Add support for dual oslo.messaging backend configuration
Introduce configuration parameters to specify the oslo.messaging rpc or notification backend as one of rabbit, amqp. The default config is to use rabbit broker for both rpc and notification. Selection of amqp for rpc will use brokerless qpid-dispatch router. This patch: * Adds notification_transport_url parameter across services where needed * Adds rpc and notification parameters to config * Adds qdr for rpc amqp1 configuration * Modifies scenario001 for dual messaging backends * supports ssl config Depends-On: Id6ebc4ce8b0ffdb0be92a758dbf89c84c3274725 Change-Id: Ia2a79a2e1482f6f72426bc81c8e6d2a04cb211e3
This commit is contained in:
21 changed files with 459 additions and 98 deletions
@@ -73,6 +73,8 @@ scenario](#all-in-one).
| bgpvpn-api | | | | X | |
| redis | X | | | | |
| l2gw | | | | X | |
| om rpc | amqp1 | rabbit | rabbit | rabbit | rabbit |
| om notify | rabbit | rabbit | rabbit | rabbit | rabbit |
When the Jenkins slave is created, the *run_tests.sh* script will be executed.
This script will execute *install_modules.sh* that prepare /etc/puppet/modules
@@ -172,6 +172,14 @@ if [ -f ${redis_logs} ]; then
sudo cp ${redis_logs} $LOG_DIR/redis.log.txt
fi
if [ -f /var/log/qdrouterd/qdrouterd.log ]; then
sudo cp /var/log/qdrouterd/qdrouterd.log $LOG_DIR/qdrouterd.log.txt
if [ -f /etc/qpid-dispatch/qdrouterd.conf ]; then
mkdir $LOG_DIR/qdrouterd_config
sudo cp /etc/qpid-dispatch/qdrouterd.conf $LOG_DIR/qdrouterd_config/qdrouterd.conf.txt
fi
fi
if [ -f /var/log/audit/audit.log ]; then
sudo cp /var/log/audit/audit.log $LOG_DIR/audit.log.txt
fi
@@ -21,11 +21,15 @@ case $::osfamily {
# https://bugs.launchpad.net/cloud-archive/+bug/1535740
$enable_vitrage = false
$enable_legacy_telemetry = true
$om_rpc = 'rabbit'
$om_notify = 'rabbit'
}
'RedHat':{
$ipv6 = true
$enable_vitrage = true
$enable_legacy_telemetry = false
$om_rpc = 'amqp'
$om_notify = 'rabbit'
}
default:{
fail("Unsupported osfamily (${::osfamily})")
@@ -42,12 +46,17 @@ if ($::operatingsystem == 'Ubuntu') and (versioncmp($::operatingsystemmajrelease
include::openstack_integration
class{ '::openstack_integration::config':
ssl => $ssl_enabled,
ipv6 => $ipv6,
ssl => $ssl_enabled,
ipv6 => $ipv6,
rpc_backend => $om_rpc,
notify_backend => $om_notify,
}
include::openstack_integration::cacert
include::openstack_integration::memcached
include::openstack_integration::rabbitmq
if($om_rpc=='amqp'){
include ::openstack_integration::qdr
}
include::openstack_integration::mysql
class{ '::openstack_integration::keystone':
# NOTE(sileht):zTelemetry autoscaling tempest tests can't renew token, so we
@@ -17,6 +17,14 @@ class openstack_integration::aodh {
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'aodh':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'aodh':
notify => Service['httpd'],
@@ -33,17 +41,25 @@ class openstack_integration::aodh {
$gnocchi_url = undef
}
class{ '::aodh':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'aodh',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
debug=>true,
database_connection=>'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8',
gnocchi_url=>$gnocchi_url,
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'aodh',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
debug=>true,
database_connection=>'mysql+pymysql://aodh:aodh@127.0.0.1/aodh?charset=utf8',
gnocchi_url=>$gnocchi_url,
}
class{ '::aodh::db::mysql':
password => 'aodh',
@@ -18,6 +18,14 @@ class openstack_integration::barbican {
}
Rabbitmq_user_permissions['barbican@/']->Service<|tag=='barbican-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'barbican':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'barbican':
notify => Service['httpd'],
@@ -53,9 +61,16 @@ class openstack_integration::barbican {
}
class{ '::barbican::api':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'barbican',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'barbican',
'password' => 'an_even_bigger_secret',
}),
@@ -26,6 +26,14 @@ class openstack_integration::ceilometer (
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'ceilometer':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'ceilometer':
notify => Service['httpd'],
@@ -35,17 +43,25 @@ class openstack_integration::ceilometer (
}
class{ '::ceilometer':
telemetry_secret => 'secrete',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
telemetry_secret => 'secrete',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'ceilometer',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
memcached_servers=>$::openstack_integration::config::memcached_servers,
debug=>true,
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'ceilometer',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
memcached_servers=>$::openstack_integration::config::memcached_servers,
debug=>true,
}
class{ '::ceilometer::keystone::auth':
@@ -36,6 +36,14 @@ class openstack_integration::cinder (
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'cinder':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'cinder':
notify => Service['httpd'],
@@ -60,16 +68,26 @@ class openstack_integration::cinder (
}
class{ '::cinder':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'cinder',
'password' => 'an_even_bigger_secret',
}),
database_connection=>'mysql+pymysql://cinder:cinder@127.0.0.1/cinder?charset=utf8',
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
debug=>true,
}
class{ '::cinder::ceilometer':
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'cinder',
'password' => 'an_even_bigger_secret',
}),
}
if$volume_encryption{
$keymgr_api_class = 'castellan.key_manager.barbican_key_manager.BarbicanKeyManager'
$keymgr_encryption_api_url = "${::openstack_integration::config::base_url}:9311"
@@ -8,24 +8,52 @@
#(optional)BooleantoenableornotIPv6.
