diff --git a/.forgeignore b/.forgeignore deleted file mode 100644 index 76033ecf..00000000 --- a/.forgeignore +++ /dev/null @@ -1,14 +0,0 @@ -- pkg/ -- spec/ -- Rakefile -- Puppetfile -- coverage/ -- .git/ -- .forgeignore -- .travis.yml -- .gitignore -- doc/ -- .yardoc/ -- Gemfile -- Gemfile.lock -- .fixtures.yml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index e9cf8062..00000000 --- a/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -*.swp -spec/fixtures/modules/* -spec/fixtures/manifests/site.pp -Gemfile.lock -.vendor -doc/ -.yardoc -.librarian/ -.tmp/ diff --git a/.gitreview b/.gitreview deleted file mode 100644 index d238e955..00000000 --- a/.gitreview +++ /dev/null @@ -1,4 +0,0 @@ -[gerrit] -host=review.openstack.org -port=29418 -project=stackforge/puppet-openstack-cloud.git diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index b445b4c9..00000000 --- a/.travis.yml +++ /dev/null @@ -1,15 +0,0 @@ -language: ruby -script: "bundle exec rake test COV=y SPEC_OPTS='--format documentation --color --backtrace'" -rvm: - - 1.9.3 - - 2.0.0 -matrix: - fast_finish: true -env: - matrix: - - PUPPET_GEM_VERSION="~> 3.3.0" - - PUPPET_GEM_VERSION="~> 3.4.0" - - PUPPET_GEM_VERSION="~> 3.6.0" - - PUPPET_GEM_VERSION="~> 3.7.0" -notifications: - email: false diff --git a/CHANGELOG.md b/CHANGELOG.md deleted file mode 100644 index b7e06eb0..00000000 --- a/CHANGELOG.md +++ /dev/null @@ -1,120 +0,0 @@ -##2014-10-24 - Features release 2.2.0 -###Summary -* Sensu as first implementation of monitoring system -* Glance now supports NFS image storage backend -* Cinder now supports EMC VNX & iSCSI volume backends -* Nova now supports NFS instance storage backend -* Neutron now supports Cisco plugins with N1KV hardware (experimental) -* RabbitMQ can now be load-balanced by HAproxy -* Keystone roles for Heat are now created automatically -* Support for keepalived authentification -* MongoDB replicaset is now an option, so MongoDB can be standalone -* MySQL Galera has been tweaked to have better performances at scale -* Nova configuration has been tweaked to use read-only database feature and have better performances at scale -* Trove has been disabled by default since it's still in experimental status -* HAproxy: Allow user to bind multiple public/private IPs -* keepalived: allow vrrp traffic on a dedicated interface -* When running KVM, we check if VTX is really enabled -* HAproxy checks have been improve for OpenStack services -* Neutron: allow to specify tunnel type (i.e. VXLAN) -* Horizon: ALLOWED_HOST can now be controlled by the module -* Horizon: Allow user to speficy broader apache vhost settings -* Nova/RBD: support for RHEL 7 - -####Bugfixes -* Fix correct Puppet Ceph dependencies which could lead to bootstrap issues -* Fix issues with instance live migration support (nova configuration) -* Fix HAproxy checks for Spice (TCP instead of HTTP) - -####Known Bugs -* No known bugs - -##2014-07-15 - Features release 2.1.0 -###Summary -* Advanced logging support with kibana3, elasticsearch and fluentd -* Improve SSL termination support -* File backend support for Glance -* OpenStack Database as a Service support (Trove) as experimental -* Pacemaker support in Red-Hat -* heat-engine is no more managed as a single point of failure - -####Bugfixes -* Fix heat-cfn & heat-cloudwatch HAproxy binding -* Fix issues when using SSL termination - -####Known Bugs -* No known bugs - -##2014-06-19 - Features release 2.0.0 -###Summary -* Icehouse release support -* OpenStack Object Storage support (Swift) -* Neutron Metadata multi-worker -* RBD flexibility on compute nodes -* Keystone and Nova v3 API support -* SSL termination support - -####Bugfixes -* Fix nova-compute service when using RBD backend -* Fix cinder-volume service when creating a volume type -* Enable to have Swift Storage & Ceph OSD on same nodes - -####Known Bugs -* No known bugs - -##2014-05-06 - Features release 1.3.0 -###Summary -* High Availability refactorization -* OpenStack services separation in different classes -* DHCP Agent: Add support of DNS server declaration -* Defaults values for all puppet parameters, can now support Hiera. -* Fix all unit tests to pass Travis - -####Bugfixes -* Fix HAproxy configuration for Heat API binding - -####Known Bugs -* When using RBD as Nova Backend, nova-compute should be notified -* When creating a volume type, cinder-volume should be notified -* Impossible to attach a volume backend by RBD if not using RBD backend for Nova - -##2014-04-22 - Features release 1.2.0 -###Summary -* Now supports Ubuntu 12.04 -* Now supports Now supports Red Hat OpenStack Platform 4 -* Can be deployed on 3 nodes -* Add cluster note type support for RabbitMQ configuration -* Block storage can now be backend by multiple RBD pools - -####Bugfixes -* Fix a bug in Horizon in HTTP/HTTPS binding - -####Known Bugs -* No known bugs - -##2014-04-01 - Features release 1.1.0 -###Summary -* Updated puppetlabs-rabbitmq to 3.1.0 (RabbitMQ to 3.2.4) -* Add Cinder Muli-backend support -* NetApp support for Cinder as a backend -* Keystone uses now MySQL for tokens storage (due to several issues with Memcache backend) -* Back to upstream puppet-horizon from stackforge -* Servername parameter support in Horizon configuration to allow SSL redirections -* puppet-openstack-cloud module QA is done by Travis -* network: add dhcp\_lease\_duration parameter support - -####Bugfixes -* neutron: increase agent polling interval - -####Known Bugs -* Bug in Horizon in HTTP/HTTPS binding (fixed in 1.2.0) - -##2014-03-13 - First stable version 1.0.0 -###Summary -* First stable version. - -####Bugfixes -* No - -####Known Bugs -* No known bugs diff --git a/Gemfile b/Gemfile deleted file mode 100644 index 11c670ac..00000000 --- a/Gemfile +++ /dev/null @@ -1,19 +0,0 @@ -source 'https://rubygems.org' - -group :development, :test do - gem 'puppetlabs_spec_helper' - gem 'puppet-lint-param-docs', '1.1.0' - gem 'metadata-json-lint' - gem 'json' - gem 'webmock' - gem 'r10k' - gem 'librarian-puppet-simple', '~> 0.0.3' -end - -if puppetversion = ENV['PUPPET_GEM_VERSION'] - gem 'puppet', puppetversion, :require => false -else - gem 'puppet', :require => false -end - -# vim:ft=ruby diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 68c771a0..00000000 --- a/LICENSE +++ /dev/null @@ -1,176 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - diff --git a/Puppetfile b/Puppetfile deleted file mode 100644 index b6ef4f43..00000000 --- a/Puppetfile +++ /dev/null @@ -1,238 +0,0 @@ -# -# Copyright 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# -# Puppetfile -forge 'http://forge.puppetlabs.com' - -# OpenStack projects -mod 'openstacklib', - :git => 'git://github.com/enovance/puppet-openstacklib.git', - :ref => '176d7d65911eafab9d04d2053e77c69ff2c40e44' -mod 'ceilometer', - :git => 'git://github.com/enovance/puppet-ceilometer.git', - :ref => '64d8cfb8c1637871bba8c692d0c8184b75aceba2' -mod 'cinder', - :git => 'git://github.com/enovance/puppet-cinder.git', - :ref => '8d9524fac34daf7ef0ac336ef32fd3f75b6bddb1' -mod 'glance', - :git => 'git://github.com/enovance/puppet-glance.git', - :ref => '57685754d3e96cfaf863c9a98bf6b517e4ddb334' -mod 'heat', - :git => 'git://github.com/enovance/puppet-heat.git', - :ref => 'f2d08f6c340e19ad39d257f7a82c57afe6e342cc' -mod 'horizon', - :git => 'git://github.com/enovance/puppet-horizon.git', - :ref => 'f04c63881735c59a4d74390f20a35edd3a69e71e' -mod 'keystone', - :git => 'git://github.com/enovance/puppet-keystone.git', - :ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b' -mod 'neutron', - :git => 'git://github.com/enovance/puppet-neutron.git', - :ref => 'e981bc2533b349fae3e06ca3989f1bceece94610' -mod 'nova', - :git => 'git://github.com/enovance/puppet-nova.git', - :ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4' -mod 'swift', - :git => 'git://github.com/enovance/puppet-swift.git', - :ref => '1e4ebee1e88f946dfe4ed078437dc20b28698b53' -mod 'tempest', - :git => 'git://github.com/enovance/puppet-tempest.git', - :ref => 'f5e87cad5de119bd483006f06efcd22a34d8bdc4' -mod 'trove', - :git => 'git://github.com/enovance/puppet-trove.git', - :ref => '16e82e68ea62efec3ec7e11d7b9887e16b773372' - -# Dependency -mod 'apache', - :git => 'git://github.com/enovance/puppetlabs-apache.git', - :ref => 'e4ec6d4985fdb23e26c809e0d5786823d0689f90' -mod 'apt', - :git => 'git://github.com/enovance/puppetlabs-apt.git', - :ref => '9b001af8775c7231ea2656b7eb43d6141b536f49' -mod 'boolean', - :git => 'git://github.com/enovance/puppet-boolean.git', - :ref => '157011a4eaa27f1202a9d94335ee4876b26d377e' -mod 'ceph', - :git => 'git://github.com/enovance/puppet-ceph.git', - :ref => '3b58acf9fdf567bf40d17b3c803c940f1ddc70d1' -#FIXME -mod 'cloud', - :git => 'git://github.com/stackforge/puppet-openstack-cloud.git', - :ref => 'master' -mod 'common', - :git => 'git://github.com/enovance/puppet-module-common.git', - :ref => '2d0606fce1078222dd483e731ec32807f5b4ca53' -mod 'cassandra', - :git => 'git://github.com/enovance/cassandra.git', - :ref => '124f472128d178f52e2233d6aa8a0f1285f73c49' -mod 'concat', - :git => 'git://github.com/enovance/puppet-concat.git', - :ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5' -mod 'contrail', - :git => 'git://github.com/enovance/puppet-contrail.git', - :ref => '2b135d5b9f00c26b357bf2f55082701f01e0670a' -mod 'corosync', - :git => 'git://github.com/enovance/puppetlabs-corosync.git', - :ref => '7bbdcd8c57beab6ba24b06ef5aaee2462f8d3d24' -mod 'dnsclient', - :git => 'git://github.com/enovance/puppet-module-dnsclient.git', - :ref => '4158b30f4660623f98dcdbd1ce9b482556180b57' -mod 'datacat', - :git => 'git://github.com/enovance/puppet-datacat.git', - :ref => '6a2017b31a8808de35b89d90b9e2b681ef9a0918' -mod 'elasticsearch', - :git => 'git://github.com/enovance/puppet-elasticsearch.git', - :ref => '6d08442e8382f0f47388d4185122992c2d73cd9b' -mod 'gcc', - :git => 'git://github.com/enovance/puppetlabs-gcc.git', - :ref => '272e6595a2f4824dafa71a2b751960659c05c35d' -mod 'git', - :git => 'git://github.com/enovance/puppetlabs-git.git', - :ref => '0df1f62130a7752c728efb7555f2b07ca178ee5b' -mod 'hiera', - :git => 'git://github.com/enovance/puppet-hiera.git', - :ref => '1d407be61d800034409e4595a6fb73004b10f70f' -mod 'java', - :git => 'git://github.com/enovance/puppetlabs-java.git', - :ref => '5f60d5e2c041848b4c3e71c0aa6ba99b87774d4a' -mod 'firewall', - :git => 'git://github.com/enovance/puppetlabs-firewall.git', - :ref => '4ed1b43e1629c1b6108133b0fc3be603d03ffe6c' -mod 'fluentd', - :git => 'git://github.com/enovance/puppet-fluentd.git', - :ref => 'f77c3f27e0b91a60c1ee413aa0f4f5704c97955a' -mod 'haproxy', - :git => 'git://github.com/enovance/puppetlabs-haproxy.git', - :ref => 'fc1166f28d411dfd4f59d4bfd6936595c014a11b' -mod 'inifile', - :git => 'git://github.com/enovance/puppetlabs-inifile.git', - :ref => 'ae23a4db97d2815ec305d0529912685f07746d3c' -mod 'kafka', - :git => 'git://github.com/enovance/puppet-kafka.git', - :ref => '9ed9993ef53e4c1f2897e5191ee7fccfac866dfe' -mod 'keepalived', - :git => 'git://github.com/enovance/puppet-module-keepalived.git', - :ref => 'eb345b6d3b25106cbe166028f2b8dd9974a10230' -mod 'kibana3', - :git => 'git://github.com/enovance/kibana3.git', - :ref => '1c448ef538bb08236cad382b2621d6d09bee1f63' -mod 'vcsrepo', - :git => 'git://github.com/enovance/puppetlabs-vcsrepo.git', - :ref => '4592bfd59cd5d4795069798a14b483e16c98c1ff' -mod 'kmod', - :git => 'git://github.com/enovance/puppet-kmod.git', - :ref => 'accc40093e6f8ee9cc472e9eb6ba3bab4bad3a1f' -mod 'kwalify', - :git => 'git://github.com/puppetlabs/puppetlabs-kwalify.git', - :ref => 'e0079c6485d7cbfc846d956e650913e1b3ccfb6d' -mod 'libvirt', - :git => 'git://github.com/enovance/puppetlabs-libvirt.git', - :ref => '05808874715ca3e899861a0af139e6a48255d3cb' -mod 'limits', - :git => 'git://github.com/enovance/puppet-limits.git', - :ref => '8cb15495e55ce86bacf17f6a80a8c70ac35fc9c0' -mod 'logrotate', - :git => 'git://github.com/enovance/puppet-logrotate.git', - :ref => 'f4d12356301fa2992f51dc7225037bb07556cb28' -mod 'memcached', - :git => 'git://github.com/enovance/puppet-memcached.git', - :ref => 'd009260de3c7623003318555ec5ca61217ea3ca1' -mod 'mongodb', - :git => 'git://github.com/enovance/puppetlabs-mongodb.git', - :ref => '030100a176a72a32e265b77790d8d15407a13729' -mod 'mysql', - :git => 'git://github.com/enovance/puppetlabs-mysql.git', - :ref => '8b814d4d2cb5786a15e8e37fb3b7444d5d5f0d3f' -# TODO(EmilienM) Come back to upstream after -# https://github.com/ghoneycutt/puppet-module-nfs/pull/43 got merged. -mod 'nfs', - :git => 'git://github.com/enovance/puppet-module-nfs.git', - :ref => '6f840a522679c6a8ebe340d86f9c4325a2103629' -mod 'ntp', - :git => 'git://github.com/enovance/puppetlabs-ntp.git', - :ref => 'eb02ba2937ce86fb609ae41499767244b78ec58d' -mod 'pacemaker', - :git => 'git://github.com/enovance/puppet-pacemaker.git', - :ref => '56bbb3580bb7fa62bf57c2ed7a30b938e42b8cc3' -mod 'partial', - :git => 'git://github.com/enovance/puppet-partial.git', - :ref => '1308d5341872911359e884fd84e4dd175fda632f' -mod 'postgresql', - :git => 'git://github.com/enovance/puppetlabs-postgresql.git', - :ref => '0b483a2796e77d670e326a01fce57465d2c08774' -mod 'puppetdb', - :git => 'git://github.com/enovance/puppetlabs-puppetdb.git', - :ref => 'b482ad8efa94283099cee0aaedd194f50753f7b0' -mod 'puppetdbquery', - :git => 'git://github.com/enovance/puppet-puppetdbquery.git', - :ref => '89194917744f929bb600c31d7d6f822b529f5f03' -# TODO(emilienM) https://tickets.puppetlabs.com/browse/PDB-1223 -mod 'rabbitmq', - :git => 'git://github.com/enovance/puppetlabs-rabbitmq.git', - :ref => '7d3a3a1859d344c4e49d4c257c4ea0b9b0460c33' -mod 'redis', - :git => 'git://github.com/arioch/puppet-redis.git', - :ref => '51e35cc9a743dd8f992effae25d92e18aafe8b46' -mod 'rhnreg_ks', - :git => 'git://github.com/enovance/puppet-rhnreg_ks.git', - :ref => '8fdc051992b44a09f39d3b510d7cd6db5ed5ff66' -mod 'rpcbind', - :git => 'git://github.com/enovance/puppet-module-rpcbind.git', - :ref => 'da943d26f09f9658159c1190e058bf1af88f465d' -mod 'rsync', - :git => 'git://github.com/enovance/puppetlabs-rsync.git', - :ref => '7122983d89bf68bc4170415cc03212f6a8a4636e' -mod 'sensu', - :git => 'git://github.com/enovance/sensu-puppet.git', - :ref => '4a16ebf3503bfc9ae6192ae3120cb29b9e5c8445' -mod 'ssh', - :git => 'git://github.com/enovance/puppet-ssh.git', - :ref => '3906425ff06bcabc4d677a3f01372d8a26f93e94' -mod 'rsyslog', - :git => 'git://github.com/enovance/puppet-rsyslog.git', - :ref => '67c7c501b916ebd1a27a8a218d49602339526c4f' -mod 'stdlib', - :git => 'git://github.com/enovance/puppetlabs-stdlib.git', - :ref => 'fb42396c75d90ce3a9473e2a7ed22682266ea03f' -mod 'sudo', - :git => 'git://github.com/enovance/puppet-sudo.git', - :ref => '6875e3c16bb17149fb24d49d45e8dc32bacbdfaf' -mod 'sysctl', - :git => 'git://github.com/enovance/puppet-sysctl.git', - :ref => 'aca277a3d407359ced96267cd2b3205bd8ab9c48' -mod 'types', - :git => 'git://github.com/enovance/puppet-module-types.git', - :ref => '4c58ae8b6cdb1a9da3da9654a35375e274019dfb' -mod 'uchiwa', - :git => 'git://github.com/enovance/yelp-uchiwa.git', - :ref => '8eafd8167ff7d4f1cd696e4d098e3e1497c28279' -mod 'vswitch', - :git => 'git://github.com/enovance/puppet-vswitch.git', - :ref => '49dbaff15e8f017dbe365ebf08eb505472b695a1' -mod 'wget', - :git => 'git://github.com/enovance/puppet-wget.git', - :ref => '1c3ea6f1c822a99b52defb87305ea5977cba4293' -mod 'xinetd', - :git => 'git://github.com/enovance/puppetlabs-xinetd.git', - :ref => '0740f5343b54523d9ed27f65c05f6c9f045f022b' -mod 'openstack_extras', - :git => 'git://github.com/enovance/puppet-openstack_extras.git', - :ref => '537ed9e3750178fcfffa3ae476727cb1f4e65fb9' -mod 'staging', - :git => 'git://github.com/enovance/puppet-staging.git', - :ref => 'bc434a71e19aae54223d57c274e2e1a7f9546d5e' -mod 'zookeeper', - :git => 'git://github.com/enovance/puppet-zookeeper-1.git', - :ref => '2617a4e5e01aaa7b597c533a3229cba71db4517b' diff --git a/README.md b/README.md deleted file mode 100644 index 063103ff..00000000 --- a/README.md +++ /dev/null @@ -1,151 +0,0 @@ -# puppet-openstack-cloud - -[![Build Status](https://api.travis-ci.org/enovance/puppet-openstack-cloud.svg?branch=master)](https://travis-ci.org/enovance/puppet-openstack-cloud) -[![Puppet Forge](http://img.shields.io/puppetforge/v/eNovance/cloud.svg)](https://forge.puppetlabs.com/eNovance/cloud) -[![License](http://img.shields.io/:license-apache-blue.svg)](http://www.apache.org/licenses/LICENSE-2.0.html) - -#### Table of Contents - -1. [Overview - What is the cloud module?](#overview) -2. [Module Description - What does the module do?](#module-description) -3. [Setup - The basics of getting started with puppet-openstack-cloud](#setup) -4. [Implementation - An under-the-hood peek at what the module is doing](#implementation) -5. [Limitations - OS compatibility, etc.](#limitations) -6. [Getting Involved - How to go deeper](#involved) -7. [Development - Guide for contributing to the module](#development) -8. [Contributors - Those with commits](#contributors) -9. [Release Notes - Notes on the most recent updates to the module](#release-notes) - -## Overview - -The [puppet-openstack-cloud](https://wiki.openstack.org/wiki/Puppet-openstack/puppet-openstack-cloud) module is a flexible Puppet composition layer capable of configuring the core [OpenStack](http://docs.openstack.org/) services: - -* [Nova](https://github.com/stackforge/puppet-nova) (compute) -* [Glance](https://github.com/stackforge/puppet-glance) (image) -* [Keystone](https://github.com/stackforge/puppet-keystone) (identity) -* [Cinder](https://github.com/stackforge/puppet-cinder) (volume) -* [Horizon](https://github.com/stackforge/puppet-horizon) (dashboard) -* [Heat](https://github.com/stackforge/puppet-heat) (orchestration) -* [Ceilometer](https://github.com/stackforge/puppet-ceilometer) (telemetry) -* [Neutron](https://github.com/stackforge/puppet-neutron) (networking) -* [Swift](https://github.com/stackforge/puppet-swift) (object storage) -* [Trove](https://github.com/stackforge/puppet-trove) (database as a service) - -Cinder, Glance and Nova can use Ceph as backend storage, using [puppet-ceph](https://github.com/enovance/puppet-ceph). - -Only KVM and QEMU are supported as hypervisors, for now. - -Neutron use ML2 plugin with GRE and Open-vSwitch drivers. - -Cinder has multi-backend support: - -* RBD (default) -* NetAPP -* iSCSI -* EMC VNX direct -* NFS - -Glance supports different backends: - -* RBD (default) -* file -* NFS (mount a NFS share by using file backend) -* Swift - -Neutron supports: - -* ML2 plugin with OVS agent (GRE + VXLAN supported) -* Cisco plugin with N1KV agent (non-ML2) - -Trove support is now experimental. - -[Puppet Modules](http://docs.puppetlabs.com/learning/modules1.html#modules) are a collection of related contents that can be used to model the configuration of a discrete service. - -These Puppet modules are based on the [openstack documentation](http://docs.openstack.org/). - -## Module Description - -There are a lot of moving pieces in OpenStack, consequently there are several Puppet modules needed to cover all these pieces. Each module is then made up of several class definitions, resource declarations, defined resources, and custom types/providers. A common pattern to reduce this complexity in Puppet is to create a composite module that bundles all these component type modules into a common set of configurations. The cloud module is doing this compositing and exposing a set of variables needed to be successful in getting a functional stack up and running. - -### Pre-module Dependencies - -* [Puppet](http://docs.puppetlabs.com/puppet/) 3 or greater -* [Facter](http://www.puppetlabs.com/puppet/related-projects/facter/) 1.6.1 or greater (versions that support the osfamily fact) - -### Notes about Puppet3 - -Puppet 3.x isn't yet available on Debian/RedHat stable osfamily, but hopefully puppet provides a Official repository, please see [this page](http://docs.puppetlabs.com/guides/puppetlabs_package_repositories.html) for the setup. - -**Platforms** - -These modules have been fully tested on Ubuntu Precise and Debian Wheezy and RHEL 6. - -## Setup - -**What the cloud module affects** - -* The entirety of OpenStack! - -### Installing Puppet - -Puppet Labs provides two tools for getting started with managing configuration modeling with Puppet, Puppet Enterprise or its underlying opensource projects, i.e. Puppet and MCollective. - -* [Puppet Enterprise](http://docs.puppetlabs.com/#puppet-enterprisepelatest) is a complete configuration management platform, with an optimized set of components proven to work well together. Is free up to 10 nodes so if you're just using Puppet for OpenStack management this might just work perfectly. It will come configured with a handful of extra components that make for a richer experience, like a web interface for managing the orchestration of Puppet and certificate management. -* [Puppet](http://docs.puppetlabs.com/#puppetpuppet) manages your servers: you describe machine configurations in an easy-to-read declarative language, and Puppet will bring your systems into the desired state and keep them there. This is the opensource version of Puppet and should be available in your operating system's package repositories but it is generally suggested you use the [yum](http://yum.puppetlabs.com) or [apt](http://apt.puppetlabs.com) repositories from Puppet Labs if possible. - -Consult the documentation linked above to help you make your decision but don't fret about the choice to much, opensource Puppet agents are compatible with Puppet Enterprise Puppet masters. - -### Optional Puppet features - -The swift portions of this module needs Puppet's [exported resources](http://docs.puppetlabs.com/puppet/3/reference/lang_exported.html). Exported resources leverages the PuppetDB to export and share data across other Puppet managed nodes. - -### Installing latest unstable cloud module from source - - cd /etc/puppet/modules - git clone git@github.com:redhat-openstack/openstack-puppet-modules.git modules - cd modules - git checkout -b puppet-openstack-cloud origin/enovance - gem install --no-ri --no-rdoc r10k - # a debian package is available in jessie - PUPPETFILE=./Puppetfile PUPPETFILE_DIR=../ r10k --verbose 3 puppetfile install - -**Pre-puppet setup** - -The things that follow can be handled by Puppet but are out of scope of this document and are not included in the cloud module. - -### Beginning with puppet-openstack-cloud - -Utilization of this module can come in many forms. It was designed to be capable of deploying all services to a single node or distributed across several. This is not an exhaustive list, we recommend you consult and understand all the manifests included in this module and the [core openstack](http://docs.openstack.org) documentation. - - -## Implementation - -(more doc should be written here) - -## Limitations - -* Deploys only with rabbitmq and mysql RPC/data backends. -* Not backwards compatible with pre-2.x release of the cloud modules. - -## Getting Involved - -Need a feature? Found a bug? Let us know! - -We are extremely interested in growing a community of OpenStack experts and users around these modules so they can serve as an example of consolidated best practices of how to deploy OpenStack. - -The best way to get help with this set of modules is to email the group associated with this project: - - dev [at] enovance [dot] com - -Issues should be opened here: - - https://bugs.launchpad.net/puppet-openstack-cloud/+filebug - - -## Contributors - -* http://stackalytics.com/?project_type=stackforge&module=puppet-openstack-cloud&release=all&metric=commits - -## Release Notes - -See [CHANGELOG](https://github.com/stackforge/puppet-openstack-cloud/blob/master/CHANGELOG.md) file. diff --git a/README.rst b/README.rst new file mode 100644 index 00000000..9006052a --- /dev/null +++ b/README.rst @@ -0,0 +1,7 @@ +This project is no longer maintained. + +The contents of this repository are still available in the Git source code +management system. To see the contents of this repository before it reached +its end of life, please check out the previous commit with +"git checkout HEAD^1". + diff --git a/Rakefile b/Rakefile deleted file mode 100644 index 447199e3..00000000 --- a/Rakefile +++ /dev/null @@ -1,80 +0,0 @@ -# -*- mode: ruby -*- -# vi: set ft=ruby : -# -NAME = 'eNovance-cloud' -TDIR = File.expand_path(File.dirname(__FILE__)) - -require 'puppetlabs_spec_helper/rake_tasks' -require 'puppet-lint/tasks/puppet-lint' -require 'puppet-syntax/tasks/puppet-syntax' - -PuppetLint.configuration.fail_on_warnings = true -PuppetLint.configuration.send('disable_80chars') -# for manifest loadbalancer.pp +39 (default value as an array of variables) -PuppetLint.configuration.send('disable_class_parameter_defaults') -# manifests/image/api.pp - WARNING: string containing only a variable on line 189 -PuppetLint.configuration.send('disable_only_variable_string') -# For stonith-enabled (it's a string not a bool) -PuppetLint.configuration.send('disable_quoted_booleans') -# Ignore all upstream modules -exclude_paths = ['spec/**/*','pkg/**/*','vendor/**/*'] -exclude_lint_paths = exclude_paths - -PuppetLint.configuration.ignore_paths = exclude_lint_paths -PuppetSyntax.exclude_paths = exclude_paths - - -task(:default).clear -task :default => :test - -desc 'Run syntax, lint and spec tests' -task :test => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec] - -desc 'Run syntax, lint and spec tests (without fixture purge = train/airplane)' -task :test_keep => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec_prep,:spec_standalone] - -if ENV['COV'] - desc 'Run syntax, lint, spec tests and coverage' - task :cov => [:syntax,:lint,:validate_puppetfile,:validate_metadata_json,:spec_prep,:spec_standalone] -end - -desc "Validate the Puppetfile syntax" -task :validate_puppetfile do - $stderr.puts "---> syntax:puppetfile" - sh "r10k puppetfile check" -end - -desc "Validate the metadata.json syntax" -task :validate_metadata_json do - $stderr.puts "---> syntax:metadata.json" - sh "metadata-json-lint metadata.json" -end - -namespace :module do - desc "Build #{NAME} module (in a clean env) Please use this for puppetforge" - task :build do - exec "rsync -rv --exclude-from=#{TDIR}/.forgeignore . /tmp/#{NAME};cd /tmp/#{NAME};puppet module build" - end -end - -Rake::Task[:spec_prep].clear -desc 'Create the fixtures directory' -task :spec_prep do - FileUtils::mkdir_p('spec/fixtures/modules') - FileUtils::mkdir_p('spec/fixtures/manifests') - FileUtils::touch('spec/fixtures/manifests/site.pp') - sh 'librarian-puppet install --path=spec/fixtures/modules' - if File.exists?('spec/fixtures/modules/cloud') - FileUtils::rm_rf('spec/fixtures/modules/cloud') - FileUtils::ln_s(TDIR, 'spec/fixtures/modules/cloud') - end -end - -Rake::Task[:spec_clean].clear -desc 'Clean up the fixtures directory' -task :spec_clean do - sh 'librarian-puppet clean --path=spec/fixtures/modules' - if File.zero?('spec/fixtures/manifests/site.pp') - FileUtils::rm_f('spec/fixtures/manifests/site.pp') - end -end diff --git a/files/qemu/qemu.conf b/files/qemu/qemu.conf deleted file mode 100644 index 93f1ff42..00000000 --- a/files/qemu/qemu.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Managed by Puppet -# Module cloud::compute::hypervisor -user = "root" -group = "root" -cgroup_device_acl = [ - "/dev/null", "/dev/full", "/dev/zero", - "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", "/dev/kqemu", - "/dev/rtc", "/dev/hpet", "/dev/net/tun", -] -clear_emulator_capabilities = 1 diff --git a/lib/facter/edeploy.rb b/lib/facter/edeploy.rb deleted file mode 100644 index 58ece7c4..00000000 --- a/lib/facter/edeploy.rb +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Fact: edeploy -# -Facter.add('edeploy_role_version') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy version') - end - end -end - -Facter.add('edeploy_role_name') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy role') - end - end -end - -Facter.add('edeploy_profile') do - setcode do - if File.executable?('/usr/sbin/edeploy') - Facter::Util::Resolution.exec('/usr/sbin/edeploy profile') - end - end -end diff --git a/lib/facter/galera_bootstrapped.rb b/lib/facter/galera_bootstrapped.rb deleted file mode 100644 index 6a786304..00000000 --- a/lib/facter/galera_bootstrapped.rb +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Fact: galera_bootstrapped -# -Facter.add('galera_bootstrapped') do - setcode do - FileTest.exists?('/var/lib/mysql/grastate.dat') - end -end diff --git a/lib/facter/vtx.rb b/lib/facter/vtx.rb deleted file mode 100644 index faec42d5..00000000 --- a/lib/facter/vtx.rb +++ /dev/null @@ -1,27 +0,0 @@ -# Fact: vtx -# -# Purpose: -# Determine whether VT-X is enabled on the node. -# -# Resolution: -# Checks for vmx (intel) or svm (amd) is part of /proc/cpuinfo flags -# -# Caveats: -# - -# Author: Emilien Macchi - -Facter.add('vtx') do - confine :kernel => :linux - setcode do - result = false - begin - # test on Intel and AMD plateforms - if File.read('/proc/cpuinfo') =~ /(vmx|svm)/ - result = true - end - rescue - end - result - end -end diff --git a/manifests/clustering.pp b/manifests/clustering.pp deleted file mode 100644 index f5d6c3b9..00000000 --- a/manifests/clustering.pp +++ /dev/null @@ -1,151 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -# == Class: cloud::clustering -# -# Initialize Pacemaker / Corosync cluster -# -# === Parameters: -# -# [*cluster_members*] -# (required) Array of hostnames of cluster nodes -# -# [*cluster_ip*] -# (optional) IP address used by Corosync to send multicast traffic -# Defaults to '127.0.0.1' -# -# [*cluster_auth*] -# (optional) Controls corosync's ability to authenticate and encrypt -# multicast messages. -# Defaults to false -# -# [*cluster_authkey*] -# (optional) Specifies the path to the CA which is used to sign Corosync's -# certificate. -# Defaults to '/var/lib/puppet/ssl/certs/ca.pem' -# -# [*cluster_recheck_interval*] -# (optional) This tells the cluster to periodically recalculate the ideal -# state of the cluster. -# Defaults to 5min -# -# [*pe_warn_series_max*] -# (optional) The number of PE inputs resulting in WARNINGs to save. Used when -# reporting problems. -# Defaults to 1000 -# -# [*pe_input_series_max*] -# (optional) The number of "normal" PE inputs to save. Used when reporting -# problems. -# Defaults to 1000 -# -# [*pe_error_series_max*] -# (optional) The number of PE inputs resulting in ERRORs to save. Used when -# reporting problems. -# Defaults to 1000 -# -# [*multicast_address*] -# (optionnal) IP address used to send multicast traffic -# Defaults to '239.192.168.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be a hash. -# Default to {} -# -class cloud::clustering ( - $cluster_members, - $cluster_ip = '127.0.0.1', - $cluster_auth = false, - $cluster_authkey = '/var/lib/puppet/ssl/certs/ca.pem', - $cluster_recheck_interval = '5min', - $pe_warn_series_max = 1000, - $pe_input_series_max = 1000, - $pe_error_series_max = 1000, - $multicast_address = '239.192.168.1', - $firewall_settings = {}, -) { - - if $::osfamily == 'RedHat' { - $packages = ['corosync', 'pacemaker', 'pcs'] - $set_votequorum = true - - Service['pcsd'] -> Cs_property<||> - Service['pacemaker'] -> Cs_property<||> - - service { 'pcsd': - ensure => 'running', - enable => true, - require => Class['corosync'], - } -> service { 'pacemaker': - ensure => 'running', - enable => true, - require => Class['corosync'], - } - } else { - $packages = ['corosync', 'pacemaker'] - $set_votequorum = false - } - - class { 'corosync': - enable_secauth => $cluster_auth, - authkey => $cluster_authkey, - bind_address => $cluster_ip, - multicast_address => $multicast_address, - packages => $packages, - set_votequorum => $set_votequorum, - quorum_members => $cluster_members, - } - - corosync::service { 'pacemaker': - version => '0', - } - - Package['corosync'] -> Cs_property<||> - cs_property { - # Doesn't work with pcs yet (Fedora20), but will work in future: - # -> https://github.com/feist/pcs/issues/20 - #'cluster-recheck-interval': value => $cluster_recheck_interval; - 'pe-warn-series-max': value => $pe_warn_series_max; - 'pe-input-series-max': value => $pe_input_series_max; - 'pe-error-series-max': value => $pe_error_series_max; - } - if count($cluster_members) < 3 { - # stonith is not required for less then 3 nodes, also quorum can be hold - # only with three or more nodes - cs_property { - 'no-quorum-policy': value => 'ignore'; - 'stonith-enabled': value => 'false'; - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow vrrp access': - port => undef, - proto => 'vrrp', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow corosync tcp access': - port => ['2224', '3121', '21064'], - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow corosync udp access': - port => ['5404', '5405'], - proto => 'udp', - extras => $firewall_settings, - } - } -} diff --git a/manifests/clustering/pacemaker_colocation.pp b/manifests/clustering/pacemaker_colocation.pp deleted file mode 100644 index 0a823243..00000000 --- a/manifests/clustering/pacemaker_colocation.pp +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a Pacemaker colocation rule -# -# === Parameters -# -# [*service*] -# (required) Name of the service to be colocated with others -# Defaults to $name -# -# [*colocated_with*] -# (optional) List of services to be colocated with service1 -# Should be an array. -# Defaults to [] -# -# [*order*] -# (optional) Do not use in a manifest. It is used to iterate -# through the list of services to be colocated with $service. -# Defaults to '0' -define cloud::clustering::pacemaker_colocation( - $service = $name, - $colocated_with = [], - $order = '0' -) { - $service1 = inline_template('<%= @colocated_with[@order.to_i] %>') - if $service1 { - $colocation_name = "${service}-with-${service1}" - - cs_colocation { $colocation_name : - primitives => [ "p_${service}", "p_${service1}" ], - } - - $neworder = inline_template('<%= @order.to_i + 1 %>') - - cloud::clustering::pacemaker_colocation { "${service}-${neworder}": - service => $service, - colocated_with => $colocated_with, - order => $neworder - } - } -} - diff --git a/manifests/clustering/pacemaker_order.pp b/manifests/clustering/pacemaker_order.pp deleted file mode 100644 index 4459b949..00000000 --- a/manifests/clustering/pacemaker_order.pp +++ /dev/null @@ -1,55 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a Pacemaker order constraint -# -# === Parameters -# -# [*first*] -# (required) List of services to be executed before $service -# Should be an array. -# Defaults to [] -# -# [*service*] -# (optional) Service to be executed after all services in $first -# Defaults to $name -# -# [*order*] -# (optional) Do not use in a manifest. It is used to iterate -# through the list of services to be executed before $service. -# Defaults to '0' -define cloud::clustering::pacemaker_order( - $first = [], - $service = $name, - $order = '0' -) { - $service1 = inline_template('<%= @first[@order.to_i] %>') - if $service1 { - $order_name = "${service1}-before-${service}" - - cs_order { $order_name : - first => "p_${service1}", - second => "p_${service}", - } - - $neworder = inline_template('<%= @order.to_i + 1 %>') - - cloud::clustering::pacemaker_order { "${service}-${neworder}": - first => $first, - service => $service, - order => $neworder - } - } -} diff --git a/manifests/clustering/pacemaker_service.pp b/manifests/clustering/pacemaker_service.pp deleted file mode 100644 index 48b4d9c3..00000000 --- a/manifests/clustering/pacemaker_service.pp +++ /dev/null @@ -1,111 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure a service to be controlled by Pacemaker -# -# -# === Parameters -# -# [*service_name*] -# (optional) Name of the service to be put under Pacemaker control -# Defaults to $name -# -# [*primitive_class*] -# (optional) Pacemaker primitive class -# Defaults to 'systemd' -# -# [*primitive_provider*] -# (optional) Pacemaker primitive provider for OCF scripts -# Examples: 'ocf','heartbeat' -# Defaults to false -# -# [*primitive_type*] -# (optional) The type of the primitive: OCF file name, or operating -# system-native service if using systemd, upstart or lsb as -# primitive_class -# Defaults to $service_name -# -# [*clone*] -# (optional) Create a cloned resource -# Defaults to false -# -# [*colocated_services*] -# (optional) A list of resources that should be colocated with this -# one -# Example: ["service2","service3"] -# Defaults to [] -# -# [*start_after*] -# (optional) A list of resources that should be started before this -# resource can be started. This will create a set of order constraints -# where every resourece in $start_after should be started before this -# resource can start -# Example: ["service2","service3"] -# Defaults to [] -# -# [*requires*] -# (optional) A list of required Puppet resources -# Defaults to [] -# -# Example: -# cloud::clustering::pacemaker_service { 'openstack-glance-api' : -# service_name => 'openstack-glance-api', -# primitive_class => 'systemd', -# primitive_provider => false, -# primitive_type => 'openstack-glance-api', -# clone => false, -# colocated_services => ["openstack-keystone"], -# start_after => ["openstack-keystone"], -# requires => Package['openstack-glance'], -# } -define cloud::clustering::pacemaker_service ( - $service_name = $name, - $primitive_class = 'systemd', - $primitive_provider = false, - $primitive_type = $service_name, - $clone = false, - $colocated_services = [], - $start_after = [], - $requires = [], -) { - - openstack_extras::pacemaker::service { $service_name : - ensure => present, - metadata => {}, - ms_metadata => {}, - operations => {}, - parameters => {}, - primitive_class => $primitive_class, - primitive_provider => $primitive_provider, - primitive_type => $primitive_type, - use_handler => false, - clone => $clone, - require => $requires, - } - - if $colocated_services { - cloud::clustering::pacemaker_colocation { $service_name : - service => $service_name, - colocated_with => $colocated_services - } - } - - if $start_after { - cloud::clustering::pacemaker_order { $service_name : - first => $start_after, - service => $service_name - } - } -} diff --git a/manifests/compute.pp b/manifests/compute.pp deleted file mode 100644 index 5cbdcc83..00000000 --- a/manifests/compute.pp +++ /dev/null @@ -1,193 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute -# -# Common class for compute nodes -# -# === Parameters: -# -# [*nova_db_host*] -# (optional) Hostname or IP address to connect to nova database -# Defaults to '127.0.0.1' -# -# [*nova_db_use_slave*] -# (optional) Enable slave connection for nova, this assume -# the haproxy is used and mysql loadbalanced port for read operation is 3307 -# Defaults to false -# -# [*nova_db_user*] -# (optional) Username to connect to nova database -# Defaults to 'nova' -# -# [*nova_db_password*] -# (optional) Password to connect to nova database -# Defaults to 'novapassword' -# -# [*nova_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_internal_proto*] -# (optional) Internal protocol to connect to Glance API -# Defaults to 'http' -# -# [*glance_api_port*] -# (optional) TCP port to connect to Glance API -# Defaults to '9292' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*neutron_endpoint*] -# (optional) Host running auth service. -# Defaults to '127.0.0.1' -# -# [*neutron_protocol*] -# (optional) Protocol to connect to Neutron service. -# Defaults to 'http' -# -# [*neutron_password*] -# (optional) Password to connect to Neutron service. -# Defaults to 'neutronpassword' -# -# [*neutron_region_name*] -# (optional) Name of the Neutron Region. -# Defaults to 'RegionOne' -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*availability_zone*] -# (optional) Name of the default Nova availability zone. -# Defaults to 'RegionOne' -# -# [*cinder_endpoint_type*] -# (optional) Cinder endpoint type to use. -# Defaults to 'publicURL' -# -class cloud::compute( - $nova_db_host = '127.0.0.1', - $nova_db_use_slave = false, - $nova_db_user = 'nova', - $nova_db_password = 'novapassword', - $nova_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_internal_proto = 'http', - $glance_api_port = 9292, - $verbose = true, - $debug = true, - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $neutron_endpoint = '127.0.0.1', - $neutron_protocol = 'http', - $neutron_password = 'neutronpassword', - $neutron_region_name = 'RegionOne', - $memcache_servers = ['127.0.0.1:11211'], - $availability_zone = 'RegionOne', - $cinder_endpoint_type = 'publicURL' -) { - - if !defined(Resource['nova_config']) { - resources { 'nova_config': - purge => true; - } - } - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - nova_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/nova' - } - - $encoded_user = uriescape($nova_db_user) - $encoded_password = uriescape($nova_db_password) - - if $nova_db_use_slave { - $slave_connection_url = "mysql://${encoded_user}:${encoded_password}@${nova_db_host}:3307/nova?charset=utf8" - } else { - $slave_connection_url = false - } - - class { 'nova::db': - database_connection => "mysql://${encoded_user}:${encoded_password}@${nova_db_host}/nova?charset=utf8", - slave_connection => $slave_connection_url, - database_idle_timeout => $nova_db_idle_timeout, - } - - class { 'nova': - rabbit_userid => 'nova', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${glance_api_port}", - memcached_servers => $memcache_servers, - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - nova_shell => '/bin/bash', - } - - class { 'nova::network::neutron': - neutron_admin_password => $neutron_password, - neutron_admin_auth_url => "${neutron_protocol}://${neutron_endpoint}:35357/v2.0", - neutron_url => "${neutron_protocol}://${neutron_endpoint}:9696", - neutron_region_name => $neutron_region_name - } - - nova_config { - 'DEFAULT/resume_guests_state_on_host_boot': value => true; - 'DEFAULT/servicegroup_driver': value => 'mc'; - 'DEFAULT/glance_num_retries': value => '10'; - 'DEFAULT/cinder_catalog_info': value => "volume:cinder:${cinder_endpoint_type}"; - } - -} diff --git a/manifests/compute/api.pp b/manifests/compute/api.pp deleted file mode 100644 index cef710a7..00000000 --- a/manifests/compute/api.pp +++ /dev/null @@ -1,140 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::api -# -# Install a Nova-API node -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_password*] -# (optional) Password used by Nova to connect to Keystone API -# Defaults to 'novapassword' -# -# [*neutron_metadata_proxy_shared_secret*] -# (optional) Shared secret to validate proxies Neutron metadata requests -# Defaults to 'metadatapassword' -# -# [*api_eth*] -# (optional) Hostname or IP to bind Nova API. -# Defaults to '127.0.0.1' -# -# [*ks_nova_public_port*] -# (optional) TCP port for bind Nova API. -# Defaults to '8774' -# -# [*ks_ec2_public_port*] -# (optional) TCP port for bind Nova EC2 API. -# Defaults to '8773' -# -# [*ks_metadata_public_port*] -# (optional) TCP port for bind Nova metadata API. -# Defaults to '8775' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -# [*pacemaker_enabled*] -# (optional) Manage Nova API with Pacemaker or not. -# Default to false -# -class cloud::compute::api( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_nova_password = 'novapassword', - $neutron_metadata_proxy_shared_secret = 'metadatapassword', - $api_eth = '127.0.0.1', - $ks_nova_public_port = '8774', - $ks_ec2_public_port = '8773', - $ks_metadata_public_port = '8775', - $firewall_settings = {}, - $pacemaker_enabled = false, -){ - - include cloud::compute - include cloud::params - include nova::params - - class { 'nova::api': - enabled => true, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - admin_password => $ks_nova_password, - api_bind_address => $api_eth, - metadata_listen => $api_eth, - neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_shared_secret, - osapi_v3 => true, - } - - if $pacemaker_enabled { - cloud::clustering::pacemaker_service { $::nova::params::api_service_name: - service_name => $::nova::params::api_service_name, - primitive_class => $::cloud::params::service_provider, - requires => Package[$::nova::params::api_package_name], - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow nova-api access': - port => $ks_nova_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow nova-metadata access': - port => $ks_metadata_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow nova-ec2 access': - port => $ks_ec2_public_port, - extras => $firewall_settings, - } - } - - include 'nova::cron::archive_deleted_rows' - - @@haproxy::balancermember{"${::fqdn}-compute_api_ec2": - listening_service => 'ec2_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_ec2_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-compute_api_nova": - listening_service => 'nova_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_nova_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-compute_api_metadata": - listening_service => 'metadata_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_metadata_public_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/compute/cert.pp b/manifests/compute/cert.pp deleted file mode 100644 index e9770fc7..00000000 --- a/manifests/compute/cert.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Certificate node -# -class cloud::compute::cert { - - include 'cloud::compute' - - class { 'nova::cert': - enabled => true, - } - -} diff --git a/manifests/compute/conductor.pp b/manifests/compute/conductor.pp deleted file mode 100644 index 4ac4031d..00000000 --- a/manifests/compute/conductor.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Conductor node -# -class cloud::compute::conductor { - - include 'cloud::compute' - - class { 'nova::conductor': - enabled => true, - } - -} diff --git a/manifests/compute/consoleauth.pp b/manifests/compute/consoleauth.pp deleted file mode 100644 index 4e282598..00000000 --- a/manifests/compute/consoleauth.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Compute Authenfication Console node -# -class cloud::compute::consoleauth { - - include 'cloud::compute' - - class { 'nova::consoleauth': - enabled => true, - } - -} diff --git a/manifests/compute/consoleproxy.pp b/manifests/compute/consoleproxy.pp deleted file mode 100644 index bfd815d1..00000000 --- a/manifests/compute/consoleproxy.pp +++ /dev/null @@ -1,95 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::consoleproxy -# -# Compute Proxy Console node -# -# === Parameters: -# -# [*api_eth*] -# (optional) Hostname or IP to bind Nova spicehtmlproxy service. -# Defaults to '127.0.0.1' -# -# [*console*] -# (optional) Nova's console type (spice or novnc) -# Defaults to 'novnc' -# -# [*protocol*] -# (optional) Nova's console protocol. -# Defaults to 'http' -# -# [*novnc_port*] -# (optional) TCP port to bind Nova novnc service. -# Defaults to '6080' -# -# [*spice_port*] -# (optional) TCP port to bind Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::compute::consoleproxy( - $api_eth = '127.0.0.1', - $console = 'novnc', - $protocol = 'http', - $novnc_port = '6080', - $spice_port = '6082', - $firewall_settings = {}, -){ - - include 'cloud::compute' - - case $console { - 'spice': { - $port = $spice_port - class { 'nova::spicehtml5proxy': - enabled => true, - host => $api_eth, - port => $port - } - } - 'novnc': { - $port = $novnc_port - class { 'nova::vncproxy': - enabled => true, - host => $api_eth, - port => $port, - vncproxy_protocol => $protocol - } - } - default: { - fail("Unsupported console type ${console}") - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ "100 allow ${console} access": - port => $port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-compute_${console}": - listening_service => "${console}_cluster", - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/compute/hypervisor.pp b/manifests/compute/hypervisor.pp deleted file mode 100644 index cef7ab55..00000000 --- a/manifests/compute/hypervisor.pp +++ /dev/null @@ -1,423 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::hypervisor -# -# Hypervisor Compute node -# -# === Parameters: -# -# [*server_proxyclient_address*] -# (optional) The IP address of the server running the console proxy client -# Defaults to '127.0.0.1' -# -# [*libvirt_type*] -# (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen -# Replaces libvirt_type -# Defaults to 'kvm' -# -# [*ks_nova_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_public_host*] -# (optional) Public Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*nova_ssh_public_key*] -# (optional) Install public key in .ssh/authorized_keys for the 'nova' user. -# Note: this parameter use the 'content' provider of Puppet, in consequence -# you must provide the entire ssh public key in this parameter. -# Defaults to undef -# -# [*nova_ssh_private_key*] -# (optional) Install private key into .ssh/id_rsa. -# Note: this parameter use the 'content' provider of Puppet, in consequence -# you must provide the entire ssh privatekey in this parameter. -# Defaults to undef -# -# [*console*] -# (optional) Nova's console type (spice or novnc) -# Defaults to 'novnc' -# -# [*novnc_port*] -# (optional) TCP port to connect to Nova vncproxy service. -# Defaults to '6080' -# -# [*spice_port*] -# (optional) TCP port to connect to Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*cinder_rbd_user*] -# (optional) The RADOS client name for accessing rbd volumes. -# Defaults to 'cinder' -# -# [*nova_rbd_pool*] -# (optional) The RADOS pool in which rbd volumes are stored. -# Defaults to 'vms' -# -# [*nova_rbd_secret_uuid*] -# (optional) The libvirt uuid of the secret for the cinder_rbd_user. -# Defaults to undef -# -# [*vm_rbd*] -# (optional) Enable or not ceph capabilities on compute node to store -# nova instances on ceph storage. -# Default to false. -# -# [*volume_rbd*] -# (optional) Enable or not ceph capabilities on compute node to attach -# cinder volumes backend by ceph on nova instances. -# Default to false. -# -# [*manage_tso*] -# (optional) Allow to manage or not TSO issue. -# Default to true. -# -# [*nfs_enabled*] -# (optional) Store (or not) instances on a NFS share. -# Defaults to false -# -# [*nfs_device*] -# (optional) NFS device to mount -# Example: 'nfs.example.com:/vol1' -# Required when nfs_enabled is at true. -# Defaults to false -# -# [*nfs_options*] -# (optional) NFS mount options -# Example: 'nfsvers=3,noacl' -# Defaults to 'defaults' -# -# [*filesystem_store_datadir*] -# (optional) Full path of data directory to store the instances. -# Don't modify this parameter if you don't know what you do. -# You may have side effects (SElinux for example). -# Defaults to '/var/lib/nova/instances' -# -# [*nova_shell*] -# (optional) Full path of shell to run for nova user. -# To disable live migration & resize, set it to '/bin/nologin' or false. -# Otherwise, set the value to '/bin/bash'. -# Need to be a valid shell path. -# Defaults to false -# -# [*ks_console_public_proto*] -# (optional) Protocol used to connect to console service. -# Defaults to false (use nova_public_proto) -# -# [*ks_console_public_host*] -# (optional) Hostname or IP used to connect to console service. -# Defaults to false (use nova_public_host) -# -# [*include_vswitch*] -# (optional) Should the class cloud::network::vswitch should be included. -# Defaults to true -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::compute::hypervisor( - $server_proxyclient_address = '127.0.0.1', - $libvirt_type = 'kvm', - $ks_nova_public_proto = 'http', - $ks_nova_public_host = '127.0.0.1', - $nova_ssh_private_key = undef, - $nova_ssh_public_key = undef, - $console = 'novnc', - $novnc_port = '6080', - $spice_port = '6082', - $ks_console_public_proto = 'http', - $ks_console_public_host = '127.0.0.1', - $cinder_rbd_user = 'cinder', - $nova_rbd_pool = 'vms', - $nova_rbd_secret_uuid = undef, - $vm_rbd = false, - $volume_rbd = false, - $manage_tso = true, - $nova_shell = false, - $firewall_settings = {}, - $include_vswitch = true, - # when using NFS storage backend - $nfs_enabled = false, - $nfs_device = false, - $nfs_options = 'defaults', - $filesystem_store_datadir = '/var/lib/nova/instances', -) inherits cloud::params { - - include 'cloud::compute' - include 'cloud::params' - include 'cloud::telemetry' - include 'cloud::network' - - if $include_vswitch { - include 'cloud::network::vswitch' - } - - if $libvirt_type == 'kvm' and ! $::vtx { - fail('libvirt_type is set to KVM and VTX seems to be disabled on this node.') - } - - if $nfs_enabled { - if ! $vm_rbd { - # There is no NFS backend in Nova. - # We mount the NFS share in filesystem_store_datadir to fake the - # backend. - if $nfs_device { - file { $filesystem_store_datadir: - ensure => 'directory', - owner => 'nova', - group => 'nova', - mode => '0755' - } - nova_config { 'DEFAULT/instances_path': value => $filesystem_store_datadir; } - $nfs_mount = { - "${filesystem_store_datadir}" => { - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => $nfs_device, - 'options' => $nfs_options - } - } - ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) - - # Not using /var/lib/nova/instances may cause side effects. - if $filesystem_store_datadir != '/var/lib/nova/instances' { - warning('filesystem_store_datadir is not /var/lib/nova/instances so you may have side effects (SElinux, etc)') - } - } else { - fail('When running NFS backend, you need to provide nfs_device parameter.') - } - } else { - fail('When running NFS backend, vm_rbd parameter cannot be set to true.') - } - } - - file{ '/var/lib/nova/.ssh': - ensure => directory, - mode => '0700', - owner => 'nova', - group => 'nova', - require => Class['nova'] - } -> - file{ '/var/lib/nova/.ssh/id_rsa': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => $nova_ssh_private_key - } -> - file{ '/var/lib/nova/.ssh/authorized_keys': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => $nova_ssh_public_key - } -> - file{ '/var/lib/nova/.ssh/config': - ensure => present, - mode => '0600', - owner => 'nova', - group => 'nova', - content => " -Host * - StrictHostKeyChecking no -" - } - - if $nova_shell { - ensure_resource ('user', 'nova', { - 'ensure' => 'present', - 'system' => true, - 'home' => '/var/lib/nova', - 'managehome' => false, - 'shell' => $nova_shell, - }) - } - - case $console { - 'spice': { - $vnc_enabled = false - class { 'nova::compute::spice': - server_listen => '0.0.0.0', - server_proxyclient_address => $server_proxyclient_address, - proxy_host => $ks_console_public_host, - proxy_protocol => $ks_console_public_proto, - proxy_port => $spice_port, - } - } - 'novnc': { - $vnc_enabled = true - } - default: { - fail("unsupported console type ${console}") - } - } - class { 'nova::compute': - enabled => true, - vnc_enabled => $vnc_enabled, - vncserver_proxyclient_address => $server_proxyclient_address, - vncproxy_host => $ks_console_public_host, - vncproxy_protocol => $ks_console_public_proto, - vncproxy_port => $novnc_port, - virtio_nic => false, - neutron_enabled => true, - default_availability_zone => $::cloud::compute::availability_zone, - } - - if $::osfamily == 'RedHat' { - file { '/etc/libvirt/qemu.conf': - ensure => file, - source => 'puppet:///modules/cloud/qemu/qemu.conf', - owner => root, - group => root, - mode => '0644', - notify => Service['libvirtd'] - } - if $vm_rbd and ($::operatingsystemmajrelease < 7) { - fail("RBD image backend in Nova is not supported in RHEL ${::operatingsystemmajrelease}.") - } - } - - # Disabling TSO/GSO/GRO - if $manage_tso { - if $::osfamily == 'Debian' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/update-rc.d disable-tso defaults', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } elsif $::osfamily == 'RedHat' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/chkconfig disable-tso on', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - ensure_resource ('exec','start-tso-script', { - 'command' => '/etc/init.d/disable-tso start', - 'unless' => '/usr/bin/test -f /var/run/disable-tso.pid', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - - if $::osfamily == 'Debian' { - service { 'dbus': - ensure => running, - enable => true, - before => Class['nova::compute::libvirt'], - } - } - - Service<| title == 'dbus' |> { enable => true } - - Service<| title == 'libvirt-bin' |> { enable => true } - - class { 'nova::compute::neutron': } - - if $vm_rbd or $volume_rbd { - - include 'cloud::storage::rbd' - - $libvirt_disk_cachemodes_real = ['network=writeback'] - - # when nova uses ceph for instances storage - if $vm_rbd { - class { 'nova::compute::rbd': - libvirt_rbd_user => $cinder_rbd_user, - libvirt_images_rbd_pool => $nova_rbd_pool - } - } else { - # when nova only needs to attach ceph volumes to instances - nova_config { - 'libvirt/rbd_user': value => $cinder_rbd_user; - } - } - # we don't want puppet-nova manages keyring - nova_config { - 'libvirt/rbd_secret_uuid': value => $nova_rbd_secret_uuid; - } - - File <<| tag == 'ceph_compute_secret_file' |>> - Exec <<| tag == 'get_or_set_virsh_secret' |>> - - # After setting virsh key, we need to restart nova-compute - # otherwise nova will fail to connect to RADOS. - Exec <<| tag == 'set_secret_value_virsh' |>> ~> Service['nova-compute'] - - # If Cinder & Nova reside on the same node, we need a group - # where nova & cinder users have read permissions. - ensure_resource('group', 'cephkeyring', { - ensure => 'present' - }) - - ensure_resource ('exec','add-nova-to-group', { - 'command' => 'usermod -a -G cephkeyring nova', - 'path' => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - 'unless' => 'groups nova | grep cephkeyring' - }) - - # Configure Ceph keyring - Ceph::Key <<| title == $cinder_rbd_user |>> - ensure_resource( - 'file', - "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$cinder_rbd_user], - notify => Service['nova-compute'], - } - ) - - Concat::Fragment <<| title == 'ceph-client-os' |>> - } else { - $libvirt_disk_cachemodes_real = [] - } - - class { 'nova::compute::libvirt': - libvirt_type => $libvirt_type, - # Needed to support migration but we still use Spice: - vncserver_listen => '0.0.0.0', - migration_support => true, - libvirt_disk_cachemodes => $libvirt_disk_cachemodes_real, - libvirt_service_name => $::cloud::params::libvirt_service_name, - libvirt_inject_key => false, - libvirt_inject_partition => '-2', - } - - # Extra config for nova-compute - nova_config { - 'libvirt/live_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST'; - 'libvirt/block_migration_flag': value => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC'; - } - - class { 'ceilometer::agent::compute': } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow instances console access': - port => '5900-5999', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow instances migration access': - port => ['16509', '49152-49215'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/compute/scheduler.pp b/manifests/compute/scheduler.pp deleted file mode 100644 index 7ec4e72e..00000000 --- a/manifests/compute/scheduler.