30,proto=$nfs_proto,vers=3,rsize=$nfs_rw_size,wsize=$nfs_rw_size" $nfs_mount_options = "timeo=30,proto=${nfs_proto},vers=3,rsize=${nfs_rw_size},wsize=${nfs_rw_size}"
$protected_group_name = 'wrs_protected' $protected_group_name = 'wrs_protected'
$protected_group_id = '345' $protected_group_id = '345'
@ -41,7 +41,7 @@ class platform::params (
# max number of workers # max number of workers
$eng_max_workers = 20 $eng_max_workers = 20
# min number of workers # min number of workers
$eng_min_workers = 1 $eng_min_workers = 1
# min platform core count # min platform core count
$platform_default_min_cpu_count = 2 $platform_default_min_cpu_count = 2
# total system memory per worker # total system memory per worker
@ -49,7 +49,7 @@ class platform::params (
# memory headroom per worker (e.g., buffers, cached) # memory headroom per worker (e.g., buffers, cached)
$eng_overhead_mb = 1000 $eng_overhead_mb = 1000
notice("DEBUG: Platform cpu count obtained from sysinv DB is $platform_cpu_count.") notice("DEBUG: Platform cpu count obtained from sysinv DB is ${platform_cpu_count}.")
# number of workers per service # number of workers per service
if $system_type == 'All-in-one' { if $system_type == 'All-in-one' {

24
puppet-manifests/src/modules/platform/manifests/partitions.pp
View File

@ -15,12 +15,12 @@ define platform_manage_partition(
) { ) {
if $config { if $config {
# For drbd partitions, modifications can only be done on standby # For drbd partitions, modifications can only be done on standby
# controller as we need to: # controller as we need to:
# - stop DRBD [drbd is in-use on active, so it can't be stopped there] # - stop DRBD [drbd is in-use on active, so it can't be stopped there]
# - manage-partitions: backup meta, resize partition, restore meta # - manage-partitions: backup meta, resize partition, restore meta
# - start DRBD # - start DRBD
# For AIO SX we make an exception as all instances are down on host lock. # For AIO SX we make an exception as all instances are down on host lock.
# see https://docs.linbit.com/doc/users-guide-83/s-resizing/ # see https://docs.linbit.com/doc/users-guide-83/s-resizing/
exec { "manage-partitions-${action}": exec { "manage-partitions-${action}":
logoutput => true, logoutput => true,
command => template('platform/partitions.manage.erb') command => template('platform/partitions.manage.erb')
@ -42,16 +42,16 @@ class platform::partitions
# NOTE: Currently we are executing partition changes serially, not in bulk. # NOTE: Currently we are executing partition changes serially, not in bulk.
platform_manage_partition { 'check': platform_manage_partition { 'check':
config => $check_config, config => $check_config,
} -> }
platform_manage_partition { 'delete': -> platform_manage_partition { 'delete':
config => $delete_config, config => $delete_config,
} -> }
platform_manage_partition { 'modify': -> platform_manage_partition { 'modify':
config => $modify_config, config => $modify_config,
shutdown_drbd_resource => $shutdown_drbd_resource, shutdown_drbd_resource => $shutdown_drbd_resource,
system_mode => $::platform::params::system_mode, system_mode => $::platform::params::system_mode,
} -> }
platform_manage_partition { 'create': -> platform_manage_partition { 'create':
config => $create_config, config => $create_config,
} }
} }

10
puppet-manifests/src/modules/platform/manifests/password.pp
View File

@ -1,29 +1,29 @@
class platform::password { class platform::password {
file { "/etc/pam.d/passwd": file { '/etc/pam.d/passwd':
ensure => present, ensure => present,
content => template('platform/pam.passwd.erb'), content => template('platform/pam.passwd.erb'),
} }
file_line { "/etc/nsswitch.conf add passwd ldap": file_line { '/etc/nsswitch.conf add passwd ldap':
path => '/etc/nsswitch.conf', path => '/etc/nsswitch.conf',
line => 'passwd: files sss ldap', line => 'passwd: files sss ldap',
match => '^passwd: *files sss', match => '^passwd: *files sss',
} }
file_line { "/etc/nsswitch.conf add shadow ldap": file_line { '/etc/nsswitch.conf add shadow ldap':
path => '/etc/nsswitch.conf', path => '/etc/nsswitch.conf',
line => 'shadow: files sss ldap', line => 'shadow: files sss ldap',
match => '^shadow: *files sss', match => '^shadow: *files sss',
} }
file_line { "/etc/nsswitch.conf add group ldap": file_line { '/etc/nsswitch.conf add group ldap':
path => '/etc/nsswitch.conf', path => '/etc/nsswitch.conf',
line => 'group: files sss ldap', line => 'group: files sss ldap',
match => '^group: *files sss', match => '^group: *files sss',
} }
file_line { "/etc/nsswitch.conf add sudoers ldap": file_line { '/etc/nsswitch.conf add sudoers ldap':
path => '/etc/nsswitch.conf', path => '/etc/nsswitch.conf',
line => 'sudoers: files ldap', line => 'sudoers: files ldap',
match => '^sudoers: *files', match => '^sudoers: *files',

28
puppet-manifests/src/modules/platform/manifests/patching.pp
View File

@ -14,8 +14,8 @@ class platform::patching
group { 'patching': group { 'patching':
ensure => 'present', ensure => 'present',
} -> }
user { 'patching': -> user { 'patching':
ensure => 'present', ensure => 'present',
comment => 'patching Daemons', comment => 'patching Daemons',
groups => ['nobody', 'patching', $::platform::params::protected_group_name], groups => ['nobody', 'patching', $::platform::params::protected_group_name],
@ -24,14 +24,14 @@ class platform::patching
password_max_age => '-1', password_max_age => '-1',
password_min_age => '-1', password_min_age => '-1',
shell => '/sbin/nologin', shell => '/sbin/nologin',
} -> }
file { "/etc/patching": -> file { '/etc/patching':
ensure => "directory", ensure => 'directory',
owner => 'patching', owner => 'patching',
group => 'patching', group => 'patching',
mode => '0755', mode => '0755',
} -> }
class { '::patching': } -> class { '::patching': }
} }
@ -40,7 +40,7 @@ class platform::patching::firewall
platform::firewall::rule { 'patching-api': platform::firewall::rule { 'patching-api':
service_name => 'patching', service_name => 'patching',
ports => $public_port, ports => $public_port,
} }
} }
@ -49,9 +49,9 @@ class platform::patching::haproxy
inherits ::platform::patching::params { inherits ::platform::patching::params {
platform::haproxy::proxy { 'patching-restapi': platform::haproxy::proxy { 'patching-restapi':
server_name => 's-patching', server_name => 's-patching',
public_port => $public_port, public_port => $public_port,
private_port => $private_port, private_port => $private_port,
server_timeout => $server_timeout, server_timeout => $server_timeout,
} }
} }

50
puppet-manifests/src/modules/platform/manifests/postgresql.pp
View File

@ -104,14 +104,14 @@ class platform::postgresql::server (
$service_ensure = 'stopped' $service_ensure = 'stopped'
} }
class {"::postgresql::globals": class {'::postgresql::globals':
datadir => $data_dir, datadir => $data_dir,
confdir => $config_dir, confdir => $config_dir,
} -> }
class {"::postgresql::server": -> class {'::postgresql::server':
ip_mask_allow_all_users => $ipv4acl, ip_mask_allow_all_users => $ipv4acl,
service_ensure => $service_ensure, service_ensure => $service_ensure,
} }
} }
@ -122,7 +122,7 @@ class platform::postgresql::post {
# To allow for the transition it must be explicitely stopped. Once puppet # To allow for the transition it must be explicitely stopped. Once puppet
# can directly handle SM managed services, then this can be removed. # can directly handle SM managed services, then this can be removed.
exec { 'stop postgresql service': exec { 'stop postgresql service':
command => "systemctl stop postgresql; systemctl disable postgresql", command => 'systemctl stop postgresql; systemctl disable postgresql',
} }
} }
@ -134,36 +134,36 @@ class platform::postgresql::bootstrap
exec { 'Empty pg dir': exec { 'Empty pg dir':
command => "rm -fR ${root_dir}/*", command => "rm -fR ${root_dir}/*",
} -> }
exec { 'Create pg datadir': -> exec { 'Create pg datadir':
command => "mkdir -p ${data_dir}", command => "mkdir -p ${data_dir}",
} -> }
exec { 'Change pg dir permissions': -> exec { 'Change pg dir permissions':
command => "chown -R postgres:postgres ${root_dir}", command => "chown -R postgres:postgres ${root_dir}",
} -> }
file_line { 'allow sudo with no tty': -> file_line { 'allow sudo with no tty':
path => '/etc/sudoers', path => '/etc/sudoers',
match => '^Defaults *requiretty', match => '^Defaults *requiretty',
line => '#Defaults requiretty', line => '#Defaults requiretty',
} -> }
exec { 'Create pg database': -> exec { 'Create pg database':
command => "sudo -u postgres initdb -D ${data_dir}", command => "sudo -u postgres initdb -D ${data_dir}",
} -> }
exec { 'Move Config files': -> exec { 'Move Config files':
command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/", command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/",
} -> }
class {"::postgresql::globals": -> class {'::postgresql::globals':
datadir => $data_dir, datadir => $data_dir,
confdir => $config_dir, confdir => $config_dir,
} -> }
class {"::postgresql::server": -> class {'::postgresql::server':
} }
# Allow local postgres user as trusted for simplex upgrade scripts # Allow local postgres user as trusted for simplex upgrade scripts
@ -186,15 +186,15 @@ class platform::postgresql::upgrade
exec { 'Move Config files': exec { 'Move Config files':
command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/", command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/",
} -> }
class {"::postgresql::globals": -> class {'::postgresql::globals':
datadir => $data_dir, datadir => $data_dir,
confdir => $config_dir, confdir => $config_dir,
needs_initdb => false, needs_initdb => false,
} -> }
class {"::postgresql::server": -> class {'::postgresql::server':
} }
include ::aodh::db::postgresql include ::aodh::db::postgresql

