tag == 'cinder-service' or
tag == 'ceilometer-service' or
tag == 'gnocchi-service' or
- tag == 'heat-service' or
tag == 'neutron-service' or
tag == 'nova-service' or
tag == 'sahara-service'
include ::ntp
}
- $controller_node_ips = split(hiera('controller_node_ips'), ',')
- $controller_node_names = split(downcase(hiera('controller_node_names')), ',')
- if $enable_load_balancer {
- class { '::tripleo::loadbalancer' :
- controller_hosts => $controller_node_ips,
- controller_hosts_names => $controller_node_names,
- manage_vip => false,
- mysql_clustercheck => true,
- haproxy_service_manage => false,
- }
- }
-
$pacemaker_cluster_members = downcase(regsubst(hiera('controller_node_names'), ',', ' ', 'G'))
$corosync_ipv6 = str2bool(hiera('corosync_ipv6', false))
if $corosync_ipv6 {
}
}
- # Memcached
- class {'::memcached' :
- service_manage => false,
- }
-
# Redis
class { '::redis' :
service_manage => false,
if $pacemaker_master {
- if $enable_load_balancer {
-
- include ::pacemaker::resource_defaults
-
- # Create an openstack-core dummy resource. See RHBZ 1290121
- pacemaker::resource::ocf { 'openstack-core':
- ocf_agent_name => 'heartbeat:Dummy',
- clone_params => true,
- }
- # FIXME: we should not have to access tripleo::loadbalancer class
- # parameters here to configure pacemaker VIPs. The configuration
- # of pacemaker VIPs could move into puppet-tripleo or we should
- # make use of less specific hiera parameters here for the settings.
- pacemaker::resource::service { 'haproxy':
- clone_params => true,
- }
-
- $control_vip = hiera('tripleo::loadbalancer::controller_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_control_vip':
- vip_name => 'control',
- ip_address => $control_vip,
- }
-
- $public_vip = hiera('tripleo::loadbalancer::public_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_public_vip':
- ensure => $public_vip and $public_vip != $control_vip,
- vip_name => 'public',
- ip_address => $public_vip,
- }
-
- $redis_vip = hiera('redis_vip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_redis_vip':
- ensure => $redis_vip and $redis_vip != $control_vip,
- vip_name => 'redis',
- ip_address => $redis_vip,
- }
-
-
- $internal_api_vip = hiera('tripleo::loadbalancer::internal_api_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_internal_api_vip':
- ensure => $internal_api_vip and $internal_api_vip != $control_vip,
- vip_name => 'internal_api',
- ip_address => $internal_api_vip,
- }
-
- $storage_vip = hiera('tripleo::loadbalancer::storage_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_vip':
- ensure => $storage_vip and $storage_vip != $control_vip,
- vip_name => 'storage',
- ip_address => $storage_vip,
- }
+ include ::pacemaker::resource_defaults
- $storage_mgmt_vip = hiera('tripleo::loadbalancer::storage_mgmt_virtual_ip')
- tripleo::pacemaker::haproxy_with_vip { 'haproxy_and_storage_mgmt_vip':
- ensure => $storage_mgmt_vip and $storage_mgmt_vip != $control_vip,
- vip_name => 'storage_mgmt',
- ip_address => $storage_mgmt_vip,
- }
- }
-
- pacemaker::resource::service { $::memcached::params::service_name :
- clone_params => 'interleave=true',
- require => Class['::memcached'],
+ # Create an openstack-core dummy resource. See RHBZ 1290121
+ pacemaker::resource::ocf { 'openstack-core':
+ ocf_agent_name => 'heartbeat:Dummy',
+ clone_params => true,
}
if downcase(hiera('ceilometer_backend')) == 'mongodb' {
}
}
+ $mysql_root_password = hiera('mysql::server::root_password')
+ $mysql_clustercheck_password = hiera('mysql_clustercheck_password')
+ # This step is to create a sysconfig clustercheck file with the root user and empty password
+ # on the first install only (because later on the clustercheck db user will be used)
+ # We are using exec and not file in order to not have duplicate definition errors in puppet
+ # when we later set the the file to contain the clustercheck data
