From d298fabe337ffc11b4ec5f9594bd306398da5bdc Mon Sep 17 00:00:00 2001 From: Jason Guiditta Date: Fri, 19 Feb 2016 11:28:06 -0500 Subject: [PATCH] Sync openstack modules. Update ironic to 10b056b50847863f44f24c5663c31384fd130169 10b056b50847863f44f24c5663c31384fd130169 [inspector] allow sending random kernel arguments to the IPA Change-Id: If276324913c3cfb29e8adced0ae07c08707e7fd0 Update neutron to 4cf267714f0f8d28f38e2cd96cb25d8967ec3be7 4cf267714f0f8d28f38e2cd96cb25d8967ec3be7 Add ensure_*aas_package booleans for ::neutron::server Change-Id: I4bdfba7367399e12d7cbebcd33a04577841271e0 Update tripleo to dbfada57bc9a24c7ad0aa5c7d3689683bdcc0a54 dbfada57bc9a24c7ad0aa5c7d3689683bdcc0a54 Merge "Upgrade all packages after puppet managed ones" into stable/liberty de9e808af2f790a5bb2aabf51a8ad1241c3359da Merge "Enable X-Forwarded-Proto header for keystone admin endpoint" into stable/liberty 1e587ec106ba7b65b55cffab3686f4b62be1b4e8 Merge "Enable X-Forwarded-Proto header for Heat and Nova" into stable/liberty 75e74262a6278b34751162d5937197237ef8ec97 Merge "Allows customization of the HAProxy default timeouts" into stable/liberty d931860c8565d29fc91d6505345bb85a17d05b44 Enable X-Forwarded-Proto header for Heat and Nova c86f77fa3eb1e474eee0ac899f25a2eb03def06f Upgrade all packages after puppet managed ones 39dab0e5e3b9d1c3bb1dad709dacc9d237bcc645 Enable X-Forwarded-Proto header for keystone admin endpoint 513d33345816cf353c617393cb7f1a59fb339658 Allows customization of the HAProxy default timeouts Change-Id: Ie3c06fae935827a830aa3cb418bbb6098b9f4dc8 Update openstack_extras to 63bebcae6cc4b8396434756b38a3547f9c73de9a 63bebcae6cc4b8396434756b38a3547f9c73de9a Add project_name parameter for auth_file Change-Id: Iaf674e1e7dbda3bafb4975f60f2a26826de3ea9a --- Puppetfile | 8 +- ironic/manifests/inspector.pp | 5 + ironic/spec/classes/ironic_inspector_spec.rb | 3 +- ironic/templates/inspector_ipxe.erb | 2 +- ironic/templates/inspector_pxelinux_cfg.erb | 2 +- neutron/manifests/agents/vpnaas.pp | 12 +-- neutron/manifests/server.pp | 96 +++++++++++++++++++ neutron/spec/classes/neutron_server_spec.rb | 15 +++ openstack_extras/manifests/auth_file.pp | 6 ++ .../openstack_extras_auth_file_spec.rb | 2 + openstack_extras/templates/openrc.erb | 3 + tripleo/manifests/loadbalancer.pp | 16 +++- tripleo/manifests/packages.pp | 21 +++- tripleo/spec/classes/tripleo_packages_spec.rb | 52 ++++++++++ 14 files changed, 228 insertions(+), 15 deletions(-) create mode 100644 tripleo/spec/classes/tripleo_packages_spec.rb diff --git a/Puppetfile b/Puppetfile index 8d943af4d..a5367103a 100644 --- a/Puppetfile +++ b/Puppetfile @@ -91,7 +91,7 @@ mod 'inifile', :git => 'https://github.com/puppetlabs/puppetlabs-inifile.git' mod 'ironic', - :commit => '754a156d6a9f1175a454789c53f2e288e7ec8e21', + :commit => '10b056b50847863f44f24c5663c31384fd130169', :git => 'https://github.com/openstack/puppet-ironic.git' mod 'java', @@ -155,7 +155,7 @@ mod 'nagios', :git => 'https://github.com/gildub/puppet-nagios-openstack.git' mod 'neutron', - :commit => 'a83bfe12562273a9e7bbba3ade9d8028bb6edd9d', + :commit => '4cf267714f0f8d28f38e2cd96cb25d8967ec3be7', :git => 'https://github.com/openstack/puppet-neutron.git' mod 'nova', @@ -175,7 +175,7 @@ mod 'opendaylight', :git => 'https://github.com/dfarrell07/puppet-opendaylight.git' mod 'openstack_extras', - :commit => '9dbbbe3f40d62e391e1dd682975cd5fed8b6d64a', + :commit => '63bebcae6cc4b8396434756b38a3547f9c73de9a', :git => 'https://github.com/openstack/puppet-openstack_extras.git' mod 'openstacklib', @@ -255,7 +255,7 @@ mod 'tomcat', :git => 'https://github.com/puppetlabs/puppetlabs-tomcat.git' mod 'tripleo', - :commit => 'bd23dab3bbc710c72c481953f2cf13f8c51120ad', + :commit => 'dbfada57bc9a24c7ad0aa5c7d3689683bdcc0a54', :git => 