1 # Copyright 2014 Red Hat, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 if !str2bool(hiera('enable_package_install', 'false')) {
19 Package { provider => 'norpm' } # provided by tripleo-puppet
22 warning('enable_package_install option not supported.')
27 if hiera('step') >= 1 {
32 class { 'mysql::server':
35 'bind-address' => hiera('controller_host')
40 # FIXME: this should only occur on the bootstrap host (ditto for db syncs)
41 # Create all the database schemas
42 # Example DSN format: mysql://user:password@host/dbname
43 $allowed_hosts = ['%',hiera('controller_host')]
44 $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]')
45 class { 'keystone::db::mysql':
46 user => $keystone_dsn[3],
47 password => $keystone_dsn[4],
48 host => $keystone_dsn[5],
49 dbname => $keystone_dsn[6],
50 allowed_hosts => $allowed_hosts,
52 $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]')
53 class { 'glance::db::mysql':
54 user => $glance_dsn[3],
55 password => $glance_dsn[4],
56 host => $glance_dsn[5],
57 dbname => $glance_dsn[6],
58 allowed_hosts => $allowed_hosts,
60 $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]')
61 class { 'nova::db::mysql':
63 password => $nova_dsn[4],
65 dbname => $nova_dsn[6],
66 allowed_hosts => $allowed_hosts,
68 $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]')
69 class { 'neutron::db::mysql':
70 user => $neutron_dsn[3],
71 password => $neutron_dsn[4],
72 host => $neutron_dsn[5],
73 dbname => $neutron_dsn[6],
74 allowed_hosts => $allowed_hosts,
76 $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]')
77 class { 'cinder::db::mysql':
78 user => $cinder_dsn[3],
79 password => $cinder_dsn[4],
80 host => $cinder_dsn[5],
81 dbname => $cinder_dsn[6],
82 allowed_hosts => $allowed_hosts,
84 $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]')
85 class { 'heat::db::mysql':
87 password => $heat_dsn[4],
89 dbname => $heat_dsn[6],
90 allowed_hosts => $allowed_hosts,
92 $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]')
93 class { 'ceilometer::db::mysql':
94 user => $ceilometer_dsn[3],
95 password => $ceilometer_dsn[4],
96 host => $ceilometer_dsn[5],
97 dbname => $ceilometer_dsn[6],
98 allowed_hosts => $allowed_hosts,
101 if $::osfamily == 'RedHat' {
102 $rabbit_provider = 'yum'
104 $rabbit_provider = undef
107 Class['rabbitmq'] -> Rabbitmq_vhost <| |>
108 Class['rabbitmq'] -> Rabbitmq_user <| |>
109 Class['rabbitmq'] -> Rabbitmq_user_permissions <| |>
113 package_provider => $rabbit_provider,
114 config_cluster => false,
115 node_ip_address => hiera('controller_host'),
118 rabbitmq_vhost { '/':
119 provider => 'rabbitmqctl',
121 rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']:
123 password => hiera('rabbit_password'),
124 provider => 'rabbitmqctl',
127 rabbitmq_user_permissions {[
135 configure_permission => '.*',
136 write_permission => '.*',
137 read_permission => '.*',
138 provider => 'rabbitmqctl',
141 # pre-install swift here so we can build rings
146 if hiera('step') >= 2 {
150 #TODO: need a cleanup-keystone-tokens.sh solution here
152 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
154 file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
155 ensure => 'directory',
158 require => Package['keystone'],
160 file { '/etc/keystone/ssl/certs/signing_cert.pem':
161 content => hiera('keystone_signing_certificate'),
164 notify => Service['keystone'],
165 require => File['/etc/keystone/ssl/certs'],
167 file { '/etc/keystone/ssl/private/signing_key.pem':
168 content => hiera('keystone_signing_key'),
171 notify => Service['keystone'],
172 require => File['/etc/keystone/ssl/private'],
174 file { '/etc/keystone/ssl/certs/ca.pem':
175 content => hiera('keystone_ca_certificate'),
178 notify => Service['keystone'],
179 require => File['/etc/keystone/ssl/certs'],
182 # TODO: notifications, scrubber, etc.
183 include ::glance::api
184 include ::glance::registry
185 class { 'glance::backend::swift':
186 swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
190 rabbit_hosts => [hiera('controller_virtual_ip')],
191 glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]),
196 include ::nova::conductor
197 include ::nova::consoleauth
198 include ::nova::vncproxy
199 include ::nova::scheduler
202 rabbit_hosts => [hiera('controller_virtual_ip')],
205 include ::neutron::server
206 include ::neutron::agents::dhcp
207 include ::neutron::agents::l3
209 file { '/etc/neutron/dnsmasq-neutron.conf':
210 content => hiera('neutron_dnsmasq_options'),
213 notify => Service['neutron-dhcp-service'],
214 require => Package['neutron'],
217 class { 'neutron::plugins::ml2':
218 flat_networks => split(hiera('neutron_flat_networks'), ','),
219 tenant_network_types => [hiera('neutron_tenant_network_type')],
220 type_drivers => [hiera('neutron_tenant_network_type')],
223 class { 'neutron::agents::ml2::ovs':
224 bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
225 tunnel_types => split(hiera('neutron_tunnel_types'), ','),
228 class { 'neutron::agents::metadata':
229 auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']),
233 rabbit_hosts => [hiera('controller_virtual_ip')],
236 include ::cinder::api
237 include ::cinder::scheduler
238 include ::cinder::volume
239 include ::cinder::volume::iscsi
240 class {'cinder::setup_test_volume':
241 size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
246 include ::swift::proxy
247 include ::swift::proxy::proxy_logging
248 include ::swift::proxy::healthcheck
249 include ::swift::proxy::cache
250 include ::swift::proxy::keystone
251 include ::swift::proxy::authtoken
252 include ::swift::proxy::staticweb
253 include ::swift::proxy::ceilometer
254 include ::swift::proxy::ratelimit
255 include ::swift::proxy::catch_errors
256 include ::swift::proxy::tempurl
257 include ::swift::proxy::formpost
260 class {'swift::storage::all':
261 mount_check => str2bool(hiera('swift_mount_check'))
263 if(!defined(File['/srv/node'])) {
268 require => Package['openstack-swift'],
271 $swift_components = ['account', 'container', 'object']
272 swift::storage::filter::recon { $swift_components : }
273 swift::storage::filter::healthcheck { $swift_components : }
277 include ::ceilometer::api
278 include ::ceilometer::db
279 include ::ceilometer::agent::notification
280 include ::ceilometer::agent::central
281 include ::ceilometer::alarm::notifier
282 include ::ceilometer::alarm::evaluator
283 include ::ceilometer::expirer
284 include ::ceilometer::collector
285 class { 'ceilometer::agent::auth':
286 auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
289 Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
294 include ::heat::api_cfn
295 include ::heat::api_cloudwatch
296 include ::heat::engine
299 'DEFAULT/instance_user': value => 'heat-admin';
302 $snmpd_user = hiera('snmpd_readonly_user_name')
303 snmp::snmpv3_user { $snmpd_user:
305 authpass => hiera('snmpd_readonly_user_password'),
308 agentaddress => ['udp:161','udp6:[::1]:161'],
309 snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],