diff --git a/api.py b/api.py deleted file mode 100644 index ea6bd6b..0000000 --- a/api.py +++ /dev/null @@ -1,128 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2010 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - - -################### -# To use this script: -# 1. change the 0 to 1 on the line 'if 0' by the comment '# generate' -# 2. run `python api.py` this will generate a trystack.cfg file with empty values -# 3. switch the 1 back to a 0 -# 4. edit the trystack.cfg file with appropriate values -# 5. edit the user and password and url around line 40 to point to foreman -# 6. run `python api.py` -# 7. repeat 5 & 6 as nessesary -################## - - - - -import ConfigParser -import json -import base64 -import httplib2 - -from urllib import urlencode - -defaults = { -'public_ip': '', 'private_ip': '', 'mysql_ip': '', -'qpid_ip': '', 'public_fqdn': '', 'admin_user': '', -'admin_tenant': '', 'admin_email': '', -'admin_password': '', 'mysql_root_password': '', -'trystack_db_password': '', 'horizon_secret_key': '', -'facebook_app_id': '', 'facebook_app_secret': '', -'member_user_role': '', 'neutron_user_password': '', -'nagios_ip': '', 'nagios_password': '', 'nagios_user': '', -'neutron_ip': '', 'neutron_db_password': '', 'neutron_metadata_auth_password': '', -'neutron_metadata_shared_secret': '', 'keystone_admin_token': '', -'keystone_db_password': '', -'swift_admin_password': '', 'swift_shared_secret': '', -'ceilometer_metering_secret': '', 'ceilometer_user_password': '', -'cinder_user_password': '', 'cinder_db_password': '', -'glance_user_password': '', 'glance_db_password': '', -'nova_user_password': '', 'nova_db_password': ''} - -# Get Config File -config = ConfigParser.SafeConfigParser(defaults) - -# generate -if 1: - cfgfile = open("trystack.cfg.new", 'w') - cfgfile.add_section('NAGIOS') - cfgfile.set('NAGIOS','user', 'admin') - cfgfile.set('NAGIOS','password', 'changeme') - config.write(cfgfile) - exit() - - -config.read('trystack.cfg') - -nagios_creds = { - 'user': config.get('NAGIOS', 'user'), - 'password': config.get('NAGIOS', 'password'), -} - -# Get common paramters -h = httplib2.Http(".cache", disable_ssl_certificate_validation=True) -#h.add_credentials('admin', 'changeme') ## Doesn't work, workaround on next line! -auth = base64.encodestring('%s:%s' % (nagios_creds['user'], nagios_creds['password'])) -# /api/common_parameters seemed to be limiting results to max 20 paramters -# I tried disabling this limit with page and per_page to no avail -# hack fix is to pass a number large enough that there should never be more than -# that number of parameters in the list. -resp, content = h.request("https://localhost/api/common_parameters?per_page=10000", "GET", - headers={'Accept': 'application/json', - 'Content-Type': 'application/json; charset=UTF-8', - 'Authorization': 'Basic ' + auth }) - -if resp.status != 200: - print resp, content -else: - parameters = {} - json_parameters = json.loads(content) - for p in json_parameters: - parameters[p['common_parameter']['name']] = {'id': p['common_parameter']['id'], 'value': p['common_parameter']['value']} - #print parameters - - -# start update -items = {} -for k,v in config.items('DEFAULT'): - items[k] = v - -for k in items: - if k not in parameters: - resp, content = h.request("https://localhost/api/common_parameters", "POST", - headers={'Accept': 'application/json', - 'Content-Type': 'application/json; charset=UTF-8', - 'Authorization': 'Basic ' + auth }, - body=json.dumps({'common_parameter': {'name': k, 'value': items[k]}})) - print 'Add', k, resp.status - if resp.status != 200: - print resp, content - if k in parameters and parameters[k]['value'] != items[k]: - id = parameters[k]['id'] - resp, content = h.request("https://localhost/api/common_parameters/%s" % id, "PUT", - headers={'Accept': 'application/json', - 'Content-Type': 'application/json; charset=UTF-8', - 'Authorization': 'Basic ' + auth }, - body=json.dumps({'common_parameter': {'id': id, 'name': k, 'value': items[k]}})) - print 'Update', k, resp.status - if resp.status != 200: - print resp, content - diff --git a/files/check_df_var b/files/check_df_var deleted file mode 100644 index c5dbbf8..0000000 --- a/files/check_df_var +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor nic em2 - -percent=`df /var/ | sed -re 's/.* ([0-9]+)%.*/\\1/' | grep -E '^[0-9]'` - - -echo "$percent%" -if [ $percent -gt 90 ] -then - exit 2 -elif [ $percent -gt 80 ] -then - exit 1 -else - exit 0 -fi diff --git a/files/check_em2_down b/files/check_em2_down deleted file mode 100644 index 1b496fd..0000000 --- a/files/check_em2_down +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor nic em2 - - -if /sbin/ip a show em2 | /usr/bin/wc -l | /bin/grep 2 > /dev/null; then - echo 'em2 is down' - exit 0 -else - echo 'em2 is up' - exit 2 -fi diff --git a/files/check_glusterfs b/files/check_glusterfs deleted file mode 100644 index 124aa66..0000000 --- a/files/check_glusterfs +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/bash - -# This Nagios script was written against version 3.3 & 3.4 of Gluster. Older -# versions will most likely not work at all with this monitoring script. -# -# Gluster currently requires elevated permissions to do anything. In order to -# accommodate this, you need to allow your Nagios user some additional -# permissions via sudo. The line you want to add will look something like the -# following in /etc/sudoers (or something equivalent): -# -# Defaults:nagios !requiretty -# nagios ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [[\:graph\:]]* detail,/usr/sbin/gluster volume heal [[\:graph\:]]* info -# -# That should give us all the access we need to check the status of any -# currently defined peers and volumes. - -# Inspired by a script of Mark Nipper -# -# 2013, Mark Ruys, mark.ruys@peercode.nl - -PATH=/sbin:/bin:/usr/sbin:/usr/bin - -PROGNAME=$(basename -- $0) -PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` -REVISION="1.0.0" - -. $PROGPATH/utils.sh - -# parse command line -usage () { - echo "" - echo "USAGE: " - echo " $PROGNAME -v VOLUME -n BRICKS [-w GB -c GB]" - echo " -n BRICKS: number of bricks" - echo " -w and -c values in GB" - exit $STATE_UNKNOWN -} - -while getopts "v:n:w:c:" opt; do - case $opt in - v) VOLUME=${OPTARG} ;; - n) BRICKS=${OPTARG} ;; - w) WARN=${OPTARG} ;; - c) CRIT=${OPTARG} ;; - *) usage ;; - esac -done - -if [ -z "${VOLUME}" -o -z "${BRICKS}" ]; then - usage -fi - -Exit () { - $ECHO "$1: ${2:0}" - status=STATE_$1 - exit ${!status} -} - -# check for commands -for cmd in basename bc awk sudo pidof gluster; do - if ! type -p "$cmd" >/dev/null; then - Exit UNKNOWN "$cmd not found" - fi -done - -# check for glusterd (management daemon) -if ! pidof glusterd &>/dev/null; then - Exit CRITICAL "glusterd management daemon not running" -fi - -# check for glusterfsd (brick daemon) -if ! pidof glusterfsd &>/dev/null; then - Exit CRITICAL "glusterfsd brick daemon not running" -fi - -# get volume heal status -heal=0 -for entries in $(sudo gluster volume heal ${VOLUME} info | grep `hostname -s` -A 1 | awk '/^Number of entries: /{print $4}'); do - if [ "$entries" -gt 0 ]; then - let $((heal+=entries)) - fi -done -if [ "$heal" -gt 0 ]; then - errors=("${errors[@]}" "$heal unsynced entries") -fi - -# get volume status -bricksfound=0 -freegb=9999999 -shopt -s nullglob -while read -r line; do - field=($(echo $line)) - case ${field[0]} in - Brick) - brick=${field[@]:2} - ;; - Disk) - key=${field[@]:0:3} - if [ "${key}" = "Disk Space Free" ]; then - freeunit=${field[@]:4} - #free=${freeunit:0:-2} - free=${freeunit%'GB'} - unit=${freeunit#$free} - if [ "$unit" != "GB" ]; then - Exit UNKNOWN "unknown disk space size $freeunit" - fi - free=$(echo "${free} / 1" | bc -q) - if [ $free -lt $freegb ]; then - freegb=$free - fi - fi - ;; - Online) - online=${field[@]:2} - if [ "${online}" = "Y" ]; then - let $((bricksfound++)) - else - errors=("${errors[@]}" "$brick offline") - fi - ;; - esac -done < <(sudo gluster volume status ${VOLUME} detail) - -if [ $bricksfound -eq 0 ]; then - Exit CRITICAL "no bricks found" -elif [ $bricksfound -lt $BRICKS ]; then - errors=("${errors[@]}" "found $bricksfound bricks, expected $BRICKS ") -fi - -if [ -n "$CRIT" -a -n "$WARN" ]; then - if [ $CRIT -ge $WARN ]; then - Exit UNKNOWN "critical threshold below warning" - elif [ $freegb -lt $CRIT ]; then - Exit CRITICAL "free space ${freegb}GB" - elif [ $freegb -lt $WARN ]; then - errors=("${errors[@]}" "free space ${freegb}GB") - fi -fi - -# exit with warning if errors -if [ -n "$errors" ]; then - sep='; ' - msg=$(printf "${sep}%s" "${errors[@]}") - msg=${msg:${#sep}} - - Exit WARNING "${msg}" -fi - -# exit with no errors -Exit OK "${bricksfound} bricks; free space ${freegb}GB" diff --git a/files/check_glusterfs_orig b/files/check_glusterfs_orig deleted file mode 100644 index 5320533..0000000 --- a/files/check_glusterfs_orig +++ /dev/null @@ -1,149 +0,0 @@ -#!/bin/bash - -# This Nagios script was written against version 3.3 & 3.4 of Gluster. Older -# versions will most likely not work at all with this monitoring script. -# -# Gluster currently requires elevated permissions to do anything. In order to -# accommodate this, you need to allow your Nagios user some additional -# permissions via sudo. The line you want to add will look something like the -# following in /etc/sudoers (or something equivalent): -# -# Defaults:nagios !requiretty -# nagios ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [[\:graph\:]]* detail,/usr/sbin/gluster volume heal [[\:graph\:]]* info -# -# That should give us all the access we need to check the status of any -# currently defined peers and volumes. - -# Inspired by a script of Mark Nipper -# -# 2013, Mark Ruys, mark.ruys@peercode.nl - -PATH=/sbin:/bin:/usr/sbin:/usr/bin - -PROGNAME=$(basename -- $0) -PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` -REVISION="1.0.0" - -. $PROGPATH/utils.sh - -# parse command line -usage () { - echo "" - echo "USAGE: " - echo " $PROGNAME -v VOLUME -n BRICKS [-w GB -c GB]" - echo " -n BRICKS: number of bricks" - echo " -w and -c values in GB" - exit $STATE_UNKNOWN -} - -while getopts "v:n:w:c:" opt; do - case $opt in - v) VOLUME=${OPTARG} ;; - n) BRICKS=${OPTARG} ;; - w) WARN=${OPTARG} ;; - c) CRIT=${OPTARG} ;; - *) usage ;; - esac -done - -if [ -z "${VOLUME}" -o -z "${BRICKS}" ]; then - usage -fi - -Exit () { - $ECHO "$1: ${2:0}" - status=STATE_$1 - exit ${!status} -} - -# check for commands -for cmd in basename bc awk sudo pidof gluster; do - if ! type -p "$cmd" >/dev/null; then - Exit UNKNOWN "$cmd not found" - fi -done - -# check for glusterd (management daemon) -if ! pidof glusterd &>/dev/null; then - Exit CRITICAL "glusterd management daemon not running" -fi - -# check for glusterfsd (brick daemon) -if ! pidof glusterfsd &>/dev/null; then - Exit CRITICAL "glusterfsd brick daemon not running" -fi - -# get volume heal status -heal=0 -for entries in $(sudo gluster volume heal ${VOLUME} info | awk '/^Number of entries: /{print $4}'); do - if [ "$entries" -gt 0 ]; then - let $((heal+=entries)) - fi -done -if [ "$heal" -gt 0 ]; then - errors=("${errors[@]}" "$heal unsynched entries") -fi - -# get volume status -bricksfound=0 -freegb=9999999 -shopt -s nullglob -while read -r line; do - field=($(echo $line)) - case ${field[0]} in - Brick) - brick=${field[@]:2} - ;; - Disk) - key=${field[@]:0:3} - if [ "${key}" = "Disk Space Free" ]; then - freeunit=${field[@]:4} - free=${freeunit:0:-2} - unit=${freeunit#$free} - if [ "$unit" != "GB" ]; then - Exit UNKNOWN "unknown disk space size $freeunit" - fi - free=$(echo "${free} / 1" | bc -q) - if [ $free -lt $freegb ]; then - freegb=$free - fi - fi - ;; - Online) - online=${field[@]:2} - if [ "${online}" = "Y" ]; then - let $((bricksfound++)) - else - errors=("${errors[@]}" "$brick offline") - fi - ;; - esac -done < <(sudo gluster volume status ${VOLUME} detail) - -if [ $bricksfound -eq 0 ]; then - Exit CRITICAL "no bricks found" -elif [ $bricksfound -lt $BRICKS ]; then - errors=("${errors[@]}" "found $bricksfound bricks, expected $BRICKS ") -fi - -if [ -n "$CRIT" -a -n "$WARN" ]; then - if [ $CRIT -ge $WARN ]; then - Exit UNKNOWN "critical threshold below warning" - elif [ $freegb -lt $CRIT ]; then - Exit CRITICAL "free space ${freegb}GB" - elif [ $freegb -lt $WARN ]; then - errors=("${errors[@]}" "free space ${freegb}GB") - fi -fi - -# exit with warning if errors -if [ -n "$errors" ]; then - sep='; ' - msg=$(printf "${sep}%s" "${errors[@]}") - msg=${msg:${#sep}} - - Exit WARNING "${msg}" -fi - -# exit with no errors -Exit OK "${bricksfound} bricks; free space ${freegb}GB" diff --git a/files/check_gre_tunnels_exist b/files/check_gre_tunnels_exist deleted file mode 100644 index b02f35d..0000000 --- a/files/check_gre_tunnels_exist +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor nic em2 - -ct=`sudo /usr/bin/ovs-vsctl show | grep remote_ip | wc -l` - - -echo "$ct tunnels" -if [ $ct -lt 10 ] -then - exit 2 -else - exit 0 -fi diff --git a/files/check_mnt_trystack b/files/check_mnt_trystack deleted file mode 100644 index 77697d2..0000000 --- a/files/check_mnt_trystack +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor glance gluster mount - -data=$(/bin/mount | /bin/grep '/mnt/trystack') -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit 2 -fi - -echo "$data" # | grep -v -e "^ID " -e "---------------" | wc -l - diff --git a/files/check_puppet_agent b/files/check_puppet_agent deleted file mode 100644 index d95b584..0000000 --- a/files/check_puppet_agent +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor Puppet agent state - -data=$(/sbin/service puppet status) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit 2 -fi - -echo "$data" # | grep -v -e "^ID " -e "---------------" | wc -l - diff --git a/files/check_service b/files/check_service deleted file mode 100644 index 346f8c6..0000000 --- a/files/check_service +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash -# Nagios plugin to monitor Puppet agent state - -data=$(sudo /sbin/service $1 status) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit 2 -fi - -echo "$data" # | grep -v -e "^ID " -e "---------------" | wc -l - diff --git a/files/cinder-list b/files/cinder-list deleted file mode 100644 index 08ecd3b..0000000 --- a/files/cinder-list +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - -data=$(cinder list --all-tenants 2>&1) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit $rv -fi - -echo "$data" | grep -v -e '--------' -e ' Status ' | wc -l - diff --git a/files/etc.hosts b/files/etc.hosts new file mode 100644 index 0000000..1e6014c --- /dev/null +++ b/files/etc.hosts @@ -0,0 +1,6 @@ +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +10.1.254.2 control.example.com control +10.1.254.4 network.example.com control +10.1.254.5 compute1.example.com control +10.1.254.8 compute2.example.com control diff --git a/files/glance-index b/files/glance-index deleted file mode 100644 index 2407ece..0000000 --- a/files/glance-index +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - -data=$(glance image-list --all-tenants 2>&1) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit $rv -fi - -echo "$data" | grep -v -e "^ID " -e "---------------" | wc -l diff --git a/files/heat-stack-list b/files/heat-stack-list deleted file mode 100644 index ade2f9a..0000000 --- a/files/heat-stack-list +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - -data=$(heat stack-list 2>&1) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit $rv -fi - -echo "$data" | grep -v -e '--------' -e ' Status ' | wc -l - diff --git a/files/hosts b/files/hosts deleted file mode 100644 index f717f35..0000000 --- a/files/hosts +++ /dev/null @@ -1,20 +0,0 @@ -127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 -::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 -10.100.0.1 host1.x86.trystack.org host1 -10.100.0.2 host2.x86.trystack.org host2 -10.100.0.3 host3.x86.trystack.org host3 -10.100.0.4 host4.x86.trystack.org host4 -10.100.0.5 host5.x86.trystack.org host5 -10.100.0.6 host6.x86.trystack.org host6 -10.100.0.7 host7.x86.trystack.org host7 -10.100.0.8 host8.x86.trystack.org host8 -10.100.0.9 host9.x86.trystack.org host9 -10.100.0.10 host10.x86.trystack.org host10 -10.100.0.11 host11.x86.trystack.org host11 -10.100.0.12 host12.x86.trystack.org host12 -10.100.0.13 host13.x86.trystack.org host13 -10.100.0.14 host14.x86.trystack.org host14 -10.100.0.15 host15.x86.trystack.org host15 -10.100.0.16 host16.x86.trystack.org host16 -10.100.0.17 host17.x86.trystack.org host17 -10.100.0.18 host18.x86.trystack.org host18 diff --git a/files/keystone-dist-paste.ini b/files/keystone-dist-paste.ini deleted file mode 100644 index ffc4ad8..0000000 --- a/files/keystone-dist-paste.ini +++ /dev/null @@ -1,115 +0,0 @@ -# Keystone PasteDeploy configuration file. - -[filter:debug] -paste.filter_factory = keystone.common.wsgi:Debug.factory - -[filter:build_auth_context] -paste.filter_factory = keystone.middleware:AuthContextMiddleware.factory - -[filter:token_auth] -paste.filter_factory = keystone.middleware:TokenAuthMiddleware.factory - -[filter:admin_token_auth] -paste.filter_factory = keystone.middleware:AdminTokenAuthMiddleware.factory - -[filter:xml_body] -paste.filter_factory = keystone.middleware:XmlBodyMiddleware.factory - -[filter:xml_body_v2] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV2.factory - -[filter:xml_body_v3] -paste.filter_factory = keystone.middleware:XmlBodyMiddlewareV3.factory - -[filter:json_body] -paste.filter_factory = keystone.middleware:JsonBodyMiddleware.factory - -[filter:user_crud_extension] -paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory - -[filter:crud_extension] -paste.filter_factory = keystone.contrib.admin_crud:CrudExtension.factory - -[filter:ec2_extension] -paste.filter_factory = keystone.contrib.ec2:Ec2Extension.factory - -[filter:ec2_extension_v3] -paste.filter_factory = keystone.contrib.ec2:Ec2ExtensionV3.factory - -[filter:federation_extension] -paste.filter_factory = keystone.contrib.federation.routers:FederationExtension.factory - -[filter:oauth1_extension] -paste.filter_factory = keystone.contrib.oauth1.routers:OAuth1Extension.factory - -[filter:s3_extension] -paste.filter_factory = keystone.contrib.s3:S3Extension.factory - -[filter:endpoint_filter_extension] -paste.filter_factory = keystone.contrib.endpoint_filter.routers:EndpointFilterExtension.factory - -[filter:simple_cert_extension] -paste.filter_factory = keystone.contrib.simple_cert:SimpleCertExtension.factory - -[filter:revoke_extension] -paste.filter_factory = keystone.contrib.revoke.routers:RevokeExtension.factory - -[filter:url_normalize] -paste.filter_factory = keystone.middleware:NormalizingFilter.factory - -[filter:sizelimit] -paste.filter_factory = keystone.middleware:RequestBodySizeLimiter.factory - -[filter:stats_monitoring] -paste.filter_factory = keystone.contrib.stats:StatsMiddleware.factory - -[filter:stats_reporting] -paste.filter_factory = keystone.contrib.stats:StatsExtension.factory - -[filter:access_log] -paste.filter_factory = keystone.contrib.access:AccessLogMiddleware.factory - -[filter:facebook_mw] -paste.filter_factory = horizon.facebook.middleware:ServiceTokenMiddleware.factory - -[app:public_service] -paste.app_factory = keystone.service:public_app_factory - -[app:service_v3] -paste.app_factory = keystone.service:v3_app_factory - -[app:admin_service] -paste.app_factory = keystone.service:admin_app_factory - -[pipeline:public_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body ec2_extension user_crud_extension public_service - -[pipeline:admin_api] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v2 json_body facebook_mw ec2_extension s3_extension crud_extension admin_service - -[pipeline:api_v3] -pipeline = sizelimit url_normalize build_auth_context token_auth admin_token_auth xml_body_v3 json_body facebook_mw ec2_extension_v3 s3_extension simple_cert_extension service_v3 - -[app:public_version_service] -paste.app_factory = keystone.service:public_version_app_factory - -[app:admin_version_service] -paste.app_factory = keystone.service:admin_version_app_factory - -[pipeline:public_version_api] -pipeline = sizelimit url_normalize xml_body public_version_service - -[pipeline:admin_version_api] -pipeline = sizelimit url_normalize xml_body admin_version_service - -[composite:main] -use = egg:Paste#urlmap -/v2.0 = public_api -/v3 = api_v3 -/ = public_version_api - -[composite:admin] -use = egg:Paste#urlmap -/v2.0 = admin_api -/v3 = api_v3 -/ = admin_version_api diff --git a/files/neutron-external-port-count b/files/neutron-external-port-count deleted file mode 100755 index 18ce833..0000000 --- a/files/neutron-external-port-count +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - -data=$(neutron port-list | grep 8.21.28 2>&1) -rv=$? -count=`echo "$data" | grep -v -e "^ID " -e "---------------" | wc -l` - -if [ "$rv" != "0" ] ; then - echo $data - exit $rv -elif [ $count -gt 180 ] -then - echo $count - exit 1 -elif [ $count -gt 190 ] -then - echo $count - exit 2 -fi - -echo $count diff --git a/files/neutron-floatingip-list b/files/neutron-floatingip-list deleted file mode 100755 index 78ee529..0000000 --- a/files/neutron-floatingip-list +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - -data=$(neutron floatingip-list --all-tenants 2>&1) -rv=$? - -if [ "$rv" != "0" ] ; then - echo $data - exit $rv -fi - -echo "$data" | grep -v -e "^ID " -e "---------------" | wc -l diff --git a/files/nova-list b/files/nova-list deleted file mode 100755 index 6899e5b..0000000 --- a/files/nova-list +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/env bash - -. /etc/nagios/keystonerc_admin - - -critical=125 -warning=120 - -data=$(nova list --all-tenants 2>&1) -rv=$? -count=`echo "$data" | grep -v -e '--------' -e '| Status |' -e '^$' | wc -l` - -if [ "$rv" != "0" ] ; then - echo "CRITICAL: $data" - exit $rv -elif [[ $count -gt $critical ]] ; then - echo "CRITICAL: $count" - exit 2 -elif [[ $count -gt $warning ]] ; then - echo "WARNING: $count" - exit 1 -fi - - -task_state=`echo "$data" | grep -e 'rebooting' -e 'deleting' -e 'powering-off' | wc -l` -task_state_perc=`bc -l <<< "$task_state/$count"*100` -if [[ ${task_state_perc%.*} -gt 20 ]] ; then - echo "WARNING: Non-None Task State ${task_state_perc%.