diff --git a/.zuul.yaml b/.zuul.yaml index ebc87c8987..4085ba0751 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -17,8 +17,6 @@ - cgtsclient-tox-py27 - cgtsclient-tox-pep8 - cgtsclient-tox-pylint - - puppet-manifests-lint - - puppet-modules-wrs-lint gate: jobs: - openstack-tox-linters @@ -32,8 +30,6 @@ - cgtsclient-tox-py27 - cgtsclient-tox-pep8 - cgtsclient-tox-pylint - - puppet-manifests-lint - - puppet-modules-wrs-lint - job: name: sysinv-tox-py27 @@ -213,27 +209,3 @@ STX_PREFIX: '' tox_envlist: pylint tox_extra_args: -c sysinv/cgts-client/cgts-client/tox.ini - -- job: - name: puppet-manifests-lint - parent: tox - description: | - Run puppetlint test for puppet-manifests - files: - - puppet-manifests/* - pre-run: playbooks/tox-puppet-lint/pre.yaml - vars: - tox_envlist: puppetlint - tox_extra_args: -c puppet-manifests/tox.ini - -- job: - name: puppet-modules-wrs-lint - parent: tox - description: | - Run puppetlint test for puppet-modules-wrs - files: - - puppet-modules-wrs/* - pre-run: playbooks/tox-puppet-lint/pre.yaml - vars: - tox_envlist: puppetlint - tox_extra_args: -c puppet-modules-wrs/tox.ini diff --git a/puppet-manifests/centos/build_srpm.data b/puppet-manifests/centos/build_srpm.data deleted file mode 100644 index 0c2259f1ac..0000000000 --- a/puppet-manifests/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=93 diff --git a/puppet-manifests/centos/puppet-manifests.spec b/puppet-manifests/centos/puppet-manifests.spec deleted file mode 100644 index 0094396c51..0000000000 --- a/puppet-manifests/centos/puppet-manifests.spec +++ /dev/null @@ -1,84 +0,0 @@ -Name: puppet-manifests -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet Configuration and Manifests -License: Apache-2.0 -Packager: Wind River -URL: unknown - -Source0: %{name}-%{version}.tar.gz -BuildArch: noarch - -# List all the required puppet modules - -# WRS puppet modules -Requires: puppet-dcorch -Requires: puppet-dcmanager -Requires: puppet-mtce -Requires: puppet-nfv -Requires: puppet-patching -Requires: puppet-sysinv -Requires: puppet-sshd -Requires: puppet-smapi -Requires: puppet-fm -Requires: puppet-dcdbsync - -# Openstack puppet modules -Requires: puppet-barbican -Requires: puppet-ceph -Requires: puppet-horizon -Requires: puppet-keystone -Requires: puppet-openstacklib -Requires: puppet-vswitch -Requires: puppet-memcached - -# Puppetlabs puppet modules -Requires: puppet-concat -Requires: puppet-create_resources -Requires: puppet-drbd -Requires: puppet-firewall -Requires: puppet-haproxy -Requires: puppet-inifile -Requires: puppet-lvm -Requires: puppet-postgresql -Requires: puppet-rabbitmq -Requires: puppet-stdlib -Requires: puppet-sysctl -Requires: puppet-etcd - -# 3rdparty puppet modules -Requires: puppet-boolean -Requires: puppet-certmonger -Requires: puppet-dnsmasq -Requires: puppet-filemapper -Requires: puppet-kmod -Requires: puppet-ldap -Requires: puppet-network -Requires: puppet-nslcd -Requires: puppet-nssdb -Requires: puppet-puppi -Requires: puppet-vlan -Requires: puppet-collectd - -%description -Platform puppet configuration files and manifests - -%define config_dir %{_sysconfdir}/puppet -%define module_dir %{_datadir}/puppet/modules -%define local_bindir /usr/local/bin - -%prep -%setup - -%install -make install \ - BINDIR=%{buildroot}%{local_bindir} \ - CONFIGDIR=%{buildroot}%{config_dir} \ - MODULEDIR=%{buildroot}%{module_dir} - -%files -%defattr(-,root,root,-) -%license LICENSE -%{local_bindir} -%{config_dir} -%{module_dir} diff --git a/puppet-manifests/src/LICENSE b/puppet-manifests/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-manifests/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-manifests/src/Makefile b/puppet-manifests/src/Makefile deleted file mode 100644 index 54bc0eb28b..0000000000 --- a/puppet-manifests/src/Makefile +++ /dev/null @@ -1,20 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -BINDIR ?= /usr/local/bin -CONFIGDIR ?= /etc/puppet -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -m 755 -D bin/puppet-manifest-apply.sh $(BINDIR)/puppet-manifest-apply.sh - install -m 755 -D bin/apply_network_config.sh $(BINDIR)/apply_network_config.sh - install -d -m 0755 $(CONFIGDIR) - install -m 640 etc/hiera.yaml $(CONFIGDIR)/ - cp -R hieradata $(CONFIGDIR)/ - cp -R manifests $(CONFIGDIR)/ - install -d -m 0755 $(MODULEDIR) - cp -R modules/platform $(MODULEDIR)/ - cp -R modules/openstack $(MODULEDIR)/ diff --git a/puppet-manifests/src/bin/apply_network_config.sh b/puppet-manifests/src/bin/apply_network_config.sh deleted file mode 100755 index ec1dfe9d3d..0000000000 --- a/puppet-manifests/src/bin/apply_network_config.sh +++ /dev/null @@ -1,440 +0,0 @@ -#!/bin/bash - -################################################################################ -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -################################################################################ - -# -# Purpose of this script is to copy the puppet-built -# ifcfg-* network config files from the puppet dir -# to the /etc/sysconfig/network-scripts/. Only files that -# are detected as different are copied. -# -# Then for each network puppet config files that are different -# from /etc/sysconfig/network-scripts/ version of the same config file, perform a -# network restart on the related iface. -# -# Please note: function is_eq_ifcfg() is used to determine if -# cfg files are different -# - -export IFNAME_INCLUDE="ifcfg-*" -export RTNAME_INCLUDE="route-*" -ACQUIRE_LOCK=1 -RELEASE_LOCK=0 - -if [ ! -d /var/run/network-scripts.puppet/ ] ; then - # No puppet files? Nothing to do! - exit 1 -fi - -function log_it { - logger "${0} ${1}" -} - -function do_if_up { - local iface=$1 - log_it "Bringing $iface up" - /sbin/ifup $iface -} - -function do_if_down { - local iface=$1 - log_it "Bringing $iface down" - /sbin/ifdown $iface -} - -function do_rm { - local theFile=$1 - log_it "Removing $theFile" - /bin/rm $theFile -} - -function do_cp { - local srcFile=$1 - local dstFile=$2 - log_it "copying network cfg $srcFile to $dstFile" - cp $srcFile $dstFile -} - -# Return items in list1 that are not in list2 -array_diff () { - list1=${!1} - list2=${!2} - - result=() - l2=" ${list2[*]} " - for item in ${list1[@]}; do - if [[ ! $l2 =~ " $item " ]] ; then - result+=($item) - fi - done - - echo ${result[@]} -} - -function normalized_cfg_attr_value { - local cfg=$1 - local attr_name=$2 - local attr_value - attr_value=$(cat $cfg | grep $attr_name= | awk -F "=" {'print $2'}) - - - # - # Special case BONDING_OPTS attribute. - # - # The BONDING_OPTS attribute contains '=' characters, so is not correctly - # parsed by splitting on '=' as done above. This results in changes to - # BONDING_OPTS not causing the interface to be restarted, so the old - # BONDING_OPTS still be used. Because this is only checking for changes, - # rather than actually using the returned value, we can return the whole - # line. - # - if [[ "${attr_name}" == "BONDING_OPTS" ]]; then - echo "$(cat $cfg | grep $attr_name=)" - return $(true) - fi - - if [[ "${attr_name}" != "BOOTPROTO" ]]; then - echo "${attr_value}" - return $(true) - fi - # - # Special case BOOTPROTO attribute. - # - # The BOOTPROTO attribute is not populated consistently by various aspects - # of the system. Different values are used to indicate a manually - # configured interfaces (i.e., one that does not expect to have an IP - # address) and so to avoid reconfiguring an interface that has different - # values with the same meaning we normalize them here before making any - # decisions. - # - # From a user perspective the values "manual", "none", and "" all have the - # same meaning - an interface without an IP address while "dhcp" and - # "static" are distinct values with a separate meaning. In practice - # however, the only value that matters from a ifup/ifdown script point of - # view is "dhcp". All other values are ignored. - # - # In our system we set BOOTPROTO to "static" to indicate that IP address - # attributes exist and to "manual"/"none" to indicate that no IP address - # attributes exist. These are not needed by ifup/ifdown as it looks for - # the "IPADDR" attribute whenever BOOTPROTO is set to anything other than - # "dhcp". - # - if [[ "${attr_value}" == "none" ]]; then - attr_value="none" - fi - if [[ "${attr_value}" == "manual" ]]; then - attr_value="none" - fi - if [[ "${attr_value}" == "" ]]; then - attr_value="none" - fi - echo "${attr_value}" - return $(true) -} - -# -# returns $(true) if cfg file ( $1 ) has property propName ( $2 ) with a value of propValue ( $3 ) -# -function cfg_has_property_with_value { - local cfg=$1 - local propname=$2 - local propvalue=$3 - if [ -f $cfg ]; then - if [[ "$(normalized_cfg_attr_value $cfg $propname)" == "${propvalue}" ]]; then - return $(true) - fi - fi - return $(false) -} - -# -# returns $(true) if cfg file is configured as a slave -# -function is_slave { - cfg_has_property_with_value $1 "SLAVE" "yes" - return $? -} - -# -# returns $(true) if cfg file is configured for DHCP -# -function is_dhcp { - cfg_has_property_with_value $1 "BOOTPROTO" "dhcp" -} - -# -# returns $(true) if cfg file is configured as a VLAN interface -# -function is_vlan { - cfg_has_property_with_value $1 "VLAN" "yes" - return $? -} - -# -# returns $(true) if cfg file is configured as an ethernet interface. For the -# purposes of this script "ethernet" is considered as any interface that is not -# a vlan or a slave. This includes both regular ethernet interfaces and bonded -# interfaces. -# -function is_ethernet { - if ! is_vlan $1; then - if ! is_slave $1; then - return $(true) - fi - fi - return $(false) -} - -# -# returns $(true) if cfg file represents an interface of the specified type. -# -function iftype_filter { - local iftype=$1 - - return $(is_$iftype $2) -} - -# -# returns $(true) if ifcfg files have the same number of VFs -# -# -function is_eq_sriov_numvfs { - local cfg_1=$1 - local cfg_2=$2 - local sriov_numvfs_1 - sriov_numvfs_1=$(grep -o 'echo *[1-9].*sriov_numvfs' $cfg_1 | awk {'print $2'}) - local sriov_numvfs_2 - sriov_numvfs_2=$(grep -o 'echo *[1-9].*sriov_numvfs' $cfg_2 | awk {'print $2'}) - - sriov_numvfs_1=${sriov_numvfs_1:-0} - sriov_numvfs_2=${sriov_numvfs_2:-0} - - if [[ "${sriov_numvfs_1}" != "${sriov_numvfs_2}" ]]; then - log_it "$cfg_1 and $cfg_2 differ on attribute sriov_numvfs [${sriov_numvfs_1}:${sriov_numvfs_2}]" - return $(false) - fi - - return $(true) -} - -# -# returns $(true) if ifcfg files are equal -# -# Warning: Only compares against cfg file attributes: -# BOOTPROTO DEVICE IPADDR NETMASK GATEWAY MTU BONDING_OPTS SRIOV_NUMVFS -# -function is_eq_ifcfg { - local cfg_1=$1 - local cfg_2=$2 - - for attr in BOOTPROTO DEVICE IPADDR NETMASK GATEWAY MTU BONDING_OPTS; do - local attr_value1 - attr_value1=$(normalized_cfg_attr_value $cfg_1 $attr) - local attr_value2 - attr_value2=$(normalized_cfg_attr_value $cfg_2 $attr) - if [[ "${attr_value1}" != "${attr_value2}" ]]; then - log_it "$cfg_1 and $cfg_2 differ on attribute $attr" - return $(false) - fi - done - - is_eq_sriov_numvfs $1 $2 - return $? -} - -# Synchronize with sysinv-agent audit (ifup/down to query link speed). -function sysinv_agent_lock { - case $1 in - $ACQUIRE_LOCK) - local lock_file="/var/run/apply_network_config.lock" - # Lock file should be the same as defined in sysinv agent code - local lock_timeout=5 - local max=15 - local n=1 - LOCK_FD=0 - exec {LOCK_FD}>$lock_file - while [[ $n -le $max ]]; do - - flock -w $lock_timeout $LOCK_FD && break - log_it "Failed to get lock($LOCK_FD) after $lock_timeout seconds ($n/$max), will retry" - sleep 1 - n=$(($n+1)) - done - if [[ $n -gt $max ]]; then - log_it "Failed to acquire lock($LOCK_FD) even after $max retries" - exit 1 - fi - ;; - $RELEASE_LOCK) - [[ $LOCK_FD -gt 0 ]] && flock -u $LOCK_FD - ;; - esac -} - -# First thing to do is deal with the case of there being no routes left on an interface. -# In this case, there will be no route- in the puppet directory. -# We'll just create an empty one so that the below will loop will work in all cases. - -for rt_path in $(find /etc/sysconfig/network-scripts/ -name "${RTNAME_INCLUDE}"); do - rt=$(basename $rt_path) - - if [ ! -e /var/run/network-scripts.puppet/$rt ]; then - touch /var/run/network-scripts.puppet/$rt - fi -done - -for rt_path in $(find /var/run/network-scripts.puppet/ -name "${RTNAME_INCLUDE}"); do - rt=$(basename $rt_path) - iface_rt=${rt#route-} - - if [ -e /etc/sysconfig/network-scripts/$rt ]; then - # There is an existing route file. Check if there are changes. - diff -I ".*Last generated.*" -q /var/run/network-scripts.puppet/$rt \ - /etc/sysconfig/network-scripts/$rt >/dev/null 2>&1 - - if [ $? -ne 0 ] ; then - # We may need to perform some manual route deletes - # Look for route lines that are present in the current netscripts route file, - # but not in the new puppet version. Need to manually delete these routes. - grep -v HEADER /etc/sysconfig/network-scripts/$rt | while read oldRouteLine - do - grepCmd="grep -q '$oldRouteLine' $rt_path > /dev/null" - eval $grepCmd - if [ $? -ne 0 ] ; then - log_it "Removing route: $oldRouteLine" - $(/usr/sbin/ip route del $oldRouteLine) - fi - done - fi - fi - - - if [ -s /var/run/network-scripts.puppet/$rt ] ; then - # Whether this is a new routes file or there are changes, ultimately we will need - # to ifup the file to add any potentially new routes. - - do_cp /var/run/network-scripts.puppet/$rt /etc/sysconfig/network-scripts/$rt - /etc/sysconfig/network-scripts/ifup-routes $iface_rt - - else - # Puppet routes file is empty, because we created an empty one due to absence of any routes - # so that our check with the existing netscripts routes would work. - # Just delete the netscripts file as there are no static routes left on this interface. - do_rm /etc/sysconfig/network-scripts/$rt - fi - - # Puppet redhat.rb file does not support removing routes from the same resource file. - # Need to smoke the temp one so it will be properly recreated next time. - - do_cp /var/run/network-scripts.puppet/$rt /var/run/network-scripts.puppet/$iface_rt.back - do_rm /var/run/network-scripts.puppet/$rt - -done - - - - -upDown=() -changed=() -for cfg_path in $(find /var/run/network-scripts.puppet/ -name "${IFNAME_INCLUDE}"); do - cfg=$(basename $cfg_path) - - diff -I ".*Last generated.*" -q /var/run/network-scripts.puppet/$cfg \ - /etc/sysconfig/network-scripts/$cfg >/dev/null 2>&1 - - if [ $? -ne 0 ] ; then - # puppet file needs to be copied to network dir because diff detected - changed+=($cfg) - # but do we need to actually start the iface? - if is_dhcp /var/run/network-scripts.puppet/$cfg || \ - is_dhcp /etc/sysconfig/network-scripts/$cfg ; then - # if dhcp type iface, then too many possible attr's to compare against, so - # just add cfg to the upDown list because we know (from above) cfg file is changed - log_it "dhcp detected for $cfg - adding to upDown list" - upDown+=($cfg) - else - # not in dhcp situation so check if any significant - # cfg attributes have changed to warrant an iface restart - is_eq_ifcfg /var/run/network-scripts.puppet/$cfg \ - /etc/sysconfig/network-scripts/$cfg - if [ $? -ne 0 ] ; then - log_it "$cfg changed" - # Remove alias portion in the interface name if any. - # Check if the base interface is already on the list for - # restart. If not, add it to the list. - # The alias interface does not need to be restarted. - base_cfg=${cfg/:*/} - found=0 - for chk in ${upDown[@]}; do - if [ "$base_cfg" = "$chk" ]; then - found=1 - break - fi - done - - if [ $found -eq 0 ]; then - log_it "Adding $base_cfg to upDown list" - upDown+=($base_cfg) - fi - fi - fi - fi -done - -current=() -for f in $(find /etc/sysconfig/network-scripts/ -name "${IFNAME_INCLUDE}"); do - current+=($(basename $f)) -done - -active=() -for f in $(find /var/run/network-scripts.puppet/ -name "${IFNAME_INCLUDE}"); do - active+=($(basename $f)) -done - -# synchronize with sysinv-agent audit -sysinv_agent_lock $ACQUIRE_LOCK - -remove=$(array_diff current[@] active[@]) -for r in ${remove[@]}; do - # Bring down interface before we execute network restart, interfaces - # that do not have an ifcfg are not managed by init script - iface=${r#ifcfg-} - do_if_down $iface - do_rm /etc/sysconfig/network-scripts/$r -done - -# now down the changed ifaces by dealing with vlan interfaces first so that -# they are brought down gracefully (i.e., without taking their dependencies -# away unexpectedly). -for iftype in vlan ethernet; do - for cfg in ${upDown[@]}; do - ifcfg=/etc/sysconfig/network-scripts/$cfg - if iftype_filter $iftype $ifcfg; then - do_if_down ${ifcfg#ifcfg-} - fi - done -done - -# now copy the puppet changed interfaces to /etc/sysconfig/network-scripts -for cfg in ${changed[@]}; do - do_cp /var/run/network-scripts.puppet/$cfg /etc/sysconfig/network-scripts/$cfg -done - -# now ifup changed ifaces by dealing with vlan interfaces last so that their -# dependencies are met before they are configured. -for iftype in ethernet vlan; do - for cfg in ${upDown[@]}; do - ifcfg=/var/run/network-scripts.puppet/$cfg - if iftype_filter $iftype $ifcfg; then - do_if_up ${ifcfg#ifcfg-} - fi - done -done - -# unlock: synchronize with sysinv-agent audit -sysinv_agent_lock $RELEASE_LOCK diff --git a/puppet-manifests/src/bin/puppet-manifest-apply.sh b/puppet-manifests/src/bin/puppet-manifest-apply.sh deleted file mode 100755 index 84cd4ebee2..0000000000 --- a/puppet-manifests/src/bin/puppet-manifest-apply.sh +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/env bash - -# Grab a lock before doing anything else -LOCKFILE=/var/lock/.puppet.applyscript.lock -LOCK_FD=200 -LOCK_TIMEOUT=60 - -eval "exec ${LOCK_FD}>$LOCKFILE" - -while :; do - flock -w $LOCK_TIMEOUT $LOCK_FD && break - logger -t $0 "Failed to get lock for puppet applyscript after $LOCK_TIMEOUT seconds. Trying again" - sleep 1 -done - -HIERADATA=$1 -HOST=$2 -PERSONALITY=$3 -MANIFEST=${4:-$PERSONALITY} -RUNTIMEDATA=$5 - - -PUPPET_MODULES_PATH=/usr/share/puppet/modules:/usr/share/openstack-puppet/modules -PUPPET_MANIFEST=/etc/puppet/manifests/${MANIFEST}.pp -PUPPET_TMP=/tmp/puppet - -# Setup log directory and file -DATETIME=$(date -u +"%Y-%m-%d-%H-%M-%S") -LOGDIR="/var/log/puppet/${DATETIME}_${PERSONALITY}" -LOGFILE=${LOGDIR}/puppet.log - -mkdir -p ${LOGDIR} -rm -f /var/log/puppet/latest -ln -s ${LOGDIR} /var/log/puppet/latest - -touch ${LOGFILE} -chmod 600 ${LOGFILE} - - -# Remove old log directories -declare -i NUM_DIRS=`ls -d1 /var/log/puppet/[0-9]* 2>/dev/null | wc -l` -declare -i MAX_DIRS=20 -if [ ${NUM_DIRS} -gt ${MAX_DIRS} ]; then - let -i RMDIRS=${NUM_DIRS}-${MAX_DIRS} - ls -d1 /var/log/puppet/[0-9]* | head -${RMDIRS} | xargs --no-run-if-empty rm -rf -fi - - -# Setup staging area and hiera data configuration -# (must match hierarchy defined in hiera.yaml) -rm -rf ${PUPPET_TMP} -mkdir -p ${PUPPET_TMP}/hieradata -cp /etc/puppet/hieradata/global.yaml ${PUPPET_TMP}/hieradata/global.yaml -cp /etc/puppet/hieradata/${PERSONALITY}.yaml ${PUPPET_TMP}/hieradata/personality.yaml - -# When the worker node is first booted and goes online, sysinv-agent reports -# host CPU inventory which triggers the first runtime manifest apply that updates -# the grub. At this time, copying the host file failed due to a timing issue that -# has not yet been fully understood. Subsequent retries worked. -if [ "${PERSONALITY}" = "worker" ]; then - n=0 - until [ $n -ge 3 ]; do - cp -f ${HIERADATA}/${HOST}.yaml ${PUPPET_TMP}/hieradata/host.yaml && break - n=$(($n+1)) - logger -t $0 "Failed to copy /etc/puppet/hieradata/${HOST}.yaml" - sleep 15 - done -else - cp -f ${HIERADATA}/${HOST}.yaml ${PUPPET_TMP}/hieradata/host.yaml -fi -cp -f ${HIERADATA}/system.yaml \ - ${HIERADATA}/secure_system.yaml \ - ${HIERADATA}/static.yaml \ - ${HIERADATA}/secure_static.yaml \ - ${PUPPET_TMP}/hieradata/ - -if [ -n "${RUNTIMEDATA}" ]; then - cp -f ${RUNTIMEDATA} ${PUPPET_TMP}/hieradata/runtime.yaml -fi - - -# Exit function to save logs from initial apply -function finish { - local SAVEDLOGS=/var/log/puppet/first_apply.tgz - if [ ! -f ${SAVEDLOGS} ]; then - # Save the logs - tar czf ${SAVEDLOGS} ${LOGDIR} 2>/dev/null - fi -} -trap finish EXIT - - -# Set Keystone endpoint type to internal to prevent SSL cert failures during config -export OS_ENDPOINT_TYPE=internalURL -export CINDER_ENDPOINT_TYPE=internalURL -# Suppress stdlib deprecation warnings until all puppet modules can be updated -export STDLIB_LOG_DEPRECATIONS=false - -echo "Applying puppet ${MANIFEST} manifest..." -flock /var/run/puppet.lock \ - puppet apply --debug --trace --modulepath ${PUPPET_MODULES_PATH} ${PUPPET_MANIFEST} \ - < /dev/null 2>&1 | awk ' { system("date -u +%FT%T.%3N | tr \"\n\" \" \""); print $0; fflush(); } ' > ${LOGFILE} -if [ $? -ne 0 ]; then - echo "[FAILED]" - echo "See ${LOGFILE} for details" - exit 1 -else - grep -qE '^(.......)?Warning|^....-..-..T..:..:..([.]...)?(.......)?.Warning|^(.......)?Error|^....-..-..T..:..:..([.]...)?(.......)?.Error' ${LOGFILE} - if [ $? -eq 0 ]; then - echo "[WARNING]" - echo "Warnings found. See ${LOGFILE} for details" - exit 1 - fi - echo "[DONE]" -fi - -exit 0 diff --git a/puppet-manifests/src/etc/hiera.yaml b/puppet-manifests/src/etc/hiera.yaml deleted file mode 100644 index e40d9c050b..0000000000 --- a/puppet-manifests/src/etc/hiera.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -:backends: - - yaml - -:hierarchy: - - runtime - - host - - secure_system - - system - - secure_static - - static - - personality - - global - -:yaml: - # data is staged to a local directory by the puppet-manifest-apply.sh script - :datadir: /tmp/puppet/hieradata diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml deleted file mode 100644 index b850282f97..0000000000 --- a/puppet-manifests/src/hieradata/controller.yaml +++ /dev/null @@ -1,237 +0,0 @@ -# controller specific configuration data ---- - -# platform - -# Default hostname required for initial bootstrap of controller-0. -# Configured hostname will override this value. -platform::params::hostname: 'controller-0' - -# Default controller hostname maps to the loopback address -# NOTE: Puppet doesn't support setting multiple IPs for the host resource, -# therefore setup an alias for the controller against localhost and -# then specify the IPv6 localhost as a separate entry. -# The IPv6 entry is required for LDAP clients to connect to the LDAP -# server when there are no IPv4 addresses configured, which occurs -# during the bootstrap phase. -platform::config::params::hosts: - localhost: - ip: '127.0.0.1' - host_aliases: - - localhost.localdomain - - controller - controller: - ip: '::1' - -# default parameters, runtime management network configured will override -platform::network::mgmt::params::subnet_version: 4 -platform::network::mgmt::params::controller0_address: 127.0.0.1 -platform::network::mgmt::params::controller1_address: 127.0.0.2 - -# default parameters, runtime values will be based on selected link -platform::drbd::params::link_speed: 10000 -platform::drbd::params::link_util: 40 -platform::drbd::params::num_parallel: 1 -platform::drbd::params::rtt_ms: 0.2 - -# Default LDAP configuration required for bootstrap of controller-0 -platform::ldap::params::server_id: '001' -platform::ldap::params::provider_uri: 'ldap://controller-1' - -# FIXME(mpeters): remove packstack specific variable -# workaround until openstack credentials module is updated to not reference -# hiera data -CONFIG_ADMIN_USER_DOMAIN_NAME: Default -CONFIG_ADMIN_PROJECT_DOMAIN_NAME: Default - - -# mtce -platform::mtce::params::auth_host: '127.0.0.1' -platform::mtce::params::auth_port: 5000 -platform::mtce::params::auth_uri: 'http://127.0.0.1:5000' -platform::mtce::params::auth_user_domain: 'Default' -platform::mtce::params::auth_project_domain: 'Default' -platform::mtce::params::auth_project: 'services' -platform::mtce::params::auth_region: 'RegionOne' -platform::mtce::params::mtce_multicast: '239.1.1.2' -platform::mtce::agent::params::worker_boot_timeout: 720 -platform::mtce::agent::params::controller_boot_timeout: 1200 -platform::mtce::agent::params::heartbeat_period: 100 -platform::mtce::agent::params::heartbeat_failure_action: 'fail' -platform::mtce::agent::params::heartbeat_failure_threshold: 10 -platform::mtce::agent::params::heartbeat_degrade_threshold: 6 -platform::mtce::agent::params::mnfa_threshold: 2 -platform::mtce::agent::params::mnfa_timeout: 0 - -# influxdb configuration for collectd -platform::influxdb::params::bind_address: ':25826' -platform::influxdb::params::database: 'collectd' -platform::influxdb::params::typesdb: '/usr/share/collectd/types.db' -platform::influxdb::params::batch_size: 1000 -platform::influxdb::params::batch_pending: 5 -platform::influxdb::params::batch_timeout: '2s' -platform::influxdb::params::read_buffer: 0 - -# influxdb log ratation file -platform::influxdb::logrotate::params::log_file_name: '/var/log/influxdb/influxd.log' -platform::influxdb::logrotate::params::log_file_size: '20M' -platform::influxdb::logrotate::params::log_file_rotate: 10 - -# postgresql -postgresql::globals::needs_initdb: false -postgresql::server::service_enable: false -postgresql::server::ip_mask_deny_postgres_user: '0.0.0.0/32' -postgresql::server::ip_mask_allow_all_users: '0.0.0.0/0' -postgresql::server::pg_hba_conf_path: "/etc/postgresql/pg_hba.conf" -postgresql::server::pg_ident_conf_path: "/etc/postgresql/pg_ident.conf" -postgresql::server::postgresql_conf_path: "/etc/postgresql/postgresql.conf" -postgresql::server::listen_addresses: "*" -postgresql::server::ipv4acls: ['host all all samenet md5'] -postgresql::server::log_line_prefix: 'db=%d,user=%u ' - - -# rabbitmq -rabbitmq::repos_ensure: false -rabbitmq::admin_enable: false -rabbitmq::package_provider: 'yum' -rabbitmq::default_host: 'controller' - - -# drbd -drbd::service_enable: false -drbd::service_ensure: 'stopped' - - -# haproxy -haproxy::merge_options: true - -platform::haproxy::params::global_options: - log: - - '127.0.0.1:514 local1 info' - user: 'haproxy' - group: 'sys_protected' - chroot: '/var/lib/haproxy' - pidfile: '/var/run/haproxy.pid' - maxconn: '4000' - daemon: '' - stats: 'socket /var/lib/haproxy/stats' - ca-base: '/etc/ssl/certs' - crt-base: '/etc/ssl/private' - ssl-default-bind-ciphers: 'kEECDH+aRSA+AES:kRSA+AES:+AES256:!RC4-SHA:!kEDH:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!LOW:!EXP:!MD5:!aNULL:!eNULL' - ssl-default-bind-options: 'no-sslv3 no-tlsv10' - -haproxy::defaults_options: - log: 'global' - mode: 'http' - stats: 'enable' - option: - - 'httplog' - - 'dontlognull' - - 'forwardfor' - retries: '3' - timeout: - - 'http-request 10s' - - 'queue 10m' - - 'connect 10s' - - 'client 90s' - - 'server 90s' - - 'check 10s' - maxconn: '8000' - - -# memcached -# disable UDP listener to prevent DOS attack -platform::memcached::params::udp_port: 0 -platform::memcached::params::max_connections: 8192 -platform::memcached::params::max_memory: 782 - -# sysinv -sysinv::journal_max_size: 51200 -sysinv::journal_min_size: 1024 -sysinv::journal_default_size: 1024 - -sysinv::api::enabled: false -sysinv::api::keystone_tenant: 'services' -sysinv::api::keystone_user: 'sysinv' -sysinv::api::keystone_user_domain: 'Default' -sysinv::api::keystone_project_domain: 'Default' - -sysinv::conductor::enabled: false - - -# nfvi -nfv::nfvi::infrastructure_rest_api_data_port_fault_handling_enabled: false - - -# keystone -keystone::service::enabled: false -keystone::token_provider: 'fernet' -keystone::max_token_size: 255, -keystone::debug: false -keystone::service_name: 'openstack-keystone' -keystone::enable_ssl: false -keystone::use_syslog: true -keystone::log_facility: 'local2' -keystone::database_idle_timeout: 60 -keystone::database_max_pool_size: 1 -keystone::database_max_overflow: 50 -keystone::enable_bootstrap: false -keystone::sync_db: false -keystone::enable_proxy_headers_parsing: true -keystone::log_file: /dev/null - -keystone::endpoint::default_domain: 'Default' -keystone::endpoint::version: 'v3' -keystone::endpoint::region: 'RegionOne' -keystone::endpoint::system_controller_region: 'SystemController' -keystone::endpoint::admin_url: 'http://127.0.0.1:5000' - -keystone::ldap::identity_driver: 'sql' -keystone::ldap::assignment_driver: 'sql' - -keystone::security_compliance::unique_last_password_count: 2 -keystone::security_compliance::password_regex: '^(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%^&*()<>{}+=_\\\[\]\-?|~`,.;:]).{7,}$' -keystone::security_compliance::password_regex_description: 'Password must have a minimum length of 7 characters, and must contain at least 1 upper case, 1 lower case, 1 digit, and 1 special character' - -keystone::roles::admin::email: 'admin@localhost' -keystone::roles::admin::admin_tenant: 'admin' -keystone::roles::admin::admin_tenant_desc: 'admin project' -keystone::roles::admin::service_tenant_desc: 'project for the platform services' - -platform::client::params::identity_auth_url: 'http://localhost:5000/v3' - -# Dcorch -dcorch::use_syslog: true -dcorch::log_facility: 'local2' -dcorch::debug: false - -# Dcmanager -dcmanager::use_syslog: true -dcmanager::log_facility: 'local2' -dcmanager::debug: false - -# Dcdbsync -dbsync::use_syslog: true -dbsync::log_facility: 'local2' -dbsync::debug: false - -# FM -fm::use_syslog: true -fm::log_facility: 'local2' -fm::api::enable_proxy_headers_parsing: true -fm::db::sync::user: 'root' -fm::database_idle_timeout: 60 -fm::database_max_overflow: 20 -fm::database_max_pool_size: 1 - -# Barbican -barbican::api::enabled: false -barbican::api::service_name: 'barbican-api' -barbican::api::enable_proxy_headers_parsing: true -barbican::api::logging::use_syslog: true -barbican::api::logging::log_facility: 'local2' -barbican::db::sync::user: 'root' -barbican::db::database_idle_timeout: 60 -barbican::db::database_max_pool_size: 1 -barbican::keystone-listener::enabled: false -barbican::worker::enabled: false diff --git a/puppet-manifests/src/hieradata/global.yaml b/puppet-manifests/src/hieradata/global.yaml deleted file mode 100644 index d04bcc18f1..0000000000 --- a/puppet-manifests/src/hieradata/global.yaml +++ /dev/null @@ -1,47 +0,0 @@ -# global default configuration data (applicable to all personalities) ---- -classes: [] - -# platform -platform::params::controller_hostname: controller -platform::params::controller_0_hostname: controller-0 -platform::params::controller_1_hostname: controller-1 -platform::params::pxeboot_hostname: pxecontroller -platform::params::security_feature: nopti nospectre_v2 -platform::amqp::auth_user: guest -platform::users::params::sysadmin_password_max_age: 45 - -# mtce -platform::mtce::params::sm_server_port: 2124 -platform::mtce::params::sm_client_port: 2224 - -# sysinv -sysinv::database_idle_timeout: 60 -sysinv::database_max_overflow: 64 -sysinv::database_max_pool_size: 1 -sysinv::use_syslog: true -sysinv::verbose: true -sysinv::log_facility: 'local6' - - -# collectd: configuration -platform::collectd::params::interval: 30 -platform::collectd::params::timeout: 2 -platform::collectd::params::read_threads: 5 -platform::collectd::params::write_threads: 5 -platform::collectd::params::max_read_interval: 86400 -platform::collectd::params::write_queue_limit_high: 1000000 -platform::collectd::params::write_queue_limit_low: 800000 -platform::collectd::params::server_addrs: ['controller'] -platform::collectd::params::server_port: 25826 -platform::collectd::params::collectd_d_dir: '/etc/collectd.d' - -# collectd: module named plugins -platform::collectd::params::module_path: '/opt/collectd/extensions/python' -platform::collectd::params::plugins: ['fm_notifier', 'mtce_notifier'] -platform::collectd::params::mtce_notifier_port: 2101 -platform::collectd::params::log_traces: true -platform::collectd::params::encoding: "utf-8" - -# ceph -platform::ceph::params::mon_lv_size_reserved: 20 diff --git a/puppet-manifests/src/hieradata/storage.yaml b/puppet-manifests/src/hieradata/storage.yaml deleted file mode 100644 index 02dedc3e69..0000000000 --- a/puppet-manifests/src/hieradata/storage.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# storage specific configuration data ---- diff --git a/puppet-manifests/src/hieradata/worker.yaml b/puppet-manifests/src/hieradata/worker.yaml deleted file mode 100644 index 0e8669ac05..0000000000 --- a/puppet-manifests/src/hieradata/worker.yaml +++ /dev/null @@ -1,5 +0,0 @@ -# worker specific configuration data ---- - -# vswitch -vswitch::dpdk::memory_channels: 4 diff --git a/puppet-manifests/src/manifests/ansible_bootstrap.pp b/puppet-manifests/src/manifests/ansible_bootstrap.pp deleted file mode 100644 index fc282b5585..0000000000 --- a/puppet-manifests/src/manifests/ansible_bootstrap.pp +++ /dev/null @@ -1,32 +0,0 @@ -# -# puppet manifest for controller initial bootstrap -# - -Exec { - timeout => 600, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -include ::platform::config::bootstrap -include ::platform::users::bootstrap -include ::platform::ldap::bootstrap -include ::platform::drbd::bootstrap -include ::platform::postgresql::bootstrap -include ::platform::amqp::bootstrap - -include ::openstack::keystone::bootstrap -include ::openstack::barbican::bootstrap -include ::platform::client::bootstrap - -include ::platform::sysinv::bootstrap - -# Puppet classes to enable the bring up of kubernetes master -include ::platform::docker::bootstrap -include ::platform::etcd::bootstrap - -# Puppet classes to enable initial controller unlock -include ::platform::drbd::dockerdistribution::bootstrap -include ::platform::filesystem::backup -include ::platform::filesystem::kubelet -include ::platform::mtce::bootstrap -include ::platform::fm::bootstrap diff --git a/puppet-manifests/src/manifests/bootstrap.pp b/puppet-manifests/src/manifests/bootstrap.pp deleted file mode 100644 index 566a3c9e56..0000000000 --- a/puppet-manifests/src/manifests/bootstrap.pp +++ /dev/null @@ -1,21 +0,0 @@ -# -# puppet manifest for controller initial bootstrap -# - -Exec { - timeout => 600, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -include ::platform::config::bootstrap -include ::platform::users::bootstrap -include ::platform::ldap::bootstrap -include ::platform::drbd::bootstrap -include ::platform::postgresql::bootstrap -include ::platform::amqp::bootstrap - -include ::openstack::keystone::bootstrap -include ::openstack::barbican::bootstrap -include ::platform::client::bootstrap -include ::platform::sysinv::bootstrap - diff --git a/puppet-manifests/src/manifests/controller.pp b/puppet-manifests/src/manifests/controller.pp deleted file mode 100644 index 7b8e785f82..0000000000 --- a/puppet-manifests/src/manifests/controller.pp +++ /dev/null @@ -1,107 +0,0 @@ -# -# puppet manifest for controller hosts -# - -Exec { - timeout => 600, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -# -# Disable the firewall to protect against attempted -# restoration of kubernetes-related iptables rules -# during puppet apply, as kubernetes may not yet -# be running and the restore will fail. -# -class { '::firewall': - ensure => stopped -} - -include ::platform::config -include ::platform::users -include ::platform::sysctl::controller -include ::platform::filesystem::controller -include ::platform::firewall::calico::oam -include ::platform::dhclient -include ::platform::partitions -include ::platform::lvm::controller -include ::platform::network -include ::platform::drbd -include ::platform::exports -include ::platform::dns -include ::platform::ldap::server -include ::platform::ldap::client -include ::platform::password -include ::platform::ntp::server -include ::platform::ptp -include ::platform::lldp -include ::platform::amqp::rabbitmq -include ::platform::postgresql::server -include ::platform::haproxy::server -include ::platform::grub -include ::platform::etcd -include ::platform::docker -include ::platform::dockerdistribution -include ::platform::kubernetes::master -include ::platform::helm - -include ::platform::patching -include ::platform::patching::api - -include ::platform::remotelogging -include ::platform::remotelogging::proxy - -include ::platform::sysinv -include ::platform::sysinv::api -include ::platform::sysinv::conductor - -include ::platform::mtce -include ::platform::mtce::agent - -include ::platform::memcached - -include ::platform::nfv -include ::platform::nfv::api - -include ::platform::ceph::controller -include ::platform::ceph::rgw - -include ::platform::influxdb -include ::platform::influxdb::logrotate -include ::platform::collectd - -include ::platform::fm -include ::platform::fm::api - -include ::platform::multipath -include ::platform::client -include ::openstack::keystone -include ::openstack::keystone::api - -include ::openstack::horizon - -include ::platform::dcmanager -include ::platform::dcmanager::manager - -include ::platform::dcorch -include ::platform::dcorch::engine -include ::platform::dcorch::api_proxy -include ::platform::dcmanager::api - -include ::platform::dcorch::snmp - -include ::platform::dcdbsync -include ::platform::dcdbsync::api - -include ::platform::smapi - -include ::openstack::barbican -include ::openstack::barbican::api - -include ::platform::sm - -class { '::platform::config::controller::post': - stage => post, -} - -hiera_include('classes') diff --git a/puppet-manifests/src/manifests/runtime.pp b/puppet-manifests/src/manifests/runtime.pp deleted file mode 100644 index 325039a3b5..0000000000 --- a/puppet-manifests/src/manifests/runtime.pp +++ /dev/null @@ -1,14 +0,0 @@ -# -# puppet manifest for runtime apply of configuration that executes a set of -# tasks that have been identified to execute based on the specific configuration -# change performed. -# - -Exec { - timeout => 300, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -include ::platform::config - -hiera_include('classes') diff --git a/puppet-manifests/src/manifests/storage.pp b/puppet-manifests/src/manifests/storage.pp deleted file mode 100644 index 297731e284..0000000000 --- a/puppet-manifests/src/manifests/storage.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# puppet manifest for storage hosts -# - -Exec { - timeout => 300, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -include ::platform::config -include ::platform::users -include ::platform::sysctl::storage -include ::platform::dhclient -include ::platform::partitions -include ::platform::lvm::storage -include ::platform::network -include ::platform::fstab -include ::platform::password -include ::platform::ldap::client -include ::platform::ntp::client -include ::platform::ptp -include ::platform::lldp -include ::platform::patching -include ::platform::remotelogging -include ::platform::mtce -include ::platform::sysinv -include ::platform::grub -include ::platform::collectd -include ::platform::filesystem::storage -include ::platform::docker -include ::platform::ceph::storage - -class { '::platform::config::storage::post': - stage => post, -} - -hiera_include('classes') diff --git a/puppet-manifests/src/manifests/upgrade.pp b/puppet-manifests/src/manifests/upgrade.pp deleted file mode 100644 index e0a7b24826..0000000000 --- a/puppet-manifests/src/manifests/upgrade.pp +++ /dev/null @@ -1,19 +0,0 @@ -# -# puppet manifest for upgrade -# - -Exec { - timeout => 600, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -class { '::platform::params': - controller_upgrade => true, -} - -include ::platform::users::upgrade -include ::platform::postgresql::upgrade -include ::platform::amqp::upgrade - -include ::openstack::keystone::upgrade -include ::platform::client::upgrade diff --git a/puppet-manifests/src/manifests/worker.pp b/puppet-manifests/src/manifests/worker.pp deleted file mode 100644 index 3de509d466..0000000000 --- a/puppet-manifests/src/manifests/worker.pp +++ /dev/null @@ -1,46 +0,0 @@ -# -# puppet manifest for worker nodes -# - -Exec { - timeout => 300, - path => '/usr/bin:/usr/sbin:/bin:/sbin:/usr/local/bin:/usr/local/sbin' -} - -include ::platform::config -include ::platform::users -include ::platform::sysctl::compute -include ::platform::dhclient -include ::platform::partitions -include ::platform::lvm::compute -include ::platform::compute -include ::platform::vswitch -include ::platform::network -include ::platform::fstab -include ::platform::password -include ::platform::ldap::client -include ::platform::ntp::client -include ::platform::ptp -include ::platform::lldp -include ::platform::patching -include ::platform::remotelogging -include ::platform::mtce -include ::platform::sysinv -include ::platform::devices -include ::platform::grub -include ::platform::collectd -include ::platform::filesystem::compute -include ::platform::docker -include ::platform::dockerdistribution::compute -include ::platform::kubernetes::worker -include ::platform::multipath -include ::platform::client -include ::platform::ceph::worker -include ::platform::worker::storage -include ::platform::pciirqaffinity - -class { '::platform::config::worker::post': - stage => post, -} - -hiera_include('classes') diff --git a/puppet-manifests/src/modules/openstack/manifests/barbican.pp b/puppet-manifests/src/modules/openstack/manifests/barbican.pp deleted file mode 100644 index dd5d7e752c..0000000000 --- a/puppet-manifests/src/modules/openstack/manifests/barbican.pp +++ /dev/null @@ -1,173 +0,0 @@ -class openstack::barbican::params ( - $api_port = 9311, - $region_name = undef, - $service_name = 'barbican-api', - $service_create = false, - $service_enabled = true, -) { } - -class openstack::barbican - inherits ::openstack::barbican::params { - - if $service_enabled { - - include ::platform::params - - if $::platform::params::init_keystone { - include ::barbican::keystone::auth - include ::barbican::keystone::authtoken - } - - if $::platform::params::init_database { - include ::barbican::db::postgresql - } - - barbican_config { - 'service_credentials/interface': value => 'internalURL' - } - - file { '/var/run/barbican': - ensure => 'directory', - owner => 'barbican', - group => 'barbican', - } - - $api_workers = $::platform::params::eng_workers_by_4 - - file_line { 'Modify workers in gunicorn-config.py': - path => '/etc/barbican/gunicorn-config.py', - line => "workers = ${api_workers}", - match => '.*workers = .*', - tag => 'modify-workers', - } - - file { '/etc/logrotate.d/barbican-api': - ensure => present, - content => template('openstack/barbican-api-logrotate.erb') - } - } -} - -class openstack::barbican::service - inherits ::openstack::barbican::params { - - if $service_enabled { - - include ::platform::network::mgmt::params - $api_host = $::platform::network::mgmt::params::subnet_version ? { - 6 => "[${::platform::network::mgmt::params::controller_address}]", - default => $::platform::network::mgmt::params::controller_address, - } - $api_fqdn = $::platform::params::controller_hostname - $url_host = "http://${api_fqdn}:${api_port}" - if str2bool($::is_initial_config_primary) { - $enabled = true - } else { - $enabled = false - } - include ::platform::amqp::params - - class { '::barbican::api': - enabled => $enabled, - bind_host => $api_host, - bind_port => $api_port, - host_href => $url_host, - sync_db => !$::openstack::barbican::params::service_create, - enable_proxy_headers_parsing => true, - rabbit_use_ssl => $::platform::amqp::params::ssl_enabled, - default_transport_url => $::platform::amqp::params::transport_url, - } - - class { '::barbican::keystone::notification': - enable_keystone_notification => true, - } - - cron { 'barbican-cleaner': - ensure => 'present', - command => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log', - environment => 'PATH=/bin:/usr/bin:/usr/sbin', - minute => '50', - hour => '*/24', - user => 'root', - } - } -} - -class openstack::barbican::haproxy - inherits ::openstack::barbican::params { - - platform::haproxy::proxy { 'barbican-restapi': - server_name => 's-barbican-restapi', - public_port => $api_port, - private_port => $api_port, - } -} - -class openstack::barbican::api - inherits ::openstack::barbican::params { - include ::platform::params - - # The barbican user and service are always required and they - # are used by subclouds when the service itself is disabled - # on System Controller - # whether it creates the endpoint is determined by - # barbican::keystone::auth::configure_endpoint which is - # set via sysinv puppet - if ($::openstack::barbican::params::service_create and - $::platform::params::init_keystone) { - - if ($::platform::params::distributed_cloud_role == 'subcloud' and - $::platform::params::region_2_name != 'RegionOne') { - Keystone_endpoint["${platform::params::region_2_name}/barbican::key-manager"] -> Keystone_endpoint['RegionOne/barbican::key-manager'] - keystone_endpoint { 'RegionOne/barbican::key-manager': - ensure => 'absent', - name => 'barbican', - type => 'key-manager', - region => 'RegionOne', - public_url => "http://127.0.0.1:${api_port}", - admin_url => "http://127.0.0.1:${api_port}", - internal_url => "http://127.0.0.1:${api_port}" - } - } - } - - if $service_enabled { - include ::openstack::barbican::service - include ::openstack::barbican::haproxy - } -} - -class openstack::barbican::bootstrap - inherits ::openstack::barbican::params { - - class { '::barbican::keystone::auth': - configure_user_role => false, - } - class { '::barbican::keystone::authtoken': - auth_url => 'http://localhost:5000', - project_name => 'services', - user_domain_name => 'Default', - project_domain_name => 'Default', - } - - $bu_name = $::barbican::keystone::auth::auth_name - $bu_tenant = $::barbican::keystone::auth::tenant - keystone_role { 'creator': - ensure => present, - } - keystone_user_role { "${bu_name}@${bu_tenant}": - ensure => present, - roles => ['admin', 'creator'], - } - - include ::barbican::db::postgresql - - include ::openstack::barbican - include ::openstack::barbican::service -} - -class openstack::barbican::runtime - inherits ::openstack::barbican::params { - - include ::openstack::barbican::service -} diff --git a/puppet-manifests/src/modules/openstack/manifests/horizon.pp b/puppet-manifests/src/modules/openstack/manifests/horizon.pp deleted file mode 100755 index 3f900c1d43..0000000000 --- a/puppet-manifests/src/modules/openstack/manifests/horizon.pp +++ /dev/null @@ -1,221 +0,0 @@ -class openstack::horizon::params ( - $secret_key, - $openstack_host, - - $enable_https = false, - $lockout_period = 300, - $lockout_retries = 3, - - $horizon_ssl = false, - $horizon_cert = undef, - $horizon_key = undef, - $horizon_ca = undef, - - $neutron_enable_lb = false, - $neutron_enable_firewall = false, - $neutron_enable_vpn = false, - - $tpm_object = undef, - $tpm_engine = '/usr/lib64/openssl/engines/libtpm2.so', - - $http_port = 8080, - $https_port = 8443, -) { } - - -class openstack::horizon - inherits ::openstack::horizon::params { - - include ::platform::params - include ::platform::network::mgmt::params - include ::platform::network::pxeboot::params - include ::openstack::keystone::params - - $controller_address = $::platform::network::mgmt::params::controller_address - $mgmt_subnet_network = $::platform::network::mgmt::params::subnet_network - $mgmt_subnet_prefixlen = $::platform::network::mgmt::params::subnet_prefixlen - $pxeboot_subnet_network = $::platform::network::pxeboot::params::subnet_network - $pxeboot_subnet_prefixlen = $::platform::network::pxeboot::params::subnet_prefixlen - - $keystone_api_version = $::openstack::keystone::params::api_version - $keystone_auth_uri = $::openstack::keystone::params::auth_uri - $keystone_host_url = $::openstack::keystone::params::host_url - - #The intention here is to set up /www as a chroot'ed - #environment for lighttpd so that it will remain in a jail under /www. - #The uid and gid for www match the uid and gid in the setup package. - - group { 'www': - ensure => 'present', - gid => '1877', - } - - -> user { 'www': - ensure => 'present', - gid => '1877', - shell => '/sbin/nologin', - groups => ['www', 'sys_protected'], - uid => '1877', - } - - file { '/www/tmp': - ensure => directory, - path => '/www/tmp', - mode => '1700', - } - - file {'/www/var': - ensure => directory, - path => '/www/var', - owner => 'www', - require => User['www'] - } - - file {'/www/var/log': - ensure => directory, - path => '/www/var/log', - owner => 'www', - require => User['www'] - } - - file {'/etc/lighttpd/lighttpd.conf': - ensure => present, - content => template('openstack/lighttpd.conf.erb') - } - - file {'/etc/lighttpd/lighttpd-inc.conf': - ensure => present, - content => template('openstack/lighttpd-inc.conf.erb') - } - - $workers = $::platform::params::eng_workers_by_2 - - if str2bool($::is_initial_config) { - exec { 'Stop lighttpd': - command => 'systemctl stop lighttpd; systemctl disable lighttpd', - require => User['www'] - } - } - - if str2bool($::selinux) { - selboolean{ 'httpd_can_network_connect': - value => on, - persistent => true, - } - } - - # Horizon is not used in distributed cloud subclouds - if $::platform::params::distributed_cloud_role != 'subcloud' { - - include ::horizon::params - file { '/etc/openstack-dashboard/horizon-config.ini': - ensure => present, - content => template('openstack/horizon-params.erb'), - mode => '0644', - owner => 'root', - group => $::horizon::params::apache_group, - } - - - $is_django_debug = 'False' - $bind_host = $::platform::network::mgmt::params::subnet_version ? { - 6 => '::0', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used - } - - if $::platform::params::region_config { - $horizon_keystone_url = "${keystone_auth_uri}/${keystone_api_version}" - $region_2_name = $::platform::params::region_2_name - $region_openstack_host = $openstack_host - file { '/etc/openstack-dashboard/region-config.ini': - ensure => present, - content => template('openstack/horizon-region-config.erb'), - mode => '0644', - } - } else { - $horizon_keystone_url = "http://${$keystone_host_url}:5000/${keystone_api_version}" - - file { '/etc/openstack-dashboard/region-config.ini': - ensure => absent, - } - } - - class {'::horizon': - secret_key => $secret_key, - keystone_url => $horizon_keystone_url, - keystone_default_role => '_member_', - server_aliases => [$controller_address, $::fqdn, 'localhost'], - allowed_hosts => '*', - hypervisor_options => {'can_set_mount_point' => false, }, - django_debug => $is_django_debug, - file_upload_temp_dir => '/var/tmp', - listen_ssl => $horizon_ssl, - horizon_cert => $horizon_cert, - horizon_key => $horizon_key, - horizon_ca => $horizon_ca, - neutron_options => { - 'enable_lb' => $neutron_enable_lb, - 'enable_firewall' => $neutron_enable_firewall, - 'enable_vpn' => $neutron_enable_vpn - }, - configure_apache => false, - compress_offline => false, - } - - # hack for memcached, for now we bind to localhost on ipv6 - # https://bugzilla.redhat.com/show_bug.cgi?id=1210658 - $memcached_bind_host = $::platform::network::mgmt::params::subnet_version ? { - 6 => 'localhost6', - default => '0.0.0.0', - # TO-DO(mmagr): Add IPv6 support when hostnames are used - } - - - # Run clearsessions daily at the 40 minute mark - cron { 'clearsessions': - ensure => 'present', - command => '/usr/bin/horizon-clearsessions', - environment => 'PATH=/bin:/usr/bin:/usr/sbin', - minute => '40', - hour => '*/24', - user => 'root', - } - - } -} - -class openstack::horizon::reload { - - # Remove all active Horizon user sessions - # so that we don't use any stale cached data - # such as endpoints - exec { 'remove-Horizon-user-sessions': - path => ['/usr/bin'], - command => '/usr/bin/rm -f /var/tmp/sessionid*', - } - - platform::sm::restart {'horizon': } - platform::sm::restart {'lighttpd': } -} - - -class openstack::horizon::runtime { - include ::openstack::horizon - - class {'::openstack::horizon::reload': - stage => post - } -} - -class openstack::lighttpd::runtime - inherits ::openstack::horizon::params { - - Class[$name] -> Class['::platform::helm::runtime'] - - file {'/etc/lighttpd/lighttpd.conf': - ensure => present, - content => template('openstack/lighttpd.conf.erb') - } - -> platform::sm::restart {'lighttpd': } -} diff --git a/puppet-manifests/src/modules/openstack/manifests/keystone.pp b/puppet-manifests/src/modules/openstack/manifests/keystone.pp deleted file mode 100644 index 83266e2a76..0000000000 --- a/puppet-manifests/src/modules/openstack/manifests/keystone.pp +++ /dev/null @@ -1,464 +0,0 @@ -class openstack::keystone::params( - $api_version, - $identity_uri, - $auth_uri, - $host_url, - $openstack_auth_uri = undef, - $api_port = 5000, - $admin_port = 5000, - $region_name = undef, - $system_controller_region = undef, - $service_name = 'openstack-keystone', - $token_expiration = 3600, - $service_create = false, - $fernet_keys_rotation_minute = '25', - $fernet_keys_rotation_hour = '0', - $fernet_keys_rotation_month = '*/1', - $fernet_keys_rotation_monthday = '1', - $fernet_keys_rotation_weekday = '*', -) {} - -class openstack::keystone ( -) inherits ::openstack::keystone::params { - - include ::platform::params - - # In the case of a classical Multi-Region deployment, apply the Keystone - # controller configuration for Primary Region ONLY - # (i.e. on which region_config is False), since Keystone is a Shared service - # - # In the case of a Distributed Cloud deployment, apply the Keystone - # controller configuration for each SubCloud, since Keystone is also - # a localized service. - if (!$::platform::params::region_config or - $::platform::params::distributed_cloud_role == 'subcloud') { - include ::platform::amqp::params - include ::platform::network::mgmt::params - include ::platform::drbd::platform::params - - $keystone_key_repo_path = "${::platform::drbd::platform::params::mountpoint}/keystone" - $eng_workers = $::platform::params::eng_workers - - # FIXME(mpeters): binding to wildcard address to allow bootstrap transition - # Not sure if there is a better way to transition from the localhost address - # to the management address while still being able to authenticate the client - if str2bool($::is_initial_config_primary) { - $enabled = true - $bind_host = '[::]' - } else { - $enabled = false - $bind_host = $::platform::network::mgmt::params::controller_address_url - } - - Class[$name] -> Class['::platform::client'] - - include ::keystone::client - - - # Configure keystone graceful shutdown timeout - # TODO(mpeters): move to puppet-keystone for module configuration - keystone_config { - 'DEFAULT/graceful_shutdown_timeout': value => 15; - } - - # (Pike Rebase) Disable token post expiration window since this - # allows authentication for upto 2 days worth of stale tokens. - # TODO(knasim): move this to puppet-keystone along with graceful - # shutdown timeout param - keystone_config { - 'token/allow_expired_window': value => 0; - } - - - file { '/etc/keystone/keystone-extra.conf': - ensure => present, - owner => 'root', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-extra.conf.erb'), - } - -> class { '::keystone': - enabled => $enabled, - enable_fernet_setup => false, - fernet_key_repository => "${keystone_key_repo_path}/fernet-keys", - default_transport_url => $::platform::amqp::params::transport_url, - service_name => $service_name, - token_expiration => $token_expiration, - } - - # create keystone policy configuration - file { '/etc/keystone/policy.json': - ensure => present, - owner => 'keystone', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-policy.json.erb'), - } - - # Keystone users can only be added to the SQL backend (write support for - # the LDAP backend has been removed). We can therefore set password rules - # irrespective of the backend - if ! str2bool($::is_restore_in_progress) { - # If the Restore is in progress then we need to apply the Keystone - # Password rules as a runtime manifest, as the passwords in the hiera records - # records may not be rule-compliant if this system was upgraded from R4 - # (where-in password rules were not in affect) - include ::keystone::security_compliance - } - - include ::keystone::ldap - - if $::platform::params::distributed_cloud_role == undef { - # Set up cron job that will rotate fernet keys. This is done every month on - # the first day of the month at 00:25 by default. The cron job runs on both - # controllers, but the script will only take action on the active controller. - cron { 'keystone-fernet-keys-rotater': - ensure => 'present', - command => '/usr/bin/keystone-fernet-keys-rotate-active', - environment => 'PATH=/bin:/usr/bin:/usr/sbin', - minute => $fernet_keys_rotation_minute, - hour => $fernet_keys_rotation_hour, - month => $fernet_keys_rotation_month, - monthday => $fernet_keys_rotation_monthday, - weekday => $fernet_keys_rotation_weekday, - user => 'root', - } - } - } else { - class { '::keystone': - enabled => false, - } - } -} - -class openstack::keystone::haproxy - inherits ::openstack::keystone::params { - - include ::platform::params - - if !$::platform::params::region_config { - platform::haproxy::proxy { 'keystone-restapi': - server_name => 's-keystone', - public_port => $api_port, - private_port => $api_port, - } - } -} - -define delete_endpoints ( - $region, - $service, - $interfaces, -) { - $rc_file = '/etc/platform/openrc' - $delete_endpoint = 'openstack endpoint delete' - $interfaces.each | String $val | { - $get_endpoint_id = "openstack endpoint list --region ${region} --service ${service} --interface ${val} -f value -c ID" - exec { "Delete ${region} ${service} ${val} endpoint": - command => "source ${rc_file} && ${get_endpoint_id} | xargs ${delete_endpoint}", - logoutput => true, - provider => shell, - } - } -} - -class openstack::keystone::api - inherits ::openstack::keystone::params { - - include ::platform::params - - if ($::openstack::keystone::params::service_create and - $::platform::params::init_keystone) { - include ::keystone::endpoint - include ::openstack::keystone::endpointgroup - - # Cleanup the endpoints created at bootstrap if they are not in - # the subcloud region. - if ($::platform::params::distributed_cloud_role == 'subcloud' and - $::platform::params::region_2_name != 'RegionOne') { - $interfaces = [ 'public', 'internal', 'admin' ] - Keystone_endpoint<||> -> Class['::platform::client'] - # clean up the bootstrap endpoints - -> delete_endpoints { 'Start delete endpoints': - region => 'RegionOne', - service => 'keystone', - interfaces => $interfaces, - } - } - } - - include ::openstack::keystone::haproxy -} - - -class openstack::keystone::bootstrap( - $default_domain = 'Default', -) { - include ::platform::params - include ::platform::amqp::params - include ::platform::drbd::platform::params - - $keystone_key_repo_path = "${::platform::drbd::platform::params::mountpoint}/keystone" - $eng_workers = $::platform::params::eng_workers - $bind_host = '[::]' - - # In the case of a classical Multi-Region deployment, apply the Keystone - # controller configuration for Primary Region ONLY - # (i.e. on which region_config is False), since Keystone is a Shared service - # - # In the case of a Distributed Cloud deployment, apply the Keystone - # controller configuration for each SubCloud, since Keystone is also - # a localized service. - if ($::platform::params::init_keystone and - (!$::platform::params::region_config or - $::platform::params::distributed_cloud_role == 'subcloud')) { - - include ::keystone::db::postgresql - - Class[$name] -> Class['::platform::client'] - - # Create the parent directory for fernet keys repository - file { $keystone_key_repo_path: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - require => Class['::platform::drbd::platform'], - } - -> file { '/etc/keystone/keystone-extra.conf': - ensure => present, - owner => 'root', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-extra.conf.erb'), - } - -> class { '::keystone': - enabled => true, - enable_bootstrap => true, - fernet_key_repository => "${keystone_key_repo_path}/fernet-keys", - sync_db => true, - default_domain => $default_domain, - default_transport_url => $::platform::amqp::params::transport_url, - } - - include ::keystone::client - include ::keystone::endpoint - include ::keystone::roles::admin - - # Ensure the default _member_ role is present - keystone_role { '_member_': - ensure => present, - } - - - # disabling the admin token per openstack recommendation - include ::keystone::disable_admin_token_auth - } -} - - -class openstack::keystone::reload { - platform::sm::restart {'keystone': } -} - - -class openstack::keystone::endpointgroup - inherits ::openstack::keystone::params { - include ::platform::params - include ::platform::client - - # $::platform::params::init_keystone should be checked by the caller. - # as this class should be only invoked when initializing keystone. - # i.e. is_initial_config_primary is true is expected. - - if ($::platform::params::distributed_cloud_role =='systemcontroller') { - $reference_region = $::openstack::keystone::params::region_name - $system_controller_region = $::openstack::keystone::params::system_controller_region - $os_username = $::platform::client::params::admin_username - $identity_region = $::platform::client::params::identity_region - $keystone_region = $::platform::client::params::keystone_identity_region - $keyring_file = $::platform::client::credentials::params::keyring_file - $auth_url = $::platform::client::params::identity_auth_url - $os_project_name = $::platform::client::params::admin_project_name - $api_version = 3 - - file { "/etc/keystone/keystone-${reference_region}-filter.conf": - ensure => present, - owner => 'root', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-defaultregion-filter.erb'), - } - -> file { "/etc/keystone/keystone-${system_controller_region}-filter.conf": - ensure => present, - owner => 'root', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-systemcontroller-filter.erb'), - } - -> exec { "endpointgroup-${reference_region}-command": - cwd => '/etc/keystone', - logoutput => true, - provider => shell, - require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ], - command => template('openstack/keystone-defaultregion.erb'), - path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'], - } - -> exec { "endpointgroup-${system_controller_region}-command": - cwd => '/etc/keystone', - logoutput => true, - provider => shell, - require => [ Class['openstack::keystone::api'], Class['::keystone::endpoint'] ], - command => template('openstack/keystone-systemcontroller.erb'), - path => ['/usr/bin/', '/bin/', '/sbin/', '/usr/sbin/'], - } - } -} - - -class openstack::keystone::server::runtime { - include ::platform::client - include ::openstack::keystone - - class {'::openstack::keystone::reload': - stage => post - } -} - - -class openstack::keystone::endpoint::runtime { - - if str2bool($::is_controller_active) { - include ::keystone::endpoint - - include ::sysinv::keystone::auth - include ::patching::keystone::auth - include ::nfv::keystone::auth - include ::fm::keystone::auth - include ::barbican::keystone::auth - - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::dcorch::keystone::auth - include ::dcmanager::keystone::auth - include ::dcdbsync::keystone::auth - } - - if $::platform::params::distributed_cloud_role == 'subcloud' { - include ::dcdbsync::keystone::auth - } - - include ::smapi::keystone::auth - - if ($::platform::params::distributed_cloud_role == 'subcloud' and - $::platform::params::region_2_name != 'RegionOne') { - $interfaces = [ 'public', 'internal', 'admin' ] - include ::platform::client - # Cleanup the endpoints created at bootstrap if they are not in - # the subcloud region. - Keystone::Resource::Service_identity <||> - -> Class['::platform::client'] - -> delete_endpoints { 'Delete keystone endpoints': - region => 'RegionOne', - service => 'keystone', - interfaces => $interfaces, - } - -> delete_endpoints { 'Delete sysinv endpoints': - region => 'RegionOne', - service => 'sysinv', - interfaces => $interfaces, - } - -> delete_endpoints { 'Delete barbican endpoints': - region => 'RegionOne', - service => 'barbican', - interfaces => $interfaces, - } - -> delete_endpoints { 'Delete fm endpoints': - region => 'RegionOne', - service => 'fm', - interfaces => $interfaces, - } - -> file { '/etc/platform/.service_endpoint_reconfigured': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - } - } else { - Keystone::Resource::Service_identity <||> - -> file { '/etc/platform/.service_endpoint_reconfigured': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - } - } - - } -} - -class openstack::keystone::upgrade ( - $upgrade_token_cmd, - $upgrade_url = undef, - $upgrade_token_file = undef, -) { - - if $::platform::params::init_keystone { - include ::keystone::db::postgresql - include ::platform::params - include ::platform::amqp::params - include ::platform::network::mgmt::params - include ::platform::drbd::platform::params - - # the unit address is actually the configured default of the loopback address. - $bind_host = $::platform::network::mgmt::params::controller0_address - $eng_workers = $::platform::params::eng_workers - - $keystone_key_repo = "${::platform::drbd::platform::params::mountpoint}/keystone" - - # TODO(aning): For R5->R6 upgrade, a local keystone fernet keys repository may - # need to be setup for the local keystone instance on standby controller to - # service specific upgrade operations, since we need to keep the keys repository - # in /opt/platform/keystone/fernet-keys intact so that service won't fail on active - # controller during upgrade. Once the upgade finishes, the temparary local - # fernet keys repository will be deleted. - - # Need to create the parent directory for fernet keys repository - # This is a workaround to a puppet bug. - file { $keystone_key_repo: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755' - } - -> file { '/etc/keystone/keystone-extra.conf': - ensure => present, - owner => 'root', - group => 'keystone', - mode => '0640', - content => template('openstack/keystone-extra.conf.erb'), - } - -> class { '::keystone': - upgrade_token_cmd => $upgrade_token_cmd, - upgrade_token_file => $upgrade_token_file, - enable_fernet_setup => true, - enable_bootstrap => false, - fernet_key_repository => "${keystone_key_repo}/fernet-keys", - sync_db => false, - default_domain => undef, - default_transport_url => $::platform::amqp::params::transport_url, - } - - # Add service account and endpoints for any new R6 services... - # include ::::keystone::auth - # No new services yet... - - # Always remove the upgrade token file after all new - # services have been added - file { $upgrade_token_file : - ensure => absent, - } - - include ::keystone::client - } - -} diff --git a/puppet-manifests/src/modules/openstack/templates/barbican-api-logrotate.erb b/puppet-manifests/src/modules/openstack/templates/barbican-api-logrotate.erb deleted file mode 100644 index ed53ec5c76..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/barbican-api-logrotate.erb +++ /dev/null @@ -1,14 +0,0 @@ -# This file is managed by Puppet. -# -# logrotate.d configuration -# Used in rpm build. Keep in sync with debian/barbican-api.logrotate -/var/log/barbican/barbican-api.log { - nodateext - size 10M - start 1 - rotate 20 - missingok - compress - notifempty - copytruncate -} diff --git a/puppet-manifests/src/modules/openstack/templates/cinder-lvm-simplex.erb b/puppet-manifests/src/modules/openstack/templates/cinder-lvm-simplex.erb deleted file mode 100644 index e9dbad88a0..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/cinder-lvm-simplex.erb +++ /dev/null @@ -1,21 +0,0 @@ -lvremove <%= @cinder_vg_name %> -f || true -pvremove <%= @cinder_device %> --force --force -y || true -dd if=/dev/zero of=<%= @cinder_disk %> bs=512 count=34 -size=$(blockdev --getsz <%= @cinder_disk %>) -dd if=/dev/zero of=<%= @cinder_disk %> bs=512 seek=$(($size - 34)) count=34 - -echo 'Wait for udev on disk before continuing' -udevadm settle - -echo 'Create partition table' -parted -a optimal --script <%= @cinder_disk %> -- mktable gpt - -echo 'Create primary partition' -parted -a optimal --script <%= @cinder_disk %> -- mkpart primary 2 100% - -echo 'Wait for udev before continuing' -udevadm settle - -echo 'Wipe' -wipefs -a <%= @cinder_device %> - diff --git a/puppet-manifests/src/modules/openstack/templates/horizon-params.erb b/puppet-manifests/src/modules/openstack/templates/horizon-params.erb deleted file mode 100644 index aa64d9e2f7..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/horizon-params.erb +++ /dev/null @@ -1,8 +0,0 @@ -[horizon_params] -https_enabled = <%= @enable_https %> -[auth] -lockout_period = <%= @lockout_period %> -lockout_retries = <%= @lockout_retries %> -[deployment] -workers = <%= @workers %> - diff --git a/puppet-manifests/src/modules/openstack/templates/horizon-region-config.erb b/puppet-manifests/src/modules/openstack/templates/horizon-region-config.erb deleted file mode 100644 index 93546b344e..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/horizon-region-config.erb +++ /dev/null @@ -1,4 +0,0 @@ -[shared_services] -region_name = <%= @region_2_name %> -openstack_host = <%= @region_openstack_host %> - diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion-filter.erb b/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion-filter.erb deleted file mode 100644 index 17bc66b3e7..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion-filter.erb +++ /dev/null @@ -1,3 +0,0 @@ -{ - "region_id": "<%=@reference_region %>" -} diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion.erb b/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion.erb deleted file mode 100644 index e025621570..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-defaultregion.erb +++ /dev/null @@ -1,17 +0,0 @@ -PASSWORD=$(TERM=linux <%= @keyring_file %> 2>/dev/null) -ENDPOINTGROUP_ID=$(openstack endpoint group create \ -distributed_cloud_<%=@reference_region %> \ -keystone-<%=@reference_region %>-filter.conf \ - --os-username <%=@os_username %> \ - --os-password $PASSWORD \ - --os-region-name <%=@identity_region %> \ - --os-auth-url <%=@auth_url %> \ - --os-identity-api-version <%=@api_version %> \ - --os-project-name <%=@os_project_name %> | awk '/id\ \ / { print $4 }' ) -openstack endpoint group add project $ENDPOINTGROUP_ID services \ - --os-username <%=@os_username %> \ - --os-password $PASSWORD \ - --os-region-name <%=@identity_region %> \ - --os-auth-url <%=@auth_url %> \ - --os-identity-api-version <%=@api_version %> \ - --os-project-name <%=@os_project_name %> diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-extra.conf.erb b/puppet-manifests/src/modules/openstack/templates/keystone-extra.conf.erb deleted file mode 100644 index dfbe4a0f46..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-extra.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -PUBLIC_BIND_ADDR=<%= @bind_host %> -TIS_PUBLIC_WORKERS=<%=@eng_workers %> diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb b/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb deleted file mode 100644 index 3b9b245808..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-policy.json.erb +++ /dev/null @@ -1,32 +0,0 @@ -{ - "admin_required": "role:admin or is_admin:1", - "service_role": "role:service", - "service_or_admin": "rule:admin_required or rule:service_role", - "owner" : "user_id:%(user_id)s", - "admin_or_owner": "rule:admin_required or rule:owner", - "token_subject": "user_id:%(target.token.user_id)s", - "admin_or_token_subject": "rule:admin_required or rule:token_subject", - "service_admin_or_token_subject": "rule:service_or_admin or rule:token_subject", - - "protected_domains": "", - "protected_projects": "'admin':%(target.project.name)s or 'services':%(target.project.name)s", - "protected_admins": "'admin':%(target.user.name)s or 'dcmanager':%(target.user.name)s", - "protected_roles": "'admin':%(target.role.name)s", - "protected_services": [["'barbican':%(target.user.name)s"], - ["'patching':%(target.user.name)s"], - ["'sysinv':%(target.user.name)s"], - ["'mtce':%(target.user.name)s"], - ["'fm':%(target.user.name)s"], - ["'dcdbsync':%(target.user.name)s"]], - - "identity:delete_service": "rule:admin_required and not rule:protected_services", - - "identity:delete_domain": "rule:admin_required and not rule:protected_domains", - - "identity:delete_project": "rule:admin_required and not rule:protected_projects", - - "identity:delete_user": "rule:admin_required and not (rule:protected_admins or rule:protected_services)", - "identity:change_password": "rule:admin_or_owner and not rule:protected_services", - - "identity:delete_role": "rule:admin_required and not rule:protected_roles", -} diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller-filter.erb b/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller-filter.erb deleted file mode 100644 index 61d381b18e..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller-filter.erb +++ /dev/null @@ -1,3 +0,0 @@ -{ - "region_id": "<%=@system_controller_region %>" -} diff --git a/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller.erb b/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller.erb deleted file mode 100644 index 3bd7805b0d..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/keystone-systemcontroller.erb +++ /dev/null @@ -1,17 +0,0 @@ -PASSWORD=$(TERM=linux <%= @keyring_file %> 2>/dev/null) -ENDPOINTGROUP_ID=$(openstack endpoint group create \ -distributed_cloud_<%=@system_controller_region %> \ -keystone-<%=@system_controller_region %>-filter.conf \ - --os-username <%=@os_username %> \ - --os-password $PASSWORD \ - --os-region-name <%=@identity_region %> \ - --os-auth-url <%=@auth_url %> \ - --os-identity-api-version <%=@api_version %> \ - --os-project-name <%=@os_project_name %> | awk '/id\ \ / { print $4 }' ) -openstack endpoint group add project $ENDPOINTGROUP_ID services \ - --os-username <%=@os_username %> \ - --os-password $PASSWORD \ - --os-region-name <%=@identity_region %> \ - --os-auth-url <%=@auth_url %> \ - --os-identity-api-version <%=@api_version %> \ - --os-project-name <%=@os_project_name %> diff --git a/puppet-manifests/src/modules/openstack/templates/lighttpd-inc.conf.erb b/puppet-manifests/src/modules/openstack/templates/lighttpd-inc.conf.erb deleted file mode 100644 index 2031858c0a..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/lighttpd-inc.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -var.management_ip_network = "<%= @mgmt_subnet_network %>/<%= @mgmt_subnet_prefixlen %>" -var.pxeboot_ip_network = "<%= @pxeboot_subnet_network %>/<%= @pxeboot_subnet_prefixlen %>" diff --git a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb b/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb deleted file mode 100755 index 14a0f4f399..0000000000 --- a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb +++ /dev/null @@ -1,397 +0,0 @@ -# This file is managed by Puppet. DO NOT EDIT. - -# lighttpd configuration file -# -# use it as a base for lighttpd 1.0.0 and above -# -# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $ - -############ Options you really have to take care of #################### - -## modules to load -# at least mod_access and mod_accesslog should be loaded -# all other module should only be loaded if really neccesary -# - saves some time -# - saves memory -server.modules = ( -# "mod_rewrite", -# "mod_redirect", -# "mod_alias", - "mod_access", -# "mod_cml", -# "mod_trigger_b4_dl", -# "mod_auth", -# "mod_status", -# "mod_setenv", -# "mod_fastcgi", - "mod_proxy", -# "mod_simple_vhost", -# "mod_evhost", -# "mod_userdir", -# "mod_cgi", -# "mod_compress", -# "mod_ssi", -# "mod_usertrack", -# "mod_expire", -# "mod_secdownload", -# "mod_rrdtool", -# "mod_webdav", - "mod_setenv", - "mod_accesslog" ) - -## a static document-root, for virtual-hosting take look at the -## server.virtual-* options -server.document-root = "/pages/" - -## where to send error-messages to -server.errorlog = "/var/log/lighttpd-error.log" - -# files to check for if .../ is requested -index-file.names = ( "index.php", "index.html", - "index.htm", "default.htm" ) - -## set the event-handler (read the performance section in the manual) -# server.event-handler = "freebsd-kqueue" # needed on OS X - -# mimetype mapping -mimetype.assign = ( - ".pdf" => "application/pdf", - ".sig" => "application/pgp-signature", - ".spl" => "application/futuresplash", - ".class" => "application/octet-stream", - ".ps" => "application/postscript", - ".torrent" => "application/x-bittorrent", - ".dvi" => "application/x-dvi", - ".gz" => "application/x-gzip", - ".pac" => "application/x-ns-proxy-autoconfig", - ".swf" => "application/x-shockwave-flash", - ".tar.gz" => "application/x-tgz", - ".tgz" => "application/x-tgz", - ".tar" => "application/x-tar", - ".zip" => "application/zip", - ".mp3" => "audio/mpeg", - ".m3u" => "audio/x-mpegurl", - ".wma" => "audio/x-ms-wma", - ".wax" => "audio/x-ms-wax", - ".ogg" => "application/ogg", - ".wav" => "audio/x-wav", - ".gif" => "image/gif", - ".jpg" => "image/jpeg", - ".jpeg" => "image/jpeg", - ".png" => "image/png", - ".svg" => "image/svg+xml", - ".xbm" => "image/x-xbitmap", - ".xpm" => "image/x-xpixmap", - ".xwd" => "image/x-xwindowdump", - ".css" => "text/css", - ".html" => "text/html", - ".htm" => "text/html", - ".js" => "text/javascript", - ".asc" => "text/plain", - ".c" => "text/plain", - ".cpp" => "text/plain", - ".log" => "text/plain", - ".conf" => "text/plain", - ".text" => "text/plain", - ".txt" => "text/plain", - ".dtd" => "text/xml", - ".xml" => "text/xml", - ".mpeg" => "video/mpeg", - ".mpg" => "video/mpeg", - ".mov" => "video/quicktime", - ".qt" => "video/quicktime", - ".avi" => "video/x-msvideo", - ".asf" => "video/x-ms-asf", - ".asx" => "video/x-ms-asf", - ".wmv" => "video/x-ms-wmv", - ".bz2" => "application/x-bzip", - ".tbz" => "application/x-bzip-compressed-tar", - ".tar.bz2" => "application/x-bzip-compressed-tar", - ".rpm" => "application/x-rpm", - ".yaml" => "text/yaml", - ".cfg" => "text/plain" - ) - -# Use the "Content-Type" extended attribute to obtain mime type if possible -#mimetype.use-xattr = "enable" - - -## send a different Server: header -## be nice and keep it at lighttpd -# server.tag = "lighttpd" - -#### accesslog module -accesslog.filename = "/var/log/lighttpd-access.log" - - -## deny access the file-extensions -# -# ~ is for backupfiles from vi, emacs, joe, ... -# .inc is often used for code includes which should in general not be part -# of the document-root -url.access-deny = ( "~", ".inc" ) - -$HTTP["url"] =~ "\.pdf$" { - server.range-requests = "disable" -} - -## -# which extensions should not be handle via static-file transfer -# -# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi -static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" ) - -######### Options that are good to be but not neccesary to be changed ####### - -## bind to port (default: 80) -server.port = <%= @http_port %> - -## bind to localhost (default: all interfaces) -#server.bind = "grisu.home.kneschke.de" - -## error-handler for status 404 -#server.error-handler-404 = "/error-handler.html" -#server.error-handler-404 = "/error-handler.php" - -## to help the rc.scripts -server.pid-file = "/var/run/lighttpd.pid" - - -###### virtual hosts -## -## If you want name-based virtual hosting add the next three settings and load -## mod_simple_vhost -## -## document-root = -## virtual-server-root + virtual-server-default-host + virtual-server-docroot -## or -## virtual-server-root + http-host + virtual-server-docroot -## -#simple-vhost.server-root = "/home/weigon/wwwroot/servers/" -#simple-vhost.default-host = "grisu.home.kneschke.de" -#simple-vhost.document-root = "/pages/" - - -## -## Format: .html -## -> ..../status-404.html for 'File not found' -#server.errorfile-prefix = "/home/weigon/projects/lighttpd/doc/status-" - -## virtual directory listings -## -## disabled as per Nessus scan CVE: 5.0 40984 -## Please do NOT enable as this is a security -## vulnerability. If you want dir listing for -## our dir path then a) either add a dir index (index.html) -## file within your dir path, or b) add your path as an exception -## rule (see the one for feeds/ dir below) -dir-listing.activate = "disable" - -## enable debugging -#debug.log-request-header = "enable" -#debug.log-response-header = "enable" -#debug.log-request-handling = "enable" -#debug.log-file-not-found = "enable" - -### only root can use these options -# -# chroot() to directory (default: no chroot() ) -server.chroot = "/www" - -## change uid to (default: don't care) -server.username = "www" - -## change uid to (default: don't care) -server.groupname = "sys_protected" - -## defaults to /var/tmp -server.upload-dirs = ( "/tmp" ) - -## change max-keep-alive-idle (default: 5 secs) -server.max-keep-alive-idle = 0 - -#### compress module -#compress.cache-dir = "/tmp/lighttpd/cache/compress/" -#compress.filetype = ("text/plain", "text/html") - -#### proxy module -## read proxy.txt for more info - -# Proxy all non-static content to the local horizon dashboard -$HTTP["url"] !~ "^/(rel-[^/]*|feed|updates|static|helm_charts)/" { - proxy.server = ( "" => - ( "localhost" => - ( - "host" => "127.0.0.1", - "port" => 8008 - ) - ) - ) -} - -#### fastcgi module -## read fastcgi.txt for more info -## for PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini -#fastcgi.server = ( ".php" => -# ( "localhost" => -# ( -# "socket" => "/tmp/php-fastcgi.socket", -# "bin-path" => "/usr/local/bin/php" -# ) -# ) -# ) - -#### CGI module -#cgi.assign = ( ".pl" => "/usr/bin/perl", -# ".cgi" => "/usr/bin/perl" ) -# - -#### Listen to IPv6 -$SERVER["socket"] == "[::]:<%= @http_port %>" { } - -<% if @enable_https %> -#### SSL engine -$SERVER["socket"] == ":<%= @https_port %>" { - ssl.engine = "enable" - ssl.pemfile = "/etc/ssl/private/server-cert.pem" - ssl.use-sslv2 = "disable" - ssl.use-sslv3 = "disable" - ssl.cipher-list = "ALL:!aNULL:!eNULL:!EXPORT:!TLSv1:!DES:!MD5:!PSK:!RC4:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!DHE-DSS-AES128-SHA:!DHE-DSS-AES256-SHA:!CAMELLIA128-SHA:!CAMELLIA256-SHA:!DHE-DSS-CAMELLIA128-SHA:!DHE-DSS-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA" -} - -$SERVER["socket"] == "[::]:<%= @https_port %>" { - ssl.engine = "enable" - ssl.pemfile = "/etc/ssl/private/server-cert.pem" - ssl.use-sslv2 = "disable" - ssl.use-sslv3 = "disable" - ssl.cipher-list = "ALL:!aNULL:!eNULL:!EXPORT:!TLSv1:!DES:!MD5:!PSK:!RC4:!EDH-RSA-DES-CBC3-SHA:!EDH-DSS-DES-CBC3-SHA:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!ECDHE-RSA-DES-CBC3-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!DES-CBC3-SHA:!AES128-SHA:!AES256-SHA:!DHE-DSS-AES128-SHA:!DHE-DSS-AES256-SHA:!CAMELLIA128-SHA:!CAMELLIA256-SHA:!DHE-DSS-CAMELLIA128-SHA:!DHE-DSS-CAMELLIA256-SHA:!DHE-RSA-CAMELLIA128-SHA:!DHE-RSA-CAMELLIA256-SHA:!ECDHE-ECDSA-DES-CBC3-SHA:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES256-SHA" -} -<% else %> -### -# HTTPS not enabled -### -<% end %> - -#### status module -#status.status-url = "/server-status" -#status.config-url = "/server-config" - -#### auth module -## read authentication.txt for more info -#auth.backend = "plain" -#auth.backend.plain.userfile = "lighttpd.user" -#auth.backend.plain.groupfile = "lighttpd.group" - -#auth.backend.ldap.hostname = "localhost" -#auth.backend.ldap.base-dn = "dc=my-domain,dc=com" -#auth.backend.ldap.filter = "(uid=$)" - -#auth.require = ( "/server-status" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "user=jan" -# ), -# "/server-config" => -# ( -# "method" => "digest", -# "realm" => "download archiv", -# "require" => "valid-user" -# ) -# ) - -#### url handling modules (rewrite, redirect, access) -#url.rewrite = ( "^/$" => "/server-status" ) -#url.redirect = ( "^/wishlist/(.+)" => "http://www.123.org/$1" ) - -#### both rewrite/redirect support back reference to regex conditional using %n -#$HTTP["host"] =~ "^www\.(.*)" { -# url.redirect = ( "^/(.