56
puppet-manifests/src/modules/platform/manifests/ptp.pp
View File

@ -37,60 +37,60 @@ class platform::ptp (
path => '/etc/ptp4l.conf', path => '/etc/ptp4l.conf',
mode => '0644', mode => '0644',
content => template('platform/ptp4l.conf.erb'), content => template('platform/ptp4l.conf.erb'),
} -> }
file { 'ptp4l_service': -> file { 'ptp4l_service':
ensure => file, ensure => file,
path => '/usr/lib/systemd/system/ptp4l.service', path => '/usr/lib/systemd/system/ptp4l.service',
mode => '0644', mode => '0644',
content => template('platform/ptp4l.service.erb'), content => template('platform/ptp4l.service.erb'),
} -> }
file { 'ptp4l_sysconfig': -> file { 'ptp4l_sysconfig':
ensure => file, ensure => file,
path => '/etc/sysconfig/ptp4l', path => '/etc/sysconfig/ptp4l',
mode => '0644', mode => '0644',
content => template('platform/ptp4l.erb'), content => template('platform/ptp4l.erb'),
} -> }
file { 'phc2sys_service': -> file { 'phc2sys_service':
ensure => file, ensure => file,
path => '/usr/lib/systemd/system/phc2sys.service', path => '/usr/lib/systemd/system/phc2sys.service',
mode => '0644', mode => '0644',
content => template('platform/phc2sys.service.erb'), content => template('platform/phc2sys.service.erb'),
} -> }
file { 'phc2sys_sysconfig': -> file { 'phc2sys_sysconfig':
ensure => file, ensure => file,
path => '/etc/sysconfig/phc2sys', path => '/etc/sysconfig/phc2sys',
mode => '0644', mode => '0644',
content => template('platform/phc2sys.erb'), content => template('platform/phc2sys.erb'),
} -> }
file { 'ptp4l_pmon': -> file { 'ptp4l_pmon':
ensure => file, ensure => file,
path => '/etc/ptp4l.pmon.conf', path => '/etc/ptp4l.pmon.conf',
mode => '0644', mode => '0644',
content => template('platform/ptp4l.pmon.conf.erb'), content => template('platform/ptp4l.pmon.conf.erb'),
} -> }
file { 'phc2sys_pmon': -> file { 'phc2sys_pmon':
ensure => file, ensure => file,
path => '/etc/phc2sys.pmon.conf', path => '/etc/phc2sys.pmon.conf',
mode => '0644', mode => '0644',
content => template('platform/phc2sys.pmon.conf.erb'), content => template('platform/phc2sys.pmon.conf.erb'),
} -> }
file { 'ptp4l_pmon_link': -> file { 'ptp4l_pmon_link':
ensure => $pmon_ensure, ensure => $pmon_ensure,
path => '/etc/pmon.d/ptp4l.conf', path => '/etc/pmon.d/ptp4l.conf',
target => '/etc/ptp4l.pmon.conf', target => '/etc/ptp4l.pmon.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} -> }
file { 'phc2sys_pmon_link': -> file { 'phc2sys_pmon_link':
ensure => $pmon_ensure, ensure => $pmon_ensure,
path => '/etc/pmon.d/phc2sys.conf', path => '/etc/pmon.d/phc2sys.conf',
target => '/etc/phc2sys.pmon.conf', target => '/etc/phc2sys.pmon.conf',
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0600', mode => '0600',
} -> }
exec { 'systemctl-daemon-reload': -> exec { 'systemctl-daemon-reload':
command => '/usr/bin/systemctl daemon-reload', command => '/usr/bin/systemctl daemon-reload',
} }
@ -98,18 +98,18 @@ class platform::ptp (
exec { 'enable-ptp4l': exec { 'enable-ptp4l':
command => '/usr/bin/systemctl enable ptp4l.service', command => '/usr/bin/systemctl enable ptp4l.service',
require => Exec['systemctl-daemon-reload'], require => Exec['systemctl-daemon-reload'],
} -> }
exec { 'enable-phc2sys': -> exec { 'enable-phc2sys':
command => '/usr/bin/systemctl enable phc2sys.service', command => '/usr/bin/systemctl enable phc2sys.service',
} -> }
service { 'ptp4l': -> service { 'ptp4l':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => 'ptp4l', name => 'ptp4l',
hasstatus => true, hasstatus => true,
hasrestart => true, hasrestart => true,
} -> }
service { 'phc2sys': -> service { 'phc2sys':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
name => 'phc2sys', name => 'phc2sys',
@ -120,14 +120,14 @@ class platform::ptp (
exec { 'disable-ptp4l': exec { 'disable-ptp4l':
command => '/usr/bin/systemctl disable ptp4l.service', command => '/usr/bin/systemctl disable ptp4l.service',
require => Exec['systemctl-daemon-reload'], require => Exec['systemctl-daemon-reload'],
} -> }
exec { 'disable-phc2sys': -> exec { 'disable-phc2sys':
command => '/usr/bin/systemctl disable phc2sys.service', command => '/usr/bin/systemctl disable phc2sys.service',
} }
exec { 'stop-ptp4l': exec { 'stop-ptp4l':
command => '/usr/bin/systemctl stop ptp4l.service', command => '/usr/bin/systemctl stop ptp4l.service',
} -> }
exec { 'stop-phc2sys': -> exec { 'stop-phc2sys':
command => '/usr/bin/systemctl stop phc2sys.service', command => '/usr/bin/systemctl stop phc2sys.service',
} }
} }

50
puppet-manifests/src/modules/platform/manifests/remotelogging.pp
View File

@ -16,35 +16,35 @@ class platform::remotelogging
$hostname = $::hostname $hostname = $::hostname
if($transport == 'tls') { if($transport == 'tls') {
$server = "{tcp(\"$ip_address\" port($port) tls(peer-verify(\"required-untrusted\")));};" $server = "{tcp(\"${ip_address}\" port(${port}) tls(peer-verify(\"required-untrusted\")));};"
} else { } else {
$server = "{$transport(\"$ip_address\" port($port));};" $server = "{${transport}(\"${ip_address}\" port(${port}));};"
} }
$destination = "destination remote_log_server " $destination = 'destination remote_log_server '
$destination_line = "$destination $server" $destination_line = "${destination} ${server}"
file_line { 'conf-add-log-server': file_line { 'conf-add-log-server':
path => '/etc/syslog-ng/syslog-ng.conf', path => '/etc/syslog-ng/syslog-ng.conf',
line => $destination_line, line => $destination_line,
match => $destination, match => $destination,
} -> }
file_line { 'conf-add-remote': -> file_line { 'conf-add-remote':
path => '/etc/syslog-ng/syslog-ng.conf', path => '/etc/syslog-ng/syslog-ng.conf',
line => '@include "remotelogging.conf"', line => '@include "remotelogging.conf"',
match => '#@include \"remotelogging.conf\"', match => '#@include \"remotelogging.conf\"',
} -> }
file { "/etc/syslog-ng/remotelogging.conf": -> file { '/etc/syslog-ng/remotelogging.conf':
ensure => present, ensure => present,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
content => template('platform/remotelogging.conf.erb'), content => template('platform/remotelogging.conf.erb'),
} -> }
exec { "remotelogging-update-tc": -> exec { 'remotelogging-update-tc':
command => "/usr/local/bin/remotelogging_tc_setup.sh ${port}" command => "/usr/local/bin/remotelogging_tc_setup.sh ${port}"
} -> }
Exec['syslog-ng-reload'] -> Exec['syslog-ng-reload']
} else { } else {
# remove remote logging configuration from syslog-ng # remove remote logging configuration from syslog-ng
@ -52,11 +52,11 @@ class platform::remotelogging
path => '/etc/syslog-ng/syslog-ng.conf', path => '/etc/syslog-ng/syslog-ng.conf',
line => '#@include "remotelogging.conf"', line => '#@include "remotelogging.conf"',
match => '@include \"remotelogging.conf\"', match => '@include \"remotelogging.conf\"',
} -> }
Exec["syslog-ng-reload"] -> Exec['syslog-ng-reload']
} }
exec { "syslog-ng-reload": exec { 'syslog-ng-reload':
command => '/usr/bin/systemctl reload syslog-ng' command => '/usr/bin/systemctl reload syslog-ng'
} }
} }
@ -82,21 +82,21 @@ class platform::remotelogging::proxy(
platform::firewall::rule { 'remotelogging-nat': platform::firewall::rule { 'remotelogging-nat':
service_name => $service_name, service_name => $service_name,
table => $table, table => $table,
chain => $chain, chain => $chain,
proto => $firewall_proto_transport, proto => $firewall_proto_transport,
outiface => $oam_interface, outiface => $oam_interface,
jump => $jump, jump => $jump,
} }
} else { } else {
platform::firewall::rule { 'remotelogging-nat': platform::firewall::rule { 'remotelogging-nat':
service_name => $service_name, service_name => $service_name,
table => $table, table => $table,
chain => $chain, chain => $chain,
outiface => $oam_interface, outiface => $oam_interface,
jump => $jump, jump => $jump,
ensure => absent ensure => absent
} }
} }
} }