+ exec { 'create-root-sysconfig-clustercheck':
+ command => "/bin/echo 'MYSQL_USERNAME=root\nMYSQL_PASSWORD=\'\'\nMYSQL_HOST=localhost\n' > /etc/sysconfig/clustercheck",
+ unless => '/bin/test -e /etc/sysconfig/clustercheck && grep -q clustercheck /etc/sysconfig/clustercheck',
+ }
exec { 'galera-ready' :
command => '/usr/bin/clustercheck >/dev/null',
tries => 180,
try_sleep => 10,
environment => ['AVAILABLE_WHEN_READONLY=0'],
- require => File['/etc/sysconfig/clustercheck'],
- }
-
- file { '/etc/sysconfig/clustercheck' :
- ensure => file,
- content => "MYSQL_USERNAME=root\n
-MYSQL_PASSWORD=''\n
-MYSQL_HOST=localhost\n",
+ require => Exec['create-root-sysconfig-clustercheck'],
}
xinetd::service { 'galera-monitor' :
service_type => 'UNLISTED',
user => 'root',
group => 'root',
- require => File['/etc/sysconfig/clustercheck'],
+ require => Exec['create-root-sysconfig-clustercheck'],
+ }
+ # We add a clustercheck db user and we will switch /etc/sysconfig/clustercheck
+ # to it in a later step. We do this only on one node as it will replicate on
+ # the other members. We also make sure that the permissions are the minimum necessary
+ if $pacemaker_master {
+ mysql_user { 'clustercheck@localhost':
+ ensure => 'present',
+ password_hash => mysql_password($mysql_clustercheck_password),
+ require => Exec['galera-ready'],
+ }
+ mysql_grant { 'clustercheck@localhost/*.*':
+ ensure => 'present',
+ options => ['GRANT'],
+ privileges => ['PROCESS'],
+ table => '*.*',
+ user => 'clustercheck@localhost',
+ }
}
# Create all the database schemas
class { '::cinder::db::mysql':
require => Exec['galera-ready'],
}
- class { '::heat::db::mysql':
- require => Exec['galera-ready'],
- }
if downcase(hiera('ceilometer_backend')) == 'mysql' {
class { '::ceilometer::db::mysql':
}
}
- # pre-install swift here so we can build rings
- include ::swift
-
# Ceph
$enable_ceph = hiera('ceph_storage_count', 0) > 0 or hiera('enable_ceph_storage', false)
} #END STEP 2
if hiera('step') >= 4 or ( hiera('step') >= 3 and $sync_db ) {
+ # At this stage we are guaranteed that the clustercheck db user exists
+ # so we switch the resource agent to use it.
+ file { '/etc/sysconfig/clustercheck' :
+ ensure => file,
+ mode => '0600',
+ owner => 'root',
+ group => 'root',
+ content => "MYSQL_USERNAME=clustercheck\n
+MYSQL_PASSWORD='${mysql_clustercheck_password}'\n
+MYSQL_HOST=localhost\n",
+ }
$nova_ipv6 = hiera('nova::use_ipv6', false)
if $nova_ipv6 {
class {'::tripleo::network::midonet::api':
zookeeper_servers => $zookeeper_node_ips,
- vip => hiera('tripleo::loadbalancer::public_virtual_ip'),
- keystone_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
+ vip => hiera('public_virtual_ip'),
+ keystone_ip => hiera('public_virtual_ip'),
keystone_admin_token => hiera('keystone::admin_token'),
# TODO: create a 'bind' hiera key for api
bind_address => hiera('neutron::bind_host'),
}
if hiera('neutron::core_plugin') == 'midonet.neutron.plugin_v1.MidonetPluginV2' {
class {'::neutron::plugins::midonet':
- midonet_api_ip => hiera('tripleo::loadbalancer::public_virtual_ip'),
+ midonet_api_ip => hiera('public_virtual_ip'),
keystone_tenant => hiera('neutron::server::auth_tenant'),
- keystone_password => hiera('neutron::server::auth_password')
+ keystone_password => hiera('neutron::server::password')
}
}
if hiera('neutron::core_plugin') == 'networking_plumgrid.neutron.plugins.plugin.NeutronPluginPLUMgridV2' {
include ::cinder
include ::cinder::config
- include ::tripleo::ssl::cinder_config
class { '::cinder::api':
sync_db => $sync_db,
manage_service => false,
enabled => false,
}
- # swift proxy
- class { '::swift::proxy' :
- manage_service => $non_pcmk_start,
- enabled => $non_pcmk_start,
- }
- include ::swift::proxy::proxy_logging
- include ::swift::proxy::healthcheck
- include ::swift::proxy::cache