*)" => "http://%1/$1" ) -#} - -# -# define a pattern for the host url finding -# %% => % sign -# %0 => domain name + tld -# %1 => tld -# %2 => domain name without tld -# %3 => subdomain 1 name -# %4 => subdomain 2 name -# -#evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/" - -#### expire module -#expire.url = ( "/buggy/" => "access 2 hours", "/asdhas/" => "access plus 1 seconds 2 minutes") - -#### ssi -#ssi.extension = ( ".shtml" ) - -#### rrdtool -#rrdtool.binary = "/usr/bin/rrdtool" -#rrdtool.db-name = "/var/www/lighttpd.rrd" - -#### setenv -#setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" ) -#setenv.add-response-header = ( "X-Secret-Message" => "42" ) - -## for mod_trigger_b4_dl -# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db" -# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" ) -# trigger-before-download.trigger-url = "^/trigger/" -# trigger-before-download.download-url = "^/download/" -# trigger-before-download.deny-url = "http://127.0.0.1/index.html" -# trigger-before-download.trigger-timeout = 10 - -## for mod_cml -## don't forget to add index.cml to server.indexfiles -# cml.extension = ".cml" -# cml.memcache-hosts = ( "127.0.0.1:11211" ) - -#### variable usage: -## variable name without "." is auto prefixed by "var." and becomes "var.bar" -#bar = 1 -#var.mystring = "foo" - -## integer add -#bar += 1 -## string concat, with integer cast as string, result: "www.foo1.com" -#server.name = "www." + mystring + var.bar + ".com" -## array merge -#index-file.names = (foo + ".php") + index-file.names -#index-file.names += (foo + ".php") - -#### include -#include /etc/lighttpd/lighttpd-inc.conf -## same as above if you run: "lighttpd -f /etc/lighttpd/lighttpd.conf" -#include "lighttpd-inc.conf" - -#### include_shell -#include_shell "echo var.a=1" -## the above is same as: -#var.a=1 - -# deny access to feed directories for external connections. -# Only enable access to dir listing for feed directory if on internal network -# (i.e. mgmt or pxeboot networks) -include "/etc/lighttpd/lighttpd-inc.conf" -$HTTP["remoteip"] != "127.0.0.1" { - $HTTP["url"] =~ "^/(rel-[^/]*|feed|updates)/" { - dir-listing.activate = "enable" - } - $HTTP["remoteip"] != var.management_ip_network { - $HTTP["remoteip"] != var.pxeboot_ip_network { - $HTTP["url"] =~ "^/(rel-[^/]*|feed|updates)/" { - url.access-deny = ( "" ) - } - } - } -} -$HTTP["scheme"] == "https" { - setenv.add-response-header = ( "Strict-Transport-Security" => "max-age=63072000; includeSubdomains; ") -} - -<%- unless @tpm_object.nil? -%> -server.tpm-object = "<%= @tpm_object %>" -server.tpm-engine = "<%= @tpm_engine %>" -<%- end -%> - diff --git a/puppet-manifests/src/modules/platform/files/docker-distribution b/puppet-manifests/src/modules/platform/files/docker-distribution deleted file mode 100644 index 9d4be4e19a..0000000000 --- a/puppet-manifests/src/modules/platform/files/docker-distribution +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -# -# Startup script for docker-distribution -# - - -DESC="Docker Distribution aka Docker Registry" -SERVICE="docker-distribution.service" -PIDFILE="/var/run/docker-distribution.pid" - - -status() -{ - if [ "`systemctl is-active docker-distribution.service`" = "active" ]; then - RETVAL=0 - echo "$DESC is running" - return - else - echo "$DESC is Not running" - RETVAL=1 - fi -} - -start() -{ - if [ -e $PIDFILE ]; then - PIDDIR=/proc/$(cat $PIDFILE) - if [ -d $PIDDIR ]; then - echo "$DESC already running." - return - else - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi - fi - - echo "Starting $SERVICE..." - - systemctl start $SERVICE - - if [ $? -eq 0 ]; then - echo "Started $SERVICE successfully" - RETVAL=0 - else - echo "$SERVICE failed!" - RETVAL=1 - fi - -} - -stop() -{ - echo -n "Stopping $SERVICE..." - systemctl stop $SERVICE - if [ $? -eq 0 ]; then - echo "$SERVICE stopped." - else - echo "failed to stop $SERVICE!" - fi - - if [ -e $PIDFILE ]; then - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi -} - - -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status - ;; - restart) - stop - start - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit $RETVAL - - - - diff --git a/puppet-manifests/src/modules/platform/files/etcd b/puppet-manifests/src/modules/platform/files/etcd deleted file mode 100644 index 6593b6059e..0000000000 --- a/puppet-manifests/src/modules/platform/files/etcd +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash -# -# Startup script for etcd -# -# chkconfig: 2345 20 80 -# description: Starts and stops etcd systemd service - -### BEGIN INIT INFO -# Provides: etcd -# Required-Start: $local_fs $network -# Required-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start up the etcd service -# Description: A highly-available key value store for shared configuration -### END INIT INFO - - -DESC="ETCD highly-available key value database" -SERVICE="etcd.service" -PIDFILE="/var/run/etcd.pid" - - -status() -{ - if [ "`systemctl is-active etcd.service`" = "active" ]; then - RETVAL=0 - echo "$DESC is running" - return - else - echo "$DESC is Not running" - RETVAL=1 - fi -} - -start() -{ - if [ -e $PIDFILE ]; then - PIDDIR=/proc/$(cat $PIDFILE) - if [ -d $PIDDIR ]; then - echo "$DESC already running." - return - else - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi - fi - - echo "Starting $SERVICE..." - - systemctl start $SERVICE - - if [ $? -eq 0 ]; then - echo "Started $SERVICE successfully" - RETVAL=0 - else - echo "$SERVICE failed!" - RETVAL=1 - fi - -} - -stop() -{ - echo -n "Stopping $SERVICE..." - systemctl stop $SERVICE - if [ $? -eq 0 ]; then - echo "$SERVICE stopped." - else - echo "failed to stop $SERVICE!" - fi - - if [ -e $PIDFILE ]; then - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi -} - - -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status - ;; - restart) - stop - start - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit $RETVAL - - - diff --git a/puppet-manifests/src/modules/platform/files/etcd-override.conf b/puppet-manifests/src/modules/platform/files/etcd-override.conf deleted file mode 100644 index 09d2ed47af..0000000000 --- a/puppet-manifests/src/modules/platform/files/etcd-override.conf +++ /dev/null @@ -1,9 +0,0 @@ -[Service] -EnvironmentFile=-/etc/etcd/etcd.conf -User=root -NotifyAccess=all -Type=notify -ExecStart= -ExecStart=-/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" 2>&1 | /usr/bin/forward-journald -tag etcd" -ExecStartPost=/bin/bash -c 'echo $MAINPID >/var/run/etcd.pid' -ExecStopPost=/bin/bash/rm -f /var/run/etcd.pid diff --git a/puppet-manifests/src/modules/platform/files/kubeconfig.sh b/puppet-manifests/src/modules/platform/files/kubeconfig.sh deleted file mode 100644 index 4949a0468b..0000000000 --- a/puppet-manifests/src/modules/platform/files/kubeconfig.sh +++ /dev/null @@ -1,7 +0,0 @@ -# Check for interactive bash and that we haven't already been sourced. -[ -z "$PS1" -o -n "$KUBECONFIG" ] && return - -# Set up the location of the k8s config file for anyone who can read it. -if [ -r /etc/kubernetes/admin.conf ]; then - export KUBECONFIG=/etc/kubernetes/admin.conf -fi diff --git a/puppet-manifests/src/modules/platform/files/ldap.cgcs-shell.ldif b/puppet-manifests/src/modules/platform/files/ldap.cgcs-shell.ldif deleted file mode 100644 index 95005fda8d..0000000000 --- a/puppet-manifests/src/modules/platform/files/ldap.cgcs-shell.ldif +++ /dev/null @@ -1,4 +0,0 @@ -dn: uid=operator,ou=People,dc=cgcs,dc=local -changetype: modify -replace: loginShell -loginShell: /usr/local/bin/cgcs_cli diff --git a/puppet-manifests/src/modules/platform/files/registry-token-server b/puppet-manifests/src/modules/platform/files/registry-token-server deleted file mode 100644 index 5cfe82a881..0000000000 --- a/puppet-manifests/src/modules/platform/files/registry-token-server +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# -# SPDX-License-Identifier: Apache-2.0 -# -# Startup script for registry-token-server -# - - -DESC="Docker Registry Token Server" -SERVICE="registry-token-server.service" -PIDFILE="/var/run/registry-token-server.pid" - - -status() -{ - if [ "`systemctl is-active registry-token-server.service`" = "active" ]; then - RETVAL=0 - echo "$DESC is running" - return - else - echo "$DESC is Not running" - RETVAL=1 - fi -} - -start() -{ - if [ -e $PIDFILE ]; then - PIDDIR=/proc/$(cat $PIDFILE) - if [ -d $PIDDIR ]; then - echo "$DESC already running." - return - else - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi - fi - - echo "Starting $SERVICE..." - - systemctl start $SERVICE - - if [ $? -eq 0 ]; then - echo "Started $SERVICE successfully" - RETVAL=0 - else - echo "$SERVICE failed!" - RETVAL=1 - fi - -} - -stop() -{ - echo -n "Stopping $SERVICE..." - systemctl stop $SERVICE - if [ $? -eq 0 ]; then - echo "$SERVICE stopped." - else - echo "failed to stop $SERVICE!" - fi - - if [ -e $PIDFILE ]; then - echo "Removing stale PID file $PIDFILE" - rm -f $PIDFILE - fi -} - - -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status - ;; - restart) - stop - start - ;; - *) - echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/puppet-manifests/src/modules/platform/lib/facter/boot_disk_device_path.rb b/puppet-manifests/src/modules/platform/lib/facter/boot_disk_device_path.rb deleted file mode 100644 index dfe6860ef3..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/boot_disk_device_path.rb +++ /dev/null @@ -1,5 +0,0 @@ -Facter.add("boot_disk_device_path") do - setcode do - Facter::Util::Resolution.exec('find -L /dev/disk/by-path/ -samefile $(df --output=source /boot | tail -1) | tail -1') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/configured_ceph_monitors.rb b/puppet-manifests/src/modules/platform/lib/facter/configured_ceph_monitors.rb deleted file mode 100644 index ee42ecd017..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/configured_ceph_monitors.rb +++ /dev/null @@ -1,8 +0,0 @@ -Facter.add("configured_ceph_monitors") do - setcode do - lines = IO.readlines("/etc/ceph/ceph.conf").keep_if { |v| v =~ /\[mon\..*\]/ } - lines.collect do |line| - line.scan(/\[mon\.(.*)\]/).last.first - end - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/controller_sw_versions_match.rb b/puppet-manifests/src/modules/platform/lib/facter/controller_sw_versions_match.rb deleted file mode 100644 index 30d60788dd..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/controller_sw_versions_match.rb +++ /dev/null @@ -1,11 +0,0 @@ -# Returns true if controllers are running the same software version (or if only -# one controller is configured). Will always return true if: -# 1. Manifests are being applied on any node other than a controller. -# 2. Manifests are being applied as part of a reconfig. Reconfigs can not be -# done while a system is being upgraded. - -Facter.add("controller_sw_versions_match") do - setcode do - ! (ENV['CONTROLLER_SW_VERSIONS_MISMATCH'] == "true") - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/disable_worker_services.rb b/puppet-manifests/src/modules/platform/lib/facter/disable_worker_services.rb deleted file mode 100644 index 8c40aa1e7d..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/disable_worker_services.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true if worker services should be disabled - -Facter.add("disable_worker_services") do - setcode do - File.exist?('/var/run/.disable_worker_services') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/get_cmdline.rb b/puppet-manifests/src/modules/platform/lib/facter/get_cmdline.rb deleted file mode 100644 index 9074d7fcea..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/get_cmdline.rb +++ /dev/null @@ -1,5 +0,0 @@ -# Returns the current boot parameters -Facter.add(:get_cmdline) do - setcode "cat /proc/cmdline 2>/dev/null" -end - diff --git a/puppet-manifests/src/modules/platform/lib/facter/install_uuid.rb b/puppet-manifests/src/modules/platform/lib/facter/install_uuid.rb deleted file mode 100644 index 2d0dedd3d7..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/install_uuid.rb +++ /dev/null @@ -1,6 +0,0 @@ -Facter.add("install_uuid") do - setcode do - Facter::Util::Resolution.exec("awk -F= '{if ($1 == \"INSTALL_UUID\") { print $2; }}' /etc/platform/platform.conf") - end -end - diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_broadwell_processor.rb b/puppet-manifests/src/modules/platform/lib/facter/is_broadwell_processor.rb deleted file mode 100644 index 9429a29fbe..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_broadwell_processor.rb +++ /dev/null @@ -1,8 +0,0 @@ -# Returns true if it is Broadwell processor -# Broadwell specific flags (model: 79) -Facter.add("is_broadwell_processor") do - setcode do - Facter::Core::Execution.exec('grep -q -E "^model\s+:\s+79$" /proc/cpuinfo') - $?.exitstatus == 0 - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_controller_active.rb b/puppet-manifests/src/modules/platform/lib/facter/is_controller_active.rb deleted file mode 100644 index 8b1913c779..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_controller_active.rb +++ /dev/null @@ -1,10 +0,0 @@ -# Check if current node is the active controller - -require 'facter' - -Facter.add("is_controller_active") do - setcode do - Facter::Core::Execution.exec("pgrep -f sysinv-api") - $?.exitstatus == 0 - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_gb_page_supported.rb b/puppet-manifests/src/modules/platform/lib/facter/is_gb_page_supported.rb deleted file mode 100644 index 122768ce2b..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_gb_page_supported.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true if one GB pages is supported -Facter.add("is_gb_page_supported") do - setcode do - Facter::Core::Execution.exec('grep -q pdpe1gb /proc/cpuinfo') - $?.exitstatus == 0 - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_hugetlbfs_enabled.rb b/puppet-manifests/src/modules/platform/lib/facter/is_hugetlbfs_enabled.rb deleted file mode 100644 index aadada4f7a..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_hugetlbfs_enabled.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true if hugetlbfs not enabled -Facter.add("is_hugetlbfs_enabled") do - setcode do - Facter::Core::Execution.exec('grep -q hugetlbfs /proc/filesystems') - $?.exitstatus == 0 - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_initial_config.rb b/puppet-manifests/src/modules/platform/lib/facter/is_initial_config.rb deleted file mode 100644 index 53872eb4b9..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_initial_config.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true is this is the initial config for this node - -Facter.add("is_initial_config") do - setcode do - ! File.exist?('/etc/platform/.initial_config_complete') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_initial_config_primary.rb b/puppet-manifests/src/modules/platform/lib/facter/is_initial_config_primary.rb deleted file mode 100644 index 81941c2c39..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_initial_config_primary.rb +++ /dev/null @@ -1,8 +0,0 @@ -# Returns true is this is the primary initial config (ie. first controller) - -Facter.add("is_initial_config_primary") do - setcode do - ENV['INITIAL_CONFIG_PRIMARY'] == "true" - end -end - diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_initial_k8s_config.rb b/puppet-manifests/src/modules/platform/lib/facter/is_initial_k8s_config.rb deleted file mode 100644 index ce0024f4fe..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_initial_k8s_config.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true is this is the initial kubernetes config for this node - -Facter.add("is_initial_k8s_config") do - setcode do - ! File.exist?('/etc/platform/.initial_k8s_config_complete') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_keystone_running.rb b/puppet-manifests/src/modules/platform/lib/facter/is_keystone_running.rb deleted file mode 100644 index 2dad5de891..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_keystone_running.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Returns whether keystone is running on the local host -Facter.add(:is_keystone_running) do - setcode do - Facter::Util::Resolution.exec('pgrep -c -f "\[keystone\-admin\]"') != '0' - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_node_ceph_configured.rb b/puppet-manifests/src/modules/platform/lib/facter/is_node_ceph_configured.rb deleted file mode 100644 index 060dffef91..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_node_ceph_configured.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true if Ceph has been configured on current node - -Facter.add("is_node_ceph_configured") do - setcode do - File.exist?('/etc/platform/.node_ceph_configured') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_per_numa_supported.rb b/puppet-manifests/src/modules/platform/lib/facter/is_per_numa_supported.rb deleted file mode 100644 index 70061a0f82..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_per_numa_supported.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Returns true if Resource Control is supported on this node -Facter.add("is_per_numa_supported") do - setcode do - Dir.exist?('/sys/devices/system/node/node0') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_primary_disk_rotational.rb b/puppet-manifests/src/modules/platform/lib/facter/is_primary_disk_rotational.rb deleted file mode 100644 index d80896f839..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_primary_disk_rotational.rb +++ /dev/null @@ -1,6 +0,0 @@ -require 'facter' -Facter.add(:is_primary_disk_rotational) do - rootfs_partition = Facter::Core::Execution.exec("df --output=source / | tail -1") - rootfs_device = Facter::Core::Execution.exec("basename #{rootfs_partition} | sed 's/[0-9]*$//;s/p[0-9]*$//'") - setcode "cat /sys/block/#{rootfs_device}/queue/rotational" -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_resctrl_supported.rb b/puppet-manifests/src/modules/platform/lib/facter/is_resctrl_supported.rb deleted file mode 100644 index 4a25e065a4..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_resctrl_supported.rb +++ /dev/null @@ -1,6 +0,0 @@ -# Returns true if Resource Control is supported on this node -Facter.add("is_resctrl_supported") do - setcode do - Dir.exist?('/sys/fs/resctrl') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_restore_in_progress.rb b/puppet-manifests/src/modules/platform/lib/facter/is_restore_in_progress.rb deleted file mode 100644 index 51a007b03f..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_restore_in_progress.rb +++ /dev/null @@ -1,7 +0,0 @@ -# Returns true if restore is in progress - -Facter.add("is_restore_in_progress") do - setcode do - File.exist?('/etc/platform/.restore_in_progress') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/is_standalone_controller.rb b/puppet-manifests/src/modules/platform/lib/facter/is_standalone_controller.rb deleted file mode 100644 index a3cff6bab9..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/is_standalone_controller.rb +++ /dev/null @@ -1,8 +0,0 @@ -# Returns true is this is the only configured controller in the system else -# return false if both controllers are configured. - -Facter.add("is_standalone_controller") do - setcode do - File.exist?('/etc/platform/simplex') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/number_of_logical_cpus.rb b/puppet-manifests/src/modules/platform/lib/facter/number_of_logical_cpus.rb deleted file mode 100644 index 652a3db9b0..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/number_of_logical_cpus.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Returns number of logical cpus -Facter.add(:number_of_logical_cpus) do - setcode "cat /proc/cpuinfo 2>/dev/null | awk '/^[pP]rocessor/ { n +=1 } END { print (n>0) ? n : 1}'" -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/number_of_numa_nodes.rb b/puppet-manifests/src/modules/platform/lib/facter/number_of_numa_nodes.rb deleted file mode 100644 index b8962abf34..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/number_of_numa_nodes.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Returns number of numa nodes -Facter.add(:number_of_numa_nodes) do - setcode "ls -d /sys/devices/system/node/node* 2>/dev/null | wc -l" -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/physical_core_count.rb b/puppet-manifests/src/modules/platform/lib/facter/physical_core_count.rb deleted file mode 100644 index 0e0fd5ef09..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/physical_core_count.rb +++ /dev/null @@ -1,4 +0,0 @@ -# Returns number of physical cores -Facter.add(:physical_core_count) do - setcode "awk '/^cpu cores/ {c=$4} /physical id/ {a[$4]=1} END {n=0; for (i in a) n++; print (n>0 && c>0) ? n*c : 1}' /proc/cpuinfo" -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/platform_res_mem.rb b/puppet-manifests/src/modules/platform/lib/facter/platform_res_mem.rb deleted file mode 100644 index 08a0bce7f4..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/platform_res_mem.rb +++ /dev/null @@ -1,12 +0,0 @@ -# Platform reserved memory is the total normal memory (i.e. 4K memory) that -# may be allocated by programs in MiB. This total excludes huge-pages and -# kernel overheads. -# -# The 'MemAvailable' field represents total unused memory. This includes: -# free, buffers, cached, and reclaimable slab memory. -# -# The Active(anon) and Inactive(anon) fields represents the total used -# anonymous memory. -Facter.add(:platform_res_mem) do - setcode "grep -e '^MemAvailable:' -e '^Active(anon):' -e '^Inactive(anon):' /proc/meminfo | awk '{a+=$2} END{print int(a/1024)}'" -end diff --git a/puppet-manifests/src/modules/platform/lib/facter/system_info.rb b/puppet-manifests/src/modules/platform/lib/facter/system_info.rb deleted file mode 100644 index 25be29eec9..0000000000 --- a/puppet-manifests/src/modules/platform/lib/facter/system_info.rb +++ /dev/null @@ -1,5 +0,0 @@ -Facter.add("system_info") do - setcode do - Facter::Util::Resolution.exec('uname -r') - end -end diff --git a/puppet-manifests/src/modules/platform/lib/puppet/parser/functions/check_grub_config.rb b/puppet-manifests/src/modules/platform/lib/puppet/parser/functions/check_grub_config.rb deleted file mode 100644 index c6840432f8..0000000000 --- a/puppet-manifests/src/modules/platform/lib/puppet/parser/functions/check_grub_config.rb +++ /dev/null @@ -1,34 +0,0 @@ -module Puppet::Parser::Functions - newfunction(:check_grub_config, - :type => :rvalue, - :doc => <<-EOD - This internal function checks if a list of arguments are configured - in the current boot args based on the input parameters - - EOD - ) do |args| - - func_name = "check_grub_config()" - - raise(Puppet::ParseError, "#{func_name}: Requires 1 argument" + - "#{args.size} given") if args.size != 1 - - expected = args[0] - raise(Puppet::ParseError, "#{func_name}: first argument must be a string") \ - unless expected.instance_of? String - - # get the current boot args - cmd = Facter.value(:get_cmdline) - cmd_array = cmd.split() - - value = true - expected.split().each do |element| - value = cmd_array.include?(element) - if value == false - Puppet.debug("#{element} is not presented in #{cmd}") - return value - end - end - value - end -end diff --git a/puppet-manifests/src/modules/platform/manifests/amqp.pp b/puppet-manifests/src/modules/platform/manifests/amqp.pp deleted file mode 100644 index 1710b4ac4f..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/amqp.pp +++ /dev/null @@ -1,156 +0,0 @@ -class platform::amqp::params ( - $auth_password = 'guest', - $auth_user = 'guest', - $backend = 'rabbitmq', - $node = 'rabbit@localhost', - $host = 'localhost', - $host_url = 'localhost', - $port = 5672, - $protocol = 'tcp', - $ssl_enabled = false, -) { - $transport_url = "rabbit://${auth_user}:${auth_password}@${host_url}:${port}" -} - - -class platform::amqp::rabbitmq ( - $service_enabled = false, -) inherits ::platform::amqp::params { - - include ::platform::params - - File <| path == '/etc/rabbitmq/rabbitmq.config' |> { - ensure => present, - owner => 'rabbitmq', - group => 'rabbitmq', - mode => '0640', - } - - file { '/var/log/rabbitmq': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - - if $service_enabled { - $service_ensure = 'running' - } - elsif str2bool($::is_initial_config_primary) { - $service_ensure = 'running' - - # ensure service is stopped after initial configuration - class { '::platform::amqp::post': - stage => post - } - } else { - $service_ensure = 'stopped' - } - - $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" - - class { '::rabbitmq': - port => $port, - ssl => $ssl_enabled, - default_user => $auth_user, - default_pass => $auth_password, - service_ensure => $service_ensure, - rabbitmq_home => $rabbit_dbdir, - environment_variables => { - 'RABBITMQ_NODENAME' => $node, - 'RABBITMQ_MNESIA_BASE' => "${rabbit_dbdir}/mnesia", - 'HOME' => $rabbit_dbdir, - }, - config_variables => { - 'disk_free_limit' => '100000000', - 'heartbeat' => '30', - 'tcp_listen_options' => '[binary, - {packet,raw}, - {reuseaddr,true}, - {backlog,128}, - {nodelay,true}, - {linger,{true,0}}, - {exit_on_close,false}, - {keepalive,true}]', - } - } -} - - -class platform::amqp::post { - # rabbitmq-server needs to be running in order to apply the initial manifest, - # however, it needs to be stopped/disabled to allow SM to manage the service. - # To allow for the transition it must be explicitely stopped. Once puppet - # can directly handle SM managed services, then this can be removed. - exec { 'stop rabbitmq-server service': - command => 'systemctl stop rabbitmq-server; systemctl disable rabbitmq-server', - } -} - - -class platform::amqp::bootstrap { - include ::platform::params - - Class['::platform::drbd::rabbit'] -> Class[$name] - - class { '::platform::amqp::rabbitmq': - service_enabled => true, - } - - # Ensure the rabbit data directory is created in the rabbit filesystem. - $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" - file { $rabbit_dbdir: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } -> Class['::rabbitmq'] - - rabbitmq_policy {'notifications_queues_maxlen@/': - require => Class['::rabbitmq'], - pattern => '.*notifications.*', - priority => 0, - applyto => 'queues', - definition => { - 'max-length' => '10000', - }, - } - - rabbitmq_policy {'sample_queues_maxlen@/': - require => Class['::rabbitmq'], - pattern => '.*sample$', - priority => 0, - applyto => 'queues', - definition => { - 'max-length' => '100000', - }, - } - - rabbitmq_policy {'all_queues_ttl@/': - require => Class['::rabbitmq'], - pattern => '.*', - priority => 0, - applyto => 'queues', - definition => { - 'expires' => '14400000', - } - } -} - -class platform::amqp::upgrade { - include ::platform::params - - class { '::platform::amqp::rabbitmq': - service_enabled => true, - } - - # Ensure the rabbit data directory is created in the rabbit filesystem. - $rabbit_dbdir = "/var/lib/rabbitmq/${::platform::params::software_version}" - file { $rabbit_dbdir: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } -> Class['::rabbitmq'] - -} diff --git a/puppet-manifests/src/modules/platform/manifests/anchors.pp b/puppet-manifests/src/modules/platform/manifests/anchors.pp deleted file mode 100644 index 9971c73b41..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/anchors.pp +++ /dev/null @@ -1,4 +0,0 @@ -class platform::anchors { - anchor { 'platform::networking': } - -> anchor { 'platform::services': } -} diff --git a/puppet-manifests/src/modules/platform/manifests/ceph.pp b/puppet-manifests/src/modules/platform/manifests/ceph.pp deleted file mode 100644 index 943ae5881c..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/ceph.pp +++ /dev/null @@ -1,607 +0,0 @@ -class platform::ceph::params( - $service_enabled = false, - $skip_osds_during_restore = false, - $cluster_uuid = undef, - $cluster_name = 'ceph', - $authentication_type = 'none', - $mon_lv_name = 'ceph-mon-lv', - $mon_lv_size = 0, - $mon_lv_size_reserved = 20, - $mon_fs_type = 'ext4', - $mon_fs_options = ' ', - $mon_mountpoint = '/var/lib/ceph/mon', - $floating_mon_host = undef, - $floating_mon_ip = undef, - $floating_mon_addr = undef, - $mon_0_host = undef, - $mon_0_ip = undef, - $mon_0_addr = undef, - $mon_1_host = undef, - $mon_1_ip = undef, - $mon_1_addr = undef, - $mon_2_host = undef, - $mon_2_ip = undef, - $mon_2_addr = undef, - $rgw_enabled = false, - $rgw_client_name = 'radosgw.gateway', - $rgw_user_name = 'root', - $rgw_frontend_type = 'civetweb', - $rgw_port = 7480, - $rgw_log_file = '/var/log/radosgw/radosgw.log', - $rgw_service_domain = undef, - $rgw_service_project = undef, - $rgw_service_password = undef, - $rgw_max_put_size = '53687091200', - $rgw_gc_max_objs = '977', - $rgw_gc_obj_min_wait = '600', - $rgw_gc_processor_max_time = '300', - $rgw_gc_processor_period = '300', - $configure_ceph_mon_info = false, - $ceph_config_file = '/etc/ceph/ceph.conf', - $ceph_config_ready_path = '/var/run/.ceph_started', - $node_ceph_configured_flag = '/etc/platform/.node_ceph_configured', -) { } - - -class platform::ceph - inherits ::platform::ceph::params { - - $system_mode = $::platform::params::system_mode - $system_type = $::platform::params::system_type - if $service_enabled or $configure_ceph_mon_info { - # Set the minimum set of monitors that form a valid cluster - if $system_type == 'All-in-one' { - if $system_mode == 'simplex' { - # 1 node configuration, a single monitor is available - $mon_initial_members = $mon_0_host - $osd_pool_default_size = 1 - } else { - # 2 node configuration, we have a floating monitor - $mon_initial_members = $floating_mon_host - $osd_pool_default_size = 2 - } - } else { - # Multinode & standard, any 2 monitors form a cluster - $mon_initial_members = undef - $osd_pool_default_size = 2 - } - - class { '::ceph': - fsid => $cluster_uuid, - authentication_type => $authentication_type, - mon_initial_members => $mon_initial_members, - osd_pool_default_size => $osd_pool_default_size, - osd_pool_default_min_size => 1 - } - -> ceph_config { - 'mon/mon clock drift allowed': value => '.1'; - } - if $system_type == 'All-in-one' { - # 1 and 2 node configurations have a single monitor - if 'duplex' in $system_mode { - # Floating monitor, running on active controller. - Class['::ceph'] - -> ceph_config { - "mon.${floating_mon_host}/host": value => $floating_mon_host; - "mon.${floating_mon_host}/mon_addr": value => $floating_mon_addr; - } - } else { - # Simplex case, a single monitor binded to the controller. - Class['::ceph'] - -> ceph_config { - "mon.${mon_0_host}/host": value => $mon_0_host; - "mon.${mon_0_host}/mon_addr": value => $mon_0_addr; - } - } - } else { - # Multinode & standard have 3 monitors - Class['::ceph'] - -> ceph_config { - "mon.${mon_0_host}/host": value => $mon_0_host; - "mon.${mon_0_host}/mon_addr": value => $mon_0_addr; - "mon.${mon_1_host}/host": value => $mon_1_host; - "mon.${mon_1_host}/mon_addr": value => $mon_1_addr; - } - if $mon_2_host { - Class['::ceph'] - -> ceph_config { - "mon.${mon_2_host}/host": value => $mon_2_host; - "mon.${mon_2_host}/mon_addr": value => $mon_2_addr; - } - } - } - - # Remove old, no longer in use, monitor hosts from Ceph's config file - $valid_monitors = [ $mon_0_host, $mon_1_host, $mon_2_host ] - - $::configured_ceph_monitors.each |Integer $index, String $monitor| { - if ! ($monitor in $valid_monitors) { - notice("Removing ${monitor} from ${ceph_config_file}") - - # Remove all monitor settings of a section - $mon_settings = { - "mon.${monitor}" => { - 'public_addr' => { 'ensure' => 'absent' }, - 'host' => { 'ensure' => 'absent' }, - 'mon_addr' => { 'ensure' => 'absent' }, - } - } - $defaults = { 'path' => $ceph_config_file } - create_ini_settings($mon_settings, $defaults) - - # Remove section header - Ini_setting<| |> - -> file_line { "[mon.${monitor}]": - ensure => absent, - path => $ceph_config_file, - line => "[mon.${monitor}]" - } - } - } - } - class { '::platform::ceph::post': - stage => post - } -} - - -class platform::ceph::post - inherits ::platform::ceph::params { - # Enable ceph process recovery after all configuration is done - file { $ceph_config_ready_path: - ensure => present, - content => '', - owner => 'root', - group => 'root', - mode => '0644', - } - - if $service_enabled { - # Ceph configuration on this node is done - file { $node_ceph_configured_flag: - ensure => present - } - } -} - - -class platform::ceph::monitor - inherits ::platform::ceph::params { - - $system_mode = $::platform::params::system_mode - $system_type = $::platform::params::system_type - - if $service_enabled { - if $system_type == 'All-in-one' and 'duplex' in $system_mode { - if str2bool($::is_standalone_controller) { - # Ceph mon is configured on a DRBD partition, - # when 'ceph' storage backend is added in sysinv. - # Then SM takes care of starting ceph after manifests are applied. - $configure_ceph_mon = true - } else { - $configure_ceph_mon = false - } - } else { - # Simplex, multinode. Ceph is pmon managed. - if $::hostname == $mon_0_host or $::hostname == $mon_1_host or $::hostname == $mon_2_host { - $configure_ceph_mon = true - } else { - $configure_ceph_mon = false - } - } - } else { - $configure_ceph_mon = false - } - - if $::personality == 'worker' and ! $configure_ceph_mon { - # Reserve space for ceph-mon on all worker nodes. - include ::platform::filesystem::params - logical_volume { $mon_lv_name: - ensure => present, - volume_group => $::platform::filesystem::params::vg_name, - size => "${mon_lv_size_reserved}G", - } -> Class['platform::filesystem::docker'] - } - - if $configure_ceph_mon { - file { '/var/lib/ceph': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - - if $system_type == 'All-in-one' and 'duplex' in $system_mode { - # ensure DRBD config is complete before enabling the ceph monitor - Drbd::Resource <| |> -> Class['::ceph'] - } else { - File['/var/lib/ceph'] - -> platform::filesystem { $mon_lv_name: - lv_name => $mon_lv_name, - lv_size => $mon_lv_size, - mountpoint => $mon_mountpoint, - fs_type => $mon_fs_type, - fs_options => $mon_fs_options, - } -> Class['::ceph'] - - if $::personality == 'worker' { - Platform::Filesystem[$mon_lv_name] -> Class['platform::filesystem::docker'] - } - - file { '/etc/pmon.d/ceph.conf': - ensure => link, - target => '/etc/ceph/ceph.conf.pmon', - owner => 'root', - group => 'root', - mode => '0640', - } - } - - # ensure configuration is complete before creating monitors - Class['::ceph'] -> Ceph::Mon <| |> - - # ensure we load the crushmap at first unlock - if $system_type == 'All-in-one' and str2bool($::is_standalone_controller) { - if 'duplex' in $system_mode { - $crushmap_txt = '/etc/sysinv/crushmap-controller-model.txt' - } else { - $crushmap_txt = '/etc/sysinv/crushmap-aio-sx.txt' - } - $crushmap_bin = '/etc/sysinv/crushmap.bin' - $crushmap_bin_backup = '/etc/sysinv/crushmap.bin.backup' - Ceph::Mon <| |> - -> exec { 'Copy crushmap if backup exists': - command => "mv -f ${crushmap_bin_backup} ${crushmap_bin}", - onlyif => "test -f ${crushmap_bin_backup}", - } - -> exec { 'Compile crushmap': - command => "crushtool -c ${crushmap_txt} -o ${crushmap_bin}", - onlyif => "test ! -f ${crushmap_bin}", - logoutput => true, - } - -> exec { 'Set crushmap': - command => "ceph osd setcrushmap -i ${crushmap_bin}", - unless => 'ceph osd crush rule list --format plain | grep -e "storage_tier_ruleset"', - logoutput => true, - } - -> Platform_ceph_osd <| |> - } - - # Ensure networking is up before Monitors are configured - Anchor['platform::networking'] -> Ceph::Mon <| |> - - # default configuration for all ceph monitor resources - Ceph::Mon { - fsid => $cluster_uuid, - authentication_type => $authentication_type, - service_ensure => 'running' - } - - if $system_type == 'All-in-one' and 'duplex' in $system_mode { - ceph::mon { $floating_mon_host: - public_addr => $floating_mon_ip, - } - - # On AIO-DX there is a single, floating, Ceph monitor backed by DRBD. - # Therefore DRBD must be up before Ceph monitor is configured - Drbd::Resource <| |> -> Ceph::Mon <| |> - - } else { - if $::hostname == $mon_0_host { - ceph::mon { $mon_0_host: - public_addr => $mon_0_ip, - } - } - elsif $::hostname == $mon_1_host { - ceph::mon { $mon_1_host: - public_addr => $mon_1_ip, - } - } - elsif $::hostname == $mon_2_host { - ceph::mon { $mon_2_host: - public_addr => $mon_2_ip, - } - } - } - } -} - -define osd_crush_location( - $osd_id, - $osd_uuid, - $disk_path, - $data_path, - $journal_path, - $tier_name, -) { - ceph_config{ - "osd.${$osd_id}/devs": value => $data_path; - } - # Only set the crush location for additional tiers - if $tier_name != 'storage' { - ceph_config { - "osd.${$osd_id}/host": value => "${$::platform::params::hostname}-${$tier_name}"; - "osd.${$osd_id}/crush_location": value => "root=${tier_name}-tier host=${$::platform::params::hostname}-${$tier_name}"; - } - } -} - -define platform_ceph_osd( - $osd_id, - $osd_uuid, - $disk_path, - $data_path, - $journal_path, - $tier_name, -) { - - Anchor['platform::networking'] # Make sure networking is up before running ceph commands - -> file { "/var/lib/ceph/osd/ceph-${osd_id}": - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> exec { "ceph osd create ${osd_uuid} ${osd_id}": - logoutput => true, - command => template('platform/ceph.osd.create.erb'), - } - -> ceph::osd { $disk_path: - uuid => $osd_uuid, - osdid => $osd_id, - } - -> exec { "configure journal location ${name}": - logoutput => true, - command => template('platform/ceph.journal.location.erb') - } -} - - -define platform_ceph_journal( - $disk_path, - $journal_sizes, -) { - exec { "configure journal partitions ${name}": - logoutput => true, - command => template('platform/ceph.journal.partitions.erb') - } -} - - -class platform::ceph::osds( - $osd_config = {}, - $journal_config = {}, -) inherits ::platform::ceph::params { - - # skip_osds_during_restore is set to true when the default primary - # ceph backend "ceph-store" has "restore" as its task and it is - # not an AIO system. - if ! $skip_osds_during_restore { - file { '/var/lib/ceph/osd': - ensure => 'directory', - path => '/var/lib/ceph/osd', - owner => 'root', - group => 'root', - mode => '0755', - } - - # Ensure ceph.conf is complete before configuring OSDs - Class['::ceph'] -> Platform_ceph_osd <| |> - - # Journal disks need to be prepared before the OSDs are configured - Platform_ceph_journal <| |> -> Platform_ceph_osd <| |> - # Crush locations in ceph.conf need to be set before the OSDs are configured - Osd_crush_location <| |> -> Platform_ceph_osd <| |> - - # default configuration for all ceph object resources - Ceph::Osd { - cluster => $cluster_name, - cluster_uuid => $cluster_uuid, - } - - create_resources('osd_crush_location', $osd_config) - create_resources('platform_ceph_osd', $osd_config) - create_resources('platform_ceph_journal', $journal_config) - } -} - -class platform::ceph::haproxy - inherits ::platform::ceph::params { - - if $rgw_enabled { - platform::haproxy::proxy { 'ceph-radosgw-restapi': - server_name => 's-ceph-radosgw', - public_port => $rgw_port, - private_port => $rgw_port, - } - } -} - -class platform::ceph::rgw::keystone ( - $swift_endpts_enabled = false, - $rgw_admin_domain = undef, - $rgw_admin_project = undef, - $rgw_admin_user = 'swift', - $rgw_admin_password = undef, -) inherits ::platform::ceph::params { - include ::openstack::keystone::params - if $rgw_enabled { - - if $swift_endpts_enabled { - $url = $::openstack::keystone::params::openstack_auth_uri - } else { - $url = $::openstack::keystone::params::auth_uri - } - - ceph::rgw::keystone { $rgw_client_name: - # keystone admin token is disabled after initial keystone configuration - # for security reason. Use keystone service tenant credentials instead. - rgw_keystone_admin_token => '', - rgw_keystone_url => $url, - rgw_keystone_version => $::openstack::keystone::params::api_version, - rgw_keystone_accepted_roles => 'admin,_member_', - user => $rgw_user_name, - use_pki => false, - rgw_keystone_revocation_interval => 0, - rgw_keystone_token_cache_size => 0, - rgw_keystone_admin_domain => $rgw_admin_domain, - rgw_keystone_admin_project => $rgw_admin_project, - rgw_keystone_admin_user => $rgw_admin_user, - rgw_keystone_admin_password => $rgw_admin_password, - } - } -} - - -class platform::ceph::rgw - inherits ::platform::ceph::params { - include ::ceph::params - include ::ceph::profile::params - - if $rgw_enabled { - include ::platform::params - - include ::openstack::keystone::params - $auth_host = $::openstack::keystone::params::host_url - - ceph::rgw { $rgw_client_name: - user => $rgw_user_name, - frontend_type => $rgw_frontend_type, - rgw_frontends => "${rgw_frontend_type} port=${auth_host}:${rgw_port}", - # service is managed by SM - rgw_enable => false, - rgw_ensure => false, - # The location of the log file shoule be the same as what's specified in - # /etc/logrotate.d/radosgw in order for log rotation to work properly - log_file => $rgw_log_file, - } - - include ::platform::ceph::rgw::keystone - - ceph_config { - # increase limit for single operation uploading to 50G (50*1024*1024*1024) - "client.${rgw_client_name}/rgw_max_put_size": value => $rgw_max_put_size; - # increase frequency and scope of garbage collection - "client.${rgw_client_name}/rgw_gc_max_objs": value => $rgw_gc_max_objs; - "client.${rgw_client_name}/rgw_gc_obj_min_wait": value => $rgw_gc_obj_min_wait; - "client.${rgw_client_name}/rgw_gc_processor_max_time": value => $rgw_gc_processor_max_time; - "client.${rgw_client_name}/rgw_gc_processor_period": value => $rgw_gc_processor_period; - } - } - - include ::platform::ceph::haproxy -} - -class platform::ceph::worker { - if $::personality == 'worker' { - include ::platform::ceph - include ::platform::ceph::monitor - } -} - -class platform::ceph::storage { - include ::platform::ceph - include ::platform::ceph::monitor - include ::platform::ceph::osds - - # Ensure partitions update prior to ceph storage configuration - Class['::platform::partitions'] -> Class['::platform::ceph::osds'] -} - -class platform::ceph::controller { - include ::platform::ceph - include ::platform::ceph::monitor - include ::platform::ceph::osds - - # Ensure partitions update prior to ceph storage configuration - Class['::platform::partitions'] -> Class['::platform::ceph::osds'] -} - -class platform::ceph::runtime_base { - include ::platform::ceph::monitor - include ::platform::ceph - - # Make sure mgr-restful-plugin is running as it is needed by sysinv config - # TODO(oponcea): Remove when sm supports in-service config reload - if str2bool($::is_controller_active) { - Ceph::Mon <| |> - -> exec { '/etc/init.d/mgr-restful-plugin start': - command => '/etc/init.d/mgr-restful-plugin start', - logoutput => true, - } - } -} - -class platform::ceph::runtime_osds { - include ::ceph::params - include ::platform::ceph - include ::platform::ceph::osds - - # Since this is runtime we have to avoid checking status of Ceph while we - # configure it. On AIO-DX ceph-osd processes are monitored by SM & on other - # deployments they are pmon managed. - $system_mode = $::platform::params::system_mode - $system_type = $::platform::params::system_type - - if $system_type == 'All-in-one' and 'duplex' in $system_mode { - exec { 'sm-unmanage service ceph-osd': - command => 'sm-unmanage service ceph-osd' - } - -> Class['::platform::ceph::osds'] - -> exec { 'start Ceph OSDs': - command => '/etc/init.d/ceph-init-wrapper start osd' - } - -> exec { 'sm-manage service ceph-osd': - command => 'sm-manage service ceph-osd' - } - } else { - exec { 'remove /etc/pmon.d/ceph.conf': - command => 'rm -f /etc/pmon.d/ceph.conf' - } - -> Class['::platform::ceph::osds'] - -> exec { 'start Ceph OSDs': - command => '/etc/init.d/ceph-init-wrapper start osd' - } - -> file { 'link /etc/pmon.d/ceph.conf': - ensure => link, - path => '/etc/pmon.d/ceph.conf', - target => '/etc/ceph/ceph.conf.pmon', - owner => 'root', - group => 'root', - mode => '0640', - } - } -} - -# Used to configure optional radosgw platform service -class platform::ceph::rgw::runtime - inherits ::platform::ceph::params { - - include platform::ceph::rgw - - # Make sure the ceph configuration is complete before sm dynamically - # provisions/deprovisions the service - Class[$name] -> Class['::platform::sm::rgw::runtime'] - - unless $rgw_enabled { - # SM's current behavior will not stop the service being de-provisioned, so - # stop it when needed - exec { 'Stopping ceph-radosgw service': - command => '/etc/init.d/ceph-radosgw stop' - } - } -} - -# Used to configure radosgw keystone info based on containerized swift endpoints -# being enabled/disabled -class platform::ceph::rgw::keystone::runtime - inherits ::platform::ceph::params { - - include ::platform::ceph::rgw::keystone - - exec { 'sm-restart-safe service ceph-radosgw': - command => 'sm-restart-safe service ceph-radosgw' - } -} - - diff --git a/puppet-manifests/src/modules/platform/manifests/client.pp b/puppet-manifests/src/modules/platform/manifests/client.pp deleted file mode 100644 index 6fb1fdfa55..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/client.pp +++ /dev/null @@ -1,80 +0,0 @@ -class platform::client::params ( - $admin_username, - $identity_auth_url, - $identity_region = 'RegionOne', - $identity_api_version = 3, - $admin_user_domain = 'Default', - $admin_project_domain = 'Default', - $admin_project_name = 'admin', - $admin_password = undef, - $keystone_identity_region = 'RegionOne', -) { } - -class platform::client - inherits ::platform::client::params { - - include ::platform::client::credentials::params - $keyring_file = $::platform::client::credentials::params::keyring_file - - file {'/etc/platform/openrc': - ensure => 'present', - mode => '0640', - owner => 'root', - group => 'root', - content => template('platform/openrc.admin.erb'), - } - -> file {'/etc/bash_completion.d/openstack': - ensure => 'present', - mode => '0644', - content => generate('/usr/bin/openstack', 'complete'), - } - - if $::personality == 'controller' { - file {'/etc/ssl/private/openstack': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - } -} - -class platform::client::credentials::params ( - $keyring_base, - $keyring_directory, - $keyring_file, -) { } - -class platform::client::credentials - inherits ::platform::client::credentials::params { - - Class['::platform::drbd::platform'] - -> file { $keyring_base: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> file { $keyring_directory: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> file { $keyring_file: - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0755', - content => 'keyring get CGCS admin' - } -} - -class platform::client::bootstrap { - include ::platform::client - include ::platform::client::credentials -} - -class platform::client::upgrade { - include ::platform::client -} diff --git a/puppet-manifests/src/modules/platform/manifests/collectd.pp b/puppet-manifests/src/modules/platform/manifests/collectd.pp deleted file mode 100644 index c8edabb973..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/collectd.pp +++ /dev/null @@ -1,64 +0,0 @@ -class platform::collectd::params ( - $interval = undef, - $timeout = undef, - $read_threads = undef, - $write_threads = undef, - $write_queue_limit_high = undef, - $write_queue_limit_low = undef, - $server_addrs = [], - $server_port = undef, - $max_read_interval = undef, - - # python plugin controls - $module_path = undef, - $plugins = [], - $mtce_notifier_port = undef, - $log_traces = undef, - $encoding = undef, - - $collectd_d_dir = undef, -) {} - - -class platform::collectd - inherits ::platform::collectd::params { - - file { '/etc/collectd.conf': - ensure => 'present', - replace => true, - content => template('platform/collectd.conf.erb'), - } # now start collectd - - -> exec { 'collectd-enable': - command => 'systemctl enable collectd', - unless => 'systemctl is-enabled collectd' - } - - # ensure that collectd is running - -> service { 'collectd': - ensure => running, - provider => 'systemd', - require => Anchor['platform::networking'], - } # now get pmond to monitor the process - - # ensure pmon soft link for process monitoring - -> file { '/etc/pmon.d/collectd.conf': - ensure => 'link', - target => '/opt/collectd/extensions/config/collectd.conf.pmon', - owner => 'root', - group => 'root', - mode => '0600', - } -} - -class platform::collectd::runtime { - include ::platform::collectd -} - -# restart target -class platform::collectd::restart { - include ::platform::collectd - exec { 'collectd-restart': - command => '/usr/local/sbin/pmon-restart collectd' - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/compute.pp b/puppet-manifests/src/modules/platform/manifests/compute.pp deleted file mode 100644 index 7ad9ceeba8..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/compute.pp +++ /dev/null @@ -1,398 +0,0 @@ -class platform::compute::params ( - $worker_cpu_list = '', - $platform_cpu_list = '', - $reserved_vswitch_cores = '', - $reserved_platform_cores = '', - $worker_base_reserved = '', - $compute_vswitch_reserved = '', -) { } - -class platform::compute::config - inherits ::platform::compute::params { - include ::platform::collectd::restart - file { '/etc/platform/worker_reserved.conf': - ensure => 'present', - replace => true, - content => template('platform/worker_reserved.conf.erb') - } - -> Exec['collectd-restart'] - - if $::platform::params::system_type != 'All-in-one' { - file { '/etc/systemd/system.conf.d/platform-cpuaffinity.conf': - ensure => 'present', - replace => true, - content => template('platform/systemd-system-cpuaffinity.conf.erb') - } - } -} - -class platform::compute::config::runtime { - include ::platform::compute::config -} - -class platform::compute::grub::params ( - $n_cpus = '', - $cpu_options = '', - $m_hugepages = 'hugepagesz=2M hugepages=0', - $g_hugepages = undef, - $default_pgsz = 'default_hugepagesz=2M', - $keys = [ - 'kvm-intel.eptad', - 'default_hugepagesz', - 'hugepagesz', - 'hugepages', - 'isolcpus', - 'nohz_full', - 'rcu_nocbs', - 'kthread_cpus', - 'irqaffinity', - ], -) { - - if $::is_broadwell_processor { - $eptad = 'kvm-intel.eptad=0' - } else { - $eptad = '' - } - - if $::is_gb_page_supported and $::platform::params::vswitch_type != 'none' { - if $g_hugepages != undef { - $gb_hugepages = $g_hugepages - } else { - $gb_hugepages = "hugepagesz=1G hugepages=${::number_of_numa_nodes}" - } - } else { - $gb_hugepages = '' - } - - $grub_updates = strip("${eptad} ${$gb_hugepages} ${m_hugepages} ${default_pgsz} ${cpu_options}") -} - -class platform::compute::grub::update - inherits ::platform::compute::grub::params { - - notice('Updating grub configuration') - - $to_be_removed = join($keys, ' ') - exec { 'Remove the cpu arguments': - command => "grubby --update-kernel=ALL --remove-args='${to_be_removed}'", - } - -> exec { 'Add the cpu arguments': - command => "grubby --update-kernel=ALL --args='${grub_updates}'", - } -} - -class platform::compute::grub::recovery { - - notice('Update Grub and Reboot') - - class {'platform::compute::grub::update': } -> Exec['reboot-recovery'] - - exec { 'reboot-recovery': - command => 'reboot', - } -} - -class platform::compute::grub::audit - inherits ::platform::compute::grub::params { - - if ! str2bool($::is_initial_config_primary) { - - notice('Audit CPU and Grub Configuration') - - $expected_n_cpus = Integer($::number_of_logical_cpus) - $n_cpus_ok = ($n_cpus == $expected_n_cpus) - - $cmd_ok = check_grub_config($grub_updates) - - if $cmd_ok and $n_cpus_ok { - $ensure = present - notice('CPU and Boot Argument audit passed.') - } else { - $ensure = absent - if !$cmd_ok { - notice('Kernel Boot Argument Mismatch') - include ::platform::compute::grub::recovery - } else { - notice("Mismatched CPUs: Found=${n_cpus}, Expected=${expected_n_cpus}") - } - } - - file { '/var/run/worker_goenabled': - ensure => $ensure, - owner => 'root', - group => 'root', - mode => '0644', - } - } -} - -class platform::compute::grub::runtime { - include ::platform::compute::grub::update -} - -# Mounts virtual hugetlbfs filesystems for each supported page size -class platform::compute::hugetlbf { - - if str2bool($::is_hugetlbfs_enabled) { - - $fs_list = generate('/bin/bash', '-c', 'ls -1d /sys/kernel/mm/hugepages/hugepages-*') - $array = split($fs_list, '\n') - $array.each | String $val | { - $page_name = generate('/bin/bash', '-c', "basename ${val}") - $page_size = strip(regsubst($page_name, 'hugepages-', '')) - $hugemnt ="/mnt/huge-${page_size}" - $options = "pagesize=${page_size}" - - # TODO: Once all the code is switched over to use the /dev - # mount point we can get rid of this mount point. - notice("Mounting hugetlbfs at: ${hugemnt}") - exec { "create ${hugemnt}": - command => "mkdir -p ${hugemnt}", - onlyif => "test ! -d ${hugemnt}", - } - -> mount { $hugemnt: - ensure => 'mounted', - device => 'none', - fstype => 'hugetlbfs', - name => $hugemnt, - options => $options, - atboot => 'yes', - remounts => true, - } - - # The libvirt helm chart expects hugepages to be mounted - # under /dev so let's do that. - $hugemnt2 ="/dev/huge-${page_size}" - notice("Mounting hugetlbfs at: ${hugemnt2}") - file { $hugemnt2: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> mount { $hugemnt2: - ensure => 'mounted', - device => 'none', - fstype => 'hugetlbfs', - name => $hugemnt2, - options => $options, - atboot => 'yes', - remounts => true, - } - } - - # The libvirt helm chart also assumes that the default hugepage size - # will be mounted at /dev/hugepages so let's make that happen too. - # Once we upstream a fix to the helm chart to automatically determine - # the mountpoint then we can remove this. - $page_size = '2M' - $hugemnt ='/dev/hugepages' - $options = "pagesize=${page_size}" - - notice("Mounting hugetlbfs at: ${hugemnt}") - exec { "create ${hugemnt}": - command => "mkdir -p ${hugemnt}", - onlyif => "test ! -d ${hugemnt}", - } - -> mount { $hugemnt: - ensure => 'mounted', - device => 'none', - fstype => 'hugetlbfs', - name => $hugemnt, - options => $options, - atboot => 'yes', - remounts => true, - } - } -} - -# lint:ignore:variable_is_lowercase -class platform::compute::hugepage::params ( - $nr_hugepages_2M = undef, - $nr_hugepages_1G = undef, - $vswitch_2M_pages = '', - $vswitch_1G_pages = '', - $vm_4K_pages = '', - $vm_2M_pages = '', - $vm_1G_pages = '', -) {} - - -define allocate_pages ( - $path, - $page_count, -) { - exec { "Allocate ${page_count} ${path}": - command => "echo ${page_count} > ${path}", - onlyif => "test -f ${path}", - } -} - -# Allocates HugeTLB memory according to the attributes specified in the -# nr_hugepages_2M and nr_hugepages_1G -class platform::compute::allocate - inherits ::platform::compute::hugepage::params { - - # determine the node file system - if str2bool($::is_per_numa_supported) { - $nodefs = '/sys/devices/system/node' - } else { - $nodefs = '/sys/kernel/mm' - } - - if $nr_hugepages_2M != undef { - $nr_hugepages_2M_array = regsubst($nr_hugepages_2M, '[\(\)\"]', '', 'G').split(' ') - $nr_hugepages_2M_array.each | String $val | { - $per_node_2M = $val.split(':') - if size($per_node_2M)== 3 { - $node = $per_node_2M[0] - $page_size = $per_node_2M[1] - allocate_pages { "Start ${node} ${page_size}": - path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages", - page_count => $per_node_2M[2], - } - } - } - } - - if $nr_hugepages_1G != undef { - $nr_hugepages_1G_array = regsubst($nr_hugepages_1G , '[\(\)\"]', '', 'G').split(' ') - $nr_hugepages_1G_array.each | String $val | { - $per_node_1G = $val.split(':') - if size($per_node_1G)== 3 { - $node = $per_node_1G[0] - $page_size = $per_node_1G[1] - allocate_pages { "Start ${node} ${page_size}": - path => "${nodefs}/${node}/hugepages/hugepages-${page_size}/nr_hugepages", - page_count => $per_node_1G[2], - } - } - } - } -} -# lint:endignore:variable_is_lowercase - -# Mount resctrl to allow Cache Allocation Technology per VM -class platform::compute::resctrl { - - if str2bool($::is_resctrl_supported) { - mount { '/sys/fs/resctrl': - ensure => 'mounted', - device => 'resctrl', - fstype => 'resctrl', - name => '/sys/fs/resctrl', - atboot => 'yes', - remounts => true, - } - } -} - -# Set Power Management QoS resume latency constraints for CPUs. -# The PM QoS resume latency limit is set to shallow C-state for vswitch CPUs. -# All other CPUs are allowed to go to the deepest C-state available. -class platform::compute::pmqos ( - $low_wakeup_cpus = '', - $hight_wakeup_cpus = '', -) { - - if str2bool($::is_worker_subfunction) and str2bool($::is_lowlatency_subfunction) { - - $script = '/usr/bin/set-cpu-wakeup-latency.sh' - - if $low_wakeup_cpus != '""' { - # Set low wakeup latency (shallow C-state) for vswitch CPUs using PM QoS interface - exec { 'low-wakeup-latency': - command => "${script} low ${low_wakeup_cpus}", - onlyif => "test -f ${script}", - logoutput => true, - } - } - - if $hight_wakeup_cpus != '""' { - #Set high wakeup latency (deep C-state) for non-vswitch CPUs using PM QoS interface - exec { 'high-wakeup-latency': - command => "${script} high ${hight_wakeup_cpus}", - onlyif => "test -f ${script}", - logoutput => true, - } - } - } -} - -# Set systemd machine.slice cgroup cpuset to be used with VMs, -# and configure this cpuset to span all logical cpus and numa nodes. -# NOTES: -# - The parent directory cpuset spans all online cpus and numa nodes. -# - Setting the machine.slice cpuset prevents this from inheriting -# kubernetes libvirt pod's cpuset, since machine.slice cgroup will be -# created when a VM is launched if it does not already exist. -# - systemd automatically mounts cgroups and controllers, so don't need -# to do that here. -class platform::compute::machine { - $parent_dir = '/sys/fs/cgroup/cpuset' - $parent_mems = "${parent_dir}/cpuset.mems" - $parent_cpus = "${parent_dir}/cpuset.cpus" - $machine_dir = "${parent_dir}/machine.slice" - $machine_mems = "${machine_dir}/cpuset.mems" - $machine_cpus = "${machine_dir}/cpuset.cpus" - notice("Create ${machine_dir}") - file { $machine_dir : - ensure => directory, - owner => 'root', - group => 'root', - mode => '0700', - } - -> exec { "Create ${machine_mems}" : - command => "/bin/cat ${parent_mems} > ${machine_mems}", - } - -> exec { "Create ${machine_cpus}" : - command => "/bin/cat ${parent_cpus} > ${machine_cpus}", - } -} - -class platform::compute::kvm_timer_advance( - $enabled = False, - $vcpu_pin_set = undef -) { - if $enabled { - # include the declaration of the kubelet service - include ::platform::kubernetes::worker - - file { '/etc/kvm-timer-advance/kvm-timer-advance.conf': - ensure => 'present', - replace => true, - content => template('platform/kvm_timer_advance.conf.erb') - } - -> service { 'kvm_timer_advance_setup': - ensure => 'running', - enable => true, - before => Service['kubelet'], - } - # A separate enable is required since we have modified the service resource - # to never enable/disable services in puppet. - -> exec { 'Enable kvm_timer_advance_setup': - command => '/usr/bin/systemctl enable kvm_timer_advance_setup.service', - } - } else { - # A disable is required since we have modified the service resource - # to never enable/disable services in puppet and stop has no effect. - exec { 'Disable kvm_timer_advance_setup': - command => '/usr/bin/systemctl disable kvm_timer_advance_setup.service', - } - } -} - -class platform::compute { - - Class[$name] -> Class['::platform::vswitch'] - - require ::platform::compute::grub::audit - require ::platform::compute::hugetlbf - require ::platform::compute::allocate - require ::platform::compute::pmqos - require ::platform::compute::resctrl - require ::platform::compute::machine - require ::platform::compute::config - require ::platform::compute::kvm_timer_advance -} diff --git a/puppet-manifests/src/modules/platform/manifests/config.pp b/puppet-manifests/src/modules/platform/manifests/config.pp deleted file mode 100644 index 623ed828f2..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/config.pp +++ /dev/null @@ -1,423 +0,0 @@ -class platform::config::params ( - $config_uuid = 'install', - $hosts = {}, - $timezone = 'UTC', -) { } - - -class platform::config::certs::params ( - $ssl_ca_cert = '', -) { } - - -class platform::config - inherits ::platform::config::params { - - include ::platform::params - include ::platform::anchors - - stage { 'pre': - before => Stage['main'], - } - - stage { 'post': - require => Stage['main'], - } - - class { '::platform::config::pre': - stage => pre - } - - class { '::platform::config::post': - stage => post, - } -} - - -class platform::config::file { - - include ::platform::params - include ::platform::network::mgmt::params - include ::platform::network::oam::params - include ::platform::network::cluster_host::params - include ::openstack::horizon::params - - # dependent template variables - $management_interface = $::platform::network::mgmt::params::interface_name - $cluster_host_interface = $::platform::network::cluster_host::params::interface_name - $oam_interface = $::platform::network::oam::params::interface_name - - $platform_conf = '/etc/platform/platform.conf' - - file_line { "${platform_conf} sw_version": - path => $platform_conf, - line => "sw_version=${::platform::params::software_version}", - match => '^sw_version=', - } - - if $management_interface { - file_line { "${platform_conf} management_interface": - path => $platform_conf, - line => "management_interface=${management_interface}", - match => '^management_interface=', - } - } - - if $cluster_host_interface { - file_line { "${platform_conf} cluster_host_interface": - path => '/etc/platform/platform.conf', - line => "cluster_host_interface=${cluster_host_interface}", - match => '^cluster_host_interface=', - } - } - else { - file_line { "${platform_conf} cluster_host_interface": - ensure => absent, - path => '/etc/platform/platform.conf', - match => '^cluster_host_interface=', - match_for_absence => true, - } - } - - if $oam_interface { - file_line { "${platform_conf} oam_interface": - path => $platform_conf, - line => "oam_interface=${oam_interface}", - match => '^oam_interface=', - } - } - - if $::platform::params::vswitch_type { - file_line { "${platform_conf} vswitch_type": - path => $platform_conf, - line => "vswitch_type=${::platform::params::vswitch_type}", - match => '^vswitch_type=', - } - } - - if $::platform::params::system_type { - file_line { "${platform_conf} system_type": - path => $platform_conf, - line => "system_type=${::platform::params::system_type}", - match => '^system_type=*', - } - } - - if $::platform::params::system_mode { - file_line { "${platform_conf} system_mode": - path => $platform_conf, - line => "system_mode=${::platform::params::system_mode}", - match => '^system_mode=*', - } - } - - if $::platform::params::security_profile { - file_line { "${platform_conf} security_profile": - path => $platform_conf, - line => "security_profile=${::platform::params::security_profile}", - match => '^security_profile=*', - } - } - - if $::platform::params::sdn_enabled { - file_line { "${platform_conf}f sdn_enabled": - path => $platform_conf, - line => 'sdn_enabled=yes', - match => '^sdn_enabled=', - } - } - else { - file_line { "${platform_conf} sdn_enabled": - path => $platform_conf, - line => 'sdn_enabled=no', - match => '^sdn_enabled=', - } - } - - if $::platform::params::region_config { - file_line { "${platform_conf} region_config": - path => $platform_conf, - line => 'region_config=yes', - match => '^region_config=', - } - file_line { "${platform_conf} region_1_name": - path => $platform_conf, - line => "region_1_name=${::platform::params::region_1_name}", - match => '^region_1_name=', - } - file_line { "${platform_conf} region_2_name": - path => $platform_conf, - line => "region_2_name=${::platform::params::region_2_name}", - match => '^region_2_name=', - } - } else { - file_line { "${platform_conf} region_config": - path => $platform_conf, - line => 'region_config=no', - match => '^region_config=', - } - } - - if $::platform::params::distributed_cloud_role { - file_line { "${platform_conf} distributed_cloud_role": - path => $platform_conf, - line => "distributed_cloud_role=${::platform::params::distributed_cloud_role}", - match => '^distributed_cloud_role=', - } - } - - if $::platform::params::security_feature { - file_line { "${platform_conf} security_feature": - path => $platform_conf, - line => "security_feature=\"${::platform::params::security_feature}\"", - match => '^security_feature=*', - } - } - - file_line { "${platform_conf} http_port": - path => $platform_conf, - line => "http_port=${::openstack::horizon::params::http_port}", - match => '^http_port=', - } - -} - - -class platform::config::hostname { - include ::platform::params - - file { '/etc/hostname': - ensure => present, - owner => root, - group => root, - mode => '0644', - content => "${::platform::params::hostname}\n", - notify => Exec['set-hostname'], - } - - exec { 'set-hostname': - command => 'hostname -F /etc/hostname', - unless => 'test `hostname` = `cat /etc/hostname`', - } -} - - -class platform::config::hosts - inherits ::platform::config::params { - - # The localhost should resolve to the IPv4 loopback address only, therefore - # ensure the IPv6 address is removed from configured hosts - resources { 'host': purge => true } - - $localhost = { - 'localhost' => { - ip => '127.0.0.1', - host_aliases => ['localhost.localdomain', 'localhost4', 'localhost4.localdomain4'] - }, - } - - $merged_hosts = merge($localhost, $hosts) - create_resources('host', $merged_hosts, {}) -} - - -class platform::config::timezone - inherits ::platform::config::params { - exec { 'Configure Timezone': - command => "ln -sf /usr/share/zoneinfo/${timezone} /etc/localtime", - } -} - - -class platform::config::tpm { - $tpm_certs = hiera_hash('platform::tpm::tpm_data', undef) - if $tpm_certs != undef { - # iterate through each tpm_cert creating it if it doesn't exist - $tpm_certs.each |String $key, String $value| { - file { "create-TPM-cert-${key}": - ensure => present, - path => $key, - owner => root, - group => root, - mode => '0644', - content => $value, - } - } - } -} - - -class platform::config::certs::ssl_ca - inherits ::platform::config::certs::params { - - $ssl_ca_file = '/etc/pki/ca-trust/source/anchors/ca-cert.pem' - if str2bool($::is_initial_config) { - $docker_restart_cmd = 'systemctl restart docker' - } - else { - $docker_restart_cmd = 'pmon-restart dockerd' - } - - if ! empty($ssl_ca_cert) { - file { 'create-ssl-ca-cert': - ensure => present, - path => $ssl_ca_file, - owner => root, - group => root, - mode => '0644', - content => $ssl_ca_cert, - } - } - else { - file { 'create-ssl-ca-cert': - ensure => absent, - path => $ssl_ca_file - } - } - exec { 'update-ca-trust ': - command => 'update-ca-trust', - subscribe => File[$ssl_ca_file], - refreshonly => true - } - -> exec { 'restart docker': - command => $docker_restart_cmd, - subscribe => File[$ssl_ca_file], - refreshonly => true - } - if str2bool($::is_controller_active) { - Exec['restart docker'] - -> file { '/etc/platform/.ssl_ca_complete': - ensure => present, - owner => root, - group => root, - mode => '0644', - } - } -} - - -class platform::config::runtime { - include ::platform::config::certs::ssl_ca -} - - -class platform::config::pre { - group { 'nobody': - ensure => 'present', - gid => '99', - } - - include ::platform::config::timezone - include ::platform::config::hostname - include ::platform::config::hosts - include ::platform::config::file - include ::platform::config::tpm - include ::platform::config::certs::ssl_ca -} - - -class platform::config::post - inherits ::platform::config::params { - - include ::platform::params - - service { 'crond': - ensure => 'running', - enable => true, - } - - # When applying manifests to upgrade controller-1, we do not want SM or the - # sysinv-agent or anything else that depends on these flags to start. - if ! $::platform::params::controller_upgrade { - file { '/etc/platform/.config_applied': - ensure => present, - mode => '0640', - content => "CONFIG_UUID=${config_uuid}" - } - } -} - -class platform::config::controller::post -{ - include ::platform::params - - # TODO(tngo): The following block will be removed when we switch to Ansible - if str2bool($::is_initial_config_primary) { - # copy configured hosts to redundant storage - file { "${::platform::params::config_path}/hosts": - source => '/etc/hosts', - replace => false, - } - - file { '/etc/platform/.unlock_ready': - ensure => present, - } - } - - if ! $::platform::params::controller_upgrade { - file { '/etc/platform/.initial_config_complete': - ensure => present, - } - } - - file { '/etc/platform/.initial_controller_config_complete': - ensure => present, - } - - file { '/var/run/.controller_config_complete': - ensure => present, - } -} - -class platform::config::worker::post -{ - include ::platform::params - - if ! $::platform::params::controller_upgrade { - file { '/etc/platform/.initial_config_complete': - ensure => present, - } - } - - file { '/etc/platform/.initial_worker_config_complete': - ensure => present, - } - - file { '/var/run/.worker_config_complete': - ensure => present, - } -} - -class platform::config::storage::post -{ - include ::platform::params - - if ! $::platform::params::controller_upgrade { - file { '/etc/platform/.initial_config_complete': - ensure => present, - } - } - - file { '/etc/platform/.initial_storage_config_complete': - ensure => present, - } - - file { '/var/run/.storage_config_complete': - ensure => present, - } -} - -class platform::config::bootstrap { - stage { 'pre': - before => Stage['main'], - } - - stage { 'post': - require => Stage['main'], - } - - include ::platform::params - include ::platform::anchors - include ::platform::config::hostname - include ::platform::config::hosts -} diff --git a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp b/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp deleted file mode 100644 index dafc15d14a..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dcdbsync.pp +++ /dev/null @@ -1,44 +0,0 @@ -class platform::dcdbsync::params ( - $api_port = 8219, - $region_name = undef, - $service_create = false, - $service_enabled = false, - $default_endpoint_type = 'internalURL', -) { - include ::platform::params -} - -class platform::dcdbsync - inherits ::platform::dcdbsync::params { - if ($::platform::params::distributed_cloud_role == 'systemcontroller' or - $::platform::params::distributed_cloud_role == 'subcloud') { - if $service_create { - if $::platform::params::init_keystone { - include ::dcdbsync::keystone::auth - } - - class { '::dcdbsync': } - } - } -} - -class platform::dcdbsync::api - inherits ::platform::dcdbsync::params { - if ($::platform::params::distributed_cloud_role == 'systemcontroller' or - $::platform::params::distributed_cloud_role == 'subcloud') { - if $service_create { - include ::platform::network::mgmt::params - - $api_host = $::platform::network::mgmt::params::controller_address - $api_fqdn = $::platform::params::controller_hostname - $url_host = "http://${api_fqdn}:${api_port}" - - class { '::dcdbsync::api': - bind_host => $api_host, - bind_port => $api_port, - enabled => $service_enabled, - } - } - } -} - diff --git a/puppet-manifests/src/modules/platform/manifests/dcmanager.pp b/puppet-manifests/src/modules/platform/manifests/dcmanager.pp deleted file mode 100644 index f6460d296f..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dcmanager.pp +++ /dev/null @@ -1,81 +0,0 @@ -class platform::dcmanager::params ( - $api_port = 8119, - $region_name = undef, - $domain_name = undef, - $domain_admin = undef, - $domain_pwd = undef, - $service_name = 'dcmanager', - $default_endpoint_type = 'internalURL', - $service_create = false, -) { - include ::platform::params - - include ::platform::network::mgmt::params - $api_host = $::platform::network::mgmt::params::controller_address -} - - -class platform::dcmanager - inherits ::platform::dcmanager::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::platform::params - include ::platform::amqp::params - - if $::platform::params::init_database { - include ::dcmanager::db::postgresql - } - - class { '::dcmanager': - rabbit_host => $::platform::amqp::params::host_url, - rabbit_port => $::platform::amqp::params::port, - rabbit_userid => $::platform::amqp::params::auth_user, - rabbit_password => $::platform::amqp::params::auth_password, - } - } -} - -class platform::dcmanager::haproxy - inherits ::platform::dcmanager::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - platform::haproxy::proxy { 'dcmanager-restapi': - server_name => 's-dcmanager', - public_port => $api_port, - private_port => $api_port, - } - } -} - -class platform::dcmanager::manager { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::dcmanager::manager - } -} - -class platform::dcmanager::api - inherits ::platform::dcmanager::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - if ($::platform::dcmanager::params::service_create and - $::platform::params::init_keystone) { - include ::dcmanager::keystone::auth - } - - class { '::dcmanager::api': - bind_host => $api_host, - sync_db => $::platform::params::init_database, - } - - - include ::platform::dcmanager::haproxy - } -} - -class platform::dcmanager::runtime { - if $::platform::params::distributed_cloud_role == 'systemcontroller' { - include ::platform::amqp::params - include ::dcmanager - include ::dcmanager::db::postgresql - class { '::dcmanager::api': - sync_db => str2bool($::is_standalone_controller), - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/dcorch.pp b/puppet-manifests/src/modules/platform/manifests/dcorch.pp deleted file mode 100644 index 213bcfe7eb..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dcorch.pp +++ /dev/null @@ -1,151 +0,0 @@ -class platform::dcorch::params ( - $api_port = 8118, - $region_name = undef, - $domain_name = undef, - $domain_admin = undef, - $domain_pwd = undef, - $service_name = 'dcorch', - $default_endpoint_type = 'internalURL', - $service_create = false, - $neutron_api_proxy_port = 29696, - $nova_api_proxy_port = 28774, - $sysinv_api_proxy_port = 26385, - $cinder_api_proxy_port = 28776, - $cinder_enable_ports = false, - $patch_api_proxy_port = 25491, - $identity_api_proxy_port = 25000, -) { - include ::platform::params - - include ::platform::network::mgmt::params - $api_host = $::platform::network::mgmt::params::controller_address -} - - -class platform::dcorch - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::platform::params - include ::platform::amqp::params - - if $::platform::params::init_database { - include ::dcorch::db::postgresql - } - - class { '::dcorch': - rabbit_host => $::platform::amqp::params::host_url, - rabbit_port => $::platform::amqp::params::port, - rabbit_userid => $::platform::amqp::params::auth_user, - rabbit_password => $::platform::amqp::params::auth_password, - proxy_bind_host => $api_host, - proxy_remote_host => $api_host, - } - } -} - - -class platform::dcorch::firewall - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - platform::firewall::rule { 'dcorch-api': - service_name => 'dcorch', - ports => $api_port, - } - platform::firewall::rule { 'dcorch-nova-api-proxy': - service_name => 'dcorch-nova-api-proxy', - ports => $nova_api_proxy_port, - } - platform::firewall::rule { 'dcorch-neutron-api-proxy': - service_name => 'dcorch-neutron-api-proxy', - ports => $neutron_api_proxy_port, - } - platform::firewall::rule { 'dcorch-cinder-api-proxy': - service_name => 'dcorch-cinder-api-proxy', - ports => $cinder_api_proxy_port, - } - } -} - - -class platform::dcorch::haproxy - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - platform::haproxy::proxy { 'dcorch-neutron-api-proxy': - server_name => 's-dcorch-neutron-api-proxy', - public_port => $neutron_api_proxy_port, - private_port => $neutron_api_proxy_port, - } - platform::haproxy::proxy { 'dcorch-nova-api-proxy': - server_name => 's-dcorch-nova-api-proxy', - public_port => $nova_api_proxy_port, - private_port => $nova_api_proxy_port, - } - platform::haproxy::proxy { 'dcorch-sysinv-api-proxy': - server_name => 's-dcorch-sysinv-api-proxy', - public_port => $sysinv_api_proxy_port, - private_port => $sysinv_api_proxy_port, - } - platform::haproxy::proxy { 'dcorch-cinder-api-proxy': - server_name => 's-cinder-dc-api-proxy', - public_port => $cinder_api_proxy_port, - private_port => $cinder_api_proxy_port, - } - platform::haproxy::proxy { 'dcorch-patch-api-proxy': - server_name => 's-dcorch-patch-api-proxy', - public_port => $patch_api_proxy_port, - private_port => $patch_api_proxy_port, - } - platform::haproxy::proxy { 'dcorch-identity-api-proxy': - server_name => 's-dcorch-identity-api-proxy', - public_port => $identity_api_proxy_port, - private_port => $identity_api_proxy_port, - } - } -} - -class platform::dcorch::engine - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::dcorch::engine - } -} - -class platform::dcorch::snmp - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - class { '::dcorch::snmp': - bind_host => $api_host, - } - } -} - - -class platform::dcorch::api_proxy - inherits ::platform::dcorch::params { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - if ($::platform::dcorch::params::service_create and - $::platform::params::init_keystone) { - include ::dcorch::keystone::auth - } - - class { '::dcorch::api_proxy': - bind_host => $api_host, - sync_db => $::platform::params::init_database, - } - - include ::platform::dcorch::firewall - include ::platform::dcorch::haproxy - } -} - -class platform::dcorch::runtime { - if $::platform::params::distributed_cloud_role == 'systemcontroller' { - include ::platform::amqp::params - include ::dcorch - include ::dcorch::db::postgresql - - class { '::dcorch::api_proxy': - sync_db => str2bool($::is_standalone_controller), - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/devices.pp b/puppet-manifests/src/modules/platform/manifests/devices.pp deleted file mode 100644 index 248f2e1acf..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/devices.pp +++ /dev/null @@ -1,46 +0,0 @@ -define qat_device_files( - $qat_idx, - $device_id, -) { - if $device_id == 'dh895xcc'{ - file { "/etc/dh895xcc_dev${qat_idx}.conf": - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0640', - notify => Service['qat_service'], - } - } - - if $device_id == 'c62x'{ - file { "/etc/c62x_dev${qat_idx}.conf": - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0640', - notify => Service['qat_service'], - } - } -} - -class platform::devices::qat ( - $device_config = {}, - $service_enabled = false -) -{ - if $service_enabled { - create_resources('qat_device_files', $device_config) - - service { 'qat_service': - ensure => 'running', - enable => true, - hasrestart => true, - notify => Service['sysinv-agent'], - } - } -} - -class platform::devices { - include ::platform::devices::qat -} - diff --git a/puppet-manifests/src/modules/platform/manifests/dhclient.pp b/puppet-manifests/src/modules/platform/manifests/dhclient.pp deleted file mode 100644 index 00b3fa3264..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dhclient.pp +++ /dev/null @@ -1,19 +0,0 @@ -class platform::dhclient::params ( -) {} - - -class platform::dhclient - inherits ::platform::dhclient::params { - - file { '/etc/dhcp/dhclient.conf': - ensure => 'present', - replace => true, - content => template('platform/dhclient.conf.erb'), - before => Class['::platform::network::apply'], - } -} - - -class platform::dhclient::runtime { - include ::platform::dhclient -} diff --git a/puppet-manifests/src/modules/platform/manifests/dns.pp b/puppet-manifests/src/modules/platform/manifests/dns.pp deleted file mode 100644 index 08f0e864f3..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dns.pp +++ /dev/null @@ -1,84 +0,0 @@ -class platform::dns::dnsmasq { - - # dependent template variables - $install_uuid = $::install_uuid - - include ::platform::params - $config_path = $::platform::params::config_path - $pxeboot_hostname = $::platform::params::pxeboot_hostname - $mgmt_hostname = $::platform::params::controller_hostname - - include ::platform::network::pxeboot::params - $pxeboot_interface = $::platform::network::pxeboot::params::interface_name - $pxeboot_subnet_version = $::platform::network::pxeboot::params::subnet_version - $pxeboot_subnet_start = $::platform::network::pxeboot::params::subnet_start - $pxeboot_subnet_end = $::platform::network::pxeboot::params::subnet_end - $pxeboot_controller_address = $::platform::network::pxeboot::params::controller_address - - if $pxeboot_subnet_version == 4 { - $pxeboot_subnet_netmask = $::platform::network::pxeboot::params::subnet_netmask - } else { - $pxeboot_subnet_netmask = $::platform::network::pxeboot::params::subnet_prefixlen - } - - include ::platform::network::mgmt::params - $mgmt_interface = $::platform::network::mgmt::params::interface_name - $mgmt_subnet_version = $::platform::network::mgmt::params::subnet_version - $mgmt_subnet_start = $::platform::network::mgmt::params::subnet_start - $mgmt_subnet_end = $::platform::network::mgmt::params::subnet_end - $mgmt_controller_address = $::platform::network::mgmt::params::controller_address - $mgmt_network_mtu = $::platform::network::mgmt::params::mtu - - if $mgmt_subnet_version == 4 { - $mgmt_subnet_netmask = $::platform::network::mgmt::params::subnet_netmask - } else { - $mgmt_subnet_netmask = $::platform::network::mgmt::params::subnet_prefixlen - } - - include ::platform::kubernetes::params - $service_domain = $::platform::kubernetes::params::service_domain - $dns_service_ip = $::platform::kubernetes::params::dns_service_ip - - file { '/etc/dnsmasq.conf': - ensure => 'present', - replace => true, - content => template('platform/dnsmasq.conf.erb'), - } -} - - -class platform::dns::resolv ( - $servers, -) { - file { '/etc/resolv.conf': - ensure => 'present', - replace => true, - content => template('platform/resolv.conf.erb') - } -} - - -class platform::dns { - Anchor['platform::networking'] -> Class[$name] - - # The "contain" ensures that the resolv and dnsmasq classes are not applied - # until the dns class is begun, which will wait for networking to be - # complete, as per the anchor dependency above. This is necessary because - # the networking configuration can wipe the /etc/resolv.conf file. - contain ::platform::dns::resolv - contain ::platform::dns::dnsmasq -} - - -class platform::dns::dnsmasq::reload { - platform::sm::restart {'dnsmasq': } -} - - -class platform::dns::runtime { - include ::platform::dns::dnsmasq - - class {'::platform::dns::dnsmasq::reload': - stage => post - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/docker.pp b/puppet-manifests/src/modules/platform/manifests/docker.pp deleted file mode 100644 index 1c18c3de23..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/docker.pp +++ /dev/null @@ -1,130 +0,0 @@ -class platform::docker::params ( - $package_name = 'docker-ce', - $http_proxy = undef, - $https_proxy = undef, - $no_proxy = undef, - $k8s_registry = undef, - $gcr_registry = undef, - $quay_registry = undef, - $docker_registry = undef, - $k8s_registry_secret = undef, - $gcr_registry_secret = undef, - $quay_registry_secret = undef, - $docker_registry_secret = undef, - $insecure_registry = undef, -) { } - -class platform::docker::config - inherits ::platform::docker::params { - - if $http_proxy or $https_proxy { - file { '/etc/systemd/system/docker.service.d': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> file { '/etc/systemd/system/docker.service.d/http-proxy.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/dockerproxy.conf.erb'), - } - ~> exec { 'perform systemctl daemon reload for docker proxy': - command => 'systemctl daemon-reload', - logoutput => true, - refreshonly => true, - } ~> Service['docker'] - } - - Class['::platform::filesystem::docker'] ~> Class[$name] - - service { 'docker': - ensure => 'running', - name => 'docker', - enable => true, - require => Package['docker'] - } - -> exec { 'enable-docker': - command => '/usr/bin/systemctl enable docker.service', - } -} - -class platform::docker::install - inherits ::platform::docker::params { - - package { 'docker': - ensure => 'installed', - name => $package_name, - } -} - -class platform::docker -{ - include ::platform::docker::install - include ::platform::docker::config -} - -class platform::docker::config::bootstrap - inherits ::platform::docker::params { - - require ::platform::filesystem::docker::bootstrap - - Class['::platform::filesystem::docker::bootstrap'] ~> Class[$name] - - service { 'docker': - ensure => 'running', - name => 'docker', - enable => true, - require => Package['docker'] - } - -> exec { 'enable-docker': - command => '/usr/bin/systemctl enable docker.service', - } -} - -class platform::docker::bootstrap -{ - include ::platform::docker::install - include ::platform::docker::config::bootstrap -} - -define platform::docker::login_registry ( - $registry_url, - $registry_secret, -) { - include ::platform::client::params - - $auth_url = $::platform::client::params::identity_auth_url - $username = $::platform::client::params::admin_username - $user_domain = $::platform::client::params::admin_user_domain - $project_name = $::platform::client::params::admin_project_name - $project_domain = $::platform::client::params::admin_project_domain - $region_name = $::platform::client::params::keystone_identity_region - $password = $::platform::client::params::admin_password - $interface = 'internal' - - # Registry credentials have been stored in Barbican secret at Ansible - # bootstrap time, retrieve Barbican secret to get the payload - notice("Get payload of Barbican secret ${registry_secret}") - $secret_payload = generate( - '/bin/sh', '-c', template('platform/get-secret-payload.erb')) - - if $secret_payload { - # Parse Barbican secret payload to get the registry username and password - $secret_payload_array = split($secret_payload, ' ') - $registry_username = split($secret_payload_array[0], 'username:')[1] - $registry_password = split($secret_payload_array[1], 'password:')[1] - - # Login to authenticated registry - if $registry_username and $registry_password { - exec { 'Login registry': - command => "docker login ${registry_url} -u ${registry_username} -p ${registry_password}", - logoutput => true, - } - } else { - notice('Registry username or/and password NOT FOUND') - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp b/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp deleted file mode 100644 index bbef1cd9a6..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/dockerdistribution.pp +++ /dev/null @@ -1,296 +0,0 @@ -class platform::dockerdistribution::params ( - $registry_ks_endpoint = undef, -) {} - -define platform::dockerdistribution::write_config ( - $registry_readonly = false, - $file_path = '/etc/docker-distribution/registry/runtime_config.yml', - $docker_registry_ip = undef, - $docker_registry_host = undef, -){ - file { $file_path: - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/dockerdistribution.conf.erb'), - } -} - -class platform::dockerdistribution::config - inherits ::platform::dockerdistribution::params { - include ::platform::params - include ::platform::kubernetes::params - - include ::platform::network::mgmt::params - include ::platform::docker::params - - $docker_registry_ip = $::platform::network::mgmt::params::controller_address - $docker_registry_host = $::platform::network::mgmt::params::controller_address_url - $runtime_config = '/etc/docker-distribution/registry/runtime_config.yml' - $used_config = '/etc/docker-distribution/registry/config.yml' - - # check insecure registries - if $::platform::docker::params::insecure_registry { - # insecure registry is true means unified registry was set - $insecure_registries = "\"${::platform::docker::params::k8s_registry}\"" - } else { - $insecure_registries = '' - } - - # for external docker registry running insecure mode - file { '/etc/docker': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0700', - } - -> file { '/etc/docker/daemon.json': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/insecuredockerregistry.conf.erb'), - } - - platform::dockerdistribution::write_config { 'runtime_config': - docker_registry_ip => $docker_registry_ip, - docker_registry_host => $docker_registry_host - } - - -> exec { 'use runtime config file': - command => "ln -fs ${runtime_config} ${used_config}", - } - - platform::dockerdistribution::write_config { 'readonly_config': - registry_readonly => true, - file_path => '/etc/docker-distribution/registry/readonly_config.yml', - docker_registry_ip => $docker_registry_ip, - docker_registry_host => $docker_registry_host - } - - file { '/etc/docker-distribution/registry/token_server.