'https://github.com/openstack/puppet-tripleo.git' mod 'trove', diff --git a/ironic/manifests/inspector.pp b/ironic/manifests/inspector.pp index 65b6756dc..f379f484a 100644 --- a/ironic/manifests/inspector.pp +++ b/ironic/manifests/inspector.pp @@ -138,6 +138,10 @@ # Comma-separated list of processing hooks to append to the default list. # Defaults to undef # +# [*ramdisk_kernel_args*] +# String with kernel arguments to send to the ramdisk on boot. +# Defaults to undef +# class ironic::inspector ( $package_ensure = 'present', $enabled = true, @@ -169,6 +173,7 @@ $sync_db = true, $ramdisk_collectors = 'default', $additional_processing_hooks = undef, + $ramdisk_kernel_args = undef, ) { include ::ironic::params diff --git a/ironic/spec/classes/ironic_inspector_spec.rb b/ironic/spec/classes/ironic_inspector_spec.rb index ae9dbe8a2..5ff74cb8e 100644 --- a/ironic/spec/classes/ironic_inspector_spec.rb +++ b/ironic/spec/classes/ironic_inspector_spec.rb @@ -143,6 +143,7 @@ :swift_auth_url => 'http://192.168.0.1:5000/v2.0', :pxe_transfer_protocol => 'http', :additional_processing_hooks => 'hook1,hook2', + :ramdisk_kernel_args => 'foo=bar', ) end it 'should replace default parameter with new value' do @@ -171,7 +172,7 @@ 'content' => /ipxe/, ) is_expected.to contain_file('/httpboot/inspector.ipxe').with_content( - /kernel http:\/\/192.168.0.1:8088\/agent.kernel ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue ipa-inspection-collectors=default/ + /kernel http:\/\/192.168.0.1:8088\/agent.kernel ipa-inspection-callback-url=http:\/\/192.168.0.1:5050\/v1\/continue ipa-inspection-collectors=default.* foo=bar/ ) end end diff --git a/ironic/templates/inspector_ipxe.erb b/ironic/templates/inspector_ipxe.erb index 957626e88..9f7a7930c 100644 --- a/ironic/templates/inspector_ipxe.erb +++ b/ironic/templates/inspector_ipxe.erb @@ -2,6 +2,6 @@ dhcp -kernel http://<%= @dnsmasq_local_ip %>:8088/agent.kernel ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip %>:5050/v1/continue ipa-inspection-collectors=<%= @ramdisk_collectors %> systemd.journald.forward_to_console=yes BOOTIF=${mac} +kernel http://<%= @dnsmasq_local_ip %>:8088/agent.kernel ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip %>:5050/v1/continue ipa-inspection-collectors=<%= @ramdisk_collectors %> systemd.journald.forward_to_console=yes BOOTIF=${mac} <%= @ramdisk_kernel_args %> initrd http://<%= @dnsmasq_local_ip %>:8088/agent.ramdisk boot diff --git a/ironic/templates/inspector_pxelinux_cfg.erb b/ironic/templates/inspector_pxelinux_cfg.erb index 8730ea7e3..0e5c27b5d 100644 --- a/ironic/templates/inspector_pxelinux_cfg.erb +++ b/ironic/templates/inspector_pxelinux_cfg.erb @@ -2,5 +2,5 @@ default inspector label inspector kernel agent.kernel -append initrd=agent.ramdisk ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip %>:5050/v1/continue ipa-inspection-collectors=<%= @ramdisk_collectors %> systemd.journald.forward_to_console=yes +append initrd=agent.ramdisk ipa-inspection-callback-url=http://<%= @dnsmasq_local_ip %>:5050/v1/continue ipa-inspection-collectors=<%= @ramdisk_collectors %> systemd.journald.forward_to_console=yes <%= @ramdisk_kernel_args %> ipappend 3 diff --git a/neutron/manifests/agents/vpnaas.pp b/neutron/manifests/agents/vpnaas.pp index 69636b505..17270bfb5 100644 --- a/neutron/manifests/agents/vpnaas.pp +++ b/neutron/manifests/agents/vpnaas.pp @@ -91,12 +91,12 @@ } if $::neutron::params::vpnaas_agent_package { - Package['neutron'] -> Package['neutron-vpnaas-agent'] - package { 'neutron-vpnaas-agent': - ensure => $package_ensure, - name => $::neutron::params::vpnaas_agent_package, - tag => ['openstack', 'neutron-package'], - } + Package['neutron'] -> Package['neutron-vpnaas-agent'] + ensure_resource( 'package', 'neutron-vpnaas-agent', { + 