1154
puppet-manifests/src/modules/platform/manifests/sm.pp
View File

File diff suppressed because it is too large Load Diff

32
puppet-manifests/src/modules/platform/manifests/smapi.pp
View File

@ -1,13 +1,13 @@
class platform::smapi::params ( class platform::smapi::params (
$auth_username = undef, $auth_username = undef,
$keystone_auth_url = undef, $keystone_auth_url = undef,
$keystone_username = undef, $keystone_username = undef,
$keystone_password = undef, $keystone_password = undef,
$public_url = undef, $public_url = undef,
$admin_url = undef, $admin_url = undef,
$bind_ip = undef, $bind_ip = undef,
$port = undef, $port = undef,
$region = undef, $region = undef,
) {} ) {}
class platform::smap::firewall class platform::smap::firewall
@ -26,12 +26,12 @@ class platform::smapi::haproxy
include ::platform::haproxy::params include ::platform::haproxy::params
platform::haproxy::proxy { 'sm-api-internal': platform::haproxy::proxy { 'sm-api-internal':
server_name => 's-smapi-internal', server_name => 's-smapi-internal',
public_ip_address => $::platform::haproxy::params::private_ip_address, public_ip_address => $::platform::haproxy::params::private_ip_address,
public_port => $port, public_port => $port,
public_api => false, public_api => false,
private_ip_address => $bind_ip, private_ip_address => $bind_ip,
private_port => $port, private_port => $port,
} }
platform::haproxy::proxy { 'sm-api-public': platform::haproxy::proxy { 'sm-api-public':
server_name => 's-smapi-public', server_name => 's-smapi-public',
@ -50,8 +50,8 @@ class platform::smapi
include ::platform::smap::firewall include ::platform::smap::firewall
include ::platform::smapi::haproxy include ::platform::smapi::haproxy
$bind_host_name = $::platform::params::hostname $bind_host_name = $::platform::params::hostname
file { "/etc/sm-api/sm-api.conf": file { '/etc/sm-api/sm-api.conf':
ensure => 'present', ensure => 'present',
content => template('platform/sm-api.conf.erb'), content => template('platform/sm-api.conf.erb'),
owner => 'root', owner => 'root',
group => 'root', group => 'root',

12
puppet-manifests/src/modules/platform/manifests/snmp.pp
View File

@ -14,15 +14,15 @@ class platform::snmp::runtime
$software_version = $::platform::params::software_version $software_version = $::platform::params::software_version
$system_info = $::system_info $system_info = $::system_info
file { "/etc/snmp/snmpd.conf": file { '/etc/snmp/snmpd.conf':
ensure => 'present', ensure => 'present',
replace => true, replace => true,
content => template('platform/snmpd.conf.erb') content => template('platform/snmpd.conf.erb')
} -> }
# send HUP signal to snmpd if it is running # send HUP signal to snmpd if it is running
exec { 'notify-snmp': -> exec { 'notify-snmp':
command => "/usr/bin/pkill -HUP snmpd", command => '/usr/bin/pkill -HUP snmpd',
onlyif => "ps -ef | pgrep snmpd" onlyif => 'ps -ef | pgrep snmpd'
} }
} }

72
puppet-manifests/src/modules/platform/manifests/sysinv.pp
View File

@ -22,9 +22,9 @@ class platform::sysinv
group { 'sysinv': group { 'sysinv':
ensure => 'present', ensure => 'present',
gid => '168', gid => '168',
} -> }
user { 'sysinv': -> user { 'sysinv':
ensure => 'present', ensure => 'present',
comment => 'sysinv Daemons', comment => 'sysinv Daemons',
gid => '168', gid => '168',
@ -35,22 +35,22 @@ class platform::sysinv
password_min_age => '-1', password_min_age => '-1',
shell => '/sbin/nologin', shell => '/sbin/nologin',
uid => '168', uid => '168',
} -> }
file { "/etc/sysinv": -> file { '/etc/sysinv':
ensure => "directory", ensure => 'directory',
owner => 'sysinv', owner => 'sysinv',
group => 'sysinv', group => 'sysinv',
mode => '0750', mode => '0750',
} -> }
class { '::sysinv': -> class { '::sysinv':
rabbit_host => $::platform::amqp::params::host_url, rabbit_host => $::platform::amqp::params::host_url,
rabbit_port => $::platform::amqp::params::port, rabbit_port => $::platform::amqp::params::port,
rabbit_userid => $::platform::amqp::params::auth_user, rabbit_userid => $::platform::amqp::params::auth_user,
rabbit_password => $::platform::amqp::params::auth_password, rabbit_password => $::platform::amqp::params::auth_password,
fm_catalog_info => $fm_catalog_info, fm_catalog_info => $fm_catalog_info,
fernet_key_repository => "$keystone_key_repo_path/fernet-keys", fernet_key_repository => "${keystone_key_repo_path}/fernet-keys",
} }
# Note: The log format strings are prefixed with "sysinv" because it is # Note: The log format strings are prefixed with "sysinv" because it is
@ -60,30 +60,30 @@ class platform::sysinv
# TODO(mpeters): update puppet-sysinv to permit configuration of log formats # TODO(mpeters): update puppet-sysinv to permit configuration of log formats
# once the log configuration has been moved to oslo::log # once the log configuration has been moved to oslo::log
sysinv_config { sysinv_config {
"DEFAULT/logging_context_format_string": value => 'DEFAULT/logging_context_format_string': value =>
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s'; 'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s';
"DEFAULT/logging_default_format_string": value => 'DEFAULT/logging_default_format_string': value =>
'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s'; 'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s';
} }
if str2bool($::is_initial_config_primary) { if str2bool($::is_initial_config_primary) {
$software_version = $::platform::params::software_version $software_version = $::platform::params::software_version
Class['::sysinv'] -> Class['::sysinv']
file { '/opt/platform/sysinv': -> file { '/opt/platform/sysinv':
ensure => directory, ensure => directory,
owner => 'sysinv', owner => 'sysinv',
mode => '0755', mode => '0755',
} -> }
file { "/opt/platform/sysinv/${software_version}": -> file { "/opt/platform/sysinv/${software_version}":
ensure => directory, ensure => directory,
owner => 'sysinv', owner => 'sysinv',
mode => '0755', mode => '0755',
} -> }
file { "/opt/platform/sysinv/${software_version}/sysinv.conf.default": -> file { "/opt/platform/sysinv/${software_version}/sysinv.conf.default":
source => '/etc/sysinv/sysinv.conf', source => '/etc/sysinv/sysinv.conf',
} }
} }
@ -112,8 +112,8 @@ class platform::sysinv::haproxy
inherits ::platform::sysinv::params { inherits ::platform::sysinv::params {
platform::haproxy::proxy { 'sysinv-restapi': platform::haproxy::proxy { 'sysinv-restapi':
server_name => 's-sysinv', server_name => 's-sysinv',
public_port => $api_port, public_port => $api_port,
private_port => $api_port, private_port => $api_port,
} }
} }
@ -133,22 +133,22 @@ class platform::sysinv::api
# the subcloud region. # the subcloud region.
if ($::platform::params::distributed_cloud_role == 'subcloud' and if ($::platform::params::distributed_cloud_role == 'subcloud' and
$::platform::params::region_2_name != 'RegionOne') { $::platform::params::region_2_name != 'RegionOne') {
Keystone_endpoint["${platform::params::region_2_name}/sysinv::platform"] -> Keystone_endpoint["RegionOne/sysinv::platform"] Keystone_endpoint["${platform::params::region_2_name}/sysinv::platform"] -> Keystone_endpoint['RegionOne/sysinv::platform']
keystone_endpoint { "RegionOne/sysinv::platform": keystone_endpoint { 'RegionOne/sysinv::platform':
ensure => "absent", ensure => 'absent',
name => "sysinv", name => 'sysinv',
type => "platform", type => 'platform',
region => "RegionOne", region => 'RegionOne',
public_url => "http://127.0.0.1:6385/v1", public_url => 'http://127.0.0.1:6385/v1',
admin_url => "http://127.0.0.1:6385/v1", admin_url => 'http://127.0.0.1:6385/v1',
internal_url => "http://127.0.0.1:6385/v1" internal_url => 'http://127.0.0.1:6385/v1'
} }
} }
} }
# TODO(mpeters): move to sysinv puppet module parameters # TODO(mpeters): move to sysinv puppet module parameters
sysinv_config { sysinv_config {
"DEFAULT/sysinv_api_workers": value => $::platform::params::eng_workers_by_5; 'DEFAULT/sysinv_api_workers': value => $::platform::params::eng_workers_by_5;
} }
include ::platform::sysinv::firewall include ::platform::sysinv::firewall

