From e0092e9b4435fb2af70cec08732f557d8847293b Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Tue, 14 Apr 2020 12:09:38 +0530 Subject: [PATCH 001/200] Remove deprecated os_region_name for glance::api Deprecated with https://review.opendev.org/#/c/719338/. Depends-On: https://review.opendev.org/#/c/719759/ Change-Id: I446057c3258d57bcd272979152b076e92f840877 --- packstack/puppet/modules/packstack/manifests/glance.pp | 1 - 1 file changed, 1 deletion(-) diff --git a/packstack/puppet/modules/packstack/manifests/glance.pp b/packstack/puppet/modules/packstack/manifests/glance.pp index 923842845..db061d406 100644 --- a/packstack/puppet/modules/packstack/manifests/glance.pp +++ b/packstack/puppet/modules/packstack/manifests/glance.pp @@ -38,7 +38,6 @@ registry_host => $registry_host, pipeline => 'keystone', database_connection => "mysql+pymysql://glance:${glance_ks_pw}@${glance_mariadb_host}/glance", - os_region_name => hiera('CONFIG_KEYSTONE_REGION'), workers => hiera('CONFIG_SERVICE_WORKERS'), stores => ['file', 'http', 'swift'], default_store => $default_store, From 5e94e1ad5d0eba9acf28f507cbacb1ef929ca297 Mon Sep 17 00:00:00 2001 From: Alfredo Moralejo Date: Thu, 16 Apr 2020 11:23:50 +0200 Subject: [PATCH 002/200] Fix manage_rdo function for CentOS8 In CentOS 8 the rdo-release package uses %dist in the name, which is currently breaking the regular expresion used to parse it. Also, in CentOS 8, yum-config-manager is not providing the full repo configuration by stdout when enabling a repo, so instead of parsing it, let's just trust on standard return value from command which works as expected. For CentOS 7 we need to keep the same behavior. This patch is fixing it to work with both centos7 and 8 Change-Id: Iafd6d6373d608c1b0fb797895a9969da28049fec --- packstack/plugins/prescript_000.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/packstack/plugins/prescript_000.py b/packstack/plugins/prescript_000.py index ef28400b5..5179509d5 100755 --- a/packstack/plugins/prescript_000.py +++ b/packstack/plugins/prescript_000.py @@ -1133,10 +1133,14 @@ def manage_rdo(host, config): # RDO repo is not installed, so we don't need to continue return - match = re.match(r'^(?P\w+)\-(?P\d+\.[\d\w]+)\n', out) - version, release = match.group('version'), match.group('release') + match = re.match(r'^(?P\w+)\-.*\n', out) + version = match.group('version') + if re.match(r'^(.*\.el8.*\n)', out): + dist_tag = '.el8' + else: + dist_tag = '' rdo_url = ("https://www.rdoproject.org/repos/openstack-%(version)s/" - "rdo-release-%(version)s.rpm" % locals()) + "rdo-release-%(version)s%(dist_tag)s.rpm" % locals()) server = utils.ScriptRunner(host) server.append("(rpm -q 'rdo-release-%(version)s' ||" @@ -1156,12 +1160,13 @@ def manage_rdo(host, config): server.append('yum-config-manager --disable %(reponame)s' % locals()) server.append('yum-config-manager --enable %(reponame)s-testing' % locals()) - # yum-config-manager returns 0 always, but returns current setup - # if succeeds rc, out = server.execute() - match = re.search('enabled\s*=\s*(1|True)', out) - if not match: + # In CentOS 7 yum-config-manager returns 0 always, but returns current setup + # if succeeds + # In CentOS 8 yum-config-manager returns 1 when failing but doesn't return current + # setup if succeeds + if (dist_tag == '.el8' and rc != 0) or (dist_tag == '' and not match): msg = ('Failed to set RDO repo on host %s:\nRPM file seems to be ' 'installed, but appropriate repo file is probably missing ' 'in /etc/yum.repos.d/' % host) From 27ca9a13f1a89726619fd4423bc991832d15f04c Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Thu, 16 Apr 2020 17:38:10 +0200 Subject: [PATCH 003/200] Add the packstack-upload-git-mirror job to release pipeline When pushing tags, we also want to make sure they are synchronized to the github mirror. Change-Id: I8eda9cf6a71f8b10e939d9addacd93783a5425bb --- .zuul.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.zuul.yaml b/.zuul.yaml index 3347467d6..0661c577c 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -186,3 +186,6 @@ post: jobs: - packstack-upload-git-mirror + release: + jobs: + - packstack-upload-git-mirror From 4f58975d6c396ae7eb0b0764a971e54404d7de79 Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Tue, 28 Apr 2020 11:08:34 +0200 Subject: [PATCH 004/200] Fix deprecated parameters in Heat and Manila Puppet-heat removed the heat::engine::heat_watch_server_url parameter in [1]. Also, puppet-manila removed deprecated parameters for Nova and Neutron in [2][3], and Cinder parameters in [4]. [1] - https://review.opendev.org/723222 [2] - https://review.opendev.org/723231 [3] - https://review.opendev.org/723232 [4] - https://review.opendev.org/723239 Change-Id: I41ae3bba8ccb2f3a7fa3e5742e8384e5431b62f6 --- .../puppet/modules/packstack/manifests/heat.pp | 1 - .../manifests/manila/backend/generic.pp | 18 ++++++------------ .../packstack/manifests/manila/network.pp | 5 +++-- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/packstack/puppet/modules/packstack/manifests/heat.pp b/packstack/puppet/modules/packstack/manifests/heat.pp index 4414118fd..c48a2b164 100644 --- a/packstack/puppet/modules/packstack/manifests/heat.pp +++ b/packstack/puppet/modules/packstack/manifests/heat.pp @@ -12,7 +12,6 @@ class { '::heat::engine': heat_metadata_server_url => "http://${heat_cfg_ctrl_host}:8000", heat_waitcondition_server_url => "http://${heat_cfg_ctrl_host}:8000/v1/waitcondition", - heat_watch_server_url => "http://${heat_cfg_ctrl_host}:8003", auth_encryption_key => hiera('CONFIG_HEAT_AUTH_ENC_KEY'), num_engine_workers => hiera('CONFIG_SERVICE_WORKERS'), } diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp index 7535b5a97..31dff2b56 100644 --- a/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp @@ -10,13 +10,6 @@ packstack::manila::network{ 'generic': } - if ($::manila_network_type == 'neutron'){ - $service_instance_network_helper_type = 'neutron' - } - elsif ($::manila_network_type == 'nova-network'){ - $service_instance_network_helper_type = 'nova' - } - $admin_username = hiera('CONFIG_KEYSTONE_ADMIN_USERNAME') $admin_password = hiera('CONFIG_KEYSTONE_ADMIN_PW') $admin_tenant = 'admin' @@ -34,17 +27,18 @@ service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'), service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), - service_instance_network_helper_type => $service_instance_network_helper_type, service_instance_flavor_id => 66, } class { '::manila::compute::nova': - nova_admin_password => hiera('CONFIG_NOVA_KS_PW'), - nova_admin_tenant_name => 'services', + auth_type => 'password', + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + password => hiera('CONFIG_NOVA_KS_PW'), } class { '::manila::volume::cinder': - cinder_admin_password => hiera('CONFIG_CINDER_KS_PW'), - cinder_admin_tenant_name => 'services', + auth_type => 'password', + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + password => hiera('CONFIG_CINDER_KS_PW'), } } diff --git a/packstack/puppet/modules/packstack/manifests/manila/network.pp b/packstack/puppet/modules/packstack/manifests/manila/network.pp index 3d9e1f2d5..aef418fd6 100644 --- a/packstack/puppet/modules/packstack/manifests/manila/network.pp +++ b/packstack/puppet/modules/packstack/manifests/manila/network.pp @@ -4,8 +4,9 @@ if ($manila_network_type == 'neutron'){ class { '::manila::network::neutron': - neutron_admin_password => hiera('CONFIG_NEUTRON_KS_PW'), - neutron_admin_tenant_name => 'services', + auth_type => 'password', + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + password => hiera('CONFIG_NEUTRON_KS_PW'), } } elsif ($manila_network_type == 'nova-network'){ From 7cdf7bc511e47c0e3249894d02c0658a9358f720 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Mon, 4 May 2020 16:25:52 +0530 Subject: [PATCH 005/200] Remove usage of deprecated auth_uri in swift proxy auth_uri param is removed in favor of www_authenticate_uri in [1], this patch switch to it in swift proxy authtoken. Also remove usage of deprecated param 'auth_uri' in swift::proxy::ceilometer as its not used[2]. [1] https://review.opendev.org/#/c/725119/ [2] https://review.opendev.org/#/c/707748/ Change-Id: I76dbf86f37a2d2ac12b45d8a455fded5865b33e9 --- .../modules/packstack/manifests/swift/ceilometer.pp | 1 - .../puppet/modules/packstack/manifests/swift/proxy.pp | 10 +++++----- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp index d38735f35..328d15a18 100644 --- a/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp +++ b/packstack/puppet/modules/packstack/manifests/swift/ceilometer.pp @@ -11,7 +11,6 @@ control_exchange => 'swift', driver => 'messaging', ignore_projects => ['service'], - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), password => hiera('CONFIG_SWIFT_KS_PW'), } diff --git a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp index ec24f7f2e..cde8a973d 100644 --- a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp +++ b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp @@ -93,12 +93,12 @@ } class { '::swift::proxy::authtoken': - username => 'swift', - project_name => 'services', - password => hiera('CONFIG_SWIFT_KS_PW'), + username => 'swift', + project_name => 'services', + password => hiera('CONFIG_SWIFT_KS_PW'), # assume that the controller host is the swift api server - auth_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), + www_authenticate_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + auth_url => hiera('CONFIG_KEYSTONE_ADMIN_URL'), } class { '::swift::objectexpirer': } From b6df8c7ad0ea596b51dc8da814f54f8df5cba64c Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Tue, 26 May 2020 16:31:19 +0200 Subject: [PATCH 006/200] Fix CI jobs - Add jobs removed in [1] to the local configuration. - Fix SSH key distribution in multinode job. It was broken on a recent Zuul update, it seems. - Update puppetlabs-apache version to 5.4.0 [1] - https://review.opendev.org/730813 Closes-Bug: #1880681 Depends-On: https://review.opendev.org/730813 Change-Id: I2572d92cbaabc1f02fc0790896ccaa3edfc5e6c2 --- .zuul.yaml | 12 ++++++++++-- Puppetfile | 2 +- playbooks/packstack-multinode.yaml | 19 ++++++++++++++----- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/.zuul.yaml b/.zuul.yaml index 0661c577c..046dfb309 