#Defaultstofalse.
#
#[*rpc_backend*]
#(optional)Theoslo.messagingbackendtoconfigureforrpc.
#Possiblevaluesincluderabbit,amqp
#Defaultsto'rabbit'.
#
#[*notify_backend*]
#(optional)Theoslo.messagingbackendtoconfigurefornotify.
#Defaultsto'rabbit'.
#
classopenstack_integration::config(
$ssl=false,
$ipv6=false,
$ssl =false,
$ipv6 =false,
$rpc_backend='rabbit',
$notify_backend='rabbit',
){
$messaging_default_proto = $rpc_backend
$messaging_notify_proto = $notify_backend
if $ssl {
$rabbit_port = '5671'
$proto = 'https'
$proto = 'https'
if $rpc_backend == 'amqp' {
$messaging_default_port = '31459'
}else{
$messaging_default_port = '5671'
}
$messaging_notify_port='5671'
}else{
$rabbit_port = '5672'
$proto = 'http'
$proto = 'http'
if $rpc_backend == 'amqp' {
$messaging_default_port = '31459'
}else{
$messaging_default_port = '5672'
}
$messaging_notify_port='5672'
}
$rabbit_port=$messaging_notify_port
if$ipv6{
$host = '::1'
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => $host,
'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
if $rpc_backend == 'rabbit' {
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => $host,
'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
}
}
$ip_version='6'
#Note(dmsimard):ipv6parsinginSwiftandkeystone_authtokenare
@@ -39,6 +39,14 @@ class openstack_integration::glance (
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'glance':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class{ '::glance::db::mysql':
password => 'glance',
}
@@ -101,15 +109,22 @@ class openstack_integration::glance (
enable_v2_api => true,
}
class{ '::glance::notify::rabbitmq':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'glance',
'password' => 'an_even_bigger_secret',
}),
notification_driver=>'messagingv2',
rabbit_use_ssl=>$::openstack_integration::config::ssl,
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'glance',
'password' => 'an_even_bigger_secret',
}),
notification_driver=>'messagingv2',
rabbit_use_ssl=>$::openstack_integration::config::ssl,
}
}
@@ -18,6 +18,14 @@ class openstack_integration::heat {
}
Rabbitmq_user_permissions['heat@/']->Service<|tag=='heat-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'heat':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'heat':
require => Package['heat-common'],
@@ -40,16 +48,24 @@ class openstack_integration::heat {
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class{ '::heat':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'heat',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
database_connection=>'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
debug=>true,
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'heat',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
database_connection=>'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
debug=>true,
}
class{ '::heat::db::mysql':
password => 'heat',
@@ -28,15 +28,24 @@ class openstack_integration::ironic {
#https://bugs.launchpad.net/ironic/+bug/1564075
Rabbitmq_user_permissions['ironic@/']->Service<|tag=='ironic-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'ironic':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class{ '::ironic':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'ironic',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
database_connection=>'mysql+pymysql://ironic:ironic@127.0.0.1/ironic?charset=utf8',
debug=>true,
}
@@ -30,6 +30,29 @@ class openstack_integration::keystone (
include ::openstack_integration::config
include ::openstack_integration::params
rabbitmq_user { 'keystone':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions{ 'keystone@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
Rabbitmq_user_permissions['keystone@/']->Service<|tag=='keystone-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'keystone':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'keystone':
notify => Service['httpd'],
@@ -62,23 +85,41 @@ class openstack_integration::keystone (
password => 'keystone',
}
class{ '::keystone':
debug => true,
database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'a_big_token',
admin_password => 'a_big_secret',
enabled => true,
service_name => 'httpd',
default_domain => $default_domain,
using_domain_config => $using_domain_config,
enable_ssl => $::openstack_integration::config::ssl,
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
enable_credential_setup => $enable_credential_setup,
fernet_max_active_keys => '4',
token_expiration => $token_expiration,
debug => true,
database_connection => 'mysql+pymysql://keystone:keystone@127.0.0.1/keystone',
admin_token => 'a_big_token',
admin_password => 'a_big_secret',
enabled => true,
service_name => 'httpd',
default_domain => $default_domain,
using_domain_config => $using_domain_config,
enable_ssl => $::openstack_integration::config::ssl,
