Rush has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/376848 )
Change subject: openstack: designate as module/profile/role ...................................................................... openstack: designate as module/profile/role Bug: T171494 Change-Id: Ib66fdb449af65f8c3608a6d225ee80976f4acd7d --- M hieradata/codfw/profile/openstack/labtest.yaml M hieradata/codfw/profile/openstack/labtest/designate.yaml A hieradata/codfw/profile/openstack/labtest/pdns.yaml M hieradata/codfw/profile/openstack/labtestn.yaml M hieradata/codfw/profile/openstack/labtestn/designate.yaml A hieradata/codfw/profile/openstack/labtestn/pdns.yaml A hieradata/common/profile/openstack/base/designate.yaml A hieradata/common/profile/openstack/base/pdns.yaml M hieradata/eqiad/profile/openstack/main.yaml M hieradata/eqiad/profile/openstack/main/designate.yaml A hieradata/eqiad/profile/openstack/main/pdns.yaml M manifests/site.pp D modules/openstack/manifests/designate/service.pp R modules/openstack2/files/designate/designate-mdns.logrotate R modules/openstack2/files/designate/designate-pool-manager.logrotate R modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py R modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py R modules/openstack2/files/liberty/designate/dashboard/__init__.py R modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt R modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py R modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py R modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py R modules/openstack2/files/liberty/designate/policy.json R modules/openstack2/files/liberty/designate/rootwrap.conf R modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt R modules/openstack2/files/liberty/designate/wmf_sink/__init__.py R modules/openstack2/files/liberty/designate/wmf_sink/base.py R modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py A modules/openstack2/manifests/designate/monitor.pp A modules/openstack2/manifests/designate/service.pp A modules/openstack2/templates/initscripts/designate-mdns.upstart.erb A modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb R modules/openstack2/templates/liberty/designate/api-paste.ini.erb R modules/openstack2/templates/liberty/designate/designate.conf.erb A modules/profile/manifests/openstack/base/designate/service.pp A modules/profile/manifests/openstack/labtest/designate/service.pp A modules/profile/manifests/openstack/labtestn/designate/service.pp A modules/profile/manifests/openstack/main/designate/service.pp D modules/role/manifests/labs/openstack/designate/server.pp M modules/role/manifests/wmcs/openstack/labtest/services.pp M modules/role/manifests/wmcs/openstack/labtestn/services.pp M modules/role/manifests/wmcs/openstack/main/services.pp 42 files changed, 534 insertions(+), 305 deletions(-) Approvals: Rush: Looks good to me, approved jenkins-bot: Verified diff --git a/hieradata/codfw/profile/openstack/labtest.yaml b/hieradata/codfw/profile/openstack/labtest.yaml index 896ae95..73fd91f 100644 --- a/hieradata/codfw/profile/openstack/labtest.yaml +++ b/hieradata/codfw/profile/openstack/labtest.yaml @@ -3,6 +3,7 @@ profile::openstack::labtest::nova_controller_standby: 'labtestcontrol2001.wikimedia.org' profile::openstack::labtest::designate_host: 'labtestservices2001.wikimedia.org' profile::openstack::labtest::designate_host_standby: 'labtestservices2001.wikimedia.org' +profile::openstack::labtest::puppetmaster_hostname: 'labtestpuppetmaster2001.wikimedia.org' profile::openstack::labtest::nova_api_host: 'labtestnet2001.codfw.wmnet' profile::openstack::labtest::labs_hosts_range: '10.192.20.0/24' profile::openstack::labtest::horizon_host: 'labtestweb2001.wikimedia.org' diff --git a/hieradata/codfw/profile/openstack/labtest/designate.yaml b/hieradata/codfw/profile/openstack/labtest/designate.yaml index 9087fd7..30e3e87 100644 --- a/hieradata/codfw/profile/openstack/labtest/designate.yaml +++ b/hieradata/codfw/profile/openstack/labtest/designate.yaml @@ -1 +1,4 @@ profile::openstack::labtest::designate::wmflabsdotorg_project: 'wmflabsdotorg' +profile::openstack::labtest::designate::db_host: 'labtestcontrol2001.wikimedia.org' +profile::openstack::labtest::designate::domain_id_internal_forward: 'e1ac328c-b932-43f2-b12f-407fb9477925' +profile::openstack::labtest::designate::domain_id_internal_reverse: '9b60f3ab-d64b-4e30-9d6f-7535811b0fa8' diff --git a/hieradata/codfw/profile/openstack/labtest/pdns.yaml b/hieradata/codfw/profile/openstack/labtest/pdns.yaml new file mode 100644 index 0000000..91206e6 --- /dev/null +++ b/hieradata/codfw/profile/openstack/labtest/pdns.yaml @@ -0,0 +1,4 @@ +profile::openstack::labtest::pdns::host: 'labtest-ns0.wikimedia.org' +profile::openstack::labtest::pdns::host_secondary: 'labtest-ns0.wikimedia.org' +profile::openstack::labtest::pdns::recursor: 'labtest-recursor0.wikimedia.org' +profile::openstack::labtest::pdns::recursor_secondary: 'labtest-recursor0.wikimedia.org' diff --git a/hieradata/codfw/profile/openstack/labtestn.yaml b/hieradata/codfw/profile/openstack/labtestn.yaml index b60b6d9..c44108b 100644 --- a/hieradata/codfw/profile/openstack/labtestn.yaml +++ b/hieradata/codfw/profile/openstack/labtestn.yaml @@ -2,8 +2,9 @@ profile::openstack::labtestn::nova_controller: 'labtestcontrol2003.wikimedia.org' profile::openstack::labtestn::nova_controller_standby: 'labtestcontrol2003.wikimedia.org' profile::openstack::labtestn::nova_api_host: 'labtestcontrol2003.wikimedia.org' -profile::openstack::labtestn::designate_host: 'labtestservices2003.wikimedia.org' +profile::openstack::labtestn::designate_host: 'labtestcontrol2003.wikimedia.org' profile::openstack::labtestn::designate_host_standby: 'labtestservices2003.wikimedia.org' +profile::openstack::labtestn::puppetmaster_hostname: 'labtestpuppetmaster2001.wikimedia.org' profile::openstack::labtestn::labs_hosts_range: '127.0.0.1/32' profile::openstack::labtestn::horizon_host: 'labtestweb2001.wikimedia.org' profile::openstack::labtestn::spice_hostname: 'labtestnspice.wikimedia.org' diff --git a/hieradata/codfw/profile/openstack/labtestn/designate.yaml b/hieradata/codfw/profile/openstack/labtestn/designate.yaml index e718654..f55192c 100644 --- a/hieradata/codfw/profile/openstack/labtestn/designate.yaml +++ b/hieradata/codfw/profile/openstack/labtestn/designate.yaml @@ -1 +1,4 @@ profile::openstack::labtestn::designate::wmflabsdotorg_project: 'wmflabsdotorg' +profile::openstack::labtestn::designate::db_host: 'labtestcontrol2003.wikimedia.org' +profile::openstack::labtestn::designate::domain_id_internal_forward: 'e1ac328c-b932-43f2-b12f-407fb9477925' +profile::openstack::labtestn::designate::domain_id_internal_reverse: '9b60f3ab-d64b-4e30-9d6f-7535811b0fa8' diff --git a/hieradata/codfw/profile/openstack/labtestn/pdns.yaml b/hieradata/codfw/profile/openstack/labtestn/pdns.yaml new file mode 100644 index 0000000..83e5f3d --- /dev/null +++ b/hieradata/codfw/profile/openstack/labtestn/pdns.yaml @@ -0,0 +1,4 @@ +profile::openstack::labtestn::pdns::host: 'labtest-ns0.wikimedia.org' +profile::openstack::labtestn::pdns::host_secondary: 'labtest-ns0.wikimedia.org' +profile::openstack::labtestn::pdns::recursor: 'labtest-recursor0.wikimedia.org' +profile::openstack::labtestn::pdns::recursor_secondary: 'labtest-recursor0.wikimedia.org' diff --git a/hieradata/common/profile/openstack/base/designate.yaml b/hieradata/common/profile/openstack/base/designate.yaml new file mode 100644 index 0000000..b1560bd --- /dev/null +++ b/hieradata/common/profile/openstack/base/designate.yaml @@ -0,0 +1,7 @@ +profile::openstack::base::designate::db_user: 'designate' +profile::openstack::base::designate::db_name: 'designate' +profile::openstack::base::designate::pdns_db_user: 'pdns' +profile::openstack::base::designate::pdns_db_name: 'pdns' +profile::openstack::base::designate::pdns_db_user: 'pdns' +profile::openstack::base::designate::db_admin_user: 'pdns_admin' +profile::openstack::base::designate::pool_manager_db_name: 'designate_pool_manager' diff --git a/hieradata/common/profile/openstack/base/pdns.yaml b/hieradata/common/profile/openstack/base/pdns.yaml new file mode 100644 index 0000000..fe61246 --- /dev/null +++ b/hieradata/common/profile/openstack/base/pdns.yaml @@ -0,0 +1 @@ +profile::openstack::base::pdns::db_host: 'localhost' diff --git a/hieradata/eqiad/profile/openstack/main.yaml b/hieradata/eqiad/profile/openstack/main.yaml index ecb9ca1..6bb2399 100644 --- a/hieradata/eqiad/profile/openstack/main.yaml +++ b/hieradata/eqiad/profile/openstack/main.yaml @@ -5,6 +5,7 @@ profile::openstack::main::nova_network_host: 'labnet1001.eqiad.wmnet' profile::openstack::main::designate_host: 'labservices1001.wikimedia.org' profile::openstack::main::designate_host_standby: 'labservices1002.wikimedia.org' +profile::openstack::main::puppetmaster_hostname: 'labs-puppetmaster.wikimedia.org' profile::openstack::main::horizon_host: 'californium.wikimedia.org' profile::openstack::main::spice_hostname: 'labspice.wikimedia.org' profile::openstack::main::labs_hosts_range: '10.64.20.0/24' diff --git a/hieradata/eqiad/profile/openstack/main/designate.yaml b/hieradata/eqiad/profile/openstack/main/designate.yaml index b6a217c..ea19ce8 100644 --- a/hieradata/eqiad/profile/openstack/main/designate.yaml +++ b/hieradata/eqiad/profile/openstack/main/designate.yaml @@ -1 +1,4 @@ profile::openstack::main::designate::wmflabsdotorg_project: 'wmflabsdotorg' +profile::openstack::main::designate::db_host: 'm5-master.eqiad.wmnet' +profile::openstack::main::designate::domain_id_internal_forward: '114f1333-c2c1-44d3-beb4-ebed1a91742b' +profile::openstack::main::designate::domain_id_internal_reverse: '8d114f3c-815b-466c-bdd4-9b91f704ea60' diff --git a/hieradata/eqiad/profile/openstack/main/pdns.yaml b/hieradata/eqiad/profile/openstack/main/pdns.yaml new file mode 100644 index 0000000..ed106d7 --- /dev/null +++ b/hieradata/eqiad/profile/openstack/main/pdns.yaml @@ -0,0 +1,4 @@ +profile::openstack::main::pdns::host: 'labs-ns0.wikimedia.org' +profile::openstack::main::pdns::host_secondary: 'labs-ns1.wikimedia.org' +profile::openstack::main::pdns::recursor: 'labs-recursor0.wikimedia.org' +profile::openstack::main::pdns::recursor_secondary: 'labs-recursor1.wikimedia.org' diff --git a/manifests/site.pp b/manifests/site.pp index b546f8d..e67e628 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1013,7 +1013,6 @@ node 'labservices1001.wikimedia.org' { role(wmcs::openstack::main::services, labs::dns, - labs::openstack::designate::server, labs::dnsrecursor, labs::dns_floating_ip_updater) include ::standard @@ -1024,7 +1023,6 @@ node 'labservices1002.wikimedia.org' { role(wmcs::openstack::main::services, labs::dns, - labs::openstack::designate::server, labs::dnsrecursor) include ::standard include ::base::firewall @@ -1093,7 +1091,6 @@ node 'labtestservices2001.wikimedia.org' { role(wmcs::openstack::labtest::services, labs::dns, - labs::openstack::designate::server, labs::dnsrecursor, openldap::labtest, labs::dns_floating_ip_updater) diff --git a/modules/openstack/manifests/designate/service.pp b/modules/openstack/manifests/designate/service.pp deleted file mode 100644 index 010e4cd..0000000 --- a/modules/openstack/manifests/designate/service.pp +++ /dev/null @@ -1,220 +0,0 @@ -# Designate provides DNSaaS services for OpenStack -# https://wiki.openstack.org/wiki/Designate - -class openstack::designate::service ( - $active_server, - $nova_controller, - $keystone_host, - $keystoneconfig, - $designateconfig, - $primary_pdns_ip, - $secondary_pdns_ip, - $openstack_version=$::openstack::version, -) - { - - $keystone_host_ip = ipresolve($keystone_host,4) - $nova_controller_ip = ipresolve($nova_controller) - $designate_host = $active_server - $keystone_public_uri = "http://${keystone_host}:${keystoneconfig['public_port']}" - $keystone_admin_uri = "http://${keystone_host}:${keystoneconfig['auth_port']}" - - require_package( - 'python-designateclient', - 'designate-sink', - 'designate-common', - 'designate', - 'designate-api', - 'designate-doc', - 'designate-central', - 'python-novaclient' - ) - - file { '/usr/lib/python2.7/dist-packages/wmf_sink': - source => "puppet:///modules/openstack/${::openstack::version}/designate/wmf_sink", - owner => 'root', - group => 'root', - mode => '0644', - recurse => true, - } - file { '/usr/lib/python2.7/dist-packages/wmf_sink.egg-info': - source => "puppet:///modules/openstack/${::openstack::version}/designate/wmf_sink.egg-info", - owner => 'root', - group => 'root', - mode => '0644', - recurse => true, - } - - file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi': - source => "puppet:///modules/openstack/${::openstack::version}/designate/nova_fixed_multi", - owner => 'root', - group => 'root', - mode => '0644', - recurse => true, - } - file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi.egg-info': - source => "puppet:///modules/openstack/${::openstack::version}/designate/nova_fixed_multi.egg-info", - owner => 'root', - group => 'root', - mode => '0644', - recurse => true, - } - - file { - '/etc/designate/designate.conf': - content => template("openstack/${openstack_version}/designate/designate.conf.erb"), - owner => 'designate', - group => 'designate', - notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], - require => Package['designate-common'], - mode => '0440'; - '/etc/designate/api-paste.ini': - content => template("openstack/${openstack_version}/designate/api-paste.ini.erb"), - owner => 'designate', - group => 'designate', - notify => Service['designate-api','designate-sink','designate-central'], - require => Package['designate-api'], - mode => '0440'; - '/etc/designate/policy.json': - source => "puppet:///modules/openstack/${openstack_version}/designate/policy.json", - owner => 'designate', - group => 'designate', - notify => Service['designate-api','designate-sink','designate-central'], - require => Package['designate-common'], - mode => '0440'; - '/etc/designate/rootwrap.conf': - source => "puppet:///modules/openstack/${openstack_version}/designate/rootwrap.conf", - owner => 'root', - group => 'root', - notify => Service['designate-api','designate-sink','designate-central'], - require => Package['designate-common'], - mode => '0440'; - } - - # These would be automatically included in a correct designate package... - # probably this can be ripped out in Liberty. - logrotate::conf { 'designate-mdns': - ensure => present, - source => 'puppet:///modules/openstack/designate-mdns.logrotate', - } - logrotate::conf { 'designate-pool-manager': - ensure => present, - source => 'puppet:///modules/openstack/designate-pool-manager.logrotate', - } - - file { '/var/lib/designate/.ssh/': - ensure => directory, - owner => 'designate', - group => 'designate', - } - - file { '/var/lib/designate/.ssh/id_rsa': - owner => 'designate', - group => 'designate', - mode => '0400', - content => secret('ssh/puppet_cert_manager/cert_manager'), - show_diff => false, - } - - # include rootwrap.d entries - - if $::fqdn == $active_server { - service {'designate-api': - ensure => running, - require => Package['designate-api']; - } - - service {'designate-sink': - ensure => running, - require => Package['designate-sink']; - } - - service {'designate-central': - ensure => running, - require => Package['designate-central']; - } - - # In the perfect future when the designate packages set up - # an init script for this, some of this can be removed. - base::service_unit { 'designate-pool-manager': - ensure => present, - upstart => upstart_template('designate-pool-manager'), - require => Package['designate'], - } - - base::service_unit { 'designate-mdns': - ensure => present, - upstart => upstart_template('designate-mdns'), - require => Package['designate'], - } - - # Page if designate processes die. We only have one of each of these, - # and new instance creation will be very broken if services die. - nrpe::monitor_service { 'check_designate_sink_process': - description => 'designate-sink process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-sink'", - critical => true, - } - nrpe::monitor_service { 'check_designate_api_process': - description => 'designate-api process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-api'", - critical => true, - } - nrpe::monitor_service { 'check_designate_central_process': - description => 'designate-central process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-central'", - critical => true, - } - nrpe::monitor_service { 'check_designate_mdns': - description => 'designate-mdns process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-mdns'", - critical => true, - } - nrpe::monitor_service { 'check_designate_pool-manager': - description => 'designate-pool-manager process', - nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-pool-manager'", - critical => true, - } - monitoring::service { 'designate-api-http': - description => 'designate-api http', - check_command => 'check_http_on_port!9001', - } - } else { - service {'designate-api': - ensure => stopped, - require => Package['designate-api']; - } - - service {'designate-sink': - ensure => stopped, - require => Package['designate-sink']; - } - - service {'designate-central': - ensure => stopped, - require => Package['designate-central']; - } - - base::service_unit { 'designate-pool-manager': - ensure => present, - upstart => upstart_template('designate-pool-manager'), - require => Package['designate'], - service_params => { - # lint:ignore:ensure_first_param - ensure => stopped, - # lint:endignore - } - } - - base::service_unit { 'designate-mdns': - ensure => present, - upstart => upstart_template('designate-mdns'), - require => Package['designate'], - service_params => { - # lint:ignore:ensure_first_param - ensure => stopped, - # lint:endignore - } - } - } -} diff --git a/modules/openstack/files/designate-mdns.logrotate b/modules/openstack2/files/designate/designate-mdns.logrotate similarity index 100% rename from modules/openstack/files/designate-mdns.logrotate rename to modules/openstack2/files/designate/designate-mdns.logrotate diff --git a/modules/openstack/files/designate-pool-manager.logrotate b/modules/openstack2/files/designate/designate-pool-manager.logrotate similarity index 100% rename from modules/openstack/files/designate-pool-manager.logrotate rename to modules/openstack2/files/designate/designate-pool-manager.logrotate diff --git a/modules/openstack/files/liberty/designate/dashboard/_70_dns_add_group.py b/modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py similarity index 100% rename from modules/openstack/files/liberty/designate/dashboard/_70_dns_add_group.py rename to modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py diff --git a/modules/openstack/files/liberty/designate/dashboard/_71_dns_project.py b/modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py similarity index 100% rename from modules/openstack/files/liberty/designate/dashboard/_71_dns_project.py rename to modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py diff --git a/modules/openstack/files/liberty/designate/dashboard/__init__.py b/modules/openstack2/files/liberty/designate/dashboard/__init__.py similarity index 100% rename from modules/openstack/files/liberty/designate/dashboard/__init__.py rename to modules/openstack2/files/liberty/designate/dashboard/__init__.py diff --git a/modules/openstack/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt b/modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt similarity index 100% rename from modules/openstack/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt rename to modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt diff --git a/modules/openstack/files/liberty/designate/nova_fixed_multi/__init__.py b/modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py similarity index 100% rename from modules/openstack/files/liberty/designate/nova_fixed_multi/__init__.py rename to modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py diff --git a/modules/openstack/files/liberty/designate/nova_fixed_multi/base.py b/modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py similarity index 100% rename from modules/openstack/files/liberty/designate/nova_fixed_multi/base.py