'ensure' => $package_ensure, + 'name' => $::neutron::params::vpnaas_agent_package, + 'tag' => ['openstack', 'neutron-package'], + }) } if $manage_service { diff --git a/neutron/manifests/server.pp b/neutron/manifests/server.pp index 5f317541e..9e149eee3 100644 --- a/neutron/manifests/server.pp +++ b/neutron/manifests/server.pp @@ -200,6 +200,54 @@ # (optional) Drivers list to use to send the update notification # Defaults to ['message_queue']. # +# [*ensure_vpnaas_package*] +# (optional) Ensures installation of VPNaaS package before starting API service. +# Set to true to ensure installation of the package that is required to start neutron service if service_plugin is enabled. +# Defaults to false. +# +# [*ensure_fwaas_package*] +# (optional) Ensures installation of FWaaS package before starting API service. +# Set to true to ensure installation of the package that is required to start neutron service if service_plugin is enabled. +# Defaults to false. +# +# [*ensure_lbaas_package*] +# (optional) Ensures installation of LBaaS package before starting API service. +# Set to true to ensure installation of the package that is required to start neutron service if service_plugin is enabled. +# Defaults to false. +# +# [*vpnaas_agent_package*] +# (optional) Use VPNaaS agent package instead of L3 agent package on debian platforms +# RedHat platforms won't take care of this parameter +# true/false +# Defaults to false +# === Deprecated Parameters +# +# [*identity_uri*] +# Deprecated. Auth plugins based authentication should be used instead +# (optional) Complete admin Identity API endpoint. +# Defaults to: 'http://localhost:35357/' +# +# [*auth_region*] +# Deprecated. Auth plugins based authentication should be used instead +# (optional) The authentication region. Note this value is case-sensitive and +# must match the endpoint region defined in Keystone. +# Defaults to $::os_service_default +# +# [*auth_tenant*] +# Deprecated. Auth plugins based authentication should be used instead +# (optional) The tenant of the auth user +# Defaults to services +# +# [*auth_user*] +# Deprecated. Auth plugins based authentication should be used instead +# (optional) The name of the auth user +# Defaults to neutron +# +# [*auth_password*] +# Deprecated. Auth plugins based authentication should be used instead +# (optional) The password to use for authentication (keystone) +# Defaults to false. Set a value unless you are using noauth +# class neutron::server ( $package_ensure = 'present', $enabled = true, @@ -231,6 +279,10 @@ $min_l3_agents_per_router = 2, $l3_ha_net_cidr = '169.254.192.0/18', $qos_notification_drivers = ['message_queue'], + $ensure_vpnaas_package = false, + $ensure_fwaas_package = false, + $ensure_lbaas_package = false, + $vpnaas_agent_package = false, # DEPRECATED PARAMETERS $auth_host = 'localhost', $auth_port = '35357', @@ -248,6 +300,50 @@ include ::neutron::policy require keystone::python + if $ensure_fwaas_package { + if ($::osfamily == 'Debian') { + # Debian platforms + if $vpnaas_agent_package { + ensure_resource( 'package', $::neutron::params::vpnaas_agent_package, { + 'ensure' => $neutron::package_ensure, + 'tag' => ['openstack', 'neutron-package'], + }) + Package[$::neutron::params::vpnaas_agent_package] -> Neutron_fwaas_service_config<||> + } else { + ensure_resource( 'package', 'neutron-fwaas' , { + 'name' => $::neutron::params::fwaas_package, + 'ensure' => $neutron::package_ensure, + 'tag' => ['openstack', 'neutron-package'], + }) + } + } elsif($::osfamily == 'Redhat') { + # RH platforms + ensure_resource( 'package', 'neutron-fwaas', { + 'name' => $::neutron::params::fwaas_package, + 'ensure' => $neutron::package_ensure, + 'tag' => ['openstack', 'neutron-package'], + }) + } + } + + if $ensure_vpnaas_package { + ensure_resource( 