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -171,18 +171,26 @@ - project: check: jobs: + - openstack-tox-pep8 + - openstack-tox-py36 + - build-openstack-releasenotes: + vars: + sphinx_python: python3 - packstack-centos8-integration-scenario001 - packstack-centos8-integration-scenario002 - packstack-centos8-integration-scenario003 - packstack-centos8-multinode-scenario002-tempest - - openstack-tox-py36 gate: jobs: + - openstack-tox-pep8 + - openstack-tox-py36 + - build-openstack-releasenotes: + vars: + sphinx_python: python3 - packstack-centos8-integration-scenario001 - packstack-centos8-integration-scenario002 - packstack-centos8-integration-scenario003 - packstack-centos8-multinode-scenario002-tempest - - openstack-tox-py36 post: jobs: - packstack-upload-git-mirror diff --git a/Puppetfile b/Puppetfile index af3beefaa..039f71b37 100755 --- a/Puppetfile +++ b/Puppetfile @@ -102,7 +102,7 @@ mod 'vswitch', mod 'apache', :git => 'https://github.com/puppetlabs/puppetlabs-apache', - :ref => 'b4cbc858a61ba2eea4a1178c261a982a59db963d' + :ref => 'v5.4.0' mod 'certmonger', :git => 'https://github.com/rcritten/puppet-certmonger', diff --git a/playbooks/packstack-multinode.yaml b/playbooks/packstack-multinode.yaml index 3f8cad1a0..e7d6166a6 100644 --- a/playbooks/packstack-multinode.yaml +++ b/playbooks/packstack-multinode.yaml @@ -32,7 +32,7 @@ when: not selinux_enforcing|default("true")|bool - hosts: controller - name: packstack-multinode + name: packstack-ssh-preparation-1 tasks: - name: Generate SSH key on controller shell: ssh-keygen -t rsa -f /root/.ssh/id_rsa -P "" @@ -45,21 +45,30 @@ become: true register: ssh_key - - name: Deploy SSH key on compute node + - name: Deploy SSH key on controller authorized_key: user: root state: present key: "{{ ssh_key.stdout }}" - delegate_to: "{{ hostvars['compute'].ansible_host }}" become: true - - name: Deploy SSH key on controller + - name: Set SSH key fact to be used by the compute node + set_fact: + sshkey: "{{ ssh_key.stdout }}" + +- hosts: compute + name: packstack-ssh-preparation-2 + tasks: + - name: Deploy SSH key on compute node authorized_key: user: root state: present - key: "{{ ssh_key.stdout }}" + key: "{{ hostvars['controller'].sshkey }}" become: true +- hosts: controller + name: packstack-multinode + tasks: - name: Run Packstack shell: cmd: | From ad67a6c01b36da0b8d8987b210727f119947686c Mon Sep 17 00:00:00 2001 From: Javier Pena Date: Thu, 30 Apr 2020 12:34:51 +0200 Subject: [PATCH 007/200] Update rake version in puppet module Gemfile, fix linter We needed to update the Rake version required by the Gemfile inside the Packstack Puppet module directory. After that, a rake lint execution showed many linter errors, so fixing them. Change-Id: Ib58e62768f5b71e68b79002e01f0d779d1c6138b --- packstack/puppet/modules/packstack/Gemfile | 6 +- .../modules/packstack/manifests/amqp.pp | 96 +++------------- .../manifests/amqp/enable_rabbitmq.pp | 59 ++++++++++ .../modules/packstack/manifests/aodh.pp | 2 +- .../packstack/manifests/aodh/rabbitmq.pp | 10 +- .../modules/packstack/manifests/apache.pp | 4 +- .../modules/packstack/manifests/ceilometer.pp | 12 +- .../manifests/ceilometer/rabbitmq.pp | 10 +- .../modules/packstack/manifests/chrony.pp | 14 +-- .../modules/packstack/manifests/cinder.pp | 6 +- .../manifests/cinder/backend/gluster.pp | 2 +- .../packstack/manifests/cinder/backend/lvm.pp | 10 +- .../packstack/manifests/cinder/backend/nfs.pp | 4 +- .../manifests/cinder/backend/solidfire.pp | 8 +- .../manifests/cinder/backend/vmdk.pp | 2 +- .../modules/packstack/manifests/heat.pp | 6 +- .../modules/packstack/manifests/heat/cfn.pp | 6 +- .../packstack/manifests/heat/rabbitmq.pp | 14 +-- .../modules/packstack/manifests/keystone.pp | 2 +- .../packstack/manifests/keystone/cinder.pp | 2 +- .../packstack/manifests/keystone/ironic.pp | 2 +- .../packstack/manifests/keystone/magnum.pp | 12 +- .../packstack/manifests/keystone/manila.pp | 4 +- .../packstack/manifests/keystone/neutron.pp | 2 +- .../packstack/manifests/keystone/nova.pp | 10 +- .../packstack/manifests/keystone/sahara.pp | 2 +- .../packstack/manifests/keystone/swift.pp | 16 +-- .../packstack/manifests/keystone/trove.pp | 2 +- .../modules/packstack/manifests/magnum.pp | 2 +- .../manifests/manila/backend/generic.pp | 24 ++-- .../packstack/manifests/mariadb/services.pp | 52 ++++----- .../manifests/mariadb/services_remote.pp | 106 +++++++++--------- .../packstack/manifests/neutron/api.pp | 4 +- .../packstack/manifests/neutron/dhcp.pp | 4 +- .../packstack/manifests/neutron/fwaas.pp | 4 +- .../modules/packstack/manifests/neutron/l3.pp | 10 +- .../packstack/manifests/neutron/lb_agent.pp | 4 +- .../packstack/manifests/neutron/ml2.pp | 34 +++--- .../manifests/neutron/ovn_metadata.pp | 8 +- .../packstack/manifests/neutron/ovs_agent.pp | 14 +-- .../modules/packstack/manifests/nova.pp | 36 +++--- .../modules/packstack/manifests/nova/api.pp | 66 +++++------ .../packstack/manifests/nova/compute.pp | 6 +- .../manifests/nova/compute/libvirt.pp | 26 ++--- .../packstack/manifests/nova/gluster.pp | 2 +- .../modules/packstack/manifests/nova/nfs.pp | 2 +- .../modules/packstack/manifests/panko.pp | 4 +- .../modules/packstack/manifests/prereqs.pp | 4 +- .../modules/packstack/manifests/provision.pp | 5 +- .../packstack/manifests/provision/bridge.pp | 2 +- .../packstack/manifests/provision/tempest.pp | 24 ++-- .../modules/packstack/manifests/redis.pp | 10 +- .../packstack/manifests/swift/proxy.pp | 2 +- .../packstack/manifests/trove/rabbitmq.pp | 4 +- 54 files changed, 390 insertions(+), 394 deletions(-) create mode 100644 packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp diff --git a/packstack/puppet/modules/packstack/Gemfile b/packstack/puppet/modules/packstack/Gemfile index 5c7ec5e83..41a1cae68 100644 --- a/packstack/puppet/modules/packstack/Gemfile +++ b/packstack/puppet/modules/packstack/Gemfile @@ -2,9 +2,9 @@ source 'https://rubygems.org' group :development, :test do gem 'puppetlabs_spec_helper', :require => false - gem 'puppet-lint', '~> 0.3.2' - gem 'rake', '10.1.1' - gem 'rspec', '< 2.99' + gem 'puppet-lint', '>= 1.0.0' + gem 'rake', '< 13.0.0' + gem 'rspec' end if puppetversion = ENV['PUPPET_GEM_VERSION'] diff --git a/packstack/puppet/modules/packstack/manifests/amqp.pp b/packstack/puppet/modules/packstack/manifests/amqp.pp index b271367f1..ee3fb81f5 100644 --- a/packstack/puppet/modules/packstack/manifests/amqp.pp +++ b/packstack/puppet/modules/packstack/manifests/amqp.pp @@ -1,86 +1,26 @@ -define packstack::amqp::enable_rabbitmq { - create_resources(packstack::firewall, hiera('FIREWALL_AMQP_RULES', {})) - $amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED') - - if $amqp_enable_ssl { - $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) - $kombu_ssl_keyfile = '/etc/pki/tls/private/ssl_amqp.key' - $kombu_ssl_certfile = '/etc/pki/tls/certs/ssl_amqp.crt' - - $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] - file { $files_to_set_owner: - owner => 'rabbitmq', - group => 'rabbitmq', - require => Package['rabbitmq-server'], - notify => Service['rabbitmq-server'], - } - - file { $kombu_ssl_ca_certs: - mode => '0644', - require => Package['rabbitmq-server'], - notify => Service['rabbitmq-server'], - } - - class { '::rabbitmq': - port => undef, - ssl_port => 0 + hiera('CONFIG_AMQP_CLIENTS_PORT'), - ssl_only => true, - ssl => true, - ssl_cacert => $kombu_ssl_ca_certs, - ssl_cert => $kombu_ssl_certfile, - ssl_key => $kombu_ssl_keyfile, - default_user => hiera('CONFIG_AMQP_AUTH_USER'), - default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - package_provider => 'yum', - repos_ensure => false, - admin_enable => false, - loopback_users => [], - # FIXME: it's ugly to not to require client certs - ssl_fail_if_no_peer_cert => true, - config_ranch => false, - tcp_keepalive => true, - tcp_backlog => 128, - } - } else { - class { '::rabbitmq': - port => 0 + hiera('CONFIG_AMQP_CLIENTS_PORT'), - ssl => false, - default_user => hiera('CONFIG_AMQP_AUTH_USER'), - default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), - package_provider => 'yum', - repos_ensure => false, - admin_enable => false, - loopback_users => [], - config_ranch => false, - tcp_keepalive => true, - tcp_backlog => 128, - } - } -} - class packstack::amqp () { - $amqp = hiera('CONFIG_AMQP_BACKEND') + $amqp = hiera('CONFIG_AMQP_BACKEND') - case $amqp { - 'rabbitmq': { - packstack::amqp::enable_rabbitmq { 'rabbitmq': } + case $amqp { + 'rabbitmq': { + packstack::amqp::enable_rabbitmq { 'rabbitmq': } - # The following kernel parameters help alleviate some RabbitMQ - # connection issues + # The following kernel parameters help alleviate some RabbitMQ + # connection issues - sysctl::value { 'net.ipv4.tcp_keepalive_intvl': - value => '1', - } + sysctl::value { 'net.ipv4.tcp_keepalive_intvl': + value => '1', + } - sysctl::value { 'net.ipv4.tcp_keepalive_probes': - value => '5', - } + sysctl::value { 'net.ipv4.tcp_keepalive_probes': + value => '5', + } - sysctl::value { 'net.ipv4.tcp_keepalive_time': - value => '5', - } - } - default: {} - } + sysctl::value { 'net.ipv4.tcp_keepalive_time': + value => '5', + } + } + default: {} + } } diff --git a/packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp new file mode 100644 index 000000000..69924f6a9 --- /dev/null +++ b/packstack/puppet/modules/packstack/manifests/amqp/enable_rabbitmq.pp @@ -0,0 +1,59 @@ +define packstack::amqp::enable_rabbitmq { + create_resources(packstack::firewall, hiera('FIREWALL_AMQP_RULES', {})) + $amqp_enable_ssl = hiera('CONFIG_AMQP_SSL_ENABLED') + + if $amqp_enable_ssl { + $kombu_ssl_ca_certs = hiera('CONFIG_AMQP_SSL_CACERT_FILE', undef) + $kombu_ssl_keyfile = '/etc/pki/tls/private/ssl_amqp.key' + $kombu_ssl_certfile = '/etc/pki/tls/certs/ssl_amqp.crt' + + $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] + file { $files_to_set_owner: + owner => 'rabbitmq', + group => 'rabbitmq', + require => Package['rabbitmq-server'], + notify => Service['rabbitmq-server'], + } + + file { $kombu_ssl_ca_certs: + mode => '0644', + require => Package['rabbitmq-server'], + notify => Service['rabbitmq-server'], + } + + class { '::rabbitmq': + port => undef, + ssl_port => 0 + hiera('CONFIG_AMQP_CLIENTS_PORT'), + ssl_only => true, + ssl => true, + ssl_cacert => $kombu_ssl_ca_certs, + ssl_cert => $kombu_ssl_certfile, + ssl_key => $kombu_ssl_keyfile, + default_user => hiera('CONFIG_AMQP_AUTH_USER'), + default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + package_provider => 'yum', + repos_ensure => false, + admin_enable => false, + loopback_users => [], + # FIXME: it's ugly to not to require client certs + ssl_fail_if_no_peer_cert => true, + config_ranch => false, + tcp_keepalive => true, + tcp_backlog => 128, + } + } else { + class { '::rabbitmq': + port => 0 + hiera('CONFIG_AMQP_CLIENTS_PORT'), + ssl => false, + default_user => hiera('CONFIG_AMQP_AUTH_USER'), + default_pass => hiera('CONFIG_AMQP_AUTH_PASSWORD'), + package_provider => 'yum', + repos_ensure => false, + admin_enable => false, + loopback_users => [], + config_ranch => false, + tcp_keepalive => true, + tcp_backlog => 128, + } + } +} diff --git a/packstack/puppet/modules/packstack/manifests/aodh.pp b/packstack/puppet/modules/packstack/manifests/aodh.pp index 6fa2858b5..84dd4e4a5 100644 --- a/packstack/puppet/modules/packstack/manifests/aodh.pp +++ b/packstack/puppet/modules/packstack/manifests/aodh.pp @@ -30,7 +30,7 @@ class { '::aodh::auth': auth_password => hiera('CONFIG_AODH_KS_PW'), - auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), + auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), } class { '::aodh::evaluator': coordination_url => $coordination_url, diff --git a/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp index 89aadde6b..be3883ac5 100644 --- a/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/aodh/rabbitmq.pp @@ -28,11 +28,11 @@ } class { '::aodh': - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - database_connection => "mysql+pymysql://aodh:${aodh_db_pw}@${aodh_mariadb_host}/aodh", + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + database_connection => "mysql+pymysql://aodh:${aodh_db_pw}@${aodh_mariadb_host}/aodh", } } diff --git a/packstack/puppet/modules/packstack/manifests/apache.pp b/packstack/puppet/modules/packstack/manifests/apache.pp index 6013d8bab..5eaa2521e 100644 --- a/packstack/puppet/modules/packstack/manifests/apache.pp +++ b/packstack/puppet/modules/packstack/manifests/apache.pp @@ -4,10 +4,10 @@ if ($::operatingsystem == 'Fedora') or ($::osfamily == 'RedHat' and Integer.new($::operatingsystemmajrelease) > 7) { class { '::apache': purge_configs => false, - mod_packages => merge($::apache::params::mod_packages, { + mod_packages => merge($::apache::params::mod_packages, { 'wsgi' => 'python3-mod_wsgi', }), - mod_libs => merge($::apache::params::mod_libs, { + mod_libs => merge($::apache::params::mod_libs, { 'wsgi' => 'mod_wsgi_python3.so', }) } diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/ceilometer.pp index f8e4d79f7..a7c8d270d 100644 --- a/packstack/puppet/modules/packstack/manifests/ceilometer.pp +++ b/packstack/puppet/modules/packstack/manifests/ceilometer.pp @@ -7,7 +7,7 @@ $config_gnocchi_host = hiera('CONFIG_KEYSTONE_HOST_URL') if ($::operatingsystem == 'Fedora') or - ($::osfamily == 'RedHat' and Integer.new($::operatingsystemmajrelease) > 7) { + ($::osfamily == 'RedHat' and Integer.new($::operatingsystemmajrelease) > 7) { $pyvers = '3' } else { $pyvers = '' @@ -18,7 +18,7 @@ $redis_port = hiera('CONFIG_REDIS_PORT') $coordination_url = "redis://${redis_host}:${redis_port}" - ensure_resource('package', "python-redis", { + ensure_resource('package', 'python-redis', { name => "python${pyvers}-redis", tag => 'openstack', }) @@ -35,12 +35,12 @@ tries => 20 } - Keystone::Resource::Service_identity<||> -> Exec['ceilometer-db-upgrade'] ~> - Service['ceilometer-agent-notification'] + Keystone::Resource::Service_identity<||> -> Exec['ceilometer-db-upgrade'] + ~> Service['ceilometer-agent-notification'] class { '::ceilometer::agent::notification': manage_event_pipeline => true, - event_pipeline_publishers => ["gnocchi://", "panko://"], + event_pipeline_publishers => ['gnocchi://', 'panko://'], } class { '::ceilometer::agent::auth': @@ -50,7 +50,7 @@ } class { '::ceilometer::agent::polling': - manage_polling => true, + manage_polling => true, coordination_url => $coordination_url, } diff --git a/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp index 826f61724..9cd155318 100644 --- a/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/ceilometer/rabbitmq.pp @@ -24,11 +24,11 @@ } class { '::ceilometer': - telemetry_secret => hiera('CONFIG_CEILOMETER_SECRET'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + telemetry_secret => hiera('CONFIG_CEILOMETER_SECRET'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, } } diff --git a/packstack/puppet/modules/packstack/manifests/chrony.pp b/packstack/puppet/modules/packstack/manifests/chrony.pp index ec7d68329..84dbcd845 100644 --- a/packstack/puppet/modules/packstack/manifests/chrony.pp +++ b/packstack/puppet/modules/packstack/manifests/chrony.pp @@ -91,11 +91,11 @@ hasrestart => true, } - Package['chrony'] -> - Package['ntpdate'] -> - File['chrony_conf'] -> - Exec['stop-chronyd'] -> - Service['ntpd'] -> - Exec['ntpdate'] -> - Service['chronyd'] + Package['chrony'] + -> Package['ntpdate'] + -> File['chrony_conf'] + -> Exec['stop-chronyd'] + -> Service['ntpd'] + -> Exec['ntpdate'] + -> Service['chronyd'] } diff --git a/packstack/puppet/modules/packstack/manifests/cinder.pp b/packstack/puppet/modules/packstack/manifests/cinder.pp index b660fdf36..a56cb142e 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder.pp @@ -32,9 +32,9 @@ } class { '::cinder::api': - bind_host => $bind_host, - service_workers => hiera('CONFIG_SERVICE_WORKERS'), - default_volume_type => $default_volume_type, + bind_host => $bind_host, + service_workers => hiera('CONFIG_SERVICE_WORKERS'), + default_volume_type => $default_volume_type, } class { '::cinder::scheduler': } diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp index 3d50b03c5..31b676650 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/gluster.pp @@ -10,7 +10,7 @@ cinder_type { 'glusterfs': ensure => present, - properties => ["volume_backend_name=gluster"], + properties => ['volume_backend_name=gluster'], require => Class['cinder::api'], } } diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp index 851cbe362..bd0e0eafb 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/lvm.pp @@ -20,8 +20,8 @@ file_line{ 'rc.local_losetup_cinder_volume': path => '/etc/rc.d/rc.local', - match => "^.*/var/lib/cinder/$cinder_volume_name.*$", - line => "losetup -f /var/lib/cinder/$cinder_volume_name && service openstack-cinder-volume restart", + match => "^.*/var/lib/cinder/${cinder_volume_name}.*$", + line => "losetup -f /var/lib/cinder/${cinder_volume_name} && service openstack-cinder-volume restart", } file { '/etc/rc.d/rc.local': @@ -42,8 +42,8 @@ [Service] Type=oneshot - ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/$cinder_volume_name | /usr/bin/grep /var/lib/cinder/$cinder_volume_name || /usr/sbin/losetup -f /var/lib/cinder/$cinder_volume_name\' - ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/$cinder_volume_name | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\' + ExecStart=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/${cinder_volume_name} | /usr/bin/grep /var/lib/cinder/${cinder_volume_name} || /usr/sbin/losetup -f /var/lib/cinder/${cinder_volume_name}\' + ExecStop=/usr/bin/sh -c \'/usr/sbin/losetup -j /var/lib/cinder/${cinder_volume_name} | /usr/bin/cut -d : -f 1 | /usr/bin/xargs /usr/sbin/losetup -d\' TimeoutSec=60 RemainAfterExit=yes @@ -92,7 +92,7 @@ cinder_type { 'iscsi': ensure => present, - properties => ["volume_backend_name=lvm"], + properties => ['volume_backend_name=lvm'], require => Class['cinder::api'], } } diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp index c379b0062..d1d488f86 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/nfs.pp @@ -10,7 +10,7 @@ cinder_type { 'nfs': ensure => present, - properties => ["volume_backend_name=nfs"], - require => Class['cinder::api'], + properties => ['volume_backend_name=nfs'], + require => Class['cinder::api'], } } diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp index b779ad18c..2aa89395f 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/solidfire.pp @@ -4,10 +4,10 @@ $solidfire_backend_name = 'solidfire' cinder::backend::solidfire { $solidfire_backend_name : - san_ip => hiera('CONFIG_CINDER_SOLIDFIRE_LOGIN'), - san_login => hiera('CONFIG_CINDER_SOLIDFIRE_PASSWORD'), - san_password => hiera('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'), - volume_backend_name => $solidfire_backend_name, + san_ip => hiera('CONFIG_CINDER_SOLIDFIRE_LOGIN'), + san_login => hiera('CONFIG_CINDER_SOLIDFIRE_PASSWORD'), + san_password => hiera('CONFIG_CINDER_SOLIDFIRE_HOSTNAME'), + volume_backend_name => $solidfire_backend_name, } ensure_packages(['iscsi-initiator-utils'], {'ensure' => 'present'}) diff --git a/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp b/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp index 021f0fce2..d63aa52f9 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/backend/vmdk.pp @@ -8,7 +8,7 @@ cinder_type { 'vmdk': ensure => present, - properties => ["volume_backend_name=vmdk"], + properties => ['volume_backend_name=vmdk'], require => Class['cinder::api'], } } diff --git a/packstack/puppet/modules/packstack/manifests/heat.pp b/packstack/puppet/modules/packstack/manifests/heat.pp index c48a2b164..2b64ae46e 100644 --- a/packstack/puppet/modules/packstack/manifests/heat.pp +++ b/packstack/puppet/modules/packstack/manifests/heat.pp @@ -17,8 +17,8 @@ } class { '::heat::keystone::domain': - domain_name => hiera('CONFIG_HEAT_DOMAIN'), - domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'), - domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'), + domain_name => hiera('CONFIG_HEAT_DOMAIN'), + domain_admin => hiera('CONFIG_HEAT_DOMAIN_ADMIN'), + domain_password => hiera('CONFIG_HEAT_DOMAIN_PASSWORD'), } } diff --git a/packstack/puppet/modules/packstack/manifests/heat/cfn.pp b/packstack/puppet/modules/packstack/manifests/heat/cfn.pp index 3ca21ccdc..c4ca58460 100644 --- a/packstack/puppet/modules/packstack/manifests/heat/cfn.pp +++ b/packstack/puppet/modules/packstack/manifests/heat/cfn.pp @@ -9,9 +9,9 @@ $heat_cfn_cfg_ctrl_host = hiera('CONFIG_KEYSTONE_HOST_URL') class { '::heat::keystone::auth_cfn': - admin_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", - public_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", - internal_url => "http://$heat_cfn_cfg_ctrl_host:8000/v1", + admin_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", + public_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", + internal_url => "http://${heat_cfn_cfg_ctrl_host}:8000/v1", password => hiera('CONFIG_HEAT_KS_PW'), } } diff --git a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp index 1a6ec6e0c..adf25d209 100644 --- a/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/heat/rabbitmq.pp @@ -39,13 +39,13 @@ } class { '::heat': - keystone_ec2_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + keystone_ec2_uri => hiera('CONFIG_KEYSTONE_PUBLIC_URL'), + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", - database_connection => "mysql+pymysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat", - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - notification_driver => $heat_notification_driver, + database_connection => "mysql+pymysql://heat:${heat_rabbitmq_cfg_heat_db_pw}@${heat_rabbitmq_cfg_mariadb_host}/heat", + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => $heat_notification_driver, } } diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp index 0ab3fc986..9c4e8c68c 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -33,7 +33,7 @@ class { '::keystone': database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone", - token_provider => "${keystone_token_provider_str}", + token_provider => $keystone_token_provider_str, enable_fernet_setup => true, service_name => 'httpd', enable_ssl => $keystone_use_ssl, diff --git a/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp b/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp index b22fd9dda..1c022e849 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/cinder.pp @@ -3,7 +3,7 @@ $cinder_protocol = 'http' $cinder_host = hiera('CONFIG_STORAGE_HOST_URL') $cinder_port = '8776' - $cinder_url = "${cinder_protocol}://${cinder_host}:$cinder_port" + $cinder_url = "${cinder_protocol}://${cinder_host}:${cinder_port}" class { '::cinder::keystone::auth': region => hiera('CONFIG_KEYSTONE_REGION'), diff --git a/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp b/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp index 8183281e3..2308b11f7 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/ironic.pp @@ -3,7 +3,7 @@ $ironic_protocol = 'http' $ironic_host = hiera('CONFIG_KEYSTONE_HOST_URL') $ironic_port = '6385' - $ironic_url = "${ironic_protocol}://${ironic_host}:$ironic_port" + $ironic_url = "${ironic_protocol}://${ironic_host}:${ironic_port}" class { '::ironic::keystone::auth': region => hiera('CONFIG_KEYSTONE_REGION'), diff --git a/packstack/puppet/modules/packstack/manifests/keystone/magnum.pp b/packstack/puppet/modules/packstack/manifests/keystone/magnum.pp index 44bc413fa..247e24df9 100755 --- a/packstack/puppet/modules/packstack/manifests/keystone/magnum.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/magnum.pp @@ -3,14 +3,14 @@ $magnum_protocol = 'http' $magnum_host = hiera('CONFIG_KEYSTONE_HOST_URL') $magnum_port = '9511' - $magnum_url = "${magnum_protocol}://${magnum_host}:$magnum_port/v1" + $magnum_url = "${magnum_protocol}://${magnum_host}:${magnum_port}/v1" class { '::magnum::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_MAGNUM_KS_PW'), - public_url => $magnum_url, - admin_url => $magnum_url, - internal_url => $magnum_url + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_MAGNUM_KS_PW'), + public_url => $magnum_url, + admin_url => $magnum_url, + internal_url => $magnum_url } class { '::magnum::keystone::domain': diff --git a/packstack/puppet/modules/packstack/manifests/keystone/manila.pp b/packstack/puppet/modules/packstack/manifests/keystone/manila.pp index 1a11f73f2..1798c3dab 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/manila.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/manila.pp @@ -3,8 +3,8 @@ $manila_protocol = 'http' $manila_host = hiera('CONFIG_STORAGE_HOST_URL') $manila_port = '8786' - $manila_url = "${manila_protocol}://${manila_host}:$manila_port/v1/%(tenant_id)s" - $manila_url_v2 = "${manila_protocol}://${manila_host}:$manila_port/v2/%(tenant_id)s" + $manila_url = "${manila_protocol}://${manila_host}:${manila_port}/v1/%(tenant_id)s" + $manila_url_v2 = "${manila_protocol}://${manila_host}:${manila_port}/v2/%(tenant_id)s" class { '::manila::keystone::auth': password => hiera('CONFIG_MANILA_KS_PW'), diff --git a/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp b/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp index 168eab4d5..2c6b6eb2e 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/neutron.pp @@ -3,7 +3,7 @@ $neutron_protocol = 'http' $neutron_host = hiera('CONFIG_KEYSTONE_HOST_URL') $neutron_port = '9696' - $neutron_url = "${neutron_protocol}://${neutron_host}:$neutron_port" + $neutron_url = "${neutron_protocol}://${neutron_host}:${neutron_port}" class { '::neutron::keystone::auth': region => hiera('CONFIG_KEYSTONE_REGION'), diff --git a/packstack/puppet/modules/packstack/manifests/keystone/nova.pp b/packstack/puppet/modules/packstack/manifests/keystone/nova.pp index b967ebb99..a2c9abdd5 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/nova.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/nova.pp @@ -7,10 +7,10 @@ class { '::nova::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_NOVA_KS_PW'), - public_url => $nova_url, - admin_url => $nova_url, - internal_url => $nova_url, + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_NOVA_KS_PW'), + public_url => $nova_url, + admin_url => $nova_url, + internal_url => $nova_url, } } diff --git a/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp b/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp index 215791960..b13590594 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/sahara.pp @@ -3,7 +3,7 @@ $sahara_protocol = 'http' $sahara_host = hiera('CONFIG_KEYSTONE_HOST_URL') $sahara_port = '8386' - $sahara_url = "${sahara_protocol}://${sahara_host}:$sahara_port" + $sahara_url = "${sahara_protocol}://${sahara_host}:${sahara_port}" class { '::sahara::keystone::auth': password => hiera('CONFIG_SAHARA_KS_PW'), diff --git a/packstack/puppet/modules/packstack/manifests/keystone/swift.pp b/packstack/puppet/modules/packstack/manifests/keystone/swift.pp index b6daeaf33..10dc6f689 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/swift.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/swift.pp @@ -3,15 +3,15 @@ $swift_protocol = 'http' $swift_host = hiera('CONFIG_STORAGE_HOST_URL') $swift_port = '8080' - $swift_url = "${swift_protocol}://${swift_host}:$swift_port/v1/AUTH_%(tenant_id)s" + $swift_url = "${swift_protocol}://${swift_host}:${swift_port}/v1/AUTH_%(tenant_id)s" class { '::swift::keystone::auth': - region => hiera('CONFIG_KEYSTONE_REGION'), - password => hiera('CONFIG_SWIFT_KS_PW'), - operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], - public_url => $swift_url, - internal_url => $swift_url, - admin_url => $swift_url, - configure_s3_endpoint => false, + region => hiera('CONFIG_KEYSTONE_REGION'), + password => hiera('CONFIG_SWIFT_KS_PW'), + operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], + public_url => $swift_url, + internal_url => $swift_url, + admin_url => $swift_url, + configure_s3_endpoint => false, } } diff --git a/packstack/puppet/modules/packstack/manifests/keystone/trove.pp b/packstack/puppet/modules/packstack/manifests/keystone/trove.pp index 27c78e957..a9788f958 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone/trove.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone/trove.pp @@ -3,7 +3,7 @@ $trove_protocol = 'http' $trove_host = hiera('CONFIG_KEYSTONE_HOST_URL') $trove_port = '8779' - $trove_url = "${trove_protocol}://${trove_host}:$trove_port/v1.0/%(tenant_id)s" + $trove_url = "${trove_protocol}://${trove_host}:${trove_port}/v1.0/%(tenant_id)s" class { '::trove::keystone::auth': region => hiera('CONFIG_KEYSTONE_REGION'), diff --git a/packstack/puppet/modules/packstack/manifests/magnum.pp b/packstack/puppet/modules/packstack/manifests/magnum.pp index 8eec82806..51bf41973 100644 --- a/packstack/puppet/modules/packstack/manifests/magnum.pp +++ b/packstack/puppet/modules/packstack/manifests/magnum.pp @@ -11,7 +11,7 @@ $magnum_protocol = 'http' $magnum_host = hiera('CONFIG_KEYSTONE_HOST_URL') $magnum_port = '9511' - $magnum_url = "${magnum_protocol}://${magnum_host}:$magnum_port/v1" + $magnum_url = "${magnum_protocol}://${magnum_host}:${magnum_port}/v1" class { '::magnum::keystone::authtoken': www_authenticate_uri => "${magnum_protocol}://${magnum_host}:5000/v3", auth_url => "${magnum_protocol}://${magnum_host}:5000", diff --git a/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp index 31dff2b56..cf0e26f94 100644 --- a/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp +++ b/packstack/puppet/modules/packstack/manifests/manila/backend/generic.pp @@ -16,18 +16,18 @@ $keystone_url = hiera('CONFIG_KEYSTONE_PUBLIC_URL') nova_flavor { 'm1.manila': - ensure => present, - id => '66', - ram => '512', - disk => '1', - vcpus => '1', + ensure => present, + id => '66', + ram => '512', + disk => '1', + vcpus => '1', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], - } -> - manila::service_instance{ 'generic': - service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), - service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'), - service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), - service_instance_flavor_id => 66, + } + -> manila::service_instance{ 'generic': + service_image_location => hiera('CONFIG_MANILA_SERVICE_IMAGE_LOCATION'), + service_instance_user => hiera('CONFIG_MANILA_SERVICE_INSTANCE_USER'), + service_instance_password => hiera('CONFIG_MANILA_SERVICE_INSTANCE_PASSWORD'), + service_instance_flavor_id => 66, } class { '::manila::compute::nova': @@ -39,6 +39,6 @@ class { '::manila::volume::cinder': auth_type => 'password', auth_url => hiera('CONFIG_KEYSTONE_PUBLIC_URL_VERSIONLESS'), - password => hiera('CONFIG_CINDER_KS_PW'), + password => hiera('CONFIG_CINDER_KS_PW'), } } diff --git a/packstack/puppet/modules/packstack/manifests/mariadb/services.pp