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
manage_policyrcd => true,
token_provider => $token_provider,
enable_fernet_setup => $enable_fernet_setup,
enable_credential_setup => $enable_credential_setup,
fernet_max_active_keys => '4',
token_expiration => $token_expiration,
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'keystone',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'keystone',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
}
class{ '::keystone::messaging::amqp':
amqp_sasl_mechanisms => 'PLAIN',
}
include::apache
class{ '::keystone::wsgi::apache':
@@ -19,6 +19,14 @@ class openstack_integration::mistral {
}
Rabbitmq_user_permissions['mistral@/']->Service<|tag=='mistral-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'mistral':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::osfamily=='RedHat'{
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'mistral':
@@ -29,9 +37,9 @@ class openstack_integration::mistral {
}
class{ '::mistral':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'mistral',
'password' => 'an_even_bigger_secret',
}),
@@ -23,6 +23,14 @@ class openstack_integration::murano {
require => [ Class['::rabbitmq'], Rabbitmq_vhost['/murano'] ],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'murano':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'murano':
require => Package['murano-common'],
@@ -43,9 +51,9 @@ class openstack_integration::murano {
class{ '::murano':
admin_password => 'a_big_secret',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'murano',
'password' => 'an_even_bigger_secret',
}),
@@ -46,6 +46,14 @@ class openstack_integration::neutron (
}
Rabbitmq_user_permissions['neutron@/']->Service<|tag=='neutron-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'neutron':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
case$driver{
'openvswitch': {
include ::vswitch::ovs
@@ -132,22 +140,30 @@ class openstack_integration::neutron (
$plugins_list=delete_undef_values(['router','metering','firewall','lbaasv2',$bgpvpn_plugin,$l2gw_plugin])
class{ '::neutron':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
allow_overlapping_ips=>true,
core_plugin=>'ml2',
service_plugins=>$plugins_list,
debug=>true,
bind_host=>$::openstack_integration::config::host,
use_ssl=>$::openstack_integration::config::ssl,
cert_file=>$::openstack_integration::params::cert_path,
key_file=>"/etc/neutron/ssl/private/${::fqdn}.pem",
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
allow_overlapping_ips=>true,
core_plugin=>'ml2',
service_plugins=>$plugins_list,
debug=>true,
bind_host=>$::openstack_integration::config::host,
use_ssl=>$::openstack_integration::config::ssl,
cert_file=>$::openstack_integration::params::cert_path,
key_file=>"/etc/neutron/ssl/private/${::fqdn}.pem",
}
class{ '::neutron::client': }
class{ '::neutron::keystone::authtoken':
@@ -36,10 +36,18 @@ class openstack_integration::nova (
Exec['update-ca-certificates']~>Service['httpd']
}
$transport_url=os_transport_url({
'transport' => 'rabbit',
$default_transport_url=os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
$notification_transport_url=os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'nova',
'password' => 'an_even_bigger_secret',
})
@@ -59,6 +67,14 @@ class openstack_integration::nova (
}
Rabbitmq_user_permissions['nova@/']->Service<|tag=='nova-service'|>
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'nova':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class{ '::nova::db::mysql':
password => 'nova',
}
@@ -101,11 +117,13 @@ class openstack_integration::nova (
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class{ '::nova':
default_transport_url => $transport_url,
default_transport_url => $default_transport_url,
notification_transport_url => $notification_transport_url,
database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8',
api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8',
placement_database_connection => 'mysql+pymysql://nova_placement:nova@127.0.0.1/nova_placement?charset=utf8',
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
use_ipv6 => $::openstack_integration::config::ipv6,
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
debug=>true,
60
manifests/qdr.pp
Normal file
60
manifests/qdr.pp
Normal file
@@ -0,0 +1,60 @@
classopenstack_integration::qdr{
include ::openstack_integration::params
include ::openstack_integration::config
if $::osfamily == 'Debian' {
include ::apt
Class['apt::update'] -> Package<| provider == 'apt' |>
apt::ppa { 'ppa:qpid/released' : }
package{ 'pyngus':
ensure => present,
provider => 'pip'
}
}
$extra_addresses=[{'prefix' => 'openstack.org/om/rpc/multicast',
'distribution' => 'multicast'},
{'prefix' => 'openstack.org/om/rpc/unicast',
'distribution' => 'closest'},
{'prefix' => 'openstack.org/om/rpc/anycast',