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/registry-token-server.conf.erb'), - } - - # copy the startup script to where it is supposed to be - file {'docker_distribution_initd_script': - ensure => 'present', - path => '/etc/init.d/docker-distribution', - mode => '0755', - source => "puppet:///modules/${module_name}/docker-distribution" - } - - file {'registry_token_server_initd_script': - ensure => 'present', - path => '/etc/init.d/registry-token-server', - mode => '0755', - source => "puppet:///modules/${module_name}/registry-token-server" - } - - # self-signed certificate for registry use - # this needs to be generated here because the certificate - # need to know the registry ip address for SANs - if str2bool($::is_initial_config_primary) { - $shared_dir = $::platform::params::config_path - $certs_dir = '/etc/ssl/private' - - # create the certificate files - file { "${certs_dir}/registry-cert-extfile.cnf": - ensure => present, - owner => 'root', - group => 'root', - mode => '0400', - content => template('platform/registry-cert-extfile.erb'), - } - - -> exec { 'docker-registry-generate-cert': - command => "openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 \ - -keyout ${certs_dir}/registry-cert.key \ - -out ${certs_dir}/registry-cert.crt \ - -config ${certs_dir}/registry-cert-extfile.cnf", - logoutput => true - } - - -> exec { 'docker-registry-generate-pkcs1-cert-from-pkcs8': - command => "openssl rsa -in ${certs_dir}/registry-cert.key \ - -out ${certs_dir}/registry-cert-pkcs1.key", - logoutput => true - } - - # ensure permissions are set correctly - -> file { "${certs_dir}/registry-cert-pkcs1.key": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - } - - -> file { "${certs_dir}/registry-cert.key": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - } - - -> file { "${certs_dir}/registry-cert.crt": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - } - - # delete the extfile used in certificate generation - -> exec { 'remove-registry-cert-extfile': - command => "rm ${certs_dir}/registry-cert-extfile.cnf" - } - - # copy certificates and keys to shared directory for second controller - # we do not need to worry about second controller being up at this point, - # since we have a is_initial_config_primary check - -> file { "${shared_dir}/registry-cert-pkcs1.key": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - source => "${certs_dir}/registry-cert-pkcs1.key", - } - - -> file { "${shared_dir}/registry-cert.key": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - source => "${certs_dir}/registry-cert.key", - } - - -> file { "${shared_dir}/registry-cert.crt": - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - source => "${certs_dir}/registry-cert.crt", - } - - # copy the certificate to docker certificates directory, - # which makes docker trust that specific certificate - # this is required for self-signed and also if the user does - # not have a certificate signed by a "default" CA - - -> file { '/etc/docker/certs.d': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0700', - } - - -> file { '/etc/docker/certs.d/registry.local:9001': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0700', - } - - -> file { '/etc/docker/certs.d/registry.local:9001/registry-cert.crt': - ensure => 'file', - owner => 'root', - group => 'root', - mode => '0400', - source => "${certs_dir}/registry-cert.crt", - } - } - -} - -# compute also needs the "insecure" flag in order to deploy images from -# the registry. This is needed for insecure external registry -class platform::dockerdistribution::compute - inherits ::platform::dockerdistribution::params { - include ::platform::kubernetes::params - - include ::platform::network::mgmt::params - include ::platform::docker::params - - # check insecure registries - if $::platform::docker::params::insecure_registry { - # insecure registry is true means unified registry was set - $insecure_registries = "\"${::platform::docker::params::k8s_registry}\"" - } else { - $insecure_registries = '' - } - - # for external docker registry running insecure mode - file { '/etc/docker': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0700', - } - -> file { '/etc/docker/daemon.json': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/insecuredockerregistry.conf.erb'), - } -} - -class platform::dockerdistribution - inherits ::platform::dockerdistribution::params { - include ::platform::kubernetes::params - - include platform::dockerdistribution::config - - Class['::platform::docker::config'] -> Class[$name] -} - -class platform::dockerdistribution::reload { - platform::sm::restart {'registry-token-server': } - platform::sm::restart {'docker-distribution': } -} - -# this does not update the config right now -# the run time is only used to restart the token server and registry -class platform::dockerdistribution::runtime { - - class {'::platform::dockerdistribution::reload': - stage => post - } -} - -class platform::dockerdistribution::garbagecollect { - $runtime_config = '/etc/docker-distribution/registry/runtime_config.yml' - $readonly_config = '/etc/docker-distribution/registry/readonly_config.yml' - $used_config = '/etc/docker-distribution/registry/config.yml' - - exec { 'turn registry read only': - command => "ln -fs ${readonly_config} ${used_config}", - } - - # it doesn't like 2 platform::sm::restart with the same name - # so we have to do 1 as a command - -> exec { 'restart docker-distribution in read only': - command => 'sm-restart-safe service docker-distribution', - } - - -> exec { 'run garbage collect': - command => "/usr/bin/registry garbage-collect ${used_config}", - } - - -> exec { 'turn registry back to read write': - command => "ln -fs ${runtime_config} ${used_config}", - } - - -> platform::sm::restart {'docker-distribution': } -} - -class platform::dockerdistribution::bootstrap - inherits ::platform::dockerdistribution::params { - - include platform::dockerdistribution::config - Class['::platform::docker::config'] -> Class[$name] -} diff --git a/puppet-manifests/src/modules/platform/manifests/drbd.pp b/puppet-manifests/src/modules/platform/manifests/drbd.pp deleted file mode 100644 index 2420e09812..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/drbd.pp +++ /dev/null @@ -1,570 +0,0 @@ -class platform::drbd::params ( - $link_speed, - $link_util, - $num_parallel, - $rtt_ms, - $automount = false, - $ha_primary = false, - $initial_setup = false, - $fs_type = 'ext4', - $cpumask = false, -) { - include ::platform::params - $host1 = $::platform::params::controller_0_hostname - $host2 = $::platform::params::controller_1_hostname - - include ::platform::network::mgmt::params - $ip1 = $::platform::network::mgmt::params::controller0_address - $ip2 = $::platform::network::mgmt::params::controller1_address - - $manage = str2bool($::is_initial_config) -} - - -define platform::drbd::filesystem ( - $lv_name, - $vg_name, - $lv_size, - $port, - $device, - $mountpoint, - $resync_after = undef, - $sm_service = $title, - $ha_primary_override = undef, - $initial_setup_override = undef, - $automount_override = undef, - $manage_override = undef, - $ip2_override = undef, -) { - - if $manage_override == undef { - $drbd_manage = $::platform::drbd::params::manage - } else { - $drbd_manage = $manage_override - } - if $ha_primary_override == undef { - $drbd_primary = $::platform::drbd::params::ha_primary - } else { - $drbd_primary = $ha_primary_override - } - if $initial_setup_override == undef { - $drbd_initial = $::platform::drbd::params::initial_setup - } else { - $drbd_initial = $initial_setup_override - } - if $automount_override == undef { - $drbd_automount = $::platform::drbd::params::automount - } else { - $drbd_automount = $automount_override - } - if $ip2_override == undef { - $ip2 = $::platform::drbd::params::ip2 - } else { - $ip2 = $ip2_override - } - - - logical_volume { $lv_name: - ensure => present, - volume_group => $vg_name, - size => "${lv_size}G", - size_is_minsize => true, - } - - - -> drbd::resource { $title: - disk => "/dev/${vg_name}/${lv_name}", - port => $port, - device => $device, - mountpoint => $mountpoint, - handlers => { - before-resync-target => - "/usr/local/sbin/sm-notify -s ${sm_service} -e sync-start", - after-resync-target => - "/usr/local/sbin/sm-notify -s ${sm_service} -e sync-end", - }, - host1 => $::platform::drbd::params::host1, - host2 => $::platform::drbd::params::host2, - ip1 => $::platform::drbd::params::ip1, - ip2 => $ip2, - manage => $drbd_manage, - ha_primary => $drbd_primary, - initial_setup => $drbd_initial, - automount => $drbd_automount, - fs_type => $::platform::drbd::params::fs_type, - link_util => $::platform::drbd::params::link_util, - link_speed => $::platform::drbd::params::link_speed, - num_parallel => $::platform::drbd::params::num_parallel, - rtt_ms => $::platform::drbd::params::rtt_ms, - cpumask => $::platform::drbd::params::cpumask, - resync_after => $resync_after, - } - - if str2bool($::is_initial_config_primary) { - # NOTE: The DRBD file system can only be resized immediately if not peering, - # otherwise it must wait for the peer backing storage device to be - # resized before issuing the resize locally. - Drbd::Resource[$title] - - -> exec { "drbd resize ${title}": - command => "drbdadm -- --assume-peer-has-space resize ${title}", - } - - -> exec { "resize2fs ${title}": - command => "resize2fs ${device}", - } - } -} - - -class platform::drbd::pgsql::params ( - $device = '/dev/drbd0', - $lv_name = 'pgsql-lv', - $lv_size = '2', - $mountpoint = '/var/lib/postgresql', - $port = '7789', - $resource_name = 'drbd-pgsql', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::pgsql ( -) inherits ::platform::drbd::pgsql::params { - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - sm_service => 'drbd-pg', - } -} - - -class platform::drbd::rabbit::params ( - $device = '/dev/drbd1', - $lv_name = 'rabbit-lv', - $lv_size = '2', - $mountpoint = '/var/lib/rabbitmq', - $port = '7799', - $resource_name = 'drbd-rabbit', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::rabbit () - inherits ::platform::drbd::rabbit::params { - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => 'drbd-pgsql', - } -} - - -class platform::drbd::platform::params ( - $device = '/dev/drbd2', - $lv_name = 'platform-lv', - $lv_size = '10', - $mountpoint = '/opt/platform', - $port = '7790', - $vg_name = 'cgts-vg', - $resource_name = 'drbd-platform', -) {} - -class platform::drbd::platform () - inherits ::platform::drbd::platform::params { - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => 'drbd-rabbit', - } -} - - -class platform::drbd::extension::params ( - $device = '/dev/drbd5', - $lv_name = 'extension-lv', - $lv_size = '1', - $mountpoint = '/opt/extension', - $port = '7793', - $resource_name = 'drbd-extension', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::extension ( -) inherits ::platform::drbd::extension::params { - - include ::platform::params - include ::platform::drbd::platform::params - - if str2bool($::is_primary_disk_rotational) { - $resync_after = $::platform::drbd::platform::params::resource_name - } else { - $resync_after = undef - } - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => $resync_after, - } -} - -class platform::drbd::patch_vault::params ( - $service_enabled = false, - $device = '/dev/drbd6', - $lv_name = 'patch-vault-lv', - $lv_size = '8', - $mountpoint = '/opt/patch-vault', - $port = '7794', - $resource_name = 'drbd-patch-vault', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::patch_vault ( -) inherits ::platform::drbd::patch_vault::params { - - if str2bool($::is_standalone_controller) { - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - $drbd_manage = true - } else { - $drbd_primary = undef - $drbd_initial = undef - $drbd_automount = undef - $drbd_manage = undef - } - - if $service_enabled { - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => 'drbd-extension', - manage_override => $drbd_manage, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } - } -} - -class platform::drbd::etcd::params ( - #$service_enable = false, - $device = '/dev/drbd7', - $lv_name = 'etcd-lv', - $lv_size = '5', - $mountpoint = '/opt/etcd', - $port = '7797', - $resource_name = 'drbd-etcd', - $vg_name = 'cgts-vg', -) {} - - -class platform::drbd::etcd ( -) inherits ::platform::drbd::etcd::params { - - if str2bool($::is_initial_config_primary) { - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - $drbd_manage = true - } else { - $drbd_primary = undef - $drbd_initial = undef - $drbd_automount = undef - $drbd_manage = undef - } - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => undef, - manage_override => $drbd_manage, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } -} - -class platform::drbd::etcd::bootstrap ( -) inherits ::platform::drbd::etcd::params { - - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - $drbd_manage = true - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => undef, - manage_override => $drbd_manage, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } -} - -class platform::drbd::dockerdistribution::params ( - $device = '/dev/drbd8', - $lv_name = 'dockerdistribution-lv', - $lv_size = '1', - $mountpoint = '/var/lib/docker-distribution', - $port = '7798', - $resource_name = 'drbd-dockerdistribution', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::dockerdistribution () - inherits ::platform::drbd::dockerdistribution::params { - - if str2bool($::is_initial_config_primary) { - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - $drbd_manage = true - } else { - $drbd_primary = undef - $drbd_initial = undef - $drbd_automount = undef - $drbd_manage = undef - } - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => undef, - manage_override => $drbd_manage, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } -} - -class platform::drbd::dockerdistribution::bootstrap () - inherits ::platform::drbd::dockerdistribution::params { - - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - $drbd_manage = true - - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => undef, - manage_override => $drbd_manage, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } -} - -class platform::drbd::cephmon::params ( - $device = '/dev/drbd9', - $lv_name = 'ceph-mon-lv', - $mountpoint = '/var/lib/ceph/mon', - $port = '7788', - $resource_name = 'drbd-cephmon', - $vg_name = 'cgts-vg', -) {} - -class platform::drbd::cephmon () - inherits ::platform::drbd::cephmon::params { - - include ::platform::ceph::params - - $system_mode = $::platform::params::system_mode - $system_type = $::platform::params::system_type - - if str2bool($::is_standalone_controller) and ! str2bool($::is_node_ceph_configured) { - # Active controller, first time configuration. - $drbd_primary = true - $drbd_initial = true - $drbd_automount = true - - } elsif str2bool($::is_standalone_controller) { - # Active standalone controller, successive reboots. - $drbd_primary = true - $drbd_initial = undef - $drbd_automount = true - } else { - # Node unlock, reboot or standby configuration - # Do not mount ceph - $drbd_primary = undef - $drbd_initial = undef - $drbd_automount = undef - } - - if ($::platform::ceph::params::service_enabled and - $system_type == 'All-in-one' and 'duplex' in $system_mode) { - platform::drbd::filesystem { $resource_name: - vg_name => $vg_name, - lv_name => $lv_name, - lv_size => $::platform::ceph::params::mon_lv_size, - port => $port, - device => $device, - mountpoint => $mountpoint, - resync_after => undef, - manage_override => true, - ha_primary_override => $drbd_primary, - initial_setup_override => $drbd_initial, - automount_override => $drbd_automount, - } -> Class['::ceph'] - } -} - - -class platform::drbd( - $service_enable = false, - $service_ensure = 'stopped', -) { - if (str2bool($::is_initial_config_primary) or str2bool($::is_standalone_controller) - ){ - # Enable DRBD on standalone - class { '::drbd': - service_enable => true, - service_ensure => 'running', - } - } else { - class { '::drbd': - service_enable => $service_enable, - service_ensure => $service_ensure, - } - include ::drbd - } - - include ::platform::drbd::params - include ::platform::drbd::pgsql - include ::platform::drbd::rabbit - include ::platform::drbd::platform - include ::platform::drbd::extension - include ::platform::drbd::patch_vault - include ::platform::drbd::etcd - include ::platform::drbd::dockerdistribution - include ::platform::drbd::cephmon - - # network changes need to be applied prior to DRBD resources - Anchor['platform::networking'] - -> Drbd::Resource <| |> - -> Anchor['platform::services'] -} - - -class platform::drbd::bootstrap { - - class { '::drbd': - service_enable => true, - service_ensure => 'running' - } - - # override the defaults to initialize and activate the file systems - class { '::platform::drbd::params': - ha_primary => true, - initial_setup => true, - automount => true, - } - - include ::platform::drbd::pgsql - include ::platform::drbd::rabbit - include ::platform::drbd::platform - include ::platform::drbd::extension -} - - -class platform::drbd::runtime { - - class { '::platform::drbd': - service_enable => true, - service_ensure => 'running', - } -} - -class platform::drbd::runtime_service_enable { - - class { '::drbd': - service_enable => true, - service_ensure => 'running' - } -} - -class platform::drbd::pgsql::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::pgsql -} - - -class platform::drbd::platform::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::platform -} - - -class platform::drbd::extension::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::extension -} - - -class platform::drbd::patch_vault::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::patch_vault -} - -class platform::drbd::etcd::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::etcd -} - -class platform::drbd::dockerdistribution::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::dockerdistribution -} - -class platform::drbd::cephmon::runtime { - include ::platform::drbd::params - include ::platform::drbd::runtime_service_enable - include ::platform::drbd::cephmon -} diff --git a/puppet-manifests/src/modules/platform/manifests/etcd.pp b/puppet-manifests/src/modules/platform/manifests/etcd.pp deleted file mode 100644 index 09bc880600..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/etcd.pp +++ /dev/null @@ -1,122 +0,0 @@ -class platform::etcd::params ( - $bind_address = '0.0.0.0', - $port = 2379, - $node = 'controller', -) -{ - include ::platform::params - - $sw_version = $::platform::params::software_version - $etcd_basedir = '/opt/etcd' - $etcd_versioned_dir = "${etcd_basedir}/${sw_version}" -} - -# Modify the systemd service file for etcd and -# create an init.d script for SM to manage the service -class platform::etcd::setup { - - file {'etcd_override_dir': - ensure => directory, - path => '/etc/systemd/system/etcd.service.d', - mode => '0755', - } - -> file {'etcd_override': - ensure => present, - path => '/etc/systemd/system/etcd.service.d/etcd-override.conf', - mode => '0644', - source => "puppet:///modules/${module_name}/etcd-override.conf" - } - -> file {'etcd_initd_script': - ensure => 'present', - path => '/etc/init.d/etcd', - mode => '0755', - source => "puppet:///modules/${module_name}/etcd" - } - -> exec { 'systemd-reload-daemon': - command => '/usr/bin/systemctl daemon-reload', - } - -> Service['etcd'] -} - -class platform::etcd::init - inherits ::platform::etcd::params { - - $client_url = "http://${bind_address}:${port}" - - if str2bool($::is_initial_config_primary) { - $service_ensure = 'running' - } - else { - $service_ensure = 'stopped' - } - - class { 'etcd': - ensure => 'present', - etcd_name => $node, - service_enable => false, - service_ensure => $service_ensure, - cluster_enabled => false, - listen_client_urls => $client_url, - advertise_client_urls => $client_url, - data_dir => "${etcd_versioned_dir}/${node}.etcd", - proxy => 'off', - } -} - - -class platform::etcd - inherits ::platform::etcd::params { - - Class['::platform::drbd::etcd'] -> Class[$name] - - include ::platform::etcd::datadir - include ::platform::etcd::setup - include ::platform::etcd::init - - Class['::platform::etcd::datadir'] - -> Class['::platform::etcd::setup'] - -> Class['::platform::etcd::init'] -} - -class platform::etcd::datadir - inherits ::platform::etcd::params { - - Class['::platform::drbd::etcd'] -> Class[$name] - - if $::platform::params::init_database { - file { $etcd_versioned_dir: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - } -} - -class platform::etcd::datadir::bootstrap - inherits ::platform::etcd::params { - - require ::platform::drbd::etcd::bootstrap - Class['::platform::drbd::etcd::bootstrap'] -> Class[$name] - - if $::platform::params::init_database { - file { $etcd_versioned_dir: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - } -} - -class platform::etcd::bootstrap - inherits ::platform::etcd::params { - - include ::platform::etcd::datadir::bootstrap - include ::platform::etcd::setup - include ::platform::etcd::init - - Class['::platform::etcd::datadir::bootstrap'] - -> Class['::platform::etcd::setup'] - -> Class['::platform::etcd::init'] -} diff --git a/puppet-manifests/src/modules/platform/manifests/exports.pp b/puppet-manifests/src/modules/platform/manifests/exports.pp deleted file mode 100644 index 23aefd7026..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/exports.pp +++ /dev/null @@ -1,19 +0,0 @@ -class platform::exports { - - include ::platform::params - - file { '/etc/exports': - ensure => present, - mode => '0600', - owner => 'root', - group => 'root', - } - -> file_line { '/etc/exports /etc/platform': - path => '/etc/exports', - line => "/etc/platform\t\t ${::platform::params::mate_ipaddress}(no_root_squash,no_subtree_check,rw)", - match => '^/etc/platform\s', - } - -> exec { 'Re-export filesystems': - command => 'exportfs -r', - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/filesystem.pp b/puppet-manifests/src/modules/platform/manifests/filesystem.pp deleted file mode 100644 index f03abedd06..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/filesystem.pp +++ /dev/null @@ -1,306 +0,0 @@ -class platform::filesystem::params ( - $vg_name = 'cgts-vg', -) {} - - -define platform::filesystem ( - $lv_name, - $lv_size, - $mountpoint, - $fs_type, - $fs_options, - $fs_use_all = false, - $mode = '0750', -) { - include ::platform::filesystem::params - $vg_name = $::platform::filesystem::params::vg_name - - $device = "/dev/${vg_name}/${lv_name}" - - if !$fs_use_all { - $size = "${lv_size}G" - $fs_size_is_minsize = true - } - else { - # use all available space - $size = undef - $fs_size_is_minsize = false - } - - # create logical volume - logical_volume { $lv_name: - ensure => present, - volume_group => $vg_name, - size => $size, - size_is_minsize => $fs_size_is_minsize, - } - - # create filesystem - -> filesystem { $device: - ensure => present, - fs_type => $fs_type, - options => $fs_options, - } - - -> file { $mountpoint: - ensure => 'directory', - owner => 'root', - group => 'root', - mode => $mode, - } - - -> mount { $name: - ensure => 'mounted', - atboot => 'yes', - name => $mountpoint, - device => $device, - options => 'defaults', - fstype => $fs_type, - } - - # The above mount resource doesn't actually remount devices that were already present in /etc/fstab, but were - # unmounted during manifest application. To get around this, we attempt to mount them again, if they are not - # already mounted. - -> exec { "mount ${device}": - unless => "mount | awk '{print \$3}' | grep -Fxq ${mountpoint}", - command => "mount ${mountpoint}", - path => '/usr/bin' - } -} - - -define platform::filesystem::resize( - $lv_name, - $lv_size, - $devmapper, -) { - include ::platform::filesystem::params - $vg_name = $::platform::filesystem::params::vg_name - - $device = "/dev/${vg_name}/${lv_name}" - - # TODO (rchurch): Fix this... Allowing return code 5 so that lvextends using the same size doesn't blow up - exec { "lvextend ${device}": - command => "lvextend -L${lv_size}G ${device}", - returns => [0, 5] - } - # After a partition extend, make sure that there is no leftover drbd - # type metadata from a previous install. Drbd writes its meta at the - # very end of a block device causing confusion for blkid. - -> exec { "wipe end of device ${device}": - command => "dd if=/dev/zero of=${device} bs=512 seek=$(($(blockdev --getsz ${device}) - 34)) count=34", - onlyif => "blkid ${device} | grep TYPE=\\\"drbd\\\"", - } - -> exec { "resize2fs ${devmapper}": - command => "resize2fs ${devmapper}", - onlyif => "blkid -s TYPE -o value ${devmapper} | grep -v xfs", - } - -> exec { "xfs_growfs ${devmapper}": - command => "xfs_growfs ${devmapper}", - onlyif => "blkid -s TYPE -o value ${devmapper} | grep xfs", - } -} - - -class platform::filesystem::backup::params ( - $lv_name = 'backup-lv', - $lv_size = '5', - $mountpoint = '/opt/backups', - $devmapper = '/dev/mapper/cgts--vg-backup--lv', - $fs_type = 'ext4', - $fs_options = ' ' -) {} - -class platform::filesystem::backup - inherits ::platform::filesystem::backup::params { - - platform::filesystem { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - mountpoint => $mountpoint, - fs_type => $fs_type, - fs_options => $fs_options - } -} - -class platform::filesystem::scratch::params ( - $lv_size = '8', - $lv_name = 'scratch-lv', - $mountpoint = '/scratch', - $devmapper = '/dev/mapper/cgts--vg-scratch--lv', - $fs_type = 'ext4', - $fs_options = ' ' -) { } - -class platform::filesystem::scratch - inherits ::platform::filesystem::scratch::params { - - platform::filesystem { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - mountpoint => $mountpoint, - fs_type => $fs_type, - fs_options => $fs_options - } -} - -class platform::filesystem::kubelet::params ( - $lv_size = '10', - $lv_name = 'kubelet-lv', - $mountpoint = '/var/lib/kubelet', - $devmapper = '/dev/mapper/cgts--vg-kubelet--lv', - $fs_type = 'ext4', - $fs_options = ' ' -) { } - -class platform::filesystem::kubelet - inherits ::platform::filesystem::kubelet::params { - - platform::filesystem { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - mountpoint => $mountpoint, - fs_type => $fs_type, - fs_options => $fs_options - } -} - -class platform::filesystem::docker::params ( - $lv_size = '1', - $lv_name = 'docker-lv', - $mountpoint = '/var/lib/docker', - $devmapper = '/dev/mapper/cgts--vg-docker--lv', - $fs_type = 'xfs', - $fs_options = '-n ftype=1', - $fs_use_all = false -) { } - -class platform::filesystem::docker - inherits ::platform::filesystem::docker::params { - - platform::filesystem { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - mountpoint => $mountpoint, - fs_type => $fs_type, - fs_options => $fs_options, - fs_use_all => $fs_use_all, - mode => '0711', - } -} - -class platform::filesystem::storage { - include ::platform::filesystem::kubelet - - class {'platform::filesystem::docker::params' : - lv_size => 30 - } - -> class {'platform::filesystem::docker' : - } - - Class['::platform::lvm::vg::cgts_vg'] -> Class[$name] -} - - -class platform::filesystem::compute { - include ::platform::filesystem::kubelet - class {'platform::filesystem::docker::params' : - lv_size => 30 - } - -> class {'platform::filesystem::docker' : - } - - Class['::platform::lvm::vg::cgts_vg'] -> Class[$name] -} - -class platform::filesystem::controller { - include ::platform::filesystem::backup - include ::platform::filesystem::scratch - include ::platform::filesystem::docker - include ::platform::filesystem::kubelet -} - - -class platform::filesystem::backup::runtime { - - include ::platform::filesystem::backup::params - $lv_name = $::platform::filesystem::backup::params::lv_name - $lv_size = $::platform::filesystem::backup::params::lv_size - $devmapper = $::platform::filesystem::backup::params::devmapper - - platform::filesystem::resize { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - devmapper => $devmapper, - } -} - - -class platform::filesystem::scratch::runtime { - - include ::platform::filesystem::scratch::params - $lv_name = $::platform::filesystem::scratch::params::lv_name - $lv_size = $::platform::filesystem::scratch::params::lv_size - $devmapper = $::platform::filesystem::scratch::params::devmapper - - platform::filesystem::resize { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - devmapper => $devmapper, - } -} - -class platform::filesystem::kubelet::runtime { - - include ::platform::filesystem::kubelet::params - $lv_name = $::platform::filesystem::kubelet::params::lv_name - $lv_size = $::platform::filesystem::kubelet::params::lv_size - $devmapper = $::platform::filesystem::kubelet::params::devmapper - - platform::filesystem::resize { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - devmapper => $devmapper, - } -} - - -class platform::filesystem::docker::runtime { - - include ::platform::filesystem::docker::params - $lv_name = $::platform::filesystem::docker::params::lv_name - $lv_size = $::platform::filesystem::docker::params::lv_size - $devmapper = $::platform::filesystem::docker::params::devmapper - - platform::filesystem::resize { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - devmapper => $devmapper, - } -} - - -class platform::filesystem::docker::params::bootstrap ( - $lv_size = '30', - $lv_name = 'docker-lv', - $mountpoint = '/var/lib/docker', - $devmapper = '/dev/mapper/cgts--vg-docker--lv', - $fs_type = 'xfs', - $fs_options = '-n ftype=1', - $fs_use_all = false -) { } - - -class platform::filesystem::docker::bootstrap - inherits ::platform::filesystem::docker::params::bootstrap { - - platform::filesystem { $lv_name: - lv_name => $lv_name, - lv_size => $lv_size, - mountpoint => $mountpoint, - fs_type => $fs_type, - fs_options => $fs_options, - fs_use_all => $fs_use_all, - mode => '0711', - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/firewall.pp b/puppet-manifests/src/modules/platform/manifests/firewall.pp deleted file mode 100644 index 0c3dd7100e..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/firewall.pp +++ /dev/null @@ -1,218 +0,0 @@ -define platform::firewall::rule ( - $service_name, - $chain = 'INPUT', - $destination = undef, - $ensure = present, - $host = 'ALL', - $jump = undef, - $outiface = undef, - $ports = undef, - $proto = 'tcp', - $table = undef, - $tosource = undef, -) { - - include ::platform::params - include ::platform::network::oam::params - - $ip_version = $::platform::network::oam::params::subnet_version - - $provider = $ip_version ? { - 6 => 'ip6tables', - default => 'iptables', - } - - $source = $host ? { - 'ALL' => $ip_version ? { - 6 => '::/0', - default => '0.0.0.0/0' - }, - default => $host, - } - - $heading = $chain ? { - 'OUTPUT' => 'outgoing', - 'POSTROUTING' => 'forwarding', - default => 'incoming', - } - - # NAT rule - if $jump == 'SNAT' or $jump == 'MASQUERADE' { - firewall { "500 ${service_name} ${heading} ${title}": - ensure => $ensure, - table => $table, - proto => $proto, - outiface => $outiface, - jump => $jump, - tosource => $tosource, - destination => $destination, - source => $source, - provider => $provider, - chain => $chain, - } - } - else { - if $ports == undef { - firewall { "500 ${service_name} ${heading} ${title}": - ensure => $ensure, - proto => $proto, - action => 'accept', - source => $source, - provider => $provider, - chain => $chain, - } - } - else { - firewall { "500 ${service_name} ${heading} ${title}": - ensure => $ensure, - proto => $proto, - dport => $ports, - action => 'accept', - source => $source, - provider => $provider, - chain => $chain, - } - } - } -} - -class platform::firewall::calico::oam::services { - include ::platform::params - include ::platform::network::oam::params - include ::platform::nfv::params - include ::platform::fm::params - include ::platform::patching::params - include ::platform::sysinv::params - include ::platform::smapi::params - include ::platform::ceph::params - include ::openstack::barbican::params - include ::openstack::keystone::params - include ::openstack::horizon::params - include ::platform::dcmanager::params - include ::platform::dcorch::params - - $ip_version = $::platform::network::oam::params::subnet_version - - # icmp - $t_icmp_proto = $ip_version ? { - 6 => 'ICMPv6', - default => 'ICMP' - } - - # udp - $sm_port = [2222, 2223] - $ntp_port = [123] - $snmp_port = [161, 162] - $ptp_port = [319, 320] - - # tcp - $ssh_port = [22] - - if $::platform::fm::params::service_enabled { - $fm_port = [$::platform::fm::params::api_port] - } else { - $fm_port = [] - } - - $nfv_vim_port = [$::platform::nfv::params::api_port] - $patching_port = [$::platform::patching::params::public_port] - $sysinv_port = [$::platform::sysinv::params::api_port] - $sm_api_port = [$::platform::smapi::params::port] - $kube_apiserver_port = [6443] - - if $::platform::ceph::params::service_enabled { - $ceph_radosgw_port = [$::platform::ceph::params::rgw_port] - } else { - $ceph_radosgw_port = [] - } - - $barbican_api_port = [$::openstack::barbican::params::api_port] - - if !$::platform::params::region_config { - $keystone_port = [$::openstack::keystone::params::api_port] - } else { - $keystone_port = [] - } - - if $::platform::params::distributed_cloud_role != 'subcloud' { - if $::openstack::horizon::params::enable_https { - $horizon_port = [$::openstack::horizon::params::https_port] - } else { - $horizon_port = [$::openstack::horizon::params::http_port] - } - } else { - $horizon_port = [] - } - - if $::platform::params::distributed_cloud_role == 'systemcontroller' { - $dc_port = [$::platform::dcmanager::params::api_port, - $::platform::dcorch::params::sysinv_api_proxy_port, - $::platform::dcorch::params::patch_api_proxy_port, - $::platform::dcorch::params::identity_api_proxy_port] - } else { - $dc_port = [] - } - - $t_ip_version = $ip_version - $t_udp_ports = concat($sm_port, $ntp_port, $snmp_port, $ptp_port) - $t_tcp_ports = concat($ssh_port, - $fm_port, $nfv_vim_port, $patching_port, $sysinv_port, $sm_api_port, - $kube_apiserver_port, - $ceph_radosgw_port, $barbican_api_port, $keystone_port, $horizon_port, - $dc_port) - - $file_name = '/tmp/gnp_all_oam.yaml' - file { $file_name: - ensure => file, - content => template('platform/calico_oam_if_gnp.yaml.erb'), - owner => 'root', - group => 'root', - mode => '0640', - } - -> exec { "apply resource ${file_name}": - path => '/usr/bin:/usr/sbin:/bin', - command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f ${file_name}", - onlyif => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf get customresourcedefinitions.apiextensions.k8s.io' - } -} - -class platform::firewall::calico::oam::endpoints { - include ::platform::params - include ::platform::network::oam::params - - $host = $::platform::params::hostname - $oam_if = $::platform::network::oam::params::interface_name - $oam_addr = $::platform::network::oam::params::interface_address - - # create/update host endpoint to represent oam interface - $file_name_oam = "/tmp/hep_${host}_oam.yaml" - file { $file_name_oam: - ensure => file, - content => template('platform/calico_oam_if_hep.yaml.erb'), - owner => 'root', - group => 'root', - mode => '0640', - } - -> exec { "apply resource ${file_name_oam}": - path => '/usr/bin:/usr/sbin:/bin', - command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f ${file_name_oam}", - onlyif => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf get customresourcedefinitions.apiextensions.k8s.io' - } -} - -class platform::firewall::calico::oam { - contain ::platform::firewall::calico::oam::endpoints - contain ::platform::firewall::calico::oam::services - - Class['::platform::kubernetes::master'] -> Class[$name] - Class['::platform::firewall::calico::oam::endpoints'] - -> Class['::platform::firewall::calico::oam::services'] -} - -class platform::firewall::runtime { - include ::platform::firewall::calico::oam::endpoints - include ::platform::firewall::calico::oam::services - - Class['::platform::firewall::calico::oam::endpoints'] - -> Class['::platform::firewall::calico::oam::services'] -} diff --git a/puppet-manifests/src/modules/platform/manifests/fm.pp b/puppet-manifests/src/modules/platform/manifests/fm.pp deleted file mode 100644 index 20066cebfd..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/fm.pp +++ /dev/null @@ -1,104 +0,0 @@ -class platform::fm::params ( - $api_port = 18002, - $api_host = '127.0.0.1', - $region_name = undef, - $system_name = undef, - $service_create = false, - $service_enabled = true, - $trap_destinations = [], - $sysinv_catalog_info = 'platform:sysinv:internalURL', -) { } - - -class platform::fm::config - inherits ::platform::fm::params { - - $trap_dest_str = join($trap_destinations,',') - class { '::fm': - region_name => $region_name, - system_name => $system_name, - trap_destinations => $trap_dest_str, - sysinv_catalog_info => $sysinv_catalog_info, - } -} - -class platform::fm - inherits ::platform::fm::params { - - include ::fm::client - include ::fm::keystone::authtoken - include ::platform::fm::config - - include ::platform::params - if $::platform::params::init_database { - include ::fm::db::postgresql - } -} - -class platform::fm::haproxy - inherits ::platform::fm::params { - - include ::platform::haproxy::params - - platform::haproxy::proxy { 'fm-api-internal': - server_name => 's-fm-api-internal', - public_ip_address => $::platform::haproxy::params::private_ip_address, - public_port => $api_port, - private_ip_address => $api_host, - private_port => $api_port, - public_api => false, - } - - platform::haproxy::proxy { 'fm-api-public': - server_name => 's-fm-api-public', - public_port => $api_port, - private_port => $api_port, - } -} - -class platform::fm::api - inherits ::platform::fm::params { - - include ::platform::params - - if $service_enabled { - if ($::platform::fm::service_create and - $::platform::params::init_keystone) { - include ::fm::keystone::auth - } - - include ::platform::params - - class { '::fm::api': - host => $api_host, - workers => $::platform::params::eng_workers, - sync_db => $::platform::params::init_database, - } - - include ::platform::fm::haproxy - } -} - -class platform::fm::runtime { - - require ::platform::fm::config - - exec { 'notify-fm-mgr': - command => '/usr/bin/pkill -HUP fmManager', - onlyif => 'pgrep fmManager' - } -} - -class platform::fm::bootstrap { - # Set up needed config to enable launching of fmManager later - include ::platform::fm::params - include ::platform::fm - if $::platform::params::init_keystone { - include ::fm::keystone::auth - class { '::fm::api': - host => $::platform::fm::params::api_host, - workers => $::platform::params::eng_workers, - sync_db => $::platform::params::init_database, - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/fstab.pp b/puppet-manifests/src/modules/platform/manifests/fstab.pp deleted file mode 100644 index 8b4d629d3d..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/fstab.pp +++ /dev/null @@ -1,20 +0,0 @@ -class platform::fstab { - include ::platform::params - - if $::personality != 'controller' { - exec { 'Unmount NFS filesystems': - command => 'umount -a -t nfs ; sleep 5 ;', - } - -> mount { '/opt/platform': - ensure => 'present', - fstype => 'nfs', - device => 'controller-platform-nfs:/opt/platform', - options => "${::platform::params::nfs_mount_options},_netdev", - atboot => 'yes', - remounts => true, - } - -> exec { 'Remount NFS filesystems': - command => 'umount -a -t nfs ; sleep 1 ; mount -a -t nfs', - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/grub.pp b/puppet-manifests/src/modules/platform/manifests/grub.pp deleted file mode 100644 index df6ea18500..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/grub.pp +++ /dev/null @@ -1,29 +0,0 @@ -class platform::grub -{ - include ::platform::params - $managed_security_params = 'nopti nospectre_v2' - - # Run grubby to update params - # First, remove all the parameters we manage, then we add back in the ones - # we want to use - exec { 'removing managed security kernel params from command line': - command => "grubby --update-kernel=`grubby --default-kernel` --remove-args=\"${managed_security_params}\"", - } - -> exec { 'removing managed security kernel params from command line for EFI': - command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --remove-args=\"${managed_security_params}\"", - } - -> exec { 'adding requested security kernel params to command line ': - command => "grubby --update-kernel=`grubby --default-kernel` --args=\"${::platform::params::security_feature}\"", - onlyif => "test -n \"${::platform::params::security_feature}\"" - } - -> exec { 'adding requested security kernel params to command line for EFI': - command => "grubby --efi --update-kernel=`grubby --efi --default-kernel` --args=\"${::platform::params::security_feature}\"", - onlyif => "test -n \"${::platform::params::security_feature}\"" - } -} - - -class platform::grub::runtime -{ - include ::platform::grub -} diff --git a/puppet-manifests/src/modules/platform/manifests/haproxy.pp b/puppet-manifests/src/modules/platform/manifests/haproxy.pp deleted file mode 100644 index 630cdeb092..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/haproxy.pp +++ /dev/null @@ -1,150 +0,0 @@ -class platform::haproxy::params ( - $private_ip_address, - $public_ip_address, - $enable_https = false, - - $global_options = undef, - $tpm_object = undef, - $tpm_engine = '/usr/lib64/openssl/engines/libtpm2.so', -) { } - - -define platform::haproxy::proxy ( - $server_name, - $private_port, - $public_port, - $public_ip_address = undef, - $private_ip_address = undef, - $server_timeout = undef, - $client_timeout = undef, - $x_forwarded_proto = true, - $enable_https = undef, - $public_api = true, -) { - include ::platform::haproxy::params - - if $enable_https != undef { - $https_enabled = $enable_https - } else { - $https_enabled = $::platform::haproxy::params::enable_https - } - - if $x_forwarded_proto { - if $https_enabled and $public_api { - $ssl_option = 'ssl crt /etc/ssl/private/server-cert.pem' - $proto = 'X-Forwarded-Proto:\ https' - # The value of max-age matches lighttpd.conf, and should be - # maintained for consistency - $hsts_option = 'Strict-Transport-Security:\ max-age=63072000;\ includeSubDomains' - } else { - $ssl_option = ' ' - $proto = 'X-Forwarded-Proto:\ http' - $hsts_option = undef - } - } else { - $ssl_option = ' ' - $proto = undef - $hsts_option = undef - } - - if $public_ip_address { - $public_ip = $public_ip_address - } else { - $public_ip = $::platform::haproxy::params::public_ip_address - } - - if $private_ip_address { - $private_ip = $private_ip_address - } else { - $private_ip = $::platform::haproxy::params::private_ip_address - } - - if $client_timeout { - $real_client_timeout = "client ${client_timeout}" - } else { - $real_client_timeout = undef - } - - haproxy::frontend { $name: - collect_exported => false, - name => $name, - bind => { - "${public_ip}:${public_port}" => $ssl_option, - }, - options => { - 'default_backend' => "${name}-internal", - 'reqadd' => $proto, - 'timeout' => $real_client_timeout, - 'rspadd' => $hsts_option, - }, - } - - if $server_timeout { - $timeout_option = "server ${server_timeout}" - } else { - $timeout_option = undef - } - - haproxy::backend { $name: - collect_exported => false, - name => "${name}-internal", - options => { - 'server' => "${server_name} ${private_ip}:${private_port}", - 'timeout' => $timeout_option, - } - } -} - - -class platform::haproxy::server { - - include ::platform::params - include ::platform::haproxy::params - - # If TPM mode is enabled then we need to configure - # the TPM object and the TPM OpenSSL engine in HAPROXY - $tpm_object = $::platform::haproxy::params::tpm_object - $tpm_engine = $::platform::haproxy::params::tpm_engine - if $tpm_object != undef { - $tpm_options = {'tpm-object' => $tpm_object, 'tpm-engine' => $tpm_engine} - $global_options = merge($::platform::haproxy::params::global_options, $tpm_options) - } else { - $global_options = $::platform::haproxy::params::global_options - } - - class { '::haproxy': - global_options => $global_options, - } - - user { 'haproxy': - ensure => 'present', - shell => '/sbin/nologin', - groups => [$::platform::params::protected_group_name], - } -> Class['::haproxy'] -} - - -class platform::haproxy::reload { - platform::sm::restart {'haproxy': } -} - - -class platform::haproxy::runtime { - include ::platform::haproxy::server - - include ::platform::patching::haproxy - include ::platform::sysinv::haproxy - include ::platform::nfv::haproxy - include ::platform::ceph::haproxy - include ::platform::fm::haproxy - if $::platform::params::distributed_cloud_role =='systemcontroller' { - include ::platform::dcmanager::haproxy - include ::platform::dcorch::haproxy - } - include ::openstack::keystone::haproxy - include ::openstack::barbican::haproxy - - class {'::platform::haproxy::reload': - stage => post - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/helm.pp b/puppet-manifests/src/modules/platform/manifests/helm.pp deleted file mode 100644 index c699d7391c..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/helm.pp +++ /dev/null @@ -1,179 +0,0 @@ -class platform::helm::repositories::params( - $source_helm_repos_base_dir = '/opt/platform/helm_charts', - $target_helm_repos_base_dir = '/www/pages/helm_charts', - $helm_repositories = [ 'stx-platform', 'starlingx' ], -) {} - -define platform::helm::repository ( - $repo_base = undef, - $repo_port = undef, - $create = false, - $primary = false, -) { - - $repo_path = "${repo_base}/${name}" - - if str2bool($create) { - file {$repo_path: - ensure => directory, - path => $repo_path, - owner => 'www', - require => User['www'], - } - - -> exec { "Generate index: ${repo_path}": - command => "helm repo index ${repo_path}", - logoutput => true, - user => 'www', - group => 'www', - require => User['www'], - } - - $before_relationship = Exec['Stop lighttpd'] - $require_relationship = [ User['sysadmin'], Exec["Generate index: ${repo_path}"] ] - } else { - $before_relationship = undef - $require_relationship = User['sysadmin'] - } - - exec { "Adding StarlingX helm repo: ${name}": - before => $before_relationship, - environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/sysadmin'], - command => "helm repo add ${name} http://127.0.0.1:${repo_port}/helm_charts/${name}", - logoutput => true, - user => 'sysadmin', - group => 'sys_protected', - require => $require_relationship - } -} - -class platform::helm::repositories - inherits ::platform::helm::repositories::params { - include ::openstack::horizon::params - include ::platform::users - - Anchor['platform::services'] - - -> platform::helm::repository { $helm_repositories: - repo_base => $target_helm_repos_base_dir, - repo_port => $::openstack::horizon::params::http_port, - create => $::is_initial_config, - primary => $::is_initial_config_primary, - } - - -> exec { 'Updating info of available charts locally from chart repo': - environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ], - command => 'helm repo update', - logoutput => true, - user => 'sysadmin', - group => 'sys_protected', - require => User['sysadmin'] - } -} - -class platform::helm - inherits ::platform::helm::repositories::params { - - include ::platform::docker::params - - file {$target_helm_repos_base_dir: - ensure => directory, - path => $target_helm_repos_base_dir, - owner => 'www', - require => User['www'] - } - - Drbd::Resource <| |> - - -> file {$source_helm_repos_base_dir: - ensure => directory, - path => $source_helm_repos_base_dir, - owner => 'www', - require => User['www'] - } - - if (str2bool($::is_initial_config) and $::personality == 'controller') { - - if str2bool($::is_initial_config_primary) { - - if $::platform::docker::params::gcr_registry { - $gcr_registry = $::platform::docker::params::gcr_registry - } else { - $gcr_registry = 'gcr.io' - } - - if $::platform::docker::params::quay_registry { - $quay_registry = $::platform::docker::params::quay_registry - } else { - $quay_registry = 'quay.io' - } - - Class['::platform::kubernetes::master'] - - -> exec { 'load tiller docker image': - command => "docker image pull ${gcr_registry}/kubernetes-helm/tiller:v2.13.1", - logoutput => true, - } - - # TODO(tngo): If and when tiller image is upversioned, please ensure armada compatibility as part of the test - -> exec { 'load armada docker image': - command => "docker image pull ${quay_registry}/airshipit/armada:8a1638098f88d92bf799ef4934abe569789b885e-ubuntu_bionic", - logoutput => true, - } - - -> exec { 'create service account for tiller': - command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf create serviceaccount --namespace kube-system tiller', - logoutput => true, - } - - -> exec { 'create cluster role binding for tiller service account': - command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller', # lint:ignore:140chars - logoutput => true, - } - - -> exec { 'initialize helm': - environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ], - command => "helm init --skip-refresh --service-account tiller --node-selectors \"node-role.kubernetes.io/master\"=\"\" --tiller-image=${gcr_registry}/kubernetes-helm/tiller:v2.13.1 --override spec.template.spec.hostNetwork=true", # lint:ignore:140chars - logoutput => true, - user => 'sysadmin', - group => 'sys_protected', - require => User['sysadmin'] - } - - exec { "bind mount ${target_helm_repos_base_dir}": - command => "mount -o bind -t ext4 ${source_helm_repos_base_dir} ${target_helm_repos_base_dir}", - require => File[ $source_helm_repos_base_dir, $target_helm_repos_base_dir ] - } - - } else { - - Class['::platform::kubernetes::master'] - - -> exec { 'initialize helm': - environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ], - command => 'helm init --skip-refresh --client-only', - logoutput => true, - user => 'sysadmin', - group => 'sys_protected', - require => User['sysadmin'] - } - } - - include ::platform::helm::repositories - include ::openstack::horizon::params - $port = $::openstack::horizon::params::http_port - - exec { 'restart lighttpd for helm': - require => [File['/etc/lighttpd/lighttpd.conf', $target_helm_repos_base_dir, $source_helm_repos_base_dir], - Exec['initialize helm']], - command => 'systemctl restart lighttpd.service', - logoutput => true, - } - - -> Class['::platform::helm::repositories'] - } -} - -class platform::helm::runtime { - include ::platform::helm::repositories -} diff --git a/puppet-manifests/src/modules/platform/manifests/influxdb.pp b/puppet-manifests/src/modules/platform/manifests/influxdb.pp deleted file mode 100644 index 752ada3c02..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/influxdb.pp +++ /dev/null @@ -1,87 +0,0 @@ -class platform::influxdb::params ( - $bind_address = undef, - $database = undef, - $typesdb = undef, - $batch_size = undef, - $batch_pending = undef, - $batch_timeout = undef, - $read_buffer = undef, -) {} - -class platform::influxdb - inherits ::platform::influxdb::params { - - user { 'influxdb': ensure => present, } - -> group { 'influxdb': ensure => present, } - - # make a pid dir for influxdb username and group - -> file { '/var/run/influxdb': - ensure => 'directory', - owner => 'influxdb', - group => 'influxdb', - mode => '0755', - } - - # make a log dir for influxdb username and group - -> file { '/var/log/influxdb': - ensure => 'directory', - owner => 'influxdb', - group => 'influxdb', - mode => '0755', - } - - # make a lib dir for influxdb username and group - -> file { '/var/lib/influxdb': - ensure => 'directory', - owner => 'influxdb', - group => 'influxdb', - mode => '0755', - } # now configure influxdb - - -> file { '/etc/influxdb/influxdb.conf': - ensure => 'present', - replace => true, - content => template('platform/influxdb.conf.erb'), - } # now make sure that influxdb is started - - -> exec { 'influxdb-enable': - command => 'systemctl enable influxdb', - unless => 'systemctl is-enabled influxdb' - } - - # ensure that influxdb is running - -> service { 'influxdb': - ensure => running, - enable => true, - provider => 'systemd' - } # now ask pmon to monitor the process - - # ensure pmon soft link for process monitoring - -> file { '/etc/pmon.d/influxdb.conf': - ensure => 'link', - target => '/etc/influxdb/influxdb.conf.pmon', - owner => 'root', - group => 'root', - mode => '0600', - } -} - -class platform::influxdb::runtime { - include ::platform::influxdb -} - -class platform::influxdb::logrotate::params ( - $log_file_name = undef, - $log_file_size = undef, - $log_file_rotate = undef, -) {} - -class platform::influxdb::logrotate - inherits ::platform::influxdb::logrotate::params { - - file { '/etc/logrotate.d/influxdb': - ensure => 'present', - replace => true, - content => template('platform/logrotate.erb'), - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp deleted file mode 100644 index 2ed49b8550..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp +++ /dev/null @@ -1,711 +0,0 @@ -class platform::kubernetes::params ( - $enabled = true, - $node_ip = undef, - $pod_network_cidr = undef, - $pod_network_ipversion = 4, - $service_network_cidr = undef, - $apiserver_advertise_address = undef, - $etcd_endpoint = undef, - $service_domain = undef, - $dns_service_ip = undef, - $host_labels = [], - $ca_crt = undef, - $ca_key = undef, - $sa_key = undef, - $sa_pub = undef, - $k8s_cpuset = undef, - $k8s_nodeset = undef, - $k8s_reserved_cpus = undef, - $k8s_reserved_mem = undef, - $apiserver_cert_san = [] - -) { } - -class platform::kubernetes::cgroup::params ( - $cgroup_root = '/sys/fs/cgroup', - $cgroup_name = 'k8s-infra', - $controllers = ['cpuset', 'cpu', 'cpuacct', 'memory', 'systemd', 'pids'], -) {} - -class platform::kubernetes::cgroup - inherits ::platform::kubernetes::cgroup::params { - include ::platform::kubernetes::params - - $k8s_cpuset = $::platform::kubernetes::params::k8s_cpuset - $k8s_nodeset = $::platform::kubernetes::params::k8s_nodeset - - # Default to float across all cpus and numa nodes - if !defined('$k8s_cpuset') { - $k8s_cpuset = generate('/bin/cat', '/sys/devices/system/cpu/online') - notice("System default cpuset ${k8s_cpuset}.") - } - if !defined('$k8s_nodeset') { - $k8s_nodeset = generate('/bin/cat', '/sys/devices/system/node/online') - notice("System default nodeset ${k8s_nodeset}.") - } - - # Create kubelet cgroup for the minimal set of required controllers. - # NOTE: The kubernetes cgroup_manager_linux func Exists() checks that - # specific subsystem cgroup paths actually exist on the system. The - # particular cgroup cgroupRoot must exist for the following controllers: - # "cpu", "cpuacct", "cpuset", "memory", "systemd", "pids". - # Reference: - # https://github.com/kubernetes/kubernetes/blob/master/pkg/kubelet/cm/cgroup_manager_linux.go - # systemd automatically mounts cgroups and controllers, so don't need - # to do that here. - notice("Create ${cgroup_root}/${controllers}/${cgroup_name}") - $controllers.each |String $controller| { - $cgroup_dir = "${cgroup_root}/${controller}/${cgroup_name}" - file { $cgroup_dir : - ensure => directory, - owner => 'root', - group => 'root', - mode => '0700', - } - - # Modify k8s cpuset resources to reflect platform configured cores. - # NOTE: Using 'exec' here instead of 'file' resource type with 'content' - # tag to update contents under /sys, since puppet tries to create files - # with temp names in the same directory, and the kernel only allows - # specific filenames to be created in these particular directories. - # This causes puppet to fail if we use the 'content' tag. - # NOTE: Child cgroups cpuset must be subset of parent. In the case where - # child directories already exist and we change the parent's cpuset to - # be a subset of what the children have, will cause the command to fail - # with "-bash: echo: write error: device or resource busy". - if $controller == 'cpuset' { - $cgroup_mems = "${cgroup_dir}/cpuset.mems" - $cgroup_cpus = "${cgroup_dir}/cpuset.cpus" - $cgroup_tasks = "${cgroup_dir}/tasks" - - notice("Set ${cgroup_name} nodeset: ${k8s_nodeset}, cpuset: ${k8s_cpuset}") - File[ $cgroup_dir ] - -> exec { "Create ${cgroup_mems}" : - command => "/bin/echo ${k8s_nodeset} > ${cgroup_mems} || :", - } - -> exec { "Create ${cgroup_cpus}" : - command => "/bin/echo ${k8s_cpuset} > ${cgroup_cpus} || :", - } - -> file { $cgroup_tasks : - ensure => file, - owner => 'root', - group => 'root', - mode => '0644', - } - } - } -} - -class platform::kubernetes::kubeadm { - - include ::platform::docker::params - include ::platform::kubernetes::params - - $node_ip = $::platform::kubernetes::params::node_ip - $host_labels = $::platform::kubernetes::params::host_labels - $k8s_reserved_cpus = $::platform::kubernetes::params::k8s_reserved_cpus - $k8s_reserved_mem = $::platform::kubernetes::params::k8s_reserved_mem - - $iptables_file = "net.bridge.bridge-nf-call-ip6tables = 1 - net.bridge.bridge-nf-call-iptables = 1" - - # Configure kubelet cpumanager options - if str2bool($::is_worker_subfunction) - and !('openstack-compute-node' - in $host_labels) { - $k8s_cpu_manager_opts = join([ - '--cpu-manager-policy=static', - '--system-reserved-cgroup=/system.slice', - join([ - '--system-reserved=', - "cpu=${k8s_reserved_cpus},", - "memory=${k8s_reserved_mem}Mi"]) - ], ' ') - } else { - $k8s_cpu_manager_opts = '--cpu-manager-policy=none' - } - - # Enable kubelet extra parameters that are node specific such as - # cpumanager - file { '/etc/sysconfig/kubelet': - ensure => file, - content => template('platform/kubelet.conf.erb'), - } - # The cpu_manager_state file is regenerated when cpumanager starts or - # changes allocations so it is safe to remove before kubelet starts. - # This file persists so cpumanager's DefaultCPUSet becomes inconsistent - # when we offline/online CPUs or change the number of reserved cpus. - -> exec { 'remove cpu_manager_state': - command => 'rm -f /var/lib/kubelet/cpu_manager_state || true', - } - - # Update iptables config. This is required based on: - # https://kubernetes.io/docs/tasks/tools/install-kubeadm - # This probably belongs somewhere else - initscripts package? - file { '/etc/sysctl.d/k8s.conf': - ensure => file, - content => $iptables_file, - owner => 'root', - group => 'root', - mode => '0644', - } - -> exec { 'update kernel parameters for iptables': - command => 'sysctl --system', - } - - # Create manifests directory required by kubelet - -> file { '/etc/kubernetes/manifests': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0700', - } - # Start kubelet. - -> service { 'kubelet': - enable => true, - } - # A seperate enable is required since we have modified the service resource - # to never enable services. - -> exec { 'enable-kubelet': - command => '/usr/bin/systemctl enable kubelet.service', - } -} - -class platform::kubernetes::master::init - inherits ::platform::kubernetes::params { - - include ::platform::params - include ::platform::docker::params - - $apiserver_loopback_address = $pod_network_ipversion ? { - 4 => '127.0.0.1', - 6 => '::1', - } - - $apiserver_certsans = concat($apiserver_cert_san, $apiserver_loopback_address, $apiserver_advertise_address) - - # This is used for imageRepository in template kubeadm.yaml.erb - if $::platform::docker::params::k8s_registry { - $k8s_registry = $::platform::docker::params::k8s_registry - } else { - $k8s_registry = 'k8s.gcr.io' - } - - # This is used for calico image in template calico.yaml.erb - if $::platform::docker::params::quay_registry { - $quay_registry = $::platform::docker::params::quay_registry - } else { - $quay_registry = 'quay.io' - } - - # This is used for device plugin images in template multus.yaml.erb, - # sriov-cni.yaml.erb and sriovdp-daemonset.yaml.erb - if $::platform::docker::params::docker_registry { - $docker_registry = $::platform::docker::params::docker_registry - } else { - $docker_registry = 'docker.io' - } - - if str2bool($::is_initial_config_primary) { - # For initial controller install, configure kubernetes from scratch. - $resolv_conf = '/etc/resolv.conf' - - # Configure the master node. - file { '/etc/kubernetes/kubeadm.yaml': - ensure => file, - content => template('platform/kubeadm.yaml.erb'), - } - - -> exec { 'configure master node': - command => 'kubeadm init --config=/etc/kubernetes/kubeadm.yaml', - logoutput => true, - } - - # Update ownership/permissions for file created by "kubeadm init". - # We want it readable by sysinv and sysadmin. - -> file { '/etc/kubernetes/admin.conf': - ensure => file, - owner => 'root', - group => $::platform::params::protected_group_name, - mode => '0640', - } - - # Add a bash profile script to set a k8s env variable - -> file {'bash_profile_k8s': - ensure => file, - path => '/etc/profile.d/kubeconfig.sh', - mode => '0644', - source => "puppet:///modules/${module_name}/kubeconfig.sh" - } - - # Deploy Multus as a Daemonset, and Calico is used as the default network - # (a network interface that every pod will be created with), each network - # attachment is made in addition to this default network. - -> file { '/etc/kubernetes/multus.yaml': - ensure => file, - content => template('platform/multus.yaml.erb'), - } - -> exec {'deploy multus daemonset': - command => - 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/multus.yaml', - logoutput => true, - } - - # Configure calico networking using the Kubernetes API datastore. - -> file { '/etc/kubernetes/calico.yaml': - ensure => file, - content => template('platform/calico.yaml.erb'), - } - -> exec { 'install calico networking': - command => - 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/calico.yaml', - logoutput => true, - } - - # Deploy sriov-cni as a Daemonset - -> file { '/etc/kubernetes/sriov-cni.yaml': - ensure => file, - content => template('platform/sriov-cni.yaml.erb'), - } - -> exec {'deploy sriov-cni daemonset': - command => - 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/sriov-cni.yaml', - logoutput => true, - } - - # Deploy SRIOV network device plugin as a Daemonset - -> file { '/etc/kubernetes/sriovdp-daemonset.yaml': - ensure => file, - content => template('platform/sriovdp-daemonset.yaml.erb'), - } - -> exec {'deploy sriov device plugin daemonset': - command => - 'kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/sriovdp-daemonset.yaml', - logoutput => true, - } - - # Remove the taint from the master node - -> exec { 'remove taint from master node': - command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master- || true", # lint:ignore:140chars - logoutput => true, - } - - # Add kubelet service override - -> file { '/etc/systemd/system/kubelet.service.d/kube-stx-override.conf': - ensure => file, - content => template('platform/kube-stx-override.conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # set kubelet monitored by pmond - -> file { '/etc/pmon.d/kubelet.conf': - ensure => file, - content => template('platform/kubelet-pmond-conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # Reload systemd - -> exec { 'perform systemctl daemon reload for kubelet override': - command => 'systemctl daemon-reload', - logoutput => true, - } - - # Initial kubernetes config done on node - -> file { '/etc/platform/.initial_k8s_config_complete': - ensure => present, - } - } else { - if str2bool($::is_initial_k8s_config) { - # This allows subsequent node installs - # Notes regarding ::is_initial_k8s_config check: - # - Ensures block is only run for new node installs (e.g. controller-1) - # or reinstalls. This part is needed only once; - # - Ansible configuration is independently configuring Kubernetes. A retry - # in configuration by puppet leads to failed manifest application. - # This flag is created by Ansible on controller-0; - # - Ansible replay is not impacted by flag creation. - - # If alternative k8s registry requires the authentication, - # kubeadm required images need to be pre-pulled on controller - if $k8s_registry != 'k8s.gcr.io' and $::platform::docker::params::k8s_registry_secret != undef { - File['/etc/kubernetes/kubeadm.yaml'] - -> platform::docker::login_registry { 'login k8s registry': - registry_url => $k8s_registry, - registry_secret => $::platform::docker::params::k8s_registry_secret - } - - -> exec { 'kubeadm to pre pull images': - command => 'kubeadm config images pull --config /etc/kubernetes/kubeadm.yaml', - logoutput => true, - before => Exec['configure master node'] - } - - -> exec { 'logout k8s registry': - command => "docker logout ${k8s_registry}", - logoutput => true, - } - } - - # Create necessary certificate files - file { '/etc/kubernetes/pki': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0755', - } - -> file { '/etc/kubernetes/pki/ca.crt': - ensure => file, - content => $ca_crt, - owner => 'root', - group => 'root', - mode => '0644', - } - -> file { '/etc/kubernetes/pki/ca.key': - ensure => file, - content => $ca_key, - owner => 'root', - group => 'root', - mode => '0600', - } - -> file { '/etc/kubernetes/pki/sa.key': - ensure => file, - content => $sa_key, - owner => 'root', - group => 'root', - mode => '0600', - } - -> file { '/etc/kubernetes/pki/sa.pub': - ensure => file, - content => $sa_pub, - owner => 'root', - group => 'root', - mode => '0600', - } - - # Configure the master node. - -> file { '/etc/kubernetes/kubeadm.yaml': - ensure => file, - content => template('platform/kubeadm.yaml.erb'), - } - - -> exec { 'configure master node': - command => 'kubeadm init --config=/etc/kubernetes/kubeadm.yaml', - logoutput => true, - } - - # Update ownership/permissions for file created by "kubeadm init". - # We want it readable by sysinv and sysadmin. - -> file { '/etc/kubernetes/admin.conf': - ensure => file, - owner => 'root', - group => $::platform::params::protected_group_name, - mode => '0640', - } - - # Add a bash profile script to set a k8s env variable - -> file {'bash_profile_k8s': - ensure => present, - path => '/etc/profile.d/kubeconfig.sh', - mode => '0644', - source => "puppet:///modules/${module_name}/kubeconfig.sh" - } - - # Remove the taint from the master node - -> exec { 'remove taint from master node': - command => "kubectl --kubeconfig=/etc/kubernetes/admin.conf taint node ${::platform::params::hostname} node-role.kubernetes.io/master- || true", # lint:ignore:140chars - logoutput => true, - } - - # Add kubelet service override - -> file { '/etc/systemd/system/kubelet.service.d/kube-stx-override.conf': - ensure => file, - content => template('platform/kube-stx-override.conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # set kubelet monitored by pmond - -> file { '/etc/pmon.d/kubelet.conf': - ensure => file, - content => template('platform/kubelet-pmond-conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # Reload systemd - -> exec { 'perform systemctl daemon reload for kubelet override': - command => 'systemctl daemon-reload', - logoutput => true, - } - - # Initial kubernetes config done on node - -> file { '/etc/platform/.initial_k8s_config_complete': - ensure => present, - } - } - } -} - -class platform::kubernetes::master - inherits ::platform::kubernetes::params { - - contain ::platform::kubernetes::kubeadm - contain ::platform::kubernetes::cgroup - contain ::platform::kubernetes::master::init - contain ::platform::kubernetes::coredns - contain ::platform::kubernetes::firewall - - Class['::platform::etcd'] -> Class[$name] - Class['::platform::docker::config'] -> Class[$name] - # Ensure DNS is configured as name resolution is required when - # kubeadm init is run. - Class['::platform::dns'] -> Class[$name] - Class['::platform::kubernetes::kubeadm'] - -> Class['::platform::kubernetes::cgroup'] - -> Class['::platform::kubernetes::master::init'] - -> Class['::platform::kubernetes::coredns'] - -> Class['::platform::kubernetes::firewall'] -} - -class platform::kubernetes::worker::params ( - $join_cmd = undef, -) { } - -class platform::kubernetes::worker::init - inherits ::platform::kubernetes::worker::params { - - Class['::platform::docker::config'] -> Class[$name] - - if str2bool($::is_initial_config) { - include ::platform::params - - if $::platform::docker::params::k8s_registry { - $k8s_registry = $::platform::docker::params::k8s_registry - } else { - $k8s_registry = 'k8s.gcr.io' - } - - # If alternative k8s registry requires the authentication, - # k8s pause image needs to be pre-pulled on worker nodes - if $k8s_registry != 'k8s.gcr.io' and $::platform::docker::params::k8s_registry_secret != undef { - # Get the pause image tag from kubeadm required images - # list and replace with alternative k8s registry - $get_k8s_pause_img = "kubeadm config images list 2>/dev/null |\ - awk '/^k8s.gcr.io\\/pause:/{print \$1}' | sed 's/k8s.gcr.io/${k8s_registry}/'" - $k8s_pause_img = generate('/bin/sh', '-c', $get_k8s_pause_img) - - if k8s_pause_img { - platform::docker::login_registry { 'login k8s registry': - registry_url => $k8s_registry, - registry_secret => $::platform::docker::params::k8s_registry_secret - } - - -> exec { 'load k8s pause image': - command => "docker image pull ${k8s_pause_img}", - logoutput => true, - before => Exec['configure worker node'] - } - - -> exec { 'logout k8s registry': - command => "docker logout ${k8s_registry}", - logoutput => true, - } - } - } - } - - # Configure the worker node. Only do this once, so check whether the - # kubelet.conf file has already been created (by the join). - exec { 'configure worker node': - command => $join_cmd, - logoutput => true, - unless => 'test -f /etc/kubernetes/kubelet.conf', - } - - # Add kubelet service override - -> file { '/etc/systemd/system/kubelet.service.d/kube-stx-override.conf': - ensure => file, - content => template('platform/kube-stx-override.conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # set kubelet monitored by pmond - -> file { '/etc/pmon.d/kubelet.conf': - ensure => file, - content => template('platform/kubelet-pmond-conf.erb'), - owner => 'root', - group => 'root', - mode => '0644', - } - - # Reload systemd - -> exec { 'perform systemctl daemon reload for kubelet override': - command => 'systemctl daemon-reload', - logoutput => true, - } -} - -class platform::kubernetes::worker::pci -( - $pcidp_network_resources = undef, -) { - include ::platform::kubernetes::params - - file { '/etc/pcidp': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0700', - } - -> file { '/etc/pcidp/config.json': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/pcidp.conf.erb'), - } -} - - -class platform::kubernetes::worker - inherits ::platform::kubernetes::params { - - # Worker configuration is not required on AIO hosts, since the master - # will already be configured and includes support for running pods. - if $::personality != 'controller' { - contain ::platform::kubernetes::kubeadm - contain ::platform::kubernetes::cgroup - contain ::platform::kubernetes::worker::init - - Class['::platform::kubernetes::kubeadm'] - -> Class['::platform::kubernetes::cgroup'] - -> Class['::platform::kubernetes::worker::init'] - } else { - # Reconfigure cgroups cpusets on AIO - contain ::platform::kubernetes::cgroup - - # Add refresh dependency for kubelet for hugepage allocation - Class['::platform::compute::allocate'] - ~> service { 'kubelet': - } - } - - file { '/var/run/.disable_worker_services': - ensure => file, - replace => no, - } - # TODO: The following exec is a workaround. Once kubernetes becomes the - # default installation, /etc/pmon.d/libvirtd.conf needs to be removed from - # the load. - exec { 'Update PMON libvirtd.conf': - command => "/bin/sed -i 's#mode = passive#mode = ignore #' /etc/pmon.d/libvirtd.conf", - onlyif => '/usr/bin/test -e /etc/pmon.d/libvirtd.conf' - } - - contain ::platform::kubernetes::worker::pci -} - -class platform::kubernetes::coredns { - - include ::platform::params - - if str2bool($::is_initial_config_primary) or str2bool($::is_initial_k8s_config) { - if $::platform::params::system_mode != 'simplex' { - # For duplex and multi-node system, restrict the dns pod to master nodes - exec { 'restrict coredns to master nodes': - command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"nodeSelector":{"node-role.kubernetes.io/master":""}}}}}\'', # lint:ignore:140chars - logoutput => true, - } - - -> exec { 'Use anti-affinity for coredns pods': - command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system patch deployment coredns -p \'{"spec":{"template":{"spec":{"affinity":{"podAntiAffinity":{"requiredDuringSchedulingIgnoredDuringExecution":[{"labelSelector":{"matchExpressions":[{"key":"k8s-app","operator":"In","values":["kube-dns"]}]},"topologyKey":"kubernetes.io/hostname"}]}}}}}}\'', # lint:ignore:140chars - logoutput => true, - } - } else { - # For simplex system, 1 coredns is enough - exec { '1 coredns for simplex mode': - command => 'kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system scale --replicas=1 deployment coredns', # lint:ignore:140chars - logoutput => true, - } - } - } -} - -# TODO: remove port 9001 once we have a public docker image registry using standard ports. -# add 5000 as the default port for private registry -class platform::kubernetes::firewall::params ( - $transport = 'tcp', - $table = 'nat', - $dports = [80, 443, 9001, 5000], - $chain = 'POSTROUTING', - $jump = 'SNAT', -) {} - -class platform::kubernetes::firewall - inherits ::platform::kubernetes::firewall::params { - - include ::platform::params - include ::platform::network::oam::params - include ::platform::network::mgmt::params - include ::platform::docker::params - - # add http_proxy and https_proxy port to k8s firewall - # in order to allow worker node access public network via proxy - if $::platform::docker::params::http_proxy { - $http_proxy_str_array = split($::platform::docker::params::http_proxy, ':') - $http_proxy_port = $http_proxy_str_array[length($http_proxy_str_array) - 1] - if $http_proxy_port =~ /^\d+$/ { - $http_proxy_port_val = $http_proxy_port - } - } - - if $::platform::docker::params::https_proxy { - $https_proxy_str_array = split($::platform::docker::params::https_proxy, ':') - $https_proxy_port = $https_proxy_str_array[length($https_proxy_str_array) - 1] - if $https_proxy_port =~ /^\d+$/ { - $https_proxy_port_val = $https_proxy_port - } - } - - if defined('$http_proxy_port_val') { - if defined('$https_proxy_port_val') and ($http_proxy_port_val != $https_proxy_port_val) { - $dports = $dports << $http_proxy_port_val << $https_proxy_port_val - } else { - $dports = $dports << $http_proxy_port_val - } - } elsif defined('$https_proxy_port_val') { - $dports = $dports << $https_proxy_port_val - } - - $system_mode = $::platform::params::system_mode - $oam_float_ip = $::platform::network::oam::params::controller_address - $oam_interface = $::platform::network::oam::params::interface_name - $mgmt_subnet = $::platform::network::mgmt::params::subnet_network - $mgmt_prefixlen = $::platform::network::mgmt::params::subnet_prefixlen - - $s_mgmt_subnet = "${mgmt_subnet}/${mgmt_prefixlen}" - $d_mgmt_subnet = "! ${s_mgmt_subnet}" - - if $system_mode != 'simplex' { - platform::firewall::rule { 'kubernetes-nat': - service_name => 'kubernetes', - table => $table, - chain => $chain, - proto => $transport, - jump => $jump, - ports => $dports, - host => $s_mgmt_subnet, - destination => $d_mgmt_subnet, - outiface => $oam_interface, - tosource => $oam_float_ip, - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/ldap.pp b/puppet-manifests/src/modules/platform/manifests/ldap.pp deleted file mode 100644 index b3d6ee7146..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/ldap.pp +++ /dev/null @@ -1,157 +0,0 @@ -class platform::ldap::params ( - $admin_pw, - $admin_hashed_pw = undef, - $provider_uri = undef, - $server_id = undef, - $ldapserver_remote = false, - $ldapserver_host = undef, - $bind_anonymous = false, -) {} - -class platform::ldap::server - inherits ::platform::ldap::params { - if ! $ldapserver_remote { - include ::platform::ldap::server::local - } -} - -class platform::ldap::server::local - inherits ::platform::ldap::params { - exec { 'slapd-convert-config': - command => '/usr/sbin/slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/schema/', - onlyif => '/usr/bin/test -e /etc/openldap/slapd.conf' - } - - exec { 'slapd-conf-move-backup': - command => '/bin/mv -f /etc/openldap/slapd.conf /etc/openldap/slapd.conf.backup', - onlyif => '/usr/bin/test -e /etc/openldap/slapd.conf' - } - - service { 'nscd': - ensure => 'running', - enable => true, - name => 'nscd', - hasstatus => true, - hasrestart => true, - } - - service { 'openldap': - ensure => 'running', - enable => true, - name => 'slapd', - hasstatus => true, - hasrestart => true, - } - - exec { 'stop-openldap': - command => '/usr/bin/systemctl stop slapd.service', - } - - exec { 'update-slapd-conf': - command => "/bin/sed -i \\ - -e 's#provider=ldap.*#provider=${provider_uri}#' \\ - -e 's:serverID.*:serverID ${server_id}:' \\ - -e 's:credentials.*:credentials=${admin_pw}:' \\ - -e 's:^rootpw .*:rootpw ${admin_hashed_pw}:' \\ - -e 's:modulepath .*:modulepath /usr/lib64/openldap:' \\ - /etc/openldap/slapd.conf", - onlyif => '/usr/bin/test -e /etc/openldap/slapd.conf' - } - - # don't populate the adminpw if binding anonymously - if ! $bind_anonymous { - file { '/usr/local/etc/ldapscripts/ldapscripts.passwd': - content => $admin_pw, - } - } - - file { '/usr/share/cracklib/cracklib-small': - ensure => link, - target => '/usr/share/cracklib/cracklib-small.pwd', - } - - # start openldap with updated config and updated nsswitch - # then convert slapd config to db format. Note, slapd must have run and created the db prior to this. - Exec['stop-openldap'] - -> Exec['update-slapd-conf'] - -> Service['nscd'] - -> Service['nslcd'] - -> Service['openldap'] - -> Exec['slapd-convert-config'] - -> Exec['slapd-conf-move-backup'] -} - - -class platform::ldap::client - inherits ::platform::ldap::params { - file { '/etc/openldap/ldap.conf': - ensure => 'present', - replace => true, - content => template('platform/ldap.conf.erb'), - } - - file { '/etc/nslcd.conf': - ensure => 'present', - replace => true, - content => template('platform/nslcd.conf.erb'), - } - -> service { 'nslcd': - ensure => 'running', - enable => true, - name => 'nslcd', - hasstatus => true, - hasrestart => true, - } - - if $::personality == 'controller' { - file { '/usr/local/etc/ldapscripts/ldapscripts.conf': - ensure => 'present', - replace => true, - content => template('platform/ldapscripts.conf.erb'), - } - } -} - -class platform::ldap::bootstrap - inherits ::platform::ldap::params { - include ::platform::params - # Local ldap server is configured during bootstrap. It is later - # replaced by remote ldapserver configuration (if needed) during - # application of controller / compute / storage manifest. - include ::platform::ldap::server::local - include ::platform::ldap::client - - Class['platform::ldap::server::local'] -> Class[$name] - - $dn = 'cn=ldapadmin,dc=cgcs,dc=local' - - exec { 'populate initial ldap configuration': - command => "ldapadd -D ${dn} -w ${admin_pw} -f /etc/openldap/initial_config.ldif" - } - -> exec { 'create ldap admin user': - command => 'ldapadduser admin root' - } - -> exec { 'create ldap operator user': - command => 'ldapadduser operator users' - } - -> exec { 'create ldap protected group': - command => "ldapaddgroup ${::platform::params::protected_group_name} ${::platform::params::protected_group_id}" - } - -> exec { 'add admin to sys_protected protected group' : - command => "ldapaddusertogroup admin ${::platform::params::protected_group_name}", - } - -> exec { 'add operator to sys_protected protected group' : - command => "ldapaddusertogroup operator ${::platform::params::protected_group_name}", - } - - # Change operator shell from default to /usr/local/bin/cgcs_cli - -> file { '/tmp/ldap.cgcs-shell.ldif': - ensure => present, - replace => true, - source => "puppet:///modules/${module_name}/ldap.cgcs-shell.ldif" - } - -> exec { 'ldap cgcs-cli shell update': - command => - "ldapmodify -D ${dn} -w ${admin_pw} -f /tmp/ldap.cgcs-shell.ldif" - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/lldp.pp b/puppet-manifests/src/modules/platform/manifests/lldp.pp deleted file mode 100644 index bc65d63767..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/lldp.pp +++ /dev/null @@ -1,35 +0,0 @@ -class platform::lldp::params( - $tx_interval = 30, - $tx_hold = 4, - $options = [] -) {} - - -class platform::lldp - inherits ::platform::lldp::params { - include ::platform::params - - $hostname = $::platform::params::hostname - $system = $::platform::params::system_name - $version = $::platform::params::software_version - - file { '/etc/lldpd.conf': - ensure => 'present', - replace => true, - content => template('platform/lldp.conf.erb'), - notify => Service['lldpd'], - } - - file { '/etc/default/lldpd': - ensure => 'present', - replace => true, - content => template('platform/lldpd.default.erb'), - notify => Service['lldpd'], - } - - service { 'lldpd': - ensure => 'running', - enable => true, - hasrestart => true, - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/lvm.pp b/puppet-manifests/src/modules/platform/manifests/lvm.pp deleted file mode 100644 index cf16e545c8..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/lvm.pp +++ /dev/null @@ -1,166 +0,0 @@ -class platform::lvm::params ( - $transition_filter = '[]', - $final_filter = '[]', -) {} - - -class platform::lvm - inherits platform::lvm::params { - - # Mask socket unit as well to make sure - # systemd socket activation does not happen - service { 'lvm2-lvmetad.socket': - ensure => 'stopped', - enable => mask, - } - # Masking service unit ensures that it is not started again - -> service { 'lvm2-lvmetad': - ensure => 'stopped', - enable => mask, - } - # Since masking is changing unit symlinks to point to /dev/null, - # we need to reload systemd configuration - -> exec { 'lvmetad-systemd-daemon-reload': - command => 'systemctl daemon-reload', - } - -> file_line { 'use_lvmetad': - path => '/etc/lvm/lvm.conf', - match => '^[^#]*use_lvmetad = 1', - line => ' use_lvmetad = 0', - } -} - - -define platform::lvm::global_filter($filter) { - file_line { "${name}: update lvm global_filter": - path => '/etc/lvm/lvm.conf', - line => " global_filter = ${filter}", - match => '^[ ]*global_filter =', - } -} - - -define platform::lvm::umount { - exec { "umount disk ${name}": - command => "umount ${name}; true", - } -} - - -class platform::lvm::vg::cgts_vg( - $vg_name = 'cgts-vg', - $physical_volumes = [], -) inherits platform::lvm::params { - - ::platform::lvm::umount { $physical_volumes: - } - -> physical_volume { $physical_volumes: - ensure => present, - } - -> volume_group { $vg_name: - ensure => present, - physical_volumes => $physical_volumes, - } -} - -class platform::lvm::vg::cinder_volumes( - $vg_name = 'cinder-volumes', - $physical_volumes = [], -) inherits platform::lvm::params { - # Let cinder manifests set up DRBD synced volume group -} - -class platform::lvm::vg::nova_local( - $vg_name = 'nova-local', - $physical_volumes = [], -) inherits platform::lvm::params { - # TODO(rchurch): refactor portions of platform::worker::storage and move here -} - -################## -# Controller Hosts -################## - -class platform::lvm::controller::vgs { - include ::platform::lvm::vg::cgts_vg - include ::platform::lvm::vg::cinder_volumes - include ::platform::lvm::vg::nova_local -} - -class platform::lvm::controller - inherits ::platform::lvm::params { - - ::platform::lvm::global_filter { 'transition filter': - filter => $transition_filter, - before => Class['::platform::lvm::controller::vgs'] - } - - ::platform::lvm::global_filter { 'final filter': - filter => $final_filter, - require => Class['::platform::lvm::controller::vgs'] - } - - include ::platform::lvm - include ::platform::lvm::controller::vgs -} - - -class platform::lvm::controller::runtime { - include ::platform::lvm::controller -} - -############### -# Compute Hosts -############### - -class platform::lvm::compute::vgs { - include ::platform::lvm::vg::cgts_vg - include ::platform::lvm::vg::nova_local -} - -class platform::lvm::compute - inherits ::platform::lvm::params { - - ::platform::lvm::global_filter { 'transition filter': - filter => $transition_filter, - before => Class['::platform::lvm::compute::vgs'] - } - - ::platform::lvm::global_filter { 'final filter': - filter => $final_filter, - require => Class['::platform::lvm::compute::vgs'] - } - - include ::platform::lvm - include ::platform::lvm::compute::vgs -} - - -class platform::lvm::compute::runtime { - include ::platform::lvm::compute -} - -############### -# Storage Hosts -############### - -class platform::lvm::storage::vgs { - include ::platform::lvm::vg::cgts_vg -} - -class platform::lvm::storage - inherits ::platform::lvm::params { - - ::platform::lvm::global_filter { 'final filter': - filter => $final_filter, - before => Class['::platform::lvm::storage::vgs'] - } - - include ::platform::lvm - include ::platform::lvm::storage::vgs -} - - -class platform::lvm::storage::runtime { - include ::platform::lvm::storage -} diff --git a/puppet-manifests/src/modules/platform/manifests/memcached.pp b/puppet-manifests/src/modules/platform/manifests/memcached.pp deleted file mode 100644 index 0fb5b9bfea..