Fix missing groups for fluentd user

This patch moves fluentd deployment to step 4 (the same as openstack services)
and makes resource for user fluentd be dependent on all openstack packages,
so that we avoid errors such as "usermod: group 'cinder' does not exist".

Change-Id: Ibabd4688c00c6a12ea22055c95563d906716954d

diff --git a/manifests/profile/base/logging/fluentd.pp b/manifests/profile/base/logging/fluentd.pp
index 9e1aa8d..fc996e9 100644 (file)
--- a/manifests/profile/base/logging/fluentd.pp
+++ b/manifests/profile/base/logging/fluentd.pp
@@ -71,105 +71,109 @@ class tripleo::profile::base::logging::fluentd (
   $fluentd_listen_syslog = true,
   $fluentd_syslog_port = 42185
 ) {
-  include ::fluentd
 
-  if $fluentd_groups {
-    user { $::fluentd::config_owner:
-      ensure     => present,
-      groups     => $fluentd_groups,
-      membership => 'minimum',
+  if $step >= 4 {
+    include ::fluentd
+
+    if $fluentd_groups {
+      Package<| tag == 'openstack' |> ->
+      user { $::fluentd::config_owner:
+        ensure     => present,
+        groups     => $fluentd_groups,
+        membership => 'minimum',
+      }
     }
-  }
 
-  if $fluentd_pos_file_path {
-    file { $fluentd_pos_file_path:
-      ensure => 'directory',
-      owner  => $::fluentd::config_owner,
-      group  => $::fluentd::config_group,
-      mode   => '0750',
+    if $fluentd_pos_file_path {
+      file { $fluentd_pos_file_path:
+        ensure => 'directory',
+        owner  => $::fluentd::config_owner,
+        group  => $::fluentd::config_group,
+        mode   => '0750',
+      }
     }
-  }
 
-  ::fluentd::plugin { 'rubygem-fluent-plugin-add':
-    plugin_provider => 'yum',
-  }
+    ::fluentd::plugin { 'rubygem-fluent-plugin-add':
+      plugin_provider => 'yum',
+    }
 
-  if $fluentd_sources {
-    ::fluentd::config { '100-openstack-sources.conf':
-      config => {
-        'source' => $fluentd_sources,
+    if $fluentd_sources {
+      ::fluentd::config { '100-openstack-sources.conf':
+        config => {
+          'source' => $fluentd_sources,
+        }
       }
     }
-  }
 
-  if $fluentd_listen_syslog {
-    # fluentd will receive syslog messages by listening on a local udp
-    # socket.
-    ::fluentd::config { '110-system-sources.conf':
-      config => {
-        'source' => {
-          'type' => 'syslog',
-          'tag'  => 'system.messages',
-          'port' => $fluentd_syslog_port,
+    if $fluentd_listen_syslog {
+      # fluentd will receive syslog messages by listening on a local udp
+      # socket.
+      ::fluentd::config { '110-system-sources.conf':
+        config => {
+          'source' => {
+            'type' => 'syslog',
+            'tag'  => 'system.messages',
+            'port' => $fluentd_syslog_port,
+          }
         }
       }
-    }
 
-    file { '/etc/rsyslog.d/fluentd.conf':
-      content => "*.* @127.0.0.1:${fluentd_syslog_port}",
-      owner   => 'root',
-      group   => 'root',
-      mode    => '0644',
-    } ~> exec { 'reload rsyslog':
-      command => '/bin/systemctl restart rsyslog',
+      file { '/etc/rsyslog.d/fluentd.conf':
+        content => "*.* @127.0.0.1:${fluentd_syslog_port}",
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+      } ~> exec { 'reload rsyslog':
+        command => '/bin/systemctl restart rsyslog',
+      }
     }
-  }
 
-  if $fluentd_filters {
-    ::fluentd::config { '200-openstack-filters.conf':
-      config => {
-        'filter' => $fluentd_filters,
+    if $fluentd_filters {
+      ::fluentd::config { '200-openstack-filters.conf':
+        config => {
+          'filter' => $fluentd_filters,
+        }
       }
     }
-  }
 
-  if $fluentd_servers and !empty($fluentd_servers) {
-    if $fluentd_use_ssl {
-      ::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward':
-        plugin_provider => 'yum',
-      }
+    if $fluentd_servers and !empty($fluentd_servers) {
+      if $fluentd_use_ssl {
+        ::fluentd::plugin { 'rubygem-fluent-plugin-secure-forward':
+          plugin_provider => 'yum',
+        }
 
-      file {'/etc/fluentd/ca_cert.pem':
-        content => $fluentd_ssl_certificate,
-        owner   => $::fluentd::config_owner,
-        group   => $::fluentd::config_group,
-        mode    => '0444',
-      }
+        file {'/etc/fluentd/ca_cert.pem':
+          content => $fluentd_ssl_certificate,
+          owner   => $::fluentd::config_owner,
+          group   => $::fluentd::config_group,
+          mode    => '0444',
+        }
 
-      ::fluentd::config { '300-openstack-matches.conf':
-        config => {
-          'match' => {
-            # lint:ignore:single_quote_string_with_variables
-            # lint:ignore:quoted_booleans
-            'type'          => 'secure_forward',
-            'tag_pattern'   => '**',
-            'self_hostname' => '${hostname}',
-            'secure'        => 'true',
-            'ca_cert_path'  => '/etc/fluentd/ca_cert.pem',
-            'shared_key'    => $fluentd_shared_key,
-            'server'        => $fluentd_servers,
-            # lint:endignore
-            # lint:endignore
+        ::fluentd::config { '300-openstack-matches.conf':
+          config => {
+            'match' => {
+              # lint:ignore:single_quote_string_with_variables
+              # lint:ignore:quoted_booleans
+              'type'          => 'secure_forward',
+              'tag_pattern'   => '**',
+              'self_hostname' => '${hostname}',
+              'secure'        => 'true',
+              'ca_cert_path'  => '/etc/fluentd/ca_cert.pem',
+              'shared_key'    => $fluentd_shared_key,
+              'server'        => $fluentd_servers,
+              # lint:endignore
+              # lint:endignore
+            }
           }
         }
-      }
-    } else {
-      ::fluentd::config { '300-openstack-matches.conf':
-        config => {
-          'match' => {
-            'type'        => 'forward',
-            'tag_pattern' => '**',
-            'server'      => $fluentd_servers,
+      } else {
+        ::fluentd::config { '300-openstack-matches.conf':
+          config => {
+            'match' => {
+              'type'        => 'forward',
+              'tag_pattern' => '**',
+              'server'      => $fluentd_servers,
+            }
           }
         }
       }