*}%" - exit 1 -fi - -echo "OK: $count" diff --git a/files/ssh_authorized_keys b/files/ssh_authorized_keys deleted file mode 100644 index 7904e18..0000000 --- a/files/ssh_authorized_keys +++ /dev/null @@ -1,10 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxuRXLb2Y8NOGGE+4NZKZmYY13+NSZp3ewSkTMVEA0kJtF7UU9hslfT8CwI8mNyCuqQhzjiGWooG/jWAfu3W68pgbg+SLw7o3zKJFHnUQ6Tk5DrHJiXGH9SrruZmgli6xuEyG46oEWaGQnogDnr1syEUYIcX1hoeyIIPBxxAlcXv7BHFWDexjl/xz0j0whEEEcuzCNCCvW9cgEeq3x7jARrfH63TPNGIMni1nRJMV7kRtsla0vKdhYShJe8mapsn/h7YYhSOzartz/0AexA4hrqqYPJY5HmQT/2ZvpduxnywLrhx1m5mnNr2Z+NKzg0OZ997DLVHXv/IDJHu7M7D05 nati@Nachi-no-MacBook-Pro.local -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAooZCgmuq+1m72VEU1TH071wftY0lBiuQZ1hI8EZngieUV4ELv39jHSTfbTZATqPIC4/3g+SXcOmJ/73PBHBA9bPAx8/0eDKhKxgxLnIA2P7eDzm7JuBSEWtWZaXFy/Z3RoBVakSCVAaS4auhO05JhF3ZrepOFdw2VW8DRuWOkj1PdnwlZE2HnAxrswdOuYHhXgsrytAhbSz7CvJ4RpIvLQVizNXYyJF8vzXEwEzR7AyRkvfEUERGJ2DHOesqhw/QOUJA8bjUV3e9Y0fXo00OAXAV+EK2OP6ss+8D/Plj0QmsvAnwZukJfljfl27kV5Xg3tudCSVkjj1y6JZNlxB5cw== alo@ferrari -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw2G6KB4m2o8Vzh+uYl6ERniEy80RaLggoYN/aAo51swhY54iH97KISqMr/Sr26uROm2Wo25O2hy89kVqSv4iDsFK4VNHcqfOeZVhKtidNHYMy8m4uaFw7KUkmcfnyR/5QPKiWrZhf/Nm/0bvoDITxd75JOznCzDgnloBQZLoiFKqSrJYYG+XLUveXeiC3GgcELUDNzKhyFDnDADDWd2fR/9Ay0IlyOpzJFZDh4EEymfAXG0RNyC+Xh3RtqsraJN+i5Cd/v+k/EI0GcSpjQhLAAipARpKESxtlFJWFvu2YRpZ2KPYKlTZ67q7J/PQurvXSdGk/ujmKNJ2+D6czdqMrQ== root@host1.trystack.org -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJNWixJkBbhGSK4ITe9yw8mLZvkuajvGB677mbpA9R0cFv9halitXKGUTU+p3ajZIHJdOyoUsAlWbOEWhTsMIlLVf2XPoHgVW2os1WvBOuqEQKkkR6itYRFM7ZInghNjfEgpYy/o32OdmdOBB6udQi7KTO7p6DSyVinL/vU1MBhqDSlC3I2Cz0shD+1lOjw29nA7eAoVu6/cXjMzXLdOy8A+QJWMUxjQTAxeV734ohj53FQKG3/I36zDChJ5KD8M6M2BI6Cla6IO+AsY2cOixdEIDUBWhl8zbNTWY4TM3YRFhE7uZff6wQu3gbPgk46QEQdfXCIBJiLYmX8bRecpYJ dradez@tirreno.rdu.redhat.com -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpuFAW1jSKNqD+vTW+2HMuL4WO9eYpAVGB3c9+UFVSHdXsk0esYMR25/EPv+ntyABgsxjy4gIaGGcUvNhyouz+GOQDK2+DeduxT+Ppy5FFqjoDAXL1xZnMgpt05IkyXh5rJUANRlNuSHw0hPX6LpAsmp5JYgWPxJqObAY8PjmidJSQig+jDRO1Abjwvy04ACQl5CKlXZg6tg4eUicC1H8Xi8lTRzB5lMjKw1NjIxVxSz3NWBT4QbiiHKYDT4wDNXGD/3heHWPPXCEb2R70Jr0YuCHEDhgAYQ3HJbu/45bDXxVsnLSepa1DKHQCKG+B1vogl15YAGF4peDVyeSmJXuH gilles@redhat.com -ssh-dss AAAAB3NzaC1kc3MAAACBAP8SKEaG3r6dfiYHmEPF4sby+8rTXEGGfFqv7oUE2R0SerO/RiFjvXm95zv7cXWF+YGhueLiPzUJhHnoQwhJlMKSyk+MxwwxHfohc+pgUTdcIYiefPhILDClv+NvWFNu3Ppd0+JkryB1DO0trkcUUtxvThl1j3R63r7ayLKglaMzAAAAFQDjIaFqbXyKPBv4Al9f97Jx4Z6d/wAAAIAWCvwGCd5Rx93BugzQ5nJo6qB0//4TFsUARjHHjwzuj1sXEsJKvf1+VAkNRANatNjqbt9/fMcTGjxjlpmDCHgYzrOutxaSoohQi3HhLavN4cI+tz1PI0GWqLSpSByhsKURg++FeNMXUlEGhHx9Y37g6NZKy4Vmn+Bzlh3hvj6wbQAAAIAU5TfHkvMOkm1oq7NIgZJrKvR2u8IocRlAFv6BdYhGVCwnPFVbvnM6h//n2eQATf1ASv7G/k0CqaXD1d90Fj7w5bLaYHSfqy08Jn81URETbzpXI0XlKAVCw5pONpFv7bmaq/MjCTHsY/H86n2c0CgbXm0P3ZQ478FAEybhRSzyBA== kambiz@destiny -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIU6UKdCFt/vNQhyE1lylHB9WYBXv6f9BJ267lMTCjYzTeD2mLP/WDFGLGb1MHu5S1g6dM+0GvqMdYNsnXXL1h2wHx5WE96YdN6sj7V0MGmBwJ0snSU4E+xFoe+eYdYolrCQpZ21ZIn0YQurg3Fg5fAQBbYAWjzXtQpLVCKmJGZldcx9qW+ET5KVaKPKVsowFRM4+hg/Y2PqYdeViXqCLjktQ76laQ3wLvOTJ6eed8z7oEf0D1mu0EbGmYJGXimx78pRslcJBQDqbJmvj9fI51UVk9oSscKaQu6Y5h45JPCkXkDR8NpZdfRcd7Mm0KYLQpUTJPQHgAVRyWIJzMKDP9 radez-connectbot -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtX0bAdKVSDeQa4PCN4bLLAqjR0DExUB1lhG1q4jPf9tWwWJ1cRqG3wn7CEqlItiankKdqd+8eZHTGgmBft761il8eRkwNHIFrW+jPzOL8MdPOK66TXUo0myNO/9XhjiXtwR4VkANjAqJUFXTkgSXj9nz0rkrHGVYYWvPBvg5KiZm5/ba+ndvyQWc5vDhv8dIKo17uZ5DC6DOcCQs4y6QhYxxVAiqIZaFeFkgRw4Ebkx+MhZ1VrVByOC2PZtj2drwGAa7ItX2i4idIaKTRBI9pehL4ay4NGbzdUeEP304XTukO8A/q0rCstZEGLqxXgzTaAXTI6DJ0iS8Y0QNk5vwnxBvDBE2oOuZFguQFyNAOkvy+61Tnp6waE05Ss/ZU3J861+fiCJJ1o3waas80qOAIwVTaIwGQ/FTJngZutRcLkdTC21+qaRbW9ZbTIG+bUp1NKAhj84HSsNc8CTcwNEcv8nwi0Cy4ZXY88+DcO5n6CmFFOm7sXTr0umrhBsKThhkCfFrzN8YTuu3KOcr+vVgZWcEJG+vRSXyl3onFLe+f24Xm77cBE5qNleFns7hkPZxRqEznCkznSumxxdSxbAB9mb2vP3uy1qzk3yQsifatzX3qANWrNgjQlALFXEf95woncUY+VA95Y028YM0/ojpi57jq7wHImh9iqzli20G9RE= wfoster@cadiz.rdu.redhat.com -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAypATPuTZBTYQsUNJFGvQnING14NrBx3Sxwr6e3nGK4HQgbL2Zne6aZG5U4IGikLPHifBPL5aFbY0sQ4O2AkHXA4QrtUp4aqg4prO/t8qD/YMmI1rtwc0PiSHMZR9KnT8z94JOUVmkO5qWEydKBrNKVl8OWyuHfg+Ctval6Yb8LF/ngeXT8BGBbkFGxgeWomvnY8jdwFVNbzsnqVU3vb6NR7+/ff57pebqsuGzSpg8C+8T1JH/5ISus5sEj2l8S+yGEs0TRPgA5SoGebt/OlGMw7irNlB7WbmTIhY4lsIqpjXHF99narGS6kzjke/uolI8R/Ol7sT2hSfboGhzUlJHQ== whayutin@whayutin.rdu.redhat.com -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDLp0tqdJTMn9nWw4m4b5ovPhJ73LGzO81A37k2MzKFzw/3wre/DWUMwNjDBlRWgpl/9WuowuEBkK41Wz7PirBGnjxreSBR0lLumeRQql43OwYig1Iu6Y7FacAIDsJusKti76y2JkUa5B6M+PCJvDBeixtHCFgmf6rSqz54AvnXzGBb7lR2cywkvAM+vMyKKFw9SkxKAKy+TnFCq+P2HWAbsuGKrjcZw9YeBSBwPH2k9S7KHcGCt/Kjv7P6/cHKrD68i3i1luiHwFyqipzdFtgqfUBnwzoQa9sl7Jh4ioBBFIOLy6lIOIMFDmr3TCVFit8lGWyv7TuhAwVhYCq3s043 jtaleric@redhat.com diff --git a/files/ssl.conf b/files/ssl.conf deleted file mode 100644 index 96f9537..0000000 --- a/files/ssl.conf +++ /dev/null @@ -1,222 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex default - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - - - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog logs/ssl_error_log -TransferLog logs/ssl_access_log -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/pki/tls/certs/x86.trystack.org.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/pki/tls/private/x86.trystack.org.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -# -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -# - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire - - SSLOptions +StdEnvVars - - - SSLOptions +StdEnvVars - - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -SetEnvIf User-Agent ".*MSIE.*" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog logs/ssl_request_log \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - - - diff --git a/files/ssl_redirect.conf b/files/ssl_redirect.conf deleted file mode 100644 index eaa7379..0000000 --- a/files/ssl_redirect.conf +++ /dev/null @@ -1,4 +0,0 @@ - - RedirectMatch ^/(.*) https://x86.trystack.org/$1 - - diff --git a/files/sudoers.d_nrpe b/files/sudoers.d_nrpe deleted file mode 100644 index b3ffdb9..0000000 --- a/files/sudoers.d_nrpe +++ /dev/null @@ -1,2 +0,0 @@ -Defaults:nrpe !requiretty -nrpe ALL=(root) NOPASSWD:/usr/sbin/gluster volume status [[\:graph\:]]* detail,/usr/sbin/gluster volume heal [[\:graph\:]]* info,/sbin/service [[\:graph\:]]* status,/usr/bin/ovs-vsctl show diff --git a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html b/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html deleted file mode 100644 index d33ff0b..0000000 --- a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html +++ /dev/null @@ -1,43 +0,0 @@ -{% extends "horizon/common/_modal_form.html" %} -{% load i18n %} -{% load url from future %} - -{% block modal-header %} -
- FAQ: use before you ask on Facebook:
TryStack FAQ
- Use this video to get started:
http://youtu.be/EPZPzXSypl4
- #trystack on freenode -
 
- Login with Facebook -
 
- or -
 
-
-{% trans "Log In" %}{% endblock %} - -{% block modal_class %}login {% if hide %}modal hide{% endif %}{% endblock %} - -{% block form_action %}{% url 'login' %}{% endblock %} -{% block autocomplete %}{{ HORIZON_CONFIG.password_autocomplete }}{% endblock %} - -{% block modal-body %} -
- {% if request.user.is_authenticated and 'next' in request.GET %} -
-

{% trans "You do not have permission to access the resource:" %}

-

{{ request.GET.next }}

-

{% url 'horizon:user_home' as home_url %}{% blocktrans %}Login as different user or go back to home page{% endblocktrans %}

- -
- {% endif %} - {% if request.COOKIES.logout_reason %} -
-

{{ request.COOKIES.logout_reason }}

 -
- {% endif %} - {% if next %}{% endif %} - {% include "horizon/common/_form_fields.html" %} -
-{% endblock %} - -{% block modal-footer %} - -{% endblock %} diff --git a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html.folsom b/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html.folsom deleted file mode 100644 index 73d2bf3..0000000 --- a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html.folsom +++ /dev/null @@ -1,23 +0,0 @@ -{% extends "horizon/common/_modal_form.html" %} -{% load i18n %} - -{% block modal-header %} -
- Login with Facebook -
 
- or -
 
-
-{% trans "Log In" %}{% endblock %} -{% block modal_class %}login {% if hide %}modal hide{% endif %}{% endblock %} - -{% block form_action %}{% url login %}{% endblock %} - -{% block modal-body %} -
- {% if next %}{% endif %} - {% include "horizon/common/_form_fields.html" %} -
-{% endblock %} - -{% block modal-footer %} - -{% endblock %} diff --git a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/login.html b/files/usr/lib/python2.6/site-packages/horizon/templates/auth/login.html deleted file mode 100644 index d3bf879..0000000 --- a/files/usr/lib/python2.6/site-packages/horizon/templates/auth/login.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends "base.html" %} -{% load i18n %} - -{% block title %}{% trans "Login" %}{% endblock %} - -{% block body_id %}splash{% endblock %} - -{% block content %} - {% include 'horizon/_messages.html' %} - {% include 'auth/_login.html' %} -{% endblock %} diff --git a/files/usr/lib/python2.6/site-packages/horizon/templates/splash.html b/files/usr/lib/python2.6/site-packages/horizon/templates/splash.html deleted file mode 100644 index c0661fc..0000000 --- a/files/usr/lib/python2.6/site-packages/horizon/templates/splash.html +++ /dev/null @@ -1,20 +0,0 @@ -{% load i18n branding %} - - - - - - {% include "horizon/_custom_meta.html" %} - {% trans "Login" %} - {% site_branding %} - {% include "_stylesheets.html" %} - {% include "horizon/_custom_head_js.html" %} - - -
-
- {% include 'horizon/_messages.html' %} - {% include 'auth/_login.html' %} -
-
- - diff --git a/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py b/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py deleted file mode 100644 index aefe2bf..0000000 --- a/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py +++ /dev/null @@ -1,224 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Copyright 2012 Nebula, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import logging -import os -import sys -import warnings - -from openstack_dashboard import exceptions - -warnings.formatwarning = lambda message, category, *args, **kwargs: \ - '%s: %s' % (category.__name__, message) - -ROOT_PATH = os.path.dirname(os.path.abspath(__file__)) -BIN_DIR = '/usr/bin' - -if ROOT_PATH not in sys.path: - sys.path.append(ROOT_PATH) - -DEBUG = False -TEMPLATE_DEBUG = DEBUG - -SITE_BRANDING = 'OpenStack Dashboard' - -WEBROOT = '/dashboard' -LOGIN_URL = WEBROOT + '/auth/login/' -LOGOUT_URL = WEBROOT + '/auth/logout/' -# LOGIN_REDIRECT_URL can be used as an alternative for -# HORIZON_CONFIG.user_home, if user_home is not set. -# Do not set it to '/home/', as this will cause circular redirect loop -LOGIN_REDIRECT_URL = WEBROOT - -MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media')) -MEDIA_URL = '/media/' -STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static')) -STATIC_URL = '/static/' -ADMIN_MEDIA_PREFIX = '/static/admin/' - -ROOT_URLCONF = 'openstack_dashboard.urls' - -HORIZON_CONFIG = { - 'dashboards': ('project', 'admin', 'settings',), - 'default_dashboard': 'project', - 'user_home': 'openstack_dashboard.views.get_user_home', - 'ajax_queue_limit': 10, - 'auto_fade_alerts': { - 'delay': 3000, - 'fade_duration': 1500, - 'types': ['alert-success', 'alert-info'] - }, - 'help_url': "http://docs.openstack.org", - 'exceptions': {'recoverable': exceptions.RECOVERABLE, - 'not_found': exceptions.NOT_FOUND, - 'unauthorized': exceptions.UNAUTHORIZED}, -} - -# Set to True to allow users to upload images to glance via Horizon server. -# When enabled, a file form field will appear on the create image form. -# See documentation for deployment considerations. -HORIZON_IMAGES_ALLOW_UPLOAD = True - -MIDDLEWARE_CLASSES = ( - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'horizon.middleware.HorizonMiddleware', - 'django.middleware.doc.XViewMiddleware', - 'django.middleware.locale.LocaleMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', -) - -TEMPLATE_CONTEXT_PROCESSORS = ( - 'django.core.context_processors.debug', - 'django.core.context_processors.i18n', - 'django.core.context_processors.request', - 'django.core.context_processors.media', - 'django.core.context_processors.static', - 'django.contrib.messages.context_processors.messages', - 'horizon.context_processors.horizon', - 'openstack_dashboard.context_processors.openstack', -) - -TEMPLATE_LOADERS = ( - 'django.template.loaders.filesystem.Loader', - 'django.template.loaders.app_directories.Loader', - 'horizon.loaders.TemplateLoader' -) - -TEMPLATE_DIRS = ( - os.path.join(ROOT_PATH, 'templates'), -) - -STATICFILES_FINDERS = ( - 'compressor.finders.CompressorFinder', - 'django.contrib.staticfiles.finders.AppDirectoriesFinder', -) - -less_binary = os.path.join(BIN_DIR, 'lessc') -COMPRESS_PRECOMPILERS = ( - ('text/less', (less_binary + ' {infile} {outfile}')), -) - -COMPRESS_CSS_FILTERS = ( - 'compressor.filters.css_default.CssAbsoluteFilter', -) - -COMPRESS_ENABLED = True -COMPRESS_OUTPUT_DIR = 'dashboard' -COMPRESS_CSS_HASHING_METHOD = 'hash' -COMPRESS_PARSER = 'compressor.parser.HtmlParser' -COMPRESS_OFFLINE = True - -INSTALLED_APPS = ( - 'openstack_dashboard', - 'django.contrib.contenttypes', - 'django.contrib.auth', - 'django.contrib.sessions', - 'django.contrib.messages', - 'django.contrib.staticfiles', - 'django.contrib.humanize', - 'compressor', - 'horizon', - 'openstack_dashboard.dashboards.project', - 'openstack_dashboard.dashboards.admin', - 'openstack_dashboard.dashboards.settings', - 'openstack_auth', - 'horizon.facebook', -) - -TEST_RUNNER = 'django_nose.NoseTestSuiteRunner' -AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend', - 'horizon.facebook.backend.FacebookBackend') -AUTH_PROFILE_MODULE = 'horizon.facebook.FacebookProfile' - -MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' - -SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' -SESSION_COOKIE_HTTPONLY = True -SESSION_EXPIRE_AT_BROWSER_CLOSE = True -SESSION_COOKIE_SECURE = False - -gettext_noop = lambda s: s -LANGUAGES = ( - ('bg', gettext_noop('Bulgarian (Bulgaria)')), - ('cs', gettext_noop('Czech')), - ('en', gettext_noop('English')), - ('es', gettext_noop('Spanish')), - ('fr', gettext_noop('French')), - ('it', gettext_noop('Italiano')), - ('ja', gettext_noop('Japanese')), - ('ko', gettext_noop('Korean (Korea)')), - ('nl', gettext_noop('Dutch (Netherlands)')), - ('pl', gettext_noop('Polish')), - ('pt', gettext_noop('Portuguese')), - ('pt-br', gettext_noop('Portuguese (Brazil)')), - ('zh-cn', gettext_noop('Simplified Chinese')), - ('zh-tw', gettext_noop('Traditional Chinese')), -) -LANGUAGE_CODE = 'en' -USE_I18N = True -USE_L10N = True -USE_TZ = True - -DEFAULT_EXCEPTION_REPORTER_FILTER = 'horizon.exceptions.HorizonReporterFilter' - -try: - from local.local_settings import * -except ImportError: - logging.warning("No local_settings file found.") - -# Add HORIZON_CONFIG to the context information for offline compression -COMPRESS_OFFLINE_CONTEXT = { - 'STATIC_URL': STATIC_URL, - 'HORIZON_CONFIG': HORIZON_CONFIG -} - -if DEBUG: - logging.basicConfig(level=logging.DEBUG) - - -# Deprecation for Essex/Folsom dashboard names; remove this code in H. -_renames = ( - ('horizon.dashboards.nova', 'openstack_dashboard.dashboards.project'), - ('horizon.dashboards.syspanel', 'openstack_dashboard.dashboards.admin'), - ('horizon.dashboards.settings', 'openstack_dashboard.dashboards.settings') -) - -INSTALLED_APPS = list(INSTALLED_APPS) -_dashboards = list(HORIZON_CONFIG['dashboards']) - -for old, new in _renames: - if old in INSTALLED_APPS: - warnings.warn('The "%s" package is deprecated. Please update your ' - 'INSTALLED_APPS setting to use the new "%s" package.\n' - % (old, new), Warning) - INSTALLED_APPS[INSTALLED_APPS.index(old)] = new - _old_name = old.split(".")[-1] - if _old_name in HORIZON_CONFIG['dashboards'] and _old_name != "settings": - _new_name = new.split(".")[-1] - warnings.warn('The "%s" dashboard name is deprecated. Please update ' - 'your HORIZON_CONFIG["dashboards"] setting to use the ' - 'new "%s" dashboard name.\n' % (_old_name, _new_name), - Warning) - _dashboards[_dashboards.index(_old_name)] = _new_name -HORIZON_CONFIG['dashboards'] = _dashboards diff --git a/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py.folsom b/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py.folsom deleted file mode 100644 index dda8f56..0000000 --- a/files/usr/share/openstack-dashboard/openstack_dashboard/settings.py.folsom +++ /dev/null @@ -1,176 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Copyright 2012 Nebula, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import logging -import os -import sys - -from openstack_dashboard import exceptions - -ROOT_PATH = os.path.dirname(os.path.abspath(__file__)) -BIN_DIR = '/usr/bin' - -if ROOT_PATH not in sys.path: - sys.path.append(ROOT_PATH) - -DEBUG = False -TEMPLATE_DEBUG = DEBUG - -SITE_BRANDING = 'OpenStack Dashboard' - -WEBROOT='/dashboard' -LOGIN_URL = WEBROOT+'/auth/login/' -LOGOUT_URL = WEBROOT+'/auth/logout/' -# LOGIN_REDIRECT_URL can be used as an alternative for -# HORIZON_CONFIG.user_home, if user_home is not set. -# Do not set it to '/home/', as this will cause circular redirect loop -LOGIN_REDIRECT_URL = WEBROOT - -MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media')) -MEDIA_URL = '/media/' -STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static')) -STATIC_URL = '/static/' -ADMIN_MEDIA_PREFIX = '/static/admin/' - -ROOT_URLCONF = 'openstack_dashboard.urls' - -HORIZON_CONFIG = { - 'dashboards': ('nova', 'syspanel', 'settings',), - 'default_dashboard': 'nova', - 'user_home': 'horizon.views.base.get_user_home', - 'ajax_queue_limit': 10, - 'help_url': "http://docs.openstack.org", - 'exceptions': {'recoverable': exceptions.RECOVERABLE, - 'not_found': exceptions.NOT_FOUND, - 'unauthorized': exceptions.UNAUTHORIZED}, -} - -MIDDLEWARE_CLASSES = ( - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'horizon.middleware.HorizonMiddleware', - 'django.middleware.doc.XViewMiddleware', - 'django.middleware.locale.LocaleMiddleware', -) - -TEMPLATE_CONTEXT_PROCESSORS = ( - 'django.core.context_processors.debug', - 'django.core.context_processors.i18n', - 'django.core.context_processors.request', - 'django.core.context_processors.media', - 'django.core.context_processors.static', - 'django.contrib.messages.context_processors.messages', - 'horizon.context_processors.horizon', -) - -TEMPLATE_LOADERS = ( - 'django.template.loaders.filesystem.Loader', - 'django.template.loaders.app_directories.Loader', - 'horizon.loaders.TemplateLoader' -) - -TEMPLATE_DIRS = ( - os.path.join(ROOT_PATH, 'templates'), -) - -STATICFILES_FINDERS = ( - 'compressor.finders.CompressorFinder', - 'django.contrib.staticfiles.finders.AppDirectoriesFinder', -) - -less_binary = os.path.join(BIN_DIR, 'lessc') -COMPRESS_PRECOMPILERS = ( - ('text/less', (less_binary + ' {infile} {outfile}')), -) - -COMPRESS_CSS_FILTERS = ( - 'compressor.filters.css_default.CssAbsoluteFilter', -) - -COMPRESS_ENABLED = True -COMPRESS_OUTPUT_DIR = 'dashboard' -COMPRESS_CSS_HASHING_METHOD = 'hash' -COMPRESS_PARSER = 'compressor.parser.HtmlParser' -COMPRESS_OFFLINE = True - -INSTALLED_APPS = ( - 'openstack_dashboard', - 'django.contrib.contenttypes', - 'django.contrib.auth', - 'django.contrib.sessions', - 'django.contrib.messages', - 'django.contrib.staticfiles', - 'django.contrib.humanize', - 'compressor', - 'horizon', - 'horizon.dashboards.nova', - 'horizon.dashboards.syspanel', - 'horizon.dashboards.settings', - 'openstack_auth', - 'horizon.facebook', -) - -TEST_RUNNER = 'django_nose.NoseTestSuiteRunner' -AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend', - 'horizon.facebook.backend.FacebookBackend') -AUTH_PROFILE_MODULE = 'horizon.facebook.FacebookProfile' -MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' - -SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' -SESSION_COOKIE_HTTPONLY = True -SESSION_EXPIRE_AT_BROWSER_CLOSE = True -SESSION_COOKIE_SECURE = False - -gettext_noop = lambda s: s -LANGUAGES = ( - ('bg', gettext_noop('Bulgarian (Bulgaria)')), - ('cs', gettext_noop('Czech')), - ('en', gettext_noop('English')), - ('es', gettext_noop('Spanish')), - ('fr', gettext_noop('French')), - ('it', gettext_noop('Italiano')), - ('ja', gettext_noop('Japanese')), - ('ko', gettext_noop('Korean (Korea)')), - ('nl', gettext_noop('Dutch (Netherlands)')), - ('pl', gettext_noop('Polish')), - ('pt', gettext_noop('Portuguese')), - ('pt-br', gettext_noop('Portuguese (Brazil)')), - ('zh-cn', gettext_noop('Simplified Chinese')), - ('zh-tw', gettext_noop('Traditional Chinese')), -) -LANGUAGE_CODE = 'en' -USE_I18N = True -USE_L10N = True -USE_TZ = True - -OPENSTACK_KEYSTONE_DEFAULT_ROLE = 'Member' - -DEFAULT_EXCEPTION_REPORTER_FILTER = 'horizon.exceptions.HorizonReporterFilter' - -try: - from local.local_settings import * -except ImportError: - logging.warning("No local_settings file found.") - -if DEBUG: - logging.basicConfig(level=logging.DEBUG) diff --git a/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py b/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py deleted file mode 100644 index 06587a6..0000000 --- a/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py +++ /dev/null @@ -1,51 +0,0 @@ -# Copyright 2012 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Copyright 2012 Nebula, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -""" -URL patterns for the OpenStack Dashboard. -""" - -from django.conf import settings -from django.conf.urls import include # noqa -from django.conf.urls import patterns -from django.conf.urls.static import static # noqa -from django.conf.urls import url -from django.contrib.staticfiles.urls import staticfiles_urlpatterns # noqa - -import horizon - - -urlpatterns = patterns('', - url(r'^$', 'openstack_dashboard.views.splash', name='splash'), - url(r'^auth/', include('openstack_auth.urls')), - url(r'^facebook/', include('horizon.facebook.urls')), - url(r'', include(horizon.urls)) -) - -# Development static app and project media serving using the staticfiles app. -urlpatterns += staticfiles_urlpatterns() - -# Convenience function for serving user-uploaded media during -# development. Only active if DEBUG==True and the URL prefix is a local -# path. Production media should NOT be served by Django. -urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) - -if settings.DEBUG: - urlpatterns += patterns('', - url(r'^500/$', 'django.views.defaults.server_error') - ) diff --git a/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py.folsom b/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py.folsom deleted file mode 100644 index 6af0d41..0000000 --- a/files/usr/share/openstack-dashboard/openstack_dashboard/urls.py.folsom +++ /dev/null @@ -1,51 +0,0 @@ -# vim: tabstop=4 shiftwidth=4 softtabstop=4 - -# Copyright 2012 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Copyright 2012 Nebula, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -""" -URL patterns for the OpenStack Dashboard. -""" - -from django.conf.urls.defaults import patterns, url, include -from django.conf.urls.static import static -from django.conf import settings -from django.contrib.staticfiles.urls import staticfiles_urlpatterns - -import horizon - - -urlpatterns = patterns('', - url(r'^$', 'horizon.views.splash', name='splash'), - url(r'^auth/', include('openstack_auth.urls')), - url(r'^facebook/login$', 'horizon.facebook.views.login'), - url(r'^facebook/authentication_callback$', 'horizon.facebook.views.authentication_callback'), - url(r'', include(horizon.urls))) - -# Development static app and project media serving using the staticfiles app. -urlpatterns += staticfiles_urlpatterns() - -# Convenience function for serving user-uploaded media during -# development. Only active if DEBUG==True and the URL prefix is a local -# path. Production media should NOT be served by Django. -urlpatterns += static(settings.MEDIA_URL, document_root=settings.MEDIA_ROOT) - -if settings.DEBUG: - urlpatterns += patterns('', - url(r'^500/$', 'django.views.defaults.server_error') - ) diff --git a/manifests/compute.pp b/manifests/compute.pp new file mode 100644 index 0000000..26f29b8 --- /dev/null +++ b/manifests/compute.pp @@ -0,0 +1,75 @@ +class trystack::compute { + + if $private_ip == '' { fail('private_ip is