'package', 'neutron-vpnaas-agent', { + 'ensure' => $package_ensure, + 'name' => $::neutron::params::vpnaas_agent_package, + 'tag' => ['openstack', 'neutron-package'], + }) + } + + if $ensure_lbaas_package { + ensure_resource( 'package', 'neutron-lbaas-agent', { + 'ensure' => $package_ensure, + 'name' => $::neutron::params::lbaas_agent_package, + 'tag' => ['openstack', 'neutron-package'], + }) + } + + + Neutron_config<||> ~> Service['neutron-server'] Neutron_api_config<||> ~> Service['neutron-server'] Class['neutron::policy'] ~> Service['neutron-server'] diff --git a/neutron/spec/classes/neutron_server_spec.rb b/neutron/spec/classes/neutron_server_spec.rb index ba7adcb10..955a34eae 100644 --- a/neutron/spec/classes/neutron_server_spec.rb +++ b/neutron/spec/classes/neutron_server_spec.rb @@ -231,6 +231,21 @@ it_raises 'a Puppet::Error', /auth_password must be set/ end + shared_examples_for 'VPNaaS, FWaaS and LBaaS package installation' do + before do + params.merge!( + :ensure_vpnaas_package => true, + :ensure_fwaas_package => true, + :ensure_lbaas_package => true + ) + end + it 'should install *aaS packages' do + is_expected.to contain_package('neutron-lbaas-agent') + is_expected.to contain_package('neutron-fwaas') + is_expected.to contain_package('neutron-vpnaas-agent') + end + end + shared_examples_for 'a neutron server without database synchronization' do before do params.merge!( diff --git a/openstack_extras/manifests/auth_file.pp b/openstack_extras/manifests/auth_file.pp index ab21a2f49..a7e1dc614 100644 --- a/openstack_extras/manifests/auth_file.pp +++ b/openstack_extras/manifests/auth_file.pp @@ -32,6 +32,11 @@ # (optional) Tenant for this account as defined in keystone # Defaults to 'openstack'. # +# [*project_name*] +# (optional) Project for this account as defined in keystone +# Use instead of tenant_name for when using identity v3. +# Defaults to undef. +# # [*region_name*] # (optional) Openstack region to use # Defaults to 'RegionOne'. @@ -75,6 +80,7 @@ $service_endpoint = 'http://127.0.0.1:35357/v2.0/', $username = 'admin', $tenant_name = 'openstack', + $project_name = undef, $region_name = 'RegionOne', $use_no_cache = true, $cinder_endpoint_type = 'publicURL', diff --git a/openstack_extras/spec/classes/openstack_extras_auth_file_spec.rb b/openstack_extras/spec/classes/openstack_extras_auth_file_spec.rb index 343d2fd1a..9c761847e 100644 --- a/openstack_extras/spec/classes/openstack_extras_auth_file_spec.rb +++ b/openstack_extras/spec/classes/openstack_extras_auth_file_spec.rb @@ -36,6 +36,7 @@ :service_endpoint => 'http://127.0.0.2:35357/v2.0/', :username => 'myuser', :tenant_name => 'mytenant', + :project_name => 'myproject', :region_name => 'myregion', :use_no_cache => 'false', :cinder_endpoint_type => 'internalURL', @@ -53,6 +54,7 @@ 'export OS_SERVICE_ENDPOINT=\'http://127.0.0.2:35357/v2.0/\'', 'export OS_NO_CACHE=\'false\'', 'export OS_TENANT_NAME=\'mytenant\'', + 'export OS_PROJECT_NAME=\'myproject\'', 'export OS_USERNAME=\'myuser\'', 'export OS_PASSWORD=\'admin\'', 'export OS_AUTH_URL=\'http://127.0.0.2:5000/v2.0/\'', diff --git a/openstack_extras/templates/openrc.erb b/openstack_extras/templates/openrc.erb index 9b39f39e1..4fe8803cc 100644 --- a/openstack_extras/templates/openrc.erb +++ b/openstack_extras/templates/openrc.erb @@ -5,6 +5,9 @@ export OS_SERVICE_ENDPOINT='<%= @service_endpoint %>' <% end -%> export OS_NO_CACHE='<%= @use_no_cache %>' export OS_TENANT_NAME='<%= @tenant_name %>' +<% if @project_name -%> +export OS_PROJECT_NAME='<%= @project_name %>' +<% end -%> export OS_USERNAME='<%= @username %>' export OS_PASSWORD='<%= @password.gsub(/'/){ %q(\') } %>' export OS_AUTH_URL='<%= @auth_url %>' diff --git a/tripleo/manifests/loadbalancer.pp b/tripleo/manifests/loadbalancer.pp index 