b/packstack/puppet/modules/packstack/manifests/mariadb/services.pp index 1cfdd5628..615430877 100755 --- a/packstack/puppet/modules/packstack/manifests/mariadb/services.pp +++ b/packstack/puppet/modules/packstack/manifests/mariadb/services.pp @@ -8,12 +8,12 @@ } if hiera('CONFIG_CINDER_INSTALL') == 'y' { - class { '::cinder::db::mysql': - password => hiera('CONFIG_CINDER_DB_PW'), - host => '%', - allowed_hosts => '%', - charset => 'utf8', - } + class { '::cinder::db::mysql': + password => hiera('CONFIG_CINDER_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } } if hiera('CONFIG_GLANCE_INSTALL') == 'y' { @@ -34,7 +34,7 @@ } if hiera('CONFIG_AODH_INSTALL') == 'y' and - hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { class { '::aodh::db::mysql': password => hiera('CONFIG_AODH_DB_PW'), host => '%', @@ -43,30 +43,30 @@ } if hiera('CONFIG_HEAT_INSTALL') == 'y' { - class { '::heat::db::mysql': - password => hiera('CONFIG_HEAT_DB_PW'), - host => '%', - allowed_hosts => '%', - charset => 'utf8', - } + class { '::heat::db::mysql': + password => hiera('CONFIG_HEAT_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } } if hiera('CONFIG_MAGNUM_INSTALL') == 'y' { - class { '::magnum::db::mysql': - password => hiera('CONFIG_MAGNUM_DB_PW'), - host => '%', - allowed_hosts => '%', - charset => 'utf8', - } + class { '::magnum::db::mysql': + password => hiera('CONFIG_MAGNUM_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } } if hiera('CONFIG_IRONIC_INSTALL') == 'y' { - class { '::ironic::db::mysql': - password => hiera('CONFIG_IRONIC_DB_PW'), - host => '%', - allowed_hosts => '%', - charset => 'utf8', - } + class { '::ironic::db::mysql': + password => hiera('CONFIG_IRONIC_DB_PW'), + host => '%', + allowed_hosts => '%', + charset => 'utf8', + } } if hiera('CONFIG_MANILA_INSTALL') == 'y' { @@ -109,7 +109,7 @@ } if hiera('CONFIG_PANKO_INSTALL') == 'y' and - hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { + hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { class { '::panko::db::mysql': password => hiera('CONFIG_PANKO_DB_PW'), host => '%', diff --git a/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp b/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp index 8d11aa3de..7540fc2e5 100755 --- a/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp +++ b/packstack/puppet/modules/packstack/manifests/mariadb/services_remote.pp @@ -1,62 +1,62 @@ class packstack::mariadb::services_remote () { - remote_database { 'keystone': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - } + remote_database { 'keystone': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } - $mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') + $mariadb_keystone_noinstall_db_pw = hiera('CONFIG_KEYSTONE_DB_PW') - remote_database_user { 'keystone_admin@%': - password_hash => mysql_password($mariadb_keystone_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['keystone'], - } + remote_database_user { 'keystone_admin@%': + password_hash => mysql_password($mariadb_keystone_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['keystone'], + } - remote_database_grant { 'keystone_admin@%/keystone': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['keystone_admin@%'], - } + remote_database_grant { 'keystone_admin@%/keystone': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['keystone_admin@%'], + } if hiera('CONFIG_CINDER_INSTALL') == 'y' { - remote_database { 'cinder': - ensure => 'present', - charset => 'utf8', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - } - - $mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW') - - remote_database_user { 'cinder@%': - password_hash => mysql_password($mariadb_cinder_noinstall_db_pw), - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database['cinder'], - } - - remote_database_grant { 'cinder@%/cinder': - privileges => 'all', - db_host => hiera('CONFIG_MARIADB_HOST'), - db_user => hiera('CONFIG_MARIADB_USER'), - db_password => hiera('CONFIG_MARIADB_PW'), - provider => 'mysql', - require => Remote_database_user['cinder@%'], - } + remote_database { 'cinder': + ensure => 'present', + charset => 'utf8', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + } + + $mariadb_cinder_noinstall_db_pw = hiera('CONFIG_CINDER_DB_PW') + + remote_database_user { 'cinder@%': + password_hash => mysql_password($mariadb_cinder_noinstall_db_pw), + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database['cinder'], + } + + remote_database_grant { 'cinder@%/cinder': + privileges => 'all', + db_host => hiera('CONFIG_MARIADB_HOST'), + db_user => hiera('CONFIG_MARIADB_USER'), + db_password => hiera('CONFIG_MARIADB_PW'), + provider => 'mysql', + require => Remote_database_user['cinder@%'], + } } if hiera('CONFIG_GLANCE_INSTALL') == 'y' { diff --git a/packstack/puppet/modules/packstack/manifests/neutron/api.pp b/packstack/puppet/modules/packstack/manifests/neutron/api.pp index 829dabbbe..5796ba994 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/api.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp @@ -31,8 +31,8 @@ } file { '/etc/neutron/api-paste.ini': - ensure => file, - mode => '0640', + ensure => file, + mode => '0640', } if $neutron_vpnaas_enabled { diff --git a/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp b/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp index a23e52190..22e38059a 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/dhcp.pp @@ -4,7 +4,7 @@ create_resources(packstack::firewall, hiera('FIREWALL_NEUTRON_DHCPOUT_RULES', {})) class { '::neutron::agents::dhcp': - interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), - debug => hiera('CONFIG_DEBUG_MODE'), + interface_driver => hiera('CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'), + debug => hiera('CONFIG_DEBUG_MODE'), } } diff --git a/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp b/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp index b3813d99f..0db7c1ad4 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp @@ -1,8 +1,8 @@ class packstack::neutron::fwaas () { class { '::neutron::services::fwaas': - enabled => true, + enabled => true, agent_version => 'v2', - driver => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver', + driver => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver', } } diff --git a/packstack/puppet/modules/packstack/manifests/neutron/l3.pp b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp index e1c40b04a..5430f17b8 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/l3.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp @@ -13,11 +13,11 @@ } class { '::neutron::agents::l3': - interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), - manage_service => $start_l3_agent, - enabled => $start_l3_agent, - debug => hiera('CONFIG_DEBUG_MODE'), - extensions => $extensions + interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), + manage_service => $start_l3_agent, + enabled => $start_l3_agent, + debug => hiera('CONFIG_DEBUG_MODE'), + extensions => $extensions } if defined(Class['neutron::services::fwaas']) { diff --git a/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp index cfef43a89..51c33438f 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/lb_agent.pp @@ -18,8 +18,8 @@ if ( 'vxlan' in hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS') ){ class { '::neutron::agents::ml2::linuxbridge': physical_interface_mappings => force_interface($neutron_lb_interface_mappings, $use_subnets), - tunnel_types => ['vxlan'], - local_ip => $bind_host, + tunnel_types => ['vxlan'], + local_ip => $bind_host, } } else { diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp b/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp index b70fd33bb..5703b9529 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/ml2.pp @@ -7,24 +7,24 @@ } class { '::neutron::plugins::ml2': - type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'), - tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'), - mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'), - flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'), - network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'), - tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'), - vxlan_group => $vxlan_group_value, - vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'), - enable_security_group => true, - firewall_driver => hiera('FIREWALL_DRIVER'), - extension_drivers => 'port_security,qos', - max_header_size => 38, + type_drivers => hiera_array('CONFIG_NEUTRON_ML2_TYPE_DRIVERS'), + tenant_network_types => hiera_array('CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'), + mechanism_drivers => hiera_array('CONFIG_NEUTRON_ML2_MECHANISM_DRIVERS'), + flat_networks => hiera_array('CONFIG_NEUTRON_ML2_FLAT_NETWORKS'), + network_vlan_ranges => hiera_array('CONFIG_NEUTRON_ML2_VLAN_RANGES'), + tunnel_id_ranges => hiera_array('CONFIG_NEUTRON_ML2_TUNNEL_ID_RANGES'), + vxlan_group => $vxlan_group_value, + vni_ranges => hiera_array('CONFIG_NEUTRON_ML2_VNI_RANGES'), + enable_security_group => true, + firewall_driver => hiera('FIREWALL_DRIVER'), + extension_drivers => 'port_security,qos', + max_header_size => 38, } if hiera('CONFIG_NEUTRON_L2_AGENT') == 'ovn' { class {'::neutron::plugins::ml2::ovn': - ovn_nb_connection => "tcp:${hiera('CONFIG_CONTROLLER_HOST')}:6641", - ovn_sb_connection => "tcp:${hiera('CONFIG_CONTROLLER_HOST')}:6642", + ovn_nb_connection => "tcp:${hiera('CONFIG_CONTROLLER_HOST')}:6641", + ovn_sb_connection => "tcp:${hiera('CONFIG_CONTROLLER_HOST')}:6642", ovn_metadata_enabled => true, } } @@ -32,8 +32,8 @@ # For cases where "neutron-db-manage upgrade" command is called # we need to fill config file first if defined(Exec['neutron-db-manage upgrade']) { - Neutron_plugin_ml2<||> -> - File['/etc/neutron/plugin.ini'] -> - Exec['neutron-db-manage upgrade'] + Neutron_plugin_ml2<||> + -> File['/etc/neutron/plugin.ini'] + -> Exec['neutron-db-manage upgrade'] } } diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovn_metadata.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovn_metadata.pp index 55c70bb92..10e677767 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/ovn_metadata.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovn_metadata.pp @@ -4,10 +4,10 @@ class { '::neutron::agents::ovn_metadata': ovn_sb_connection => $ovn_southd, - shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'), - metadata_ip => force_ip(hiera('CONFIG_KEYSTONE_HOST_URL')), - debug => hiera('CONFIG_DEBUG_MODE'), - metadata_workers => hiera('CONFIG_SERVICE_WORKERS'), + shared_secret => hiera('CONFIG_NEUTRON_METADATA_PW'), + metadata_ip => force_ip(hiera('CONFIG_KEYSTONE_HOST_URL')), + debug => hiera('CONFIG_DEBUG_MODE'), + metadata_workers => hiera('CONFIG_SERVICE_WORKERS'), } Service<| title == 'controller' |> -> Service<| title == 'ovn-metadata' |> } diff --git a/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp index aa86dee8c..fc9274e14 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/ovs_agent.pp @@ -44,12 +44,12 @@ } class { '::neutron::agents::ml2::ovs': - bridge_uplinks => $bridge_uplinks, - bridge_mappings => $bridge_mappings, - tunnel_types => hiera_array('CONFIG_NEUTRON_OVS_TUNNEL_TYPES'), - local_ip => force_ip($localip), - vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT',undef), - l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), - firewall_driver => hiera('FIREWALL_DRIVER'), + bridge_uplinks => $bridge_uplinks, + bridge_mappings => $bridge_mappings, + tunnel_types => hiera_array('CONFIG_NEUTRON_OVS_TUNNEL_TYPES'), + local_ip => force_ip($localip), + vxlan_udp_port => hiera('CONFIG_NEUTRON_OVS_VXLAN_UDP_PORT',undef), + l2_population => hiera('CONFIG_NEUTRON_USE_L2POPULATION'), + firewall_driver => hiera('FIREWALL_DRIVER'), } } diff --git a/packstack/puppet/modules/packstack/manifests/nova.pp b/packstack/puppet/modules/packstack/manifests/nova.pp index 0eb71213b..cc7092214 100644 --- a/packstack/puppet/modules/packstack/manifests/nova.pp +++ b/packstack/puppet/modules/packstack/manifests/nova.pp @@ -62,24 +62,24 @@ } class { '::nova': - glance_api_servers => "http://${nova_common_rabbitmq_cfg_storage_host}:9292", - default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", - rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), - nova_public_key => $public_key, - nova_private_key => $private_key, - kombu_ssl_ca_certs => $kombu_ssl_ca_certs, - kombu_ssl_keyfile => $kombu_ssl_keyfile, - kombu_ssl_certfile => $kombu_ssl_certfile, - notification_driver => $nova_common_notification_driver, - notify_on_state_change => $notify_on_state_change, - database_connection => "mysql+pymysql://nova:${nova_db_pw}@${nova_mariadb_host}/nova", - api_database_connection => "mysql+pymysql://nova_api:${nova_db_pw}@${nova_mariadb_host}/nova_api", - cpu_allocation_ratio => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'), - ram_allocation_ratio => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'), - host => $novahost, - ssl_only => $ssl_only, - cert => $cert, - key => $key, + glance_api_servers => "http://${nova_common_rabbitmq_cfg_storage_host}:9292", + default_transport_url => "rabbit://${rabbit_userid}:${rabbit_password}@${rabbit_host}:${rabbit_port}/", + rabbit_use_ssl => hiera('CONFIG_AMQP_SSL_ENABLED'), + nova_public_key => $public_key, + nova_private_key => $private_key, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => $nova_common_notification_driver, + notify_on_state_change => $notify_on_state_change, + database_connection => "mysql+pymysql://nova:${nova_db_pw}@${nova_mariadb_host}/nova", + api_database_connection => "mysql+pymysql://nova_api:${nova_db_pw}@${nova_mariadb_host}/nova_api", + cpu_allocation_ratio => hiera('CONFIG_NOVA_SCHED_CPU_ALLOC_RATIO'), + ram_allocation_ratio => hiera('CONFIG_NOVA_SCHED_RAM_ALLOC_RATIO'), + host => $novahost, + ssl_only => $ssl_only, + cert => $cert, + key => $key, } } diff --git a/packstack/puppet/modules/packstack/manifests/nova/api.pp b/packstack/puppet/modules/packstack/manifests/nova/api.pp index 01432f65c..f09c40979 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/api.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/api.pp @@ -24,14 +24,14 @@ } class { '::nova::api': - api_bind_address => $bind_host, - enabled => true, - sync_db => false, - sync_db_api => false, - osapi_compute_workers => hiera('CONFIG_SERVICE_WORKERS'), - allow_resize_to_same_host => hiera('CONFIG_NOVA_ALLOW_RESIZE_TO_SAME'), - nova_metadata_wsgi_enabled => true, - service_name => 'httpd', + api_bind_address => $bind_host, + enabled => true, + sync_db => false, + sync_db_api => false, + osapi_compute_workers => hiera('CONFIG_SERVICE_WORKERS'), + allow_resize_to_same_host => hiera('CONFIG_NOVA_ALLOW_RESIZE_TO_SAME'), + nova_metadata_wsgi_enabled => true, + service_name => 'httpd', } class { '::nova::metadata': @@ -84,47 +84,47 @@ Class['::keystone'] -> Nova_flavor<||> nova_flavor { 'm1.tiny': - ensure => present, - id => '1', - ram => '512', - disk => '1', - vcpus => '1', + ensure => present, + id => '1', + ram => '512', + disk => '1', + vcpus => '1', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } nova_flavor { 'm1.small': - ensure => present, - id => '2', - ram => '2048', - disk => '20', - vcpus => '1', + ensure => present, + id => '2', + ram => '2048', + disk => '20', + vcpus => '1', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } nova_flavor { 'm1.medium': - ensure => present, - id => '3', - ram => '4096', - disk => '40', - vcpus => '2', + ensure => present, + id => '3', + ram => '4096', + disk => '40', + vcpus => '2', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } nova_flavor { 'm1.large': - ensure => present, - id => '4', - ram => '8192', - disk => '80', - vcpus => '4', + ensure => present, + id => '4', + ram => '8192', + disk => '80', + vcpus => '4', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } nova_flavor { 'm1.xlarge': - ensure => present, - id => '5', - ram => '16384', - disk => '160', - vcpus => '8', + ensure => present, + id => '5', + ram => '16384', + disk => '160', + vcpus => '8', require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } } diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute.pp b/packstack/puppet/modules/packstack/manifests/nova/compute.pp index 0ffd42209..ad005e00a 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/compute.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/compute.pp @@ -43,9 +43,9 @@ 'set Match[Condition/User = "nova_migration"]/Settings/ForceCommand /bin/nova-migration-wrapper', 'set Match[Condition/User = "nova_migration"]/Settings/PasswordAuthentication no', 'set Match[Condition/User = "nova_migration"]/Settings/X11Forwarding no', - ], - onlyif => 'match Match[Condition/User = "nova_migration"] size == 0', - notify => Service['sshd'] + ], + onlyif => 'match Match[Condition/User = "nova_migration"] size == 0', + notify => Service['sshd'] } service {'sshd': diff --git a/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp b/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp index 196ac82a7..73784b157 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/compute/libvirt.pp @@ -15,16 +15,16 @@ # Workaround for bad /dev/kvm permissions # https://bugzilla.redhat.com/show_bug.cgi?id=950436 file { '/dev/kvm': - owner => 'root', - group => 'kvm', - mode => '666', + owner => 'root', + group => 'kvm', + mode => '0666', } # We have to fix the permissions after the installation has been done # and before the service is started. - Package <| title == 'libvirt' |> -> - File['/dev/kvm'] -> - Service <| title == 'libvirt' |> + Package <| title == 'libvirt' |> + -> File['/dev/kvm'] + -> Service <| title == 'libvirt' |> } $migrate_transport = hiera('CONFIG_NOVA_COMPUTE_MIGRATE_PROTOCOL') @@ -37,16 +37,16 @@ } class { '::nova::migration::libvirt': - transport => $migrate_transport, - client_user => 'nova_migration', + transport => $migrate_transport, + client_user => 'nova_migration', client_extraparams => $client_extraparams, - require => Class['::nova::compute::libvirt'] + require => Class['::nova::compute::libvirt'] } class { '::nova::compute::libvirt': - libvirt_virt_type => $libvirt_virt_type, - vncserver_listen => $libvirt_vnc_bind_host, - migration_support => true, + libvirt_virt_type => $libvirt_virt_type, + vncserver_listen => $libvirt_vnc_bind_host, + migration_support => true, } # Remove libvirt's default network (usually virbr0) as it's unnecessary and @@ -65,7 +65,6 @@ $libvirt_debug = hiera('CONFIG_DEBUG_MODE') if $libvirt_debug { - file_line { '/etc/libvirt/libvirt.conf log_filters': path => '/etc/libvirt/libvirtd.conf', line => 'log_filters = "1:libvirt 1:qemu 1:conf 1:security 3:event 3:json 3:file 1:util"', @@ -79,6 +78,5 @@ match => 'log_outputs =', notify => Service['libvirt'], } - } } diff --git a/packstack/puppet/modules/packstack/manifests/nova/gluster.pp b/packstack/puppet/modules/packstack/manifests/nova/gluster.pp index 7f243254c..c0c96436d 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/gluster.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/gluster.pp @@ -1,4 +1,4 @@ class packstack::nova::gluster () { - ensure_packages(['glusterfs-fuse'], {'ensure' => 'present'}) + ensure_packages(['glusterfs-fuse'], {'ensure' => 'present'}) } diff --git a/packstack/puppet/modules/packstack/manifests/nova/nfs.pp b/packstack/puppet/modules/packstack/manifests/nova/nfs.pp index bdc703266..36397d8f7 100644 --- a/packstack/puppet/modules/packstack/manifests/nova/nfs.pp +++ b/packstack/puppet/modules/packstack/manifests/nova/nfs.pp @@ -1,4 +1,4 @@ class packstack::nova::nfs () { - ensure_packages(['nfs-utils'], {'ensure' => 'present'}) + ensure_packages(['nfs-utils'], {'ensure' => 'present'}) } diff --git a/packstack/puppet/modules/packstack/manifests/panko.pp b/packstack/puppet/modules/packstack/manifests/panko.pp index d4ca9a3dd..3487b97aa 100644 --- a/packstack/puppet/modules/packstack/manifests/panko.pp +++ b/packstack/puppet/modules/packstack/manifests/panko.pp @@ -18,8 +18,8 @@ } $bind_host = hiera('CONFIG_IP_VERSION') ? { - 'ipv6' => '::0', - default => '0.0.0.0', + 'ipv6' => '::0', + default => '0.0.0.0', } class { '::panko::keystone::authtoken': diff --git a/packstack/puppet/modules/packstack/manifests/prereqs.pp b/packstack/puppet/modules/packstack/manifests/prereqs.pp index 9a1dd9164..5bd39ed52 100644 --- a/packstack/puppet/modules/packstack/manifests/prereqs.pp +++ b/packstack/puppet/modules/packstack/manifests/prereqs.pp @@ -10,8 +10,8 @@ package { 'audit': ensure => present, - } -> - service { 'auditd': + } + -> service { 'auditd': ensure => running, enable => true, } diff --git a/packstack/puppet/modules/packstack/manifests/provision.pp b/packstack/puppet/modules/packstack/manifests/provision.pp index eb0d93039..04b7baa06 100644 --- a/packstack/puppet/modules/packstack/manifests/provision.pp +++ b/packstack/puppet/modules/packstack/manifests/provision.pp @@ -10,15 +10,14 @@ $password = hiera('CONFIG_KEYSTONE_DEMO_PW') $tenant_name = 'demo' $floating_range = hiera('CONFIG_PROVISION_DEMO_FLOATRANGE') - $allocation_pools = hiera( - 'CONFIG_PROVISION_DEMO_ALLOCATION_POOLS') + $allocation_pools = hiera('CONFIG_PROVISION_DEMO_ALLOCATION_POOLS') } elsif $provision_tempest { $username = hiera('CONFIG_PROVISION_TEMPEST_USER') $password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') $tenant_name = 'tempest' $floating_range = hiera('CONFIG_PROVISION_TEMPEST_FLOATRANGE') $allocation_pools = [] - if (empty($tempest_user) or empty($tempest_password)) { + if (empty($username) or empty($password)) { fail("Both CONFIG_PROVISION_TEMPEST_USER and CONFIG_PROVISION_TEMPEST_USER_PW need to be configured.") } diff --git a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp index dd8c71b9f..908e74c4a 100644 --- a/packstack/puppet/modules/packstack/manifests/provision/bridge.pp +++ b/packstack/puppet/modules/packstack/manifests/provision/bridge.pp @@ -25,8 +25,8 @@ if $provision_neutron_br and $setup_ovs_bridge { Neutron_config<||> -> Neutron_l3_ovs_bridge['demo_bridge'] neutron_l3_ovs_bridge { 'demo_bridge': - name => $public_bridge_name, ensure => present, + name => $public_bridge_name, subnet_name => 'public_subnet', } diff --git a/packstack/puppet/modules/packstack/manifests/provision/tempest.pp b/packstack/puppet/modules/packstack/manifests/provision/tempest.pp index e49ebcac2..442a68de5 100644 --- a/packstack/puppet/modules/packstack/manifests/provision/tempest.pp +++ b/packstack/puppet/modules/packstack/manifests/provision/tempest.pp @@ -54,31 +54,31 @@ $tempest_password = hiera('CONFIG_PROVISION_TEMPEST_USER_PW') $tempest_flavor_name = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_NAME') - $tempest_flavor_ref = "42" + $tempest_flavor_ref = '42' $tempest_flavor_ram = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_RAM') $tempest_flavor_disk = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_DISK') $tempest_flavor_vcpus= hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_VCPUS') $tempest_flavor_alt_name = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_ALT_NAME') - $tempest_flavor_alt_ref = "84" + $tempest_flavor_alt_ref = '84' $tempest_flavor_alt_ram = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_ALT_RAM') $tempest_flavor_alt_disk = hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_ALT_DISK') $tempest_flavor_alt_vcpus= hiera('CONFIG_PROVISION_TEMPEST_FLAVOR_ALT_VCPUS') nova_flavor { $tempest_flavor_name : - ensure => present, - id => $tempest_flavor_ref, - ram => $tempest_flavor_ram, - disk => $tempest_flavor_disk, - vcpus => $tempest_flavor_vcpus, + ensure => present, + id => $tempest_flavor_ref, + ram => $tempest_flavor_ram, + disk => $tempest_flavor_disk, + vcpus => $tempest_flavor_vcpus, require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } nova_flavor { $tempest_flavor_alt_name : - ensure => present, - id => $tempest_flavor_alt_ref, - ram => $tempest_flavor_alt_ram, - disk => $tempest_flavor_alt_disk, - vcpus => $tempest_flavor_alt_vcpus, + ensure => present, + id => $tempest_flavor_alt_ref, + ram => $tempest_flavor_alt_ram, + disk => $tempest_flavor_alt_disk, + vcpus => $tempest_flavor_alt_vcpus, require => [ Class['::nova::api'], Class['::nova::keystone::auth'] ], } diff --git a/packstack/puppet/modules/packstack/manifests/redis.pp b/packstack/puppet/modules/packstack/manifests/redis.pp index d4f868954..4f66afefa 100644 --- a/packstack/puppet/modules/packstack/manifests/redis.pp +++ b/packstack/puppet/modules/packstack/manifests/redis.pp @@ -6,11 +6,11 @@ $redis_host = hiera('CONFIG_REDIS_HOST') class { '::redis': - bind => $redis_host, - port => $redis_port, - appendonly => true, - daemonize => false, - unixsocket => undef, + bind => $redis_host, + port => $redis_port, + appendonly => true, + daemonize => false, + unixsocket => undef, unixsocketperm => '0700', } } diff --git a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp index cde8a973d..14ffa94a2 100644 --- a/packstack/puppet/modules/packstack/manifests/swift/proxy.pp +++ b/packstack/puppet/modules/packstack/manifests/swift/proxy.pp @@ -12,7 +12,7 @@ include '::packstack::memcached' if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' and - hiera('CONFIG_ENABLE_CEILOMETER_MIDDLEWARE') == 'y' { + hiera('CONFIG_ENABLE_CEILOMETER_MIDDLEWARE') == 'y' { $swift_pipeline = [ 'catch_errors', 'bulk', diff --git a/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp index 5b812a790..2eab797e4 100644 --- a/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/trove/rabbitmq.pp @@ -16,8 +16,8 @@ if $kombu_ssl_keyfile { $files_to_set_owner = [ $kombu_ssl_keyfile, $kombu_ssl_certfile ] file { $files_to_set_owner: - owner => 'trove', - group => 'trove', + owner => 'trove', + group => 'trove', } Package<|tag=='trove'|> -> File[$files_to_set_owner] File[$files_to_set_owner] ~> Service<| tag == 'trove-service' |> From 08a67720db068f41358ea6e863aa12639dc4a534 Mon Sep 17 00:00:00 2001 From: Alfredo Moralejo Date: Thu, 18 Jun 2020 13:51:26 +0200 Subject: [PATCH 008/200] Let apache module purge config Otherwise can cause issues when enabling prefork as mpm_event is enabled by default in httpd. A recent change in puppet-apache [1] has added httpd.modules.conf directory to load, which includes default mpm config that conflicts with prefork. In the past we disabled purge because of issues with nagios [2], however nagios deployment is not longer supported by packstack, so we can safely enable apache config purge which is the default option. [1] https://github.com/puppetlabs/puppetlabs-apache/commit/6425cc46a841fa6ea5bb3f34b8f31d86c14e6914 [2] https://github.com/redhat-openstack/packstack/commit/686625e17b19c31b9640c64263d9d3bb2bab48c7 Change-Id: Ifdccd8609658b3170b8356bddc5062f252677d40 --- packstack/puppet/modules/packstack/manifests/apache.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/packstack/puppet/modules/packstack/manifests/apache.pp b/packstack/puppet/modules/packstack/manifests/apache.pp index 5eaa2521e..47d610d06 100644 --- a/packstack/puppet/modules/packstack/manifests/apache.pp +++ b/packstack/puppet/modules/packstack/manifests/apache.pp @@ -3,7 +3,6 @@ # Use python3 for mod_wsg in fedora if ($::operatingsystem == 'Fedora') or ($::osfamily == 'RedHat' and Integer.new($::operatingsystemmajrelease) > 7) { class { '::apache': - purge_configs => false, mod_packages => merge($::apache::params::mod_packages, { 'wsgi' => 'python3-mod_wsgi', }), @@ -13,7 +12,6 @@ } }else{ class {'::apache': - purge_configs => false, } } From df280619e583c927d4eb814c733fec10da5a1387 Mon Sep 17 00:00:00 2001 From: Alfredo Moralejo Date: Thu, 18 Jun 2020 15:31:22 +0200 Subject: [PATCH 009/200] Remove FWaaS deployment FWaaS is being retired upstream during Victoria release, so we need to remove it from packstack options. [1] https://review.opendev.org/#/c/735829/ Change-Id: I9808793db64f9e4ad6d2af818d52378f04d03456 --- docs/packstack.rst | 3 --- packstack/plugins/dashboard_500.py | 3 --- packstack/plugins/neutron_350.py | 23 ++----------------- .../modules/packstack/manifests/horizon.pp | 1 - .../packstack/manifests/neutron/api.pp | 2 -- .../packstack/manifests/neutron/fwaas.pp | 8 ------- .../modules/packstack/manifests/neutron/l3.pp | 12 ---------- packstack/puppet/templates/network.pp | 3 --- ...ove-FWaaS-deployment-41cfa0b709cd9a3f.yaml | 7 ++++++ tests/scenario002.sh | 1 - 10 files changed, 9 insertions(+), 54 deletions(-) delete mode 100644 packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp create mode 100644 releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml diff --git a/docs/packstack.rst b/docs/packstack.rst index 1704779e1..25e097334 100755 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -784,9 +784,6 @@ Neutron config **CONFIG_NEUTRON_METERING_AGENT_INSTALL** Specify 'y' to install OpenStack Networking's L3 Metering agent ['y', 'n'] -**CONFIG_NEUTRON_FWAAS** - Specify 'y' to configure OpenStack Networking's Firewall-as-a-Service (FWaaS). ['y', 'n'] - **CONFIG_NEUTRON_VPNAAS** Specify 'y' to configure OpenStack Networking's VPN-as-a-Service (VPNaaS). ['y', 'n'] diff --git a/packstack/plugins/dashboard_500.py b/packstack/plugins/dashboard_500.py index b42c4844d..ce866b817 100644 --- a/packstack/plugins/dashboard_500.py +++ b/packstack/plugins/dashboard_500.py @@ -193,12 +193,9 @@ def create_manifest(config, messages): % (utils.COLORS['red'], utils.COLORS['nocolor'], horizon_host)) config["CONFIG_HORIZON_NEUTRON_LB"] = False - config["CONFIG_HORIZON_NEUTRON_FW"] = False config["CONFIG_HORIZON_NEUTRON_VPN"] = False if config['CONFIG_NEUTRON_INSTALL'] == 'y': - if config["CONFIG_NEUTRON_FWAAS"] == 'y': - config["CONFIG_HORIZON_NEUTRON_FW"] = True if config["CONFIG_NEUTRON_VPNAAS"] == 'y': config["CONFIG_HORIZON_NEUTRON_VPN"] = True diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py index 34dceb034..97cb623f4 100644 --- a/packstack/plugins/neutron_350.py +++ b/packstack/plugins/neutron_350.py @@ -102,18 +102,6 @@ def initConfig(controller): "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "neutron-fwaas", - "PROMPT": "Would you like to configure neutron FWaaS?", - "OPTION_LIST": ["y", "n"], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": "n", - "MASK_INPUT": False, - "LOOSE_VALIDATION": True, - "CONF_NAME": "CONFIG_NEUTRON_FWAAS", - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "os-neutron-vpnaas-install", "PROMPT": "Would you like to configure neutron VPNaaS?", "OPTION_LIST": ["y", "n"], @@ -445,7 +433,7 @@ def initConfig(controller): "USE_DEFAULT": False, "NEED_CONFIRM": False, "CONDITION": False, - "MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS or FWaaS services. " + "MESSAGE": ("You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. " "Geneve will be used as the encapsulation method for tenant networks"), "MESSAGE_VALUES": ["ovn"]}, @@ -550,8 +538,7 @@ def initSequences(controller): if ('geneve' not in config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS']): config['CONFIG_NEUTRON_ML2_TYPE_DRIVERS'] += ', geneve' config['CONFIG_NEUTRON_ML2_TENANT_NETWORK_TYPES'] = 'geneve' - # VPNaaS and FWaaS are not supported with OVN - config['CONFIG_NEUTRON_FWAAS'] = 'n' + # VPNaaS is not supported with OVN config['CONFIG_NEUTRON_VPNAAS'] = 'n' config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] = 'n' # When using OVN we need to create the same L2 infrastucture as @@ -734,12 +721,6 @@ def create_manifests(config, messages): if config['CONFIG_NEUTRON_METERING_AGENT_INSTALL'] == 'y': service_plugins.append('metering') - if config['CONFIG_NEUTRON_FWAAS'] == 'y': - service_plugins.append('firewall_v2') - fwaas_sp = ('FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.' - 'service_drivers.agents.agents.FirewallAgentDriver:default') - service_providers.append(fwaas_sp) - if config['CONFIG_NEUTRON_VPNAAS'] == 'y': service_plugins.append('vpnaas') vpnaas_sp = ('VPN:libreswan:neutron_vpnaas.services.vpn.' diff --git a/packstack/puppet/modules/packstack/manifests/horizon.pp b/packstack/puppet/modules/packstack/manifests/horizon.pp index afd766975..4bba4bc66 100644 --- a/packstack/puppet/modules/packstack/manifests/horizon.pp +++ b/packstack/puppet/modules/packstack/manifests/horizon.pp @@ -34,7 +34,6 @@ horizon_key => hiera('CONFIG_HORIZON_SSL_KEY', undef), horizon_ca => hiera('CONFIG_HORIZON_SSL_CACERT', undef), neutron_options => { - 'enable_firewall' => hiera('CONFIG_HORIZON_NEUTRON_FW'), 'enable_vpn' => hiera('CONFIG_HORIZON_NEUTRON_VPN'), 'enable_lb' => hiera('CONFIG_HORIZON_NEUTRON_LB'), }, diff --git a/packstack/puppet/modules/packstack/manifests/neutron/api.pp b/packstack/puppet/modules/packstack/manifests/neutron/api.pp index 5796ba994..a1b19108f 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/api.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/api.pp @@ -8,7 +8,6 @@ $neutron_db_password = hiera('CONFIG_NEUTRON_DB_PW') $neutron_sql_connection = "mysql+pymysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}" $neutron_user_password = hiera('CONFIG_NEUTRON_KS_PW') - $neutron_fwaas_enabled = str2bool(hiera('CONFIG_NEUTRON_FWAAS')) $neutron_vpnaas_enabled = str2bool(hiera('CONFIG_NEUTRON_VPNAAS')) class { '::neutron::keystone::authtoken': @@ -26,7 +25,6 @@ api_workers => hiera('CONFIG_SERVICE_WORKERS'), rpc_workers => hiera('CONFIG_SERVICE_WORKERS'), service_providers => hiera_array('SERVICE_PROVIDERS'), - ensure_fwaas_package => $neutron_fwaas_enabled, ensure_vpnaas_package => $neutron_vpnaas_enabled, } diff --git a/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp b/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp deleted file mode 100644 index 0db7c1ad4..000000000 --- a/packstack/puppet/modules/packstack/manifests/neutron/fwaas.pp +++ /dev/null @@ -1,8 +0,0 @@ -class packstack::neutron::fwaas () -{ - class { '::neutron::services::fwaas': - enabled => true, - agent_version => 'v2', - driver => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver', - } -} diff --git a/packstack/puppet/modules/packstack/manifests/neutron/l3.pp b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp index 5430f17b8..bf62b46c0 100644 --- a/packstack/puppet/modules/packstack/manifests/neutron/l3.pp +++ b/packstack/puppet/modules/packstack/manifests/neutron/l3.pp @@ -5,23 +5,11 @@ default => true } - $neutron_fwaas_enabled = str2bool(hiera('CONFIG_NEUTRON_FWAAS')) - if $neutron_fwaas_enabled { - $extensions = 'fwaas_v2' - } else { - $extensions = undef - } - class { '::neutron::agents::l3': interface_driver => hiera('CONFIG_NEUTRON_L3_INTERFACE_DRIVER'), manage_service => $start_l3_agent, enabled => $start_l3_agent, debug => hiera('CONFIG_DEBUG_MODE'), - extensions => $extensions - } - - if defined(Class['neutron::services::fwaas']) { - Class['neutron::services::fwaas'] -> Class['neutron::agents::l3'] } sysctl::value { 'net.ipv4.ip_forward': diff --git a/packstack/puppet/templates/network.pp b/packstack/puppet/templates/network.pp index c23c6f505..1d06c11e0 100644 --- a/packstack/puppet/templates/network.pp +++ b/packstack/puppet/templates/network.pp @@ -19,9 +19,6 @@ if hiera('CONFIG_NEUTRON_VPNAAS') == 'y' { include '::packstack::neutron::vpnaas' } - if hiera('CONFIG_NEUTRON_FWAAS') == 'y' { - include '::packstack::neutron::fwaas' - } if hiera('CONFIG_NEUTRON_L2_AGENT') != 'ovn' { include '::packstack::neutron::l3' } diff --git a/releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml b/releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml new file mode 100644 index 000000000..4cbc53edc --- /dev/null +++ b/releasenotes/notes/Remove-FWaaS-deployment-41cfa0b709cd9a3f.yaml @@ -0,0 +1,7 @@ +--- +prelude: > + Neutron FWaaS has been removed in Victoria release. +other: + - | + Packstack does not longer support deployment of Neutron FWaaS extension as it + has been removed upstream. Option CONFIG_NEUTRON_FWAAS has been removed. diff --git a/tests/scenario002.sh b/tests/scenario002.sh index 430bdf305..01fdd4215 100755 --- a/tests/scenario002.sh +++ b/tests/scenario002.sh @@ -41,7 +41,6 @@ $SUDO packstack ${ADDITIONAL_ARGS} \ --os-neutron-vpnaas-install=n \ --os-sahara-install=y \ --os-trove-install=y \ - --neutron-fwaas=y \ --nova-libvirt-virt-type=qemu \ --provision-uec-kernel-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-vmlinuz" \ --provision-uec-ramdisk-url="/tmp/cirros/cirros-$CIRROS_VERSION-$CIRROS_ARCH-initrd" \ From 11691274f25310a8f6ccfa479f4a65a0cd314ab5 Mon Sep 17 00:00:00 2001 From: yatinkarel Date: Mon, 29 Jun 2020 11:04:08 +0530 Subject: [PATCH 010/200] Remove usage of cinder::ceilometer class The class was deprecated and now removed with [1], this patch cleans it's usage and use recommended class to set notification driver. [1] https://review.opendev.org/#/c/737492/ Also remove epel repos as packages from it conflicts with RDO repos. Change-Id: Ie4432221bdb795dd03f1477609b792ae8400a5fc --- .../puppet/modules/packstack/manifests/cinder/ceilometer.pp | 4 ---- .../puppet/modules/packstack/manifests/cinder/rabbitmq.pp | 1 + packstack/puppet/templates/controller.pp | 3 --- playbooks/packstack-centos8-pre.yaml | 2 ++ 4 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp diff --git a/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp b/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp deleted file mode 100644 index a33e79117..000000000 --- a/packstack/puppet/modules/packstack/manifests/cinder/ceilometer.pp +++ /dev/null @@ -1,4 +0,0 @@ -class packstack::cinder::ceilometer () -{ - class { '::cinder::ceilometer': } -} diff --git a/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp b/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp index f32f79873..3ef79abb0 100644 --- a/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp +++ b/packstack/puppet/modules/packstack/manifests/cinder/rabbitmq.pp @@ -33,5 +33,6 @@ kombu_ssl_ca_certs => $kombu_ssl_ca_certs, kombu_ssl_keyfile => $kombu_ssl_keyfile, kombu_ssl_certfile => $kombu_ssl_certfile, + notification_driver => 'messagingv2', } } diff --git a/packstack/puppet/templates/controller.pp b/packstack/puppet/templates/controller.pp index 393d36780..10249c835 100644 --- a/packstack/puppet/templates/controller.pp +++ b/packstack/puppet/templates/controller.pp @@ -42,9 +42,6 @@ include '::packstack::keystone::cinder' include '::packstack::cinder::rabbitmq' include '::packstack::cinder' - if hiera('CONFIG_CEILOMETER_INSTALL') == 'y' { - include '::packstack::cinder::ceilometer' - } if hiera('CONFIG_SWIFT_INSTALL') == 'y' { include '::packstack::cinder::backup' } diff --git a/playbooks/packstack-centos8-pre.yaml b/playbooks/packstack-centos8-pre.yaml index 11645891a..fa717c2a4 100644 --- a/playbooks/packstack-centos8-pre.yaml +++ b/playbooks/packstack-centos8-pre.yaml @@ -15,6 +15,8 @@ set -e set -x rm -rf /etc/yum.repos.d/delorean* + # Remove epel repos + rm -rf /etc/yum.repos.d/epel* dnf clean all sudo sed -i '/^exclude.*/d' /etc/dnf/dnf.conf dnf -y install libxml2-devel libxslt-devel ruby-devel zlib-devel From fad2c393cb7709a38f9389cedcea729720cb841a Mon Sep 17 00:00:00 2001 From: Alfredo Moralejo Date: Thu, 11 Jun 2020 15:41:04 +0200 Subject: [PATCH 011/200] Open Packstack master for Victoria To avoid pushing an artificial alpha tag, following PBR semver keyword bumps major version. See http://docs.openstack.org/developer/pbr/#version Also replacing README.md by rst format as the wheel version in Ubuntu Bionic nodes seems to not work properly with markdown files. Sem-Ver: api-break Change-Id: I76519ef0fe6b5c350b6aec92b204f41e363cf65a --- README.md | 217 ---------------------------------------- README.rst | 288 +++++++++++++++++++++++++++++++++++++++++++++++++++++ setup.cfg | 5 +- 3 files changed, 291 insertions(+), 219 deletions(-) delete mode 100644 README.md create mode 100644 README.rst diff --git a/README.md b/README.md deleted file mode 100644 index 73f33724c..000000000 --- a/README.md +++ /dev/null @@ -1,217 +0,0 @@ -# Packstack - -Utility to install **OpenStack** on **Red Hat** based operating system. See -other branches for older **OpenStack** versions. Details on how to -contribute to **Packstack** may be found in the **Packstack** wiki at - Additional information -about involvement in the community around **Packstack** can be found at - - - -This utility can be used to install **OpenStack** on a single or group of -hosts (over `ssh`). - -This utility is still in the early stages, a lot of the configuration -options have yet to be added. - -## Installation of packstack: - - $ yum install -y git - $ git clone git://github.com/openstack/packstack.git - $ cd packstack && sudo python setup.py install - -## Installation of Puppet modules (REQUIRED if running packstack from source): - - $ export GEM_HOME=/tmp/somedir - $ gem install r10k - $ sudo -E /tmp/somedir/bin/r10k puppetfile install -v - $ sudo cp -r packstack/puppet/modules/packstack /usr/share/openstack-puppet/modules - -### Option 1 (all-in-one) - - $ packstack --allinone - -This will install all **OpenStack** services on a single host without -prompting for any configuration information. This will generate an -"answers" file (`packstack-answers--