empty') } + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $amqp_ip == '' { fail('mysql_ip is empty') } + + if $admin_password == '' { fail('admin_password is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $neutron_user_password == '' { fail('nova_user_password is empty') } + if $neutron_db_password == '' { fail('nova_db_password is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + class { "quickstack::neutron::compute": + auth_host => $private_ip, + glance_host => $private_ip, + libvirt_images_rbd_pool => 'volumes', + libvirt_images_rbd_ceph_conf => '/etc/ceph/ceph.conf', + libvirt_inject_password => 'false', + libvirt_inject_key => 'false', + libvirt_images_type => 'rbd', + nova_host => $private_ip, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + private_network => '', + private_iface => '', + private_ip => '', + rbd_user => 'volumes', + rbd_secret_uuid => '', + network_device_mtu => $quickstack::params::network_device_mtu, + + admin_password => $admin_password, + ssl => false, + + mysql_host => $mysql_ip, + mysql_ca => $quickstack::params::mysql_ca, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + ceilometer => 'true', + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + + agent_type => 'ovs', + enable_tunneling => true, + + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + neutron_host => $private_ip, + + #ovs_bridge_mappings = $quickstack::params::ovs_bridge_mappings, + #ovs_bridge_uplinks = $quickstack::params::ovs_bridge_uplinks, + #ovs_vlan_ranges = $quickstack::params::ovs_vlan_ranges, + ovs_tunnel_iface => 'em1', + ovs_tunnel_network => '', + ovs_l2_population => 'True', + + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + #ovs_vxlan_udp_port = $quickstack::params::ovs_vxlan_udp_port, + ovs_tunnel_types => ['vxlan'], + + verbose => $quickstack::params::verbose, + security_group_api => 'neutron', + + } +} diff --git a/manifests/compute/ceilometer_ts.pp b/manifests/compute/ceilometer_ts.pp deleted file mode 100644 index e7c2dc9..0000000 --- a/manifests/compute/ceilometer_ts.pp +++ /dev/null @@ -1,29 +0,0 @@ -class trystack::compute::ceilometer_ts () { - - if $private_ip == '' { fail('private_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_metering_secret is empty') } - - ceilometer_config{ - 'service_credentials/os_endpoint_type': value => 'internalUrl'; - } - - class { 'ceilometer': - metering_secret => "$ceilometer_metering_secret", - verbose => true, - debug => false, - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - # require => Package['nova-common'], - } - - class { 'ceilometer::agent::auth': - auth_url => "http://${private_ip}:35357/v2.0", - auth_password => "$ceilometer_user_password", - } - - class { 'ceilometer::agent::compute': } -} diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp deleted file mode 100644 index a0a1712..0000000 --- a/manifests/compute/libvirt.pp +++ /dev/null @@ -1,199 +0,0 @@ -# == Class: nova::compute::libvirt -# -# Install and manage nova-compute guests managed -# by libvirt -# -# === Parameters: -# -# [*libvirt_virt_type*] -# (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen -# Replaces libvirt_type -# Defaults to 'kvm' -# -# [*vncserver_listen*] -# (optional) IP address on which instance vncservers should listen -# Defaults to '127.0.0.1' -# -# [*migration_support*] -# (optional) Whether to support virtual machine migration -# Defaults to false -# -# [*libvirt_cpu_mode*] -# (optional) The libvirt CPU mode to configure. Possible values -# include custom, host-model, None, host-passthrough. -# Defaults to 'host-model' if libvirt_virt_type is set to either -# kvm or qemu, otherwise defaults to 'None'. -# -# [*libvirt_disk_cachemodes*] -# (optional) A list of cachemodes for different disk types, e.g. -# ["file=directsync", "block=none"] -# If an empty list is specified, the disk_cachemodes directive -# will be removed from nova.conf completely. -# Defaults to an empty list -# -# [*remove_unused_base_images*] -# (optional) Should unused base images be removed? -# If undef is specified, remove the line in nova.conf -# otherwise, use a boolean to remove or not the base images. -# Defaults to undef -# -# [*remove_unused_kernels*] -# (optional) Should unused kernel images be removed? -# This is only safe to enable if all compute nodes -# have been updated to support this option. -# If undef is specified, remove the line in nova.conf -# otherwise, use a boolean to remove or not the kernels. -# Defaults to undef -# -# [*remove_unused_resized_minimum_age_seconds*] -# (optional) Unused resized base images younger -# than this will not be removed -# If undef is specified, remove the line in nova.conf -# otherwise, use a integer or a string to define after -# how many seconds it will be removed. -# Defaults to undef -# -# [*remove_unused_original_minimum_age_seconds*] -# (optional) Unused unresized base images younger -# than this will not be removed -# If undef is specified, remove the line in nova.conf -# otherwise, use a integer or a string to define after -# how many seconds it will be removed. -# Defaults to undef -# - -class nova::compute::libvirt ( - $libvirt_virt_type = 'kvm', - $vncserver_listen = '127.0.0.1', - $migration_support = false, - $libvirt_cpu_mode = false, - $libvirt_disk_cachemodes = [], - $remove_unused_base_images = undef, - $remove_unused_kernels = undef, - $remove_unused_resized_minimum_age_seconds = undef, - $remove_unused_original_minimum_age_seconds = undef, - # DEPRECATED PARAMETER - $libvirt_type = false -) { - - include nova::params - - Service['libvirt'] -> Service['nova-compute'] - - if $libvirt_type { - warning ('The libvirt_type parameter is deprecated, use libvirt_virt_type instead.') - $libvirt_virt_type_real = $libvirt_type - } else { - $libvirt_virt_type_real = $libvirt_virt_type - } - - # libvirt_cpu_mode has different defaults depending on hypervisor. - if !$libvirt_cpu_mode { - case $libvirt_virt_type_real { - 'kvm','qemu': { - $libvirt_cpu_mode_real = 'host-model' - } - default: { - $libvirt_cpu_mode_real = 'None' - } - } - } else { - $libvirt_cpu_mode_real = $libvirt_cpu_mode - } - - if($::osfamily == 'Debian') { - package { "nova-compute-${libvirt_virt_type_real}": - ensure => present, - before => Package['nova-compute'], - require => Package['nova-common'], - } - } - - if($::osfamily == 'RedHat' and $::operatingsystem != 'Fedora') { - service { 'messagebus': - ensure => running, - enable => true, - provider => $::nova::params::special_service_provider, - } - Package['libvirt'] -> Service['messagebus'] -> Service['libvirt'] - - } - - if $migration_support { - if $vncserver_listen != '0.0.0.0' { - fail('For migration support to work, you MUST set vncserver_listen to \'0.0.0.0\'') - } else { - class { 'nova::migration::libvirt': } - } - } - - package { 'libvirt': - ensure => present, - name => $::nova::params::libvirt_package_name, - } - - service { 'libvirt' : - ensure => running, - enable => true, - name => $::nova::params::libvirt_service_name, - provider => $::nova::params::special_service_provider, - require => Package['libvirt'], - } - - nova_config { - 'DEFAULT/compute_driver': value => 'nova.virt.libvirt.LibvirtDriver'; - 'DEFAULT/vncserver_listen': value => $vncserver_listen; - 'libvirt/virt_type': value => $libvirt_virt_type_real; - 'libvirt/cpu_mode': value => $libvirt_cpu_mode_real; - } - - if size($libvirt_disk_cachemodes) > 0 { - nova_config { - 'libvirt/disk_cachemodes': value => join($libvirt_disk_cachemodes, ','); - } - } else { - nova_config { - 'libvirt/disk_cachemodes': ensure => absent; - } - } - - if $remove_unused_kernels != undef { - nova_config { - 'libvirt/remove_unused_kernels': value => $remove_unused_kernels; - } - } else { - nova_config { - 'libvirt/remove_unused_kernels': ensure => absent; - } - } - - if $remove_unused_resized_minimum_age_seconds != undef { - nova_config { - 'libvirt/remove_unused_resized_minimum_age_seconds': value => $remove_unused_resized_minimum_age_seconds; - } - } else { - nova_config { - 'libvirt/remove_unused_resized_minimum_age_seconds': ensure => absent; - } - } - - if $remove_unused_base_images != undef { - nova_config { - 'DEFAULT/remove_unused_base_images': value => $remove_unused_base_images; - } - } else { - nova_config { - 'DEFAULT/remove_unused_base_images': ensure => absent; - } - } - - if $remove_unused_original_minimum_age_seconds != undef { - nova_config { - 'DEFAULT/remove_unused_original_minimum_age_seconds': value => $remove_unused_original_minimum_age_seconds; - } - } else { - nova_config { - 'DEFAULT/remove_unused_original_minimum_age_seconds': ensure => absent; - } - } -} diff --git a/manifests/compute/neutron_ts.pp b/manifests/compute/neutron_ts.pp deleted file mode 100644 index 49702e2..0000000 --- a/manifests/compute/neutron_ts.pp +++ /dev/null @@ -1,79 +0,0 @@ -class trystack::compute::neutron_ts () { - - # Remove DVR - package { "openstack-neutron-ml2": ensure => absent, } - - - if $private_ip == '' { fail('private_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - - $neutron_sql_connection = "mysql://neutron:${neutron_db_password}@${mysql_ip}/ovs_neutron" - - neutron_config{ - "DEFAULT/nova_url": value => "http://${private_ip}:8774/v2"; - "DEFAULT/router_distributed": value => "False"; #DVR = True - } - - class { 'neutron': - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_user => 'guest', - rabbit_password => 'guest', - core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - allow_overlapping_ips => true, - service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin', - 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin', - 'neutron.services.metering.metering_plugin.MeteringPlugin', - 'neutron.services.firewall.fwaas_plugin.FirewallPlugin'], - verbose => true, - debug => false, - } - - packstack::firewall {'neutron_tunnel': - host => 'ALL', - service_name => 'neutron tunnel port', - chain => 'INPUT', - ports => '4789', - proto => 'udp', - } - - - class { 'neutron::agents::ml2::ovs': - bridge_mappings => [], - enable_tunneling => true, - tunnel_types => ['vxlan'], - local_ip => $::ipaddress_em1, - vxlan_udp_port => 4789, - l2_population => false, - } - - file { 'ovs_neutron_plugin.ini': - path => '/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini', - owner => 'root', - group => 'neutron', - before => Service['ovs-cleanup-service'], - #require => Package['neutron-plugin-ovs'], - #require => Class['neutron::agents::ml2::ovs'], - } - - #class { 'packstack::neutron::bridge': } - - class {"nova::network::neutron": - neutron_admin_password => "$neutron_user_password", - neutron_auth_strategy => "keystone", - neutron_url => "http://$neutron_ip:9696", - neutron_admin_tenant_name => "services", - neutron_admin_auth_url => "http://$private_ip:35357/v2.0", - #vif_plugging_is_fatal => false, - #vif_plugging_timeout => '10', - } - - class {"nova::compute::neutron": - libvirt_vif_driver => "nova.virt.libvirt.vif.LibvirtGenericVIFDriver", - #libvirt_vif_driver => "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver", - } -} diff --git a/manifests/compute/nova_base.pp b/manifests/compute/nova_base.pp deleted file mode 100644 index 9902370..0000000 --- a/manifests/compute/nova_base.pp +++ /dev/null @@ -1,61 +0,0 @@ -class trystack::compute::nova_base() { - - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $public_fqdn == '' { fail('public_fqdn is empty') } - - include trystack::compute::neutron_ts - include trystack::compute::ceilometer_ts - - package{'python-cinderclient': - before => Class["nova"] - } - - nova_config{ - "DEFAULT/volume_api_class": value => "nova.volume.cinder.API"; - "DEFAULT/cinder_catalog_info": value => "volume:cinder:internalURL"; - "DEFAULT/metadata_host": value => "$private_ip"; - "DEFAULT/sql_connection": value => "mysql://nova@$mysql_ip/nova"; - } - - class {"nova::compute": - enabled => true, - vncproxy_protocol => 'http', - vncproxy_host => "$public_fqdn", - vncserver_proxyclient_address => "$::ipaddress_em1", - } - - packstack::firewall {'nova_compute': - host => "$private_ip", - service_name => 'nova compute', - chain => 'INPUT', - ports => ['5900-5999'], - proto => 'tcp', - } - - - # if fqdn is not set correctly we have to tell compute agent which host it should query - if !$::fqdn or $::fqdn != $::hostname { - ceilometer_config { - 'DEFAULT/host': value => $::hostname - } - } - - # Ensure Firewall changes happen before nova services start - # preventing a clash with rules being set by nova-compute and nova-network - Firewall <| |> -> Class['nova'] - - class {"nova": - glance_api_servers => "$private_ip:9292", - verbose => false, - debug => false, - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - #nova_public_key => $public_key, - #nova_private_key => $private_key, - #nova_shell => '/bin/bash', - } -} diff --git a/manifests/compute/nova_docker.pp b/manifests/compute/nova_docker.pp deleted file mode 100644 index a3217ab..0000000 --- a/manifests/compute/nova_docker.pp +++ /dev/null @@ -1,8 +0,0 @@ -class trystack::compute::nova_docker() inherits trystack::compute::nova_base { - - nova_config{ - "DEFAULT/compute_driver": value => "novadocker.virt.docker.DockerDriver"; - } - - -} diff --git a/manifests/compute/nova_libvirt.pp b/manifests/compute/nova_libvirt.pp deleted file mode 100644 index 6a31c76..0000000 --- a/manifests/compute/nova_libvirt.pp +++ /dev/null @@ -1,68 +0,0 @@ -class trystack::compute::nova_libvirt() inherits trystack::compute::nova_base { - - # Ensure Firewall changes happen before libvirt service start - # preventing a clash with rules being set by libvirt - Firewall <| |> -> Class['nova::compute::libvirt'] - - nova_config{ - # "DEFAULT/libvirt_inject_partition": value => "-1"; - "libvirt/inject_partition": value => "-1"; - } - - package { 'qemu-kvm': - ensure => "installed", - require => Class['nova::compute::libvirt'] - } - - class { 'nova::compute::libvirt': - libvirt_type => "kvm", - #vncserver_listen => "$::ipaddress_em1", - vncserver_listen => "0.0.0.0", - migration_support => true, - } - - #exec {'load_kvm': - # user => 'root', - # command => '/bin/sh /etc/sysconfig/modules/kvm.modules', - # unless => '/usr/bin/test -e /etc/sysconfig/modules/kvm.modules', - #} - - #Class['nova::compute']-> Exec["load_kvm"] - - # Tune the host with a virtual hosts profile - package {'tuned': - ensure => present, - } - - service {'tuned': - ensure => running, - require => Package['tuned'], - } - - exec {'tuned-virtual-host': - unless => '/usr/sbin/tuned-adm active | /bin/grep virtual-host', - command => '/usr/sbin/tuned-adm profile virtual-host', - require => Service['tuned'], - } - - file_line { 'libvirt-guests': - path => '/etc/sysconfig/libvirt-guests', - line => 'ON_BOOT=ignore', - match => '^[\s#]*ON_BOOT=.*', - require => Class['nova::compute::libvirt'] - } - - # Remove libvirt's default network (usually virbr0) as it's unnecessary and can be confusing - exec {'virsh-net-destroy-default': - onlyif => '/usr/bin/virsh net-list | grep default', - command => '/usr/bin/virsh net-destroy default', - require => Package['libvirt'], - } - - exec {'virsh-net-undefine-default': - onlyif => '/usr/bin/virsh net-list --inactive | grep default', - command => '/usr/bin/virsh net-undefine default', - require => Exec['virsh-net-destroy-default'], - } - -} diff --git a/manifests/control.pp b/manifests/control.pp deleted file mode 100644 index c63a412..0000000 --- a/manifests/control.pp +++ /dev/null @@ -1,55 +0,0 @@ -class trystack::control() { - - #include '::ntp' - # _ts (trystack) suffix is to workaround naming conflics - class { "trystack::control::amqp": } - class { "trystack::control::mysql": } - class { "trystack::control::mongodb": } - class { "trystack::control::memcache": } - - class { "trystack::control::keystone_ts": - require => [Service["mysqld"], - Class["trystack::control::memcache"]], - } - class { "trystack::control::nova_ts": - require => [Service["mysqld"], Service['rabbitmq-server']] - } - class { "trystack::control::glance": - require => [Service["mysqld"], Service['rabbitmq-server']] - } - #class { "trystack::control::neutron_ts": - # require => [Service["mysqld"], Service['rabbitmq-server']] - #} - class { "trystack::control::horizon_ts": - require => [Service["mysqld"], - Class["trystack::control::memcache"]], - } - class { "trystack::facebook": - require => Class["trystack::control::horizon_ts"], - } - class { "trystack::control::cinder_ts": - require => [Service["mysqld"], Service['rabbitmq-server'], - Class["trystack::control::keystone_ts"]] - } - class { "trystack::control::ceilometer_ts": - require => [Class["trystack::control::mongodb"], - Class['trystack::control::amqp'], - Class["trystack::control::keystone_ts"]] - } - class { "trystack::swift::proxy_ts": } - class { "trystack::control::heat_ts": } - - class { "trystack::control::trove_ts": - require => [Service["mysqld"], Service['rabbitmq-server']] - } - - file {'/etc/cron.hourly/trystack_cleanup.sh': - mode => "700", - content => template('trystack/cron.hourly-trystack-cleanup.sh.erb'), - } - file {'/etc/cron.daily/trystack_cleanup.sh': - mode => "700", - content => template('trystack/cron.daily-trystack-cleanup.sh.erb'), - } -} - diff --git a/manifests/control/amqp.pp b/manifests/control/amqp.pp deleted file mode 100644 index 629b016..0000000 --- a/manifests/control/amqp.pp +++ /dev/null @@ -1,29 +0,0 @@ -class trystack::control::amqp { - - package {["erlang", "perl-Nagios-Plugin"]: - ensure => "installed" - } - - class {"rabbitmq": - port => '5672', - ssl_management_port => '5671', - ssl => false, - ssl_cert => '', - ssl_key => '', - default_user => 'guest', - default_pass => 'guest', - package_provider => 'yum', - admin_enable => false, - #config_variables => {"loopback_users" => "[]",}, - } - - Package['erlang']->Class['rabbitmq'] - - packstack::firewall {'amqp': - host => '10.100.0.0/24', - service_name => 'amqp', - chain => 'INPUT', - ports => ['5671', '5672'], - proto => 'tcp', - } -} diff --git a/manifests/control/ceilometer_ts.pp b/manifests/control/ceilometer_ts.pp deleted file mode 100644 index a937fa3..0000000 --- a/manifests/control/ceilometer_ts.pp +++ /dev/null @@ -1,45 +0,0 @@ -class trystack::control::ceilometer_ts() { - - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_metering_secret is empty') } - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - - class { 'ceilometer': - metering_secret => "$ceilometer_metering_secret", - verbose => false, - debug => false, - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - } - class { 'ceilometer::db': - database_connection => "mongodb://${private_ip}:27017/ceilometer", - } - - class { 'ceilometer::collector': } - class { 'ceilometer::agent::notification': } - class { 'ceilometer::agent::central': } - class { 'ceilometer::alarm::notifier': } - class { 'ceilometer::alarm::evaluator': } - - - class { 'ceilometer::agent::auth': - auth_url => "http://${private_ip}:35357/v2.0", - auth_password => "$ceilometer_user_password", - } - - class { 'ceilometer::api': - keystone_host => "$private_ip", - keystone_password => "$ceilometer_user_password", - } - - packstack::firewall {'ceilometer_api': - host => 'ALL', - service_name => 'ceilometer-api', - chain => 'INPUT', - ports => '8777', - proto => 'tcp', - } -} diff --git a/manifests/control/cinder_ts.pp b/manifests/control/cinder_ts.pp deleted file mode 100644 index 9ab18b6..0000000 --- a/manifests/control/cinder_ts.pp +++ /dev/null @@ -1,87 +0,0 @@ -class trystack::control::cinder_ts { - - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $gluster_shares == '' { fail('gluster_shares is empty') } - if $cinder_db_password == '' { fail('cinder_db_password is empty') } - if $cinder_user_password == '' { fail('cinder_user_password is empty') } - - class {'cinder': - sql_connection => "mysql://cinder:$cinder_db_password@$mysql_ip/cinder", - qpid_password => "notused", - rabbit_host => "$qpid_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - verbose => true, - debug => false, - mysql_module => '2.2', - } - - cinder_config { - # 'DEFAULT/notification_driver': value => 'cinder.openstack.common.notifier.rpc_notifier'; - "DEFAULT/glance_host": value => "$private_ip"; - "DEFAULT/secure_delete": value => "false"; - "DEFAULT/quota_gigabytes": value => "3"; - "DEFAULT/quota_volumes": value => "3"; - #"DEFAULT/glusterfs_sparsed_volumes": value => "true"; - "DEFAULT/glusterfs_qcow2_volumes": value => "true"; - "DEFAULT/memcache_servers": value => "10.100.0.3:11211"; - } - - #package {'python-keystone': - # notify => Class['cinder::api'], - #} - - class {'cinder::api': - bind_host => $::ipaddress_em1, - keystone_password => "$cinder_user_password", - keystone_tenant => "services", - keystone_user => "cinder", - keystone_auth_host => "$private_ip", - } - - class {'cinder::scheduler': } - class {'cinder::volume': } - class {'cinder::ceilometer': } - class {'cinder::backup': } - - #class {'cinder::volume::iscsi': - # iscsi_ip_address => "$private_ip", - #} - - class {'cinder::backup::swift': - backup_swift_url => "http://${public_ip}:8080/v1/AUTH_" - } - - Class['cinder::api'] ~> Service['cinder-backup'] - - package{'glusterfs-fuse': - ensure => present, - } - - class { 'cinder::volume::glusterfs': - glusterfs_shares => [$gluster_shares], - require => Package['glusterfs-fuse'], - } - - - packstack::firewall {'cinder': - host => '10.100.0.0/24', - service_name => 'cinder', - chain => 'INPUT', - ports => ['3260'], - proto => 'tcp', - } - - packstack::firewall {'cinder_API': - host => 'ALL', - service_name => 'cinder-api', - chain => 'INPUT', - ports => ['8776'], - proto => 'tcp', - } - -} diff --git a/manifests/control/glance.pp b/manifests/control/glance.pp deleted file mode 100644 index 7b30b40..0000000 --- a/manifests/control/glance.pp +++ /dev/null @@ -1,62 +0,0 @@ -class trystack::control::glance() { - - if $private_ip == '' { fail('private_ip is empty') } - if $amqp_ip == '' { fail('$amqp_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $glance_user_password == '' { fail('glance_user_password is empty') } - if $glance_db_password == '' { fail('glance_db_password is empty') } - - class {"glance::config": - api_config => { 'DEFAULT/container_format' => { value => 'ami,ari,aki,bare,ovf,ova,docker', }, }, - } - - class {"glance::api": - bind_host => $::ipaddress_em1, - auth_host => "$private_ip", - auth_url => "http://$private_ip:5000/", - registry_host => "$private_ip", - keystone_tenant => "services", - keystone_user => "glance", - keystone_password => "$glance_user_password", - pipeline => 'keystone', - sql_connection => "mysql://glance:$glance_db_password@$mysql_ip/glance", - verbose => true, - debug => false, - mysql_module => '2.2', - } - - class { 'glance::backend::file': } - - class {"glance::registry": - bind_host => $::ipaddress_em1, - auth_host => "$private_ip", - keystone_tenant => "services", - keystone_user => "glance", - keystone_password => "$glance_user_password", - sql_connection => "mysql://glance:$glance_db_password@$mysql_ip/glance", - verbose => true, - debug => false, - mysql_module => '2.2', - } - - class { 'glance::notify::rabbitmq': - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_use_ssl => false, - rabbit_userid => 'guest', - rabbit_password => 'guest', - } - - # Create firewall rules to allow only the FIREWALL_ALLOWED - # hosts that need to connect via FIREWALL_PORTS - # using FIREWALL_CHAIN - - packstack::firewall {'glance_API': - host => 'ALL', - service_name => 'glance', - chain => 'INPUT', - ports => '9292', - proto => 'tcp', - } - -} diff --git a/manifests/control/heat_ts.pp b/manifests/control/heat_ts.pp deleted file mode 100644 index 964088e..0000000 --- a/manifests/control/heat_ts.pp +++ /dev/null @@ -1,73 +0,0 @@ -class trystack::control::heat_ts() { - - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $admin_password == '' { fail('admin_password is empty') } - if $heat_user_password == '' { fail('heat_user_password is empty') } - if $heat_db_password == '' { fail('heat_db_password is empty') } - if $heat_domain_password == '' { fail('heat_domain_password is empty') } - if $heat_auth_encryption_key == '' { fail('heat_auth_encryption_key is empty') } - - class { 'heat': - keystone_host => $private_ip, - keystone_password => $heat_user_password, - auth_uri => "http://${private_ip}:35357/v2.0", - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - verbose => false, - debug => false, - sql_connection => "mysql://heat:$heat_db_password@$mysql_ip/heat", - } - - class { 'heat::api': } - - class { 'heat::engine': - heat_metadata_server_url => "http://${public_ip}:8000", - heat_waitcondition_server_url => "http://${public_ip}:8000/v1/waitcondition", - heat_watch_server_url => "http://${public_ip}:8003", - auth_encryption_key => "${heat_auth_encryption_key}", - } - - class { 'heat::keystone::domain': - auth_url => "http://${private_ip}:35357/v2.0", - keystone_admin => 'admin', - keystone_password => $admin_password, - keystone_tenant => 'admin', - domain_name => 'heat', - domain_admin => 'heat_admin', - domain_password => $heat_domain_password, - } - - heat_config { - 'DEFAULT/deferred_auth_method' : value => 'trusts'; - 'DEFAULT/trusts_delegated_roles' : value => 'heat_stack_owner'; - } - - #keystone_user_role { 'admin@admin': - # ensure => present, - # roles => ['admin', '_member_', 'heat_stack_owner'], - #} - - class { 'heat::api_cfn': } - - packstack::firewall {'heat_cfn': - host => 'ALL', - service_name => 'heat_cfn', - chain => 'INPUT', - ports => '8000', - proto => 'tcp', - } - - packstack::firewall {'heat': - host => 'ALL', - service_name => 'heat', - chain => 'INPUT', - ports => '8004', - proto => 'tcp', - } -} - diff --git a/manifests/control/horizon_ts.pp b/manifests/control/horizon_ts.pp deleted file mode 100644 index 307a904..0000000 --- a/manifests/control/horizon_ts.pp +++ /dev/null @@ -1,81 +0,0 @@ -class trystack::control::horizon_ts() { - - if $public_fqdn == '' { fail('public_fqdn is empty') } - if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } - - - include concat::setup - -#$horizon_packages = ["python-memcached", "python-netaddr"] - -#package {$horizon_packages: -# notify => Class["horizon"], -# ensure => present, -#} - - class {'horizon': - servername => $public_fqdn, - secret_key => $horizon_secret_key, - keystone_host => $private_ip, - keystone_default_role => '_member_', - #fqdn => [$private_ip, "$::fqdn", 'localhost'], - # TO-DO: Parameter fqdn is used both for ALLOWED_HOSTS in settings_local.py - # and for ServerAlias directives in vhost.conf which is breaking server - # accessibility. We need ALLOWED_HOSTS values, but we have to avoid - # ServerAlias definitions. For now we will use this wildcard hack until - # puppet-horizon will have separate parameter for each config. - fqdn => '*', - can_set_mount_point => 'False', - django_debug => false ? {true => 'True', false => 'False'}, - listen_ssl => true, - horizon_cert => '/etc/pki/tls/certs/x86.trystack.org.crt', - horizon_key => '/etc/pki/tls/private/x86.trystack.org.key', - horizon_ca => '/etc/pki/tls/certs/gd_bundle-g2-g1.crt', - neutron_options => { - 'enable_lb' => true, - 'enable_firewall' => true - }, - } - - apache::listen { '443': } - - # little bit of hatred as we'll have to patch upstream puppet-horizon - file_line {'horizon_ssl_wsgi_fix': - path => '/etc/httpd/conf.d/15-horizon_ssl_vhost.conf', - match => 'WSGIProcessGroup.*', - line => ' WSGIProcessGroup horizon-ssl', - require => File['15-horizon_ssl_vhost.conf'], - notify => Service['httpd'], - } - - - firewall { "001 horizon incoming": - proto => 'tcp', - dport => ['443'], - action => 'accept', - } - - selboolean{'httpd_can_network_connect': - value => on, - persistent => true, - } - -############################ - #file {"/etc/httpd/conf.d/rootredirect.conf": - # ensure => present, - # content => "RedirectMatch ^/$ https://$public_fqdn/dashboard/", - # notify => File["/etc/httpd/conf.d/openstack-dashboard.conf"], - #} - - #class {'apache::mod::php': } - ## The apache module purges files it doesn't know about - ## avoid this be referencing them here - #file { '/etc/httpd/conf.d/nagios.conf':} - - #class {'apache::mod::ssl': } - #file {'/etc/httpd/conf.d/ssl.conf':} - ##file {'/etc/httpd/conf.d/proxy.conf':} - #file {'/etc/httpd/conf.d/ssl_redirect.conf': - # source => 'puppet:///modules/trystack/ssl_redirect.conf', - #} -} diff --git a/manifests/control/keystone_ts.pp b/manifests/control/keystone_ts.pp deleted file mode 100644 index 459c5aa..0000000 --- a/manifests/control/keystone_ts.pp +++ /dev/null @@ -1,162 +0,0 @@ -class trystack::control::keystone_ts() { - - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - if $keystone_db_password == '' { fail('keystone_db_password is empty') } - if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } - if $admin_email == '' { fail('admin_email is empty') } - if $admin_password == '' { fail('admin_password is empty') } - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $cinder_user_password == '' { fail('cinder_user_password is empty') } - if $glance_user_password == '' { fail('glance_user_password is empty') } - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $heat_user_password == '' { fail('heat_user_password is empty') } - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $swift_user_password == '' { fail('swift_user_password is empty') } - - - keystone_config{ - #"token/expiration": value => "3601"; - "token/caching": value => "true"; - "cache/enable": value => "true"; - "cache/backend": value => "dogpile.cache.memcached"; - #"cache/backend_argument": value => "url:$memcache_ip"; - "cache/memcache_servers": value => "${memcache_ip}:11211"; - } - - class {"keystone": - admin_token => "$keystone_admin_token", - sql_connection => "mysql://keystone_admin:$keystone_db_password@$mysql_ip/keystone", - token_format => "PKI", - token_driver => "keystone.token.persistence.backends.memcache.Token", - #bind_host => $::ipaddress_em1, - memcache_servers => ["${memcache_ip}:11211",], - token_expiration => 3600, - verbose => true, - debug => false, - mysql_module => '2.2', - } - - class {"keystone::roles::admin": - email => "$admin_email", - password => "$admin_password", - admin_tenant => "admin" - } - - class {"keystone::endpoint": - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - -# Run token flush every minute (without output so we won't spam admins) -#cron { 'token-flush': -# ensure => 'present', -# command => '/usr/bin/keystone-manage token_flush >/dev/null 2>&1', -# minute => '*/1', -# user => 'keystone', -# require => [User['keystone'], Group['keystone']], -#} -> service { 'crond': -# ensure => 'running', -# enable => true, -#} - # Create firewall rules to allow only the FIREWALL_ALLOWED - # hosts that need to connect via FIREWALL_PORTS - # using FIREWALL_CHAIN - - packstack::firewall {'keystone': - host => 'ALL', - service_name => 'keystone', - chain => 'INPUT', - ports => ['5000', '35357'], - proto => 'tcp', - } - - class {"glance::keystone::auth": - password => "$glance_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - - class {"cinder::keystone::auth": - password => "$cinder_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - -keystone_service { "${cinder::keystone::auth::auth_name}_v2": - ensure => present, - type => "${cinder::keystone::auth::service_type}v2", - description => "Cinder Service v2", -} - -keystone_endpoint { "${cinder::keystone::auth::region}/${cinder::keystone::auth::auth_name}_v2": - ensure => present, - public_url => "${cinder::keystone::auth::public_protocol}://${cinder::keystone::auth::public_address}:${cinder::keystone::auth::port}/v2/%(tenant_id)s", - admin_url => "http://${cinder::keystone::auth::admin_address}:${cinder::keystone::auth::port}/v2/%(tenant_id)s", - internal_url => "http://${cinder::keystone::auth::internal_address}:${cinder::keystone::auth::port}/v2/%(tenant_id)s", -} - - - class {"nova::keystone::auth": - password => "$nova_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - cinder => true, - } - - - class {"neutron::keystone::auth": - password => "$neutron_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - #public_address => "$neutron_ip", - #admin_address => "$neutron_ip", - #internal_address => "$neutron_ip", - } - - - class { 'ceilometer::keystone::auth': - password => "$ceilometer_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - #class { 'swift::keystone::auth': - # password => "$swift_user_password", - # public_address => "$public_ip", - # admin_address => "$private_ip", - # internal_address => "$private_ip", - #} - - class {"heat::keystone::auth": - password => "$heat_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - class {"heat::keystone::auth_cfn": - password => "$heat_user_password", - public_address => "$public_ip", - admin_address => "$private_ip", - internal_address => "$private_ip", - } - - keystone_role { 'heat_stack_owner': - ensure => present, - } - - -} diff --git a/manifests/control/memcache.pp b/manifests/control/memcache.pp deleted file mode 100644 index ed645ca..0000000 --- a/manifests/control/memcache.pp +++ /dev/null @@ -1,13 +0,0 @@ -class trystack::control::memcache() { - - #package { "python-memcached": } - - class {'memcached': } - - firewall { '001 memcache incoming': - proto => 'tcp', - dport => ['11211'], - action => 'accept', - } - -} diff --git a/manifests/control/mongodb.pp b/manifests/control/mongodb.pp deleted file mode 100644 index 239378b..0000000 --- a/manifests/control/mongodb.pp +++ /dev/null @@ -1,17 +0,0 @@ -class trystack::control::mongodb { - - if $private_ip == '' { fail('private_ip is empty') } - - class { 'mongodb::server': - smallfiles => true, - bind_ip => ["$private_ip"], - } - - packstack::firewall {'mongodb': - host => "10.100.0.3", - service_name => 'mongodb-server', - chain => 'INPUT', - ports => '27017', - proto => 'tcp', - } -} diff --git a/manifests/control/mysql.pp b/manifests/control/mysql.pp deleted file mode 100644 index 738ccf6..0000000 --- a/manifests/control/mysql.pp +++ /dev/null @@ -1,136 +0,0 @@ -class trystack::control::mysql() { - - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $mysql_root_password == '' { fail('mysql_root_password is empty') } - if $keystone_db_password == '' { fail('keystone_db_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - if $cinder_db_password == '' { fail('cinder_db_password is empty') } - if $glance_db_password == '' { fail('glance_db_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - if $heat_db_password == '' { fail('heat_db_password is empty') } - if $trystack_db_password == '' { fail('trystack_db_password is empty') } - - package {"nagios-plugins-mysql": } - class {"mysql::server": - package_name => "mariadb-galera-server", - service_manage => true, - restart => true, - root_password => "$mysql_root_password", - override_options => { - 'mysqld' => { bind_address => "0.0.0.0", - default_storage_engine => "InnoDB", - max_connections => "1024", - open_files_limit => '-1', - } - } - } - - # deleting database users for security - # this is done in mysql::server::account_security but has problems - # when there is no fqdn, so we're defining a slightly different one here - mysql_user { [ 'root@127.0.0.1', 'root@::1', '@localhost', '@%' ]: - ensure => 'absent', require => Class['mysql::server'], - } - if ($::fqdn != "" and $::fqdn != "localhost") { - mysql_user { [ "root@${::fqdn}", "@${::fqdn}"]: - ensure => 'absent', require => Class['mysql::server'], - } - } - if ($::fqdn != $::hostname and $::hostname != "localhost") { - mysql_user { ["root@${::hostname}", "@${::hostname}"]: - ensure => 'absent', require => Class['mysql::server'], - } - } - - class {"keystone::db::mysql": - user => 'keystone_admin', - password => "$keystone_db_password", - allowed_hosts => "%", - charset => "utf8", - mysql_module => '2.2', - } - - class {"nova::db::mysql": - password => "$nova_db_password", - host => "%", - allowed_hosts => "%", - charset => "utf8", - mysql_module => '2.2', - } - - class {"cinder::db::mysql": - password => "$cinder_db_password", - host => "%", - allowed_hosts => "%", - charset => "utf8", - mysql_module => '2.2', - } - - class {"glance::db::mysql": - password => "$glance_db_password", - host => "%", - allowed_hosts => "%", - charset => "utf8", - mysql_module => '2.2', - } - - class {"neutron::db::mysql": - password => "$neutron_db_password", - host => "%", - allowed_hosts => "%", - dbname => 'neutron', - charset => "utf8", - mysql_module => '2.2', - } - - class {"heat::db::mysql": - password => "$heat_db_password", - host => "%", - allowed_hosts => "%", - charset => "utf8", - mysql_module => '2.2', - } - - #firewall { '001 mysql incoming': - # proto => 'tcp', - # dport => ['3306'], - # action => 'accept', - #} - packstack::firewall {'mysql': - host => '10.100.0.0/24', - service_name => 'mysql', - chain => 'INPUT', - ports => '3306', - proto => 'tcp', - } - -########################################## - # pacemaker will manage the service. - #class {"mysql::server": - # manage_service => false, - # config_hash => {bind_address => "0.0.0.0", - # root_password => "$mysql_root_password", - # datadir => '/var/lib/mysql/data/', - # default_engine => 'InnoDb', - # } - #} - - mysql::db { "trystack": - user => "trystack", - password => $trystack_db_password, - #host => $mysql_ip, - } - mysql_user { "nagios@${nagios_ip}": - password_hash => mysql_password($mysql_nagios_password), - provider => 'mysql', - } - #mysql_grant { "trystack@%/trystack": - # # TODO figure out which privileges to grant. - # table => '.*', - # user => 'trystack@%', - # privileges => 'all', - # provider => 'mysql', - # require => Mysql_user["trystack@%"] - #} - -} diff --git a/manifests/control/neutron_ts.pp b/manifests/control/neutron_ts.pp deleted file mode 100644 index d5e05c5..0000000 --- a/manifests/control/neutron_ts.pp +++ /dev/null @@ -1,79 +0,0 @@ -class trystack::control::neutron_ts () { - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } - - $neutron_sql_connection = "mysql://neutron:${neutron_db_password}@${mysql_ip}/neutron" - - #exec { 'neutron-db-manage upgrade': - # command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - # path => '/usr/bin', - # user => 'neutron', - # logoutput => 'on_failure', - # before => Service['neutron-server'], - # require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']], - #} - - # For cases where "neutron-db-manage upgrade" command is called we need to fill config file first - if defined(Exec['neutron-db-manage upgrade']) { - Neutron_plugin_ml2<||> -> File['/etc/neutron/plugin.ini'] -> Exec['neutron-db-manage upgrade'] - } - - class { 'neutron': - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_user => 'guest', - rabbit_password => 'guest', - core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - allow_overlapping_ips => true, - service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin', - 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin', - 'neutron.services.metering.metering_plugin.MeteringPlugin', - 'neutron.services.firewall.fwaas_plugin.FirewallPlugin'], - verbose => true, - debug => false, - } - - # Configure nova notifications system - class { 'neutron::server::notifications': - nova_admin_username => 'nova', - nova_admin_password => "${nova_user_password}", - nova_admin_tenant_name => 'services', - nova_url => "http://${private_ip}:8774/v2", - nova_admin_auth_url => "http://${private_ip}:35357/v2.0", - } - - class { 'neutron::server': - sql_connection => $neutron_sql_connection, - connection => $neutron_sql_connection, - auth_password => $neutron_user_password, - auth_host => "$private_ip", - enabled => true, - mysql_module => '2.2', - sync_db => true, - } - - class { 'neutron::plugins::ml2': - type_drivers => ['vxlan'], - tenant_network_types => ['vxlan'], - mechanism_drivers => ['openvswitch', 'l2population'], - flat_networks => ['*'], - network_vlan_ranges => [], - tunnel_id_ranges => [], - vxlan_group => undef, - vni_ranges => ['10:1000'], - enable_security_group => true, - } - - packstack::firewall {'neutron_server': - host => 'ALL', - service_name => 'neutron server', - chain => 'INPUT', - ports => '9696', - proto => 'tcp', - } -} diff --git a/manifests/control/nova_ts.pp b/manifests/control/nova_ts.pp deleted file mode 100644 index 27b8291..0000000 --- a/manifests/control/nova_ts.pp +++ /dev/null @@ -1,97 +0,0 @@ -class trystack::control::nova_ts() { - - - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } - - nova_config{ - # OpenStack doesn't include the CoreFilter (= CPU Filter) by default - "DEFAULT/scheduler_default_filters": - value => "RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter"; - "DEFAULT/cpu_allocation_ratio": value => "16.0"; - "DEFAULT/ram_allocation_ratio": value => "1.5"; - "DEFAULT/quota_instances": value => "3"; - "DEFAULT/quota_cores": value => "6"; - "DEFAULT/quota_ram": value => "12288"; - "DEFAULT/metadata_host": value => "$::ipaddress_em1"; - "DEFAULT/sql_connection": value => "mysql://nova:$nova_db_password@$mysql_ip/nova"; - #"DEFAULT/keystone_ec2_url": value => "http://$private_ip:5000/v2.0/ec2tokens"; - "DEFAULT/memcache_servers": value => "${memcache_ip}:11211"; - 'keystone_authtoken/admin_version': value => 'v2.0'; - } - - class {"nova::cert": enabled => true, } - class {"nova::conductor": enabled => true, } - class {"nova::scheduler": enabled => true, } - class {"nova::vncproxy": enabled => true, } - class {"nova::consoleauth": enabled => true, } - - firewall { '001 novncproxy incoming': - proto => 'tcp', - dport => ['6080'], - action => 'accept', - } - - - - # Ensure Firewall changes happen before nova services start - # preventing a clash with rules being set by nova-compute and nova-network - Firewall <| |> -> Class['nova'] - - class {"nova": - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_userid => 'guest', - rabbit_password => 'guest', - glance_api_servers => "${private_ip}:9292", - verbose => false, - debug => false, -# nova_public_key => $public_key, -# nova_private_key => $private_key, -# nova_shell => '/bin/bash', - } - - class {"nova::network::neutron": - neutron_admin_password => "$neutron_user_password", - neutron_auth_strategy => "keystone", - neutron_url => "http://${neutron_ip}:9696", - neutron_admin_tenant_name => "services", - neutron_admin_auth_url => "http://${private_ip}:35357/v2.0", - #vif_plugging_is_fatal => false, - #vif_plugging_timeout => '10', - } - - class {"nova::compute::neutron": - #libvirt_vif_driver => "nova.virt.libvirt.vif.LibvirtHybridOVSBridgeDriver", - libvirt_vif_driver => "nova.virt.libvirt.vif.LibvirtGenericVIFDriver", - } - - - -#### Start nova api #### - require 'keystone::python' - class {"nova::api": - api_bind_address => $::ipaddress_em1, - metadata_listen => $::ipaddress_em1, - enabled => true, - auth_host => "$private_ip", - admin_password => "$nova_user_password", - neutron_metadata_proxy_shared_secret => "$neutron_metadata_shared_secret" - } - - Package<| title == 'nova-common' |> -> Class['nova::api'] - - packstack::firewall {'nova_api': - host => 'ALL', - service_name => 'nova api', - chain => 'INPUT', - ports => ['8773', '8774', '8775'], - proto => 'tcp', - } -} diff --git a/manifests/control/qpid.pp b/manifests/control/qpid.pp deleted file mode 100644 index 8511855..0000000 --- a/manifests/control/qpid.pp +++ /dev/null @@ -1,16 +0,0 @@ -class trystack::control::qpid () { - - # pacemaker will manage this service - # so we disable puppet's managment of it - class {"qpid::server": - auth => "no", - #manage_service => false, - } - - firewall { '001 qpid incoming': - proto => 'tcp', - dport => ['5672'], - action => 'accept', - } - -} diff --git a/manifests/control/trove_ts.pp b/manifests/control/trove_ts.pp deleted file mode 100644 index fd13c4f..0000000 --- a/manifests/control/trove_ts.pp +++ /dev/null @@ -1,62 +0,0 @@ -class trystack::control::trove_ts() { - - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $public_ip == '' { fail('public_ip is empty') } - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $trove_db_password == '' { fail('trove_db_password is empty') } - if $trove_user_password == '' { fail('trove_user_password is empty') } - - class {'trove': - rabbit_host => $amqp_ip, - rabbit_password => 'guest', - rabbit_port => '5672', - rabbit_userid => 'guest', - database_connection => "mysql://trove:$trove_db_password@$mysql_ip/trove", - nova_compute_url => "http://${private_ip}:8774/v2", - nova_proxy_admin_user => 'nova', - nova_proxy_admin_pass => $nova_user_password, - nova_proxy_admin_tenant_name => 'services', - control_exchange => 'trove', - cinder_url => false, - swift_url => false, - } - class { 'trove::client': } - - class { 'trove::keystone::auth': - admin_address => $private_ip, - internal_address => $private_ip, - public_address => $public_ip, - password => $trove_user_password, - region => 'RegionOne', - } - - class { 'trove::db::mysql': - password => $trove_db_password, - host => '%', - allowed_hosts => '%' - } - - class { 'trove::api': - bind_host => '0.0.0.0', - auth_url => "http://${private_ip}:5000/v2.0", - keystone_password => $trove_user_password, - } - - class { 'trove::conductor': - auth_url => "http://${private_ip}:5000/v2.0" - } - - class { 'trove::taskmanager': - auth_url => "http://${private_ip}:5000/v2.0" - } - - packstack::firewall {'trove_API': - host => 'ALL', - service_name => 'cinder-api', - chain => 'INPUT', - ports => ['8779'], - proto => 'tcp', - } -} diff --git a/manifests/controller.pp b/manifests/controller.pp new file mode 100644 index 0000000..c1d165d --- /dev/null +++ b/manifests/controller.pp @@ -0,0 +1,105 @@ +class trystack::controller { + + if $admin_email == '' { fail('admin_email is empty') } + if $admin_password == '' { fail('admin_password is empty') } + + if $public_ip == '' { fail('public_ip is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $memcache_ip == '' { fail('memcache_ip is empty') } + if $neutron_ip == '' { fail('neutron_ip is empty') } + + if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } + if $keystone_db_password == '' { fail('keystone_db_password is empty') } + + if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } + #if $trystack_db_password == '' { fail('trystack_db_password is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $cinder_user_password == '' { fail('cinder_user_password is empty') } + if $cinder_db_password == '' { fail('cinder_db_password is empty') } + + if $glance_user_password == '' { fail('glance_user_password is empty') } + if $glance_db_password == '' { fail('glance_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + if $heat_user_password == '' { fail('heat_user_password is empty') } + if $heat_db_password == '' { fail('heat_db_password is empty') } + if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } + + if $swift_user_password == '' { fail('swift_user_password is empty') } + if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } + if $swift_admin_password == '' { fail('swift_admin_password is empty') } + + class { "quickstack::neutron::controller": + admin_email => $admin_email, + admin_password => $admin_password, + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, + + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + +} diff --git a/manifests/facebook.pp b/manifests/facebook.pp deleted file mode 100644 index f8db142..0000000 --- a/manifests/facebook.pp +++ /dev/null @@ -1,43 +0,0 @@ -class trystack::facebook() { - - if $facebook_app_id == '' { fail('facebook_app_id is empty') } - if $facebook_app_secret == '' { fail('facebook_app_secret is empty') } - if $member_user_role == '' { fail('member_user_role is empty') } - if $trystack_db_password == '' { fail('trystack_db_password is empty') } - if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } - - package {'python-django-horizon-facebook': } - - file_line{'enable_apipassword': - path => '/usr/share/openstack-dashboard/openstack_dashboard/dashboards/settings/dashboard.py', - match => " panels = .