38
puppet-manifests/src/modules/platform/manifests/users.pp
View File

@ -11,26 +11,26 @@ class platform::users
group { 'wrs': group { 'wrs':
ensure => 'present', ensure => 'present',
} -> }
# WRS: Create a 'wrs_protected' group for wrsroot and all openstack services # WRS: Create a 'wrs_protected' group for wrsroot and all openstack services
# (including TiS services: sysinv, etc.). # (including TiS services: sysinv, etc.).
group { $::platform::params::protected_group_name: -> group { $::platform::params::protected_group_name:
ensure => 'present', ensure => 'present',
gid => $::platform::params::protected_group_id, gid => $::platform::params::protected_group_id,
} -> }
user { 'wrsroot': -> user { 'wrsroot':
ensure => 'present', ensure => 'present',
groups => ['wrs', 'root', $::platform::params::protected_group_name], groups => ['wrs', 'root', $::platform::params::protected_group_name],
home => '/home/wrsroot', home => '/home/wrsroot',
password => $wrsroot_password, password => $wrsroot_password,
password_max_age => $wrsroot_password_max_age, password_max_age => $wrsroot_password_max_age,
shell => '/bin/sh', shell => '/bin/sh',
} -> }
# WRS: Keyring should only be executable by 'wrs_protected'. # WRS: Keyring should only be executable by 'wrs_protected'.
file { '/usr/bin/keyring': -> file { '/usr/bin/keyring':
owner => 'root', owner => 'root',
group => $::platform::params::protected_group_name, group => $::platform::params::protected_group_name,
mode => '0750', mode => '0750',
@ -45,19 +45,19 @@ class platform::users::bootstrap
group { 'wrs': group { 'wrs':
ensure => 'present', ensure => 'present',
} -> }
group { $::platform::params::protected_group_name: -> group { $::platform::params::protected_group_name:
ensure => 'present', ensure => 'present',
gid => $::platform::params::protected_group_id, gid => $::platform::params::protected_group_id,
} -> }
user { 'wrsroot': -> user { 'wrsroot':
ensure => 'present', ensure => 'present',
groups => ['wrs', 'root', $::platform::params::protected_group_name], groups => ['wrs', 'root', $::platform::params::protected_group_name],
home => '/home/wrsroot', home => '/home/wrsroot',
password_max_age => $wrsroot_password_max_age, password_max_age => $wrsroot_password_max_age,
shell => '/bin/sh', shell => '/bin/sh',
} }
} }

28
puppet-manifests/src/modules/platform/manifests/vswitch.pp
View File

@ -26,8 +26,8 @@ define platform::vswitch::ovs::device(
$pci_addr, $pci_addr,
$driver_type, $driver_type,
) { ) {
exec { "ovs-bind-device: $title": exec { "ovs-bind-device: ${title}":
path => ["/usr/bin", "/usr/sbin", "/usr/share/openvswitch/scripts"], path => ['/usr/bin', '/usr/sbin', '/usr/share/openvswitch/scripts'],
command => "dpdk-devbind.py --bind=${driver_type} ${pci_addr}" command => "dpdk-devbind.py --bind=${driver_type} ${pci_addr}"
} }
} }
@ -38,9 +38,9 @@ define platform::vswitch::ovs::bridge(
$attributes = [], $attributes = [],
) { ) {
exec { "ovs-add-br: ${title}": exec { "ovs-add-br: ${title}":
command => template("platform/ovs.add-bridge.erb") command => template('platform/ovs.add-bridge.erb')
} -> }
exec { "ovs-link-up: ${title}": -> exec { "ovs-link-up: ${title}":
command => "ip link set ${name} up", command => "ip link set ${name} up",
} }
} }
@ -53,7 +53,7 @@ define platform::vswitch::ovs::port(
$interfaces, $interfaces,
) { ) {
exec { "ovs-add-port: ${title}": exec { "ovs-add-port: ${title}":
command => template("platform/ovs.add-port.erb"), command => template('platform/ovs.add-port.erb'),
logoutput => true logoutput => true
} }
} }
@ -76,7 +76,7 @@ define platform::vswitch::ovs::flow(
$actions, $actions,
) { ) {
exec { "ovs-add-flow: ${title}": exec { "ovs-add-flow: ${title}":
command => template("platform/ovs.add-flow.erb"), command => template('platform/ovs.add-flow.erb'),
logoutput => true logoutput => true
} }
} }
@ -95,9 +95,9 @@ class platform::vswitch::ovs(
} elsif $::platform::params::vswitch_type == 'ovs-dpdk' { } elsif $::platform::params::vswitch_type == 'ovs-dpdk' {
include ::vswitch::dpdk include ::vswitch::dpdk
Exec['vfio-iommu-mode'] -> Exec['vfio-iommu-mode']
Platform::Vswitch::Ovs::Device<||> -> -> Platform::Vswitch::Ovs::Device<||>
Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Bridge<||>
create_resources('platform::vswitch::ovs::device', $devices, { create_resources('platform::vswitch::ovs::device', $devices, {
driver_type => $driver_type, driver_type => $driver_type,
@ -124,13 +124,13 @@ class platform::vswitch::ovs(
if $::platform::params::vswitch_type =~ '^ovs' { if $::platform::params::vswitch_type =~ '^ovs' {
# clean bridges and ports before applying current configuration # clean bridges and ports before applying current configuration
exec { "ovs-clean": exec { 'ovs-clean':
command => template("platform/ovs.clean.erb"), command => template('platform/ovs.clean.erb'),
provider => shell, provider => shell,
require => Service['openvswitch'] require => Service['openvswitch']
} -> }
Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Port<||> -> Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Port<||>
Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Address<||> Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Address<||>
Platform::Vswitch::Ovs::Port<||> -> Platform::Vswitch::Ovs::Flow<||> Platform::Vswitch::Ovs::Port<||> -> Platform::Vswitch::Ovs::Flow<||>
} }

2
puppet-manifests/src/modules/platform/templates/ldapscripts.conf.erb
View File

@ -104,7 +104,7 @@ LOGFILE="/var/log/ldapscripts.log"
TMPDIR="/tmp" TMPDIR="/tmp"
# Various binaries used within the scripts # Various binaries used within the scripts
# Warning : they also use uuencode, date, grep, sed, cut, which... # Warning : they also use uuencode, date, grep, sed, cut, which...
# Please check they are installed before using these scripts # Please check they are installed before using these scripts
# Note that many of them should come with your OS # Note that many of them should come with your OS

6
puppet-manifests/src/modules/platform/templates/partitions.manage.erb
View File

