diff --git a/README.md b/README.md index 656f74b57..da863c74e 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ scenario](#all-in-one). | bgpvpn-api | | | | X | | | redis | X | | | | | | l2gw | | | | X | | +| om rpc | amqp1 | rabbit | rabbit | rabbit | rabbit | +| om notify | rabbit | rabbit | rabbit | rabbit | rabbit | When the Jenkins slave is created, the *run_tests.sh* script will be executed. This script will execute *install_modules.sh* that prepare /etc/puppet/modules diff --git a/copy_logs.sh b/copy_logs.sh index d30d6decb..9da159d26 100755 --- a/copy_logs.sh +++ b/copy_logs.sh @@ -172,6 +172,14 @@ if [ -f ${redis_logs} ]; then sudo cp ${redis_logs} $LOG_DIR/redis.log.txt fi +if [ -f /var/log/qdrouterd/qdrouterd.log ]; then + sudo cp /var/log/qdrouterd/qdrouterd.log $LOG_DIR/qdrouterd.log.txt + if [ -f /etc/qpid-dispatch/qdrouterd.conf ]; then + mkdir $LOG_DIR/qdrouterd_config + sudo cp /etc/qpid-dispatch/qdrouterd.conf $LOG_DIR/qdrouterd_config/qdrouterd.conf.txt + fi +fi + if [ -f /var/log/audit/audit.log ]; then sudo cp /var/log/audit/audit.log $LOG_DIR/audit.log.txt fi diff --git a/fixtures/scenario001.pp b/fixtures/scenario001.pp index 6f1b7bba1..bd2ae3cc4 100644 --- a/fixtures/scenario001.pp +++ b/fixtures/scenario001.pp @@ -21,11 +21,15 @@ case $::osfamily { # https://bugs.launchpad.net/cloud-archive/+bug/1535740 $enable_vitrage = false $enable_legacy_telemetry = true + $om_rpc = 'rabbit' + $om_notify = 'rabbit' } 'RedHat': { $ipv6 = true $enable_vitrage = true $enable_legacy_telemetry = false + $om_rpc = 'amqp' + $om_notify = 'rabbit' } default: { fail("Unsupported osfamily (${::osfamily})") @@ -42,12 +46,17 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease include ::openstack_integration class { '::openstack_integration::config': - ssl => $ssl_enabled, - ipv6 => $ipv6, + ssl => $ssl_enabled, + ipv6 => $ipv6, + rpc_backend => $om_rpc, + notify_backend => $om_notify, } include ::openstack_integration::cacert include ::openstack_integration::memcached include ::openstack_integration::rabbitmq +if ($om_rpc == 'amqp') { + include ::openstack_integration::qdr +} include ::openstack_integration::mysql class { '::openstack_integration::keystone': # NOTE(sileht):zTelemetry autoscaling tempest tests can't renew token, so we diff --git a/manifests/aodh.pp b/manifests/aodh.pp index 20a04539b..e6af0efe6 100644 --- a/manifests/aodh.pp +++ b/manifests/aodh.pp @@ -17,6 +17,14 @@ class openstack_integration::aodh { require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'aodh': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'aodh': notify => Service['httpd'], @@ -33,17 +41,25 @@ class openstack_integration::aodh { $gnocchi_url = undef } class { '::aodh': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'aodh', 'password' => 'an_even_bigger_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, - debug => true, - database_connection => 'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8', - gnocchi_url => $gnocchi_url, + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'aodh', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + debug => true, + database_connection => 'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8', + gnocchi_url => $gnocchi_url, } class { '::aodh::db::mysql': password => 'aodh', diff --git a/manifests/barbican.pp b/manifests/barbican.pp index 4edfe0821..3f52baed3 100644 --- a/manifests/barbican.pp +++ b/manifests/barbican.pp @@ -18,6 +18,14 @@ class openstack_integration::barbican { } Rabbitmq_user_permissions['barbican@/'] -> Service<| tag == 'barbican-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'barbican': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'barbican': notify => Service['httpd'], @@ -53,9 +61,16 @@ class openstack_integration::barbican { } class { '::barbican::api': default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, + 'username' => 'barbican', + 'password' => 'an_even_bigger_secret', + }), + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, 'username' => 'barbican', 'password' => 'an_even_bigger_secret', }), diff --git a/manifests/ceilometer.pp b/manifests/ceilometer.pp index 7e6da7ac5..04d12b3fc 100644 --- a/manifests/ceilometer.pp +++ b/manifests/ceilometer.pp @@ -26,6 +26,14 @@ class openstack_integration::ceilometer ( require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'ceilometer': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'ceilometer': notify => Service['httpd'], @@ -35,17 +43,25 @@ class openstack_integration::ceilometer ( } class { '::ceilometer': - telemetry_secret => 'secrete', - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + telemetry_secret => 'secrete', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'ceilometer', 'password' => 'an_even_bigger_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, - memcached_servers => $::openstack_integration::config::memcached_servers, - debug => true, + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'ceilometer', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + memcached_servers => $::openstack_integration::config::memcached_servers, + debug => true, } class { '::ceilometer::keystone::auth': diff --git a/manifests/cinder.pp b/manifests/cinder.pp index eacb1708f..bf9c6b2a5 100644 --- a/manifests/cinder.pp +++ b/manifests/cinder.pp @@ -36,6 +36,14 @@ class openstack_integration::cinder ( require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'cinder': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'cinder': notify => Service['httpd'], @@ -60,16 +68,26 @@ class openstack_integration::cinder ( } class { '::cinder': default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'cinder', 'password' => 'an_even_bigger_secret', }), database_connection => 'mysql+pymysql://cinder:cinder@127.0.0.1/cinder?charset=utf8', rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', debug => true, } + class { '::cinder::ceilometer': + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'cinder', + 'password' => 'an_even_bigger_secret', + }), + } if $volume_encryption { $keymgr_api_class = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager' $keymgr_encryption_api_url = "${::openstack_integration::config::base_url}:9311" diff --git a/manifests/config.pp b/manifests/config.pp index 702f4bf7a..561ac3e07 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -8,24 +8,52 @@ # (optional) Boolean to enable or not IPv6. # Defaults to false. # +# [*rpc_backend*] +# (optional) The oslo.messaging backend to configure for rpc. +# Possible values include rabbit, amqp +# Defaults to 'rabbit'. +# +# [*notify_backend*] +# (optional) The oslo.messaging backend to configure for notify. +# Defaults to 'rabbit'. +# class openstack_integration::config ( - $ssl = false, - $ipv6 = false, + $ssl = false, + $ipv6 = false, + $rpc_backend = 'rabbit', + $notify_backend = 'rabbit', ) { + $messaging_default_proto = $rpc_backend + $messaging_notify_proto = $notify_backend + if $ssl { - $rabbit_port = '5671' - $proto = 'https' + $proto = 'https' + if $rpc_backend == 'amqp' { + $messaging_default_port = '31459' + } else { + $messaging_default_port = '5671' + } + $messaging_notify_port = '5671' } else { - $rabbit_port = '5672' - $proto = 'http' + $proto = 'http' + if $rpc_backend == 'amqp' { + $messaging_default_port = '31459' + } else { + $messaging_default_port = '5672' + } + $messaging_notify_port = '5672' } + $rabbit_port = $messaging_notify_port + if $ipv6 { $host = '::1' - $rabbit_env = { - 'RABBITMQ_NODE_IP_ADDRESS' => $host, - 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"', + if $rpc_backend == 'rabbit' { + $rabbit_env = { + 'RABBITMQ_NODE_IP_ADDRESS' => $host, + 'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"', + } } $ip_version = '6' # Note (dmsimard): ipv6 parsing in Swift and keystone_authtoken are diff --git a/manifests/glance.pp b/manifests/glance.pp index e9a3eb210..90d5109bc 100644 --- a/manifests/glance.pp +++ b/manifests/glance.pp @@ -39,6 +39,14 @@ class openstack_integration::glance ( require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'glance': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + class { '::glance::db::mysql': password => 'glance', } @@ -101,15 +109,22 @@ class openstack_integration::glance ( enable_v2_api => true, } class { '::glance::notify::rabbitmq': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'glance', 'password' => 'an_even_bigger_secret', }), - notification_driver => 'messagingv2', - rabbit_use_ssl => $::openstack_integration::config::ssl, + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'glance', + 'password' => 'an_even_bigger_secret', + }), + notification_driver => 'messagingv2', + rabbit_use_ssl => $::openstack_integration::config::ssl, } } diff --git a/manifests/heat.pp b/manifests/heat.pp index 047d687d0..758a66636 100644 --- a/manifests/heat.pp +++ b/manifests/heat.pp @@ -18,6 +18,14 @@ class openstack_integration::heat { } Rabbitmq_user_permissions['heat@/'] -> Service<| tag == 'heat-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'heat': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'heat': require => Package['heat-common'], @@ -40,16 +48,24 @@ class openstack_integration::heat { memcached_servers => $::openstack_integration::config::memcached_servers, } class { '::heat': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'heat', 'password' => 'an_even_bigger_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, - database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8', - debug => true, + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'heat', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8', + debug => true, } class { '::heat::db::mysql': password => 'heat', diff --git a/manifests/ironic.pp b/manifests/ironic.pp index