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/memcached.pp +++ /dev/null @@ -1,56 +0,0 @@ -class platform::memcached::params( - $package_ensure = 'present', - $logfile = '/var/log/memcached.log', - # set CACHESIZE in /etc/sysconfig/memcached - $max_memory = false, - $tcp_port = 11211, - $udp_port = 11211, - # set MAXCONN in /etc/sysconfig/memcached - $max_connections = 8192, - $service_restart = true, -) { - include ::platform::params - $controller_0_hostname = $::platform::params::controller_0_hostname - $controller_1_hostname = $::platform::params::controller_1_hostname - $system_mode = $::platform::params::system_mode - - if $system_mode == 'simplex' { - $listen_ip = $::platform::network::mgmt::params::controller0_address - } else { - case $::hostname { - $controller_0_hostname: { - $listen_ip = $::platform::network::mgmt::params::controller0_address - } - $controller_1_hostname: { - $listen_ip = $::platform::network::mgmt::params::controller1_address - } - default: { - fail("Hostname must be either ${controller_0_hostname} or ${controller_1_hostname}") - } - } - } - - $listen_ip_version = $::platform::network::mgmt::params::subnet_version -} - - -class platform::memcached - inherits ::platform::memcached::params { - - Anchor['platform::networking'] - - -> class { '::memcached': - package_ensure => $package_ensure, - logfile => $logfile, - listen_ip => $listen_ip, - tcp_port => $tcp_port, - udp_port => $udp_port, - max_connections => $max_connections, - max_memory => $max_memory, - service_restart => $service_restart, - } - - -> exec { 'systemctl enable memcached.service': - command => '/usr/bin/systemctl enable memcached.service', - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/mtce.pp b/puppet-manifests/src/modules/platform/manifests/mtce.pp deleted file mode 100644 index 96a4991399..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/mtce.pp +++ /dev/null @@ -1,93 +0,0 @@ -class platform::mtce::params ( - $auth_host = undef, - $auth_port = undef, - $auth_uri = undef, - $auth_username = undef, - $auth_pw = undef, - $auth_project = undef, - $auth_user_domain = undef, - $auth_project_domain = undef, - $auth_region = undef, - $worker_boot_timeout = 720, - $controller_boot_timeout = 1200, - $heartbeat_degrade_threshold = 6, - $heartbeat_failure_threshold = 10, - $heartbeat_failure_action = 'fail', - $heartbeat_period = 100, - $mtce_multicast = undef, - $mnfa_threshold = 2, - $mnfa_timeout = 0, - $sm_client_port = 2224, - $sm_server_port = 2124, -) { } - - -class platform::mtce - inherits ::platform::mtce::params { - - include ::platform::client::credentials::params - $keyring_directory = $::platform::client::credentials::params::keyring_directory - - file { '/etc/mtc.ini': - ensure => present, - mode => '0755', - content => template('mtce/mtc_ini.erb'), - } - - $boot_device = $::boot_disk_device_path -} - - -class platform::mtce::agent - inherits ::platform::mtce::params { - - if $::platform::params::init_keystone { - # configure a mtce keystone user - keystone_user { $auth_username: - ensure => present, - password => $auth_pw, - enabled => true, - } - - # assign an admin role for this mtce user on the services tenant - keystone_user_role { "${auth_username}@${auth_project}": - ensure => present, - user_domain => $auth_user_domain, - project_domain => $auth_project_domain, - roles => ['admin'], - } - } -} - - -class platform::mtce::reload { - exec {'signal-mtc-agent': - command => 'pkill -HUP mtcAgent', - } - exec {'signal-hbs-agent': - command => 'pkill -HUP hbsAgent', - } - - # mtcClient and hbsClient don't currently reload all configuration, - # therefore they must be restarted. Move to HUP if daemon updated. - exec {'pmon-restart-hbs-client': - command => 'pmon-restart hbsClient', - } - exec {'pmon-restart-mtc-client': - command => 'pmon-restart mtcClient', - } -} - -class platform::mtce::runtime { - include ::platform::mtce - - class {'::platform::mtce::reload': - stage => post - } -} - -class platform::mtce::bootstrap { - include ::platform::params - include ::platform::mtce - include ::platform::mtce::agent -} diff --git a/puppet-manifests/src/modules/platform/manifests/multipath.pp b/puppet-manifests/src/modules/platform/manifests/multipath.pp deleted file mode 100644 index a1ebf3f099..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/multipath.pp +++ /dev/null @@ -1,39 +0,0 @@ -class platform::multipath::params ( - $enabled = false, -) { -} - -class platform::multipath - inherits platform::multipath::params { - if $enabled { - file { '/etc/multipath.conf': - ensure => 'present', - mode => '0644', - content => template('platform/multipath.conf.erb') - } - -> service { 'start-multipathd': - ensure => 'running', - enable => true, - name => 'multipathd', - hasstatus => true, - hasrestart => true, - } - -> exec { 'systemctl-enable-multipathd': - command => '/usr/bin/systemctl enable multipathd.service', - } - } else { - service { 'stop-multipathd': - ensure => 'stopped', - enable => false, - name => 'multipathd', - hasstatus => true, - hasrestart => true, - } - -> exec { 'systemctl-disable-multipathd': - command => '/usr/bin/systemctl disable multipathd.service', - } - -> file { '/etc/multipath.conf': - ensure => 'absent', - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/network.pp b/puppet-manifests/src/modules/platform/manifests/network.pp deleted file mode 100644 index 5b945216ab..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/network.pp +++ /dev/null @@ -1,256 +0,0 @@ -class platform::network::pxeboot::params( - # shared parameters with base class - required for auto hiera parameter lookup - $interface_name = undef, - $interface_address = undef, - $interface_devices = [], - $subnet_version = undef, - $subnet_network = undef, - $subnet_network_url = undef, - $subnet_prefixlen = undef, - $subnet_netmask = undef, - $subnet_start = undef, - $subnet_end = undef, - $gateway_address = undef, - $controller_address = undef, # controller floating - $controller_address_url = undef, # controller floating url address - $controller0_address = undef, # controller unit0 - $controller1_address = undef, # controller unit1 - $mtu = 1500, -) { } - - -class platform::network::mgmt::params( - # shared parameters with base class - required for auto hiera parameter lookup - $interface_name = undef, - $interface_address = undef, - $interface_devices = [], - $subnet_version = undef, - $subnet_network = undef, - $subnet_network_url = undef, - $subnet_prefixlen = undef, - $subnet_netmask = undef, - $subnet_start = undef, - $subnet_end = undef, - $gateway_address = undef, - $controller_address = undef, # controller floating - $controller_address_url = undef, # controller floating url address - $controller0_address = undef, # controller unit0 - $controller1_address = undef, # controller unit1 - $mtu = 1500, - # network type specific parameters - $platform_nfs_address = undef, -) { } - -class platform::network::oam::params( - # shared parameters with base class - required for auto hiera parameter lookup - $interface_name = undef, - $interface_address = undef, - $interface_devices = [], - $subnet_version = undef, - $subnet_network = undef, - $subnet_network_url = undef, - $subnet_prefixlen = undef, - $subnet_netmask = undef, - $subnet_start = undef, - $subnet_end = undef, - $gateway_address = undef, - $controller_address = undef, # controller floating - $controller_address_url = undef, # controller floating url address - $controller0_address = undef, # controller unit0 - $controller1_address = undef, # controller unit1 - $mtu = 1500, -) { } - -class platform::network::cluster_host::params( - # shared parameters with base class - required for auto hiera parameter lookup - $interface_name = undef, - $interface_address = undef, - $interface_devices = [], - $subnet_version = undef, - $subnet_network = undef, - $subnet_network_url = undef, - $subnet_prefixlen = undef, - $subnet_netmask = undef, - $subnet_start = undef, - $subnet_end = undef, - $gateway_address = undef, - $controller_address = undef, # controller floating - $controller_address_url = undef, # controller floating url address - $controller0_address = undef, # controller unit0 - $controller1_address = undef, # controller unit1 - $mtu = 1500, -) { } - -class platform::network::ironic::params( - # shared parameters with base class - required for auto hiera parameter lookup - $interface_name = undef, - $interface_address = undef, - $interface_devices = [], - $subnet_version = undef, - $subnet_network = undef, - $subnet_network_url = undef, - $subnet_prefixlen = undef, - $subnet_netmask = undef, - $subnet_start = undef, - $subnet_end = undef, - $gateway_address = undef, - $controller_address = undef, # controller floating - $controller_address_url = undef, # controller floating url address - $controller0_address = undef, # controller unit0 - $controller1_address = undef, # controller unit1 - $mtu = 1500, -) { } - -define network_address ( - $address, - $ifname, -) { - # In AIO simplex configurations, the management addresses are assigned to the - # loopback interface. These addresses must be assigned using the host scope - # or assignment is prevented (can't have multiple global scope addresses on - # the loopback interface). - if $ifname == 'lo' { - $options = 'scope host' - } else { - $options = '' - } - - # addresses should only be configured if running in simplex, otherwise SM - # will configure them on the active controller. - exec { "Configuring ${name} IP address": - command => "ip addr replace ${address} dev ${ifname} ${options}", - onlyif => 'test -f /etc/platform/simplex', - } -} - - -# Defines a single route resource for an interface. -# If multiple are required in the future, then this will need to -# iterate over a hash to create multiple entries per file. -define network_route6 ( - $prefix, - $gateway, - $ifname, -) { - file { "/etc/sysconfig/network-scripts/route6-${ifname}": - ensure => present, - owner => root, - group => root, - mode => '0644', - content => "${prefix} via ${gateway} dev ${ifname}" - } -} - - -class platform::addresses ( - $address_config = {}, -) { - create_resources('network_address', $address_config, {}) -} - -define platform::interfaces::sriov_config( - $vf_addrs, - $vf_driver = undef -) { - if $vf_driver != undef { - ensure_resource(kmod::load, $vf_driver) - exec { "sriov-vf-bind-device: ${title}": - command => template('platform/sriov.bind-device.erb'), - logoutput => true, - require => Kmod::Load[$vf_driver], - } - } -} - -class platform::interfaces ( - $network_config = {}, - $route_config = {}, - $sriov_config = {} -) { - create_resources('network_config', $network_config, {}) - create_resources('network_route', $route_config, {}) - create_resources('platform::interfaces::sriov_config', $sriov_config, {}) - - include ::platform::params - include ::platform::network::mgmt::params - - # Add static IPv6 default route since DHCPv6 does not support the router option - if $::personality != 'controller' { - if $::platform::network::mgmt::params::subnet_version == $::platform::params::ipv6 { - network_route6 { 'ipv6 default route': - prefix => 'default', - gateway => $::platform::network::mgmt::params::controller_address, - ifname => $::platform::network::mgmt::params::interface_name - } - } - } -} - - -class platform::network::apply { - include ::platform::interfaces - include ::platform::addresses - - Network_config <| |> - -> Exec['apply-network-config'] - -> Network_address <| |> - -> Anchor['platform::networking'] - - # Adding Network_route dependency separately, in case it's empty, - # as puppet bug will remove dependency altogether if - # Network_route is empty. See below. - # https://projects.puppetlabs.com/issues/18399 - Network_config <| |> - -> Network_route <| |> - -> Exec['apply-network-config'] - - Network_config <| |> - -> Network_route6 <| |> - -> Exec['apply-network-config'] - - exec {'apply-network-config': - command => 'apply_network_config.sh', - } -} - - -class platform::network ( - $mlx4_core_options = undef, -) { - include ::platform::params - include ::platform::network::mgmt::params - include ::platform::network::cluster_host::params - - include ::platform::network::apply - - $management_interface = $::platform::network::mgmt::params::interface_name - - $testcmd = '/usr/local/bin/connectivity_test' - - if $::personality != 'controller' { - if $management_interface { - exec { 'connectivity-test-management': - command => "${testcmd} -t 70 -i ${management_interface} controller-platform-nfs; /bin/true", - require => Anchor['platform::networking'], - onlyif => 'test ! -f /etc/platform/simplex', - } - } - } - - if $mlx4_core_options { - exec { 'mlx4-core-config': - command => '/usr/bin/mlx4_core_config.sh', - subscribe => File['/etc/modprobe.d/mlx4_sriov.conf'], - refreshonly => true - } - - file {'/etc/modprobe.d/mlx4_sriov.conf': - content => "options mlx4_core ${mlx4_core_options}" - } - } -} - - -class platform::network::runtime { - include ::platform::network::apply -} diff --git a/puppet-manifests/src/modules/platform/manifests/nfv.pp b/puppet-manifests/src/modules/platform/manifests/nfv.pp deleted file mode 100644 index 10241e6c9e..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/nfv.pp +++ /dev/null @@ -1,77 +0,0 @@ -class platform::nfv::params ( - $api_port = 4545, - $region_name = undef, - $service_create = false, -) { } - - -class platform::nfv { - include ::platform::params - include ::platform::amqp::params - - group { 'nfv': - ensure => 'present', - gid => '172', - } - - user { 'nfv': - ensure => 'present', - comment => 'nfv', - gid => '172', - groups => ['nobody', 'nfv', $::platform::params::protected_group_name], - home => '/var/lib/nfv', - password => '!!', - password_max_age => '-1', - password_min_age => '-1', - shell => '/sbin/nologin', - uid => '172', - } - - file {'/opt/platform/nfv': - ensure => directory, - mode => '0755', - } - - include ::nfv - include ::nfv::vim - include ::nfv::nfvi - include ::nfv::alarm - include ::nfv::event_log -} - - -class platform::nfv::reload { - platform::sm::restart {'vim': } -} - - -class platform::nfv::runtime { - include ::platform::nfv - - class {'::platform::nfv::reload': - stage => post - } -} - - -class platform::nfv::haproxy - inherits ::platform::nfv::params { - - platform::haproxy::proxy { 'vim-restapi': - server_name => 's-vim-restapi', - public_port => $api_port, - private_port => $api_port, - } -} - - -class platform::nfv::api - inherits ::platform::nfv::params { - - if ($::platform::nfv::params::service_create and - $::platform::params::init_keystone) { - include ::nfv::keystone::auth - } - - include ::platform::nfv::haproxy -} diff --git a/puppet-manifests/src/modules/platform/manifests/ntp.pp b/puppet-manifests/src/modules/platform/manifests/ntp.pp deleted file mode 100644 index e8df46e18f..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/ntp.pp +++ /dev/null @@ -1,131 +0,0 @@ -class platform::ntp ( - $ntpdate_timeout, - $servers = [], - $enabled = true, -) { - if $enabled or ($::personality == 'controller'){ - $pmon_ensure = 'link' - } else { - $pmon_ensure = 'absent' - } - - File['ntp_config'] - -> File['ntp_config_initial'] - -> file {'ntpdate_override_dir': - ensure => directory, - path => '/etc/systemd/system/ntpdate.service.d', - mode => '0755', - } - -> file { 'ntpdate_tis_override': - ensure => file, - path => '/etc/systemd/system/ntpdate.service.d/tis_override.conf', - mode => '0644', - content => template('platform/ntp.override.erb'), - } - -> file { 'ntp_pmon_config': - ensure => file, - path => '/etc/ntp.pmon.conf', - mode => '0644', - content => template('platform/ntp.pmon.conf.erb'), - } - -> exec { 'systemd-daemon-reload': - command => '/usr/bin/systemctl daemon-reload', - } - -> exec { 'stop-ntpdate': - command => '/usr/bin/systemctl stop ntpdate.service', - returns => [ 0, 1 ], - } - -> exec { 'stop-ntpd': - command => '/usr/bin/systemctl stop ntpd.service', - returns => [ 0, 1 ], - } - -> file { 'ntp_pmon_link': - ensure => $pmon_ensure, - path => '/etc/pmon.d/ntpd.conf', - target => '/etc/ntp.pmon.conf', - owner => 'root', - group => 'root', - mode => '0600', - } - - if $enabled or ($::personality == 'controller') { - exec { 'enable-ntpdate': - command => '/usr/bin/systemctl enable ntpdate.service', - require => File['ntp_pmon_link'], - } - -> exec { 'enable-ntpd': - command => '/usr/bin/systemctl enable ntpd.service', - } - -> exec { 'start-ntpdate': - command => '/usr/bin/systemctl start ntpdate.service', - returns => [ 0, 1 ], - onlyif => "test ! -f /etc/platform/simplex || grep -q '^server' /etc/ntp.conf", - } - -> service { 'ntpd': - ensure => 'running', - enable => true, - name => 'ntpd', - hasstatus => true, - hasrestart => true, - } - - if $::personality == 'controller' { - Class['::platform::dns'] - -> Exec['enable-ntpdate'] - } else { - Anchor['platform::networking'] - -> Exec['enable-ntpdate'] - } - } else { - exec { 'disable-ntpdate': - command => '/usr/bin/systemctl disable ntpdate.service', - require => File['ntp_pmon_link'], - } - -> exec { 'disable-ntpd': - command => '/usr/bin/systemctl disable ntpd.service', - } - } -} - -class platform::ntp::server { - - if $::personality == 'controller' { - include ::platform::ntp - - include ::platform::params - $peer_server = $::platform::params::mate_hostname - - file { 'ntp_config': - ensure => file, - path => '/etc/ntp.conf', - mode => '0640', - content => template('platform/ntp.conf.server.erb'), - } - file { 'ntp_config_initial': - ensure => file, - path => '/etc/ntp_initial.conf', - mode => '0640', - content => template('platform/ntp_initial.conf.server.erb'), - } - } -} - -class platform::ntp::client { - - if $::personality != 'controller' { - include ::platform::ntp - - file { 'ntp_config': - ensure => file, - path => '/etc/ntp.conf', - mode => '0644', - content => template('platform/ntp.conf.client.erb'), - } - file { 'ntp_config_initial': - ensure => file, - path => '/etc/ntp_initial.conf', - mode => '0644', - content => template('platform/ntp_initial.conf.client.erb'), - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/params.pp b/puppet-manifests/src/modules/platform/manifests/params.pp deleted file mode 100644 index 9ef50eb273..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/params.pp +++ /dev/null @@ -1,91 +0,0 @@ -class platform::params ( - $hostname, - $controller_hostname, - $pxeboot_hostname, - $config_path = undef, - $controller_0_hostname = undef, - $controller_1_hostname = undef, - $controller_upgrade = false, - $mate_hostname = undef, - $mate_ipaddress = undef, - $nfs_proto = 'udp', - $nfs_rw_size = 1024, - $region_1_name = undef, - $region_2_name = undef, - $region_config = false, - $distributed_cloud_role = undef, - $sdn_enabled = false, - $software_version = undef, - $system_mode = undef, - $system_type = undef, - $system_name = undef, - $platform_cpu_count = undef, - $vswitch_type = undef, - $security_profile = undef, - $security_feature = undef, - $stx_openstack_applied = false, -) { - $ipv4 = 4 - $ipv6 = 6 - - $nfs_mount_options = "timeo=30,proto=${nfs_proto},vers=3,rsize=${nfs_rw_size},wsize=${nfs_rw_size}" - - $sysadmin_user_name = 'sysadmin' - $sysadmin_user_dir = '/home/sysadmin' - $protected_group_name = 'sys_protected' - $protected_group_id = '345' - - # PUPPET 4 treats custom facts as strings. We convert to int by adding zero. - $phys_core_count = 0 + $::physical_core_count - $plat_res_mem = 0 + $::platform_res_mem - - # Engineering parameters common to openstack services: - - # max number of workers - $eng_max_workers = 20 - # min number of workers - $eng_min_workers = 1 - # min platform core count - $platform_default_min_cpu_count = 2 - # total system memory per worker - $eng_worker_mb = 2000 - # memory headroom per worker (e.g., buffers, cached) - $eng_overhead_mb = 1000 - - notice("DEBUG: Platform cpu count obtained from sysinv DB is ${platform_cpu_count}.") - - # number of workers per service - if $system_type == 'All-in-one' { - $small_footprint = true - - # Set eng_workers for AIO based on the number of platform cores, not exceeding 2 for - # AIO simplex, Xeon-D and virtual box and not exceeding 3 for AIO duplex. - # All eng_workers derivatives are set to 1 for AIO. - # Services can add an additional worker if it is deemed necessary in their own puppet files. - if ($platform_cpu_count <= $platform_default_min_cpu_count) { - $eng_workers = $platform_cpu_count - } else { - if $system_mode == 'simplex' or ($phys_core_count <= 8 and $plat_res_mem < 14500) or str2bool($::is_virtual) { - $eng_workers = $platform_default_min_cpu_count - } else { - $eng_workers = $platform_default_min_cpu_count + 1 - } - } - $eng_workers_by_2 = $eng_min_workers - $eng_workers_by_4 = $eng_min_workers - $eng_workers_by_5 = $eng_min_workers - $eng_workers_by_6 = $eng_min_workers - } else { - # number of workers we can support based on memory - $small_footprint = false - $eng_workers_mem = floor($::memorysize_mb) / ($eng_worker_mb + $eng_overhead_mb) - $eng_workers = min($eng_max_workers, $eng_workers_mem, max($phys_core_count, 2)) - $eng_workers_by_2 = min($eng_max_workers, $eng_workers_mem, max($phys_core_count/2, 2)) - $eng_workers_by_4 = min($eng_max_workers, $eng_workers_mem, max($phys_core_count/4, 2)) - $eng_workers_by_5 = min($eng_max_workers, $eng_workers_mem, max($phys_core_count/5, 2)) - $eng_workers_by_6 = min($eng_max_workers, $eng_workers_mem, max($phys_core_count/6, 2)) - } - - $init_database = (str2bool($::is_initial_config_primary) or $controller_upgrade) - $init_keystone = (str2bool($::is_initial_config_primary) or $controller_upgrade) -} diff --git a/puppet-manifests/src/modules/platform/manifests/partitions.pp b/puppet-manifests/src/modules/platform/manifests/partitions.pp deleted file mode 100644 index b23d1181b3..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/partitions.pp +++ /dev/null @@ -1,62 +0,0 @@ -class platform::partitions::params ( - $create_config = undef, - $modify_config = undef, - $shutdown_drbd_resource = undef, - $delete_config = undef, - $check_config = undef, -) {} - - -define platform_manage_partition( - $action = $name, - $config = undef, - $shutdown_drbd_resource = undef, - $system_mode = undef, -) { - if $config { - # For drbd partitions, modifications can only be done on standby - # controller as we need to: - # - stop DRBD [drbd is in-use on active, so it can't be stopped there] - # - manage-partitions: backup meta, resize partition, restore meta - # - start DRBD - # For AIO SX we make an exception as all instances are down on host lock. - # see https://docs.linbit.com/doc/users-guide-83/s-resizing/ - exec { "manage-partitions-${action}": - logoutput => true, - command => template('platform/partitions.manage.erb') - } - } -} - - -class platform::partitions - inherits ::platform::partitions::params { - - # Ensure partitions are updated before the PVs and VGs are setup - Platform_manage_partition <| |> -> Physical_volume <| |> - Platform_manage_partition <| |> -> Volume_group <| |> - - # Perform partition updates in a particular order: deletions, - # modifications, then creations. - - # NOTE: Currently we are executing partition changes serially, not in bulk. - platform_manage_partition { 'check': - config => $check_config, - } - -> platform_manage_partition { 'delete': - config => $delete_config, - } - -> platform_manage_partition { 'modify': - config => $modify_config, - shutdown_drbd_resource => $shutdown_drbd_resource, - system_mode => $::platform::params::system_mode, - } - -> platform_manage_partition { 'create': - config => $create_config, - } -} - - -class platform::partitions::runtime { - include ::platform::partitions -} diff --git a/puppet-manifests/src/modules/platform/manifests/password.pp b/puppet-manifests/src/modules/platform/manifests/password.pp deleted file mode 100644 index cf4a91397e..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/password.pp +++ /dev/null @@ -1,32 +0,0 @@ -class platform::password { - - file { '/etc/pam.d/passwd': - ensure => present, - content => template('platform/pam.passwd.erb'), - } - - file_line { '/etc/nsswitch.conf add passwd ldap': - path => '/etc/nsswitch.conf', - line => 'passwd: files sss ldap', - match => '^passwd: *files sss', - } - - file_line { '/etc/nsswitch.conf add shadow ldap': - path => '/etc/nsswitch.conf', - line => 'shadow: files sss ldap', - match => '^shadow: *files sss', - } - - file_line { '/etc/nsswitch.conf add group ldap': - path => '/etc/nsswitch.conf', - line => 'group: files sss ldap', - match => '^group: *files sss', - } - - file_line { '/etc/nsswitch.conf add sudoers ldap': - path => '/etc/nsswitch.conf', - line => 'sudoers: files ldap', - match => '^sudoers: *files', - } - -} diff --git a/puppet-manifests/src/modules/platform/manifests/patching.pp b/puppet-manifests/src/modules/platform/manifests/patching.pp deleted file mode 100644 index e6b3864abd..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/patching.pp +++ /dev/null @@ -1,76 +0,0 @@ -class platform::patching::params ( - $private_port = 5491, - $public_port = 15491, - $server_timeout = '300s', - $region_name = undef, - $service_create = false, -) { } - - -class platform::patching - inherits ::platform::patching::params { - - include ::platform::params - - group { 'patching': - ensure => 'present', - } - -> user { 'patching': - ensure => 'present', - comment => 'patching Daemons', - groups => ['nobody', 'patching', $::platform::params::protected_group_name], - home => '/var/lib/patching', - password => '!!', - password_max_age => '-1', - password_min_age => '-1', - shell => '/sbin/nologin', - } - -> file { '/etc/patching': - ensure => 'directory', - owner => 'patching', - group => 'patching', - mode => '0755', - } - -> class { '::patching': } -} - - -class platform::patching::haproxy - inherits ::platform::patching::params { - - platform::haproxy::proxy { 'patching-restapi': - server_name => 's-patching', - public_port => $public_port, - private_port => $private_port, - server_timeout => $server_timeout, - } -} - - -class platform::patching::api ( -) inherits ::platform::patching::params { - - include ::patching::api - - if ($::platform::patching::params::service_create and - $::platform::params::init_keystone) { - include ::patching::keystone::auth - } - - include ::platform::patching::haproxy -} - -class platform::patching::agent::reload { - - exec { 'restart sw-patch-agent': - command => '/usr/sbin/sw-patch-agent-restart', - logoutput => true, - } -} - -class platform::patching::runtime { - - class {'::platform::patching::agent::reload': - stage => post - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/pciirqaffinity.pp b/puppet-manifests/src/modules/platform/manifests/pciirqaffinity.pp deleted file mode 100644 index 646c058b8c..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/pciirqaffinity.pp +++ /dev/null @@ -1,44 +0,0 @@ -# -# Copyright (c) 2019 StarlingX. -# -# SPDX-License-Identifier: Apache-2.0 -# -class platform::pciirqaffinity::params ( - $openstack_enabled, - $openstack_auth_host, - $openstack_user_domain, - $openstack_project_domain, - $openstack_keyring_service, - $rabbit_host, - $rabbit_port, - $rabbit_userid, - $rabbit_password, - $rabbit_virtual_host, -) {} - - -class platform::pciirqaffinity - inherits ::platform::pciirqaffinity::params { - - file { '/etc/pci_irq_affinity/config.ini': - ensure => 'present', - replace => true, - content => template('platform/pci-irq-affinity.conf.erb'), - } -} - - -class platform::pciirqaffinity::reload { - exec {'restart-pciirqaffinity-service': - command => 'systemctl restart pci-irq-affinity-agent.service', - } -} - - -class platform::pciirqaffinity::runtime { - include ::platform::pciirqaffinity - - class {'::platform::pciirqaffinity::reload': - stage => post - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/postgresql.pp b/puppet-manifests/src/modules/platform/manifests/postgresql.pp deleted file mode 100644 index d82e5a9ed3..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/postgresql.pp +++ /dev/null @@ -1,235 +0,0 @@ -class platform::postgresql::params - inherits ::platform::params { - - $root_dir = '/var/lib/postgresql' - $config_dir = '/etc/postgresql' - - $data_dir = "${root_dir}/${::platform::params::software_version}" - - $password = undef -} - - -class platform::postgresql::server ( - $ipv4acl = undef, -) inherits ::platform::postgresql::params { - - include ::platform::params - - # Set up autovacuum - postgresql::server::config_entry { 'track_counts': - value => 'on', - } - postgresql::server::config_entry { 'autovacuum': - value => 'on', - } - # Only log autovacuum calls that are slow - postgresql::server::config_entry { 'log_autovacuum_min_duration': - value => '100', - } - # Make autovacuum more aggressive - postgresql::server::config_entry { 'autovacuum_max_workers': - value => '5', - } - postgresql::server::config_entry { 'autovacuum_vacuum_scale_factor': - value => '0.05', - } - postgresql::server::config_entry { 'autovacuum_analyze_scale_factor': - value => '0.1', - } - postgresql::server::config_entry { 'autovacuum_vacuum_cost_delay': - value => '-1', - } - postgresql::server::config_entry { 'autovacuum_vacuum_cost_limit': - value => '-1', - } - - # Set up logging - postgresql::server::config_entry { 'log_destination': - value => 'syslog', - } - postgresql::server::config_entry { 'syslog_facility': - value => 'LOCAL0', - } - - # log postgres operations that exceed 1 second - postgresql::server::config_entry { 'log_min_duration_statement': - value => '1000', - } - - # Set large values for postgres in normal mode - # In AIO or virtual box, use reduced settings - # - - # Normal mode - # 1500 connections - # 80 MB shared buffer - # work_mem 512 MB since some ceilometer queries entail extensive - # TODO: with ceilometer removed, determine if work_mem can be revisited - # sorting as well as hash joins and hash based aggregation. - # checkpoint_segments increased to reduce frequency of checkpoints - if str2bool($::is_worker_subfunction) or str2bool($::is_virtual) { - # AIO or virtual box - # 700 connections needs about 80MB shared buffer - # Leave work_mem as the default for vbox and AIO - # Leave checkpoint_segments as the default for vbox and AIO - postgresql::server::config_entry { 'max_connections': - value => '700', - } - postgresql::server::config_entry { 'shared_buffers': - value => '80MB', - } - } else { - postgresql::server::config_entry { 'max_connections': - value => '1500', - } - postgresql::server::config_entry { 'shared_buffers': - value => '80MB', - } - postgresql::server::config_entry { 'work_mem': - value => '512MB', - } - postgresql::server::config_entry { 'checkpoint_segments': - value => '10', - } - } - - if str2bool($::is_initial_config_primary) { - $service_ensure = 'running' - - # ensure service is stopped after initial configuration - class { '::platform::postgresql::post': - stage => post - } - } else { - $service_ensure = 'stopped' - } - - class {'::postgresql::globals': - datadir => $data_dir, - confdir => $config_dir, - } - - -> class {'::postgresql::server': - ip_mask_allow_all_users => $ipv4acl, - service_ensure => $service_ensure, - } -} - - -class platform::postgresql::post { - # postgresql needs to be running in order to apply the initial manifest, - # however, it needs to be stopped/disabled to allow SM to manage the service. - # To allow for the transition it must be explicitely stopped. Once puppet - # can directly handle SM managed services, then this can be removed. - exec { 'stop postgresql service': - command => 'systemctl stop postgresql; systemctl disable postgresql', - } -} - - -class platform::postgresql::bootstrap - inherits ::platform::postgresql::params { - - Class['::platform::drbd::pgsql'] -> Class[$name] - - exec { 'Empty pg dir': - command => "rm -fR ${root_dir}/*", - } - - -> exec { 'Create pg datadir': - command => "mkdir -p ${data_dir}", - } - - -> exec { 'Change pg dir permissions': - command => "chown -R postgres:postgres ${root_dir}", - } - - -> file_line { 'allow sudo with no tty': - path => '/etc/sudoers', - match => '^Defaults *requiretty', - line => '#Defaults requiretty', - } - - -> exec { 'Create pg database': - command => "sudo -u postgres initdb -D ${data_dir}", - } - - -> exec { 'Move Config files': - command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/", - } - - -> class {'::postgresql::globals': - datadir => $data_dir, - confdir => $config_dir, - } - - -> class {'::postgresql::server': - } - - # Allow local postgres user as trusted for simplex upgrade scripts - postgresql::server::pg_hba_rule { 'postgres trusted local access': - type => 'local', - user => 'postgres', - auth_method => 'trust', - database => 'all', - order => '000', - } - - postgresql::server::role {'admin': - password_hash => 'admin', - superuser => true, - } -} - -class platform::postgresql::upgrade - inherits ::platform::postgresql::params { - - exec { 'Move Config files': - command => "mkdir -p ${config_dir} && mv ${data_dir}/*.conf ${config_dir}/ && ln -s ${config_dir}/*.conf ${data_dir}/", - } - - -> class {'::postgresql::globals': - datadir => $data_dir, - confdir => $config_dir, - needs_initdb => false, - } - - -> class {'::postgresql::server': - } - - include ::barbican::db::postgresql - include ::sysinv::db::postgresql - include ::keystone::db::postgresql - include ::fm::db::postgresql -} - -class platform::postgresql::sc::configured { - - file { '/etc/platform/.sc_database_configured': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - } -} - -class platform::postgresql::sc::runtime - inherits ::platform::postgresql::params { - class {'::postgresql::globals': - datadir => $data_dir, - confdir => $config_dir, - needs_initdb => false, - } - - -> class {'::postgresql::server': - } - - include ::platform::dcmanager::runtime - include ::platform::dcorch::runtime - - class {'::platform::postgresql::sc::configured': - stage => post - } -} - diff --git a/puppet-manifests/src/modules/platform/manifests/ptp.pp b/puppet-manifests/src/modules/platform/manifests/ptp.pp deleted file mode 100644 index 6750b46ba8..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/ptp.pp +++ /dev/null @@ -1,97 +0,0 @@ -class platform::ptp ( - $enabled = false, - $mode = 'hardware', - $transport = 'l2', - $mechanism = 'e2e', -) { - if $::platform::params::personality == 'controller' { - include ::platform::network::oam::params - $slave_interfaces = $::platform::network::oam::params::interface_devices - $slave_subnet = $::platform::network::oam::params::subnet_version - include ::platform::network::mgmt::params - $master_interfaces = $::platform::network::mgmt::params::interface_devices - $master_subnet = $::platform::network::mgmt::params::subnet_version - if $::platform::params::system_type == 'All-in-one' { - $slave_only = true - } else { - $slave_only = false - } - } else { - include ::platform::network::mgmt::params - $slave_interfaces = $::platform::network::mgmt::params::interface_devices - $slave_subnet = $::platform::network::mgmt::params::subnet_version - $slave_only = true - } - - file { 'ptp4l_config': - ensure => file, - path => '/etc/ptp4l.conf', - mode => '0644', - content => template('platform/ptp4l.conf.erb'), - } - -> file { 'ptp4l_service': - ensure => file, - path => '/usr/lib/systemd/system/ptp4l.service', - mode => '0644', - content => template('platform/ptp4l.service.erb'), - } - -> file { 'ptp4l_sysconfig': - ensure => file, - path => '/etc/sysconfig/ptp4l', - mode => '0644', - content => template('platform/ptp4l.erb'), - } - -> file { 'phc2sys_service': - ensure => file, - path => '/usr/lib/systemd/system/phc2sys.service', - mode => '0644', - content => template('platform/phc2sys.service.erb'), - } - -> file { 'phc2sys_sysconfig': - ensure => file, - path => '/etc/sysconfig/phc2sys', - mode => '0644', - content => template('platform/phc2sys.erb'), - } - -> exec { 'systemctl-daemon-reload': - command => '/usr/bin/systemctl daemon-reload', - } - - if $enabled { - exec { 'enable-ptp4l': - command => '/usr/bin/systemctl enable ptp4l.service', - require => Exec['systemctl-daemon-reload'], - } - -> exec { 'enable-phc2sys': - command => '/usr/bin/systemctl enable phc2sys.service', - } - -> service { 'ptp4l': - ensure => 'running', - enable => true, - name => 'ptp4l', - hasstatus => true, - hasrestart => true, - } - -> service { 'phc2sys': - ensure => 'running', - enable => true, - name => 'phc2sys', - hasstatus => true, - hasrestart => true, - } - } else { - exec { 'disable-ptp4l': - command => '/usr/bin/systemctl disable ptp4l.service', - require => Exec['systemctl-daemon-reload'], - } - -> exec { 'disable-phc2sys': - command => '/usr/bin/systemctl disable phc2sys.service', - } - exec { 'stop-ptp4l': - command => '/usr/bin/systemctl stop ptp4l.service', - } - -> exec { 'stop-phc2sys': - command => '/usr/bin/systemctl stop phc2sys.service', - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/remotelogging.pp b/puppet-manifests/src/modules/platform/manifests/remotelogging.pp deleted file mode 100644 index acf1dfde08..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/remotelogging.pp +++ /dev/null @@ -1,111 +0,0 @@ -class platform::remotelogging::params ( - $enabled = false, - $ip_address = undef, - $port = undef, - $transport = 'tcp', - $service_name = 'remotelogging', -) {} - - -class platform::remotelogging - inherits ::platform::remotelogging::params { - - if $enabled { - include ::platform::params - $system_name = $::platform::params::system_name - $hostname = $::hostname - - if($transport == 'tls') { - $server = "{tcp(\"${ip_address}\" port(${port}) tls(peer-verify(\"required-untrusted\")));};" - } else { - $server = "{${transport}(\"${ip_address}\" port(${port}));};" - } - - $destination = 'destination remote_log_server ' - $destination_line = "${destination} ${server}" - - file_line { 'conf-add-log-server': - path => '/etc/syslog-ng/syslog-ng.conf', - line => $destination_line, - match => $destination, - } - -> file_line { 'conf-add-remote': - path => '/etc/syslog-ng/syslog-ng.conf', - line => '@include "remotelogging.conf"', - match => '#@include \"remotelogging.conf\"', - } - -> file { '/etc/syslog-ng/remotelogging.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - content => template('platform/remotelogging.conf.erb'), - } - -> exec { 'remotelogging-update-tc': - command => "/usr/local/bin/remotelogging_tc_setup.sh ${port}" - } - -> Exec['syslog-ng-reload'] - - } else { - # remove remote logging configuration from syslog-ng - file_line { 'exclude remotelogging conf': - path => '/etc/syslog-ng/syslog-ng.conf', - line => '#@include "remotelogging.conf"', - match => '@include \"remotelogging.conf\"', - } - -> Exec['syslog-ng-reload'] - } - - exec { 'syslog-ng-reload': - command => '/usr/bin/systemctl reload syslog-ng' - } -} - - -class platform::remotelogging::proxy( - $table = 'nat', - $chain = 'POSTROUTING', - $jump = 'MASQUERADE', -) inherits ::platform::remotelogging::params { - - include ::platform::network::oam::params - - $oam_interface = $::platform::network::oam::params::interface_name - - if $enabled { - - if $transport == 'tls' { - $firewall_proto_transport = 'tcp' - } else { - $firewall_proto_transport = $transport - } - - platform::firewall::rule { 'remotelogging-nat': - service_name => $service_name, - table => $table, - chain => $chain, - proto => $firewall_proto_transport, - outiface => $oam_interface, - jump => $jump, - } - - } else { - platform::firewall::rule { 'remotelogging-nat': - ensure => absent, - service_name => $service_name, - table => $table, - chain => $chain, - outiface => $oam_interface, - jump => $jump, - } - } -} - - -class platform::remotelogging::runtime { - include ::platform::remotelogging - - if $::personality == 'controller' { - include ::platform::remotelogging::proxy - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/scratch.pp b/puppet-manifests/src/modules/platform/manifests/scratch.pp deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/puppet-manifests/src/modules/platform/manifests/sm.pp b/puppet-manifests/src/modules/platform/manifests/sm.pp deleted file mode 100644 index ece0fc2b47..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/sm.pp +++ /dev/null @@ -1,980 +0,0 @@ -class platform::sm::params ( - $mgmt_ip_multicast = undef, - $cluster_host_ip_multicast = undef, -) { } - -class platform::sm - inherits ::platform::sm::params { - - include ::platform::params - $controller_0_hostname = $::platform::params::controller_0_hostname - $controller_1_hostname = $::platform::params::controller_1_hostname - $platform_sw_version = $::platform::params::software_version - $region_config = $::platform::params::region_config - $region_2_name = $::platform::params::region_2_name - $system_mode = $::platform::params::system_mode - $system_type = $::platform::params::system_type - $stx_openstack_applied = $::platform::params::stx_openstack_applied - - include ::platform::network::pxeboot::params - if $::platform::network::pxeboot::params::interface_name { - $pxeboot_ip_interface = $::platform::network::pxeboot::params::interface_name - } else { - # Fallback to using the management interface for PXE boot network - $pxeboot_ip_interface = $::platform::network::mgmt::params::interface_name - } - $pxeboot_ip_param_ip = $::platform::network::pxeboot::params::controller_address - $pxeboot_ip_param_mask = $::platform::network::pxeboot::params::subnet_prefixlen - - include ::platform::network::mgmt::params - $mgmt_ip_interface = $::platform::network::mgmt::params::interface_name - $mgmt_ip_param_ip = $::platform::network::mgmt::params::controller_address - $mgmt_ip_param_mask = $::platform::network::mgmt::params::subnet_prefixlen - - include ::platform::network::cluster_host::params - $cluster_host_ip_interface = $::platform::network::cluster_host::params::interface_name - $cluster_host_ip_param_ip = $::platform::network::cluster_host::params::controller_address - $cluster_host_ip_param_mask = $::platform::network::cluster_host::params::subnet_prefixlen - - include ::platform::network::oam::params - $oam_ip_interface = $::platform::network::oam::params::interface_name - $oam_ip_param_ip = $::platform::network::oam::params::controller_address - $oam_ip_param_mask = $::platform::network::oam::params::subnet_prefixlen - - include ::platform::network::ironic::params - $ironic_ip_interface = $::platform::network::ironic::params::interface_name - $ironic_ip_param_ip = $::platform::network::ironic::params::controller_address - $ironic_ip_param_mask = $::platform::network::ironic::params::subnet_prefixlen - - include ::platform::drbd::pgsql::params - $pg_drbd_resource = $::platform::drbd::pgsql::params::resource_name - $pg_fs_device = $::platform::drbd::pgsql::params::device - $pg_fs_directory = $::platform::drbd::pgsql::params::mountpoint - $pg_data_dir = "${pg_fs_directory}/${platform_sw_version}" - - include ::platform::drbd::platform::params - $platform_drbd_resource = $::platform::drbd::platform::params::resource_name - $platform_fs_device = $::platform::drbd::platform::params::device - $platform_fs_directory = $::platform::drbd::platform::params::mountpoint - - include ::platform::drbd::rabbit::params - $rabbit_drbd_resource = $::platform::drbd::rabbit::params::resource_name - $rabbit_fs_device = $::platform::drbd::rabbit::params::device - $rabbit_fs_directory = $::platform::drbd::rabbit::params::mountpoint - - include ::platform::drbd::extension::params - $extension_drbd_resource = $::platform::drbd::extension::params::resource_name - $extension_fs_device = $::platform::drbd::extension::params::device - $extension_fs_directory = $::platform::drbd::extension::params::mountpoint - - include ::platform::drbd::patch_vault::params - $drbd_patch_enabled = $::platform::drbd::patch_vault::params::service_enabled - $patch_drbd_resource = $::platform::drbd::patch_vault::params::resource_name - $patch_fs_device = $::platform::drbd::patch_vault::params::device - $patch_fs_directory = $::platform::drbd::patch_vault::params::mountpoint - - include ::platform::drbd::etcd::params - $etcd_drbd_resource = $::platform::drbd::etcd::params::resource_name - $etcd_fs_device = $::platform::drbd::etcd::params::device - $etcd_fs_directory = $::platform::drbd::etcd::params::mountpoint - - include ::platform::drbd::dockerdistribution::params - $dockerdistribution_drbd_resource = $::platform::drbd::dockerdistribution::params::resource_name - $dockerdistribution_fs_device = $::platform::drbd::dockerdistribution::params::device - $dockerdistribution_fs_directory = $::platform::drbd::dockerdistribution::params::mountpoint - - include ::platform::helm::repositories::params - $helmrepo_fs_source_dir = $::platform::helm::repositories::params::source_helm_repos_base_dir - $helmrepo_fs_target_dir = $::platform::helm::repositories::params::target_helm_repos_base_dir - - include ::platform::drbd::cephmon::params - $cephmon_drbd_resource = $::platform::drbd::cephmon::params::resource_name - $cephmon_fs_device = $::platform::drbd::cephmon::params::device - $cephmon_fs_directory = $::platform::drbd::cephmon::params::mountpoint - - include ::openstack::keystone::params - $keystone_api_version = $::openstack::keystone::params::api_version - $keystone_identity_uri = $::openstack::keystone::params::identity_uri - $keystone_host_url = $::openstack::keystone::params::host_url - $keystone_region = $::openstack::keystone::params::region_name - - include ::platform::amqp::params - $amqp_server_port = $::platform::amqp::params::port - $rabbit_node_name = $::platform::amqp::params::node - $rabbit_mnesia_base = "/var/lib/rabbitmq/${platform_sw_version}/mnesia" - - include ::platform::ldap::params - $ldapserver_remote = $::platform::ldap::params::ldapserver_remote - - # This variable is used also in create_sm_db.sql. - # please change that one as well when modifying this variable - $rabbit_pid = '/var/run/rabbitmq/rabbitmq.pid' - - $rabbitmq_server = '/usr/lib/rabbitmq/bin/rabbitmq-server' - $rabbitmqctl = '/usr/lib/rabbitmq/bin/rabbitmqctl' - - include ::platform::mtce::params - $sm_client_port = $::platform::mtce::params::sm_client_port - $sm_server_port = $::platform::mtce::params::sm_server_port - - ############ NFS Parameters ################ - - # Platform NFS network is over the management network - $platform_nfs_ip_interface = $::platform::network::mgmt::params::interface_name - $platform_nfs_ip_param_ip = $::platform::network::mgmt::params::platform_nfs_address - $platform_nfs_ip_param_mask = $::platform::network::mgmt::params::subnet_prefixlen - $platform_nfs_ip_network_url = $::platform::network::mgmt::params::subnet_network_url - - - $platform_nfs_subnet_url = "${platform_nfs_ip_network_url}/${platform_nfs_ip_param_mask}" - - # lint:ignore:140chars - $nfs_server_mgmt_exports = "${platform_nfs_subnet_url}:${platform_fs_directory},${platform_nfs_subnet_url}:${extension_fs_directory}" - $nfs_server_mgmt_mounts = "${platform_fs_device}:${platform_fs_directory},${extension_fs_device}:${extension_fs_directory}" - # lint:endignore:140chars - - ################## Openstack Parameters ###################### - - # Keystone - if $region_config { - $os_mgmt_ip = $keystone_identity_uri - $os_keystone_auth_url = "${os_mgmt_ip}/${keystone_api_version}" - $os_region_name = $region_2_name - } else { - $os_auth_ip = $keystone_host_url - $os_keystone_auth_url = "http://${os_auth_ip}:5000/${keystone_api_version}" - $os_region_name = $keystone_region - } - - # Barbican - include ::openstack::barbican::params - $barbican_enabled = $::openstack::barbican::params::service_enabled - - $ost_cl_ctrl_host = $::platform::network::mgmt::params::controller_address_url - - include ::platform::client::params - - $os_username = $::platform::client::params::admin_username - $os_project_name = 'admin' - $os_auth_url = $os_keystone_auth_url - $system_url = "http://${ost_cl_ctrl_host}:6385" - $os_user_domain_name = $::platform::client::params::admin_user_domain - $os_project_domain_name = $::platform::client::params::admin_project_domain - - # Ceph-Rados-Gateway - include ::platform::ceph::params - $ceph_configured = $::platform::ceph::params::service_enabled - $rgw_configured = $::platform::ceph::params::rgw_enabled - - if $system_mode == 'simplex' { - $hostunit = '0' - $management_my_unit_ip = $::platform::network::mgmt::params::controller0_address - $oam_my_unit_ip = $::platform::network::oam::params::controller_address - $cluster_host_my_unit_ip = $::platform::network::cluster_host::params::controller_address - } else { - case $::hostname { - $controller_0_hostname: { - $hostunit = '0' - $management_my_unit_ip = $::platform::network::mgmt::params::controller0_address - $management_peer_unit_ip = $::platform::network::mgmt::params::controller1_address - $oam_my_unit_ip = $::platform::network::oam::params::controller0_address - $oam_peer_unit_ip = $::platform::network::oam::params::controller1_address - $cluster_host_my_unit_ip = $::platform::network::cluster_host::params::controller0_address - $cluster_host_peer_unit_ip = $::platform::network::cluster_host::params::controller1_address - } - $controller_1_hostname: { - $hostunit = '1' - $management_my_unit_ip = $::platform::network::mgmt::params::controller1_address - $management_peer_unit_ip = $::platform::network::mgmt::params::controller0_address - $oam_my_unit_ip = $::platform::network::oam::params::controller1_address - $oam_peer_unit_ip = $::platform::network::oam::params::controller0_address - $cluster_host_my_unit_ip = $::platform::network::cluster_host::params::controller1_address - $cluster_host_peer_unit_ip = $::platform::network::cluster_host::params::controller0_address - } - default: { - $hostunit = '2' - $management_my_unit_ip = undef - $management_peer_unit_ip = undef - $oam_my_unit_ip = undef - $oam_peer_unit_ip = undef - $cluster_host_my_unit_ip = undef - $cluster_host_peer_unit_ip = undef - } - } - } - - - # Add a shell for the postgres. By default WRL sets the shell to /bin/false. - user { 'postgres': - shell => '/bin/sh' - } - - # lint:ignore:140chars - - if str2bool($::is_virtual) { - exec { 'Configure sm process priority': - command => 'sm-configure system --sm_process_priority -10', - } - } - - if $system_mode == 'simplex' { - exec { 'Deprovision oam-ip service group member': - command => 'sm-deprovision service-group-member oam-services oam-ip', - } - -> exec { 'Deprovision oam-ip service': - command => 'sm-deprovision service oam-ip', - } - - exec { 'Configure OAM Interface': - command => "sm-configure interface controller oam-interface \"\" ${oam_my_unit_ip} 2222 2223 \"\" 2222 2223", - } - - exec { 'Configure Management Interface': - command => "sm-configure interface controller management-interface \"\" ${management_my_unit_ip} 2222 2223 \"\" 2222 2223", - } - - exec { 'Configure Cluster Host Interface': - command => "sm-configure interface controller cluster-host-interface \"\" ${cluster_host_my_unit_ip} 2222 2223 \"\" 2222 2223", - } - - } else { - exec { 'Configure OAM Interface': - command => "sm-configure interface controller oam-interface \"\" ${oam_my_unit_ip} 2222 2223 ${oam_peer_unit_ip} 2222 2223", - } - exec { 'Configure Management Interface': - command => "sm-configure interface controller management-interface ${mgmt_ip_multicast} ${management_my_unit_ip} 2222 2223 ${management_peer_unit_ip} 2222 2223", - } - - exec { 'Configure Cluster Host Interface': - command => "sm-configure interface controller cluster-host-interface ${cluster_host_ip_multicast} ${cluster_host_my_unit_ip} 2222 2223 ${cluster_host_peer_unit_ip} 2222 2223", - } - } - - exec { 'Configure OAM IP': - command => "sm-configure service_instance oam-ip oam-ip \"ip=${oam_ip_param_ip},cidr_netmask=${oam_ip_param_mask},nic=${oam_ip_interface},arp_count=7\"", - } - - if $system_mode == 'duplex-direct' or $system_mode == 'simplex' { - exec { 'Configure Management IP': - command => "sm-configure service_instance management-ip management-ip \"ip=${mgmt_ip_param_ip},cidr_netmask=${mgmt_ip_param_mask},nic=${mgmt_ip_interface},arp_count=7,dc=yes\"", - } - } else { - exec { 'Configure Management IP': - command => "sm-configure service_instance management-ip management-ip \"ip=${mgmt_ip_param_ip},cidr_netmask=${mgmt_ip_param_mask},nic=${mgmt_ip_interface},arp_count=7\"", - } - } - - - if $system_mode == 'duplex-direct' or $system_mode == 'simplex' { - exec { 'Configure Cluster Host IP service instance': - command => - "sm-configure service_instance cluster-host-ip cluster-host-ip \"ip=${cluster_host_ip_param_ip},cidr_netmask=${cluster_host_ip_param_mask},nic=${cluster_host_ip_interface},arp_count=7,dc=yes\"", - } - } else { - exec { 'Configure Cluster Host IP service instance': - command => - "sm-configure service_instance cluster-host-ip cluster-host-ip \"ip=${cluster_host_ip_param_ip},cidr_netmask=${cluster_host_ip_param_mask},nic=${cluster_host_ip_interface},arp_count=7\"", - } - } - - exec { 'Configure sm server and client port': - command => "sm-configure system --sm_client_port=${sm_client_port} --sm_server_port=${sm_server_port}", - } - - # Create the PXEBoot IP service if it is configured - if str2bool($::is_initial_config) { - exec { 'Configure PXEBoot IP service in SM (service-group-member pxeboot-ip)': - command => 'sm-provision service-group-member controller-services pxeboot-ip', - } - -> exec { 'Configure PXEBoot IP service in SM (service pxeboot-ip)': - command => 'sm-provision service pxeboot-ip', - } - } - - if $system_mode == 'duplex-direct' or $system_mode == 'simplex' { - exec { 'Configure PXEBoot IP': - command => "sm-configure service_instance pxeboot-ip pxeboot-ip \"ip=${pxeboot_ip_param_ip},cidr_netmask=${pxeboot_ip_param_mask},nic=${pxeboot_ip_interface},arp_count=7,dc=yes\"", - } - } else { - exec { 'Configure PXEBoot IP': - command => "sm-configure service_instance pxeboot-ip pxeboot-ip \"ip=${pxeboot_ip_param_ip},cidr_netmask=${pxeboot_ip_param_mask},nic=${pxeboot_ip_interface},arp_count=7\"", - } - } - - # Create the Ironic IP service if it is configured - if $ironic_ip_interface and $system_mode != 'simplex' { - exec { 'Configure Ironic IP service in SM (service-group-member ironic-ip)': - command => 'sm-provision service-group-member controller-services ironic-ip', - } - -> exec { 'Configure Ironic IP service in SM (service ironic-ip)': - command => 'sm-provision service ironic-ip', - } - -> exec { 'Configure Ironic IP': - command => "sm-configure service_instance ironic-ip ironic-ip \"ip=${ironic_ip_param_ip},cidr_netmask=${ironic_ip_param_mask},nic=${ironic_ip_interface},arp_count=7\"", - } - } - - exec { 'Configure Postgres DRBD': - command => "sm-configure service_instance drbd-pg drbd-pg:${hostunit} \"drbd_resource=${pg_drbd_resource}\"", - } - - exec { 'Configure Postgres FileSystem': - command => "sm-configure service_instance pg-fs pg-fs \"device=${pg_fs_device},directory=${pg_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure Postgres': - command => "sm-configure service_instance postgres postgres \"pgctl=/usr/bin/pg_ctl,pgdata=${pg_data_dir}\"", - } - - exec { 'Configure Rabbit DRBD': - command => "sm-configure service_instance drbd-rabbit drbd-rabbit:${hostunit} \"drbd_resource=${rabbit_drbd_resource}\"", - } - - exec { 'Configure Rabbit FileSystem': - command => "sm-configure service_instance rabbit-fs rabbit-fs \"device=${rabbit_fs_device},directory=${rabbit_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure Rabbit': - command => "sm-configure service_instance rabbit rabbit \"server=${rabbitmq_server},ctl=${rabbitmqctl},pid_file=${rabbit_pid},nodename=${rabbit_node_name},mnesia_base=${rabbit_mnesia_base},ip=${mgmt_ip_param_ip}\"", - } - - exec { 'Provision Docker Distribution FS in SM (service-group-member dockerdistribution-fs)': - command => 'sm-provision service-group-member controller-services dockerdistribution-fs', - } - -> exec { 'Provision Docker Distribution FS in SM (service dockerdistribution-fs)': - command => 'sm-provision service dockerdistribution-fs', - } - -> exec { 'Provision Docker Distribution DRBD in SM (service-group-member drbd-dockerdistribution)': - command => 'sm-provision service-group-member controller-services drbd-dockerdistribution', - } - -> exec { 'Provision Docker Distribution DRBD in SM (service drbd-dockerdistribution)': - command => 'sm-provision service drbd-dockerdistribution', - } - -> exec { 'Configure Docker Distribution DRBD': - command => "sm-configure service_instance drbd-dockerdistribution drbd-dockerdistribution:${hostunit} \"drbd_resource=${dockerdistribution_drbd_resource}\"", - } - -> exec { 'Configure Docker Distribution FileSystem': - command => "sm-configure service_instance dockerdistribution-fs dockerdistribution-fs \"device=${dockerdistribution_fs_device},directory=${dockerdistribution_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure Extension DRBD': - command => "sm-configure service_instance drbd-extension drbd-extension:${hostunit} \"drbd_resource=${extension_drbd_resource}\"", - } - - exec { 'Configure Extension FileSystem': - command => "sm-configure service_instance extension-fs extension-fs \"device=${extension_fs_device},directory=${extension_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure Extension Export FileSystem': - command => "sm-configure service_instance extension-export-fs extension-export-fs \"fsid=1,directory=${extension_fs_directory},options=rw,sync,no_root_squash,no_subtree_check,clientspec=${platform_nfs_subnet_url},unlock_on_stop=true\"", - } - - if $drbd_patch_enabled { - exec { 'Configure Patch-vault DRBD': - command => "sm-configure service_instance drbd-patch-vault drbd-patch-vault:${hostunit} \"drbd_resource=${patch_drbd_resource}\"", - } - - exec { 'Configure Patch-vault FileSystem': - command => "sm-configure service_instance patch-vault-fs patch-vault-fs \"device=${patch_fs_device},directory=${patch_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - } - - # Configure helm chart repository - exec { 'Provision Helm Chart Repository FS in SM (service-group-member helmrepository-fs)': - command => 'sm-provision service-group-member controller-services helmrepository-fs', - } - -> exec { 'Provision Helm Chart Repository FS in SM (service helmrepository-fs)': - command => 'sm-provision service helmrepository-fs', - } - -> exec { 'Configure Helm Chart Repository FileSystem': - command => "sm-configure service_instance helmrepository-fs helmrepository-fs \"device=${helmrepo_fs_source_dir},directory=${helmrepo_fs_target_dir},options=bind,noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure ETCD DRBD': - command => "sm-configure service_instance drbd-etcd drbd-etcd:${hostunit} drbd_resource=${etcd_drbd_resource}", - } - - exec { 'Configure ETCD DRBD FileSystem': - command => "sm-configure service_instance etcd-fs etcd-fs \"device=${etcd_fs_device},directory=${etcd_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - # TODO: region code needs to be revisited - if $region_config { - # In a default Multi-Region configuration, Keystone is running as a - # shared service in the Primary Region so need to deprovision that - # service in all non-Primary Regions. - # However in the case of Distributed Cloud Multi-Region configuration, - # each Subcloud is running its own Keystone - if $::platform::params::distributed_cloud_role =='subcloud' { - $configure_keystone = true - - # Provision and configure dcorch dbsync when running as a subcloud - exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)': - command => 'sm-provision service-domain-member controller distributed-cloud-services', - } - -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)': - command => 'sm-provision service-group distributed-cloud-services', - } - -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)': - command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api', - } - -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)': - command => 'sm-provision service dcdbsync-api', - } - -> exec { 'Configure OpenStack - DCDBsync-API': - command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", - } - # Deprovision Horizon when running as a subcloud - exec { 'Deprovision OpenStack - Horizon (service-group-member)': - command => 'sm-deprovision service-group-member web-services horizon', - } - -> exec { 'Deprovision OpenStack - Horizon (service)': - command => 'sm-deprovision service horizon', - } - - } else { - exec { 'Deprovision OpenStack - Keystone (service-group-member)': - command => 'sm-deprovision service-group-member cloud-services keystone', - } - -> exec { 'Deprovision OpenStack - Keystone (service)': - command => 'sm-deprovision service keystone', - } - $configure_keystone = false - } - } else { - $configure_keystone = true - } - - if $configure_keystone { - exec { 'Configure OpenStack - Keystone': - command => "sm-configure service_instance keystone keystone \"config=/etc/keystone/keystone.conf,user=root,os_username=${os_username},os_project_name=${os_project_name},os_user_domain_name=${os_user_domain_name},os_project_domain_name=${os_project_domain_name},os_auth_url=${os_auth_url}, \"", - } - } - - # Barbican - if $barbican_enabled { - exec { 'Configure OpenStack - Barbican API': - command => "sm-configure service_instance barbican-api barbican-api \"config=/etc/barbican/barbican.conf\"", - } - - exec { 'Configure OpenStack - Barbican Keystone Listener': - command => "sm-configure service_instance barbican-keystone-listener barbican-keystone-listener \"config=/etc/barbican/barbican.conf\"", - } - - exec { 'Configure OpenStack - Barbican Worker': - command => "sm-configure service_instance barbican-worker barbican-worker \"config=/etc/barbican/barbican.conf\"", - } - } - - exec { 'Configure NFS Management': - command => "sm-configure service_instance nfs-mgmt nfs-mgmt \"exports=${nfs_server_mgmt_exports},mounts=${nfs_server_mgmt_mounts}\"", - } - - exec { 'Configure Platform DRBD': - command => "sm-configure service_instance drbd-platform drbd-platform:${hostunit} \"drbd_resource=${platform_drbd_resource}\"", - } - - exec { 'Configure Platform FileSystem': - command => "sm-configure service_instance platform-fs platform-fs \"device=${platform_fs_device},directory=${platform_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - - exec { 'Configure Platform Export FileSystem': - command => "sm-configure service_instance platform-export-fs platform-export-fs \"fsid=0,directory=${platform_fs_directory},options=rw,sync,no_root_squash,no_subtree_check,clientspec=${platform_nfs_subnet_url},unlock_on_stop=true\"", - } - - # etcd - exec { 'Configure ETCD': - command => "sm-configure service_instance etcd etcd \"config=/etc/etcd/etcd.conf,user=root\"", - } - - # Docker Distribution - exec { 'Configure Docker Distribution': - command => "sm-configure service_instance docker-distribution docker-distribution \"\"", - } - - # Docker Registry Token Server - exec { 'Configure Docker Registry Token Server': - command => "sm-configure service_instance registry-token-server registry-token-server \"\"", - } - - if $system_mode == 'duplex-direct' or $system_mode == 'simplex' { - exec { 'Configure Platform NFS': - command => "sm-configure service_instance platform-nfs-ip platform-nfs-ip \"ip=${platform_nfs_ip_param_ip},cidr_netmask=${platform_nfs_ip_param_mask},nic=${mgmt_ip_interface},arp_count=7,dc=yes\"", - } - } else { - exec { 'Configure Platform NFS': - command => "sm-configure service_instance platform-nfs-ip platform-nfs-ip \"ip=${platform_nfs_ip_param_ip},cidr_netmask=${platform_nfs_ip_param_mask},nic=${mgmt_ip_interface},arp_count=7\"", - } - } - - exec { 'Configure System Inventory API': - command => "sm-configure service_instance sysinv-inv sysinv-inv \"dbg=false,os_username=${os_username},os_project_name=${os_project_name},os_user_domain_name=${os_user_domain_name},os_project_domain_name=${os_project_domain_name},os_auth_url=${os_auth_url},os_region_name=${os_region_name},system_url=${system_url}\"", - } - - exec { 'Configure System Inventory Conductor': - command => "sm-configure service_instance sysinv-conductor sysinv-conductor \"dbg=false\"", - } - - exec { 'Configure Maintenance Agent': - command => "sm-configure service_instance mtc-agent mtc-agent \"state=active,logging=true,mode=normal,dbg=false\"", - } - - exec { 'Configure DNS Mask': - command => "sm-configure service_instance dnsmasq dnsmasq \"\"", - } - - exec { 'Configure Fault Manager': - command => "sm-configure service_instance fm-mgr fm-mgr \"\"", - } - - exec { 'Configure Open LDAP': - command => "sm-configure service_instance open-ldap open-ldap \"\"", - } - - if $system_mode == 'duplex-direct' or $system_mode == 'duplex' { - exec { 'Configure System Mode': - command => "sm-configure system --cpe_mode ${system_mode}", - } - - } - - if $system_mode == 'simplex' { - exec { 'Configure oam-service redundancy model': - command => "sm-configure service_group yes controller oam-services N 1 0 \"\" directory-services", - } - - exec { 'Configure controller-services redundancy model': - command => "sm-configure service_group yes controller controller-services N 1 0 \"\" directory-services", - } - - exec { 'Configure cloud-services redundancy model': - command => "sm-configure service_group yes controller cloud-services N 1 0 \"\" directory-services", - } - - exec { 'Configure vim-services redundancy model': - command => "sm-configure service_group yes controller vim-services N 1 0 \"\" directory-services", - } - - exec { 'Configure patching-services redundancy model': - command => "sm-configure service_group yes controller patching-services N 1 0 \"\" \"\"", - } - - exec { 'Configure directory-services redundancy model': - command => "sm-configure service_group yes controller directory-services N 1 0 \"\" \"\"", - } - - exec { 'Configure web-services redundancy model': - command => "sm-configure service_group yes controller web-services N 1 0 \"\" \"\"", - } - - exec { 'Configure storage-services redundancy model': - command => "sm-configure service_group yes controller storage-services N 1 0 \"\" \"\"", - } - - exec { 'Configure storage-monitoring-services redundancy model': - command => "sm-configure service_group yes controller storage-monitoring-services N 1 0 \"\" \"\"", - } - - } - - exec { 'Provision extension-fs (service-group-member)': - command => 'sm-provision service-group-member controller-services extension-fs', - } - -> exec { 'Provision extension-fs (service)': - command => 'sm-provision service extension-fs', - } - -> exec { 'Provision drbd-extension (service-group-member)': - command => 'sm-provision service-group-member controller-services drbd-extension', - } - -> exec { 'Provision drbd-extension (service)': - command => 'sm-provision service drbd-extension', - } - -> exec { 'Provision extension-export-fs (service-group-member)': - command => 'sm-provision service-group-member controller-services extension-export-fs', - } - -> exec { 'Provision extension-export-fs (service)': - command => 'sm-provision service extension-export-fs', - } - - if $drbd_patch_enabled { - exec { 'Provision patch-vault-fs (service-group-member)': - command => 'sm-provision service-group-member controller-services patch-vault-fs', - } - -> exec { 'Provision patch-vault-fs (service)': - command => 'sm-provision service patch-vault-fs', - } - -> exec { 'Provision drbd-patch-vault (service-group-member)': - command => 'sm-provision service-group-member controller-services drbd-patch-vault', - } - -> exec { 'Provision drbd-patch-vault (service)': - command => 'sm-provision service drbd-patch-vault', - } - } - - # Configure ETCD for Kubernetes - exec { 'Provision etcd-fs (service-group-member)': - command => 'sm-provision service-group-member controller-services etcd-fs', - } - -> exec { 'Provision etcd-fs (service)': - command => 'sm-provision service etcd-fs', - } - -> exec { 'Provision drbd-etcd (service-group-member)': - command => 'sm-provision service-group-member controller-services drbd-etcd', - } - -> exec { 'Provision drbd-etcd (service)': - command => 'sm-provision service drbd-etcd', - } - -> exec { 'Provision ETCD (service-group-member)': - command => 'sm-provision service-group-member controller-services etcd', - } - -> exec { 'Provision ETCD (service)': - command => 'sm-provision service etcd', - } - - if $stx_openstack_applied { - # Configure dbmon for AIO duplex and systemcontroller - if ($::platform::params::distributed_cloud_role =='systemcontroller') or - ($system_type == 'All-in-one' and 'duplex' in $system_mode) { - exec { 'provision service group member': - command => 'sm-provision service-group-member cloud-services dbmon --apply' - } - } - exec { 'provision guest-agent service group member': - command => 'sm-provision service-group-member controller-services guest-agent --apply' - } - } else { - exec { 'deprovision service group member': - command => 'sm-deprovision service-group-member cloud-services dbmon --apply' - } - exec { 'deprovision guest-agent service group member': - command => 'sm-deprovision service-group-member controller-services guest-agent --apply' - } - } - - # Configure Docker Distribution - exec { 'Provision Docker Distribution (service-group-member)': - command => 'sm-provision service-group-member controller-services docker-distribution', - } - -> exec { 'Provision Docker Distribution (service)': - command => 'sm-provision service docker-distribution', - } - - # Configure Docker Registry Token Server - exec { 'Provision Docker Registry Token Server (service-group-member)': - command => 'sm-provision service-group-member controller-services registry-token-server', - } - -> exec { 'Provision Docker Registry Token Server (service)': - command => 'sm-provision service registry-token-server', - } - - # Barbican - if $barbican_enabled { - exec { 'Provision OpenStack - Barbican API (service-group-member)': - command => 'sm-provision service-group-member cloud-services barbican-api', - } - -> exec { 'Provision OpenStack - Barbican API (service)': - command => 'sm-provision service barbican-api', - } - -> exec { 'Provision OpenStack - Barbican Keystone Listener (service-group-member)': - command => 'sm-provision service-group-member cloud-services barbican-keystone-listener', - } - -> exec { 'Provision OpenStack - Barbican Keystone Listener (service)': - command => 'sm-provision service barbican-keystone-listener', - } - -> exec { 'Provision OpenStack - Barbican Worker (service-group-member)': - command => 'sm-provision service-group-member cloud-services barbican-worker', - } - -> exec { 'Provision OpenStack - Barbican Worker (service)': - command => 'sm-provision service barbican-worker', - } - } else { - exec { 'Deprovision OpenStack - Barbican API (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-api', - } - -> exec { 'Deprovision OpenStack - Barbican API (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-api', - } - - exec { 'Deprovision OpenStack - Barbican Keystone Listener (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-keystone-listener', - } - -> exec { 'Deprovision OpenStack - Barbican Keystone Listener (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-keystone-listener', - } - - exec { 'Deprovision OpenStack - Barbican Worker (service-group-member)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service-group-member cloud-services barbican-worker', - } - -> exec { 'Deprovision OpenStack - Barbican Worker (service)': - path => [ '/usr/bin', '/usr/sbin', '/usr/local/bin', '/etc', '/sbin', '/bin' ], - command => 'sm-deprovision service barbican-worker', - } - } - - if $ceph_configured { - if $system_type == 'All-in-one' and 'duplex' in $system_mode { - exec { 'Provision Cephmon FS in SM (service-group-member cephmon-fs)': - command => 'sm-provision service-group-member controller-services cephmon-fs', - } - -> exec { 'Provision Cephmon FS in SM (service cephmon-fs)': - command => 'sm-provision service cephmon-fs', - } - -> exec { 'Provision Cephmon DRBD in SM (service-group-member drbd-cephmon': - command => 'sm-provision service-group-member controller-services drbd-cephmon', - } - -> exec { 'Provision Cephmon DRBD in SM (service drbd-cephmon)': - command => 'sm-provision service drbd-cephmon', - } - -> exec { 'Configure Cephmon DRBD': - command => "sm-configure service_instance drbd-cephmon drbd-cephmon:${hostunit} \"drbd_resource=${cephmon_drbd_resource}\"", - } - -> exec { 'Configure Cephmon FileSystem': - command => "sm-configure service_instance cephmon-fs cephmon-fs \"device=${cephmon_fs_device},directory=${cephmon_fs_directory},options=noatime,nodiratime,fstype=ext4,check_level=20\"", - } - -> exec { 'Configure cephmon': - command => "sm-configure service_instance ceph-mon ceph-mon \"\"", - } - -> exec { 'Provision cephmon (service-group-member)': - command => 'sm-provision service-group-member controller-services ceph-mon', - } - -> exec { 'Provision cephmon (service)': - command => 'sm-provision service ceph-mon', - } - -> exec { 'Configure ceph-osd': - command => "sm-configure service_instance ceph-osd ceph-osd \"\"", - } - -> exec { 'Provision ceph-osd (service-group-member)': - command => 'sm-provision service-group-member storage-services ceph-osd', - } - -> exec { 'Provision ceph-osd (service)': - command => 'sm-provision service ceph-osd', - } - } - - # Ceph mgr RESTful plugin - exec { 'Provision mgr-restful-plugin (service-domain-member storage-services)': - command => 'sm-provision service-domain-member controller storage-services', - } - -> exec { 'Provision mgr-restful-plugin (service-group storage-services)': - command => 'sm-provision service-group storage-services', - } - -> exec { 'Provision mgr-restful-plugin (service-group-member mgr-restful-plugin)': - command => 'sm-provision service-group-member storage-services mgr-restful-plugin', - } - -> exec { 'Provision mgr-restful-plugin (service mgr-restful-plugin)': - command => 'sm-provision service mgr-restful-plugin', - } - - # Ceph-Manager - -> exec { 'Provision Ceph-Manager (service-domain-member storage-monitoring-services)': - command => 'sm-provision service-domain-member controller storage-monitoring-services', - } - -> exec { 'Provision Ceph-Manager service-group storage-monitoring-services)': - command => 'sm-provision service-group storage-monitoring-services', - } - -> exec { 'Provision Ceph-Manager (service-group-member ceph-manager)': - command => 'sm-provision service-group-member storage-monitoring-services ceph-manager', - } - -> exec { 'Provision Ceph-Manager in SM (service ceph-manager)': - command => 'sm-provision service ceph-manager', - } - } - - # Ceph-Rados-Gateway - if $rgw_configured { - exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': - command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw' - } - -> exec { 'Provision Ceph-Rados-Gateway (service ceph-radosgw)': - command => 'sm-provision service ceph-radosgw', - } - } else { - exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': - command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw' - } - -> exec { 'Deprovision Ceph-Rados-Gateway (service ceph-radosgw)': - command => 'sm-deprovision service ceph-radosgw', - } - } - - if $ldapserver_remote { - # if remote LDAP server is configured, deprovision local openldap service. - exec { 'Deprovision open-ldap service group member': - command => '/usr/bin/sm-deprovision service-group-member directory-services open-ldap', - } - -> exec { 'Deprovision open-ldap service': - command => '/usr/bin/sm-deprovision service open-ldap', - } - } - - if $::platform::params::distributed_cloud_role =='systemcontroller' { - exec { 'Provision distributed-cloud-services (service-domain-member distributed-cloud-services)': - command => 'sm-provision service-domain-member controller distributed-cloud-services', - } - -> exec { 'Provision distributed-cloud-services (service-group distributed-cloud-services)': - command => 'sm-provision service-group distributed-cloud-services', - } - -> exec { 'Provision DCManager-Manager (service-group-member dcmanager-manager)': - command => 'sm-provision service-group-member distributed-cloud-services dcmanager-manager', - } - -> exec { 'Provision DCManager-Manager in SM (service dcmanager-manager)': - command => 'sm-provision service dcmanager-manager', - } - -> exec { 'Provision DCManager-RestApi (service-group-member dcmanager-api)': - command => 'sm-provision service-group-member distributed-cloud-services dcmanager-api', - } - -> exec { 'Provision DCManager-RestApi in SM (service dcmanager-api)': - command => 'sm-provision service dcmanager-api', - } - -> exec { 'Provision DCOrch-Engine (service-group-member dcorch-engine)': - command => 'sm-provision service-group-member distributed-cloud-services dcorch-engine', - } - -> exec { 'Provision DCOrch-Engine in SM (service dcorch-engine)': - command => 'sm-provision service dcorch-engine', - } - -> exec { 'Provision DCOrch-Snmp (service-group-member dcorch-snmp)': - command => 'sm-provision service-group-member distributed-cloud-services dcorch-snmp', - } - -> exec { 'Provision DCOrch-Snmp in SM (service dcorch-snmp)': - command => 'sm-provision service dcorch-snmp', - } - -> exec { 'Provision DCOrch-Identity-Api-Proxy (service-group-member dcorch-identity-api-proxy)': - command => 'sm-provision service-group-member distributed-cloud-services dcorch-identity-api-proxy', - } - -> exec { 'Provision DCOrch-Identity-Api-Proxy in SM (service dcorch-identity-api-proxy)': - command => 'sm-provision service dcorch-identity-api-proxy', - } - -> exec { 'Provision DCOrch-Sysinv-Api-Proxy (service-group-member dcorch-sysinv-api-proxy)': - command => 'sm-provision service-group-member distributed-cloud-services dcorch-sysinv-api-proxy', - } - -> exec { 'Provision DCOrch-Sysinv-Api-Proxy in SM (service dcorch-sysinv-api-proxy)': - command => 'sm-provision service dcorch-sysinv-api-proxy', - } - -> exec { 'Provision DCOrch-Patch-Api-Proxy (service-group-member dcorch-patch-api-proxy)': - command => 'sm-provision service-group-member distributed-cloud-services dcorch-patch-api-proxy', - } - -> exec { 'Provision DCOrch-Patch-Api-Proxy in SM (service dcorch-patch-api-proxy)': - command => 'sm-provision service dcorch-patch-api-proxy', - } - -> exec { 'Provision DCDBsync-RestApi (service-group-member dcdbsync-api)': - command => 'sm-provision service-group-member distributed-cloud-services dcdbsync-api', - } - -> exec { 'Provision DCDBsync-RestApi in SM (service dcdbsync-api)': - command => 'sm-provision service dcdbsync-api', - } - -> exec { 'Configure Platform - DCManager-Manager': - command => "sm-configure service_instance dcmanager-manager dcmanager-manager \"\"", - } - -> exec { 'Configure OpenStack - DCManager-API': - command => "sm-configure service_instance dcmanager-api dcmanager-api \"\"", - } - -> exec { 'Configure OpenStack - DCOrch-Engine': - command => "sm-configure service_instance dcorch-engine dcorch-engine \"\"", - } - -> exec { 'Configure OpenStack - DCOrch-Snmp': - command => "sm-configure service_instance dcorch-snmp dcorch-snmp \"\"", - } - -> exec { 'Configure OpenStack - DCOrch-identity-api-proxy': - command => "sm-configure service_instance dcorch-identity-api-proxy dcorch-identity-api-proxy \"\"", - } - -> exec { 'Configure OpenStack - DCOrch-sysinv-api-proxy': - command => "sm-configure service_instance dcorch-sysinv-api-proxy dcorch-sysinv-api-proxy \"\"", - } - -> exec { 'Configure OpenStack - DCOrch-patch-api-proxy': - command => "sm-configure service_instance dcorch-patch-api-proxy dcorch-patch-api-proxy \"\"", - } - -> exec { 'Configure OpenStack - DCDBsync-API': - command => "sm-configure service_instance dcdbsync-api dcdbsync-api \"\"", - } - } - - # lint:endignore:140chars -} - - -define platform::sm::restart { - exec {"sm-restart-${name}": - command => "sm-restart-safe service ${name}", - } -} - - -# WARNING: -# This should only be invoked in a standalone / simplex mode. -# It is currently used during infrastructure network post-install apply -# to ensure SM reloads the updated configuration after the manifests -# are applied. -# Semantic checks enforce the standalone condition (all hosts locked) -class platform::sm::reload { - - # Ensure service(s) are restarted before SM is restarted - Platform::Sm::Restart <| |> -> Class[$name] - - exec { 'pmon-stop-sm': - command => 'pmon-stop sm' - } - -> file { '/var/run/sm/sm.db': - ensure => absent - } - -> exec { 'pmon-start-sm': - command => 'pmon-start sm' - } -} - - -class platform::sm::norestart::runtime { - include ::platform::sm -} - -class platform::sm::runtime { - include ::platform::sm - - class { 'platform::sm::reload': - stage => post, - } -} - -class platform::sm::stx_openstack::runtime { - $system_type = $::platform::params::system_type - $system_mode = $::platform::params::system_mode - $stx_openstack_applied = $::platform::params::stx_openstack_applied - - if $stx_openstack_applied { - # Configure dbmon for AIO duplex and systemcontroller - if ($::platform::params::distributed_cloud_role =='systemcontroller') or - ($system_type == 'All-in-one' and 'duplex' in $system_mode) { - exec { 'provision service group member': - command => 'sm-provision service-group-member cloud-services dbmon --apply' - } - } - exec { 'provision guest-agent service group member': - command => 'sm-provision service-group-member controller-services guest-agent --apply' - } - } else { - exec { 'deprovision service group member': - command => 'sm-deprovision service-group-member cloud-services dbmon --apply' - } - exec { 'deprovision guest-agent service group member': - command => 'sm-deprovision service-group-member controller-services guest-agent --apply' - } - } -} - -class platform::sm::rgw::runtime { - $rgw_configured = $::platform::ceph::params::rgw_enabled - - if $rgw_configured { - exec {'Provision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': - command => 'sm-provision service-group-member storage-monitoring-services ceph-radosgw --apply' - } - } else { - exec {'Deprovision Ceph-Rados-Gateway (service-group-member ceph-radosgw)': - command => 'sm-deprovision service-group-member storage-monitoring-services ceph-radosgw --apply' - } - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/smapi.pp b/puppet-manifests/src/modules/platform/manifests/smapi.pp deleted file mode 100644 index 9a0a21df74..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/smapi.pp +++ /dev/null @@ -1,51 +0,0 @@ -class platform::smapi::params ( - $auth_username = undef, - $keystone_auth_url = undef, - $keystone_username = undef, - $keystone_password = undef, - $public_url = undef, - $admin_url = undef, - $bind_ip = undef, - $port = undef, - $region = undef, -) {} - -class platform::smapi::haproxy - inherits ::platform::smapi::params { - - include ::platform::params - include ::platform::haproxy::params - - platform::haproxy::proxy { 'sm-api-internal': - server_name => 's-smapi-internal', - public_ip_address => $::platform::haproxy::params::private_ip_address, - public_port => $port, - public_api => false, - private_ip_address => $bind_ip, - private_port => $port, - } - platform::haproxy::proxy { 'sm-api-public': - server_name => 's-smapi-public', - public_port => $port, - private_port => $port, - } -} - -class platform::smapi - inherits ::platform::smapi::params { - if ($::platform::params::init_keystone) { - include ::smapi::keystone::auth - } - - include ::platform::params - include ::platform::smapi::haproxy - $bind_host_name = $::platform::params::hostname - file { '/etc/sm-api/sm-api.conf': - ensure => 'present', - content => template('platform/sm-api.conf.erb'), - owner => 'root', - group => 'root', - mode => '0400', - } -} - diff --git a/puppet-manifests/src/modules/platform/manifests/snmp.pp b/puppet-manifests/src/modules/platform/manifests/snmp.pp deleted file mode 100644 index efbbaf732a..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/snmp.pp +++ /dev/null @@ -1,28 +0,0 @@ -class platform::snmp::params ( - $community_strings = [], - $trap_destinations = [], - $system_name = '', - $system_location = '?', - $system_contact = '?', - $system_info = '', - $software_version = '', -) { } - -class platform::snmp::runtime - inherits ::platform::snmp::params { - - $software_version = $::platform::params::software_version - $system_info = $::system_info - - file { '/etc/snmp/snmpd.conf': - ensure => 'present', - replace => true, - content => template('platform/snmpd.conf.erb') - } - - # send HUP signal to snmpd if it is running - -> exec { 'notify-snmp': - command => '/usr/bin/pkill -HUP snmpd', - onlyif => 'ps -ef | pgrep snmpd' - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/sysctl.pp b/puppet-manifests/src/modules/platform/manifests/sysctl.pp deleted file mode 100644 index f0b6956189..