@ -5,7 +5,7 @@ if [ -f /var/run/goenabled ]; then
sm-unmanage service <%= @shutdown_drbd_resource %> sm-unmanage service <%= @shutdown_drbd_resource %>
fi fi
<% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%> <% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%>
if [ -f /var/run/goenabled ]; then if [ -f /var/run/goenabled ]; then
sm-unmanage service cinder-lvm sm-unmanage service cinder-lvm
fi fi
@ -20,7 +20,7 @@ DRBD_UNCONFIGURED_DELAY=0
while [[ $DRBD_UNCONFIGURED_DELAY -lt $DRBD_UNCONFIGURED_TIMEOUT ]]; do while [[ $DRBD_UNCONFIGURED_DELAY -lt $DRBD_UNCONFIGURED_TIMEOUT ]]; do
drbdadm down <%= @shutdown_drbd_resource %> drbdadm down <%= @shutdown_drbd_resource %>
drbd_info=$(drbd-overview | grep <%= @shutdown_drbd_resource %> | awk '{print $2}') drbd_info=$(drbd-overview | grep <%= @shutdown_drbd_resource %> | awk '{print $2}')
if [[ ${drbd_info} == "Unconfigured" ]]; then if [[ ${drbd_info} == "Unconfigured" ]]; then
break break
else else
@ -39,7 +39,7 @@ manage-partitions <%= @action %> '<%= @config %>'
<% if @shutdown_drbd_resource and (@is_controller_active.to_s == 'false' or @system_mode == 'simplex') -%> <% if @shutdown_drbd_resource and (@is_controller_active.to_s == 'false' or @system_mode == 'simplex') -%>
drbdadm up <%= @shutdown_drbd_resource %> || exit 30 drbdadm up <%= @shutdown_drbd_resource %> || exit 30
<% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%> <% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%>
drbdadm primary drbd-cinder || exit 50 drbdadm primary drbd-cinder || exit 50
vgchange -ay cinder-volumes || exit 60 vgchange -ay cinder-volumes || exit 60
lvchange -ay cinder-volumes || exit 70 lvchange -ay cinder-volumes || exit 70

13
puppet-manifests/tox.ini
View File

@ -26,24 +26,15 @@ setenv =
GEM_PATH = {envdir} GEM_PATH = {envdir}
skip_tests = \ skip_tests = \
--no-140chars \ --no-140chars \
--no-2sp_soft_tabs \
--no-arrow_alignment \
--no-arrow_on_right_operand_line-check \
--no-autoloader_layout-check \ --no-autoloader_layout-check \
--no-case_without_default \ --no-case_without_default \
--no-documentation-check \ --no-documentation-check \
--no-double_quoted_strings-check \
--no-ensure_first_param \ --no-ensure_first_param \
--no-hard_tabs \
--no-inherits_across_namespaces \ --no-inherits_across_namespaces \
--no-only_variable_string \
--no-parameter_order \ --no-parameter_order \
--no-quoted_booleans \
--no-single_quote_string_with_variables \ --no-single_quote_string_with_variables \
--no-trailing_whitespace \ --no-variable_is_lowercase-check
--no-variable_is_lowercase-check \
--no-variables_not_enclosed
commands = commands =
gem install --no-document puppet-lint gem install --no-document puppet-lint
bash -c "find {toxinidir} -name \*.pp -print0 | xargs -0 puppet-lint {[testenv:puppetlint]skip_tests}" bash -c "find {toxinidir} -name \*.pp -print0 | xargs -0 puppet-lint --fail-on-warnings {[testenv:puppetlint]skip_tests}"

10
puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/api.pp
View File

@ -111,13 +111,13 @@ class dcmanager::api (
Package['dcmanager'] -> Dcmanager_config<||> Package['dcmanager'] -> Dcmanager_config<||>
Package['dcmanager'] -> Service['dcmanager-api'] Package['dcmanager'] -> Service['dcmanager-api']
package { 'dcmanager': package { 'dcmanager':
ensure => $package_ensure, ensure => $package_ensure,
name => $::dcmanager::params::api_package, name => $::dcmanager::params::api_package,
} }
} }
dcmanager_config { dcmanager_config {
"DEFAULT/bind_host": value => $bind_host; 'DEFAULT/bind_host': value => $bind_host;
} }
@ -154,7 +154,7 @@ class dcmanager::api (
'keystone_authtoken/user_domain_name': value => $keystone_user_domain; 'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
'keystone_authtoken/project_domain_name': value => $keystone_project_domain; 'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
} }
dcmanager_config { dcmanager_config {
'cache/admin_tenant': value => $keystone_admin_tenant; 'cache/admin_tenant': value => $keystone_admin_tenant;
'cache/admin_username': value => $keystone_admin_user; 'cache/admin_username': value => $keystone_admin_user;
'cache/admin_password': value => $keystone_admin_password, secret=> true; 'cache/admin_password': value => $keystone_admin_password, secret=> true;
@ -202,7 +202,7 @@ class dcmanager::api (
require => Package['dcmanager'], require => Package['dcmanager'],
# Only do the db sync if both controllers are running the same software # Only do the db sync if both controllers are running the same software
# version. Avoids impacting mate controller during an upgrade. # version. Avoids impacting mate controller during an upgrade.
onlyif => "test $::controller_sw_versions_match = true", onlyif => "test ${::controller_sw_versions_match} = true",
} }
} }

4
puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/init.pp
View File

@ -72,7 +72,7 @@ class dcmanager (
'DEFAULT/verbose': value => $verbose; 'DEFAULT/verbose': value => $verbose;
'DEFAULT/debug': value => $debug; 'DEFAULT/debug': value => $debug;
} }
# Automatically add psycopg2 driver to postgresql (only does this if it is missing) # Automatically add psycopg2 driver to postgresql (only does this if it is missing)
$real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:')
@ -101,7 +101,7 @@ class dcmanager (
'keystone_authtoken/region_name': value => $region_name; 'keystone_authtoken/region_name': value => $region_name;
} }
file {"/etc/bash_completion.d/dcmanager.bash_completion": file {'/etc/bash_completion.d/dcmanager.bash_completion':
ensure => present, ensure => present,
mode => '0644', mode => '0644',
content => generate('/bin/dcmanager', 'complete'), content => generate('/bin/dcmanager', 'complete'),

4
puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/keystone/auth.pp
View File

@ -49,9 +49,9 @@ class dcmanager::keystone::auth (
public_url => $public_url, public_url => $public_url,
admin_url => $admin_url, admin_url => $admin_url,
internal_url => $internal_url, internal_url => $internal_url,
} -> }
keystone_user_role { "${auth_name}@${admin_project_name}": -> keystone_user_role { "${auth_name}@${admin_project_name}":
ensure => present, ensure => present,
user_domain => $auth_domain, user_domain => $auth_domain,
project_domain => $admin_project_domain, project_domain => $admin_project_domain,

10
puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/api_proxy.pp
View File

@ -113,13 +113,13 @@ class dcorch::api_proxy (
Package['dcorch'] -> Dcorch_api_paste_ini<||> Package['dcorch'] -> Dcorch_api_paste_ini<||>
Package['dcorch'] -> Service['dcorch-api-proxy'] Package['dcorch'] -> Service['dcorch-api-proxy']
package { 'dcorch': package { 'dcorch':
ensure => $package_ensure, ensure => $package_ensure,
name => $::dcorch::params::api_proxy_package, name => $::dcorch::params::api_proxy_package,
} }
} }
dcorch_config { dcorch_config {
"DEFAULT/bind_host": value => $bind_host; 'DEFAULT/bind_host': value => $bind_host;
} }
@ -156,7 +156,7 @@ class dcorch::api_proxy (
'keystone_authtoken/user_domain_name': value => $keystone_user_domain; 'keystone_authtoken/user_domain_name': value => $keystone_user_domain;
'keystone_authtoken/project_domain_name': value => $keystone_project_domain; 'keystone_authtoken/project_domain_name': value => $keystone_project_domain;
} }
dcorch_config { dcorch_config {
'cache/admin_tenant': value => $keystone_admin_tenant; 'cache/admin_tenant': value => $keystone_admin_tenant;
'cache/admin_username': value => $keystone_admin_user; 'cache/admin_username': value => $keystone_admin_user;
'cache/admin_password': value => $keystone_admin_password, secret=> true; 'cache/admin_password': value => $keystone_admin_password, secret=> true;
@ -204,7 +204,7 @@ class dcorch::api_proxy (
require => Package['dcorch'], require => Package['dcorch'],
# Only do the db sync if both controllers are running the same software # Only do the db sync if both controllers are running the same software
# version. Avoids impacting mate controller during an upgrade. # version. Avoids impacting mate controller during an upgrade.
onlyif => "test $::controller_sw_versions_match = true", onlyif => "test ${::controller_sw_versions_match} = true",
} }
} }

4
puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/init.pp
View File

@ -99,10 +99,10 @@ class dcorch (
'DEFAULT/debug': value => $debug; 'DEFAULT/debug': value => $debug;
'DEFAULT/api_paste_config': value => $api_paste_config; 'DEFAULT/api_paste_config': value => $api_paste_config;
} }
# Automatically add psycopg2 driver to postgresql (only does this if it is missing) # Automatically add psycopg2 driver to postgresql (only does this if it is missing)
$real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:')
dcorch_config { dcorch_config {
'database/connection': value => $real_connection, secret => true; 'database/connection': value => $real_connection, secret => true;
'database/idle_timeout': value => $database_idle_timeout; 'database/idle_timeout': value => $database_idle_timeout;