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::compute::scheduler -# -# Compute Scheduler node -# -# === Parameters: -# -# [*scheduler_default_filters*] -# (optional) A comma separated list of filters to be used by default -# Defaults to false -# -class cloud::compute::scheduler( - $scheduler_default_filters = false -){ - - include 'cloud::compute' - - class { 'nova::scheduler': - enabled => true, - } - - class { 'nova::scheduler::filter': - scheduler_default_filters => $scheduler_default_filters, - } - -} diff --git a/manifests/dashboard.pp b/manifests/dashboard.pp deleted file mode 100644 index 383097f2..00000000 --- a/manifests/dashboard.pp +++ /dev/null @@ -1,211 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::dashboard -# -# Installs the OpenStack Dashboard (Horizon) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal address for endpoint. -# Defaults to '127.0.0.1' -# -# [*secret_key*] -# (optional) Secret key. This is used by Django to provide cryptographic -# signing, and should be set to a unique, unpredictable value. -# Defaults to 'secrete' -# -# [*horizon_port*] -# (optional) Port used to connect to OpenStack Dashboard -# Defaults to '80' -# -# [*horizon_ssl_port*] -# (optional) Port used to connect to OpenStack Dashboard using SSL -# Defaults to '443' -# -# [*api_eth*] -# (optional) Which interface we bind the Horizon server. -# Defaults to '127.0.0.1' -# -# [*servername*] -# (optional) DNS name used to connect to OpenStack Dashboard. -# Default value fqdn. -# -# [*listen_ssl*] -# (optional) Enable SSL on OpenStack Dashboard vhost -# It requires SSL files (keys and certificates) -# Defaults false -# -# [*keystone_proto*] -# (optional) Protocol (http or https) of keystone endpoint. -# Defaults to 'http' -# -# [*keystone_host*] -# (optional) IP / Host of keystone endpoint. -# Defaults '127.0.0.1' -# -# [*keystone_port*] -# (optional) TCP port of keystone endpoint. -# Defaults to '5000' -# -# [*debug*] -# (optional) Enable debug or not. -# Defaults to true -# -# [*horizon_cert*] -# (required with listen_ssl) Certificate to use for SSL support. -# -# [*horizon_key*] -# (required with listen_ssl) Private key to use for SSL support. -# -# [*horizon_ca*] -# (required with listen_ssl) CA certificate to use for SSL support. -# -# [*ssl_forward*] -# (optional) Forward HTTPS proto in the headers -# Useful when activating SSL binding on HAproxy and not in Horizon. -# Defaults to false -# -# [*os_endpoint_type*] -# (optional) endpoint type to use for the endpoints in the Keystone -# service catalog. Defaults to 'undef'. -# -# [*allowed_hosts*] -# (optional) List of hosts which will be set as value of ALLOWED_HOSTS -# parameter in settings_local.py. This is used by Django for -# security reasons. Can be set to * in environments where security is -# deemed unimportant. -# Defaults to ::fqdn. -# -# [*vhost_extra_params*] -# (optionnal) extra parameter to pass to the apache::vhost class -# Defaults to {} -# -# [*neutron_extra_options*] -# (optional) Enable optional services provided by neutron -# Useful when using cisco n1kv plugin, vpnaas or fwaas. -# Default to {} -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::dashboard( - $ks_keystone_internal_host = '127.0.0.1', - $secret_key = 'secrete', - $horizon_port = 80, - $horizon_ssl_port = 443, - $servername = $::fqdn, - $api_eth = '127.0.0.1', - $keystone_host = '127.0.0.1', - $keystone_proto = 'http', - $keystone_port = 5000, - $debug = true, - $listen_ssl = false, - $horizon_cert = undef, - $horizon_key = undef, - $horizon_ca = undef, - $ssl_forward = false, - $os_endpoint_type = undef, - $allowed_hosts = $::fqdn, - $vhost_extra_params = {}, - $neutron_extra_options = {}, - $firewall_settings = {}, -) { - - # We build the param needed for horizon class - $keystone_url = "${keystone_proto}://${keystone_host}:${keystone_port}/v2.0" - - # Apache2 specific configuration - if $ssl_forward { - $setenvif = ['X-Forwarded-Proto https HTTPS=1'] - } else { - $setenvif = [] - } - $extra_params = { - 'add_listen' => true, - 'setenvif' => $setenvif - } - $vhost_extra_params_real = merge ($extra_params, $vhost_extra_params) - - $neutron_options = { - 'enable_lb' => true - } - $neutron_options_real = merge ($neutron_options, $neutron_extra_options) - - class { 'horizon': - secret_key => $secret_key, - servername => $servername, - bind_address => $api_eth, - keystone_url => $keystone_url, - cache_server_ip => false, - django_debug => $debug, - neutron_options => $neutron_options_real, - listen_ssl => $listen_ssl, - horizon_cert => $horizon_cert, - horizon_key => $horizon_key, - horizon_ca => $horizon_ca, - vhost_extra_params => $vhost_extra_params_real, - openstack_endpoint_type => $os_endpoint_type, - allowed_hosts => $allowed_hosts, - } - - if ($::osfamily == 'Debian') { - # TODO(Goneri): HACK to ensure Horizon can cache its files - $horizon_var_dir = ['/var/lib/openstack-dashboard/static/js','/var/lib/openstack-dashboard/static/css'] - file {$horizon_var_dir: - ensure => directory, - owner => 'horizon', - group => 'horizon', - } - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow horizon access': - port => $horizon_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-horizon": - listening_service => 'horizon_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $horizon_port, - options => "check inter 2000 rise 2 fall 5 cookie ${::hostname}" - } - - if $listen_ssl { - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow horizon ssl access': - port => $horizon_ssl_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-horizon-ssl": - listening_service => 'horizon_ssl_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $horizon_ssl_port, - options => "check inter 2000 rise 2 fall 5 cookie ${::hostname}" - } - - } - -} diff --git a/manifests/database/dbaas.pp b/manifests/database/dbaas.pp deleted file mode 100644 index ec941a65..00000000 --- a/manifests/database/dbaas.pp +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas -# -# Common class to install OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*trove_db_host*] -# (optional) Hostname or IP address to connect to trove database -# Defaults to '127.0.0.1' -# -# [*trove_db_user*] -# (optional) Username to connect to trove database -# Defaults to 'trove' -# -# [*trove_db_password*] -# (optional) Password to connect to trove database -# Defaults to 'trovepassword' -# -# [*trove_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*nova_admin_username*] -# (optional) Trove username used to connect to nova. -# Defaults to 'trove' -# -# [*nova_admin_password*] -# (optional) Trove password used to connect to nova. -# Defaults to 'trovepassword' -# -# [*nova_admin_tenant_name*] -# (optional) Trove tenant name used to connect to nova. -# Defaults to 'services' -# -class cloud::database::dbaas( - $trove_db_host = '127.0.0.1', - $trove_db_user = 'trove', - $trove_db_password = 'trovepassword', - $trove_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $nova_admin_username = 'trove', - $nova_admin_tenant_name = 'services', - $nova_admin_password = 'trovepassword', -) { - - $encoded_user = uriescape($trove_db_user) - $encoded_password = uriescape($trove_db_password) - - class { 'trove': - database_connection => "mysql://${encoded_user}:${encoded_password}@${trove_db_host}/trove?charset=utf8", - database_idle_timeout => $trove_db_idle_timeout, - mysql_module => '2.2', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'trove', - nova_proxy_admin_pass => $nova_admin_password, - nova_proxy_admin_user => $nova_admin_username, - nova_proxy_admin_tenant_name => $nova_admin_tenant_name - } - - exec {'trove_db_sync': - command => 'trove-manage db_sync', - user => 'trove', - path => '/usr/bin', - unless => "/usr/bin/mysql trove -h ${trove_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - -} diff --git a/manifests/database/dbaas/api.pp b/manifests/database/dbaas/api.pp deleted file mode 100644 index 1c7b4b11..00000000 --- a/manifests/database/dbaas/api.pp +++ /dev/null @@ -1,104 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::api -# -# Class to install API service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_trove_password*] -# (required) Password used by trove for Keystone authentication. -# Default: 'trovepassword' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -# [*api_eth*] -# (optional) Hostname or IP to bind Trove API. -# Defaults to '127.0.0.1' -# -# [*ks_trove_public_port*] -# (optional) TCP public port used to connect to Trove API. -# Defaults to '8779' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::dbaas::api( - $ks_trove_password = 'trovepassword', - $verbose = true, - $debug = true, - $use_syslog = true, - $api_eth = '127.0.0.1', - $ks_trove_public_port = '8779', - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $firewall_settings = {}, -) { - - include 'cloud::database::dbaas' - - class { 'trove::api': - verbose => $verbose, - debug => $debug, - use_syslog => $use_syslog, - bind_host => $api_eth, - bind_port => $ks_trove_public_port, - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - keystone_password => $ks_trove_password, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow trove-api access': - port => $ks_trove_public_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-trove_api": - listening_service => 'trove_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_trove_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/database/dbaas/conductor.pp b/manifests/database/dbaas/conductor.pp deleted file mode 100644 index 6787b0ba..00000000 --- a/manifests/database/dbaas/conductor.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::conductor -# -# Class to install Conductor service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -class cloud::database::dbaas::conductor( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $verbose = true, - $debug = true, - $use_syslog = true, -) { - - include 'cloud::database::dbaas' - - class { 'trove::conductor': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - debug => $debug, - verbose => $verbose, - use_syslog => $use_syslog - } - -} diff --git a/manifests/database/dbaas/taskmanager.pp b/manifests/database/dbaas/taskmanager.pp deleted file mode 100644 index 47b72785..00000000 --- a/manifests/database/dbaas/taskmanager.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::dbaas::taskmanager -# -# Class to install Taskmanager service of OpenStack Database as a Service (Trove) -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP internal port used to connect to Keystone API. -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to Keystone API. -# Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*verbose*] -# (optional) Rather to log the trove api service at verbose level. -# Default: true -# -# [*debug*] -# (optional) Rather to log the trove api service at debug level. -# Default: true -# -# [*use_syslog*] -# (optional) Use syslog for logging. -# Defaults to true -# -class cloud::database::dbaas::taskmanager( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $debug = true, - $verbose = true, - $use_syslog = true -) { - - include 'cloud::database::dbaas' - - class { 'trove::taskmanager': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - debug => $debug, - verbose => $verbose, - use_syslog => $use_syslog - } - -} diff --git a/manifests/database/nosql/cassandra.pp b/manifests/database/nosql/cassandra.pp deleted file mode 100644 index abcacd38..00000000 --- a/manifests/database/nosql/cassandra.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::cassandra -# -# Install a Cassandra node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::cassandra ( - $firewall_settings = {}, -){ - - include ::cassandra - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow cassandra access': - port => '7000', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/elasticsearch.pp b/manifests/database/nosql/elasticsearch.pp deleted file mode 100644 index c4383a0a..00000000 --- a/manifests/database/nosql/elasticsearch.pp +++ /dev/null @@ -1,58 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::elasticsearch -# -# Install an ElasticSearch server -# -# === Parameters: -# -# [*listen_port*] -# (optional) Port on which ElasticSearch instance should listen -# Defaults to '9200' -# -# [*listen_ip*] -# (optional) IP address on which ElasticSearch instance should listen -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::elasticsearch ( - $listen_port = '9200', - $listen_ip = '127.0.0.1', - $firewall_settings = {}, -){ - - include ::elasticsearch - - @@haproxy::balancermember{"${::fqdn}-es_cluster": - listening_service => 'elasticsearch', - server_names => $::hostname, - ipaddresses => $listen_ip, - ports => $listen_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow elasticsearch access': - port => $listen_port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/kafka.pp b/manifests/database/nosql/kafka.pp deleted file mode 100644 index 490a7f72..00000000 --- a/manifests/database/nosql/kafka.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::kafka -# -# Install a Kafka broket -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::kafka ( - $firewall_settings = {}, -){ - - include ::kafka::broker - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow kafka access': - port => '9092', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/memcached.pp b/manifests/database/nosql/memcached.pp deleted file mode 100644 index 7cb675c2..00000000 --- a/manifests/database/nosql/memcached.pp +++ /dev/null @@ -1,48 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::memcached -# -# Install a Memcached server (used by OpenStack services) -# -# === Parameters: -# -# [*listen_ip*] -# (optional) IP address on which memcached instance should listen -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::memcached ( - $listen_ip = '127.0.0.1', - $firewall_settings = {}, -){ - - class { '::memcached': - listen_ip => $listen_ip, - max_memory => '60%', - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow memcached access': - port => '11211', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/mongodb/mongod.pp b/manifests/database/nosql/mongodb/mongod.pp deleted file mode 100644 index 69285527..00000000 --- a/manifests/database/nosql/mongodb/mongod.pp +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::mongodb::mongod -# -# Install a MongoDB server & the replicasets -# -# === Parameters: -# -# [*enable*] -# (optional) Should mongod be running. -# Defaults to 'true' -# -# [*replset*] -# (optional) MongoDB replicaset to configure -# Define the replset to enable on the mongodb server -# Example: -# { 'ceilometer' => { 'members' => '10.0.0.1:27017' }} -# Defaults to {} -# -# [*mongod_port*] -# (optional) Port for the firewall to enable -# Based on the mode the mongod process is started with, the port -# it will listen on might change. -# Defaults to '27017' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Defaults to {} -# -class cloud::database::nosql::mongodb::mongod( - $enable = true, - $replset = {}, - $mongod_port = '27017', - $firewall_settings = {}, -) { - - if $enable { - include ::mongodb::globals - include ::mongodb::server - create_resources('mongodb_replset', $replset) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow mongod access': - port => $mongod_port, - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/database/nosql/mongodb/mongos.pp b/manifests/database/nosql/mongodb/mongos.pp deleted file mode 100644 index 7d57dc24..00000000 --- a/manifests/database/nosql/mongodb/mongos.pp +++ /dev/null @@ -1,69 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::mongodb::mongos -# -# Install and configure mongos (daemon responsible for sharding in MongoDB) -# -# === Parameters: -# -# [*enable*] -# (optional) Should mongos be running. -# Defaults to 'true' -# -# [*shards*] -# (optional) Hash of shards to create -# Example : -# { 'ceilometer' => -# { -# 'member' => 'ceilometer/10.0.0.1:27018', -# 'keys' => [{'ceilometer.name' => { 'name' => 1 }}, {'ceilometer.foo' => { 'bar' => 1 }}] -# } -# } -# Defaults to {} -# -# [*mongos_port*] -# (optional) Port for the firewall to enable -# Based on the mode the mongos process is started with, the port -# it will listen on might change. -# Defaults to '27017' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Defaults to {} -# -# -class cloud::database::nosql::mongodb::mongos( - $enable = true, - $shards = {}, - $mongos_port = '27017', - $firewall_settings = {}, -) { - - if $enable { - include ::mongodb::globals - include ::mongodb::mongos - create_resources('mongodb_shard', $shards) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow mongos access': - port => $mongos_port, - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/database/nosql/redis/sentinel.pp b/manifests/database/nosql/redis/sentinel.pp deleted file mode 100644 index 9ee65d43..00000000 --- a/manifests/database/nosql/redis/sentinel.pp +++ /dev/null @@ -1,67 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::redis::sentinel -# -# Install a Redis sentinel node (used by OpenStack & monitoring services) -# -# === Parameters: -# -# [*port*] -# (optional) Port where Redis is binded. -# Used for firewall purpose. -# Default to 26379 -# -# [*haproxy_monitor_ip*] -# (optional) IP on which the HAProxy API is listening on -# Used for redis master failover purpose -# Default to 127.0.0.1 -# -# [*haproxy_monitor_port*] -# (optional) Port on which the HAProxy API is listening on -# Used for redis master failover purpose -# Default to 10300 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::redis::sentinel( - $port = 26379, - $haproxy_monitor_ip = '127.0.0.1', - $haproxy_monitor_port = '10300', - $firewall_settings = {}, -) { - - include ::redis::sentinel - - file { '/bin/redis-notifications.sh': - ensure => present, - owner => 'root', - group => 'root', - mode => '0755', - content => template('cloud/database/redis-notifications.sh.erb'), - before => Service['redis-sentinel'], - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow redis sentinel access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/redis/server.pp b/manifests/database/nosql/redis/server.pp deleted file mode 100644 index cb627e7e..00000000 --- a/manifests/database/nosql/redis/server.pp +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::redis::server -# -# Install a Redis server (used by OpenStack & monitoring services) -# -# === Parameters: -# -# [*bind_ip*] -# (optional) Address on which Redis is listening on -# Defaults to '127.0.0.1' -# -# [*port*] -# (optional) Port where Redis is binded. -# Used for firewall purpose. -# Default to 6379 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::redis::server( - $bind_ip = '127.0.0.1', - $port = 6379, - $firewall_settings = {}, -) { - - include ::redis - - @@haproxy::balancermember{"${::fqdn}-redis": - listening_service => 'redis_cluster', - server_names => $::hostname, - ipaddresses => $bind_ip, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow redis server access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/nosql/zookeeper.pp b/manifests/database/nosql/zookeeper.pp deleted file mode 100644 index 843579f7..00000000 --- a/manifests/database/nosql/zookeeper.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::database::nosql::zookeeper -# -# Install a Zookeeper node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::nosql::zookeeper ( - $firewall_settings = {}, -){ - - include ::zookeeper - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow zookeeper access': - port => '2181', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/database/sql/mysql.pp b/manifests/database/sql/mysql.pp deleted file mode 100644 index e8fc7663..00000000 --- a/manifests/database/sql/mysql.pp +++ /dev/null @@ -1,572 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless optional by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# MySQL Galera Node -# -# === Parameters -# -# [*api_eth*] -# (optional) Hostname or IP to bind MySQL daemon. -# Defaults to '127.0.0.1' -# -# [*galera_master_name*] -# (optional) Hostname or IP of the Galera master node, databases and users -# resources are created on this node and propagated on the cluster. -# Defaults to 'mgmt001' -# -# [*galera_internal_ips*] -# (optional) Array of internal ip of the galera nodes. -# Defaults to ['127.0.0.1'] -# -# [*galera_gcache*] -# (optional) Size of the Galera gcache -# wsrep_provider_options, for master/slave mode -# Defaults to '1G' -# -# [*keystone_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*keystone_db_user*] -# (optional) Name of keystone DB user. -# Defaults to trove -# -# [*keystone_db_password*] -# (optional) Password that will be used for the Keystone db user. -# Defaults to 'keystonepassword' -# -# [*keystone_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*cinder_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*cinder_db_user*] -# (optional) Name of cinder DB user. -# Defaults to trove -# -# [*cinder_db_password*] -# (optional) Password that will be used for the cinder db user. -# Defaults to 'cinderpassword' -# -# [*cinder_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*glance_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*glance_db_user*] -# (optional) Name of glance DB user. -# Defaults to trove -# -# [*glance_db_password*] -# (optional) Password that will be used for the glance db user. -# Defaults to 'glancepassword' -# -# [*glance_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*heat_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*heat_db_user*] -# (optional) Name of heat DB user. -# Defaults to trove -# -# [*heat_db_password*] -# (optional) Password that will be used for the heat db user. -# Defaults to 'heatpassword' -# -# [*heat_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*nova_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*nova_db_user*] -# (optional) Name of nova DB user. -# Defaults to trove -# -# [*nova_db_password*] -# (optional) Password that will be used for the nova db user. -# Defaults to 'novapassword' -# -# [*nova_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*neutron_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*neutron_db_user*] -# (optional) Name of neutron DB user. -# Defaults to trove -# -# [*neutron_db_password*] -# (optional) Password that will be used for the neutron db user. -# Defaults to 'neutronpassword' -# -# [*neutron_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*trove_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*trove_db_user*] -# (optional) Name of trove DB user. -# Defaults to trove -# -# [*trove_db_password*] -# (optional) Password that will be used for the trove db user. -# Defaults to 'trovepassword' -# -# [*trove_db_allowed_hosts*] -# (optional) Hosts allowed to use the database -# Defaults to ['127.0.0.1'] -# -# [*mysql_root_password*] -# (optional) The MySQL root password. -# Puppet will attempt to set the root password and update `/root/.my.cnf` with it. -# Defaults to 'rootpassword' -# -# [*mysql_sys_maint_password*] -# (optional) The MySQL debian-sys-maint password. -# Debian only parameter. -# Defaults to 'sys_maint' -# -# [*galera_clustercheck_dbuser*] -# (optional) The MySQL username for Galera cluster check (using monitoring database) -# Defaults to 'clustercheck' -# -# [*galera_clustercheck_dbpassword*] -# (optional) The MySQL password for Galera cluster check -# Defaults to 'clustercheckpassword' -# -# [*galera_clustercheck_ipaddress*] -# (optional) The name or ip address of host running monitoring database (clustercheck) -# Defaults to '127.0.0.1' -# -# [*open_files_limit*] -# (optional) An integer that specifies the open_files_limit for MySQL -# Defaults to 65535 -# -# [*max_connections*] -# (optional) An integer that specifies the max_connections for MySQL -# Defaults to 4096 -# -# [*mysql_systemd_override_settings*] -# (optional) An hash of setting to override for MariaDB unit file. -# Defaults to {} -# Example : { 'LimitNOFILE' => 'infinity', 'LimitNPROC' => 4, 'TimeoutSec' => '30' } -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::database::sql::mysql ( - $api_eth = '127.0.0.1', - $galera_master_name = 'mgmt001', - $galera_internal_ips = ['127.0.0.1'], - $galera_gcache = '1G', - $keystone_db_host = '127.0.0.1', - $keystone_db_user = 'keystone', - $keystone_db_password = 'keystonepassword', - $keystone_db_allowed_hosts = ['127.0.0.1'], - $cinder_db_host = '127.0.0.1', - $cinder_db_user = 'cinder', - $cinder_db_password = 'cinderpassword', - $cinder_db_allowed_hosts = ['127.0.0.1'], - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_allowed_hosts = ['127.0.0.1'], - $heat_db_host = '127.0.0.1', - $heat_db_user = 'heat', - $heat_db_password = 'heatpassword', - $heat_db_allowed_hosts = ['127.0.0.1'], - $nova_db_host = '127.0.0.1', - $nova_db_user = 'nova', - $nova_db_password = 'novapassword', - $nova_db_allowed_hosts = ['127.0.0.1'], - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_allowed_hosts = ['127.0.0.1'], - $trove_db_host = '127.0.0.1', - $trove_db_user = 'trove', - $trove_db_password = 'trovepassword', - $trove_db_allowed_hosts = ['127.0.0.1'], - $mysql_root_password = 'rootpassword', - $mysql_sys_maint_password = 'sys_maint', - $galera_clustercheck_dbuser = 'clustercheck', - $galera_clustercheck_dbpassword = 'clustercheckpassword', - $galera_clustercheck_ipaddress = '127.0.0.1', - $open_files_limit = 65535, - $max_connections = 4096, - $mysql_systemd_override_settings = {}, - $firewall_settings = {}, -) { - - include 'xinetd' - - if $mysql_systemd_override_settings['LimitNOFILE'] { - $open_files_limit_real = $mysql_systemd_override_settings['LimitNOFILE'] - $mysql_systemd_override_settings_real = $mysql_systemd_override_settings - } else { - $open_files_limit_real = $open_files_limit - $mysql_systemd_override_settings_real = merge($mysql_systemd_override_settings, { 'LimitNOFILE' => $open_files_limit}) - } - - $gcomm_definition = inline_template('<%= @galera_internal_ips.join(",") + "?pc.wait_prim=no" -%>') - - # Specific to the Galera master node - if $::hostname == $galera_master_name { - - $mysql_root_password_real = $mysql_root_password - - # OpenStack DB - class { 'keystone::db::mysql': - dbname => 'keystone', - user => $keystone_db_user, - password => $keystone_db_password, - host => $keystone_db_host, - allowed_hosts => $keystone_db_allowed_hosts, - } - class { 'glance::db::mysql': - dbname => 'glance', - user => $glance_db_user, - password => $glance_db_password, - host => $glance_db_host, - allowed_hosts => $glance_db_allowed_hosts, - } - class { 'nova::db::mysql': - dbname => 'nova', - user => $nova_db_user, - password => $nova_db_password, - host => $nova_db_host, - allowed_hosts => $nova_db_allowed_hosts, - } - class { 'cinder::db::mysql': - dbname => 'cinder', - user => $cinder_db_user, - password => $cinder_db_password, - host => $cinder_db_host, - allowed_hosts => $cinder_db_allowed_hosts, - } - class { 'neutron::db::mysql': - dbname => 'neutron', - user => $neutron_db_user, - password => $neutron_db_password, - host => $neutron_db_host, - allowed_hosts => $neutron_db_allowed_hosts, - } - class { 'heat::db::mysql': - dbname => 'heat', - user => $heat_db_user, - password => $heat_db_password, - host => $heat_db_host, - allowed_hosts => $heat_db_allowed_hosts, - } - class { 'trove::db::mysql': - dbname => 'trove', - user => $trove_db_user, - password => $trove_db_password, - host => $trove_db_host, - allowed_hosts => $trove_db_allowed_hosts, - } - - # Monitoring DB - mysql_database { 'monitoring': - ensure => 'present', - charset => 'utf8', - collate => 'utf8_general_ci', - require => File['/root/.my.cnf'] - } - mysql_user { "${galera_clustercheck_dbuser}@localhost": - ensure => 'present', - # can not change password in clustercheck script - password_hash => mysql_password($galera_clustercheck_dbpassword), - require => File['/root/.my.cnf'] - } - mysql_grant { "${galera_clustercheck_dbuser}@localhost/monitoring": - ensure => 'present', - options => ['GRANT'], - privileges => ['ALL'], - table => 'monitoring.*', - user => "${galera_clustercheck_dbuser}@localhost", - } - - Database_user<<| |>> - } else { - # NOTE(sileht): Only the master must create the password - # into the database, slave nodes must just use the password. - # The one in the database have been retrieved via galera. - file { "${::root_home}/.my.cnf": - content => "[client]\nuser=root\nhost=localhost\npassword=${mysql_root_password}\n", - owner => 'root', - mode => '0600', - } - } - - # Specific to Red Hat or Debian systems: - case $::osfamily { - 'RedHat': { - # Specific to Red Hat - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb' - $wsrep_provider = '/usr/lib64/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/my.cnf' - $mysql_init_file = '/usr/lib/systemd/system/mysql-bootstrap.service' - - if $::hostname == $galera_master_name { - $mysql_service_name = 'mysql-bootstrap' - if !str2bool($::galera_bootstrapped) { - $wsrep_new_cluster = '--wsrep-new-cluster' - } else { - $wsrep_new_cluster = '' - } - } else { - $mysql_service_name = 'mariadb' - } - - $dirs = [ '/var/run/mysqld', '/var/log/mysql' ] - - file { $dirs: - ensure => directory, - mode => '0750', - before => Service['mysqld'], - owner => 'mysql' - } - - # In Red Hat, the package does not perform the mysql db installation. - # We need to do this manually. - # Note: in MariaDB repository, package perform this action in post-install, - # but MariaDB is not packaged for Red Hat / CentOS 7 in MariaDB repository. - exec { 'bootstrap-mysql': - command => '/usr/bin/mysql_install_db --rpm --user=mysql', - unless => '/usr/bin/test -d /var/lib/mysql/mysql', - before => Service['mysqld'], - require => [Package[$mysql_server_package_name], File[$mysql_server_config_file]] - } - - if $::operatingsystemmajrelease >= 7 { - file { "/etc/systemd/system/${mysql_service_name}.service.d" : - ensure => directory, - } - file { "/etc/systemd/system/${mysql_service_name}.service.d/custom.conf" : - content => template('cloud/database/systemd-custom.conf.erb'), - owner => 'root', - mode => '0755', - group => 'root', - notify => [Service['mysqld'], Exec['mariadb-sysctl-daemon-reload']], - } - exec { 'mariadb-sysctl-daemon-reload' : - command => '/usr/bin/systemctl daemon-reload', - refreshonly => true, - notify => Service['mysqld'], - } - } - - } # RedHat - 'Debian': { - # Specific to Debian / Ubuntu - $mysql_server_package_name = 'mariadb-galera-server' - $mysql_client_package_name = 'mariadb-client' - $wsrep_provider = '/usr/lib/galera/libgalera_smm.so' - $mysql_server_config_file = '/etc/mysql/my.cnf' - $mysql_init_file = '/etc/init.d/mysql-bootstrap' - - if $::hostname == $galera_master_name { - $mysql_service_name = 'mysql-bootstrap' - } else { - $mysql_service_name = 'mysql' - } - - mysql_user { 'debian-sys-maint@localhost': - ensure => 'present', - password_hash => mysql_password($mysql_sys_maint_password), - require => File['/root/.my.cnf'] - } - - file{'/etc/mysql/debian.cnf': - ensure => file, - content => template('cloud/database/debian.cnf.erb'), - owner => 'root', - group => 'root', - mode => '0600', - require => Exec['clean-mysql-binlog'], - } - } # Debian - default: { - fail("${::osfamily} not supported yet") - } - } - - # This is due to this bug: https://bugs.launchpad.net/codership-mysql/+bug/1087368 - # The backport to API 23 requires a command line option --wsrep-new-cluster: - # http://bazaar.launchpad.net/~codership/codership-mysql/wsrep-5.5/revision/3844?start_revid=3844 - # and the mysql init script cannot have arguments passed to the daemon - # using /etc/default/mysql standart mechanism. - # To check that the mysqld support the options you can : - # strings `which mysqld` | grep wsrep-new-cluster - # TODO: to be remove as soon as the API 25 is packaged, ie galera 3 ... - if $::osfamily == 'RedHat' and $::operatingsystemmajrelease >= 7 { - $mysql_service_notify = Exec['mariadb-sysctl-daemon-reload'] - } else { - $mysql_service_notify = Service['mysqld'] - } - file { $mysql_init_file : - content => template("cloud/database/etc_initd_mysql_${::osfamily}"), - owner => 'root', - mode => '0755', - group => 'root', - notify => $mysql_service_notify, - before => Package[$mysql_server_package_name], - } - - if $::osfamily == 'Debian' { - # The startup time can be longer than the default 30s so we take - # care of it there. Until this bug is not resolved - # https://mariadb.atlassian.net/browse/MDEV-5540, we have to do it - # the ugly way. - file_line { 'debian_increase_mysql_startup_time': - line => 'MYSQLD_STARTUP_TIMEOUT=120', - path => '/etc/init.d/mysql', - after => '^CONF=', - require => Package[$mysql_server_package_name], - notify => Service['mysqld'], - } - } - - class { 'mysql::server': - manage_config_file => false, - config_file => $mysql_server_config_file, - package_name => $mysql_server_package_name, - service_name => $mysql_service_name, - override_options => { - 'mysqld' => { - 'bind-address' => $api_eth - } - }, - root_password => $mysql_root_password_real, - notify => Service['xinetd'], - } - - file { $mysql_server_config_file: - content => template('cloud/database/mysql.conf.erb'), - mode => '0644', - owner => 'root', - group => 'root', - notify => [Service['mysqld'],Exec['clean-mysql-binlog']], - require => Package[$mysql_server_package_name], - } - - class { 'mysql::client': - package_name => $mysql_client_package_name, - } - - # Haproxy http monitoring - augeas { 'mysqlchk': - context => '/files/etc/services', - changes => [ - 'ins service-name after service-name[last()]', - 'set service-name[last()] "mysqlchk"', - 'set service-name[. = "mysqlchk"]/port 8200', - 'set service-name[. = "mysqlchk"]/protocol tcp', - ], - onlyif => 'match service-name[. = "mysqlchk"] size == 0', - notify => [ Service['xinetd'], Exec['reload_xinetd'] ] - } - - file { - '/etc/xinetd.d/mysqlchk': - content => template('cloud/database/mysqlchk.erb'), - owner => 'root', - group => 'root', - mode => '0755', - require => File['/usr/bin/clustercheck'], - notify => [ Service['xinetd'], Exec['reload_xinetd'] ]; - '/usr/bin/clustercheck': - ensure => present, - content => template('cloud/database/clustercheck.erb'), - mode => '0755', - owner => 'root', - group => 'root'; - } - - # The puppet-xinetd module do not correctly reload - # the configuration on “notify” - # TODO(Goneri): remove this once https://github.com/puppetlabs/puppetlabs-xinetd/pull/9 - # get merged - exec{ 'reload_xinetd': - command => '/usr/bin/pkill -F /var/run/xinetd.pid --signal HUP', - refreshonly => true, - require => Service['xinetd'], - } - - exec{'clean-mysql-binlog': - # first sync take a long time - command => "/bin/bash -c '/usr/bin/mysqladmin --defaults-file=/root/.my.cnf shutdown ; /bin/rm ${::mysql::params::datadir}/ib_logfile*'", - path => '/usr/bin', - notify => Service['mysqld'], - refreshonly => true, - onlyif => "stat ${::mysql::params::datadir}/ib_logfile0 && test `du -sh ${::mysql::params::datadir}/ib_logfile0 | cut -f1` != '256M'", - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera access': - port => ['3306', '4567', '4568', '4444'], - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow mysqlchk access': - port => '8200', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow mysql rsync access': - port => '873', - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{$::fqdn: - listening_service => 'galera_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => '3306', - options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname != @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') - } - - @@haproxy::balancermember{"${::fqdn}-readonly": - listening_service => 'galera_readonly_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => '3306', - options => - inline_template('check inter 2000 rise 2 fall 5 port 8200 <% if @hostname == @galera_master_name -%>backup<% end %> on-marked-down shutdown-sessions') - } -} diff --git a/manifests/firewall/post.pp b/manifests/firewall/post.pp deleted file mode 100644 index 33a80bbe..00000000 --- a/manifests/firewall/post.pp +++ /dev/null @@ -1,51 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::firewall::post -# -# Firewall rules during 'post' Puppet stage -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::firewall::post( - $debug = false, - $firewall_settings = {}, -){ - - if $debug { - warning('debug is enabled, the traffic is not blocked.') - } else { - firewall { '998 log all': - proto => 'all', - jump => 'LOG', - } - cloud::firewall::rule{ '999 drop all': - proto => 'all', - action => 'drop', - extras => $firewall_settings, - } - notice('At this stage, all network traffic is blocked.') - } - -} diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp deleted file mode 100644 index 9d9b73f3..00000000 --- a/manifests/firewall/pre.pp +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::firewall::pre -# -# Firewall rules during 'pre' Puppet stage -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::firewall::pre( - $firewall_settings = {}, -){ - - # ensure the correct packages are installed - include firewall - - # defaults 'pre' rules - cloud::firewall::rule{ '000 accept related established rules': - proto => 'all', - state => ['RELATED', 'ESTABLISHED'], - extras => $firewall_settings, - } - - cloud::firewall::rule{ '001 accept all icmp': - proto => 'icmp', - extras => $firewall_settings, - } - - cloud::firewall::rule{ '002 accept all to lo interface': - proto => 'all', - iniface => 'lo', - extras => $firewall_settings, - } - - cloud::firewall::rule{ '003 accept ssh': - port => '22', - extras => $firewall_settings, - } - -} diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp deleted file mode 100644 index 2dc97ef8..00000000 --- a/manifests/firewall/rule.pp +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Define:: -# -# cloud::firewall -# -define cloud::firewall::rule ( - $port = undef, - $proto = 'tcp', - $action = 'accept', - $state = ['NEW'], - $source = '0.0.0.0/0', - $iniface = undef, - $chain = 'INPUT', - $extras = {}, -) { - - $basic = { - 'port' => $port, - 'proto' => $proto, - 'action' => $action, - 'state' => $state, - 'source' => $source, - 'iniface' => $iniface, - 'chain' => $chain, - } - - $rule = merge($basic, $extras) - validate_hash($rule) - - create_resources('firewall', { "${title}" => $rule }) - -} diff --git a/manifests/identity.pp b/manifests/identity.pp deleted file mode 100644 index c091e042..00000000 --- a/manifests/identity.pp +++ /dev/null @@ -1,756 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::identity -# -# Install Identity Server (Keystone) -# -# === Parameters: -# -# [*identity_roles_addons*] -# (optional) Extra keystone roles to create -# Defaults to ['SwiftOperator', 'ResellerAdmin'] -# -# [*keystone_db_host*] -# (optional) Hostname or IP address to connect to keystone database -# Defaults to '127.0.0.1' -# -# [*keystone_db_user*] -# (optional) Username to connect to keystone database -# Defaults to 'keystone' -# -# [*keystone_db_password*] -# (optional) Password to connect to keystone database -# Defaults to 'keystonepassword' -# -# [*keystone_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*ks_admin_email*] -# (optional) Email address of admin user in Keystone -# Defaults to 'no-reply@keystone.openstack' -# -# [*ks_admin_password*] -# (optional) Password of admin user in Keystone -# Defaults to 'adminpassword' -# -# [*ks_admin_tenant*] -# (optional) Admin tenant name in Keystone -# Defaults to 'admin' -# -# [*ks_admin_token*] -# (required) Admin token used by Keystone. -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_admin_host*] -# (optional) Admin Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_glance_public_host*] -# (optional) Public Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_internal_host*] -# (optional) Internal Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_admin_host*] -# (optional) Admin Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_public_host*] -# (optional) Public Hostname or IP to connect to Ceilometer API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_public_host*] -# (optional) Public Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_nova_internal_host*] -# (optional) Internal Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_nova_admin_host*] -# (optional) Admin Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_nova_public_host*] -# (optional) Public Hostname or IP to connect to Nova API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_internal_host*] -# (optional) Internal Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_admin_host*] -# (optional) Admin Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_public_host*] -# (optional) Public Hostname or IP to connect to Cinder API -# Defaults to '127.0.0.1' -# -# [*ks_trove_internal_host*] -# (optional) Internal Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_trove_admin_host*] -# (optional) Admin Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_trove_public_host*] -# (optional) Public Hostname or IP to connect to Trove API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_internal_host*] -# (optional) Internal Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_admin_host*] -# (optional) Admin Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_neutron_public_host*] -# (optional) Public Hostname or IP to connect to Neutron API -# Defaults to '127.0.0.1' -# -# [*ks_heat_internal_host*] -# (optional) Internal Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_admin_host*] -# (optional) Admin Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_swift_internal_host*] -# (optional) Internal Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_swift_admin_host*] -# (optional) Admin Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_swift_public_host*] -# (optional) Public Hostname or IP to connect to Swift API -# Defaults to '127.0.0.1' -# -# [*ks_trove_password*] -# (optional) Password used by Trove to connect to Keystone API -# Defaults to 'trovepassword' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*ks_swift_password*] -# (optional) Password used by Swift to connect to Keystone API -# Defaults to 'swiftpassword' -# -# [*ks_nova_password*] -# (optional) Password used by Nova to connect to Keystone API -# Defaults to 'novapassword' -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'cinderpassword' -# -# [*ks_swift_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_public_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_nova_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_neutron_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_trove_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_cinder_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_public_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_swift_public_port*] -# (optional) TCP port to connect to Swift API from public network -# Defaults to '8080' -# -# [*ks_trove_public_port*] -# (optional) TCP port to connect to Trove API from public network -# Defaults to '8779' -# -# [*ks_nova_public_port*] -# (optional) TCP port to connect to Nova API from public network -# Defaults to '8774' -# -# [*ks_ec2_public_port*] -# (optional) TCP port to connect to EC2 API from public network -# Defaults to '8773' -# -# [*ks_swift_dispersion_password*] -# (optional) Password of the dispersion tenant, used for swift-dispersion-report -# and swift-dispersion-populate tools. -# Defaults to 'dispersion' -# -# [*ks_cinder_public_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*ks_heat_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_glance_api_public_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*api_eth*] -# (optional) Which interface we bind the Keystone server. -# Defaults to '127.0.0.1' -# -# [*region*] -# (optional) OpenStack Region Name -# Defaults to 'RegionOne' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*token_driver*] -# (optional) Driver to store tokens -# Defaults to 'keystone.token.persistence.backends.sql.Token' -# -# [*token_expiration*] -# (optional) Amount of time a token should remain valid (in seconds) -# Defaults to '3600' (1 hour) -# -# [*cinder_enabled*] -# (optional) Enable or not Cinder (Block Storage Service) -# Defaults to true -# -# [*trove_enabled*] -# (optional) Enable or not Trove (Database as a Service) -# Experimental feature. -# Defaults to false -# -# [*swift_enabled*] -# (optional) Enable or not OpenStack Swift (Stockage as a Service) -# Defaults to true -# -# [*ks_token_expiration*] -# (optional) Amount of time a token should remain valid (seconds). -# Defaults to 3600 (1 hour). -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::identity ( - $swift_enabled = true, - $cinder_enabled = true, - $trove_enabled = false, - $identity_roles_addons = ['SwiftOperator', 'ResellerAdmin'], - $keystone_db_host = '127.0.0.1', - $keystone_db_user = 'keystone', - $keystone_db_password = 'keystonepassword', - $keystone_db_idle_timeout = 5000, - $memcache_servers = ['127.0.0.1:11211'], - $ks_admin_email = 'no-reply@keystone.openstack', - $ks_admin_password = 'adminpassword', - $ks_admin_tenant = 'admin', - $ks_admin_token = undef, - $ks_ceilometer_admin_host = '127.0.0.1', - $ks_ceilometer_internal_host = '127.0.0.1', - $ks_ceilometer_password = 'ceilometerpassword', - $ks_ceilometer_public_host = '127.0.0.1', - $ks_ceilometer_public_port = 8777, - $ks_ceilometer_public_proto = 'http', - $ks_ceilometer_admin_proto = 'http', - $ks_ceilometer_internal_proto = 'http', - $ks_cinder_admin_host = '127.0.0.1', - $ks_cinder_internal_host = '127.0.0.1', - $ks_cinder_password = 'cinderpassword', - $ks_cinder_public_host = '127.0.0.1', - $ks_cinder_public_proto = 'http', - $ks_cinder_admin_proto = 'http', - $ks_cinder_internal_proto = 'http', - $ks_cinder_public_port = 8776, - $ks_glance_admin_host = '127.0.0.1', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_password = 'glancepassword', - $ks_glance_public_host = '127.0.0.1', - $ks_glance_public_proto = 'http', - $ks_glance_internal_proto = 'http', - $ks_glance_admin_proto = 'http', - $ks_glance_api_public_port = 9292, - $ks_heat_admin_host = '127.0.0.1', - $ks_heat_internal_host = '127.0.0.1', - $ks_heat_password = 'heatpassword', - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_admin_proto = 'http', - $ks_heat_internal_proto = 'http', - $ks_heat_public_port = 8004, - $ks_heat_cfn_public_port = 8000, - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = 35357, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = 5000, - $ks_keystone_public_host = '127.0.0.1', - $ks_keystone_public_port = 5000, - $ks_keystone_public_proto = 'http', - $ks_neutron_admin_host = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_internal_proto = 'http', - $ks_neutron_internal_host = '127.0.0.1', - $ks_neutron_password = 'neutronpassword', - $ks_neutron_public_host = '127.0.0.1', - $ks_neutron_public_proto = 'http', - $ks_neutron_admin_proto = 'http', - $ks_neutron_internal_proto = 'http', - $ks_neutron_public_port = 9696, - $ks_nova_admin_host = '127.0.0.1', - $ks_nova_internal_host = '127.0.0.1', - $ks_nova_password = 'novapassword', - $ks_nova_public_host = '127.0.0.1', - $ks_nova_public_proto = 'http', - $ks_nova_internal_proto = 'http', - $ks_nova_admin_proto = 'http', - $ks_nova_public_port = 8774, - $ks_ec2_public_port = 8773, - $ks_swift_dispersion_password = 'dispersion', - $ks_swift_internal_host = '127.0.0.1', - $ks_swift_admin_host = '127.0.0.1', - $ks_swift_password = 'swiftpassword', - $ks_swift_public_host = '127.0.0.1', - $ks_swift_public_port = 8080, - $ks_swift_public_proto = 'http', - $ks_swift_admin_proto = 'http', - $ks_swift_internal_proto = 'http', - $ks_trove_admin_host = '127.0.0.1', - $ks_trove_internal_host = '127.0.0.1', - $ks_trove_password = 'trovepassword', - $ks_trove_public_host = '127.0.0.1', - $ks_trove_public_port = 8779, - $ks_trove_public_proto = 'http', - $ks_trove_admin_proto = 'http', - $ks_trove_internal_proto = 'http', - $api_eth = '127.0.0.1', - $region = 'RegionOne', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $ks_token_expiration = 3600, - $token_driver = 'keystone.token.persistence.backends.sql.Token', - $firewall_settings = {}, -){ - - $encoded_user = uriescape($keystone_db_user) - $encoded_password = uriescape($keystone_db_password) - - if $use_syslog { - $log_dir = false - $log_file = false - keystone_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/keystone' - $log_file = 'keystone.log' - } - -# Configure Keystone - class { 'keystone': - enabled => true, - admin_token => $ks_admin_token, - compute_port => $ks_nova_public_port, - debug => $debug, - database_idle_timeout => $keystone_db_idle_timeout, - log_facility => $log_facility, - database_connection => "mysql://${encoded_user}:${encoded_password}@${keystone_db_host}/keystone?charset=utf8", - token_provider => 'keystone.token.providers.uuid.Provider', - use_syslog => $use_syslog, - verbose => $verbose, - public_bind_host => $api_eth, - admin_bind_host => $api_eth, - log_dir => $log_dir, - log_file => $log_file, - public_port => $ks_keystone_public_port, - admin_port => $ks_keystone_admin_port, - token_driver => $token_driver, - token_expiration => $ks_token_expiration, - admin_endpoint => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/", - public_endpoint => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}/", - } - - keystone_config { - 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2'; - } - - -# Keystone Endpoints + Users - class { 'keystone::roles::admin': - email => $ks_admin_email, - password => $ks_admin_password, - admin_tenant => $ks_admin_tenant, - } - - keystone_role { $identity_roles_addons: ensure => present } - - class {'keystone::endpoint': - public_url => "${ks_keystone_public_proto}://${ks_keystone_public_host}:${ks_keystone_public_port}", - internal_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}", - admin_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}", - region => $region, - } - - # TODO(EmilienM) Disable WSGI - bug #98 - #include 'apache' - # class {'keystone::wsgi::apache': - # servername => $::fqdn, - # admin_port => $ks_keystone_admin_port, - # public_port => $ks_keystone_public_port, - # # TODO(EmilienM) not sure workers is useful when using WSGI backend - # workers => $::processorcount, - # ssl => false - # } - - if $swift_enabled { - class {'swift::keystone::auth': - password => $ks_swift_password, - public_address => $ks_swift_public_host, - public_port => $ks_swift_public_port, - public_protocol => $ks_swift_public_proto, - admin_protocol => $ks_swift_admin_proto, - internal_protocol => $ks_swift_internal_proto, - admin_address => $ks_swift_admin_host, - internal_address => $ks_swift_internal_host, - region => $region - } - - class {'swift::keystone::dispersion': - auth_pass => $ks_swift_dispersion_password - } - } - - class {'ceilometer::keystone::auth': - admin_address => $ks_ceilometer_admin_host, - internal_address => $ks_ceilometer_internal_host, - public_address => $ks_ceilometer_public_host, - public_protocol => $ks_ceilometer_public_proto, - admin_protocol => $ks_ceilometer_admin_proto, - internal_protocol => $ks_ceilometer_internal_proto, - port => $ks_ceilometer_public_port, - region => $region, - password => $ks_ceilometer_password - } - - class { 'nova::keystone::auth': - admin_address => $ks_nova_admin_host, - internal_address => $ks_nova_internal_host, - public_address => $ks_nova_public_host, - compute_port => $ks_nova_public_port, - public_protocol => $ks_nova_public_proto, - admin_protocol => $ks_nova_admin_proto, - internal_protocol => $ks_nova_internal_proto, - ec2_port => $ks_ec2_public_port, - region => $region, - password => $ks_nova_password - } - - class { 'neutron::keystone::auth': - admin_address => $ks_neutron_admin_host, - internal_address => $ks_neutron_internal_host, - public_address => $ks_neutron_public_host, - public_protocol => $ks_neutron_public_proto, - internal_protocol => $ks_neutron_internal_proto, - admin_protocol => $ks_neutron_admin_proto, - port => $ks_neutron_public_port, - region => $region, - password => $ks_neutron_password - } - - if $cinder_enabled { - class { 'cinder::keystone::auth': - admin_address => $ks_cinder_admin_host, - internal_address => $ks_cinder_internal_host, - public_address => $ks_cinder_public_host, - port => $ks_cinder_public_port, - public_protocol => $ks_cinder_public_proto, - admin_protocol => $ks_cinder_admin_proto, - internal_protocol => $ks_cinder_internal_proto, - region => $region, - password => $ks_cinder_password - } - } - - class { 'glance::keystone::auth': - admin_address => $ks_glance_admin_host, - internal_address => $ks_glance_internal_host, - public_address => $ks_glance_public_host, - port => $ks_glance_api_public_port, - public_protocol => $ks_glance_public_proto, - internal_protocol => $ks_glance_internal_proto, - admin_protocol => $ks_glance_admin_proto, - region => $region, - password => $ks_glance_password - } - - class { 'heat::keystone::auth': - admin_address => $ks_heat_admin_host, - internal_address => $ks_heat_internal_host, - public_address => $ks_heat_public_host, - port => $ks_heat_public_port, - public_protocol => $ks_heat_public_proto, - internal_protocol => $ks_heat_internal_proto, - admin_protocol => $ks_heat_admin_proto, - region => $region, - password => $ks_heat_password - } - - class { 'heat::keystone::auth_cfn': - admin_address => $ks_heat_admin_host, - internal_address => $ks_heat_internal_host, - public_address => $ks_heat_public_host, - port => $ks_heat_cfn_public_port, - public_protocol => $ks_heat_public_proto, - internal_protocol => $ks_heat_internal_proto, - admin_protocol => $ks_heat_admin_proto, - region => $region, - password => $ks_heat_password - } - - if $trove_enabled { - class {'trove::keystone::auth': - admin_address => $ks_trove_admin_host, - internal_address => $ks_trove_internal_host, - public_address => $ks_trove_public_host, - public_protocol => $ks_trove_public_proto, - admin_protocol => $ks_trove_admin_proto, - internal_protocol => $ks_trove_internal_proto, - port => $ks_trove_public_port, - region => $region, - password => $ks_trove_password - } - } - - # Purge expored tokens every days at midnight - class { 'keystone::cron::token_flush': } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Keystone DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'keystone_db_sync': - command => 'keystone-manage db_sync', - path => '/usr/bin', - user => 'keystone', - unless => "/usr/bin/mysql keystone -h ${keystone_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow keystone access': - port => $ks_keystone_public_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow keystone admin access': - port => $ks_keystone_admin_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-keystone_api": - listening_service => 'keystone_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_keystone_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-keystone_api_admin": - listening_service => 'keystone_api_admin_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_keystone_admin_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/image/api.pp b/manifests/image/api.pp deleted file mode 100644 index 61a4ac0a..00000000 --- a/manifests/image/api.pp +++ /dev/null @@ -1,306 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::api -# -# Install API Image Server (Glance API) -# -# === Parameters: -# -# [*glance_db_host*] -# (optional) Hostname or IP address to connect to glance database -# Defaults to '127.0.0.1' -# -# [*glance_db_user*] -# (optional) Username to connect to glance database -# Defaults to 'glance' -# -# [*glance_db_password*] -# (optional) Password to connect to glance database -# Defaults to 'glancepassword' -# -# [*glance_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 - -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance -# Defaults to '127.0.0.1' -# -# [*ks_glance_api_internal_port*] -# (optional) TCP port to connect to Glance API from internal network -# Defaults to '9292' -# -# [*ks_glance_registry_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance Registry from internal network -# Defaults to '9191' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*rabbit_host*] -# (optional) IP or Hostname of one RabbitMQ server. -# Defaults to '127.0.0.1' -# -# [*rabbit_password*] -# (optional) Password to connect to glance queue. -# Defaults to 'rabbitpassword' -# -# [*api_eth*] -# (optional) Which interface we bind the Glance API server. -# Defaults to '127.0.0.1' -# -# [*openstack_vip*] -# (optional) Hostname of IP used to connect to Glance registry -# Defaults to '127.0.0.1' -# -# [*glance_rbd_pool*] -# (optional) Name of the Ceph pool which which store the glance images -# Defaults to 'images' -# -# [*glance_rbd_user*] -# (optional) User name used to acces to the glance rbd pool -# Defaults to 'glance' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*backend*] -# (optionnal) Backend to use to store images -# Can be 'rbd', 'file', 'nfs' or 'swift' -# Defaults to 'rbd' -# -# [*known_stores*] -# (optionnal) Tell to Glance API which backends can be used -# Can be 'rbd', 'http', 'file', or and 'swift'. -# Should be an array. -# Defaults to ['rbd', 'http'] -# -# [*filesystem_store_datadir*] -# (optional) Full path of data directory to store the images. -# Defaults to '/var/lib/glance/images/' -# -# [*nfs_device*] -# (optionnal) NFS device to mount -# Example: 'nfs.example.com:/vol1' -# Required when running 'nfs' backend. -# Defaults to false -# -# [*nfs_options*] -# (optional) NFS mount options -# Example: 'nfsvers=3,noacl' -# Defaults to 'defaults' -# -# [*pipeline*] -# (optional) Partial name of a pipeline in your paste configuration file with the -# service name removed. -# Defaults to 'keystone'. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::image::api( - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_idle_timeout = 5000, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_api_internal_port = '9292', - $ks_glance_registry_internal_port = '9191', - $ks_glance_registry_internal_proto = 'http', - $ks_glance_password = 'glancepassword', - $rabbit_password = 'rabbit_password', - $rabbit_host = '127.0.0.1', - $api_eth = '127.0.0.1', - $openstack_vip = '127.0.0.1', - $glance_rbd_pool = 'images', - $glance_rbd_user = 'glance', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $backend = 'rbd', - $known_stores = ['rbd', 'http'], - $filesystem_store_datadir = '/var/lib/glance/images/', - $nfs_device = false, - $nfs_options = 'defaults', - $pipeline = 'keystone', - $firewall_settings = {}, -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - $log_file_api = false - $log_file_registry = false - glance_api_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/glance' - $log_file_api = '/var/log/glance/api.log' - $log_file_registry = '/var/log/glance/registry.log' - } - - $encoded_glance_user = uriescape($glance_db_user) - $encoded_glance_password = uriescape($glance_db_password) - - class { 'glance::api': - database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", - database_idle_timeout => $glance_db_idle_timeout, - mysql_module => '2.2', - registry_host => $openstack_vip, - registry_port => $ks_glance_registry_internal_port, - verbose => $verbose, - debug => $debug, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - registry_client_protocol => $ks_glance_registry_internal_proto, - keystone_password => $ks_glance_password, - keystone_tenant => 'services', - keystone_user => 'glance', - show_image_direct_url => true, - log_dir => $log_dir, - log_file => $log_file_api, - log_facility => $log_facility, - bind_host => $api_eth, - bind_port => $ks_glance_api_internal_port, - use_syslog => $use_syslog, - pipeline => 'keystone', - known_stores => $known_stores, - } - - # TODO(EmilienM) Disabled for now - # Follow-up: https://github.com/enovance/puppet-openstack-cloud/issues/160 - # - # class { 'glance::notify::rabbitmq': - # rabbit_password => $rabbit_password, - # rabbit_userid => 'glance', - # rabbit_host => $rabbit_host, - # } - glance_api_config { - 'DEFAULT/notifier_driver': value => 'noop'; - # TODO(EmilienM) Drop this line when https://review.openstack.org/#/c/133521/ has been merged. - 'keystone_authtoken/identity_uri': value => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357"; - } - - if ($backend == 'rbd') { - class { 'glance::backend::rbd': - rbd_store_user => $glance_rbd_user, - rbd_store_pool => $glance_rbd_pool - } - - Ceph::Key <<| title == $glance_rbd_user |>> -> - file { '/etc/ceph/ceph.client.glance.keyring': - owner => 'glance', - group => 'glance', - mode => '0400', - require => Ceph::Key[$glance_rbd_user], - notify => Service['glance-api','glance-registry'] - } - Concat::Fragment <<| title == 'ceph-client-os' |>> - } elsif ($backend == 'file') { - class { 'glance::backend::file': - filesystem_store_datadir => $filesystem_store_datadir - } - } elsif ($backend == 'swift') { - class { 'glance::backend::swift': - swift_store_user => 'services:glance', - swift_store_key => $ks_glance_password, - swift_store_auth_address => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357/v2.0/", - swift_store_create_container_on_put => true, - } - } elsif ($backend == 'nfs') { - # There is no NFS backend in Glance. - # We mount the NFS share in filesystem_store_datadir to fake the - # backend. - if $nfs_device { - file { $filesystem_store_datadir: - ensure => 'directory', - owner => 'glance', - group => 'glance', - mode => '0755' - } -> - class { 'glance::backend::file': - filesystem_store_datadir => $filesystem_store_datadir - } - $nfs_mount = { - "${filesystem_store_datadir}" => { - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => $nfs_device, - 'options' => $nfs_options - } - } - ensure_resource('class', 'nfs', {}) - create_resources('types::mount', $nfs_mount, {require => File[$filesystem_store_datadir]}) - } else { - fail('When running NFS backend, you need to provide nfs_device parameter.') - } - } else { - fail("${backend} is not a Glance supported backend.") - } - - class { 'glance::cache::cleaner': } - class { 'glance::cache::pruner': } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow glance-api access': - port => $ks_glance_api_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-glance_api": - listening_service => 'glance_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_glance_api_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/image/registry.pp b/manifests/image/registry.pp deleted file mode 100644 index 52c858c5..00000000 --- a/manifests/image/registry.pp +++ /dev/null @@ -1,166 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::registry -# -# Install Registry Image Server (Glance Registry) -# -# === Parameters: -# -# [*glance_db_host*] -# (optional) Hostname or IP address to connect to glance database -# Defaults to '127.0.0.1' -# -# [*glance_db_user*] -# (optional) Username to connect to glance database -# Defaults to 'glance' -# -# [*glance_db_password*] -# (optional) Password to connect to glance database -# Defaults to 'glancepassword' -# -# [*glance_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults 5000 -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance -# Defaults to '127.0.0.1' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance Registry from internal network -# Defaults to '9191' -# -# [*ks_glance_password*] -# (optional) Password used by Glance to connect to Keystone API -# Defaults to 'glancepassword' -# -# [*api_eth*] -# (optional) Which interface we bind the Glance API server. -# Defaults to '127.0.0.1' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::image::registry( - $glance_db_host = '127.0.0.1', - $glance_db_user = 'glance', - $glance_db_password = 'glancepassword', - $glance_db_idle_timeout = 5000, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_registry_internal_port = '9191', - $ks_glance_password = 'glancepassword', - $api_eth = '127.0.0.1', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $firewall_settings = {}, -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - $log_file_api = false - $log_file_registry = false - glance_registry_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/glance' - $log_file_api = '/var/log/glance/api.log' - $log_file_registry = '/var/log/glance/registry.log' - } - - $encoded_glance_user = uriescape($glance_db_user) - $encoded_glance_password = uriescape($glance_db_password) - - class { 'glance::registry': - database_connection => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance?charset=utf8", - database_idle_timeout => $glance_db_idle_timeout, - mysql_module => '2.2', - verbose => $verbose, - debug => $debug, - auth_host => $ks_keystone_internal_host, - auth_protocol => $ks_keystone_internal_proto, - keystone_password => $ks_glance_password, - keystone_tenant => 'services', - keystone_user => 'glance', - bind_host => $api_eth, - log_dir => $log_dir, - log_file => $log_file_registry, - bind_port => $ks_glance_registry_internal_port, - use_syslog => $use_syslog, - log_facility => $log_facility, - } - - glance_registry_config { - # TODO(EmilienM) Drop this line when https://review.openstack.org/#/c/133521/ been merged. - 'keystone_authtoken/identity_uri': value => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:35357"; - } - - exec {'glance_db_sync': - command => 'glance-manage db_sync', - user => 'glance', - path => '/usr/bin', - unless => "/usr/bin/mysql glance -h ${glance_db_host} -u ${encoded_glance_user} -p${encoded_glance_password} -e \"show tables\" | /bin/grep Tables" - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow glance-registry access': - port => $ks_glance_registry_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-glance_registry": - listening_service => 'glance_registry_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_glance_registry_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } -} diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index fbfbac88..00000000 --- a/manifests/init.pp +++ /dev/null @@ -1,253 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud -# -# Installs the system requirements -# -# === Parameters: -# -# [*rhn_registration*] -# (optional) The RedHat network authentication token -# Defaults to undef -# -# [*root_password*] -# (optional) Unix root password -# Defaults to 'root' -# -# [*dns_ips*] -# (optional) Hostname or IP of the Domain Name Server (dns) used -# Should by an array. -# Defaults to google public dns ['8.8.8.8', '8.8.4.4'] -# -# [*site_domain*] -# (optional) Domain name (used for search and domain fields -# of resolv.conf configuration file -# Defaults to 'mydomain' -# -# [*motd_title*] -# (optional) A string used in the top of the server's motd -# Defaults to 'eNovance IT Operations' -# -# [*selinux_mode*] -# (optional) SELinux mode the system should be in -# Defaults to 'permissive' -# Possible values : disabled, permissive, enforcing -# -# [*selinux_directory*] -# (optional) Path where to find the SELinux modules -# Defaults to '/usr/share/selinux' -# -# [*selinux_booleans*] -# (optional) Set of booleans to persistently enables -# SELinux booleans are the one getsebool -a returns -# Defaults [] -# Example: ['rsync_full_access', 'haproxy_connect_any'] -# -# [*selinux_modules*] -# (optional) Set of modules to load on the system -# Defaults [] -# Example: ['module1', 'module2'] -# Note: Those module should be in the $directory path -# -# [*limits*] -# (optional) Set of limits to set in /etc/security/limits.d/ -# Defaults {} -# Example: -# { -# 'mysql_nofile' => { -# 'ensure' => 'present', -# 'user' => 'mysql', -# 'limit_type' => 'nofile', -# 'both' => '16384', -# }, -# } -# -# [*sysctl*] -# (optional) Set of sysctl values to set. -# Defaults {} -# Example: -# { -# 'net.ipv4.ip_forward' => { -# 'value' => '1', -# }, -# 'net.ipv6.conf.all.forwarding => { -# 'value' => '1', -# }, -# } -# -# [*manage_firewall*] -# (optional) Completely enable or disable firewall settings -# (false means disabled, and true means enabled) -# Defaults to false -# -# [*firewall_rules*] -# (optional) Allow to add custom firewall rules -# Should be an hash. -# Default to {} -# -# [*purge_firewall_rules*] -# (optional) Boolean, purge all firewall resources -# Defaults to false -# -# [*firewall_pre_extras*] -# (optional) Allow to add custom parameters to firewall rules (pre stage) -# Should be an hash. -# Default to {} -# -# [*firewall_post_extras*] -# (optional) Allow to add custom parameters to firewall rules (post stage) -# Should be an hash. -# Default to {} -# -class cloud( - $rhn_registration = undef, - $root_password = 'root', - $dns_ips = ['8.8.8.8', '8.8.4.4'], - $site_domain = 'mydomain', - $motd_title = 'eNovance IT Operations', - $selinux_mode = 'permissive', - $selinux_directory = '/usr/share/selinux', - $selinux_booleans = [], - $selinux_modules = [], - $limits = {}, - $sysctl = {}, - $manage_firewall = false, - $firewall_rules = {}, - $purge_firewall_rules = false, - $firewall_pre_extras = {}, - $firewall_post_extras = {}, -) { - - include ::stdlib - - if ! ($::osfamily in [ 'RedHat', 'Debian' ]) { - fail("OS family unsuppored yet (${::osfamily}), module puppet-openstack-cloud only support RedHat or Debian") - } - - # motd - file - { - '/etc/motd': - ensure => file, - mode => '0644', - content => " -############################################################################ -# ${motd_title} # -############################################################################ -# # -# *** RESTRICTED ACCESS *** # -# Only the authorized users may access this system. # -# Any attempted unauthorized access or any action affecting this computer # -# system is punishable by the law of local country. # -# # -############################################################################ -This node is under the control of Puppet ${::puppetversion}. -"; - } - - # DNS - class { 'dnsclient': - nameservers => $dns_ips, - domain => $site_domain - } - - # Sudo - include ::sudo - include ::sudo::configs - - # NTP - include ::ntp - - # Security Limits - include ::limits - create_resources('limits::limits', $limits) - - # sysctl values - include ::sysctl::base - create_resources('sysctl::value', $sysctl) - - # SELinux - if $::osfamily == 'RedHat' { - class {'cloud::selinux' : - mode => $selinux_mode, - booleans => $selinux_booleans, - modules => $selinux_modules, - directory => $selinux_directory, - stage => 'setup', - } - } - - # Strong root password for all servers - user { 'root': - ensure => 'present', - gid => '0', - password => $root_password, - uid => '0', - } - - $cron_service_name = $::osfamily ? { - 'RedHat' => 'crond', - default => 'cron', - } - - service { 'cron': - ensure => running, - name => $cron_service_name, - enable => true - } - - if $::osfamily == 'RedHat' and $rhn_registration { - create_resources('rhn_register', { - "rhn-${::hostname}" => $rhn_registration - } ) - } - - if $manage_firewall { - - # Only purges IPv4 rules - if $purge_firewall_rules { - resources { 'firewall': - purge => true - } - } - - # anyone can add your own rules - # example with Hiera: - # - # cloud::firewall::rules: - # '300 allow custom application 1': - # port: 999 - # proto: udp - # action: accept - # '301 allow custom application 2': - # port: 8081 - # proto: tcp - # action: accept - # - create_resources('cloud::firewall::rule', $firewall_rules) - - ensure_resource('class', 'cloud::firewall::pre', { - 'firewall_settings' => $firewall_pre_extras, - 'stage' => 'setup', - }) - - ensure_resource('class', 'cloud::firewall::post', { - 'stage' => 'runtime', - 'firewall_settings' => $firewall_post_extras, - }) - } - -} diff --git a/manifests/install/puppetdb/config.pp b/manifests/install/puppetdb/config.pp deleted file mode 100644 index c9eb3e82..00000000 --- a/manifests/install/puppetdb/config.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::install::puppetdb::config -# -# Configure the puppetdb connection -# -class cloud::install::puppetdb::config { - - include ::puppetdb::master::config - -} diff --git a/manifests/install/puppetdb/server.pp b/manifests/install/puppetdb/server.pp deleted file mode 100644 index da0ed239..00000000 --- a/manifests/install/puppetdb/server.pp +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::install::puppetdb::server -# -# Configure the puppetdb server -# -class cloud::install::puppetdb::server { - - include ::puppetdb - include ::apache - - apache::vhost { 'puppetdb' : - docroot => '/tmp', - ssl => true, - ssl_cert => '/etc/puppet/ssl/puppetdb.pem', - ssl_key => '/etc/puppet/ssl/puppetdb.pem', - port => '8081', - servername => $::fqdn, - proxy_pass => [ - { - 'path' => '/', - 'url' => 'http://localhost:8080/' - } - ], - require => Class['::puppetdb'], - } - -} diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp deleted file mode 100644 index 26e134c7..00000000 --- a/manifests/loadbalancer.pp +++ /dev/null @@ -1,1052 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::loadbalancer -# -# Install Load-Balancer node (HAproxy + Keepalived) -# -# === Parameters: -# -# [*keepalived_vrrp_interface*] -# (optional) Networking interface to bind the vrrp traffic. -# Defaults to false (disabled) -# -# [*keepalived_public_interface*] -# (optional) Networking interface to bind the VIP connected to public network. -# Defaults to 'eth0' -# -# [*keepalived_internal_interface*] -# (optional) Networking interface to bind the VIP connected to internal network. -# keepalived_internal_ipvs should be configured to enable the internal VIP. -# Defaults to 'eth1' -# -# [*keepalived_public_ipvs*] -# (optional) IP address of the VIP connected to public network. -# Should be an array. -# Defaults to ['127.0.0.1'] -# -# [*keepalived_internal_ipvs*] -# (optional) IP address of the VIP connected to internal network. -# Should be an array. -# Defaults to false (disabled) -# -# [*keepalived_public_id*] -# (optional) used for the keepalived public virtual_router_id. -# Should be numeric. -# Defaults to '1' -# -# [*keepalived_internal_id*] -# (optional) used for the keepalived internal virtual_router_id. -# Should be numeric. -# Defaults to '2' -# -# [*keepalived_auth_type*] -# (optional) Authentication method. -# Supported methods are simple Passwd (PASS) or IPSEC AH (AH). -# Defaults to undef -# -# [*keepalived_auth_pass*] -# (optional) Authentication password. -# Password string (up to 8 characters). -# Defaults to undef -# -# [*swift_api*] -# (optional) Enable or not Swift public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*ceilometer_api*] -# (optional) Enable or not Ceilometer public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*cinder_api*] -# (optional) Enable or not Cinder public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*glance_api*] -# (optional) Enable or not Glance API public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*glance_registry*] -# (optional) Enable or not Glance Registry public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*neutron_api*] -# (optional) Enable or not Neutron public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_api*] -# (optional) Enable or not Heat public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_cfn_api*] -# (optional) Enable or not Heat CFN public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*heat_cloudwatch_api*] -# (optional) Enable or not Heat Cloudwatch public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*nova_api*] -# (optional) Enable or not Nova public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*trove_api*] -# (optional) Enable or not Trove public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*horizon*] -# (optional) Enable or not Horizon public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*horizon_ssl*] -# (optional) Enable or not Horizon SSL public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*ec2_api*] -# (optional) Enable or not EC2 public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*spice*] -# (optional) Enable or not spice binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*novnc*] -# (optional) Enable or not novnc binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*elasticsearch*] -# (optional) Enable or not ElasticSearch binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*kibana*] -# (optional) Enable or not kibana binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*redis*] -# (optional) Enable or not redis binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*metadata_api*] -# (optional) Enable or not Metadata public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*keystone_api*] -# (optional) Enable or not Keystone public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*rabbitmq*] -# (optional) Enable or not RabbitMQ binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*sensu_dashboard*] -# (optional) Enable or not sensu_dashboard binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*sensu_api*] -# (optional) Enable or not sensu_api binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*keystone_api_admin*] -# (optional) Enable or not Keystone admin binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*haproxy_auth*] -# (optional) The HTTP sytle basic credentials (using login:password form) -# Defaults to 'admin:changeme' -# -# [*haproxy_options*] -# (optional) The haproxy global options -# Defaults to {} -# -# [*keepalived_state*] -# (optional) TODO -# Defaults to 'BACKUP' -# -# [*keepalived_priority*] -# (optional) TODO -# Defaults to '50' -# -# [*ceilometer_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*cinder_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*ec2_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*glance_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*glance_registry_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_cfn_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_cloudwatch_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*heat_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*keystone_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*keystone_admin_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*metadata_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*neutron_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*nova_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*trove_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*swift_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*spice_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*novnc_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*horizon_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*horizon_ssl_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*rabbitmq_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*elasticsearch_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*kibana_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*sensu_dashboard_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*sensu_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*redis_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*galera_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*ks_ceilometer_public_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*ks_cinder_public_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_ec2_public_port*] -# (optional) TCP port to connect to EC2 API from public network -# Defaults to '8773' -# -# [*ks_glance_api_public_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*ks_glance_registry_internal_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9191' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*ks_heat_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone Admin API from public network -# Defaults to '35357' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_metadata_public_port*] -# (optional) TCP port to connect to Keystone metadata API from public network -# Defaults to '8775' -# -# [*ks_swift_public_port*] -# (optional) TCP port to connect to Swift API from public network -# Defaults to '8080' -# -# [*ks_trove_public_port*] -# (optional) TCP port to connect to Trove API from public network -# Defaults to '8779' -# -# [*ks_nova_public_port*] -# (optional) TCP port to connect to Nova API from public network -# Defaults to '8774' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*horizon_port*] -# (optional) Port used to connect to OpenStack Dashboard -# Defaults to '80' -# -# [*horizon_ssl_port*] -# (optional) Port used to connect to OpenStack Dashboard using SSL -# Defaults to '443' -# -# [*spice_port*] -# (optional) TCP port to connect to Nova spicehtmlproxy service. -# Defaults to '6082' -# -# [*novnc_port*] -# (optional) TCP port to connect to Nova vncproxy service. -# Defaults to '6080' -# -# [*rabbitmq_port*] -# (optional) Port of RabbitMQ service. -# Defaults to '5672' -# -# [*elasticsearch_port*] -# (optional) Port of ElasticSearch service. -# Defaults to '9200' -# -# [*kibana_port*] -# (optional) Port of Kibana service. -# Defaults to '8300' -# [*sensu_dashboard_port*] -# (optional) Port of Sensu Dashboard service. -# Defaults to '3000' -# -# [*sensu_api_port*] -# (optional) Port of Sensu API service. -# Defaults to '4568' -# -# [*redis_port*] -# (optional) Port of redis service. -# Defaults to '6379' -# -# [*galera_timeout*] -# (optional) Timeout for galera connections -# Defaults to '90m'. -# Note: when changing this parameter you should also change the -# *_db_idle_timeout for all services to be a little less -# than this timeout. -# -# [*galera_connections*] -# (optional) An integer that specifies the maxconn for MySQL -# Defaults to '4096' -# -# [*api_timeout*] -# (optional) Timeout for API services connections -# Defaults to '90m'. -# -# [*vip_public_ip*] -# (optional) Array or string for public VIP -# Should be part of keepalived_public_ips -# Defaults to '127.0.0.2' -# -# [*vip_internal_ip*] -# (optional) Array or string for internal VIP -# Should be part of keepalived_internal_ips -# Defaults to false -# -# [*vip_monitor_ip*] -# (optional) Array or string for monitor VIP -# Defaults to false -# -# [*galera_ip*] -# (optional) An array of Galera IP -# Defaults to ['127.0.0.1'] -# -# [*galera_slave*] -# (optional) A boolean to configure galera slave -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::loadbalancer( - $swift_api = true, - $ceilometer_api = true, - $cinder_api = true, - $glance_api = true, - $glance_registry = true, - $neutron_api = true, - $heat_api = true, - $heat_cfn_api = true, - $heat_cloudwatch_api = true, - $nova_api = true, - $ec2_api = true, - $metadata_api = true, - $keystone_api = true, - $keystone_api_admin = true, - $trove_api = true, - $horizon = true, - $horizon_ssl = false, - $rabbitmq = false, - $spice = false, - $novnc = true, - $elasticsearch = true, - $kibana = true, - $sensu_dashboard = true, - $sensu_api = true, - $redis = true, - $haproxy_auth = 'admin:changeme', - $haproxy_options = {}, - $keepalived_state = 'BACKUP', - $keepalived_priority = '50', - $keepalived_vrrp_interface = false, - $keepalived_public_interface = 'eth0', - $keepalived_public_ipvs = ['127.0.0.1'], - $keepalived_public_id = '1', - $keepalived_internal_interface = 'eth1', - $keepalived_internal_ipvs = false, - $keepalived_internal_id = '2', - $keepalived_auth_type = false, - $keepalived_auth_pass = false, - $ceilometer_bind_options = [], - $cinder_bind_options = [], - $ec2_bind_options = [], - $glance_api_bind_options = [], - $glance_registry_bind_options = [], - $heat_cfn_bind_options = [], - $heat_cloudwatch_bind_options = [], - $heat_api_bind_options = [], - $keystone_bind_options = [], - $keystone_admin_bind_options = [], - $metadata_bind_options = [], - $neutron_bind_options = [], - $nova_bind_options = [], - $trove_bind_options = [], - $swift_bind_options = [], - $spice_bind_options = [], - $novnc_bind_options = [], - $horizon_bind_options = [], - $horizon_ssl_bind_options = [], - $rabbitmq_bind_options = [], - $galera_bind_options = [], - $elasticsearch_bind_options = [], - $kibana_bind_options = [], - $sensu_dashboard_bind_options = [], - $sensu_api_bind_options = [], - $redis_bind_options = [], - $ks_ceilometer_public_port = 8777, - $ks_cinder_public_port = 8776, - $ks_ec2_public_port = 8773, - $ks_glance_api_public_port = 9292, - $ks_glance_registry_internal_port = 9191, - $ks_heat_cfn_public_port = 8000, - $ks_heat_cloudwatch_public_port = 8003, - $ks_heat_public_port = 8004, - $ks_keystone_admin_port = 35357, - $ks_keystone_public_port = 5000, - $ks_metadata_public_port = 8775, - $ks_neutron_public_port = 9696, - $ks_nova_public_port = 8774, - $ks_swift_public_port = 8080, - $ks_trove_public_port = 8779, - $rabbitmq_port = 5672, - $horizon_port = 80, - $horizon_ssl_port = 443, - $spice_port = 6082, - $novnc_port = 6080, - $elasticsearch_port = 9200, - $kibana_port = 8300, - $sensu_dashboard_port = 3000, - $sensu_api_port = 4568, - $redis_port = 6379, - $galera_timeout = '90m', - $galera_connections = '4096', - $api_timeout = '90m', - $vip_public_ip = ['127.0.0.1'], - $vip_internal_ip = false, - $vip_monitor_ip = false, - $galera_ip = ['127.0.0.1'], - $galera_slave = false, - $firewall_settings = {}, -){ - - include cloud::params - include cloud::network::contrail::haproxy - - $common_tcp_options = { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - - if $keepalived_vrrp_interface { - $keepalived_vrrp_interface_real = $keepalived_vrrp_interface - } else { - $keepalived_vrrp_interface_real = $keepalived_public_interface - } - - # Fail if OpenStack and Galera VIP are not in the VIP list - if $vip_public_ip and !(member(any2array($keepalived_public_ipvs), $vip_public_ip)) { - fail('vip_public_ip should be part of keepalived_public_ipvs.') - } - if $vip_internal_ip and !(member(any2array($keepalived_internal_ipvs),$vip_internal_ip)) { - fail('vip_internal_ip should be part of keepalived_internal_ipvs.') - } - if $galera_ip and !((member(any2array($keepalived_public_ipvs),$galera_ip)) or (member(any2array($keepalived_internal_ipvs),$galera_ip))) { - fail('galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs.') - } - - # TODO : Use global_options in puppetlabs-haproxy as merge in params.pp - $haproxy_default_options = { - 'log' => "${::ipaddress} local0", - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats', - 'nbproc' => $::processorcount - } - $haproxy_global_options = merge($haproxy_default_options,$haproxy_options) - # Ensure Keepalived is started before HAproxy to avoid binding errors. - class { 'keepalived': } -> - class { 'haproxy': - service_manage => true, - global_options => $haproxy_global_options - } - - keepalived::vrrp_script { 'haproxy': - name_is_process => $::cloud::params::keepalived_name_is_process, - script => $::cloud::params::keepalived_vrrp_script, - } - - keepalived::instance { $keepalived_public_id: - interface => $keepalived_vrrp_interface_real, - virtual_ips => unique(split(join(flatten([$keepalived_public_ipvs, ['']]), " dev ${keepalived_public_interface},"), ',')), - state => $keepalived_state, - track_script => ['haproxy'], - priority => $keepalived_priority, - auth_type => $keepalived_auth_type, - auth_pass => $keepalived_auth_pass, - notify_master => $::cloud::params::start_haproxy_service, - } - - - # If using an internal VIP, allow to use a dedicated interface for VRRP traffic. - # First we check if internal binding is enabled - if $keepalived_internal_ipvs { - # Then we validate this is not the same as public binding - if !empty(difference(any2array($keepalived_internal_ipvs), any2array($keepalived_public_ipvs))) { - if ! $keepalived_vrrp_interface { - $keepalived_vrrp_interface_internal = $keepalived_internal_interface - } else { - $keepalived_vrrp_interface_internal = $keepalived_vrrp_interface - } - keepalived::instance { $keepalived_internal_id: - interface => $keepalived_vrrp_interface_internal, - virtual_ips => unique(split(join(flatten([$keepalived_internal_ipvs, ['']]), " dev ${keepalived_internal_interface},"), ',')), - state => $keepalived_state, - track_script => ['haproxy'], - priority => $keepalived_priority, - auth_type => $keepalived_auth_type, - auth_pass => $keepalived_auth_pass, - notify_master => $::cloud::params::start_haproxy_service, - } - } - } - - logrotate::rule { 'haproxy': - path => '/var/log/haproxy.log', - rotate => 7, - rotate_every => 'day', - missingok => true, - ifempty => false, - delaycompress => true, - compress => true, - } - - if $vip_monitor_ip { - $vip_monitor_ip_real = $vip_monitor_ip - } else { - $vip_monitor_ip_real = $vip_public_ip - } - - haproxy::listen { 'monitor': - ipaddress => $vip_monitor_ip_real, - ports => '10300', - options => { - 'mode' => 'http', - 'monitor-uri' => '/status', - 'stats' => ['enable','uri /admin','realm Haproxy\ Statistics',"auth ${haproxy_auth}", 'refresh 5s' ], - '' => template('cloud/loadbalancer/monitor.erb'), - } - } - - # Instanciate HAproxy binding - cloud::loadbalancer::binding { 'keystone_api_cluster': - ip => $keystone_api, - port => $ks_keystone_public_port, - options => $common_tcp_options, - bind_options => $keystone_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'keystone_api_admin_cluster': - ip => $keystone_api_admin, - port => $ks_keystone_admin_port, - options => $common_tcp_options, - bind_options => $keystone_admin_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'swift_api_cluster': - ip => $swift_api, - port => $ks_swift_public_port, - bind_options => $swift_bind_options, - httpchk => 'httpchk /healthcheck', - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'nova_api_cluster': - ip => $nova_api, - port => $ks_nova_public_port, - options => $common_tcp_options, - bind_options => $nova_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'ec2_api_cluster': - ip => $ec2_api, - port => $ks_ec2_public_port, - options => $common_tcp_options, - bind_options => $ec2_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'metadata_api_cluster': - ip => $metadata_api, - port => $ks_metadata_public_port, - options => $common_tcp_options, - bind_options => $metadata_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'sensu_dashboard': - ip => $sensu_dashboard, - port => $sensu_dashboard_port, - bind_options => $sensu_dashboard_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - }, - } - cloud::loadbalancer::binding { 'sensu_api': - ip => $sensu_api, - port => $sensu_api_port, - bind_options => $sensu_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - 'rspadd' => ['Access-Control-Allow-Origin:\ *', 'Access-Control-Allow-Headers:\ origin,\ x-requested-with,\ content-type', 'Access-Control-Allow-Methods:\ PUT,\ GET,\ POST,\ DELETE,\ OPTIONS'], - }, - } - cloud::loadbalancer::binding { 'spice_cluster': - ip => $spice, - port => $spice_port, - options => $common_tcp_options, - bind_options => $spice_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'novnc_cluster': - ip => $novnc, - port => $novnc_port, - options => $common_tcp_options, - bind_options => $novnc_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'rabbitmq_cluster': - ip => $rabbitmq, - port => $rabbitmq_port, - options => { - 'mode' => 'tcp', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'balance' => 'roundrobin', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - }, - bind_options => $rabbitmq_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'trove_api_cluster': - ip => $trove_api, - port => $ks_trove_public_port, - options => $common_tcp_options, - bind_options => $trove_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'glance_api_cluster': - ip => $glance_api, - options => $common_tcp_options, - port => $ks_glance_api_public_port, - bind_options => $glance_api_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'glance_registry_cluster': - ip => $glance_registry, - port => $ks_glance_registry_internal_port, - options => $common_tcp_options, - bind_options => $glance_registry_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'neutron_api_cluster': - ip => $neutron_api, - port => $ks_neutron_public_port, - options => $common_tcp_options, - bind_options => $neutron_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'cinder_api_cluster': - ip => $cinder_api, - port => $ks_cinder_public_port, - options => $common_tcp_options, - bind_options => $cinder_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'ceilometer_api_cluster': - ip => $ceilometer_api, - port => $ks_ceilometer_public_port, - options => $common_tcp_options, - bind_options => $ceilometer_bind_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_api_bind_options { - $heat_api_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_api_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_api_cluster': - ip => $heat_api, - port => $ks_heat_public_port, - options => $heat_api_options, - bind_options => $heat_api_bind_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_cfn_bind_options { - $heat_cfn_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_cfn_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_cfn_api_cluster': - ip => $heat_cfn_api, - port => $ks_heat_cfn_public_port, - bind_options => $heat_cfn_bind_options, - options => $heat_cfn_options, - firewall_settings => $firewall_settings, - } - if 'ssl' in $heat_cloudwatch_bind_options { - $heat_cloudwatch_options = { - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'source', - 'timeout server' => $api_timeout, - 'timeout client' => $api_timeout, - } - } else { - $heat_cloudwatch_options = $common_tcp_options - } - cloud::loadbalancer::binding { 'heat_cloudwatch_api_cluster': - ip => $heat_cloudwatch_api, - port => $ks_heat_cloudwatch_public_port, - bind_options => $heat_cloudwatch_bind_options, - options => $heat_cloudwatch_options, - firewall_settings => $firewall_settings, - } - - $horizon_ssl_options = { - 'mode' => 'tcp', - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn' - } - - if 'ssl' in $horizon_bind_options { - $horizon_options = { - 'cookie' => 'sessionid prefix', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'balance' => 'leastconn' - } - } else { - $horizon_options = { - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn' - } - } - - cloud::loadbalancer::binding { 'horizon_cluster': - ip => $horizon, - port => $horizon_port, - httpchk => "httpchk GET /${::cloud::params::horizon_auth_url} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-${::hostname}\"", - options => $horizon_options, - bind_options => $horizon_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'horizon_ssl_cluster': - ip => $horizon_ssl, - port => $horizon_ssl_port, - httpchk => 'ssl-hello-chk', - options => $horizon_ssl_options, - bind_options => $horizon_ssl_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'elasticsearch': - ip => $elasticsearch, - port => $elasticsearch_port, - bind_options => $elasticsearch_bind_options, - firewall_settings => $firewall_settings, - } - cloud::loadbalancer::binding { 'kibana': - ip => $kibana, - port => $kibana_port, - bind_options => $kibana_bind_options, - firewall_settings => $firewall_settings, - } - - cloud::loadbalancer::binding { 'redis_cluster': - ip => $redis, - port => $redis_port, - options => { - 'mode' => 'tcp', - 'balance' => 'first', - 'option' => ['tcp-check',], - 'tcp-check' => ['send info\ replication\r\n','expect string role:master'], - }, - bind_options => $redis_bind_options, - firewall_settings => $firewall_settings, - } - - if (member(any2array($keepalived_public_ipvs), $galera_ip)) { - warning('Exposing Galera cluster to public network is a security issue.') - } - haproxy::listen { 'galera_cluster': - ipaddress => $galera_ip, - ports => 3306, - options => { - 'maxconn' => $galera_connections, - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '90m', - 'timeout server' => '90m', - }, - bind_options => $galera_bind_options, - } - - if $galera_slave { - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera-slave binding access': - port => '3307', - extras => $firewall_settings, - } - } - - haproxy::listen { 'galera_readonly_cluster': - ipaddress => $galera_ip, - ports => 3307, - options => { - 'maxconn' => $galera_connections, - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'httpchk'], #httpchk mandatory expect 200 on port 9000 - 'timeout client' => '90m', - 'timeout server' => '90m', - }, - bind_options => $galera_bind_options, - } - } - - # Allow HAProxy to bind to a non-local IP address - $haproxy_sysctl_settings = { - 'net.ipv4.ip_nonlocal_bind' => { value => 1 } - } - create_resources(sysctl::value,$haproxy_sysctl_settings) - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow galera binding access': - port => '3306', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow haproxy monitor access': - port => '10300', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow keepalived access': - port => undef, - proto => 'vrrp', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/loadbalancer/binding.pp b/manifests/loadbalancer/binding.pp deleted file mode 100644 index c3b0ca84..00000000 --- a/manifests/loadbalancer/binding.pp +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Author: Emilien Macchi -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Define: cloud::loadbalancer::binding -# -define cloud::loadbalancer::binding ( - $ip, - $port, - $httpchk = undef, - $options = undef, - $bind_options = undef, - $firewall_settings = {}, -){ - - include cloud::loadbalancer - - # join all VIP together - $vip_public_ip_array = any2array($::cloud::loadbalancer::vip_public_ip) - $vip_internal_ip_array = any2array($::cloud::loadbalancer::vip_internal_ip) - if $::cloud::loadbalancer::vip_public_ip and $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = union($vip_public_ip_array, $vip_internal_ip_array) - } - if $::cloud::loadbalancer::vip_public_ip and ! $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = $vip_public_ip_array - } - if ! $::cloud::loadbalancer::vip_public_ip and $::cloud::loadbalancer::vip_internal_ip { - $all_vip_array = $vip_internal_ip_array - } - if ! $::cloud::loadbalancer::vip_internal_ip and ! $::cloud::loadbalancer::vip_public_ip { - fail('vip_public_ip and vip_internal_ip are both set to false, no binding is possible.') - } - - # when we do not want binding - if ($ip == false) { - notice("no HAproxy binding for ${name} has been enabled.") - } else { - # when we want both internal & public binding - if ($ip == true) { - $listen_ip_real = $all_vip_array - } else { - # when binding is specified in parameter - if (member($all_vip_array, $ip)) { - $listen_ip_real = $ip - } else { - fail("${ip} is not part of VIP pools.") - } - } - cloud::loadbalancer::listen_http { $name : - ports => $port, - httpchk => $httpchk, - options => $options, - listen_ip => $listen_ip_real, - bind_options => $bind_options; - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ "100 allow ${name} binding access": - port => $port, - extras => $firewall_settings, - } - } - - } - -} diff --git a/manifests/loadbalancer/listen_http.pp b/manifests/loadbalancer/listen_http.pp deleted file mode 100644 index bb1a26da..00000000 --- a/manifests/loadbalancer/listen_http.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Define:: -# -# cloud::loadbalancer::listen_http -# -define cloud::loadbalancer::listen_http( - $ports = 'unset', - $httpchk = 'httpchk', - $options = {}, - $bind_options = [], - $listen_ip = ['0.0.0.0']) { - - $options_basic = {'mode' => 'http', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'forwardfor', 'tcplog', $httpchk] } - - $options_custom = merge($options_basic, $options) - - if $options_custom['mode'] == 'http' { - $final_options = merge($options_custom, { 'http-check' => 'expect ! rstatus ^5' }) - } else { - $final_options = $options_custom - } - - haproxy::listen { $name: - ipaddress => $listen_ip, - ports => $ports, - options => $final_options, - bind_options => $bind_options, - } -} diff --git a/manifests/logging.pp b/manifests/logging.pp deleted file mode 100644 index 2af0c11e..00000000 --- a/manifests/logging.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging -# -# Configure common logging -# -class cloud::logging{ - - include ::fluentd - -} diff --git a/manifests/logging/agent.pp b/manifests/logging/agent.pp deleted file mode 100644 index 167caf7c..00000000 --- a/manifests/logging/agent.pp +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging::agent -# -# Configure logging agent -# -# === Parameters: -# -# [*syslog_enable*] -# (optional) Enable the configuration of rsyslog -# Defaults to false -# -# [*sources*] -# (optional) Fluentd sources -# Defaults to empty hash -# -# [*matches*] -# (optional) Fluentd matches -# Defaults to empty hash -# -# [*plugins*] -# (optional) Fluentd plugins to install -# Defaults to empty hash -# -# [*logrotate_rule*] -# (optional) A log rotate rule for the logging agent -# Defaults to empty hash -# -class cloud::logging::agent( - $syslog_enable = false, - $sources = {}, - $matches = {}, - $plugins = {}, - $logrotate_rule = $cloud::params::logging_agent_logrotate_rule, -) inherits cloud::params { - - include cloud::logging - - if $syslog_enable { - include rsyslog::client - } - - file { '/var/db': - ensure => directory, - } -> - file { '/var/db/td-agent': - ensure => 'directory', - owner => 'td-agent', - group => 'td-agent', - require => Class['fluentd'], - } - - ensure_resource('fluentd::configfile', keys($sources)) - ensure_resource('fluentd::configfile', keys($matches)) - create_resources('fluentd::source', $sources, {'require' => 'File[/var/db/td-agent]', 'notify' => 'Service[td-agent]'}) - create_resources('fluentd::match', $matches, {'notify' => 'Service[td-agent]'}) - create_resources('fluentd::install_plugin', $plugins) - create_resources('logrotate::rule', $logrotate_rule) - -} diff --git a/manifests/logging/server.pp b/manifests/logging/server.pp deleted file mode 100644 index bca3a9ad..00000000 --- a/manifests/logging/server.pp +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::logging::server -# -# [*kibana_port*] -# (optional) Port of Kibana service. -# Defaults to '8300' -# -# [*kibana_bind_ip*] -# (optional) Address on which kibana is listening on -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::logging::server( - $kibana_port = '8300', - $kibana_bind_ip = '127.0.0.1', - $firewall_settings = {}, -) { - - Class['cloud::database::nosql::elasticsearch'] -> Class['kibana3'] - Class['cloud::database::nosql::elasticsearch'] -> Class['cloud::logging::agent'] - - include ::kibana3 - include cloud::database::nosql::elasticsearch - include cloud::logging::agent - - # Elasticsearch 1.4 ships with a security setting that prevents Kibana from connecting. - # We need to allow http cors in fluentd instance. - elasticsearch::instance {'fluentd' : - config => { 'http' => { 'cors.enabled' => true } } - } - - @@haproxy::balancermember{"${::fqdn}-kibana": - listening_service => 'kibana', - server_names => $::hostname, - ipaddresses => $kibana_bind_ip, - ports => $kibana_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow kibana access': - port => $kibana_port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/messaging.pp b/manifests/messaging.pp deleted file mode 100644 index 3d038a73..00000000 --- a/manifests/messaging.pp +++ /dev/null @@ -1,182 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::messaging -# -# Install Messsaging Server (RabbitMQ) -# -# === Parameters: -# -# [*rabbit_names*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to $::hostname -# -# [*rabbit_password*] -# (optional) Password to connect to OpenStack queues. -# Defaults to 'rabbitpassword' -# -# [*cluster_node_type*] -# (optional) Store the queues on the disc or in the RAM. -# Could be set to 'disk' or 'ram'. -# Defaults to 'disc' -# -# [*cluster_count*] -# (optional) Queue is mirrored to count nodes in the cluster. -# If there are less than count nodes in the cluster, the queue -# is mirrored to all nodes. If there are more than count nodes -# in the cluster, and a node containing a mirror goes down, -# then a new mirror will be created on another node. -# If a value is set, RabbitMQ policy will be 'exactly'. -# Otherwise, undef will set the policy to 'all' by default. -# To enable this feature, you need 'haproxy_binding' to true. -# Defaults to undef -# -# [*haproxy_binding*] -# (optional) Enable or not HAproxy binding for load-balancing. -# Defaults to false -# -# [*rabbitmq_ip*] -# (optional) IP address of RabbitMQ interface. -# Required when using HAproxy binding. -# Defaults to $::ipaddress -# -# [*rabbitmq_port*] -# (optional) Port of RabbitMQ service. -# Defaults to '5672' -# -# [*erlang_cookie*] -# (required) Erlang cookie to use. -# When running a cluster, this value should be the same for all -# the nodes. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::messaging( - $erlang_cookie, - $cluster_node_type = 'disc', - $cluster_count = undef, - $rabbit_names = $::hostname, - $rabbit_password = 'rabbitpassword', - $haproxy_binding = false, - $rabbitmq_ip = $::ipaddress, - $rabbitmq_port = '5672', - $firewall_settings = {}, -){ - - # we ensure having an array - $array_rabbit_names = any2array($rabbit_names) - - Class['rabbitmq'] -> Rabbitmq_vhost <<| |>> - Class['rabbitmq'] -> Rabbitmq_user <<| |>> - Class['rabbitmq'] -> Rabbitmq_user_permissions <<| |>> - - # Packaging issue: https://bugzilla.redhat.com/show_bug.cgi?id=1033305 - if $::osfamily == 'RedHat' { - $package_provider = 'yum' - file {'/usr/sbin/rabbitmq-plugins': - ensure => link, - target => '/usr/lib/rabbitmq/bin/rabbitmq-plugins' - } - - file {'/usr/sbin/rabbitmq-env': - ensure => link, - target => '/usr/lib/rabbitmq/bin/rabbitmq-env' - } - } - else { - $package_provider = $rabbitmq::params::package_provider - } - - class { 'rabbitmq': - delete_guest_user => true, - config_cluster => true, - cluster_nodes => $array_rabbit_names, - wipe_db_on_cookie_change => true, - cluster_node_type => $cluster_node_type, - node_ip_address => $rabbitmq_ip, - port => $rabbitmq_port, - erlang_cookie => $erlang_cookie, - package_provider => $package_provider, - } - - rabbitmq_vhost { ['/', '/sensu']: - provider => 'rabbitmqctl', - require => Class['rabbitmq'], - } - rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat','trove', 'sensu']: - admin => true, - password => $rabbit_password, - provider => 'rabbitmqctl', - require => Class['rabbitmq'] - } - rabbitmq_user_permissions {[ - 'nova@/', - 'glance@/', - 'neutron@/', - 'cinder@/', - 'ceilometer@/', - 'heat@/', - 'trove@/', - 'sensu@/sensu', - ]: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow rabbitmq access': - port => $rabbitmq_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow rabbitmq management access': - port => '55672', - extras => $firewall_settings, - } - } - - if $haproxy_binding { - - if $cluster_count { - $policy_name = "ha-exactly-${cluster_count}@/" - $definition = { - 'ha-mode' => 'exactly', - 'ha-params' => $cluster_count, - } - } else { - $policy_name = 'ha-all@/' - $definition = { - 'ha-mode' => 'all', - } - } - rabbitmq_policy { $policy_name: - pattern => '^(?!amq\.).*', - definition => $definition, - } - - @@haproxy::balancermember{"${::fqdn}-rabbitmq": - listening_service => 'rabbitmq_cluster', - server_names => $::hostname, - ipaddresses => $rabbitmq_ip, - ports => $rabbitmq_port, - options => 'check inter 5s rise 2 fall 3' - } - } - -} diff --git a/manifests/monitoring/agent/sensu.pp b/manifests/monitoring/agent/sensu.pp deleted file mode 100644 index 743a0e86..00000000 --- a/manifests/monitoring/agent/sensu.pp +++ /dev/null @@ -1,21 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -class cloud::monitoring::agent::sensu { - - Package['sensu'] -> Sensu::Plugin <<| |>> - - include ::sensu -} diff --git a/manifests/monitoring/server/sensu.pp b/manifests/monitoring/server/sensu.pp deleted file mode 100644 index b9191f73..00000000 --- a/manifests/monitoring/server/sensu.pp +++ /dev/null @@ -1,134 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# [*checks*] -# (optionnal) Hash of checks and their respective options -# Defaults to {}. -# Example : -# $checks = { -# 'ntp' => { -# 'command' => '/etc/sensu/plugins/check-ntp.sh'}, -# 'http' => { -# 'command' => '/etc/sensu/plugins/check-http.sh'}, -# } -# -# [*handlers*] -# (optionnal) Hash of handlers and their respective options -# Defaults to {}. -# Example : -# $handlers = { -# 'mail' => { -# 'command' => 'mail -s "Sensu Alert" contact@example.com'}, -# } -# -# [*plugins*] -# (optionnal) Hash of handlers and their respective options -# Defaults to {}. -# Example : -# $plugins = { -# 'http://www.example.com/ntp.sh' => { -# 'type' => 'url', -# 'install_path' => '/etc/sensu/plugins', -# } -# } -# -# [*manage_sensu_plugins*] -# (optionnal) A boolean that determines if the Sensu plugins resources should be exported -# from this node -# Defaults to 'false' -# -# [*sensu_api_ip*] -# (optionnal) IP address to bind the sensu_api to -# Defaults to '%{::ipaddress}' -# -# [*sensu_api_port*] -# (optionnal) Port to bind the sensu_api to -# Defaults to '4568' -# -# [*uchiwa_ip*] -# (optionnal) IP address to bind uchiwa to -# Defaults to '%{::ipaddress}' -# -# [*uchiwa_port*] -# (optionnal) Port to bind uchiwa to -# Defaults to '3000' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::monitoring::server::sensu ( - $checks = {}, - $handlers = {}, - $plugins = {}, - $manage_sensu_plugins = false, - $sensu_api_ip = $::ipaddress, - $sensu_api_port = '4568', - $uchiwa_ip = $::ipaddress, - $uchiwa_port = '3000', - $firewall_settings = {}, -) { - - include cloud::params - - Service['sensu-api'] -> Service['uchiwa'] - Service['sensu-server'] -> Service['uchiwa'] - Service['sensu-server'] -> Sensu::Plugin <<| |>> - - include cloud::monitoring::agent::sensu - - create_resources('sensu::check', $checks) - create_resources('sensu::handler', $handlers) - - if $manage_sensu_plugins { - create_resources('@@sensu::plugin', $plugins) - } - - include ::uchiwa - uchiwa::api { 'OpenStack' : - host => $sensu_api_ip, - port => $sensu_api_port, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow sensu_dashboard access': - port => $uchiwa_port, - extras => $firewall_settings, - } - - cloud::firewall::rule{ '100 allow sensu_api access': - port => $sensu_api_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-sensu_dashboard": - listening_service => 'sensu_dashboard', - server_names => $::hostname, - ipaddresses => $uchiwa_ip, - ports => $uchiwa_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-sensu_api": - listening_service => 'sensu_api', - server_names => $::hostname, - ipaddresses => $sensu_api_ip, - ports => $sensu_api_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/network.pp b/manifests/network.pp deleted file mode 100644 index 53ea908f..00000000 --- a/manifests/network.pp +++ /dev/null @@ -1,124 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network -# -# Common class for network nodes -# -# === Parameters: -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*api_eth*] -# (optional) Which interface we bind the Neutron API server. -# Defaults to '127.0.0.1' -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*dhcp_lease_duration*] -# (optional) DHCP Lease duration (in seconds) -# Defaults to '120' -# -# [*plugin*] -# (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv', 'opencontrail'. -# Defaults to 'ml2' -# -# [*service_plugins*] -# (optional) List of service plugin entrypoints to be loaded from the neutron -# service_plugins namespace -# Defaults to ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'] -# -class cloud::network( - $verbose = true, - $debug = true, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $api_eth = '127.0.0.1', - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $dhcp_lease_duration = '120', - $plugin = 'ml2', - $service_plugins = ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - neutron_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/neutron' - } - - case $plugin { - 'ml2': { - $core_plugin = 'neutron.plugins.ml2.plugin.Ml2Plugin' - } - 'n1kv': { - $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' - } - 'opencontrail': { - $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' - } - default: { - fail("${plugin} plugin is not supported.") - } - } - - class { 'neutron': - allow_overlapping_ips => true, - verbose => $verbose, - debug => $debug, - rabbit_user => 'neutron', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_virtual_host => '/', - bind_host => $api_eth, - log_facility => $log_facility, - use_syslog => $use_syslog, - dhcp_agents_per_network => '2', - core_plugin => $core_plugin, - service_plugins => $service_plugins, - log_dir => $log_dir, - dhcp_lease_duration => $dhcp_lease_duration, - report_interval => '30', - } - -} diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp deleted file mode 100644 index 2a19b810..00000000 --- a/manifests/network/contrail/analytics.pp +++ /dev/null @@ -1,59 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::analytics -# -# Install a Contrail analytics node -# -# === Parameters: -# -# [*bind_ip*] -# (optional) Address on which the Contrail analytics api is listening on -# Defaults to '127.0.0.1' -# -# [*port*] -# (optional) Port where Contrail analytics api is bound to -# Used for firewall purpose. -# Default to 8081 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::analytics ( - $bind_ip = '127.0.0.1', - $port = 8081, - $firewall_settings = {}, -){ - - include ::contrail::analytics - - @@haproxy::balancermember{"${::fqdn}-contrail-analytics-api": - listening_service => 'contrail_analytics_api', - server_names => $::hostname, - ipaddresses => $bind_ip, - ports => $port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail analytics access': - port => [$port, '8086'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp deleted file mode 100644 index cc0c543d..00000000 --- a/manifests/network/contrail/config.pp +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::config -# -# Install a Contrail config node -# -# === Parameters: -# -# [*api_bind_ip*] -# (optional) Address on which the Contrail config api is listening on -# Defaults to '127.0.0.1' -# -# [*discovery_bind_ip*] -# (optional) Address on which the Contrail discovery is listening on -# Defaults to '127.0.0.1' -# -# [*api_port*] -# (optional) Port where Contrail config api is bound to -# Used for firewall purpose. -# Default to 9100 -# -# [*discovery_port*] -# (optional) Port where Contrail discovery is bound to -# Used for firewall purpose. -# Default to 9110 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::config ( - $api_bind_ip = '127.0.0.1', - $discovery_bind_ip = '127.0.0.1', - $api_port = 9100, - $discovery_port = 9110, - $firewall_settings = {}, -){ - - include ::contrail::config - - @@haproxy::balancermember{"${::fqdn}-contrail-config-api": - listening_service => 'contrail_config_api', - server_names => $::hostname, - ipaddresses => $api_bind_ip, - ports => $api_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-contrail-config-discovery": - listening_service => 'contrail_config_discovery', - server_names => $::hostname, - ipaddresses => $discovery_bind_ip, - ports => $discovery_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail config access': - port => ['8443', '8087', '8088', $discovery_port, $api_port], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp deleted file mode 100644 index 76bf5d1b..00000000 --- a/manifests/network/contrail/control.pp +++ /dev/null @@ -1,40 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::control -# -# Install a Contrail control node -# -# === Parameters: -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::control ( - $firewall_settings = {}, -){ - - include ::contrail::control - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail control access': - port => ['8083', '5269', '8092', '8093'], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp deleted file mode 100644 index d8be7be0..00000000 --- a/manifests/network/contrail/database.pp +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::database -# -# Install a Contrail database node -# -# === Parameters: -# -# [*port*] -# (optional) Port where Kafka is bound to -# Used for firewall purpose. -# Default to 9042 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::database ( - $port = 9042, - $firewall_settings = {}, -){ - - include ::contrail::database - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail database access': - port => $port, - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/contrail/haproxy.pp b/manifests/network/contrail/haproxy.pp deleted file mode 100644 index 41ab345f..00000000 --- a/manifests/network/contrail/haproxy.pp +++ /dev/null @@ -1,183 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::haproxy -# -# Create the haproxy stanzas for Contrail related services -# -# === Parameters: -# -# [*contrail_analytics_api*] -# (optional) Enable or not Contrail analytics api public binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to false -# -# [*contrail_config_api*] -# (optional) Enable or not Contrail config api binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*contrail_config_discovery*] -# (optional) Enable or not Contrail discoverybinding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to false -# -# [*contrail_webui_http*] -# (optional) Enable or not Contrail webui http binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure. -# Defaults to true -# -# [*contrail_webui_https*] -# (optional) Enable or not Contrail webui https binding. -# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false. -# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options. -# If set to false, no binding will be configure -# Defaults to true -# -# [*contrail_analytics_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_config_api_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_config_discovery_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_webui_http_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_webui_https_bind_options*] -# (optional) A hash of options that are inserted into the HAproxy listening -# service configuration block. -# Defaults to [] -# -# [*contrail_analytics_api_port*] -# (optional) TCP port to connect to Contrail analytics api from public network -# Defaults to '8081' -# -# [*contrail_config_api_port*] -# (optional) TCP port to connect to Contrail config api from public network -# Defaults to '8082' -# -# [*contrail_config_discovery_port*] -# (optional) TCP port to connect to Contrail discovery from public network -# Defaults to '5998' -# -# [*contrail_webui_http_port*] -# (optional) TCP port to connect to Contrail webui http from public network -# Defaults to '8079' -# -# [*contrail_webui_https_port*] -# (optional) TCP port to connect to Contrail webui https from public network -# Defaults to '8143' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::haproxy ( - $contrail_analytics_api = false, - $contrail_config_api = false, - $contrail_config_discovery = false, - $contrail_webui_http = false, - $contrail_webui_https = false, - $contrail_analytics_api_bind_options = [], - $contrail_config_api_bind_options = [], - $contrail_config_discovery_bind_options = [], - $contrail_webui_http_bind_options = [], - $contrail_webui_https_bind_options = [], - $contrail_analytics_api_port = 8081, - $contrail_config_api_port = 8082, - $contrail_config_discovery_port = 5998, - $contrail_webui_http_port = 8079, - $contrail_webui_https_port = 8143, - $firewall_settings = {}, -){ - - cloud::loadbalancer::binding { 'contrail_analytics_api': - ip => $contrail_analytics_api, - port => $contrail_analytics_api_port, - bind_options => $contrail_analytics_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger', 'tcp-check'], - 'default-server' => 'error-limit 1 on-error mark-down', - }, - } - - cloud::loadbalancer::binding { 'contrail_config_api': - ip => $contrail_config_api, - port => $contrail_config_api_port, - bind_options => $contrail_config_api_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger'], - }, - } - - cloud::loadbalancer::binding { 'contrail_config_discovery': - ip => $contrail_config_discovery, - port => $contrail_config_discovery_port, - bind_options => $contrail_config_discovery_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'roundrobin', - 'option' => ['nolinger'], - }, - } - - cloud::loadbalancer::binding { 'contrail_webui_http': - ip => $contrail_webui_http, - port => $contrail_webui_http_port, - bind_options => $contrail_webui_http_bind_options, - firewall_settings => $firewall_settings, - options => { - 'balance' => 'source', - }, - } - - cloud::loadbalancer::binding { 'contrail_webui_https': - ip => $contrail_webui_https, - port => $contrail_webui_https_port, - bind_options => $contrail_webui_https_bind_options, - httpchk => 'ssl-hello-chk', - firewall_settings => $firewall_settings, - options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - } - } - -} diff --git a/manifests/network/contrail/rabbitmq.pp b/manifests/network/contrail/rabbitmq.pp deleted file mode 100644 index cae9b4ec..00000000 --- a/manifests/network/contrail/rabbitmq.pp +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::rabbitmq -# -# This resource creates RabbitMQ resources for Contrail -# -# == Parameters: -# -# [*user*] -# (optional) The username to use when connecting to Rabbit -# Defaults to 'contrail' -# -# [*password*] -# (optional) The password to use when connecting to Rabbit -# Defaults to 'contrailpassword' -# -# [*vhost*] -# (optional) The virtual host to use when connecting to Rabbit -# Defaults to '/' -# -# [*is_admin*] -# (optional) If the user should be admin or not -# Defaults to true -# -# [*configure_permission*] -# (optional) Define configure permission -# Defaults to '.