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/sysctl.pp +++ /dev/null @@ -1,147 +0,0 @@ -class platform::sysctl::params ( - $low_latency = false, -) inherits ::platform::params {} - - -class platform::sysctl - inherits ::platform::sysctl::params { - - include ::platform::network::mgmt::params - - $ip_version = $::platform::network::mgmt::params::subnet_version - - # Increase min_free_kbytes to 128 MiB from 88 MiB, helps prevent OOM - sysctl::value { 'vm.min_free_kbytes': - value => '131072' - } - - # Set sched_nr_migrate to standard linux default - sysctl::value { 'kernel.sched_nr_migrate': - value => '8', - } - - # Enable br_netfilter (required to allow setting bridge-nf-call-arptables) - exec { 'modprobe br_netfilter': - command => 'modprobe br_netfilter', - } - - # Set bridge-nf-call-arptables for containerized neutron - -> sysctl::value { 'net.bridge.bridge-nf-call-arptables': - value => '1', - } - - # Tuning options for low latency compute - if $low_latency { - # Increase VM stat interval - sysctl::value { 'vm.stat_interval': - value => '10', - } - - # Disable timer migration - sysctl::value { 'kernel.timer_migration': - value => '0', - } - - # Disable RT throttling - sysctl::value { 'kernel.sched_rt_runtime_us': - value => '1000000', - } - } else { - # Disable NUMA balancing - sysctl::value { 'kernel.numa_balancing': - value => '0', - } - } - - if $ip_version == $::platform::params::ipv6 { - sysctl::value { 'net.ipv6.conf.all.forwarding': - value => '1' - } - - } else { - sysctl::value { 'net.ipv4.ip_forward': - value => '1' - } - - sysctl::value { 'net.ipv4.conf.default.rp_filter': - value => '0' - } - - sysctl::value { 'net.ipv4.conf.all.rp_filter': - value => '0' - } - - # If this manifest is applied without rebooting the controller, as is done - # when config_controller is run, any existing interfaces will not have - # their rp_filter setting changed. This is because the kernel uses a MAX - # of the 'all' setting (which is now 0) and the current setting for the - # interface (which will be 1). When a blade is rebooted, the interfaces - # come up with the new 'default' setting so all is well. - exec { 'Clear rp_filter for existing interfaces': - command => "bash -c 'for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > \$f; done'", - } - } -} - - -class platform::sysctl::controller - inherits ::platform::sysctl::params { - - include ::platform::sysctl - - # Engineer VM page cache tunables to prevent significant IO delays that may - # occur if we flush a buildup of dirty pages. Engineer VM settings to make - # writebacks more regular. Note that Linux default proportion of page cache that - # can be dirty is rediculously large for systems > 8GB RAM, and can result in - # many seconds of IO wait, especially if GBs of dirty pages are written at once. - # Note the following settings are currently only applied to controller, - # though these are intended to be applicable to all blades. For unknown reason, - # there was negative impact to VM traffic on computes. - - # dirty_background_bytes limits magnitude of pending IO, so - # choose setting of 3 seconds dirty holding x 200 MB/s write speed (SSD) - sysctl::value { 'vm.dirty_background_bytes': - value => '600000000' - } - - # dirty_ratio should be larger than dirty_background_bytes, set 1.3x larger - sysctl::value { 'vm.dirty_bytes': - value => '800000000' - } - - # prefer reclaim of dentries and inodes, set larger than default of 100 - sysctl::value { 'vm.vfs_cache_pressure': - value => '500' - } - - # reduce dirty expiry to 10s from default 30s - sysctl::value { 'vm.dirty_expire_centisecs': - value => '1000' - } - - # reduce dirty writeback to 1s from default 5s - sysctl::value { 'vm.dirty_writeback_centisecs': - value => '100' - } - - # Setting max to 160 MB to support more connections - # When increasing postgres connections, add 7.5 MB for every 100 connections - sysctl::value { 'kernel.shmmax': - value => '167772160' - } -} - - -class platform::sysctl::compute { - include ::platform::sysctl -} - - -class platform::sysctl::storage { - include ::platform::sysctl -} - - -class platform::sysctl::controller::runtime { - include ::platform::sysctl::controller -} diff --git a/puppet-manifests/src/modules/platform/manifests/sysinv.pp b/puppet-manifests/src/modules/platform/manifests/sysinv.pp deleted file mode 100644 index be6b34d04d..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/sysinv.pp +++ /dev/null @@ -1,183 +0,0 @@ -class platform::sysinv::params ( - $api_port = 6385, - $region_name = undef, - $service_create = false, - $fm_catalog_info = 'faultmanagement:fm:internalURL', -) { } - -class platform::sysinv - inherits ::platform::sysinv::params { - - Anchor['platform::services'] -> Class[$name] - - include ::platform::params - include ::platform::amqp::params - include ::platform::drbd::platform::params - - # sysinv-agent is started on all hosts - include ::sysinv::agent - - $keystone_key_repo_path = "${::platform::drbd::platform::params::mountpoint}/keystone" - - group { 'sysinv': - ensure => 'present', - gid => '168', - } - - -> user { 'sysinv': - ensure => 'present', - comment => 'sysinv Daemons', - gid => '168', - groups => ['nobody', 'sysinv', 'sys_protected'], - home => '/var/lib/sysinv', - password => '!!', - password_max_age => '-1', - password_min_age => '-1', - shell => '/sbin/nologin', - uid => '168', - } - - -> file { '/etc/sysinv': - ensure => 'directory', - owner => 'sysinv', - group => 'sysinv', - mode => '0750', - } - - -> class { '::sysinv': - rabbit_host => $::platform::amqp::params::host_url, - rabbit_port => $::platform::amqp::params::port, - rabbit_userid => $::platform::amqp::params::auth_user, - rabbit_password => $::platform::amqp::params::auth_password, - fm_catalog_info => $fm_catalog_info, - fernet_key_repository => "${keystone_key_repo_path}/fernet-keys", - } - - # Note: The log format strings are prefixed with "sysinv" because it is - # interpreted as the program by syslog-ng, which allows the sysinv logs to be - # filtered and directed to their own file. - - # TODO(mpeters): update puppet-sysinv to permit configuration of log formats - # once the log configuration has been moved to oslo::log - sysinv_config { - 'DEFAULT/logging_context_format_string': value => - 'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user)s %(tenant)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => - 'sysinv %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s'; - } - - # TODO(tngo): The following block will be removed as part of config_controller cleanup - if str2bool($::is_initial_config_primary) { - $software_version = $::platform::params::software_version - - Class['::sysinv'] - - -> file { '/opt/platform/sysinv': - ensure => directory, - owner => 'sysinv', - mode => '0755', - } - - -> file { "/opt/platform/sysinv/${software_version}": - ensure => directory, - owner => 'sysinv', - mode => '0755', - } - - -> file { "/opt/platform/sysinv/${software_version}/sysinv.conf.default": - source => '/etc/sysinv/sysinv.conf', - } - } -} - - -class platform::sysinv::runtime { - - include ::platform::params - $software_version = $::platform::params::software_version - - file { '/opt/platform/sysinv': - ensure => directory, - owner => 'sysinv', - mode => '0755', - } - -> file { "/opt/platform/sysinv/${software_version}": - ensure => directory, - owner => 'sysinv', - mode => '0755', - } - -> file { "/opt/platform/sysinv/${software_version}/sysinv.conf.default": - source => '/etc/sysinv/sysinv.conf', - } -} - - -class platform::sysinv::conductor { - - Class['::platform::drbd::platform'] -> Class[$name] - - include ::sysinv::conductor -} - - -class platform::sysinv::haproxy - inherits ::platform::sysinv::params { - - platform::haproxy::proxy { 'sysinv-restapi': - server_name => 's-sysinv', - public_port => $api_port, - private_port => $api_port, - } -} - - -class platform::sysinv::api - inherits ::platform::sysinv::params { - - include ::platform::params - include ::sysinv::api - - if ($::platform::sysinv::params::service_create and - $::platform::params::init_keystone) { - include ::sysinv::keystone::auth - - # Cleanup the endpoints created at bootstrap if they are not in - # the subcloud region. - if ($::platform::params::distributed_cloud_role == 'subcloud' and - $::platform::params::region_2_name != 'RegionOne') { - Keystone_endpoint["${platform::params::region_2_name}/sysinv::platform"] -> Keystone_endpoint['RegionOne/sysinv::platform'] - keystone_endpoint { 'RegionOne/sysinv::platform': - ensure => 'absent', - name => 'sysinv', - type => 'platform', - region => 'RegionOne', - public_url => 'http://127.0.0.1:6385/v1', - admin_url => 'http://127.0.0.1:6385/v1', - internal_url => 'http://127.0.0.1:6385/v1' - } - } - } - - # TODO(mpeters): move to sysinv puppet module parameters - sysinv_config { - 'DEFAULT/sysinv_api_workers': value => $::platform::params::eng_workers_by_5; - } - - include ::platform::sysinv::haproxy -} - - -class platform::sysinv::bootstrap { - include ::sysinv::db::postgresql - include ::sysinv::keystone::auth - - include ::platform::sysinv - - class { '::sysinv::api': - enabled => true - } - - class { '::sysinv::conductor': - enabled => true - } -} diff --git a/puppet-manifests/src/modules/platform/manifests/users.pp b/puppet-manifests/src/modules/platform/manifests/users.pp deleted file mode 100644 index 84396ce5fd..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/users.pp +++ /dev/null @@ -1,64 +0,0 @@ -class platform::users::params ( - $sysadmin_password = undef, - $sysadmin_password_max_age = undef, -) {} - - -class platform::users - inherits ::platform::users::params { - - include ::platform::params - - # Create a 'sys_protected' group for sysadmin and all openstack services - # (including StarlingX services: sysinv, etc.). - group { $::platform::params::protected_group_name: - ensure => 'present', - gid => $::platform::params::protected_group_id, - } - - -> user { 'sysadmin': - ensure => 'present', - groups => ['root', $::platform::params::protected_group_name], - home => '/home/sysadmin', - password => $sysadmin_password, - password_max_age => $sysadmin_password_max_age, - shell => '/bin/sh', - } - - # Keyring should only be executable by 'sys_protected'. - -> file { '/usr/bin/keyring': - owner => 'root', - group => $::platform::params::protected_group_name, - mode => '0750', - } -} - - -class platform::users::bootstrap - inherits ::platform::users::params { - - include ::platform::params - - group { $::platform::params::protected_group_name: - ensure => 'present', - gid => $::platform::params::protected_group_id, - } - - -> user { 'sysadmin': - ensure => 'present', - groups => ['root', $::platform::params::protected_group_name], - home => '/home/sysadmin', - password_max_age => $sysadmin_password_max_age, - shell => '/bin/sh', - } -} - - -class platform::users::runtime { - include ::platform::users -} - -class platform::users::upgrade { - include ::platform::users -} - diff --git a/puppet-manifests/src/modules/platform/manifests/vswitch.pp b/puppet-manifests/src/modules/platform/manifests/vswitch.pp deleted file mode 100644 index 49771331eb..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/vswitch.pp +++ /dev/null @@ -1,190 +0,0 @@ -class platform::vswitch::params( - $iommu_enabled = true, - $hugepage_dir = '/mnt/huge-1048576kB', - $driver_type = 'vfio-pci', - $vswitch_class = ::platform::vswitch::ovs, -) { } - - -class platform::vswitch - inherits ::platform::vswitch::params { - - Class[$name] -> Class['::platform::network'] - - if $::platform::params::vswitch_type != 'none' { - $enable_unsafe_noiommu_mode = bool2num(!$iommu_enabled) - exec {'vfio-iommu-mode': - command => "echo ${enable_unsafe_noiommu_mode} > /sys/module/vfio/parameters/enable_unsafe_noiommu_mode", - require => Kmod::Load[$driver_type], - } - } - - include $vswitch_class -} - - -define platform::vswitch::ovs::device( - $pci_addr, - $driver_type, -) { - exec { "ovs-bind-device: ${title}": - path => ['/usr/bin', '/usr/sbin', '/usr/share/openvswitch/scripts'], - command => "dpdk-devbind.py --bind=${driver_type} ${pci_addr}" - } -} - - -define platform::vswitch::ovs::bridge( - $datapath_type = 'netdev', - $attributes = [], -) { - exec { "ovs-add-br: ${title}": - command => template('platform/ovs.add-bridge.erb') - } - -> exec { "ovs-link-up: ${title}": - command => "ip link set ${name} up", - } -} - - -define platform::vswitch::ovs::port( - $bridge, - $interfaces, - $type = 'port', - $attributes = [], -) { - exec { "ovs-add-port: ${title}": - command => template('platform/ovs.add-port.erb'), - logoutput => true - } -} - - -define platform::vswitch::ovs::address( - $ifname, - $address, - $prefixlen, -) { - exec { "ovs-add-address: ${title}": - command => "ip addr replace ${address}/${prefixlen} dev ${ifname}", - } -} - - -define platform::vswitch::ovs::flow( - $bridge, - $actions, - $attributes = [], -) { - exec { "ovs-add-flow: ${title}": - command => template('platform/ovs.add-flow.erb'), - logoutput => true - } -} - - -class platform::vswitch::ovs( - $devices = {}, - $bridges = {}, - $ports = {}, - $addresses = {}, - $flows = {}, -) inherits ::platform::vswitch::params { - - if $::platform::params::vswitch_type == 'ovs' { - include ::vswitch::ovs - } elsif $::platform::params::vswitch_type == 'ovs-dpdk' { - include ::vswitch::dpdk - - # Since OVS socket memory is configurable, it is required to start the - # ovsdb server and disable DPDK initialization before the openvswitch - # service runs to prevent any previously stored OVSDB configuration from - # being used before the new Vs_config gets applied. - service { 'ovsdb-server': - ensure => 'running', - before => Service['openvswitch'], - } - exec { 'disable dpdk initialization': - command => template('platform/ovs.disable-dpdk-init.erb'), - provider => shell, - require => Service['ovsdb-server'] - } - - Exec['vfio-iommu-mode'] - -> Platform::Vswitch::Ovs::Device<||> - -> Platform::Vswitch::Ovs::Bridge<||> - - create_resources('platform::vswitch::ovs::device', $devices, { - driver_type => $driver_type, - before => Service['openvswitch'] - }) - - Mount[$hugepage_dir] -> Service['openvswitch'] - - $dpdk_configs = { - 'other_config:dpdk-hugepage-dir' => { value => $hugepage_dir }, - } - - $dpdk_dependencies = { - wait => false, - require => Service['openvswitch'], - notify => Vs_config['other_config:dpdk-init'], - } - - create_resources ('vs_config', $dpdk_configs, $dpdk_dependencies) - - Vs_config<||> -> Platform::Vswitch::Ovs::Bridge<||> - } - - if $::platform::params::vswitch_type == 'ovs-dpdk' { - $pmon_ensure = link - } else { - $pmon_ensure = absent - } - - file { '/etc/pmon.d/ovsdb-server.conf': - ensure => $pmon_ensure, - target => '/etc/openvswitch/ovsdb-server.pmon.conf', - owner => 'root', - group => 'root', - mode => '0644', - } - - file { '/etc/pmon.d/ovs-vswitchd.conf': - ensure => $pmon_ensure, - target => '/etc/openvswitch/ovs-vswitchd.pmon.conf', - owner => 'root', - group => 'root', - mode => '0644', - } - - if $::platform::params::vswitch_type =~ '^ovs' { - - # clean bridges and ports before applying current configuration - exec { 'ovs-clean': - command => template('platform/ovs.clean.erb'), - provider => shell, - require => Service['openvswitch'] - } - - -> Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Port<||> - Platform::Vswitch::Ovs::Bridge<||> -> Platform::Vswitch::Ovs::Address<||> - Platform::Vswitch::Ovs::Port<||> -> Platform::Vswitch::Ovs::Flow<||> - } - - create_resources('platform::vswitch::ovs::bridge', $bridges, { - require => Service['openvswitch'] - }) - - create_resources('platform::vswitch::ovs::port', $ports, { - require => Service['openvswitch'] - }) - - create_resources('platform::vswitch::ovs::address', $addresses, { - require => Service['openvswitch'] - }) - - create_resources('platform::vswitch::ovs::flow', $flows, { - require => Service['openvswitch'] - }) -} diff --git a/puppet-manifests/src/modules/platform/manifests/worker.pp b/puppet-manifests/src/modules/platform/manifests/worker.pp deleted file mode 100644 index d305aab706..0000000000 --- a/puppet-manifests/src/modules/platform/manifests/worker.pp +++ /dev/null @@ -1,118 +0,0 @@ - -define platform::worker::storage::wipe_new_pv { - $cmd = join(['/sbin/pvs --nosuffix --noheadings ',$name,' 2>/dev/null | grep nova-local || true']) - $result = generate('/bin/sh', '-c', $cmd) - if $result !~ /nova-local/ { - exec { "Wipe New PV not in VG - ${name}": - provider => shell, - command => "wipefs -a ${name}", - before => Lvm::Volume[instances_lv], - require => Exec['remove device mapper mapping'] - } - } -} - -define platform::worker::storage::wipe_pv_and_format { - if $name !~ /part/ { - exec { "Wipe removing PV ${name}": - provider => shell, - command => "wipefs -a ${name}", - require => File_line[disable_old_lvg_disks] - } - -> exec { "GPT format disk PV - ${name}": - provider => shell, - command => "parted -a optimal --script ${name} -- mktable gpt", - } - } - else { - exec { "Wipe removing PV ${name}": - provider => shell, - command => "wipefs -a ${name}", - require => File_line[disable_old_lvg_disks] - } - } -} - -class platform::worker::storage ( - $adding_pvs, - $removing_pvs, - $final_pvs, - $lvm_global_filter = '[]', - $lvm_update_filter = '[]', - $images_rbd_pool = 'ephemeral', - $images_rbd_ceph_conf = '/etc/ceph/ceph.conf' -) { - $adding_pvs_str = join($adding_pvs,' ') - $removing_pvs_str = join($removing_pvs,' ') - $round_to_extent = false - - # Ensure partitions update prior to local storage configuration - Class['::platform::partitions'] -> Class[$name] - - ::platform::worker::storage::wipe_new_pv { $adding_pvs: } - ::platform::worker::storage::wipe_pv_and_format { $removing_pvs: } - - file_line { 'enable_new_lvg_disks': - path => '/etc/lvm/lvm.conf', - line => " global_filter = ${lvm_update_filter}", - match => '^[ ]*global_filter =', - } - -> exec { 'umount /var/lib/nova/instances': - command => 'umount /var/lib/nova/instances; true', - onlyif => 'test -e /var/lib/nova/instances', - } - -> exec { 'umount /dev/nova-local/instances_lv': - command => 'umount /dev/nova-local/instances_lv; true', - onlyif => 'test -e /dev/nova-local/instances_lv', - } - -> exec { 'remove udev leftovers': - unless => 'vgs nova-local', - command => 'rm -rf /dev/nova-local || true', - } - -> exec { 'remove device mapper mapping': - command => 'dmsetup remove /dev/mapper/nova--local-instances_lv || true', - onlyif => 'test -e /dev/mapper/nova--local-instances_lv', - } - -> file_line { 'disable_old_lvg_disks': - path => '/etc/lvm/lvm.conf', - line => " global_filter = ${lvm_global_filter}", - match => '^[ ]*global_filter =', - } - if ! empty($::platform::lvm::vg::nova_local::physical_volumes) { - File_line['disable_old_lvg_disks'] - -> file { '/var/lib/nova': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> exec { 'add device mapper mapping': - command => 'lvchange -ay /dev/nova-local/instances_lv || true', - } - -> lvm::volume { 'instances_lv': - ensure => 'present', - vg => 'nova-local', - pv => $final_pvs, - size => 'max', - round_to_extent => $round_to_extent, - allow_reduce => true, - nuke_fs_on_resize_failure => true, - } - -> filesystem { '/dev/nova-local/instances_lv': - ensure => present, - fs_type => 'ext4', - options => '-F -F', - require => Logical_volume['instances_lv'] - } - -> file { '/var/lib/nova/instances': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0755', - } - -> exec { 'mount /dev/nova-local/instances_lv': - unless => 'mount | grep -q /var/lib/nova/instances', - command => 'mount -t ext4 /dev/nova-local/instances_lv /var/lib/nova/instances', - } - } -} diff --git a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb deleted file mode 100644 index cd2a316160..0000000000 --- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb +++ /dev/null @@ -1,825 +0,0 @@ ---- -# Calico Version v3.6 -# Based off: -# https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/ -# hosted/kubernetes-datastore/calico-networking/1.7/calico.yaml -# Original file located in the source tree as calico.yaml.erb.orig -# -# This is the calico configuration file for systems with less than 50 nodes. -# -# Notes when upversioning calico: -# -# Refer to configuration instructions here: -# https://docs.projectcalico.org/v3.6/getting-started/kubernetes/installation/ -# calico -# -# It is important to test in a multi-controller environment (ie: AIO-DX) that -# the pods can be pinged by their endpoint. ie: A pod running on controller-1 -# can be pinged from controller-0, and vica versa. -# -# An additional test (run on controller-0) that queries the calico daemon -# health and status -# -# curl -O -L https://github.com/projectcalico/calicoctl/releases/download/ -# v3.6.2/calicoctl -# chmod +x calicoctl -# sudo mv calicoctl /usr/local/bin -# export DATASTORE_TYPE=kubernetes -# sudo calicoctl node status -# -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # Typha is disabled. - typha_service_name: "none" - # Configure the Calico backend to use. - calico_backend: "bird" - - # Configure the MTU to use - veth_mtu: "1440" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.0", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "calico-ipam", - <%- if @pod_network_ipversion == 4 -%> - "assign_ipv4": "true", - <%- else -%> - "assign_ipv4": "false", - <%- end -%> - <%- if @pod_network_ipversion == 6 -%> - "assign_ipv6": "true" - <%- else -%> - "assign_ipv6": "false" - <%- end -%> - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - } - ] - } - ---- -# Source: calico/templates/kdd-crds.yaml -# Create all the CustomResourceDefinitions needed for -# Calico policy and networking mode. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: FelixConfiguration - plural: felixconfigurations - singular: felixconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMBlock - plural: ipamblocks - singular: ipamblock - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BlockAffinity - plural: blockaffinities - singular: blockaffinity - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMHandle - plural: ipamhandles - singular: ipamhandle - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMConfig - plural: ipamconfigs - singular: ipamconfig - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPPeer - plural: bgppeers - singular: bgppeer - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPConfiguration - plural: bgpconfigurations - singular: bgpconfiguration - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPPool - plural: ippools - singular: ippool - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: HostEndpoint - plural: hostendpoints - singular: hostendpoint - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: ClusterInformation - plural: clusterinformations - singular: clusterinformation - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkPolicy - plural: globalnetworkpolicies - singular: globalnetworkpolicy - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkSet - plural: globalnetworksets - singular: globalnetworkset - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkPolicy - plural: networkpolicies - singular: networkpolicy ---- -# Source: calico/templates/rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are queried to check for existence. - - apiGroups: [""] - resources: - - pods - verbs: - - get - # IPAM resources are manipulated when nodes are deleted. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - create - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-node -rules: - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - clusterinformations - - hostendpoints - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only requried for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system ---- - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the node container, as well -# as the Calico CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - annotations: - # This, along with the CriticalAddonsOnly toleration below, - # marks the pod as a critical add-on, ensuring it gets - # priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - beta.kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: "<%= @quay_registry %>/calico/cni:v3.6.2" - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - # This container installs the Calico CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: "<%= @quay_registry %>/calico/cni:v3.6.2" - command: ["/install-cni.sh"] - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - containers: - # Runs node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: "<%= @quay_registry %>/calico/node:v3.6.2" - env: - # Configure inbound failsafe rules - - name: FELIX_FAILSAFEINBOUNDHOSTPORTS - value: "tcp:22, udp:68, tcp:179" - # Configure output failsafe rules - - name: FELIX_FAILSAFEOUTBOUNDHOSTPORTS - value: "udp:53, udp:67, tcp:179" - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Auto-detect the BGP IP address. - <%- if @pod_network_ipversion == 4 -%> - - name: IP - value: "autodetect" - - name: IP_AUTODETECTION_METHOD - value: "can-reach=<%= @apiserver_advertise_address %>" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - - name: CALICO_IPV4POOL_CIDR - value: "<%= @pod_network_cidr %>" - - name: CALICO_IPV4POOL_NAT_OUTGOING - value: "true" - <%- else -%> - - name: IP - value: "none" - <%- end -%> - <%- if @pod_network_ipversion == 6 -%> - - name: IP6 - value: "autodetect" - - name: IP6_AUTODETECTION_METHOD - value: "can-reach=<%= @apiserver_advertise_address %>" - # The default IPv6 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - - name: CALICO_IPV6POOL_CIDR - value: "<%= @pod_network_cidr %>" - - name: CALICO_IPV6POOL_NAT_OUTGOING - value: "true" - <%- else -%> - - name: IP6 - value: "none" - <%- end -%> - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - <%- if @pod_network_ipversion == 6 -%> - # Enable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "true" - - name: CALICO_ROUTER_ID - value: "hash" - <%- else -%> - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - <%- end -%> - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - - name: FELIX_HEALTHENABLED - value: "true" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - httpGet: - path: /liveness - port: 9099 - host: localhost - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -bird-ready - - -felix-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - volumes: - # Used by node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# This manifest deploys the Calico node controller. -# See https://github.com/projectcalico/kube-controllers -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -spec: - # The controller can only have a single active instance. - replicas: 1 - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - nodeSelector: - beta.kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: calico-kube-controllers - containers: - - name: calico-kube-controllers - image: "<%= @quay_registry %>/calico/kube-controllers:v3.6.2" - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/calico-typha.yaml - ---- -# Source: calico/templates/configure-canal.yaml - - diff --git a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig b/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig deleted file mode 100644 index 0023deee6a..0000000000 --- a/puppet-manifests/src/modules/platform/templates/calico.yaml.erb.orig +++ /dev/null @@ -1,748 +0,0 @@ ---- -# Source: calico/templates/calico-config.yaml -# This ConfigMap is used to configure a self-hosted Calico installation. -kind: ConfigMap -apiVersion: v1 -metadata: - name: calico-config - namespace: kube-system -data: - # Typha is disabled. - typha_service_name: "none" - # Configure the Calico backend to use. - calico_backend: "bird" - - # Configure the MTU to use - veth_mtu: "1440" - - # The CNI network configuration to install on each node. The special - # values in this config will be automatically populated. - cni_network_config: |- - { - "name": "k8s-pod-network", - "cniVersion": "0.3.0", - "plugins": [ - { - "type": "calico", - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": __CNI_MTU__, - "ipam": { - "type": "calico-ipam" - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "__KUBECONFIG_FILEPATH__" - } - }, - { - "type": "portmap", - "snat": true, - "capabilities": {"portMappings": true} - } - ] - } - ---- -# Source: calico/templates/kdd-crds.yaml -# Create all the CustomResourceDefinitions needed for -# Calico policy and networking mode. - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: felixconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: FelixConfiguration - plural: felixconfigurations - singular: felixconfiguration ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamblocks.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMBlock - plural: ipamblocks - singular: ipamblock - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: blockaffinities.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BlockAffinity - plural: blockaffinities - singular: blockaffinity - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamhandles.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMHandle - plural: ipamhandles - singular: ipamhandle - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ipamconfigs.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPAMConfig - plural: ipamconfigs - singular: ipamconfig - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgppeers.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPPeer - plural: bgppeers - singular: bgppeer - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: bgpconfigurations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: BGPConfiguration - plural: bgpconfigurations - singular: bgpconfiguration - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: ippools.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: IPPool - plural: ippools - singular: ippool - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: hostendpoints.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: HostEndpoint - plural: hostendpoints - singular: hostendpoint - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterinformations.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: ClusterInformation - plural: clusterinformations - singular: clusterinformation - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworkpolicies.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkPolicy - plural: globalnetworkpolicies - singular: globalnetworkpolicy - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: globalnetworksets.crd.projectcalico.org -spec: - scope: Cluster - group: crd.projectcalico.org - version: v1 - names: - kind: GlobalNetworkSet - plural: globalnetworksets - singular: globalnetworkset - ---- - -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: networkpolicies.crd.projectcalico.org -spec: - scope: Namespaced - group: crd.projectcalico.org - version: v1 - names: - kind: NetworkPolicy - plural: networkpolicies - singular: networkpolicy ---- -# Source: calico/templates/rbac.yaml - -# Include a clusterrole for the kube-controllers component, -# and bind it to the calico-kube-controllers serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-kube-controllers -rules: - # Nodes are watched to monitor for deletions. - - apiGroups: [""] - resources: - - nodes - verbs: - - watch - - list - - get - # Pods are queried to check for existence. - - apiGroups: [""] - resources: - - pods - verbs: - - get - # IPAM resources are manipulated when nodes are deleted. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - verbs: - - list - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - # Needs access to update clusterinformations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - clusterinformations - verbs: - - get - - create - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-kube-controllers -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-kube-controllers -subjects: -- kind: ServiceAccount - name: calico-kube-controllers - namespace: kube-system ---- -# Include a clusterrole for the calico-node DaemonSet, -# and bind it to the calico-node serviceaccount. -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: calico-node -rules: - # The CNI plugin needs to get pods, nodes, and namespaces. - - apiGroups: [""] - resources: - - pods - - nodes - - namespaces - verbs: - - get - - apiGroups: [""] - resources: - - endpoints - - services - verbs: - # Used to discover service IPs for advertisement. - - watch - - list - # Used to discover Typhas. - - get - - apiGroups: [""] - resources: - - nodes/status - verbs: - # Needed for clearing NodeNetworkUnavailable flag. - - patch - # Calico stores some configuration information in node annotations. - - update - # Watch for changes to Kubernetes NetworkPolicies. - - apiGroups: ["networking.k8s.io"] - resources: - - networkpolicies - verbs: - - watch - - list - # Used by Calico for policy information. - - apiGroups: [""] - resources: - - pods - - namespaces - - serviceaccounts - verbs: - - list - - watch - # The CNI plugin patches pods/status. - - apiGroups: [""] - resources: - - pods/status - verbs: - - patch - # Calico monitors various CRDs for config. - - apiGroups: ["crd.projectcalico.org"] - resources: - - globalfelixconfigs - - felixconfigurations - - bgppeers - - globalbgpconfigs - - bgpconfigurations - - ippools - - ipamblocks - - globalnetworkpolicies - - globalnetworksets - - networkpolicies - - clusterinformations - - hostendpoints - verbs: - - get - - list - - watch - # Calico must create and update some CRDs on startup. - - apiGroups: ["crd.projectcalico.org"] - resources: - - ippools - - felixconfigurations - - clusterinformations - verbs: - - create - - update - # Calico stores some configuration information on the node. - - apiGroups: [""] - resources: - - nodes - verbs: - - get - - list - - watch - # These permissions are only requried for upgrade from v2.6, and can - # be removed after upgrade or on fresh installations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - bgpconfigurations - - bgppeers - verbs: - - create - - update - # These permissions are required for Calico CNI to perform IPAM allocations. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - - ipamblocks - - ipamhandles - verbs: - - get - - list - - create - - update - - delete - - apiGroups: ["crd.projectcalico.org"] - resources: - - ipamconfigs - verbs: - - get - # Block affinities must also be watchable by confd for route aggregation. - - apiGroups: ["crd.projectcalico.org"] - resources: - - blockaffinities - verbs: - - watch - # The Calico IPAM migration needs to get daemonsets. These permissions can be - # removed if not upgrading from an installation using host-local IPAM. - - apiGroups: ["apps"] - resources: - - daemonsets - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: calico-node -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: calico-node -subjects: -- kind: ServiceAccount - name: calico-node - namespace: kube-system ---- - ---- -# Source: calico/templates/calico-node.yaml -# This manifest installs the node container, as well -# as the Calico CNI plugins and network config on -# each master and worker node in a Kubernetes cluster. -kind: DaemonSet -apiVersion: extensions/v1beta1 -metadata: - name: calico-node - namespace: kube-system - labels: - k8s-app: calico-node -spec: - selector: - matchLabels: - k8s-app: calico-node - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - template: - metadata: - labels: - k8s-app: calico-node - annotations: - # This, along with the CriticalAddonsOnly toleration below, - # marks the pod as a critical add-on, ensuring it gets - # priority scheduling and that its resources are reserved - # if it ever gets evicted. - scheduler.alpha.kubernetes.io/critical-pod: '' - spec: - nodeSelector: - beta.kubernetes.io/os: linux - hostNetwork: true - tolerations: - # Make sure calico-node gets scheduled on all nodes. - - effect: NoSchedule - operator: Exists - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - effect: NoExecute - operator: Exists - serviceAccountName: calico-node - # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force - # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods. - terminationGracePeriodSeconds: 0 - initContainers: - # This container performs upgrade from host-local IPAM to calico-ipam. - # It can be deleted if this is a fresh installation, or if you have already - # upgraded to use calico-ipam. - - name: upgrade-ipam - image: calico/cni:v3.6.1 - command: ["/opt/cni/bin/calico-ipam", "-upgrade"] - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - volumeMounts: - - mountPath: /var/lib/cni/networks - name: host-local-net-dir - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - # This container installs the Calico CNI binaries - # and CNI network config file on each node. - - name: install-cni - image: calico/cni:v3.6.1 - command: ["/install-cni.sh"] - env: - # Name of the CNI config file to create. - - name: CNI_CONF_NAME - value: "10-calico.conflist" - # The CNI network config to install on each node. - - name: CNI_NETWORK_CONFIG - valueFrom: - configMapKeyRef: - name: calico-config - key: cni_network_config - # Set the hostname based on the k8s node name. - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # CNI MTU Config variable - - name: CNI_MTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # Prevents the container from sleeping forever. - - name: SLEEP - value: "false" - volumeMounts: - - mountPath: /host/opt/cni/bin - name: cni-bin-dir - - mountPath: /host/etc/cni/net.d - name: cni-net-dir - containers: - # Runs node container on each Kubernetes node. This - # container programs network policy and routes on each - # host. - - name: calico-node - image: calico/node:v3.6.1 - env: - # Use Kubernetes API as the backing datastore. - - name: DATASTORE_TYPE - value: "kubernetes" - # Wait for the datastore. - - name: WAIT_FOR_DATASTORE - value: "true" - # Set based on the k8s node name. - - name: NODENAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - # Choose the backend to use. - - name: CALICO_NETWORKING_BACKEND - valueFrom: - configMapKeyRef: - name: calico-config - key: calico_backend - # Cluster type to identify the deployment type - - name: CLUSTER_TYPE - value: "k8s,bgp" - # Auto-detect the BGP IP address. - - name: IP - value: "autodetect" - # Enable IPIP - - name: CALICO_IPV4POOL_IPIP - value: "Always" - # Set MTU for tunnel device used if ipip is enabled - - name: FELIX_IPINIPMTU - valueFrom: - configMapKeyRef: - name: calico-config - key: veth_mtu - # The default IPv4 pool to create on startup if none exists. Pod IPs will be - # chosen from this range. Changing this value after installation will have - # no effect. This should fall within `--cluster-cidr`. - - name: CALICO_IPV4POOL_CIDR - value: "192.168.0.0/16" - # Disable file logging so `kubectl logs` works. - - name: CALICO_DISABLE_FILE_LOGGING - value: "true" - # Set Felix endpoint to host default action to ACCEPT. - - name: FELIX_DEFAULTENDPOINTTOHOSTACTION - value: "ACCEPT" - # Disable IPv6 on Kubernetes. - - name: FELIX_IPV6SUPPORT - value: "false" - # Set Felix logging to "info" - - name: FELIX_LOGSEVERITYSCREEN - value: "info" - - name: FELIX_HEALTHENABLED - value: "true" - securityContext: - privileged: true - resources: - requests: - cpu: 250m - livenessProbe: - httpGet: - path: /liveness - port: 9099 - host: localhost - periodSeconds: 10 - initialDelaySeconds: 10 - failureThreshold: 6 - readinessProbe: - exec: - command: - - /bin/calico-node - - -bird-ready - - -felix-ready - periodSeconds: 10 - volumeMounts: - - mountPath: /lib/modules - name: lib-modules - readOnly: true - - mountPath: /run/xtables.lock - name: xtables-lock - readOnly: false - - mountPath: /var/run/calico - name: var-run-calico - readOnly: false - - mountPath: /var/lib/calico - name: var-lib-calico - readOnly: false - volumes: - # Used by node. - - name: lib-modules - hostPath: - path: /lib/modules - - name: var-run-calico - hostPath: - path: /var/run/calico - - name: var-lib-calico - hostPath: - path: /var/lib/calico - - name: xtables-lock - hostPath: - path: /run/xtables.lock - type: FileOrCreate - # Used to install CNI. - - name: cni-bin-dir - hostPath: - path: /opt/cni/bin - - name: cni-net-dir - hostPath: - path: /etc/cni/net.d - # Mount in the directory for host-local IPAM allocations. This is - # used when upgrading from host-local to calico-ipam, and can be removed - # if not using the upgrade-ipam init container. - - name: host-local-net-dir - hostPath: - path: /var/lib/cni/networks ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-node - namespace: kube-system - ---- -# Source: calico/templates/calico-kube-controllers.yaml -# This manifest deploys the Calico node controller. -# See https://github.com/projectcalico/kube-controllers -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' -spec: - # The controller can only have a single active instance. - replicas: 1 - strategy: - type: Recreate - template: - metadata: - name: calico-kube-controllers - namespace: kube-system - labels: - k8s-app: calico-kube-controllers - spec: - nodeSelector: - beta.kubernetes.io/os: linux - tolerations: - # Mark the pod as a critical add-on for rescheduling. - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/master - effect: NoSchedule - serviceAccountName: calico-kube-controllers - containers: - - name: calico-kube-controllers - image: calico/kube-controllers:v3.6.1 - env: - # Choose which controllers to run. - - name: ENABLED_CONTROLLERS - value: node - - name: DATASTORE_TYPE - value: kubernetes - readinessProbe: - exec: - command: - - /usr/bin/check-status - - -r - ---- - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: calico-kube-controllers - namespace: kube-system ---- -# Source: calico/templates/calico-etcd-secrets.yaml - ---- -# Source: calico/templates/calico-typha.yaml - ---- -# Source: calico/templates/configure-canal.yaml - - diff --git a/puppet-manifests/src/modules/platform/templates/calico_oam_if_gnp.yaml.erb b/puppet-manifests/src/modules/platform/templates/calico_oam_if_gnp.yaml.erb deleted file mode 100644 index cd85ac4677..0000000000 --- a/puppet-manifests/src/modules/platform/templates/calico_oam_if_gnp.yaml.erb +++ /dev/null @@ -1,35 +0,0 @@ -# Calico platform service Global Network Policy for OAM interface - -apiVersion: "crd.projectcalico.org/v1" -kind: GlobalNetworkPolicy -metadata: - name: controller-oam-if-gnp -spec: - selector: "has(iftype) && iftype == 'oam'" - order: 100 - applyOnForward: false - types: - - Ingress - - Egress - ingress: - - action: Allow - ipVersion: <%= @t_ip_version %> - protocol: TCP - destination: - ports: <%= @t_tcp_ports %> - - action: Allow - ipVersion: <%= @t_ip_version %> - protocol: UDP - destination: - ports: <%= @t_udp_ports %> - - action: Allow - protocol: <%= @t_icmp_proto %> - egress: - - action: Allow - ipVersion: <%= @t_ip_version %> - protocol: TCP - - action: Allow - ipVersion: <%= @t_ip_version %> - protocol: UDP - - action: Allow - protocol: <%= @t_icmp_proto %> diff --git a/puppet-manifests/src/modules/platform/templates/calico_oam_if_hep.yaml.erb b/puppet-manifests/src/modules/platform/templates/calico_oam_if_hep.yaml.erb deleted file mode 100644 index 3a67c37d34..0000000000 --- a/puppet-manifests/src/modules/platform/templates/calico_oam_if_hep.yaml.erb +++ /dev/null @@ -1,13 +0,0 @@ -# Calico HOST ENDPOINT for OAM interface - -apiVersion: "crd.projectcalico.org/v1" -kind: HostEndpoint -metadata: - name: <%= @host %>-oam-if-hep - labels: - notetype: controller - iftype: oam -spec: - interfaceName: <%= @oam_if %> - node: <%= @host %> - expectedIPs: ["<%= @oam_addr %>"] diff --git a/puppet-manifests/src/modules/platform/templates/ceph.journal.location.erb b/puppet-manifests/src/modules/platform/templates/ceph.journal.location.erb deleted file mode 100644 index ed33fb9d93..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ceph.journal.location.erb +++ /dev/null @@ -1 +0,0 @@ -/usr/sbin/ceph-manage-journal location '{"osdid": <%= @osd_id %>, "journal_path": "<%= @journal_path %>", "data_path": "<%= @data_path %>"}' \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/ceph.journal.partitions.erb b/puppet-manifests/src/modules/platform/templates/ceph.journal.partitions.erb deleted file mode 100644 index c3e63a8a96..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ceph.journal.partitions.erb +++ /dev/null @@ -1 +0,0 @@ -/usr/sbin/ceph-manage-journal partitions '{"disk_path": "<%= @disk_path %>", "journals": <%= @journal_sizes %>}' \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/ceph.osd.create.erb b/puppet-manifests/src/modules/platform/templates/ceph.osd.create.erb deleted file mode 100644 index 64dd21df84..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ceph.osd.create.erb +++ /dev/null @@ -1,52 +0,0 @@ -/bin/true # puppet requires this for correct template parsing - -# This is needed to pin a specific OSD id with a corresponding UUID. -# Problem is ceph-disk prepare doesn't accept ceph OSD id as cli -# parameter. Therefore, the OSD with desired OSD ID and UUID must -# exist before puppet ceph module executes ceph-disk prepare. - -set -x - -osd_id=<%= @osd_id %> -osd_uuid=<%= @osd_uuid %> - -# Ignore if Ceph is down, this case should only happen on DOR -timeout 10 ceph -s -if [ $? -ne 0 ]; then - exit 0 -fi - -# Check if OSD exists and has the correct UUID -osds=( $(ceph osd ls) ) -if [[ " ${osds[@]} " =~ " ${osd_id} " ]]; then - # Get UUID, this is slower than osd ls as it also lists PGs with problems - # but is the only way to get the uuid of an OSD. - found_uuid=$(ceph osd dump | grep "^osd.${osd_id} " | awk '{print $NF}') - if [ "${found_uuid}" != "${osd_uuid}" ]; then - # At B&R ceph's crushmap is restored but, although OSDs are properly - # allocated to their hosts in the tree, crushmap does not store - # OSD UUIDs. Therefore, w/o osd_id and uuid match, when the OSD is - # prepared there is a chance that ceph-disk will create a new OSD - # that will no longer match the osd id in sysinv db. So, we have - # to remove OSDs that don't match UUIDs and recreate them with - # expected OSD ID and UUID so that ceph-disk does not get confused. - ceph osd rm ${osd_id} - RET=$? - if [ $RET -ne 0 ]; then - echo "Error removing osd ${osd_id}, exit code: ${RET}" - exit $RET - fi - else - # OSD exists and has the correct uuid - exit 0 - fi -fi - -# Create the OSD with desired id and uuid -ceph osd create ${osd_uuid} ${osd_id} -RET=$? -if [ $RET -ne 0 ]; then - echo "Error creating osd ${osd_id}, exit code: ${RET}" - exit $RET -fi -set +x diff --git a/puppet-manifests/src/modules/platform/templates/collectd.conf.erb b/puppet-manifests/src/modules/platform/templates/collectd.conf.erb deleted file mode 100644 index 0ae5457d82..0000000000 --- a/puppet-manifests/src/modules/platform/templates/collectd.conf.erb +++ /dev/null @@ -1,116 +0,0 @@ -# -# Config file for collectd(1). -# Please read collectd.conf(5) for a list of options. -# http://collectd.org/ -# - -############################################################################## -# Global # -#----------------------------------------------------------------------------# -# Global settings for the daemon. # -############################################################################## - -FQDNLookup true -BaseDir "/var/lib/collectd" -PIDFile "/var/run/collectd.pid" -PluginDir "/usr/lib64/collectd" -TypesDB "/usr/share/collectd/types.db" - -#----------------------------------------------------------------------------# -# When enabled, plugins are loaded automatically with the default options # -# when an appropriate block is encountered. # -# Disabled by default. # -#----------------------------------------------------------------------------# -AutoLoadPlugin true - -#----------------------------------------------------------------------------# -# When enabled, internal statistics are collected, using "collectd" as the # -# plugin name. # -# Disabled by default. # -#----------------------------------------------------------------------------# -CollectInternalStats true - -#----------------------------------------------------------------------------# -# Interval at which to query values. This may be overwritten on a per-plugin # -# base by using the 'Interval' option of the LoadPlugin block: # -# # -# Interval 60 # -# # -#----------------------------------------------------------------------------# -Interval <%= @interval %> -MaxReadInterval <%= @max_read_interval %> - -Timeout <%= @timeout %> -ReadThreads <%= @read_threads %> -WriteThreads <%= @write_threads %> - -# Limit the size of the write queue. Default is no limit. Setting up a limit is -# recommended for servers handling a high volume of traffic. -<%- if @write_queue_limit_high -%> -WriteQueueLimitHigh <%= @write_queue_limit_high %> -<%- end -%> -<%- if @write_queue_limit_low -%> -WriteQueueLimitLow <%= @write_queue_limit_low %> -<%- end -%> - -############################################################################## -# Logging # -#----------------------------------------------------------------------------# -# Plugins which provide logging functions should be loaded first, so log # -# messages generated when loading or configuring other plugins can be # -# accessed. # -############################################################################## - -#LoadPlugin syslog -#LoadPlugin logfile -#LoadPlugin log_logstash - -# -# LogLevel info -# File "/var/log/collectd.log" -# Timestamp true -# PrintSeverity true -# - -# -# LogLevel info -# File "/var/log/collectd.json.log" -# - -# -# LogLevel info -# - -# Have collectd send to these servers on server_port - -<%- @server_addrs.each do |server_addr| -%> - Server "<%= server_addr %>" "<%= @server_port %>" -<%- end -%> - - -LoadPlugin python - -<%- if @module_path != "" -%> - ModulePath "<%= @module_path %>" -<%- end -%> -<%- @plugins.each do |plugin| -%> - Import "<%= plugin %>" -<%- if plugin == 'mtce_notifier' -%> - - Port <%= @mtce_notifier_port %> - -<%- end -%> -<%- end -%> -<%- if @log_traces -%> - LogTraces <%= @log_traces %> -<%- end -%> -<%- if @encoding -%> - Encoding "<%= @encoding %>" -<%- end -%> - Interactive false - - -# The default plugin directory -<%- if @collectd_d_dir -%> -Include "<%= @collectd_d_dir %>" -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/compute_extend.conf.erb b/puppet-manifests/src/modules/platform/templates/compute_extend.conf.erb deleted file mode 100644 index d11d1a2e2c..0000000000 --- a/puppet-manifests/src/modules/platform/templates/compute_extend.conf.erb +++ /dev/null @@ -1,12 +0,0 @@ -########################################################################### -# -# compute_extend.conf contains compute extended nova options -# -# - This file is managed by Puppet. DO NOT EDIT. -# -########################################################################### -compute_vswitch_2M_pages=<%= @vswitch_2M_pages.gsub!(/\A"|"\Z/, '') %> -compute_vswitch_1G_pages=<%= @vswitch_1G_pages.gsub!(/\A"|"\Z/, '') %> -compute_vm_4K_pages=<%= @vm_4K_pages.gsub!(/\A"|"\Z/, '') %> -compute_vm_2M_pages=<%= @vm_2M_pages.gsub!(/\A"|"\Z/, '') %> -compute_vm_1G_pages=<%= @vm_1G_pages.gsub!(/\A"|"\Z/, '') %> diff --git a/puppet-manifests/src/modules/platform/templates/dhclient.conf.erb b/puppet-manifests/src/modules/platform/templates/dhclient.conf.erb deleted file mode 100644 index 163aa73fc2..0000000000 --- a/puppet-manifests/src/modules/platform/templates/dhclient.conf.erb +++ /dev/null @@ -1,17 +0,0 @@ -option wrs-install-uuid code 224 = string; -option dhcp6.wrs-install-uuid code 224 = string; -request subnet-mask, broadcast-address, time-offset, routers, - domain-name, domain-name-servers, host-name, wrs-install-uuid, - dhcp6.wrs-install-uuid, netbios-name-servers, netbios-scope, - interface-mtu, dhcp6.domain-name-servers; - -timeout 30; - -# Changed for CGCS to improve Dead Office Recovery (DOR behavior) -retry 5; - -# By default, use a hardware address based client-id for both IPv4 and IPv6. -# We change this via puppet to ensure that interfaces that share the same MAC -# are not using the same client-id value. -send dhcp6.client-id = concat(00:03:00, hardware); -send dhcp-client-identifier = concat(00:03:00, hardware); diff --git a/puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb b/puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb deleted file mode 100644 index 4a5e0fc7e7..0000000000 --- a/puppet-manifests/src/modules/platform/templates/dnsmasq.conf.erb +++ /dev/null @@ -1,119 +0,0 @@ -# Only listen on the following interfaces -<%- if @pxeboot_interface != nil -%> -interface=<%= @pxeboot_interface %> -<%- end -%> -interface=<%= @mgmt_interface %> -bind-interfaces - -# Serve addresses from the pxeboot subnet -dhcp-range=set:pxeboot,<%= @pxeboot_subnet_start %>,<%= @pxeboot_subnet_end %>,<%= @pxeboot_subnet_netmask %>,1h - -# Serve addresses from the management subnet -dhcp-range=set:mgmt,<%= @mgmt_subnet_start %>,static,<%= @mgmt_subnet_netmask %>,1d - -<%- if @mgmt_subnet_version == 4 -%> -<%- if @mgmt_gateway_address != nil -%> -dhcp-option=tag:mgmt,option:router,<%= @mgmt_gateway_address %> -<%- else -%> -# Use the floating controller address as the default route -dhcp-option=tag:mgmt,option:router,<%= @mgmt_controller_address %> -<%- end -%> -<%- end -%> - -# Provide DNS services on the floating pxeboot address -dhcp-option=tag:pxeboot,option:dns-server,<%= @pxeboot_controller_address %> - -<%- if @mgmt_subnet_version == 4 -%> -# Provide DNS services on the floating management address -dhcp-option=tag:mgmt,option:dns-server,<%= @mgmt_controller_address %> -dhcp-option=tag:mgmt,option:mtu,<%= @mgmt_network_mtu %> -<%- else -%> -dhcp-option=tag:mgmt,option6:dns-server,[<%= @mgmt_controller_address %>] -<%- end -%> - -# Provide private option 224 as install_uuid -dhcp-option=224,<%= @install_uuid %> -dhcp-option=option6:224,<%= @install_uuid %> - -# Configure PXE boot - -# Enable UEFI support -# We use a different bootloader if the client is configured -# to UEFI vs BIOS (Legacy) -# Type Architecture Name -# ---- ----------------- -# 0 Intel x86PC -# 1 NEC/PC98 -# 2 EFI Itanium -# 3 DEC Alpha -# 4 Arc x86 -# 5 Intel Lean Client -# 6 EFI IA32 -# 7 EFI BC (EFI Byte Code) -# 8 EFI Xscale -# 9 EFI x86-64 -# -dhcp-match=set:efi,option:client-arch,2 -dhcp-match=set:efi,option:client-arch,6 -dhcp-match=set:efi,option:client-arch,7 -dhcp-match=set:efi,option:client-arch,8 -dhcp-match=set:efi,option:client-arch,9 -dhcp-match=set:bios,option:client-arch,0 -dhcp-match=set:bios,option:client-arch,1 -dhcp-match=set:bios,option:client-arch,3 -dhcp-match=set:bios,option:client-arch,4 -dhcp-match=set:bios,option:client-arch,5 - -# TFTP support -enable-tftp -tftp-max=200 -<%- if @pxeboot_interface != nil -%> -tftp-root=/pxeboot,<%= @pxeboot_interface %> -<%- else -%> -tftp-root=/pxeboot,<%= @mgmt_interface %> -<%- end -%> - -dhcp-boot=tag:bios,tag:pxeboot,pxelinux.0,<%= @pxeboot_hostname %>,<%= @pxeboot_controller_address %> -dhcp-boot=tag:bios,tag:mgmt,pxelinux.0,<%= @mgmt_hostname %>,<%= @mgmt_controller_address %> - -dhcp-boot=tag:efi,tag:pxeboot,EFI/grubx64.efi,<%= @pxeboot_hostname %>,<%= @pxeboot_controller_address %> -dhcp-boot=tag:efi,tag:mgmt,EFI/grubx64.efi,<%= @mgmt_hostname %>,<%= @mgmt_controller_address %> - -# Do not forward queries for plain names (no dots) -domain-needed -# Query the upstream servers in the order they appear. This is necessary when -# kubernetes is configured, to ensure we send queries for kubernetes names -# (ending in .cluster.local) to the kubernetes dns server first. In the future, -# we could add the kubernetes dns server using the "server" option, which would -# allow us to force all cluster.local names to go to that server. -strict-order -# Only keep entries in the cache for 5 seconds. This is required because the -# kubernetes dns server will reply to queries for services that do not yet -# exist with an SOA record containing a long TTL, which will result in dns -# queries failing for a very long time, even after the service comes up (e.g. -# after a host is rebooted). -max-cache-ttl=5 -local=// -port=53 -bogus-priv -clear-on-reload -user=root - -# Invoke this script for each lease -dhcp-script=/usr/bin/sysinv-dnsmasq-lease-update - -# Dynamic files are located on a replicated filesystem -dhcp-hostsfile=<%= @config_path %>/dnsmasq.hosts -dhcp-leasefile=<%= @config_path %>/dnsmasq.leases -addn-hosts=<%= @config_path %>/dnsmasq.addn_hosts -# File for distributed cloud subcloud ip translation -addn-hosts=<%= @config_path %>/dnsmasq.addn_hosts_dc - -# Set server to Kubernetes coredns cluster IP -<%- if @dns_service_ip != nil -%> -server=/<%= @service_domain %>/<%= @dns_service_ip %> -<%- end -%> - -# Local CNAME records -cname=registry.local,controller -cname=registry-token-server.local,controller \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/dockerdistribution.conf.erb b/puppet-manifests/src/modules/platform/templates/dockerdistribution.conf.erb deleted file mode 100644 index 7227bb2e8c..0000000000 --- a/puppet-manifests/src/modules/platform/templates/dockerdistribution.conf.erb +++ /dev/null @@ -1,30 +0,0 @@ -version: 0.1 -log: - fields: - service: registry -storage: - cache: - blobdescriptor: inmemory - filesystem: - rootdirectory: /var/lib/docker-distribution - maintenance: - readonly: - enabled: <%= @registry_readonly %> -http: - addr: "<%= @docker_registry_host %>:9001" - tls: - certificate: /etc/ssl/private/registry-cert.crt - key: /etc/ssl/private/registry-cert.key - headers: - X-Content-Type-Options: [nosniff] -health: - storagedriver: - enabled: true - interval: 10s - threshold: 3 -auth: - token: - realm: "https://<%= @docker_registry_host %>:9002/token/" - service: "<%= @docker_registry_host %>:9001" - issuer: bird-token-server - rootcertbundle: /etc/ssl/private/registry-cert.crt diff --git a/puppet-manifests/src/modules/platform/templates/dockerproxy.conf.erb b/puppet-manifests/src/modules/platform/templates/dockerproxy.conf.erb deleted file mode 100644 index a1739ef249..0000000000 --- a/puppet-manifests/src/modules/platform/templates/dockerproxy.conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -[Service] -<%- if @http_proxy -%> -Environment="HTTP_PROXY=<%= @http_proxy %>" -<%- end -%> -<%- if @https_proxy -%> -Environment="HTTPS_PROXY=<%= @https_proxy %>" -<%- end -%> -Environment="NO_PROXY=<%= @no_proxy %>" diff --git a/puppet-manifests/src/modules/platform/templates/fm.snmp.conf.erb b/puppet-manifests/src/modules/platform/templates/fm.snmp.conf.erb deleted file mode 100644 index 6822b9aff3..0000000000 --- a/puppet-manifests/src/modules/platform/templates/fm.snmp.conf.erb +++ /dev/null @@ -1,6 +0,0 @@ -[snmp] -<%- @trap_destinations.each do |destination| -%> -trap2sink=<%= destination %> -<%- end -%> - - diff --git a/puppet-manifests/src/modules/platform/templates/get-secret-payload.erb b/puppet-manifests/src/modules/platform/templates/get-secret-payload.erb deleted file mode 100644 index 1b1eab67c3..0000000000 --- a/puppet-manifests/src/modules/platform/templates/get-secret-payload.erb +++ /dev/null @@ -1,11 +0,0 @@ -# Retrieve barbican secret payload -openstack secret get <%=@registry_secret %> \ - --os-auth-url <%=@auth_url %> \ - --os-username <%=@username %> \ - --os-user-domain-name <%=@user_domain %> \ - --os-project-name <%=@project_name %> \ - --os-project-domain-name <%=@project_domain %> \ - --os-region-name <%=@region_name %> \ - --os-interface <%=@interface %> \ - --os-password <%=@password %> \ - -p -f value -c Payload diff --git a/puppet-manifests/src/modules/platform/templates/influxdb.conf.erb b/puppet-manifests/src/modules/platform/templates/influxdb.conf.erb deleted file mode 100644 index 5c3c682c46..0000000000 --- a/puppet-manifests/src/modules/platform/templates/influxdb.conf.erb +++ /dev/null @@ -1,329 +0,0 @@ -### Welcome to the InfluxDB configuration file. - -# Once every 24 hours InfluxDB will report anonymous data to m.influxdb.com -# The data includes raft id (random 8 bytes), os, arch, version, and metadata. -# We don't track ip addresses of servers reporting. This is only used -# to track the number of instances running and the versions, which -# is very helpful for us. -# Change this option to true to disable reporting. -reporting-disabled = false - -### -### Enterprise registration control -### - -[registration] -# enabled = true -# url = "https://enterprise.influxdata.com" # The Enterprise server URL -# token = "" # Registration token for Enterprise server - -### -### [meta] -### -### Controls the parameters for the Raft consensus group that stores metadata -### about the InfluxDB cluster. -### - -[meta] - dir = "/var/lib/influxdb/meta" - hostname = "localhost" - bind-address = ":8088" - retention-autocreate = true - election-timeout = "1s" - heartbeat-timeout = "1s" - leader-lease-timeout = "500ms" - commit-timeout = "50ms" - cluster-tracing = false - - # If enabled, when a Raft cluster loses a peer due to a `DROP SERVER` command, - # the leader will automatically ask a non-raft peer node to promote to a raft - # peer. This only happens if there is a non-raft peer node available to promote. - # This setting only affects the local node, so to ensure if operates correctly, be sure to set - # it in the config of every node. - raft-promotion-enabled = true - -### -### [data] -### -### Controls where the actual shard data for InfluxDB lives and how it is -### flushed from the WAL. "dir" may need to be changed to a suitable place -### for your system, but the WAL settings are an advanced configuration. The -### defaults should work for most systems. -### - -[data] - dir = "/var/lib/influxdb/data" - - # Controls the engine type for new shards. Options are b1, bz1, or tsm1. - # b1 is the 0.9.2 storage engine, bz1 is the 0.9.3 and 0.9.4 engine. - # tsm1 is the 0.9.5 engine and is currenly EXPERIMENTAL. Until 0.9.5 is - # actually released data written into a tsm1 engine may be need to be wiped - # between upgrades. - # engine ="bz1" - - # The following WAL settings are for the b1 storage engine used in 0.9.2. They won't - # apply to any new shards created after upgrading to a version > 0.9.3. - max-wal-size = 104857600 # Maximum size the WAL can reach before a flush. Defaults to 100MB. - wal-flush-interval = "10m" # Maximum time data can sit in WAL before a flush. - wal-partition-flush-delay = "2s" # The delay time between each WAL partition being flushed. - - # These are the WAL settings for the storage engine >= 0.9.3 - wal-dir = "/var/lib/influxdb/wal" - wal-enable-logging = true - - # When a series in the WAL in-memory cache reaches this size in bytes it is marked as ready to - # flush to the index - # wal-ready-series-size = 25600 - - # Flush and compact a partition once this ratio of series are over the ready size - # wal-compaction-threshold = 0.6 - - # Force a flush and compaction if any series in a partition gets above this size in bytes - # wal-max-series-size = 2097152 - - # Force a flush of all series and full compaction if there have been no writes in this - # amount of time. This is useful for ensuring that shards that are cold for writes don't - # keep a bunch of data cached in memory and in the WAL. - # wal-flush-cold-interval = "10m" - - # Force a partition to flush its largest series if it reaches this approximate size in - # bytes. Remember there are 5 partitions so you'll need at least 5x this amount of memory. - # The more memory you have, the bigger this can be. - # wal-partition-size-threshold = 20971520 - - # Whether queries should be logged before execution. Very useful for troubleshooting, but will - # log any sensitive data contained within a query. - # query-log-enabled = true - -### -### [hinted-handoff] -### -### Controls the hinted handoff feature, which allows nodes to temporarily -### store queued data when one node of a cluster is down for a short period -### of time. -### - -[hinted-handoff] - enabled = true - dir = "/var/lib/influxdb/hh" - max-size = 1073741824 - max-age = "168h" - retry-rate-limit = 0 - - # Hinted handoff will start retrying writes to down nodes at a rate of once per second. - # If any error occurs, it will backoff in an exponential manner, until the interval - # reaches retry-max-interval. Once writes to all nodes are successfully completed the - # interval will reset to retry-interval. - retry-interval = "1s" - retry-max-interval = "1m" - - # Interval between running checks for data that should be purged. Data is purged from - # hinted-handoff queues for two reasons. 1) The data is older than the max age, or - # 2) the target node has been dropped from the cluster. Data is never dropped until - # it has reached max-age however, for a dropped node or not. - purge-interval = "1h" - -### -### [cluster] -### -### Controls non-Raft cluster behavior, which generally includes how data is -### shared across shards. -### - -[cluster] - shard-writer-timeout = "10s" # The time within which a shard must respond to write. - write-timeout = "5s" # The time within which a write operation must complete on the cluster. - -### -### [retention] -### -### Controls the enforcement of retention policies for evicting old data. -### - -[retention] - enabled = true - check-interval = "30m" - -### -### [shard-precreation] -### -### Controls the precreation of shards, so they are created before data arrives. -### Only shards that will exist in the future, at time of creation, are precreated. - -[shard-precreation] - enabled = true - check-interval = "10m" - advance-period = "30m" - -### -### Controls the system self-monitoring, statistics and diagnostics. -### -### The internal database for monitoring data is created automatically if -### if it does not already exist. The target retention within this database -### is called 'monitor' and is also created with a retention period of 7 days -### and a replication factor of 1, if it does not exist. In all cases the -### this retention policy is configured as the default for the database. - -[monitor] - store-enabled = true # Whether to record statistics internally. - store-database = "_internal" # The destination database for recorded statistics - store-interval = "10s" # The interval at which to record statistics - -### -### [admin] -### -### Controls the availability of the built-in, web-based admin interface. If HTTPS is -### enabled for the admin interface, HTTPS must also be enabled on the [http] service. -### - -[admin] - enabled = true - bind-address = ":8083" - https-enabled = false - https-certificate = "/etc/ssl/influxdb.pem" - -### -### [http] -### -### Controls how the HTTP endpoints are configured. These are the primary -### mechanism for getting data into and out of InfluxDB. -### - -[http] - enabled = true - bind-address = ":8086" - auth-enabled = false - log-enabled = true - write-tracing = false - pprof-enabled = false - https-enabled = false - https-certificate = "/etc/ssl/influxdb.pem" - -### -### [[graphite]] -### -### Controls one or many listeners for Graphite data. -### - -[[graphite]] - enabled = false - # database = "graphite" - # bind-address = ":2003" - # protocol = "tcp" - # consistency-level = "one" - # name-separator = "." - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # batch-size = 1000 # will flush if this many points get buffered - # batch-pending = 5 # number of batches that may be pending in memory - # batch-timeout = "1s" # will flush at least this often even if we haven't hit buffer limit - # udp-read-buffer = 0 # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - - ## "name-schema" configures tag names for parsing the metric name from graphite protocol; - ## separated by `name-separator`. - ## The "measurement" tag is special and the corresponding field will become - ## the name of the metric. - ## e.g. "type.host.measurement.device" will parse "server.localhost.cpu.cpu0" as - ## { - ## measurement: "cpu", - ## tags: { - ## "type": "server", - ## "host": "localhost, - ## "device": "cpu0" - ## } - ## } - # name-schema = "type.host.measurement.device" - - ## If set to true, when the input metric name has more fields than `name-schema` specified, - ## the extra fields will be ignored. - ## Otherwise an error will be logged and the metric rejected. - # ignore-unnamed = true - -### -### [collectd] -### -### Controls the listener for collectd data. -### - -[collectd] - enabled = true - bind-address = "<%= @bind_address %>" - database = "<%= @database %>" - typesdb = "<%= @typesdb %>" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # will flush if this many points get buffered - batch-size = <%= @batch_size %> - - # number of batches that may be pending in memory - batch-pending = <%= @batch_pending %> - - # will flush at least this often even if we haven't hit buffer limit - batch-timeout = "<%= @batch_timeout %>" - - # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - read-buffer = <%= @read_buffer %> - -### -### [opentsdb] -### -### Controls the listener for OpenTSDB data. -### - -[opentsdb] - enabled = false - # bind-address = ":4242" - # database = "opentsdb" - # retention-policy = "" - # consistency-level = "one" - # tls-enabled = false - # certificate= "" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Only points - # metrics received over the telnet protocol undergo batching. - - # batch-size = 1000 # will flush if this many points get buffered - # batch-pending = 5 # number of batches that may be pending in memory - # batch-timeout = "1s" # will flush at least this often even if we haven't hit buffer limit - -### -### [[udp]] -### -### Controls the listeners for InfluxDB line protocol data via UDP. -### - -[[udp]] - enabled = false - # bind-address = "" - # database = "udp" - # retention-policy = "" - - # These next lines control how batching works. You should have this enabled - # otherwise you could get dropped metrics or poor performance. Batching - # will buffer points in memory if you have many coming in. - - # batch-size = 1000 # will flush if this many points get buffered - # batch-pending = 5 # number of batches that may be pending in memory - # batch-timeout = "1s" # will flush at least this often even if we haven't hit buffer limit - # read-buffer = 0 # UDP Read buffer size, 0 means OS default. UDP listener will fail if set above OS max. - -### -### [continuous_queries] -### -### Controls how continuous queries are run within InfluxDB. -### - -[continuous_queries] - log-enabled = true - enabled = true - recompute-previous-n = 2 - recompute-no-older-than = "10m" - compute-runs-per-interval = 10 - compute-no-more-than = "2m" diff --git a/puppet-manifests/src/modules/platform/templates/insecuredockerregistry.conf.erb b/puppet-manifests/src/modules/platform/templates/insecuredockerregistry.conf.erb deleted file mode 100644 index 911fc31300..0000000000 --- a/puppet-manifests/src/modules/platform/templates/insecuredockerregistry.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -{ - "insecure-registries" : [ <%= @insecure_registries %> ] -} diff --git a/puppet-manifests/src/modules/platform/templates/kube-stx-override.conf.erb b/puppet-manifests/src/modules/platform/templates/kube-stx-override.conf.erb deleted file mode 100644 index 0bb3ca38d9..0000000000 --- a/puppet-manifests/src/modules/platform/templates/kube-stx-override.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -# Add a dependency to kubelet on config so it doesn't enter a bad state on subsequent boots -After=config.service - -[Service] -# pmond monitors kubelet.service -Restart=no diff --git a/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb b/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb deleted file mode 100644 index 5b79aec95c..0000000000 --- a/puppet-manifests/src/modules/platform/templates/kubeadm.yaml.erb +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: kubeadm.k8s.io/v1beta2 -kind: InitConfiguration -localAPIEndpoint: - advertiseAddress: <%= @apiserver_advertise_address %> ---- -apiVersion: kubeadm.k8s.io/v1beta2 -kind: ClusterConfiguration - -apiServer: - certSANs: -<% @apiserver_certsans.each do |item| -%> - - <%= item %> -<% end -%> - extraArgs: - default-not-ready-toleration-seconds: "30" - default-unreachable-toleration-seconds: "30" - oidc-client-id: <%= @apiserver_oidc_client_id %> - oidc-issuer-url: <%= @apiserver_oidc_issuer_url %> - oidc-username-claim: <%= @apiserver_oidc_username_claim %> - feature-gates: "SCTPSupport=true" -controllerManager: - extraArgs: - node-monitor-period: "2s" - node-monitor-grace-period: "20s" - pod-eviction-timeout: "30s" - experimental-cluster-signing-duration: "730h" -etcd: - external: - endpoints: - - <%= @etcd_endpoint %> -imageRepository: "<%= @k8s_registry %>" -kubernetesVersion: v1.15.3 -networking: - dnsDomain: <%= @service_domain %> - podSubnet: <%= @pod_network_cidr %> - serviceSubnet: <%= @service_network_cidr %> ---- -kind: KubeletConfiguration -apiVersion: kubelet.config.k8s.io/v1beta1 -nodeStatusUpdateFrequency: "4s" -failSwapOn: false -cgroupRoot: "/k8s-infra" ---- -kind: KubeProxyConfiguration -apiVersion: kubeproxy.config.k8s.io/v1alpha1 -# Workaround to disable resource-container for kube-proxy issues: -# https://github.com/kubernetes/kubernetes/issues/66614 -# https://github.com/kubernetes/kubernetes/issues/54967 -# https://github.com/kubernetes/kubernetes/issues/17619 -# https://github.com/kubernetes-sigs/kubespray/issues/3518 -resourceContainer: "/" diff --git a/puppet-manifests/src/modules/platform/templates/kubelet-pmond-conf.erb b/puppet-manifests/src/modules/platform/templates/kubelet-pmond-conf.erb deleted file mode 100644 index ce6832de76..0000000000 --- a/puppet-manifests/src/modules/platform/templates/kubelet-pmond-conf.erb +++ /dev/null @@ -1,16 +0,0 @@ -; -; Copyright (c) 2019 Wind River Systems, Inc. -; -; SPDX-License-Identifier: Apache-2.0 -; -[process] -process = kubelet -service = kubelet -pidfile = /var/run/kubelet.pid -style = lsb ; lsb -severity = critical ; minor, major, critical -restarts = 3 ; restarts before error assertion -startuptime = 5 ; seconds to wait after process start -interval = 5 ; number of seconds to wait between restarts -debounce = 20 ; number of seconds to wait before degrade clear -subfunction = last-config ; run monitor only after last config is run diff --git a/puppet-manifests/src/modules/platform/templates/kubelet.conf.erb b/puppet-manifests/src/modules/platform/templates/kubelet.conf.erb deleted file mode 100644 index 9eabca34a6..0000000000 --- a/puppet-manifests/src/modules/platform/templates/kubelet.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -# Overrides config file for kubelet -KUBELET_EXTRA_ARGS=--node-ip=<%= @node_ip %> <%= @k8s_cpu_manager_opts %> diff --git a/puppet-manifests/src/modules/platform/templates/kvm_timer_advance.conf.erb b/puppet-manifests/src/modules/platform/templates/kvm_timer_advance.conf.erb deleted file mode 100755 index f53e8e5d65..0000000000 --- a/puppet-manifests/src/modules/platform/templates/kvm_timer_advance.conf.erb +++ /dev/null @@ -1,2 +0,0 @@ -[kvm-timer-advance] -vcpu_pin_set=<%= @vcpu_pin_set %> diff --git a/puppet-manifests/src/modules/platform/templates/ldap.conf.erb b/puppet-manifests/src/modules/platform/templates/ldap.conf.erb deleted file mode 100644 index 8f88786027..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ldap.conf.erb +++ /dev/null @@ -1,11 +0,0 @@ -# -# LDAP Defaults -# -# -# See ldap.conf(5) for details -# This file should be world readable but not world writable. -# -BASE dc=cgcs,dc=local -URI ldap://<%= @ldapserver_host %> -pam_lookup_policy yes -sudoers_base ou=SUDOers,dc=cgcs,dc=local diff --git a/puppet-manifests/src/modules/platform/templates/ldapscripts.conf.erb b/puppet-manifests/src/modules/platform/templates/ldapscripts.conf.erb deleted file mode 100644 index e3bc6e0262..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ldapscripts.conf.erb +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright (C) 2005 Gana�l LAPLANCHE - Linagora -# Copyright (C) 2006-2013 Gana�l LAPLANCHE -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public License -# as published by the Free Software Foundation; either version 2 -# of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, -# USA. -# -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# LDAP server -SERVER="ldap://<%= @ldapserver_host %>" - -# Suffixes -SUFFIX="dc=cgcs,dc=local" # Global suffix -GSUFFIX="ou=Group" # Groups ou (just under $SUFFIX) -USUFFIX="ou=People" # Users ou (just under $SUFFIX) -MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) - -# Authentication type -# If empty, use simple authentication -# Else, use the value as an SASL authentication mechanism -SASLAUTH="" -#SASLAUTH="GSSAPI" - -# Simple authentication parameters -# The following BIND* parameters are ignored if SASLAUTH is set -#BINDDN="cn=proxyuser,dc=example,dc=com" -# The following file contains the raw password of the BINDDN -# Create it with something like : echo -n 'secret' > $BINDPWDFILE -# WARNING !!!! Be careful not to make this file world-readable -#BINDPWDFILE="/foo/ldapscripts.passwd" - -<%- if @bind_anonymous != true -%> -BINDDN="cn=ldapadmin,dc=cgcs,dc=local" -BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd" -<%- end -%> - -# For older versions of OpenLDAP, it is still possible to use -# unsecure command-line passwords by defining the following option -# AND commenting the previous one (BINDPWDFILE takes precedence) -#BINDPWD="secret" - -# Start with these IDs *if no entry found in LDAP* -GIDSTART="10000" # Group ID -UIDSTART="10000" # User ID -MIDSTART="20000" # Machine ID - -# Group membership management -# ObjectCLass used for groups -# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) -# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). -# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, -# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. -GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! -# When using groupOfNames or groupOfUniqueNames, creating a group requires an initial -# member. Specify it below, you will be able to remove it once groups are populated. -#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" - -# User properties -USHELL="/bin/sh" -UHOMES="/home/%u" # You may use %u for username here -CREATEHOMES="no" # Create home directories and set rights ? -HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. -HOMEPERMS="700" # Default permissions for home directories - -# User passwords generation -# Command-line used to generate a password for added users. -# You may use %u for username here ; special value "" will ask for a password interactively -# WARNING !!!! This is evaluated, everything specified here will be run ! -# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). -# In this case, consider using /dev/urandom instead. -#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" -#PASSWORDGEN="pwgen" -#PASSWORDGEN="echo changeme" -PASSWORDGEN="echo %u" -#PASSWORDGEN="" - -# User passwords recording -# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS -# (useful when performing a massive creation / net rpc vampire) -# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! -# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! -RECORDPASSWORDS="no" -PASSWORDFILE="/var/log/ldapscripts_passwd.log" - -# Where to log -LOGFILE="/var/log/ldapscripts.log" - -# Temporary folder -TMPDIR="/tmp" - -# Various binaries used within the scripts -# Warning : they also use uuencode, date, grep, sed, cut, which... -# Please check they are installed before using these scripts -# Note that many of them should come with your OS - -# OpenLDAP client commands -LDAPSEARCHBIN="/usr/bin/ldapsearch" -LDAPADDBIN="/usr/bin/ldapadd" -LDAPDELETEBIN="/usr/bin/ldapdelete" -LDAPMODIFYBIN="/usr/bin/ldapmodify" -LDAPMODRDNBIN="/usr/bin/ldapmodrdn" -LDAPPASSWDBIN="/usr/bin/ldappasswd" - -# OpenLDAP client common additional options -# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS -#LDAPBINOPTS="-ZZ" - -# OpenLDAP ldapsearch-specific additional options -# The following option disables long-line wrapping (which makes the scripts bug -# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so -# comment it if you are using OpenLDAP < 2.4.24. -LDAPSEARCHOPTS="-o ldif-wrap=no" -# And here is an example to activate paged results -#LDAPSEARCHOPTS="-E pr=500/noprompt" - -# Character set conversion : $ICONVCHAR <-> UTF-8 -# Comment ICONVBIN to disable UTF-8 conversion -# ICONVBIN="/usr/bin/iconv" -# ICONVCHAR="" - -# Base64 decoding -# Comment UUDECODEBIN to disable Base64 decoding -#UUDECODEBIN="/usr/bin/uudecode" - -# Getent command to use - choose the ones used -# on your system. Leave blank or comment for auto-guess. -# GNU/Linux -GETENTPWCMD="getent passwd" -GETENTGRCMD="getent group" -# FreeBSD -#GETENTPWCMD="pw usershow" -#GETENTGRCMD="pw groupshow" -# Auto -#GETENTPWCMD="" -#GETENTGRCMD="" - -# You can specify custom LDIF templates here -# Leave empty to use default templates -# See *.template.sample for default templates -#GTEMPLATE="/path/to/ldapaddgroup.template" -#UTEMPLATE="/path/to/ldapadduser.template" -#MTEMPLATE="/path/to/ldapaddmachine.template" -GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs" -UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs" -UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs" -STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs" -SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs" -MTEMPLATE="" diff --git a/puppet-manifests/src/modules/platform/templates/lldp.conf.erb b/puppet-manifests/src/modules/platform/templates/lldp.conf.erb deleted file mode 100644 index 024294df96..0000000000 --- a/puppet-manifests/src/modules/platform/templates/lldp.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ -configure system hostname '<%= @hostname %>:<%= @system %>' -configure lldp tx-interval <%= @tx_interval %> -configure lldp tx-hold <%= @tx_hold %> -configure system interface pattern *,!br*,!ovs*,!tap*,!cali*,!tunl*,!docker* diff --git a/puppet-manifests/src/modules/platform/templates/lldpd.default.erb b/puppet-manifests/src/modules/platform/templates/lldpd.default.erb deleted file mode 100644 index c74c9b8436..0000000000 --- a/puppet-manifests/src/modules/platform/templates/lldpd.default.erb +++ /dev/null @@ -1,6 +0,0 @@ -DAEMON_ARGS=<%- @options.each do |option| -%> - <%= option['option'] -%> -<%- if option.has_key? 'arguments' -%> - <%= option['arguments'] -%> -<%- end -%> -<%- end -%> \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/logrotate.erb b/puppet-manifests/src/modules/platform/templates/logrotate.erb deleted file mode 100644 index d47ceacbb5..0000000000 --- a/puppet-manifests/src/modules/platform/templates/logrotate.erb +++ /dev/null @@ -1,15 +0,0 @@ -<%= @log_file_name %> -{ - size <%= @log_file_size %> - rotate <%= @log_file_rotate %> - start 1 - missingok - compress - copytruncate - sharedscripts - nodateext - postrotate - systemctl reload syslog-ng > /dev/null 2>&1 || true - endscript -} - diff --git a/puppet-manifests/src/modules/platform/templates/multipath.conf.erb b/puppet-manifests/src/modules/platform/templates/multipath.conf.erb deleted file mode 100644 index 93216b4187..0000000000 --- a/puppet-manifests/src/modules/platform/templates/multipath.conf.erb +++ /dev/null @@ -1,17 +0,0 @@ -defaults { - user_friendly_names yes - find_multipaths yes -} - -blacklist { - device { - vendor "*" - } -} - -blacklist_exceptions { - property "(SCSI_IDENT_|ID_WWN)" - device { - vendor "3PARdata" - } -} diff --git a/puppet-manifests/src/modules/platform/templates/multus.yaml.erb b/puppet-manifests/src/modules/platform/templates/multus.yaml.erb deleted file mode 100644 index abad7312d4..0000000000 --- a/puppet-manifests/src/modules/platform/templates/multus.yaml.erb +++ /dev/null @@ -1,187 +0,0 @@ -# Multus Version v3.2 -# Based on: -# https://github.com/intel/multus-cni/blob/release-v3/images/multus-daemonset.yml -# -# The following modifications have been made: -# -# - The multus CNI configuration file has been explicitly specified to ensure -# it has a lower lexographic order than the calico CNI configuration file. -# -# - The configMap has been modified to work with Calico rather than Flannel ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: network-attachment-definitions.k8s.cni.cncf.io -spec: - group: k8s.cni.cncf.io - version: v1 - scope: Namespaced - names: - plural: network-attachment-definitions - singular: network-attachment-definition - kind: NetworkAttachmentDefinition - shortNames: - - net-attach-def - validation: - openAPIV3Schema: - properties: - spec: - properties: - config: - type: string ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: multus -rules: - - apiGroups: ["k8s.cni.cncf.io"] - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/status - verbs: - - get - - update ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: multus -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: multus -subjects: -- kind: ServiceAccount - name: multus - namespace: kube-system ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: multus - namespace: kube-system ---- -kind: ConfigMap -apiVersion: v1 -metadata: - name: multus-cni-config - namespace: kube-system - labels: - tier: node - app: multus -data: - cni-conf.json: | - { - "name": "multus-cni-network", - "type": "multus", - "delegates": [ - { - "cniVersion": "0.3.0", - "name": "k8s-pod-network", - "type": "calico", - "masterplugin": true, - "log_level": "info", - "datastore_type": "kubernetes", - "nodename": "__KUBERNETES_NODE_NAME__", - "mtu": 1500, - "ipam": { - "type": "calico-ipam", - <%- if @pod_network_ipversion == 4 -%> - "assign_ipv4": "true", - <%- else -%> - "assign_ipv4": "false", - <%- end -%> - <%- if @pod_network_ipversion == 6 -%> - "assign_ipv6": "true" - <%- else -%> - "assign_ipv6": "false" - <%- end -%> - }, - "policy": { - "type": "k8s" - }, - "kubernetes": { - "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" - } - } - ], - "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" - } ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-multus-ds-amd64 - namespace: kube-system - labels: - tier: node - app: multus -spec: - template: - metadata: - labels: - tier: node - app: multus - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: amd64 - tolerations: - - operator: Exists - effect: NoSchedule - serviceAccountName: multus - containers: - - name: kube-multus - image: <%= @docker_registry %>/nfvpe/multus:v3.2 - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - command: - - /bin/bash - - -cex - - | - #!