44
puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/keystone/auth.pp
View File

@ -27,7 +27,7 @@ class dcorch::keystone::auth (
$public_url = 'http://127.0.0.1:8118/v1.0', $public_url = 'http://127.0.0.1:8118/v1.0',
$admin_url = 'http://127.0.0.1:8118/v1.0', $admin_url = 'http://127.0.0.1:8118/v1.0',
$internal_url = 'http://127.0.0.1:8118/v1.0', $internal_url = 'http://127.0.0.1:8118/v1.0',
$neutron_proxy_internal_url = 'http://127.0.0.1:29696', $neutron_proxy_internal_url = 'http://127.0.0.1:29696',
$nova_proxy_internal_url = 'http://127.0.0.1:28774/v2.1', $nova_proxy_internal_url = 'http://127.0.0.1:28774/v2.1',
$sysinv_proxy_internal_url = 'http://127.0.0.1:26385/v1', $sysinv_proxy_internal_url = 'http://127.0.0.1:26385/v1',
@ -63,27 +63,27 @@ class dcorch::keystone::auth (
} }
keystone_endpoint { "${region}/nova::compute" : keystone_endpoint { "${region}/nova::compute" :
ensure => "present", ensure => 'present',
name => "nova", name => 'nova',
type => "compute", type => 'compute',
region => $region, region => $region,
public_url => $nova_proxy_public_url, public_url => $nova_proxy_public_url,
admin_url => $nova_proxy_internal_url, admin_url => $nova_proxy_internal_url,
internal_url => $nova_proxy_internal_url internal_url => $nova_proxy_internal_url
} }
keystone_endpoint { "${region}/sysinv::platform" : keystone_endpoint { "${region}/sysinv::platform" :
ensure => "present", ensure => 'present',
name => "sysinv", name => 'sysinv',
type => "platform", type => 'platform',
region => $region, region => $region,
public_url => $sysinv_proxy_public_url, public_url => $sysinv_proxy_public_url,
admin_url => $sysinv_proxy_internal_url, admin_url => $sysinv_proxy_internal_url,
internal_url => $sysinv_proxy_internal_url internal_url => $sysinv_proxy_internal_url
} }
keystone_endpoint { "${region}/neutron::network" : keystone_endpoint { "${region}/neutron::network" :
ensure => "present", ensure => 'present',
name => "neutron", name => 'neutron',
type => "network", type => 'network',
region => $region, region => $region,
public_url => $neutron_proxy_public_url, public_url => $neutron_proxy_public_url,
admin_url => $neutron_proxy_internal_url, admin_url => $neutron_proxy_internal_url,
@ -92,18 +92,18 @@ class dcorch::keystone::auth (
if $::openstack::cinder::params::service_enabled { if $::openstack::cinder::params::service_enabled {
keystone_endpoint { "${region}/cinderv2::volumev2" : keystone_endpoint { "${region}/cinderv2::volumev2" :
ensure => "present", ensure => 'present',
name => "cinderv2", name => 'cinderv2',
type => "volumev2", type => 'volumev2',
region => $region, region => $region,
public_url => $cinder_proxy_public_url_v2, public_url => $cinder_proxy_public_url_v2,
admin_url => $cinder_proxy_internal_url_v2, admin_url => $cinder_proxy_internal_url_v2,
internal_url => $cinder_proxy_internal_url_v2 internal_url => $cinder_proxy_internal_url_v2
} }
keystone_endpoint { "${region}/cinderv3::volumev3" : keystone_endpoint { "${region}/cinderv3::volumev3" :
ensure => "present", ensure => 'present',
name => "cinderv3", name => 'cinderv3',
type => "volumev3", type => 'volumev3',
region => $region, region => $region,
public_url => $cinder_proxy_public_url_v3, public_url => $cinder_proxy_public_url_v3,
admin_url => $cinder_proxy_internal_url_v3, admin_url => $cinder_proxy_internal_url_v3,
@ -111,18 +111,18 @@ class dcorch::keystone::auth (
} }
} }
keystone_endpoint { "${region}/patching::patching" : keystone_endpoint { "${region}/patching::patching" :
ensure => "present", ensure => 'present',
name => "patching", name => 'patching',
type => "patching", type => 'patching',
region => $region, region => $region,
public_url => $patching_proxy_public_url, public_url => $patching_proxy_public_url,
admin_url => $patching_proxy_internal_url, admin_url => $patching_proxy_internal_url,
internal_url => $patching_proxy_internal_url internal_url => $patching_proxy_internal_url
} }
keystone_endpoint { "${region}/keystone::identity" : keystone_endpoint { "${region}/keystone::identity" :
ensure => "present", ensure => 'present',
name => "keystone", name => 'keystone',
type => "identity", type => 'identity',
region => $region, region => $region,
public_url => $identity_proxy_public_url, public_url => $identity_proxy_public_url,
admin_url => $identity_proxy_internal_url, admin_url => $identity_proxy_internal_url,

2
puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/params.pp
View File

@ -39,7 +39,7 @@ class dcorch::params {
$snmp_service = 'dcorch-snmp' $snmp_service = 'dcorch-snmp'
$api_proxy_package = false $api_proxy_package = false
$api_proxy_service = 'dcorch-api-proxy' $api_proxy_service = 'dcorch-api-proxy'
$db_sync_command = 'dcorch-manage db_sync' $db_sync_command = 'dcorch-manage db_sync'
} elsif($::osfamily == 'WRLinux') { } elsif($::osfamily == 'WRLinux') {

2
puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_api_paste_ini/ini_setting.rb
View File

@ -23,5 +23,5 @@ Puppet::Type.type(:fm_api_paste_ini).provide(
def file_path def file_path
self.class.file_path self.class.file_path
end end
end end

2
puppet-modules-wrs/puppet-fm/src/fm/manifests/api.pp
View File

@ -93,7 +93,7 @@ class fm::api (
tag => 'fm-service', tag => 'fm-service',
} }
} else { } else {
fail("Invalid service_name. fm-api for running as a standalone service") fail('Invalid service_name. fm-api for running as a standalone service')
} }
fm_config { fm_config {

18
puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/authtoken.pp
View File

@ -230,14 +230,14 @@ class fm::keystone::authtoken(
} }
keystone::resource::authtoken { 'fm_config': keystone::resource::authtoken { 'fm_config':
username => $username, username => $username,
password => $password, password => $password,
project_name => $project_name, project_name => $project_name,
auth_url => $auth_url, auth_url => $auth_url,
auth_uri => $auth_uri, auth_uri => $auth_uri,
auth_type => $auth_type, auth_type => $auth_type,
user_domain_name => $user_domain_name, user_domain_name => $user_domain_name,
project_domain_name => $project_domain_name, project_domain_name => $project_domain_name,
region_name => $region_name, region_name => $region_name,
} }
} }

3
puppet-modules-wrs/puppet-mtce/src/mtce/manifests/init.pp
View File

@ -4,5 +4,4 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
class mtce () { class mtce () { }
}

2
puppet-modules-wrs/puppet-nfv/src/nfv/manifests/alarm.pp
View File

@ -12,7 +12,7 @@ class nfv::alarm (
include nfv::params include nfv::params
nfv_plugin_alarm_config { nfv_plugin_alarm_config {
/* File-Storage Information */ # File-Storage Information
'File-Storage/file': value => $storage_file; 'File-Storage/file': value => $storage_file;
} }

2
puppet-modules-wrs/puppet-nfv/src/nfv/manifests/event_log.pp
View File

@ -12,7 +12,7 @@ class nfv::event_log (
include nfv::params include nfv::params
nfv_plugin_event_log_config { nfv_plugin_event_log_config {
/* File-Storage Information */ # File-Storage Information
'File-Storage/file': value => $storage_file; 'File-Storage/file': value => $storage_file;
} }