- include ::swift::proxy::keystone
- include ::swift::proxy::authtoken
- include ::swift::proxy::staticweb
- include ::swift::proxy::ratelimit
- include ::swift::proxy::catch_errors
- include ::swift::proxy::tempurl
- include ::swift::proxy::formpost
-
# swift storage
if str2bool(hiera('enable_swift_storage', true)) {
class {'::swift::storage::all':
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
- # Heat
- include ::heat::config
- class { '::heat' :
- sync_db => $sync_db,
- notification_driver => 'messaging',
- }
- class { '::heat::api' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::api_cfn' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::api_cloudwatch' :
- manage_service => false,
- enabled => false,
- }
- class { '::heat::engine' :
- manage_service => false,
- enabled => false,
- }
-
# httpd/apache and horizon
# NOTE(gfidente): server-status can be consumed by the pacemaker resource agent
class { '::apache' :
} #END STEP 4
if hiera('step') >= 5 {
+ # We now make sure that the root db password is set to a random one
+ # At first installation /root/.my.cnf will be empty and we connect without a root
+ # password. On second runs or updates /root/.my.cnf will already be populated
+ # with proper credentials. This step happens on every node because this sql
+ # statement does not automatically replicate across nodes.
+ exec { 'galera-set-root-password':
+ command => "/bin/touch /root/.my.cnf && /bin/echo \"UPDATE mysql.user SET Password = PASSWORD('${mysql_root_password}') WHERE user = 'root'; flush privileges;\" | /bin/mysql --defaults-extra-file=/root/.my.cnf -u root",
+ }
+ file { '/root/.my.cnf' :
+ ensure => file,
+ mode => '0600',
+ owner => 'root',
+ group => 'root',
+ content => "[client]
+user=root
+password=\"${mysql_root_password}\"
+
+[mysql]
+user=root
+password=\"${mysql_root_password}\"",
+ require => Exec['galera-set-root-password'],
+ }
+
$nova_enable_db_purge = hiera('nova_enable_db_purge', true)
$cinder_enable_db_purge = hiera('cinder_enable_db_purge', true)
- $heat_enable_db_purge = hiera('heat_enable_db_purge', true)
if $nova_enable_db_purge {
include ::nova::cron::archive_deleted_rows
if $cinder_enable_db_purge {
include ::cinder::cron::db_purge
}
- if $heat_enable_db_purge {
- include ::heat::cron::purge_deleted
- }
if $pacemaker_master {
require => [Pacemaker::Resource::Service[$::apache::params::service_name],
Pacemaker::Resource::Ocf['openstack-core']],
}
- pacemaker::constraint::base { 'memcached-then-openstack-core-constraint':
- constraint_type => 'order',
- first_resource => 'memcached-clone',
- second_resource => 'openstack-core-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service['memcached'],
- Pacemaker::Resource::Ocf['openstack-core']],
- }
pacemaker::constraint::base { 'galera-then-openstack-core-constraint':
constraint_type => 'order',
first_resource => 'galera-master',
pacemaker::resource::service { $::ceilometer::params::agent_notification_service_name :
clone_params => 'interleave=true',
}
- pacemaker::resource::ocf { 'delay' :
- ocf_agent_name => 'heartbeat:Delay',
- clone_params => 'interleave=true',
- resource_params => 'startdelay=10',
- }
# Fedora doesn't know `require-all` parameter for constraints yet
if $::operatingsystem == 'Fedora' {
$redis_ceilometer_constraint_params = undef
require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
Pacemaker::Resource::Service[$::ceilometer::params::collector_service_name]],
}
- pacemaker::constraint::base { 'ceilometer-api-then-ceilometer-delay-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::api_service_name}-clone",
- second_resource => 'delay-clone',
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
- pacemaker::constraint::colocation { 'ceilometer-delay-with-ceilometer-api-colocation':
- source => 'delay-clone',
