--- /dev/null
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::database::schemas
+#
+# OpenStack Database Schema profile for tripleo
+#
+# === Parameters
+#
+# [*ceilometer_backend*]
+# (Optional) Name of the backend for ceilometer storage
+# Defaults to hiera('ceilometer_backend')
+#
+# [*enable_ceilometer*]
+# (Optional) Whether to create schemas for Ceilometer
+# Defaults to true
+#
+# [*enable_cinder*]
+# (Optional) Whether to create schemas for Cinder
+# Defaults to true
+#
+# [*enable_heat*]
+# (Optional) Whether to create schemas for Heat
+# Defaults to true
+#
+# [*enable_keystone*]
+# (Optional) Whether to create schemas for Keystone
+# Defaults to true
+#
+# [*enable_glance*]
+# (Optional) Whether to create schemas for Glance
+# Defaults to true
+#
+# [*enable_nova*]
+# (Optional) Whether to create schemas for Nova
+# Defaults to true
+#
+# [*enable_neutron*]
+# (Optional) Whether to create schemas for Neutron
+# Defaults to true
+#
+# [*enable_sahara*]
+# (Optional) Whether to create schemas for Sahara
+# Defaults to true
+#
+class tripleo::profile::base::database::schemas (
+ $ceilometer_backend = hiera('ceilometer_backend'),
+ $enable_ceilometer = true,
+ $enable_cinder = true,
+ $enable_heat = true,
+ $enable_keystone = true,
+ $enable_glance = true,
+ $enable_nova = true,
+ $enable_neutron = true,
+ $enable_sahara = true
+) {
+ if $enable_ceilometer and downcase($ceilometer_backend) == 'mysql' {
+ include ::ceilometer::db::mysql
+ }
+
+ if $enable_cinder {
+ include ::cinder::db::mysql
+ }
+
+ if $enable_keystone {
+ include ::keystone::db::mysql
+ }
+
+ if $enable_glance {
+ include ::glance::db::mysql
+ }
+
+ if $enable_nova {
+ include ::nova::db::mysql
+ include ::nova::db::mysql_api
+ }
+
+ if $enable_neutron {
+ include ::neutron::db::mysql
+ }
+
+ if $enable_heat {
+ include ::heat::db::mysql
+ }
+
+ if $enable_sahara {
+ include ::sahara::db::mysql
+ }
+
+}
--- /dev/null
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::keystone
+#
+# Keystone profile for tripleo
+#
+# === Parameters
+#
+# [*sync_db*]
+# (Optional) Whether to run db sync
+# Defaults to undef
+#
+# [*manage_service*]
+# (Optional) Whether to manage the keystone service
+# Defaults to undef
+#
+# [*enabled*]
+# (Optional) Whether to enable the keystone service
+# Defaults to undef
+#
+# [*bootstrap_master*]
+# (Optional) The hostname of the node responsible for bootstrapping
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*manage_roles*]
+# (Optional) whether to create keystone admin role
+# Defaults to true
+#
+# [*manage_endpoint*]
+# (Optional) Whether to create keystone endpoints
+# Defaults to true
+#
+# [*manage_db_purge*]
+# (Optional) Whether keystone token flushing should be enabled
+# Defaults to hiera('keystone_enable_db_purge', true)
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+class tripleo::profile::base::keystone (
+ $sync_db = undef,
+ $manage_service = undef,
+ $enabled = undef,
+ $bootstrap_master = undef,
+ $manage_roles = true,
+ $manage_endpoint = true,
+ $manage_db_purge = hiera('keystone_enable_db_purge', true),
+ $step = hiera('step'),
+) {
+
+ if $step >= 4 {
+ class { '::keystone':
+ sync_db => $sync_db,
+ manage_service => $manage_service,
+ enabled => $enabled,
+ enable_bootstrap => $bootstrap_master,
+ }
+
+ include ::keystone::config
+ include ::keystone::wsgi::apache
+
+ if $manage_roles {
+ include ::keystone::roles::admin
+ }
+
+ if $manage_endpoint {
+ include ::keystone::endpoint
+ }
+
+ #TODO: need a cleanup-keystone-tokens.sh solution here
+ file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
+ ensure => 'directory',
+ owner => 'keystone',
+ group => 'keystone',
+ require => Package['keystone'],
+ }
+ file { '/etc/keystone/ssl/certs/signing_cert.pem':
+ content => hiera('keystone_signing_certificate'),
+ owner => 'keystone',
+ group => 'keystone',
+ notify => Service['keystone'],
+ require => File['/etc/keystone/ssl/certs'],
+ }
+ file { '/etc/keystone/ssl/private/signing_key.pem':
+ content => hiera('keystone_signing_key'),