*' -# -# [*write_permission*] -# (optional) Define write permission -# Defaults to '.*' -# -# [*read_permission*] -# (optional) Define read permission -# Defaults to '.*' -# -class cloud::network::contrail::rabbitmq ( - $user = 'contrail', - $password = 'contrailpassword', - $vhost = '/', - $is_admin = true, - $configure_permission = '.*', - $write_permission = '.*', - $read_permission = '.*', -) { - - rabbitmq_user { $user : - admin => $is_admin, - password => $password, - provider => 'rabbitmqctl', - } - - if !defined(Rabbitmq_vhost[$vhost]) { - rabbitmq_vhost { $vhost : - provider => 'rabbitmqctl', - } - } - - rabbitmq_user_permissions { "${user}@${vhost}" : - configure_permission => $configure_permission, - write_permission => $write_permission, - read_permission => $read_permission, - provider => 'rabbitmqctl', - } - -} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp deleted file mode 100644 index 2a2a0177..00000000 --- a/manifests/network/contrail/vrouter.pp +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::vrouter -# -# Install a Contrail vrouter agent on the node -# -# === Parameters: -# -class cloud::network::contrail::vrouter ( -){ - - include ::contrail::vrouter - -} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp deleted file mode 100644 index 5f291343..00000000 --- a/manifests/network/contrail/webui.pp +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::contrail::webui -# -# Install a Contrail webui node -# -# === Parameters: -# -# [*http_bind_ip*] -# (optional) Address on which the Contrail webui http service is listening on -# Defaults to '127.0.0.1' -# -# [*https_bind_ip*] -# (optional) Address on which the Contrail webui https service is listening on -# Defaults to '127.0.0.1' -# -# [*http_port*] -# (optional) Port where Contrail webui http service is bound to -# Used for firewall purpose. -# Default to 9100 -# -# [*https_port*] -# (optional) Port where Contrail webui https is bound to -# Used for firewall purpose. -# Default to 9110 -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::contrail::webui ( - $http_bind_ip = '127.0.0.1', - $https_bind_ip = '127.0.0.1', - $http_port = 8080, - $https_port = 8143, - $firewall_settings = {}, -){ - - include ::contrail::webui - - @@haproxy::balancermember{"${::fqdn}-contrail-webui-http": - listening_service => 'contrail_webui_http', - server_names => $::hostname, - ipaddresses => $http_bind_ip, - ports => $http_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-contrail-webui-https": - listening_service => 'contrail_webui_https', - server_names => $::hostname, - ipaddresses => $https_bind_ip, - ports => $https_port, - options => 'check inter 2000 rise 2 fall 5' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow contrail webui access': - port => [$http_port, $https_port], - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/controller.pp b/manifests/network/controller.pp deleted file mode 100644 index a53c7855..00000000 --- a/manifests/network/controller.pp +++ /dev/null @@ -1,366 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network Controller node (API + Scheduler) -# -# === Parameters: -# -# [*neutron_db_host*] -# (optional) Host where user should be allowed all privileges for database. -# Defaults to 127.0.0.1 -# -# [*neutron_db_user*] -# (optional) Name of neutron DB user. -# Defaults to trove -# -# [*neutron_db_password*] -# (optional) Password that will be used for the neutron db user. -# Defaults to 'neutronpassword' -# -# [*neutron_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_public_port*] -# (optional) TCP port to connect to Keystone API from public network -# Defaults to '5000' -# -# [*ks_neutron_public_port*] -# (optional) TCP port to connect to Neutron API from public network -# Defaults to '9696' -# -# [*api_eth*] -# (optional) Which interface we bind the Neutron server. -# Defaults to '127.0.0.1' -# -# [*ks_admin_tenant*] -# (optional) Admin tenant name in Keystone -# Defaults to 'admin' -# -# [*nova_url*] -# (optional) URL for connection to nova (Only supports one nova region -# currently). -# Defaults to 'http://127.0.0.1:8774/v2' -# -# [*nova_admin_auth_url*] -# (optional) Authorization URL for connection to nova in admin context. -# Defaults to 'http://127.0.0.1:5000/v2.0' -# -# [*nova_admin_username*] -# (optional) Username for connection to nova in admin context -# Defaults to 'nova' -# -# [*nova_admin_tenant_name*] -# (optional) The name of the admin nova tenant -# Defaults to 'services' -# -# [*nova_admin_password*] -# (optional) Password for connection to nova in admin context. -# Defaults to 'novapassword' -# -# [*nova_region_name*] -# (optional) Name of nova region to use. Useful if keystone manages more than -# one region. -# Defaults to 'RegionOne' -# -# [*manage_ext_network*] -# (optionnal) Manage or not external network with provider network API -# Defaults to false. -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -# [*tenant_network_types*] -# (optional) Handled tenant network types -# Defaults to ['gre'] -# Possible value ['local', 'flat', 'vlan', 'gre', 'vxlan'] -# -# [*type_drivers*] -# (optional) Drivers to load -# Defaults to ['gre', 'vlan', 'flat'] -# Possible value ['local', 'flat', 'vlan', 'gre', 'vxlan'] -# -# [*plugin*] -# (optional) Neutron plugin name -# Supported values: 'ml2', 'n1kv', 'opencontrail'. -# Defaults to 'ml2' -# -# [*l3_ha*] -# (optional) Enable L3 agent HA -# Defaults to false. -# -# [*router_distributed*] -# (optional) Create distributed tenant routers by default -# Right now, DVR is not compatible with l3_ha -# Defaults to false -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_admin_user*] -# (optional) Admin user to connect to Keystone API -# Defaults to 'admin' -# -# [*ks_keystone_admin_password*] -# (optional) Password for admin user to connect to Keystone API -# Defaults to 'password' -# -# [*ks_keystone_admin_token*] -# (optional) Token to connect to Keystone API as admin user -# Defaults to undef -# -# [*provider_vlan_ranges*] -# (optionnal) VLAN range for provider networks -# Defaults to ['physnet1:1000:2999'] -# -# [*flat_networks*] -# (optionnal) List of physical_network names with which flat networks -# can be created. Use * to allow flat networks with arbitrary -# physical_network names. -# Should be an array. -# Default to ['public']. -# -# [*n1kv_vsm_ip*] -# (required) N1KV VSM (Virtual Supervisor Module) VM's IP. -# Defaults to 127.0.0.1 -# -# [*n1kv_vsm_password*] -# (required) N1KV VSM (Virtual Supervisor Module) password. -# Defaults to secrete -# -# [*tunnel_id_ranges*] -# (optional) GRE tunnel id ranges. used by he ml2 plugin -# List of colon-separated id ranges -# Defaults to ['1:10000'] -# -# [*vni_ranges*] -# (optional) VxLan Network ID range. used by the ml2 plugin -# List of colon-separated id ranges -# Defaults to ['1:10000'] -# -# [*contrail_api_server_ip*] -# (optional) IP address of the Contrail API -# Defaults to 127.0.0.1 -# -# [*contrail_api_server_port*] -# (optional) Port of the Contrail API -# Defaults to 8082 -# -# [*contrail_multi_tenancy*] -# (optional) Should Contrail support multi tenancy -# Boolean. -# Defaults to true -# -# [*contrail_extensions*] -# (optional) Array of extensions enabled for Contrail -# Array of extensions -# Defaults to [''] -# -# [*mechanism_drivers*] -# (optional) Neutron mechanism drivers to run -# List of drivers. -# Note: if l3-ha is True, do not include l2population (not compatible in Juno). -# Defaults to ['linuxbridge', 'openvswitch','l2population'] -# -class cloud::network::controller( - $neutron_db_host = '127.0.0.1', - $neutron_db_user = 'neutron', - $neutron_db_password = 'neutronpassword', - $neutron_db_idle_timeout = 5000, - $ks_neutron_password = 'neutronpassword', - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_admin_port = 35357, - $ks_keystone_admin_user = 'admin', - $ks_admin_tenant = 'admin', - $ks_keystone_admin_password = 'password', - $ks_keystone_admin_token = undef, - $ks_keystone_public_port = 5000, - $ks_neutron_public_port = 9696, - $api_eth = '127.0.0.1', - $nova_url = 'http://127.0.0.1:8774/v2', - $nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0', - $nova_admin_username = 'nova', - $nova_admin_tenant_name = 'services', - $nova_admin_password = 'novapassword', - $nova_region_name = 'RegionOne', - $manage_ext_network = false, - $firewall_settings = {}, - $flat_networks = ['public'], - $tenant_network_types = ['gre'], - $type_drivers = ['gre', 'vlan', 'flat'], - $provider_vlan_ranges = ['physnet1:1000:2999'], - $plugin = 'ml2', - $mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'], - $l3_ha = false, - $router_distributed = false, - # only needed by cisco n1kv plugin - $n1kv_vsm_ip = '127.0.0.1', - $n1kv_vsm_password = 'secrete', - # only needed by ml2 plugin - $tunnel_id_ranges = ['1:10000'], - $vni_ranges = ['1:10000'], - # only needed by opencontrail plugin - $contrail_api_server_ip = '127.0.0.1', - $contrail_api_server_port = '8082', - $contrail_multi_tenancy = true, - $contrail_extensions = [''], -) { - - include 'cloud::network' - include ::neutron::quota - - $encoded_user = uriescape($neutron_db_user) - $encoded_password = uriescape($neutron_db_password) - - if $l3_ha and $router_distributed { - fail 'l3_ha and router_distributed are mutually exclusive, only one of them can be set to true' - } - - validate_array($mechanism_drivers) - if $l3_ha and member($mechanism_drivers, 'l2population') { - fail 'l3_ha does not work with l2population mechanism driver in Juno.' - } - - class { 'neutron::server': - auth_password => $ks_neutron_password, - auth_host => $ks_keystone_admin_host, - auth_protocol => $ks_keystone_admin_proto, - auth_port => $ks_keystone_public_port, - database_connection => "mysql://${encoded_user}:${encoded_password}@${neutron_db_host}/neutron?charset=utf8", - database_idle_timeout => $neutron_db_idle_timeout, - mysql_module => '2.2', - api_workers => $::processorcount, - agent_down_time => '60', - l3_ha => $l3_ha, - router_distributed => $router_distributed, - } - - case $plugin { - 'ml2': { - $core_plugin = 'neutron.plugins.ml2.plugin.Ml2Plugin' - class { 'neutron::plugins::ml2': - type_drivers => $type_drivers, - tenant_network_types => $tenant_network_types, - network_vlan_ranges => $provider_vlan_ranges, - tunnel_id_ranges => $tunnel_id_ranges, - vni_ranges => $vni_ranges, - flat_networks => $flat_networks, - mechanism_drivers => $mechanism_drivers, - enable_security_group => true - } - } - - 'n1kv': { - $core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2' - class { 'neuton::plugins::cisco': - database_user => $neutron_db_user, - database_password => $neutron_db_password, - database_host => $neutron_db_host, - keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/", - keystone_password => $ks_neutron_password, - vswitch_plugin => 'neutron.plugins.cisco.n1kv.n1kv_neutron_plugin.N1kvNeutronPluginV2', - } - neutron_plugin_cisco { - 'securitygroup/firewall_driver': value => 'neutron.agent.firewall.NoopFirewallDriver'; - "N1KV:${n1kv_vsm_ip}/username": value => 'admin'; - "N1KV:${n1kv_vsm_ip}/password": value => $n1kv_vsm_password; - # TODO (EmilienM) not sure about this one: - 'database/connection': value => "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/neutron"; - } - } - - 'opencontrail': { - $core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2' - class { 'neutron::plugins::opencontrail': - api_server_ip => $contrail_api_server_ip , - api_server_port => $contrail_api_server_port, - multi_tenancy => $contrail_multi_tenancy, - contrail_extensions => $contrail_extensions, - keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/", - keystone_admin_user => $ks_keystone_admin_user, - keystone_admin_tenant_name => $ks_admin_tenant, - keystone_admin_password => $ks_keystone_admin_password, - keystone_admin_token => $ks_keystone_admin_token, - } - } - - default: { - fail("${plugin} plugin is not supported.") - } - } - - class { 'neutron::server::notifications': - nova_url => $nova_url, - nova_admin_auth_url => $nova_admin_auth_url, - nova_admin_username => $nova_admin_username, - nova_admin_tenant_name => $nova_admin_tenant_name, - nova_admin_password => $nova_admin_password, - nova_region_name => $nova_region_name - } - - if $manage_ext_network { - neutron_network {'public': - provider_network_type => 'flat', - provider_physical_network => 'public', - shared => true, - router_external => true - } - } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Neutron DB. - # It's a hack to fit with our setup where we run MySQL/Galera - Neutron_config<| |> -> - exec {'neutron_db_sync': - command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - path => '/usr/bin', - user => 'neutron', - unless => "/usr/bin/mysql neutron -h ${neutron_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables", - require => 'Neutron_config[DEFAULT/service_plugins]', - notify => Service['neutron-server'] - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow neutron-server access': - port => $ks_neutron_public_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-neutron_api": - listening_service => 'neutron_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_neutron_public_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/network/dhcp.pp b/manifests/network/dhcp.pp deleted file mode 100644 index 45da0dd1..00000000 --- a/manifests/network/dhcp.pp +++ /dev/null @@ -1,87 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network DHCP node -# -# === Parameters: -# -# [*veth_mtu*] -# (optional) Enforce the default virtual interface MTU (option 26) -# Defaults to 1500 -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*dnsmasq_dns_servers*] -# (optional) An array of DNS IP used to configure Virtual server resolver -# Defaults to false -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::dhcp( - $veth_mtu = 1500, - $debug = true, - $dnsmasq_dns_servers = false, - $firewall_settings = {}, -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::dhcp': - debug => $debug, - dnsmasq_config_file => '/etc/neutron/dnsmasq-neutron.conf', - enable_isolated_metadata => true - } - - if $dnsmasq_dns_servers { - neutron_dhcp_agent_config { 'DEFAULT/dnsmasq_dns_servers': - value => join($dnsmasq_dns_servers, ',') - } - } else { - neutron_dhcp_agent_config { 'DEFAULT/dnsmasq_dns_servers': - ensure => absent - } - } - - file { '/etc/neutron/dnsmasq-neutron.conf': - content => template('cloud/network/dnsmasq-neutron.conf.erb'), - owner => 'root', - mode => '0755', - group => 'root', - notify => Service['neutron-dhcp-agent'] - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow dhcp in access': - port => '67', - proto => 'udp', - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow dhcp out access': - port => '68', - proto => 'udp', - chain => 'OUTPUT', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/network/l3.pp b/manifests/network/l3.pp deleted file mode 100644 index e59fd646..00000000 --- a/manifests/network/l3.pp +++ /dev/null @@ -1,132 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network L3 node -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*ext_provider_net*] -# (optional) Manage L3 with another provider -# Defaults to false -# -# [*external_int*] -# (optional) The name of the external nic -# Defaults to eth1 -# -# [*manage_tso*] -# (optional) Disable TSO on Neutron interfaces -# Defaults to true -# -# [*ha_enabled*] -# (optional) Enable HA for L3 agent or not. -# Defaults to false -# -# [*ha_vrrp_auth_type*] -# (optional) VRRP authentication type. Can be AH or PASS. -# Defaults to "PASS" -# -# [*ha_vrrp_auth_password*] -# (optional) VRRP authentication password. Required if ha_enabled = true. -# Defaults to undef -# -# [*allow_automatic_l3agent_failover*] -# (optional) Automatically reschedule routers from offline L3 agents to online -# L3 agents. -# Defaults to 'False' -# -# [*agent_mode*] -# (optional) The working mode for the agent. -# 'legacy': default behavior (without DVR) -# 'dvr': enable DVR for an L3 agent running on compute node (DVR in production) -# 'dvr_snat': enable DVR with centralized SNAT support (DVR for single-host, for testing only) -# Right now, DVR is not compatible with ha_enabled -# Defaults to 'legacy' -# -class cloud::network::l3( - $external_int = 'eth1', - $ext_provider_net = false, - $debug = true, - $manage_tso = true, - $ha_enabled = false, - $ha_vrrp_auth_type = 'PASS', - $ha_vrrp_auth_password = undef, - $allow_automatic_l3agent_failover = false, - $agent_mode = 'legacy', - -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - if $ha_enabled and $agent_mode != 'legacy' { - fail 'ha_enabled requires agent_mode to be set to legacy' - } - - if ! $ext_provider_net { - vs_bridge{'br-ex': - external_ids => 'bridge-id=br-ex', - } -> - vs_port{$external_int: - ensure => present, - bridge => 'br-ex' - } - $external_network_bridge_real = 'br-ex' - } else { - $external_network_bridge_real = '' - } - - class { 'neutron::agents::l3': - debug => $debug, - external_network_bridge => $external_network_bridge_real, - ha_enabled => $ha_enabled, - ha_vrrp_auth_type => $ha_vrrp_auth_type, - ha_vrrp_auth_password => $ha_vrrp_auth_password, - allow_automatic_l3agent_failover => $allow_automatic_l3agent_failover, - agent_mode => $agent_mode, - } - - class { 'neutron::agents::metering': - debug => $debug, - } - - # Disabling TSO/GSO/GRO - if $manage_tso { - if $::osfamily == 'Debian' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/update-rc.d disable-tso defaults', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } elsif $::osfamily == 'RedHat' { - ensure_resource ('exec','enable-tso-script', { - 'command' => '/usr/sbin/chkconfig disable-tso on', - 'unless' => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - ensure_resource ('exec','start-tso-script', { - 'command' => '/etc/init.d/disable-tso start', - 'unless' => '/usr/bin/test -f /var/run/disable-tso.pid', - 'onlyif' => '/usr/bin/test -f /etc/init.d/disable-tso' - }) - } - -} diff --git a/manifests/network/lbaas.pp b/manifests/network/lbaas.pp deleted file mode 100644 index c65a4f23..00000000 --- a/manifests/network/lbaas.pp +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Network LBaaS node -# -# === Parameters: -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*manage_haproxy_pkg*] -# (optional) Manage or not HAproxy package -# Defaults to true -# -class cloud::network::lbaas( - $debug = true, - $manage_haproxy_pkg = true -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::lbaas': - manage_haproxy_package => $manage_haproxy_pkg, - debug => $debug, - } - -} diff --git a/manifests/network/metadata.pp b/manifests/network/metadata.pp deleted file mode 100644 index 7cf5a38a..00000000 --- a/manifests/network/metadata.pp +++ /dev/null @@ -1,93 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::network::metadata -# -# Network Metadata node -# -# === Parameters: -# -# [*enabled*] -# (optional) State of the metadata service. -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*ks_neutron_password*] -# (optional) Password used by Neutron to connect to Keystone API -# Defaults to 'neutronpassword' -# -# [*neutron_metadata_proxy_shared_secret*] -# (optional) Shared secret to validate proxies Neutron metadata requests -# Defaults to 'metadatapassword' -# -# [*nova_metadata_server*] -# (optional) Hostname or IP of the Nova metadata server -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_nova_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*auth_region*] -# (optional) OpenStack Region Name -# Defaults to 'RegionOne' -# -class cloud::network::metadata( - $enabled = true, - $debug = true, - $ks_neutron_password = 'neutronpassword', - $neutron_metadata_proxy_shared_secret = 'asecreteaboutneutron', - $nova_metadata_server = '127.0.0.1', - $ks_keystone_admin_proto = 'http', - $ks_keystone_admin_port = 35357, - $ks_keystone_admin_host = '127.0.0.1', - $auth_region = 'RegionOne', - $ks_nova_internal_proto = 'http' -) { - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::metadata': - enabled => $enabled, - shared_secret => $neutron_metadata_proxy_shared_secret, - debug => $debug, - metadata_ip => $nova_metadata_server, - auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0", - auth_password => $ks_neutron_password, - auth_region => $auth_region, - metadata_workers => $::processorcount, - } - - neutron_metadata_agent_config { - 'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto; - } - -} diff --git a/manifests/network/vpn.pp b/manifests/network/vpn.pp deleted file mode 100644 index f351f592..00000000 --- a/manifests/network/vpn.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network VPNaaS node -# -class cloud::network::vpn{ - - include 'cloud::network' - include 'cloud::network::vswitch' - - class { 'neutron::agents::vpnaas': } - -} diff --git a/manifests/network/vswitch.pp b/manifests/network/vswitch.pp deleted file mode 100644 index 3c175c7d..00000000 --- a/manifests/network/vswitch.pp +++ /dev/null @@ -1,259 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Network vswitch class -# -# === Parameters: -# -# [*driver*] -# (optional) Neutron vswitch driver -# Supported values: 'ml2_ovs', 'ml2_lb', 'n1kv_vem'. -# Note: 'n1kv_vem' currently works only on Red Hat systems. -# Defaults to 'ml2_ovs' -# -# [*external_int*] -# (optionnal) Network interface to bind the external provider network -# Defaults to 'eth1'. -# -# [*external_bridge*] -# (optionnal) OVS bridge used to bind external provider network -# Defaults to 'br-pub'. -# -# [*manage_ext_network*] -# (optionnal) Manage or not external network with provider network API -# Defaults to false. -# -# [*tunnel_eth*] -# (optional) Interface IP used to build the tunnels -# Defaults to '127.0.0.1' -# -# [*tunnel_typeis] -# (optional) List of types of tunnels to use when utilizing tunnels -# Defaults to ['gre'] -# -# [*provider_bridge_mappings*] -# (optional) List of : -# -# [*enable_distributed_routing*] -# (optional) Enable support for distributed routing on L2 agent. -# Defaults to false. -# -# [*n1kv_vsm_ip*] -# (required) N1KV VSM (Virtual Supervisor Module) VM's IP. -# Defaults to 127.0.0.1 -# -# [*n1kv_vsm_domainid*] -# (required) N1KV VSM DomainID. -# Defaults to 1000 -# -# [*host_mgmt_intf*] -# (required) Management Interface of node where VEM will be installed. -# Defaults to eth1 -# -# [*uplink_profile*] -# (optional) Uplink Interfaces that will be managed by VEM. The uplink -# port-profile that configures these interfaces should also be specified. -# (format) -# $uplink_profile = { 'eth1' => 'profile1', -# 'eth2' => 'profile2' -# }, -# Defaults to empty -# -# [*vtep_config*] -# (optional) Virtual tunnel interface configuration. -# Eg:VxLAN tunnel end-points. -# (format) -# $vtep_config = { 'vtep1' => { 'profile' => 'virtprof1', -# 'ipmode' => 'dhcp' -# }, -# 'vtep2' => { 'profile' => 'virtprof2', -# 'ipmode' => 'static', -# 'ipaddress' => '192.168.1.1', -# 'netmask' => '255.255.255.0' -# } -# }, -# Defaults to empty -# -# [*node_type*] -# (optional). Specify the type of node: 'compute' (or) 'network'. -# Defaults to 'compute' -# -# All the above parameter values will be used in the config file: n1kv.conf -# -# [*vteps_in_same_subnet*] -# (optional) -# The VXLAN tunnel interfaces created on VEM can belong to same IP-subnet. -# In such case, set this parameter to true. This results in below -# 'sysctl:ipv4' values to be modified. -# rp_filter (reverse path filtering) set to 2(Loose).Default is 1(Strict) -# arp_ignore (arp reply mode) set to 1:reply only if target ip matches -# that of incoming interface. Default is 0 -# Please refer Linux Documentation for detailed description -# http://lxr.free-electrons.com/source/Documentation/networking/ip-sysctl.txt -# -# If the tunnel interfaces are not in same subnet set this parameter to false. -# Note that setting to false causes no change in the sysctl settings and does -# not revert the changes made if it was originally set to true on a previous -# catalog run. -# -# Defaults to false -# -# [*n1kv_source*] -# (optional) -# n1kv_source ==> VEM package location. One of below -# A)URL of yum repository that hosts VEM package. -# B)VEM RPM/DPKG file name, If present locally in 'files' folder -# C)If not specified, assumes that VEM image is available in -# default enabled repositories. -# Defaults to empty -# -# [*n1kv_version*] -# (optional). Specify VEM package version to be installed. -# Not applicable if 'n1kv_source' is a file. (Option-B above) -# Defaults to 'present' -# -# [*tunnel_types*] -# (optional) List of types of tunnels to use when utilizing tunnels. -# Supported tunnel types are: vxlan. -# Defaults to ['gre'] -# -# [*n1kv_vsm_domain_id*] -# (optional) N1000 KV Domain ID (does nothing?) -# Defaults to 1000 -# -# [*enable_tunneling*] -# (optional) Enable or not tunneling. -# Should be disable if using VLAN but enabled if using GRE or VXLAN. -# Defailts to true -# -# [*l2_population*] -# (optional) Enable or not L2 population. -# If enabled, should be part of mechanism_drivers in cloud::network::controller. -# Should be disabled if running L3 HA with VRRP in Juno. -# Defaults to true -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::network::vswitch( - # common - $driver = 'ml2_ovs', - $manage_ext_network = false, - $external_int = 'eth1', - $external_bridge = 'br-pub', - $firewall_settings = {}, - # common to ml2 - $tunnel_types = ['gre'], - $tunnel_eth = '127.0.0.1', - $enable_tunneling = true, - $l2_population = true, - # ml2_ovs - $provider_bridge_mappings = ['public:br-pub'], - $enable_distributed_routing = false, - # n1kv_vem - $n1kv_vsm_ip = '127.0.0.1', - $n1kv_vsm_domain_id = 1000, - $host_mgmt_intf = 'eth1', - $uplink_profile = {}, - $vtep_config = {}, - $node_type = 'compute', - $vteps_in_same_subnet = false, - $n1kv_source = '', - $n1kv_version = 'present', -) { - - include 'cloud::network' - - case $driver { - 'ml2_ovs': { - class { 'neutron::agents::ml2::ovs': - enable_tunneling => $enable_tunneling, - l2_population => $l2_population, - polling_interval => '15', - tunnel_types => $tunnel_types, - bridge_mappings => $provider_bridge_mappings, - local_ip => $tunnel_eth, - enable_distributed_routing => $enable_distributed_routing - } - - if $::osfamily == 'RedHat' { - kmod::load { 'ip_gre': } - } - } - - 'ml2_lb': { - class { 'neutron::agents::ml2::linuxbridge': - l2_population => $l2_population, - polling_interval => '15', - tunnel_types => $tunnel_types, - local_ip => $tunnel_eth - } - - if $::osfamily == 'RedHat' { - kmod::load { 'ip_gre': } - } - } - - 'n1kv_vem': { - # We don't check if we are on Red Hat system - # (already done by puppet-neutron) - class { 'neutron::agents::n1kv_vem': - n1kv_vsm_ip => $n1kv_vsm_ip, - n1kv_vsm_domain_id => $n1kv_vsm_domain_id, - host_mgmt_intf => $host_mgmt_intf, - uplink_profile => $uplink_profile, - vtep_config => $vtep_config, - node_type => $node_type, - vteps_in_same_subnet => $vteps_in_same_subnet, - n1kv_source => $n1kv_source, - n1kv_version => $n1kv_version, - } - ensure_resource('package', 'nexus1000v', { - ensure => present - }) - } - - default: { - fail("${driver} driver is not supported.") - } - } - - if $manage_ext_network { - vs_port {$external_int: - ensure => present, - bridge => $external_bridge - } - } - - if $::cloud::manage_firewall { - if ('gre' in $tunnel_types) { - cloud::firewall::rule{ '100 allow gre access': - port => undef, - proto => 'gre', - extras => $firewall_settings, - } - } - if ('vxlan' in $tunnel_types) { - cloud::firewall::rule{ '100 allow vxlan access': - port => '4789', - proto => 'udp', - extras => $firewall_settings, - } - } - } - -} diff --git a/manifests/object.pp b/manifests/object.pp deleted file mode 100644 index d7d9e917..00000000 --- a/manifests/object.pp +++ /dev/null @@ -1,33 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object -# -# Common class for object storage nodes -# -# === Parameters: -# -# [*swift_hash_suffix*] -# (required) String of text to be used as a salt when hashing to determine mappings in the ring. -# -class cloud::object( - $swift_hash_suffix = undef -) { - - class { 'swift': - swift_hash_suffix => $swift_hash_suffix, - } - -} diff --git a/manifests/object/controller.pp b/manifests/object/controller.pp deleted file mode 100644 index 9fccd07c..00000000 --- a/manifests/object/controller.pp +++ /dev/null @@ -1,178 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::controller -# -# Swift Proxy node -# -# === Parameters: -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol for admin endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_swift_internal_port*] -# (optional) TCP port to connect to Swift from internal network -# Defaults to '8080' -# -# [*ks_swift_password*] -# (optional) Password used by Swift to connect to Keystone API -# Defaults to 'swiftpassword' -# -# [*ks_swift_dispersion_password*] -# (optional) Password of the dispersion tenant, used for swift-dispersion-report -# and swift-dispersion-populate tools. -# Defaults to 'dispersion' -# -# [*api_eth*] -# (optional) Which interface we bind the Swift proxy server. -# Defaults to '127.0.0.1' -# -# [*memcache_servers*] -# (optionnal) Memcached servers used by Keystone. Should be an array. -# Defaults to ['127.0.0.1:11211'] -# -# [*statsd_host*] -# (optional) Hostname or IP of the statd server. -# Defaults to '127.0.0.1' -# -# [*statsd_port*] -# (optional) TCP port of the statd server -# Defaults to '4125' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::object::controller( - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = 35357, - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = 5000, - $ks_swift_dispersion_password = 'dispersion', - $ks_swift_internal_port = 8080, - $ks_keystone_internal_proto = 'http', - $ks_keystone_admin_proto = 'http', - $ks_swift_password = 'swiftpassword', - $statsd_host = '127.0.0.1', - $statsd_port = 4125, - $memcache_servers = ['127.0.0.1:11211'], - $api_eth = '127.0.0.1', - $firewall_settings = {}, -) { - - include 'cloud::object' - - class { 'swift::proxy': - proxy_local_net_ip => $api_eth, - port => $ks_swift_internal_port, - pipeline => [ - 'catch_errors', 'healthcheck', 'cache', 'bulk', 'ratelimit', - 'swift3', 's3token', 'container_quotas', 'account_quotas', 'tempurl', - 'formpost', 'authtoken', 'keystone', 'staticweb', - 'proxy-logging', 'proxy-server'], - account_autocreate => true, - log_level => 'DEBUG', - workers => inline_template('<%= @processorcount.to_i * 2 %> -cors_allow_origin = <%= scope.lookupvar("swift_cors_allow_origin") %> -log_statsd_host = <%= scope.lookupvar("statsd_host") %> -log_statsd_port = <%= scope.lookupvar("statsd_port") %> -log_statsd_default_sample_rate = 1 -'), - } - - class{'swift::proxy::cache': - memcache_servers => inline_template( - '<%= scope.lookupvar("memcache_servers").join(",") %>'), - } - class { 'swift::proxy::account_quotas': } - class { 'swift::proxy::bulk': } - class { 'swift::proxy::catch_errors': } - class { 'swift::proxy::container_quotas': } - class { 'swift::proxy::formpost': } - class { 'swift::proxy::healthcheck': } - class { 'swift::proxy::proxy_logging': } - class { 'swift::proxy::ratelimit': } - class { 'swift::proxy::slo': } - class { 'swift::proxy::staticweb': } - class { 'swift::proxy::tempurl': } - - class { 'swift::proxy::keystone': - operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], - } - - class { 'swift::proxy::authtoken': - admin_password => $ks_swift_password, - auth_host => $ks_keystone_admin_host, - auth_port => $ks_keystone_admin_port, - auth_protocol => $ks_keystone_admin_proto, - delay_auth_decision => inline_template('1 -cache = swift.cache') - } - class { 'swift::proxy::swift3': - ensure => 'latest', - } - class { 'swift::proxy::s3token': - auth_host => $ks_keystone_admin_host, - auth_port => $ks_keystone_admin_port, - auth_protocol => $ks_keystone_internal_proto - } - - class { 'swift::dispersion': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - swift_dir => '/etc/swift', - auth_pass => $ks_swift_dispersion_password, - endpoint_type => 'internalURL' - } - - Swift::Ringsync<<| |>> #~> Service["swift-proxy"] - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow swift-proxy access': - port => $ks_swift_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-swift_api": - listening_service => 'swift_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_swift_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/object/ringbuilder.pp b/manifests/object/ringbuilder.pp deleted file mode 100644 index 6519dbd2..00000000 --- a/manifests/object/ringbuilder.pp +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::ringbuilder -# -# Swift ring builder node -# -# === Parameters: -# -# [*enabled*] -# (optional) Enable or not the Swift ringbuilder rsync server -# Defaults to false -# -# [*rsyncd_ipaddress*] -# (optional) Hostname or IP of the swift ringbuilder rsync daemon -# Defaults to '127.0.0.1' -# -# [*replicas*] -# (optional) Number of replicas to kept -# Defaults to '3' -# -# [*swift_rsync_max_connections*] -# (optional) Max number of connections to the rsync daemon -# Defaults to '5' -# -class cloud::object::ringbuilder( - $enabled = false, - $rsyncd_ipaddress = '127.0.0.1', - $replicas = 3, - $swift_rsync_max_connections = 5, -) { - - include cloud::object - - if $enabled { - Ring_object_device <<| |>> - Ring_container_device <<| |>> - Ring_account_device <<| |>> - - class {'swift::ringbuilder' : - part_power => 15, - replicas => $replicas, - min_part_hours => 24, - } - - class {'swift::ringserver' : - local_net_ip => $rsyncd_ipaddress, - max_connections => $swift_rsync_max_connections, - } - - # exports rsync gets that can be used to sync the ring files - @@swift::ringsync { ['account', 'object', 'container']: - ring_server => $rsyncd_ipaddress, - } - } - -} - diff --git a/manifests/object/set_io_scheduler.pp b/manifests/object/set_io_scheduler.pp deleted file mode 100644 index 8f0d0a7a..00000000 --- a/manifests/object/set_io_scheduler.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Swift set_io_scheduler -# -define cloud::object::set_io_scheduler(){ - # TODO: Add it on server boot - exec{"/bin/echo deadline > /sys/block/${name}/queue/scheduler": - onlyif => [ - "/usr/bin/test '-e /sys/block/${name}/queue/scheduler'", - "/bin/grep -v -F '[deadline]' /sys/block/${name}/queue/scheduler" - ], - } -} diff --git a/manifests/object/storage.pp b/manifests/object/storage.pp deleted file mode 100644 index ae19ef7a..00000000 --- a/manifests/object/storage.pp +++ /dev/null @@ -1,172 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::object::storage -# -# Swift Storage node -# -# === Parameters: -# -# [*storage_eth*] -# (optional) IP or hostname of the Swift storage node -# Defaults to '127.0.0.1' -# -# [*swift_zone*] -# (optional) Name of the swift zone -# Defaults to undef -# -# [*object_port*] -# (optional) TCP port number of the Object middleware -# Defaults to '6000' -# -# [*container_port*] -# (optional) TCP port number of the container middleware -# Defaults to '6001' -# -# [*account_port*] -# (optional) TCP port number of the account middleware -# Defaults to '6002' -# -# [*fstype*] -# (optional) Name of the File-System type -# Defaults to 'xfs' -# -# [*device_config_hash*] -# (optional) A hash of options to pass to io scheduler -# Defaults to {} -# -# [*ring_container_device*] -# (optional) The name of the container device -# Defaults to 'sdb' -# -# [*ring_account_device*] -# (optional) The name of the account device -# Defaults to 'sdb' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::object::storage( - $storage_eth = '127.0.0.1', - $swift_zone = undef, - $object_port = '6000', - $container_port = '6001', - $account_port = '6002', - $fstype = 'xfs', - $device_config_hash = {}, - $ring_container_device = 'sdb', - $ring_account_device = 'sdb', - $firewall_settings = {}, -) { - - include 'cloud::object' - - include 'cloud::object::tweaking' - - class { 'swift::storage': - storage_local_net_ip => $storage_eth, - } - - Rsync::Server::Module { - incoming_chmod => 'u=rwX,go=rX', - outgoing_chmod => 'u=rwX,go=rX', - } - - Swift::Storage::Server { - #devices => $devices, - storage_local_net_ip => $storage_eth, - workers => inline_template('<%= @processorcount.to_i / 2 %>'), - replicator_concurrency => 2, - updater_concurrency => 1, - reaper_concurrency => 1, - require => Class['swift'], - mount_check => true, - } - # concurrency at 2 and 1 seems better see - # http://docs.openstack.org/trunk/openstack-object-storage/admin/content/general-service-tuning.html - - swift::storage::server { $account_port: - type => 'account', - config_file_path => 'account-server.conf', - pipeline => ['healthcheck', 'account-server'], - log_facility => 'LOG_LOCAL2', - } - - swift::storage::server { $container_port: - type => 'container', - config_file_path => 'container-server.conf', - workers => inline_template("<%= @processorcount.to_i / 2 %> -db_preallocation = on -allow_versions = on -"), # great hack :( - pipeline => ['healthcheck', 'container-server'], - log_facility => 'LOG_LOCAL4', - } - - swift::storage::server { $object_port: - type => 'object', - config_file_path => 'object-server.conf', - pipeline => ['healthcheck', 'recon', 'object-server'], - log_facility => 'LOG_LOCAL6', - } - - $swift_components = ['account', 'container', 'object'] - swift::storage::filter::recon { $swift_components : } - swift::storage::filter::healthcheck { $swift_components : } - - create_resources("swift::storage::${fstype}", $device_config_hash) - ensure_resource('cloud::object::set_io_scheduler', keys($device_config_hash)) - - @@ring_container_device { "${storage_eth}:${container_port}/${ring_container_device}": - zone => $swift_zone, - weight => '100.0', - } - @@ring_account_device { "${storage_eth}:${account_port}/${ring_account_device}": - zone => $swift_zone, - weight => '100.0', - } - $object_urls = prefix(keys($device_config_hash), "${storage_eth}:${object_port}/") - @@ring_object_device {$object_urls: - zone => $swift_zone, - weight => '100.0', - } - - Swift::Ringsync<<| |>> -> - Swift::Storage::Server[$container_port] -> - Swift::Storage::Server[$account_port] -> - Swift::Storage::Server[$object_port] - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow swift-container access': - port => $container_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift-account access': - port => $account_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift-object access': - port => $object_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow swift rsync access': - port => '873', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/object/tweaking.pp b/manifests/object/tweaking.pp deleted file mode 100644 index ff5e552b..00000000 --- a/manifests/object/tweaking.pp +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Swift tweaking -# -class cloud::object::tweaking { - kmod::load { 'ip_conntrack': } - - $swift_tuning = { - 'net.ipv4.tcp_tw_recycle' => { value => 1 }, - 'net.ipv4.tcp_tw_reuse' => { value => 1 }, - 'net.ipv4.tcp_syncookies' => { value => 0 }, - 'net.ipv4.ip_local_port_range' => { value => "10000\t65000" }, - 'net.core.netdev_max_backlog' => { value => 300000 }, - 'net.ipv4.tcp_sack' => { value => 0 }, - } - - case $::osfamily { - 'Debian' : { - $debian_swift_tuning = { - 'net.ipv4.netfilter.ip_conntrack_max' => { value => 524288 }, - 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait' => { value => 2 }, - 'net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait' => { value => 2 }, - } - $swift_tuning_real = merge($swift_tuning, $debian_swift_tuning) - } - default : { - $redhat_swift_tuning = { - 'net.netfilter.nf_conntrack_max' => { value => 524288 }, - 'net.netfilter.nf_conntrack_tcp_timeout_time_wait' => { value => 2 }, - 'net.netfilter.nf_conntrack_tcp_timeout_close_wait' => { value => 2 }, - } - $swift_tuning_real = merge($swift_tuning, $redhat_swift_tuning) - } - } - - $require = { - require => Kmod::Load['ip_conntrack'] - } - - create_resources(sysctl::value,$swift_tuning_real,$require) - - file { '/var/log/swift': - ensure => directory, - owner => swift, - group => swift, - } - - logrotate::rule { 'swift': - path => '/var/log/swift/*.log', - rotate => 7, - rotate_every => 'day', - missingok => true, - ifempty => false, - compress => true, - delaycompress => true, - } -} diff --git a/manifests/orchestration.pp b/manifests/orchestration.pp deleted file mode 100644 index e19f71d4..00000000 --- a/manifests/orchestration.pp +++ /dev/null @@ -1,177 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::orchestration -# -# Orchestration common node -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_admin_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Defaults to '35357' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_admin_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*heat_db_host*] -# (optional) Hostname or IP address to connect to heat database -# Defaults to '127.0.0.1' -# -# [*heat_db_user*] -# (optional) Username to connect to heat database -# Defaults to 'heat' -# -# [*heat_db_password*] -# (optional) Password to connect to heat database -# Defaults to 'heatpassword' -# -# [*heat_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to heat queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*os_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::orchestration( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $ks_keystone_admin_host = '127.0.0.1', - $ks_keystone_admin_port = '35357', - $ks_keystone_admin_proto = 'http', - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_password = 'heatpassword', - $heat_db_host = '127.0.0.1', - $heat_db_user = 'heat', - $heat_db_password = 'heatpassword', - $heat_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $verbose = true, - $debug = true, - $use_syslog = true, - $log_facility = 'LOG_LOCAL0', - $os_endpoint_type = 'publicURL' -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - heat_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/heat' - } - - $encoded_user = uriescape($heat_db_user) - $encoded_password = uriescape($heat_db_password) - - class { 'heat': - keystone_host => $ks_keystone_admin_host, - keystone_port => $ks_keystone_admin_port, - keystone_protocol => $ks_keystone_admin_proto, - keystone_password => $ks_heat_password, - auth_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - keystone_ec2_uri => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0/ec2tokens", - database_connection => "mysql://${encoded_user}:${encoded_password}@${heat_db_host}/heat?charset=utf8", - database_idle_timeout => $heat_db_idle_timeout, - mysql_module => '2.2', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'heat', - verbose => $verbose, - debug => $debug, - log_facility => $log_facility, - use_syslog => $use_syslog, - log_dir => $log_dir, - } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Heat DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'heat_db_sync': - command => 'heat-manage --config-file /etc/heat/heat.conf db_sync', - path => '/usr/bin', - user => 'heat', - unless => "/usr/bin/mysql heat -h ${heat_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - - heat_config { - 'clients/endpoint_type': value => $os_endpoint_type; - } -} diff --git a/manifests/orchestration/api.pp b/manifests/orchestration/api.pp deleted file mode 100644 index 31df0154..00000000 --- a/manifests/orchestration/api.pp +++ /dev/null @@ -1,115 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::image::api -# -# Orchestration APIs node -# -# === Parameters: -# -# [*ks_heat_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8004' -# -# [*ks_heat_cfn_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_internal_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*api_eth*] -# (optional) Which interface we bind the Heat server. -# Defaults to '127.0.0.1' -# -# [*workers*] -# (optional) The number of Heat API workers -# Defaults to $::processorcount -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::orchestration::api( - $ks_heat_internal_port = 8004, - $ks_heat_cfn_internal_port = 8000, - $ks_heat_cloudwatch_internal_port = 8003, - $api_eth = '127.0.0.1', - $workers = $::processorcount, - $firewall_settings = {}, -) { - - include 'cloud::orchestration' - - class { 'heat::api': - bind_host => $api_eth, - bind_port => $ks_heat_internal_port, - workers => $workers - } - - class { 'heat::api_cfn': - bind_host => $api_eth, - bind_port => $ks_heat_cfn_internal_port, - workers => $workers - } - - class { 'heat::api_cloudwatch': - bind_host => $api_eth, - bind_port => $ks_heat_cloudwatch_internal_port, - workers => $workers - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow heat-api access': - port => $ks_heat_internal_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow heat-cfn access': - port => $ks_heat_cfn_internal_port, - extras => $firewall_settings, - } - cloud::firewall::rule{ '100 allow heat-cloudwatch access': - port => $ks_heat_cloudwatch_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-heat_api": - listening_service => 'heat_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-heat_cfn_api": - listening_service => 'heat_cfn_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_cfn_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - - @@haproxy::balancermember{"${::fqdn}-heat_cloudwatch_api": - listening_service => 'heat_cloudwatch_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_heat_cloudwatch_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/orchestration/engine.pp b/manifests/orchestration/engine.pp deleted file mode 100644 index 6420cbd9..00000000 --- a/manifests/orchestration/engine.pp +++ /dev/null @@ -1,75 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::orchestration::engine -# -# Orchestration engine node -# -# === Parameters: -# -# [*enabled*] -# (optional) State of the orchestration engine service. -# Defaults to true -# -# [*ks_heat_public_host*] -# (optional) Public Hostname or IP to connect to Heat API -# Defaults to '127.0.0.1' -# -# [*ks_heat_public_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_heat_password*] -# (optional) Password used by Heat to connect to Keystone API -# Defaults to 'heatpassword' -# -# [*ks_heat_cfn_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8000' -# -# [*ks_heat_cloudwatch_public_port*] -# (optional) TCP port to connect to Heat API from public network -# Defaults to '8003' -# -# [*auth_encryption_key*] -# (optional) Encryption key used for authentication info in database -# Defaults to 'secrete' -# -class cloud::orchestration::engine( - $enabled = true, - $ks_heat_public_host = '127.0.0.1', - $ks_heat_public_proto = 'http', - $ks_heat_password = 'heatpassword', - $ks_heat_cfn_public_port = 8000, - $ks_heat_cloudwatch_public_port = 8003, - $auth_encryption_key = 'secrete' -) { - - include 'cloud::orchestration' - - class { 'heat::engine': - enabled => $enabled, - auth_encryption_key => $auth_encryption_key, - heat_metadata_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cfn_public_port}", - heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cfn_public_port}/v1/waitcondition", - heat_watch_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:${ks_heat_cloudwatch_public_port}", - # TODO (EmilienM): Need to be updated in Juno - # The default deferred_auth_method of password is deprecated as of Icehouse, so although it is still the default, deployers are - # strongly encouraged to move to using deferred_auth_method=trusts, which is planned to become the default for Juno. - # 'trusts' requires Keystone API v3 enabled, otherwise we have to use 'password'. - deferred_auth_method => 'password', - } - -} diff --git a/manifests/params.pp b/manifests/params.pp deleted file mode 100644 index 5785c0d0..00000000 --- a/manifests/params.pp +++ /dev/null @@ -1,77 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::params -# -# Configure set of default parameters -# -class cloud::params { - - # cloud::logging::agent - $logging_agent_logrotate_rule = { - 'td-agent' => { - 'path' => '/var/log/td-agent/td-agent.log', - 'rotate' => 30, - 'compress' => true, - 'delaycompress' => true, - 'ifempty' => false, - 'create' => true, - 'create_mode' => '640', - 'create_owner' => 'td-agent', - 'create_group' => 'td-agent', - 'sharedscripts' => true, - 'postrotate' => ['pid=/var/run/td-agent/td-agent.pid', 'test -s $pid && kill -USR1 "$(cat $pid)"'], - } - } - - $puppetmaster_service_name = 'puppetmaster' - - case $::osfamily { - 'RedHat': { - # Specific to Red Hat - $start_haproxy_service = '"/usr/bin/systemctl start haproxy"' - $horizon_auth_url = 'dashboard' - $libvirt_service_name = 'libvirtd' - $keepalived_name_is_process = false - $keepalived_vrrp_script = 'systemctl status haproxy.service' - $puppetmaster_package_name = 'puppet-server' - $redis_service_name = 'redis' - $service_provider = 'systemd' - } # RedHat - 'Debian': { - # Specific to Debian / Ubuntu - $start_haproxy_service = '"/etc/init.d/haproxy start"' - $horizon_auth_url = 'horizon' - $keepalived_name_is_process = true - $keepalived_vrrp_script = undef - $puppetmaster_package_name = 'puppetmaster' - $redis_service_name = 'redis-server' - case $::operatingsystem { - 'Ubuntu': { - $libvirt_service_name = 'libvirt-bin' - $service_provider = 'upstart' - } - default: { - $libvirt_service_name = 'libvirtd' - $service_provider = 'lsb' - } - } - } # Debian - default: { - fail("Unsupported osfamily (${::osfamily})") - } - } - -} diff --git a/manifests/selinux.pp b/manifests/selinux.pp deleted file mode 100644 index 123d4662..00000000 --- a/manifests/selinux.pp +++ /dev/null @@ -1,98 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::selinux -# -# Helper class to configure SELinux on nodes -# -# === Parameters: -# -# [*mode*] -# (optional) SELinux mode the system should be in -# Defaults to 'permissive' -# Possible values : disabled, permissive, enforcing -# -# [*directory*] -# (optional) Path where to find the SELinux modules -# Defaults to '/usr/share/selinux' -# -# [*booleans*] -# (optional) Set of booleans to persistently enables -# SELinux booleans are the one getsebool -a returns -# Defaults [] -# Example: ['rsync_full_access', 'haproxy_connect_any'] -# -# [*modules*] -# (optional) Set of modules to load on the system -# Defaults [] -# Example: ['module1', 'module2'] -# Note: Those module should be in the $directory path -# -class cloud::selinux ( - $mode = 'permissive', - $directory = '/usr/share/selinux/', - $booleans = [], - $modules = [], -) { - - if $::osfamily != 'RedHat' { - fail("OS family unsuppored yet (${::osfamily}), SELinux support is only limited to RedHat family OS") - } - - Selboolean { - persistent => true, - value => 'on', - } - - Selmodule { - ensure => present, - selmoduledir => $directory, - } - - file { '/etc/selinux/config': - ensure => present, - mode => '0444', - content => template('cloud/selinux/sysconfig_selinux.erb') - } - - $current_mode = $::selinux? { - 'false' => 'disabled', - false => 'disabled', - default => $::selinux_current_mode, - } - - if $current_mode != $mode { - case $mode { - /^(disabled|permissive)$/: { - if $current_mode == 'enforcing' { - exec { 'setenforce 0': } - } - } - 'enforcing': { - exec { 'setenforce 1': } - } - default: { - fail('You must specify a mode (enforcing, permissive, or disabled)') - } - } - } - - selboolean { $booleans : - persistent => true, - } - selmodule { $modules: } - -} - diff --git a/manifests/storage/rbd.pp b/manifests/storage/rbd.pp deleted file mode 100644 index 48ce025d..00000000 --- a/manifests/storage/rbd.pp +++ /dev/null @@ -1,49 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd -# -# === Parameters: -# -# [*fsid*] The cluster's fsid. -# Mandatory. Get one with `uuidgen -r`. -# -# [*cluster_network*] -# (optional) The cluster internal network -# Defaults to '127.0.0.1/24' -# -# [*public_network*] -# (optional) The cluster public (where clients are) network -# Defaults to '127.0.0.1/24' -# -class cloud::storage::rbd ( - $fsid = undef, - $cluster_network = '127.0.0.1/24', - $public_network = '127.0.0.1/24' -) { - - class { 'ceph::conf': - fsid => $fsid, - auth_type => 'cephx', - cluster_network => $cluster_network, - public_network => $public_network, - enable_service => true - } - - Exec { - path => '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin' - } - -} diff --git a/manifests/storage/rbd/key.pp b/manifests/storage/rbd/key.pp deleted file mode 100644 index 9fe8a19c..00000000 --- a/manifests/storage/rbd/key.pp +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::key -# -# === Parameters: -# -# [*enabled*] -# (optional) Configure or not the ceph admin keyring -# Defaults to true -# -class cloud::storage::rbd::key ( - $enabled = false -) { - - if $enabled { - if !empty($::ceph_admin_key) { - @@ceph::key { 'admin': - secret => $::ceph_admin_key, - keyring_path => '/etc/ceph/keyring', - } - } - } - -} diff --git a/manifests/storage/rbd/monitor.pp b/manifests/storage/rbd/monitor.pp deleted file mode 100644 index 5bf7e1cb..00000000 --- a/manifests/storage/rbd/monitor.pp +++ /dev/null @@ -1,61 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::monitor -# -# Ceph monitor -# -# === Parameters: -# -# [*id*] -# (optional) Then uuid of the cluster -# Defaults to $::uniqueid -# -# [*mon_addr*] -# (optional) Which interface we bind the Ceph monitor -# Defaults to '127.0.0.1' -# -# [*monitor_secret*]] -# (optional) Password of the Ceph monitor -# Defaults to 'cephsecret' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::storage::rbd::monitor ( - $id = $::uniqueid, - $mon_addr = '127.0.0.1', - $monitor_secret = 'cephmonsecret', - $firewall_settings = {}, -) { - - include 'cloud::storage::rbd' - - ceph::mon { $id: - monitor_secret => $monitor_secret, - mon_port => 6789, - mon_addr => $mon_addr, - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceph-mon access': - port => '6789', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/storage/rbd/osd.pp b/manifests/storage/rbd/osd.pp deleted file mode 100644 index 474878b2..00000000 --- a/manifests/storage/rbd/osd.pp +++ /dev/null @@ -1,73 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::osd -# -# Ceph OSD -# -# === Parameters: -# -# [*public_address*] -# (optional) Which interface we bind the Ceph OSD -# Defaults to '127.0.0.1' -# -# [*cluster_address*] -# (optional) Which interface we bind internal the Ceph OSD -# Defaults to '127.0.0.1' -# -# [*devices*]] -# (optional) An array of device, should be full-qualified or short. -# Defaults to ['sdb','/dev/sdc'] -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::storage::rbd::osd ( - $public_address = '127.0.0.1', - $cluster_address = '127.0.0.1', - $devices = ['sdb','/dev/sdc'], - $firewall_settings = {}, -) { - - include 'cloud::storage::rbd' - - class { 'ceph::osd' : - public_address => $public_address, - cluster_address => $cluster_address, - } - - if is_array($devices) { - if '/dev/' in $devices { - ceph::osd::device { $devices: } - } - else { - $osd_ceph = prefix($devices,'/dev/') - ceph::osd::device { $osd_ceph: } - } - } - elsif is_hash($devices) { - create_resources('ceph::osd::device', $devices) - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceph-osd access': - port => '6800-6810', - extras => $firewall_settings, - } - } - -} diff --git a/manifests/storage/rbd/pools.pp b/manifests/storage/rbd/pools.pp deleted file mode 100644 index 2a99da4a..00000000 --- a/manifests/storage/rbd/pools.pp +++ /dev/null @@ -1,153 +0,0 @@ -# -# Copyright (C) 2013 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::storage::rbd::pools -# -# Configure Ceph RBD pools (images,volumes,backup,nova) -# -# === Parameters: -# -# [*setup_pools*] -# (optional) Create or not Ceph pools -# Defaults to false -# -# [*glance_rbd_pool*] -# (optional) Name of the Ceph pool which which store the glance images -# Defaults to 'images' -# -# [*glance_rbd_user*] -# (optional) User name used to acces to the glance rbd pool -# Defaults to 'glance' -# -# [*ceph_fsid*] The cluster's fsid. -# Mandatory. Get one with `uuidgen -r`. -# -# [*cinder_backup_pool*] -# (optional) Name of the Ceph pool which which store the cinder backups -# Defaults to 'volumes' -# -# [*cinder_backup_user*] -# (optional) User name used to acces to the backup rbd pool -# Defaults to 'cinder' -# -# [*cinder_rbd_pool*] -# (optional) Name of the Ceph pool which which store the cinder images -# Defaults to 'volumes' -# -# [*cinder_rbd_user*] -# (optional) User name used to acces to the cinder rbd pool -# Defaults to 'cinder' -# -# [*nova_rbd_pool*] -# (optional) The RADOS pool in which rbd volumes are stored. -# Defaults to 'vms' -# -class cloud::storage::rbd::pools( - $setup_pools = false, - $glance_rbd_user = 'glance', - $glance_rbd_pool = 'images', - $cinder_rbd_user = 'cinder', - $cinder_rbd_pool = 'volumes', - $nova_rbd_pool = 'vms', - $cinder_backup_user = 'cinder', - $cinder_backup_pool = 'cinder_backup', - $ceph_fsid = undef -) { - - if $setup_pools { - if !empty($::ceph_admin_key) { - - exec { "create_${glance_rbd_pool}_pool": - command => "rados mkpool ${glance_rbd_pool}", - unless => "rados lspools | grep -sq ${glance_rbd_pool}", - } - - exec { "create_${glance_rbd_pool}_user_and_key": - command => "ceph auth get-or-create client.${glance_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${glance_rbd_pool}'", - unless => "ceph auth list 2> /dev/null | egrep -sq '^client.${glance_rbd_user}$'", - require => Exec["create_${glance_rbd_pool}_pool"]; - } - - exec { "create_${cinder_rbd_pool}_pool": - command => "rados mkpool ${cinder_rbd_pool}", - unless => "/usr/bin/rados lspools | grep -sq ${cinder_rbd_pool}", - } - - exec { "create_${cinder_rbd_pool}_user_and_key": - # TODO: point PG num with a cluster variable - command => "ceph auth get-or-create client.${cinder_rbd_user} mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rx pool=${glance_rbd_pool}, allow rwx pool=${cinder_rbd_pool}, allow rwx pool=${nova_rbd_pool}'", - unless => "ceph auth list 2> /dev/null | egrep -sq '^client.${cinder_rbd_user}$'", - require => Exec["create_${cinder_rbd_pool}_pool"]; - } - - # Note(EmilienM): We use the same keyring for Nova and Cinder. - exec { "create_${nova_rbd_pool}_pool": - command => "rados mkpool ${nova_rbd_pool}", - unless => "/usr/bin/rados lspools | grep -sq ${nova_rbd_pool}", - } - - if $::ceph_keyring_glance { - # NOTE(fc): Puppet needs to run a second time to enter this - @@ceph::key { $glance_rbd_user: - secret => $::ceph_keyring_glance, - keyring_path => "/etc/ceph/ceph.client.${glance_rbd_user}.keyring" - } - Ceph::Key <<| title == $glance_rbd_user |>> - } - - if $::ceph_keyring_cinder { - # NOTE(fc): Puppet needs to run a second time to enter this - @@ceph::key { $cinder_rbd_user: - secret => $::ceph_keyring_cinder, - keyring_path => "/etc/ceph/ceph.client.${cinder_rbd_user}.keyring" - } - Ceph::Key <<| title == $cinder_rbd_user |>> - } - - $clients = [$glance_rbd_user, $cinder_rbd_user] - @@concat::fragment { 'ceph-clients-os': - target => '/etc/ceph/ceph.conf', - order => '95', - content => template('cloud/storage/ceph/ceph-client.conf.erb') - } - - @@file { '/etc/ceph/secret.xml': - content => template('cloud/storage/ceph/secret-compute.xml.erb'), - tag => 'ceph_compute_secret_file', - } - - if $::osfamily == 'RedHat' { - $libvirt_package_name = 'libvirt' - } else { - $libvirt_package_name = 'libvirt-bin' - } - - @@exec { 'get_or_set_virsh_secret': - command => 'virsh secret-define --file /etc/ceph/secret.xml', - unless => "virsh secret-list | tail -n +3 | cut -f1 -d' ' | grep -sq ${ceph_fsid}", - tag => 'ceph_compute_get_secret', - require => [Package[$libvirt_package_name],File['/etc/ceph/secret.xml']], - notify => Exec['set_secret_value_virsh'], - } - - @@exec { 'set_secret_value_virsh': - command => "virsh secret-set-value --secret ${ceph_fsid} --base64 ${::ceph_keyring_cinder}", - tag => 'ceph_compute_set_secret', - refreshonly => true, - } - - } # !empty($::ceph_admin_key) - } # if setup pools -} # class diff --git a/manifests/telemetry.pp b/manifests/telemetry.pp deleted file mode 100644 index 7048f740..00000000 --- a/manifests/telemetry.pp +++ /dev/null @@ -1,134 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::telemetry -# -# Common telemetry class, used by Controller, Storage, -# Network and Compute nodes -# -# === Parameters: -# -# [*ceilometer_secret*] -# Secret key for signing messages. -# Defaults to 'ceilometersecret' -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to nova queues. -# Defaults to 'rabbitpassword' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from internal network -# Defaults to '5000' -# -# [*ks_keystone_admin_host*] -# (optional) Admin Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_public_host*] -# (optional) Public Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*region*] -# (optional) the keystone region of this node -# Defaults to 'RegionOne' -# -# [*os_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::telemetry( - $ceilometer_secret = 'ceilometersecret', - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword' , - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_proto = 'http', - $ks_ceilometer_password = 'ceilometerpassword', - $region = 'RegionOne', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $use_syslog = true, - $os_endpoint_type = 'publicURL' -){ - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - ceilometer_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/ceilometer' - } - - class { 'ceilometer': - metering_secret => $ceilometer_secret, - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_userid => 'ceilometer', - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - use_syslog => $use_syslog, - log_facility => $log_facility - } - - ceilometer_config { - 'service_credentials/os_endpoint_type': value => $os_endpoint_type; - } - - class { 'ceilometer::agent::auth': - auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0", - auth_password => $ks_ceilometer_password, - auth_region => $region - } - -} diff --git a/manifests/telemetry/alarmevaluator.pp b/manifests/telemetry/alarmevaluator.pp deleted file mode 100644 index 9f435f75..00000000 --- a/manifests/telemetry/alarmevaluator.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Alarm Evaluator nodes -# -class cloud::telemetry::alarmevaluator( -){ - - include 'cloud::telemetry' - - class { 'ceilometer::alarm::evaluator': } - -} diff --git a/manifests/telemetry/alarmnotifier.pp b/manifests/telemetry/alarmnotifier.pp deleted file mode 100644 index 59bcd6e1..00000000 --- a/manifests/telemetry/alarmnotifier.pp +++ /dev/null @@ -1,25 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Alarm Notifier nodes -# -class cloud::telemetry::alarmnotifier( -){ - - include 'cloud::telemetry' - - class { 'ceilometer::alarm::notifier': } - -} diff --git a/manifests/telemetry/api.pp b/manifests/telemetry/api.pp deleted file mode 100644 index 7963918a..00000000 --- a/manifests/telemetry/api.pp +++ /dev/null @@ -1,92 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::telemetry::api -# -# Telemetry API nodes -# -# === Parameters: -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_ceilometer_password*] -# (optional) Password used by Ceilometer to connect to Keystone API -# Defaults to 'ceilometerpassword' -# -# [*ks_ceilometer_internal_port*] -# (optional) TCP port to connect to Ceilometer API from public network -# Defaults to '8777' -# -# [*api_eth*] -# (optional) Which interface we bind the Ceilometer API server. -# Defaults to '127.0.0.1' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::telemetry::api( - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_ceilometer_internal_port = '8777', - $ks_ceilometer_password = 'ceilometerpassword', - $api_eth = '127.0.0.1', - $firewall_settings = {}, -){ - - include 'cloud::telemetry' - - class { 'ceilometer::api': - keystone_password => $ks_ceilometer_password, - keystone_host => $ks_keystone_internal_host, - keystone_protocol => $ks_keystone_internal_proto, - host => $api_eth - } - -# Configure TTL for samples -# Purge datas older than one month -# Run the script once a day but with a random time to avoid -# issues with MongoDB access - class { 'ceilometer::expirer': - time_to_live => '2592000', - minute => '0', - hour => '0', - } - - Cron <<| title == 'ceilometer-expirer' |>> { command => "sleep $((\$RANDOM % 86400)) && ${::ceilometer::params::expirer_command}" } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow ceilometer-api access': - port => $ks_ceilometer_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-ceilometer_api": - listening_service => 'ceilometer_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_ceilometer_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/telemetry/centralagent.pp b/manifests/telemetry/centralagent.pp deleted file mode 100644 index bd39b83c..00000000 --- a/manifests/telemetry/centralagent.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::telemetry::centralagent -# -# Telemetry Central Agent node -# -class cloud::telemetry::centralagent{ - - include 'cloud::telemetry' - include 'ceilometer::agent::central' - -} diff --git a/manifests/telemetry/collector.pp b/manifests/telemetry/collector.pp deleted file mode 100644 index e6cc354a..00000000 --- a/manifests/telemetry/collector.pp +++ /dev/null @@ -1,56 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::telemetry::collector -# -# Telemetry Collector nodes -# -# === Parameters: -# -# [*mongo_nodes*] -# (optional) An array of mongo db nodes -# Defaults to ['127.0.0.1:27017'] -# -# [*replicaset_enabled*] -# (optional) Enable or not mongo replicat (using ceilometer name) -# Defaults to true -# -class cloud::telemetry::collector( - $mongo_nodes = ['127.0.0.1:27017'], - $replicaset_enabled = true, -){ - - include 'cloud::telemetry' - - $s_mongo_nodes = join($mongo_nodes, ',') - - if $replicaset_enabled { - $db_conn = "mongodb://${s_mongo_nodes}/ceilometer?replicaSet=ceilometer" - } else { - $db_conn = "mongodb://${s_mongo_nodes}/ceilometer" - } - - mongodb_conn_validator { $mongo_nodes: - before => Class['ceilometer::db'] - } - - class { 'ceilometer::db': - database_connection => $db_conn, - sync_db => true, - } - class { 'ceilometer::collector': } - -} diff --git a/manifests/telemetry/notification.pp b/manifests/telemetry/notification.pp deleted file mode 100644 index e6281d47..00000000 --- a/manifests/telemetry/notification.pp +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Telemetry Notifications nodes -# -class cloud::telemetry::notification { - - include 'cloud::telemetry' - - class { 'ceilometer::agent::notification': } - -} diff --git a/manifests/volume.pp b/manifests/volume.pp deleted file mode 100644 index 72bd2911..00000000 --- a/manifests/volume.pp +++ /dev/null @@ -1,138 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# -# == Class: cloud::volume -# -# Common class for volume nodes -# -# === Parameters: -# -# [*cinder_db_host*] -# (optional) Cinder database host -# Defaults to '127.0.0.1' -# -# [*cinder_db_user*] -# (optional) Cinder database user -# Defaults to 'cinder' -# -# [*cinder_db_password*] -# (optional) Cinder database password -# Defaults to 'cinderpassword' -# -# [*cinder_db_idle_timeout*] -# (optional) Timeout before idle SQL connections are reaped. -# Defaults to 5000 -# -# [*rabbit_hosts*] -# (optional) List of RabbitMQ servers. Should be an array. -# Defaults to ['127.0.0.1:5672'] -# -# [*rabbit_password*] -# (optional) Password to connect to cinder queues. -# Defaults to 'rabbitpassword' -# -# [*verbose*] -# (optional) Set log output to verbose output -# Defaults to true -# -# [*debug*] -# (optional) Set log output to debug output -# Defaults to true -# -# [*use_syslog*] -# (optional) Use syslog for logging -# Defaults to true -# -# [*log_facility*] -# (optional) Syslog facility to receive log lines -# Defaults to 'LOG_LOCAL0' -# -# [*storage_availability_zone*] -# (optional) The storage availability zone -# Defaults to 'nova' -# -# [*nova_endpoint_type*] -# (optional) The type of the OpenStack endpoint (public/internal/admin) URL -# Defaults to 'publicURL' -# -class cloud::volume( - $cinder_db_host = '127.0.0.1', - $cinder_db_user = 'cinder', - $cinder_db_password = 'cinderpassword', - $cinder_db_idle_timeout = 5000, - $rabbit_hosts = ['127.0.0.1:5672'], - $rabbit_password = 'rabbitpassword', - $verbose = true, - $debug = true, - $log_facility = 'LOG_LOCAL0', - $storage_availability_zone = 'nova', - $use_syslog = true, - $nova_endpoint_type = 'publicURL' -) { - - # Disable twice logging if syslog is enabled - if $use_syslog { - $log_dir = false - cinder_config { - 'DEFAULT/logging_context_format_string': value => '%(process)d: %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s'; - 'DEFAULT/logging_default_format_string': value => '%(process)d: %(levelname)s %(name)s [-] %(instance)s%(message)s'; - 'DEFAULT/logging_debug_format_suffix': value => '%(funcName)s %(pathname)s:%(lineno)d'; - 'DEFAULT/logging_exception_prefix': value => '%(process)d: TRACE %(name)s %(instance)s'; - } - } else { - $log_dir = '/var/log/cinder' - } - - $encoded_user = uriescape($cinder_db_user) - $encoded_password = uriescape($cinder_db_password) - - - class { 'cinder': - database_connection => "mysql://${encoded_user}:${encoded_password}@${cinder_db_host}/cinder?charset=utf8", - database_idle_timeout => $cinder_db_idle_timeout, - mysql_module => '2.2', - rabbit_userid => 'cinder', - rabbit_hosts => $rabbit_hosts, - rabbit_password => $rabbit_password, - rabbit_virtual_host => '/', - verbose => $verbose, - debug => $debug, - log_dir => $log_dir, - log_facility => $log_facility, - use_syslog => $use_syslog, - storage_availability_zone => $storage_availability_zone - } - - cinder_config { - 'DEFAULT/nova_catalog_info': value => "compute:nova:${nova_endpoint_type}"; - } - - class { 'cinder::ceilometer': } - - # Note(EmilienM): - # We check if DB tables are created, if not we populate Cinder DB. - # It's a hack to fit with our setup where we run MySQL/Galera - # TODO(Goneri) - # We have to do this only on the primary node of the galera cluster to avoid race condition - # https://github.com/enovance/puppet-openstack-cloud/issues/156 - exec {'cinder_db_sync': - command => 'cinder-manage db sync', - path => '/usr/bin', - user => 'cinder', - unless => "/usr/bin/mysql cinder -h ${cinder_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" - } - -} diff --git a/manifests/volume/api.pp b/manifests/volume/api.pp deleted file mode 100644 index 41e9f03b..00000000 --- a/manifests/volume/api.pp +++ /dev/null @@ -1,113 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: cloud::volume::api -# -# Volume API node -# -# === Parameters: -# -# [*default_volume_type*] -# (required) default volume type to use. -# This should contain the name of the default volume type to use. -# If not configured, it produces an error when creating a volume -# without specifying a type. -# -# [*ks_cinder_internal_port*] -# (optional) TCP port to connect to Cinder API from public network -# Defaults to '8776' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_glance_internal_host*] -# (optional) Internal Hostname or IP to connect to Glance API -# Defaults to '127.0.0.1' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'cinderpassword' -# -# [*ks_glance_api_internal_port*] -# (optional) TCP port to connect to Glance API from public network -# Defaults to '9292' -# -# [*api_eth*] -# (optional) Which interface we bind the Cinder API server. -# Defaults to '127.0.0.1' -# -# [*ks_glance_internal_proto*] -# (optional) Protocol for public endpoint. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*firewall_settings*] -# (optional) Allow to add custom parameters to firewall rules -# Should be an hash. -# Default to {} -# -class cloud::volume::api( - $default_volume_type, - $ks_cinder_internal_port = 8776, - $ks_cinder_password = 'cinderpassword', - $ks_keystone_internal_host = '127.0.0.1', - $ks_keystone_internal_proto = 'http', - $ks_glance_internal_host = '127.0.0.1', - $ks_glance_api_internal_port = 9292, - $api_eth = '127.0.0.1', - $ks_glance_internal_proto = 'http', - $firewall_settings = {}, -) { - - include 'cloud::volume' - - if ! $default_volume_type { - fail('default_volume_type should be defined when running Cinder Multi-Backend.') - } - - class { 'cinder::api': - keystone_password => $ks_cinder_password, - keystone_auth_host => $ks_keystone_internal_host, - keystone_auth_protocol => $ks_keystone_internal_proto, - bind_host => $api_eth, - default_volume_type => $default_volume_type - } - - class { 'cinder::glance': - glance_api_servers => "${ks_glance_internal_proto}://${ks_glance_internal_host}:${ks_glance_api_internal_port}", - glance_request_timeout => '10', - glance_num_retries => '10' - } - - if $::cloud::manage_firewall { - cloud::firewall::rule{ '100 allow cinder-api access': - port => $ks_cinder_internal_port, - extras => $firewall_settings, - } - } - - @@haproxy::balancermember{"${::fqdn}-cinder_api": - listening_service => 'cinder_api_cluster', - server_names => $::hostname, - ipaddresses => $api_eth, - ports => $ks_cinder_internal_port, - options => 'check inter 2000 rise 2 fall 5' - } - -} diff --git a/manifests/volume/backend/emc_vnx.pp b/manifests/volume/backend/emc_vnx.pp deleted file mode 100644 index 4251d897..00000000 --- a/manifests/volume/backend/emc_vnx.pp +++ /dev/null @@ -1,71 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure EMC VNX backend for Cinder -# -# -# === Parameters -# -# [*volume_backend_name*] -# (optional) Allows for the volume_backend_name to be separate of $name. -# Defaults to: $name -# -# [*san_ip*] -# (required) IP address of SAN controller. -# -# [*san_password*] -# (required) Password of SAN controller. -# -# [*san_login*] -# (optional) Login of SAN controller. -# Defaults to : 'admin' -# -# [*storage_vnx_pool_name*] -# (required) Storage pool name. -# -# [*default_timeout*] -# (optional) Default timeout for CLI operations in minutes. -# Defaults to: '10' -# -# [*max_luns_per_storage_group*] -# (optional) Default max number of LUNs in a storage group. -# Defaults to: '256' -# -define cloud::volume::backend::emc_vnx ( - $iscsi_ip_address, - $san_ip, - $san_password, - $storage_vnx_pool_name, - $default_timeout = '10', - $max_luns_per_storage_group = '256', - $san_login = 'admin', - $volume_backend_name = $name, -) { - cinder::backend::emc_vnx { $name: - default_timeout => $default_timeout, - iscsi_ip_address => $iscsi_ip_address, - max_luns_per_storage_group => $max_luns_per_storage_group, - san_ip => $san_ip, - san_login => $san_login, - san_password => $san_password, - storage_vnx_pool_name => $storage_vnx_pool_name, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/eqlx.pp b/manifests/volume/backend/eqlx.pp deleted file mode 100644 index 39694708..00000000 --- a/manifests/volume/backend/eqlx.pp +++ /dev/null @@ -1,100 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure Dell EqualLogic backend for Cinder -# -# -# === Parameters -# -# [*san_ip*] -# (required) The IP address of the Dell EqualLogic array. -# -# [*san_login*] -# (required) The account to use for issuing SSH commands. -# -# [*san_password*] -# (required) The password for the specified SSH account. -# -# [*san_thin_provision*] -# (optional) Whether or not to use thin provisioning for volumes. -# Defaults to true -# -# [*volume_backend_name*] -# (optional) The backend name. -# Defaults to the name of the resource -# -# [*eqlx_group_name*] -# (optional) The CLI prompt message without '>'. -# Defaults to 'group-0' -# -# [*eqlx_pool*] -# (optional) The pool in which volumes will be created. -# Defaults to 'default' -# -# [*eqlx_use_chap*] -# (optional) Use CHAP authentification for targets? -# Defaults to false -# -# [*eqlx_chap_login*] -# (optional) An existing CHAP account name. -# Defaults to 'chapadmin' -# -# [*eqlx_chap_password*] -# (optional) The password for the specified CHAP account name. -# Defaults to '12345' -# -# [*eqlx_cli_timeout*] -# (optional) The timeout for the Group Manager cli command execution. -# Defaults to 30 seconds -# -# [*eqlx_cli_max_retries*] -# (optional) The maximum retry count for reconnection. -# Defaults to 5 -# -define cloud::volume::backend::eqlx ( - $san_ip, - $san_login, - $san_password, - $san_thin_provision = true, - $volume_backend_name = $name, - $eqlx_group_name = 'group-0', - $eqlx_pool = 'default', - $eqlx_use_chap = false, - $eqlx_chap_login = 'chapadmin', - $eqlx_chap_password = '12345', - $eqlx_cli_timeout = 30, - $eqlx_cli_max_retries = 5, -) { - - cinder::backend::eqlx { $name: - san_ip => $san_ip, - san_login => $san_login, - san_password => $san_password, - san_thin_provision => $san_thin_provision, - eqlx_group_name => $eqlx_group_name, - eqlx_pool => $eqlx_pool, - eqlx_use_chap => $eqlx_use_chap, - eqlx_chap_login => $eqlx_chap_login, - eqlx_chap_password => $eqlx_chap_password, - eqlx_cli_timeout => $eqlx_cli_timeout, - eqlx_cli_max_retries => $eqlx_cli_max_retries, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/glusterfs.pp b/manifests/volume/backend/glusterfs.pp deleted file mode 100644 index 9bdfa8b9..00000000 --- a/manifests/volume/backend/glusterfs.pp +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure GlusterFS backend for Cinder -# -# === Parameters -# -# [*glusterfs_shares*] -# (required) An array of GlusterFS volume locations. -# Must be an array even if there is only one volume. -# -# [*volume_backend_name*] -# (optional) Allows for the volume_backend_name to be separate of $name. -# Defaults to: $name -# -# [*glusterfs_sparsed_volumes*] -# (optional) Whether or not to use sparse (thin) volumes. -# Defaults to undef which uses the driver's default of "true". -# -# [*glusterfs_mount_point_base*] -# (optional) Where to mount the Gluster volumes. -# Defaults to undef which uses the driver's default of "$state_path/mnt". -# -# [*glusterfs_shares_config*] -# (optional) The config file to store the given $glusterfs_shares. -# Defaults to '/etc/cinder/shares.conf' -# -define cloud::volume::backend::glusterfs ( - $glusterfs_shares, - $volume_backend_name = $name, - $glusterfs_sparsed_volumes = undef, - $glusterfs_mount_point_base = undef, - $glusterfs_shares_config = '/etc/cinder/shares.conf' -) { - - cinder::backend::glusterfs { $name: - glusterfs_shares => $glusterfs_shares, - glusterfs_sparsed_volumes => $glusterfs_sparsed_volumes, - glusterfs_mount_point_base => $glusterfs_mount_point_base, - glusterfs_shares_config => $glusterfs_shares_config, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/iscsi.pp b/manifests/volume/backend/iscsi.pp deleted file mode 100644 index 9e8da91d..00000000 --- a/manifests/volume/backend/iscsi.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure iSCSI backend for Cinder -# -# -# === Parameters -# -# [*iscsi_ip_address*] -# (required) IP address of iSCSI target. -# -# [*volume_group*] -# (optional) Cinder volume group name. -# Defaults to 'cinder-volumes'. -# -define cloud::volume::backend::iscsi ( - $iscsi_ip_address, - $volume_group = 'cinder-volumes', - $volume_backend_name = $name, -) { - - - cinder::backend::iscsi { $name: - iscsi_ip_address => $iscsi_ip_address, - volume_group => $volume_group, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/netapp.pp b/manifests/volume/backend/netapp.pp deleted file mode 100644 index 83cbec5f..00000000 --- a/manifests/volume/backend/netapp.pp +++ /dev/null @@ -1,164 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure NetApp backend for Cinder -# -# -# === Parameters -# -# [*netapp_login*] -# (required) Administrative user account name used to access the storage -# system or proxy server. -# -# [*netapp_password*] -# (required) Password for the administrative user account specified in the -# netapp_login parameter. -# -# [*netapp_server_hostname*] -# (required) The hostname (or IP address) for the storage system or proxy -# server. -# -# [*netapp_server_port*] -# (optional) The TCP port to use for communication with ONTAPI on the -# storage system. Traditionally, port 80 is used for HTTP and port 443 is -# used for HTTPS; however, this value should be changed if an alternate -# port has been configured on the storage system or proxy server. -# Defaults to 80 -# -# [*netapp_size_multiplier*] -# (optional) The quantity to be multiplied by the requested volume size to -# ensure enough space is available on the virtual storage server (Vserver) to -# fulfill the volume creation request. -# Defaults to 1.2 -# -# [*netapp_storage_family*] -# (optional) The storage family type used on the storage system; valid values -# are ontap_7mode for using Data ONTAP operating in 7-Mode or ontap_cluster -# for using clustered Data ONTAP, or eseries for NetApp E-Series. -# Defaults to ontap_cluster -# -# [*netapp_storage_protocol*] -# (optional) The storage protocol to be used on the data path with the storage -# system; valid values are iscsi or nfs. -# Defaults to nfs -# -# [*netapp_transport_type*] -# (optional) The transport protocol used when communicating with ONTAPI on the -# storage system or proxy server. Valid values are http or https. -# Defaults to http -# -# [*netapp_vfiler*] -# (optional) The vFiler unit on which provisioning of block storage volumes -# will be done. This parameter is only used by the driver when connecting to -# an instance with a storage family of Data ONTAP operating in 7-Mode and the -# storage protocol selected is iSCSI. Only use this parameter when utilizing -# the MultiStore feature on the NetApp storage system. -# Defaults to '' -# -# [*netapp_volume_list*] -# (optional) This parameter is only utilized when the storage protocol is -# configured to use iSCSI. This parameter is used to restrict provisioning to -# the specified controller volumes. Specify the value of this parameter to be -# a comma separated list of NetApp controller volume names to be used for -# provisioning. -# Defaults to '' -# -# [*netapp_vserver*] -# (optional) This parameter specifies the virtual storage server (Vserver) -# name on the storage cluster on which provisioning of block storage volumes -# should occur. If using the NFS storage protocol, this parameter is mandatory -# for storage service catalog support (utilized by Cinder volume type -# extra_specs support). If this parameter is specified, the exports belonging -# to the Vserver will only be used for provisioning in the future. Block -# storage volumes on exports not belonging to the Vserver specified by -# this parameter will continue to function normally. -# Defaults to '' -# -# [*expiry_thres_minutes*] -# (optional) This parameter specifies the threshold for last access time for -# images in the NFS image cache. When a cache cleaning cycle begins, images -# in the cache that have not been accessed in the last M minutes, where M is -# the value of this parameter, will be deleted from the cache to create free -# space on the NFS share. -# Defaults to 720 -# -# [*thres_avl_size_perc_start*] -# (optional) If the percentage of available space for an NFS share has -# dropped below the value specified by this parameter, the NFS image cache -# will be cleaned. -# Defaults to 20 -# -# [*thres_avl_size_perc_stop*] -# (optional) When the percentage of available space on an NFS share has -# reached the percentage specified by this parameter, the driver will stop -# clearing files from the NFS image cache that have not been accessed in the -# last M minutes, where M is the value of the expiry_thres_minutes parameter. -# Defaults to 60 -# -# [*nfs_shares_config*] -# (optional) File with the list of available NFS shares -# Defaults to '' -# -# [*nfs_mount_options*] -# (optional) Mount options passed to the nfs client. See section -# of the nfs man page for details. -# Defaults to undef - -define cloud::volume::backend::netapp ( - $netapp_login, - $netapp_password, - $netapp_server_hostname, - $volume_backend_name = $name, - $netapp_server_port = '80', - $netapp_size_multiplier = '1.2', - $netapp_storage_family = 'ontap_cluster', - $netapp_storage_protocol = 'nfs', - $netapp_transport_type = 'http', - $netapp_vfiler = '', - $netapp_volume_list = '', - $netapp_vserver = '', - $expiry_thres_minutes = '720', - $thres_avl_size_perc_start = '20', - $thres_avl_size_perc_stop = '60', - $nfs_shares_config = '', - $nfs_mount_options = undef, -) { - - - cinder::backend::netapp { $name: - netapp_server_hostname => $netapp_server_hostname, - netapp_login => $netapp_login, - netapp_password => $netapp_password, - netapp_server_port => $netapp_server_port, - netapp_size_multiplier => $netapp_size_multiplier, - netapp_storage_family => $netapp_storage_family, - netapp_storage_protocol => $netapp_storage_protocol, - netapp_transport_type => $netapp_transport_type, - netapp_vfiler => $netapp_vfiler, - netapp_volume_list => $netapp_volume_list, - netapp_vserver => $netapp_vserver, - expiry_thres_minutes => $expiry_thres_minutes, - thres_avl_size_perc_start => $thres_avl_size_perc_start, - thres_avl_size_perc_stop => $thres_avl_size_perc_stop, - nfs_shares_config => $nfs_shares_config, - nfs_mount_options => $nfs_mount_options, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/nfs.pp b/manifests/volume/backend/nfs.pp deleted file mode 100644 index 0007dddd..00000000 --- a/manifests/volume/backend/nfs.pp +++ /dev/null @@ -1,87 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure NFS backend for Cinder -# -# -# === Parameters -# -# [*nfs_servers*] -# (required) Array of NFS servers in the form 'ipaddress:/share' -# -# [*nfs_mount_options*] -# (optional) Mount options passed to the nfs client. See section -# of the nfs man page for details. -# Defaults to undef -# -# [*nfs_disk_util*] -# (optional) Use du or df for free space calculation -# Defaults to undef -# -# [*nfs_sparsed_volumes*] -# (optional) Create volumes as sparsed files which take no space. -# If set to 'false' volume is created as regular file. -# In such case volume creation takes a lot of time. -# Defaults to undef -# -# [*nfs_mount_point_base*] -# (optional) Base dir containing mount points for nfs shares. -# Defaults to undef -# -# [*nfs_shares_config*] -# (optional) File with the list of available NFS shares. -# Defaults to '/etc/cinder/shares.conf' -# -# [*nfs_used_ratio*] -# (optional) Percent of ACTUAL usage of the underlying volume -# before no new volumes can be allocated to the volume destination. -# Defaults to 0.95 -# -# [*nfs_oversub_ratio*] -# (optional) This will compare the allocated to available space on -# the volume destination. If the ratio exceeds this number, the -# destination will no longer be valid. -# Defaults to 1.0 -# -define cloud::volume::backend::nfs( - $volume_backend_name = $name, - $nfs_servers = [], - $nfs_mount_options = undef, - $nfs_disk_util = undef, - $nfs_sparsed_volumes = undef, - $nfs_mount_point_base = undef, - $nfs_shares_config = '/etc/cinder/shares.conf', - $nfs_used_ratio = '0.95', - $nfs_oversub_ratio = '1.0', -) { - - cinder::backend::nfs { $name: - volume_backend_name => $volume_backend_name, - nfs_servers => $nfs_servers, - nfs_mount_options => $nfs_mount_options, - nfs_disk_util => $nfs_disk_util, - nfs_sparsed_volumes => $nfs_sparsed_volumes, - nfs_mount_point_base => $nfs_mount_point_base, - nfs_shares_config => $nfs_shares_config, - nfs_used_ratio => $nfs_used_ratio, - nfs_oversub_ratio => $nfs_oversub_ratio, - } - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backend/rbd.pp b/manifests/volume/backend/rbd.pp deleted file mode 100644 index c6115003..00000000 --- a/manifests/volume/backend/rbd.pp +++ /dev/null @@ -1,101 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Configure RBD backend for Cinder -# -# -# === Parameters -# -# [*rbd_pool*] -# (required) Specifies the pool name for the block device driver. -# -# [*rbd_user*] -# (required) A required parameter to configure OS init scripts and cephx. -# -# [*volume_backend_name*] -# Allows for the volume_backend_name to be separate of $name. -# -# [*rbd_ceph_conf*] -# (optional) Path to the ceph configuration file to use -# Defaults to '/etc/ceph/ceph.conf' -# -# [*rbd_flatten_volume_from_snapshot*] -# (optional) Enable flatten volumes created from snapshots. -# Defaults to false -# -# [*rbd_secret_uuid*] -# (optional) A required parameter to use cephx. -# Defaults to false -# -# [*volume_tmp_dir*] -# (optional) Location to store temporary image files if the volume -# driver does not write them directly to the volume -# Defaults to false -# -# [*rbd_max_clone_depth*] -# (optional) Maximum number of nested clones that can be taken of a -# volume before enforcing a flatten prior to next clone. -# A value of zero disables cloning -# Defaults to '5' -# -define cloud::volume::backend::rbd ( - $rbd_pool, - $rbd_user, - $volume_backend_name = $name, - $rbd_ceph_conf = '/etc/ceph/ceph.conf', - $rbd_flatten_volume_from_snapshot = false, - $rbd_secret_uuid = false, - $rbd_max_clone_depth = '5', -) { - - cinder::backend::rbd { $volume_backend_name: - rbd_pool => $rbd_pool, - rbd_user => $rbd_user, - rbd_secret_uuid => $rbd_secret_uuid, - rbd_ceph_conf => $rbd_ceph_conf, - rbd_flatten_volume_from_snapshot => $rbd_flatten_volume_from_snapshot, - rbd_max_clone_depth => $rbd_max_clone_depth, - volume_tmp_dir => '/tmp' - } - - # If Cinder & Nova reside on the same node, we need a group - # where nova & cinder users have read permissions. - ensure_resource('group', 'cephkeyring', { - ensure => 'present' - }) - - ensure_resource ('exec','add-cinder-to-group', { - 'command' => 'usermod -a -G cephkeyring cinder', - 'path' => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - 'unless' => 'groups cinder | grep cephkeyring' - }) - - # Configure Ceph keyring - Ceph::Key <<| title == $rbd_user |>> - ensure_resource('file', "/etc/ceph/ceph.client.${rbd_user}.keyring", { - owner => 'root', - group => 'cephkeyring', - mode => '0440', - require => Ceph::Key[$rbd_user], - }) - - Concat::Fragment <<| title == 'ceph-client-os' |>> - - @cinder::type { $volume_backend_name: - set_key => 'volume_backend_name', - set_value => $volume_backend_name, - notify => Service['cinder-volume'] - } -} diff --git a/manifests/volume/backup.pp b/manifests/volume/backup.pp deleted file mode 100644 index 26e70181..00000000 --- a/manifests/volume/backup.pp +++ /dev/null @@ -1,45 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# == Class: -# -# Volume Backup node -# -# === Parameters -# -# [*backup_ceph_pool*] -# (optional) Name of the Ceph pool which which store the cinder backups -# Defaults to 'backup' -# -# [*backup_ceph_user*] -# (optional) User name used to acces to the backup rbd pool -# Defaults to 'cinder' -# -class cloud::volume::backup( - $backup_ceph_pool = 'backup', - $backup_ceph_user = 'cinder' -) { - - include 'cloud::volume' - - class { 'cinder::backup': } - - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - # class { 'cinder::backup::ceph': - # backup_ceph_user => $backup_ceph_user, - # backup_ceph_pool => $backup_ceph_pool - # } - -} diff --git a/manifests/volume/scheduler.pp b/manifests/volume/scheduler.pp deleted file mode 100644 index 79ba66a9..00000000 --- a/manifests/volume/scheduler.pp +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Volume Scheduler node -# -class cloud::volume::scheduler{ - - include 'cloud::volume' - - class { 'cinder::scheduler': - scheduler_driver => 'cinder.scheduler.filter_scheduler.FilterScheduler' - } - -} diff --git a/manifests/volume/storage.pp b/manifests/volume/storage.pp deleted file mode 100644 index bc6b642b..00000000 --- a/manifests/volume/storage.pp +++ /dev/null @@ -1,167 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Volume storage -# -# === Parameters -# -# [*ks_keystone_internal_proto*] -# (optional) Protocol used to connect to API. Could be 'http' or 'https'. -# Defaults to 'http' -# -# [*ks_keystone_internal_host*] -# (optional) Internal Hostname or IP to connect to Keystone API -# Defaults to '127.0.0.1' -# -# [*ks_keystone_internal_port*] -# (optional) TCP port to connect to Keystone API from admin network -# Default to '5000' -# -# [*ks_cinder_password*] -# (optional) Password used by Cinder to connect to Keystone API -# Defaults to 'secrete' -# -# [*cinder_backends*] -# (optionnal) Hash of the Cinder backends to enable -# Example: -# cinder_backends = { -# 'rbd' => { -# 'lowcost' => { 'rbd_pool' => 'slow', 'rbd_user' => 'cinder', 'rbd_secret_uuid' => '123' }, -# 'standard' => { 'rbd_pool' => 'normal', 'rbd_user' => 'cinder', 'rbd_secret_uuid' => '123' } -# }, -# 'netapp' => { -# 'premium' => { 'netapp_server_hostname' => 'netapp.host', 'netapp_login' => 'joe', 'netapp_password' => 'secret' } -# } -# } -# Defaults to undef -# -# [*cinder_rbd_pool*] -# (optional) Name of the Ceph pool which which store the cinder images -# Defaults to 'volumes' -# -# [*cinder_rbd_user*] -# (optional) User name used to acces to the cinder rbd pool -# Defaults to 'cinder' -# -# [*cinder_rbd_secret_uuid*] -# (optional) A required parameter to use cephx. -# Defaults to false -# -# [*cinder_rbd_conf*] -# (optional) Path to the ceph configuration file to use -# Defaults to '/etc/ceph/ceph.conf' -# -# [*cinder_rbd_flatten_volume_from_snapshot*] -# (optional) Enable flatten volumes created from snapshots. -# Defaults to false -# -# [*cinder_rbd_max_clone_depth*] -# (optional) Maximum number of nested clones that can be taken of a -# volume before enforcing a flatten prior to next clone. -# A value of zero disables cloning -# Defaults to '5' -# -class cloud::volume::storage( - $cinder_backends = undef, - $ks_keystone_internal_proto = 'http', - $ks_keystone_internal_port = '5000', - $ks_keystone_internal_host = '127.0.0.1', - $ks_cinder_password = 'secrete', - $cinder_rbd_pool = 'volumes', - $cinder_rbd_user = 'cinder', - $cinder_rbd_secret_uuid = undef, - $cinder_rbd_conf = '/etc/ceph/ceph.conf', - $cinder_rbd_flatten_volume_from_snapshot = false, - $cinder_rbd_max_clone_depth = '5', -) { - - include 'cloud::volume' - - include 'cinder::volume' - - if $cinder_backends { - - if has_key($cinder_backends, 'rbd') { - $rbd_backends = $cinder_backends['rbd'] - create_resources('cloud::volume::backend::rbd', $rbd_backends) - } - else { - $rbd_backends = { } - } - - if has_key($cinder_backends, 'netapp') { - $netapp_backends = $cinder_backends['netapp'] - create_resources('cloud::volume::backend::netapp', $netapp_backends) - } - else { - $netapp_backends = { } - } - - if has_key($cinder_backends, 'iscsi') { - $iscsi_backends = $cinder_backends['iscsi'] - create_resources('cloud::volume::backend::iscsi', $iscsi_backends) - } - else { - $iscsi_backends = { } - } - - if has_key($cinder_backends, 'emc_vnx') { - $emc_vnx_backends = $cinder_backends['emc_vnx'] - create_resources('cloud::volume::backend::emc_vnx', $emc_vnx_backends) - } - else { - $emc_vnx_backends = { } - } - - if has_key($cinder_backends, 'eqlx') { - $eqlx_backends = $cinder_backends['eqlx'] - create_resources('cloud::volume::backend::eqlx', $eqlx_backends) - } - else { - $eqlx_backends = { } - } - - if has_key($cinder_backends, 'glusterfs') { - $glusterfs_backends = $cinder_backends['glusterfs'] - create_resources('cloud::volume::backend::glusterfs', $glusterfs_backends) - } - else { - $glusterfs_backends = { } - } - - if has_key($cinder_backends, 'nfs') { - $nfs_backends = $cinder_backends['nfs'] - create_resources('cloud::volume::backend::nfs', $nfs_backends) - } - else { - $nfs_backends = { } - } - - class { 'cinder::backends': - enabled_backends => keys(merge($rbd_backends, $netapp_backends, $iscsi_backends, $emc_vnx_backends, $eqlx_backends, $nfs_backends, $glusterfs_backends)) - } - - # Manage Volume types. - # It allows to the end-user to choose from which backend he would like to provision a volume. - # Cinder::Type requires keystone credentials - Cinder::Type <| |> { - os_tenant_name => 'services', - os_username => 'cinder', - os_password => $ks_cinder_password, - os_auth_url => "${ks_keystone_internal_proto}://${ks_keystone_internal_host}:${ks_keystone_internal_port}/v2.0" - } - } - -} diff --git a/metadata.json b/metadata.json deleted file mode 100644 index 16e4664f..00000000 --- a/metadata.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "name": "eNovance-cloud", - "version": "2.2.0", - "author": "eNovance", - "summary": "eNovance OpenStack Module", - "license": "Apache-2.0", - "source": "https://github.com/stackforge/puppet-openstack-cloud", - "project_page": "https://wiki.openstack.org/wiki/Puppet-openstack/puppet-openstack-cloud", - "issues_url": "https://bugs.launchpad.net/puppet-openstack-cloud", - "operatingsystem_support": [ - {"operatingsystem": "Debian"}, - {"operatingsystem": "Ubuntu"}, - {"operatingsystem": "CentOS"}, - {"operatingsystem": "RedHat"} - ], - "requirements": [ - {"name": "pe","version_requirement": "3.x"}, - {"name": "puppet","version_requirement": "3.x"} - ], - "description": "Puppet module that pulls together all the individual components of OpenStack, resulting is a complete and functional stack", - "dependencies": [ - {"name":"stackforge/glance","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/horizon","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/keystone","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/nova","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/cinder","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/swift","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/neutron","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/ceilometer","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/heat","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"stackforge/tempest","version_requirement":">=5.0.0 <6.0.0"}, - {"name":"eNovance/ceph", "version_requirement":">=1.1.0 <2.0.0"} - ] -} diff --git a/scripts/bootstrap.pp b/scripts/bootstrap.pp deleted file mode 100644 index fbd9c98c..00000000 --- a/scripts/bootstrap.pp +++ /dev/null @@ -1,30 +0,0 @@ -Class['hiera'] -> Class['apache'] - -class { 'hiera' : - datadir => '/etc/puppet/data', - hierarchy => [ - '%{::type}/%{::fqdn}', - '%{::type}/common', - 'common', - ] -} - -class {'::apache' : - purge_configs => false, -} -include 'apache::mod::wsgi' - -apache::vhost { 'puppetdb' : - docroot => '/tmp', - ssl => true, - ssl_cert => '/etc/puppet/ssl/puppetdb.pem', - ssl_key => '/etc/puppet/ssl/puppetdb.pem', - port => '8081', - servername => $::fqdn, - proxy_pass => [ - { - 'path' => '/', - 'url' => 'http://localhost:8080/' - } - ] -} diff --git a/spec/classes/cloud_clustering_spec.rb b/spec/classes/cloud_clustering_spec.rb deleted file mode 100644 index 871d764a..00000000 --- a/spec/classes/cloud_clustering_spec.rb +++ /dev/null @@ -1,149 +0,0 @@ -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::clustering class -# - -require 'spec_helper' - -describe 'cloud::clustering' do - - let :pre_condition do - "class { 'cloud': - manage_firewall => true - }" - end - - let :params do - { :cluster_members => ['node1.test-example.org', - 'node2.test-example.org', - 'node3.test-example.org'], - :cluster_ip => '127.0.0.1', - :cluster_auth => false, - :cluster_authkey => '/var/lib/puppet/ssl/certs/ca.pem', - :cluster_recheck_interval => '5min', - :pe_warn_series_max => 1000, - :pe_input_series_max => 1000, - :pe_error_series_max => 1000, - :multicast_address => '239.192.168.1', - :firewall_settings => {} } - end - - shared_examples_for 'corosync and pacemaker' do - - context 'with default parameters' do - it 'configure corosync' do - is_expected.to contain_class('corosync').with( - :enable_secauth => params[:cluster_auth], - :authkey => params[:cluster_authkey], - :bind_address => params[:cluster_ip], - :multicast_address => params[:multicast_address], - :packages => platform_params[:packages], - #:set_votequorum => platform_params[:set_votequorum], - #:quorum_members => params[:cluster_members], - ) - - is_expected.to contain_cs_property('pe-warn-series-max').with( - :value => params[:pe_warn_series_max] - ) - is_expected.to contain_cs_property('pe-input-series-max').with( - :value => params[:pe_input_series_max] - ) - is_expected.to contain_cs_property('pe-error-series-max').with( - :value => params[:pe_error_series_max] - ) - - is_expected.to contain_corosync__service('pacemaker') - end - - it 'configure pacemaker firewall rules' do - is_expected.to contain_firewall('100 allow vrrp access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow corosync tcp access').with( - :port => ['2224', '3121', '21064'], - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow corosync udp access').with( - :port => ['5404', '5405'], - :proto => 'udp', - :action => 'accept', - ) - end - end - - context 'with two nodes only' do - before :each do - params.merge!( - :cluster_members => ['node1', 'node2'] - ) - end - - it 'disables stonith and ignores votequorum errors' do - is_expected.to contain_cs_property('no-quorum-policy').with( - :value => 'ignore' - ) - is_expected.to contain_cs_property('stonith-enabled').with( - :value => 'false' - ) - end - end - end - - shared_examples_for 'specific resources for RH platforms' do - context 'with default parameters' do - it { should contain_service('pacemaker').with( - :ensure => 'running', - :enable => true, - :require => 'Class[Corosync]', - )} - - it { should contain_service('pcsd').with( - :ensure => 'running', - :enable => true, - :require => 'Class[Corosync]', - )} - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :set_votequorum => false, - :packages => ['corosync', 'pacemaker'] } - end - - it_configures 'corosync and pacemaker' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :set_votequorum => true, - :packages => ['corosync', 'pacemaker', 'pcs']} - end - - it_configures 'corosync and pacemaker' - it_configures 'specific resources for RH platforms' - end -end diff --git a/spec/classes/cloud_compute_api_spec.rb b/spec/classes/cloud_compute_api_spec.rb deleted file mode 100644 index ceb05e76..00000000 --- a/spec/classes/cloud_compute_api_spec.rb +++ /dev/null @@ -1,228 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::api class -# - -require 'spec_helper' - -describe 'cloud::compute::api' do - - shared_examples_for 'openstack compute api' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_use_slave => false, - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :ks_keystone_internal_host => '127.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_nova_password => 'novapassword', - :api_eth => '127.0.0.1', - :ks_ec2_public_port => '8773', - :ks_nova_public_port => '8774', - :ks_metadata_public_port => '8775', - :neutron_metadata_proxy_shared_secret => 'metadatapassword' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'does not configure nova db slave' do - is_expected.to contain_nova_config('database/slave_connection').with('ensure' => 'absent') - end - - context "when enabling nova db slave" do - let :pre_condition do - "class { 'cloud::compute': - nova_db_host => '10.0.0.1', - nova_db_use_slave => true, - nova_db_user => 'nova', - nova_db_password => 'secrete' }" - end - it 'configure nova db slave' do - is_expected.to contain_nova_config('database/slave_connection').with( - 'value' => 'mysql://nova:secrete@10.0.0.1:3307/nova?charset=utf8') - end - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-api' do - is_expected.to contain_class('nova::api').with( - :enabled => true, - :auth_host => '127.0.0.1', - :auth_protocol => 'https', - :admin_password => 'novapassword', - :api_bind_address => '127.0.0.1', - :metadata_listen => '127.0.0.1', - :neutron_metadata_proxy_shared_secret => 'metadatapassword', - :osapi_v3 => true, - :manage_service => true, - ) - end - - it 'configure a crontab that move deleted instance rows to another database table' do - is_expected.to contain_class('nova::cron::archive_deleted_rows') - end - - context 'when pacemaker manages nova-api' do - before :each do - params.merge!( :pacemaker_enabled => true ) - end - it 'configure nova-api without managing the service' do - is_expected.to contain_class('nova::api').with( - :manage_service => true, - ) - end - it 'should create a Pacemaker service for nova-api' do - should contain_openstack_extras__pacemaker__service(platform_params[:api_service_name]).with( - { - 'ensure' => :present, - 'primitive_class' => platform_params[:service_provider], - } - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure nova firewall rules' do - is_expected.to contain_firewall('100 allow nova-api access').with( - :port => '8774', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow nova-ec2 access').with( - :port => '8773', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow nova-metadata access').with( - :port => '8775', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure nova firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow nova-api access').with( - :port => '8774', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow nova-ec2 access').with( - :port => '8773', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow nova-metadata access').with( - :port => '8775', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian' } - end - - let :platform_params do - { :service_provider => 'lsb', - :api_service_name => 'nova-api', - } - end - - it_configures 'openstack compute api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :service_provider => 'systemd', - :api_service_name => 'openstack-nova-api', - } - end - - it_configures 'openstack compute api' - end - -end diff --git a/spec/classes/cloud_compute_cert_spec.rb b/spec/classes/cloud_compute_cert_spec.rb deleted file mode 100644 index 5bc21fb9..00000000 --- a/spec/classes/cloud_compute_cert_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::cert class -# - -require 'spec_helper' - -describe 'cloud::compute::cert' do - - shared_examples_for 'openstack compute cert' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-cert' do - is_expected.to contain_class('nova::cert').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute cert' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute cert' - end - -end diff --git a/spec/classes/cloud_compute_conductor_spec.rb b/spec/classes/cloud_compute_conductor_spec.rb deleted file mode 100644 index dd17a0e4..00000000 --- a/spec/classes/cloud_compute_conductor_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::conductor class -# - -require 'spec_helper' - -describe 'cloud::compute::conductor' do - - shared_examples_for 'openstack compute conductor' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-conductor' do - is_expected.to contain_class('nova::conductor').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute conductor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute conductor' - end - -end diff --git a/spec/classes/cloud_compute_consoleauth_spec.rb b/spec/classes/cloud_compute_consoleauth_spec.rb deleted file mode 100644 index 27cd5364..00000000 --- a/spec/classes/cloud_compute_consoleauth_spec.rb +++ /dev/null @@ -1,99 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::consoleauth class -# - -require 'spec_helper' - -describe 'cloud::compute::consoleauth' do - - shared_examples_for 'openstack compute consoleauth' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-consoleauth' do - is_expected.to contain_class('nova::consoleauth').with(:enabled => true) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute consoleauth' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute consoleauth' - end - -end diff --git a/spec/classes/cloud_compute_consoleproxy_spec.rb b/spec/classes/cloud_compute_consoleproxy_spec.rb deleted file mode 100644 index 8856f920..00000000 --- a/spec/classes/cloud_compute_consoleproxy_spec.rb +++ /dev/null @@ -1,153 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::consoleproxy class -# - -require 'spec_helper' - -describe 'cloud::compute::consoleproxy' do - - shared_examples_for 'openstack compute consoleproxy' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :api_eth => '10.0.0.1' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-vncproxy' do - is_expected.to contain_class('nova::vncproxy').with( - :enabled => true, - :host => '10.0.0.1', - :port => '6080', - :vncproxy_protocol => 'http' - ) - end - - context 'with spice console' do - before :each do - params.merge!( - :console => 'spice', - :novnc_port => '6082' ) - end - it 'configure nova-spicehtml5proxy' do - is_expected.to contain_class('nova::spicehtml5proxy').with( - :enabled => true, - :host => '10.0.0.1', - :port => '6082' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure spice firewall rules' do - is_expected.to contain_firewall('100 allow novnc access').with( - :port => '6080', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure spice firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow novnc access').with( - :port => '6080', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute consoleproxy' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute consoleproxy' - end - -end diff --git a/spec/classes/cloud_compute_hypervisor_spec.rb b/spec/classes/cloud_compute_hypervisor_spec.rb deleted file mode 100644 index 7ed80f0a..00000000 --- a/spec/classes/cloud_compute_hypervisor_spec.rb +++ /dev/null @@ -1,531 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::hypervisor class -# - -require 'spec_helper' - -describe 'cloud::compute::hypervisor' do - - shared_examples_for 'openstack compute hypervisor' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' } - class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true } - class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :libvirt_type => 'kvm', - :server_proxyclient_address => '7.0.0.1', - :spice_port => '6082', - :nova_ssh_private_key => 'secrete', - :nova_ssh_public_key => 'public', - :ks_nova_public_proto => 'http', - :ks_console_public_proto => 'https', - :ks_console_public_host => '10.0.0.2', - :vm_rbd => false, - :volume_rbd => false, - :nova_shell => false, - :ks_nova_public_host => '10.0.0.1' } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0' - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0' - ) - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :report_interval => '30' - ) - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0' - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0' - ) - end - - it 'configure nova-compute' do - is_expected.to contain_class('nova::compute').with( - :enabled => true, - :vnc_enabled => true, - :vncserver_proxyclient_address => '7.0.0.1', - :vncproxy_host => '10.0.0.2', - :vncproxy_protocol => 'https', - :vncproxy_port => '6080', - :virtio_nic => false, - :neutron_enabled => true - ) - end - - it 'configure nova compute with neutron' do - is_expected.to contain_class('nova::compute::neutron') - end - - it 'configure ceilometer agent compute' do - is_expected.to contain_class('ceilometer::agent::compute') - end - - it 'do not configure nova shell' do - is_expected.not_to contain_user('nova') - end - - it 'should not configure nova-compute for RBD backend' do - is_expected.not_to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.not_to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - end - - it 'configure libvirt driver without disk cachemodes' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => [] - ) - end - - it 'configure nova-compute with extra parameters' do - is_expected.to contain_nova_config('DEFAULT/default_availability_zone').with('value' => 'MyZone') - is_expected.to contain_nova_config('libvirt/inject_key').with('value' => false) - is_expected.to contain_nova_config('libvirt/inject_partition').with('value' => '-2') - is_expected.to contain_nova_config('libvirt/live_migration_flag').with('value' => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_PERSIST_DEST') - is_expected.to contain_nova_config('libvirt/block_migration_flag').with('value' => 'VIR_MIGRATE_UNDEFINE_SOURCE,VIR_MIGRATE_PEER2PEER,VIR_MIGRATE_LIVE,VIR_MIGRATE_NON_SHARED_INC') - end - - context 'witch spice console' do - before :each do - params.merge!( :console => 'spice' ) - end - it 'configure spice console' do - is_expected.to contain_class('nova::compute::spice').with( - :server_listen => '0.0.0.0', - :server_proxyclient_address => '7.0.0.1', - :proxy_host => '10.0.0.2', - :proxy_protocol => 'https', - :proxy_port => '6082' - ) - end - end - - context 'with dbus on Debian/Ubuntu' do - let :facts do - { :osfamily => 'Debian', - :vtx => true, - } - end - - it 'ensure dbus is running and started at boot' do - is_expected.to contain_service('dbus').with( - :ensure => 'running', - :enable => 'true' - ) - end - end - - context 'without TSO/GSO/GRO on Debian systems' do - before :each do - facts.merge!