/bin/bash - sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/05-multus.conf > /usr/src/multus-cni/images/05-multus.conf - <%- if @pod_network_ipversion == 6 -%> - sed -i 's#//\${KUBERNETES_SERVICE_HOST}#//\[\${KUBERNETES_SERVICE_HOST}\]#' /entrypoint.sh - <%- end -%> - /entrypoint.sh --multus-conf-file=/usr/src/multus-cni/images/05-multus.conf - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - securityContext: - privileged: true - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - - name: cnibin - mountPath: /host/opt/cni/bin - - name: multus-cfg - mountPath: /tmp/multus-conf - volumes: - - name: cni - hostPath: - path: /etc/cni/net.d - - name: cnibin - hostPath: - path: /opt/cni/bin - - name: multus-cfg - configMap: - name: multus-cni-config - items: - - key: cni-conf.json - path: 05-multus.conf diff --git a/puppet-manifests/src/modules/platform/templates/nslcd.conf.erb b/puppet-manifests/src/modules/platform/templates/nslcd.conf.erb deleted file mode 100644 index eff7468631..0000000000 --- a/puppet-manifests/src/modules/platform/templates/nslcd.conf.erb +++ /dev/null @@ -1,146 +0,0 @@ -# This is the configuration file for the LDAP nameservice -# switch library's nslcd daemon. It configures the mapping -# between NSS names (see /etc/nsswitch.conf) and LDAP -# information in the directory. -# See the manual page nslcd.conf(5) for more information. -# -# The user and group nslcd should run as. -# -uid nslcd -gid ldap - -# The uri pointing to the LDAP server to use for name lookups. -# Multiple entries may be specified. The address that is used -# here should be resolvable without using LDAP (obviously). -# uri ldap://127.0.0.1/ -# uri ldaps://127.0.0.1/ -# uri ldapi://%2fvar%2frun%2fldapi_sock/ -# Note: %2f encodes the '/' used as directory separator -# uri ldap://127.0.0.1/ -# -uri ldap://<%= @ldapserver_host %> - -# The distinguished name of the search base. -base dc=cgcs,dc=local - -# The distinguished name to bind to the server with. -# Optional: default is to bind anonymously. -# binddn cn=ldapadmin,dc=cgcs,dc=local -# The credentials to bind with. -# Optional: default is no credentials. -# Note that if you set a bindpw you should check the permissions of this file. -# bindpw secretpw -<%- if @bind_anonymous != true -%> -binddn cn=ldapadmin,dc=cgcs,dc=local -bindpw <%= @admin_pw %> -<%- end -%> - -# The distinguished name to perform password modifications by root by. -rootpwmoddn cn=ldapadmin,dc=cgcs,dc=local - -# The default search scope. -#scope sub -#scope one -#scope base - -# Customize certain database lookups. -#base group ou=Groups,dc=example,dc=com -#base passwd ou=People,dc=example,dc=com -#base shadow ou=People,dc=example,dc=com -#scope group onelevel -#scope hosts sub - -# Bind/connect timelimit. -#bind_timelimit 30 - -# Search timelimit. -#timelimit 30 - -# Idle timelimit. nslcd will close connections if the -# server has not been contacted for the number of seconds. -#idle_timelimit 3600 - -# Use StartTLS without verifying the server certificate. -#ssl start_tls -#tls_reqcert never - -# CA certificates for server certificate verification -#tls_cacertdir /etc/ssl/certs -#tls_cacertfile /etc/ssl/ca.cert - -# Seed the PRNG if /dev/urandom is not provided -#tls_randfile /var/run/egd-pool - -# SSL cipher suite -# See man ciphers for syntax -#tls_ciphers TLSv1 - -# Client certificate and key -# Use these, if your server requires client authentication. -#tls_cert -#tls_key - -# Mappings for Services for UNIX 3.5 -#filter passwd (objectClass=User) -#map passwd uid msSFU30Name -#map passwd userPassword msSFU30Password -#map passwd homeDirectory msSFU30HomeDirectory -#map passwd homeDirectory msSFUHomeDirectory -#filter shadow (objectClass=User) -#map shadow uid msSFU30Name -#map shadow userPassword msSFU30Password -#filter group (objectClass=Group) -#map group member msSFU30PosixMember - -# Mappings for Services for UNIX 2.0 -#filter passwd (objectClass=User) -#map passwd uid msSFUName -#map passwd userPassword msSFUPassword -#map passwd homeDirectory msSFUHomeDirectory -#map passwd gecos msSFUName -#filter shadow (objectClass=User) -#map shadow uid msSFUName -#map shadow userPassword msSFUPassword -#map shadow shadowLastChange pwdLastSet -#filter group (objectClass=Group) -#map group member posixMember - -# Mappings for Active Directory -#pagesize 1000 -#referrals off -#idle_timelimit 800 -#filter passwd (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) -#map passwd uid sAMAccountName -#map passwd homeDirectory unixHomeDirectory -#map passwd gecos displayName -#filter shadow (&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*)) -#map shadow uid sAMAccountName -#map shadow shadowLastChange pwdLastSet -#filter group (objectClass=group) - -# Alternative mappings for Active Directory -# (replace the SIDs in the objectSid mappings with the value for your domain) -#pagesize 1000 -#referrals off -#idle_timelimit 800 -#filter passwd (&(objectClass=user)(objectClass=person)(!(objectClass=computer))) -#map passwd uid cn -#map passwd uidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 -#map passwd gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 -#map passwd homeDirectory "/home/$cn" -#map passwd gecos displayName -#map passwd loginShell "/bin/bash" -#filter group (|(objectClass=group)(objectClass=person)) -#map group gidNumber objectSid:S-1-5-21-3623811015-3361044348-30300820 - -# Mappings for AIX SecureWay -#filter passwd (objectClass=aixAccount) -#map passwd uid userName -#map passwd userPassword passwordChar -#map passwd uidNumber uid -#map passwd gidNumber gid -#filter group (objectClass=aixAccessGroup) -#map group cn groupName -#map group gidNumber gid -# This comment prevents repeated auto-migration of settings. - diff --git a/puppet-manifests/src/modules/platform/templates/ntp.conf.client.erb b/puppet-manifests/src/modules/platform/templates/ntp.conf.client.erb deleted file mode 100644 index bf23b7393f..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp.conf.client.erb +++ /dev/null @@ -1,22 +0,0 @@ -driftfile /var/lib/ntp/drift - -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -<%- if scope['platform::ntp::enabled'] == true -%> -# Use orphan mode if external servers are unavailable (or not configured) -tos orphan 12 - -<%- scope['platform::ntp::servers'].each do |server| -%> -server <%= server %> -<%- end -%> - -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/ntp.conf.server.erb b/puppet-manifests/src/modules/platform/templates/ntp.conf.server.erb deleted file mode 100644 index 0aa2144ae4..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp.conf.server.erb +++ /dev/null @@ -1,29 +0,0 @@ -driftfile /var/lib/ntp/drift - -# Permit time synchronization with our time source, but do not -# permit the source to query or modify the service on this system. -restrict default kod nomodify notrap nopeer noquery -restrict -6 default kod nomodify notrap nopeer noquery - -# Permit all access over the loopback interface. This could -# be tightened as well, but to do so would effect some of -# the administrative functions. -restrict 127.0.0.1 -restrict -6 ::1 - -<%- if scope['platform::ntp::enabled'] == true -%> -# orphan - Use orphan mode if external servers are unavailable (or not configured). -# minclock - Prevent clustering algorithm from casting out any outlyers by setting -# minclock to the maximum number of ntp servers that can be configured -# (3 external plus peer controller). Default value is 3. -tos orphan 12 minclock 4 - -# Use the other controller node as a peer, this is especially important if -# there are no external servers -peer <%= @peer_server %> - -<%- scope['platform::ntp::servers'].each do |server| -%> -server <%= server %> -<%- end -%> - -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/ntp.override.erb b/puppet-manifests/src/modules/platform/templates/ntp.override.erb deleted file mode 100644 index a981340eba..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp.override.erb +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -ExecStart= -ExecStart=/usr/sbin/ntpd -g -q -n -c /etc/ntp_initial.conf -TimeoutStartSec=<%= @ntpdate_timeout %> diff --git a/puppet-manifests/src/modules/platform/templates/ntp.pmon.conf.erb b/puppet-manifests/src/modules/platform/templates/ntp.pmon.conf.erb deleted file mode 100644 index 819ca6f33a..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp.pmon.conf.erb +++ /dev/null @@ -1,19 +0,0 @@ -[process] -process = ntpd -service = ntpd -pidfile = /var/run/ntp.pid -style = lsb ; ocf or lsb -severity = minor ; minor, major, critical -restarts = 0 ; restart retries before error assertion -interval = 10 ; number of seconds to wait between restarts -debounce = 10 ; number of seconds that a process needs to remain - ; running before degrade is removed and retry count - ; is cleared. -; These settings will generate a log only without attempting to restart -; pmond will put the process into an ignore state after failure. - -startuptime = 180 ; Seconds to wait after process start before starting the debounce monitor -mode = passive ; Monitoring mode: passive (default) or active - ; passive: process death monitoring (default: always) - ; active : heartbeat monitoring, i.e. request / response messaging - ; ignore : do not monitor or stop monitoring diff --git a/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.client.erb b/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.client.erb deleted file mode 100644 index a55ebe22d0..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.client.erb +++ /dev/null @@ -1,5 +0,0 @@ -# This config file is used for the initial ntpd execution that will be used -# to set the time when a node is first booted. -<%- scope['platform::ntp::servers'].each do |server| -%> -server <%= server %> -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.server.erb b/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.server.erb deleted file mode 100644 index cdfe4ec2a2..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ntp_initial.conf.server.erb +++ /dev/null @@ -1,9 +0,0 @@ -# This config file is used for the initial ntpd execution that will be used -# to set the time when a node is first booted. -<%- scope['platform::ntp::servers'].each do |server| -%> -server <%= server %> -<%- end -%> - -# Use the other controller node for initial time synchronization in case -# none of the external servers are available. -server <%= @peer_server %> diff --git a/puppet-manifests/src/modules/platform/templates/openrc.admin.erb b/puppet-manifests/src/modules/platform/templates/openrc.admin.erb deleted file mode 100644 index caeb83fd1d..0000000000 --- a/puppet-manifests/src/modules/platform/templates/openrc.admin.erb +++ /dev/null @@ -1,23 +0,0 @@ -unset OS_SERVICE_TOKEN - -export OS_ENDPOINT_TYPE=internalURL -export CINDER_ENDPOINT_TYPE=internalURL - -export OS_USERNAME=<%= @admin_username %> -export OS_PASSWORD=`TERM=linux <%= @keyring_file %> 2>/dev/null` -export OS_AUTH_TYPE=password -export OS_AUTH_URL=<%= @identity_auth_url %> - -export OS_PROJECT_NAME=<%= @admin_project_name %> -export OS_USER_DOMAIN_NAME=<%= @admin_user_domain %> -export OS_PROJECT_DOMAIN_NAME=<%= @admin_project_domain %> -export OS_IDENTITY_API_VERSION=<%= @identity_api_version %> -export OS_REGION_NAME=<%= @identity_region %> -export OS_INTERFACE=internal - -if [ ! -z "${OS_PASSWORD}" ]; then - export PS1='[\u@\h \W(keystone_$OS_USERNAME)]\$ ' -else - echo 'Openstack Admin credentials can only be loaded from the active controller.' - export PS1='\h:\w\$ ' -fi diff --git a/puppet-manifests/src/modules/platform/templates/ovs.add-bridge.erb b/puppet-manifests/src/modules/platform/templates/ovs.add-bridge.erb deleted file mode 100644 index 82d311ba7b..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovs.add-bridge.erb +++ /dev/null @@ -1,6 +0,0 @@ -ovs-vsctl --timeout 10 -- --may-exist add-br <%= @name -%> - -- set bridge <%= @name -%> -<%- @attributes.each do |attribute| -%> - <%= attribute -%> -<%- end -%> - datapath_type=<%= @datapath_type -%> diff --git a/puppet-manifests/src/modules/platform/templates/ovs.add-flow.erb b/puppet-manifests/src/modules/platform/templates/ovs.add-flow.erb deleted file mode 100644 index 62f5bfb659..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovs.add-flow.erb +++ /dev/null @@ -1,9 +0,0 @@ -ovs-ofctl add-flow <%= @bridge -%> - <%- @attributes.each_with_index do |attrib, idx| -%> -<% if idx == 0 %> <% else -%>,<% end -%> -<%= attrib[0] -%>=<%= attrib[1] -%> -<%- end -%> -,actions=<%- @actions.each_with_index do |action, idx| -%> -<%- if idx > 0 -%>,<%- end -%> -<%= action['type'] -%>:<%= action['value'] -%> -<%- end -%> \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/ovs.add-port.erb b/puppet-manifests/src/modules/platform/templates/ovs.add-port.erb deleted file mode 100644 index e4fc26d473..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovs.add-port.erb +++ /dev/null @@ -1,21 +0,0 @@ -ovs-vsctl --timeout 30 -- --may-exist add-<%= @type -%> <%= @bridge -%> <%= @name -%> -<%- if @type == 'bond' -%> -<%- @interfaces.each do |interface| -%> - <%= interface['name'] -%> -<%- end -%> -<%- end -%> -<%- @attributes.each do |attribute| -%> - <%= attribute -%> -<%- end -%> -<%- @interfaces.each do |interface| -%> - -- set Interface <%= interface['name'] -%> - type=<%= interface['type'] -%> - <%- interface['attributes'].each do |attribute| -%> - <%= attribute -%> - <%- end -%> -<%- end %> -<%- @interfaces.each do |interface| -%> - <%- if interface['type'] == 'internal' -%> - ip link set <%= interface['name'] -%> up - <%- end -%> -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/ovs.clean.erb b/puppet-manifests/src/modules/platform/templates/ovs.clean.erb deleted file mode 100644 index 5ec03ba2ad..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovs.clean.erb +++ /dev/null @@ -1,7 +0,0 @@ -# clean provider network ports and bridges -for bridge in $(ovs-vsctl --timeout 10 list-br|grep '^br-phy'); do - for port in $(ovs-vsctl --timeout 10 list-ports $bridge); do - ovs-vsctl --timeout 10 del-port $bridge $port - done - ovs-vsctl --timeout 10 del-br $bridge -done diff --git a/puppet-manifests/src/modules/platform/templates/ovs.disable-dpdk-init.erb b/puppet-manifests/src/modules/platform/templates/ovs.disable-dpdk-init.erb deleted file mode 100644 index 79eb67e42a..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovs.disable-dpdk-init.erb +++ /dev/null @@ -1,5 +0,0 @@ -# Disable DPDK initialization in ovsdb -# ovs-vsctl is not used here as it can fail after the initial start of ovsdb -# (even though the dpdk-init parameter actually gets applied). -ovsdb-client -v transact '["Open_vSwitch", {"op" : "mutate", "table": "Open_vSwitch", "where": [], "mutations" : [["other_config","delete", ["map",[["dpdk-init", "true"]]]]]}]' -ovsdb-client -v transact '["Open_vSwitch", {"op" : "mutate", "table": "Open_vSwitch", "where": [], "mutations" : [["other_config","insert", ["map",[["dpdk-init", "false"]]]]]}]' \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/ovsdb.clean.erb b/puppet-manifests/src/modules/platform/templates/ovsdb.clean.erb deleted file mode 100644 index 600a21c605..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ovsdb.clean.erb +++ /dev/null @@ -1,7 +0,0 @@ -# delete manager -ovs-vsctl -t ovsdb-server --no-wait del-manager - -# delete all bridges -for bridge in $(ovs-vsctl -t ovsdb-server --timeout 10 list-br); do - ovs-vsctl -t ovsdb-server --timeout 10 --no-wait del-br $bridge -done diff --git a/puppet-manifests/src/modules/platform/templates/pam.passwd.erb b/puppet-manifests/src/modules/platform/templates/pam.passwd.erb deleted file mode 100644 index f534992435..0000000000 --- a/puppet-manifests/src/modules/platform/templates/pam.passwd.erb +++ /dev/null @@ -1,5 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -password include common-password diff --git a/puppet-manifests/src/modules/platform/templates/partitions.manage.erb b/puppet-manifests/src/modules/platform/templates/partitions.manage.erb deleted file mode 100644 index ef4e4d1b22..0000000000 --- a/puppet-manifests/src/modules/platform/templates/partitions.manage.erb +++ /dev/null @@ -1,58 +0,0 @@ -/bin/true # puppet requires this for correct template parsing - -<% if @shutdown_drbd_resource and (@is_controller_active.to_s == 'false' or @system_mode == 'simplex') -%> -if [ -f /var/run/goenabled ]; then - sm-unmanage service <%= @shutdown_drbd_resource %> -fi - -<% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%> -if [ -f /var/run/goenabled ]; then - sm-unmanage service cinder-lvm -fi -targetctl clear || exit 5 -lvchange -an cinder-volumes || exit 10 -vgchange -an cinder-volumes || exit 20 -drbdadm secondary drbd-cinder || exit 30 -<% end -%> - -DRBD_UNCONFIGURED_TIMEOUT=180 -DRBD_UNCONFIGURED_DELAY=0 -while [[ $DRBD_UNCONFIGURED_DELAY -lt $DRBD_UNCONFIGURED_TIMEOUT ]]; do - drbdadm down <%= @shutdown_drbd_resource %> - drbd_info=$(drbd-overview | grep <%= @shutdown_drbd_resource %> | awk '{print $2}') - - if [[ ${drbd_info} == "Unconfigured" ]]; then - break - else - sleep 2 - DRBD_UNCONFIGURED_DELAY=$((DRBD_UNCONFIGURED_DELAY + 2)) - fi -done - -if [[ DRBD_UNCONFIGURED_DELAY -eq DRBD_UNCONFIGURED_TIMEOUT ]]; then - exit 40 -fi -<% end -%> - -manage-partitions <%= @action %> '<%= @config %>' - -<% if @shutdown_drbd_resource and (@is_controller_active.to_s == 'false' or @system_mode == 'simplex') -%> -drbdadm up <%= @shutdown_drbd_resource %> || exit 30 - -<% if @shutdown_drbd_resource == 'drbd-cinder' and @system_mode == 'simplex' -%> -drbdadm primary drbd-cinder || exit 50 -vgchange -ay cinder-volumes || exit 60 -lvchange -ay cinder-volumes || exit 70 -targetctl restore || exit 75 - -if [ -f /var/run/goenabled ]; then - sm-manage service <%= @shutdown_drbd_resource %> - sm-manage service cinder-lvm -fi -<% end -%> - -if [ -f /var/run/goenabled ]; then - sm-manage service <%= @shutdown_drbd_resource %> -fi - -<% end -%> diff --git a/puppet-manifests/src/modules/platform/templates/pci-irq-affinity.conf.erb b/puppet-manifests/src/modules/platform/templates/pci-irq-affinity.conf.erb deleted file mode 100644 index 9b4a435cd2..0000000000 --- a/puppet-manifests/src/modules/platform/templates/pci-irq-affinity.conf.erb +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (c) 2019 StarlingX. -# -# SPDX-License-Identifier: Apache-2.0 -# -[openstack] -openstack_enabled=<%= @openstack_enabled %> -<% if @openstack_enabled -%> -username=admin -tenant=admin -authorization_protocol=http -authorization_ip=<%= @openstack_auth_host %> -authorization_port=5000 -user_domain_name=<%= @openstack_user_domain %> -project_domain_name=<%= @openstack_project_domain %> -project_name=admin -keyring_service=<%= @openstack_keyring_service %> -auth_url=http://keystone.openstack.svc.cluster.local/v3 - -[amqp] -host=<%= @rabbit_host %> -port=<%= @rabbit_port %> -user_id=<%= @rabbit_userid %> -password=<%= @rabbit_password %> -virt_host=<%= @rabbit_virtual_host %> -<% end -%> diff --git a/puppet-manifests/src/modules/platform/templates/pcidp.conf.erb b/puppet-manifests/src/modules/platform/templates/pcidp.conf.erb deleted file mode 100644 index b0ffbb3659..0000000000 --- a/puppet-manifests/src/modules/platform/templates/pcidp.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -<%- if @pcidp_network_resources -%> -<%= JSON.pretty_generate(JSON.parse(@pcidp_network_resources)) %> -<%- end-%> diff --git a/puppet-manifests/src/modules/platform/templates/phc2sys.erb b/puppet-manifests/src/modules/platform/templates/phc2sys.erb deleted file mode 100644 index 91d9bd7f64..0000000000 --- a/puppet-manifests/src/modules/platform/templates/phc2sys.erb +++ /dev/null @@ -1 +0,0 @@ -OPTIONS="-a -r -E linreg -u 60" diff --git a/puppet-manifests/src/modules/platform/templates/phc2sys.service.erb b/puppet-manifests/src/modules/platform/templates/phc2sys.service.erb deleted file mode 100644 index a876ad58c3..0000000000 --- a/puppet-manifests/src/modules/platform/templates/phc2sys.service.erb +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Synchronize system clock or PTP hardware clock (PHC) -After=ptp4l.service - -[Service] -Type=simple -EnvironmentFile=-/etc/sysconfig/phc2sys -ExecStart=-/usr/sbin/phc2sys $OPTIONS -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/phc2sys.pid' -ExecStopPost=/bin/rm -f /var/run/phc2sys.pid -Restart=on-failure -RestartPreventExitStatus=SIGTERM SIGINT SIGKILL SIGABRT 255 - -[Install] -WantedBy=multi-user.target diff --git a/puppet-manifests/src/modules/platform/templates/ptp4l.conf.erb b/puppet-manifests/src/modules/platform/templates/ptp4l.conf.erb deleted file mode 100644 index e7cdd2c011..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ptp4l.conf.erb +++ /dev/null @@ -1,117 +0,0 @@ -[global] -# -# Default Data Set -# -twoStepFlag 1 -<%- if @slave_only == true -%> -slaveOnly 1 -<%- else -%> -slaveOnly 0 -<%- end -%> -priority1 128 -priority2 128 -domainNumber 0 -#utc_offset 37 -clockClass 248 -clockAccuracy 0xFE -offsetScaledLogVariance 0xFFFF -free_running 0 -freq_est_interval 1 -dscp_event 0 -dscp_general 0 -# -# Port Data Set -# -logAnnounceInterval 1 -logSyncInterval 0 -logMinDelayReqInterval 0 -logMinPdelayReqInterval 0 -announceReceiptTimeout 3 -syncReceiptTimeout 0 -delayAsymmetry 0 -fault_reset_interval 4 -neighborPropDelayThresh 20000000 -# -# Run time options -# -assume_two_step 0 -logging_level 6 -path_trace_enabled 0 -follow_up_info 0 -hybrid_e2e 0 -tx_timestamp_timeout 1 -use_syslog 1 -verbose 0 -summary_interval 6 -kernel_leap 1 -check_fup_sync 0 -# -# Servo Options -# -pi_proportional_const 0.0 -pi_integral_const 0.0 -pi_proportional_scale 0.0 -pi_proportional_exponent -0.3 -pi_proportional_norm_max 0.7 -pi_integral_scale 0.0 -pi_integral_exponent 0.4 -pi_integral_norm_max 0.3 -step_threshold 0.0 -first_step_threshold 0.00002 -max_frequency 900000000 -clock_servo linreg -sanity_freq_limit 200000000 -ntpshm_segment 0 -# -# Transport options -# -transportSpecific 0x0 -ptp_dst_mac 01:1B:19:00:00:00 -p2p_dst_mac 01:80:C2:00:00:0E -udp_ttl 1 -udp6_scope 0x0E -uds_address /var/run/ptp4l -# -# Default interface options -# -network_transport L2 -delay_mechanism <%= scope['platform::ptp::mechanism'].upcase %> -time_stamping <%= scope['platform::ptp::mode'].downcase %> -tsproc_mode filter -delay_filter moving_median -delay_filter_length 10 -egressLatency 0 -ingressLatency 0 -<%- if scope['platform::ptp::mode'].downcase == 'hardware' -%> -boundary_clock_jbod 1 -<%- else -%> -boundary_clock_jbod 0 -<%- end -%> -# -# Clock description -# -productDescription ;; -revisionData ;; -manufacturerIdentity 00:00:00 -userDescription ; -timeSource 0xA0 -# -# Slave interfaces -# -<%- @slave_interfaces.each do |slave_interface| -%> -[<%= slave_interface %>] -<%- if scope['platform::ptp::transport'] == 'udp' -%> -network_transport UDPv<%= @slave_subnet %> -<%- end -%> -<%- end -%> -<%- if @slave_only == false -%> -# -# Master interfaces -# -<%- @master_interfaces.each do |master_interface| -%> -[<%= master_interface %>] -<%- if scope['platform::ptp::transport'] == 'udp' -%> -network_transport UDPv<%= @master_subnet %> -<%- end -%> -<%- end -%> -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/ptp4l.erb b/puppet-manifests/src/modules/platform/templates/ptp4l.erb deleted file mode 100644 index 98352570f4..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ptp4l.erb +++ /dev/null @@ -1 +0,0 @@ -OPTIONS="-f /etc/ptp4l.conf" diff --git a/puppet-manifests/src/modules/platform/templates/ptp4l.service.erb b/puppet-manifests/src/modules/platform/templates/ptp4l.service.erb deleted file mode 100644 index 53384986e3..0000000000 --- a/puppet-manifests/src/modules/platform/templates/ptp4l.service.erb +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=Precision Time Protocol (PTP) service -After=network-online.target -Wants=network-online.target - -[Service] -Type=simple -EnvironmentFile=-/etc/sysconfig/ptp4l -ExecStart=-/usr/sbin/ptp4l $OPTIONS -ExecStartPost=/bin/bash -c 'echo $MAINPID > /var/run/ptp4l.pid' -ExecStopPost=/bin/rm -f /var/run/ptp4l.pid -Restart=on-failure -RestartPreventExitStatus=SIGTERM SIGINT SIGKILL SIGABRT 255 - -[Install] -WantedBy=multi-user.target diff --git a/puppet-manifests/src/modules/platform/templates/registry-cert-extfile.erb b/puppet-manifests/src/modules/platform/templates/registry-cert-extfile.erb deleted file mode 100644 index adde4823d7..0000000000 --- a/puppet-manifests/src/modules/platform/templates/registry-cert-extfile.erb +++ /dev/null @@ -1,11 +0,0 @@ -[req] -prompt = no -x509_extensions = v3_req -distinguished_name = dn -[dn] -CN = registry.local -[v3_req] -subjectAltName = @alt_names -[alt_names] -DNS.1 = registry.local -IP.1 = <%= @docker_registry_ip %> diff --git a/puppet-manifests/src/modules/platform/templates/registry-token-server.conf.erb b/puppet-manifests/src/modules/platform/templates/registry-token-server.conf.erb deleted file mode 100644 index 77ab11be1b..0000000000 --- a/puppet-manifests/src/modules/platform/templates/registry-token-server.conf.erb +++ /dev/null @@ -1,7 +0,0 @@ -REGISTRY_TOKEN_SERVER_ADDR=<%= @docker_registry_host %>:9002 -REGISTRY_TOKEN_SERVER_ISSUER=bird-token-server -REGISTRY_TOKEN_SERVER_KS_ENDPOINT=<%= @registry_ks_endpoint %> -REGISTRY_TOKEN_SERVER_TLSCERT=/etc/ssl/private/registry-cert.crt -REGISTRY_TOKEN_SERVER_TLSKEY=/etc/ssl/private/registry-cert.key -REGISTRY_TOKEN_SERVER_REALM=https://<%= @docker_registry_host %>:9002/token/ -REGISTRY_TOKEN_SERVER_KEY=/etc/ssl/private/registry-cert-pkcs1.key diff --git a/puppet-manifests/src/modules/platform/templates/remotelogging.conf.erb b/puppet-manifests/src/modules/platform/templates/remotelogging.conf.erb deleted file mode 100644 index ec0d571a8c..0000000000 --- a/puppet-manifests/src/modules/platform/templates/remotelogging.conf.erb +++ /dev/null @@ -1,95 +0,0 @@ -################################################################################ -# Remote Logging rewrite set -# -# This file is only in use when Remote Logging is enable using: system remotelogging-modify -# The file becomes active by: @include "remotelogging.conf" in the syslog-ng.conf -# -# Note: this file must be updated when a logfile is added to syslog-ng.conf. -# -# Note: this file is managed by puppet and should not be modified. -# -################################################################################ -rewrite r_rewrite_set{ - set("<%= @system_name %> auth.log ${HOST}", value("HOST") condition(filter(f_auth))); - set("<%= @system_name %> barbican-api.log ${HOST}", value("HOST") condition(filter(f_barbicanapi))); - set("<%= @system_name %> barbican-dbsync.log ${HOST}", value("HOST") condition(filter(f_barbicandbsync))); - set("<%= @system_name %> barbican-keystone-listener.log ${HOST}", value("HOST") condition(filter(f_barbicankeystonelistener))); - set("<%= @system_name %> barbican-worker.log ${HOST}", value("HOST") condition(filter(f_barbicanworker))); - set("<%= @system_name %> barbican-cleaner.log ${HOST}", value("HOST") condition(filter(f_barbicancleaner))); - set("<%= @system_name %> bash.log ${HOST}", value("HOST") condition(filter(f_bash))); - set("<%= @system_name %> cron.log ${HOST}", value("HOST") condition(filter(f_cron))); - set("<%= @system_name %> daemon.log ${HOST}", value("HOST") condition(filter(f_daemon))); - set("<%= @system_name %> daemon-ocf.log ${HOST}", value("HOST") condition(filter(f_daemon_ocf))); - set("<%= @system_name %> debug ${HOST}", value("HOST") condition(filter(f_err))); - set("<%= @system_name %> error ${HOST}", value("HOST") condition(filter(f_error))); - set("<%= @system_name %> fm-event.log ${HOST}", value("HOST") condition(filter(f_fm_event))); - set("<%= @system_name %> fm-manager.log ${HOST}", value("HOST") condition(filter(f_fm_manager))); - set("<%= @system_name %> ima.log ${HOST}", value("HOST") condition(filter(f_ima))); - set("<%= @system_name %> fsmond.log ${HOST}", value("HOST") condition(filter(f_fsmon))); - set("<%= @system_name %> guestAgent.log ${HOST}", value("HOST") condition(filter(f_guestagent))); - set("<%= @system_name %> guestServer.log ${HOST}", value("HOST") condition(filter(f_guestserver))); - set("<%= @system_name %> hbsAgent.log ${HOST}", value("HOST") condition(filter(f_hbsagent))); - set("<%= @system_name %> hbsClient.log ${HOST}", value("HOST") condition(filter(f_hbsclient))); - set("<%= @system_name %> horizon.log ${HOST}", value("HOST") condition(filter(f_horizon))); - set("<%= @system_name %> hostwd.log ${HOST}", value("HOST") condition(filter(f_hostw))); - set("<%= @system_name %> hwmond.log ${HOST}", value("HOST") condition(filter(f_hwmon))); - set("<%= @system_name %> kern.log ${HOST}", value("HOST") condition(filter(f_kern))); - set("<%= @system_name %> keystone-api.log ${HOST}", value("HOST") condition(filter(f_keystoneapi))); - set("<%= @system_name %> keystone-all.log ${HOST}", value("HOST") condition(filter(f_keystoneall))); - set("<%= @system_name %> libvirtd.log ${HOST}", value("HOST") condition(filter(f_libvirtd))); - set("<%= @system_name %> local4.log ${HOST}", value("HOST") condition(filter(f_local4))); - set("<%= @system_name %> lpr.log ${HOST}", value("HOST") condition(filter(f_lpr))); - set("<%= @system_name %> mail.log ${HOST}", value("HOST") condition(filter(f_mail))); - set("<%= @system_name %> mtcAgent_alarm.log ${HOST}", value("HOST") condition(filter(f_mtcagentalarm))); - set("<%= @system_name %> mtcAgent_api.log ${HOST}", value("HOST") condition(filter(f_mtcagentapi))); - set("<%= @system_name %> mtcAgent_event.log ${HOST}", value("HOST") condition(filter(f_mtcagentevent))); - set("<%= @system_name %> mtcAgent.log ${HOST}", value("HOST") condition(filter(f_mtcagent))); - set("<%= @system_name %> mtcClient.log ${HOST}", value("HOST") condition(filter(f_mtcclient))); - set("<%= @system_name %> news.crit ${HOST}", value("HOST") condition(filter(f_newscrit))); - set("<%= @system_name %> news.err ${HOST}", value("HOST") condition(filter(f_newserr))); - set("<%= @system_name %> news.notice ${HOST}", value("HOST") condition(filter(f_newsnotice))); - set("<%= @system_name %> nfv-vim-api.log ${HOST}", value("HOST") condition(filter(f_vim_api))); - set("<%= @system_name %> nfv-vim.log ${HOST}", value("HOST") condition(filter(f_vim))); - set("<%= @system_name %> nfv-vim-webserver.log ${HOST}", value("HOST") condition(filter(f_vim_webserver))); - set("<%= @system_name %> openstack.log ${HOST}", value("HOST") condition(filter(f_local2))); - set("<%= @system_name %> platform.log ${HOST}", value("HOST") condition(filter(f_local1))); - set("<%= @system_name %> pmond.log ${HOST}", value("HOST") condition(filter(f_pmon))); - set("<%= @system_name %> postgres.log ${HOST}", value("HOST") condition(filter(f_local0))); - set("<%= @system_name %> sm.log ${HOST}", value("HOST") condition(filter(f_local3))); - set("<%= @system_name %> sysinv-api.log ${HOST}", value("HOST") condition(filter(f_sysinvapi))); - set("<%= @system_name %> sysinv.log ${HOST}", value("HOST") condition(filter(f_sysinv))); - set("<%= @system_name %> syslog ${HOST}", value("HOST") condition(filter(f_syslog))); - set("<%= @system_name %> user.log ${HOST}", value("HOST") condition(filter(f_user))); - set("<%= @system_name %> uucp.log ${HOST}", value("HOST") condition(filter(f_uucp))); - set("<%= @system_name %> snmp-api.log ${HOST}", value("HOST") condition(filter(f_snmpat))); - # Most logs write log level to the message field. some writes it to the PRIORITY field - # The priority field is not sent remotely. This is because tcp/udp destinations don't - # work well with templates, which we use to write the priority field to log files on the - # controllers. These lines append the priority/log level field before the message - # in cases where the log level is sent through the priority field as opposed to the - # message field - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_daemon))); - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_auth))); - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_cron))); - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_kern))); - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_user))); - # postgres - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_local0))); - # platform - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_local1))); - # sm - set("${PRIORITY} ${MSG}", value("MSG") condition(filter(f_local3))); -}; - -# This rewrite set is used by haproxy and 'HOST' is replaced with the hostname by packstack. -rewrite r_hap_rewrite_set{ - set("<%= @system_name %> haproxy.log <%= @hostname %>", value("HOST") condition(filter(f_local1))); -}; - -####################################################### -# Log to remote log server configured in syslog-ng.conf -####################################################### - -log { source(s_src); rewrite(r_rewrite_set); destination(remote_log_server); }; -log { source(s_udp); rewrite(r_hap_rewrite_set); destination(remote_log_server); }; - diff --git a/puppet-manifests/src/modules/platform/templates/resolv.conf.erb b/puppet-manifests/src/modules/platform/templates/resolv.conf.erb deleted file mode 100644 index c182dfa515..0000000000 --- a/puppet-manifests/src/modules/platform/templates/resolv.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -<%- scope['platform::dns::resolv::servers'].each do |server| -%> -nameserver <%= server %> -<%- end -%> diff --git a/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb b/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb deleted file mode 100644 index 32902d68ed..0000000000 --- a/puppet-manifests/src/modules/platform/templates/sm-api.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -# -# Config file for sm-api. -# -[DEFAULT] -sm_api_port=<%= @port %> -sm_api_bind_ip=<%= @bind_ip %> -api_public_url=<%= @public_url %> -api_admin_url=<%= @admin_url %> - -[keystone_authtoken] -auth_type=password -auth_url=<%= @keystone_auth_url %> -auth_uri=<%= @keystone_auth_url %> -username=<%= @keystone_username %> -password=<%= @keystone_password %> -project_domain_name=Default -project_name=services -user_domain_name=Default -user_name=<%= @keystone_username %> -region_name=<%= @region %> - diff --git a/puppet-manifests/src/modules/platform/templates/snmpd.conf.erb b/puppet-manifests/src/modules/platform/templates/snmpd.conf.erb deleted file mode 100644 index 7acfcb8c4a..0000000000 --- a/puppet-manifests/src/modules/platform/templates/snmpd.conf.erb +++ /dev/null @@ -1,33 +0,0 @@ -########################################################################### -# -# snmpd.conf -# -# - This file is managed by Puppet. DO NOT EDIT. -# -########################################################################### -# incl/excl subtree mask -view all included .1 80 - -sysDescr <%= @software_version %> <%= @system_info %> -sysObjectID 1.3.6.1.4.1.731.3 -sysContact <%= @system_contact %> -sysName <%= @system_name %> -sysLocation <%= @system_location %> -sysServices 72 - -[snmp] clientaddr oamcontroller -dlmod cgtsAgentPlugin /usr/lib64/libcgtsAgentPlugin.so.1 -dlmod snmpAuditPlugin /usr/lib64/libsnmpAuditPlugin.so.1 - -# Insert the snmpAudit hander into specific sections of the mib tree -injectHandler snmpAudit null -injectHandler snmpAudit bulk_to_next -<%- @community_strings.each do |community| -%> -rocommunity <%= community %> -rocommunity6 <%= community %> -<%- end -%> -<%- @trap_destinations.each do |destination| -%> -trap2sink <%= destination %> -<%- end -%> - - diff --git a/puppet-manifests/src/modules/platform/templates/sriov-cni.yaml.erb b/puppet-manifests/src/modules/platform/templates/sriov-cni.yaml.erb deleted file mode 100644 index 1ab4fd98c4..0000000000 --- a/puppet-manifests/src/modules/platform/templates/sriov-cni.yaml.erb +++ /dev/null @@ -1,45 +0,0 @@ -# SRIOV-CNI Release v1 -# Based on: -# https://github.com/intel/sriov-cni/blob/master/images/sriov-cni-daemonset.yaml ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-sriov-cni-ds-amd64 - namespace: kube-system - labels: - tier: node - app: sriov-cni -spec: - template: - metadata: - labels: - tier: node - app: sriov-cni - spec: - hostNetwork: true - nodeSelector: - beta.kubernetes.io/arch: amd64 - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - containers: - - name: kube-sriov-cni - image: <%= @docker_registry %>/starlingx/k8s-cni-sriov:master-centos-stable-latest - securityContext: - privileged: true - resources: - requests: - cpu: "100m" - memory: "50Mi" - limits: - cpu: "100m" - memory: "50Mi" - volumeMounts: - - name: cnibin - mountPath: /host/opt/cni/bin - volumes: - - name: cnibin - hostPath: - path: /opt/cni/bin diff --git a/puppet-manifests/src/modules/platform/templates/sriov.bind-device.erb b/puppet-manifests/src/modules/platform/templates/sriov.bind-device.erb deleted file mode 100644 index 409771d93e..0000000000 --- a/puppet-manifests/src/modules/platform/templates/sriov.bind-device.erb +++ /dev/null @@ -1,3 +0,0 @@ -<%- @vf_addrs.each_with_index do |addr, idx| -%> -/usr/share/openvswitch/scripts/dpdk-devbind.py --bind=<%= @vf_driver -%> <%= addr %> -<%- end -%> \ No newline at end of file diff --git a/puppet-manifests/src/modules/platform/templates/sriovdp-daemonset.yaml.erb b/puppet-manifests/src/modules/platform/templates/sriovdp-daemonset.yaml.erb deleted file mode 100644 index a99875ccf9..0000000000 --- a/puppet-manifests/src/modules/platform/templates/sriovdp-daemonset.yaml.erb +++ /dev/null @@ -1,68 +0,0 @@ -# SRIOV device CNI plugin -# Based on: -# https://github.com/intel/sriov-cni/blob/master/images/sriov-cni-daemonset.yaml -# -# The following modifications have been made: -# -# - A nodeSelector of 'sriovdp' has been added to ensure the sriov device plugin -# pods only run on appropriately labelled nodes. -# - The config hostPath is explicitly set to 'File' ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sriov-device-plugin - namespace: kube-system - ---- -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: kube-sriov-device-plugin-amd64 - namespace: kube-system - labels: - tier: node - app: sriovdp -spec: - template: - metadata: - labels: - tier: node - app: sriovdp - spec: - nodeSelector: - beta.kubernetes.io/arch: amd64 - sriovdp: enabled - tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - serviceAccountName: sriov-device-plugin - containers: - - name: kube-sriovdp - image: <%= @docker_registry %>/starlingx/k8s-plugins-sriov-network-device:master-centos-stable-latest - args: - - --log-level=10 - securityContext: - privileged: false - volumeMounts: - - name: devicesock - mountPath: /var/lib/kubelet/device-plugins/ - readOnly: false - - name: sysfs - mountPath: /sys - readOnly: true - - name: config - mountPath: /etc/pcidp/config.json - readOnly: true - volumes: - - name: devicesock - hostPath: - path: /var/lib/kubelet/device-plugins/ - - name: sysfs - hostPath: - path: /sys - - name: config - hostPath: - path: /etc/pcidp/config.json - type: File diff --git a/puppet-manifests/src/modules/platform/templates/systemd-system-cpuaffinity.conf.erb b/puppet-manifests/src/modules/platform/templates/systemd-system-cpuaffinity.conf.erb deleted file mode 100755 index 0bc4104259..0000000000 --- a/puppet-manifests/src/modules/platform/templates/systemd-system-cpuaffinity.conf.erb +++ /dev/null @@ -1,3 +0,0 @@ -[Manager] -CPUAffinity=<%= @platform_cpu_list %> - diff --git a/puppet-manifests/src/modules/platform/templates/worker_reserved.conf.erb b/puppet-manifests/src/modules/platform/templates/worker_reserved.conf.erb deleted file mode 100755 index f482b48af1..0000000000 --- a/puppet-manifests/src/modules/platform/templates/worker_reserved.conf.erb +++ /dev/null @@ -1,74 +0,0 @@ -################################################################################ -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - This file is managed by Puppet. DO NOT EDIT. -################################################################################ -# WORKER Node configuration parameters for reserved memory and physical cores -# used by Base software and VSWITCH. These are resources that libvirt cannot use. -# - -################################################################################ -# -# List of logical CPU instances available in the system. This value is used -# for auditing purposes so that the current configuration can be checked for -# validity against the actual number of logical CPU instances in the system. -# -################################################################################ -WORKER_CPU_LIST=<%= @worker_cpu_list %> - -################################################################################ -# -# List of logical CPU instances that reserved for platform applications. -# -################################################################################ -PLATFORM_CPU_LIST=<%= @platform_cpu_list %> - -################################################################################ -# -# List of Base software resources reserved per numa node. Each array element -# consists of a 3-tuple formatted as: ::. -# -# Example: To reserve 1500MB and 1 core on NUMA node0, and 1500MB and 1 core -# on NUMA node1, the variable must be specified as follows. -# WORKER_BASE_MEMORY=("node0:1500MB:1" "node1:1500MB:1") -# -################################################################################ -WORKER_BASE_RESERVED=<%= @worker_base_reserved %> - -################################################################################ -# -# List of HugeTLB memory descriptors to configure. Each array element -# consists of a 3-tuple descriptor formatted as: ::. -# The NUMA node specified must exist and the HugeTLB pagesize must be a valid -# value such as 2048kB or 1048576kB. -# -# For example, to request 256 x 2MB HugeTLB pages on NUMA node0 and node1 the -# variable must be specified as follows. -# COMPUTE_VSWITCH_MEMORY=("node0:2048kB:256" "node1:2048kB:256") -# -################################################################################ -COMPUTE_VSWITCH_MEMORY=<%= @compute_vswitch_reserved %> - -################################################################################ -# -# List of VSWITCH physical cores reserved for VSWITCH applications. -# -# Example: To reserve 2 cores on NUMA node0, and 2 cores on NUMA node1, the -# variable must be specified as follows. -# COMPUTE_VSWITCH_CORES=("node0:2" "node1:2") -# -################################################################################ -COMPUTE_VSWITCH_CORES=<%= @reserved_vswitch_cores %> - -################################################################################ -# -# List of platform physical cores reserved for platform applications. -# -# Example: To reserve 1 core on NUMA node0, the variable must be specified -# as follows. -# WORKER_PLATFORM_CORES=("node0:0") -# -################################################################################ -WORKER_PLATFORM_CORES=<%= @reserved_platform_cores %> diff --git a/puppet-manifests/tox.ini b/puppet-manifests/tox.ini deleted file mode 100644 index a9a8e59da3..0000000000 --- a/puppet-manifests/tox.ini +++ /dev/null @@ -1,35 +0,0 @@ -# -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# Tox (http://tox.testrun.org/) is a tool for running tests -# in multiple virtualenvs. This configuration file will run the -# test suite on all supported python versions. To use it, "pip install tox" -# and then run "tox" from this directory. -[tox] -toxworkdir = /tmp/{env:USER}_puppet-manifests -envlist = puppetlint -skipsdist = True - -[testenv] -recreate = True - -[testenv:puppetlint] -# Note: centos developer env requires ruby-devel -# Ubuntu developer env requires ruby-dev -deps = -whitelist_externals = - gem - bash -setenv = - GEM_HOME = {envdir} - GEM_PATH = {envdir} -skip_tests = \ - --no-autoloader_layout-check \ - --no-documentation-check -commands = - gem install --no-document json puppet-lint - bash -c "find {toxinidir} -name \*.pp -print0 | xargs -0 puppet-lint --fail-on-warnings {[testenv:puppetlint]skip_tests}" - diff --git a/puppet-modules-wrs/puppet-dcdbsync/PKG_INFO b/puppet-modules-wrs/puppet-dcdbsync/PKG_INFO deleted file mode 100644 index d77f0619c4..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-dcdbsync -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-dcdbsync/centos/build_srpm.data b/puppet-modules-wrs/puppet-dcdbsync/centos/build_srpm.data deleted file mode 100644 index 29c4710a74..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/centos/build_srpm.data +++ /dev/null @@ -1,3 +0,0 @@ -SRC_DIR="src" -COPY_LIST="$SRC_DIR/LICENSE" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-dcdbsync/centos/puppet-dcdbsync.spec b/puppet-modules-wrs/puppet-dcdbsync/centos/puppet-dcdbsync.spec deleted file mode 100644 index b435be3f37..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/centos/puppet-dcdbsync.spec +++ /dev/null @@ -1,35 +0,0 @@ -%global module_dir dcdbsync - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet dcdbsync module -License: Apache -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz -Source1: LICENSE - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for dcorch dbsync service - -%prep -%autosetup -c %{module_dir} - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -install -d -m 0755 %{buildroot}%{_datadir}/puppet/modules/%{module_dir} -cp -R %{name}-%{version}/%{module_dir} %{buildroot}%{_datadir}/puppet/modules - -%files -%license %{name}-%{version}/LICENSE -%{_datadir}/puppet/modules/%{module_dir} - diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/LICENSE b/puppet-modules-wrs/puppet-dcdbsync/src/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/LICENSE b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_config/ini_setting.rb b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_config/ini_setting.rb deleted file mode 100644 index 9a27027a27..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/provider/dcdbsync_config/ini_setting.rb +++ /dev/null @@ -1,37 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Jan 2019 Creation based off puppet-sysinv -# - -Puppet::Type.type(:dcdbsync_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/dcdbsync/dcdbsync.conf' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_config.rb b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_config.rb deleted file mode 100644 index 2ada627417..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/lib/puppet/type/dcdbsync_config.rb +++ /dev/null @@ -1,52 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Jan 2019 Creation based off puppet-sysinv -# - -Puppet::Type.newtype(:dcdbsync_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/dcdbsync/dcdbsync.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/api.pp b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/api.pp deleted file mode 100644 index 2710a311cf..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/api.pp +++ /dev/null @@ -1,183 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# == Class: dcdbsync::api -# -# Setup and configure the dcdbsync API endpoint -# -# === Parameters -# -# [*keystone_password*] -# The password to use for authentication (keystone) -# -# [*keystone_enabled*] -# (optional) Use keystone for authentification -# Defaults to true -# -# [*keystone_tenant*] -# (optional) The tenant of the auth user -# Defaults to services -# -# [*keystone_user*] -# (optional) The name of the auth user -# Defaults to dcdbsync -# -# [*keystone_auth_host*] -# (optional) The keystone host -# Defaults to localhost -# -# [*keystone_auth_port*] -# (optional) The keystone auth port -# Defaults to 5000 -# -# [*keystone_auth_protocol*] -# (optional) The protocol used to access the auth host -# Defaults to http. -# -# [*keystone_auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:5000/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# -# [*keystone_user_domain*] -# (Optional) domain name for auth user. -# Defaults to 'Default'. -# -# [*keystone_project_domain*] -# (Optional) domain name for auth project. -# Defaults to 'Default'. -# -# [*auth_type*] -# (Optional) Authentication type to load. -# Defaults to 'password'. -# -# [*bind_port*] -# (optional) The dcorch dbsync api port -# Defaults to 8219 -# -# [*package_ensure*] -# (optional) The state of the package -# Defaults to present -# -# [*bind_host*] -# (optional) The dcorch dbsync api bind address -# Defaults to 0.0.0.0 -# -# [*enabled*] -# (optional) The state of the service -# Defaults to true -# -class dcdbsync::api ( - $keystone_password, - $keystone_enabled = true, - $keystone_tenant = 'services', - $keystone_user = 'dcdbsync', - $keystone_auth_host = 'localhost', - $keystone_auth_port = '5000', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $keystone_auth_uri = false, - $keystone_auth_version = false, - $keystone_identity_uri = false, - $keystone_user_domain = 'Default', - $keystone_project_domain = 'Default', - $auth_type = 'password', - $package_ensure = 'latest', - $bind_host = '0.0.0.0', - $bind_port = 8219, - $enabled = false -) { - - include dcdbsync::params - - Dcdbsync_config<||> ~> Service['dcdbsync-api'] - - if $::dcdbsync::params::api_package { - Package['dcdbsync-api'] -> Dcdbsync_config<||> - Package['dcdbsync-api'] -> Service['dcdbsync-api'] - package { 'dcdbsync-api': - ensure => $package_ensure, - name => $::dcdbsync::params::api_package, - } - } - - dcdbsync_config { - 'DEFAULT/bind_host': value => $bind_host; - 'DEFAULT/bind_port': value => $bind_port; - } - - if $keystone_identity_uri { - dcdbsync_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } - dcdbsync_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; } - } else { - dcdbsync_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/v3"; } - } - - if $keystone_auth_uri { - dcdbsync_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } - } else { - dcdbsync_config { - 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/v3"; - } - } - - if $keystone_auth_version { - dcdbsync_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } - } else { - dcdbsync_config { 'keystone_authtoken/auth_version': ensure => absent; } - } - - if $keystone_enabled { - dcdbsync_config { - 'DEFAULT/auth_strategy': value => 'keystone' ; - } - dcdbsync_config { - 'keystone_authtoken/auth_type': value => $auth_type; - 'keystone_authtoken/project_name': value => $keystone_tenant; - 'keystone_authtoken/username': value => $keystone_user; - 'keystone_authtoken/password': value => $keystone_password, secret=> true; - 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; - 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; - } - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - dcdbsync_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - dcdbsync_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - } - else - { - dcdbsync_config { - 'DEFAULT/auth_strategy': value => 'noauth' ; - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcdbsync-api': - ensure => $ensure, - name => $::dcdbsync::params::api_service, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'dcdbsync-api', - } - Keystone_endpoint<||> -> Service['dcdbsync-api'] -} diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/init.pp b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/init.pp deleted file mode 100644 index 7e87d6d26f..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/init.pp +++ /dev/null @@ -1,85 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Jan 2019 Creation based off puppet-sysinv -# - -# -# == Parameters -# -# [use_syslog] -# Use syslog for logging. -# (Optional) Defaults to false. -# -# [log_facility] -# Syslog facility to receive log lines. -# (Optional) Defaults to LOG_USER. - -class dcdbsync ( - $database_connection = '', - $database_idle_timeout = 3600, - $database_max_pool_size = 5, - $database_max_overflow = 10, - $package_ensure = 'present', - $use_stderr = false, - $log_file = 'dcdbsync.log', - $log_dir = '/var/log/dcdbsync', - $use_syslog = false, - $log_facility = 'LOG_USER', - $verbose = false, - $debug = false, - $region_name = 'RegionOne', -) { - - include dcdbsync::params - - Package['dcdbsync'] -> Dcdbsync_config<||> - - package { 'dcdbsync': - ensure => $package_ensure, - name => $::dcdbsync::params::package_name, - } - - file { $::dcdbsync::params::conf_file: - ensure => present, - mode => '0600', - require => Package['dcdbsync'], - } - - dcdbsync_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; - } - - # Automatically add psycopg2 driver to postgresql (only does this if it is missing) - $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') - - dcdbsync_config { - 'database/connection': value => $real_connection, secret => true; - 'database/idle_timeout': value => $database_idle_timeout; - 'database/max_pool_size': value => $database_max_pool_size; - 'database/max_overflow': value => $database_max_overflow; - } - - if $use_syslog { - dcdbsync_config { - 'DEFAULT/use_syslog': value => true; - 'DEFAULT/syslog_log_facility': value => $log_facility; - } - } else { - dcdbsync_config { - 'DEFAULT/use_syslog': value => false; - 'DEFAULT/use_stderr': value => false; - 'DEFAULT/log_file' : value => $log_file; - 'DEFAULT/log_dir' : value => $log_dir; - } - } - - dcdbsync_config { - 'keystone_authtoken/region_name': value => $region_name; - } -} diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/keystone/auth.pp deleted file mode 100644 index f5cb4dbf7c..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/keystone/auth.pp +++ /dev/null @@ -1,51 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Jan 2019: creation -# - -# == Class: dcdbsync::keystone::auth -# -# Configures dbsync user, service and endpoint in Keystone. -# -class dcdbsync::keystone::auth ( - $password, - $auth_domain, - $auth_name = 'dcdbsync', - $email = 'dcdbsync@localhost', - $tenant = 'services', - $region = 'RegionOne', - $service_description = 'DCOrch DBsync service', - $service_name = 'dcdbsync', - $service_type = 'dcorch-dbsync', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:8219/v1', - $admin_url = 'http://127.0.0.1:8219/v1', - $internal_url = 'http://127.0.0.1:8219/v1', -) { - - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { 'dcdbsync': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_type => $service_type, - service_description => $service_description, - service_name => $real_service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } -} diff --git a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/params.pp b/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/params.pp deleted file mode 100644 index 1e22b49c2b..0000000000 --- a/puppet-modules-wrs/puppet-dcdbsync/src/dcdbsync/manifests/params.pp +++ /dev/null @@ -1,29 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2019 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - -class dcdbsync::params { - - $conf_dir = '/etc/dcdbsync' - $conf_file = '/etc/dcdbsync/dcdbsync.conf' - - if $::osfamily == 'Debian' { - $package_name = 'distributedcloud-dcdbsync' - $api_package = 'distributedcloud-dcdbsync' - $api_service = 'dcdbsync-api' - - } elsif($::osfamily == 'RedHat') { - - $package_name = 'distributedcloud-dcdbsync' - $api_package = false - $api_service = 'dcdbsync-api' - - } else { - fail("Unsupported osfamily ${::osfamily}") - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/PKG_INFO b/puppet-modules-wrs/puppet-dcmanager/PKG_INFO deleted file mode 100644 index fca2927428..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-dcmanager -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-dcmanager/centos/build_srpm.data b/puppet-modules-wrs/puppet-dcmanager/centos/build_srpm.data deleted file mode 100644 index 3f8ebcf32e..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-dcmanager/centos/puppet-dcmanager.spec b/puppet-modules-wrs/puppet-dcmanager/centos/puppet-dcmanager.spec deleted file mode 100644 index dd99ebc4a2..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/centos/puppet-dcmanager.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir dcmanager - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet dcmanager module -License: Apache -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for dcmanager - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/LICENSE b/puppet-modules-wrs/puppet-dcmanager/src/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcmanager/src/Makefile b/puppet-modules-wrs/puppet-dcmanager/src/Makefile deleted file mode 100644 index 95a83005b0..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/dcmanager - cp -R dcmanager/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/.fixtures.yml b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/.fixtures.yml deleted file mode 100644 index 8d2e42996d..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/.fixtures.yml +++ /dev/null @@ -1,19 +0,0 @@ -fixtures: - repositories: - "apt": "git://github.com/puppetlabs/puppetlabs-apt.git" - "keystone": "git://github.com/stackforge/puppet-keystone.git" - "mysql": - repo: "git://github.com/puppetlabs/puppetlabs-mysql.git" - ref: 'origin/0.x' - "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" - "sysctl": "git://github.com/duritong/puppet-sysctl.git" - "rabbitmq": - repo: "git://github.com/puppetlabs/puppetlabs-rabbitmq" - ref: 'origin/2.x' - "inifile": "git://github.com/puppetlabs/puppetlabs-inifile" - "qpid": "git://github.com/dprince/puppet-qpid.git" - 'postgresql': - repo: "git://github.com/puppetlabs/puppet-postgresql.git" - ref: 'origin/4.1.x' - symlinks: - "dcmanager": "#{source_dir}" diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Gemfile b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Gemfile deleted file mode 100644 index 89f2e1b25d..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Gemfile +++ /dev/null @@ -1,14 +0,0 @@ -source 'https://rubygems.org' - -group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', '~> 0.3.2' -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/LICENSE b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Modulefile b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Modulefile deleted file mode 100644 index 456eacefec..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Modulefile +++ /dev/null @@ -1,14 +0,0 @@ -name 'puppetlabs-dcmanager' -version '2.1.0' -source 'https://github.com/stackforge/puppet-dcmanager' -author 'Puppet Labs' -license 'Apache License 2.0' -summary 'Puppet Labs dcmanager Module' -description 'Puppet module to install and configure the dcmanager platform service' -project_page 'https://launchpad.net/puppet-openstack' - -dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0' -dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0' -dependency 'puppetlabs/stdlib', '>=2.5.0' -dependency 'puppetlabs/rabbitmq', '>=2.0.2 <3.0.0' -dependency 'dprince/qpid', '>=1.0.0 <2.0.0' diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Rakefile b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Rakefile deleted file mode 100644 index 4c2b2ed07e..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/Rakefile +++ /dev/null @@ -1,6 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/provider/dcmanager_config/ini_setting.rb b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/provider/dcmanager_config/ini_setting.rb deleted file mode 100644 index 03a44fd7d0..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/provider/dcmanager_config/ini_setting.rb +++ /dev/null @@ -1,37 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.type(:dcmanager_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/dcmanager/dcmanager.conf' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/type/dcmanager_config.rb b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/type/dcmanager_config.rb deleted file mode 100644 index ebd3454662..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/lib/puppet/type/dcmanager_config.rb +++ /dev/null @@ -1,52 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.newtype(:dcmanager_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/dcmanager/dcmanager.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/api.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/api.pp deleted file mode 100644 index 31e0d08f53..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/api.pp +++ /dev/null @@ -1,198 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# == Class: dcmanager::api -# -# Setup and configure the dcmanager API endpoint -# -# === Parameters -# -# [*keystone_password*] -# The password to use for authentication (keystone) -# -# [*keystone_enabled*] -# (optional) Use keystone for authentification -# Defaults to true -# -# [*keystone_tenant*] -# (optional) The tenant of the auth user -# Defaults to services -# -# [*keystone_user*] -# (optional) The name of the auth user -# Defaults to dcmanager -# -# [*keystone_auth_host*] -# (optional) The keystone host -# Defaults to localhost -# -# [*keystone_auth_port*] -# (optional) The keystone auth port -# Defaults to 5000 -# -# [*keystone_auth_protocol*] -# (optional) The protocol used to access the auth host -# Defaults to http. -# -# [*keystone_auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:5000/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# -# [*keystone_user_domain*] -# (Optional) domain name for auth user. -# Defaults to 'Default'. -# -# [*keystone_project_domain*] -# (Optional) domain name for auth project. -# Defaults to 'Default'. -# -# [*auth_type*] -# (Optional) Authentication type to load. -# Defaults to 'password'. -# -# [*service_port*] -# (optional) The dcmanager api port -# Defaults to 5000 -# -# [*package_ensure*] -# (optional) The state of the package -# Defaults to present -# -# [*bind_host*] -# (optional) The dcmanager api bind address -# Defaults to 0.0.0.0 -# -# [*pxeboot_host*] -# (optional) The dcmanager api pxeboot address -# Defaults to undef -# -# [*enabled*] -# (optional) The state of the service -# Defaults to true -# -class dcmanager::api ( - $keystone_password, - $keystone_admin_password, - $keystone_admin_user = 'admin', - $keystone_admin_tenant = 'admin', - $keystone_enabled = true, - $keystone_tenant = 'services', - $keystone_user = 'dcmanager', - $keystone_auth_host = 'localhost', - $keystone_auth_port = '5000', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $keystone_auth_uri = false, - $keystone_auth_version = false, - $keystone_identity_uri = false, - $keystone_user_domain = 'Default', - $keystone_project_domain = 'Default', - $auth_type = 'password', - $service_port = '5000', - $package_ensure = 'latest', - $bind_host = '0.0.0.0', - $enabled = false, - $sync_db = false, -) { - - include dcmanager::params - include dcmanager::deps - - if $::dcmanager::params::api_package { - package { 'dcmanager': - ensure => $package_ensure, - name => $::dcmanager::params::api_package, - tag => 'dcmanager-package', - } - } - - dcmanager_config { - 'DEFAULT/bind_host': value => $bind_host; - } - - - if $keystone_identity_uri { - dcmanager_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } - dcmanager_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; } - } else { - dcmanager_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/v3"; } - } - - if $keystone_auth_uri { - dcmanager_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } - } else { - dcmanager_config { - 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/v3"; - } - } - - if $keystone_auth_version { - dcmanager_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } - } else { - dcmanager_config { 'keystone_authtoken/auth_version': ensure => absent; } - } - - if $keystone_enabled { - dcmanager_config { - 'DEFAULT/auth_strategy': value => 'keystone' ; - } - dcmanager_config { - 'keystone_authtoken/auth_type': value => $auth_type; - 'keystone_authtoken/project_name': value => $keystone_tenant; - 'keystone_authtoken/username': value => $keystone_user; - 'keystone_authtoken/password': value => $keystone_password, secret=> true; - 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; - 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; - } - dcmanager_config { - 'cache/admin_tenant': value => $keystone_admin_tenant; - 'cache/admin_username': value => $keystone_admin_user; - 'cache/admin_password': value => $keystone_admin_password, secret=> true; - } - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - dcmanager_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - dcmanager_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - } - else - { - dcmanager_config { - 'DEFAULT/auth_strategy': value => 'noauth' ; - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcmanager-api': - ensure => $ensure, - name => $::dcmanager::params::api_service, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'dcmanager-service', - } - Keystone_endpoint<||> -> Service['dcmanager-api'] - - if $sync_db { - include ::dcmanager::db::sync - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/client.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/client.pp deleted file mode 100644 index 7cd0f05249..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/client.pp +++ /dev/null @@ -1,32 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -# == Class: dcmanager::client -# -# Installs Dcmanager python client. -# -# === Parameters -# -# [*ensure*] -# Ensure state for package. Defaults to 'present'. -# -class dcmanager::client( - $package_ensure = 'present' -) { - - include dcmanager::params - include dcmanager::deps - - package { 'dcmanagerclient': - ensure => $package_ensure, - name => $::dcmanager::params::client_package, - tag => 'dcmanager-package', - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/postgresql.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/postgresql.pp deleted file mode 100644 index 7a4dcc98c4..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/postgresql.pp +++ /dev/null @@ -1,56 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -# Class that configures postgresql for dcmanager -# -# Requires the Puppetlabs postgresql module. -# === Parameters -# -# [*password*] -# (Required) Password to connect to the database. -# -# [*dbname*] -# (Optional) Name of the database. -# Defaults to 'dcmanager'. -# -# [*user*] -# (Optional) User to connect to the database. -# Defaults to 'dcmanager'. -# -# [*encoding*] -# (Optional) The charset to use for the database. -# Default to undef. -# -# [*privileges*] -# (Optional) Privileges given to the database user. -# Default to 'ALL' -# -class dcmanager::db::postgresql( - $password, - $dbname = 'dcmanager', - $user = 'dcmanager', - $encoding = undef, - $privileges = 'ALL', -) { - - include dcmanager::deps - - ::openstacklib::db::postgresql { 'dcmanager': - password_hash => postgresql_password($user, $password), - dbname => $dbname, - user => $user, - encoding => $encoding, - privileges => $privileges, - } - - Anchor['dcmanager::db::begin'] - ~> Class['dcmanager::db::postgresql'] - ~> Anchor['dcmanager::db::end'] -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/sync.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/sync.pp deleted file mode 100644 index e8e08c98ba..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/db/sync.pp +++ /dev/null @@ -1,31 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - -class dcmanager::db::sync { - - include dcmanager::params - include dcmanager::deps - - exec { 'dcmanager-dbsync': - command => $::dcmanager::params::db_sync_command, - path => '/usr/bin', - refreshonly => true, - logoutput => 'on_failure', - subscribe => [ - Anchor['dcmanager::install::end'], - Anchor['dcmanager::config::end'], - Anchor['dcmanager::db::end'], - Anchor['dcmanager::dbsync::begin'] - ], - notify => Anchor['dcmanager::dbsync::end'], - # Only do the db sync if both controllers are running the same software - # version. Avoids impacting mate controller during an upgrade. - onlyif => "test ${::controller_sw_versions_match} = true", - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/deps.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/deps.pp deleted file mode 100644 index 6aa77eb808..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/deps.pp +++ /dev/null @@ -1,25 +0,0 @@ -# == Class: dcmanager::deps -# -# dcmanager anchors and dependency management -# -class dcmanager::deps { - anchor { 'dcmanager::install::begin': } - -> Package<| tag == 'dcmanager-package'|> - ~> anchor { 'dcmanager::install::end': } - -> anchor { 'dcmanager::config::begin': } - -> Dcmanager_config<||> - ~> anchor { 'dcmanager::config::end': } - -> anchor { 'dcmanager::db::begin': } - -> anchor { 'dcmanager::db::end': } - ~> anchor { 'dcmanager::dbsync::begin': } - -> anchor { 'dcmanager::dbsync::end': } - ~> anchor { 'dcmanager::service::begin': } - ~> Service<| tag == 'dcmanager-service' |> - ~> anchor { 'dcmanager::service::end': } - - Oslo::Db<||> -> Anchor['dcmanager::dbsync::begin'] - - # Installation or config changes will always restart services. - Anchor['dcmanager::install::end'] ~> Anchor['dcmanager::service::begin'] - Anchor['dcmanager::config::end'] ~> Anchor['dcmanager::service::begin'] -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/init.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/init.pp deleted file mode 100644 index c6d6e64ea6..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/init.pp +++ /dev/null @@ -1,109 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -# -# == Parameters -# -# [use_syslog] -# Use syslog for logging. -# (Optional) Defaults to false. -# -# [log_facility] -# Syslog facility to receive log lines. -# (Optional) Defaults to LOG_USER. - -class dcmanager ( - $database_connection = '', - $database_idle_timeout = 3600, - $database_max_pool_size = 5, - $database_max_overflow = 10, - $control_exchange = 'openstack', - $rabbit_host = '127.0.0.1', - $rabbit_port = 5672, - $rabbit_hosts = false, - $rabbit_virtual_host = '/', - $rabbit_userid = 'guest', - $rabbit_password = false, - $package_ensure = 'present', - $use_stderr = false, - $log_file = 'dcmanager.log', - $log_dir = '/var/log/dcmanager', - $use_syslog = false, - $log_facility = 'LOG_USER', - $verbose = false, - $debug = false, - $dcmanager_api_port = 8119, - $dcmanager_mtc_inv_label = '/v1/', - $region_name = 'RegionOne', -) { - - include dcmanager::params - include dcmanager::deps - - # this anchor is used to simplify the graph between dcmanager components by - # allowing a resource to serve as a point where the configuration of dcmanager begins - anchor { 'dcmanager-start': } - - package { 'dcmanager': - ensure => $package_ensure, - name => $::dcmanager::params::package_name, - require => Anchor['dcmanager-start'], - } - - file { $::dcmanager::params::dcmanager_conf: - ensure => present, - mode => '0600', - require => Package['dcmanager'], - } - - dcmanager_config { - 'DEFAULT/transport_url': value => $::platform::amqp::params::transport_url; - } - - dcmanager_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; - } - - # Automatically add psycopg2 driver to postgresql (only does this if it is missing) - $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') - - dcmanager_config { - 'database/connection': value => $real_connection, secret => true; - 'database/connection_recycle_time': value => $database_idle_timeout; - 'database/max_pool_size': value => $database_max_pool_size; - 'database/max_overflow': value => $database_max_overflow; - } - - if $use_syslog { - dcmanager_config { - 'DEFAULT/use_syslog': value => true; - 'DEFAULT/syslog_log_facility': value => $log_facility; - } - } else { - dcmanager_config { - 'DEFAULT/use_syslog': value => false; - 'DEFAULT/use_stderr': value => false; - 'DEFAULT/log_file' : value => $log_file; - 'DEFAULT/log_dir' : value => $log_dir; - } - } - - dcmanager_config { - 'keystone_authtoken/region_name': value => $region_name; - } - - file {'/etc/bash_completion.d/dcmanager.bash_completion': - ensure => present, - mode => '0644', - content => generate('/bin/dcmanager', 'complete'), - } - -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/keystone/auth.pp deleted file mode 100644 index e4cb33638a..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/keystone/auth.pp +++ /dev/null @@ -1,61 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# DEC 2017: creation -# - -# == Class: dcmanager::keystone::auth -# -# Configures dcmanager user, service and endpoint in Keystone. -# -class dcmanager::keystone::auth ( - $password, - $auth_domain, - $admin_project_name, - $admin_project_domain, - $auth_name = 'dcmanager', - $email = 'dcmanager@localhost', - $tenant = 'admin', - $region = 'SystemController', - $service_description = 'DCManagerService', - $service_name = undef, - $service_type = 'dcmanager', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:8119/v1', - $admin_url = 'http://127.0.0.1:8119/v1', - $internal_url = 'http://127.0.0.1:8119/v1', -) { - - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { 'dcmanager': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_type => $service_type, - service_description => $service_description, - service_name => $real_service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } - - -> keystone_user_role { "${auth_name}@${admin_project_name}": - ensure => present, - user_domain => $auth_domain, - project_domain => $admin_project_domain, - roles => ['admin'], - } - -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/manager.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/manager.pp deleted file mode 100644 index ce35ce87f5..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/manager.pp +++ /dev/null @@ -1,41 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -class dcmanager::manager ( - $package_ensure = 'latest', - $enabled = false -) { - - include dcmanager::params - include dcmanager::deps - - if $::dcmanager::params::manager_package { - package { 'dcmanager-manager': - ensure => $package_ensure, - name => $::dcmanager::params::manager_package, - tag => 'dcmanager-package', - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcmanager-manager': - ensure => $ensure, - name => $::dcmanager::params::manager_service, - enable => $enabled, - hasstatus => false, - require => Package['dcmanager'], - tag => 'dcmanager-service', - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/params.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/params.pp deleted file mode 100644 index 5cbfb50659..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/params.pp +++ /dev/null @@ -1,47 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - -class dcmanager::params { - - $dcmanager_dir = '/etc/dcmanager' - $dcmanager_conf = '/etc/dcmanager/dcmanager.conf' - - if $::osfamily == 'Debian' { - $package_name = 'distributedcloud-dcmanager' - $client_package = 'distributedcloud-client-dcmanagerclient' - $api_package = 'distributedcloud-dcmanager' - $api_service = 'dcmanager-api' - $manager_package = 'distributedcloud-dcmanager' - $manager_service = 'dcmanager-manager' - $db_sync_command = 'dcmanager-manage db_sync' - - } elsif($::osfamily == 'RedHat') { - - $package_name = 'distributedcloud-dcmanager' - $client_package = 'distributedcloud-client-dcmanagerclient' - $api_package = false - $api_service = 'dcmanager-api' - $manager_package = false - $manager_service = 'dcmanager-manager' - $db_sync_command = 'dcmanager-manage db_sync' - - } elsif($::osfamily == 'WRLinux') { - - $package_name = 'dcmanager' - $client_package = 'distributedcloud-client-dcmanagerclient' - $api_package = false - $api_service = 'dcmanager-api' - $manager_package = false - $manager_service = 'dcmanager-manager' - $db_sync_command = 'dcmanager-manage db_sync' - - } else { - fail("unsuported osfamily ${::osfamily}, currently WindRiver, Debian, Redhat are the only supported platforms") - } -} diff --git a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/rabbitmq.pp b/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/rabbitmq.pp deleted file mode 100644 index 335722e90c..0000000000 --- a/puppet-modules-wrs/puppet-dcmanager/src/dcmanager/manifests/rabbitmq.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2018: creation -lplant -# -# class for installing rabbitmq server for dcorch -# -# -class dcmanager::rabbitmq( - $userid = 'guest', - $password = 'guest', - $port = '5672', - $virtual_host = '/', - $enabled = true -) { - - # only configure dcmanager after the queue is up - Class['rabbitmq::service'] -> Anchor<| title == 'dcmanager-start' |> - - if ($enabled) { - if $userid == 'guest' { - $delete_guest_user = false - } else { - $delete_guest_user = true - rabbitmq_user { $userid: - admin => true, - password => $password, - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - # I need to figure out the appropriate permissions - rabbitmq_user_permissions { "${userid}@${virtual_host}": - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - }->Anchor<| title == 'dcmanager-start' |> - } - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' - } - - class { '::rabbitmq::server': - service_ensure => $service_ensure, - port => $port, - delete_guest_user => $delete_guest_user, - } - - if ($enabled) { - rabbitmq_vhost { $virtual_host: - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/PKG_INFO b/puppet-modules-wrs/puppet-dcorch/PKG_INFO deleted file mode 100644 index 345c89ae14..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-dcorch -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-dcorch/centos/build_srpm.data b/puppet-modules-wrs/puppet-dcorch/centos/build_srpm.data deleted file mode 100644 index 3f8ebcf32e..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-dcorch/centos/puppet-dcorch.spec b/puppet-modules-wrs/puppet-dcorch/centos/puppet-dcorch.spec deleted file mode 100644 index 95a75be142..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/centos/puppet-dcorch.spec +++ /dev/null @@ -1,34 +0,0 @@ -%global module_dir dcorch - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet dcorch module -License: Apache -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for dcorch - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} - diff --git a/puppet-modules-wrs/puppet-dcorch/src/LICENSE b/puppet-modules-wrs/puppet-dcorch/src/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcorch/src/Makefile b/puppet-modules-wrs/puppet-dcorch/src/Makefile deleted file mode 100644 index 6c55689287..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/dcorch - cp -R dcorch/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/.fixtures.yml b/puppet-modules-wrs/puppet-dcorch/src/dcorch/.fixtures.yml deleted file mode 100644 index 49aee5cc0d..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/.fixtures.yml +++ /dev/null @@ -1,19 +0,0 @@ -fixtures: - repositories: - "apt": "git://github.com/puppetlabs/puppetlabs-apt.git" - "keystone": "git://github.com/stackforge/puppet-keystone.git" - "mysql": - repo: "git://github.com/puppetlabs/puppetlabs-mysql.git" - ref: 'origin/0.x' - "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" - "sysctl": "git://github.com/duritong/puppet-sysctl.git" - "rabbitmq": - repo: "git://github.com/puppetlabs/puppetlabs-rabbitmq" - ref: 'origin/2.x' - "inifile": "git://github.com/puppetlabs/puppetlabs-inifile" - "qpid": "git://github.com/dprince/puppet-qpid.git" - 'postgresql': - repo: "git://github.com/puppetlabs/puppet-postgresql.git" - ref: 'origin/4.1.x' - symlinks: - "dcorch": "#{source_dir}" diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Gemfile b/puppet-modules-wrs/puppet-dcorch/src/dcorch/Gemfile deleted file mode 100644 index 89f2e1b25d..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Gemfile +++ /dev/null @@ -1,14 +0,0 @@ -source 'https://rubygems.org' - -group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', '~> 0.3.2' -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/LICENSE b/puppet-modules-wrs/puppet-dcorch/src/dcorch/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Modulefile b/puppet-modules-wrs/puppet-dcorch/src/dcorch/Modulefile deleted file mode 100644 index 9caeace494..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Modulefile +++ /dev/null @@ -1,14 +0,0 @@ -name 'puppetlabs-dcorch' -version '2.1.0' -source 'https://github.com/stackforge/puppet-dcorch' -author 'Puppet Labs' -license 'Apache License 2.0' -summary 'Puppet Labs dcorch Module' -description 'Puppet module to install and configure the dcorch platform service' -project_page 'https://launchpad.net/puppet-openstack' - -dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0' -dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0' -dependency 'puppetlabs/stdlib', '>=2.5.0' -dependency 'puppetlabs/rabbitmq', '>=2.0.2 <3.0.0' -dependency 'dprince/qpid', '>=1.0.0 <2.0.0' diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Rakefile b/puppet-modules-wrs/puppet-dcorch/src/dcorch/Rakefile deleted file mode 100644 index 4c2b2ed07e..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/Rakefile +++ /dev/null @@ -1,6 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_api_paste_ini/ini_setting.rb b/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_api_paste_ini/ini_setting.rb deleted file mode 100644 index c346236acc..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_api_paste_ini/ini_setting.rb +++ /dev/null @@ -1,37 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.type(:dcorch_api_paste_ini).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/dcorch/api-paste.ini' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_config/ini_setting.rb b/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_config/ini_setting.rb deleted file mode 100644 index 932e4f5288..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/provider/dcorch_config/ini_setting.rb +++ /dev/null @@ -1,37 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.type(:dcorch_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/dcorch/dcorch.conf' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_api_paste_ini.rb b/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_api_paste_ini.rb deleted file mode 100644 index 267e9b629f..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_api_paste_ini.rb +++ /dev/null @@ -1,52 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.newtype(:dcorch_api_paste_ini) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/dcorch/api-paste.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_config.rb b/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_config.rb deleted file mode 100644 index ba86d1f52e..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/lib/puppet/type/dcorch_config.rb +++ /dev/null @@ -1,52 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -Puppet::Type.newtype(:dcorch_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/dcorch/dcorch.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/api_proxy.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/api_proxy.pp deleted file mode 100644 index 5fbca812a5..