+ owner => 'keystone',
+ group => 'keystone',
+ notify => Service['keystone'],
+ require => File['/etc/keystone/ssl/private'],
+ }
+ file { '/etc/keystone/ssl/certs/ca.pem':
+ content => hiera('keystone_ca_certificate'),
+ owner => 'keystone',
+ group => 'keystone',
+ notify => Service['keystone'],
+ require => File['/etc/keystone/ssl/certs'],
+ }
+ }
+
+ if $step >= 5 and $manage_db_purge {
+ include ::keystone::cron::token_flush
+ }
+}
+
--- /dev/null
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::base::pacemaker::schemas
+#
+# OpenStack Database Schema Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*ceilometer_backend*]
+# (Optional) The backend used by ceilometer, usually either 'mysql'
+# or 'mongodb'
+# Defaults to hiera('ceilometer_backend')
+#
+# [*pacemaker_master*]
+# (Optional) The hostname of the pacemaker master in this cluster
+# Defaults to hiera('bootstrap_nodeid')
+#
+class tripleo::profile::pacemaker::database::schemas (
+ $ceilometer_backend = hiera('ceilometer_backend'),
+ $pacemaker_master = hiera('bootstrap_nodeid')
+) {
+ if downcase($pacemaker_master) == $::hostname {
+ include ::tripleo::profile::base::database::schemas
+
+ if downcase($ceilometer_backend) == 'mysql' {
+ Exec['galera-ready'] -> Class['::ceilometer::db::mysql']
+ }
+
+ Exec['galera-ready'] -> Class['::cinder::db::mysql']
+ Exec['galera-ready'] -> Class['::glance::db::mysql']
+ Exec['galera-ready'] -> Class['::keystone::db::mysql']
+ Exec['galera-ready'] -> Class['::nova::db::mysql']
+ Exec['galera-ready'] -> Class['::nova::db::mysql_api']
+ Exec['galera-ready'] -> Class['::neutron::db::mysql']
+ Exec['galera-ready'] -> Class['::heat::db::mysql']
+ Exec['galera-ready'] -> Class['::sahara::db::mysql']
+ }
+}
--- /dev/null
+# Copyright 2016 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo::profile::pacemaker::keystone
+#
+# Keystone Pacemaker HA profile for tripleo
+#
+# === Parameters
+#
+# [*bootstrap_node*]
+# (Optional) The hostname of the node responsible for bootstrapping tasks
+# Defaults to hiera('bootstrap_nodeid')
+#
+# [*step*]
+# (Optional) The current step in deployment. See tripleo-heat-templates
+# for more details.
+# Defaults to hiera('step')
+#
+# [*enable_load_balancer*]
+# (Optional) Whether load balancing is enabled for this cluster
+# Defaults to hiera('enable_load_balancer', true)
+#
+class tripleo::profile::pacemaker::keystone (
+ $bootstrap_node = hiera('bootstrap_nodeid'),
+ $step = hiera('step'),
+ $enable_load_balancer = hiera('enable_load_balancer', true)
+) {
+
+ if $::hostname == downcase($bootstrap_node) {
+ $pacemaker_master = true
+ } else {
+ $pacemaker_master = false
+ }
+
+ if $step >= 6 and $pacemaker_master {
+ $manage_roles = true
+ Pacemaker::Resource::Service[$::apache::params::service_name] -> Class['::keystone::roles::admin']
+ Pacemaker::Resource::Service[$::apache::params::service_name] -> Class['::keystone::endpoint']
+ } else {
+ $manage_roles = false
+ }
+
+ if $step >= 4 {
+ class { '::tripleo::profile::base::keystone':
+ sync_db => $pacemaker_master,
+ manage_service => false,
+ enabled => false,
+ bootstrap_master => $pacemaker_master,
+ manage_roles => $manage_roles,
+ manage_endpoint => $manage_roles
+ }
+ }
+
+ if $step >= 5 and $pacemaker_master and $enable_load_balancer {
+ pacemaker::constraint::base { 'haproxy-then-keystone-constraint':
+ constraint_type => 'order',
+ first_resource => 'haproxy-clone',
+ second_resource => 'openstack-core-clone',
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Service['haproxy'],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
+ }
+
+ if $step >= 5 and $pacemaker_master {
+ pacemaker::constraint::base { 'rabbitmq-then-keystone-constraint':
+ constraint_type => 'order',
+ first_resource => 'rabbitmq-clone',
+ second_resource => 'openstack-core-clone',
+ first_action => 'start',
+ second_action => 'start',
+ require => [Pacemaker::Resource::Ocf['rabbitmq'],
+ Pacemaker::Resource::Ocf['openstack-core']],
+ }
+ }
+}
Code Review / apex-puppet-tripleo.git / commitdiff