1 # Copyright 2014 Red Hat, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 if !str2bool(hiera('enable_package_install', 'false')) {
19 Package { provider => 'norpm' } # provided by tripleo-puppet
22 warning('enable_package_install option not supported.')
27 if hiera('step') >= 1 {
29 if count(hiera('ntp::servers')) > 0 {
34 class { 'mysql::server':
37 'bind-address' => hiera('controller_host')
42 # FIXME: this should only occur on the bootstrap host (ditto for db syncs)
43 # Create all the database schemas
44 # Example DSN format: mysql://user:password@host/dbname
45 $allowed_hosts = ['%',hiera('controller_host')]
46 $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]')
47 class { 'keystone::db::mysql':
48 user => $keystone_dsn[3],
49 password => $keystone_dsn[4],
50 host => $keystone_dsn[5],
51 dbname => $keystone_dsn[6],
52 allowed_hosts => $allowed_hosts,
54 $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]')
55 class { 'glance::db::mysql':
56 user => $glance_dsn[3],
57 password => $glance_dsn[4],
58 host => $glance_dsn[5],
59 dbname => $glance_dsn[6],
60 allowed_hosts => $allowed_hosts,
62 $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]')
63 class { 'nova::db::mysql':
65 password => $nova_dsn[4],
67 dbname => $nova_dsn[6],
68 allowed_hosts => $allowed_hosts,
70 $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]')
71 class { 'neutron::db::mysql':
72 user => $neutron_dsn[3],
73 password => $neutron_dsn[4],
74 host => $neutron_dsn[5],
75 dbname => $neutron_dsn[6],
76 allowed_hosts => $allowed_hosts,
78 $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]')
79 class { 'cinder::db::mysql':
80 user => $cinder_dsn[3],
81 password => $cinder_dsn[4],
82 host => $cinder_dsn[5],
83 dbname => $cinder_dsn[6],
84 allowed_hosts => $allowed_hosts,
86 $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]')
87 class { 'heat::db::mysql':
89 password => $heat_dsn[4],
91 dbname => $heat_dsn[6],
92 allowed_hosts => $allowed_hosts,
94 $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]')
95 class { 'ceilometer::db::mysql':
96 user => $ceilometer_dsn[3],
97 password => $ceilometer_dsn[4],
98 host => $ceilometer_dsn[5],
99 dbname => $ceilometer_dsn[6],
100 allowed_hosts => $allowed_hosts,
103 if $::osfamily == 'RedHat' {
104 $rabbit_provider = 'yum'
106 $rabbit_provider = undef
109 Class['rabbitmq'] -> Rabbitmq_vhost <| |>
110 Class['rabbitmq'] -> Rabbitmq_user <| |>
111 Class['rabbitmq'] -> Rabbitmq_user_permissions <| |>
115 package_provider => $rabbit_provider,
116 config_cluster => false,
117 node_ip_address => hiera('controller_host'),
120 rabbitmq_vhost { '/':
121 provider => 'rabbitmqctl',
123 rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']:
125 password => hiera('rabbit_password'),
126 provider => 'rabbitmqctl',
129 rabbitmq_user_permissions {[
137 configure_permission => '.*',
138 write_permission => '.*',
139 read_permission => '.*',
140 provider => 'rabbitmqctl',
143 # pre-install swift here so we can build rings
148 if hiera('step') >= 2 {
152 #TODO: need a cleanup-keystone-tokens.sh solution here
154 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
156 file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
157 ensure => 'directory',
160 require => Package['keystone'],
162 file { '/etc/keystone/ssl/certs/signing_cert.pem':
163 content => hiera('keystone_signing_certificate'),
166 notify => Service['keystone'],
167 require => File['/etc/keystone/ssl/certs'],
169 file { '/etc/keystone/ssl/private/signing_key.pem':
170 content => hiera('keystone_signing_key'),
173 notify => Service['keystone'],
174 require => File['/etc/keystone/ssl/private'],
176 file { '/etc/keystone/ssl/certs/ca.pem':
177 content => hiera('keystone_ca_certificate'),
180 notify => Service['keystone'],
181 require => File['/etc/keystone/ssl/certs'],
184 # TODO: notifications, scrubber, etc.
185 include ::glance::api
186 include ::glance::registry
187 #class { 'glance::backend::swift':
188 #swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
192 rabbit_hosts => [hiera('controller_virtual_ip')],
193 glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]),
198 include ::nova::conductor
199 include ::nova::consoleauth
200 include ::nova::vncproxy
201 include ::nova::scheduler
204 rabbit_hosts => [hiera('controller_virtual_ip')],
207 include ::neutron::server
208 include ::neutron::agents::dhcp
209 include ::neutron::agents::l3
211 file { '/etc/neutron/dnsmasq-neutron.conf':
212 content => hiera('neutron_dnsmasq_options'),
215 notify => Service['neutron-dhcp-service'],
216 require => Package['neutron'],
219 class { 'neutron::plugins::ml2':
220 flat_networks => split(hiera('neutron_flat_networks'), ','),
221 tenant_network_types => [hiera('neutron_tenant_network_type')],
222 type_drivers => [hiera('neutron_tenant_network_type')],
225 class { 'neutron::agents::ml2::ovs':
226 bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
227 tunnel_types => split(hiera('neutron_tunnel_types'), ','),
230 class { 'neutron::agents::metadata':
231 auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']),
235 rabbit_hosts => [hiera('controller_virtual_ip')],
238 include ::cinder::api
239 include ::cinder::scheduler
240 include ::cinder::volume
241 include ::cinder::volume::iscsi
242 class {'cinder::setup_test_volume':
243 size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
248 #include ::swift::proxy
249 #include ::swift::proxy::proxy_logging
250 #include ::swift::proxy::healthcheck
251 #include ::swift::proxy::cache
252 #include ::swift::proxy::keystone
253 #include ::swift::proxy::authtoken
254 #include ::swift::proxy::staticweb
255 #include ::swift::proxy::ceilometer
256 #include ::swift::proxy::ratelimit
257 #include ::swift::proxy::catch_errors
258 #include ::swift::proxy::tempurl
259 #include ::swift::proxy::formpost
262 class {'swift::storage::all':
263 mount_check => str2bool(hiera('swift_mount_check'))
265 if(!defined(File['/srv/node'])) {
270 require => Package['openstack-swift'],
273 $swift_components = ['account', 'container', 'object']
274 swift::storage::filter::recon { $swift_components : }
275 swift::storage::filter::healthcheck { $swift_components : }
279 include ::ceilometer::api
280 include ::ceilometer::db
281 include ::ceilometer::agent::notification
282 include ::ceilometer::agent::central
283 include ::ceilometer::alarm::notifier
284 include ::ceilometer::alarm::evaluator
285 include ::ceilometer::expirer
286 include ::ceilometer::collector
287 class { 'ceilometer::agent::auth':
288 auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
291 Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
296 include ::heat::api_cfn
297 include ::heat::api_cloudwatch
298 include ::heat::engine
301 'DEFAULT/instance_user': value => 'heat-admin';
304 $snmpd_user = hiera('snmpd_readonly_user_name')
305 snmp::snmpv3_user { $snmpd_user:
307 authpass => hiera('snmpd_readonly_user_password'),
310 agentaddress => ['udp:161','udp6:[::1]:161'],
311 snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],