'distribution' => 'balanced'},
{'prefix' => 'openstack.org/om/notify/multicast',
'distribution' => 'multicast'},
{'prefix' => 'openstack.org/om/notify/unicast',
'distribution' => 'closest'},
{'prefix' => 'openstack.org/om/notify/anycast',
'distribution' => 'balanced'}]
if$::openstack_integration::config::ssl{
file { '/etc/qpid-dispatch/ssl/private':
ensure => directory,
owner => 'root',
mode => '0755',
selinux_ignore_defaults => true,
before => File["/etc/qpid-dispatch/ssl/private/${::fqdn}.pem"],
}
openstack_integration::ssl_key{ 'qdrouterd':
key_path => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem",
require=>File['/etc/qpid-dispatch/ssl/private'],
notify=>Service['qdrouterd'],
}
class{ '::qdr':
listener_require_ssl => 'yes',
listener_ssl_cert_db => $::openstack_integration::params::ca_bundle_cert_path,
listener_ssl_cert_file => $::openstack_integration::params::cert_path,
listener_ssl_key_file => "/etc/qpid-dispatch/ssl/private/${::fqdn}.pem",
listener_addr=>$::openstack_integration::config::host,
listener_port=>$::openstack_integration::config::messaging_default_port,
listener_sasl_mech=>'PLAIN',
listener_auth_peer=>'yes',
extra_addresses=>$extra_addresses,
}
}else{
class { '::qdr':
listener_addr => $::openstack_integration::config::host,
listener_port => $::openstack_integration::config::messaging_default_port,
listener_sasl_mech => 'PLAIN',
listener_auth_peer => 'yes',
extra_addresses => $extra_addresses,
}
}
}
@@ -17,6 +17,14 @@ class openstack_integration::sahara {
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'sahara':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
class{ '::sahara::db::mysql':
password => 'sahara',
}
@@ -32,13 +40,14 @@ class openstack_integration::sahara {
host => $::openstack_integration::config::host,
database_connection => 'mysql+pymysql://sahara:sahara@127.0.0.1/sahara?charset=utf8',
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'sahara',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
debug=>true,
}
class{ '::sahara::keystone::authtoken':
@@ -17,6 +17,14 @@ class openstack_integration::trove {
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'trove':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'trove':
require => Package['trove'],
@@ -31,16 +39,24 @@ class openstack_integration::trove {
}
class{ '::trove':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'trove',
'password' => 'an_even_bigger_secret',
}),
database_connection=>'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8',
rabbit_use_ssl=>$::openstack_integration::config::ssl,
nova_proxy_admin_pass=>'a_big_secret',
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'trove',
'password' => 'an_even_bigger_secret',
}),
database_connection=>'mysql+pymysql://trove:trove@127.0.0.1/trove?charset=utf8',
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
nova_proxy_admin_pass=>'a_big_secret',
}
class{ '::trove::db::mysql':
password => 'trove',
@@ -17,6 +17,14 @@ class openstack_integration::vitrage {
require => Class['::rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'vitrage':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'vitrage':
notify => Service['httpd'],
@@ -27,17 +35,26 @@ class openstack_integration::vitrage {
class{ '::vitrage':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
# TODO(ansmith): separate transports when bug/1711716 closed
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'vitrage',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
debug=>true,
snapshots_interval=>120,
types=>'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor'
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'vitrage',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
debug=>true,
snapshots_interval=>120,
types=>'nova.host,nova.instance,nova.zone,cinder.volume,neutron.port,neutron.network,doctor'
}
#Makesuretempestcanreadtheconfigurationfiles
@@ -17,6 +17,14 @@ class openstack_integration::watcher {
require => Class['rabbitmq'],
}
if$::openstack_integration::config::messaging_default_proto=='amqp'{
qdr_user { 'watcher':
password => 'my_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
if$::openstack_integration::config::ssl{
openstack_integration::ssl_key { 'watcher':
require => Package['watcher'],
@@ -48,14 +56,22 @@ class openstack_integration::watcher {
debug => true,
}
class{ '::watcher':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'watcher',
'password' => 'my_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
notification_transport_url=>os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'watcher',
'password' => 'my_secret',
}),
rabbit_use_ssl=>$::openstack_integration::config::ssl,
amqp_sasl_mechanisms=>'PLAIN',
}
class{ '::watcher::api':
watcher_api_bind_host => $::openstack_integration::config::host,
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.