( :osfamily => 'Debian', - :operatingsystem => 'Debian', - :vtx => true ) - end - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/update-rc.d disable-tso defaults', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'without TSO/GSO/GRO on Red Hat systems' do - before :each do - facts.merge!( :osfamily => 'RedHat', - :vtx => true ) - end - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/chkconfig disable-tso on', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'when not managing TSO/GSO/GRO' do - before :each do - params.merge!( :manage_tso => false) - end - it 'ensure TSO script is not managed at boot' do - is_expected.not_to contain_exec('enable-tso-script') - end - it 'do not start TSO script' do - is_expected.not_to contain_exec('start-tso-script') - end - end - - context 'when managing nova shell' do - before :each do - params.merge!( :nova_shell => '/bin/bash') - end - it 'ensure nova shell is configured by Puppet' do - is_expected.to contain_user('nova').with( - :ensure => 'present', - :system => true, - :home => '/var/lib/nova', - :managehome => false, - :shell => '/bin/bash' - ) - end - end - - context 'with RBD backend for instances and volumes' do - before :each do - facts.merge!( :vtx => true ) - params.merge!( - :vm_rbd => true, - :volume_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_pool => 'nova', - :nova_rbd_secret_uuid => 'secrete' ) - end - - it 'configure nova-compute to support RBD backend' do - is_expected.to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - is_expected.to contain_nova_config('libvirt/images_rbd_pool').with('value' => 'nova') - is_expected.to contain_nova_config('libvirt/images_rbd_ceph_conf').with('value' => '/etc/ceph/ceph.conf') - is_expected.to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with('value' => 'secrete') - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-nova-to-group').with( - :command => 'usermod -a -G cephkeyring nova', - :unless => 'groups nova | grep cephkeyring' - ) - end - - it 'configure libvirt driver' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => ['network=writeback'] - ) - end - end - - context 'with RBD support only for volumes' do - before :each do - facts.merge!( :vtx => true ) - params.merge!( - :vm_rbd => false, - :volume_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_secret_uuid => 'secrete' ) - end - - it 'configure nova-compute to support RBD backend' do - is_expected.not_to contain_nova_config('libvirt/images_type').with('value' => 'rbd') - is_expected.not_to contain_nova_config('libvirt/images_rbd_pool').with('value' => 'nova') - is_expected.to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder') - is_expected.to contain_nova_config('libvirt/rbd_secret_uuid').with('value' => 'secrete') - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-nova-to-group').with( - :command => 'usermod -a -G cephkeyring nova', - :unless => 'groups nova | grep cephkeyring' - ) - is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ - 'owner' => 'root', - 'group' => 'cephkeyring', - 'mode' => '0440', - }) - end - - it 'configure libvirt driver' do - is_expected.to contain_class('nova::compute::libvirt').with( - :libvirt_type => 'kvm', - :vncserver_listen => '0.0.0.0', - :migration_support => true, - :libvirt_disk_cachemodes => ['network=writeback'] - ) - end - end - - context 'when trying to enable RBD backend on RedHat OSP < 7 plaforms' do - before :each do - facts.merge!( :osfamily => 'RedHat', - :operatingsystemmajrelease => '6' ) - params.merge!( - :vm_rbd => true, - :cinder_rbd_user => 'cinder', - :nova_rbd_pool => 'nova', - :nova_rbd_secret_uuid => 'secrete' ) - end - it_raises 'a Puppet::Error', /RBD image backend in Nova is not supported in RHEL 6./ - end - - context 'when running KVM libvirt driver without VTX enabled' do - before :each do - facts.merge!( :vtx => false ) - end - it_raises 'a Puppet::Error', /libvirt_type is set to KVM and VTX seems to be disabled on this node./ - end - - context 'when storing instances on a NFS share' do - before :each do - params.merge!( - :nfs_enabled => true, - :nfs_device => 'nfs.example.com:/vol1', - :nfs_options => 'noacl,fsid=123' ) - end - it 'configure nova instances path and NFS mount' do - is_expected.to contain_file('/var/lib/nova/instances').with( - 'ensure' => 'directory', - 'owner' => 'nova', - 'group' => 'nova', - 'mode' => '0755' - ) - is_expected.to contain_nova_config('DEFAULT/instances_path').with('value' => '/var/lib/nova/instances') - is_expected.to contain_mount('/var/lib/nova/instances').with({ - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => 'nfs.example.com:/vol1', - 'options' => 'noacl,fsid=123' - }) - end - end - - context 'when storing instances on a NFS share without nfs_device' do - before :each do - params.merge!( - :nfs_enabled => true, - :nfs_device => false ) - end - it_raises 'a Puppet::Error', /When running NFS backend, you need to provide nfs_device parameter./ - end - - context 'when storing instances on a NFS share with vm_rbd enabled' do - before :each do - params.merge!( - :nfs_enabled => true, - :vm_rbd => true, - :nfs_device => 'nfs.example.com:/vol1' ) - end - it_raises 'a Puppet::Error', /When running NFS backend, vm_rbd parameter cannot be set to true./ - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure compute firewall rules' do - is_expected.to contain_firewall('100 allow instances console access').with( - :port => '5900-5999', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow instances migration access').with( - :port => ['16509', '49152-49215'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure compute firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow instances console access').with( - :port => '5900-5999', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow instances migration access').with( - :port => ['16509', '49152-49215'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian', - :vtx => true, - # required for rpcbind module - :lsbdistid => 'Debian' - } - end - - it_configures 'openstack compute hypervisor' - it { should contain_file_line('/etc/default/libvirtd libvirtd opts').with(:line => 'libvirtd_opts="-d -l"') } - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :vtx => true, - # required for rbd support check - :operatingsystemmajrelease => '7', - # required for nfs module - :lsbmajdistrelease => '7' - } - end - - it_configures 'openstack compute hypervisor' - it { should contain_file_line('/etc/sysconfig/libvirtd libvirtd args').with(:line => 'LIBVIRTD_ARGS="--listen"') } - end - -end diff --git a/spec/classes/cloud_compute_scheduler_spec.rb b/spec/classes/cloud_compute_scheduler_spec.rb deleted file mode 100644 index 1bca9378..00000000 --- a/spec/classes/cloud_compute_scheduler_spec.rb +++ /dev/null @@ -1,116 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::compute::scheduler class -# - -require 'spec_helper' - -describe 'cloud::compute::scheduler' do - - shared_examples_for 'openstack compute scheduler' do - - let :pre_condition do - "class { 'cloud::compute': - availability_zone => 'MyZone', - nova_db_host => '10.0.0.1', - nova_db_user => 'nova', - nova_db_password => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_glance_internal_host => '10.0.0.1', - glance_api_port => '9292', - verbose => true, - debug => true, - use_syslog => true, - neutron_protocol => 'http', - neutron_endpoint => '10.0.0.1', - neutron_region_name => 'MyRegion', - neutron_password => 'secrete', - memcache_servers => ['10.0.0.1','10.0.0.2'], - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { - :scheduler_default_filters => false - } - end - - it 'configure nova common' do - is_expected.to contain_class('nova').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :rabbit_userid => 'nova', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :memcached_servers => ['10.0.0.1','10.0.0.2'], - :glance_api_servers => 'http://10.0.0.1:9292', - :log_dir => false - ) - is_expected.to contain_class('nova::db').with( - :database_connection => 'mysql://nova:secrete@10.0.0.1/nova?charset=utf8', - :database_idle_timeout => '5000', - ) - is_expected.to contain_nova_config('DEFAULT/resume_guests_state_on_host_boot').with('value' => true) - is_expected.to contain_nova_config('DEFAULT/servicegroup_driver').with_value('mc') - is_expected.to contain_nova_config('DEFAULT/glance_num_retries').with_value('10') - end - - it 'configure neutron on compute node' do - is_expected.to contain_class('nova::network::neutron').with( - :neutron_admin_password => 'secrete', - :neutron_admin_auth_url => 'http://10.0.0.1:35357/v2.0', - :neutron_region_name => 'MyRegion', - :neutron_url => 'http://10.0.0.1:9696' - ) - end - - it 'configure nova-scheduler' do - is_expected.to contain_class('nova::scheduler').with(:enabled => true) - end - - context 'openstack compute scheduler with nova-scheduler filters' do - before do - params.merge!( - :scheduler_default_filters => ['RamFilter', 'ComputeFilter'] - ) - end - it { is_expected.to contain_nova_config('DEFAULT/scheduler_default_filters').with( - 'value' => "RamFilter,ComputeFilter" - )} - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack compute scheduler' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack compute scheduler' - end - -end diff --git a/spec/classes/cloud_dashboard_spec.rb b/spec/classes/cloud_dashboard_spec.rb deleted file mode 100644 index 50ace201..00000000 --- a/spec/classes/cloud_dashboard_spec.rb +++ /dev/null @@ -1,180 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::dashboard class -# - -require 'spec_helper' - -describe 'cloud::dashboard' do - - shared_examples_for 'openstack dashboard' do - - let :params do - { :listen_ssl => false, - :ks_keystone_internal_host => 'localhost', - :ks_keystone_internal_host => 'localhost', - :secret_key => '/etc/ssl/secret', - :keystone_host => 'keystone.openstack.org', - :keystone_proto => 'http', - :keystone_port => '5000', - :debug => true, - :api_eth => '10.0.0.1', - :ssl_forward => true, - :servername => 'horizon.openstack.org', - :os_endpoint_type => 'internalURL', - :allowed_hosts => 'horizon.openstack.org'} - end - - let :pre_condition do - "class { 'apache': default_vhost => false }" - end - - it 'configure horizon' do - is_expected.to contain_class('horizon').with( - :listen_ssl => false, - :secret_key => '/etc/ssl/secret', - :bind_address => '10.0.0.1', - :servername => 'horizon.openstack.org', - :cache_server_ip => false, - :keystone_url => 'http://keystone.openstack.org:5000/v2.0', - :django_debug => true, - :neutron_options => { 'enable_lb' => true }, - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'] - }, - :openstack_endpoint_type => 'internalURL', - :allowed_hosts => 'horizon.openstack.org' - ) - is_expected.to contain_class('apache').with(:default_vhost => false) - end - - context 'with custom apache2 vhost parameters' do - before do - params.merge!( - :vhost_extra_params => { - 'ssl_protocol' => 'all -SSLv3 -SSLv2' - }) - end - - it 'configure horizon with custom vhost configuration' do - is_expected.to contain_class('horizon').with( - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'], - 'ssl_protocol' => 'all -SSLv3 -SSLv2' - }, - ) - end - end - - context 'with cisco plugin enabled' do - before do - params.merge!( - :neutron_extra_options => { - 'profile_support' => 'cisco' - }) - end - - it 'configure horizon with cisco support' do - is_expected.to contain_class('horizon').with( - :neutron_options => { - 'enable_lb' => true, - 'profile_support' => 'cisco' - }, - ) - end - end - - context 'with multiple allowed_hosts' do - before do - params.merge!(:allowed_hosts => ['horizon.openstack.org', 'vip.openstack.org']) - end - - it 'configure horizon with multiple allowed hosts' do - is_expected.to contain_class('horizon').with( - :listen_ssl => false, - :secret_key => '/etc/ssl/secret', - :bind_address => '10.0.0.1', - :servername => 'horizon.openstack.org', - :cache_server_ip => false, - :keystone_url => 'http://keystone.openstack.org:5000/v2.0', - :django_debug => true, - :neutron_options => { 'enable_lb' => true }, - :vhost_extra_params => { - 'add_listen' => true , - 'setenvif' => ['X-Forwarded-Proto https HTTPS=1'] - }, - :openstack_endpoint_type => 'internalURL', - :allowed_hosts => ['horizon.openstack.org', 'vip.openstack.org'] - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'apache': default_vhost => false } - class { 'cloud': manage_firewall => true }" - end - it 'configure horizon firewall rules' do - is_expected.to contain_firewall('100 allow horizon access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'apache': default_vhost => false } - class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure horizon firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow horizon access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Ubuntu', - :operatingsystemrelease => '12.04' } - end - - it_configures 'openstack dashboard' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemrelease => '6' } - end - - it_configures 'openstack dashboard' - end - -end diff --git a/spec/classes/cloud_database_dbaas_api_spec.rb b/spec/classes/cloud_database_dbaas_api_spec.rb deleted file mode 100644 index 3c774002..00000000 --- a/spec/classes/cloud_database_dbaas_api_spec.rb +++ /dev/null @@ -1,130 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::api class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::api' do - - shared_examples_for 'openstack database dbaas api' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_trove_password => 'trovepassword', - :api_eth => '10.0.0.1', - :debug => true, - :verbose => true, - :use_syslog => true, - :ks_trove_public_port => '8779' } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove api' do - is_expected.to contain_class('trove::api').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :bind_host => '10.0.0.1', - :bind_port => '8779', - :auth_url => 'https://10.0.0.1:5000/v2.0', - :keystone_password => 'trovepassword' - ) - end - - it 'checks if Trove DB is populated' do - is_expected.to contain_exec('trove_db_sync').with( - :command => 'trove-manage db_sync', - :user => 'trove', - :path => '/usr/bin', - :unless => '/usr/bin/mysql trove -h 10.0.0.1 -u trove -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure trove-api firewall rules' do - is_expected.to contain_firewall('100 allow trove-api access').with( - :port => '8779', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure trove-api firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow trove-api access').with( - :port => '8779', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas api' - end - -end diff --git a/spec/classes/cloud_database_dbaas_conductor_spec.rb b/spec/classes/cloud_database_dbaas_conductor_spec.rb deleted file mode 100644 index 4af4ec03..00000000 --- a/spec/classes/cloud_database_dbaas_conductor_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::conductor class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::conductor' do - - shared_examples_for 'openstack database dbaas conductor' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_proto => 'https', - :debug => true, - :verbose => true, - :use_syslog => true } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove conductor' do - is_expected.to contain_class('trove::conductor').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :auth_url => 'https://10.0.0.1:5000/v2.0', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas conductor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas conductor' - end - -end diff --git a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb b/spec/classes/cloud_database_dbaas_taskmanager_spec.rb deleted file mode 100644 index 3801557a..00000000 --- a/spec/classes/cloud_database_dbaas_taskmanager_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::dbaas::taskmanager class -# - -require 'spec_helper' - -describe 'cloud::database::dbaas::taskmanager' do - - shared_examples_for 'openstack database dbaas taskmanager' do - - let :pre_condition do - "class { 'cloud::database::dbaas': - trove_db_host => '10.0.0.1', - trove_db_user => 'trove', - trove_db_password => 'secrete', - nova_admin_username => 'trove', - nova_admin_password => 'trovepassword', - nova_admin_tenant_name => 'services', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete' }" - end - - let :params do - { :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_proto => 'https', - :debug => true, - :verbose => true, - :use_syslog => true } - end - - it 'configure trove common' do - is_expected.to contain_class('trove').with( - :rabbit_userid => 'trove', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :nova_proxy_admin_pass => 'trovepassword', - :nova_proxy_admin_user => 'trove', - :nova_proxy_admin_tenant_name => 'services', - :database_connection => 'mysql://trove:secrete@10.0.0.1/trove?charset=utf8', - :database_idle_timeout => '5000', - ) - end - - it 'configure trove taskmanager' do - is_expected.to contain_class('trove::taskmanager').with( - :verbose => true, - :debug => true, - :use_syslog => true, - :auth_url => 'https://10.0.0.1:5000/v2.0', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack database dbaas taskmanager' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack database dbaas taskmanager' - end - -end diff --git a/spec/classes/cloud_database_nosql_cassandra_spec.rb b/spec/classes/cloud_database_nosql_cassandra_spec.rb deleted file mode 100644 index 1445eccd..00000000 --- a/spec/classes/cloud_database_nosql_cassandra_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::cassandra -# - -require 'spec_helper' - -describe 'cloud::database::nosql::cassandra' do - - shared_examples_for 'cassandra server' do - - let :params do - { } - end - - it 'configure cassandra with some params' do - is_expected.to contain_class('cassandra') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure cassandra firewall rules' do - is_expected.to contain_firewall('100 allow cassandra access').with( - :port => '7000', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure cassandra firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow cassandra access').with( - :port => '7000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'cassandra server' - end - -end diff --git a/spec/classes/cloud_database_nosql_elasticsearch.rb b/spec/classes/cloud_database_nosql_elasticsearch.rb deleted file mode 100644 index eca9aa14..00000000 --- a/spec/classes/cloud_database_nosql_elasticsearch.rb +++ /dev/null @@ -1,81 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::nosql::elasticsearch -# - -require 'spec_helper' - -describe 'cloud::database::nosql::elasticsearch' do - - shared_examples_for 'elasticsearch server' do - - let :params do - { :firewall_settings => {} } - end - - it 'configure elasticsearch' do - it is_expected.to contain_class('elasticsearch') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure elasticsearch firewall rules' do - is_expected.to contain_firewall('100 allow elasticsearch access').with( - :port => '9200', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure elasticsearch firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow elasticsearch access').with( - :port => '9200', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'elasticsearch server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'elasticsearch server' - end - -end diff --git a/spec/classes/cloud_database_nosql_kafka_spec.rb b/spec/classes/cloud_database_nosql_kafka_spec.rb deleted file mode 100644 index 65e5ffa0..00000000 --- a/spec/classes/cloud_database_nosql_kafka_spec.rb +++ /dev/null @@ -1,85 +0,0 @@ -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::kafka -# - -require 'spec_helper' - -describe 'cloud::database::nosql::kafka' do - - shared_examples_for 'kafka server' do - - let :params do - { } - end - - it 'configure kafka with some params' do - is_expected.to contain_class('kafka') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure kafka firewall rules' do - is_expected.to contain_firewall('100 allow kafka access').with( - :port => '9092', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure kafka firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow kafka access').with( - :port => '9092', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian', - :operatingsystem => 'Debian' - - } - end - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystem => 'RedHat' - } - end - - it_configures 'kafka server' - end - -end diff --git a/spec/classes/cloud_database_nosql_memcached_spec.rb b/spec/classes/cloud_database_nosql_memcached_spec.rb deleted file mode 100644 index 46b6aac0..00000000 --- a/spec/classes/cloud_database_nosql_memcached_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::memcached -# - -require 'spec_helper' - -describe 'cloud::database::nosql::memcached' do - - shared_examples_for 'memcached server' do - - let :params do - { :listen_ip => '10.0.0.1' } - end - - it 'configure memcached with some params' do - is_expected.to contain_class('memcached').with( - :listen_ip => '10.0.0.1', - :max_memory => '60%' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure memcached firewall rules' do - is_expected.to contain_firewall('100 allow memcached access').with( - :port => '11211', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure memcached firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow memcached access').with( - :port => '11211', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'memcached server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'memcached server' - end - -end diff --git a/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb b/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb deleted file mode 100644 index 48bc4515..00000000 --- a/spec/classes/cloud_database_nosql_mongodb_mongod_spec.rb +++ /dev/null @@ -1,117 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database:nosql::mongodb::mongod class -# - -require 'spec_helper' - -describe 'cloud::database::nosql::mongodb::mongod' do - - shared_examples_for 'openstack database nosql' do - - let :params do - { - :replset => { 'ceilometer' => { 'members' => ['10.0.0.1'] } } - } - end - - it 'configure mongodb::globals' do - is_expected.to contain_class('mongodb::globals') - end - - it 'configure mongodb::mongos' do - is_expected.to contain_class('mongodb::server') - end - - it 'configure mongodb replicasets' do - is_expected.to contain_mongodb_replset('ceilometer').with( - :members => ['10.0.0.1'] - ) - end - - context 'when enable is set to false' do - before :each do - params.merge!(:enable => false) - end - - it 'does not configure mongodb::globals' do - is_expected.not_to contain_class('mongodb::globals') - end - - it 'does not configure mongodb::server' do - is_expected.not_to contain_class('mongodb::server') - end - - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mongodb firewall rules' do - is_expected.to contain_firewall('100 allow mongod access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mongodb firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow mongod access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :lsbdistid => 'Debian' } - end - - let :platform_params do - { :manage_package_repo => true } - end - - it_configures 'openstack database nosql' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - let :platform_params do - { :manage_package_repo => false } - end - - it_configures 'openstack database nosql' - end - -end - diff --git a/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb b/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb deleted file mode 100644 index c78812a3..00000000 --- a/spec/classes/cloud_database_nosql_mongodb_mongos_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# - -require 'spec_helper' - -describe 'cloud::database::nosql::mongodb::mongos' do - - shared_examples_for 'mongodb mongos service' do - - let :params do - { - :enable => true, - :shards => { - 'ceilometer' => { - 'member' => 'ceilometer/10.0.0.1:27018', - } - } - } - end - - it 'configure mongodb::globals' do - is_expected.to contain_class('mongodb::globals') - end - - it 'configure mongodb::mongos' do - is_expected.to contain_class('mongodb::mongos') - end - - it 'configure the ceilometer shard' do - is_expected.to contain_mongodb_shard('ceilometer') - end - - context 'when enable is set to false' do - before :each do - params.merge!(:enable => false) - end - - it 'does not configure mongodb::globals' do - is_expected.not_to contain_class('mongodb::globals') - end - - it 'does not configure mongodb::mongos' do - is_expected.not_to contain_class('mongodb::mongos') - end - - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mongodb firewall rules' do - is_expected.to contain_firewall('100 allow mongos access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mongos firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow mongos access').with( - :port => '27017', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', } - end - - it_configures 'mongodb mongos service' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'mongodb mongos service' - end - -end diff --git a/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb b/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb deleted file mode 100644 index a7dbc69b..00000000 --- a/spec/classes/cloud_database_nosql_redis_sentinel_spec.rb +++ /dev/null @@ -1,86 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::redis::sentinel -# - -require 'spec_helper' - -describe 'cloud::database::nosql::redis::sentinel' do - - shared_examples_for 'redis sentinel' do - - let :params do - { :port => '26379' } - end - - it { should create_class('redis::sentinel') } - - it { should contain_file('/bin/redis-notifications.sh').with( - :ensure => 'present', - :owner => 'root', - :group => 'root', - :mode => '0755', - ) } - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure redis firewall rules' do - is_expected.to contain_firewall('100 allow redis sentinel access').with( - :port => '26379', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure redis firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow redis sentinel access').with( - :port => '26379', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'redis sentinel' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'redis sentinel' - end - -end diff --git a/spec/classes/cloud_database_nosql_redis_server_spec.rb b/spec/classes/cloud_database_nosql_redis_server_spec.rb deleted file mode 100644 index fee7dc3e..00000000 --- a/spec/classes/cloud_database_nosql_redis_server_spec.rb +++ /dev/null @@ -1,79 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::redis::server -# - -require 'spec_helper' - -describe 'cloud::database::nosql::redis::server' do - - shared_examples_for 'redis server' do - - let :params do - { :port => '6379' } - end - - it { should create_class('redis') } - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure redis firewall rules' do - is_expected.to contain_firewall('100 allow redis server access').with( - :port => '6379', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure redis firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow redis server access').with( - :port => '6379', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'redis server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'redis server' - end - -end diff --git a/spec/classes/cloud_database_nosql_zookeeper_spec.rb b/spec/classes/cloud_database_nosql_zookeeper_spec.rb deleted file mode 100644 index a70d8b27..00000000 --- a/spec/classes/cloud_database_nosql_zookeeper_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::cache::zookeeper -# - -require 'spec_helper' - -describe 'cloud::database::nosql::zookeeper' do - - shared_examples_for 'zookeeper server' do - - let :params do - { } - end - - it 'configure zookeeper with some params' do - is_expected.to contain_class('zookeeper') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure zookeeper firewall rules' do - is_expected.to contain_firewall('100 allow zookeeper access').with( - :port => '2181', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure zookeeper firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow zookeeper access').with( - :port => '2181', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'zookeeper server' - end - -end diff --git a/spec/classes/cloud_database_sql_mysql_spec.rb b/spec/classes/cloud_database_sql_mysql_spec.rb deleted file mode 100644 index 8f6efdc0..00000000 --- a/spec/classes/cloud_database_sql_mysql_spec.rb +++ /dev/null @@ -1,328 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::database::sql class -# - -require 'spec_helper' - -describe 'cloud::database::sql::mysql' do - - shared_examples_for 'mysql database' do - - let :pre_condition do - "include xinetd" - end - - let :params do - { - :api_eth => '10.0.0.1', - :galera_master_name => 'os-ci-test1', - :galera_internal_ips => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :galera_gcache => '1G', - :keystone_db_host => '10.0.0.1', - :keystone_db_user => 'keystone', - :keystone_db_password => 'secrete', - :keystone_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :cinder_db_host => '10.0.0.1', - :cinder_db_user => 'cinder', - :cinder_db_password => 'secrete', - :cinder_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :glance_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :heat_db_host => '10.0.0.1', - :heat_db_user => 'heat', - :heat_db_password => 'secrete', - :heat_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :nova_db_host => '10.0.0.1', - :nova_db_user => 'nova', - :nova_db_password => 'secrete', - :nova_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :neutron_db_host => '10.0.0.1', - :neutron_db_user => 'neutron', - :neutron_db_password => 'secrete', - :neutron_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :trove_db_host => '10.0.0.1', - :trove_db_user => 'trove', - :trove_db_password => 'secrete', - :trove_db_allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'], - :mysql_root_password => 'secrete', - :mysql_sys_maint_password => 'sys', - :galera_clustercheck_dbuser => 'clustercheck', - :galera_clustercheck_dbpassword => 'clustercheckpassword!', - :galera_clustercheck_ipaddress => '10.0.0.1' - } - end - - it 'configure mysql galera server' do - is_expected.to contain_class('mysql::client').with( - :package_name => platform_params[:mysql_client_package_name] - ) - - is_expected.to contain_class('mysql::server').with( - :package_name => platform_params[:mysql_server_package_name], - :override_options => { 'mysqld' => { 'bind-address' => '10.0.0.1' } }, - :notify => 'Service[xinetd]' - ) - - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_cluster_name\s*= "galera_cluster"$/) - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_node_address\s*= "#{params[:api_eth]}"$/) - is_expected.to contain_file(platform_params[:mysql_server_config_file]).with_content(/^wsrep_node_incoming_address\s*= "#{params[:api_eth]}"$/) - - end # configure mysql galera server - - context 'configure mysqlchk http replication' do - it { is_expected.to contain_file('/etc/xinetd.d/mysqlchk').with_mode('0755') } - it { is_expected.to contain_file('/usr/bin/clustercheck').with_mode('0755') } - it { is_expected.to contain_file('/usr/bin/clustercheck').with_content(/MYSQL_USERNAME='#{params[:galera_clustercheck_dbuser]}'/)} - it { is_expected.to contain_file('/usr/bin/clustercheck').with_content(/MYSQL_PASSWORD='#{params[:galera_clustercheck_dbpassword]}'/)} - it { is_expected.to contain_file('/etc/xinetd.d/mysqlchk').with_content(/bind = #{params[:galera_clustercheck_ipaddress]}/)} - - end # configure mysqlchk http replication - - context 'configure override of systemd defaults' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:mysql_systemd_override_settings => { 'LimitNOFILE' => 666 }) - end - - it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/[Service]/) } - it { is_expected.to contain_file('/etc/systemd/system/mysql-bootstrap.service.d/custom.conf').with_content(/LimitNOFILE=666/) } - it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } - end - - context 'configure open_file_limits' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:open_files_limit => 666) - end - - it { is_expected.to contain_file('/etc/my.cnf').with_content(/open_files_limit = 666/) } - end - - context 'configure max_connections' do - before :each do - facts.merge!( :hostname => 'os-ci-test1', - :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 ) - end - before :each do - params.merge!(:max_connections => 2048) - end - it { is_expected.to contain_file('/etc/my.cnf').with_content(/max_connections = 2048/) } - end - - context 'configure databases on the galera master server' do - - before :each do - facts.merge!( :hostname => 'os-ci-test1' ) - end - - it 'configure mysql server' do - is_expected.to contain_class('mysql::server').with( - :package_name => platform_params[:mysql_server_package_name], - :root_password => 'secrete', - :override_options => { 'mysqld' => { 'bind-address' => '10.0.0.1' } }, - :notify => 'Service[xinetd]' - ) - end - - it 'configure keystone database' do - is_expected.to contain_class('keystone::db::mysql').with( - :dbname => 'keystone', - :user => 'keystone', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure glance database' do - is_expected.to contain_class('glance::db::mysql').with( - :dbname => 'glance', - :user => 'glance', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure nova database' do - is_expected.to contain_class('nova::db::mysql').with( - :dbname => 'nova', - :user => 'nova', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure cinder database' do - is_expected.to contain_class('cinder::db::mysql').with( - :dbname => 'cinder', - :user => 'cinder', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure neutron database' do - is_expected.to contain_class('neutron::db::mysql').with( - :dbname => 'neutron', - :user => 'neutron', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure heat database' do - is_expected.to contain_class('heat::db::mysql').with( - :dbname => 'heat', - :user => 'heat', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure trove database' do - is_expected.to contain_class('trove::db::mysql').with( - :dbname => 'trove', - :user => 'trove', - :password => 'secrete', - :host => '10.0.0.1', - :allowed_hosts => ['10.0.0.1','10.0.0.2','10.0.0.3'] ) - end - - it 'configure monitoring database' do - is_expected.to contain_mysql_database('monitoring').with( - :ensure => 'present', - :charset => 'utf8' - ) - is_expected.to contain_mysql_user("#{params[:galera_clustercheck_dbuser]}@localhost").with( - :ensure => 'present', - :password_hash => '*FDC68394456829A7344C2E9D4CDFD43DCE2EFD8F' - ) - is_expected.to contain_mysql_grant("#{params[:galera_clustercheck_dbuser]}@localhost/monitoring").with( - :privileges => 'ALL' - ) - end # configure monitoring database - end # configure databases on the galera master server - - context 'Bootstrap MySQL database on RedHat plaforms' do - before :each do - facts.merge!( :osfamily => 'RedHat' ) - end - it 'configure mysql database' do - is_expected.to contain_exec('bootstrap-mysql').with( - :command => '/usr/bin/mysql_install_db --rpm --user=mysql', - :unless => "/usr/bin/test -d /var/lib/mysql/mysql", - :before => 'Service[mysqld]' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure mysql firewall rules' do - is_expected.to contain_firewall('100 allow galera access').with( - :port => ['3306', '4567', '4568', '4444'], - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow mysqlchk access').with( - :port => '8200', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow mysql rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure mysql firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow galera access').with( - :port => ['3306', '4567', '4568', '4444'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow mysqlchk access').with( - :port => '8200', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow mysql rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end # openstack database sql - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :mysql_server_package_name => 'mariadb-galera-server', - :mysql_client_package_name => 'mariadb-client', - :mysql_server_config_file => '/etc/mysql/my.cnf', - :wsrep_provider => '/usr/lib/galera/libgalera_smm.so' } - end - - it_configures 'mysql database' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemmajrelease => 7 } - end - - let :platform_params do - { :mysql_server_package_name => 'mariadb-galera-server', - :mysql_client_package_name => 'mariadb', - :mysql_server_config_file => '/etc/my.cnf', - :wsrep_provider => '/usr/lib64/galera/libgalera_smm.so' } - end - - it_configures 'mysql database' - end - -end diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb deleted file mode 100644 index f846c404..00000000 --- a/spec/classes/cloud_identity_spec.rb +++ /dev/null @@ -1,424 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::identity class -# - -require 'spec_helper' - -describe 'cloud::identity' do - - shared_examples_for 'openstack identity' do - - let :params do - { :identity_roles_addons => ['SwiftOperator', 'ResellerAdmin'], - :swift_enabled => true, - :cinder_enabled => true, - :keystone_db_host => '10.0.0.1', - :keystone_db_user => 'keystone', - :keystone_db_password => 'secrete', - :ks_admin_email => 'admin@openstack.org', - :ks_admin_password => 'secrete', - :ks_admin_tenant => 'admin', - :ks_admin_token => 'SECRETE', - :ks_ceilometer_admin_host => '10.0.0.1', - :ks_ceilometer_internal_host => '10.0.0.1', - :ks_ceilometer_password => 'secrete', - :ks_ceilometer_public_host => '10.0.0.1', - :ks_ceilometer_public_port => '8777', - :ks_ceilometer_public_proto => 'https', - :ks_ceilometer_admin_proto => 'https', - :ks_ceilometer_internal_proto => 'https', - :ks_cinder_admin_host => '10.0.0.1', - :ks_cinder_internal_host => '10.0.0.1', - :ks_cinder_password => 'secrete', - :ks_cinder_public_host => '10.0.0.1', - :ks_cinder_public_proto => 'https', - :ks_cinder_public_proto => 'https', - :ks_cinder_admin_proto => 'https', - :ks_glance_admin_host => '10.0.0.1', - :ks_glance_internal_host => '10.0.0.1', - :ks_glance_password => 'secrete', - :ks_glance_public_host => '10.0.0.1', - :ks_glance_public_proto => 'https', - :ks_glance_admin_proto => 'https', - :ks_glance_internal_proto => 'https', - :ks_heat_admin_host => '10.0.0.1', - :ks_heat_internal_host => '10.0.0.1', - :ks_heat_password => 'secrete', - :ks_heat_public_host => '10.0.0.1', - :ks_heat_public_proto => 'https', - :ks_heat_admin_proto => 'https', - :ks_heat_internal_proto => 'https', - :ks_heat_public_port => '8004', - :ks_heat_cfn_public_port => '8000', - :ks_keystone_admin_host => '10.0.0.1', - :ks_keystone_admin_port => '35357', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_port => '5000', - :ks_keystone_public_host => '10.0.0.1', - :ks_keystone_public_port => '5000', - :ks_keystone_public_proto => 'https', - :ks_keystone_admin_proto => 'https', - :ks_keystone_internal_proto => 'https', - :ks_neutron_admin_host => '10.0.0.1', - :ks_neutron_internal_host => '10.0.0.1', - :ks_neutron_password => 'secrete', - :ks_neutron_public_host => '10.0.0.1', - :ks_neutron_admin_proto => 'https', - :ks_neutron_internal_proto => 'https', - :ks_neutron_public_proto => 'https', - :ks_neutron_public_port => '9696', - :ks_nova_admin_host => '10.0.0.1', - :ks_nova_internal_host => '10.0.0.1', - :ks_nova_password => 'secrete', - :ks_nova_public_host => '10.0.0.1', - :ks_nova_public_proto => 'https', - :ks_nova_internal_proto => 'https', - :ks_nova_admin_proto => 'https', - :ks_nova_public_port => '8774', - :ks_ec2_public_port => '8773', - :ks_swift_dispersion_password => 'secrete', - :ks_swift_internal_host => '10.0.0.1', - :ks_swift_password => 'secrete', - :ks_swift_public_host => '10.0.0.1', - :ks_swift_public_port => '8080', - :ks_swift_public_proto => 'https', - :ks_swift_admin_proto => 'https', - :ks_swift_internal_proto => 'https', - :ks_swift_admin_host => '10.0.0.1', - :ks_trove_admin_host => '10.0.0.1', - :ks_trove_internal_host => '10.0.0.1', - :ks_trove_password => 'secrete', - :ks_trove_public_host => '10.0.0.1', - :ks_trove_public_port => '8779', - :ks_trove_public_proto => 'https', - :ks_trove_admin_proto => 'https', - :ks_trove_internal_proto => 'https', - :region => 'BigCloud', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :token_driver => 'keystone.token.persistence.backends.sql.Token', - :ks_token_expiration => '3600', - :api_eth => '10.0.0.1' } - end - - it 'configure keystone server' do - is_expected.to contain_class('keystone').with( - :enabled => true, - :admin_token => 'SECRETE', - :compute_port => '8774', - :debug => true, - :verbose => true, - :database_idle_timeout => '5000', - :log_facility => 'LOG_LOCAL0', - :database_connection => 'mysql://keystone:secrete@10.0.0.1/keystone?charset=utf8', - :database_idle_timeout => '5000', - :token_driver => 'keystone.token.persistence.backends.sql.Token', - :token_provider => 'keystone.token.providers.uuid.Provider', - :use_syslog => true, - :public_bind_host => '10.0.0.1', - :admin_bind_host => '10.0.0.1', - :public_port => '5000', - :admin_port => '35357', - :token_expiration => '3600', - :log_dir => false, - :log_file => false, - :admin_endpoint => 'https://10.0.0.1:35357/', - :public_endpoint => 'https://10.0.0.1:5000/' - ) - is_expected.to contain_keystone_config('ec2/driver').with('value' => 'keystone.contrib.ec2.backends.sql.Ec2') - is_expected.to contain_keystone_config('DEFAULT/log_file').with_ensure('absent') - is_expected.to contain_keystone_config('DEFAULT/log_dir').with_ensure('absent') - end - - it 'checks if Keystone DB is populated' do - is_expected.to contain_exec('keystone_db_sync').with( - :command => 'keystone-manage db_sync', - :path => '/usr/bin', - :user => 'keystone', - :unless => '/usr/bin/mysql keystone -h 10.0.0.1 -u keystone -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure keystone admin role' do - is_expected.to contain_class('keystone::roles::admin').with( - :email => 'admin@openstack.org', - :password => 'secrete', - :admin_tenant => 'admin' - ) - end - - # TODO(EmilienM) Disable WSGI - bug #98 - # it 'configure apache to run keystone with wsgi' do - # should contain_class('keystone::wsgi::apache').with( - # :servername => 'keystone.openstack.org', - # :admin_port => '35357', - # :public_port => '5000', - # :workers => '2', - # :ssl => false - # ) - # end - - it 'configure keystone endpoint' do - is_expected.to contain_class('keystone::endpoint').with( - :public_url => 'https://10.0.0.1:5000', - :admin_url => 'https://10.0.0.1:35357', - :internal_url => 'https://10.0.0.1:5000', - :region => 'BigCloud' - ) - end - - it 'configure swift endpoints' do - is_expected.to contain_class('swift::keystone::auth').with( - :password => 'secrete', - :public_address => '10.0.0.1', - :public_port => '8080', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :region => 'BigCloud' - ) - end - - it 'configure swift dispersion' do - is_expected.to contain_class('swift::keystone::dispersion').with( :auth_pass => 'secrete' ) - end - - it 'configure ceilometer endpoints' do - is_expected.to contain_class('ceilometer::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :port => '8777', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :region => 'BigCloud' - ) - end - - it 'should not configure trove endpoint by default' do - is_expected.not_to contain_class('trove::keystone::auth') - end - - it 'configure nova endpoints' do - is_expected.to contain_class('nova::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :compute_port => '8774', - :ec2_port => '8773', - :region => 'BigCloud' - ) - end - - it 'configure neutron endpoints' do - is_expected.to contain_class('neutron::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :internal_protocol => 'https', - :admin_protocol => 'https', - :port => '9696', - :region => 'BigCloud' - ) - end - - it 'configure cinder endpoints' do - is_expected.to contain_class('cinder::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :region => 'BigCloud' - ) - end - - it 'configure glance endpoints' do - is_expected.to contain_class('glance::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '9292', - :region => 'BigCloud' - ) - end - - it 'configure heat endpoints' do - is_expected.to contain_class('heat::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '8004', - :region => 'BigCloud' - ) - end - - it 'configure heat cloudformation endpoints' do - is_expected.to contain_class('heat::keystone::auth_cfn').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :port => '8000', - :region => 'BigCloud' - ) - end - - it 'configure a crontab to purge tokens every days at midnight' do - is_expected.to contain_class('keystone::cron::token_flush') - end - - context 'without syslog' do - before :each do - params.merge!(:use_syslog => false) - end - it 'configure keystone server' do - is_expected.to contain_class('keystone').with( - :use_syslog => false, - :log_dir => '/var/log/keystone', - :log_file => 'keystone.log' - ) - end - end - - context 'without Swift' do - before :each do - params.merge!(:swift_enabled => false) - end - it 'should not configure swift endpoints and users' do - is_expected.not_to contain_class('swift::keystone::auth') - is_expected.not_to contain_class('swift::keystone::dispersion') - end - end - - context 'without Cinder' do - before :each do - params.merge!(:cinder_enabled => false) - end - it 'should not configure cinder endpoints and users' do - is_expected.not_to contain_class('cinder::keystone::auth') - end - end - - context 'with Trove' do - before :each do - params.merge!(:trove_enabled => true) - end - it 'configure trove endpoints' do - is_expected.to contain_class('trove::keystone::auth').with( - :admin_address => '10.0.0.1', - :internal_address => '10.0.0.1', - :password => 'secrete', - :port => '8779', - :public_address => '10.0.0.1', - :public_protocol => 'https', - :admin_protocol => 'https', - :internal_protocol => 'https', - :region => 'BigCloud' - ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure keystone firewall rules' do - is_expected.to contain_firewall('100 allow keystone access').with( - :port => '5000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow keystone admin access').with( - :port => '35357', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure keystone firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow keystone access').with( - :port => '5000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow keystone admin access').with( - :port => '35357', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystemrelease => '12.04', - :processorcount => '2', - :fqdn => 'keystone.openstack.org' } - end - - it_configures 'openstack identity' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystemrelease => '6', - :processorcount => '2', - :fqdn => 'keystone.openstack.org' } - end - - it_configures 'openstack identity' - end - -end diff --git a/spec/classes/cloud_image_api_spec.rb b/spec/classes/cloud_image_api_spec.rb deleted file mode 100644 index d6bbe2e3..00000000 --- a/spec/classes/cloud_image_api_spec.rb +++ /dev/null @@ -1,228 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::image class -# -require 'spec_helper' - -describe 'cloud::image::api' do - - let :params do - { :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.1', - :openstack_vip => '10.0.0.42', - :ks_glance_api_internal_port => '9292', - :ks_glance_registry_internal_port => '9191', - :ks_glance_registry_internal_proto => 'https', - :ks_glance_password => 'secrete', - :rabbit_host => '10.0.0.1', - :rabbit_password => 'secrete', - :glance_rbd_user => 'glance', - :glance_rbd_pool => 'images', - :backend => 'rbd', - :debug => true, - :verbose => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :api_eth => '10.0.0.1' - } - end - - shared_examples_for 'openstack image api' do - - it 'should not configure firewall rule' do - is_expected.not_to contain_firewall('100 allow glance api access') - end - - it 'configure glance-api' do - is_expected.to contain_class('glance::api').with( - :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', - :database_idle_timeout => '5000', - :keystone_password => 'secrete', - :registry_host => '10.0.0.42', - :registry_port => '9191', - :registry_client_protocol => 'https', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :show_image_direct_url => true, - :verbose => true, - :debug => true, - :auth_host => '10.0.0.1', - :auth_protocol => 'https', - :log_facility => 'LOG_LOCAL0', - :bind_host => '10.0.0.1', - :bind_port => '9292', - :use_syslog => true, - :pipeline => 'keystone', - :log_dir => false, - :log_file => false, - :known_stores => ['rbd','http'], - ) - end - - # TODO(EmilienM) Disabled for now - # Follow-up https://github.com/enovance/puppet-openstack-cloud/issues/160 - # - # it 'configure glance notifications with rabbitmq backend' do - # should contain_class('glance::notify::rabbitmq').with( - # :rabbit_password => 'secrete', - # :rabbit_userid => 'glance', - # :rabbit_host => '10.0.0.1' - # ) - # end - it { is_expected.to contain_glance_api_config('DEFAULT/notifier_driver').with_value('noop') } - it { is_expected.to contain_glance_api_config('keystone_authtoken/identity_uri').with_value('https://10.0.0.1:35357') } - - it 'configure glance rbd backend' do - is_expected.to contain_class('glance::backend::rbd').with( - :rbd_store_pool => 'images', - :rbd_store_user => 'glance' - ) - end - - it 'configure crontab to clean glance cache' do - is_expected.to contain_class('glance::cache::cleaner') - is_expected.to contain_class('glance::cache::pruner') - end - - context 'with file Glance backend' do - before :each do - params.merge!(:backend => 'file') - end - - it 'configure Glance with file backend' do - is_expected.to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with('value' => '/var/lib/glance/images/') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'file') - end - end - - context 'with NFS Glance backend' do - before :each do - params.merge!(:backend => 'nfs', - :filesystem_store_datadir => '/srv/images/', - :nfs_device => 'nfs.example.com:/vol1', - :nfs_options => 'noacl,fsid=123' ) - end - - it 'configure Glance with NFS backend' do - is_expected.to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_file('/srv/images/').with( - 'ensure' => 'directory', - 'owner' => 'glance', - 'group' => 'glance', - 'mode' => '0755' - ) - is_expected.to contain_glance_api_config('glance_store/filesystem_store_datadir').with('value' => '/srv/images/') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'file') - is_expected.to contain_mount('/srv/images/').with({ - 'ensure' => 'mounted', - 'fstype' => 'nfs', - 'device' => 'nfs.example.com:/vol1', - 'options' => 'noacl,fsid=123', - }) - end - end - - context 'with Swift backend' do - before :each do - params.merge!(:backend => 'swift') - end - - it 'configure Glance with Glance backend' do - is_expected.not_to contain_class('glance::backend::file') - is_expected.not_to contain_class('glance::backend::rbd') - is_expected.to contain_glance_api_config('glance_store/default_store').with('value' => 'swift') - is_expected.to contain_glance_api_config('glance_store/swift_store_user').with('value' => 'services:glance') - is_expected.to contain_glance_api_config('glance_store/swift_store_key').with('value' => 'secrete') - is_expected.to contain_glance_api_config('glance_store/swift_store_auth_address').with('value' => 'https://10.0.0.1:35357/v2.0/') - is_expected.to contain_glance_api_config('DEFAULT/swift_store_create_container_on_put').with('value' => true) - end - end - - context 'with missing parameter when using Glance NFS backend' do - before :each do - params.merge!(:backend => 'nfs', - :nfs_device => false ) - end - it { is_expected.to compile.and_raise_error(/When running NFS backend, you need to provide nfs_device parameter./) } - end - - context 'with wrong Glance backend' do - before :each do - params.merge!(:backend => 'Something') - end - it { is_expected.to compile.and_raise_error(/Something is not a Glance supported backend./) } - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure Glance API firewall rules' do - is_expected.to contain_firewall('100 allow glance-api access').with( - :port => '9292', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure Glance API firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow glance-api access').with( - :port => '9292', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - # required for rpcbind module - :lsbdistid => 'Debian' } - end - - it_configures 'openstack image api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - # required for nfs module - :lsbmajdistrelease => '7' } - end - - it_configures 'openstack image api' - end - -end diff --git a/spec/classes/cloud_image_registry_spec.rb b/spec/classes/cloud_image_registry_spec.rb deleted file mode 100644 index df58e4b2..00000000 --- a/spec/classes/cloud_image_registry_spec.rb +++ /dev/null @@ -1,120 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::image class -# -require 'spec_helper' - -describe 'cloud::image::registry' do - - let :params do - { :glance_db_host => '10.0.0.1', - :glance_db_user => 'glance', - :glance_db_password => 'secrete', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.1', - :ks_glance_registry_internal_port => '9191', - :ks_glance_password => 'secrete', - :debug => true, - :verbose => true, - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :api_eth => '10.0.0.1' - } - end - - shared_examples_for 'openstack image registry' do - - it 'configure glance-registry' do - is_expected.to contain_class('glance::registry').with( - :database_connection => 'mysql://glance:secrete@10.0.0.1/glance?charset=utf8', - :database_idle_timeout => '5000', - :keystone_password => 'secrete', - :keystone_tenant => 'services', - :keystone_user => 'glance', - :verbose => true, - :debug => true, - :auth_host => '10.0.0.1', - :auth_protocol => 'https', - :log_facility => 'LOG_LOCAL0', - :bind_host => '10.0.0.1', - :bind_port => '9191', - :use_syslog => true, - :log_dir => false, - :log_file => false - ) - end - - it { is_expected.to contain_glance_registry_config('keystone_authtoken/identity_uri').with_value('https://10.0.0.1:35357') } - - it 'checks if Glance DB is populated' do - is_expected.to contain_exec('glance_db_sync').with( - :command => 'glance-manage db_sync', - :user => 'glance', - :path => '/usr/bin', - :unless => '/usr/bin/mysql glance -h 10.0.0.1 -u glance -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure Glance Registry firewall rules' do - is_expected.to contain_firewall('100 allow glance-registry access').with( - :port => '9191', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure Glance API firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow glance-registry access').with( - :port => '9191', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack image registry' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack image registry' - end - -end diff --git a/spec/classes/cloud_init_spec.rb b/spec/classes/cloud_init_spec.rb deleted file mode 100644 index ce3b671e..00000000 --- a/spec/classes/cloud_init_spec.rb +++ /dev/null @@ -1,227 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud -# - -require 'spec_helper' - -describe 'cloud' do - - let :params do - { } - end - - shared_examples_for 'cloud node' do - - let :pre_condition do - ' - include concat::setup - ' - end - - let :file_defaults do - { - :mode => '0644' - } - end - - it {is_expected.to contain_class('sudo')} - it {is_expected.to contain_class('sudo::configs')} - it {is_expected.to contain_class('ntp')} - it {is_expected.to contain_class('limits')} - - context 'with explicit limits enabled' do - before :each do - params.merge!( :limits => { - 'username_nofile' => { - 'ensure' => 'present', - 'user' => 'username', - 'limit_type' => 'nofile', - 'hard' => '16384' - } - }) - end - - it { is_expected.to contain_limits__limits('username_nofile').with( - :ensure => 'present', - :user => 'username', - :limit_type => 'nofile', - :hard => '16384', - ) } - - end - - context 'with explicit sysctl values' do - before :each do - params.merge!( :sysctl => { - 'net.ipv4.ip_forward' => { - 'value' => '1', - }, - 'net.ipv6.conf.all.forwarding' => { - 'value' => '1', - } - }) - end - - it { is_expected.to contain_sysctl('net.ipv4.ip_forward').with( - :val => '1', - ) } - it { is_expected.to contain_sysctl('net.ipv6.conf.all.forwarding').with( - :val => '1', - ) } - - end - - - it {is_expected.to contain_file('/etc/motd').with( - {:ensure => 'file'}.merge(file_defaults) - )} - - it { is_expected.to contain_service('cron').with({ - :name => platform_params[:cron_service_name], - :ensure => 'running', - :enable => true - }) } - - context 'with firewall enabled' do - before :each do - params.merge!( - :manage_firewall => true, - ) - end - - it 'configure basic pre firewall rules' do - is_expected.to contain_firewall('000 accept related established rules').with( - :proto => 'all', - :state => ['RELATED', 'ESTABLISHED'], - :action => 'accept', - ) - is_expected.to contain_firewall('001 accept all icmp').with( - :proto => 'icmp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('002 accept all to lo interface').with( - :proto => 'all', - :iniface => 'lo', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('003 accept ssh').with( - :port => '22', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - - it 'configure basic post firewall rules' do - is_expected.to contain_firewall('999 drop all').with( - :proto => 'all', - :action => 'drop', - :source => '0.0.0.0/0', - ) - end - end - - context 'with custom firewall rules' do - before :each do - params.merge!