- target => "${::ceilometer::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::ceilometer::params::api_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
# Aodh
pacemaker::resource::service { $::aodh::params::evaluator_service_name :
clone_params => 'interleave=true',
pacemaker::resource::service { $::aodh::params::listener_service_name :
clone_params => 'interleave=true',
}
- pacemaker::constraint::base { 'aodh-delay-then-aodh-evaluator-constraint':
- constraint_type => 'order',
- first_resource => 'delay-clone',
- second_resource => "${::aodh::params::evaluator_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
- pacemaker::constraint::colocation { 'aodh-evaluator-with-aodh-delay-colocation':
- source => "${::aodh::params::evaluator_service_name}-clone",
- target => 'delay-clone',
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::aodh::params::evaluator_service_name],
- Pacemaker::Resource::Ocf['delay']],
- }
pacemaker::constraint::base { 'aodh-evaluator-then-aodh-notifier-constraint':
constraint_type => 'order',
first_resource => "${::aodh::params::evaluator_service_name}-clone",
Pacemaker::Resource::Service[$::gnocchi::params::statsd_service_name]],
}
- # Heat
- pacemaker::resource::service { $::heat::params::api_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::api_cloudwatch_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::api_cfn_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::resource::service { $::heat::params::engine_service_name :
- clone_params => 'interleave=true',
- }
- pacemaker::constraint::base { 'heat-api-then-heat-api-cfn-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_service_name}-clone",
- second_resource => "${::heat::params::api_cfn_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-api-cfn-with-heat-api-colocation':
- source => "${::heat::params::api_cfn_service_name}-clone",
- target => "${::heat::params::api_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_service_name]],
- }
- pacemaker::constraint::base { 'heat-api-cfn-then-heat-api-cloudwatch-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_cfn_service_name}-clone",
- second_resource => "${::heat::params::api_cloudwatch_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-api-cloudwatch-with-heat-api-cfn-colocation':
- source => "${::heat::params::api_cloudwatch_service_name}-clone",
- target => "${::heat::params::api_cfn_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cfn_service_name],
- Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name]],
- }
- pacemaker::constraint::base { 'heat-api-cloudwatch-then-heat-engine-constraint':
- constraint_type => 'order',
- first_resource => "${::heat::params::api_cloudwatch_service_name}-clone",
- second_resource => "${::heat::params::engine_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
- }
- pacemaker::constraint::colocation { 'heat-engine-with-heat-api-cloudwatch-colocation':
- source => "${::heat::params::engine_service_name}-clone",
- target => "${::heat::params::api_cloudwatch_service_name}-clone",
- score => 'INFINITY',
- require => [Pacemaker::Resource::Service[$::heat::params::api_cloudwatch_service_name],
- Pacemaker::Resource::Service[$::heat::params::engine_service_name]],
- }
- pacemaker::constraint::base { 'ceilometer-notification-then-heat-api-constraint':
- constraint_type => 'order',
- first_resource => "${::ceilometer::params::agent_notification_service_name}-clone",
- second_resource => "${::heat::params::api_service_name}-clone",
- first_action => 'start',
- second_action => 'start',
- require => [Pacemaker::Resource::Service[$::heat::params::api_service_name],
- Pacemaker::Resource::Service[$::ceilometer::params::agent_notification_service_name]],
- }
-
# Horizon and Keystone
pacemaker::resource::service { $::apache::params::service_name:
clone_params => 'interleave=true',