rename to modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py diff --git a/modules/openstack/files/liberty/designate/nova_fixed_multi/novamulti.py b/modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py similarity index 100% rename from modules/openstack/files/liberty/designate/nova_fixed_multi/novamulti.py rename to modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py diff --git a/modules/openstack/files/liberty/designate/policy.json b/modules/openstack2/files/liberty/designate/policy.json similarity index 100% rename from modules/openstack/files/liberty/designate/policy.json rename to modules/openstack2/files/liberty/designate/policy.json diff --git a/modules/openstack/files/liberty/designate/rootwrap.conf b/modules/openstack2/files/liberty/designate/rootwrap.conf similarity index 100% rename from modules/openstack/files/liberty/designate/rootwrap.conf rename to modules/openstack2/files/liberty/designate/rootwrap.conf diff --git a/modules/openstack/files/liberty/designate/wmf_sink.egg-info/entry_points.txt b/modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt similarity index 100% rename from modules/openstack/files/liberty/designate/wmf_sink.egg-info/entry_points.txt rename to modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt diff --git a/modules/openstack/files/liberty/designate/wmf_sink/__init__.py b/modules/openstack2/files/liberty/designate/wmf_sink/__init__.py similarity index 100% rename from modules/openstack/files/liberty/designate/wmf_sink/__init__.py rename to modules/openstack2/files/liberty/designate/wmf_sink/__init__.py diff --git a/modules/openstack/files/liberty/designate/wmf_sink/base.py b/modules/openstack2/files/liberty/designate/wmf_sink/base.py similarity index 100% rename from modules/openstack/files/liberty/designate/wmf_sink/base.py rename to modules/openstack2/files/liberty/designate/wmf_sink/base.py diff --git a/modules/openstack/files/liberty/designate/wmf_sink/wmfsink.py b/modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py similarity index 100% rename from modules/openstack/files/liberty/designate/wmf_sink/wmfsink.py rename to modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py diff --git a/modules/openstack2/manifests/designate/monitor.pp b/modules/openstack2/manifests/designate/monitor.pp new file mode 100644 index 0000000..d37b60b --- /dev/null +++ b/modules/openstack2/manifests/designate/monitor.pp @@ -0,0 +1,58 @@ +# Designate provides DNSaaS services for OpenStack +# https://wiki.openstack.org/wiki/Designate + +class openstack2::designate::monitor ( + $active, + ) { + + # monitoring::service doesn't take a bool + if $active { + $ensure = 'present' + } + else { + $ensure = 'absent' + } + + # Page if designate processes die. We only have one of each of these, + # and new instance creation will be very broken if services die. + nrpe::monitor_service { 'check_designate_sink_process': + ensure => $ensure, + description => 'designate-sink process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-sink'", + critical => true, + } + + nrpe::monitor_service { 'check_designate_api_process': + ensure => $ensure, + description => 'designate-api process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-api'", + critical => true, + } + + nrpe::monitor_service { 'check_designate_central_process': + ensure => $ensure, + description => 'designate-central process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-central'", + critical => true, + } + + nrpe::monitor_service { 'check_designate_mdns': + ensure => $ensure, + description => 'designate-mdns process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-mdns'", + critical => true, + } + + nrpe::monitor_service { 'check_designate_pool-manager': + ensure => $ensure, + description => 'designate-pool-manager process', + nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1: --ereg-argument-array '^/usr/bin/python /usr/bin/designate-pool-manager'", + critical => true, + } + + monitoring::service { 'designate-api-http': + ensure => $ensure, + description => 'designate-api http', + check_command => 'check_http_on_port!9001', + } +} diff --git a/modules/openstack2/manifests/designate/service.pp b/modules/openstack2/manifests/designate/service.pp new file mode 100644 index 0000000..7b9fb51 --- /dev/null +++ b/modules/openstack2/manifests/designate/service.pp @@ -0,0 +1,190 @@ +# Designate provides DNSaaS services for OpenStack +# https://wiki.openstack.org/wiki/Designate + +class openstack2::designate::service( + $active, + $version, + $designate_host, + $db_user, + $db_pass, + $db_host, + $db_name, + $domain_id_internal_forward, + $domain_id_internal_reverse, + $pool_manager_db_name, + $puppetmaster_hostname, + $nova_controller, + $ldap_user_pass, + $pdns_db_user, + $pdns_db_pass, + $pdns_db_name, + $db_admin_user, + $db_admin_pass, + $primary_pdns_ip, + $secondary_pdns_ip, + $rabbit_user, + $rabbit_pass, + $rabbit_host, + $nova_controller, + $keystone_public_port, + $keystone_auth_port, + ) { + + $keystone_host_ip = ipresolve($nova_controller,4) + $nova_controller_ip = ipresolve($nova_controller) + $keystone_public_uri = "http://${nova_controller}:${keystone_public_port}" + $keystone_admin_uri = "http://${nova_controller}:${keystone_auth_port}" + $designate_host_ip = ipresolve($designate_host,4) + $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4) + + require_package( + 'python-designateclient', + 'designate-sink', + 'designate-common', + 'designate', + 'designate-api', + 'designate-doc', + 'designate-central', + 'python-novaclient' + ) + + file { '/usr/lib/python2.7/dist-packages/wmf_sink': + owner => 'root', + group => 'root', + mode => '0644', + source => "puppet:///modules/openstack2/${version}/designate/wmf_sink", + recurse => true, + } + + file { '/usr/lib/python2.7/dist-packages/wmf_sink.egg-info': + owner => 'root', + group => 'root', + mode => '0644', + source => "puppet:///modules/openstack2/${version}/designate/wmf_sink.egg-info", + recurse => true, + } + + file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi': + owner => 'root', + group => 'root', + mode => '0644', + source => "puppet:///modules/openstack2/${version}/designate/nova_fixed_multi", + recurse => true, + } + + file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi.egg-info': + owner => 'root', + group => 'root', + mode => '0644', + source => "puppet:///modules/openstack2/${version}/designate/nova_fixed_multi.egg-info", + recurse => true, + } + + file { + '/etc/designate/designate.conf': + owner => 'designate', + group => 'designate', + mode => '0440', + content => template("openstack2/${version}/designate/designate.conf.erb"), + notify => Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'], + require => Package['designate-common']; + '/etc/designate/api-paste.ini': + content => template("openstack2/${version}/designate/api-paste.ini.erb"), + owner => 'designate', + group => 'designate', + notify => Service['designate-api','designate-sink','designate-central'], + require => Package['designate-api'], + mode => '0440'; + '/etc/designate/policy.json': + source => "puppet:///modules/openstack2/${version}/designate/policy.json", + owner => 'designate', + group => 'designate', + notify => Service['designate-api','designate-sink','designate-central'], + require => Package['designate-common'], + mode => '0440'; + '/etc/designate/rootwrap.conf': + source => "puppet:///modules/openstack2/${version}/designate/rootwrap.conf", + owner => 'root', + group => 'root', + notify => Service['designate-api','designate-sink','designate-central'], + require => Package['designate-common'], + mode => '0440'; + } + + # These would be automatically included in a correct designate package... + # probably this can be ripped out in Liberty. + logrotate::conf { 'designate-mdns': + ensure => 'present', + source => 'puppet:///modules/openstack2/designate/designate-mdns.logrotate', + } + + logrotate::conf { 'designate-pool-manager': + ensure => 'present', + source => 'puppet:///modules/openstack2/designate/designate-pool-manager.logrotate', + } + + file { '/var/lib/designate/.ssh/': + ensure => 'directory', + owner => 'designate', + group => 'designate', + } + + file { '/var/lib/designate/.ssh/id_rsa': + owner => 'designate', + group => 'designate', + mode => '0400', + content => secret('ssh/puppet_cert_manager/cert_manager'), + show_diff => false, + } + + file {'/etc/init/designate-pool-manager.conf': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0544', + content => template('openstack2/initscripts/designate-pool-manager.upstart.erb'), + notify => Service['designate-pool-manager'], + } + + file {'/etc/init/designate-mdns.conf': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0544', + content => template('openstack2/initscripts/designate-mdns.upstart.erb'), + notify => Service['designate-mdns'], + } + + # include rootwrap.d entries + + service {'designate-api': + ensure => $active, + require => Package['designate-api']; + } + + service {'designate-sink': + ensure => $active, + require => Package['designate-sink']; + } + + service {'designate-central': + ensure => $active, + require => Package['designate-central']; + } + + service {'designate-mdns': + ensure => $active, + require => [ + Package['designate'], + File['/etc/init/designate-mdns.conf'], + ], + } + + service {'designate-pool-manager': + ensure => $active, + require => [ + Package['designate'], + File['/etc/init/designate-pool-manager.conf'], + ], + } +} diff --git a/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb b/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb new file mode 100644 index 0000000..d0cfc52 --- /dev/null +++ b/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb @@ -0,0 +1,11 @@ +description "Designate mdns" + +start on (local-filesystems and net-device-up IFACE!=lo) +stop on [!12345] + +setuid designate + +chdir /var/lib/designate +exec /usr/bin/designate-mdns --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/designate-mdns.log +respawn +respawn limit 10 30 diff --git a/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb b/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb new file mode 100644 index 0000000..392986d --- /dev/null +++ b/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb @@ -0,0 +1,11 @@ +description "Designate pool manager" + +start on (local-filesystems and net-device-up IFACE!=lo) +stop on [!12345] + +setuid designate + +chdir /var/lib/designate +exec /usr/bin/designate-pool-manager --config-file=/etc/designate/designate.conf --log-file=/var/log/designate/designate-pool-manager.log +respawn +respawn limit 10 30 diff --git a/modules/openstack/templates/liberty/designate/api-paste.ini.erb b/modules/openstack2/templates/liberty/designate/api-paste.ini.erb similarity index 100% rename from modules/openstack/templates/liberty/designate/api-paste.ini.erb rename to modules/openstack2/templates/liberty/designate/api-paste.ini.erb diff --git a/modules/openstack/templates/liberty/designate/designate.conf.erb b/modules/openstack2/templates/liberty/designate/designate.conf.erb similarity index 82% rename from modules/openstack/templates/liberty/designate/designate.conf.erb rename to modules/openstack2/templates/liberty/designate/designate.conf.erb index 728853e..c8c0fa0 100644 --- a/modules/openstack/templates/liberty/designate/designate.conf.erb +++ b/modules/openstack2/templates/liberty/designate/designate.conf.erb @@ -135,7 +135,7 @@ auth_uri = <%= @keystone_public_uri %> identity_uri = <%= @keystone_admin_uri %> admin_user = novaadmin -admin_password = <%= @keystoneconfig["ldap_user_pass"] %> +admin_password = <%= @ldap_user_pass %> #----------------------- # Sink Service @@ -211,14 +211,14 @@ # the 'pool_target' is the pdns database, which we write to for zone creation and deletion [pool_target:f26e0b32-736f-4f0a-831b-039a415c481e] -options = connection: mysql://<%= @designateconfig["pdns_db_user"] %>:<%= @designateconfig["pdns_db_pass"] %>@<%=@primary_pdns_ip%>/<%= @designateconfig["pdns_db_name"] %>, host: <%= @primary_pdns_ip %>, port: 53 +options = connection: mysql://<%= @pdns_db_user %>:<%= @pdns_db_pass %>@<%=@primary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @primary_pdns_ip %>, port: 53 # This is an alternate db account with more rights -- this setting should # be used when running the db-sync command and the like during upgrades. -#options = connection: mysql://<%= @designateconfig["db_admin_user"] %>:<%= @designateconfig["db_admin_pass"] %>@<%=@primary_pdns_ip%>/<%= @designateconfig["pdns_db_name"] %>, host: <%= @primary_pdns_ip %>, port: 53 +#options = connection: mysql://<%= @db_admin_user %>:<%= @db_admin_pass %>@<%=@primary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @primary_pdns_ip %>, port: 53 # This is a comma separated list of the mdns servers. # Note that for this to take effect, the list of masters must also be set in the pdns database: # UPDATE pdns.domains SET master="<comman-separated list of masters>" -masters = <%= scope.function_ipresolve([@designate_host, 4]) %>:5354 +masters = <%= @designate_host_ip %>:5354 type = powerdns # These next two settings are /probably/ unused, it's unclear: host = <%= @primary_pdns_ip %> @@ -227,14 +227,14 @@ <% if @secondary_pdns_ip != @primary_pdns_ip %> # the 'pool_target' is the pdns database, which we write to for zone creation and deletion [pool_target:f845cc43-2052-4d4b-a159-db6fce37b110] -options = connection: mysql://<%= @designateconfig["pdns_db_user"] %>:<%= @designateconfig["pdns_db_pass"] %>@<%=@secondary_pdns_ip%>/<%= @designateconfig["pdns_db_name"] %>, host: <%= @secondary_pdns_ip %>, port: 53 +options = connection: mysql://<%= @pdns_db_user %>:<%= @pdns_db_pass %>@<%=@secondary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @secondary_pdns_ip %>, port: 53 # This is an alternate db account with more rights -- this setting should # be used when running the db-sync command and the like during upgrades. -#options = connection: mysql://<%= @designateconfig["db_admin_user"] %>:<%= @designateconfig["db_admin_pass"] %>@<%=@secondary_pdns_ip%>/<%= @designateconfig["pdns_db_name"] %>, host: <%= @secondary_pdns_ip %>, port: 53 +#options = connection: mysql://<%= @db_admin_user %>:<%= @db_admin_pass %>@<%=@secondary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @secondary_pdns_ip %>, port: 53 # This is a comma separated list of the mdns servers. # Note that for this to take effect, the list of masters must also be set in the pdns database: # UPDATE pdns.domains SET master="<comman-separated list of masters>" -masters = <%= scope.function_ipresolve([@designate_host, 4]) %>:5354 +masters = <%= @designate_host_ip %>:5354 type = powerdns # These next two settings are /probably/ unused, it's unclear: host = <%= @secondary_pdns_ip %> @@ -266,7 +266,7 @@ [storage:sqlalchemy] # Database connection string - to configure options for a given implementation # like sqlalchemy or other see below -connection = mysql://<%= @designateconfig["db_user"] %>:<%= @designateconfig["db_pass"] %>@<%= @designateconfig["db_host"] %>/<%= @designateconfig["db_name"] %> +connection = mysql://<%= @db_user %>:<%= @db_pass %>@<%= @db_host %>/<%= @db_name %> #connection_debug = 100 #connection_trace = True idle_timeout = 3600 @@ -281,14 +281,14 @@ #----------------------- [handler:nova_fixed_multi] # Domain ID of domain to create records in. For a pre-existing domain, in this case eqiad.wmflabs -domain_id = '<%= @designateconfig["domain_id_internal_forward"] %>' +domain_id = '<%= @domain_id_internal_forward %>' site = '<%= scope.lookupvar("::site") %>' notification_topics = monitor notification_topics = notifications control_exchange = nova format = '%(hostname)s.%(project_name)s.%(domain)s' format = '%(hostname)s.%(domain)s' -reverse_domain_id = '<%= @designateconfig["domain_id_internal_reverse"] %>' +reverse_domain_id = '<%= @domain_id_internal_reverse %>' reverse_format = '%(hostname)s.%(project_name)s.%(domain)s' #----------------------- @@ -299,16 +299,16 @@ [handler:wmf_sink] # Domain ID of domain for instances. # For a pre-existing domain, in this case eqiad.wmflabs -domain_id = '<%= @designateconfig["domain_id_internal_forward"] %>' +domain_id = '<%= @domain_id_internal_forward %>' notification_topics = monitor notification_topics = notifications control_exchange = nova certmanager_user = certmanager fqdn_format = '%(hostname)s.%(project_name)s.%(domain)s' -puppet_master_host = "<%= scope.function_ipresolve([@designateconfig['puppetmaster_hostname'], 4]) %>" -salt_master_host = "<%= @designateconfig['controller_hostname'] %>" -puppet_config_backend = "http://<%= @designateconfig['puppetmaster_hostname'] %>:8101/v1" +puppet_master_host = "<%= @puppetmaster_hostname_ip %>" +salt_master_host = "<%= @nova_controller %>" +puppet_config_backend = "http://<%= @puppetmaster_hostname %>:8101/v1" #------------------------ # Neutron Floating Handler @@ -327,7 +327,7 @@ # SQLAlchemy Pool Manager Cache #----------------------- [pool_manager_cache:sqlalchemy] -connection = mysql://<%= @designateconfig["db_user"] %>:<%= @designateconfig["db_pass"] %>@<%= @designateconfig["db_host"] %>/<%= @designateconfig["pool_manager_db_name"] %> +connection = mysql://<%= @db_user %>:<%= @db_pass %>@<%= @db_host %>/<%= @pool_manager_db_name %> #connection_debug = 100 #connection_trace = False #sqlite_synchronous = True @@ -337,8 +337,8 @@ [oslo_messaging_rabbit] # RabbitMQ Config -rabbit_userid = <%= @designateconfig["rabbit_user"] %> -rabbit_password = <%= @designateconfig["rabbit_pass"] %> +rabbit_userid = <%= @rabbit_user %> +rabbit_password = <%= @rabbit_pass %> rabbit_use_ssl = False -rabbit_hosts = <%= @designateconfig["rabbit_host"] %> +rabbit_hosts = <%= @rabbit_host %> rabbit_port = 5672 diff --git a/modules/profile/manifests/openstack/base/designate/service.pp b/modules/profile/manifests/openstack/base/designate/service.pp new file mode 100644 index 0000000..1c5d1e4 --- /dev/null +++ b/modules/profile/manifests/openstack/base/designate/service.pp @@ -0,0 +1,85 @@ +class profile::openstack::base::designate::service( + $version = hiera('profile::openstack::base::version'), + $designate_host = hiera('profile::openstack::base::designate_host'), + $nova_controller = hiera('profile::openstack::base::nova_controller'), + $puppetmaster_hostname = hiera('profile::openstack::base::puppetmaster_hostname'), + $db_user = hiera('profile::openstack::base::designate::db_user'), + $db_pass = hiera('profile::openstack::base::designate::db_pass'), + $db_host = hiera('profile::openstack::base::designate::db_host'), + $db_name = hiera('profile::openstack::base::designate::db_name'), + $domain_id_internal_forward = hiera('profile::openstack::base::designate::domain_id_internal_forward'), + $domain_id_internal_reverse = hiera('profile::openstack::base::designate::domain_id_internal_reverse'), + $pool_manager_db_name = hiera('profile::openstack::base::designate::pool_manager_db_name'), + $ldap_user_pass = hiera('profile::openstack::base::ldap_user_pass'), + $pdns_db_user = hiera('profile::openstack::base::designate::pdns_db_user'), + $pdns_db_pass = hiera('profile::openstack::base::designate::pdns_db_pass'), + $pdns_db_name = hiera('profile::openstack::base::designate::pdns_db_name'), + $db_admin_user = hiera('profile::openstack::base::designate::db_admin_user'), + $db_admin_pass = hiera('profile::openstack::base::designate::db_admin_pass'), + $primary_pdns = hiera('profile::openstack::base::designate::host'), + $secondary_pdns = hiera('profile::openstack::base::designate::host_secondary'), + $rabbit_user = hiera('profile::openstack::base::nova::rabbit_user'), + $rabbit_pass = hiera('profile::openstack::base::nova::rabbit_pass'), + $keystone_public_port = hiera('profile::openstack::base::keystone::public_port'), + $keystone_auth_port = hiera('profile::openstack::base::keystone::auth_port'), + $osm_host = hiera('profile::openstack::base::osm_host'), + $horizon_host = hiera('profile::openstack::base::horizon_host'), + ) { + + $primary_pdns_ip = ipresolve($primary_pdns,4) + $secondary_pdns_ip = ipresolve($secondary_pdns,4) + + class{'::openstack2::designate::service': + active => ($::fqdn == $designate_host), + version => $version, + designate_host => $designate_host, + db_user => $db_user, + db_pass => $db_pass, + db_host => $db_host, + db_name => $db_name, + domain_id_internal_forward => $domain_id_internal_forward, + domain_id_internal_reverse => $domain_id_internal_reverse, + pool_manager_db_name => $pool_manager_db_name, + puppetmaster_hostname => $puppetmaster_hostname, + nova_controller => $nova_controller, + ldap_user_pass => $ldap_user_pass, + pdns_db_user => $pdns_db_user, + pdns_db_pass => $pdns_db_pass, + pdns_db_name => $pdns_db_name, + db_admin_user => $db_admin_user, + db_admin_pass => $db_admin_pass, + primary_pdns_ip => $primary_pdns_ip, + secondary_pdns_ip => $secondary_pdns_ip, + rabbit_user => $rabbit_user, + rabbit_pass => $rabbit_pass, + rabbit_host => $nova_controller, + keystone_public_port => $keystone_public_port, + keystone_auth_port => $keystone_auth_port, + } + + # Open designate API to Labs web UIs and the commandline on labcontrol + ferm::rule { 'designate-api': + rule => "saddr (@resolve(${osm_host}) @resolve(${horizon_host}) @resolve(${nova_controller})) proto tcp dport (9001) ACCEPT;", + } + + # Allow labs instances to hit the designate api. + # + # This is not as permissive as it looks; The wmfkeystoneauth + # plugin (via the password whitelist) only allows 'novaobserver' + # to authenticate from within labs, and the novaobserver is + # limited by the designate policy.json to read-only queries. + include network::constants + $labs_networks = join($network::constants::labs_networks, ' ') + ferm::rule { 'designate-api-for-labs': + rule => "saddr (${labs_networks}) proto tcp dport (9001) ACCEPT;", + } + + # allow axfr traffic between mdns and pdns on the pdns hosts + ferm::rule { 'mdns-axfr': + rule => "saddr (${primary_pdns_ip} ${secondary_pdns_ip} ) proto tcp dport (5354) ACCEPT;", + } + + ferm::rule { 'mdns-axfr-udp': + rule => "saddr (${primary_pdns_ip} ${secondary_pdns_ip} ) proto udp dport (5354) ACCEPT;", + } +} diff --git a/modules/profile/manifests/openstack/labtest/designate/service.pp b/modules/profile/manifests/openstack/labtest/designate/service.pp new file mode 100644 index 0000000..4609348 --- /dev/null +++ b/modules/profile/manifests/openstack/labtest/designate/service.pp @@ -0,0 +1,39 @@ +class profile::openstack::labtest::designate::service( + $version = hiera('profile::openstack::labtest::version'), + $designate_host = hiera('profile::openstack::labtest::designate_host'), + $nova_controller = hiera('profile::openstack::labtest::nova_controller'), + $puppetmaster_hostname = hiera('profile::openstack::labtest::puppetmaster_hostname'), + $db_pass = hiera('profile::openstack::labtest::designate::db_pass'), + $db_host = hiera('profile::openstack::labtest::designate::db_host'), + $domain_id_internal_forward = hiera('profile::openstack::labtest::designate::domain_id_internal_forward'), + $domain_id_internal_reverse = hiera('profile::openstack::labtest::designate::domain_id_internal_reverse'), + $ldap_user_pass = hiera('profile::openstack::labtest::ldap_user_pass'), + $pdns_db_pass = hiera('profile::openstack::labtest::designate::pdns_db_pass'), + $db_admin_pass = hiera('profile::openstack::labtest::designate::db_admin_pass'), + $primary_pdns = hiera('profile::openstack::labtest::pdns::host'), + $secondary_pdns = hiera('profile::openstack::labtest::pdns::host_secondary'), + $rabbit_pass = hiera('profile::openstack::labtest::nova::rabbit_pass'), + $osm_host = hiera('profile::openstack::labtest::osm_host'), + $horizon_host = hiera('profile::openstack::labtest::horizon_host'), + ) { + + require ::profile::openstack::labtest::clientlib + class{'::profile::openstack::base::designate::service': + version => $version, + designate_host => $designate_host, + db_pass => $db_pass, + db_host => $db_host, + domain_id_internal_forward => $domain_id_internal_forward, + domain_id_internal_reverse => $domain_id_internal_reverse, + puppetmaster_hostname => $puppetmaster_hostname, + nova_controller => $nova_controller, + ldap_user_pass => $ldap_user_pass, + pdns_db_pass => $pdns_db_pass, + db_admin_pass => $db_admin_pass, + primary_pdns => $primary_pdns, + secondary_pdns => $secondary_pdns, + rabbit_pass => $rabbit_pass, + osm_host => $osm_host, + horizon_host => $horizon_host, + } +} diff --git a/modules/profile/manifests/openstack/labtestn/designate/service.pp b/modules/profile/manifests/openstack/labtestn/designate/service.pp new file mode 100644 index 0000000..b7b95ab --- /dev/null +++ b/modules/profile/manifests/openstack/labtestn/designate/service.pp @@ -0,0 +1,39 @@ +class profile::openstack::labtestn::designate::service( + $version = hiera('profile::openstack::labtestn::version'), + $designate_host = hiera('profile::openstack::labtestn::designate_host'), + $nova_controller = hiera('profile::openstack::labtestn::nova_controller'), + $puppetmaster_hostname = hiera('profile::openstack::labtestn::puppetmaster_hostname'), + $db_pass = hiera('profile::openstack::labtestn::designate::db_pass'), + $db_host = hiera('profile::openstack::labtestn::designate::db_host'), + $domain_id_internal_forward = hiera('profile::openstack::labtestn::designate::domain_id_internal_forward'), + $domain_id_internal_reverse = hiera('profile::openstack::labtestn::designate::domain_id_internal_reverse'), + $ldap_user_pass = hiera('profile::openstack::labtestn::ldap_user_pass'), + $pdns_db_pass = hiera('profile::openstack::labtestn::designate::pdns_db_pass'), + $db_admin_pass = hiera('profile::openstack::labtestn::designate::db_admin_pass'), + $primary_pdns = hiera('profile::openstack::labtestn::pdns::host'), + $secondary_pdns = hiera('profile::openstack::labtestn::pdns::host_secondary'), + $rabbit_pass = hiera('profile::openstack::labtestn::nova::rabbit_pass'), + $osm_host = hiera('profile::openstack::labtestn::osm_host'), + $horizon_host = hiera('profile::openstack::labtestn::horizon_host'), + ) { + + require ::profile::openstack::labtestn::clientlib + class{'::profile::openstack::base::designate::service': + version => $version, + designate_host => $designate_host, + db_pass => $db_pass, + db_host => $db_host, + domain_id_internal_forward => $domain_id_internal_forward, + domain_id_internal_reverse => $domain_id_internal_reverse, + puppetmaster_hostname => $puppetmaster_hostname, + nova_controller => $nova_controller, + ldap_user_pass => $ldap_user_pass, + pdns_db_pass => $pdns_db_pass, + db_admin_pass => $db_admin_pass, + primary_pdns => $primary_pdns, + secondary_pdns => $secondary_pdns, + rabbit_pass => $rabbit_pass, + osm_host => $osm_host, + horizon_host => $horizon_host, + } +} diff --git a/modules/profile/manifests/openstack/main/designate/service.pp