( - :manage_firewall => true, - :firewall_rules => { - '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, - '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'} - } - ) - end - it 'configure custom firewall rules' do - is_expected.to contain_firewall('300 add custom application 1').with( - :port => '999', - :proto => 'udp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('301 add custom application 2').with( - :port => '8081', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :cron_service_name => 'cron'} - end - - it_configures 'cloud node' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'redhat1' } - end - - let :platform_params do - { :cron_service_name => 'crond'} - end - - let :params do - { :rhn_registration => { "username" => "rhn", "password" => "pass" } } - end - - it_configures 'cloud node' - - xit { is_expected.to contain_rhn_register('rhn-redhat1') } - - context 'with SELinux set to enforcing' do - let :params do - { :selinux_mode => 'enforcing', - :selinux_modules => ['module1', 'module2'], - :selinux_booleans => ['foo', 'bar'], - :selinux_directory => '/path/to/modules'} - end - - it 'set SELINUX=enforcing' do - is_expected.to contain_class('cloud::selinux').with( - :mode => params[:selinux_mode], - :booleans => params[:selinux_booleans], - :modules => params[:selinux_modules], - :directory => params[:selinux_directory], - :stage => 'setup', - ) - end - end - - end - - context 'on other platforms' do - let :facts do - { :osfamily => 'Solaris' } - end - - it { is_expected.to compile.and_raise_error(/module puppet-openstack-cloud only support/) } - - end -end diff --git a/spec/classes/cloud_install_puppetdb_config_spec.rb b/spec/classes/cloud_install_puppetdb_config_spec.rb deleted file mode 100644 index 3b4b6455..00000000 --- a/spec/classes/cloud_install_puppetdb_config_spec.rb +++ /dev/null @@ -1,28 +0,0 @@ -require 'spec_helper' - -describe 'cloud::install::puppetdb::config' do - - shared_examples_for 'puppetdb' do - - it 'configure puppetdb' do - is_expected.to contain_class('puppetdb::master::config') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'puppetdb' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'puppetdb' - end -end diff --git a/spec/classes/cloud_install_puppetdb_server_spec.rb b/spec/classes/cloud_install_puppetdb_server_spec.rb deleted file mode 100644 index 899c84b7..00000000 --- a/spec/classes/cloud_install_puppetdb_server_spec.rb +++ /dev/null @@ -1,32 +0,0 @@ -require 'spec_helper' - -describe 'cloud::install::puppetdb::server' do - - shared_examples_for 'puppetdb' do - - it 'install puppetdb' do - is_expected.to contain_class('puppetdb') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '7.4'} - end - - it_configures 'puppetdb' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7.0'} - end - - it_configures 'puppetdb' - end -end diff --git a/spec/classes/cloud_loadbalancer_spec.rb b/spec/classes/cloud_loadbalancer_spec.rb deleted file mode 100644 index 488fa3c1..00000000 --- a/spec/classes/cloud_loadbalancer_spec.rb +++ /dev/null @@ -1,662 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::loadbalancer class -# - -require 'spec_helper' - -describe 'cloud::loadbalancer' do - - shared_examples_for 'openstack loadbalancer' do - - let :params do - { :ceilometer_api => true, - :cinder_api => true, - :glance_api => true, - :neutron_api => true, - :heat_api => true, - :heat_cfn_api => true, - :heat_cloudwatch_api => true, - :nova_api => true, - :ec2_api => true, - :metadata_api => true, - :swift_api => true, - :keystone_api_admin => true, - :keystone_api => true, - :trove_api => true, - :horizon => true, - :spice => false, - :novnc => true, - :ceilometer_bind_options => [], - :cinder_bind_options => [], - :ec2_bind_options => [], - :glance_api_bind_options => [], - :glance_registry_bind_options => [], - :heat_cfn_bind_options => [], - :heat_cloudwatch_bind_options => [], - :heat_api_bind_options => [], - :keystone_bind_options => [], - :keystone_admin_bind_options => [], - :metadata_bind_options => [], - :neutron_bind_options => [], - :trove_bind_options => [], - :swift_bind_options => [], - :spice_bind_options => [], - :horizon_bind_options => [], - :galera_bind_options => [], - :haproxy_auth => 'root:secrete', - :keepalived_state => 'BACKUP', - :keepalived_priority => 50, - :keepalived_vrrp_interface => false, - :keepalived_public_interface => 'eth0', - :keepalived_public_ipvs => ['10.0.0.1', '10.0.0.2'], - :keepalived_public_id => '1', - :keepalived_internal_ipvs => false, - :keepalived_internal_id => '2', - :keepalived_auth_type => 'PASS', - :keepalived_auth_pass => 'secret', - :horizon_port => '80', - :spice_port => '6082', - :vip_public_ip => '10.0.0.1', - :galera_ip => '10.0.0.2', - :galera_slave => false, - :galera_connections => '4096', - :horizon_ssl => false, - :horizon_ssl_port => false, - :ks_ceilometer_public_port => '8777', - :ks_nova_public_port => '8774', - :ks_ec2_public_port => '8773', - :ks_metadata_public_port => '8777', - :ks_glance_api_public_port => '9292', - :ks_glance_registry_internal_port => '9191', - :ks_swift_public_port => '8080', - :ks_keystone_public_port => '5000', - :ks_keystone_admin_port => '35357', - :ks_cinder_public_port => '8776', - :ks_neutron_public_port => '9696', - :ks_trove_public_port => '8779', - :ks_heat_public_port => '8004', - :ks_heat_cfn_public_port => '8000', - :ks_heat_cloudwatch_public_port => '8003' } - end - - it 'configure haproxy server' do - is_expected.to contain_class('haproxy') - end # configure haproxy server - - it 'configure keepalived server' do - is_expected.to contain_class('keepalived') - end # configure keepalived server - - it 'configure sysctl to allow HAproxy to bind to a non-local IP address' do - is_expected.to contain_sysctl__value('net.ipv4.ip_nonlocal_bind').with({ - :value => 1, - }) - end - - it 'do not configure an internal VRRP instance by default' do - is_expected.not_to contain_keepalived__instance('2') - end - - context 'with 4 processors' do - before :each do - facts.merge!( - :processorcount => '4', - :ipaddress => '10.10.0.1' - ) - end - it 'configure haproxy server' do - is_expected.to contain_class('haproxy').with( - :service_manage => true, - :global_options => { - 'log' => '10.10.0.1 local0', - 'chroot' => '/var/lib/haproxy', - 'pidfile' => '/var/run/haproxy.pid', - 'maxconn' => '4000', - 'user' => 'haproxy', - 'group' => 'haproxy', - 'daemon' => '', - 'stats' => 'socket /var/lib/haproxy/stats', - 'nbproc' => '4' - } - ) - end - end # configure haproxy server - - context 'configure an internal VIP with the same VIP as public network' do - before do - params.merge!(:keepalived_internal_ipvs => ['10.0.0.1', '10.0.0.2']) - end - it 'shoult not configure an internal VRRP instance' do - is_expected.not_to contain_keepalived__instance('2') - end - end - - context 'configure an internal VIP' do - before do - params.merge!(:keepalived_internal_ipvs => ['192.168.0.1']) - end - it 'configure an internal VRRP instance' do - is_expected.to contain_keepalived__instance('2').with({ - 'interface' => 'eth1', - 'virtual_ips' => ['192.168.0.1 dev eth1'], - 'track_script' => ['haproxy'], - 'state' => 'BACKUP', - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end - end - - context 'configure keepalived vrrp on dedicated interface' do - before do - params.merge!(:keepalived_vrrp_interface => 'eth2') - end - it 'configure keepalived with a dedicated interface for vrrp' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => 'eth2', - }) - end - end - - context 'configure keepalived with proper haproxy track script' do - it 'configure keepalived with a proper haproxy track script' do - is_expected.to contain_keepalived__vrrp_script('haproxy').with({ - 'name_is_process' => platform_params[:keepalived_name_is_process], - 'script' => platform_params[:keepalived_vrrp_script], - }) - end - end - - context 'when keepalived and HAproxy are in backup' do - it 'configure vrrp_instance with BACKUP state' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'virtual_ips' => ['10.0.0.1 dev eth0', '10.0.0.2 dev eth0'], - 'track_script' => ['haproxy'], - 'state' => params[:keepalived_state], - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end # configure vrrp_instance with BACKUP state - it 'configure haproxy server without service managed' do - is_expected.to contain_class('haproxy').with(:service_manage => true) - end # configure haproxy server - end # configure keepalived in backup - - context 'configure keepalived in master' do - before do - params.merge!( :keepalived_state => 'MASTER' ) - end - it 'configure vrrp_instance with MASTER state' do - is_expected.to contain_keepalived__instance('1').with({ - 'interface' => params[:keepalived_public_interface], - 'track_script' => ['haproxy'], - 'state' => 'MASTER', - 'priority' => params[:keepalived_priority], - 'auth_type' => 'PASS', - 'auth_pass' => 'secret', - 'notify_master' => "#{platform_params[:start_haproxy_service]}", - }) - end - it 'configure haproxy server with service managed' do - is_expected.to contain_class('haproxy').with(:service_manage => true) - end # configure haproxy server - end # configure keepalived in master - - context 'configure logrotate rule' do - it { is_expected.to contain_logrotate__rule('haproxy').with( - :path => '/var/log/haproxy.log', - :rotate => 7, - :rotate_every => 'day', - :missingok => true, - :ifempty => false, - :delaycompress => true, - :compress => true - )} - end # configure logrotate rule - - context 'configure monitor haproxy listen' do - it { is_expected.to contain_haproxy__listen('monitor').with( - :ipaddress => params[:vip_public_ip], - :ports => '10300' - )} - end # configure monitor haproxy listen - - context 'configure monitor haproxy listen with another vip' do - before do - params.merge!( :vip_monitor_ip => ['192.168.0.1'] ) - end - it { is_expected.to contain_haproxy__listen('monitor').with( - :ipaddress => ['192.168.0.1'], - :ports => '10300' - )} - end # configure monitor haproxy listen - - context 'configure galera haproxy listen' do - it { is_expected.to contain_haproxy__listen('galera_cluster').with( - :ipaddress => params[:galera_ip], - :ports => '3306', - :options => { - 'maxconn' => params[:galera_connections], - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '90m', - 'timeout server' => '90m' - } - )} - end # configure monitor haproxy listen - - context 'not configure galera slave haproxy listen' do - it { is_expected.not_to contain_haproxy__listen('galera_readonly_cluster') } - end # configure monitor haproxy listen - - context 'configure galera slave haproxy listen' do - before do - params.merge!( :galera_slave => true ) - end - it { is_expected.to contain_haproxy__listen('galera_readonly_cluster').with( - :ipaddress => params[:galera_ip], - :ports => '3307', - :options => { - 'maxconn' => params[:galera_connections], - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka','tcplog','httpchk'], - 'timeout client' => '90m', - 'timeout server' => '90m' - } - )} - end # configure monitor haproxy listen - - context 'configure OpenStack Nova with novnc' do - it { is_expected.to contain_haproxy__listen('novnc_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '6080', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - } - )} - end - - context 'configure OpenStack binding on public network only' do - before do - params.merge!( - :spice => true, - :novnc => false, - :novnc_port => 6082 ) - end - it { is_expected.to contain_haproxy__listen('spice_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '6082', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - } - )} - end - - context 'configure OpenStack binding on both public and internal networks' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => '172.16.0.1', - :vip_internal_ip => '192.168.0.1', - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'], - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => ['172.16.0.1', '192.168.0.1'], - :ports => '8774' - )} - end - - context 'configure OpenStack binding on IPv4 and IPv6 public ip' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], - :vip_internal_ip => '192.168.0.1', - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => ['172.16.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334', '192.168.0.1'], - :ports => '8774' - )} - end - - context 'disable an OpenStack service binding' do - before do - params.merge!(:metadata_api => false) - end - it { is_expected.not_to contain_haproxy__listen('metadata_api_cluster') } - end - - context 'should fail to configure OpenStack binding when vip_public_ip and vip_internal_ip are missing' do - before do - params.merge!( - :nova_api => true, - :galera_ip => '172.16.0.1', - :vip_public_ip => false, - :vip_internal_ip => false, - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_public_ip and vip_internal_ip are both set to false, no binding is possible./ - end - - context 'should fail to configure OpenStack binding when given VIP is not in the VIP pool list' do - before do - params.merge!( - :nova_api => '10.0.0.1', - :galera_ip => '172.16.0.1', - :vip_public_ip => '172.16.0.1', - :vip_internal_ip => false, - :keepalived_public_ipvs => ['172.16.0.1', '172.16.0.2'] - ) - end - it_raises 'a Puppet::Error', /10.0.0.1 is not part of VIP pools./ - end - - context 'with a public OpenStack VIP not in the keepalived VIP list' do - before do - params.merge!( - :vip_public_ip => '172.16.0.1', - :keepalived_public_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_public_ip should be part of keepalived_public_ipvs./ - end - - context 'with an internal OpenStack VIP not in the keepalived VIP list' do - before do - params.merge!( - :vip_internal_ip => '172.16.0.1', - :keepalived_internal_ipvs => ['192.168.0.1', '192.168.0.2'] - ) - end - it_raises 'a Puppet::Error', /vip_internal_ip should be part of keepalived_internal_ipvs./ - end - - context 'with a Galera VIP not in the keepalived VIP list' do - before do - params.merge!( - :galera_ip => '172.16.0.1', - :vip_public_ip => '192.168.0.1', - :keepalived_public_ipvs => ['192.168.0.1', '192.168.0.2'], - :keepalived_internal_ipvs => ['192.168.1.1', '192.168.1.2'] - ) - end - it_raises 'a Puppet::Error', /galera_ip should be part of keepalived_public_ipvs or keepalived_internal_ipvs./ - end - - context 'configure OpenStack binding with HTTPS and SSL offloading' do - before do - params.merge!( - :nova_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('nova_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8774', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - }, - :bind_options => ['ssl', 'crt'] - )} - end - - context 'configure OpenStack binding with HTTP options' do - before do - params.merge!( - :cinder_bind_options => 'something not secure', - ) - end - it { is_expected.to contain_haproxy__listen('cinder_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8776', - :options => { - 'mode' => 'tcp', - 'balance' => 'source', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m' - }, - :bind_options => ['something not secure'] - )} - end - - context 'configure OpenStack Horizon' do - it { is_expected.to contain_haproxy__listen('horizon_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '80', - :options => { - 'mode' => 'http', - 'http-check' => 'expect ! rstatus ^5', - 'option' => ["tcpka", "forwardfor", "tcplog", "httpchk GET /#{platform_params[:auth_url]} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - } - )} - end - - context 'configure OpenStack Horizon with SSL termination on HAProxy' do - before do - params.merge!( - :horizon_port => '443', - :horizon_ssl => false, - :horizon_ssl_port => false, - :horizon_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('horizon_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '443', - :options => { - 'mode' => 'http', - 'http-check' => 'expect ! rstatus ^5', - 'option' => ["tcpka", "forwardfor", "tcplog", "httpchk GET /#{platform_params[:auth_url]} \"HTTP/1.0\\r\\nUser-Agent: HAproxy-myhost\""], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }' - }, - :bind_options => ['ssl', 'crt'] - )} - end - - context 'configure OpenStack Horizon SSL with termination on the webserver' do - before do - params.merge!( - :horizon_ssl => true, - :horizon_ssl_port => '443' - ) - end - it { is_expected.to contain_haproxy__listen('horizon_ssl_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '443', - :options => { - 'mode' => 'tcp', - 'option' => ["tcpka", "forwardfor", "tcplog", "ssl-hello-chk"], - 'cookie' => 'sessionid prefix', - 'balance' => 'leastconn', - } - )} - end - - context 'configure OpenStack Heat API SSL binding' do - before do - params.merge!( - :heat_api_bind_options => ['ssl', 'crt'] - ) - end - it { is_expected.to contain_haproxy__listen('heat_api_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '8004', - :options => { - 'mode' => 'http', - 'balance' => 'source', - 'option' => ['tcpka', 'forwardfor', 'tcplog', 'httpchk'], - 'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }', - 'timeout server' => '90m', - 'timeout client' => '90m', - 'http-check' => 'expect ! rstatus ^5', - }, - :bind_options => ['ssl', 'crt'] - )} - end - context 'configure RabbitMQ binding' do - before do - params.merge!( :rabbitmq => true ) - end - it { is_expected.to contain_haproxy__listen('rabbitmq_cluster').with( - :ipaddress => [params[:vip_public_ip]], - :ports => '5672', - :options => { - 'mode' => 'tcp', - 'balance' => 'roundrobin', - 'option' => ['tcpka', 'tcplog', 'forwardfor'], - 'timeout server' => '90m', - 'timeout client' => '90m', - } - )} - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure haproxy firewall rules' do - # test the firewall rule in cloud::loadbalancer::binding - is_expected.to contain_firewall('100 allow horizon_cluster binding access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - ) - # test the firewall rules in cloud::loadbalancer - is_expected.to contain_firewall('100 allow galera binding access').with( - :port => '3306', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow haproxy monitor access').with( - :port => '10300', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow keepalived access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure haproxy firewall rules with custom parameter' do - # test the firewall rule in cloud::loadbalancer::binding - is_expected.to contain_firewall('100 allow horizon_cluster binding access').with( - :port => '80', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - # test the firewall rules in cloud::loadbalancer - is_expected.to contain_firewall('100 allow galera binding access').with( - :port => '3306', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow haproxy monitor access').with( - :port => '10300', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow keepalived access').with( - :port => nil, - :proto => 'vrrp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end # shared:: openstack loadbalancer - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'myhost' } - end - - let :platform_params do - { :auth_url => 'horizon', - :start_haproxy_service => '"/etc/init.d/haproxy start"', - :stop_haproxy_service => '"/etc/init.d/haproxy stop"', - :keepalived_name_is_process => 'true', - :keepalived_vrrp_script => nil, - } - end - - it_configures 'openstack loadbalancer' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'myhost' } - end - - let :platform_params do - { :auth_url => 'dashboard', - :start_haproxy_service => '"/usr/bin/systemctl start haproxy"', - :keepalived_name_is_process => 'false', - :keepalived_vrrp_script => 'systemctl status haproxy.service', - } - end - - it_configures 'openstack loadbalancer' - end - -end diff --git a/spec/classes/cloud_logging_agent.rb b/spec/classes/cloud_logging_agent.rb deleted file mode 100644 index fe2c93b6..00000000 --- a/spec/classes/cloud_logging_agent.rb +++ /dev/null @@ -1,147 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::logging::agent class -# - -require 'spec_helper' - -describe 'cloud::logging::agent' do - - shared_examples_for 'openstack logging agent' do - - let :pre_condition do - "class { 'cloud::logging': } - include ::fluentd" - end - - let :common_params do { - :plugins => {}, - :matches => {}, - :sources => { - 'apache' => {'type' => 'tail', 'configfile' => 'apache'}, - 'syslog' => {'type' => 'tail', 'configfile' => 'syslog'} - }, - :logrotate_rule => { - 'td-agent' => { - 'path' => '/var/log/td-agent/td-agent.log', - 'rotate' => '30', - 'compress' => 'true', - } - }, - } - end - - - context 'rsyslog is enabled' do - let :params do - common_params.merge( {:syslog_enable => 'true' } ) - end - - it 'include cloud::loging' do - it is_expected.to contain_class('cloud::logging') - end - - it 'include rsyslog::client' do - it is_expected.to contain_class('rsyglog::client') - end - - it 'create /var/db/td-agent' do - it is_expected.to contain_file('/var/db/td-agent').with({ - :ensure => 'directory', - :owner => 'td-agent', - :group => 'td-agent', - }) - end - - end - - context 'rsyslog is disabled' do - let :params do - common_params.merge( {:syslog_enable => 'false' } ) - end - - it 'include cloud::loging' do - it is_expected.to contain_class('cloud::logging') - end - - it 'include rsyslog::client' do - it is_expected.not_to contain_class('rsyglog::client') - end - - it 'create /var/db/td-agent' do - it is_expected.to contain_file('/var/db/td-agent').with({ - :ensure => 'directory', - :owner => 'td-agent', - :group => 'td-agent', - }) - end - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/var/log/td-agent/td-agent.log', - :rotate => '30', - :compress => 'true', - }) - end - - end - - context 'logrotate rule with default parameters' do - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/var/log/td-agent/td-agent.log', - :rotate => '30', - :compress => 'true', - }) - end - - end - - context 'logrotate rule with custom parameters' do - let :params do - common_params.merge!( {:logrotate_rule => { 'td-agent' => { 'path' => '/foo/bar', 'rotate' => '5', 'compress' => 'false'} }} ) - end - - it 'has a logrotate rule for td-agent.log' do - it is_expected.to contain_logrotate__rule('td-agent').with({ - :path => '/foo/bar', - :rotate => '5', - :compress => 'false', - }) - end - - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack logging agent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack logging agent' - end - -end diff --git a/spec/classes/cloud_logging_server_spec.rb b/spec/classes/cloud_logging_server_spec.rb deleted file mode 100644 index f66e7036..00000000 --- a/spec/classes/cloud_logging_server_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::logging::server class -# - -require 'spec_helper' - -describe 'cloud::logging::server' do - - shared_examples_for 'openstack logging server' do - - let :params do - { :firewall_settings => {} } - end - - it 'configure kibana' do - is_expected.to contain_class('kibana3') - end - - it 'configure the logging agent' do - is_expected.to contain_class('cloud::logging::agent') - end - - it 'configure elasticsearch' do - is_expected.to contain_class('cloud::database::nosql::elasticsearch') - end - - it 'configure an elasticsearch instance' do - is_expected.to contain_elasticsearch__instance('fluentd').with( - :config => { 'http' => { 'cors.enabled' => true } } - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure kibana firewall rules' do - is_expected.to contain_firewall('100 allow kibana access').with( - :port => '8300', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure kibana firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow kibana access').with( - :port => '8300', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian', - :operatingsystem => 'Debian', - :operatingsystemrelease => '7' - } - end - - it_configures 'openstack logging server' - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat', - :operatingsystem => 'RedHat', - :operatingsystemrelease => '7' - } - end - - it_configures 'openstack logging server' - end - -end diff --git a/spec/classes/cloud_messaging_spec.rb b/spec/classes/cloud_messaging_spec.rb deleted file mode 100644 index 42b58572..00000000 --- a/spec/classes/cloud_messaging_spec.rb +++ /dev/null @@ -1,173 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::messaging class -# - -require 'spec_helper' - -describe 'cloud::messaging' do - - shared_examples_for 'openstack messaging' do - - let :params do - { - :cluster_node_type => 'disc', - :rabbit_names => ['foo','boo','zoo'], - :rabbit_password => 'secrete', - :erlang_cookie => 'MY_COOKIE', - :rabbitmq_ip => '10.0.0.1', - :haproxy_binding => false, - } - end - - it 'configure rabbitmq-server with default values' do - is_expected.to contain_class('rabbitmq').with( - :delete_guest_user => true, - :config_cluster => true, - :cluster_nodes => params[:rabbit_names], - :wipe_db_on_cookie_change => true, - :cluster_node_type => params[:cluster_node_type], - :node_ip_address => params[:rabbitmq_ip], - :erlang_cookie => params[:erlang_cookie], - :port => '5672', - :package_provider => platform_params[:package_provider], - ) - end - - context 'with RAM mode' do - before :each do - params.merge!( :cluster_node_type => 'ram') - end - - it 'configure rabbitmq-server in RAM mode' do - is_expected.to contain_class('rabbitmq').with( :cluster_node_type => 'ram' ) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure rabbitmq firewall rules' do - is_expected.to contain_firewall('100 allow rabbitmq access').with( - :port => '5672', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow rabbitmq management access').with( - :port => '55672', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure rabbitmq firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow rabbitmq management access').with( - :port => '55672', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - context 'with HAproxy binding and HA policy to exactly' do - before :each do - params.merge!( - :haproxy_binding => true, - :cluster_count => 3, - ) - end - - it 'configure ha-exactly rabbitmq_policy' do - is_expected.to contain_rabbitmq_policy('ha-exactly-3@/').with( - :pattern => '^(?!amq\.).*', - :definition => { - 'ha-mode' => 'exactly', - 'ha-params' => 3, - }, - ) - end - end - - context 'with HAproxy binding and HA policy to all' do - before :each do - params.merge!( - :haproxy_binding => true, - ) - end - - it 'configure ha-exactly rabbitmq_policy' do - is_expected.to contain_rabbitmq_policy('ha-all@/').with( - :pattern => '^(?!amq\.).*', - :definition => { - 'ha-mode' => 'all', - }, - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - let :platform_params do - { :package_provider => 'apt' } - end - - it_configures 'openstack messaging' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - - let :platform_params do - { :package_provider => 'yum' } - end - - let :params do - { :erlang_cookie => 'MY_COOKIE' } - end - - it_configures 'openstack messaging' - - it 'should create rabbitmq binaries symbolic links' do - is_expected.to contain_file('/usr/sbin/rabbitmq-plugins').with( - :ensure => 'link', - :target => '/usr/lib/rabbitmq/bin/rabbitmq-plugins' - ) - is_expected.to contain_file('/usr/sbin/rabbitmq-env').with( - :ensure => 'link', - :target => '/usr/lib/rabbitmq/bin/rabbitmq-env' - ) - end - end - -end diff --git a/spec/classes/cloud_monitoring_agent_sensu_spec.rb b/spec/classes/cloud_monitoring_agent_sensu_spec.rb deleted file mode 100644 index e36b144a..00000000 --- a/spec/classes/cloud_monitoring_agent_sensu_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::monitoring::agent::sensu class -# - -require 'spec_helper' - -describe 'cloud::monitoring::agent::sensu' do - - shared_examples_for 'openstack sensu monitoring agent' do - - it 'include ::sensu' do - is_expected.to contain_class('sensu') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack sensu monitoring agent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack sensu monitoring agent' - end - -end diff --git a/spec/classes/cloud_monitoring_server_sensu_spec.rb b/spec/classes/cloud_monitoring_server_sensu_spec.rb deleted file mode 100644 index 4d16c89a..00000000 --- a/spec/classes/cloud_monitoring_server_sensu_spec.rb +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::monitoring::server::sensu class -# - -require 'spec_helper' - -describe 'cloud::monitoring::server::sensu' do - - shared_examples_for 'openstack sensu monitoring server' do - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack sensu monitoring server' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack sensu monitoring server' - end - -end diff --git a/spec/classes/cloud_network_contrail_analytics_spec.rb b/spec/classes/cloud_network_contrail_analytics_spec.rb deleted file mode 100644 index ec177223..00000000 --- a/spec/classes/cloud_network_contrail_analytics_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::analytics -# - -require 'spec_helper' - -describe 'cloud::network::contrail::analytics' do - - shared_examples_for 'contrail-analytics server' do - - let :params do - { } - end - - it 'configure contrail-analytics' do - is_expected.to contain_class('contrail::analytics') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-analytics firewall rules' do - is_expected.to contain_firewall('100 allow contrail analytics access').with( - :port => ['8081', '8086'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-analytics firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail analytics access').with( - :port => ['8081', '8086'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-analytics server' - end - -end diff --git a/spec/classes/cloud_network_contrail_config_spec.rb b/spec/classes/cloud_network_contrail_config_spec.rb deleted file mode 100644 index 05e57b15..00000000 --- a/spec/classes/cloud_network_contrail_config_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::config -# - -require 'spec_helper' - -describe 'cloud::network::contrail::config' do - - shared_examples_for 'contrail-config server' do - - let :params do - { } - end - - it 'configure contrail-config' do - is_expected.to contain_class('contrail::config') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-config firewall rules' do - is_expected.to contain_firewall('100 allow contrail config access').with( - :port => ['8443', '8087', '8088', '9110', '9100'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-config firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail config access').with( - :port => ['8443', '8087', '8088', '9110', '9100'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-config server' - end - -end diff --git a/spec/classes/cloud_network_contrail_database_spec.rb b/spec/classes/cloud_network_contrail_database_spec.rb deleted file mode 100644 index 22914815..00000000 --- a/spec/classes/cloud_network_contrail_database_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::database -# - -require 'spec_helper' - -describe 'cloud::network::contrail::database' do - - shared_examples_for 'contrail-database server' do - - let :params do - { } - end - - it 'configure contrail-database' do - is_expected.to contain_class('contrail::database') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-database firewall rules' do - is_expected.to contain_firewall('100 allow contrail database access').with( - :port => '9042', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-database firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail database access').with( - :port => '9042', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-database server' - end - -end diff --git a/spec/classes/cloud_network_contrail_haproxy_spec.rb b/spec/classes/cloud_network_contrail_haproxy_spec.rb deleted file mode 100644 index 55a41c4d..00000000 --- a/spec/classes/cloud_network_contrail_haproxy_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::haproxy -# - -require 'spec_helper' - -describe 'cloud::network::contrail::haproxy' do - - shared_examples_for 'contrail-haproxy stanzas' do - - let :params do - { } - end - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_analytics_api').with( - :port => '8081' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_api').with( - :port => '8082' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_discovery').with( - :port => '5998' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_http').with( - :port => '8079' - )} - - it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_https').with( - :port => '8143' - )} - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-haproxy stanzas' - end - -end diff --git a/spec/classes/cloud_network_contrail_rabbitmq_spec.rb b/spec/classes/cloud_network_contrail_rabbitmq_spec.rb deleted file mode 100644 index 15c55f25..00000000 --- a/spec/classes/cloud_network_contrail_rabbitmq_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::rabbitmq -# - -require 'spec_helper' - -describe 'cloud::network::contrail::rabbitmq' do - - shared_examples_for 'contrail-rabbitmq settings' do - - let :params do - { } - end - - - it 'configure the contrail rabbitmq-user' do - is_expected.to contain_rabbitmq_user('contrail').with( - :admin => 'true', - :password => 'contrailpassword', - :provider => 'rabbitmqctl', - ) - end - - it 'configure the contrail rabbitmq-user-permissions' do - is_expected.to contain_rabbitmq_user_permissions('contrail@/').with( - :configure_permission => '.*', - :write_permission => '.*', - :read_permission => '.*', - :provider => 'rabbitmqctl', - ) - end - - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-rabbitmq settings' - end - -end diff --git a/spec/classes/cloud_network_contrail_vrouter_spec.rb b/spec/classes/cloud_network_contrail_vrouter_spec.rb deleted file mode 100644 index ef265168..00000000 --- a/spec/classes/cloud_network_contrail_vrouter_spec.rb +++ /dev/null @@ -1,50 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::vrouter -# - -require 'spec_helper' - -describe 'cloud::network::contrail::vrouter' do - - shared_examples_for 'contrail-vrouter server' do - - let :params do - { } - end - - it 'configure contrail-vrouter' do - is_expected.to contain_class('contrail::vrouter') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-vrouter server' - end - -end diff --git a/spec/classes/cloud_network_contrail_webui_spec.rb b/spec/classes/cloud_network_contrail_webui_spec.rb deleted file mode 100644 index 48045c5e..00000000 --- a/spec/classes/cloud_network_contrail_webui_spec.rb +++ /dev/null @@ -1,80 +0,0 @@ -# -# Copyright (C) 2015 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::contrail::webui -# - -require 'spec_helper' - -describe 'cloud::network::contrail::webui' do - - shared_examples_for 'contrail-webui server' do - - let :params do - { } - end - - it 'configure contrail-webui' do - is_expected.to contain_class('contrail::webui') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure contrail-webui firewall rules' do - is_expected.to contain_firewall('100 allow contrail webui access').with( - :port => ['8080', '8143'], - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure contrail-webui firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow contrail webui access').with( - :port => ['8080', '8143'], - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'contrail-webui server' - end - -end diff --git a/spec/classes/cloud_network_controller_spec.rb b/spec/classes/cloud_network_controller_spec.rb deleted file mode 100644 index a976079d..00000000 --- a/spec/classes/cloud_network_controller_spec.rb +++ /dev/null @@ -1,250 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::controller class -# -require 'spec_helper' - -describe 'cloud::network::controller' do - - shared_examples_for 'openstack network controller' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :neutron_db_host => '10.0.0.1', - :neutron_db_user => 'neutron', - :neutron_db_password => 'secrete', - :ks_neutron_password => 'secrete', - :ks_keystone_admin_host => '10.0.0.1', - :ks_keystone_admin_proto => 'https', - :ks_keystone_public_port => '5000', - :nova_url => 'http://127.0.0.1:8774/v2', - :nova_admin_auth_url => 'http://127.0.0.1:5000/v2.0', - :nova_admin_username => 'nova', - :nova_admin_tenant_name => 'services', - :nova_admin_password => 'novapassword', - :nova_region_name => 'RegionOne', - :manage_ext_network => false, - :api_eth => '10.0.0.1' } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - is_expected.to contain_class('neutron::plugins::ml2').with( - :type_drivers => ['gre', 'vlan', 'flat'], - :tenant_network_types => ['gre'], - :mechanism_drivers => ['linuxbridge','openvswitch','l2population'], - :tunnel_id_ranges => ['1:10000'], - :vni_ranges => ['1:10000'], - :network_vlan_ranges => ['physnet1:1000:2999'], - :flat_networks => ['public'], - :enable_security_group => true - ) - end - - it 'configure neutron server' do - is_expected.to contain_class('neutron::server').with( - :auth_password => 'secrete', - :auth_host => '10.0.0.1', - :auth_port => '5000', - :auth_protocol => 'https', - :database_connection => 'mysql://neutron:secrete@10.0.0.1/neutron?charset=utf8', - :database_idle_timeout => '5000', - :api_workers => '2', - :agent_down_time => '60' - ) - end - - it 'configure neutron server notifications to nova' do - is_expected.to contain_class('neutron::server::notifications').with( - :nova_url => 'http://127.0.0.1:8774/v2', - :nova_admin_auth_url => 'http://127.0.0.1:5000/v2.0', - :nova_admin_username => 'nova', - :nova_admin_tenant_name => 'services', - :nova_admin_password => 'novapassword', - :nova_region_name => 'RegionOne' - ) - end - it 'checks if Neutron DB is populated' do - is_expected.to contain_exec('neutron_db_sync').with( - :command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - :path => '/usr/bin', - :user => 'neutron', - :unless => '/usr/bin/mysql neutron -h 10.0.0.1 -u neutron -psecrete -e "show tables" | /bin/grep Tables', - :require => 'Neutron_config[DEFAULT/service_plugins]', - :notify => 'Service[neutron-server]' - ) - end - - it 'should not configure provider external network' do - is_expected.not_to contain__neutron_network('public') - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure neutron-server firewall rules' do - is_expected.to contain_firewall('100 allow neutron-server access').with( - :port => '9696', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure neutrons-server firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow neutron-server access').with( - :port => '9696', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - context 'with custom ml2 parameters' do - before :each do - params.merge!( - :tenant_network_types => ['vxlan'], - :type_drivers => ['gre', 'vlan', 'flat', 'vxlan'], - :tunnel_id_ranges => ['100:300'], - :vni_ranges => ['42:51','53:69'], - ) - end - it 'contains correct parameters' do - is_expected.to contain_class('neutron::plugins::ml2').with( - :type_drivers => ['gre', 'vlan', 'flat', 'vxlan'], - :tenant_network_types => ['vxlan'], - :mechanism_drivers => ['linuxbridge', 'openvswitch','l2population'], - :tunnel_id_ranges => ['100:300'], - :vni_ranges => ['42:51','53:69'], - :network_vlan_ranges => ['physnet1:1000:2999'], - :flat_networks => ['public'], - :enable_security_group => true - ) - end - end - - context 'with L3 HA' do - before :each do - params.merge!(:l3_ha => true, - :mechanism_drivers => ['openvswitch']) - end - it 'should configure L3 HA' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => true - ) - end - end - - context 'without L3 HA' do - it 'should not configure L3 HA' do - is_expected.to contain_class('neutron::server').with( - :l3_ha => false - ) - end - end - - context 'with DVR' do - before :each do - params.merge!(:router_distributed => true) - end - it 'should enable distributed routing' do - is_expected.to contain_class('neutron::server').with( - :router_distributed => true - ) - end - end - - context 'without DVR' do - it 'should not enable distributed routing' do - is_expected.to contain_class('neutron::server').with( - :router_distributed => false - ) - end - end - - context 'with L3 HA and DVR' do - before :each do - params.merge!(:router_distributed => true, - :l3_ha => true) - end - it_raises 'a Puppet::Error', /l3_ha and router_distributed are mutually exclusive, only one of them can be set to true/ - end - - context 'with L3 HA and l2population enabled' do - before :each do - params.merge!(:l3_ha => true, - :mechanism_drivers => ['openvswitch', 'l2population']) - end - it_raises 'a Puppet::Error', /l3_ha does not work with l2population mechanism driver in Juno./ - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '2' } - end - - it_configures 'openstack network controller' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '2' } - end - - it_configures 'openstack network controller' - end - -end diff --git a/spec/classes/cloud_network_dhcp_spec.rb b/spec/classes/cloud_network_dhcp_spec.rb deleted file mode 100644 index 9f0cfe98..00000000 --- a/spec/classes/cloud_network_dhcp_spec.rb +++ /dev/null @@ -1,188 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::dhcp class -# -require 'spec_helper' - -describe 'cloud::network::dhcp' do - - shared_examples_for 'openstack network dhcp' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :veth_mtu => '1400', - :debug => true } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron dhcp' do - is_expected.to contain_class('neutron::agents::dhcp').with( - :debug => true, - :dnsmasq_config_file => '/etc/neutron/dnsmasq-neutron.conf', - :enable_isolated_metadata => true - ) - - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_ensure('absent') - - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with( - :mode => '0755', - :owner => 'root', - :group => 'root' - ) - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with_content(/^dhcp-option-force=26,1400$/) - end - end - - shared_examples_for 'openstack network dhcp with custom nameserver' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :veth_mtu => '1400', - :debug => true, - :dnsmasq_dns_servers => ['1.2.3.4'] } - end - - it 'configure neutron dhcp' do - is_expected.to contain_class('neutron::agents::dhcp').with( - :debug => true - ) - - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_config_file').with_value('/etc/neutron/dnsmasq-neutron.conf') - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/enable_isolated_metadata').with_value(true) - is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_value('1.2.3.4') - - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with( - :mode => '0755', - :owner => 'root', - :group => 'root' - ) - is_expected.to contain_file('/etc/neutron/dnsmasq-neutron.conf').with_content(/^dhcp-option-force=26,1400$/) - - end - - context 'with more than one dns server' do - before { params.merge!(:dnsmasq_dns_servers => ['1.2.3.4','4.3.2.1','2.2.2.2']) } - it { is_expected.to contain_neutron_dhcp_agent_config('DEFAULT/dnsmasq_dns_servers').with_value('1.2.3.4,4.3.2.1,2.2.2.2') } - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure neutron-server firewall rules' do - is_expected.to contain_firewall('100 allow dhcp in access').with( - :port => '67', - :proto => 'udp', - :chain => 'INPUT', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow dhcp out access').with( - :port => '68', - :proto => 'udp', - :chain => 'OUTPUT', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure neutrons-server firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow dhcp in access').with( - :port => '67', - :proto => 'udp', - :chain => 'INPUT', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow dhcp out access').with( - :port => '68', - :proto => 'udp', - :chain => 'OUTPUT', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network dhcp' - it_configures 'openstack network dhcp with custom nameserver' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network dhcp' - it_configures 'openstack network dhcp with custom nameserver' - end - -end diff --git a/spec/classes/cloud_network_l3_spec.rb b/spec/classes/cloud_network_l3_spec.rb deleted file mode 100644 index 01480400..00000000 --- a/spec/classes/cloud_network_l3_spec.rb +++ /dev/null @@ -1,201 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::l3 class -# -require 'spec_helper' - -describe 'cloud::network::l3' do - - shared_examples_for 'openstack network l3' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :external_int => 'eth1', - :allow_automatic_l3agent_failover => false } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron l3' do - is_expected.to contain_class('neutron::agents::l3').with( - :debug => true, - :external_network_bridge => 'br-ex', - :allow_automatic_l3agent_failover => params[:allow_automatic_l3agent_failover] - ) - end - it 'configure br-ex bridge' do - is_expected.not_to contain__vs_bridge('br-ex') - end - - it 'configure neutron metering agent' do - is_expected.to contain_class('neutron::agents::metering').with( - :debug => true - ) - end - - context 'without TSO/GSO/GRO on Red Hat systems' do - before :each do - facts.merge!( :osfamily => 'RedHat') - end - - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/chkconfig disable-tso on', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'without TSO/GSO/GRO on Debian systems' do - before :each do - facts.merge!( :osfamily => 'Debian') - end - - it 'ensure TSO script is enabled at boot' do - is_expected.to contain_exec('enable-tso-script').with( - :command => '/usr/sbin/update-rc.d disable-tso defaults', - :unless => '/bin/ls /etc/rc*.d | /bin/grep disable-tso', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - it 'start TSO script' do - is_expected.to contain_exec('start-tso-script').with( - :command => '/etc/init.d/disable-tso start', - :unless => '/usr/bin/test -f /var/run/disable-tso.pid', - :onlyif => '/usr/bin/test -f /etc/init.d/disable-tso' - ) - end - end - - context 'when not managing TSO/GSO/GRO' do - before :each do - params.merge!( :manage_tso => false) - end - it 'ensure TSO script is not enabled at boot' do - is_expected.not_to contain_exec('enable-tso-script') - end - it 'do not start TSO script' do - is_expected.not_to contain_exec('start-tso-script') - end - end - - context 'when configuring L3 HA' do - before :each do - params.merge!(:ha_enabled => true, - :ha_vrrp_auth_type => 'PASS', - :ha_vrrp_auth_password => 'test') - end - it 'should configure L3 HA' do - is_expected.to contain_class('neutron::agents::l3').with( - :ha_enabled => true, - :ha_vrrp_auth_type => 'PASS', - :ha_vrrp_auth_password => 'test' - ) - end - end - - context 'when not configuring L3 HA' do - it 'should not configure L3 HA' do - is_expected.to contain_class('neutron::agents::l3').with( - :ha_enabled => false, - ) - end - end - - context 'when enabling DVR' do - before :each do - params.merge!(:agent_mode => 'dvr') - end - it 'should enable DVR' do - is_expected.to contain_class('neutron::agents::l3').with( - :agent_mode => 'dvr', - ) - end - end - - context 'when not enabling DVR' do - it 'should not enable DVR' do - is_expected.to contain_class('neutron::agents::l3').with( - :agent_mode => 'legacy', - ) - end - end - - context 'with L3 HA and DVR' do - before :each do - params.merge!(:agent_mode => 'dvr', - :ha_enabled => true) - end - it_raises 'a Puppet::Error', /ha_enabled requires agent_mode to be set to legacy/ - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network l3' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network l3' - end - -end diff --git a/spec/classes/cloud_network_lbaas_spec.rb b/spec/classes/cloud_network_lbaas_spec.rb deleted file mode 100644 index 869a8cd8..00000000 --- a/spec/classes/cloud_network_lbaas_spec.rb +++ /dev/null @@ -1,108 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::lbaas class -# -require 'spec_helper' - -describe 'cloud::network::lbaas' do - - shared_examples_for 'openstack network lbaas' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :manage_haproxy_pkg => true } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron lbaas' do - is_expected.to contain_class('neutron::agents::lbaas').with( - :debug => true, - :manage_haproxy_package => true - ) - end - - context 'when not managing HAproxy package' do - let :pre_condition do - "package {'haproxy': ensure => 'present'} - class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - before :each do - params.merge!(:manage_haproxy_pkg => false) - end - it 'configure neutron lbaas agent without managing haproxy package' do - is_expected.to contain_class('neutron::agents::lbaas').with(:manage_haproxy_package => false) - is_expected.to contain_package('haproxy').with(:ensure => 'present') - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network lbaas' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network lbaas' - end - -end diff --git a/spec/classes/cloud_network_metadata_spec.rb b/spec/classes/cloud_network_metadata_spec.rb deleted file mode 100644 index 0c9beeac..00000000 --- a/spec/classes/cloud_network_metadata_spec.rb +++ /dev/null @@ -1,103 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::metadata class -# -require 'spec_helper' - -describe 'cloud::network::metadata' do - - shared_examples_for 'openstack network metadata' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { :debug => true, - :enabled => true, - :neutron_metadata_proxy_shared_secret => 'secrete', - :auth_region => 'MyRegion', - :ks_neutron_password => 'secrete', - :nova_metadata_server => '10.0.0.1', - :ks_keystone_admin_proto => 'http', - :ks_keystone_admin_port => '35357', - :ks_nova_internal_proto => 'https', - :ks_keystone_admin_host => '10.0.0.1' } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron metadata' do - is_expected.to contain_class('neutron::agents::metadata').with( - :debug => true, - :enabled => true, - :shared_secret => 'secrete', - :metadata_ip => '10.0.0.1', - :auth_url => 'http://10.0.0.1:35357/v2.0', - :auth_password => 'secrete', - :auth_region => 'MyRegion', - :metadata_workers => '8' - ) - is_expected.to contain_neutron_metadata_agent_config('DEFAULT/nova_metadata_protocol').with(:value => 'https') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '8' } - end - - it_configures 'openstack network metadata' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '8' } - end - - it_configures 'openstack network metadata' - end - -end diff --git a/spec/classes/cloud_network_vpn_spec.rb b/spec/classes/cloud_network_vpn_spec.rb deleted file mode 100644 index c3076947..00000000 --- a/spec/classes/cloud_network_vpn_spec.rb +++ /dev/null @@ -1,78 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::vpnaas class -# -require 'spec_helper' - -describe 'cloud::network::vpn' do - - shared_examples_for 'openstack network vpnaas' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - it 'configure neutron vpnaas' do - is_expected.to contain_class('neutron::agents::vpnaas') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network vpnaas' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network vpnaas' - end - -end diff --git a/spec/classes/cloud_network_vswitch_spec.rb b/spec/classes/cloud_network_vswitch_spec.rb deleted file mode 100644 index 8d7b81bc..00000000 --- a/spec/classes/cloud_network_vswitch_spec.rb +++ /dev/null @@ -1,209 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::network::vswitch class -# -require 'spec_helper' - -describe 'cloud::network::vswitch' do - - shared_examples_for 'openstack network vswitch' do - - let :pre_condition do - "class { 'cloud::network': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - api_eth => '10.0.0.1', - verbose => true, - debug => true, - use_syslog => true, - dhcp_lease_duration => '10', - log_facility => 'LOG_LOCAL0' }" - end - - let :params do - { - :tunnel_eth => '10.0.1.1' - } - end - - it 'configure neutron common' do - is_expected.to contain_class('neutron').with( - :allow_overlapping_ips => true, - :dhcp_agents_per_network => '2', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_user => 'neutron', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :bind_host => '10.0.0.1', - :core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - :service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'], - :log_dir => false, - :dhcp_lease_duration => '10', - :report_interval => '30' - ) - end - - context 'when running ML2 plugin with OVS driver' do - it 'configure neutron vswitch' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => true, - :tunnel_types => ['gre'], - :bridge_mappings => ['public:br-pub'], - :local_ip => '10.0.1.1', - :enable_distributed_routing => false - ) - end - end - - context 'when running ML2 plugin with OVS driver and distributed routing' do - before :each do - params.merge!(:enable_distributed_routing => true) - end - it 'configure neutron vswitch with distributed routing' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => true, - :tunnel_types => ['gre'], - :bridge_mappings => ['public:br-pub'], - :local_ip => '10.0.1.1', - :enable_distributed_routing => true - ) - end - end - - context 'when running ML2 plugin with OVS driver and without tunelling' do - before :each do - params.merge!(:enable_tunneling => false) - end - it 'configure neutron vswitch without tunneling' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :enable_tunneling => false, - ) - end - end - - context 'when running ML2 plugin with OVS driver and without l2 population' do - before :each do - params.merge!(:l2_population => false) - end - it 'configure neutron vswitch without l2 population' do - is_expected.to contain_class('neutron::agents::ml2::ovs').with( - :l2_population => false, - ) - end - end - - context 'when running Cisco N1KV plugin with VEM driver' do - before do - facts.merge!( :osfamily => 'RedHat' ) - params.merge!( - :driver => 'n1kv_vem', - :n1kv_vsm_ip => '10.0.1.1' - ) - end - it 'configure neutron n1kv agent' do - should contain_class('neutron::agents::n1kv_vem').with( - :n1kv_vsm_ip => '10.0.1.1', - :n1kv_vsm_domain_id => '1000', - :host_mgmt_intf => 'eth1', - :node_type => 'compute' - ) - end - it 'ensure cisco VEM package is present' do - should contain_package('nexus1000v').with( - :ensure => 'present' - ) - end - end - - context 'when using provider external network' do - before do - params.merge!( - :manage_ext_network => true, - ) - end - - it 'configure br-pub bridge' do - is_expected.to contain_vs_bridge('br-pub') - end - it 'configure eth1 in br-pub' do - is_expected.to contain_vs_port('eth1').with( - :ensure => 'present', - :bridge => 'br-pub' - ) - end - - end - - context 'with unsupported Neutron driver' do - before :each do - params.merge!(:driver => 'Something') - end - it_raises 'a Puppet::Error', /Something driver is not supported./ - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure gre firewall rules' do - is_expected.to contain_firewall('100 allow gre access').with( - :port => nil, - :proto => 'gre', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure gre firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow gre access').with( - :port => nil, - :proto => 'gre', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack network vswitch' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack network vswitch' - end - -end diff --git a/spec/classes/cloud_object_ringbuilder_spec.rb b/spec/classes/cloud_object_ringbuilder_spec.rb deleted file mode 100644 index 9356f73a..00000000 --- a/spec/classes/cloud_object_ringbuilder_spec.rb +++ /dev/null @@ -1,58 +0,0 @@ -require 'spec_helper' - -describe 'cloud::object::ringbuilder' do - - shared_examples_for 'openstack swift ringbuilder' do - - let :params do - { - :rsyncd_ipaddress => '127.0.0.1', - :replicas => 3, - :swift_rsync_max_connections => 5, - :enabled => true - } - end - - it 'create the three rings' do - is_expected.to contain_class('swift::ringbuilder').with({ - 'part_power' => '15', - 'replicas' => '3', - 'min_part_hours' => '24', - }) - end - - it 'create the ring rsync server' do - is_expected.to contain_class('swift::ringserver').with({ - 'local_net_ip' => '127.0.0.1', - 'max_connections' => '5', - }) - end - - context 'when ringbuilder is not enabled' do - before do - params.merge!( - :enabled => false - ) - end - it 'should not configure swift ring builder' do - is_expected.not_to contain_class('swift::ringbuilder') - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack swift ringbuilder' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'openstack swift ringbuilder' - end - -end diff --git a/spec/classes/cloud_object_storage_spec.rb b/spec/classes/cloud_object_storage_spec.rb deleted file mode 100644 index f62605ac..00000000 --- a/spec/classes/cloud_object_storage_spec.rb +++ /dev/null @@ -1,184 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::object::storage class -# - -require 'spec_helper' - -describe 'cloud::object::storage' do - - shared_examples_for 'openstack storage configuration' do - let :params do - { :storage_eth => '127.0.0.1', - :swift_zone => 'undef', - :object_port => '6000', - :container_port => '6001', - :account_port => '6002', - :fstype => 'xfs', - :device_config_hash => {'sdc' => {}, 'sdd' => {}}, - :ring_container_device => 'sdb', - :ring_account_device => 'sdb' } - end - - it 'create and configure storage server' do - - is_expected.to contain_class('swift::storage').with({ - 'storage_local_net_ip' => '127.0.0.1', - }) - - is_expected.to contain_sysctl('net.ipv4.ip_local_port_range').with( - :val => "10000\t65000", - ) - - is_expected.to contain_swift__storage__server('6000').with({ - 'type' => 'object', - 'config_file_path' => 'object-server.conf', - 'log_facility' => 'LOG_LOCAL6', - 'pipeline' => ['healthcheck', 'recon', 'object-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - is_expected.to contain_swift__storage__server('6001').with({ - 'type' => 'container', - 'config_file_path' => 'container-server.conf', - 'log_facility' => 'LOG_LOCAL4', - 'pipeline' => ['healthcheck', 'container-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - is_expected.to contain_swift__storage__server('6002').with({ - 'type' => 'account', - 'config_file_path' => 'account-server.conf', - 'log_facility' => 'LOG_LOCAL2', - 'pipeline' => ['healthcheck', 'account-server'], - 'storage_local_net_ip' => '127.0.0.1', - 'replicator_concurrency' => '2', - 'updater_concurrency' => '1', - 'reaper_concurrency' => '1', - 'mount_check' => 'true', - 'require' => 'Class[Swift]', - }) - - end - - it 'create and configure the hard drive' do - is_expected.to contain_swift__storage__xfs('sdc') - is_expected.to contain_swift__storage__xfs('sdd') - is_expected.to contain_cloud__object__set_io_scheduler('sdc') - is_expected.to contain_cloud__object__set_io_scheduler('sdd') - end - - ['account', 'container', 'object'].each do |swift_component| - it "configures #{swift_component} filter" do - is_expected.to contain_swift__storage__filter__recon(swift_component) - is_expected.to contain_swift__storage__filter__healthcheck(swift_component) - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure swift-storage firewall rules' do - is_expected.to contain_firewall('100 allow swift-container access').with( - :port => '6001', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift-account access').with( - :port => '6002', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift-object access').with( - :port => '6000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow swift rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure swift-storage firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow swift-container access').with( - :port => '6001', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift-account access').with( - :port => '6002', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift-object access').with( - :port => '6000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow swift rsync access').with( - :port => '873', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { - :osfamily => 'Debian' , - } - end - - it_configures 'openstack storage configuration' - end - - context 'on RedHat platforms' do - let :facts do - { - :osfamily => 'RedHat' - } - end - it_configures 'openstack storage configuration' - end -end diff --git a/spec/classes/cloud_orchestration_api_spec.rb b/spec/classes/cloud_orchestration_api_spec.rb deleted file mode 100644 index a79b8962..00000000 --- a/spec/classes/cloud_orchestration_api_spec.rb +++ /dev/null @@ -1,174 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::orchestration::api class -# - -require 'spec_helper' - -describe 'cloud::orchestration::api' do - - shared_examples_for 'openstack orchestration api' do - - let :pre_condition do - "class { 'cloud::orchestration': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_keystone_admin_host => '10.0.0.1', - ks_keystone_admin_port => '5000', - ks_keystone_admin_proto => 'http', - ks_heat_public_host => '10.0.0.1', - ks_heat_public_proto => 'http', - ks_heat_password => 'secrete', - heat_db_host => '10.0.0.1', - heat_db_user => 'heat', - heat_db_password => 'secrete', - verbose => true, - log_facility => 'LOG_LOCAL0', - use_syslog => true, - debug => true }" - end - - let :params do - { :ks_heat_internal_port => '8004', - :ks_heat_cfn_internal_port => '8000', - :ks_heat_cloudwatch_internal_port => '8003', - :api_eth => '10.0.0.1' } - end - - it 'configure heat common' do - is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :database_idle_timeout => '5000', - :log_dir => false - ) - end - - it 'configure heat api' do - is_expected.to contain_class('heat::api').with( - :bind_host => '10.0.0.1', - :bind_port => '8004', - :workers => '8' - ) - is_expected.to contain_class('heat::api_cfn').with( - :bind_host => '10.0.0.1', - :bind_port => '8000', - :workers => '8' - ) - is_expected.to contain_class('heat::api_cloudwatch').with( - :bind_host => '10.0.0.1', - :bind_port => '8003', - :workers => '8' - ) - end - - it 'checks if Heat DB is populated' do - is_expected.to contain_exec('heat_db_sync').with( - :command => 'heat-manage --config-file /etc/heat/heat.conf db_sync', - :user => 'heat', - :path => '/usr/bin', - :unless => '/usr/bin/mysql heat -h 10.0.0.1 -u heat -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure heat api firewall rules' do - is_expected.to contain_firewall('100 allow heat-api access').with( - :port => '8004', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow heat-cfn access').with( - :port => '8000', - :proto => 'tcp', - :action => 'accept', - ) - is_expected.to contain_firewall('100 allow heat-cloudwatch access').with( - :port => '8003', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure heat firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow heat-api access').with( - :port => '8004', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow heat-cfn access').with( - :port => '8000', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - is_expected.to contain_firewall('100 allow heat-cloudwatch access').with( - :port => '8003', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :processorcount => '8' } - end - - it_configures 'openstack orchestration api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :processorcount => '8' } - end - - it_configures 'openstack orchestration api' - end - -end diff --git a/spec/classes/cloud_orchestration_engine_spec.rb b/spec/classes/cloud_orchestration_engine_spec.rb deleted file mode 100644 index 35b50ac2..00000000 --- a/spec/classes/cloud_orchestration_engine_spec.rb +++ /dev/null @@ -1,109 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::orchestration::engine class -# - -require 'spec_helper' - -describe 'cloud::orchestration::engine' do - - shared_examples_for 'openstack orchestration engine' do - - let :pre_condition do - "class { 'cloud::orchestration': - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_keystone_admin_host => '10.0.0.1', - ks_keystone_admin_port => '5000', - ks_keystone_admin_proto => 'http', - ks_heat_public_host => '10.0.0.1', - ks_heat_public_proto => 'http', - ks_heat_password => 'secrete', - heat_db_host => '10.0.0.1', - heat_db_user => 'heat', - heat_db_password => 'secrete', - verbose => true, - log_facility => 'LOG_LOCAL0', - use_syslog => true, - debug => true, - os_endpoint_type => 'internalURL' }" - end - - let :params do - { :enabled => true, - :auth_encryption_key => 'secrete', - :ks_heat_public_host => '10.0.0.1', - :ks_heat_public_proto => 'http', - :ks_heat_cfn_public_port => '8000', - :ks_heat_cloudwatch_public_port => '8003', - :ks_heat_password => 'secrete' } - end - - it 'configure heat common' do - is_expected.to contain_class('heat').with( - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :use_syslog => true, - :rabbit_userid => 'heat', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :keystone_host => '10.0.0.1', - :keystone_port => '5000', - :keystone_protocol => 'http', - :keystone_password => 'secrete', - :auth_uri => 'http://10.0.0.1:5000/v2.0', - :keystone_ec2_uri => 'http://10.0.0.1:5000/v2.0/ec2tokens', - :database_connection => 'mysql://heat:secrete@10.0.0.1/heat?charset=utf8', - :database_idle_timeout => '5000', - :log_dir => false - ) - is_expected.to contain_heat_config('clients/endpoint_type').with('value' => 'internalURL') - end - - it 'configure heat engine' do - is_expected.to contain_class('heat::engine').with( - :enabled => true, - :auth_encryption_key => 'secrete', - :heat_metadata_server_url => 'http://10.0.0.1:8000', - :heat_waitcondition_server_url => 'http://10.0.0.1:8000/v1/waitcondition', - :heat_watch_server_url => 'http://10.0.0.1:8003', - :deferred_auth_method => 'password', - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack orchestration engine' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack orchestration engine' - end - -end diff --git a/spec/classes/cloud_selinux_spec.rb b/spec/classes/cloud_selinux_spec.rb deleted file mode 100644 index 788fc6ba..00000000 --- a/spec/classes/cloud_selinux_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::selinux -# - -require 'spec_helper' - -describe 'cloud::selinux' do - - shared_examples_for 'manage selinux' do - - context 'with selinux enforcing' do - before :each do - facts.merge!( :selinux_current_mode => 'enforcing' ) - end - - let :params do - { :mode => 'disabled', - :booleans => ['foo', 'bar'], - :modules => ['module1', 'module2'], - :directory => '/path/to/modules'} - end - - it 'runs setenforce 0' do - is_expected.to contain_exec('setenforce 0') - end - - it 'enables the SELinux boolean' do - is_expected.to contain_selboolean('foo').with( - :persistent => true, - :value => 'on', - ) - end - - it 'enables the SELinux modules' do - is_expected.to contain_selmodule('module1').with( - :ensure => 'present', - :selmoduledir => '/path/to/modules', - ) - end - - end - - context 'with selinux disabled' do - before :each do - facts.merge!( :selinux => 'false' ) - end - - let :params do - { :mode => 'enforcing', - :booleans => ['foo', 'bar'], - :modules => ['module1', 'module2'], - :directory => '/path/to/modules'} - end - - it 'runs setenforce 1' do - is_expected.to contain_exec('setenforce 1') - end - - it 'enables the SELinux boolean' do - is_expected.to contain_selboolean('foo').with( - :persistent => true, - :value => 'on', - ) - end - - it 'enables the SELinux modules' do - is_expected.to contain_selmodule('module1').with( - :ensure => 'present', - :selmoduledir => '/path/to/modules', - ) - end - - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_raises 'a Puppet::Error', /OS family unsuppored yet \(Debian\), SELinux support is only limited to RedHat family OS/ - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'manage selinux' - end - -end diff --git a/spec/classes/cloud_storage_rbd_mon_spec.rb b/spec/classes/cloud_storage_rbd_mon_spec.rb deleted file mode 100644 index b9aa8a4c..00000000 --- a/spec/classes/cloud_storage_rbd_mon_spec.rb +++ /dev/null @@ -1,102 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::storage::rbd::monitor class -# - -require 'spec_helper' - -describe 'cloud::storage::rbd::monitor' do - - shared_examples_for 'ceph monitor' do - - let :pre_condition do - "class { 'cloud::storage::rbd': - fsid => '123', - cluster_network => '10.0.0.0/24', - public_network => '192.168.0.0/24' }" - end - - let :params do - { :mon_addr => '10.0.0.1', - :monitor_secret => 'secret' } - end - - it 'configure ceph common' do - is_expected.to contain_class('ceph::conf').with( - :fsid => '123', - :auth_type => 'cephx', - :cluster_network => '10.0.0.0/24', - :public_network => '192.168.0.0/24', - :enable_service => true - ) - end - - it 'configure ceph mon' do - is_expected.to contain_ceph__mon('123').with( - :monitor_secret => 'secret', - :mon_port => '6789', - :mon_addr => '10.0.0.1' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceph monitor firewall rules' do - is_expected.to contain_firewall('100 allow ceph-mon access').with( - :port => '6789', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceph monitor firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceph-mon access').with( - :port => '6789', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'ceph monitor' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'ceph monitor' - end - -end diff --git a/spec/classes/cloud_storage_rbd_osd_spec.rb b/spec/classes/cloud_storage_rbd_osd_spec.rb deleted file mode 100644 index 63229940..00000000 --- a/spec/classes/cloud_storage_rbd_osd_spec.rb +++ /dev/null @@ -1,110 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::storage::rbd::osd class -# - -require 'spec_helper' - -describe 'cloud::storage::rbd::osd' do - - shared_examples_for 'ceph osd' do - - let :pre_condition do - "class { 'cloud::storage::rbd': - fsid => '123', - cluster_network => '10.0.0.0/24', - public_network => '192.168.0.0/24' }" - end - - let :params do - { :public_address => '10.0.0.1', - :cluster_address => '192.168.0.1' } - end - - it 'configure ceph common' do - is_expected.to contain_class('ceph::conf').with( - :fsid => '123', - :auth_type => 'cephx', - :cluster_network => '10.0.0.0/24', - :public_network => '192.168.0.0/24', - :enable_service => true - ) - end - - it 'configure ceph osd' do - is_expected.to contain_class('ceph::osd').with( - :public_address => '10.0.0.1', - :cluster_address => '192.168.0.1' - ) - end - - context 'without specified journal' do - before :each do - params.merge!( :devices => ['sdb','sdc','sdd'] ) - end - - it 'configure ceph osd with a mixed full-qualified and short device name' do - is_expected.to contain_ceph__osd__device('/dev/sdb','/dev/sdc','sdd') - end - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceph osd firewall rules' do - is_expected.to contain_firewall('100 allow ceph-osd access').with( - :port => '6800-6810', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceph osd firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceph-osd access').with( - :port => '6800-6810', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - it_configures 'ceph osd' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - it_configures 'ceph osd' - end - -end diff --git a/spec/classes/cloud_telemetry_alarmevaluator_spec.rb b/spec/classes/cloud_telemetry_alarmevaluator_spec.rb deleted file mode 100644 index 41b775d0..00000000 --- a/spec/classes/cloud_telemetry_alarmevaluator_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::alarmevaluator class -# - -require 'spec_helper' - -describe 'cloud::telemetry::alarmevaluator' do - - shared_examples_for 'openstack telemetry alarmevaluator' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer alarm evaluator' do - is_expected.to contain_class('ceilometer::alarm::evaluator') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmevaluator' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmevaluator' - end - -end diff --git a/spec/classes/cloud_telemetry_alarmnotifier_spec.rb b/spec/classes/cloud_telemetry_alarmnotifier_spec.rb deleted file mode 100644 index caa021cf..00000000 --- a/spec/classes/cloud_telemetry_alarmnotifier_spec.rb +++ /dev/null @@ -1,83 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::alarmnotifier class -# - -require 'spec_helper' - -describe 'cloud::telemetry::alarmnotifier' do - - shared_examples_for 'openstack telemetry alarmnotifier' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer alarm notifier' do - is_expected.to contain_class('ceilometer::alarm::notifier') - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmnotifier' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry alarmnotifier' - end - -end diff --git a/spec/classes/cloud_telemetry_api_spec.rb b/spec/classes/cloud_telemetry_api_spec.rb deleted file mode 100644 index b486ae6d..00000000 --- a/spec/classes/cloud_telemetry_api_spec.rb +++ /dev/null @@ -1,135 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::api class -# - -require 'spec_helper' - -describe 'cloud::telemetry::api' do - - shared_examples_for 'openstack telemetry api' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - let :params do - { :ks_keystone_internal_host => '127.0.0.1', - :ks_keystone_internal_proto => 'http', - :ks_ceilometer_internal_port => '8777', - :ks_ceilometer_password => 'rabbitpassword', - :api_eth => '127.0.0.1' } - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer-api' do - is_expected.to contain_class('ceilometer::api').with( - :keystone_password => 'rabbitpassword', - :keystone_host => '127.0.0.1', - :keystone_protocol => 'http', - :host => '127.0.0.1' - ) - end - - it 'configure ceilometer-expirer' do - is_expected.to contain_class('ceilometer::expirer').with( - :time_to_live => '2592000', - :minute => '0', - :hour => '0' - ) - end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure ceilometer firewall rules' do - is_expected.to contain_firewall('100 allow ceilometer-api access').with( - :port => '8777', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure ceilometer firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow ceilometer-api access').with( - :port => '8777', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry api' - end - -end diff --git a/spec/classes/cloud_telemetry_centralagent_spec.rb b/spec/classes/cloud_telemetry_centralagent_spec.rb deleted file mode 100644 index 30eaf600..00000000 --- a/spec/classes/cloud_telemetry_centralagent_spec.rb +++ /dev/null @@ -1,65 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::centralagent class -# - -require 'spec_helper' - -describe 'cloud::telemetry::centralagent' do - - shared_examples_for 'openstack telemetry centralagent' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer central agent' do - is_expected.to contain_class('ceilometer::agent::central') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry centralagent' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry centralagent' - end - -end diff --git a/spec/classes/cloud_telemetry_collector_spec.rb b/spec/classes/cloud_telemetry_collector_spec.rb deleted file mode 100644 index bb101f9e..00000000 --- a/spec/classes/cloud_telemetry_collector_spec.rb +++ /dev/null @@ -1,107 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::collector class -# - -require 'spec_helper' - -describe 'cloud::telemetry::collector' do - - shared_examples_for 'openstack telemetry collector' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - let :params do - { :mongo_nodes => ['node1', 'node2', 'node3'] } - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer collector' do - is_expected.to contain_class('ceilometer::collector') - end - - it 'synchronize ceilometer db indexes' do - is_expected.to contain_class('ceilometer::db').with( - :sync_db => true, - :database_connection => 'mongodb://node1,node2,node3/ceilometer?replicaSet=ceilometer' - ) - end - - context 'without replica set' do - before :each do - params.merge!( :replicaset_enabled => false, - :mongo_nodes => ['node1'] ) - end - it 'do not configure mongodb replicasets' do - is_expected.to contain_class('ceilometer::db').with( - :sync_db => true, - :database_connection => 'mongodb://node1/ceilometer' - ) - end - end - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry collector' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry collector' - end - -end diff --git a/spec/classes/cloud_telemetry_notification_spec.rb b/spec/classes/cloud_telemetry_notification_spec.rb deleted file mode 100644 index 9fa7fb6d..00000000 --- a/spec/classes/cloud_telemetry_notification_spec.rb +++ /dev/null @@ -1,84 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::telemetry::notification class -# - -require 'spec_helper' - -describe 'cloud::telemetry::notification' do - - shared_examples_for 'openstack telemetry notification' do - - let :pre_condition do - "class { 'cloud::telemetry': - ceilometer_secret => 'secrete', - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - ks_keystone_internal_host => '10.0.0.1', - ks_keystone_internal_port => '5000', - ks_keystone_internal_proto => 'http', - ks_ceilometer_password => 'secrete', - region => 'MyRegion', - log_facility => 'LOG_LOCAL0', - use_syslog => true, - verbose => true, - debug => true }" - end - - it 'configure ceilometer common' do - is_expected.to contain_class('ceilometer').with( - :verbose => true, - :debug => true, - :rabbit_userid => 'ceilometer', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :metering_secret => 'secrete', - :use_syslog => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false - ) - is_expected.to contain_class('ceilometer::agent::auth').with( - :auth_password => 'secrete', - :auth_url => 'http://10.0.0.1:5000/v2.0', - :auth_region => 'MyRegion' - ) - end - - it 'configure ceilometer notification agent' do - is_expected.to contain_class('ceilometer::agent::notification') - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry notification' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat', - :hostname => 'node1' } - end - - it_configures 'openstack telemetry notification' - end - -end diff --git a/spec/classes/cloud_volume_api_spec.rb b/spec/classes/cloud_volume_api_spec.rb deleted file mode 100644 index 91a2c604..00000000 --- a/spec/classes/cloud_volume_api_spec.rb +++ /dev/null @@ -1,167 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::api class -# - -require 'spec_helper' - -describe 'cloud::volume::api' do - - shared_examples_for 'openstack volume api' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secrete', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true, - nova_endpoint_type => 'internalURL' }" - end - - let :params do - { :ks_cinder_password => 'secrete', - :ks_cinder_internal_port => '8776', - :ks_keystone_internal_host => '10.0.0.1', - :ks_keystone_internal_proto => 'https', - :ks_glance_internal_host => '10.0.0.2', - :ks_glance_api_internal_port => '9292', - :default_volume_type => 'ceph', - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - #:backup_ceph_user => 'cinder', - #:backup_ceph_pool => 'ceph_backup_cinder', - :api_eth => '10.0.0.1' } - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_cinder_config('DEFAULT/nova_catalog_info').with('value' => 'compute:nova:internalURL') - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder glance backend' do - is_expected.to contain_class('cinder::glance').with( - :glance_api_servers => 'http://10.0.0.2:9292', - :glance_request_timeout => '10', - :glance_num_retries => '10' - ) - end - - it 'configure cinder api' do - is_expected.to contain_class('cinder::api').with( - :keystone_password => 'secrete', - :keystone_auth_host => '10.0.0.1', - :keystone_auth_protocol => 'https', - :bind_host => '10.0.0.1', - :default_volume_type => 'ceph', - ) - end - - context 'without default volume type' do - before :each do - params.delete(:default_volume_type) - end - it 'should raise an error and fail' do - is_expected.not_to compile - end - end - - # TODO(EmilienM) Disabled for now: http://git.io/kfTmcA - #it 'configure cinder backup using ceph backend' do - # should contain_class('cinder::backup') - # should contain_class('cinder::backup::ceph').with( - # :backup_ceph_user => 'cinder', - # :backup_ceph_pool => 'ceph_backup_cinder' - # ) - #end - - context 'with default firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - it 'configure cinder firewall rules' do - is_expected.to contain_firewall('100 allow cinder-api access').with( - :port => '8776', - :proto => 'tcp', - :action => 'accept', - ) - end - end - - context 'with custom firewall enabled' do - let :pre_condition do - "class { 'cloud': manage_firewall => true }" - end - before :each do - params.merge!(:firewall_settings => { 'limit' => '50/sec' } ) - end - it 'configure cinder firewall rules with custom parameter' do - is_expected.to contain_firewall('100 allow cinder-api access').with( - :port => '8776', - :proto => 'tcp', - :action => 'accept', - :limit => '50/sec', - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume api' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume api' - end - -end diff --git a/spec/classes/cloud_volume_scheduler_spec.rb b/spec/classes/cloud_volume_scheduler_spec.rb deleted file mode 100644 index e54fd67c..00000000 --- a/spec/classes/cloud_volume_scheduler_spec.rb +++ /dev/null @@ -1,97 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::controller class -# - -require 'spec_helper' - -describe 'cloud::volume::scheduler' do - - shared_examples_for 'openstack volume scheduler' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secrete', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secrete', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true, - nova_endpoint_type => 'internalURL' }" - end - - let :params do - {} - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secrete@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secrete', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - is_expected.to contain_class('cinder::ceilometer') - is_expected.to contain_cinder_config('DEFAULT/nova_catalog_info').with('value' => 'compute:nova:internalURL') - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecrete -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder scheduler' do - is_expected.to contain_class('cinder::scheduler').with( - :scheduler_driver => 'cinder.scheduler.filter_scheduler.FilterScheduler' - ) - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume scheduler' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume scheduler' - end - -end diff --git a/spec/classes/cloud_volume_storage_spec.rb b/spec/classes/cloud_volume_storage_spec.rb deleted file mode 100644 index a50d7af3..00000000 --- a/spec/classes/cloud_volume_storage_spec.rb +++ /dev/null @@ -1,333 +0,0 @@ -# -# Copyright (C) 2014 eNovance SAS -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Unit tests for cloud::volume::storage class -# - -require 'spec_helper' - -describe 'cloud::volume::storage' do - - shared_examples_for 'openstack volume storage' do - - let :pre_condition do - "class { 'cloud::volume': - cinder_db_host => '10.0.0.1', - cinder_db_user => 'cinder', - cinder_db_password => 'secret', - cinder_db_idle_timeout => 5000, - rabbit_hosts => ['10.0.0.1'], - rabbit_password => 'secret', - verbose => true, - debug => true, - log_facility => 'LOG_LOCAL0', - storage_availability_zone => 'nova', - use_syslog => true }" - end - - let :params do - { :cinder_rbd_pool => 'ceph_cinder', - :cinder_rbd_user => 'cinder', - :cinder_rbd_secret_uuid => 'secret', - :cinder_rbd_max_clone_depth => '10', - :cinder_backends => { - 'rbd' => { - 'lowcost' => { - 'rbd_pool' => 'ceph_cinder', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret' - } - }, - 'netapp' => { - 'premium' => { - 'netapp_server_hostname' => 'netapp-server.host', - 'netapp_login' => 'joe', - 'netapp_password' => 'secret', - 'nfs_mount_options' => 'rw,proto=tcp,sec=sys', - } - }, - 'iscsi' => { - 'fast' => { - 'iscsi_ip_address' => '10.0.0.1', - 'volume_group' => 'fast-vol' - } - }, - 'emc_vnx' => { - 'very-fast' => { - 'iscsi_ip_address' => '10.0.0.1', - 'san_ip' => '10.0.0.2', - 'san_password' => 'secrete', - 'storage_vnx_pool_name' => 'emc-volumes', - } - }, - 'eqlx' => { - 'dell' => { - 'san_ip' => '10.0.0.1', - 'san_login' => 'admin', - 'san_password' => 'secrete', - 'eqlx_group_name' => 'dell-volumes', - } - }, - 'glusterfs' => { - 'gluster' => { - 'glusterfs_shares' => ['/mnt/share'], - 'glusterfs_shares_config' => '/etc/cinder/shares-gluster.conf', - } - }, - 'nfs' => { - 'freenas' => { - 'nfs_servers' => ['10.0.0.1:/myshare'], - 'nfs_mount_options' => 'defaults', - 'nfs_disk_util' => 'df', - 'nfs_mount_point_base' => '/mnt/shares', - 'nfs_shares_config' => '/etc/cinder/shares.conf', - 'nfs_used_ratio' => '0.6', - 'nfs_oversub_ratio' => '1.0' - } - } - }, - :ks_keystone_internal_proto => 'http', - :ks_keystone_internal_port => '5000', - :ks_keystone_internal_host => 'keystone.host', - :ks_cinder_password => 'secret' } - end - - it 'configure cinder common' do - is_expected.to contain_class('cinder').with( - :database_connection => 'mysql://cinder:secret@10.0.0.1/cinder?charset=utf8', - :database_idle_timeout => '5000', - :rabbit_userid => 'cinder', - :rabbit_hosts => ['10.0.0.1'], - :rabbit_password => 'secret', - :rabbit_virtual_host => '/', - :verbose => true, - :debug => true, - :log_facility => 'LOG_LOCAL0', - :log_dir => false, - :use_syslog => true, - :storage_availability_zone => 'nova' - ) - - is_expected.to contain_cinder_config('DEFAULT/notification_driver').with('value' => 'cinder.openstack.common.notifier.rpc_notifier') - - end - - it 'checks if Cinder DB is populated' do - is_expected.to contain_exec('cinder_db_sync').with( - :command => 'cinder-manage db sync', - :user => 'cinder', - :path => '/usr/bin', - :unless => '/usr/bin/mysql cinder -h 10.0.0.1 -u cinder -psecret -e "show tables" | /bin/grep Tables' - ) - end - - it 'configure cinder volume service' do - is_expected.to contain_class('cinder::volume') - end - - context 'with RBD backend' do - it 'configures rbd volume driver' do - is_expected.to contain_cinder_config('lowcost/volume_backend_name').with_value('lowcost') - is_expected.to contain_cinder_config('lowcost/rbd_pool').with_value('ceph_cinder') - is_expected.to contain_cinder_config('lowcost/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('lowcost/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('lowcost/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('lowcost').with( - :set_key => 'volume_backend_name', - :set_value => 'lowcost', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - is_expected.to contain_group('cephkeyring').with(:ensure => 'present') - is_expected.to contain_exec('add-cinder-to-group').with( - :command => 'usermod -a -G cephkeyring cinder', - :path => ['/usr/sbin', '/usr/bin', '/bin', '/sbin'], - :unless => 'groups cinder | grep cephkeyring' - ) - is_expected.to contain_file('/etc/ceph/ceph.client.cinder.keyring').with({ - 'owner' => 'root', - 'group' => 'cephkeyring', - 'mode' => '0440', - }) - end - end - - context 'with NetApp backend' do - it 'configures netapp volume driver' do - is_expected.to contain_cinder_config('premium/volume_backend_name').with_value('premium') - is_expected.to contain_cinder_config('premium/netapp_login').with_value('joe') - is_expected.to contain_cinder_config('premium/netapp_password').with_value('secret') - is_expected.to contain_cinder_config('premium/netapp_server_hostname').with_value('netapp-server.host') - is_expected.to contain_cinder_config('premium/nfs_mount_options').with_value('rw,proto=tcp,sec=sys') - is_expected.to contain_cinder__type('premium').with( - :set_key => 'volume_backend_name', - :set_value => 'premium', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with iSCSI backend' do - it 'configures iSCSI volume driver' do - is_expected.to contain_cinder_config('fast/volume_backend_name').with_value('fast') - is_expected.to contain_cinder_config('fast/iscsi_ip_address').with_value('10.0.0.1') - is_expected.to contain_cinder_config('fast/volume_group').with_value('fast-vol') - is_expected.to contain_cinder__type('fast').with( - :set_key => 'volume_backend_name', - :set_value => 'fast', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with EMC VNX backend' do - it 'configures EMC VNX volume driver' do - should contain_cinder_config('very-fast/volume_backend_name').with_value('very-fast') - should contain_cinder_config('very-fast/iscsi_ip_address').with_value('10.0.0.1') - should contain_cinder_config('very-fast/san_ip').with_value('10.0.0.2') - should contain_cinder_config('very-fast/san_password').with_value('secrete') - should contain_cinder_config('very-fast/storage_vnx_pool_name').with_value('emc-volumes') - should contain_cinder__type('very-fast').with( - :set_key => 'volume_backend_name', - :set_value => 'very-fast', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with EQLX backend' do - it 'configures EQLX volume driver' do - should contain_cinder_config('dell/volume_backend_name').with_value('dell') - should contain_cinder_config('dell/san_ip').with_value('10.0.0.1') - should contain_cinder_config('dell/san_login').with_value('admin') - should contain_cinder_config('dell/san_password').with_value('secrete') - should contain_cinder_config('dell/eqlx_group_name').with_value('dell-volumes') - should contain_cinder__type('dell').with( - :set_key => 'volume_backend_name', - :set_value => 'dell', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with GlusterFS backend' do - it 'configures GlusterFS volume driver' do - should contain_cinder_config('gluster/volume_backend_name').with_value('gluster') - should contain_cinder_config('gluster/glusterfs_shares_config').with_value('/etc/cinder/shares-gluster.conf') - should contain_cinder__type('gluster').with( - :set_key => 'volume_backend_name', - :set_value => 'gluster', - :notify => 'Service[cinder-volume]' - ) - end - end - - context 'with NFS backend' do - it 'configures NFS volume driver' do - is_expected.to contain_cinder_config('freenas/volume_backend_name').with_value('freenas') - is_expected.to contain_cinder_config('freenas/nfs_mount_options').with_value('defaults') - is_expected.to contain_cinder_config('freenas/nfs_mount_point_base').with_value('/mnt/shares') - is_expected.to contain_cinder_config('freenas/nfs_disk_util').with_value('df') - is_expected.to contain_cinder_config('freenas/nfs_shares_config').with_value('/etc/cinder/shares.conf') - is_expected.to contain_cinder_config('freenas/nfs_used_ratio').with_value('0.6') - is_expected.to contain_cinder_config('freenas/nfs_oversub_ratio').with_value('1.0') - is_expected.to contain_cinder__type('freenas').with( - :set_key => 'volume_backend_name', - :set_value => 'freenas', - :notify => 'Service[cinder-volume]' - ) - should contain_file('/etc/cinder/shares.conf').with_content(/^10.0.0.1:\/myshare$/) - end - end - - context 'with two RBD backends' do - before :each do - params.merge!( - :cinder_backends => { - 'rbd' => { - 'lowcost' => { - 'rbd_pool' => 'low', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret', - }, - 'normal' => { - 'rbd_pool' => 'normal', - 'rbd_user' => 'cinder', - 'rbd_secret_uuid' => 'secret', - } - } - } - ) - end - - it 'configures two rbd volume backends' do - is_expected.to contain_cinder_config('lowcost/volume_backend_name').with_value('lowcost') - is_expected.to contain_cinder_config('lowcost/rbd_pool').with_value('low') - is_expected.to contain_cinder_config('lowcost/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('lowcost/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('lowcost/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('lowcost').with( - :set_key => 'volume_backend_name', - :set_value => 'lowcost', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - is_expected.to contain_cinder_config('normal/volume_backend_name').with_value('normal') - is_expected.to contain_cinder_config('normal/rbd_pool').with_value('normal') - is_expected.to contain_cinder_config('normal/rbd_user').with_value('cinder') - is_expected.to contain_cinder_config('normal/rbd_secret_uuid').with_value('secret') - is_expected.to contain_cinder_config('normal/volume_tmp_dir').with_value('/tmp') - is_expected.to contain_cinder__type('normal').with( - :set_key => 'volume_backend_name', - :set_value => 'normal', - :os_tenant_name => 'services', - :os_username => 'cinder', - :os_password => 'secret', - :os_auth_url => 'http://keystone.host:5000/v2.0' - ) - end - end - - context 'with all backends enabled' do - it 'configure all cinder backends' do - is_expected.to contain_class('cinder::backends').with( - :enabled_backends => ['lowcost', 'premium', 'fast', 'very-fast', 'dell', 'freenas', 'gluster'] - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'openstack volume storage' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'openstack volume storage' - end - -end diff --git a/spec/classes/coverage_spec.rb b/spec/classes/coverage_spec.rb deleted file mode 100644 index fbe09652..00000000 --- a/spec/classes/coverage_spec.rb +++ /dev/null @@ -1,5 +0,0 @@ -require 'spec_helper' - -if ENV['COV'] - at_exit { RSpec::Puppet::Coverage.report! } -end diff --git a/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb b/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb deleted file mode 100644 index d8736aeb..00000000 --- a/spec/defines/cloud_clustering_pacemaker_colocation_spec.rb +++ /dev/null @@ -1,47 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_colocation - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_colocation', :type => :define do - - let (:title) { 'service1' } - - let :params do - { - :service => 'service1', - :colocated_with => ['service2','service3'] - } - end - - context 'with default parameters' do - it 'should create a colocation constraint' do - should contain_cs_colocation('service1-with-service2').with( - { - 'primitives' => ["p_service1", "p_service2"], - } - ) - - should contain_cs_colocation('service1-with-service3').with( - { - 'primitives' => ["p_service1", "p_service3"], - } - ) - end - end -end diff --git a/spec/defines/cloud_clustering_pacemaker_order_spec.rb b/spec/defines/cloud_clustering_pacemaker_order_spec.rb deleted file mode 100644 index 6beb6994..00000000 --- a/spec/defines/cloud_clustering_pacemaker_order_spec.rb +++ /dev/null @@ -1,49 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_order - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_order', :type => :define do - - let (:title) { 'service1' } - - let :params do - { - :service => 'service1', - :first => ['service2','service3'] - } - end - - context 'with default parameters' do - it 'should create two order constraints' do - should contain_cs_order('service2-before-service1').with( - { - 'first' => "p_service2", - 'second' => "p_service1" - } - ) - - should contain_cs_order('service3-before-service1').with( - { - 'first' => "p_service3", - 'second' => "p_service1" - } - ) - end - end -end diff --git a/spec/defines/cloud_clustering_pacemaker_service_spec.rb b/spec/defines/cloud_clustering_pacemaker_service_spec.rb deleted file mode 100644 index bb224434..00000000 --- a/spec/defines/cloud_clustering_pacemaker_service_spec.rb +++ /dev/null @@ -1,92 +0,0 @@ - -# -# Copyright (C) 2015 Red Hat Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# Spec tests for cloud::clustering::pacemaker_service - -require 'spec_helper' - -describe 'cloud::clustering::pacemaker_service', :type => :define do - - let :pre_condition do - "service { ['foo-api','bar-api']: - ensure => running - }" - end - - let (:title) { 'foo-api' } - - let :params do - { - :service_name => 'foo-api', - :primitive_class => 'systemd', - :primitive_provider => false, - :primitive_type => 'foo-api', - :clone => false, - :colocated_services => [], - :start_after => [], - :requires => [] - } - end - - context 'with default parameters' do - it 'should create a Pacemaker service' do - should contain_openstack_extras__pacemaker__service('foo-api').with( - { - 'ensure' => :present, - 'primitive_class' => params[:primitive_class], - 'primitive_provider' => params[:primitive_provider], - 'primitive_type' => params[:primitive_type], - 'clone' => params[:clone], - 'require' => params[:requires] - } - ) - end - end - - context 'with colocated services and start ordering' do - before :each do - params.merge!( - :colocated_services => ["bar-api"], - :start_after => ["foo-api"], - ) - end - - it 'creates a colocation constraint' do - is_expected.to contain_cloud__clustering__pacemaker_colocation('foo-api') - end - - it 'creates an order constraint' do - is_expected.to contain_cloud__clustering__pacemaker_order('foo-api') - end - end - - context 'with clone=true' do - before :each do - params.merge!( - :clone => true, - ) - end - - it 'creates a cloned resource' do - is_expected.to contain_openstack_extras__pacemaker__service('foo-api').with( - { - 'clone' => :true - } - ) - end - end - -end diff --git a/spec/shared_examples.rb b/spec/shared_examples.rb deleted file mode 100644 index fec0eacc..00000000 --- a/spec/shared_examples.rb +++ /dev/null @@ -1,5 +0,0 @@ -shared_examples_for "a Puppet::Error" do |description| - it "with message matching #{description.inspect}" do - expect { is_expected.to have_class_count(1) }.to raise_error(Puppet::Error, description) - end -end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb deleted file mode 100644 index 0171d5dd..00000000 --- a/spec/spec_helper.rb +++ /dev/null @@ -1,16 +0,0 @@ -require 'puppetlabs_spec_helper/module_spec_helper' -require 'shared_examples' - -RSpec.configure do |c| - c.alias_it_should_behave_like_to :it_configures, 'configures' - c.alias_it_should_behave_like_to :it_raises, 'raises' - - c.default_facts = { - :kernel => 'Linux', - :concat_basedir => '/var/lib/puppet/concat', - :memorysize => '1000 MB', - :processorcount => '1', - :puppetversion => '3.7.3', - :uniqueid => '123' - } -end diff --git a/templates/database/clustercheck.erb b/templates/database/clustercheck.erb deleted file mode 100644 index 5336bac6..00000000 --- a/templates/database/clustercheck.erb +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -# Managed by puppet -# Module cloud -# -# Script to make a proxy (ie HAProxy) capable of monitoring Percona XtraDB Cluster nodes properly -# -# Author: Olaf van Zandwijk -# Mehdi Abaakouk -# -# Documentation and download: https://github.com/olafz/percona-clustercheck -# -# Based on the original script from Unai Rodriguez -# -MYSQL_USERNAME='<%= @galera_clustercheck_dbuser %>' -MYSQL_PASSWORD='<%= @galera_clustercheck_dbpassword %>' - -TIMEOUT=10 -ERR_FILE="/dev/null" -AVAILABLE_WHEN_DONOR=0 - -MYSQL_CMDLINE="mysql -nNE --connect-timeout=$TIMEOUT --user=${MYSQL_USERNAME} --password=${MYSQL_PASSWORD} " - -mysql_get_status(){ - ( $MYSQL_CMDLINE -e "SHOW STATUS LIKE '$1';" | tail -1 ) 2>>${ERR_FILE} -} -mysql_get_var(){ - ( $MYSQL_CMDLINE -e "SHOW GLOBAL VARIABLES LIKE '$1';" | tail -1 ) 2>>${ERR_FILE} -} - -http_response(){ - status=$1 - shift - msg="$@" - if [ "$status" == 200 ]; then - /bin/echo -en "HTTP/1.1 200 OK\r\n" - else - /bin/echo -en "HTTP/1.1 503 Service Unavailable\r\n" - fi - /bin/echo -en "Content-Type: text/plain\r\n" - /bin/echo -en "\r\n" - /bin/echo -en "$msg\r\n" - /bin/echo -en "\r\n" -} - - -WSREP_LOCAL_STATE=$(mysql_get_status wsrep_local_state) -WSREP_READY=$(mysql_get_status wsrep_ready) -WSREP_CONNECTED=$(mysql_get_status wsrep_connected) -READY_ONLY=$(mysql_get_var read_only) - -case ${AVAILABLE_WHEN_DONOR}-${WSREP_LOCAL_STATE}-${WSREP_READY}-${WSREP_CONNECTED}-${READY_ONLY} in - 1-2-ON-ON-OFF|0-4-ON-ON-OFF) http_response 200 "Mariadb Cluster Node is synced, ready and connected." ;; - *-*-OFF-*-*) http_response 503 "Mariadb Cluster Node is not ready." ;; - *-*-*-OFF-*) http_response 503 "Mariadb Cluster Node is not connected" ;; - *-*-*-*-ON) http_response 503 "Mariadb Cluster Node is readonly" ;; - *) http_response 503 "Mariadb Cluster Node is not synced" ;; -esac diff --git a/templates/database/debian.cnf.erb b/templates/database/debian.cnf.erb deleted file mode 100644 index 11d258aa..00000000 --- a/templates/database/debian.cnf.erb +++ /dev/null @@ -1,14 +0,0 @@ -# Managed by Puppet -# Module cloud::database::sql -# -[client] -host = localhost -user = debian-sys-maint -password = <%= @mysql_sys_maint_password %> -socket = /var/run/mysqld/mysqld.sock -[mysql_upgrade] -host = localhost -user = debian-sys-maint -password = <%= @mysql_sys_maint_password %> -socket = /var/run/mysqld/mysqld.sock -basedir = /usr diff --git a/templates/database/etc_initd_mysql_Debian b/templates/database/etc_initd_mysql_Debian deleted file mode 100755 index 3b4c3c6a..00000000 --- a/templates/database/etc_initd_mysql_Debian +++ /dev/null @@ -1,200 +0,0 @@ -#!/bin/bash -# -### BEGIN INIT INFO -# Provides: mysql-bootstrap -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: $network $named $time -# Should-Stop: $network $named $time -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start and stop the mysql database server daemon -# Description: Controls the main MariaDB database server daemon "mysqld" -# and its wrapper script "mysqld_safe". -### END INIT INFO -# -MYSQLD_STARTUP_TIMEOUT=${MYSQLD_STARTUP_TIMEOUT:-60} -[ -e /etc/mysql/my.cnf ] && \ - MYSQLD_DATA_DIR=$(awk -F= '/^datadir/{print $2}' /etc/mysql/my.cnf | sed -e 's/^ *//') -MYSQLD_DATA_DIR=${MYSQLD_DATA_DIR:-<%= scope.lookupvar('::mysql::datadir') %>} -set -e -set -u -${DEBIAN_SCRIPT_DEBUG:+ set -v -x} - -test -x /usr/sbin/mysqld || exit 0 - -. /lib/lsb/init-functions - -SELF=$(cd $(dirname $0); pwd -P)/$(basename $0) -CONF=/etc/mysql/my.cnf -MYADMIN="/usr/bin/mysqladmin --defaults-file=/etc/mysql/debian.cnf" - -# priority can be overriden and "-s" adds output to stderr -ERR_LOGGER="logger -p daemon.err -t /etc/init.d/mysql -i" - -# Safeguard (relative paths, core dumps..) -cd / -umask 077 - -# mysqladmin likes to read /root/.my.cnf. This is usually not what I want -# as many admins e.g. only store a password without a username there and -# so break my scripts. -export HOME=/etc/mysql/ - -## Fetch a particular option from mysql's invocation. -# -# Usage: void mysqld_get_param option -mysqld_get_param() { - /usr/sbin/mysqld --print-defaults \ - | tr " " "\n" \ - | grep -- "--$1" \ - | tail -n 1 \ - | cut -d= -f2 -} - -## Do some sanity checks before even trying to start mysqld. -sanity_checks() { - # check for config file - if [ ! -r /etc/mysql/my.cnf ]; then - log_warning_msg "$0: WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" - echo "WARNING: /etc/mysql/my.cnf cannot be read. See README.Debian.gz" | $ERR_LOGGER - fi - - # check for diskspace shortage - datadir=`mysqld_get_param datadir` - if LC_ALL=C BLOCKSIZE= df --portability $datadir/. | tail -n 1 | awk '{ exit ($4>4096) }'; then - log_failure_msg "$0: ERROR: The partition with $datadir is too full!" - echo "ERROR: The partition with $datadir is too full!" | $ERR_LOGGER - exit 1 - fi -} - -## Checks if there is a server running and if so if it is accessible. -# -# check_alive insists on a pingable server -# check_dead also fails if there is a lost mysqld in the process list -# -# Usage: boolean mysqld_status [check_alive|check_dead] [warn|nowarn] -mysqld_status () { - ping_output=`$MYADMIN ping 2>&1`; ping_alive=$(( ! $? )) - - ps_alive=0 - pidfile=`mysqld_get_param pid-file` - if [ -f "$pidfile" ] && ps `cat $pidfile` >/dev/null 2>&1; then ps_alive=1; fi - - if [ "$1" = "check_alive" -a $ping_alive = 1 ] || - [ "$1" = "check_dead" -a $ping_alive = 0 -a $ps_alive = 0 ]; then - return 0 # EXIT_SUCCESS - else - if [ "$2" = "warn" ]; then - echo -e "$ps_alive processes alive and '$MYADMIN ping' resulted in\n$ping_output\n" | $ERR_LOGGER -p daemon.debug - fi - return 1 # EXIT_FAILURE - fi -} - -# -# main() -# - -case "${1:-''}" in - 'start') - sanity_checks; - # Start daemon - log_daemon_msg "Starting MariaDB database server" "mysqld" - if mysqld_status check_alive nowarn; then - log_progress_msg "already running" - log_end_msg 0 - else - # Could be removed during boot - test -e /var/run/mysqld || install -m 755 -o mysql -g root -d /var/run/mysqld - - # Start MariaDB! in a Galera setup we want to use - # new-cluster only when the galera cluster hasn't been - # bootstraped - if [ -e ${MYSQLD_DATA_DIR}/grastate.dat ]; then - # normal boot - /usr/bin/mysqld_safe "${@:2}" > /dev/null 2>&1 & - else - # bootstrap boot - log_progress_msg " (Galera bootstrap) " - /usr/bin/mysqld_safe "${@:2}" --wsrep-new-cluster > /dev/null 2>&1 & - fi - - # 6s was reported in #352070 to be too few when using ndbcluster - for i in $(seq 1 "${MYSQLD_STARTUP_TIMEOUT:-30}"); do - sleep 1 - if mysqld_status check_alive nowarn ; then break; fi - log_progress_msg "." - done - if mysqld_status check_alive warn; then - log_end_msg 0 - # Now start mysqlcheck or whatever the admin wants. - output=$(/etc/mysql/debian-start) - [ -n "$output" ] && log_action_msg "$output" - else - log_end_msg 1 - log_failure_msg "Please take a look at the syslog" - fi - fi - ;; - - 'stop') - # * As a passwordless mysqladmin (e.g. via ~/.my.cnf) must be possible - # at least for cron, we can rely on it here, too. (although we have - # to specify it explicit as e.g. sudo environments points to the normal - # users home and not /root) - log_daemon_msg "Stopping MariaDB database server" "mysqld" - if ! mysqld_status check_dead nowarn; then - set +e - shutdown_out=`$MYADMIN shutdown 2>&1`; r=$? - set -e - if [ "$r" -ne 0 ]; then - log_end_msg 1 - [ "$VERBOSE" != "no" ] && log_failure_msg "Error: $shutdown_out" - log_daemon_msg "Killing MariaDB database server by signal" "mysqld" - killall -15 mysqld - server_down= - for i in `seq 1 600`; do - sleep 1 - if mysqld_status check_dead nowarn; then server_down=1; break; fi - done - if test -z "$server_down"; then killall -9 mysqld; fi - fi - fi - - if ! mysqld_status check_dead warn; then - log_end_msg 1 - log_failure_msg "Please stop MariaDB manually and read /usr/share/doc/mariadb-server-5.5/README.Debian.gz!" - exit -1 - else - log_end_msg 0 - fi - ;; - - 'restart') - set +e; $SELF stop; set -e - $SELF start - ;; - - 'reload'|'force-reload') - log_daemon_msg "Reloading MariaDB database server" "mysqld" - $MYADMIN reload - log_end_msg 0 - ;; - - 'status') - if mysqld_status check_alive nowarn; then - log_action_msg "$($MYADMIN version)" - else - log_action_msg "MariaDB is stopped." - exit 3 - fi - ;; - - *) - echo "Usage: $SELF start|stop|restart|reload|force-reload|status" - exit 1 - ;; -esac - diff --git a/templates/database/etc_initd_mysql_RedHat b/templates/database/etc_initd_mysql_RedHat deleted file mode 100755 index 79a8b36e..00000000 --- a/templates/database/etc_initd_mysql_RedHat +++ /dev/null @@ -1,45 +0,0 @@ -# It's not recommended to modify this file in-place, because it will be -# overwritten during package upgrades. If you want to customize, the -# best way is to create a file "/etc/systemd/system/mariadb.service", -# containing -# .include /lib/systemd/system/mariadb.service -# ...make your changes here... -# or create a file "/etc/systemd/system/mariadb.service.d/foo.conf", -# which doesn't need to include ".include" call and which will be parsed -# after the file mariadb.service itself is parsed. -# -# For more info about custom unit files, see systemd.unit(5) or -# http://fedoraproject.org/wiki/Systemd#How_do_I_customize_a_unit_file.2F_add_a_custom_unit_file.3F -# For example, if you want to increase mysql's open-files-limit to 10000, -# you need to increase systemd's LimitNOFILE setting, so create a file named -# "/etc/systemd/system/mariadb.service.d/limits.conf" containing: -# [Service] -# LimitNOFILE=10000 -# Note: /usr/lib/... is recommended in the .include line though /lib/... -# still works. -# Don't forget to reload systemd daemon after you change unit configuration: -# root> systemctl --system daemon-reload - -[Unit] -Description=MariaDB database server -After=syslog.target -After=network.target - -[Service] -Type=simple -User=mysql -Group=mysql -ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n -# Note: we set --basedir to prevent probes that might trigger SELinux alarms, -# per bug #547485 -ExecStart=/usr/bin/mysqld_safe <%= @wsrep_new_cluster %> --basedir=/usr -ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID - -# Give a reasonable amount of time for the server to start up/shut down -TimeoutSec=60 - -# Place temp files in a secure directory, not /tmp -PrivateTmp=true - -[Install] -WantedBy=multi-user.target diff --git a/templates/database/mysql.conf.erb b/templates/database/mysql.conf.erb deleted file mode 100644 index 2a9848cc..00000000 --- a/templates/database/mysql.conf.erb +++ /dev/null @@ -1,70 +0,0 @@ -# MANAGED BY PUPPET -# Module:: cloud::database::sql -# -[mysqld] -bind-address = <%= @api_eth %> -default_storage_engine = innodb -collation_server = utf8_general_ci -init_connect = 'SET NAMES utf8' -character_set_server = utf8 -max_connections = <%= @max_connections %> -skip_name_resolve = 1 -connect_timeout = 5 -wait_timeout = 600 -max_allowed_packet = 64M -thread_cache_size = 128 -sort_buffer_size = 4M -bulk_insert_buffer_size = 16M -tmp_table_size = 512M -max_heap_table_size = 128M -query_cache_type = 0 -myisam_recover = BACKUP -key_buffer_size = 16M -open_files_limit = <%= @open_files_limit_real %> -table_open_cache = 1024 -table_definition_cache = 500 -myisam_sort_buffer_size = 512M -concurrent_insert = 2 -read_buffer_size = 2M -read_rnd_buffer_size = 1M -slow_query_log = 1 -slow_query_log_file = /var/log/mysql/slow.log -log_error = /var/log/mysql/error.log -long_query_time = 1 -log_slow_verbosity = query_plan -innodb_buffer_pool_size = 512M -innodb_flush_log_at_trx_commit = 1 -innodb_lock_wait_timeout = 50 -innodb_thread_concurrency = 48 -innodb_file_per_table = 1 -innodb_open_files = <%= @open_files_limit_real %> -innodb_io_capacity = 1000 -innodb_file_format = Barracuda -innodb_file_format_max = Barracuda -innodb_max_dirty_pages_pct = 50 -binlog_format = ROW -innodb_autoinc_lock_mode = 2 -innodb_locks_unsafe_for_binlog = 1 -wsrep_provider = "<%= @wsrep_provider %>" -wsrep_cluster_name = "galera_cluster" -wsrep_cluster_address = "gcomm://<%= @gcomm_definition %>" -wsrep_sst_auth = root:<%= @mysql_root_password %> -wsrep_drupal_282555_workaround = 0 -wsrep_sst_method = rsync -wsrep_node_address = "<%= @api_eth %>" -wsrep_node_incoming_address = "<%= @api_eth %>" -# This is the minimal value (proc*2) -wsrep_slave_threads = "<%= @processorcount.to_i * 2 %>" - -# Thoses TWEAK assume that the galera cluster is used in master/slave mode -wsrep_provider_options = "gcache.size=<%= @galera_gcache %>;gcs.fc_master_slave=1;gcs.fc_limit=256;gcs.fc_factor=0.9" - -# this value here are used by /usr/bin/innobackupex -# and wsrep_sst_xtrabackup take only one configuration file and use the last one -# (/etc/mysql/my.cnf is not used) -datadir = /var/lib/mysql -tmpdir = /tmp/ -innodb_flush_method = O_DIRECT -innodb_log_buffer_size = 32M -innodb_log_file_size = 256M -innodb_log_files_in_group = 2 diff --git a/templates/database/mysqlchk.erb b/templates/database/mysqlchk.erb deleted file mode 100644 index 2786eb88..00000000 --- a/templates/database/mysqlchk.erb +++ /dev/null @@ -1,24 +0,0 @@ -# Managed by puppet -# Module cloud -# -# default: on -# description: mysqlchk -service mysqlchk -{ -# this is a config for xinetd, place it in /etc/xinetd.d/ - disable = no - flags = REUSE - socket_type = stream - port = 8200 - wait = no - user = nobody - server = /usr/bin/clustercheck - log_on_failure += USERID - log_on_success = - #FIXME(sbadia) Security: Restrict this parameter to HAProxy pool. - only_from = 0.0.0.0/0 - bind = <%= @galera_clustercheck_ipaddress %> - # recommended to put the IPs that need - # to connect exclusively (security purposes) - per_source = UNLIMITED -} diff --git a/templates/database/redis-notifications.sh.erb b/templates/database/redis-notifications.sh.erb deleted file mode 100644 index fc5d9474..00000000 --- a/templates/database/redis-notifications.sh.erb +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -HAPROXY="<%= @haproxy_monitor_ip %>:<%= @haproxy_monitor_port %>" -CMD="$1" -ARGS="$2" -ARG1=`echo $ARGS | awk '{print $1}'` - - -call_curl () { - DATA=`echo "s=$1&action=$2&b=%234" | sed -e s/:/%3A/` - curl --silent -o /dev/null $HAPROXY --data "$DATA" - echo curl $HAPROXY --data "$DATA" - return 0 -} - - -[ "$CMD" = "+odown" ] && [ "$ARG1" = "master" ] && \ - call_curl `echo $ARGS | awk '{print $2 ":" $3 ":" $4}'` 'disable' - -[ "$CMD" = "+sdown" ] && [ "$ARG1" = "slave" ] && \ - call_curl `echo $ARGS | awk '{print $6 ":" $3 ":" $4}'` 'disable' - -[ "$CMD" = "+switch-master" ] && \ - call_curl `echo $ARGS | awk '{print $1 ":" $4 ":" $5}'` 'enable' && - call_curl `echo $ARGS | awk '{print $1 ":" $2 ":" $3}'` 'disable' - -[ "$CMD" = "-odown" ] && [ "$ARG1" = "master" ] && \ - call_curl `echo $ARGS | awk '{print $2 ":" $3 ":" $4}'` 'enable' - -# without exit code, sentinel thinks the script is still running and locks any further execution -exit 0 diff --git a/templates/database/systemd-custom.conf.erb b/templates/database/systemd-custom.conf.erb deleted file mode 100644 index 3e88a5de..00000000 --- a/templates/database/systemd-custom.conf.erb +++ /dev/null @@ -1,4 +0,0 @@ -[Service] -<% @mysql_systemd_override_settings_real.each do |key, value| -%> -<%= key -%>=<%= value %> -<% end -%> diff --git a/templates/installserver/autosign.conf.erb b/templates/installserver/autosign.conf.erb deleted file mode 100644 index d7ae0e10..00000000 --- a/templates/installserver/autosign.conf.erb +++ /dev/null @@ -1,5 +0,0 @@ -<% if @autosign_domains -%> -<% @autosign_domains.each do | domain | -%> -<%= domain %> -<% end -%> -<% end -%> diff --git a/templates/loadbalancer/monitor.erb b/templates/loadbalancer/monitor.erb deleted file mode 100644 index a8fbc604..00000000 --- a/templates/loadbalancer/monitor.erb +++ /dev/null @@ -1,79 +0,0 @@ -<%- if @swift_api -%> -acl swift_api_dead nbsrv(swift_api_cluster) lt 1 -monitor fail if swift_api_dead -<%- end -%> -<%- if @keystone_api -%> -acl keystone_api_dead nbsrv(keystone_api_cluster) lt 1 -monitor fail if keystone_api_dead -<% end -%> -<%- if @keystone_api_admin -%> -acl keystone_api_admin_dead nbsrv(keystone_api_admin_cluster) lt 1 -monitor fail if keystone_api_admin_dead -<% end -%> -<%- if @galera -%> -acl galera_dead nbsrv(galera_cluster) lt 1 -monitor fail if galera_dead -<%- end -%> -<%- if @neutron_api -%> -acl neutron_api_dead nbsrv(neutron_api_cluster) lt 1 -monitor fail if neutron_api_dead -<%- end -%> -<%- if @cinder_api -%> -acl cinder_api_dead nbsrv(cinder_api_cluster) lt 1 -monitor fail if cinder_api_dead -<%- end -%> -<%- if @nova_api -%> -acl nova_api_dead nbsrv(nova_api_cluster) lt 1 -monitor fail if nova_api_dead -<%- end -%> -<%- if @ec2_api -%> -acl ec2_api_dead nbsrv(ec2_api_cluster) lt 1 -monitor fail if ec2_api_dead -<%- end -%> -<%- if @metadata_api -%> -acl metadata_api_dead nbsrv(metadata_api_cluster) lt 1 -monitor fail if metadata_api_dead -<%- end -%> -<%- if @spice -%> -acl spice_dead nbsrv(spice_cluster) lt 1 -monitor fail if spice_dead -<%- end -%> -<%- if @rabbitmq -%> -acl rabbitmq_dead nbsrv(rabbitmq_cluster) lt 1 -monitor fail if rabbitmq_dead -<%- end -%> -<%- if @glance_api -%> -acl glance_api_dead nbsrv(glance_api_cluster) lt 1 -monitor fail if glance_api_dead -<%- end -%> -<%- if @glance_registry -%> -acl glance_registry_dead nbsrv(glance_registry_cluster) lt 1 -monitor fail if glance_registry_dead -<%- end -%> -<%- if @ceilometer_api -%> -acl ceilometer_api_dead nbsrv(ceilometer_api_cluster) lt 1 -monitor fail if ceilometer_api_dead -<%- end -%> -<%- if @heat_api -%> -acl heat_api_dead nbsrv(heat_api_cluster) lt 1 -monitor fail if heat_api_dead -<%- end -%> -<%- if @heat_cfn_api -%> -acl heat_cfn_api_dead nbsrv(heat_cfn_api_cluster) lt 1 -monitor fail if heat_cfn_api_dead -<%- end -%> -<%- if @heat_cloudwatch_api -%> -acl heat_cloudwatch_api_dead nbsrv(heat_cloudwatch_api_cluster) lt 1 -monitor fail if heat_cloudwatch_api_dead -<%- end -%> -<%- if @horizon -%> -acl horizon_dead nbsrv(horizon_cluster) lt 1 -monitor fail if horizon_dead -<%- end -%> -<%- if @trove_api -%> -acl trove_api_dead nbsrv(trove_api_cluster) lt 1 -monitor fail if trove_api_dead -<%- end -%> - -# Used when forwarding SSL in http headers -acl is-ssl dst_port 443 diff --git a/templates/network/dnsmasq-neutron.conf.erb b/templates/network/dnsmasq-neutron.conf.erb deleted file mode 100644 index 979bd1a1..00000000 --- a/templates/network/dnsmasq-neutron.conf.erb +++ /dev/null @@ -1 +0,0 @@ -dhcp-option-force=26,<%= @veth_mtu %> diff --git a/templates/selinux/sysconfig_selinux.erb b/templates/selinux/sysconfig_selinux.erb deleted file mode 100644 index e3bc2f85..00000000 --- a/templates/selinux/sysconfig_selinux.erb +++ /dev/null @@ -1,11 +0,0 @@ -# This file controls the state of SELinux on the system. -# SELINUX= can take one of these three values: -# enforcing - SELinux security policy is enforced. -# permissive - SELinux prints warnings instead of enforcing. -# disabled - No SELinux policy is loaded. -SELINUX=<%= @mode %> -# SELINUXTYPE= can take one of these two values: -# targeted - Targeted processes are protected, -# minimum - Modification of targeted policy. Only selected processes are protected. -# mls - Multi Level Security protection. -SELINUXTYPE=targeted diff --git a/templates/storage/ceph/ceph-client.conf.erb b/templates/storage/ceph/ceph-client.conf.erb deleted file mode 100644 index 7272d165..00000000 --- a/templates/storage/ceph/ceph-client.conf.erb +++ /dev/null @@ -1,8 +0,0 @@ -<% if @clients %> -<% @clients.each do |client| %> - -[client.<%= client %>] - keyring = /etc/ceph/ceph.client.<%= client %>.keyring - -<% end %> -<% end %> diff --git a/templates/storage/ceph/secret-compute.xml.erb b/templates/storage/ceph/secret-compute.xml.erb deleted file mode 100644 index 52459f1d..00000000 --- a/templates/storage/ceph/secret-compute.xml.erb +++ /dev/null @@ -1,6 +0,0 @@ - - - client.<%= @cinder_rbd_user %> secret - - <%= @ceph_fsid %> -