e08a25810..f868f2f63 100644 --- a/manifests/ironic.pp +++ b/manifests/ironic.pp @@ -28,15 +28,24 @@ class openstack_integration::ironic { # https://bugs.launchpad.net/ironic/+bug/1564075 Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'ironic': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + class { '::ironic': default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'ironic', 'password' => 'an_even_bigger_secret', }), rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', database_connection => 'mysql+pymysql://ironic:ironic@127.0.0.1/ironic?charset=utf8', debug => true, } diff --git a/manifests/keystone.pp b/manifests/keystone.pp index f4e79cf75..e0ea544df 100644 --- a/manifests/keystone.pp +++ b/manifests/keystone.pp @@ -30,6 +30,29 @@ class openstack_integration::keystone ( include ::openstack_integration::config include ::openstack_integration::params + rabbitmq_user { 'keystone': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'keystone@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + Rabbitmq_user_permissions['keystone@/'] -> Service<| tag == 'keystone-service' |> + + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'keystone': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'keystone': notify => Service['httpd'], @@ -62,23 +85,41 @@ class openstack_integration::keystone ( password => 'keystone', } class { '::keystone': - debug => true, - database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone', - admin_token => 'a_big_token', - admin_password => 'a_big_secret', - enabled => true, - service_name => 'httpd', - default_domain => $default_domain, - using_domain_config => $using_domain_config, - enable_ssl => $::openstack_integration::config::ssl, - public_bind_host => $::openstack_integration::config::host, - admin_bind_host => $::openstack_integration::config::host, - manage_policyrcd => true, - token_provider => $token_provider, - enable_fernet_setup => $enable_fernet_setup, - enable_credential_setup => $enable_credential_setup, - fernet_max_active_keys => '4', - token_expiration => $token_expiration, + debug => true, + database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone', + admin_token => 'a_big_token', + admin_password => 'a_big_secret', + enabled => true, + service_name => 'httpd', + default_domain => $default_domain, + using_domain_config => $using_domain_config, + enable_ssl => $::openstack_integration::config::ssl, + public_bind_host => $::openstack_integration::config::host, + admin_bind_host => $::openstack_integration::config::host, + manage_policyrcd => true, + token_provider => $token_provider, + enable_fernet_setup => $enable_fernet_setup, + enable_credential_setup => $enable_credential_setup, + fernet_max_active_keys => '4', + token_expiration => $token_expiration, + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_default_port, + 'username' => 'keystone', + 'password' => 'an_even_bigger_secret', + }), + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'keystone', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + } + class { '::keystone::messaging::amqp': + amqp_sasl_mechanisms => 'PLAIN', } include ::apache class { '::keystone::wsgi::apache': diff --git a/manifests/mistral.pp b/manifests/mistral.pp index 325d030c1..cf6bdcf82 100644 --- a/manifests/mistral.pp +++ b/manifests/mistral.pp @@ -19,6 +19,14 @@ class openstack_integration::mistral { } Rabbitmq_user_permissions['mistral@/'] -> Service<| tag == 'mistral-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'mistral': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::osfamily == 'RedHat' { if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'mistral': @@ -29,9 +37,9 @@ class openstack_integration::mistral { } class { '::mistral': default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'mistral', 'password' => 'an_even_bigger_secret', }), diff --git a/manifests/murano.pp b/manifests/murano.pp index 8afd39aee..cabca78b7 100644 --- a/manifests/murano.pp +++ b/manifests/murano.pp @@ -23,6 +23,14 @@ class openstack_integration::murano { require => [ Class['::rabbitmq'], Rabbitmq_vhost['/murano'] ], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'murano': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'murano': require => Package['murano-common'], @@ -43,9 +51,9 @@ class openstack_integration::murano { class { '::murano': admin_password => 'a_big_secret', default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'murano', 'password' => 'an_even_bigger_secret', }), diff --git a/manifests/neutron.pp b/manifests/neutron.pp index 87a597c09..9fee7fadc 100644 --- a/manifests/neutron.pp +++ b/manifests/neutron.pp @@ -46,6 +46,14 @@ class openstack_integration::neutron ( } Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'neutron': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + case $driver { 'openvswitch': { include ::vswitch::ovs @@ -132,22 +140,30 @@ class openstack_integration::neutron ( $plugins_list = delete_undef_values(['router', 'metering', 'firewall', 'lbaasv2', $bgpvpn_plugin, $l2gw_plugin]) class { '::neutron': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'neutron', 'password' => 'an_even_bigger_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, - allow_overlapping_ips => true, - core_plugin => 'ml2', - service_plugins => $plugins_list, - debug => true, - bind_host => $::openstack_integration::config::host, - use_ssl => $::openstack_integration::config::ssl, - cert_file => $::openstack_integration::params::cert_path, - key_file => "/etc/neutron/ssl/private/${::fqdn}.pem", + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'neutron', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + allow_overlapping_ips => true, + core_plugin => 'ml2', + service_plugins => $plugins_list, + debug => true, + bind_host => $::openstack_integration::config::host, + use_ssl => $::openstack_integration::config::ssl, + cert_file => $::openstack_integration::params::cert_path, + key_file => "/etc/neutron/ssl/private/${::fqdn}.pem", } class { '::neutron::client': } class { '::neutron::keystone::authtoken': diff --git a/manifests/nova.pp b/manifests/nova.pp index fecd67ab9..bbfcccd5b 100644 --- a/manifests/nova.pp +++ b/manifests/nova.pp @@ -36,10 +36,18 @@ class openstack_integration::nova ( Exec['update-ca-certificates'] ~> Service['httpd'] } - $transport_url = os_transport_url({ - 'transport' => 'rabbit', + $default_transport_url = os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, + 'username' => 'nova', + 'password' => 'an_even_bigger_secret', + }) + + $notification_transport_url = os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, 'username' => 'nova', 'password' => 'an_even_bigger_secret', }) @@ -59,6 +67,14 @@ class openstack_integration::nova ( } Rabbitmq_user_permissions['nova@/'] -> Service<| tag == 'nova-service' |> + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'nova': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + class { '::nova::db::mysql': password => 'nova', } @@ -101,11 +117,13 @@ class openstack_integration::nova ( memcached_servers => $::openstack_integration::config::memcached_servers, } class { '::nova': - default_transport_url => $transport_url, + default_transport_url => $default_transport_url, + notification_transport_url => $notification_transport_url, database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8', api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8', placement_database_connection => 'mysql+pymysql://nova_placement:nova@127.0.0.1/nova_placement?charset=utf8', rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', use_ipv6 => $::openstack_integration::config::ipv6, glance_api_servers => "${::openstack_integration::config::base_url}:9292", debug => true, diff --git a/manifests/qdr.pp b/manifests/qdr.pp new file mode 100644 index 000000000..5c158bb72 --- /dev/null +++ b/manifests/qdr.pp @@ -0,0 +1,60 @@ +class openstack_integration::qdr { + + include ::openstack_integration::params + include ::openstack_integration::config + + if $::osfamily == 'Debian' { + include ::apt + Class['apt::update'] -> Package<| provider == 'apt' |> + apt::ppa { 'ppa:qpid/released' : } + package { 'pyngus': + ensure => present, + provider => 'pip' + } + } + $extra_addresses = [{'prefix' => 'openstack.org/om/rpc/multicast', + 'distribution' => 'multicast'}, + {'prefix' => 'openstack.org/om/rpc/unicast', + 'distribution' => 'closest'}, + {'prefix' => 'openstack.org/om/rpc/anycast', + 'distribution' => 'balanced'}, + {'prefix' => 'openstack.org/om/notify/multicast', + 'distribution' => 'multicast'}, + {'prefix' => 'openstack.org/om/notify/unicast', + 'distribution' => 'closest'}, + {'prefix' => 'openstack.org/om/notify/anycast', + 'distribution' => 'balanced'}] + if $::openstack_integration::config::ssl { + file { '/etc/qpid-dispatch/ssl/private': + ensure => directory, + owner => 'root', + mode => '0755', + selinux_ignore_defaults => true, + before => File["/etc/qpid-dispatch/ssl/private/${::fqdn}.pem"], + } + openstack_integration::ssl_key { 'qdrouterd': + key_path => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem", + require => File['/etc/qpid-dispatch/ssl/private'], + notify => Service['qdrouterd'], + } + class { '::qdr': + listener_require_ssl => 'yes', + listener_ssl_cert_db => $::openstack_integration::params::ca_bundle_cert_path, + listener_ssl_cert_file => $::openstack_integration::params::cert_path, + listener_ssl_key_file => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem", + listener_addr => $::openstack_integration::config::host, + listener_port => $::openstack_integration::config::messaging_default_port, + listener_sasl_mech => 'PLAIN', + listener_auth_peer => 'yes', + extra_addresses => $extra_addresses, + } + } else { + class { '::qdr': + listener_addr => $::openstack_integration::config::host, + listener_port => $::openstack_integration::config::messaging_default_port, + listener_sasl_mech => 'PLAIN', + listener_auth_peer => 'yes', + extra_addresses => $extra_addresses, + } + } +} diff --git a/manifests/sahara.pp b/manifests/sahara.pp index 40ede0f0c..5ba065179 100644 --- a/manifests/sahara.pp +++ b/manifests/sahara.pp @@ -17,6 +17,14 @@ class openstack_integration::sahara { require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'sahara': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + class { '::sahara::db::mysql': password => 'sahara', } @@ -32,13 +40,14 @@ class openstack_integration::sahara { host => $::openstack_integration::config::host, database_connection => 'mysql+pymysql://sahara:sahara@127.0.0.1/sahara?charset=utf8', default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'sahara', 'password' => 'an_even_bigger_secret', }), rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', debug => true, } class { '::sahara::keystone::authtoken': diff --git a/manifests/trove.pp b/manifests/trove.pp index 88bfe9154..62752f51c 100644 --- a/manifests/trove.pp +++ b/manifests/trove.pp @@ -17,6 +17,14 @@ class openstack_integration::trove { require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'trove': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'trove': require => Package['trove'], @@ -31,16 +39,24 @@ class openstack_integration::trove { } class { '::trove': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'trove', 'password' => 'an_even_bigger_secret', }), - database_connection => 'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8', - rabbit_use_ssl => $::openstack_integration::config::ssl, - nova_proxy_admin_pass => 'a_big_secret', + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'trove', + 'password' => 'an_even_bigger_secret', + }), + database_connection => 'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8', + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + nova_proxy_admin_pass => 'a_big_secret', } class { '::trove::db::mysql': password => 'trove', diff --git a/manifests/vitrage.pp b/manifests/vitrage.pp index cce137f6b..6cd8687a7 100644 --- a/manifests/vitrage.pp +++ b/manifests/vitrage.pp @@ -17,6 +17,14 @@ class openstack_integration::vitrage { require => Class['::rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'vitrage': + password => 'an_even_bigger_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'vitrage': notify => Service['httpd'], @@ -27,17 +35,26 @@ class openstack_integration::vitrage { class { '::vitrage': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + # TODO(ansmith): separate transports when bug/1711716 closed + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_notify_port, 'username' => 'vitrage', 'password' => 'an_even_bigger_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, - debug => true, - snapshots_interval => 120, - types => 'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor' + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'vitrage', + 'password' => 'an_even_bigger_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', + debug => true, + snapshots_interval => 120, + types => 'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor' } # Make sure tempest can read the configuration files diff --git a/manifests/watcher.pp b/manifests/watcher.pp index 8fcd2576d..f187fa674 100644 --- a/manifests/watcher.pp +++ b/manifests/watcher.pp @@ -17,6 +17,14 @@ class openstack_integration::watcher { require => Class['rabbitmq'], } + if $::openstack_integration::config::messaging_default_proto == 'amqp' { + qdr_user { 'watcher': + password => 'my_secret', + provider => 'sasl', + require => Class['::qdr'], + } + } + if $::openstack_integration::config::ssl { openstack_integration::ssl_key { 'watcher': require => Package['watcher'], @@ -48,14 +56,22 @@ class openstack_integration::watcher { debug => true, } class { '::watcher': - default_transport_url => os_transport_url({ - 'transport' => 'rabbit', + default_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_default_proto, 'host' => $::openstack_integration::config::host, - 'port' => $::openstack_integration::config::rabbit_port, + 'port' => $::openstack_integration::config::messaging_default_port, 'username' => 'watcher', 'password' => 'my_secret', }), - rabbit_use_ssl => $::openstack_integration::config::ssl, + notification_transport_url => os_transport_url({ + 'transport' => $::openstack_integration::config::messaging_notify_proto, + 'host' => $::openstack_integration::config::host, + 'port' => $::openstack_integration::config::messaging_notify_port, + 'username' => 'watcher', + 'password' => 'my_secret', + }), + rabbit_use_ssl => $::openstack_integration::config::ssl, + amqp_sasl_mechanisms => 'PLAIN', } class { '::watcher::api': watcher_api_bind_host => $::openstack_integration::config::host,