Correctly bind OpenStack process to *_eth

Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
2014-01-02 16:57:11 +01:00 · 2014-01-02 16:57:11 +01:00 · 5eb021ce0e
commit 5eb021ce0e
parent b0be31b966
9 changed files with 49 additions and 33 deletions
--- a/manifests/compute/controller.pp
+++ b/manifests/compute/controller.pp
@ -39,6 +39,7 @@ class privatecloud::compute::controller(
    enabled                              => true,
    auth_host                            => $ks_keystone_internal_host,
    admin_password                       => $ks_nova_password,
+    api_bind_address                     => $api_eth,
    neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_shared_secret,
  }

--- a/manifests/identity.pp
+++ b/manifests/identity.pp
@ -331,6 +331,8 @@ class privatecloud::identity (
    token_format     => 'UUID',
    use_syslog       => true,
    verbose          => $verbose,
+    bind_host        => $api_eth,
+    bind_port        => $ks_keystone_internal_port
  }

  keystone_config {
--- a/manifests/image.pp
+++ b/manifests/image.pp
@ -35,7 +35,7 @@
 #   (optional) Internal Hostname or IP to connect to Keystone API
 #   Default value in params
 #
-# [*ks_glance_public_port*]
+# [*ks_glance_internal_port*]
 #   (optional) TCP port to connect to Glance API from internal network
 #   Default value in params
 #
@ -61,7 +61,7 @@ class privatecloud::image(
  $glance_db_user              = $os_params::glance_db_user,
  $glance_db_password          = $os_params::glance_db_password,
  $ks_keystone_internal_host   = $os_params::ks_keystone_internal_host,
-  $ks_glance_public_port       = $os_params::ks_glance_public_port,
+  $ks_glance_internal_port     = $os_params::ks_glance_internal_port,
  $ks_glance_password          = $os_params::ks_glance_password,
  $rabbit_password             = $os_params::rabbit_password,
  $rabbit_host                 = $os_params::rabbit_hosts[0],
@ -72,15 +72,16 @@ class privatecloud::image(
  $encoded_glance_password = uriescape($glance_db_password)

  class { ['glance::api', 'glance::registry']:
-    sql_connection            => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance",
-    verbose                   => false,
-    debug                     => false,
-    auth_host                 => $ks_keystone_internal_host,
-    keystone_password         => $ks_glance_password,
-    keystone_tenant           => 'services',
-    keystone_user             => 'glance',
-    log_facility              => 'LOG_LOCAL0',
-    use_syslog                => true
+    sql_connection    => "mysql://${encoded_glance_user}:${encoded_glance_password}@${glance_db_host}/glance",
+    verbose           => false,
+    debug             => false,
+    auth_host         => $ks_keystone_internal_host,
+    keystone_password => $ks_glance_password,
+    keystone_tenant   => 'services',
+    keystone_user     => 'glance',
+    log_facility      => 'LOG_LOCAL0',
+    bind_host         => $api_eth,
+    use_syslog        => true
  }

  class { 'glance::notify::rabbitmq':
--- a/manifests/network.pp
+++ b/manifests/network.pp
@ -46,6 +46,7 @@ class privatecloud::network(
  $rabbit_hosts        = $os_params::rabbit_hosts,
  $rabbit_password     = $os_params::rabbit_password,
  $tunnel_eth          = $os_params::tunnel_eth,
+  $api_eth             = $os_params::api_eth
 ) {

  class { 'neutron':
@ -56,6 +57,7 @@ class privatecloud::network(
    rabbit_hosts            => $rabbit_hosts,
    rabbit_password         => $rabbit_password,
    rabbit_virtual_host     => '/',
+    bind_host               => $api_eth,
    dhcp_agents_per_network => '2',
    core_plugin             => 'neutron.plugins.ml2.plugin.Ml2Plugin',
    service_plugins         => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin']
--- a/manifests/object/controller.pp
+++ b/manifests/object/controller.pp
@ -33,7 +33,7 @@ class privatecloud::object::controller(
  include 'privatecloud::object'

  class { 'swift::proxy':
-    proxy_local_net_ip => $::ipaddress_eth0,
+    proxy_local_net_ip => $api_eth,
    port               => $ks_swift_internal_port,
    pipeline           => [
      #'catch_errors', 'healthcheck', 'cache', 'bulk', 'ratelimit',
--- a/manifests/object/storage.pp
+++ b/manifests/object/storage.pp
@ -28,7 +28,7 @@ define set_io_scheduler(){

 # swift storage
 class privatecloud::object::storage (
-  $api_eth        = $os_params::api_eth,
+  $storage_eth    = $os_params::storage_eth,
  $swift_zone     = undef,
  $object_port    = '6000',
  $container_port = '6001',
@ -39,7 +39,7 @@ class privatecloud::object::storage (
  include 'privatecloud::object'

  class { 'swift::storage':
-    storage_local_net_ip => $api_eth,
+    storage_local_net_ip => $storage_eth,
  }