18
puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp
View File

@ -48,7 +48,7 @@ class nfv::nfvi (
$nova_service_name = 'nova', $nova_service_name = 'nova',
$nova_service_type = 'compute', $nova_service_type = 'compute',
$nova_endpoint_type = 'admin', $nova_endpoint_type = 'admin',
$nova_endpoint_override = "http://localhost:18774", $nova_endpoint_override = 'http://localhost:18774',
$nova_endpoint_disabled = false, $nova_endpoint_disabled = false,
$sysinv_region_name = 'RegionOne', $sysinv_region_name = 'RegionOne',
$sysinv_service_name = 'sysinv', $sysinv_service_name = 'sysinv',
@ -88,7 +88,7 @@ class nfv::nfvi (
nfv_plugin_nfvi_config { nfv_plugin_nfvi_config {
/* Platform Authentication Information */ # Platform Authentication Information
'platform/username': value => $platform_username; 'platform/username': value => $platform_username;
'platform/tenant': value => $platform_tenant; 'platform/tenant': value => $platform_tenant;
'platform/user_domain_name': value => $platform_user_domain; 'platform/user_domain_name': value => $platform_user_domain;
@ -98,7 +98,7 @@ class nfv::nfvi (
'platform/authorization_port': value => $platform_auth_port; 'platform/authorization_port': value => $platform_auth_port;
'platform/keyring_service': value => $platform_keyring_service; 'platform/keyring_service': value => $platform_keyring_service;
/* OpenStack Authentication Information */ # OpenStack Authentication Information
'openstack/username': value => $openstack_username; 'openstack/username': value => $openstack_username;
'openstack/tenant': value => $openstack_tenant; 'openstack/tenant': value => $openstack_tenant;
'openstack/user_domain_name': value => $openstack_user_domain; 'openstack/user_domain_name': value => $openstack_user_domain;
@ -163,31 +163,31 @@ class nfv::nfvi (
'fm/service_type': value => $fm_service_type; 'fm/service_type': value => $fm_service_type;
'fm/endpoint_type': value => $fm_endpoint_type; 'fm/endpoint_type': value => $fm_endpoint_type;
/* AMQP */ # AMQP
'amqp/host': value => $rabbit_host; 'amqp/host': value => $rabbit_host;
'amqp/port': value => $rabbit_port; 'amqp/port': value => $rabbit_port;
'amqp/user_id': value => $rabbit_userid; 'amqp/user_id': value => $rabbit_userid;
'amqp/password': value => $rabbit_password, secret => true; 'amqp/password': value => $rabbit_password, secret => true;
'amqp/virt_host': value => $rabbit_virtual_host; 'amqp/virt_host': value => $rabbit_virtual_host;
/* Infrastructure Rest-API */ # Infrastructure Rest-API
'infrastructure-rest-api/host': value => $infrastructure_rest_api_host; 'infrastructure-rest-api/host': value => $infrastructure_rest_api_host;
'infrastructure-rest-api/port': value => $infrastructure_rest_api_port; 'infrastructure-rest-api/port': value => $infrastructure_rest_api_port;
'infrastructure-rest-api/data_port_fault_handling_enabled': value => $infrastructure_rest_api_data_port_fault_handling_enabled; 'infrastructure-rest-api/data_port_fault_handling_enabled': value => $infrastructure_rest_api_data_port_fault_handling_enabled;
/* Guest-Services Rest-API */ # Guest-Services Rest-API
'guest-rest-api/host': value => $guest_rest_api_host; 'guest-rest-api/host': value => $guest_rest_api_host;
'guest-rest-api/port': value => $guest_rest_api_port; 'guest-rest-api/port': value => $guest_rest_api_port;
/* Compute Rest-API */ # Compute Rest-API
'compute-rest-api/host': value => $compute_rest_api_host; 'compute-rest-api/host': value => $compute_rest_api_host;
'compute-rest-api/port': value => $compute_rest_api_port; 'compute-rest-api/port': value => $compute_rest_api_port;
'compute-rest-api/max_concurrent_requests': value => $compute_rest_api_max_concurrent_requests; 'compute-rest-api/max_concurrent_requests': value => $compute_rest_api_max_concurrent_requests;
'compute-rest-api/max_request_wait_in_secs': value => $compute_rest_api_max_request_wait_in_secs; 'compute-rest-api/max_request_wait_in_secs': value => $compute_rest_api_max_request_wait_in_secs;
/* Host Listener */ # Host Listener
'host-listener/host': value => $host_listener_host; 'host-listener/host': value => $host_listener_host;
'host-listener/port': value => $host_listener_port; 'host-listener/port': value => $host_listener_port;
} }
if $identity_uri { if $identity_uri {

20
puppet-modules-wrs/puppet-nfv/src/nfv/manifests/vim.pp
View File

@ -42,27 +42,27 @@ class nfv::vim (
include nfv::params include nfv::params
nfv_vim_config { nfv_vim_config {
/* Debug Information */ # Debug Information
'debug/config_file': value => $debug_config_file; 'debug/config_file': value => $debug_config_file;
'debug/handlers': value => $debug_handlers; 'debug/handlers': value => $debug_handlers;
'debug/syslog_address': value => $debug_syslog_address; 'debug/syslog_address': value => $debug_syslog_address;
'debug/syslog_facility': value => $debug_syslog_facility; 'debug/syslog_facility': value => $debug_syslog_facility;
/* Database */ # Database
'database/database_dir': value => $database_dir; 'database/database_dir': value => $database_dir;
/* Alarm */ # Alarm
'alarm/namespace': value => $alarm_namespace; 'alarm/namespace': value => $alarm_namespace;
'alarm/handlers': value => $alarm_handlers; 'alarm/handlers': value => $alarm_handlers;
'alarm/audit_interval': value => $alarm_audit_interval; 'alarm/audit_interval': value => $alarm_audit_interval;
'alarm/config_file': value => $alarm_config_file; 'alarm/config_file': value => $alarm_config_file;
/* Event Log */ # Event Log
'event-log/namespace': value => $event_log_namespace; 'event-log/namespace': value => $event_log_namespace;
'event-log/handlers': value => $event_log_handlers; 'event-log/handlers': value => $event_log_handlers;
'event-log/config_file': value => $event_log_config_file; 'event-log/config_file': value => $event_log_config_file;
/* NFVI */ # NFVI
'nfvi/namespace': value => $nfvi_namespace; 'nfvi/namespace': value => $nfvi_namespace;
'nfvi/config_file': value => $nfvi_config_file; 'nfvi/config_file': value => $nfvi_config_file;
'nfvi/image_plugin_disabled': value => $image_plugin_disabled; 'nfvi/image_plugin_disabled': value => $image_plugin_disabled;
@ -71,26 +71,26 @@ class nfv::vim (
'nfvi/network_plugin_disabled': value => $network_plugin_disabled; 'nfvi/network_plugin_disabled': value => $network_plugin_disabled;
'nfvi/guest_plugin_disabled': value => $guest_plugin_disabled; 'nfvi/guest_plugin_disabled': value => $guest_plugin_disabled;
/* INSTANCE CONFIGURATION */ # INSTANCE CONFIGURATION
'instance-configuration/max_live_migrate_wait_in_secs': value => $instance_max_live_migrate_wait_in_secs; 'instance-configuration/max_live_migrate_wait_in_secs': value => $instance_max_live_migrate_wait_in_secs;
'instance-configuration/single_hypervisor': value => $instance_single_hypervisor; 'instance-configuration/single_hypervisor': value => $instance_single_hypervisor;
/* VIM */ # VIM
'vim/rpc_host': value => $vim_rpc_ip; 'vim/rpc_host': value => $vim_rpc_ip;
'vim/rpc_port': value => $vim_rpc_port; 'vim/rpc_port': value => $vim_rpc_port;
/* VIM-API */ # VIM-API
'vim-api/host': value => $vim_api_ip; 'vim-api/host': value => $vim_api_ip;
'vim-api/port': value => $vim_api_port; 'vim-api/port': value => $vim_api_port;
'vim-api/rpc_host': value => $vim_api_rpc_ip; 'vim-api/rpc_host': value => $vim_api_rpc_ip;
'vim-api/rpc_port': value => $vim_api_rpc_port; 'vim-api/rpc_port': value => $vim_api_rpc_port;
/* VIM-Webserver */ # VIM-Webserver
'vim-webserver/host': value => $vim_webserver_ip; 'vim-webserver/host': value => $vim_webserver_ip;
'vim-webserver/port': value => $vim_webserver_port; 'vim-webserver/port': value => $vim_webserver_port;
'vim-webserver/source_dir': value => $vim_webserver_source_dir; 'vim-webserver/source_dir': value => $vim_webserver_source_dir;
/* SW-MGMT CONFIGURATION */ # SW-MGMT CONFIGURATION
'sw-mgmt-configuration/single_controller': value => $sw_mgmt_single_controller; 'sw-mgmt-configuration/single_controller': value => $sw_mgmt_single_controller;
} }

2
puppet-modules-wrs/puppet-nova_api_proxy/src/LICENSE.readme
View File

@ -1,6 +1,6 @@
The license source is: The license source is:
https://github.com/openstack/puppet-nova/blob/stable/juno/LICENSE. https://github.com/openstack/puppet-nova/blob/stable/juno/LICENSE.
Similarly, the sources for puppet-nova_api_proxy come from that external Similarly, the sources for puppet-nova_api_proxy come from that external
project. project.