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/api_proxy.pp +++ /dev/null @@ -1,198 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# == Class: dcorch::api_proxy -# -# Setup and configure the dcorch API endpoint -# -# === Parameters -# -# [*keystone_password*] -# The password to use for authentication (keystone) -# -# [*keystone_enabled*] -# (optional) Use keystone for authentification -# Defaults to true -# -# [*keystone_tenant*] -# (optional) The tenant of the auth user -# Defaults to services -# -# [*keystone_user*] -# (optional) The name of the auth user -# Defaults to dcorch -# -# [*keystone_auth_host*] -# (optional) The keystone host -# Defaults to localhost -# -# [*keystone_auth_port*] -# (optional) The keystone auth port -# Defaults to 5000 -# -# [*keystone_auth_protocol*] -# (optional) The protocol used to access the auth host -# Defaults to http. -# -# [*keystone_auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:5000/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# -# [*keystone_user_domain*] -# (Optional) domain name for auth user. -# Defaults to 'Default'. -# -# [*keystone_project_domain*] -# (Optional) domain name for auth project. -# Defaults to 'Default'. -# -# [*auth_type*] -# (Optional) Authentication type to load. -# Defaults to 'password'. -# -# [*service_port*] -# (optional) The dcorch api port -# Defaults to 5000 -# -# [*package_ensure*] -# (optional) The state of the package -# Defaults to present -# -# [*bind_host*] -# (optional) The dcorch api bind address -# Defaults to 0.0.0.0 -# -# [*pxeboot_host*] -# (optional) The dcorch api pxeboot address -# Defaults to undef -# -# [*enabled*] -# (optional) The state of the service -# Defaults to true -# -class dcorch::api_proxy ( - $keystone_password, - $keystone_admin_password, - $keystone_admin_user = 'admin', - $keystone_admin_tenant = 'admin', - $keystone_enabled = true, - $keystone_tenant = 'services', - $keystone_user = 'dcorch', - $keystone_auth_host = 'localhost', - $keystone_auth_port = '5000', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $keystone_auth_uri = false, - $keystone_auth_version = false, - $keystone_identity_uri = false, - $keystone_user_domain = 'Default', - $keystone_project_domain = 'Default', - $auth_type = 'password', - $service_port = '5000', - $package_ensure = 'latest', - $bind_host = '0.0.0.0', - $enabled = false, - $sync_db = false, -) { - - include dcorch::params - include dcorch::deps - - if $::dcorch::params::api_package { - package { 'dcorch': - ensure => $package_ensure, - name => $::dcorch::params::api_proxy_package, - tag => 'dcorch-package', - } - } - - dcorch_config { - 'DEFAULT/bind_host': value => $bind_host; - } - - - if $keystone_identity_uri { - dcorch_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } - dcorch_config { 'cache/auth_uri': value => "${keystone_identity_uri}/v3"; } - } else { - dcorch_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; } - } - - if $keystone_auth_uri { - dcorch_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } - } else { - dcorch_config { - 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; - } - } - - if $keystone_auth_version { - dcorch_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } - } else { - dcorch_config { 'keystone_authtoken/auth_version': ensure => absent; } - } - - if $keystone_enabled { - dcorch_config { - 'DEFAULT/auth_strategy': value => 'keystone' ; - } - dcorch_config { - 'keystone_authtoken/auth_type': value => $auth_type; - 'keystone_authtoken/project_name': value => $keystone_tenant; - 'keystone_authtoken/username': value => $keystone_user; - 'keystone_authtoken/password': value => $keystone_password, secret=> true; - 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; - 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; - } - dcorch_config { - 'cache/admin_tenant': value => $keystone_admin_tenant; - 'cache/admin_username': value => $keystone_admin_user; - 'cache/admin_password': value => $keystone_admin_password, secret=> true; - } - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - dcorch_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - dcorch_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - } - else - { - dcorch_config { - 'DEFAULT/auth_strategy': value => 'noauth' ; - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcorch-api-proxy': - ensure => $ensure, - name => $::dcorch::params::api_proxy_service, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'dcorch-service', - } - Keystone_endpoint<||> -> Service['dcorch-api-proxy'] - - if $sync_db { - include ::dcorch::db::sync - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/client.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/client.pp deleted file mode 100644 index 88813d3741..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/client.pp +++ /dev/null @@ -1,33 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# -# - -# == Class: dcorch::client -# -# Installs dcorch python client. -# -# === Parameters -# -# [*ensure*] -# Ensure state for package. Defaults to 'present'. -# -class dcorch::client( - $package_ensure = 'present' -) { - - include dcorch::params - include dcorch::deps - - package { 'dcorchclient': - ensure => $package_ensure, - name => $::dcorch::params::client_package, - tag => 'dcorch-package', - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/postgresql.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/postgresql.pp deleted file mode 100644 index 65c63a489a..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/postgresql.pp +++ /dev/null @@ -1,56 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -# Class that configures postgresql for dcorch -# -# Requires the Puppetlabs postgresql module. -# === Parameters -# -# [*password*] -# (Required) Password to connect to the database. -# -# [*dbname*] -# (Optional) Name of the database. -# Defaults to 'dcorch'. -# -# [*user*] -# (Optional) User to connect to the database. -# Defaults to 'dcorch'. -# -# [*encoding*] -# (Optional) The charset to use for the database. -# Default to undef. -# -# [*privileges*] -# (Optional) Privileges given to the database user. -# Default to 'ALL' -# -class dcorch::db::postgresql( - $password, - $dbname = 'dcorch', - $user = 'dcorch', - $encoding = undef, - $privileges = 'ALL', -) { - - include dcorch::deps - - ::openstacklib::db::postgresql { 'dcorch': - password_hash => postgresql_password($user, $password), - dbname => $dbname, - user => $user, - encoding => $encoding, - privileges => $privileges, - } - - Anchor['dcorch::db::begin'] - ~> Class['dcorch::db::postgresql'] - ~> Anchor['dcorch::db::end'] -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/sync.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/sync.pp deleted file mode 100644 index 2fd1942566..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/db/sync.pp +++ /dev/null @@ -1,31 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - -class dcorch::db::sync { - - include dcorch::params - include dcorch::deps - - exec { 'dcorch-dbsync': - command => $::dcorch::params::db_sync_command, - path => '/usr/bin', - refreshonly => true, - logoutput => 'on_failure', - subscribe => [ - Anchor['dcorch::install::end'], - Anchor['dcorch::config::end'], - Anchor['dcorch::db::end'], - Anchor['dcorch::dbsync::begin'] - ], - notify => Anchor['dcorch::dbsync::end'], - # Only do the db sync if both controllers are running the same software - # version. Avoids impacting mate controller during an upgrade. - onlyif => "test ${::controller_sw_versions_match} = true", - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/deps.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/deps.pp deleted file mode 100644 index 1d11d23d8e..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/deps.pp +++ /dev/null @@ -1,29 +0,0 @@ -# == Class: dcorch::deps -# -# dcorch anchors and dependency management -# -class dcorch::deps { - anchor { 'dcorch::install::begin': } - -> Package<| tag == 'dcorch-package'|> - ~> anchor { 'dcorch::install::end': } - -> anchor { 'dcorch::config::begin': } - -> Dcorch_config<||> - ~> anchor { 'dcorch::config::end': } - -> anchor { 'dcorch::db::begin': } - -> anchor { 'dcorch::db::end': } - ~> anchor { 'dcorch::dbsync::begin': } - -> anchor { 'dcorch::dbsync::end': } - ~> anchor { 'dcorch::service::begin': } - ~> Service<| tag == 'dcorch-service' |> - ~> anchor { 'dcorch::service::end': } - - Anchor['dcorch::config::begin'] - -> Dcorch_api_paste_ini<||> - ~> Anchor['dcorch::config::end'] - - Oslo::Db<||> -> Anchor['dcorch::dbsync::begin'] - - # Installation or config changes will always restart services. - Anchor['dcorch::install::end'] ~> Anchor['dcorch::service::begin'] - Anchor['dcorch::config::end'] ~> Anchor['dcorch::service::begin'] -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/engine.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/engine.pp deleted file mode 100644 index 96808e5cf5..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/engine.pp +++ /dev/null @@ -1,41 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -class dcorch::engine ( - $package_ensure = 'latest', - $enabled = false -) { - - include dcorch::params - include dcorch::deps - - if $::dcorch::params::engine_package { - package { 'dcorch-engine': - ensure => $package_ensure, - name => $::dcorch::params::engine_package, - tag => 'dcorch-package', - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcorch-engine': - ensure => $ensure, - name => $::dcorch::params::engine_service, - enable => $enabled, - hasstatus => false, - tag => 'dcorch-service', - } - -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/init.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/init.pp deleted file mode 100644 index 95167e61e4..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/init.pp +++ /dev/null @@ -1,168 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -# -# == Parameters -# -# [use_syslog] -# Use syslog for logging. -# (Optional) Defaults to false. -# -# [log_facility] -# Syslog facility to receive log lines. -# (Optional) Defaults to LOG_USER. - -class dcorch ( - $database_connection = '', - $database_idle_timeout = 3600, - $database_max_pool_size = 5, - $database_max_overflow = 10, - $control_exchange = 'openstack', - $rabbit_host = '127.0.0.1', - $rabbit_port = 5672, - $rabbit_hosts = false, - $rabbit_virtual_host = '/', - $rabbit_userid = 'guest', - $rabbit_password = false, - $package_ensure = 'present', - $api_paste_config = '/etc/dcorch/api-paste.ini', - $use_stderr = false, - $log_file = 'dcorch.log', - $log_dir = '/var/log/dcorch', - $use_syslog = false, - $log_facility = 'LOG_USER', - $verbose = false, - $debug = false, - $dcorch_api_port = 8118, - $dcorch_mtc_inv_label = '/v1/', - $region_name = 'RegionOne', - $proxy_bind_host = '0.0.0.0', - $proxy_remote_host = '127.0.0.1', - $compute_bind_port = 28774, - $compute_remote_port = 18774, - $platform_bind_port = 26385, - $platform_remote_port = 6385, - $volumev2_bind_port = 28776, - $volumev2_remote_port = 8776, - $network_bind_port = 29696, - $network_remote_port = 9696, - $patching_bind_port = 25491, - $patching_remote_port = 5491, - $identity_bind_port = 25000, - $identity_remote_port = 5000, -) { - - include dcorch::params - include dcorch::deps - - # this anchor is used to simplify the graph between dcorch components by - # allowing a resource to serve as a point where the configuration of dcorch begins - anchor { 'dcorch-start': } - - package { 'dcorch': - ensure => $package_ensure, - name => $::dcorch::params::package_name, - require => Anchor['dcorch-start'], - tag => 'dcorch-package', - } - - file { $::dcorch::params::dcorch_conf: - ensure => present, - mode => '0640', - owner => 'dcorch', - group => 'dcorch', - require => Package['dcorch'], - } - - file { $::dcorch::params::dcorch_paste_api_ini: - ensure => present, - mode => '0640', - owner => 'dcorch', - group => 'dcorch', - require => Package['dcorch'], - } - - dcorch_config { - 'DEFAULT/transport_url': value => $::platform::amqp::params::transport_url; - } - - dcorch_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; - 'DEFAULT/api_paste_config': value => $api_paste_config; - } - - # Automatically add psycopg2 driver to postgresql (only does this if it is missing) - $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') - - dcorch_config { - 'database/connection': value => $real_connection, secret => true; - 'database/connection_recycle_time': value => $database_idle_timeout; - 'database/max_pool_size': value => $database_max_pool_size; - 'database/max_overflow': value => $database_max_overflow; - } - - if $use_syslog { - dcorch_config { - 'DEFAULT/use_syslog': value => true; - 'DEFAULT/syslog_log_facility': value => $log_facility; - } - } else { - dcorch_config { - 'DEFAULT/use_syslog': value => false; - 'DEFAULT/use_stderr': value => false; - 'DEFAULT/log_file' : value => $log_file; - 'DEFAULT/log_dir' : value => $log_dir; - } - } - - dcorch_config { - 'keystone_authtoken/region_name': value => $region_name; - } - dcorch_config { - 'compute/bind_host' : value => $proxy_bind_host; - 'compute/bind_port' : value => $compute_bind_port; - 'compute/remote_host' : value => $proxy_remote_host; - 'compute/remote_port' : value => $compute_remote_port; - - 'platform/bind_host' : value => $proxy_bind_host; - 'platform/bind_port' : value => $platform_bind_port; - 'platform/remote_host' : value => $proxy_remote_host; - 'platform/remote_port' : value => $platform_remote_port; - - 'volume/bind_host' : value => $proxy_bind_host; - 'volume/bind_port' : value => $volumev2_bind_port; - 'volume/remote_host' : value => $proxy_remote_host; - 'volume/remote_port' : value => $volumev2_remote_port; - - 'network/bind_host' : value => $proxy_bind_host; - 'network/bind_port' : value => $network_bind_port; - 'network/remote_host' : value => $proxy_remote_host; - 'network/remote_port' : value => $network_remote_port; - - 'patching/bind_host' : value => $proxy_bind_host; - 'patching/bind_port' : value => $patching_bind_port; - 'patching/remote_host' : value => '0.0.0.0'; - 'patching/remote_port' : value => $patching_remote_port; - - 'identity/bind_host' : value => $proxy_bind_host; - 'identity/bind_port' : value => $identity_bind_port; - 'identity/remote_host' : value => $proxy_remote_host; - 'identity/remote_port' : value => $identity_remote_port; - } - - dcorch_api_paste_ini { - 'pipeline:dcorch-api-proxy/pipeline': value => 'filter authtoken acceptor proxyapp'; - 'filter:filter/paste.filter_factory': value => 'dcorch.api.proxy.apps.filter:ApiFiller.factory'; - 'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory'; - 'filter:acceptor/paste.filter_factory': value => 'dcorch.api.proxy.apps.acceptor:Acceptor.factory'; - 'app:proxyapp/paste.app_factory': value => 'dcorch.api.proxy.apps.proxy:Proxy.factory'; - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/keystone/auth.pp deleted file mode 100644 index 8e74ec7bea..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/keystone/auth.pp +++ /dev/null @@ -1,94 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# DEC 2017: creation (sysinv base) -# - -# == Class: dcorch::keystone::auth -# -# Configures dcorch user, service and endpoint in Keystone. -# -class dcorch::keystone::auth ( - $password, - $auth_name = 'dcorch', - $email = 'dcorch@localhost', - $tenant = 'services', - $region = 'SystemController', - $service_description = 'DcOrchService', - $service_name = 'dcorch', - $service_type = 'dcorch', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:8118/v1.0', - $admin_url = 'http://127.0.0.1:8118/v1.0', - $internal_url = 'http://127.0.0.1:8118/v1.0', - - $neutron_proxy_internal_url = 'http://127.0.0.1:29696', - $nova_proxy_internal_url = 'http://127.0.0.1:28774/v2.1', - $sysinv_proxy_internal_url = 'http://127.0.0.1:26385/v1', - $cinder_proxy_internal_url_v2 = 'http://127.0.0.1:28776/v2/%(tenant_id)s', - $cinder_proxy_internal_url_v3 = 'http://127.0.0.1:28776/v3/%(tenant_id)s', - $patching_proxy_internal_url = 'http://127.0.0.1:25491', - $identity_proxy_internal_url = 'http://127.0.0.1:25000/v3', - - $neutron_proxy_public_url = 'http://127.0.0.1:29696', - $nova_proxy_public_url = 'http://127.0.0.1:28774/v2.1', - $sysinv_proxy_public_url = 'http://127.0.0.1:26385/v1', - $cinder_proxy_public_url_v2 = 'http://127.0.0.1:28776/v2/%(tenant_id)s', - $cinder_proxy_public_url_v3 = 'http://127.0.0.1:28776/v3/%(tenant_id)s', - $patching_proxy_public_url = 'http://127.0.0.1:25491', - $identity_proxy_public_url = 'http://127.0.0.1:25000/v3', -) { - if $::platform::params::distributed_cloud_role =='systemcontroller' { - keystone::resource::service_identity { 'dcorch': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => false, - service_type => $service_type, - service_description => $service_description, - service_name => $service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } - - keystone_endpoint { "${region}/sysinv::platform" : - ensure => 'present', - name => 'sysinv', - type => 'platform', - region => $region, - public_url => $sysinv_proxy_public_url, - admin_url => $sysinv_proxy_internal_url, - internal_url => $sysinv_proxy_internal_url - } - - keystone_endpoint { "${region}/patching::patching" : - ensure => 'present', - name => 'patching', - type => 'patching', - region => $region, - public_url => $patching_proxy_public_url, - admin_url => $patching_proxy_internal_url, - internal_url => $patching_proxy_internal_url - } - keystone_endpoint { "${region}/keystone::identity" : - ensure => 'present', - name => 'keystone', - type => 'identity', - region => $region, - public_url => $identity_proxy_public_url, - admin_url => $identity_proxy_internal_url, - internal_url => $identity_proxy_internal_url - } - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/params.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/params.pp deleted file mode 100644 index 76d5fa1f70..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/params.pp +++ /dev/null @@ -1,62 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# - -class dcorch::params { - - $dcorch_dir = '/etc/dcorch' - $dcorch_conf = '/etc/dcorch/dcorch.conf' - $dcorch_paste_api_ini = '/etc/dcorch/api-paste.ini' - - if $::osfamily == 'Debian' { - $package_name = 'distributedcloud-dcorch' - $client_package = 'distributedcloud-client-dcorchclient' - $api_package = 'distributedcloud-dcorch' - $api_service = 'dcorch-api' - $engine_package = 'distributedcloud-dcorch' - $engine_service = 'dcorch-engine' - $snmp_package = 'distributedcloud-dcorch' - $snmp_service = 'dcorch-snmp' - $api_proxy_package = 'distributedcloud-dcorch' - $api_proxy_service = 'dcorch-api-proxy' - - $db_sync_command = 'dcorch-manage db_sync' - - } elsif($::osfamily == 'RedHat') { - - $package_name = 'distributedcloud-dcorch' - $client_package = 'distributedcloud-client-dcorchclient' - $api_package = false - $api_service = 'dcorch-api' - $engine_package = false - $engine_service = 'dcorch-engine' - $snmp_package = false - $snmp_service = 'dcorch-snmp' - $api_proxy_package = false - $api_proxy_service = 'dcorch-api-proxy' - - $db_sync_command = 'dcorch-manage db_sync' - - } elsif($::osfamily == 'WRLinux') { - - $package_name = 'dcorch' - $client_package = 'distributedcloud-client-dcorchclient' - $api_package = false - $api_service = 'dcorch-api' - $snmp_package = false - $snmp_service = 'dcorch-snmp' - $engine_package = false - $engine_service = 'dcorch-engine' - $api_proxy_package = false - $api_proxy_service = 'dcorch-api-proxy' - $db_sync_command = 'dcorch-manage db_sync' - - } else { - fail("unsuported osfamily ${::osfamily}, currently WindRiver, Debian, Redhat are the only supported platforms") - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/rabbitmq.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/rabbitmq.pp deleted file mode 100644 index d52cef6c85..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/rabbitmq.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017: creation -lplant -# -# class for installing rabbitmq server for dcorch -# -# -class dcorch::rabbitmq( - $userid = 'guest', - $password = 'guest', - $port = '5672', - $virtual_host = '/', - $enabled = true -) { - - # only configure dcorch after the queue is up - Class['rabbitmq::service'] -> Anchor<| title == 'dcorch-start' |> - - if ($enabled) { - if $userid == 'guest' { - $delete_guest_user = false - } else { - $delete_guest_user = true - rabbitmq_user { $userid: - admin => true, - password => $password, - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - # I need to figure out the appropriate permissions - rabbitmq_user_permissions { "${userid}@${virtual_host}": - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - }->Anchor<| title == 'dcorch-start' |> - } - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' - } - - class { '::rabbitmq::server': - service_ensure => $service_ensure, - port => $port, - delete_guest_user => $delete_guest_user, - } - - if ($enabled) { - rabbitmq_vhost { $virtual_host: - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - } -} diff --git a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/snmp.pp b/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/snmp.pp deleted file mode 100644 index f82a57c060..0000000000 --- a/puppet-modules-wrs/puppet-dcorch/src/dcorch/manifests/snmp.pp +++ /dev/null @@ -1,47 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Dec 2017 Creation based off puppet-sysinv -# - -class dcorch::snmp ( - $package_ensure = 'latest', - $enabled = false, - $bind_host = '0.0.0.0', - $com_str = 'dcorchAlarmAggregator' -) { - - include dcorch::params - include dcorch::deps - - if $::dcorch::params::snmp_package { - package { 'dcorch-snmp': - ensure => $package_ensure, - name => $::dcorch::params::snmp_package, - tag => 'dcorch-package', - } - } - dcorch_config { - 'snmp/snmp_ip': value => $bind_host; - 'snmp/snmp_comm_str': value => $com_str; - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'dcorch-snmp': - ensure => $ensure, - name => $::dcorch::params::snmp_service, - enable => $enabled, - hasstatus => false, - tag => 'dcorch-service', - } - -} diff --git a/puppet-modules-wrs/puppet-fm/PKG_INFO b/puppet-modules-wrs/puppet-fm/PKG_INFO deleted file mode 100644 index 285a5ae046..0000000000 --- a/puppet-modules-wrs/puppet-fm/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-fm -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-fm/centos/build_srpm.data b/puppet-modules-wrs/puppet-fm/centos/build_srpm.data deleted file mode 100644 index 3f8ebcf32e..0000000000 --- a/puppet-modules-wrs/puppet-fm/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-fm/centos/puppet-fm.spec b/puppet-modules-wrs/puppet-fm/centos/puppet-fm.spec deleted file mode 100644 index 288367ecdd..0000000000 --- a/puppet-modules-wrs/puppet-fm/centos/puppet-fm.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir fm - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet FM module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for Fault Management - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-fm/src/LICENSE b/puppet-modules-wrs/puppet-fm/src/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-fm/src/Makefile b/puppet-modules-wrs/puppet-fm/src/Makefile deleted file mode 100644 index b7295f8095..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/fm - cp -R fm/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_api_paste_ini/ini_setting.rb b/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_api_paste_ini/ini_setting.rb deleted file mode 100644 index 0f6a0088f1..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_api_paste_ini/ini_setting.rb +++ /dev/null @@ -1,27 +0,0 @@ -Puppet::Type.type(:fm_api_paste_ini).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/fm/api-paste.ini' - end - - # this needs to be removed. This has been replaced with the class method - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_config/ini_setting.rb b/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_config/ini_setting.rb deleted file mode 100644 index f00b4851d4..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/provider/fm_config/ini_setting.rb +++ /dev/null @@ -1,10 +0,0 @@ -Puppet::Type.type(:fm_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:openstack_config).provider(:ini_setting) -) do - - def self.file_path - '/etc/fm/fm.conf' - end - -end diff --git a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_api_paste_ini.rb b/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_api_paste_ini.rb deleted file mode 100644 index 0df981e0c6..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_api_paste_ini.rb +++ /dev/null @@ -1,43 +0,0 @@ -Puppet::Type.newtype(:fm_api_paste_ini) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/fm/api_paste.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end - diff --git a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_config.rb b/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_config.rb deleted file mode 100644 index e4ad3a832a..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/lib/puppet/type/fm_config.rb +++ /dev/null @@ -1,51 +0,0 @@ -Puppet::Type.newtype(:fm_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from fm.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - newvalues(/^[\S ]*$/) - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - newvalues(:true, :false) - defaultto false - end - - newparam(:ensure_absent_val) do - desc 'A value that is specified as the value property will behave as if ensure => absent was specified' - defaultto('') - end - - autorequire(:package) do - 'fm-rest-api' - end - -end diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/api.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/api.pp deleted file mode 100644 index 470f431efe..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/api.pp +++ /dev/null @@ -1,109 +0,0 @@ -# Installs & configure the fm api service -# -# == Parameters -# -# [*enabled*] -# (optional) Should the service be enabled. -# Defaults to true -# -# [*manage_service*] -# (optional) Whether the service should be managed by Puppet. -# Defaults to true. -# -# [*host*] -# (optional) The fm api bind address. -# Defaults to 0.0.0.0 -# -# [*port*] -# (optional) The fm api port. -# Defaults to 18002 -# -# [*package_ensure*] -# (optional) ensure state for package. -# Defaults to 'present' -# -# [*service_name*] -# (optional) Name of the service that will be providing the -# server functionality of fm-api. -# -# [*sync_db*] -# (optional) Run fm-dbsync on api nodes after installing the package. -# Defaults to false -# -# [*auth_strategy*] -# (optional) Type of authentication to be used. -# Defaults to 'keystone' -# -# [*enable_proxy_headers_parsing*] -# (Optional) Enable paste middleware to handle SSL requests through -# HTTPProxyToWSGI middleware. -# Defaults to $::os_service_default. -# -# [*paste_config*] -# (Optional) Configuration file for WSGI definition of API -# Defaults to $::os_service_default. -# -class fm::api ( - $manage_service = true, - $enabled = true, - $package_ensure = 'present', - $host = '0.0.0.0', - $port = '18002', - $workers = 1, - $service_name = $::fm::params::api_service, - $sync_db = false, - $auth_strategy = 'keystone', - $enable_proxy_headers_parsing = $::os_service_default, - $paste_config = '/etc/fm/api-paste.ini', -) inherits fm::params { - - - include ::fm::deps - include ::fm::params - - if $auth_strategy == 'keystone' { - include ::fm::keystone::authtoken - } - - package { 'fm-api': - ensure => $package_ensure, - name => $::fm::params::api_package, - tag => 'fm-package', - } - - if $manage_service { - if $enabled { - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' - } - } - - if $sync_db { - include ::fm::db::sync - } - - if $service_name == $::fm::params::api_service { - service { 'fm-api': - ensure => $service_ensure, - name => $::fm::params::api_service, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'fm-service', - } - } else { - fail('Invalid service_name. fm-api for running as a standalone service') - } - - fm_config { - 'api/bind_host': value => $host; - 'api/bind_port': value => $port; - 'api/api_workers': value => $workers; - 'api/api_paste_config': value => $paste_config; - } - - oslo::middleware { 'fm_config': - enable_proxy_headers_parsing => $enable_proxy_headers_parsing, - } -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/client.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/client.pp deleted file mode 100644 index 1267012bee..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/client.pp +++ /dev/null @@ -1,22 +0,0 @@ -# -# Installs the fm python client. -# -# == parameters -# [*ensure*] -# (optional) Ensure state of the package. -# Defaults to 'present'. -# -class fm::client ( - $ensure = 'present' -) { - - include ::fm::deps - include ::fm::params - - package { 'fmclient': - ensure => $ensure, - name => $::fm::params::client_package, - tag => 'fmclient', - } -} - diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/db.pp deleted file mode 100644 index f82d7c1df8..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db.pp +++ /dev/null @@ -1,78 +0,0 @@ -# == Class: fm::db -# -# Configure the fm database -# -# === Parameters -# -# [*database_db_max_retries*] -# (optional) Maximum retries in case of connection error or deadlock error -# before error is raised. Set to -1 to specify an infinite retry count. -# Defaults to $::os_service_default -# -# [*database_connection*] -# Url used to connect to database. -# (Optional) Defaults to "sqlite:////var/lib/fm/fm.sqlite". -# -# [*database_idle_timeout*] -# Timeout when db connections should be reaped. -# (Optional) Defaults to $::os_service_default. -# -# [*database_min_pool_size*] -# Minimum number of SQL connections to keep open in a pool. -# (Optional) Defaults to $::os_service_default. -# -# [*database_max_pool_size*] -# Maximum number of SQL connections to keep open in a pool. -# (Optional) Defaults to $::os_service_default. -# -# [*database_max_retries*] -# Maximum number of database connection retries during startup. -# Setting -1 implies an infinite retry count. -# (Optional) Defaults to $::os_service_default. -# -# [*database_retry_interval*] -# Interval between retries of opening a database connection. -# (Optional) Defaults to $::os_service_default. -# -# [*database_max_overflow*] -# If set, use this value for max_overflow with sqlalchemy. -# (Optional) Defaults to $::os_service_default. -# -class fm::db ( - $database_db_max_retries = $::os_service_default, - $database_connection = 'sqlite:////var/lib/fm/fm.sqlite', - $database_idle_timeout = $::os_service_default, - $database_min_pool_size = $::os_service_default, - $database_max_pool_size = $::os_service_default, - $database_max_retries = $::os_service_default, - $database_retry_interval = $::os_service_default, - $database_max_overflow = $::os_service_default, -) { - - include ::fm::deps - - $database_connection_real = pick($::fm::database_connection, $database_connection) - $database_idle_timeout_real = pick($::fm::database_idle_timeout, $database_idle_timeout) - $database_min_pool_size_real = pick($::fm::database_min_pool_size, $database_min_pool_size) - $database_max_pool_size_real = pick($::fm::database_max_pool_size, $database_max_pool_size) - $database_max_retries_real = pick($::fm::database_max_retries, $database_max_retries) - $database_retry_interval_real = pick($::fm::database_retry_interval, $database_retry_interval) - $database_max_overflow_real = pick($::fm::database_max_overflow, $database_max_overflow) - - oslo::db { 'fm_config': - db_max_retries => $database_db_max_retries, - connection => $database_connection_real, - idle_timeout => $database_idle_timeout_real, - min_pool_size => $database_min_pool_size_real, - max_pool_size => $database_max_pool_size_real, - max_retries => $database_max_retries_real, - retry_interval => $database_retry_interval_real, - max_overflow => $database_max_overflow_real, - } - - # set up the connection string for FM Manager - $sql_connection = regsubst($database_connection_real,'^postgresql+psycopg2:','postgresql:') - fm_config { - 'DEFAULT/sql_connection': value => $sql_connection; - } -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/mysql.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/mysql.pp deleted file mode 100644 index cbe0349754..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/mysql.pp +++ /dev/null @@ -1,75 +0,0 @@ -# The fm::db::mysql class implements mysql backend for fm -# -# This class can be used to create tables, users and grant -# privileges for a mysql fm database. -# -# == parameters -# -# [*password*] -# (Mandatory) Password to connect to the database. -# Defaults to 'false'. -# -# [*dbname*] -# (Optional) Name of the database. -# Defaults to 'fm'. -# -# [*user*] -# (Optional) User to connect to the database. -# Defaults to 'fm'. -# -# [*host*] -# (Optional) The default source host user is allowed to connect from. -# Defaults to '127.0.0.1' -# -# [*allowed_hosts*] -# (Optional) Other hosts the user is allowed to connect from. -# Defaults to 'undef'. -# -# [*charset*] -# (Optional) The database charset. -# Defaults to 'utf8' -# -# [*collate*] -# (Optional) The database collate. -# Only used with mysql modules >= 2.2. -# Defaults to 'utf8_general_ci' -# -# == Dependencies -# Class['mysql::server'] -# -# == Examples -# -# == Authors -# -# == Copyright -# -class fm::db::mysql( - $password, - $dbname = 'fm', - $user = 'fm', - $host = '127.0.0.1', - $charset = 'utf8', - $collate = 'utf8_general_ci', - $allowed_hosts = undef -) { - - #include ::fm::deps - - validate_string($password) - - ::openstacklib::db::mysql { 'fm': - user => $user, - password_hash => mysql_password($password), - dbname => $dbname, - host => $host, - charset => $charset, - collate => $collate, - allowed_hosts => $allowed_hosts, - } - - Anchor['fm::db::begin'] - ~> Class['fm::db::mysql'] - ~> Anchor['fm::db::end'] - -} - diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/postgresql.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/postgresql.pp deleted file mode 100644 index 26c272620a..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/postgresql.pp +++ /dev/null @@ -1,57 +0,0 @@ -# == Class: fm::db::postgresql -# -# Class that configures postgresql for fm -# Requires the Puppetlabs postgresql module. -# -# === Parameters -# -# [*password*] -# (Required) Password to connect to the database. -# -# [*dbname*] -# (Optional) Name of the database. -# Defaults to 'fm'. -# -# [*user*] -# (Optional) User to connect to the database. -# Defaults to 'fm'. -# -# [*encoding*] -# (Optional) The charset to use for the database. -# Default to undef. -# -# [*privileges*] -# (Optional) Privileges given to the database user. -# Default to 'ALL' -# -# == Dependencies -# -# == Examples -# -# == Authors -# -# == Copyright -# -class fm::db::postgresql( - $password, - $dbname = 'fm', - $user = 'fm', - $encoding = undef, - $privileges = 'ALL', -) { - - include ::fm::deps - - ::openstacklib::db::postgresql { 'fm': - password_hash => postgresql_password($user, $password), - dbname => $dbname, - user => $user, - encoding => $encoding, - privileges => $privileges, - } - - Anchor['fm::db::begin'] - ~> Class['fm::db::postgresql'] - ~> Anchor['fm::db::end'] - -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/sync.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/sync.pp deleted file mode 100644 index e2fdbcd4b4..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/db/sync.pp +++ /dev/null @@ -1,30 +0,0 @@ -# -# Class to execute "fm-dbsync" -# -# [*user*] -# (optional) User to run dbsync command. -# Defaults to 'fm' -# -class fm::db::sync ( - $user = 'fm', -){ - - include ::fm::deps - - exec { 'fm-db-sync': - command => 'fm-dbsync --config-file /etc/fm/fm.conf', - path => '/usr/bin', - refreshonly => true, - user => $user, - try_sleep => 5, - tries => 10, - logoutput => on_failure, - subscribe => [ - Anchor['fm::install::end'], - Anchor['fm::config::end'], - Anchor['fm::dbsync::begin'] - ], - notify => Anchor['fm::dbsync::end'], - } - -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/deps.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/deps.pp deleted file mode 100644 index ea7af7f136..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/deps.pp +++ /dev/null @@ -1,40 +0,0 @@ -# == Class: fm::deps -# -# FM anchors and dependency management -# -class fm::deps { - # Setup anchors for install, config and service phases of the module. These - # anchors allow external modules to hook the begin and end of any of these - # phases. Package or service management can also be replaced by ensuring the - # package is absent or turning off service management and having the - # replacement depend on the appropriate anchors. When applicable, end tags - # should be notified so that subscribers can determine if installation, - # config or service state changed and act on that if needed. - anchor { 'fm::install::begin': } - -> Package<| tag == 'fm-package'|> - ~> anchor { 'fm::install::end': } - -> anchor { 'fm::config::begin': } - -> Fm_config<||> - ~> anchor { 'fm::config::end': } - -> anchor { 'fm::db::begin': } - -> anchor { 'fm::db::end': } - ~> anchor { 'fm::dbsync::begin': } - -> anchor { 'fm::dbsync::end': } - ~> anchor { 'fm::service::begin': } - ~> Service<| tag == 'fm-service' |> - ~> anchor { 'fm::service::end': } - - # api paste ini config should occur in the config block also. - Anchor['fm::config::begin'] - -> Fm_api_paste_ini<||> - ~> Anchor['fm::config::end'] - - # all db settings should be applied and all packages should be installed - # before dbsync starts - Oslo::Db<||> -> Anchor['fm::dbsync::begin'] - - # Installation or config changes will always restart services. - Anchor['fm::install::end'] ~> Anchor['fm::service::begin'] - Anchor['fm::config::end'] ~> Anchor['fm::service::begin'] -} - diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/init.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/init.pp deleted file mode 100644 index 2f63292b8c..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/init.pp +++ /dev/null @@ -1,116 +0,0 @@ -# == Class: fm -# -# Full description of class fm here. -# -# === Parameters -# -# [*package_ensure*] -# (optional) The state of fm packages -# Defaults to 'present' -# -# [*log_dir*] -# (optional) Directory where logs should be stored. -# If set to boolean false or the $::os_service_default, it will not log to -# any directory. -# Defaults to undef. -# -# [*debug*] -# (optional) Set log output to debug output. -# Defaults to undef -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to undef -# -# [*use_stderr*] -# (optional) Use stderr for logging -# Defaults to undef -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines. -# Defaults to undef -# -# [*database_connection*] -# (optional) Connection url for the fm database. -# Defaults to undef. -# -# [*database_max_retries*] -# (optional) Maximum database connection retries during startup. -# Defaults to undef. -# -# [*database_idle_timeout*] -# (optional) Timeout before idle database connections are reaped. -# Defaults to undef. -# -# [*database_retry_interval*] -# (optional) Interval between retries of opening a database connection. -# Defaults to undef. -# -# [*database_min_pool_size*] -# (optional) Minimum number of SQL connections to keep open in a pool. -# Defaults to undef. -# -# [*database_max_pool_size*] -# (optional) Maximum number of SQL connections to keep open in a pool. -# Defaults to undef. -# -# [*database_max_overflow*] -# (optional) If set, use this value for max_overflow with sqlalchemy. -# Defaults to: undef. -# -class fm ( - $package_ensure = 'present', - $debug = undef, - $use_syslog = undef, - $use_stderr = undef, - $log_facility = undef, - $log_dir = undef, - $database_connection = undef, - $database_idle_timeout = undef, - $database_min_pool_size = undef, - $database_max_pool_size = undef, - $database_max_retries = undef, - $database_retry_interval = undef, - $database_max_overflow = undef, - $event_log_max_size = 4000, - $system_name = undef, - $region_name = undef, - $trap_destinations = undef, - $sysinv_catalog_info = undef, -) inherits fm::params { - - include ::fm::deps - include ::fm::logging - - # set up the connection string for FM Manager, remove psycopg2 if it exists - $sql_connection = regsubst($database_connection,'^postgresql+psycopg2:','postgresql:') - fm_config { - 'DEFAULT/sql_connection': value => $sql_connection, secret => true; - 'DEFAULT/event_log_max_size': value => $event_log_max_size; - 'DEFAULT/system_name': value => $system_name; - 'DEFAULT/region_name': value => $region_name; - 'DEFAULT/trap_destinations': value => $trap_destinations; - } - - # Automatically add psycopg2 driver to postgresql (only does this if it is missing) - $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') - fm_config { - 'database/connection': value => $real_connection, secret => true; - 'database/connection_recycle_time': value => $database_idle_timeout; - 'database/max_pool_size': value => $database_max_pool_size; - 'database/max_overflow': value => $database_max_overflow; - } - - fm_config { - 'sysinv/catalog_info': value => $sysinv_catalog_info; - 'sysinv/os_region_name': value => $region_name; - } - - fm_api_paste_ini { - 'pipeline:fm-api/pipeline': value => 'request_id authtoken api_v1'; - 'filter:request_id/paste.filter_factory': value => 'oslo_middleware:RequestId.factory'; - 'filter:authtoken/acl_public_routes': value => '/, /v1'; - 'filter:authtoken/paste.filter_factory': value => 'fm.api.middleware.auth_token:AuthTokenMiddleware.factory'; - 'app:api_v1/paste.app_factory': value => 'fm.api.app:app_factory'; - } -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/auth.pp deleted file mode 100644 index ddbf31970d..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/auth.pp +++ /dev/null @@ -1,87 +0,0 @@ -# == Class: fm::keystone::auth -# -# Configures fault management user, service and endpoint in Keystone. -# -# === Parameters -# -# [*password*] -# (required) Password for fm user. -# -# [*auth_name*] -# Username for fm service. Defaults to 'fm'. -# -# [*email*] -# Email for fm user. Defaults to 'fm@localhost'. -# -# [*tenant*] -# Tenant for fm user. Defaults to 'services'. -# -# [*configure_endpoint*] -# Should fm endpoint be configured? Defaults to 'true'. -# -# [*configure_user*] -# (Optional) Should the service user be configured? -# Defaults to 'true'. -# -# [*configure_user_role*] -# (Optional) Should the admin role be configured for the service user? -# Defaults to 'true'. -# -# [*service_type*] -# Type of service. Defaults to 'faultmanagement'. -# -# [*region*] -# Region for endpoint. Defaults to 'RegionOne'. -# -# [*service_name*] -# (optional) Name of the service. -# Defaults to 'fm'. -# -# [*public_url*] -# (optional) The endpoint's public url. (Defaults to 'http://127.0.0.1:18002') -# This url should *not* contain any trailing '/'. -# -# [*admin_url*] -# (optional) The endpoint's admin url. (Defaults to 'http://127.0.0.1:18002') -# This url should *not* contain any trailing '/'. -# -# [*internal_url*] -# (optional) The endpoint's internal url. (Defaults to 'http://127.0.0.1:18002') -# This url should *not* contain any trailing '/'. -# -class fm::keystone::auth ( - $password, - $auth_name = 'fm', - $email = 'fm@localhost', - $tenant = 'services', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $service_name = 'fm', - $service_type = 'faultmanagement', - $region = 'RegionOne', - $public_url = 'http://127.0.0.1:18002', - $internal_url = 'http://127.0.0.1:18002', - $admin_url = 'http://127.0.0.1:18002', -) { - - include ::fm::deps - - keystone::resource::service_identity { 'fm': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_name => $service_name, - service_type => $service_type, - service_description => 'Fault Management Service', - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - internal_url => $internal_url, - admin_url => $admin_url, - } - -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/authtoken.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/authtoken.pp deleted file mode 100644 index 577c436778..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/keystone/authtoken.pp +++ /dev/null @@ -1,243 +0,0 @@ -# class: fm::keystone::authtoken -# -# Configure the keystone_authtoken section in the configuration file -# -# === Parameters -# -# [*username*] -# (Optional) The name of the service user -# Defaults to 'fm' -# -# [*password*] -# (Optional) Password to create for the service user -# Defaults to $::os_service_default -# -# [*auth_url*] -# (Optional) The URL to use for authentication. -# Defaults to 'http://localhost:35357' -# -# [*project_name*] -# (Optional) Service project name -# Defaults to 'services' -# -# [*user_domain_name*] -# (Optional) Name of domain for $username -# Defaults to 'Default' -# -# [*project_domain_name*] -# (Optional) Name of domain for $project_name -# Defaults to 'Default' -# -# [*insecure*] -# (Optional) If true, explicitly allow TLS without checking server cert -# against any certificate authorities. WARNING: not recommended. Use with -# caution. -# Defaults to $::os_service_default -# -# [*auth_section*] -# (Optional) Config Section from which to load plugin specific options -# Defaults to $::os_service_default. -# -# [*auth_type*] -# (Optional) Authentication type to load -# Defaults to 'password' -# -# [*auth_uri*] -# (Optional) Complete public Identity API endpoint. -# Defaults to 'http://localhost:5000' -# -# [*auth_version*] -# (Optional) API version of the admin Identity API endpoint. -# Defaults to $::os_service_default. -# -# [*cache*] -# (Optional) Env key for the swift cache. -# Defaults to $::os_service_default. -# -# [*cafile*] -# (Optional) A PEM encoded Certificate Authority to use when verifying HTTPs -# connections. -# Defaults to $::os_service_default. -# -# [*certfile*] -# (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. -# -# [*check_revocations_for_cached*] -# (Optional) If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. -# boolean value. -# Defaults to $::os_service_default. -# -# [*delay_auth_decision*] -# (Optional) Do not handle authorization requests within the middleware, but -# delegate the authorization decision to downstream WSGI components. Boolean -# value -# Defaults to $::os_service_default. -# -# [*enforce_token_bind*] -# (Optional) Used to control the use and type of token binding. Can be set -# to: "disabled" to not check token binding. "permissive" (default) to -# validate binding information if the bind type is of a form known to the -# server and ignore it if not. "strict" like "permissive" but if the bind -# type is unknown the token will be rejected. "required" any form of token -# binding is needed to be allowed. Finally the name of a binding method that -# must be present in tokens. String value. -# Defaults to $::os_service_default. -# -# [*hash_algorithms*] -# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will -# be stored in the cache. This will typically be set to multiple values only -# while migrating from a less secure algorithm to a more secure one. Once all -# the old tokens are expired this option should be set to a single value for -# better performance. List value. -# Defaults to $::os_service_default. -# -# [*http_connect_timeout*] -# (Optional) Request timeout value for communicating with Identity API -# server. -# Defaults to $::os_service_default. -# -# [*http_request_max_retries*] -# (Optional) How many times are we trying to reconnect when communicating -# with Identity API Server. Integer value -# Defaults to $::os_service_default. -# -# [*include_service_catalog*] -# (Optional) Indicate whether to set the X-Service-Catalog header. If False, -# middleware will not ask for service catalog on token validation and will -# not set the X-Service-Catalog header. Boolean value. -# Defaults to $::os_service_default. -# -# [*keyfile*] -# (Optional) Required if identity server requires client certificate -# Defaults to $::os_service_default. -# -# [*memcache_pool_conn_get_timeout*] -# (Optional) Number of seconds that an operation will wait to get a memcached -# client connection from the pool. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_dead_retry*] -# (Optional) Number of seconds memcached server is considered dead before it -# is tried again. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_maxsize*] -# (Optional) Maximum total number of open connections to every memcached -# server. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_socket_timeout*] -# (Optional) Number of seconds a connection to memcached is held unused in -# the pool before it is closed. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_pool_unused_timeout*] -# (Optional) Number of seconds a connection to memcached is held unused in -# the pool before it is closed. Integer value -# Defaults to $::os_service_default. -# -# [*memcache_secret_key*] -# (Optional, mandatory if memcache_security_strategy is defined) This string -# is used for key derivation. -# Defaults to $::os_service_default. -# -# [*memcache_security_strategy*] -# (Optional) If defined, indicate whether token data should be authenticated -# or authenticated and encrypted. If MAC, token data is authenticated (with -# HMAC) in the cache. If ENCRYPT, token data is encrypted and authenticated in the -# cache. If the value is not one of these options or empty, auth_token will -# raise an exception on initialization. -# Defaults to $::os_service_default. -# -# [*memcache_use_advanced_pool*] -# (Optional) Use the advanced (eventlet safe) memcached client pool. The -# advanced pool will only work under python 2.x Boolean value -# Defaults to $::os_service_default. -# -# [*memcached_servers*] -# (Optional) Optionally specify a list of memcached server(s) to use for -# caching. If left undefined, tokens will instead be cached in-process. -# Defaults to $::os_service_default. -# -# [*manage_memcache_package*] -# (Optional) Whether to install the python-memcache package. -# Defaults to false. -# -# [*region_name*] -# (Optional) The region in which the identity server can be found. -# Defaults to $::os_service_default. -# -# [*revocation_cache_time*] -# (Optional) Determines the frequency at which the list of revoked tokens is -# retrieved from the Identity service (in seconds). A high number of -# revocation events combined with a low cache duration may significantly -# reduce performance. Only valid for PKI tokens. Integer value -# Defaults to $::os_service_default. -# -# [*token_cache_time*] -# (Optional) In order to prevent excessive effort spent validating tokens, -# the middleware caches previously-seen tokens for a configurable duration -# (in seconds). Set to -1 to disable caching completely. Integer value -# Defaults to $::os_service_default. -# -class fm::keystone::authtoken( - $username = 'fm', - $password = $::os_service_default, - $auth_url = 'http://localhost:35357', - $project_name = 'services', - $user_domain_name = 'Default', - $project_domain_name = 'Default', - $insecure = $::os_service_default, - $auth_section = $::os_service_default, - $auth_type = 'password', - $auth_uri = 'http://localhost:5000', - $auth_version = $::os_service_default, - $cache = $::os_service_default, - $cafile = $::os_service_default, - $certfile = $::os_service_default, - $check_revocations_for_cached = $::os_service_default, - $delay_auth_decision = $::os_service_default, - $enforce_token_bind = $::os_service_default, - $hash_algorithms = $::os_service_default, - $http_connect_timeout = $::os_service_default, - $http_request_max_retries = $::os_service_default, - $include_service_catalog = $::os_service_default, - $keyfile = $::os_service_default, - $memcache_pool_conn_get_timeout = $::os_service_default, - $memcache_pool_dead_retry = $::os_service_default, - $memcache_pool_maxsize = $::os_service_default, - $memcache_pool_socket_timeout = $::os_service_default, - $memcache_pool_unused_timeout = $::os_service_default, - $memcache_secret_key = $::os_service_default, - $memcache_security_strategy = $::os_service_default, - $memcache_use_advanced_pool = $::os_service_default, - $memcached_servers = $::os_service_default, - $manage_memcache_package = false, - $region_name = $::os_service_default, - $revocation_cache_time = $::os_service_default, - $token_cache_time = $::os_service_default, -) { - - include ::fm::deps - - if is_service_default($password) { - fail('Please set password for FM service user') - } - - keystone::resource::authtoken { 'fm_config': - username => $username, - password => $password, - project_name => $project_name, - auth_url => $auth_url, - auth_uri => $auth_uri, - auth_type => $auth_type, - user_domain_name => $user_domain_name, - project_domain_name => $project_domain_name, - region_name => $region_name, - } -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/logging.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/logging.pp deleted file mode 100644 index 62a2f4a330..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/logging.pp +++ /dev/null @@ -1,134 +0,0 @@ -# Class fm::logging -# -# fm logging configuration -# -# == parameters -# -# [*debug*] -# (Optional) Should the daemons log debug messages -# Defaults to $::os_service_default -# -# [*use_syslog*] -# (Optional) Use syslog for logging. -# Defaults to $::os_service_default -# -# [*use_stderr*] -# (optional) Use stderr for logging -# Defaults to $::os_service_default -# -# [*log_facility*] -# (Optional) Syslog facility to receive log lines. -# Defaults to $::os_service_default -# -# [*log_dir*] -# (optional) Directory where logs should be stored. -# If set to boolean false or the $::os_service_default, it will not log to -# any directory. -# Defaults to '/var/log/fm'. -# -# [*logging_context_format_string*] -# (optional) Format string to use for log messages with context. -# Defaults to $::os_service_default -# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ -# [%(request_id)s %(user_identity)s] %(instance)s%(message)s' -# -# [*logging_default_format_string*] -# (optional) Format string to use for log messages without context. -# Defaults to $::os_service_default -# Example: '%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s\ -# [-] %(instance)s%(message)s' -# -# [*logging_debug_format_suffix*] -# (optional) Formatted data to append to log format when level is DEBUG. -# Defaults to $::os_service_default -# Example: '%(funcName)s %(pathname)s:%(lineno)d' -# -# [*logging_exception_prefix*] -# (optional) Prefix each line of exception output with this format. -# Defaults to $::os_service_default -# Example: '%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s' -# -# [*log_config_append*] -# The name of an additional logging configuration file. -# Defaults to $::os_service_default -# See https://docs.python.org/2/howto/logging.html -# -# [*default_log_levels*] -# (optional) Hash of logger (keys) and level (values) pairs. -# Defaults to $::os_service_default -# Example: -# { 'amqp' => 'WARN', 'amqplib' => 'WARN', 'boto' => 'WARN', -# 'sqlalchemy' => 'WARN', 'suds' => 'INFO', 'iso8601' => 'WARN', -# 'requests.packages.urllib3.connectionpool' => 'WARN' } -# -# [*publish_errors*] -# (optional) Publish error events (boolean value). -# Defaults to $::os_service_default -# -# [*fatal_deprecations*] -# (optional) Make deprecations fatal (boolean value) -# Defaults to $::os_service_default -# -# [*instance_format*] -# (optional) If an instance is passed with the log message, format it -# like this (string value). -# Defaults to $::os_service_default -# Example: '[instance: %(uuid)s] ' -# -# [*instance_uuid_format*] -# (optional) If an instance UUID is passed with the log message, format -# it like this (string value). -# Defaults to $::os_service_default -# Example: instance_uuid_format='[instance: %(uuid)s] ' -# -# [*log_date_format*] -# (optional) Format string for %%(asctime)s in log records. -# Defaults to $::os_service_default -# Example: 'Y-%m-%d %H:%M:%S' -# -class fm::logging( - $use_syslog = $::os_service_default, - $use_stderr = $::os_service_default, - $log_facility = $::os_service_default, - $log_dir = '/var/log/fm', - $debug = $::os_service_default, - $logging_context_format_string = $::os_service_default, - $logging_default_format_string = $::os_service_default, - $logging_debug_format_suffix = $::os_service_default, - $logging_exception_prefix = $::os_service_default, - $log_config_append = $::os_service_default, - $default_log_levels = $::os_service_default, - $publish_errors = $::os_service_default, - $fatal_deprecations = $::os_service_default, - $instance_format = $::os_service_default, - $instance_uuid_format = $::os_service_default, - $log_date_format = $::os_service_default, -) { - - include ::fm::deps - - $use_syslog_real = pick($::fm::use_syslog,$use_syslog) - $use_stderr_real = pick($::fm::use_stderr,$use_stderr) - $log_facility_real = pick($::fm::log_facility,$log_facility) - $log_dir_real = pick($::fm::log_dir,$log_dir) - $debug_real = pick($::fm::debug,$debug) - - oslo::log { 'fm_config': - debug => $debug_real, - use_syslog => $use_syslog_real, - use_stderr => $use_stderr_real, - log_dir => $log_dir_real, - syslog_log_facility => $log_facility_real, - logging_context_format_string => $logging_context_format_string, - logging_default_format_string => $logging_default_format_string, - logging_debug_format_suffix => $logging_debug_format_suffix, - logging_exception_prefix => $logging_exception_prefix, - log_config_append => $log_config_append, - default_log_levels => $default_log_levels, - publish_errors => $publish_errors, - fatal_deprecations => $fatal_deprecations, - log_date_format => $log_date_format, - instance_format => $instance_format, - instance_uuid_format => $instance_uuid_format, - } -} diff --git a/puppet-modules-wrs/puppet-fm/src/fm/manifests/params.pp b/puppet-modules-wrs/puppet-fm/src/fm/manifests/params.pp deleted file mode 100644 index d96ec28215..0000000000 --- a/puppet-modules-wrs/puppet-fm/src/fm/manifests/params.pp +++ /dev/null @@ -1,20 +0,0 @@ -class fm::params { - - case $::osfamily { - 'RedHat': { - $client_package = 'python-fmclient' - $api_package = 'fm-rest-api' - $api_service = 'fm-api' - } - 'Debian': { - $client_package = 'python-fmclient' - $api_package = 'fm-rest-api' - $api_service = 'fm-api' - } - default: { - fail("Unsupported osfamily: ${::osfamily} operatingsystem") - } - - } # Case $::osfamily - -} diff --git a/puppet-modules-wrs/puppet-mtce/PKG_INFO b/puppet-modules-wrs/puppet-mtce/PKG_INFO deleted file mode 100644 index 2341216feb..0000000000 --- a/puppet-modules-wrs/puppet-mtce/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-mtce -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-mtce/centos/build_srpm.data b/puppet-modules-wrs/puppet-mtce/centos/build_srpm.data deleted file mode 100644 index ca30127872..0000000000 --- a/puppet-modules-wrs/puppet-mtce/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=9 diff --git a/puppet-modules-wrs/puppet-mtce/centos/puppet-mtce.spec b/puppet-modules-wrs/puppet-mtce/centos/puppet-mtce.spec deleted file mode 100644 index 88f19f6f6d..0000000000 --- a/puppet-modules-wrs/puppet-mtce/centos/puppet-mtce.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir mtce - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet mtce module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for mtce - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-mtce/src/LICENSE b/puppet-modules-wrs/puppet-mtce/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-mtce/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-mtce/src/Makefile b/puppet-modules-wrs/puppet-mtce/src/Makefile deleted file mode 100644 index 3436be5e67..0000000000 --- a/puppet-modules-wrs/puppet-mtce/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/mtce - cp -R mtce/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-mtce/src/mtce/manifests/init.pp b/puppet-modules-wrs/puppet-mtce/src/mtce/manifests/init.pp deleted file mode 100644 index 8a8f8e1c6a..0000000000 --- a/puppet-modules-wrs/puppet-mtce/src/mtce/manifests/init.pp +++ /dev/null @@ -1,7 +0,0 @@ -# -# Copyright (c) 2015-2017 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class mtce () { } diff --git a/puppet-modules-wrs/puppet-mtce/src/mtce/templates/mtc_ini.erb b/puppet-modules-wrs/puppet-mtce/src/mtce/templates/mtc_ini.erb deleted file mode 100644 index a5cb2dc2cd..0000000000 --- a/puppet-modules-wrs/puppet-mtce/src/mtce/templates/mtc_ini.erb +++ /dev/null @@ -1,62 +0,0 @@ -; Puppet Managed Maintenance Configuration -[agent] ; Agent Configuration -keystone_auth_username = <%= @auth_username %> ; mtce auth username -keystone_auth_pw = <%= @auth_pw %> ; mtce auth password -keystone_auth_project = <%= @auth_project %> ; mtce auth project -keystone_user_domain = <%= @auth_user_domain %> ; mtce user domain -keystone_project_domain = <%= @auth_project_domain %> ; mtce project domain -keystone_auth_host = <%= @auth_host %> ; keystone auth url -keystone_auth_uri = <%= @auth_uri %> ; keystone auth uri -keystone_auth_port = <%= @auth_port %> ; keystone auth port -keystone_region_name = <%= @auth_region %> ; keystone region -keyring_directory = <%= @keyring_directory %> ; keyring directory -multicast = <%= @mtce_multicast %> ; Heartbeat Multicast Address -heartbeat_period = <%= @heartbeat_period %> ; Heartbeat period in milliseconds -heartbeat_failure_threshold = <%= @heartbeat_failure_threshold %> ; Heartbeat failure threshold count. -heartbeat_degrade_threshold = <%= @heartbeat_degrade_threshold %> ; Heartbeat degrade threshold count. - -; Communication ports between SM and maintenance -sm_server_port = <%= @sm_server_port %> ; port sm receives mtce commands from -sm_client_port = <%= @sm_client_port %> ; port mtce receives sm commands from - -; Heartbeat Loss / Failure Action Selection. -; The action to take on host heartbeat failure. -; Supported actions are -; fail = fail host and raise network specific heartbeat alarms -; degrade = degrade host and raise network specific heartbeat alarms -; alarm = raise network specific heartbeat alarms only -; none = no action and no alarms -; Selected action applies to all hosts in the system -; Default is fail -; To modify execute: -; system service-parameter-modify platform maintenance heartbeat_failure_action= -heartbeat_failure_action = <%= @heartbeat_failure_action %> - -; Multi-Node Failure Avoidance (MNFA) Activation and Deactivation threshold. -; The minimum number of hosts that fail heartbeat within the -; heartbeat_failure_threshold upon which Maintenance activates MNFA Mode. -; Once the number of failing hosts drop below this threshold then mainteance -; deactivates MNFA mode while remaining failing hosts are Gracefully Recovered. -; Default value is 2 -; Minimum value is 2 -; To modify execute: -; system service-parameter-modify platform maintenance mnfa_threshold= -mnfa_threshold = <%= @mnfa_threshold %> - -[timeouts] -worker_boot_timeout = <%= @worker_boot_timeout %> ; The max time (seconds) that Mtce waits for the mtcAlive -controller_boot_timeout = <%= @controller_boot_timeout %> ; message after which it will time out and fail the host. - -; Multi-Node Failure Avoidance (MNFA) Lifecycle Timer. -; MNFA Activation starts a timer with this timeout value. -; See mnfa_threshold above. -; Maintenance automatically Deactivates MNFA mode if the number of hosts that -; are failing heartbeat doesn't drop below mnfa_threshold before timer expires. -; Timer is in seconds. -; A zero value means infinite lifecycle or until the number of -; heartbeat failing hosts drops below the mnfa_threshold before expiry. -; Default value is 0 -; Minimum non-zero value is 100 ; maximum is 86400 -; To modify execute: -; system service-parameter-modify platform maintenance mnfa_timeout= -mnfa_timeout = <%= @mnfa_timeout %> diff --git a/puppet-modules-wrs/puppet-mtce/src/mtce/templates/static_conf.erb b/puppet-modules-wrs/puppet-mtce/src/mtce/templates/static_conf.erb deleted file mode 100644 index 070cfe0c16..0000000000 --- a/puppet-modules-wrs/puppet-mtce/src/mtce/templates/static_conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -/var/lock tmpfs tmpfs 4 2 1 -/var/run tmpfs tmpfs 30 15 5 -/dev/shm tmpfs tmpfs 512 307 102 -/ rootfs rootfs 512 307 102 -/dev devtmpfs devtmpfs 512 307 102 -/boot <%= @boot_device %> boot 100 70 50 -/scratch /dev/mapper/cgts--vg-scratch--lv dev 512 307 102 -/var/log /dev/mapper/cgts--vg-log--lv dev 512 307 102 diff --git a/puppet-modules-wrs/puppet-nfv/PKG_INFO b/puppet-modules-wrs/puppet-nfv/PKG_INFO deleted file mode 100644 index df3d2fbb5b..0000000000 --- a/puppet-modules-wrs/puppet-nfv/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-nfv -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-nfv/centos/build_srpm.data b/puppet-modules-wrs/puppet-nfv/centos/build_srpm.data deleted file mode 100644 index 3b920846f8..0000000000 --- a/puppet-modules-wrs/puppet-nfv/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=5 diff --git a/puppet-modules-wrs/puppet-nfv/centos/puppet-nfv.spec b/puppet-modules-wrs/puppet-nfv/centos/puppet-nfv.spec deleted file mode 100644 index 45182332f5..0000000000 --- a/puppet-modules-wrs/puppet-nfv/centos/puppet-nfv.spec +++ /dev/null @@ -1,34 +0,0 @@ -%global module_dir nfv - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet nfv module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for nfv - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} - diff --git a/puppet-modules-wrs/puppet-nfv/src/LICENSE b/puppet-modules-wrs/puppet-nfv/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-nfv/src/Makefile b/puppet-modules-wrs/puppet-nfv/src/Makefile deleted file mode 100644 index 907c39375a..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/nfv - cp -R nfv/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_alarm_config/ini_setting.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_alarm_config/ini_setting.rb deleted file mode 100644 index 8511f89a8c..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_alarm_config/ini_setting.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.type(:nfv_plugin_alarm_config).provide( - :ini_setting, - # set ini_setting as the parent provider - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - # implemented section as the first part of the namevar - resource[:name].split('/', 2).first - end - - def setting - # implemented setting as the second part of the namevar - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - # hard code the file path (this allows purging) - def self.file_path - '/etc/nfv/nfv_plugins/alarm_handlers/config.ini' - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_event_log_config/ini_setting.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_event_log_config/ini_setting.rb deleted file mode 100644 index 763c7cb720..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_event_log_config/ini_setting.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.type(:nfv_plugin_event_log_config).provide( - :ini_setting, - # set ini_setting as the parent provider - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - # implemented section as the first part of the namevar - resource[:name].split('/', 2).first - end - - def setting - # implemented setting as the second part of the namevar - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - # hard code the file path (this allows purging) - def self.file_path - '/etc/nfv/nfv_plugins/event_log_handlers/config.ini' - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_nfvi_config/ini_setting.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_nfvi_config/ini_setting.rb deleted file mode 100644 index 2f798423d1..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_plugin_nfvi_config/ini_setting.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.type(:nfv_plugin_nfvi_config).provide( - :ini_setting, - # set ini_setting as the parent provider - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - # implemented section as the first part of the namevar - resource[:name].split('/', 2).first - end - - def setting - # implemented setting as the second part of the namevar - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - # hard code the file path (this allows purging) - def self.file_path - '/etc/nfv/nfv_plugins/nfvi_plugins/config.ini' - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_vim_config/ini_setting.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_vim_config/ini_setting.rb deleted file mode 100644 index ee2a2577e7..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/provider/nfv_vim_config/ini_setting.rb +++ /dev/null @@ -1,31 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.type(:nfv_vim_config).provide( - :ini_setting, - # set ini_setting as the parent provider - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - # implemented section as the first part of the namevar - resource[:name].split('/', 2).first - end - - def setting - # implemented setting as the second part of the namevar - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - # hard code the file path (this allows purging) - def self.file_path - '/etc/nfv/vim/config.ini' - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_alarm_config.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_alarm_config.rb deleted file mode 100644 index 60f2fb3f71..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_alarm_config.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.newtype(:nfv_plugin_alarm_config) do - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/nfv/nfv_plugins/alarm_handlers/config.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_event_log_config.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_event_log_config.rb deleted file mode 100644 index e437d97f5c..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_event_log_config.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.newtype(:nfv_plugin_event_log_config) do - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/nfv/nfv_plugins/event_log_handlers/config.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_nfvi_config.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_nfvi_config.rb deleted file mode 100644 index 580f214bf9..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_plugin_nfvi_config.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.newtype(:nfv_plugin_nfvi_config) do - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/nfv/nfv_plugins/nfvi_plugins/config.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_vim_config.rb b/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_vim_config.rb deleted file mode 100644 index 2e76d4872b..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/lib/puppet/type/nfv_vim_config.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.newtype(:nfv_vim_config) do - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/nfv/vim/config.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/alarm.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/alarm.pp deleted file mode 100644 index a465ffb9cb..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/alarm.pp +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::alarm ( - $enabled = false, - $storage_file = '/var/log/nfv-vim-alarms.log', - $openstack_username = 'admin', - $openstack_tenant = 'admin', - $openstack_user_domain = 'Default', - $openstack_project_domain = 'Default', - $openstack_auth_protocol = 'http', - $openstack_auth_host = '127.0.0.1', - $openstack_auth_port = 5000, - $openstack_keyring_service = undef, - $fault_mgmt_region_name = 'RegionOne', - $fault_mgmt_service_name = 'fm', - $fault_mgmt_service_type = 'faultmanagement', - $fault_mgmt_endpoint_type = 'admin', - $fault_mgmt_endpoint_disabled = false, - $fault_management_pod_disabled = true, -) { - - include nfv::params - - nfv_plugin_alarm_config { - # File-Storage Information - 'File-Storage/file': value => $storage_file; - # This flag is used to disable raising alarm to containerized fm - # and will be removed in future. - 'openstack/fault_management_pod_disabled': value => $fault_management_pod_disabled; - - # OpenStack Authentication Information - 'openstack/username': value => $openstack_username; - 'openstack/tenant': value => $openstack_tenant; - 'openstack/user_domain_name': value => $openstack_user_domain; - 'openstack/project_domain_name': value => $openstack_project_domain; - 'openstack/authorization_protocol': value => $openstack_auth_protocol; - 'openstack/authorization_ip': value => $openstack_auth_host; - 'openstack/authorization_port': value => $openstack_auth_port; - 'openstack/keyring_service': value => $openstack_keyring_service; - - # Fault Management Information - 'fm/region_name': value => $fault_mgmt_region_name; - 'fm/service_name': value => $fault_mgmt_service_name; - 'fm/service_type': value => $fault_mgmt_service_type; - 'fm/endpoint_type': value => $fault_mgmt_endpoint_type; - 'fm/endpoint_disabled': value => $fault_mgmt_endpoint_disabled; - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/event_log.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/event_log.pp deleted file mode 100644 index f295ade904..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/event_log.pp +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::event_log ( - $enabled = false, - $storage_file = '/var/log/nfv-vim-events.log', - $openstack_username = 'admin', - $openstack_tenant = 'admin', - $openstack_user_domain = 'Default', - $openstack_project_domain = 'Default', - $openstack_auth_protocol = 'http', - $openstack_auth_host = '127.0.0.1', - $openstack_auth_port = 5000, - $openstack_keyring_service = undef, - $fault_mgmt_region_name = 'RegionOne', - $fault_mgmt_service_name = 'fm', - $fault_mgmt_service_type = 'faultmanagement', - $fault_mgmt_endpoint_type = 'admin', - $fault_mgmt_endpoint_disabled = false, - $fault_management_pod_disabled = true, -) { - - include nfv::params - - nfv_plugin_event_log_config { - # File-Storage Information - 'File-Storage/file': value => $storage_file; - # This flag is used to disable raising alarm to containerized fm - # and will be removed in future. - 'openstack/fault_management_pod_disabled': value => $fault_management_pod_disabled; - - # OpenStack Authentication Information - 'openstack/username': value => $openstack_username; - 'openstack/tenant': value => $openstack_tenant; - 'openstack/user_domain_name': value => $openstack_user_domain; - 'openstack/project_domain_name': value => $openstack_project_domain; - 'openstack/authorization_protocol': value => $openstack_auth_protocol; - 'openstack/authorization_ip': value => $openstack_auth_host; - 'openstack/authorization_port': value => $openstack_auth_port; - 'openstack/keyring_service': value => $openstack_keyring_service; - - # Fault Management Information - 'fm/region_name': value => $fault_mgmt_region_name; - 'fm/service_name': value => $fault_mgmt_service_name; - 'fm/service_type': value => $fault_mgmt_service_type; - 'fm/endpoint_type': value => $fault_mgmt_endpoint_type; - 'fm/endpoint_disabled': value => $fault_mgmt_endpoint_disabled; - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/init.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/init.pp deleted file mode 100644 index 111168d39b..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/init.pp +++ /dev/null @@ -1,52 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv ( -) { - include nfv::params - - Package['nfv'] -> Nfv_vim_config<||> - Package['nfv-plugins'] -> Nfv_plugin_alarm_config<||> - Package['nfv-plugins'] -> Nfv_plugin_event_log_config<||> - Package['nfv-plugins'] -> Nfv_plugin_nfvi_config<||> - - # This anchor is used to simplify the graph between nfv components - # by allowing a resource to serve as a point where the configuration of - # nfv begins - anchor { 'nfv-start': } - - package { 'nfv': - ensure => 'present', - name => $::nfv::params::package_name, - require => Anchor['nfv-start'], - } - - file { $::nfv::params::nfv_vim_conf: - ensure => 'present', - require => Package['nfv'], - } - - package { 'nfv-plugins': - ensure => 'present', - name => $::nfv::params::nfv_plugin_package_name, - require => Anchor['nfv-start'], - } - - file { $::nfv::params::nfv_plugin_alarm_conf: - ensure => 'present', - require => Package['nfv-plugins'], - } - - file { $::nfv::params::nfv_plugin_event_log_conf: - ensure => 'present', - require => Package['nfv-plugins'], - } - - file { $::nfv::params::nfv_plugin_nfvi_conf: - ensure => 'present', - require => Package['nfv-plugins'], - } -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/keystone/auth.pp deleted file mode 100644 index 1ae83226bf..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/keystone/auth.pp +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::keystone::auth ( - $password, - $auth_name = 'vim', - $tenant = 'services', - $email = 'vim@localhost', - $region = 'RegionOne', - $service_description = 'Virtual Infrastructure Manager', - $service_name = 'vim', - $service_type = 'nfv', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:4545', - $admin_url = 'http://127.0.0.1:4545', - $internal_url = 'http://127.0.0.1:4545', -) { - - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { $auth_name: - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_type => $service_type, - service_description => $service_description, - service_name => $real_service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } - -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp deleted file mode 100644 index 8f300e3cfe..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/nfvi.pp +++ /dev/null @@ -1,202 +0,0 @@ -# -# Copyright (c) 2016-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::nfvi ( - $enabled = false, - $platform_username = 'admin', - $platform_tenant = 'admin', - $platform_user_domain = 'Default', - $platform_project_domain = 'Default', - $platform_auth_protocol = 'http', - $platform_auth_host = '127.0.0.1', - $platform_auth_port = 5000, - $platform_keyring_service = undef, - $openstack_username = 'admin', - $openstack_tenant = 'admin', - $openstack_user_domain = 'Default', - $openstack_project_domain = 'Default', - $openstack_auth_protocol = 'http', - $openstack_auth_host = '127.0.0.1', - $openstack_auth_port = 5000, - $openstack_keyring_service = undef, - $keystone_region_name = 'RegionOne', - $keystone_service_name = 'keystone', - $keystone_service_type = 'identity', - $keystone_endpoint_type = 'internal', - $ceilometer_region_name = 'RegionOne', - $ceilometer_service_name = 'ceilometer', - $ceilometer_service_type = 'metering', - $ceilometer_endpoint_type = 'admin', - $cinder_region_name = 'RegionOne', - $cinder_service_name = 'cinderv2', - $cinder_service_type = 'volumev2', - $cinder_endpoint_type = 'admin', - $cinder_endpoint_disabled = false, - $glance_region_name = 'RegionOne', - $glance_service_name = 'glance', - $glance_service_type = 'image', - $glance_endpoint_type = 'admin', - $neutron_region_name = 'RegionOne', - $neutron_service_name = 'neutron', - $neutron_service_type = 'network', - $neutron_endpoint_type = 'admin', - $neutron_endpoint_disabled = false, - $nova_region_name = 'RegionOne', - $nova_service_name = 'nova', - $nova_service_type = 'compute', - $nova_endpoint_type = 'admin', - $nova_endpoint_override = 'http://localhost:18774', - $nova_endpoint_disabled = false, - $sysinv_region_name = 'RegionOne', - $sysinv_service_name = 'sysinv', - $sysinv_service_type = 'platform', - $sysinv_endpoint_type = 'admin', - $heat_region_name = 'RegionOne', - $mtc_endpoint_override = 'http://localhost:2112', - $guest_endpoint_override = 'http://localhost:2410', - $patching_region_name = 'RegionOne', - $patching_service_name = 'patching', - $patching_service_type = 'patching', - $patching_endpoint_type = 'admin', - $fm_region_name = 'RegionOne', - $fm_service_name = 'fm', - $fm_service_type = 'faultmanagement', - $fm_endpoint_type = 'admin', - $rabbit_host = '127.0.0.1', - $rabbit_port = 5672, - $rabbit_userid = 'guest', - $rabbit_password = 'guest', - $rabbit_virtual_host = '/', - $infrastructure_rest_api_host = '127.0.0.1', - $infrastructure_rest_api_port = 30001, - $infrastructure_rest_api_data_port_fault_handling_enabled = true, - $guest_rest_api_host = '127.0.0.1', - $guest_rest_api_port = 30002, - $compute_rest_api_host = '127.0.0.1', - $compute_rest_api_port = 30003, - $compute_rest_api_max_concurrent_requests = 128, - $compute_rest_api_max_request_wait_in_secs = 120, - $host_listener_host = '127.0.0.1', - $host_listener_port = 30004, - $identity_uri = undef, -) { - - include nfv::params - - nfv_plugin_nfvi_config { - - # Platform Authentication Information - 'platform/username': value => $platform_username; - 'platform/tenant': value => $platform_tenant; - 'platform/user_domain_name': value => $platform_user_domain; - 'platform/project_domain_name': value => $platform_project_domain; - 'platform/authorization_protocol': value => $platform_auth_protocol; - 'platform/authorization_ip': value => $platform_auth_host; - 'platform/authorization_port': value => $platform_auth_port; - 'platform/keyring_service': value => $platform_keyring_service; - - # OpenStack Authentication Information - 'openstack/username': value => $openstack_username; - 'openstack/tenant': value => $openstack_tenant; - 'openstack/user_domain_name': value => $openstack_user_domain; - 'openstack/project_domain_name': value => $openstack_project_domain; - 'openstack/authorization_protocol': value => $openstack_auth_protocol; - 'openstack/authorization_ip': value => $openstack_auth_host; - 'openstack/authorization_port': value => $openstack_auth_port; - 'openstack/keyring_service': value => $openstack_keyring_service; - - 'keystone/region_name': value => $keystone_region_name; - 'keystone/service_name': value => $keystone_service_name; - 'keystone/service_type': value => $keystone_service_type; - 'keystone/endpoint_type': value => $keystone_endpoint_type; - - 'ceilometer/region_name': value => $ceilometer_region_name; - 'ceilometer/service_name': value => $ceilometer_service_name; - 'ceilometer/service_type': value => $ceilometer_service_type; - 'ceilometer/endpoint_type': value => $ceilometer_endpoint_type; - - 'cinder/region_name': value => $cinder_region_name; - 'cinder/service_name': value => $cinder_service_name; - 'cinder/service_type': value => $cinder_service_type; - 'cinder/endpoint_type': value => $cinder_endpoint_type; - 'cinder/endpoint_disabled': value => $cinder_endpoint_disabled; - - 'glance/region_name': value => $glance_region_name; - 'glance/service_name': value => $glance_service_name; - 'glance/service_type': value => $glance_service_type; - 'glance/endpoint_type': value => $glance_endpoint_type; - - 'neutron/region_name': value => $neutron_region_name; - 'neutron/service_name': value => $neutron_service_name; - 'neutron/service_type': value => $neutron_service_type; - 'neutron/endpoint_type': value => $neutron_endpoint_type; - 'neutron/endpoint_disabled': value => $neutron_endpoint_disabled; - - 'nova/region_name': value => $nova_region_name; - 'nova/service_name': value => $nova_service_name; - 'nova/service_type': value => $nova_service_type; - 'nova/endpoint_type': value => $nova_endpoint_type; - 'nova/endpoint_override': value => $nova_endpoint_override; - 'nova/endpoint_disabled': value => $nova_endpoint_disabled; - - 'sysinv/region_name': value => $sysinv_region_name; - 'sysinv/service_name': value => $sysinv_service_name; - 'sysinv/service_type': value => $sysinv_service_type; - 'sysinv/endpoint_type': value => $sysinv_endpoint_type; - - 'heat/region_name': value => $heat_region_name; - - 'mtc/endpoint_override': value => $mtc_endpoint_override; - - 'guest/endpoint_override': value => $guest_endpoint_override; - - 'patching/region_name': value => $patching_region_name; - 'patching/service_name': value => $patching_service_name; - 'patching/service_type': value => $patching_service_type; - 'patching/endpoint_type': value => $patching_endpoint_type; - - 'fm/region_name': value => $fm_region_name; - 'fm/service_name': value => $fm_service_name; - 'fm/service_type': value => $fm_service_type; - 'fm/endpoint_type': value => $fm_endpoint_type; - - # AMQP - 'amqp/host': value => $rabbit_host; - 'amqp/port': value => $rabbit_port; - 'amqp/user_id': value => $rabbit_userid; - 'amqp/password': value => $rabbit_password, secret => true; - 'amqp/virt_host': value => $rabbit_virtual_host; - - # Infrastructure Rest-API - 'infrastructure-rest-api/host': value => $infrastructure_rest_api_host; - 'infrastructure-rest-api/port': value => $infrastructure_rest_api_port; - 'infrastructure-rest-api/data_port_fault_handling_enabled': value => $infrastructure_rest_api_data_port_fault_handling_enabled; - - # Guest-Services Rest-API - 'guest-rest-api/host': value => $guest_rest_api_host; - 'guest-rest-api/port': value => $guest_rest_api_port; - - # Compute Rest-API - 'compute-rest-api/host': value => $compute_rest_api_host; - 'compute-rest-api/port': value => $compute_rest_api_port; - 'compute-rest-api/max_concurrent_requests': value => $compute_rest_api_max_concurrent_requests; - 'compute-rest-api/max_request_wait_in_secs': value => $compute_rest_api_max_request_wait_in_secs; - - # Host Listener - 'host-listener/host': value => $host_listener_host; - 'host-listener/port': value => $host_listener_port; - } - - if $identity_uri { - nfv_plugin_nfvi_config { 'openstack/authorization_uri': value => $identity_uri; } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/params.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/params.pp deleted file mode 100644 index f5a80a0bc1..