  Rsync::Server::Module {
@ -49,7 +49,7 @@ class privatecloud::object::storage (

  Swift::Storage::Server {
    #devices                => $devices,
-    storage_local_net_ip    => $api_eth,
+    storage_local_net_ip    => $storage_eth,
    workers                 => inline_template('<%= @processorcount.to_i / 2 %>'),
    replicator_concurrency  => 2,
    updater_concurrency     => 1,
@ -98,22 +98,22 @@ allow_versions = on
  set_io_scheduler{'sdb':}
  set_io_scheduler{$object_nodes:}

-  @@ring_container_device { "${api_eth}:${container_port}/sdb":
+  @@ring_container_device { "${storage_eth}:${container_port}/sdb":
    zone        => $swift_zone,
    weight      => '100.0',
  }
-  @@ring_account_device { "${api_eth}:${account_port}/sdb":
+  @@ring_account_device { "${storage_eth}:${account_port}/sdb":
    zone        => $swift_zone,
    weight      => '100.0',
  }
-  $object_urls = prefix($object_nodes, "${api_eth}:${object_port}/")
+  $object_urls = prefix($object_nodes, "${storage_eth}:${object_port}/")
  @@ring_object_device {$object_urls:
    zone        => $swift_zone,
    weight      => '100.0',
  }

-  class{[
-    'swift::storage::object',
+  class{
+    ['swift::storage::object',
    'swift::storage::container',
    'swift::storage::account']:
  }
--- a/manifests/orchestration/api.pp
+++ b/manifests/orchestration/api.pp
@ -17,25 +17,34 @@
 #

 class privatecloud::orchestration::api(
-  $ks_heat_public_port             = $os_params::ks_heat_public_port,
-  $ks_heat_cfn_public_port         = $os_params::ks_heat_cfn_public_port,
-  $ks_heat_cloudwatch_public_port  = $os_params::ks_heat_cloudwatch_public_port,
-  $api_eth                         = $os_params::api_eth,
+  $ks_heat_internal_port            = $os_params::ks_heat_internal_port,
+  $ks_heat_cfn_internal_port        = $os_params::ks_heat_cfn_internal_port,
+  $ks_heat_cloudwatch_internal_port = $os_params::ks_heat_cloudwatch_internal_port,
+  $api_eth                          = $os_params::api_eth,
 ) {

  include 'privatecloud::orchestration'

-  class { 'heat::api': }
+  class { 'heat::api':
+    bind_host => $api_eth,
+    bind_port => $ks_heat_internal_port
+  }

-  class { 'heat::api_cfn': }
+  class { 'heat::api_cfn':
+    bind_host => $api_eth,
+    bind_port => $ks_heat_cfn_internal_port
+  }

-  class { 'heat::api_cloudwatch': }
+  class { 'heat::api_cloudwatch':
+    bind_host => $api_eth,
+    bind_port => $ks_heat_cloudwatch_internal_port
+  }

  @@haproxy::balancermember{"${::fqdn}-heat_api":
    listening_service => 'heat_api_cluster',
    server_names      => $::hostname,
    ipaddresses       => $api_eth,
-    ports             => $ks_heat_public_port,
+    ports             => $ks_heat_internal_port,
    options           => 'check inter 2000 rise 2 fall 5'
  }

@ -43,7 +52,7 @@ class privatecloud::orchestration::api(
    listening_service => 'heat_cfn_api_cluster',
    server_names      => $::hostname,
    ipaddresses       => $api_eth,
-    ports             => $ks_heat_cfn_public_port,
+    ports             => $ks_heat_cfn_internal_port,
    options           => 'check inter 2000 rise 2 fall 5'
  }

@ -51,7 +60,7 @@ class privatecloud::orchestration::api(
    listening_service => 'heat_cloudwatch_api_cluster',
    server_names      => $::hostname,
    ipaddresses       => $api_eth,
-    ports             => $ks_heat_cloudwatch_public_port,
+    ports             => $ks_heat_cloudwatch_internal_port,
    options           => 'check inter 2000 rise 2 fall 5'
  }

--- a/manifests/telemetry/server.pp
+++ b/manifests/telemetry/server.pp
@ -19,7 +19,7 @@
 class privatecloud::telemetry::server(
  $ks_keystone_internal_host      = $os_params::ks_keystone_internal_host,
  $ks_keystone_internal_proto     = $os_params::ks_keystone_internal_proto,
-  $ks_ceilometer_internal_port    = $os_params::ks_keystone_internal_port,
+  $ks_ceilometer_internal_port    = $os_params::ks_ceilometer_internal_port,
  $ks_ceilometer_password         = $os_params::ks_ceilometer_password,
  $ceilometer_database_connection = $os_params::ceilometer_database_connection,
  $api_eth                        = $os_params::api_eth,
--- a/manifests/volume/controller.pp
+++ b/manifests/volume/controller.pp
@ -31,8 +31,9 @@ class privatecloud::volume::controller(
  class { 'cinder::scheduler': }

  class { 'cinder::api':
-    keystone_password      => $ks_cinder_password,
-    keystone_auth_host     => $ks_keystone_internal_host,
+    keystone_password  => $ks_cinder_password,
+    keystone_auth_host => $ks_keystone_internal_host,
+    bind_host          => $api_eth
  }

  class { 'cinder::backup': }