8c21ab7c4..f873ca78b 100644 --- a/tripleo/manifests/loadbalancer.pp +++ b/tripleo/manifests/loadbalancer.pp @@ -35,6 +35,10 @@ # The value to use as maxconn in the haproxy default config section. # Defaults to 4096 # +# [*haproxy_default_timeout*] +# The value to use as timeout in the haproxy default config section. +# Defaults to [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ] +# # [*haproxy_log_address*] # The IPv4, IPv6 or filesystem socket path of the syslog server. # Defaults to '/dev/log' @@ -254,6 +258,7 @@ $haproxy_service_manage = true, $haproxy_global_maxconn = 20480, $haproxy_default_maxconn = 4096, + $haproxy_default_timeout = [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], $haproxy_log_address = '/dev/log', $controller_host = undef, $controller_hosts = undef, @@ -584,6 +589,7 @@ } $heat_options = { 'rsprep' => "^Location:\\ http://${public_virtual_ip}(.*) Location:\\ https://${public_virtual_ip}\\1", + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], } $heat_cw_bind_opts = { "${heat_api_vip}:8003" => [], @@ -651,7 +657,7 @@ 'mode' => 'tcp', 'log' => 'global', 'retries' => '3', - 'timeout' => [ 'http-request 10s', 'queue 1m', 'connect 10s', 'client 1m', 'server 1m', 'check 10s' ], + 'timeout' => $haproxy_default_timeout, 'maxconn' => $haproxy_default_maxconn, }, } @@ -676,6 +682,10 @@ haproxy::listen { 'keystone_admin': bind => $keystone_admin_bind_opts, collect_exported => false, + mode => 'http', # Needed for http-request option + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'keystone_admin': listening_service => 'keystone_admin', @@ -797,6 +807,10 @@ haproxy::listen { 'nova_osapi': bind => $nova_osapi_bind_opts, collect_exported => false, + mode => 'http', + options => { + 'http-request' => ['set-header X-Forwarded-Proto https if { ssl_fc }'], + }, } haproxy::balancermember { 'nova_osapi': listening_service => 'nova_osapi', diff --git a/tripleo/manifests/packages.pp b/tripleo/manifests/packages.pp index ac11efd23..c0971e9bd 100644 --- a/tripleo/manifests/packages.pp +++ b/tripleo/manifests/packages.pp @@ -45,7 +45,26 @@ if $enable_upgrade { Package <| |> { ensure => 'latest' } + + case $::osfamily { + 'RedHat': { + $pkg_upgrade_cmd = 'yum -y update' + } + default: { + warning('Please specify a package upgrade command for distribution.') + } + } + + exec { 'package-upgrade': + command => $pkg_upgrade_cmd, + path => '/usr/bin', + } + # A resource chain to ensure the upgrade ordering we want: + # 1) upgrade puppet managed packages (will trigger puppet dependencies) + # 2) then upgrade all packages via exec + # 3) then restart services + Package <| |> -> Exec['package-upgrade'] -> Service <| |> + } } - diff --git a/tripleo/spec/classes/tripleo_packages_spec.rb b/tripleo/spec/classes/tripleo_packages_spec.rb new file mode 100644 index 000000000..55a135bd5 --- /dev/null +++ b/tripleo/spec/classes/tripleo_packages_spec.rb @@ -0,0 +1,52 @@ +# +# Copyright (C) 2015 Red Hat Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +require 'spec_helper' + +describe 'tripleo::packages' do + + shared_examples_for 'Red Hat distributions' do + + let :pre_condition do + " + package{'nova-compute': ensure => present} + service{'nova-compute': ensure => 'running'} + " + end + + let :facts do + { + :osfamily => 'RedHat', + :operatingsystemmajrelease => 7, + } + end + + let :params do + { + :enable_upgrade => true + } + end + + it 'should contain correct upgrade ordering' do + is_expected.to contain_package('nova-compute').that_comes_before('Exec[package-upgrade]') + is_expected.to contain_exec('package-upgrade').that_comes_before('Service[nova-compute]') + is_expected.to contain_exec('package-upgrade').with(:command => 'yum -y update') + end + + end + + it_configures 'Red Hat distributions' + +end