*", - line => " panels = ('user', 'apipassword', )", - } - - file { "/usr/share/keystone/keystone-dist-paste.ini": - ensure => present, - source => "puppet:///modules/trystack/keystone-dist-paste.ini", - group => "keystone", - } - - file {'/usr/lib/python2.7/site-packages/horizon/templates/splash.html': -# require => Package['openstack-dashboard'], - source => 'puppet:///modules/trystack/usr/lib/python2.6/site-packages/horizon/templates/splash.html', - } - file {'/usr/lib/python2.7/site-packages/horizon/templates/auth/login.html': -# require => Package['openstack-dashboard'], - source => 'puppet:///modules/trystack/usr/lib/python2.6/site-packages/horizon/templates/auth/login.html', - } - file {'/usr/lib/python2.7/site-packages/horizon/templates/auth/_login.html': -# require => Package['openstack-dashboard'], - source => 'puppet:///modules/trystack/usr/lib/python2.6/site-packages/horizon/templates/auth/_login.html', - } - file {'/usr/share/openstack-dashboard/openstack_dashboard/settings.py': -# require => Package['openstack-dashboard'], - content => template('trystack/settings.py.erb'), - } - file {'/usr/share/openstack-dashboard/openstack_dashboard/urls.py': -# require => Package['openstack-dashboard'], - source => 'puppet:///modules/trystack/usr/share/openstack-dashboard/openstack_dashboard/urls.py', - } -} diff --git a/manifests/gluster.pp b/manifests/gluster.pp deleted file mode 100644 index b0e77da..0000000 --- a/manifests/gluster.pp +++ /dev/null @@ -1,558 +0,0 @@ -class trystack::gluster () { - - firewall { '001 gluster bricks incoming': - iniface => 'em1', - proto => 'tcp', - dport => '49152-49170', - action => 'accept', - } - - firewall { '001 gluster incoming': - iniface => 'em1', - proto => 'tcp', - dport => '24007-24020', - action => 'accept', - } - - file { '/export': ensure => directory, } - file { '/export/sdb1/trystack': ensure => directory, } - file { '/export/sdc1/trystack': ensure => directory, } - file { '/export/sdd1/trystack': ensure => directory, } - file { '/export/sde1/mysql': ensure => directory, } - file { '/export/sdf1/mysql': ensure => directory, } - file { '/export/sdg1/mysql': ensure => directory, } - file { '/export/sdh1/mongo': ensure => directory, } - file { '/export/sdi1/mongo': ensure => directory, } - file { '/export/sdj1/mongo': ensure => directory, } - - # puppet creates and cleans up the file every run - # this resource stops that madness - file { '/var/lib/puppet/tmp/gluster/vrrp': ensure => directory, } - - class { 'puppet::vardir': } - class { 'gluster::server': - #ips => ["10.100.0.10", "10.100.0.11", "10.100.0.12"], - #vip => "${annex_loc_vip_1}", - clients => ["10.100.0.*",], - #zone => 'loc', - #shorewall => true, - repo => false, - } - - -#blap - - -# ##### Host 10 #### -# gluster::host { 'host10.x86.trystack.org': -# ip => '10.100.0.10', -# uuid => '80a19f09-f8b2-4912-a65c-0ea4768431b2', -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdb1': -# dev => '/dev/sdb', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdc1': -# dev => '/dev/sdc', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdd1': -# dev => '/dev/sdd', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sde1': -# dev => '/dev/sde', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdf1': -# dev => '/dev/sdf', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdg1': -# dev => '/dev/sdg', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdh1': -# dev => '/dev/sdh', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdi1': -# dev => '/dev/sdi', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host10.x86.trystack.org:/export/sdj1': -# dev => '/dev/sdj', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# ##### Host 11 #### -# gluster::host { 'host11.x86.trystack.org': -# ip => '10.100.0.11', -# uuid => '1ffc7240-36b0-482e-9c9b-8de5ea9c8e50', -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdb1': -# dev => '/dev/sdb', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdc1': -# dev => '/dev/sdc', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdd1': -# dev => '/dev/sdd', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sde1': -# dev => '/dev/sde', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdf1': -# dev => '/dev/sdf', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdg1': -# dev => '/dev/sdg', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdh1': -# dev => '/dev/sdh', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdi1': -# dev => '/dev/sdi', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host11.x86.trystack.org:/export/sdj1': -# dev => '/dev/sdj', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# ##### Host 12 #### -# gluster::host { 'host12.x86.trystack.org': -# ip => '10.100.0.12', -# uuid => '1b047765-c666-493e-be6e-be5dbe4689f5', -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdb1': -# dev => '/dev/sdb', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdc1': -# dev => '/dev/sdc', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdd1': -# dev => '/dev/sdd', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sde1': -# dev => '/dev/sde', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdf1': -# dev => '/dev/sdf', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdg1': -# dev => '/dev/sdg', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdh1': -# dev => '/dev/sdh', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdi1': -# dev => '/dev/sdi', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } -# -# gluster::brick { 'host12.x86.trystack.org:/export/sdj1': -# dev => '/dev/sdj', -# lvm => false, -# fstype => 'ext4', -# areyousure => true, -# } - - ##### Host 13 #### - gluster::host { 'host13.x86.trystack.org': - ip => '10.100.0.13', - uuid => '604df7c2-c9e5-448a-982b-818144116e55', - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdb1': - dev => '/dev/sdb', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdc1': - dev => '/dev/sdc', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdd1': - dev => '/dev/sdd', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sde1': - dev => '/dev/sde', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdf1': - dev => '/dev/sdf', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdg1': - dev => '/dev/sdg', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdh1': - dev => '/dev/sdh', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdi1': - dev => '/dev/sdi', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host13.x86.trystack.org:/export/sdj1': - dev => '/dev/sdj', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - ##### Host 14 #### - gluster::host { 'host14.x86.trystack.org': - ip => '10.100.0.14', - uuid => '2cd2233e-bdd7-4d0e-9db1-25704bbeae97', - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdb1': - dev => '/dev/sdb', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdc1': - dev => '/dev/sdc', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdd1': - dev => '/dev/sdd', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sde1': - dev => '/dev/sde', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdf1': - dev => '/dev/sdf', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdg1': - dev => '/dev/sdg', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdh1': - dev => '/dev/sdh', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdi1': - dev => '/dev/sdi', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host14.x86.trystack.org:/export/sdj1': - dev => '/dev/sdj', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - ##### Host 15 #### - gluster::host { 'host15.x86.trystack.org': - ip => '10.100.0.15', - uuid => '5a3cdffd-ce0c-40aa-aed8-c40dd16bdeb4', - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdb1': - dev => '/dev/sdb', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdc1': - dev => '/dev/sdc', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdd1': - dev => '/dev/sdd', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sde1': - dev => '/dev/sde', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdf1': - dev => '/dev/sdf', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdg1': - dev => '/dev/sdg', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdh1': - dev => '/dev/sdh', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdi1': - dev => '/dev/sdi', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - gluster::brick { 'host15.x86.trystack.org:/export/sdj1': - dev => '/dev/sdj', - lvm => false, - fstype => 'ext4', - areyousure => true, - } - - $trystack_brick_list = [ -# 'host10.x86.trystack.org:/export/sdb1', -# 'host11.x86.trystack.org:/export/sdb1', -# 'host12.x86.trystack.org:/export/sdb1', - 'host13.x86.trystack.org:/export/sdb1', - 'host14.x86.trystack.org:/export/sdb1', - 'host15.x86.trystack.org:/export/sdb1', -# 'host10.x86.trystack.org:/export/sdc1', -# 'host11.x86.trystack.org:/export/sdc1', -# 'host12.x86.trystack.org:/export/sdc1', - 'host13.x86.trystack.org:/export/sdc1', - 'host14.x86.trystack.org:/export/sdc1', - 'host15.x86.trystack.org:/export/sdc1', -# 'host10.x86.trystack.org:/export/sdd1', -# 'host11.x86.trystack.org:/export/sdd1', -# 'host12.x86.trystack.org:/export/sdd1', - 'host13.x86.trystack.org:/export/sdd1', - 'host14.x86.trystack.org:/export/sdd1', - 'host15.x86.trystack.org:/export/sdd1', - ] - - $mysql_brick_list = [ -# 'host10.x86.trystack.org:/export/sde1', -# 'host11.x86.trystack.org:/export/sde1', -# 'host12.x86.trystack.org:/export/sde1', -# 'host10.x86.trystack.org:/export/sdf1', -# 'host11.x86.trystack.org:/export/sdf1', -# 'host12.x86.trystack.org:/export/sdf1', -# 'host10.x86.trystack.org:/export/sdg1', -# 'host11.x86.trystack.org:/export/sdg1', -# 'host12.x86.trystack.org:/export/sdg1', - 'host13.x86.trystack.org:/export/sde1', - 'host14.x86.trystack.org:/export/sde1', - 'host15.x86.trystack.org:/export/sde1', - 'host13.x86.trystack.org:/export/sdf1', - 'host14.x86.trystack.org:/export/sdf1', - 'host15.x86.trystack.org:/export/sdf1', - 'host13.x86.trystack.org:/export/sdg1', - 'host14.x86.trystack.org:/export/sdg1', - 'host15.x86.trystack.org:/export/sdg1', - ] - - $mongo_brick_list = [ -# 'host10.x86.trystack.org:/export/sdh1', -# 'host11.x86.trystack.org:/export/sdh1', -# 'host12.x86.trystack.org:/export/sdh1', -# 'host10.x86.trystack.org:/export/sdi1', -# 'host11.x86.trystack.org:/export/sdi1', -# 'host12.x86.trystack.org:/export/sdi1', -# 'host10.x86.trystack.org:/export/sdj1', -# 'host11.x86.trystack.org:/export/sdj1', -# 'host12.x86.trystack.org:/export/sdj1', - 'host13.x86.trystack.org:/export/sdh1', - 'host14.x86.trystack.org:/export/sdh1', - 'host15.x86.trystack.org:/export/sdh1', - 'host13.x86.trystack.org:/export/sdi1', - 'host14.x86.trystack.org:/export/sdi1', - 'host15.x86.trystack.org:/export/sdi1', - 'host13.x86.trystack.org:/export/sdj1', - 'host14.x86.trystack.org:/export/sdj1', - 'host15.x86.trystack.org:/export/sdj1', - ] - # TODO: have this run transactionally on *one* gluster host. - gluster::volume { 'trystack': - replica => 3, - bricks => $trystack_brick_list, - start => undef, # i'll start this myself - } - - gluster::volume::property { 'trystack#cluster.data-self-heal-algorithm': - value => 'full', - } - - # namevar must be: # - #gluster::volume::property { 'examplevol#auth.reject': - # value => ['192.0.2.13', '198.51.100.42', '203.0.113.69'], - #} - - gluster::volume { 'mysql': - replica => 3, - bricks => $mysql_brick_list, - start => undef, - } - - gluster::volume::property { 'mysql#cluster.data-self-heal-algorithm': - value => 'full', - } - - gluster::volume { 'mongo': - replica => 3, - bricks => $mongo_brick_list, - start => undef, - } - - gluster::volume::property { 'mongo#cluster.data-self-heal-algorithm': - value => 'full', - } - -} diff --git a/manifests/highavailability.pp b/manifests/highavailability.pp deleted file mode 100644 index 007cd68..0000000 --- a/manifests/highavailability.pp +++ /dev/null @@ -1,92 +0,0 @@ -class trystack::highavailability { - - class {'pacemaker::corosync': - cluster_name => 'trystack', - cluster_members => '10.100.0.1 10.100.0.3 10.100.0.16', - } - - class {'pacemaker::stonith': - disable => true, - } - - pacemaker::resource::ip { 'ip-10.100.0.200': - ip_address => '10.100.0.200', - group => 'test', - ensure => 'absent', - } - - pacemaker::resource::lsb { 'tgtd': - clone => true, - ensure => 'absent', - } - - pacemaker::resource::ip { 'ip-10.100.0.225': - ip_address => '10.100.0.225', - group => 'trystack_qpid', - } - pacemaker::resource::lsb { 'qpidd': - group => 'trystack_qpid', - require => Pacemaker::Resource::Ip['ip-10.100.0.225'], - } - - pacemaker::resource::ip { 'ip-8.21.28.222': - ip_address => '8.21.28.222', - group => 'trystack', - } - pacemaker::resource::ip { 'ip-10.100.0.222': - ip_address => '10.100.0.222', - group => 'trystack', - } - pacemaker::resource::lsb {'haproxy': - group => 'trystack', - require => [Pacemaker::Resource::Ip['ip-8.21.28.222'], - Pacemaker::Resource::Ip['ip-10.100.0.222'],] - } - - pacemaker::resource::lsb {'openstack-nova-novncproxy': - group => 'trystack', - require => Pacemaker::Resource::Lsb['haproxy'], - } - - pacemaker::resource::ip { 'ip-10.100.0.221': - ip_address => '10.100.0.221', - group => 'trystack_mysql', - } - pacemaker::resource::filesystem { "mysql_storage": - device => "host13:/mysql", - directory => "/var/lib/mysql/data", - fstype => "glusterfs", - group => 'trystack_mysql', - } - - pacemaker::resource::mysql {'mysqld': - name => 'mysqld', - group => 'trystack_mysql', - additional_params => 'datadir=/var/lib/mysql/data/ pid=/var/run/mysqld/mysql.pid socket=/var/lib/mysql/mysql.sock', - require => [Pacemaker::Resource::Filesystem['mysql_storage'], - Pacemaker::Resource::Ip['ip-10.100.0.221'],], - } - - pacemaker::constraint::location{'mysql-avoid': - ensure => absent, - resource => 'trystack_qpid', - location => '10.100.0.1', - score => 1, - #score => '-INFINITY', - } - - pacemaker::constraint::colocation{'colo-qpid': - ensure => absent, - source => 'lsb-qpidd', - target => 'ip-10.100.0.225', - #score => 1, - score => 'INFINITY', - } - - #pacemaker::stonith::ipmilan { '$ipmi_address': - # address => '$ipmi_address', - # user => '$ipmi_user', - # password => '$ipmi_pass', - # hostlist => '$ipmi_host_list', - #} -} diff --git a/manifests/init.pp b/manifests/init.pp index 1a48d68..a99b7ff 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,122 +1,5 @@ -# Common trystack configurations - -class trystack(){ - - class { "trystack::ntpd": } - class {"trystack::nagios::nrpe": } - - exec{'selinux permissive': - command => '/usr/sbin/setenforce 0', - onlyif => '/usr/sbin/getenforce | grep Enforcing', - } - - service { 'rsyslog': } - - package { 'audit': - ensure => present, - } -> - service { 'auditd': - ensure => running, - enable => true, - } - - package{['glusterfs-fuse', 'nagios-plugins-load', 'nagios-plugins-ping']: - ensure => present, - } - - - file {'/etc/cron.hourly/trystack-cleanup.sh': - content => template('trystack/cron.hourly-trystack-cleanup.sh.erb'), - ensure => absent, - } - - #file {"/etc/rsyslog.d/logstash.conf": - # ensure => present, - # content => "# Send everything to a logstash server on port 5544:\n#*.* @@host1:5544\n", - # notify => Service['rsyslog'], - #} - - file {"/etc/hosts": - ensure => present, - source => 'puppet:///modules/trystack/hosts', - } - file {"/root/.ssh/": - ensure => directory, - mode => 700, - } - file {"/root/.ssh/authorized_keys": - ensure => present, - mode => 600, - source => 'puppet:///modules/trystack/ssh_authorized_keys', - require => File['/root/.ssh/'], - notify => Service['sshd'] - } - service {'sshd': } - - file_line{'disable password login': - path => '/etc/ssh/sshd_config', - match => '^PasswordAuthentication.*', - line => 'PasswordAuthentication no', - require => File['/root/.ssh/authorized_keys'], - } - - file_line { 'puppet_report_on': - path => '/etc/puppet/puppet.conf', - match => '^[ ]*report[ ]*=', - line => " report = true", - } - - #file_line { 'puppet_pluginsync_on': - # path => '/etc/puppet/puppet.conf', - # match => '^[ ]*pluginsync=', - # line => " pluginsync=true", - #} - - - class { 'munin::client': allow => ['10.100.0.1']} - - firewall { '001 munin incoming': - proto => 'tcp', - dport => ['4949'], - iniface => 'em1', - action => 'accept', - } - - - package { 'firewalld': - ensure => absent, - } - - service { "firewalld": - ensure => "stopped", - enable => false, - #before => [Service['iptables'], Package['firewalld']], - before => Package['firewalld'], - } - - package { ['iptables', 'iptables-services']: - ensure => present, - } - - #service { "iptables": - # ensure => "running", - # require => Package['iptables'], - #} - - package {['NetworkManager', 'NetworkManager-tui', 'NetworkManager-config-server', 'NetworkManager-glib']: - ensure => absent, - } - - service { "NetworkManager": - ensure => stopped, - enable => false, - #before => [Service['iptables'], Package['firewalld']], - before => Package['NetworkManager'], - } - - service { "network": - ensure => running, - enable => false, - before => Service['NetworkManager'], - } +class trystack { + file {'/etc/hosts': + content=> 'file:///modules/trystack/etc.hosts', + } } diff --git a/manifests/loadbalancer.pp b/manifests/loadbalancer.pp deleted file mode 100644 index 7ff627d..0000000 --- a/manifests/loadbalancer.pp +++ /dev/null @@ -1,175 +0,0 @@ -class trystack::loadbalancer { - - class { 'haproxy': - # We want pacemaker to manage this service's state - # not puppet - manage_service => false, - } - - haproxy::listen { "admin": - mode => 'http', - ipaddress => '*', - ports => [8081], - options => { 'stats' => 'enable', }, - } - - #haproxy::frontend { 'keystone-frontend': - # ipaddress => [$private_ip, $public_ip], - # ports => '5000', - # options => { 'default_backend' => 'keystone-backend', }, - # mode => 'http', - #} - - haproxy::backend { 'keystone-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:5000 check inter 10s', - 'host16 10.100.0.16:5000 check inter 10s',] - } - } - - #haproxy::frontend { 'keystone-admin-frontend': - # ipaddress => [$private_ip], - # ports => '35357', - # options => { 'default_backend' => 'keystone-admin-backend', }, - # mode => 'http', - #} - - haproxy::backend { 'keystone-admin-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:35357 check inter 10s', - 'host16 10.100.0.16:35357 check inter 10s',] - } - } - - haproxy::frontend { 'nova-ec2-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '8773', - options => { 'default_backend' => 'nova-ec2-backend', }, - mode => 'http', - } - - haproxy::backend { 'nova-ec2-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:8773 check inter 10s', - 'host16 10.100.0.16:8773 check inter 10s',] - } - } - - haproxy::frontend { 'nova-api-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '8774', - options => { 'default_backend' => 'nova-api-backend', }, - mode => 'http', - } - - haproxy::backend { 'nova-api-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:8774 check inter 10s', - 'host16 10.100.0.16:8774 check inter 10s',] - } - } - - haproxy::frontend { 'nova-metadata-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '8775', - options => { 'default_backend' => 'nova-metadata-backend', }, - mode => 'http', - } - - haproxy::backend { 'nova-metadata-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:8775 check inter 10s', - 'host16 10.100.0.16:8775 check inter 10s',] - } - } - - haproxy::frontend { 'neutron-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '9696', - options => { 'default_backend' => 'neutron-backend', }, - mode => 'http', - } - - haproxy::backend { 'neutron-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host4 10.100.0.4:9696 check inter 10s', - 'host16 10.100.0.16:9696 check inter 10s',] - } - } - - haproxy::frontend { 'glance-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '9292', - options => { 'default_backend' => 'glance-backend', }, - mode => 'http', - } - - haproxy::backend { 'glance-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:9292 check inter 10s', - 'host16 10.100.0.16:9292 check inter 10s',] - } - } - - haproxy::frontend { 'glance-registry-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '9191', - options => { 'default_backend' => 'glance-registry-backend', }, - mode => 'http', - } - - haproxy::backend { 'glance-registry-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:9191 check inter 10s', - 'host16 10.100.0.16:9191 check inter 10s',] - } - } - - haproxy::frontend { 'cinder-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '8776', - options => { 'default_backend' => 'cinder-backend', }, - mode => 'http', - } - - haproxy::backend { 'cinder-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:8776 check inter 10s', - 'host16 10.100.0.16:8776 check inter 10s',] - } - } - - haproxy::frontend { 'swift-frontend': - ipaddress => [$private_ip, $public_ip], - ports => '8080', - options => { 'default_backend' => 'swift-backend', }, - mode => 'http', - } - - haproxy::backend { 'swift-backend': - options => { 'balance' => 'roundrobin', - 'mode' => 'http', - 'server' => ['host3 10.100.0.3:8080 check inter 10s', - 'host16 10.100.0.16:8080 check inter 10s',] - } - } - - - packstack::firewall {'neutron_server': - host => 'ALL', - service_name => 'neutron server', - chain => 'INPUT', - ports => '9696', - proto => 'tcp', - } - -} diff --git a/manifests/nagios.pp b/manifests/nagios.pp deleted file mode 100644 index 4357a1b..0000000 --- a/manifests/nagios.pp +++ /dev/null @@ -1,68 +0,0 @@ -class trystack::nagios { - if $public_fqdn == '' { fail('public_fqdn is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - - package{['nagios', - 'nagios-plugins-nrpe', - 'nagios-plugins-mysql', - 'nagios-plugins-http']: - ensure => present, - before => Class['trystack::nagios::configs'] - } - - #class {'apache': } - #apache::listen { '443': } - #apache::listen { '8140': } - ##class {'apache::mod::php': } - ##class {'apache::mod::wsgi':} - ##class {'apache::mod::proxy_http':} - ## The apache module purges files it doesn't know about - ## avoid this be referencing them here - #file { '/etc/httpd/conf.d/elasticsearch.conf':} - #file { '/etc/httpd/conf.d/nagios.conf':} - #file { '/etc/httpd/conf.d/foreman.conf':} - #file { '/etc/httpd/conf.d/munin.conf':} - #file { '/etc/httpd/conf.d/puppet.conf':} - #file { '/etc/httpd/conf.d/php.conf':} - - - ##class { 'foreman': } - - service{['nagios']: - ensure => running, - enable => true, - hasstatus => true, - } - - #firewall { '001 nagios incoming': - # proto => 'tcp', - # dport => ['80'], - # action => 'accept', - #} - - class{'nagios::server': - apache_httpd_ssl => false, - } - - class{'trystack::nagios::configs': - notify => [Service['nagios'], Service['httpd']], - } - - class{'trystack::nagios::commands': - notify => [Service['nagios'], Service['httpd']], - require => Class['trystack::nagios::configs'], - } - - class{'trystack::nagios::hosts': - notify => [Service['nagios'], Service['httpd']], - require => Class['trystack::nagios::commands'], - } - - class{'trystack::nagios::services': - notify => [Service['nagios'], Service['httpd']], - require => Class['trystack::nagios::hosts'], - } -} - diff --git a/manifests/nagios/commands.pp b/manifests/nagios/commands.pp deleted file mode 100644 index f4fc595..0000000 --- a/manifests/nagios/commands.pp +++ /dev/null @@ -1,121 +0,0 @@ -class trystack::nagios::commands { - - package { ['python-keystoneclient', - 'python-glanceclient', - 'python-novaclient', - 'python-swiftclient', - 'python-cinderclient', - 'python-neutronclient', - 'python-heatclient']: - - ensure => 'present', - } - - file{"/usr/lib64/nagios/plugins/keystone-user-list": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - content => template("packstack/keystone-user-list.erb"), - } - - nagios_command {"keystone-user-list": - command_line => "/usr/lib64/nagios/plugins/keystone-user-list", - require => Package['python-keystoneclient'], - } - - file{"/usr/lib64/nagios/plugins/glance-index": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/glance-index", - } - - nagios_command {"glance-index": - command_line => "/usr/lib64/nagios/plugins/glance-index", - require => Package['python-glanceclient'], - } - - file{"/usr/lib64/nagios/plugins/nova-list": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/nova-list", - } - - nagios_command {"nova-list": - command_line => "/usr/lib64/nagios/plugins/nova-list", - require => Package['python-novaclient'], - } - - file{"/usr/lib64/nagios/plugins/cinder-list": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/cinder-list", - } - - nagios_command {"cinder-list": - command_line => "/usr/lib64/nagios/plugins/cinder-list", - require => Package['python-cinderclient'], - } - - file{"/usr/lib64/nagios/plugins/swift-list": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - content => template("packstack/swift-list.erb"), - } - - nagios_command {"swift-list": - command_line => "/usr/lib64/nagios/plugins/swift-list", - require => Package['python-swiftclient'], - } - - file{"/usr/lib64/nagios/plugins/heat-stack-list": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/heat-stack-list", - } - - nagios_command {"heat-stack-list": - command_line => "/usr/lib64/nagios/plugins/heat-stack-list", - require => Package['python-heatclient'], - } - - file{"/usr/lib64/nagios/plugins/neutron-floatingip-list": - ensure => "absent", - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/neutron-floatingip-list", - } - - file{"/usr/lib64/nagios/plugins/neutron-external-port-count": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/neutron-external-port-count", - } - - nagios_command {"neutron-floatingip-list": - ensure => "absent", - command_line => "/usr/lib64/nagios/plugins/neutron-floatingip-list", - require => Package['python-neutronclient'], - } - - nagios_command {"neutron-external-port-count": - command_line => "/usr/lib64/nagios/plugins/neutron-external-port-count", - require => Package['python-neutronclient'], - } - - nagios_command {"check_mysql": - command_line => '/usr/lib64/nagios/plugins/check_mysql -H $HOSTADDRESS$ -u $ARG1$ -p $ARG2$', - require => Package['nagios-plugins-mysql'], - } - - nagios_command {"check_rabbitmq_aliveness": - command_line => 'exec sudo /usr/lib64/nagios/plugins/check_rabbitmq_aliveness --extra-opts=$ARG1$', - require => Package['nagios-plugins-mysql'], - } -} diff --git a/manifests/nagios/configs.pp b/manifests/nagios/configs.pp deleted file mode 100644 index 4eabe62..0000000 --- a/manifests/nagios/configs.pp +++ /dev/null @@ -1,53 +0,0 @@ -class trystack::nagios::configs { - - if $admin_password == '' { fail('admin_password is empty') } - if $nagios_user == '' { fail('nagios_user is empty') } - if $nagios_password == '' { fail('nagios_password is empty') } - - file{['/etc/nagios/nagios_command.cfg', '/etc/nagios/nagios_host.cfg']: - ensure => 'present', - mode => '0644', - owner => 'nagios', - group => 'nagios', - } - - # Remove the entry for localhost, it contains services we're not - # monitoring - file{['/etc/nagios/objects/localhost.cfg']: - ensure => 'present', - content => '', - } - - file_line{'nagios_host': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_host.cfg', - } - - file_line{'nagios_command': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_command.cfg', - } - - file_line{'nagios_service': - path => '/etc/nagios/nagios.cfg', - line => 'cfg_file=/etc/nagios/nagios_service.cfg', - } - - nagios_command{'check_nrpe': - command_line => '/usr/lib64/nagios/plugins/check_nrpe -H $HOSTADDRESS$ -c $ARG1$', - } - - exec{'nagiospasswd': - command => "/usr/bin/htpasswd -bc /etc/nagios/passwd $nagios_user $nagios_password", - creates => "/etc/nagios/passwd", - } - - file {"/etc/nagios/keystonerc_admin": - ensure => "present", owner => "nagios", mode => '0600', - content => "export OS_USERNAME=admin -export OS_TENANT_NAME=admin -export OS_PASSWORD=$admin_password -export OS_AUTH_URL=http://$private_ip:5000/v2.0/ -",} - -} diff --git a/manifests/nagios/hosts.pp b/manifests/nagios/hosts.pp deleted file mode 100644 index 4487ea4..0000000 --- a/manifests/nagios/hosts.pp +++ /dev/null @@ -1,25 +0,0 @@ -class trystack::nagios::hosts { - - nagios_host { "_$public_fqdn": , use => 'linux-server', address => "$public_fqdn"} - nagios_host { "$private_ip": , use => 'linux-server', address => "$private_ip"} - nagios_host { "$mysql_ip": , use => 'linux-server', address => "$mysql_ip"} - nagios_host { 'host01': , use => 'linux-server', address => '10.100.0.1'} -# nagios_host { '10.100.0.2': , use => 'linux-server', address => '10.100.0.2'} - nagios_host { 'host03': , use => 'linux-server', address => '10.100.0.3'} - nagios_host { "$neutron_ip": , use => 'linux-server', address => "$neutron_ip"} - nagios_host { 'host05': , use => 'linux-server', address => '10.100.0.5'} - nagios_host { 'host06': , use => 'linux-server', address => '10.100.0.6'} - nagios_host { 'host07': , use => 'linux-server', address => '10.100.0.7'} - nagios_host { 'host08': , use => 'linux-server', address => '10.100.0.8'} - nagios_host { 'host09': , use => 'linux-server', address => '10.100.0.9'} - nagios_host { 'host10': , use => 'linux-server', address => '10.100.0.10'} - nagios_host { 'host11': , use => 'linux-server', address => '10.100.0.11'} - nagios_host { 'host12': , use => 'linux-server', address => '10.100.0.12'} - nagios_host { 'host13': , use => 'linux-server', address => '10.100.0.13'} - nagios_host { 'host14': , use => 'linux-server', address => '10.100.0.14'} - nagios_host { 'host15': , use => 'linux-server', address => '10.100.0.15'} -# nagios_host { host16': , use => 'linux-server', address => '10.100.0.16'} -# nagios_host { host17': , use => 'linux-server', address => '10.100.0.17'} - nagios_host { 'host18': , use => 'linux-server', address => '10.100.0.18'} - -} diff --git a/manifests/nagios/nrpe.pp b/manifests/nagios/nrpe.pp deleted file mode 100644 index adfe972..0000000 --- a/manifests/nagios/nrpe.pp +++ /dev/null @@ -1,253 +0,0 @@ -class trystack::nagios::nrpe { - - if $nagios_ip == '' { fail('nagios_ip is empty') } - - package{'nrpe': - ensure => present, - before => Class['nagios_configs'] - } - - class nagios_configs(){ - file_line{'allowed_hosts': - path => '/etc/nagios/nrpe.cfg', - match => 'allowed_hosts=', - line => "allowed_hosts=$nagios_ip", - } - - # 5 minute load average - file_line{'load5': - path => '/etc/nagios/nrpe.cfg', - match => 'command\[load5\]=', - line => 'command[load5]=cut /proc/loadavg -f 1 -d " "', - } - - # disk used on /var - file_line{'df_var': - path => '/etc/nagios/nrpe.cfg', - match => "command\[df_var\]=", - line => "command[df_var]=/usr/lib64/nagios/plugins/check_df_var", - } - - # disk used on /var - file_line{'df_srv': - path => '/etc/nagios/nrpe.cfg', - match => "command\[df_srv\]=", - line => "command[df_srv]=df /srv/ | sed -re 's/.* ([0-9]+)%.*/\\1/' | grep -E '^[0-9]'", - } - - # puppet agent status - file_line{'check_puppet_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_puppet_agent\]=", - line => "command[check_puppet_agent]=/usr/lib64/nagios/plugins/check_puppet_agent", - } - - # ensure em2 is down - file_line{'check_em2_down': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_em2_down\]=", - line => "command[check_em2_down]=/usr/lib64/nagios/plugins/check_em2_down", - } - - # make sure glance storage is mounted - file_line{'check_mnt_trystack': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_mnt_trystack\]=", - line => "command[check_mnt_trystack]=/usr/lib64/nagios/plugins/check_mnt_trystack", - } - - file_line{'check_glusterfs_trystack': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_glusterfs_trystack\]=", - line => "command[check_glusterfs_trystack]=/usr/lib64/nagios/plugins/check_glusterfs -v trystack -n 3", - } - - file_line{'check_glusterfs_mysql': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_glusterfs_mysql\]=", - line => "command[check_glusterfs_mysql]=/usr/lib64/nagios/plugins/check_glusterfs -v mysql -n 3", - } - - file_line{'check_glusterfs_mongo': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_glusterfs_mongo\]=", - line => "command[check_glusterfs_mongo]=/usr/lib64/nagios/plugins/check_glusterfs -v mongo -n 3", - } - - file_line{'check_neutron_dhcp_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_dhcp_agent\]=", - line => "command[check_neutron_dhcp_agent]=/usr/lib64/nagios/plugins/check_service neutron-dhcp-agent", - } - - file_line{'check_neutron_server': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_server\]=", - line => "command[check_neutron_server]=/usr/lib64/nagios/plugins/check_service neutron-server", - } - - file_line{'check_neutron_l3_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_l3_agent\]=", - line => "command[check_neutron_l3_agent]=/usr/lib64/nagios/plugins/check_service neutron-l3-agent", - } - - file_line{'check_neutron_lbaas_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_lbaas_agent\]=", - line => "command[check_neutron_lbaas_agent]=/usr/lib64/nagios/plugins/check_service neutron-lbaas-agent", - } - - file_line{'check_neutron_metadata_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_metadata_agent\]=", - line => "command[check_neutron_metadata_agent]=/usr/lib64/nagios/plugins/check_service neutron-metadata-agent", - } - - file_line{'check_neutron_ovs_cleanup': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_ovs_cleanup\]=", - line => "command[check_neutron_ovs_cleanup]=/usr/lib64/nagios/plugins/check_service neutron-ovs-cleanup", - } - - file_line{'check_swift_proxy': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_swift_proxy\]=", - line => "command[check_swift_proxy]=/usr/lib64/nagios/plugins/check_service openstack-swift-proxy", - } - - file_line{'check_nova_compute': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_nova_compute\]=", - line => "command[check_nova_compute]=/usr/lib64/nagios/plugins/check_service openstack-nova-compute", - } - - file_line{'check_ceilometer_compute': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_ceilometer_compute\]=", - line => "command[check_ceilometer_compute]=/usr/lib64/nagios/plugins/check_service openstack-ceilometer-compute", - } - - file_line{'check_neutron_ovs_agent': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_neutron_ovs_agent\]=", - line => "command[check_neutron_ovs_agent]=/usr/lib64/nagios/plugins/check_service neutron-openvswitch-agent", - } - - file_line{'check_memcached': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_memcached\]=", - line => "command[check_memcached]=/usr/lib64/nagios/plugins/check_service memcached", - } - - # for the network node - file_line{'check_gre_tunnels_exist': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_gre_tunnels_exist\]=", - line => "command[check_gre_tunnels_exist]=/usr/lib64/nagios/plugins/check_gre_tunnels_exist", - } - - # for the compute nodes - file_line{'check_ovs_tunnel': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_ovs_tunnel\]=", - line => "command[check_ovs_tunnel]=/usr/lib64/nagios/plugins/check_ping -H 192.168.122.3 -w 1000.0,25% -c 2000.0,100% -p 5", - } - - file_line{'check_rabbitmq_aliveness': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_rabbitmq_aliveness\]=", - line => "command[check_rabbitmq_aliveness]=/usr/lib64/nagios/plugins/check_rabbitmq_aliveness --port=15672 -H 10.100.0.3", - } - - file_line{'check_mongod_connect': - path => '/etc/nagios/nrpe.cfg', - match => "command\[check_mongodb\]=", - line => "command[check_mongodb]=/usr/bin/python /usr/lib64/nagios/plugins/check_mongodb.py -H 10.100.0.3 -A connect", - } - } - - file{"/usr/lib64/nagios/plugins/check_puppet_agent": - mode => 755, - owner => "nrpe", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_puppet_agent", - } - - file{"/usr/lib64/nagios/plugins/check_em2_down": - mode => 755, - owner => "nrpe", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_em2_down", - } - - file{"/usr/lib64/nagios/plugins/check_df_var": - mode => 755, - owner => "nrpe", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_df_var", - } - - file{"/usr/lib64/nagios/plugins/check_mnt_trystack": - mode => 755, - owner => "nrpe", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_mnt_trystack", - } - - package { ['bc', 'nagios-plugins']: - ensure => 'present', - } - - file{"/usr/lib64/nagios/plugins/check_service": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_service", - } - - file{"/usr/lib64/nagios/plugins/check_glusterfs": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_glusterfs", - require => [Package['bc'], Package['nagios-plugins']], - } - - file{"/usr/lib64/nagios/plugins/check_gre_tunnels_exist": - mode => 755, - owner => "nagios", - seltype => "nagios_unconfined_plugin_exec_t", - source => "puppet:///modules/trystack/check_gre_tunnels_exist", - require => [Package['bc'], Package['nagios-plugins']], - } - - file{"/etc/sudoers.d/nagios": - ensure => 'absent', - } - - file{"/etc/sudoers.d/nrpe": - mode => 440, - owner => "root", - source => "puppet:///modules/trystack/sudoers.d_nrpe", - } - - class{'nagios_configs': - notify => Service['nrpe'], - } - - service{'nrpe': - ensure => running, - enable => true, - hasstatus => true, - require => Firewall['001 nrpe incoming'], - } - - firewall { '001 nrpe incoming': - proto => 'tcp', - dport => ['5666'], - iniface => 'em1', - action => 'accept', - } - -} diff --git a/manifests/nagios/services.pp b/manifests/nagios/services.pp deleted file mode 100644 index c77cfbf..0000000 --- a/manifests/nagios/services.pp +++ /dev/null @@ -1,1072 +0,0 @@ -class trystack::nagios::services { - - if $mysql_nagios_password == '' { fail('mysql_nagios_password is empty') } - - nagios_service {'dashboard-login-page': - check_command => 'check_http!-S -H x86.trystack.org -u https://x86.trystack.org/dashboard/', - host_name => "_$public_fqdn", - normal_check_interval => 5, - service_description => 'load dashboard login', - use => 'generic-service', - } - - nagios_service {'keystone-user-list': - check_command => 'keystone-user-list', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of keystone users', - use => 'generic-service', - } - - nagios_service {'glance-index': - check_command => 'glance-index', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of glance images', - use => 'generic-service', - } - - nagios_service {'nova-list': - check_command => 'nova-list', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of nova instances', - use => 'generic-service', - } - - nagios_service {'cinder-list': - check_command => 'cinder-list', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of cinder volumes', - use => 'generic-service', - } - - nagios_service {'neutron-external-port-count': - check_command => 'neutron-external-port-count', - host_name => "$neutron_ip", - normal_check_interval => 5, - service_description => 'number of neutron ports on the external network in use', - use => 'generic-service', - } - - nagios_service {'swift-list': - check_command => 'swift-list', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of swift containers for admin', - use => 'generic-service', - } - - nagios_service {'heat-stack-list': - check_command => 'heat-stack-list', - host_name => "$private_ip", - normal_check_interval => 5, - service_description => 'number of heat stacks for admin', - use => 'generic-service', - } - - nagios_service { 'check_mysql': - check_command => "check_mysql!nagios!$mysql_nagios_password", - host_name => "$mysql_ip", - service_description => 'MySql Health check', - use => 'generic-service', - } - - nagios_service { 'load5-host01': - check_command => 'check_nrpe!load5', - host_name => 'host01', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host01': - check_command => 'check_nrpe!check_puppet_agent', - - host_name => 'host01', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'df_var-host01': - check_command => 'check_nrpe!df_var', - host_name => 'host01', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - -# nagios_service { 'load5-host02': -# check_command => 'check_nrpe!load5', -# host_name => 'host02', -# normal_check_interval => 5, -# service_description => '5 minute load average', -# use => 'generic-service', -# } -# -# nagios_service { 'df_var-host02': -# check_command => 'check_nrpe!df_var', -# host_name => 'host02', -# service_description => 'Percent disk space used on /var', -# use => 'generic-service', -# } -# -# nagios_service { 'check_puppet_agent-host02': -# check_command => 'check_nrpe!check_puppet_agent', -# host_name => 'host02', -# service_description => 'Puppet agent status', -# use => 'generic-service', -# } - - nagios_service {'load5-host03': - check_command => 'check_nrpe!load5', - host_name => 'host03', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host03': - check_command => 'check_nrpe!df_var', - host_name => 'host03', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host03': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host03', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_mnt_trystack-host03': - check_command => 'check_nrpe!check_mnt_trystack', - host_name => 'host03', - service_description => 'Glance gluster mount', - use => 'generic-service', - } - - nagios_service { 'check_swift_proxy-host03': - check_command => 'check_nrpe!check_swift_proxy', - host_name => 'host03', - service_description => 'Swift Proxy service check', - use => 'generic-service', - } - - nagios_service { 'check_memcached-host03': - check_command => 'check_nrpe!check_memcached', - host_name => 'host03', - service_description => 'Memcached service check', - use => 'generic-service', - } - - nagios_service {'load5-10.100.0.4': - check_command => 'check_nrpe!load5', - host_name => '10.100.0.4', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-10.100.0.4': - check_command => 'check_nrpe!df_var', - host_name => '10.100.0.4', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-10.100.0.4': - check_command => 'check_nrpe!check_puppet_agent', - host_name => '10.100.0.4', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_neutron_server-10.100.0.4': - check_command => 'check_nrpe!check_neutron_server', - host_name => '10.100.0.4', - service_description => 'Neutron Server service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => '10.100.0.4', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_dhcp_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_dhcp_agent', - host_name => '10.100.0.4', - service_description => 'Neutron DHCP agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_l2_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_l2_agent', - host_name => '10.100.0.4', - service_description => 'Neutron L2 Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_l3_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_l3_agent', - host_name => '10.100.0.4', - service_description => 'Neutron L3 Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_lbaas_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_lbaas_agent', - host_name => '10.100.0.4', - service_description => 'Neutron LBaas Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_cleanup-10.100.0.4': - check_command => 'check_nrpe!check_neutron_ovs_cleanup', - host_name => '10.100.0.4', - service_description => 'Neutron OVS Cleanup service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.4': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.4', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_gre_tunnels_exist-10.100.0.4': - check_command => 'check_nrpe!check_gre_tunnels_exist', - host_name => '10.100.0.4', - service_description => 'Openvswitch GRE Tunnel exists', - use => 'generic-service', - } - - nagios_service {'load5-host05': - check_command => 'check_nrpe!load5', - host_name => 'host05', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host05': - check_command => 'check_nrpe!df_var', - host_name => 'host05', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host05': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host05', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host05': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host05', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host05': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host05', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.5': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.5', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host05': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host05', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host05': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host05', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host06': - check_command => 'check_nrpe!load5', - host_name => 'host06', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host06': - check_command => 'check_nrpe!df_var', - host_name => 'host06', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host06': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host06', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host06': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host06', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host06': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host06', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.6': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.6', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host06': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host06', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host06': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host06', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host07': - check_command => 'check_nrpe!load5', - host_name => 'host07', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host07': - check_command => 'check_nrpe!df_var', - host_name => 