24
puppet-modules-wrs/puppet-nova_api_proxy/src/nova_api_proxy/manifests/config.pp
View File

@ -43,21 +43,21 @@ class nova_api_proxy::config (
# SSL Options # SSL Options
if $use_ssl { if $use_ssl {
if !$cert_file { if !$cert_file {
fail('The cert_file parameter is required when use_ssl is set to true') fail('The cert_file parameter is required when use_ssl is set to true')
} }
if !$key_file { if !$key_file {
fail('The key_file parameter is required when use_ssl is set to true') fail('The key_file parameter is required when use_ssl is set to true')
} }
} }
proxy_config { proxy_config {
'DEFAULT/auth_strategy': value => $auth_strategy; 'DEFAULT/auth_strategy': value => $auth_strategy;
'DEFAULT/osapi_proxy_listen': value => $osapi_proxy_listen; 'DEFAULT/osapi_proxy_listen': value => $osapi_proxy_listen;
'DEFAULT/osapi_compute_listen': value => $osapi_compute_listen; 'DEFAULT/osapi_compute_listen': value => $osapi_compute_listen;
'DEFAULT/nfvi_compute_listen': value => $nfvi_compute_listen; 'DEFAULT/nfvi_compute_listen': value => $nfvi_compute_listen;
'DEFAULT/nfvi_compute_listen_port': value => $nfvi_compute_listen_port; 'DEFAULT/nfvi_compute_listen_port': value => $nfvi_compute_listen_port;
'DEFAULT/pool_size': value => $eventlet_pool_size; 'DEFAULT/pool_size': value => $eventlet_pool_size;
} }
if $use_ssl { if $use_ssl {

22
puppet-modules-wrs/puppet-patching/src/patching/manifests/init.pp
View File

@ -14,10 +14,10 @@ class patching (
include patching::params include patching::params
file { $::patching::params::patching_conf: file { $::patching::params::patching_conf:
ensure => present, ensure => present,
owner => 'patching', owner => 'patching',
group => 'patching', group => 'patching',
mode => '0600', mode => '0600',
} }
patching_config { patching_config {
@ -27,17 +27,17 @@ class patching (
'runtime/controller_port': value => $controller_port; 'runtime/controller_port': value => $controller_port;
'runtime/agent_port': value => $agent_port; 'runtime/agent_port': value => $agent_port;
} }
~>
service { 'sw-patch-agent.service': ~> service { 'sw-patch-agent.service':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
subscribe => File[$::patching::params::patching_conf], subscribe => File[$::patching::params::patching_conf],
} }
if $::personality == "controller" { if $::personality == 'controller' {
service { 'sw-patch-controller-daemon.service': service { 'sw-patch-controller-daemon.service':
ensure => 'running', ensure => 'running',
enable => true, enable => true,
subscribe => Service['sw-patch-agent.service'], subscribe => Service['sw-patch-agent.service'],
} }
} }

6
puppet-modules-wrs/puppet-patching/src/patching/manifests/keystone/auth.pp
View File

@ -20,11 +20,9 @@ class patching::keystone::auth (
$admin_url = 'http://127.0.0.1:5491/v1', $admin_url = 'http://127.0.0.1:5491/v1',
$internal_url = 'http://127.0.0.1:5491/v1', $internal_url = 'http://127.0.0.1:5491/v1',
) { ) {
$real_service_name = pick($service_name, $auth_name)
$real_service_name = pick($service_name, $auth_name) keystone::resource::service_identity { 'patching':
keystone::resource::service_identity { 'patching':
configure_user => $configure_user, configure_user => $configure_user,
configure_user_role => $configure_user_role, configure_user_role => $configure_user_role,
configure_endpoint => $configure_endpoint, configure_endpoint => $configure_endpoint,

3
puppet-modules-wrs/puppet-sshd/src/sshd/manifests/init.pp
View File

@ -4,5 +4,4 @@
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
class sshd () { class sshd () { }
}

2
puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/agent.pp
View File

@ -34,7 +34,7 @@ class sysinv::agent (
} }
sysinv_config { sysinv_config {
'lldp/drivers': value => join($lldp_drivers,","); 'lldp/drivers': value => join($lldp_drivers,',');
} }
if $::sysinv::params::agent_package { if $::sysinv::params::agent_package {

18
puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/api.pp
View File

@ -5,7 +5,7 @@
# #
# SPDX-License-Identifier: Apache-2.0 # SPDX-License-Identifier: Apache-2.0
# #
# #
# Nov 2017: rebase pike # Nov 2017: rebase pike
# Aug 2016: rebase mitaka # Aug 2016: rebase mitaka
# Jun 2016: rebase centos # Jun 2016: rebase centos
@ -175,10 +175,8 @@ class sysinv::api (
$pxeboot_host = undef, $pxeboot_host = undef,
$enabled = true $enabled = true
) { ) {
include sysinv::params include sysinv::params
Sysinv_config<||> ~> Service['sysinv-api'] Sysinv_config<||> ~> Service['sysinv-api']
Sysinv_config<||> ~> Exec['sysinv-dbsync'] Sysinv_config<||> ~> Exec['sysinv-dbsync']
Sysinv_api_paste_ini<||> ~> Service['sysinv-api'] Sysinv_api_paste_ini<||> ~> Service['sysinv-api']
@ -188,18 +186,18 @@ class sysinv::api (
Package['sysinv'] -> Sysinv_api_paste_ini<||> Package['sysinv'] -> Sysinv_api_paste_ini<||>
Package['sysinv'] -> Service['sysinv-api'] Package['sysinv'] -> Service['sysinv-api']
package { 'sysinv': package { 'sysinv':
ensure => $package_ensure, ensure => $package_ensure,
name => $::sysinv::params::api_package, name => $::sysinv::params::api_package,
} }
} }
sysinv_config { sysinv_config {
"DEFAULT/sysinv_api_bind_ip": value => $bind_host; 'DEFAULT/sysinv_api_bind_ip': value => $bind_host;
} }
if $pxeboot_host { if $pxeboot_host {
sysinv_config { sysinv_config {
"DEFAULT/sysinv_api_pxeboot_ip": value => $pxeboot_host; 'DEFAULT/sysinv_api_pxeboot_ip': value => $pxeboot_host;
} }
} }
@ -342,9 +340,9 @@ class sysinv::api (
# Only do the db sync if both controllers are running the same software # Only do the db sync if both controllers are running the same software
# version. Avoids impacting mate controller during an upgrade. # version. Avoids impacting mate controller during an upgrade.
onlyif => [ onlyif => [
"test $::controller_sw_versions_match = true", "test ${::controller_sw_versions_match} = true",
"systemctl status postgresql" 'systemctl status postgresql'
] ]
} }
} }

20
puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/base.pp
View File

@ -30,16 +30,16 @@ class sysinv::base (
warning('The sysinv::base class is deprecated. Use sysinv instead.') warning('The sysinv::base class is deprecated. Use sysinv instead.')
class { '::sysinv': class { '::sysinv':
rabbit_password => $rabbit_password, rabbit_password => $rabbit_password,
sql_connection => $sql_connection, sql_connection => $sql_connection,
rabbit_host => $rabbit_host, rabbit_host => $rabbit_host,
rabbit_port => $rabbit_port, rabbit_port => $rabbit_port,
rabbit_hosts => $rabbit_hosts, rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host, rabbit_virtual_host => $rabbit_virtual_host,
rabbit_userid => $rabbit_userid, rabbit_userid => $rabbit_userid,
package_ensure => $package_ensure, package_ensure => $package_ensure,
api_paste_config => $api_paste_config, api_paste_config => $api_paste_config,
verbose => $verbose, verbose => $verbose,
} }
} }

16
puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql.pp
View File

@ -28,11 +28,11 @@ class sysinv::db::mysql (
Database[$dbname] ~> Exec<| title == 'sysinv-dbsync' |> Database[$dbname] ~> Exec<| title == 'sysinv-dbsync' |>
mysql::db { $dbname: mysql::db { $dbname:
user => $user, user => $user,
password => $password, password => $password,
host => $host, host => $host,
charset => $charset, charset => $charset,
require => Class['mysql::config'], require => Class['mysql::config'],
} }
# Check allowed_hosts to avoid duplicate resource declarations # Check allowed_hosts to avoid duplicate resource declarations
@ -45,9 +45,9 @@ class sysinv::db::mysql (
if $real_allowed_hosts { if $real_allowed_hosts {
# TODO this class should be in the mysql namespace # TODO this class should be in the mysql namespace
sysinv::db::mysql::host_access { $real_allowed_hosts: sysinv::db::mysql::host_access { $real_allowed_hosts:
user => $user, user => $user,
password => $password, password => $password,
database => $dbname, database => $dbname,
} }
} }

Some files were not shown because too many files have changed in this diff Show More