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/params.pp +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::params { - - $nfv_conf_dir = '/etc/nfv' - $nfv_plugin_conf_dir = '/etc/nfv/nfv_plugins' - $nfv_vim_conf = '/etc/nfv/vim/config.ini' - $nfv_plugin_alarm_conf = '/etc/nfv/nfv_plugins/alarm_handlers/config.ini' - $nfv_plugin_event_log_conf = '/etc/nfv/nfv_plugins/event_log_handlers/config.ini' - $nfv_plugin_nfvi_conf = '/etc/nfv/nfv_plugins/nfvi_plugins/config.ini' - - if $::osfamily == 'Debian' { - $package_name = 'nfv-vim' - $nfv_plugin_package_name = 'nfv-plugins' - $nfv_common_package_name = 'nfv-common' - - } elsif($::osfamily == 'RedHat') { - - $package_name = 'nfv-vim' - $nfv_plugin_package_name = 'nfv-plugins' - $nfv_common_package_name = 'nfv-common' - - } elsif($::osfamily == 'WRLinux') { - - $package_name = 'nfv-vim' - $nfv_plugin_package_name = 'nfv-plugins' - $nfv_common_package_name = 'nfv-common' - - } else { - fail("unsuported osfamily ${::osfamily}, currently WindRiver, Debian, Redhat are the only supported platforms") - } -} diff --git a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/vim.pp b/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/vim.pp deleted file mode 100644 index fa299afa10..0000000000 --- a/puppet-modules-wrs/puppet-nfv/src/nfv/manifests/vim.pp +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (c) 2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class nfv::vim ( - $enabled = false, - $debug_config_file = '/etc/nfv/vim/debug.ini', - $debug_handlers = 'syslog, stdout', - $debug_syslog_address = '/dev/log', - $debug_syslog_facility = 'user', - $database_dir = '/opt/platform/nfv/vim', - $alarm_namespace = 'nfv_vim.alarm.handlers.v1', - $alarm_handlers = 'File-Storage, Fault-Management', - $alarm_audit_interval = 30, - $alarm_config_file = '/etc/nfv/nfv_plugins/alarm_handlers/config.ini', - $event_log_namespace = 'nfv_vim.event_log.handlers.v1', - $event_log_handlers = 'File-Storage, Event-Log-Management', - $event_log_config_file ='/etc/nfv/nfv_plugins/event_log_handlers/config.ini', - $nfvi_namespace = 'nfv_vim.nfvi.plugins.v1', - $nfvi_config_file = '/etc/nfv/nfv_plugins/nfvi_plugins/config.ini', - $image_plugin_disabled = false, - $block_storage_plugin_disabled = false, - $compute_plugin_disabled = false, - $network_plugin_disabled = false, - $guest_plugin_disabled = false, - $fault_mgmt_plugin_disabled = false, - $fault_management_pod_disabled = true, - $vim_rpc_ip = '127.0.0.1', - $vim_rpc_port = 4343, - $vim_api_ip = '0.0.0.0', - $vim_api_port = 4545, - $vim_api_rpc_ip = '127.0.0.1', - $vim_api_rpc_port = 0, - $vim_webserver_ip = '0.0.0.0', - $vim_webserver_port = 32323, - $vim_webserver_source_dir = '/usr/lib64/python2.7/site-packages/nfv_vim/webserver', - $instance_max_live_migrate_wait_in_secs = 180, - $instance_single_hypervisor = false, - $sw_mgmt_single_controller = false, -) { - - include nfv::params - - nfv_vim_config { - # Debug Information - 'debug/config_file': value => $debug_config_file; - 'debug/handlers': value => $debug_handlers; - 'debug/syslog_address': value => $debug_syslog_address; - 'debug/syslog_facility': value => $debug_syslog_facility; - - # Database - 'database/database_dir': value => $database_dir; - - # Alarm - 'alarm/namespace': value => $alarm_namespace; - 'alarm/handlers': value => $alarm_handlers; - 'alarm/audit_interval': value => $alarm_audit_interval; - 'alarm/config_file': value => $alarm_config_file; - - # Event Log - 'event-log/namespace': value => $event_log_namespace; - 'event-log/handlers': value => $event_log_handlers; - 'event-log/config_file': value => $event_log_config_file; - - # NFVI - 'nfvi/namespace': value => $nfvi_namespace; - 'nfvi/config_file': value => $nfvi_config_file; - 'nfvi/image_plugin_disabled': value => $image_plugin_disabled; - 'nfvi/block_storage_plugin_disabled': value => $block_storage_plugin_disabled; - 'nfvi/compute_plugin_disabled': value => $compute_plugin_disabled; - 'nfvi/network_plugin_disabled': value => $network_plugin_disabled; - 'nfvi/guest_plugin_disabled': value => $guest_plugin_disabled; - 'nfvi/fault_mgmt_plugin_disabled': value => $fault_mgmt_plugin_disabled; - # This flag is used to disable raising alarm to containerized fm - # and will be removed in future. - 'nfvi/fault_management_pod_disabled': value => $fault_management_pod_disabled; - - # INSTANCE CONFIGURATION - 'instance-configuration/max_live_migrate_wait_in_secs': value => $instance_max_live_migrate_wait_in_secs; - 'instance-configuration/single_hypervisor': value => $instance_single_hypervisor; - - # VIM - 'vim/rpc_host': value => $vim_rpc_ip; - 'vim/rpc_port': value => $vim_rpc_port; - - # VIM-API - 'vim-api/host': value => $vim_api_ip; - 'vim-api/port': value => $vim_api_port; - 'vim-api/rpc_host': value => $vim_api_rpc_ip; - 'vim-api/rpc_port': value => $vim_api_rpc_port; - - # VIM-Webserver - 'vim-webserver/host': value => $vim_webserver_ip; - 'vim-webserver/port': value => $vim_webserver_port; - 'vim-webserver/source_dir': value => $vim_webserver_source_dir; - - # SW-MGMT CONFIGURATION - 'sw-mgmt-configuration/single_controller': value => $sw_mgmt_single_controller; - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } -} diff --git a/puppet-modules-wrs/puppet-patching/PKG_INFO b/puppet-modules-wrs/puppet-patching/PKG_INFO deleted file mode 100644 index 01c10fdb44..0000000000 --- a/puppet-modules-wrs/puppet-patching/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-patching -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-patching/centos/build_srpm.data b/puppet-modules-wrs/puppet-patching/centos/build_srpm.data deleted file mode 100644 index f579f0d2ee..0000000000 --- a/puppet-modules-wrs/puppet-patching/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=2 diff --git a/puppet-modules-wrs/puppet-patching/centos/puppet-patching.spec b/puppet-modules-wrs/puppet-patching/centos/puppet-patching.spec deleted file mode 100644 index 4e87a42bd4..0000000000 --- a/puppet-modules-wrs/puppet-patching/centos/puppet-patching.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir patching - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet patching module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for patching - -%prep -%setup - -# -# The src for this puppet module needs to be staged to packstack/puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-patching/src/LICENSE b/puppet-modules-wrs/puppet-patching/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-patching/src/Makefile b/puppet-modules-wrs/puppet-patching/src/Makefile deleted file mode 100644 index 3be863dea6..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/patching - cp -R patching/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-patching/src/patching/LICENSE b/puppet-modules-wrs/puppet-patching/src/patching/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-patching/src/patching/Modulefile b/puppet-modules-wrs/puppet-patching/src/patching/Modulefile deleted file mode 100644 index 63fbf8c8a0..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/Modulefile +++ /dev/null @@ -1,13 +0,0 @@ -name 'patching' -version '2.1.0' -source 'https://github.com/stackforge/patching' -author 'Wind River' -license 'Apache-2.0' -summary 'Patching Module' -description 'Puppet module to install and configure the Patching service' -project_page 'https://launchpad.net/puppet' - -dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0' -dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0' -dependency 'puppetlabs/stdlib', '>=2.5.0' -dependency 'puppetlabs/rabbitmq', '>=2.0.2 <3.0.0' diff --git a/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/provider/patching_config/ini_setting.rb b/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/provider/patching_config/ini_setting.rb deleted file mode 100644 index 49bcf93828..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/provider/patching_config/ini_setting.rb +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (c) 2014-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.type(:patching_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/patching/patching.conf' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/type/patching_config.rb b/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/type/patching_config.rb deleted file mode 100644 index d549c7adcc..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/lib/puppet/type/patching_config.rb +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (c) 2014-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -Puppet::Type.newtype(:patching_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/patching/patching.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-patching/src/patching/manifests/api.pp b/puppet-modules-wrs/puppet-patching/src/patching/manifests/api.pp deleted file mode 100644 index ce8d472f4d..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/manifests/api.pp +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (c) 2014-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -class patching::api ( - $keystone_password, - $keystone_enabled = true, - $keystone_tenant = 'services', - $keystone_user = 'patching', - $keystone_user_domain = 'Default', - $keystone_project_domain = 'Default', - $keystone_auth_host = 'localhost', - $keystone_auth_port = '5000', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $keystone_auth_uri = false, - $keystone_auth_version = false, - $keystone_identity_uri = false, - $keystone_region_name = 'RegionOne', - $auth_type = 'password', - $service_port = '5000', - $package_ensure = 'latest', - $bind_host = '0.0.0.0', - $enabled = true -) { - - include patching::params - - if $keystone_identity_uri { - patching_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } - } else { - patching_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; } - } - - if $keystone_auth_uri { - patching_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } - } else { - patching_config { - 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; - } - } - - if $keystone_auth_version { - patching_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } - } else { - patching_config { 'keystone_authtoken/auth_version': ensure => absent; } - } - - if $keystone_enabled { - patching_config { - 'DEFAULT/auth_strategy': value => 'keystone' ; - } - patching_config { - 'keystone_authtoken/auth_type': value => $auth_type; - 'keystone_authtoken/project_name': value => $keystone_tenant; - 'keystone_authtoken/username': value => $keystone_user; - 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; - 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; - 'keystone_authtoken/region_name': value => $keystone_region_name; - 'keystone_authtoken/password': value => $keystone_password, secret => true; - } - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - patching_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - patching_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - } - else - { - patching_config { - 'DEFAULT/auth_strategy': value => 'noauth' ; - } - } -} diff --git a/puppet-modules-wrs/puppet-patching/src/patching/manifests/init.pp b/puppet-modules-wrs/puppet-patching/src/patching/manifests/init.pp deleted file mode 100644 index b41616c972..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/manifests/init.pp +++ /dev/null @@ -1,44 +0,0 @@ -# -# Copyright (c) 2014-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class patching ( - $controller_multicast = '239.1.1.3', - $agent_multicast = '239.1.1.4', - $api_port = 5487, - $controller_port = 5488, - $agent_port = 5489, -) { - include patching::params - - file { $::patching::params::patching_conf: - ensure => present, - owner => 'patching', - group => 'patching', - mode => '0600', - } - - patching_config { - 'runtime/controller_multicast': value => $controller_multicast; - 'runtime/agent_multicast': value => $agent_multicast; - 'runtime/api_port': value => $api_port; - 'runtime/controller_port': value => $controller_port; - 'runtime/agent_port': value => $agent_port; - } - - ~> service { 'sw-patch-agent.service': - ensure => 'running', - enable => true, - subscribe => File[$::patching::params::patching_conf], - } - - if $::personality == 'controller' { - service { 'sw-patch-controller-daemon.service': - ensure => 'running', - enable => true, - subscribe => Service['sw-patch-agent.service'], - } - } -} diff --git a/puppet-modules-wrs/puppet-patching/src/patching/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-patching/src/patching/manifests/keystone/auth.pp deleted file mode 100644 index 266636ac9f..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/manifests/keystone/auth.pp +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (c) 2014-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class patching::keystone::auth ( - $password, - $auth_name = 'patching', - $tenant = 'services', - $email = 'patching@localhost', - $region = 'RegionOne', - $service_description = 'Patching Service', - $service_name = undef, - $service_type = 'patching', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:15491/v1', - $admin_url = 'http://127.0.0.1:5491/v1', - $internal_url = 'http://127.0.0.1:5491/v1', -) { - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { 'patching': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_type => $service_type, - service_description => $service_description, - service_name => $real_service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } - - # Assume we dont need backwards compatability - # if $configure_endpoint { - # Keystone_endpoint["${region}/${real_service_name}::${service_type}"] ~> Service <| title == 'patch-server' |> - # } - -} diff --git a/puppet-modules-wrs/puppet-patching/src/patching/manifests/params.pp b/puppet-modules-wrs/puppet-patching/src/patching/manifests/params.pp deleted file mode 100644 index e8aeede647..0000000000 --- a/puppet-modules-wrs/puppet-patching/src/patching/manifests/params.pp +++ /dev/null @@ -1,10 +0,0 @@ -# -# Copyright (c) 2014-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class patching::params { - $patching_dir = '/etc/patching' - $patching_conf = '/etc/patching/patching.conf' -} \ No newline at end of file diff --git a/puppet-modules-wrs/puppet-smapi/PKG_INFO b/puppet-modules-wrs/puppet-smapi/PKG_INFO deleted file mode 100644 index b508066de0..0000000000 --- a/puppet-modules-wrs/puppet-smapi/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-smapi -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data b/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data deleted file mode 100644 index 3f8ebcf32e..0000000000 --- a/puppet-modules-wrs/puppet-smapi/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec b/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec deleted file mode 100644 index 2276d42d8b..0000000000 --- a/puppet-modules-wrs/puppet-smapi/centos/puppet-smapi.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir smapi - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet smapi module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for smapi - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-smapi/src/LICENSE b/puppet-modules-wrs/puppet-smapi/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-smapi/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-smapi/src/Makefile b/puppet-modules-wrs/puppet-smapi/src/Makefile deleted file mode 100644 index 9c86d27e5e..0000000000 --- a/puppet-modules-wrs/puppet-smapi/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/smapi - cp -R smapi/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp deleted file mode 100644 index 14d77ad4f9..0000000000 --- a/puppet-modules-wrs/puppet-smapi/src/smapi/manifests/keystone/auth.pp +++ /dev/null @@ -1,48 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - - -# == Class: smapi::keystone::auth -# -# Configures smapi user, service and endpoint in Keystone. -# - -class smapi::keystone::auth ( - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $password = 'passwd', - $auth_name = 'smapi', - $public_url = 'http://127.0.0.1:7777', - $admin_url = 'http://127.0.0.1:7777', - $internal_url = 'http://127.0.0.1:7777', - $tenant = 'services', - $region = 'RegionOne', - $service_description = 'sm-api service', - $service_name = 'smapi', - $service_type = 'smapi', -) { - - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { $auth_name: - configure_endpoint => $configure_endpoint, - configure_user => $configure_user, - configure_user_role => $configure_user_role, - password => $password, - auth_name => $auth_name, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - tenant => $tenant, - region => $region, - service_description => $service_description, - service_name => $real_service_name, - service_type => $service_type, - } -} diff --git a/puppet-modules-wrs/puppet-sshd/centos/build_srpm.data b/puppet-modules-wrs/puppet-sshd/centos/build_srpm.data deleted file mode 100644 index 3f8ebcf32e..0000000000 --- a/puppet-modules-wrs/puppet-sshd/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=1 diff --git a/puppet-modules-wrs/puppet-sshd/centos/puppet-sshd.spec b/puppet-modules-wrs/puppet-sshd/centos/puppet-sshd.spec deleted file mode 100644 index 85dacafd84..0000000000 --- a/puppet-modules-wrs/puppet-sshd/centos/puppet-sshd.spec +++ /dev/null @@ -1,33 +0,0 @@ -%global module_dir sshd - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet sshd module -License: Apache-2.0 -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for sshd - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} diff --git a/puppet-modules-wrs/puppet-sshd/src/LICENSE b/puppet-modules-wrs/puppet-sshd/src/LICENSE deleted file mode 100644 index d645695673..0000000000 --- a/puppet-modules-wrs/puppet-sshd/src/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-sshd/src/Makefile b/puppet-modules-wrs/puppet-sshd/src/Makefile deleted file mode 100644 index 249294048b..0000000000 --- a/puppet-modules-wrs/puppet-sshd/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/sshd - cp -R sshd/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-sshd/src/sshd/manifests/init.pp b/puppet-modules-wrs/puppet-sshd/src/sshd/manifests/init.pp deleted file mode 100644 index b3f43097e9..0000000000 --- a/puppet-modules-wrs/puppet-sshd/src/sshd/manifests/init.pp +++ /dev/null @@ -1,7 +0,0 @@ -# -# Copyright (c) 2015-2017 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -class sshd () { } diff --git a/puppet-modules-wrs/puppet-sshd/src/sshd/templates/sshd_config.erb b/puppet-modules-wrs/puppet-sshd/src/sshd/templates/sshd_config.erb deleted file mode 100644 index 19177eac11..0000000000 --- a/puppet-modules-wrs/puppet-sshd/src/sshd/templates/sshd_config.erb +++ /dev/null @@ -1,143 +0,0 @@ -# This file is being maintained by Puppet. -# DO NOT EDIT - -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_ed25519_key -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_ecdsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -LogLevel INFO - -# Authentication: - -LoginGraceTime 1m -PermitRootLogin no -#StrictModes yes -MaxAuthTries 4 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -PermitEmptyPasswords no - -# Change to no to disable s/key passwords -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -AllowAgentForwarding no -AllowTcpForwarding no -#GatewayPorts no -X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation yes -PermitUserEnvironment no -Compression no -ClientAliveInterval 15 -ClientAliveCountMax 4 -# Make SSH connect faster on bootup -UseDNS no -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# default banner path -Banner /etc/issue.net - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server -DenyUsers admin secadmin operator -# Filtered cipher, MAC and key exchange algorithm list, defaults can be -# obtained by ssh -Q cipher, ssh -Q mac and ssh -Q kex -# TODO (aning): once openssh is updated to 7.5, an explicit exclusion list -# using "-" should be used for cipher, MAC and kex excluded suites. -Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com -MACs hmac-sha1,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com -KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256 - -# This Match block prevents Password Authentication for root user -Match User root - PasswordAuthentication no - -<% if @nova_migration_subnet -%> -# This Match Block is used to allow Root Login exceptions over the -# internal subnet used by Nova Migrations -Match Address <%= @nova_migration_subnet %> - PermitRootLogin without-password -<% end -%> diff --git a/puppet-modules-wrs/puppet-sysinv/PKG_INFO b/puppet-modules-wrs/puppet-sysinv/PKG_INFO deleted file mode 100644 index 72c3266c15..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/PKG_INFO +++ /dev/null @@ -1,2 +0,0 @@ -Name: puppet-sysinv -Version: 1.0.0 diff --git a/puppet-modules-wrs/puppet-sysinv/centos/build_srpm.data b/puppet-modules-wrs/puppet-sysinv/centos/build_srpm.data deleted file mode 100644 index 76e75eaa9f..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/centos/build_srpm.data +++ /dev/null @@ -1,2 +0,0 @@ -SRC_DIR="src" -TIS_PATCH_VER=7 diff --git a/puppet-modules-wrs/puppet-sysinv/centos/puppet-sysinv.spec b/puppet-modules-wrs/puppet-sysinv/centos/puppet-sysinv.spec deleted file mode 100644 index c66adbb5d1..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/centos/puppet-sysinv.spec +++ /dev/null @@ -1,34 +0,0 @@ -%global module_dir sysinv - -Name: puppet-%{module_dir} -Version: 1.0.0 -Release: %{tis_patch_ver}%{?_tis_dist} -Summary: Puppet sysinv module -License: Apache -Packager: Wind River - -URL: unknown - -Source0: %{name}-%{version}.tar.gz - -BuildArch: noarch - -BuildRequires: python2-devel - -%description -A puppet module for sysinv - -%prep -%setup - -# -# The src for this puppet module needs to be staged to puppet/modules -# -%install -make install \ - MODULEDIR=%{buildroot}%{_datadir}/puppet/modules - -%files -%license LICENSE -%{_datadir}/puppet/modules/%{module_dir} - diff --git a/puppet-modules-wrs/puppet-sysinv/src/LICENSE b/puppet-modules-wrs/puppet-sysinv/src/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-sysinv/src/Makefile b/puppet-modules-wrs/puppet-sysinv/src/Makefile deleted file mode 100644 index 5446df8d11..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/Makefile +++ /dev/null @@ -1,11 +0,0 @@ -# -# SPDX-License-Identifier: Apache-2.0 -# -# Copyright (C) 2019 Intel Corporation -# - -MODULEDIR ?= /usr/share/puppet/modules - -install: - install -d -m 0755 $(MODULEDIR)/sysinv - cp -R sysinv/ $(MODULEDIR)/ diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/.fixtures.yml b/puppet-modules-wrs/puppet-sysinv/src/sysinv/.fixtures.yml deleted file mode 100644 index 853f8f4865..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/.fixtures.yml +++ /dev/null @@ -1,19 +0,0 @@ -fixtures: - repositories: - "apt": "git://github.com/puppetlabs/puppetlabs-apt.git" - "keystone": "git://github.com/stackforge/puppet-keystone.git" - "mysql": - repo: "git://github.com/puppetlabs/puppetlabs-mysql.git" - ref: 'origin/0.x' - "stdlib": "git://github.com/puppetlabs/puppetlabs-stdlib.git" - "sysctl": "git://github.com/duritong/puppet-sysctl.git" - "rabbitmq": - repo: "git://github.com/puppetlabs/puppetlabs-rabbitmq" - ref: 'origin/2.x' - "inifile": "git://github.com/puppetlabs/puppetlabs-inifile" - "qpid": "git://github.com/dprince/puppet-qpid.git" - 'postgresql': - repo: "git://github.com/puppetlabs/puppet-postgresql.git" - ref: 'origin/4.1.x' - symlinks: - "sysinv": "#{source_dir}" diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Gemfile b/puppet-modules-wrs/puppet-sysinv/src/sysinv/Gemfile deleted file mode 100644 index 89f2e1b25d..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Gemfile +++ /dev/null @@ -1,14 +0,0 @@ -source 'https://rubygems.org' - -group :development, :test do - gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', '~> 0.3.2' -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/LICENSE b/puppet-modules-wrs/puppet-sysinv/src/sysinv/LICENSE deleted file mode 100644 index 8d968b6cb0..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Modulefile b/puppet-modules-wrs/puppet-sysinv/src/sysinv/Modulefile deleted file mode 100644 index 64d85b4c68..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Modulefile +++ /dev/null @@ -1,14 +0,0 @@ -name 'puppetlabs-sysinv' -version '2.1.0' -source 'https://github.com/stackforge/puppet-sysinv' -author 'Puppet Labs' -license 'Apache License 2.0' -summary 'Puppet Labs Sysinv Module' -description 'Puppet module to install and configure the Sysinv platform service' -project_page 'https://launchpad.net/puppet-openstack' - -dependency 'puppetlabs/inifile', '>=1.0.0 <2.0.0' -dependency 'puppetlabs/mysql', '>=0.6.1 <1.0.0' -dependency 'puppetlabs/stdlib', '>=2.5.0' -dependency 'puppetlabs/rabbitmq', '>=2.0.2 <3.0.0' -dependency 'dprince/qpid', '>=1.0.0 <2.0.0' diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/README.md b/puppet-modules-wrs/puppet-sysinv/src/sysinv/README.md deleted file mode 100644 index 47aeb960a5..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/README.md +++ /dev/null @@ -1,130 +0,0 @@ -sysinv -======= - -#### Table of Contents - -1. [Overview - What is the sysinv module?](#overview) -2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with sysinv](#setup) -4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Development - Guide for contributing to the module](#development) -7. [Contributors - Those with commits](#contributors) -8. [Release Notes - Notes on the most recent updates to the module](#release-notes) - -Overview --------- - -The sysinv module is a part of [Stackforge](https://github.com/stackfoge), an effort by the Openstack infrastructure team to provide continuous integration testing and code review for Openstack and Openstack community projects not part of the core software. The module its self is used to flexibly configure and manage the block storage service for Openstack. - -Module Description ------------------- - -The sysinv module is a thorough attempt to make Puppet capable of managing the entirety of sysinv. This includes manifests to provision such things as keystone endpoints, RPC configurations specific to sysinv, and database connections. Types are shipped as part of the sysinv module to assist in manipulation of configuration files. - -This module is tested in combination with other modules needed to build and leverage an entire Openstack software stack. These modules can be found, all pulled together in the [openstack module](https://github.com/stackfoge/puppet-openstack). - -Setup ------ - -**What the sysinv module affects** - -* sysinv, the block storage service for Openstack. - -### Installing sysinv - - example% puppet module install puppetlabs/sysinv - -### Beginning with sysinv - -To utilize the sysinv module's functionality you will need to declare multiple resources. The following is a modified excerpt from the [openstack module](https://github.com/stackfoge/puppet-openstack). This is not an exhaustive list of all the components needed, we recommend you consult and understand the [openstack module](https://github.com/stackforge/puppet-openstack) and the [core openstack](http://docs.openstack.org) documentation. - -**Define a sysinv control node** - -```puppet -class { '::sysinv': - sql_connection => 'mysql://sysinv:secret_block_password@openstack-controller.example.com/sysinv', - rabbit_password => 'secret_rpc_password_for_blocks',, - rabbit_host => 'openstack-controller.example.com', - verbose => true, -} - -class { '::sysinv::api': - keystone_password => $keystone_password, - keystone_enabled => $keystone_enabled, - keystone_user => $keystone_user, - keystone_auth_host => $keystone_auth_host, - keystone_auth_port => $keystone_auth_port, - keystone_auth_protocol => $keystone_auth_protocol, - service_port => $keystone_service_port, - package_ensure => $sysinv_api_package_ensure, - bind_host => $sysinv_bind_host, - enabled => $sysinv_api_enabled, -} - -class { '::sysinv::scheduler': scheduler_driver => 'sysinv.scheduler.simple.SimpleScheduler', } -``` - -**Define a sysinv storage node** - -```puppet -class { '::sysinv': - sql_connection => 'mysql://sysinv:secret_block_password@openstack-controller.example.com/sysinv', - rabbit_password => 'secret_rpc_password_for_blocks',, - rabbit_host => 'openstack-controller.example.com', - verbose => true, -} - -class { '::sysinv::volume': } - -class { '::sysinv::volume::iscsi': iscsi_ip_address => '10.0.0.2', } -``` - -Implementation --------------- - -### sysinv - -sysinv is a combination of Puppet manifest and ruby code to delivery configuration and extra functionality through types and providers. - -Limitations ------------- - -* Setup of storage nodes is limited to Linux and LVM, i.e. Puppet won't configure a Nexenta appliacne but nova can be configured to use the Nexenta driver with Class['sysinv::volume::nexenta']. - -Development ------------ - -Developer documentation for the entire puppet-openstack project. - -* https://wiki.openstack.org/wiki/Puppet-openstack#Developer_documentation - -Contributors ------------- - -* https://github.com/stackforge/puppet-sysinv/graphs/contributors - -Release Notes -------------- - -**2.1.0** - -* Added configuration of Sysinv quotas. -* Added support for NetApp direct driver backend. -* Added support for ceph backend. -* Added support for SQL idle timeout. -* Added support for RabbitMQ clustering with single IP. -* Fixed allowed_hosts/database connection bug. -* Fixed lvm2 setup failure for Ubuntu. -* Removed unnecessary mysql::server dependency. -* Pinned RabbitMQ and database module versions. -* Various lint and bug fixes. - -**2.0.0** - -* Upstream is now part of stackfoge. -* Nexenta, NFS, and SAN support added as sysinv volume drivers. -* Postgres support added. -* The Apache Qpid and the RabbitMQ message brokers available as RPC backends. -* Configurability of scheduler_driver. -* Various cleanups and bug fixes. diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Rakefile b/puppet-modules-wrs/puppet-sysinv/src/sysinv/Rakefile deleted file mode 100644 index 4c2b2ed07e..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/Rakefile +++ /dev/null @@ -1,6 +0,0 @@ -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -PuppetLint.configuration.send('disable_class_parameter_defaults') diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_api_paste_ini/ini_setting.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_api_paste_ini/ini_setting.rb deleted file mode 100644 index 6f9d46b092..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_api_paste_ini/ini_setting.rb +++ /dev/null @@ -1,43 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -Puppet::Type.type(:sysinv_api_paste_ini).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/sysinv/api-paste.ini' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_config/ini_setting.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_config/ini_setting.rb deleted file mode 100644 index 1cd5765d62..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/provider/sysinv_config/ini_setting.rb +++ /dev/null @@ -1,43 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -Puppet::Type.type(:sysinv_config).provide( - :ini_setting, - :parent => Puppet::Type.type(:ini_setting).provider(:ruby) -) do - - def section - resource[:name].split('/', 2).first - end - - def setting - resource[:name].split('/', 2).last - end - - def separator - '=' - end - - def self.file_path - '/etc/sysinv/sysinv.conf' - end - - # added for backwards compatibility with older versions of inifile - def file_path - self.class.file_path - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_api_paste_ini.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_api_paste_ini.rb deleted file mode 100644 index ee9b2a0e75..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_api_paste_ini.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -Puppet::Type.newtype(:sysinv_api_paste_ini) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/sysinv/api-paste.ini' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_config.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_config.rb deleted file mode 100644 index c9aad2d244..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/lib/puppet/type/sysinv_config.rb +++ /dev/null @@ -1,58 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -Puppet::Type.newtype(:sysinv_config) do - - ensurable - - newparam(:name, :namevar => true) do - desc 'Section/setting name to manage from /etc/sysinv/sysinv.conf' - newvalues(/\S+\/\S+/) - end - - newproperty(:value) do - desc 'The value of the setting to be defined.' - munge do |value| - value = value.to_s.strip - value.capitalize! if value =~ /^(true|false)$/i - value - end - - def is_to_s( currentvalue ) - if resource.secret? - return '[old secret redacted]' - else - return currentvalue - end - end - - def should_to_s( newvalue ) - if resource.secret? - return '[new secret redacted]' - else - return newvalue - end - end - end - - newparam(:secret, :boolean => true) do - desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' - - newvalues(:true, :false) - - defaultto false - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/agent.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/agent.pp deleted file mode 100644 index 95f3a94cb6..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/agent.pp +++ /dev/null @@ -1,63 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::agent ( - $agent_driver = false, - $package_ensure = 'latest', - $enabled = true, - $lldp_drivers = [] -) { - - include sysinv::params - - # SM should be starting up agent - Sysinv_config<||> ~> Service['sysinv-agent'] - Sysinv_api_paste_ini<||> ~> Service['sysinv-agent'] - - if $agent_driver { - sysinv_config { - 'DEFAULT/agent_driver': value => $agent_driver; - } - } - - sysinv_config { - 'lldp/drivers': value => join($lldp_drivers,','); - } - - if $::sysinv::params::agent_package { - Package['sysinv-agent'] -> Sysinv_config<||> - Package['sysinv-agent'] -> Sysinv_api_paste_ini<||> - Package['sysinv-agent'] -> Service['sysinv-agent'] - package { 'sysinv-agent': - ensure => $package_ensure, - name => $::sysinv::params::agent_package, - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'sysinv-agent': - ensure => $ensure, - name => $::sysinv::params::agent_service, - enable => $enabled, - hasstatus => false, - require => Package['sysinv'], - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/api.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/api.pp deleted file mode 100644 index 3b8f75a883..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/api.pp +++ /dev/null @@ -1,348 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# -# Nov 2017: rebase pike -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# == Class: sysinv::api -# -# Setup and configure the sysinv API endpoint -# -# === Parameters -# -# [*keystone_enabled*] -# (optional) Use keystone for authentification -# Defaults to true -# Applies to both bare metal and pod based keystones -# -# [*keystone_password*] -# The password to use for authentication (keystone) -# -# [*keystone_tenant*] -# (optional) The tenant of the auth user -# Defaults to services -# -# [*keystone_user*] -# (optional) The name of the auth user -# Defaults to sysinv -# -# [*keystone_auth_host*] -# (optional) The keystone host -# Defaults to localhost -# -# [*keystone_auth_port*] -# (optional) The keystone auth port -# Defaults to 5000 -# -# [*keystone_auth_protocol*] -# (optional) The protocol used to access the auth host -# Defaults to http. -# -# [*keystone_auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:5000/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# -# [*keystone_user_domain*] -# (Optional) domain name for auth user. -# Defaults to 'Default'. -# -# [*keystone_project_domain*] -# (Optional) domain name for auth project. -# Defaults to 'Default'. -# -# [*auth_type*] -# (Optional) Authentication type to load. -# Defaults to 'password'. -# -# [*service_port*] -# (optional) The sysinv api port -# Defaults to 5000 -# -# [*package_ensure*] -# (optional) The state of the package -# Defaults to present -# -# [*bind_host*] -# (optional) The sysinv api bind address -# Defaults to 0.0.0.0 -# -# [*pxeboot_host*] -# (optional) The sysinv api pxeboot address -# Defaults to undef -# -# [*enabled*] -# (optional) The state of the service -# Defaults to true -# -# [*openstack_keystone_tenant*] -# (optional) The tenant of the auth user -# Defaults to admin -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_user*] -# (optional) The name of the auth user -# Defaults to admin -# For pod based keystone for authentication with openstack services -# -# [*openstack_keyring_service*] -# (optional) The keyring service from which to retrieve the password -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_auth_host*] -# (optional) The keystone host -# Defaults to localhost -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_auth_port*] -# (optional) The keystone auth port -# Defaults to 5000 -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_auth_protocol*] -# (optional) The protocol used to access the auth host -# Defaults to http. -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_auth_admin_prefix*] -# (optional) The admin_prefix used to admin endpoint of the auth host -# This allow admin auth URIs like http://auth_host:5000/keystone. -# (where '/keystone' is the admin prefix) -# Defaults to false for empty. If defined, should be a string with a -# leading '/' and no trailing '/'. -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_user_domain*] -# (Optional) domain name for auth user. -# Defaults to 'Default'. -# For pod based keystone for authentication with openstack services -# -# [*openstack_keystone_project_domain*] -# (Optional) domain name for auth project. -# Defaults to 'Default'. -# For pod based keystone for authentication with openstack services -# -# [*openstack_auth_type*] -# (Optional) Authentication type to load. -# Defaults to 'password'. -# For pod based keystone for authentication with openstack services -# -class sysinv::api ( - $keystone_password, - $keystone_enabled = true, - $keystone_tenant = 'services', - $keystone_user = 'sysinv', - $keystone_auth_host = 'localhost', - $keystone_auth_port = '5000', - $keystone_auth_protocol = 'http', - $keystone_auth_admin_prefix = false, - $keystone_auth_uri = false, - $keystone_auth_version = false, - $keystone_identity_uri = false, - $keystone_user_domain = 'Default', - $keystone_project_domain = 'Default', - $auth_type = 'password', - $openstack_keystone_tenant = 'admin', - $openstack_keystone_user = 'admin', - $openstack_keyring_service = undef, - $openstack_keystone_auth_host = 'localhost', - $openstack_keystone_auth_port = '5000', - $openstack_keystone_auth_protocol = 'http', - $openstack_keystone_auth_admin_prefix = false, - $openstack_keystone_auth_uri = false, - $openstack_keystone_auth_version = false, - $openstack_keystone_identity_uri = false, - $openstack_keystone_user_domain = 'Default', - $openstack_keystone_project_domain = 'Default', - $openstack_auth_type = 'password', - $service_port = '5000', - $package_ensure = 'latest', - $bind_host = '::', - $pxeboot_host = undef, - $enabled = true -) { - include sysinv::params - - Sysinv_config<||> ~> Service['sysinv-api'] - Sysinv_config<||> ~> Exec['sysinv-dbsync'] - Sysinv_api_paste_ini<||> ~> Service['sysinv-api'] - - if $::sysinv::params::api_package { - Package['sysinv'] -> Sysinv_config<||> - Package['sysinv'] -> Sysinv_api_paste_ini<||> - Package['sysinv'] -> Service['sysinv-api'] - package { 'sysinv': - ensure => $package_ensure, - name => $::sysinv::params::api_package, - } - } - - sysinv_config { - 'DEFAULT/sysinv_api_bind_ip': value => $bind_host; - } - - if $pxeboot_host { - sysinv_config { - 'DEFAULT/sysinv_api_pxeboot_ip': value => $pxeboot_host; - } - } - - if $keystone_identity_uri { - sysinv_config { 'keystone_authtoken/auth_url': value => $keystone_identity_uri; } - sysinv_api_paste_ini { 'filter:authtoken/auth_url': value => $keystone_identity_uri; } - } else { - sysinv_config { 'keystone_authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; } - sysinv_api_paste_ini { 'filter:authtoken/auth_url': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; } - } - - if $openstack_keystone_identity_uri { - sysinv_config { 'openstack_keystone_authtoken/auth_url': value => $openstack_keystone_identity_uri; } - } else { - sysinv_config { 'openstack_keystone_authtoken/auth_url': value => "${openstack_keystone_auth_protocol}://${openstack_keystone_auth_host}:5000/"; } - } - - if $keystone_auth_uri { - sysinv_config { 'keystone_authtoken/auth_uri': value => $keystone_auth_uri; } - sysinv_api_paste_ini { 'filter:authtoken/auth_uri': value => $keystone_auth_uri; } - } else { - sysinv_config { - 'keystone_authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; - } - sysinv_api_paste_ini { - 'filter:authtoken/auth_uri': value => "${keystone_auth_protocol}://${keystone_auth_host}:5000/"; - } - } - - if $openstack_keystone_auth_uri { - sysinv_config { 'openstack_keystone_authtoken/auth_uri': value => $openstack_keystone_auth_uri; } - } else { - sysinv_config { - 'openstack_keystone_authtoken/auth_uri': value => "${openstack_keystone_auth_protocol}://${openstack_keystone_auth_host}:5000/"; - } - } - - if $keystone_auth_version { - sysinv_config { 'keystone_authtoken/auth_version': value => $keystone_auth_version; } - sysinv_api_paste_ini { 'filter:authtoken/auth_version': value => $keystone_auth_version; } - } else { - sysinv_config { 'keystone_authtoken/auth_version': ensure => absent; } - sysinv_api_paste_ini { 'filter:authtoken/auth_version': ensure => absent; } - } - - if $openstack_keystone_auth_version { - sysinv_config { 'openstack_keystone_authtoken/auth_version': value => $openstack_keystone_auth_version; } - } else { - sysinv_config { 'openstack_keystone_authtoken/auth_version': ensure => absent; } - } - - if $keystone_enabled { - sysinv_config { - 'DEFAULT/auth_strategy': value => 'keystone' ; - } - sysinv_config { - 'keystone_authtoken/auth_type': value => $auth_type; - 'keystone_authtoken/project_name': value => $keystone_tenant; - 'keystone_authtoken/username': value => $keystone_user; - 'keystone_authtoken/password': value => $keystone_password, secret=> true; - 'keystone_authtoken/user_domain_name': value => $keystone_user_domain; - 'keystone_authtoken/project_domain_name': value => $keystone_project_domain; - } - sysinv_config { - 'openstack_keystone_authtoken/auth_type': value => $openstack_auth_type; - 'openstack_keystone_authtoken/project_name': value => $openstack_keystone_tenant; - 'openstack_keystone_authtoken/username': value => $openstack_keystone_user; - 'openstack_keystone_authtoken/user_domain_name': value => $openstack_keystone_user_domain; - 'openstack_keystone_authtoken/project_domain_name': value => $openstack_keystone_project_domain; - 'openstack_keystone_authtoken/keyring_service': value => $openstack_keyring_service; - } - - sysinv_api_paste_ini { - 'filter:authtoken/project_name': value => $keystone_tenant; - 'filter:authtoken/username': value => $keystone_user; - 'filter:authtoken/password': value => $keystone_password, secret => true; - 'filter:authtoken/user_domain_name': value => $keystone_user_domain; - 'filter:authtoken/project_domain_name': value => $keystone_project_domain; - } - - if $keystone_auth_admin_prefix { - validate_re($keystone_auth_admin_prefix, '^(/.+[^/])?$') - sysinv_config { - 'keystone_authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - sysinv_api_paste_ini { - 'filter:authtoken/auth_admin_prefix': value => $keystone_auth_admin_prefix; - } - } else { - sysinv_config { - 'keystone_authtoken/auth_admin_prefix': ensure => absent; - } - sysinv_api_paste_ini { - 'filter:authtoken/auth_admin_prefix': ensure => absent; - } - } - - if $openstack_keystone_auth_admin_prefix { - validate_re($openstack_keystone_auth_admin_prefix, '^(/.+[^/])?$') - sysinv_config { - 'openstack_keystone_authtoken/auth_admin_prefix': value => $openstack_keystone_auth_admin_prefix; - } - } else { - sysinv_config { - 'openstack_keystone_authtoken/auth_admin_prefix': ensure => absent; - } - } - - } - else - { - sysinv_config { - 'DEFAULT/auth_strategy': value => 'noauth' ; - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'sysinv-api': - ensure => $ensure, - name => $::sysinv::params::api_service, - enable => $enabled, - hasstatus => true, - hasrestart => true, - tag => 'sysinv-service', - } - Keystone_endpoint<||> -> Service['sysinv-api'] - - exec { 'sysinv-dbsync': - command => $::sysinv::params::db_sync_command, - path => '/usr/bin', - user => 'sysinv', - refreshonly => true, - logoutput => 'on_failure', - require => Package['sysinv'], - # Only do the db sync if both controllers are running the same software - # version. Avoids impacting mate controller during an upgrade. - onlyif => [ - "test ${::controller_sw_versions_match} = true", - 'systemctl status postgresql' - ] - } - -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/base.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/base.pp deleted file mode 100644 index 4e207b4729..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/base.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::base ( - $rabbit_password, - $sql_connection, - $rabbit_host = '127.0.0.1', - $rabbit_port = 5672, - $rabbit_hosts = undef, - $rabbit_virtual_host = '/', - $rabbit_userid = 'nova', - $package_ensure = 'present', - $api_paste_config = '/etc/sysinv/api-paste.ini', - $verbose = false -) { - - warning('The sysinv::base class is deprecated. Use sysinv instead.') - - class { '::sysinv': - rabbit_password => $rabbit_password, - sql_connection => $sql_connection, - rabbit_host => $rabbit_host, - rabbit_port => $rabbit_port, - rabbit_hosts => $rabbit_hosts, - rabbit_virtual_host => $rabbit_virtual_host, - rabbit_userid => $rabbit_userid, - package_ensure => $package_ensure, - api_paste_config => $api_paste_config, - verbose => $verbose, - } - -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/client.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/client.pp deleted file mode 100644 index 48a0441ffc..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/client.pp +++ /dev/null @@ -1,36 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# == Class: sysinv::client -# -# Installs Sysinv python client. -# -# === Parameters -# -# [*ensure*] -# Ensure state for package. Defaults to 'present'. -# -class sysinv::client( - $package_ensure = 'present' -) { - - include sysinv::params - - package { 'cgtsclient': - ensure => $package_ensure, - name => $::sysinv::params::client_package, - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/conductor.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/conductor.pp deleted file mode 100644 index da407b9124..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/conductor.pp +++ /dev/null @@ -1,58 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::conductor ( - $conductor_driver = false, - $package_ensure = 'latest', - $enabled = true -) { - - include sysinv::params - - Sysinv_config<||> ~> Service['sysinv-conductor'] - - if $conductor_driver { - sysinv_config { - 'DEFAULT/conductor_driver': value => $conductor_driver; - } - } - - if $::sysinv::params::conductor_package { - Package['sysinv-conductor'] -> Sysinv_config<||> - Package['sysinv-conductor'] -> Sysinv_api_paste_ini<||> - Package['sysinv-conductor'] -> Service['sysinv-conductor'] - package { 'sysinv-conductor': - ensure => $package_ensure, - name => $::sysinv::params::conductor_package, - } - } - - if $enabled { - $ensure = 'running' - } else { - $ensure = 'stopped' - } - - service { 'sysinv-conductor': - ensure => $ensure, - name => $::sysinv::params::conductor_service, - enable => $enabled, - hasstatus => false, - require => Package['sysinv'], - } - - Exec<| title == 'sysinv-dbsync' |> -> Service['sysinv-conductor'] -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql.pp deleted file mode 100644 index 026ae5ef2e..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql.pp +++ /dev/null @@ -1,54 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::db::mysql ( - $password, - $dbname = 'sysinv', - $user = 'sysinv', - $host = '127.0.0.1', - $allowed_hosts = undef, - $charset = 'latin1', - $cluster_id = 'localzone' -) { - - Class['sysinv::db::mysql'] -> Exec<| title == 'sysinv-dbsync' |> - Database[$dbname] ~> Exec<| title == 'sysinv-dbsync' |> - - mysql::db { $dbname: - user => $user, - password => $password, - host => $host, - charset => $charset, - require => Class['mysql::config'], - } - - # Check allowed_hosts to avoid duplicate resource declarations - if is_array($allowed_hosts) and delete($allowed_hosts,$host) != [] { - $real_allowed_hosts = delete($allowed_hosts,$host) - } elsif is_string($allowed_hosts) and ($allowed_hosts != $host) { - $real_allowed_hosts = $allowed_hosts - } - - if $real_allowed_hosts { - # TODO this class should be in the mysql namespace - sysinv::db::mysql::host_access { $real_allowed_hosts: - user => $user, - password => $password, - database => $dbname, - } - } - -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql/host_access.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql/host_access.pp deleted file mode 100644 index 7fd08ce7e7..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/mysql/host_access.pp +++ /dev/null @@ -1,32 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# -# Used to grant access to the sysinv mysql DB -# -define sysinv::db::mysql::host_access ($user, $password, $database) { - database_user { "${user}@${name}": - password_hash => mysql_password($password), - provider => 'mysql', - require => Database[$database], - } - database_grant { "${user}@${name}/${database}": - # TODO figure out which privileges to grant. - privileges => 'all', - provider => 'mysql', - require => Postgresql::Database_user["${user}@${name}"] - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/postgresql.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/postgresql.pp deleted file mode 100644 index 8b6685907d..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/postgresql.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# Class that configures postgresql for sysinv -# -# Requires the Puppetlabs postgresql module. -# === Parameters -# -# [*password*] -# (Required) Password to connect to the database. -# -# [*dbname*] -# (Optional) Name of the database. -# Defaults to 'sysinv'. -# -# [*user*] -# (Optional) User to connect to the database. -# Defaults to 'sysinv'. -# -# [*encoding*] -# (Optional) The charset to use for the database. -# Default to undef. -# -# [*privileges*] -# (Optional) Privileges given to the database user. -# Default to 'ALL' -# -class sysinv::db::postgresql( - $password, - $dbname = 'sysinv', - $user = 'sysinv', - $encoding = undef, - $privileges = 'ALL', -) { - - ::openstacklib::db::postgresql { 'sysinv': - password_hash => postgresql_password($user, $password), - dbname => $dbname, - user => $user, - encoding => $encoding, - privileges => $privileges, - } - - ::Openstacklib::Db::Postgresql['sysinv'] ~> Service <| title == 'sysinv-api' |> - ::Openstacklib::Db::Postgresql['sysinv'] ~> Service <| title == 'sysinv-conductor' |> - ::Openstacklib::Db::Postgresql['sysinv'] ~> Exec <| title == 'sysinv-dbsync' |> -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/sync.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/sync.pp deleted file mode 100644 index 28288f6230..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/db/sync.pp +++ /dev/null @@ -1,29 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::db::sync { - - include sysinv::params - - exec { 'sysinv-dbsync': - command => $::sysinv::params::db_sync_command, - path => '/usr/bin', - user => 'sysinv', - refreshonly => true, - require => [File[$::sysinv::params::sysinv_conf], Class['sysinv']], - logoutput => 'on_failure', - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/init.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/init.pp deleted file mode 100644 index c6de412c33..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/init.pp +++ /dev/null @@ -1,230 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# -# == Parameters -# -# [use_syslog] -# Use syslog for logging. -# (Optional) Defaults to false. -# -# [log_facility] -# Syslog facility to receive log lines. -# (Optional) Defaults to LOG_USER. - -class sysinv ( - $database_connection = '', - $database_idle_timeout = 3600, - $database_max_pool_size = 5, - $database_max_overflow = 10, - $journal_max_size = 51200, - $journal_min_size = 1024, - $journal_default_size = 1024, - $rpc_backend = 'sysinv.openstack.common.rpc.impl_kombu', - $control_exchange = 'openstack', - $rabbit_host = '127.0.0.1', - $rabbit_port = 5672, - $rabbit_hosts = false, - $rabbit_virtual_host = '/', - $rabbit_userid = 'guest', - $rabbit_password = false, - $qpid_hostname = 'localhost', - $qpid_port = '5672', - $qpid_username = 'guest', - $qpid_password = false, - $qpid_reconnect = true, - $qpid_reconnect_timeout = 0, - $qpid_reconnect_limit = 0, - $qpid_reconnect_interval_min = 0, - $qpid_reconnect_interval_max = 0, - $qpid_reconnect_interval = 0, - $qpid_heartbeat = 60, - $qpid_protocol = 'tcp', - $qpid_tcp_nodelay = true, - $package_ensure = 'present', - $api_paste_config = '/etc/sysinv/api-paste.ini', - $use_stderr = false, - $log_file = 'sysinv.log', - $log_dir = '/var/log/sysinv', - $use_syslog = false, - $log_facility = 'LOG_USER', - $verbose = false, - $debug = false, - $sysinv_api_port = 6385, - $sysinv_mtc_inv_label = '/v1/hosts/', - $region_name = 'RegionOne', - $neutron_region_name = 'RegionOne', - $cinder_region_name = 'RegionOne', - $nova_region_name = 'RegionOne', - $barbican_region_name = 'RegionOne', - $fm_catalog_info = undef, - $fernet_key_repository = undef, -) { - - include sysinv::params - include ::platform::kubernetes::params - include ::platform::docker::params - - Package['sysinv'] -> Sysinv_config<||> - Package['sysinv'] -> Sysinv_api_paste_ini<||> - - # this anchor is used to simplify the graph between sysinv components by - # allowing a resource to serve as a point where the configuration of sysinv begins - anchor { 'sysinv-start': } - - package { 'sysinv': - ensure => $package_ensure, - name => $::sysinv::params::package_name, - require => Anchor['sysinv-start'], - } - - file { $::sysinv::params::sysinv_conf: - ensure => present, - owner => 'sysinv', - group => 'sysinv', - mode => '0600', - require => Package['sysinv'], - } - - file { $::sysinv::params::sysinv_paste_api_ini: - ensure => present, - owner => 'sysinv', - group => 'sysinv', - mode => '0600', - require => Package['sysinv'], - } - - if $rpc_backend == 'sysinv.openstack.common.rpc.impl_kombu' { - - if ! $rabbit_password { - fail('Please specify a rabbit_password parameter.') - } - - sysinv_config { - 'DEFAULT/rabbit_password': value => $rabbit_password, secret => true; - 'DEFAULT/rabbit_userid': value => $rabbit_userid; - 'DEFAULT/rabbit_virtual_host': value => $rabbit_virtual_host; - 'DEFAULT/control_exchange': value => $control_exchange; - } - - if $rabbit_hosts { - sysinv_config { 'DEFAULT/rabbit_hosts': value => join($rabbit_hosts, ',') } - sysinv_config { 'DEFAULT/rabbit_ha_queues': value => true } - } else { - sysinv_config { 'DEFAULT/rabbit_host': value => $rabbit_host } - sysinv_config { 'DEFAULT/rabbit_port': value => $rabbit_port } - sysinv_config { 'DEFAULT/rabbit_hosts': value => "${rabbit_host}:${rabbit_port}" } - sysinv_config { 'DEFAULT/rabbit_ha_queues': value => false } - } - } - - if $rpc_backend == 'sysinv.openstack.common.rpc.impl_qpid' { - - if ! $qpid_password { - fail('Please specify a qpid_password parameter.') - } - - sysinv_config { - 'DEFAULT/qpid_hostname': value => $qpid_hostname; - 'DEFAULT/qpid_port': value => $qpid_port; - 'DEFAULT/qpid_username': value => $qpid_username; - 'DEFAULT/qpid_password': value => $qpid_password, secret => true; - 'DEFAULT/qpid_reconnect': value => $qpid_reconnect; - 'DEFAULT/qpid_reconnect_timeout': value => $qpid_reconnect_timeout; - 'DEFAULT/qpid_reconnect_limit': value => $qpid_reconnect_limit; - 'DEFAULT/qpid_reconnect_interval_min': value => $qpid_reconnect_interval_min; - 'DEFAULT/qpid_reconnect_interval_max': value => $qpid_reconnect_interval_max; - 'DEFAULT/qpid_reconnect_interval': value => $qpid_reconnect_interval; - 'DEFAULT/qpid_heartbeat': value => $qpid_heartbeat; - 'DEFAULT/qpid_protocol': value => $qpid_protocol; - 'DEFAULT/qpid_tcp_nodelay': value => $qpid_tcp_nodelay; - } - } - - sysinv_config { - 'DEFAULT/verbose': value => $verbose; - 'DEFAULT/debug': value => $debug; - 'DEFAULT/api_paste_config': value => $api_paste_config; - 'DEFAULT/rpc_backend': value => $rpc_backend; - } - - # Automatically add psycopg2 driver to postgresql (only does this if it is missing) - $real_connection = regsubst($database_connection,'^postgresql:','postgresql+psycopg2:') - - sysinv_config { - 'database/connection': value => $real_connection, secret => true; - 'database/connection_recycle_time': value => $database_idle_timeout; - 'database/max_pool_size': value => $database_max_pool_size; - 'database/max_overflow': value => $database_max_overflow; - } - - sysinv_config { - 'journal/journal_max_size': value => $journal_max_size; - 'journal/journal_min_size': value => $journal_min_size; - 'journal/journal_default_size': value => $journal_default_size; - } - - if $use_syslog { - sysinv_config { - 'DEFAULT/use_syslog': value => true; - 'DEFAULT/syslog_log_facility': value => $log_facility; - } - } else { - sysinv_config { - 'DEFAULT/use_syslog': value => false; - 'DEFAULT/use_stderr': value => false; - 'DEFAULT/log_file' : value => $log_file; - 'DEFAULT/log_dir' : value => $log_dir; - } - } - - sysinv_config { - 'DEFAULT/sysinv_api_port': value => $sysinv_api_port; - 'DEFAULT/MTC_INV_LABEL': value => $sysinv_mtc_inv_label; - } - - sysinv_config { - 'keystone_authtoken/region_name': value => $region_name; - 'openstack_keystone_authtoken/region_name': value => $region_name; - 'openstack_keystone_authtoken/neutron_region_name': value => $neutron_region_name; - 'openstack_keystone_authtoken/cinder_region_name': value => $cinder_region_name; - 'openstack_keystone_authtoken/nova_region_name': value => $nova_region_name; - 'openstack_keystone_authtoken/barbican_region_name': value => $barbican_region_name; - } - - sysinv_config { - 'fm/catalog_info': value => $fm_catalog_info; - 'fm/os_region_name': value => $region_name; - 'fernet_repo/key_repository': value => $fernet_key_repository; - } - - sysinv_api_paste_ini { - 'filter:authtoken/region_name': value => $region_name; - } - - if $::platform::kubernetes::params::enabled == true { - if $::platform::docker::params::quay_registry { - $quay_registry = $::platform::docker::params::quay_registry - } else { - $quay_registry = 'quay.io' - } - - $armada_img_tag = "${quay_registry}/airshipit/armada:8a1638098f88d92bf799ef4934abe569789b885e-ubuntu_bionic" - sysinv_config { - 'DEFAULT/armada_image_tag': value => $armada_img_tag; - } - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/keystone/auth.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/keystone/auth.pp deleted file mode 100644 index 6fef347622..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/keystone/auth.pp +++ /dev/null @@ -1,57 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# == Class: sysinv::keystone::auth -# -# Configures Sysinv user, service and endpoint in Keystone. -# -class sysinv::keystone::auth ( - $password, - $auth_name = 'sysinv', - $email = 'sysinv@localhost', - $tenant = 'services', - $region = 'RegionOne', - $service_description = 'SysInvService', - $service_name = undef, - $service_type = 'platform', - $configure_endpoint = true, - $configure_user = true, - $configure_user_role = true, - $public_url = 'http://127.0.0.1:6385/v1', - $admin_url = 'http://127.0.0.1:6385/v1', - $internal_url = 'http://127.0.0.1:6385/v1', -) { - - $real_service_name = pick($service_name, $auth_name) - - keystone::resource::service_identity { 'platform': - configure_user => $configure_user, - configure_user_role => $configure_user_role, - configure_endpoint => $configure_endpoint, - service_type => $service_type, - service_description => $service_description, - service_name => $real_service_name, - region => $region, - auth_name => $auth_name, - password => $password, - email => $email, - tenant => $tenant, - public_url => $public_url, - admin_url => $admin_url, - internal_url => $internal_url, - } - -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/params.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/params.pp deleted file mode 100644 index 438aa37682..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/params.pp +++ /dev/null @@ -1,61 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -class sysinv::params { - - $sysinv_dir = '/etc/sysinv' - $sysinv_conf = '/etc/sysinv/sysinv.conf' - $sysinv_paste_api_ini = '/etc/sysinv/api-paste.ini' - - if $::osfamily == 'Debian' { - $package_name = 'sysinv' - $client_package = 'cgtsclient' - $api_package = 'sysinv' - $api_service = 'sysinv-api' - $conductor_package = 'sysinv' - $conductor_service = 'sysinv-conductor' - $agent_package = 'sysinv' - $agent_service = 'sysinv-agent' - $db_sync_command = 'sysinv-dbsync' - - } elsif($::osfamily == 'RedHat') { - - $package_name = 'sysinv' - $client_package = 'cgtscli' - $api_package = false - $api_service = 'sysinv-api' - $conductor_package = false - $conductor_service = 'sysinv-conductor' - $agent_package = false - $agent_service = 'sysinv-agent' - $db_sync_command = 'sysinv-dbsync' - - } elsif($::osfamily == 'WRLinux') { - - $package_name = 'sysinv' - $client_package = 'cgtscli' - $api_package = false - $api_service = 'sysinv-api' - $conductor_package = false - $conductor_service = 'sysinv-conductor' - $agent_package = false - $agent_service = 'sysinv-agent' - $db_sync_command = 'sysinv-dbsync' - - } else { - fail("unsuported osfamily ${::osfamily}, currently WindRiver, Debian, Redhat are the only supported platforms") - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/qpid.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/qpid.pp deleted file mode 100644 index 6bdbfcf994..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/qpid.pp +++ /dev/null @@ -1,51 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# -# class for installing qpid server for sysinv -# -# -class sysinv::qpid( - $enabled = true, - $user='guest', - $password='guest', - $file='/var/lib/qpidd/qpidd.sasldb', - $realm='OPENSTACK' -) { - - # only configure sysinv after the queue is up - Class['qpid::server'] -> Package<| title == 'sysinv' |> - - if ($enabled) { - $service_ensure = 'running' - - qpid_user { $user: - password => $password, - file => $file, - realm => $realm, - provider => 'saslpasswd2', - require => Class['qpid::server'], - } - - } else { - $service_ensure = 'stopped' - } - - class { '::qpid::server': - service_ensure => $service_ensure - } - -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/rabbitmq.pp b/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/rabbitmq.pp deleted file mode 100644 index 4b6fa0818d..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/manifests/rabbitmq.pp +++ /dev/null @@ -1,68 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -# -# class for installing rabbitmq server for sysinv -# -# -class sysinv::rabbitmq( - $userid = 'guest', - $password = 'guest', - $port = '5672', - $virtual_host = '/', - $enabled = true -) { - - # only configure sysinv after the queue is up - Class['rabbitmq::service'] -> Anchor<| title == 'sysinv-start' |> - - if ($enabled) { - if $userid == 'guest' { - $delete_guest_user = false - } else { - $delete_guest_user = true - rabbitmq_user { $userid: - admin => true, - password => $password, - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - # I need to figure out the appropriate permissions - rabbitmq_user_permissions { "${userid}@${virtual_host}": - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - }->Anchor<| title == 'sysinv-start' |> - } - $service_ensure = 'running' - } else { - $service_ensure = 'stopped' - } - - class { '::rabbitmq::server': - service_ensure => $service_ensure, - port => $port, - delete_guest_user => $delete_guest_user, - } - - if ($enabled) { - rabbitmq_vhost { $virtual_host: - provider => 'rabbitmqctl', - require => Class['rabbitmq::server'], - } - } -} diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_agent_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_agent_spec.rb deleted file mode 100644 index a57074cbe6..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_agent_spec.rb +++ /dev/null @@ -1,87 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::agent' do - - describe 'on debian plateforms' do - - let :facts do - { :osfamily => 'Debian' } - end - - describe 'with default parameters' do - - it { should include_class('sysinv::params') } - - it { should contain_package('sysinv-agent').with( - :name => 'sysinv-agent', - :ensure => 'latest', - :before => 'Service[sysinv-agent]' - ) } - - it { should contain_service('sysinv-agent').with( - :name => 'sysinv-agent', - :enable => true, - :ensure => 'running', - :require => 'Package[sysinv]', - :hasstatus => true - ) } - end - - describe 'with parameters' do - - let :params do - { :agent_driver => 'sysinv.agent.filter_agent.FilterScheduler', - :package_ensure => 'present' - } - end - - it { should contain_sysinv_config('DEFAULT/agent_driver').with_value('sysinv.agent.filter_agent.FilterScheduler') } - it { should contain_package('sysinv-agent').with_ensure('present') } - end - end - - - describe 'on rhel plateforms' do - - let :facts do - { :osfamily => 'RedHat' } - end - - describe 'with default parameters' do - - it { should include_class('sysinv::params') } - - it { should contain_service('sysinv-agent').with( - :name => 'sysinv-agent', - :enable => true, - :ensure => 'running', - :require => 'Package[sysinv]' - ) } - end - - describe 'with parameters' do - - let :params do - { :agent_driver => 'sysinv.agent.filter_agent.FilterScheduler' } - end - - it { should contain_sysinv_config('DEFAULT/agent_driver').with_value('sysinv.agent.filter_agent.FilterScheduler') } - end - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_api_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_api_spec.rb deleted file mode 100644 index 5848e17fbb..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_api_spec.rb +++ /dev/null @@ -1,125 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::api' do - - let :req_params do - {:keystone_password => 'foo'} - end - let :facts do - {:osfamily => 'Debian'} - end - - describe 'with only required params' do - let :params do - req_params - end - - it { should contain_service('sysinv-api').with( - 'hasstatus' => true - )} - - it 'should configure sysinv api correctly' do - should contain_sysinv_config('DEFAULT/auth_strategy').with( - :value => 'keystone' - ) - #should contain_sysinv_config('DEFAULT/osapi_volume_listen').with( - # :value => '0.0.0.0' - #) - should contain_sysinv_api_paste_ini('filter:authtoken/service_protocol').with( - :value => 'http' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/service_host').with( - :value => 'localhost' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/service_port').with( - :value => '5000' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/auth_protocol').with( - :value => 'http' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/auth_host').with( - :value => 'localhost' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/auth_port').with( - :value => '5000' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/auth_admin_prefix').with( - :ensure => 'absent' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/admin_tenant_name').with( - :value => 'services' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/admin_user').with( - :value => 'sysinv' - ) - should contain_sysinv_api_paste_ini('filter:authtoken/admin_password').with( - :value => 'foo', - :secret => true - ) - end - end - - describe 'with only required params' do - let :params do - req_params.merge({'bind_host' => '192.168.1.3'}) - end - # it 'should configure sysinv api correctly' do - # should contain_sysinv_config('DEFAULT/osapi_volume_listen').with( - # :value => '192.168.1.3' - # ) - # end - end - - [ '/keystone', '/keystone/admin', '' ].each do |keystone_auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{keystone_auth_admin_prefix}" do - let :params do - { - :keystone_auth_admin_prefix => keystone_auth_admin_prefix, - :keystone_password => 'dummy' - } - end - - it { should contain_sysinv_api_paste_ini('filter:authtoken/auth_admin_prefix').with( - :value => keystone_auth_admin_prefix - )} - end - end - - [ - '/keystone/', - 'keystone/', - 'keystone', - '/keystone/admin/', - 'keystone/admin/', - 'keystone/admin' - ].each do |keystone_auth_admin_prefix| - describe "with keystone_auth_admin_prefix containing incorrect value #{keystone_auth_admin_prefix}" do - let :params do - { - :keystone_auth_admin_prefix => keystone_auth_admin_prefix, - :keystone_password => 'dummy' - } - end - - it { expect { should contain_sysinv_api_paste_ini('filter:authtoken/auth_admin_prefix') }.to \ - raise_error(Puppet::Error, /validate_re\(\): "#{keystone_auth_admin_prefix}" does not match/) } - end - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_client_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_client_spec.rb deleted file mode 100644 index 1ccc855e41..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_client_spec.rb +++ /dev/null @@ -1,30 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::client' do - it { should contain_package('python-cgtsclient').with_ensure('present') } - let :facts do - {:osfamily => 'Debian'} - end - context 'with params' do - let :params do - {:package_ensure => 'latest'} - end - it { should contain_package('python-cgtsclient').with_ensure('latest') } - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_conductor_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_conductor_spec.rb deleted file mode 100644 index 5724a2389a..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_conductor_spec.rb +++ /dev/null @@ -1,87 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::conductor' do - - describe 'on debian plateforms' do - - let :facts do - { :osfamily => 'Debian' } - end - - describe 'with default parameters' do - - it { should include_class('sysinv::params') } - - it { should contain_package('sysinv-conductor').with( - :name => 'sysinv-conductor', - :ensure => 'latest', - :before => 'Service[sysinv-conductor]' - ) } - - it { should contain_service('sysinv-conductor').with( - :name => 'sysinv-conductor', - :enable => true, - :ensure => 'running', - :require => 'Package[sysinv]', - :hasstatus => true - ) } - end - - describe 'with parameters' do - - let :params do - { :conductor_driver => 'sysinv.conductor.filter_conductor.FilterScheduler', - :package_ensure => 'present' - } - end - - it { should contain_sysinv_config('DEFAULT/conductor_driver').with_value('sysinv.conductor.filter_conductor.FilterScheduler') } - it { should contain_package('sysinv-conductor').with_ensure('present') } - end - end - - - describe 'on rhel plateforms' do - - let :facts do - { :osfamily => 'RedHat' } - end - - describe 'with default parameters' do - - it { should include_class('sysinv::params') } - - it { should contain_service('sysinv-conductor').with( - :name => 'openstack-sysinv-conductor', - :enable => true, - :ensure => 'running', - :require => 'Package[sysinv]' - ) } - end - - describe 'with parameters' do - - let :params do - { :conductor_driver => 'sysinv.conductor.filter_conductor.FilterScheduler' } - end - - it { should contain_sysinv_config('DEFAULT/conductor_driver').with_value('sysinv.conductor.filter_conductor.FilterScheduler') } - end - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_mysql_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_mysql_spec.rb deleted file mode 100644 index 68b9605b5c..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_mysql_spec.rb +++ /dev/null @@ -1,92 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::db::mysql' do - - let :req_params do - {:password => 'pw'} - end - - let :facts do - {:osfamily => 'Debian'} - end - - let :pre_condition do - 'include mysql::server' - end - - describe 'with only required params' do - let :params do - req_params - end - it { should contain_mysql__db('sysinv').with( - :user => 'sysinv', - :password => 'pw', - :host => '127.0.0.1', - :charset => 'latin1' - ) } - end - describe "overriding allowed_hosts param to array" do - let :params do - { - :password => 'sysinvpass', - :allowed_hosts => ['127.0.0.1','%'] - } - end - - it {should_not contain_sysinv__db__mysql__host_access("127.0.0.1").with( - :user => 'sysinv', - :password => 'sysinvpass', - :database => 'sysinv' - )} - it {should contain_sysinv__db__mysql__host_access("%").with( - :user => 'sysinv', - :password => 'sysinvpass', - :database => 'sysinv' - )} - end - describe "overriding allowed_hosts param to string" do - let :params do - { - :password => 'sysinvpass2', - :allowed_hosts => '192.168.1.1' - } - end - - it {should contain_sysinv__db__mysql__host_access("192.168.1.1").with( - :user => 'sysinv', - :password => 'sysinvpass2', - :database => 'sysinv' - )} - end - - describe "overriding allowed_hosts param equals to host param " do - let :params do - { - :password => 'sysinvpass2', - :allowed_hosts => '127.0.0.1' - } - end - - it {should_not contain_sysinv__db__mysql__host_access("127.0.0.1").with( - :user => 'sysinv', - :password => 'sysinvpass2', - :database => 'sysinv' - )} - end -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_postgresql_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_postgresql_spec.rb deleted file mode 100644 index 4ec811e55b..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_postgresql_spec.rb +++ /dev/null @@ -1,42 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::db::postgresql' do - - let :req_params do - {:password => 'pw'} - end - - let :facts do - { - :postgres_default_version => '8.4', - :osfamily => 'RedHat', - } - end - - describe 'with only required params' do - let :params do - req_params - end - it { should contain_postgresql__db('sysinv').with( - :user => 'sysinv', - :password => 'pw' - ) } - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_sync_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_sync_spec.rb deleted file mode 100644 index 6bab711943..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_db_sync_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::db::sync' do - - let :facts do - {:osfamily => 'Debian'} - end - it { should contain_exec('sysinv-dbsync').with( - :command => 'sysinv-dbsync', - :path => '/usr/bin', - :user => 'sysinv', - :refreshonly => true, - :logoutput => 'on_failure' - ) } - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_keystone_auth_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_keystone_auth_spec.rb deleted file mode 100644 index 601e32c02e..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_keystone_auth_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::keystone::auth' do - - let :req_params do - {:password => 'pw'} - end - - describe 'with only required params' do - - let :params do - req_params - end - - it 'should contain auth info' do - - should contain_keystone_user('sysinv').with( - :ensure => 'present', - :password => 'pw', - :email => 'sysinv@localhost', - :tenant => 'services' - ) - should contain_keystone_user_role('sysinv@services').with( - :ensure => 'present', - :roles => 'admin' - ) - # JKUNG commented this out for now, not volume - # should contain_keystone_service('sysinv').with( - # :ensure => 'present', - # :type => 'volume', - # :description => 'Sysinv Service' - # ) - - end - it { should contain_keystone_endpoint('RegionOne/sysinv').with( - :ensure => 'present', - :public_url => 'http://127.0.0.1:6385/v1/', #%(tenant_id)s', - :admin_url => 'http://127.0.0.1:6385/v1/', #%(tenant_id)s', - :internal_url => 'http://127.0.0.1:6385/v1/' #%(tenant_id)s' - ) } - - end - - describe 'when endpoint should not be configured' do - let :params do - req_params.merge(:configure_endpoint => false) - end - it { should_not contain_keystone_endpoint('RegionOne/sysinv') } - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_params_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_params_spec.rb deleted file mode 100644 index 05a2787017..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_params_spec.rb +++ /dev/null @@ -1,28 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::params' do - - let :facts do - {:osfamily => 'Debian'} - end - it 'should compile' do - subject - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_qpid_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_qpid_spec.rb deleted file mode 100644 index 9a46c65731..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_qpid_spec.rb +++ /dev/null @@ -1,67 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::qpid' do - - let :facts do - {:puppetversion => '2.7', - :osfamily => 'RedHat'} - end - - describe 'with defaults' do - - it 'should contain all of the default resources' do - - should contain_class('qpid::server').with( - :service_ensure => 'running', - :port => '5672' - ) - - end - - it 'should contain user' do - - should contain_qpid_user('guest').with( - :password => 'guest', - :file => '/var/lib/qpidd/qpidd.sasldb', - :realm => 'OPENSTACK', - :provider => 'saslpasswd2' - ) - - end - - end - - describe 'when disabled' do - let :params do - { - :enabled => false - } - end - - it 'should be disabled' do - - should_not contain_qpid_user('guest') - should contain_class('qpid::server').with( - :service_ensure => 'stopped' - ) - - end - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_rabbitmq_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_rabbitmq_spec.rb deleted file mode 100644 index 0cc7b3fb11..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_rabbitmq_spec.rb +++ /dev/null @@ -1,97 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' - -describe 'sysinv::rabbitmq' do - - let :facts do - { :puppetversion => '2.7', - :osfamily => 'Debian', - } - end - - describe 'with defaults' do - - it 'should contain all of the default resources' do - - should contain_class('rabbitmq::server').with( - :service_ensure => 'running', - :port => '5672', - :delete_guest_user => false - ) - - should contain_rabbitmq_vhost('/').with( - :provider => 'rabbitmqctl' - ) - end - - end - - describe 'when a rabbitmq user is specified' do - - let :params do - { - :userid => 'dan', - :password => 'pass' - } - end - - it 'should contain user and permissions' do - - should contain_rabbitmq_user('dan').with( - :admin => true, - :password => 'pass', - :provider => 'rabbitmqctl' - ) - - should contain_rabbitmq_user_permissions('dan@/').with( - :configure_permission => '.*', - :write_permission => '.*', - :read_permission => '.*', - :provider => 'rabbitmqctl' - ) - - end - - end - - describe 'when disabled' do - let :params do - { - :userid => 'dan', - :password => 'pass', - :enabled => false - } - end - - it 'should be disabled' do - - should_not contain_rabbitmq_user('dan') - should_not contain_rabbitmq_user_permissions('dan@/') - should contain_class('rabbitmq::server').with( - :service_ensure => 'stopped', - :port => '5672', - :delete_guest_user => false - ) - - should_not contain_rabbitmq_vhost('/') - - end - end - - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_spec.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_spec.rb deleted file mode 100644 index 9764fdb735..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/classes/sysinv_spec.rb +++ /dev/null @@ -1,189 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'spec_helper' -describe 'sysinv' do - let :req_params do - {:rabbit_password => 'guest', :sql_connection => 'mysql://user:password@host/database'} - end - - let :facts do - {:osfamily => 'Debian'} - end - - describe 'with only required params' do - let :params do - req_params - end - - it { should contain_class('sysinv::params') } - - it 'should contain default config' do - should contain_sysinv_config('DEFAULT/rpc_backend').with( - :value => 'sysinv.openstack.common.rpc.impl_kombu' - ) - should contain_sysinv_config('DEFAULT/control_exchange').with( - :value => 'openstack' - ) - should contain_sysinv_config('DEFAULT/rabbit_password').with( - :value => 'guest', - :secret => true - ) - should contain_sysinv_config('DEFAULT/rabbit_host').with( - :value => '127.0.0.1' - ) - should contain_sysinv_config('DEFAULT/rabbit_port').with( - :value => '5672' - ) - should contain_sysinv_config('DEFAULT/rabbit_hosts').with( - :value => '127.0.0.1:5672' - ) - should contain_sysinv_config('DEFAULT/rabbit_ha_queues').with( - :value => false - ) - should contain_sysinv_config('DEFAULT/rabbit_virtual_host').with( - :value => '/' - ) - should contain_sysinv_config('DEFAULT/rabbit_userid').with( - :value => 'guest' - ) - should contain_sysinv_config('DEFAULT/sql_connection').with( - :value => 'mysql://user:password@host/database', - :secret => true - ) - should contain_sysinv_config('DEFAULT/sql_idle_timeout').with( - :value => '3600' - ) - should contain_sysinv_config('DEFAULT/verbose').with( - :value => false - ) - should contain_sysinv_config('DEFAULT/debug').with( - :value => false - ) - should contain_sysinv_config('DEFAULT/api_paste_config').with( - :value => '/etc/sysinv/api-paste.ini' - ) - end - - it { should contain_file('/etc/sysinv/sysinv.conf').with( - :owner => 'sysinv', - :group => 'sysinv', - :mode => '0600', - :require => 'Package[sysinv]' - ) } - - it { should contain_file('/etc/sysinv/api-paste.ini').with( - :owner => 'sysinv', - :group => 'sysinv', - :mode => '0600', - :require => 'Package[sysinv]' - ) } - - end - describe 'with modified rabbit_hosts' do - let :params do - req_params.merge({'rabbit_hosts' => ['rabbit1:5672', 'rabbit2:5672']}) - end - - it 'should contain many' do - should_not contain_sysinv_config('DEFAULT/rabbit_host') - should_not contain_sysinv_config('DEFAULT/rabbit_port') - should contain_sysinv_config('DEFAULT/rabbit_hosts').with( - :value => 'rabbit1:5672,rabbit2:5672' - ) - should contain_sysinv_config('DEFAULT/rabbit_ha_queues').with( - :value => true - ) - end - end - - describe 'with a single rabbit_hosts entry' do - let :params do - req_params.merge({'rabbit_hosts' => ['rabbit1:5672']}) - end - - it 'should contain many' do - should_not contain_sysinv_config('DEFAULT/rabbit_host') - should_not contain_sysinv_config('DEFAULT/rabbit_port') - should contain_sysinv_config('DEFAULT/rabbit_hosts').with( - :value => 'rabbit1:5672' - ) - should contain_sysinv_config('DEFAULT/rabbit_ha_queues').with( - :value => true - ) - end - end - - describe 'with qpid rpc supplied' do - - let :params do - { - :sql_connection => 'mysql://user:password@host/database', - :qpid_password => 'guest', - :rpc_backend => 'sysinv.openstack.common.rpc.impl_qpid' - } - end - - it { should contain_sysinv_config('DEFAULT/sql_connection').with_value('mysql://user:password@host/database') } - it { should contain_sysinv_config('DEFAULT/rpc_backend').with_value('sysinv.openstack.common.rpc.impl_qpid') } - it { should contain_sysinv_config('DEFAULT/qpid_hostname').with_value('localhost') } - it { should contain_sysinv_config('DEFAULT/qpid_port').with_value('5672') } - it { should contain_sysinv_config('DEFAULT/qpid_username').with_value('guest') } - it { should contain_sysinv_config('DEFAULT/qpid_password').with_value('guest').with_secret(true) } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect').with_value(true) } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect_timeout').with_value('0') } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect_limit').with_value('0') } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect_interval_min').with_value('0') } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect_interval_max').with_value('0') } - it { should contain_sysinv_config('DEFAULT/qpid_reconnect_interval').with_value('0') } - it { should contain_sysinv_config('DEFAULT/qpid_heartbeat').with_value('60') } - it { should contain_sysinv_config('DEFAULT/qpid_protocol').with_value('tcp') } - it { should contain_sysinv_config('DEFAULT/qpid_tcp_nodelay').with_value(true) } - - end - - describe 'with syslog disabled' do - let :params do - req_params - end - - it { should contain_sysinv_config('DEFAULT/use_syslog').with_value(false) } - end - - describe 'with syslog enabled' do - let :params do - req_params.merge({ - :use_syslog => 'true', - }) - end - - it { should contain_sysinv_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_sysinv_config('DEFAULT/syslog_log_facility').with_value('LOG_USER') } - end - - describe 'with syslog enabled and custom settings' do - let :params do - req_params.merge({ - :use_syslog => 'true', - :log_facility => 'LOG_LOCAL0' - }) - end - - it { should contain_sysinv_config('DEFAULT/use_syslog').with_value(true) } - it { should contain_sysinv_config('DEFAULT/syslog_log_facility').with_value('LOG_LOCAL0') } - end - -end diff --git a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/spec_helper.rb b/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/spec_helper.rb deleted file mode 100644 index 1f7c6e6bee..0000000000 --- a/puppet-modules-wrs/puppet-sysinv/src/sysinv/spec/spec_helper.rb +++ /dev/null @@ -1,21 +0,0 @@ -# -# Files in this package are licensed under Apache; see LICENSE file. -# -# Copyright (c) 2013-2016 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Aug 2016: rebase mitaka -# Jun 2016: rebase centos -# Jun 2015: uprev kilo -# Dec 2014: uprev juno -# Jul 2014: rename ironic -# Dec 2013: uprev grizzly, havana -# Nov 2013: integrate source from https://github.com/stackforge/puppet-sysinv -# - -require 'puppetlabs_spec_helper/module_spec_helper' - -RSpec.configure do |c| - c.alias_it_should_behave_like_to :it_configures, 'configures' -end diff --git a/puppet-modules-wrs/tox.ini b/puppet-modules-wrs/tox.ini deleted file mode 100644 index ff1641a039..0000000000 --- a/puppet-modules-wrs/tox.ini +++ /dev/null @@ -1,34 +0,0 @@ -# -# Copyright (c) 2018 Wind River Systems, Inc. -# -# SPDX-License-Identifier: Apache-2.0 -# - -# Tox (http://tox.testrun.org/) is a tool for running tests -# in multiple virtualenvs. This configuration file will run the -# test suite on all supported python versions. To use it, "pip install tox" -# and then run "tox" from this directory. -[tox] -toxworkdir = /tmp/{env:USER}_puppet-modules-wrs -envlist = puppetlint -skipsdist = True - -[testenv] -recreate = True - -[testenv:puppetlint] -# Note: centos developer env requires ruby-devel -# Ubuntu developer env requires ruby-dev -deps = -whitelist_externals = - gem - bash -setenv = - GEM_HOME = {envdir} - GEM_PATH = {envdir} -skip_tests = \ - --no-documentation-check -commands = - gem install --no-document json puppet-lint - bash -c "find {toxinidir} -name \*.pp -print0 | xargs -0 puppet-lint --fail-on-warnings {[testenv:puppetlint]skip_tests}" - diff --git a/tox.ini b/tox.ini index 0d03595bb8..64f74addee 100644 --- a/tox.ini +++ b/tox.ini @@ -54,10 +54,6 @@ description = Dummy environment to allow flake8 to be run in subdir tox basepython = python3 description = Dummy environment to allow pylint to be run in subdir tox -[testenv:puppetlint] -basepython = python3 -description = Dummy environment to allow puppetlint to be run in subdir tox - [testenv:api-ref] basepython = python3 install_command = pip install -U {opts} {packages}