'host07', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host07': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host07', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host07': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host07', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host07': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host07', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.7': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.7', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host07': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host07', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host07': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host07', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host08': - check_command => 'check_nrpe!load5', - host_name => 'host08', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host08': - check_command => 'check_nrpe!df_var', - host_name => 'host08', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host08': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host08', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host08': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host08', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host08': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host08', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.8': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.8', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host08': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host08', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host08': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host08', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host09': - check_command => 'check_nrpe!load5', - host_name => 'host09', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host09': - check_command => 'check_nrpe!df_var', - host_name => 'host09', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host09': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host09', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host09': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host09', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host09': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host09', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.9': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.9', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host09': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host09', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host09': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host09', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host10': - check_command => 'check_nrpe!load5', - host_name => 'host10', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host10': - check_command => 'check_nrpe!df_var', - host_name => 'host10', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host10': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host10', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host10': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host10', - service_description => 'Gluster TryStack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host10': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host10', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host10': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host10', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host10': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host10', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host10': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host10', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.10': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.10', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host10': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host10', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host10': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host10', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host11': - check_command => 'check_nrpe!load5', - host_name => 'host11', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host11': - check_command => 'check_nrpe!df_var', - host_name => 'host11', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host11': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host11', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host11': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host11', - service_description => 'Gluster TryStack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host11': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host11', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host11': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host11', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host11': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host11', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host11': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host11', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.11': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.11', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host11': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host11', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host11': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host11', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host12': - check_command => 'check_nrpe!load5', - host_name => 'host12', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host12': - check_command => 'check_nrpe!df_var', - host_name => 'host12', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host12': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host12', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host12': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host12', - service_description => 'Gluster TryStack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host12': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host12', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host12': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host12', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host12': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host12', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host12': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host12', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.12': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.12', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host12': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host12', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host12': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host12', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host13': - check_command => 'check_nrpe!load5', - host_name => 'host13', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_srv-host13': - check_command => 'check_nrpe!df_srv', - host_name => 'host13', - service_description => 'Percent disk space used on /srv', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host13': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host13', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host13': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host13', - service_description => 'Gluster TryStack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host13': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host13', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host13': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host13', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host13': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host13', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host13': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host13', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.13': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.13', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host13': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host13', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host13': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host13', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host14': - check_command => 'check_nrpe!load5', - host_name => 'host14', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_srv-host14': - check_command => 'check_nrpe!df_srv', - host_name => 'host14', - service_description => 'Percent disk space used on /srv', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host14': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host14', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host14': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host14', - service_description => 'Gluster TryStack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host14': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host14', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host14': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host14', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host14': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host14', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host14': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host14', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host14': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host14', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.14': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.14', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host14': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host14', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host15': - check_command => 'check_nrpe!load5', - host_name => 'host15', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_srv-host15': - check_command => 'check_nrpe!df_srv', - host_name => 'host15', - service_description => 'Percent disk space used on /srv', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host15': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host15', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_gluster_trystack-host15': - check_command => 'check_nrpe!check_glusterfs_trystack', - host_name => 'host15', - service_description => 'Gluster Trystack Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mysql-host15': - check_command => 'check_nrpe!check_glusterfs_mysql', - host_name => 'host15', - service_description => 'Gluster Mysql Health Check', - use => 'generic-service', - } - - nagios_service { 'check_gluster_mongo-host15': - check_command => 'check_nrpe!check_glusterfs_mongo', - host_name => 'host15', - service_description => 'Gluster Mongo Health Check', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host15': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host15', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host15': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host15', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.15': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.15', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host15': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host15', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host15': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host15', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service {'load5-host18': - check_command => 'check_nrpe!load5', - host_name => 'host18', - normal_check_interval => 5, - service_description => '5 minute load average', - use => 'generic-service', - } - - nagios_service { 'df_var-host18': - check_command => 'check_nrpe!df_var', - host_name => 'host18', - service_description => 'Percent disk space used on /var', - use => 'generic-service', - } - - nagios_service { 'check_puppet_agent-host18': - check_command => 'check_nrpe!check_puppet_agent', - host_name => 'host18', - service_description => 'Puppet agent status', - use => 'generic-service', - } - - nagios_service { 'check_nova_compute-host18': - check_command => 'check_nrpe!check_nova_compute', - host_name => 'host18', - service_description => 'Nova Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_ovs_agent-host18': - check_command => 'check_nrpe!check_neutron_ovs_agent', - host_name => 'host18', - service_description => 'Neutron OVS Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_neutron_metadata_agent-10.100.0.18': - check_command => 'check_nrpe!check_neutron_metadata_agent', - host_name => '10.100.0.18', - service_description => 'Neutron Metadata Agent service check', - use => 'generic-service', - } - - nagios_service { 'check_ovs_tunnel-host18': - check_command => 'check_nrpe!check_ovs_tunnel', - host_name => 'host18', - service_description => 'OVS tunnel connectivity', - use => 'generic-service', - } - - nagios_service { 'check_ceilometer_compute-host18': - check_command => 'check_nrpe!check_ceilometer_compute', - host_name => 'host18', - service_description => 'Ceilometer Compute service check', - use => 'generic-service', - } - - nagios_service { 'check_rabbitmq_aliveness-host3': - check_command => 'check_nrpe!check_rabbitmq_aliveness', - host_name => 'host03', - service_description => 'RabbitMQ Aliveness check', - use => 'generic-service', - } - - nagios_service { 'check_mongod_connect-host03': - check_command => 'check_nrpe!check_mongod_connect', - host_name => "$private_ip", - service_description => 'Mongod Connect check', - use => 'generic-service', - } -} diff --git a/manifests/network.pp b/manifests/network.pp index 729e94f..006ec3a 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -1,185 +1,38 @@ -class trystack::network () { +class trystack::network { if $private_ip == '' { fail('private_ip is empty') } if $mysql_ip == '' { fail('mysql_ip is empty') } if $amqp_ip == '' { fail('amqp_ip is empty') } + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + if $neutron_user_password == '' { fail('neutron_user_password is empty') } if $neutron_db_password == '' { fail('neutron_db_password is empty') } if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } - $neutron_sql_connection = "mysql://neutron:${neutron_db_password}@${mysql_ip}/neutron" - - #exec { 'neutron-db-manage upgrade': - # command => 'neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head', - # path => '/usr/bin', - # user => 'neutron', - # logoutput => 'on_failure', - # before => Service['neutron-server'], - # require => [Neutron_config['database/connection'], Neutron_config['DEFAULT/core_plugin']], - #} - - # Configure nova notifications system - class { 'neutron::server::notifications': - nova_admin_username => 'nova', - nova_admin_password => "${nova_user_password}", - nova_admin_tenant_name => 'services', - nova_url => "http://${private_ip}:8774/v2", - nova_admin_auth_url => "http://${private_ip}:35357/v2.0", - } - - - # For cases where "neutron-db-manage upgrade" command is called we need to fill config file first - if defined(Exec['neutron-db-manage upgrade']) { - Neutron_plugin_ml2<||> -> File['/etc/neutron/plugin.ini'] -> Exec['neutron-db-manage upgrade'] - } - - class { 'neutron': - rabbit_host => "$amqp_ip", - rabbit_port => '5672', - rabbit_user => 'guest', - rabbit_password => 'guest', - core_plugin => 'neutron.plugins.ml2.plugin.Ml2Plugin', - allow_overlapping_ips => true, - service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin', - 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin', - 'neutron.services.metering.metering_plugin.MeteringPlugin', - 'neutron.services.firewall.fwaas_plugin.FirewallPlugin'], - verbose => true, - debug => false, - } - - class { 'neutron::server': - sql_connection => $neutron_sql_connection, - connection => $neutron_sql_connection, - auth_password => $neutron_user_password, - auth_host => "$private_ip", - enabled => true, - mysql_module => '2.2', - sync_db => true, - } - - class { 'neutron::agents::l3': - interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver', - external_network_bridge => 'br-ex', - debug => false, - } - - sysctl::value { 'net.ipv4.ip_forward': - value => '1' - } - - vs_bridge { 'br-ex': - ensure => present, - require => Service["neutron-ovs-agent-service"] - } - - class { 'neutron::agents::ml2::ovs': - bridge_mappings => [], - enable_tunneling => true, - tunnel_types => ['vxlan'], - local_ip => $::ipaddress_em1, - vxlan_udp_port => 4789, - l2_population => true, - } - - class { 'neutron::plugins::ml2': - type_drivers => ['vxlan'], - tenant_network_types => ['vxlan'], - mechanism_drivers => ['openvswitch', 'l2population'], - flat_networks => ['*'], - network_vlan_ranges => [], - tunnel_id_ranges => [], - vxlan_group => undef, - vni_ranges => ['10:1000'], - enable_security_group => true, - } - - class { 'neutron::agents::dhcp': - interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver', - dnsmasq_config_file => "/etc/neutron/dnsmasq-neutron.conf", - debug => false, - } - - packstack::firewall {'neutron_dhcp_in': - host => 'ALL', - service_name => 'neutron dhcp in: ', - chain => 'INPUT', - ports => '67', - proto => 'udp', - } - - packstack::firewall {'neutron_dhcp_out': - host => 'ALL', - service_name => 'neutron dhcp out: ', - chain => 'OUTPUT', - ports => '68', - proto => 'udp', - } - - packstack::firewall {'neutron_server': - host => 'ALL', - service_name => 'neutron server', - chain => 'INPUT', - ports => '9696', - proto => 'tcp', - } - - packstack::firewall {'neutron_tunnel': - host => 'ALL', - service_name => 'neutron tunnel port', - chain => 'INPUT', - ports => '4789', - proto => 'udp', - } - - # FWaas - class { 'neutron::services::fwaas': - enabled => true, - } - - class { 'neutron::agents::lbaas': - interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver', - device_driver => 'neutron.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver', - user_group => 'haproxy', - debug => false, - } - - class { 'neutron::agents::metering': - interface_driver => 'neutron.agent.linux.interface.OVSInterfaceDriver', - debug => false, - } - - class {'neutron::agents::metadata': - auth_password => "$neutron_user_password", - auth_url => "http://${private_ip}:35357/v2.0", - shared_secret => "$neutron_metadata_shared_secret", - metadata_ip => "${private_ip}", - debug => false, - } - - -######################################## - - neutron_config{ - "quotas/quota_floatingip": value => "4"; - "DEFAULT/router_distributed": value => "False"; #DVR = True - "DEFAULT/dvr_base_mac": value => "fa:16:3f:4f:00:00"; #DVR - } - - neutron_l3_agent_config{ - "DEFAULT/agent_mode": value => "legacy"; #DVR = dvs_snat - } - - class {"neutron::config": - plugin_ovs_config => - {"agent/enable_distributed_routing" => { value => "False"}}, #DVR = True - } - - file {'/etc/neutron/dnsmasq-neutron.conf': - content => "dhcp-option-force=26,1450", - before => Class['neutron::agents::dhcp'], - } - - -} + class { "quickstack::neutron::networker": + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + controller_priv_host => $private_ip, + + agent_type => 'ovs', + enable_tunneling => true, + ovs_tunnel_iface => 'em1', + ovs_tunnel_network => '', + ovs_l2_population => 'True', + ovs_tunnel_types => ['vxlan'], + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + + mysql_host => $mysql_ip, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + } +} diff --git a/manifests/ntpd.pp b/manifests/ntpd.pp deleted file mode 100644 index 0edb7dc..0000000 --- a/manifests/ntpd.pp +++ /dev/null @@ -1,98 +0,0 @@ -class trystack::ntpd() { - $config_content = " - driftfile /var/lib/ntp/drift - - # Permit time synchronization with our time source, but do not - # permit the source to query or modify the service on this system. - restrict default kod nomodify notrap nopeer noquery - restrict -6 default kod nomodify notrap nopeer noquery - - # Permit all access over the loopback interface. This could - # be tightened as well, but to do so would effect some of - # the administrative functions. - restrict 127.0.0.1 - restrict -6 ::1 - - # Hosts on local network are less restricted. - #restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap - - # Use public servers from the pool.ntp.org project. - # Please consider joining the pool (http://www.pool.ntp.org/join.html). - server clock.redhat.com - - - #broadcast 192.168.1.255 autokey # broadcast server - #broadcastclient # broadcast client - #broadcast 224.0.1.1 autokey # multicast server - #multicastclient 224.0.1.1 # multicast client - #manycastserver 239.255.254.254 # manycast server - #manycastclient 239.255.254.254 autokey # manycast client - - # Undisciplined Local Clock. This is a fake driver intended for backup - # and when no outside source of synchronized time is available. - #server 127.127.1.0 # local clock - #fudge 127.127.1.0 stratum 10 - - # Enable public key cryptography. - #crypto - - includefile /etc/ntp/crypto/pw - - # Key file containing the keys and key identifiers used when operating - # with symmetric key cryptography. - keys /etc/ntp/keys - - # Specify the key identifiers which are trusted. - #trustedkey 4 8 42 - - # Specify the key identifier to use with the ntpdc utility. - #requestkey 8 - - # Specify the key identifier to use with the ntpq utility. - #controlkey 8 - - # Enable writing of statistics records. - #statistics clockstats cryptostats loopstats peerstats - " - - - package {'ntp': - ensure => 'installed', - name => 'ntp', - } - - file {'ntp_config': - path => '/etc/ntp.conf', - ensure => file, - mode => '0644', - content => $config_content, - } - - #exec {'stop-ntpd': - # command => $osfamily ? { - # # Unfortunately, the RedHat osfamily doesn't only include RHEL and - # # derivatives thereof but also Fedora so further differentiation by - # # operatingsystem is necessary. - # 'RedHat' => $operatingsystem ? { - # 'Fedora' => '/usr/bin/systemctl stop ntpd.service', - # default => '/sbin/service ntpd stop', - # }, - # }, - #} - # - #exec {'ntpdate': - # command => '/usr/sbin/ntpdate clock.redhat.com', - # tries => 3, - #} - - service {'ntpd': - ensure => 'running', - enable => true, - name => 'ntpd', - hasstatus => true, - hasrestart => true, - } - - #Package['ntp'] -> File['ntp_config'] -> Exec['stop-ntpd'] -> Exec['ntpdate'] -> Service['ntpd'] - Package['ntp'] -> File['ntp_config'] -> Service['ntpd'] -} diff --git a/manifests/swift/common.pp b/manifests/swift/common.pp deleted file mode 100644 index 4bacb34..0000000 --- a/manifests/swift/common.pp +++ /dev/null @@ -1,18 +0,0 @@ -class trystack::swift::common { - - #### Common #### - class { 'ssh::server::install': } - - Class['swift'] -> Service <| |> - class { 'swift': - swift_hash_suffix => $swift_shared_secret, - package_ensure => latest, - } - - # We need to disable this while rsync causes AVC's - #exec{'setenforce 0': - # path => '/usr/sbin', - # notify => Class['swift'] - #} - -} diff --git a/manifests/swift/proxy_ts.pp b/manifests/swift/proxy_ts.pp deleted file mode 100644 index d5814da..0000000 --- a/manifests/swift/proxy_ts.pp +++ /dev/null @@ -1,54 +0,0 @@ -class trystack::swift::proxy_ts inherits trystack::swift::common { - - #### Swift #### - package { 'curl': ensure => present } - - #class { 'memcached': } - - class { 'swift::proxy': - proxy_local_net_ip => "$::ipaddress_em1", #swift proxy address - pipeline => [ - # 'catch_errors', - 'healthcheck', - 'cache', - # 'ratelimit', - 'authtoken', - 'keystone', - 'proxy-server' - ], - account_autocreate => true, - } - - # configure all of the middlewares - class { [ - 'swift::proxy::catch_errors', - 'swift::proxy::healthcheck', - 'swift::proxy::cache', - ]: } - - class { 'swift::proxy::ratelimit': - clock_accuracy => 1000, - max_sleep_time_seconds => 60, - log_sleep_time_seconds => 0, - rate_buffer_seconds => 5, - account_ratelimit => 0 - } - - class { 'swift::proxy::keystone': - operator_roles => ['admin', 'SwiftOperator'], - } - - class { 'swift::proxy::authtoken': - admin_user => 'swift', - admin_tenant_name => 'services', - admin_password => $swift_admin_password, - # assume that the controller host is the swift api server - auth_host => "$private_ip", #keystone - } - - firewall { '001 swift proxy incoming': - proto => 'tcp', - dport => ['8080'], - action => 'accept', - } -} diff --git a/manifests/swift/ringbuilder.pp b/manifests/swift/ringbuilder.pp deleted file mode 100644 index f10b18b..0000000 --- a/manifests/swift/ringbuilder.pp +++ /dev/null @@ -1,35 +0,0 @@ -class trystack::swift::ringbuilder { - #### Builder #### - class { 'swift::ringbuilder': - part_power => '18', - replicas => '3', - min_part_hours => 1, - require => Class['swift'], - } - - # sets up an rsync db that can be used to sync the ring DB - class { 'swift::ringserver': - local_net_ip => "$private_ip", - } - - @@swift::ringsync { ['account', 'object', 'container']: - ring_server => $swift_local_net_ip - } - - Ring_object_device <<| |>> - Ring_container_device <<| |>> - Ring_account_device <<| |>> - - firewall { '001 rsync incoming': - proto => 'tcp', - dport => ['873'], - action => 'accept', - } - - if ($::selinux != "false"){ - selboolean{'rsync_export_all_ro': - value => on, - persistent => true, - } - } -} diff --git a/manifests/swift/storage.pp b/manifests/swift/storage.pp deleted file mode 100644 index 4b1dda1..0000000 --- a/manifests/swift/storage.pp +++ /dev/null @@ -1,62 +0,0 @@ -class trystack::swift::storage inherits trystack::swift::common { - - #### Storage #### - class { 'swift::storage::all': - storage_local_net_ip => $::ipaddress_em1, - require => Class['swift'], - } - - swift::storage::ext4 { "lvswift": - device => "/dev/vg_${$::hostname}/lv_swift", - } - - if(!defined(File['/srv/node'])) { - file { '/srv/node': - owner => 'swift', - group => 'swift', - ensure => directory, - require => Package['openstack-swift'], - } - } - - ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 1, - weight => 10, } - ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 1, - weight => 10, } - ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 1, - weight => 10, } - ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 2, - weight => 10, } - ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 2, - weight => 10, } - ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 2, - weight => 10, } - ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 3, - weight => 10, } - ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 3, - weight => 10, } - ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 3, - weight => 10, } - - swift::ringsync{["account","container","object"]: - ring_server => "$private_ip", - before => Class['swift::storage::all'], - require => Class['swift'], - } - - firewall { '001 swift storage incoming': - proto => 'tcp', - dport => ['6000', '6001', '6002', '873'], - action => 'accept', - } - -} diff --git a/manifests/swift_common.pp b/manifests/swift_common.pp deleted file mode 100644 index 1e93c91..0000000 --- a/manifests/swift_common.pp +++ /dev/null @@ -1,18 +0,0 @@ -class trystack::swift_common { - - #### Common #### - class { 'ssh::server::install': } - - Class['swift'] -> Service <| |> - class { 'swift': - swift_hash_suffix => $swift_shared_secret, - package_ensure => latest, - } - - # We need to disable this while rsync causes AVC's - exec{'setenforce 0': - path => '/usr/sbin', - notify => Class['swift'] - } - -} diff --git a/manifests/swift_ringbuilder.pp b/manifests/swift_ringbuilder.pp deleted file mode 100644 index 0afdcb9..0000000 --- a/manifests/swift_ringbuilder.pp +++ /dev/null @@ -1,35 +0,0 @@ -class trystack::swift_ringbuilder { - #### Builder #### - class { 'swift::ringbuilder': - part_power => '18', - replicas => '3', - min_part_hours => 1, - require => Class['swift'], - } - - # sets up an rsync db that can be used to sync the ring DB - class { 'swift::ringserver': - local_net_ip => "10.100.0.2", - } - - @@swift::ringsync { ['account', 'object', 'container']: - ring_server => $swift_local_net_ip - } - - Ring_object_device <<| |>> - Ring_container_device <<| |>> - Ring_account_device <<| |>> - - firewall { '001 rsync incoming': - proto => 'tcp', - dport => ['873'], - action => 'accept', - } - - if ($::selinux != "false"){ - selboolean{'rsync_export_all_ro': - value => on, - persistent => true, - } - } -} diff --git a/manifests/swift_storage.pp b/manifests/swift_storage.pp deleted file mode 100644 index f5358f7..0000000 --- a/manifests/swift_storage.pp +++ /dev/null @@ -1,62 +0,0 @@ -class trystack::swift_storage inherits trystack::swift_common { - - #### Storage #### - class { 'swift::storage::all': - storage_local_net_ip => $::ipaddress_em1, - require => Class['swift'], - } - - swift::storage::ext4 { "lvswift": - device => "/dev/vg_${$::hostname}/lv_swift", - } - - if(!defined(File['/srv/node'])) { - file { '/srv/node': - owner => 'swift', - group => 'swift', - ensure => directory, - require => Package['openstack-swift'], - } - } - - @@ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 1, - weight => 10, } - @@ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 1, - weight => 10, } - @@ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 1, - weight => 10, } - @@ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 2, - weight => 10, } - @@ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 2, - weight => 10, } - @@ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 2, - weight => 10, } - @@ring_object_device { "$::ipaddress_em1:6000/lv_swift": - zone => 3, - weight => 10, } - @@ring_container_device { "$::ipaddress_em1:6001/lv_swift": - zone => 3, - weight => 10, } - @@ring_account_device { "$::ipaddress_em1:6002/lv_swift": - zone => 3, - weight => 10, } - - swift::ringsync{["account","container","object"]: - ring_server => '10.100.0.2', - before => Class['swift::storage::all'], - require => Class['swift'], - } - - firewall { '001 swift storage incoming': - proto => 'tcp', - dport => ['6000', '6001', '6002', '873'], - action => 'accept', - } - -} diff --git a/templates/cron.daily-trystack-cleanup.sh.erb b/templates/cron.daily-trystack-cleanup.sh.erb deleted file mode 100644 index 1b550f0..0000000 --- a/templates/cron.daily-trystack-cleanup.sh.erb +++ /dev/null @@ -1,13 +0,0 @@ -export OS_REGION_NAME=RegionOne -export OS_TENANT_NAME=admin -export OS_USERNAME=admin -export OS_AUTH_URL=http://<%= @private_ip %>:5000/v2.0/ -export OS_PASSWORD=<%= @admin_password %> - - -ADMIN_ROUTER="7812baa44f5a4fc9871990ff82d88f91" - -RDO_ROUTER="da71ee18-94fa-4f11-a669-5a5261b153e4" - -#for i in `neutron router-list | grep -v null | grep -v '\-\-' | tr -s ' ' | cut -d \ -f 2`; do neutron router-gateway-clear $i; done -for i in `neutron router-list | grep -v null | grep -v ${ADMIN_ROUTER} | grep -v ${RDO_ROUTER} | grep -v '\-\-' | tr -s ' ' | cut -d \ -f 2`; do neutron router-gateway-clear $i; done diff --git a/templates/cron.hourly-trystack-cleanup.sh.erb b/templates/cron.hourly-trystack-cleanup.sh.erb deleted file mode 100644 index 4cd8435..0000000 --- a/templates/cron.hourly-trystack-cleanup.sh.erb +++ /dev/null @@ -1,49 +0,0 @@ -export OS_REGION_NAME=RegionOne -export OS_TENANT_NAME=admin -export OS_USERNAME=admin -export OS_AUTH_URL=http://<%= @private_ip %>:5000/v2.0/ -export OS_PASSWORD=<%= @admin_password %> - -ADMIN_TENANT="7812baa44f5a4fc9871990ff82d88f91" - -#python /etc/cron.hourly/cleanup.py - -#HEAT="select id from stack where deleted_at is NULL and created_at < DATE_SUB(NOW(),INTERVAL 1 DAY);" -#for x in `mysql -uheat -p<%= @heat_db_password %> -h <%= @mysql_ip %> heat -e "$HEAT" | tail -n +2`; do -# heat stack-delete $x > /dev/null; -#done - -NOVA="select uuid from instances where not deleted and created_at < DATE_SUB(NOW(),INTERVAL 1 DAY) and project_id != '${ADMIN_TENANT}';" -for x in `mysql -unova -p<%= @nova_db_password %> -h <%= @mysql_ip %> nova -e "$NOVA" | tail -n +2`; do - nova reset-state --active $x > /dev/null; - sleep 1; - nova reboot --hard $x > /dev/null; - sleep 1; - nova delete $x > /dev/null; -done - -NEUTRON="select id from floatingips where fixed_port_id is NULL;" -for x in `mysql -uneutron -p<%= @neutron_db_password %> -h <%= @mysql_ip %> neutron -e "$NEUTRON" | tail -n +2`; do - neutron floatingip-delete $x > /dev/null; -done - -CINDER="select id from snapshots where deleted = 0 and created_at < DATE_SUB(NOW(),INTERVAL 2 DAY);" -for x in `mysql -ucinder -p<%= @cinder_db_password %> -h <%= @mysql_ip %> cinder -e "$CINDER" | tail -n +2`; do - cinder snapshot-delete $x > /dev/null; -done - -CINDER="select id from volumes where attached_host is NULL and deleted = 0 and attach_status = 'detached' and created_at < DATE_SUB(NOW(),INTERVAL 2 DAY);" -for x in `mysql -ucinder -p<%= @cinder_db_password %> -h <%= @mysql_ip %> cinder -e "$CINDER" | tail -n +2`; do - cinder force-delete $x > /dev/null; -done - -GLANCE="select id from images where deleted = 0 and is_public = 1 and status = 'active' and owner != '${ADMIN_TENANT}';" -for x in `mysql -uglance -p<%= @glance_db_password %> -h <%= @mysql_ip %> glance -e "$GLANCE" | tail -n +2`; do - glance image-update --is-public=False $x > /dev/null; -done - -GLANCE="select id from images where deleted = 0 and created_at < DATE_SUB(NOW(),INTERVAL 30 DAY) and owner != '${ADMIN_TENANT}';" -for x in `mysql -uglance -p<%= @glance_db_password %> -h <%= @mysql_ip %> glance -e "$GLANCE" | tail -n +2`; do - glance image-update --is-protected=False $x > /dev/null; - glance image-delete $x > /dev/null; -done diff --git a/templates/settings.py.erb b/templates/settings.py.erb deleted file mode 100644 index ec06c48..0000000 --- a/templates/settings.py.erb +++ /dev/null @@ -1,377 +0,0 @@ -# Copyright 2012 United States Government as represented by the -# Administrator of the National Aeronautics and Space Administration. -# All Rights Reserved. -# -# Copyright 2012 Nebula, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -import logging -import os -import sys -import warnings - -from django.utils.translation import ugettext_lazy as _ -import xstatic.main -import xstatic.pkg.angular -import xstatic.pkg.angular_cookies -import xstatic.pkg.angular_mock -import xstatic.pkg.bootstrap_datepicker -import xstatic.pkg.bootstrap_scss -import xstatic.pkg.d3 -import xstatic.pkg.font_awesome -import xstatic.pkg.hogan -import xstatic.pkg.jasmine -import xstatic.pkg.jquery -import xstatic.pkg.jquery_migrate -import xstatic.pkg.jquery_quicksearch -import xstatic.pkg.jquery_tablesorter -import xstatic.pkg.jquery_ui -import xstatic.pkg.jsencrypt -import xstatic.pkg.qunit -import xstatic.pkg.rickshaw -import xstatic.pkg.spin - -from openstack_dashboard import exceptions - -warnings.formatwarning = lambda message, category, *args, **kwargs: \ - '%s: %s' % (category.__name__, message) - -ROOT_PATH = os.path.dirname(os.path.abspath(__file__)) -BIN_DIR = '/usr/bin' - -if ROOT_PATH not in sys.path: - sys.path.append(ROOT_PATH) - -DEBUG = False -TEMPLATE_DEBUG = DEBUG - -FACEBOOK_APP_ID = "<%= @facebook_app_id %>" -FACEBOOK_APP_SECRET = "<%= @facebook_app_secret %>" -FACEBOOK_SCOPE = "email" -ADMIN_USER = "admin" -ADMIN_TENANT = "admin" -ADMIN_PASSWORD = "<%= @admin_password %>" -ADMIN_TOKEN = "<%= @keystone_admin_token %>" -MEMBER_USER_ROLE = "<%= @member_user_role %>" -DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', - 'NAME': 'trystack', - 'USER': 'trystack', - 'PASSWORD': '<%= @trystack_db_password %>'}} - -SITE_BRANDING = 'OpenStack Dashboard' - -WEBROOT = '/dashboard' -LOGIN_URL = WEBROOT + '/auth/login/' -LOGOUT_URL = WEBROOT + '/auth/logout/' -# LOGIN_REDIRECT_URL can be used as an alternative for -# HORIZON_CONFIG.user_home, if user_home is not set. -# Do not set it to '/home/', as this will cause circular redirect loop -LOGIN_REDIRECT_URL = WEBROOT - -MEDIA_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'media')) -MEDIA_URL = '/media/' -STATIC_ROOT = os.path.abspath(os.path.join(ROOT_PATH, '..', 'static')) -STATIC_URL = '/static/' - -ROOT_URLCONF = 'openstack_dashboard.urls' - -HORIZON_CONFIG = { - 'dashboards': ('project', 'admin', 'router',), - 'default_dashboard': 'project', - 'user_home': 'openstack_dashboard.views.get_user_home', - 'ajax_queue_limit': 10, - 'auto_fade_alerts': { - 'delay': 3000, - 'fade_duration': 1500, - 'types': ['alert-success', 'alert-info'] - }, - 'help_url': "http://docs.openstack.org", - 'exceptions': {'recoverable': exceptions.RECOVERABLE, - 'not_found': exceptions.NOT_FOUND, - 'unauthorized': exceptions.UNAUTHORIZED}, - 'angular_modules': [], - 'js_files': [], -} - -# Set to True to allow users to upload images to glance via Horizon server. -# When enabled, a file form field will appear on the create image form. -# See documentation for deployment considerations. -HORIZON_IMAGES_ALLOW_UPLOAD = True - -# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features -# in the OpenStack Dashboard related to the Image service, such as the list -# of supported image formats. -OPENSTACK_IMAGE_BACKEND = { - 'image_formats': [ - ('', _('Select format')), - ('aki', _('AKI - Amazon Kernel Image')), - ('ami', _('AMI - Amazon Machine Image')), - ('ari', _('ARI - Amazon Ramdisk Image')), - ('iso', _('ISO - Optical Disk Image')), - ('qcow2', _('QCOW2 - QEMU Emulator')), - ('raw', _('Raw')), - ('vdi', _('VDI')), - ('vhd', _('VHD')), - ('vmdk', _('VMDK')) - ] -} - -MIDDLEWARE_CLASSES = ( - 'django.middleware.common.CommonMiddleware', - 'django.middleware.csrf.CsrfViewMiddleware', - 'django.contrib.sessions.middleware.SessionMiddleware', - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.messages.middleware.MessageMiddleware', - 'horizon.middleware.HorizonMiddleware', - 'django.middleware.doc.XViewMiddleware', - 'django.middleware.locale.LocaleMiddleware', - 'django.middleware.clickjacking.XFrameOptionsMiddleware', -) - -TEMPLATE_CONTEXT_PROCESSORS = ( - 'django.core.context_processors.debug', - 'django.core.context_processors.i18n', - 'django.core.context_processors.request', - 'django.core.context_processors.media', - 'django.core.context_processors.static', - 'django.contrib.messages.context_processors.messages', - 'horizon.context_processors.horizon', - 'openstack_dashboard.context_processors.openstack', -) - -TEMPLATE_LOADERS = ( - 'django.template.loaders.app_directories.Loader', - 'horizon.loaders.TemplateLoader' -) - -TEMPLATE_DIRS = ( - os.path.join(ROOT_PATH, 'templates'), -) - -STATICFILES_FINDERS = ( - 'django.contrib.staticfiles.finders.FileSystemFinder', - 'django.contrib.staticfiles.finders.AppDirectoriesFinder', - 'compressor.finders.CompressorFinder', -) - -STATICFILES_DIRS = [ - ('horizon/lib/angular', - xstatic.main.XStatic(xstatic.pkg.angular).base_dir), - ('horizon/lib/angular', - xstatic.main.XStatic(xstatic.pkg.angular_cookies).base_dir), - ('horizon/lib/angular', - xstatic.main.XStatic(xstatic.pkg.angular_mock).base_dir), - ('horizon/lib/bootstrap_datepicker', - xstatic.main.XStatic(xstatic.pkg.bootstrap_datepicker).base_dir), - ('bootstrap', - xstatic.main.XStatic(xstatic.pkg.bootstrap_scss).base_dir), - ('horizon/lib', - xstatic.main.XStatic(xstatic.pkg.d3).base_dir), - ('horizon/lib', - xstatic.main.XStatic(xstatic.pkg.hogan).base_dir), - ('horizon/lib/font-awesome', - xstatic.main.XStatic(xstatic.pkg.font_awesome).base_dir), - ('horizon/lib/jasmine-1.3.1', - xstatic.main.XStatic(xstatic.pkg.jasmine).base_dir), - ('horizon/lib/jquery', - xstatic.main.XStatic(xstatic.pkg.jquery).base_dir), - ('horizon/lib/jquery', - xstatic.main.XStatic(xstatic.pkg.jquery_migrate).base_dir), - ('horizon/lib/jquery', - xstatic.main.XStatic(xstatic.pkg.jquery_quicksearch).base_dir), - ('horizon/lib/jquery', - xstatic.main.XStatic(xstatic.pkg.jquery_tablesorter).base_dir), - ('horizon/lib/jsencrypt', - xstatic.main.XStatic(xstatic.pkg.jsencrypt).base_dir), - ('horizon/lib/qunit', - xstatic.main.XStatic(xstatic.pkg.qunit).base_dir), - ('horizon/lib', - xstatic.main.XStatic(xstatic.pkg.rickshaw).base_dir), - ('horizon/lib', - xstatic.main.XStatic(xstatic.pkg.spin).base_dir), -] - - -if xstatic.main.XStatic(xstatic.pkg.jquery_ui).version.startswith('1.10.'): - # The 1.10.x versions already contain the 'ui' directory. - STATICFILES_DIRS.append(('horizon/lib/jquery-ui', - xstatic.main.XStatic(xstatic.pkg.jquery_ui).base_dir)) -else: - # Newer versions dropped the directory, add it to keep the path the same. - STATICFILES_DIRS.append(('horizon/lib/jquery-ui/ui', - xstatic.main.XStatic(xstatic.pkg.jquery_ui).base_dir)) - -COMPRESS_PRECOMPILERS = ( - ('text/less', 'lesscpy {infile}'), - ('text/scss', 'django_pyscss.compressor.DjangoScssFilter'), -) - -COMPRESS_CSS_FILTERS = ( - 'compressor.filters.css_default.CssAbsoluteFilter', -) - -COMPRESS_ENABLED = True -COMPRESS_OUTPUT_DIR = 'dashboard' -COMPRESS_CSS_HASHING_METHOD = 'hash' -COMPRESS_PARSER = 'compressor.parser.HtmlParser' -COMPRESS_OFFLINE = True - -INSTALLED_APPS = [ - 'openstack_dashboard', - 'django.contrib.contenttypes', - 'django.contrib.auth', - 'django.contrib.sessions', - 'django.contrib.messages', - 'django.contrib.staticfiles', - 'django.contrib.humanize', - 'django_pyscss', - 'openstack_dashboard.django_pyscss_fix', - 'compressor', - 'horizon', - 'openstack_auth', - 'horizon.facebook', -] - -AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend', - 'horizon.facebook.backend.FacebookBackend') -MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' - -SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies' -SESSION_COOKIE_HTTPONLY = True -SESSION_EXPIRE_AT_BROWSER_CLOSE = True -SESSION_COOKIE_SECURE = False -SESSION_TIMEOUT = 1800 -# A token can be near the end af validity when a page starts loading, and -# invalid during the rendering which can cause errors when a page load. -# TOKEN_TIMEOUT_MARGIN defines a time in seconds we retrieve from token -# validity to avoid this issue. You can adjust this time depending on the -# performance of the infrastructure. -TOKEN_TIMEOUT_MARGIN = 10 - -# When using cookie-based sessions, log error when the session cookie exceeds -# the following size (common browsers drop cookies above a certain size): -SESSION_COOKIE_MAX_SIZE = 4093 - -# when doing upgrades, it may be wise to stick to PickleSerializer -# NOTE(berendt): Check during the K-cycle if this variable can be removed. -# https://bugs.launchpad.net/horizon/+bug/1349463 -SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' - -LANGUAGES = ( - ('de', 'German'), - ('en', 'English'), - ('en-au', 'Australian English'), - ('en-gb', 'British English'), - ('es', 'Spanish'), - ('fr', 'French'), - ('hi', 'Hindi'), - ('ja', 'Japanese'), - ('ko', 'Korean (Korea)'), - ('pl', 'Polish'), - ('pt-br', 'Portuguese (Brazil)'), - ('zh-cn', 'Simplified Chinese'), - ('zh-tw', 'Chinese (Taiwan)'), -) -LANGUAGE_CODE = 'en' -LANGUAGE_COOKIE_NAME = 'horizon_language' -USE_I18N = True -USE_L10N = True -USE_TZ = True - -OPENSTACK_KEYSTONE_DEFAULT_ROLE = '_member_' - -DEFAULT_EXCEPTION_REPORTER_FILTER = 'horizon.exceptions.HorizonReporterFilter' - -POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") -# Map of local copy of service policy files -POLICY_FILES = { - 'identity': 'keystone_policy.json', - 'compute': 'nova_policy.json', - 'volume': 'cinder_policy.json', - 'image': 'glance_policy.json', - 'orchestration': 'heat_policy.json', - 'network': 'neutron_policy.json', -} - -SECRET_KEY = None -LOCAL_PATH = None - -SECURITY_GROUP_RULES = { - 'all_tcp': { - 'name': _('All TCP'), - 'ip_protocol': 'tcp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_udp': { - 'name': _('All UDP'), - 'ip_protocol': 'udp', - 'from_port': '1', - 'to_port': '65535', - }, - 'all_icmp': { - 'name': _('All ICMP'), - 'ip_protocol': 'icmp', - 'from_port': '-1', - 'to_port': '-1', - }, -} - - -try: - from local.local_settings import * # noqa -except ImportError: - logging.warning("No local_settings file found.") - -# Load the pluggable dashboard settings -import openstack_dashboard.enabled -import openstack_dashboard.local.enabled -from openstack_dashboard.utils import settings - -INSTALLED_APPS = list(INSTALLED_APPS) # Make sure it's mutable -settings.update_dashboards([ - openstack_dashboard.enabled, - openstack_dashboard.local.enabled, -], HORIZON_CONFIG, INSTALLED_APPS) - -# Ensure that we always have a SECRET_KEY set, even when no local_settings.py -# file is present. See local_settings.py.example for full documentation on the -# horizon.utils.secret_key module and its use. -if not SECRET_KEY: - if not LOCAL_PATH: - LOCAL_PATH = os.path.join(os.path.dirname(os.path.abspath(__file__)), - 'local') - - from horizon.utils import secret_key - SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, - '.secret_key_store')) - -from openstack_dashboard import policy -POLICY_CHECK_FUNCTION = policy.check - -# Add HORIZON_CONFIG to the context information for offline compression -COMPRESS_OFFLINE_CONTEXT = { - 'STATIC_URL': STATIC_URL, - 'HORIZON_CONFIG': HORIZON_CONFIG -} - -if DEBUG: - logging.basicConfig(level=logging.DEBUG) - -# during django reloads and an active user is logged in, the monkey -# patch below will not otherwise be applied in time - resulting in developers -# appearing to be logged out. In typical production deployments this section -# below may be omitted, though it should not be harmful -from openstack_auth import utils as auth_utils -auth_utils.patch_middleware_get_user() diff --git a/tunmon/1create-networks.sh b/tunmon/1create-networks.sh deleted file mode 100644 index 209dd5a..0000000 --- a/tunmon/1create-networks.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash -neutron net-create tun-mon -neutron subnet-create tun-mon 10.0.0.0/24 diff --git a/tunmon/2neutron-port-create.sh b/tunmon/2neutron-port-create.sh deleted file mode 100644 index e5b81b9..0000000 --- a/tunmon/2neutron-port-create.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -NETWORK_ID=`neutron net-list --name tun-mon | tail -n +4 | head -n 1 | cut -d \ -f 2` -for i in 5 6 7 8 9 10 11 12 13 14 15 18; do - neutron port-create --name tunmonport${i} --binding:host_id=host${i} $NETWORK_ID -done diff --git a/tunmon/3ovs-port-create.sh b/tunmon/3ovs-port-create.sh deleted file mode 100644 index bd71b93..0000000 --- a/tunmon/3ovs-port-create.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -HOSTS="5 6 7 8 9 10 11 12 13 14 15 18" -if [ ! -z "$1" ] - then - HOSTS=$1 -fi -for i in $HOSTS; do - TUNMONPORT=`neutron port-list --name tunmonport${i} | tail -n +4 | head -n 1` - ID=`echo $TUNMONPORT | cut -d \ -f 2` - MAC=`echo $TUNMONPORT | cut -d \ -f 6` - - ssh host${i} "ovs-vsctl -- --may-exist add-port br-int tunmonhost${i} \ - -- set Interface tunmonhost${i} type=internal \ - -- set Interface tunmonhost${i} external-ids:iface-status=active \ - -- set Interface tunmonhost${i} external-ids:attached-mac=${MAC} \ - -- set Interface tunmonhost${i} external-ids:iface-id=${ID} \ - && ip link set dev tunmonhost${i} address ${MAC} \ - && ip addr add 10.0.0.1`printf '%02d\n' $i`/24 dev tunmonhost${i}" -done diff --git a/tunmon/ovs-port-teardown.sh b/tunmon/ovs-port-teardown.sh deleted file mode 100644 index c1aecb5..0000000 --- a/tunmon/ovs-port-teardown.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -HOSTS="5 6 7 8 9 10 11 12 13 14 15 18" -if [ ! -z "$1" ] - then - HOSTS=$1 -fi -for i in $HOSTS; do - ssh host${i} "ovs-vsctl del-port br-int tunmonhost${i}" -done