b/modules/profile/manifests/openstack/main/designate/service.pp new file mode 100644 index 0000000..a351174 --- /dev/null +++ b/modules/profile/manifests/openstack/main/designate/service.pp @@ -0,0 +1,44 @@ +class profile::openstack::main::designate::service( + $version = hiera('profile::openstack::main::version'), + $designate_host = hiera('profile::openstack::main::designate_host'), + $nova_controller = hiera('profile::openstack::main::nova_controller'), + $puppetmaster_hostname = hiera('profile::openstack::main::puppetmaster_hostname'), + $db_pass = hiera('profile::openstack::main::designate::db_pass'), + $db_host = hiera('profile::openstack::main::designate::db_host'), + $domain_id_internal_forward = hiera('profile::openstack::main::designate::domain_id_internal_forward'), + $domain_id_internal_reverse = hiera('profile::openstack::main::designate::domain_id_internal_reverse'), + $ldap_user_pass = hiera('profile::openstack::main::ldap_user_pass'), + $pdns_db_pass = hiera('profile::openstack::main::designate::pdns_db_pass'), + $db_admin_pass = hiera('profile::openstack::main::designate::db_admin_pass'), + $primary_pdns = hiera('profile::openstack::main::pdns::host'), + $secondary_pdns = hiera('profile::openstack::main::pdns::host_secondary'), + $rabbit_pass = hiera('profile::openstack::main::nova::rabbit_pass'), + $osm_host = hiera('profile::openstack::main::osm_host'), + $horizon_host = hiera('profile::openstack::main::horizon_host'), + ) { + + require ::profile::openstack::main::clientlib + class{'::profile::openstack::base::designate::service': + version => $version, + designate_host => $designate_host, + db_pass => $db_pass, + db_host => $db_host, + domain_id_internal_forward => $domain_id_internal_forward, + domain_id_internal_reverse => $domain_id_internal_reverse, + puppetmaster_hostname => $puppetmaster_hostname, + nova_controller => $nova_controller, + ldap_user_pass => $ldap_user_pass, + pdns_db_pass => $pdns_db_pass, + db_admin_pass => $db_admin_pass, + primary_pdns => $primary_pdns, + secondary_pdns => $secondary_pdns, + rabbit_pass => $rabbit_pass, + osm_host => $osm_host, + horizon_host => $horizon_host, + } + + + class {'::openstack2::designate::monitor': + active => ($::fqdn == $designate_host), + } +} diff --git a/modules/role/manifests/labs/openstack/designate/server.pp b/modules/role/manifests/labs/openstack/designate/server.pp deleted file mode 100644 index a76fd22..0000000 --- a/modules/role/manifests/labs/openstack/designate/server.pp +++ /dev/null @@ -1,60 +0,0 @@ -class role::labs::openstack::designate::server { - - system::role { $name: } - - include openstack - - $keystone_host = hiera('labs_keystone_host') - $nova_controller = hiera('labs_nova_controller') - $designate_host = hiera('labs_designate_hostname') - $osm_host = hiera('labs_osm_host') - $horizon_host = hiera('labs_horizon_host') - - $keystoneconfig = hiera_hash('keystoneconfig', {}) - $designateconfig = hiera_hash('designateconfig', {}) - - $controller_ip = ipresolve($nova_controller,4) - $horizon_ip = ipresolve($horizon_host,4) - $wikitech_ip = ipresolve($osm_host,4) - - $dnsconfig = hiera_hash('labsdnsconfig', {}) - $dns_host = $dnsconfig['host'] - $dns_host_secondary = $dnsconfig['host_secondary'] - $dns_host_ip = ipresolve ($dns_host) - $dns_host_secondary_ip = ipresolve ($dns_host_secondary) - - class { 'openstack::designate::service': - active_server => $designate_host, - nova_controller => $nova_controller, - keystone_host => $keystone_host, - keystoneconfig => $keystoneconfig, - designateconfig => $designateconfig, - primary_pdns_ip => $dns_host_ip, - secondary_pdns_ip => $dns_host_secondary_ip, - } - - # Open designate API to Labs web UIs and the commandline on labcontrol - ferm::rule { 'designate-api': - rule => "saddr (${wikitech_ip} ${horizon_ip} ${controller_ip}) proto tcp dport (9001) ACCEPT;", - } - - # Allow labs instances to hit the designate api. - # - # This is not as permissive as it looks; The wmfkeystoneauth - # plugin (via the password whitelist) only allows 'novaobserver' - # to authenticate from within labs, and the novaobserver is - # limited by the designate policy.json to read-only queries. - include network::constants - $labs_networks = join($network::constants::labs_networks, ' ') - ferm::rule { 'designate-api-for-labs': - rule => "saddr (${labs_networks}) proto tcp dport (9001) ACCEPT;", - } - - # allow axfr traffic between mdns and pdns on the pdns hosts - ferm::rule { 'mdns-axfr': - rule => "saddr (${dns_host_ip} ${dns_host_secondary_ip} ) proto tcp dport (5354) ACCEPT;", - } - ferm::rule { 'mdns-axfr-udp': - rule => "saddr (${dns_host_ip} ${dns_host_secondary_ip} ) proto udp dport (5354) ACCEPT;", - } -} diff --git a/modules/role/manifests/wmcs/openstack/labtest/services.pp b/modules/role/manifests/wmcs/openstack/labtest/services.pp index 690b2b2..13efc1d 100644 --- a/modules/role/manifests/wmcs/openstack/labtest/services.pp +++ b/modules/role/manifests/wmcs/openstack/labtest/services.pp @@ -1,3 +1,4 @@ class role::wmcs::openstack::labtest::services { - include profile::openstack::labtest::cloudrepo + include ::profile::openstack::labtest::cloudrepo + include ::profile::openstack::labtest::designate::service } diff --git a/modules/role/manifests/wmcs/openstack/labtestn/services.pp b/modules/role/manifests/wmcs/openstack/labtestn/services.pp index f0762b5..b4f9fd0 100644 --- a/modules/role/manifests/wmcs/openstack/labtestn/services.pp +++ b/modules/role/manifests/wmcs/openstack/labtestn/services.pp @@ -1,3 +1,4 @@ class role::wmcs::openstack::labtestn::services { - include profile::openstack::labtestn::cloudrepo + include ::profile::openstack::labtestn::cloudrepo + include ::profile::openstack::labtestn::designate::service } diff --git a/modules/role/manifests/wmcs/openstack/main/services.pp b/modules/role/manifests/wmcs/openstack/main/services.pp index 340d369..4405938 100644 --- a/modules/role/manifests/wmcs/openstack/main/services.pp +++ b/modules/role/manifests/wmcs/openstack/main/services.pp @@ -1,3 +1,4 @@ class role::wmcs::openstack::main::services { - include profile::openstack::main::cloudrepo + include ::profile::openstack::main::cloudrepo + include ::profile::openstack::main::designate::service } -- To view, visit https://gerrit.wikimedia.org/r/376848 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ib66fdb449af65f8c3608a6d225ee80976f4acd7d Gerrit-PatchSet: 20 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush <r...@wikimedia.org> Gerrit-Reviewer: Alex Monk <kren...@gmail.com> Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org> Gerrit-Reviewer: Rush <r...@wikimedia.org> Gerrit-Reviewer: Volans <rcocci...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits