Rush has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/376848 )
Change subject: openstack: designate as module/profile/role
......................................................................
openstack: designate as module/profile/role
Bug: T171494
Change-Id: Ib66fdb449af65f8c3608a6d225ee80976f4acd7d
---
M hieradata/codfw/profile/openstack/labtest.yaml
M hieradata/codfw/profile/openstack/labtest/designate.yaml
A hieradata/codfw/profile/openstack/labtest/pdns.yaml
M hieradata/codfw/profile/openstack/labtestn.yaml
M hieradata/codfw/profile/openstack/labtestn/designate.yaml
A hieradata/codfw/profile/openstack/labtestn/pdns.yaml
A hieradata/common/profile/openstack/base/designate.yaml
A hieradata/common/profile/openstack/base/pdns.yaml
M hieradata/eqiad/profile/openstack/main.yaml
M hieradata/eqiad/profile/openstack/main/designate.yaml
A hieradata/eqiad/profile/openstack/main/pdns.yaml
M manifests/site.pp
D modules/openstack/manifests/designate/service.pp
R modules/openstack2/files/designate/designate-mdns.logrotate
R modules/openstack2/files/designate/designate-pool-manager.logrotate
R modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py
R modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py
R modules/openstack2/files/liberty/designate/dashboard/__init__.py
R
modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt
R modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py
R modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py
R modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py
R modules/openstack2/files/liberty/designate/policy.json
R modules/openstack2/files/liberty/designate/rootwrap.conf
R modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt
R modules/openstack2/files/liberty/designate/wmf_sink/__init__.py
R modules/openstack2/files/liberty/designate/wmf_sink/base.py
R modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py
A modules/openstack2/manifests/designate/monitor.pp
A modules/openstack2/manifests/designate/service.pp
A modules/openstack2/templates/initscripts/designate-mdns.upstart.erb
A modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb
R modules/openstack2/templates/liberty/designate/api-paste.ini.erb
R modules/openstack2/templates/liberty/designate/designate.conf.erb
A modules/profile/manifests/openstack/base/designate/service.pp
A modules/profile/manifests/openstack/labtest/designate/service.pp
A modules/profile/manifests/openstack/labtestn/designate/service.pp
A modules/profile/manifests/openstack/main/designate/service.pp
D modules/role/manifests/labs/openstack/designate/server.pp
M modules/role/manifests/wmcs/openstack/labtest/services.pp
M modules/role/manifests/wmcs/openstack/labtestn/services.pp
M modules/role/manifests/wmcs/openstack/main/services.pp
42 files changed, 534 insertions(+), 305 deletions(-)
Approvals:
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/hieradata/codfw/profile/openstack/labtest.yaml
b/hieradata/codfw/profile/openstack/labtest.yaml
index 896ae95..73fd91f 100644
--- a/hieradata/codfw/profile/openstack/labtest.yaml
+++ b/hieradata/codfw/profile/openstack/labtest.yaml
@@ -3,6 +3,7 @@
profile::openstack::labtest::nova_controller_standby:
'labtestcontrol2001.wikimedia.org'
profile::openstack::labtest::designate_host:
'labtestservices2001.wikimedia.org'
profile::openstack::labtest::designate_host_standby:
'labtestservices2001.wikimedia.org'
+profile::openstack::labtest::puppetmaster_hostname:
'labtestpuppetmaster2001.wikimedia.org'
profile::openstack::labtest::nova_api_host: 'labtestnet2001.codfw.wmnet'
profile::openstack::labtest::labs_hosts_range: '10.192.20.0/24'
profile::openstack::labtest::horizon_host: 'labtestweb2001.wikimedia.org'
diff --git a/hieradata/codfw/profile/openstack/labtest/designate.yaml
b/hieradata/codfw/profile/openstack/labtest/designate.yaml
index 9087fd7..30e3e87 100644
--- a/hieradata/codfw/profile/openstack/labtest/designate.yaml
+++ b/hieradata/codfw/profile/openstack/labtest/designate.yaml
@@ -1 +1,4 @@
profile::openstack::labtest::designate::wmflabsdotorg_project: 'wmflabsdotorg'
+profile::openstack::labtest::designate::db_host:
'labtestcontrol2001.wikimedia.org'
+profile::openstack::labtest::designate::domain_id_internal_forward:
'e1ac328c-b932-43f2-b12f-407fb9477925'
+profile::openstack::labtest::designate::domain_id_internal_reverse:
'9b60f3ab-d64b-4e30-9d6f-7535811b0fa8'
diff --git a/hieradata/codfw/profile/openstack/labtest/pdns.yaml
b/hieradata/codfw/profile/openstack/labtest/pdns.yaml
new file mode 100644
index 0000000..91206e6
--- /dev/null
+++ b/hieradata/codfw/profile/openstack/labtest/pdns.yaml
@@ -0,0 +1,4 @@
+profile::openstack::labtest::pdns::host: 'labtest-ns0.wikimedia.org'
+profile::openstack::labtest::pdns::host_secondary: 'labtest-ns0.wikimedia.org'
+profile::openstack::labtest::pdns::recursor: 'labtest-recursor0.wikimedia.org'
+profile::openstack::labtest::pdns::recursor_secondary:
'labtest-recursor0.wikimedia.org'
diff --git a/hieradata/codfw/profile/openstack/labtestn.yaml
b/hieradata/codfw/profile/openstack/labtestn.yaml
index b60b6d9..c44108b 100644
--- a/hieradata/codfw/profile/openstack/labtestn.yaml
+++ b/hieradata/codfw/profile/openstack/labtestn.yaml
@@ -2,8 +2,9 @@
profile::openstack::labtestn::nova_controller:
'labtestcontrol2003.wikimedia.org'
profile::openstack::labtestn::nova_controller_standby:
'labtestcontrol2003.wikimedia.org'
profile::openstack::labtestn::nova_api_host: 'labtestcontrol2003.wikimedia.org'
-profile::openstack::labtestn::designate_host:
'labtestservices2003.wikimedia.org'
+profile::openstack::labtestn::designate_host:
'labtestcontrol2003.wikimedia.org'
profile::openstack::labtestn::designate_host_standby:
'labtestservices2003.wikimedia.org'
+profile::openstack::labtestn::puppetmaster_hostname:
'labtestpuppetmaster2001.wikimedia.org'
profile::openstack::labtestn::labs_hosts_range: '127.0.0.1/32'
profile::openstack::labtestn::horizon_host: 'labtestweb2001.wikimedia.org'
profile::openstack::labtestn::spice_hostname: 'labtestnspice.wikimedia.org'
diff --git a/hieradata/codfw/profile/openstack/labtestn/designate.yaml
b/hieradata/codfw/profile/openstack/labtestn/designate.yaml
index e718654..f55192c 100644
--- a/hieradata/codfw/profile/openstack/labtestn/designate.yaml
+++ b/hieradata/codfw/profile/openstack/labtestn/designate.yaml
@@ -1 +1,4 @@
profile::openstack::labtestn::designate::wmflabsdotorg_project: 'wmflabsdotorg'
+profile::openstack::labtestn::designate::db_host:
'labtestcontrol2003.wikimedia.org'
+profile::openstack::labtestn::designate::domain_id_internal_forward:
'e1ac328c-b932-43f2-b12f-407fb9477925'
+profile::openstack::labtestn::designate::domain_id_internal_reverse:
'9b60f3ab-d64b-4e30-9d6f-7535811b0fa8'
diff --git a/hieradata/codfw/profile/openstack/labtestn/pdns.yaml
b/hieradata/codfw/profile/openstack/labtestn/pdns.yaml
new file mode 100644
index 0000000..83e5f3d
--- /dev/null
+++ b/hieradata/codfw/profile/openstack/labtestn/pdns.yaml
@@ -0,0 +1,4 @@
+profile::openstack::labtestn::pdns::host: 'labtest-ns0.wikimedia.org'
+profile::openstack::labtestn::pdns::host_secondary: 'labtest-ns0.wikimedia.org'
+profile::openstack::labtestn::pdns::recursor: 'labtest-recursor0.wikimedia.org'
+profile::openstack::labtestn::pdns::recursor_secondary:
'labtest-recursor0.wikimedia.org'
diff --git a/hieradata/common/profile/openstack/base/designate.yaml
b/hieradata/common/profile/openstack/base/designate.yaml
new file mode 100644
index 0000000..b1560bd
--- /dev/null
+++ b/hieradata/common/profile/openstack/base/designate.yaml
@@ -0,0 +1,7 @@
+profile::openstack::base::designate::db_user: 'designate'
+profile::openstack::base::designate::db_name: 'designate'
+profile::openstack::base::designate::pdns_db_user: 'pdns'
+profile::openstack::base::designate::pdns_db_name: 'pdns'
+profile::openstack::base::designate::pdns_db_user: 'pdns'
+profile::openstack::base::designate::db_admin_user: 'pdns_admin'
+profile::openstack::base::designate::pool_manager_db_name:
'designate_pool_manager'
diff --git a/hieradata/common/profile/openstack/base/pdns.yaml
b/hieradata/common/profile/openstack/base/pdns.yaml
new file mode 100644
index 0000000..fe61246
--- /dev/null
+++ b/hieradata/common/profile/openstack/base/pdns.yaml
@@ -0,0 +1 @@
+profile::openstack::base::pdns::db_host: 'localhost'
diff --git a/hieradata/eqiad/profile/openstack/main.yaml
b/hieradata/eqiad/profile/openstack/main.yaml
index ecb9ca1..6bb2399 100644
--- a/hieradata/eqiad/profile/openstack/main.yaml
+++ b/hieradata/eqiad/profile/openstack/main.yaml
@@ -5,6 +5,7 @@
profile::openstack::main::nova_network_host: 'labnet1001.eqiad.wmnet'
profile::openstack::main::designate_host: 'labservices1001.wikimedia.org'
profile::openstack::main::designate_host_standby:
'labservices1002.wikimedia.org'
+profile::openstack::main::puppetmaster_hostname:
'labs-puppetmaster.wikimedia.org'
profile::openstack::main::horizon_host: 'californium.wikimedia.org'
profile::openstack::main::spice_hostname: 'labspice.wikimedia.org'
profile::openstack::main::labs_hosts_range: '10.64.20.0/24'
diff --git a/hieradata/eqiad/profile/openstack/main/designate.yaml
b/hieradata/eqiad/profile/openstack/main/designate.yaml
index b6a217c..ea19ce8 100644
--- a/hieradata/eqiad/profile/openstack/main/designate.yaml
+++ b/hieradata/eqiad/profile/openstack/main/designate.yaml
@@ -1 +1,4 @@
profile::openstack::main::designate::wmflabsdotorg_project: 'wmflabsdotorg'
+profile::openstack::main::designate::db_host: 'm5-master.eqiad.wmnet'
+profile::openstack::main::designate::domain_id_internal_forward:
'114f1333-c2c1-44d3-beb4-ebed1a91742b'
+profile::openstack::main::designate::domain_id_internal_reverse:
'8d114f3c-815b-466c-bdd4-9b91f704ea60'
diff --git a/hieradata/eqiad/profile/openstack/main/pdns.yaml
b/hieradata/eqiad/profile/openstack/main/pdns.yaml
new file mode 100644
index 0000000..ed106d7
--- /dev/null
+++ b/hieradata/eqiad/profile/openstack/main/pdns.yaml
@@ -0,0 +1,4 @@
+profile::openstack::main::pdns::host: 'labs-ns0.wikimedia.org'
+profile::openstack::main::pdns::host_secondary: 'labs-ns1.wikimedia.org'
+profile::openstack::main::pdns::recursor: 'labs-recursor0.wikimedia.org'
+profile::openstack::main::pdns::recursor_secondary:
'labs-recursor1.wikimedia.org'
diff --git a/manifests/site.pp b/manifests/site.pp
index b546f8d..e67e628 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1013,7 +1013,6 @@
node 'labservices1001.wikimedia.org' {
role(wmcs::openstack::main::services,
labs::dns,
- labs::openstack::designate::server,
labs::dnsrecursor,
labs::dns_floating_ip_updater)
include ::standard
@@ -1024,7 +1023,6 @@
node 'labservices1002.wikimedia.org' {
role(wmcs::openstack::main::services,
labs::dns,
- labs::openstack::designate::server,
labs::dnsrecursor)
include ::standard
include ::base::firewall
@@ -1093,7 +1091,6 @@
node 'labtestservices2001.wikimedia.org' {
role(wmcs::openstack::labtest::services,
labs::dns,
- labs::openstack::designate::server,
labs::dnsrecursor,
openldap::labtest,
labs::dns_floating_ip_updater)
diff --git a/modules/openstack/manifests/designate/service.pp
b/modules/openstack/manifests/designate/service.pp
deleted file mode 100644
index 010e4cd..0000000
--- a/modules/openstack/manifests/designate/service.pp
+++ /dev/null
@@ -1,220 +0,0 @@
-# Designate provides DNSaaS services for OpenStack
-# https://wiki.openstack.org/wiki/Designate
-
-class openstack::designate::service (
- $active_server,
- $nova_controller,
- $keystone_host,
- $keystoneconfig,
- $designateconfig,
- $primary_pdns_ip,
- $secondary_pdns_ip,
- $openstack_version=$::openstack::version,
-)
- {
-
- $keystone_host_ip = ipresolve($keystone_host,4)
- $nova_controller_ip = ipresolve($nova_controller)
- $designate_host = $active_server
- $keystone_public_uri =
"http://${keystone_host}:${keystoneconfig['public_port']}"
- $keystone_admin_uri =
"http://${keystone_host}:${keystoneconfig['auth_port']}"
-
- require_package(
- 'python-designateclient',
- 'designate-sink',
- 'designate-common',
- 'designate',
- 'designate-api',
- 'designate-doc',
- 'designate-central',
- 'python-novaclient'
- )
-
- file { '/usr/lib/python2.7/dist-packages/wmf_sink':
- source =>
"puppet:///modules/openstack/${::openstack::version}/designate/wmf_sink",
- owner => 'root',
- group => 'root',
- mode => '0644',
- recurse => true,
- }
- file { '/usr/lib/python2.7/dist-packages/wmf_sink.egg-info':
- source =>
"puppet:///modules/openstack/${::openstack::version}/designate/wmf_sink.egg-info",
- owner => 'root',
- group => 'root',
- mode => '0644',
- recurse => true,
- }
-
- file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi':
- source =>
"puppet:///modules/openstack/${::openstack::version}/designate/nova_fixed_multi",
- owner => 'root',
- group => 'root',
- mode => '0644',
- recurse => true,
- }
- file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi.egg-info':
- source =>
"puppet:///modules/openstack/${::openstack::version}/designate/nova_fixed_multi.egg-info",
- owner => 'root',
- group => 'root',
- mode => '0644',
- recurse => true,
- }
-
- file {
- '/etc/designate/designate.conf':
- content =>
template("openstack/${openstack_version}/designate/designate.conf.erb"),
- owner => 'designate',
- group => 'designate',
- notify =>
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
- require => Package['designate-common'],
- mode => '0440';
- '/etc/designate/api-paste.ini':
- content =>
template("openstack/${openstack_version}/designate/api-paste.ini.erb"),
- owner => 'designate',
- group => 'designate',
- notify =>
Service['designate-api','designate-sink','designate-central'],
- require => Package['designate-api'],
- mode => '0440';
- '/etc/designate/policy.json':
- source =>
"puppet:///modules/openstack/${openstack_version}/designate/policy.json",
- owner => 'designate',
- group => 'designate',
- notify =>
Service['designate-api','designate-sink','designate-central'],
- require => Package['designate-common'],
- mode => '0440';
- '/etc/designate/rootwrap.conf':
- source =>
"puppet:///modules/openstack/${openstack_version}/designate/rootwrap.conf",
- owner => 'root',
- group => 'root',
- notify =>
Service['designate-api','designate-sink','designate-central'],
- require => Package['designate-common'],
- mode => '0440';
- }
-
- # These would be automatically included in a correct designate package...
- # probably this can be ripped out in Liberty.
- logrotate::conf { 'designate-mdns':
- ensure => present,
- source => 'puppet:///modules/openstack/designate-mdns.logrotate',
- }
- logrotate::conf { 'designate-pool-manager':
- ensure => present,
- source =>
'puppet:///modules/openstack/designate-pool-manager.logrotate',
- }
-
- file { '/var/lib/designate/.ssh/':
- ensure => directory,
- owner => 'designate',
- group => 'designate',
- }
-
- file { '/var/lib/designate/.ssh/id_rsa':
- owner => 'designate',
- group => 'designate',
- mode => '0400',
- content => secret('ssh/puppet_cert_manager/cert_manager'),
- show_diff => false,
- }
-
- # include rootwrap.d entries
-
- if $::fqdn == $active_server {
- service {'designate-api':
- ensure => running,
- require => Package['designate-api'];
- }
-
- service {'designate-sink':
- ensure => running,
- require => Package['designate-sink'];
- }
-
- service {'designate-central':
- ensure => running,
- require => Package['designate-central'];
- }
-
- # In the perfect future when the designate packages set up
- # an init script for this, some of this can be removed.
- base::service_unit { 'designate-pool-manager':
- ensure => present,
- upstart => upstart_template('designate-pool-manager'),
- require => Package['designate'],
- }
-
- base::service_unit { 'designate-mdns':
- ensure => present,
- upstart => upstart_template('designate-mdns'),
- require => Package['designate'],
- }
-
- # Page if designate processes die. We only have one of each of these,
- # and new instance creation will be very broken if services die.
- nrpe::monitor_service { 'check_designate_sink_process':
- description => 'designate-sink process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-sink'",
- critical => true,
- }
- nrpe::monitor_service { 'check_designate_api_process':
- description => 'designate-api process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-api'",
- critical => true,
- }
- nrpe::monitor_service { 'check_designate_central_process':
- description => 'designate-central process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-central'",
- critical => true,
- }
- nrpe::monitor_service { 'check_designate_mdns':
- description => 'designate-mdns process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-mdns'",
- critical => true,
- }
- nrpe::monitor_service { 'check_designate_pool-manager':
- description => 'designate-pool-manager process',
- nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-pool-manager'",
- critical => true,
- }
- monitoring::service { 'designate-api-http':
- description => 'designate-api http',
- check_command => 'check_http_on_port!9001',
- }
- } else {
- service {'designate-api':
- ensure => stopped,
- require => Package['designate-api'];
- }
-
- service {'designate-sink':
- ensure => stopped,
- require => Package['designate-sink'];
- }
-
- service {'designate-central':
- ensure => stopped,
- require => Package['designate-central'];
- }
-
- base::service_unit { 'designate-pool-manager':
- ensure => present,
- upstart => upstart_template('designate-pool-manager'),
- require => Package['designate'],
- service_params => {
- # lint:ignore:ensure_first_param
- ensure => stopped,
- # lint:endignore
- }
- }
-
- base::service_unit { 'designate-mdns':
- ensure => present,
- upstart => upstart_template('designate-mdns'),
- require => Package['designate'],
- service_params => {
- # lint:ignore:ensure_first_param
- ensure => stopped,
- # lint:endignore
- }
- }
- }
-}
diff --git a/modules/openstack/files/designate-mdns.logrotate
b/modules/openstack2/files/designate/designate-mdns.logrotate
similarity index 100%
rename from modules/openstack/files/designate-mdns.logrotate
rename to modules/openstack2/files/designate/designate-mdns.logrotate
diff --git a/modules/openstack/files/designate-pool-manager.logrotate
b/modules/openstack2/files/designate/designate-pool-manager.logrotate
similarity index 100%
rename from modules/openstack/files/designate-pool-manager.logrotate
rename to modules/openstack2/files/designate/designate-pool-manager.logrotate
diff --git
a/modules/openstack/files/liberty/designate/dashboard/_70_dns_add_group.py
b/modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py
similarity index 100%
rename from
modules/openstack/files/liberty/designate/dashboard/_70_dns_add_group.py
rename to
modules/openstack2/files/liberty/designate/dashboard/_70_dns_add_group.py
diff --git
a/modules/openstack/files/liberty/designate/dashboard/_71_dns_project.py
b/modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py
similarity index 100%
rename from
modules/openstack/files/liberty/designate/dashboard/_71_dns_project.py
rename to
modules/openstack2/files/liberty/designate/dashboard/_71_dns_project.py
diff --git a/modules/openstack/files/liberty/designate/dashboard/__init__.py
b/modules/openstack2/files/liberty/designate/dashboard/__init__.py
similarity index 100%
rename from modules/openstack/files/liberty/designate/dashboard/__init__.py
rename to modules/openstack2/files/liberty/designate/dashboard/__init__.py
diff --git
a/modules/openstack/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt
b/modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt
similarity index 100%
rename from
modules/openstack/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt
rename to
modules/openstack2/files/liberty/designate/nova_fixed_multi.egg-info/entry_points.txt
diff --git
a/modules/openstack/files/liberty/designate/nova_fixed_multi/__init__.py
b/modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py
similarity index 100%
rename from
modules/openstack/files/liberty/designate/nova_fixed_multi/__init__.py
rename to
modules/openstack2/files/liberty/designate/nova_fixed_multi/__init__.py
diff --git a/modules/openstack/files/liberty/designate/nova_fixed_multi/base.py
b/modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py
similarity index 100%
rename from modules/openstack/files/liberty/designate/nova_fixed_multi/base.py
rename to modules/openstack2/files/liberty/designate/nova_fixed_multi/base.py
diff --git
a/modules/openstack/files/liberty/designate/nova_fixed_multi/novamulti.py
b/modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py
similarity index 100%
rename from
modules/openstack/files/liberty/designate/nova_fixed_multi/novamulti.py
rename to
modules/openstack2/files/liberty/designate/nova_fixed_multi/novamulti.py
diff --git a/modules/openstack/files/liberty/designate/policy.json
b/modules/openstack2/files/liberty/designate/policy.json
similarity index 100%
rename from modules/openstack/files/liberty/designate/policy.json
rename to modules/openstack2/files/liberty/designate/policy.json
diff --git a/modules/openstack/files/liberty/designate/rootwrap.conf
b/modules/openstack2/files/liberty/designate/rootwrap.conf
similarity index 100%
rename from modules/openstack/files/liberty/designate/rootwrap.conf
rename to modules/openstack2/files/liberty/designate/rootwrap.conf
diff --git
a/modules/openstack/files/liberty/designate/wmf_sink.egg-info/entry_points.txt
b/modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt
similarity index 100%
rename from
modules/openstack/files/liberty/designate/wmf_sink.egg-info/entry_points.txt
rename to
modules/openstack2/files/liberty/designate/wmf_sink.egg-info/entry_points.txt
diff --git a/modules/openstack/files/liberty/designate/wmf_sink/__init__.py
b/modules/openstack2/files/liberty/designate/wmf_sink/__init__.py
similarity index 100%
rename from modules/openstack/files/liberty/designate/wmf_sink/__init__.py
rename to modules/openstack2/files/liberty/designate/wmf_sink/__init__.py
diff --git a/modules/openstack/files/liberty/designate/wmf_sink/base.py
b/modules/openstack2/files/liberty/designate/wmf_sink/base.py
similarity index 100%
rename from modules/openstack/files/liberty/designate/wmf_sink/base.py
rename to modules/openstack2/files/liberty/designate/wmf_sink/base.py
diff --git a/modules/openstack/files/liberty/designate/wmf_sink/wmfsink.py
b/modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py
similarity index 100%
rename from modules/openstack/files/liberty/designate/wmf_sink/wmfsink.py
rename to modules/openstack2/files/liberty/designate/wmf_sink/wmfsink.py
diff --git a/modules/openstack2/manifests/designate/monitor.pp
b/modules/openstack2/manifests/designate/monitor.pp
new file mode 100644
index 0000000..d37b60b
--- /dev/null
+++ b/modules/openstack2/manifests/designate/monitor.pp
@@ -0,0 +1,58 @@
+# Designate provides DNSaaS services for OpenStack
+# https://wiki.openstack.org/wiki/Designate
+
+class openstack2::designate::monitor (
+ $active,
+ ) {
+
+ # monitoring::service doesn't take a bool
+ if $active {
+ $ensure = 'present'
+ }
+ else {
+ $ensure = 'absent'
+ }
+
+ # Page if designate processes die. We only have one of each of these,
+ # and new instance creation will be very broken if services die.
+ nrpe::monitor_service { 'check_designate_sink_process':
+ ensure => $ensure,
+ description => 'designate-sink process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-sink'",
+ critical => true,
+ }
+
+ nrpe::monitor_service { 'check_designate_api_process':
+ ensure => $ensure,
+ description => 'designate-api process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-api'",
+ critical => true,
+ }
+
+ nrpe::monitor_service { 'check_designate_central_process':
+ ensure => $ensure,
+ description => 'designate-central process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-central'",
+ critical => true,
+ }
+
+ nrpe::monitor_service { 'check_designate_mdns':
+ ensure => $ensure,
+ description => 'designate-mdns process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-mdns'",
+ critical => true,
+ }
+
+ nrpe::monitor_service { 'check_designate_pool-manager':
+ ensure => $ensure,
+ description => 'designate-pool-manager process',
+ nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/designate-pool-manager'",
+ critical => true,
+ }
+
+ monitoring::service { 'designate-api-http':
+ ensure => $ensure,
+ description => 'designate-api http',
+ check_command => 'check_http_on_port!9001',
+ }
+}
diff --git a/modules/openstack2/manifests/designate/service.pp
b/modules/openstack2/manifests/designate/service.pp
new file mode 100644
index 0000000..7b9fb51
--- /dev/null
+++ b/modules/openstack2/manifests/designate/service.pp
@@ -0,0 +1,190 @@
+# Designate provides DNSaaS services for OpenStack
+# https://wiki.openstack.org/wiki/Designate
+
+class openstack2::designate::service(
+ $active,
+ $version,
+ $designate_host,
+ $db_user,
+ $db_pass,
+ $db_host,
+ $db_name,
+ $domain_id_internal_forward,
+ $domain_id_internal_reverse,
+ $pool_manager_db_name,
+ $puppetmaster_hostname,
+ $nova_controller,
+ $ldap_user_pass,
+ $pdns_db_user,
+ $pdns_db_pass,
+ $pdns_db_name,
+ $db_admin_user,
+ $db_admin_pass,
+ $primary_pdns_ip,
+ $secondary_pdns_ip,
+ $rabbit_user,
+ $rabbit_pass,
+ $rabbit_host,
+ $nova_controller,
+ $keystone_public_port,
+ $keystone_auth_port,
+ ) {
+
+ $keystone_host_ip = ipresolve($nova_controller,4)
+ $nova_controller_ip = ipresolve($nova_controller)
+ $keystone_public_uri = "http://${nova_controller}:${keystone_public_port}";
+ $keystone_admin_uri = "http://${nova_controller}:${keystone_auth_port}";
+ $designate_host_ip = ipresolve($designate_host,4)
+ $puppetmaster_hostname_ip = ipresolve($puppetmaster_hostname,4)
+
+ require_package(
+ 'python-designateclient',
+ 'designate-sink',
+ 'designate-common',
+ 'designate',
+ 'designate-api',
+ 'designate-doc',
+ 'designate-central',
+ 'python-novaclient'
+ )
+
+ file { '/usr/lib/python2.7/dist-packages/wmf_sink':
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source =>
"puppet:///modules/openstack2/${version}/designate/wmf_sink",
+ recurse => true,
+ }
+
+ file { '/usr/lib/python2.7/dist-packages/wmf_sink.egg-info':
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source =>
"puppet:///modules/openstack2/${version}/designate/wmf_sink.egg-info",
+ recurse => true,
+ }
+
+ file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi':
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source =>
"puppet:///modules/openstack2/${version}/designate/nova_fixed_multi",
+ recurse => true,
+ }
+
+ file { '/usr/lib/python2.7/dist-packages/nova_fixed_multi.egg-info':
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source =>
"puppet:///modules/openstack2/${version}/designate/nova_fixed_multi.egg-info",
+ recurse => true,
+ }
+
+ file {
+ '/etc/designate/designate.conf':
+ owner => 'designate',
+ group => 'designate',
+ mode => '0440',
+ content =>
template("openstack2/${version}/designate/designate.conf.erb"),
+ notify =>
Service['designate-api','designate-sink','designate-central','designate-mdns','designate-pool-manager'],
+ require => Package['designate-common'];
+ '/etc/designate/api-paste.ini':
+ content =>
template("openstack2/${version}/designate/api-paste.ini.erb"),
+ owner => 'designate',
+ group => 'designate',
+ notify =>
Service['designate-api','designate-sink','designate-central'],
+ require => Package['designate-api'],
+ mode => '0440';
+ '/etc/designate/policy.json':
+ source =>
"puppet:///modules/openstack2/${version}/designate/policy.json",
+ owner => 'designate',
+ group => 'designate',
+ notify =>
Service['designate-api','designate-sink','designate-central'],
+ require => Package['designate-common'],
+ mode => '0440';
+ '/etc/designate/rootwrap.conf':
+ source =>
"puppet:///modules/openstack2/${version}/designate/rootwrap.conf",
+ owner => 'root',
+ group => 'root',
+ notify =>
Service['designate-api','designate-sink','designate-central'],
+ require => Package['designate-common'],
+ mode => '0440';
+ }
+
+ # These would be automatically included in a correct designate package...
+ # probably this can be ripped out in Liberty.
+ logrotate::conf { 'designate-mdns':
+ ensure => 'present',
+ source =>
'puppet:///modules/openstack2/designate/designate-mdns.logrotate',
+ }
+
+ logrotate::conf { 'designate-pool-manager':
+ ensure => 'present',
+ source =>
'puppet:///modules/openstack2/designate/designate-pool-manager.logrotate',
+ }
+
+ file { '/var/lib/designate/.ssh/':
+ ensure => 'directory',
+ owner => 'designate',
+ group => 'designate',
+ }
+
+ file { '/var/lib/designate/.ssh/id_rsa':
+ owner => 'designate',
+ group => 'designate',
+ mode => '0400',
+ content => secret('ssh/puppet_cert_manager/cert_manager'),
+ show_diff => false,
+ }
+
+ file {'/etc/init/designate-pool-manager.conf':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0544',
+ content =>
template('openstack2/initscripts/designate-pool-manager.upstart.erb'),
+ notify => Service['designate-pool-manager'],
+ }
+
+ file {'/etc/init/designate-mdns.conf':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0544',
+ content =>
template('openstack2/initscripts/designate-mdns.upstart.erb'),
+ notify => Service['designate-mdns'],
+ }
+
+ # include rootwrap.d entries
+
+ service {'designate-api':
+ ensure => $active,
+ require => Package['designate-api'];
+ }
+
+ service {'designate-sink':
+ ensure => $active,
+ require => Package['designate-sink'];
+ }
+
+ service {'designate-central':
+ ensure => $active,
+ require => Package['designate-central'];
+ }
+
+ service {'designate-mdns':
+ ensure => $active,
+ require => [
+ Package['designate'],
+ File['/etc/init/designate-mdns.conf'],
+ ],
+ }
+
+ service {'designate-pool-manager':
+ ensure => $active,
+ require => [
+ Package['designate'],
+ File['/etc/init/designate-pool-manager.conf'],
+ ],
+ }
+}
diff --git
a/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb
b/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb
new file mode 100644
index 0000000..d0cfc52
--- /dev/null
+++ b/modules/openstack2/templates/initscripts/designate-mdns.upstart.erb
@@ -0,0 +1,11 @@
+description "Designate mdns"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on [!12345]
+
+setuid designate
+
+chdir /var/lib/designate
+exec /usr/bin/designate-mdns --config-file=/etc/designate/designate.conf
--log-file=/var/log/designate/designate-mdns.log
+respawn
+respawn limit 10 30
diff --git
a/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb
b/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb
new file mode 100644
index 0000000..392986d
--- /dev/null
+++
b/modules/openstack2/templates/initscripts/designate-pool-manager.upstart.erb
@@ -0,0 +1,11 @@
+description "Designate pool manager"
+
+start on (local-filesystems and net-device-up IFACE!=lo)
+stop on [!12345]
+
+setuid designate
+
+chdir /var/lib/designate
+exec /usr/bin/designate-pool-manager
--config-file=/etc/designate/designate.conf
--log-file=/var/log/designate/designate-pool-manager.log
+respawn
+respawn limit 10 30
diff --git a/modules/openstack/templates/liberty/designate/api-paste.ini.erb
b/modules/openstack2/templates/liberty/designate/api-paste.ini.erb
similarity index 100%
rename from modules/openstack/templates/liberty/designate/api-paste.ini.erb
rename to modules/openstack2/templates/liberty/designate/api-paste.ini.erb
diff --git a/modules/openstack/templates/liberty/designate/designate.conf.erb
b/modules/openstack2/templates/liberty/designate/designate.conf.erb
similarity index 82%
rename from modules/openstack/templates/liberty/designate/designate.conf.erb
rename to modules/openstack2/templates/liberty/designate/designate.conf.erb
index 728853e..c8c0fa0 100644
--- a/modules/openstack/templates/liberty/designate/designate.conf.erb
+++ b/modules/openstack2/templates/liberty/designate/designate.conf.erb
@@ -135,7 +135,7 @@
auth_uri = <%= @keystone_public_uri %>
identity_uri = <%= @keystone_admin_uri %>
admin_user = novaadmin
-admin_password = <%= @keystoneconfig["ldap_user_pass"] %>
+admin_password = <%= @ldap_user_pass %>
#-----------------------
# Sink Service
@@ -211,14 +211,14 @@
# the 'pool_target' is the pdns database, which we write to for zone creation
and deletion
[pool_target:f26e0b32-736f-4f0a-831b-039a415c481e]
-options = connection: mysql://<%= @designateconfig["pdns_db_user"] %>:<%=
@designateconfig["pdns_db_pass"] %>@<%=@primary_pdns_ip%>/<%=
@designateconfig["pdns_db_name"] %>, host: <%= @primary_pdns_ip %>, port: 53
+options = connection: mysql://<%= @pdns_db_user %>:<%= @pdns_db_pass
%>@<%=@primary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @primary_pdns_ip %>,
port: 53
# This is an alternate db account with more rights -- this setting should
# be used when running the db-sync command and the like during upgrades.
-#options = connection: mysql://<%= @designateconfig["db_admin_user"] %>:<%=
@designateconfig["db_admin_pass"] %>@<%=@primary_pdns_ip%>/<%=
@designateconfig["pdns_db_name"] %>, host: <%= @primary_pdns_ip %>, port: 53
+#options = connection: mysql://<%= @db_admin_user %>:<%= @db_admin_pass
%>@<%=@primary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @primary_pdns_ip %>,
port: 53
# This is a comma separated list of the mdns servers.
# Note that for this to take effect, the list of masters must also be set in
the pdns database:
# UPDATE pdns.domains SET master="<comman-separated list of masters>"
-masters = <%= scope.function_ipresolve([@designate_host, 4]) %>:5354
+masters = <%= @designate_host_ip %>:5354
type = powerdns
# These next two settings are /probably/ unused, it's unclear:
host = <%= @primary_pdns_ip %>
@@ -227,14 +227,14 @@
<% if @secondary_pdns_ip != @primary_pdns_ip %>
# the 'pool_target' is the pdns database, which we write to for zone creation
and deletion
[pool_target:f845cc43-2052-4d4b-a159-db6fce37b110]
-options = connection: mysql://<%= @designateconfig["pdns_db_user"] %>:<%=
@designateconfig["pdns_db_pass"] %>@<%=@secondary_pdns_ip%>/<%=
@designateconfig["pdns_db_name"] %>, host: <%= @secondary_pdns_ip %>, port: 53
+options = connection: mysql://<%= @pdns_db_user %>:<%= @pdns_db_pass
%>@<%=@secondary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @secondary_pdns_ip
%>, port: 53
# This is an alternate db account with more rights -- this setting should
# be used when running the db-sync command and the like during upgrades.
-#options = connection: mysql://<%= @designateconfig["db_admin_user"] %>:<%=
@designateconfig["db_admin_pass"] %>@<%=@secondary_pdns_ip%>/<%=
@designateconfig["pdns_db_name"] %>, host: <%= @secondary_pdns_ip %>, port: 53
+#options = connection: mysql://<%= @db_admin_user %>:<%= @db_admin_pass
%>@<%=@secondary_pdns_ip%>/<%= @pdns_db_name %>, host: <%= @secondary_pdns_ip
%>, port: 53
# This is a comma separated list of the mdns servers.
# Note that for this to take effect, the list of masters must also be set in
the pdns database:
# UPDATE pdns.domains SET master="<comman-separated list of masters>"
-masters = <%= scope.function_ipresolve([@designate_host, 4]) %>:5354
+masters = <%= @designate_host_ip %>:5354
type = powerdns
# These next two settings are /probably/ unused, it's unclear:
host = <%= @secondary_pdns_ip %>
@@ -266,7 +266,7 @@
[storage:sqlalchemy]
# Database connection string - to configure options for a given implementation
# like sqlalchemy or other see below
-connection = mysql://<%= @designateconfig["db_user"] %>:<%=
@designateconfig["db_pass"] %>@<%= @designateconfig["db_host"] %>/<%=
@designateconfig["db_name"] %>
+connection = mysql://<%= @db_user %>:<%= @db_pass %>@<%= @db_host %>/<%=
@db_name %>
#connection_debug = 100
#connection_trace = True
idle_timeout = 3600
@@ -281,14 +281,14 @@
#-----------------------
[handler:nova_fixed_multi]
# Domain ID of domain to create records in. For a pre-existing domain, in this
case eqiad.wmflabs
-domain_id = '<%= @designateconfig["domain_id_internal_forward"] %>'
+domain_id = '<%= @domain_id_internal_forward %>'
site = '<%= scope.lookupvar("::site") %>'
notification_topics = monitor
notification_topics = notifications
control_exchange = nova
format = '%(hostname)s.%(project_name)s.%(domain)s'
format = '%(hostname)s.%(domain)s'
-reverse_domain_id = '<%= @designateconfig["domain_id_internal_reverse"] %>'
+reverse_domain_id = '<%= @domain_id_internal_reverse %>'
reverse_format = '%(hostname)s.%(project_name)s.%(domain)s'
#-----------------------
@@ -299,16 +299,16 @@
[handler:wmf_sink]
# Domain ID of domain for instances.
# For a pre-existing domain, in this case eqiad.wmflabs
-domain_id = '<%= @designateconfig["domain_id_internal_forward"] %>'
+domain_id = '<%= @domain_id_internal_forward %>'
notification_topics = monitor
notification_topics = notifications
control_exchange = nova
certmanager_user = certmanager
fqdn_format = '%(hostname)s.%(project_name)s.%(domain)s'
-puppet_master_host = "<%=
scope.function_ipresolve([@designateconfig['puppetmaster_hostname'], 4]) %>"
-salt_master_host = "<%= @designateconfig['controller_hostname'] %>"
-puppet_config_backend = "http://<%= @designateconfig['puppetmaster_hostname']
%>:8101/v1"
+puppet_master_host = "<%= @puppetmaster_hostname_ip %>"
+salt_master_host = "<%= @nova_controller %>"
+puppet_config_backend = "http://<%= @puppetmaster_hostname %>:8101/v1"
#------------------------
# Neutron Floating Handler
@@ -327,7 +327,7 @@
# SQLAlchemy Pool Manager Cache
#-----------------------
[pool_manager_cache:sqlalchemy]
-connection = mysql://<%= @designateconfig["db_user"] %>:<%=
@designateconfig["db_pass"] %>@<%= @designateconfig["db_host"] %>/<%=
@designateconfig["pool_manager_db_name"] %>
+connection = mysql://<%= @db_user %>:<%= @db_pass %>@<%= @db_host %>/<%=
@pool_manager_db_name %>
#connection_debug = 100
#connection_trace = False
#sqlite_synchronous = True
@@ -337,8 +337,8 @@
[oslo_messaging_rabbit]
# RabbitMQ Config
-rabbit_userid = <%= @designateconfig["rabbit_user"] %>
-rabbit_password = <%= @designateconfig["rabbit_pass"] %>
+rabbit_userid = <%= @rabbit_user %>
+rabbit_password = <%= @rabbit_pass %>
rabbit_use_ssl = False
-rabbit_hosts = <%= @designateconfig["rabbit_host"] %>
+rabbit_hosts = <%= @rabbit_host %>
rabbit_port = 5672
diff --git a/modules/profile/manifests/openstack/base/designate/service.pp
b/modules/profile/manifests/openstack/base/designate/service.pp
new file mode 100644
index 0000000..1c5d1e4
--- /dev/null
+++ b/modules/profile/manifests/openstack/base/designate/service.pp
@@ -0,0 +1,85 @@
+class profile::openstack::base::designate::service(
+ $version = hiera('profile::openstack::base::version'),
+ $designate_host = hiera('profile::openstack::base::designate_host'),
+ $nova_controller = hiera('profile::openstack::base::nova_controller'),
+ $puppetmaster_hostname =
hiera('profile::openstack::base::puppetmaster_hostname'),
+ $db_user = hiera('profile::openstack::base::designate::db_user'),
+ $db_pass = hiera('profile::openstack::base::designate::db_pass'),
+ $db_host = hiera('profile::openstack::base::designate::db_host'),
+ $db_name = hiera('profile::openstack::base::designate::db_name'),
+ $domain_id_internal_forward =
hiera('profile::openstack::base::designate::domain_id_internal_forward'),
+ $domain_id_internal_reverse =
hiera('profile::openstack::base::designate::domain_id_internal_reverse'),
+ $pool_manager_db_name =
hiera('profile::openstack::base::designate::pool_manager_db_name'),
+ $ldap_user_pass = hiera('profile::openstack::base::ldap_user_pass'),
+ $pdns_db_user = hiera('profile::openstack::base::designate::pdns_db_user'),
+ $pdns_db_pass = hiera('profile::openstack::base::designate::pdns_db_pass'),
+ $pdns_db_name = hiera('profile::openstack::base::designate::pdns_db_name'),
+ $db_admin_user =
hiera('profile::openstack::base::designate::db_admin_user'),
+ $db_admin_pass =
hiera('profile::openstack::base::designate::db_admin_pass'),
+ $primary_pdns = hiera('profile::openstack::base::designate::host'),
+ $secondary_pdns =
hiera('profile::openstack::base::designate::host_secondary'),
+ $rabbit_user = hiera('profile::openstack::base::nova::rabbit_user'),
+ $rabbit_pass = hiera('profile::openstack::base::nova::rabbit_pass'),
+ $keystone_public_port =
hiera('profile::openstack::base::keystone::public_port'),
+ $keystone_auth_port =
hiera('profile::openstack::base::keystone::auth_port'),
+ $osm_host = hiera('profile::openstack::base::osm_host'),
+ $horizon_host = hiera('profile::openstack::base::horizon_host'),
+ ) {
+
+ $primary_pdns_ip = ipresolve($primary_pdns,4)
+ $secondary_pdns_ip = ipresolve($secondary_pdns,4)
+
+ class{'::openstack2::designate::service':
+ active => ($::fqdn == $designate_host),
+ version => $version,
+ designate_host => $designate_host,
+ db_user => $db_user,
+ db_pass => $db_pass,
+ db_host => $db_host,
+ db_name => $db_name,
+ domain_id_internal_forward => $domain_id_internal_forward,
+ domain_id_internal_reverse => $domain_id_internal_reverse,
+ pool_manager_db_name => $pool_manager_db_name,
+ puppetmaster_hostname => $puppetmaster_hostname,
+ nova_controller => $nova_controller,
+ ldap_user_pass => $ldap_user_pass,
+ pdns_db_user => $pdns_db_user,
+ pdns_db_pass => $pdns_db_pass,
+ pdns_db_name => $pdns_db_name,
+ db_admin_user => $db_admin_user,
+ db_admin_pass => $db_admin_pass,
+ primary_pdns_ip => $primary_pdns_ip,
+ secondary_pdns_ip => $secondary_pdns_ip,
+ rabbit_user => $rabbit_user,
+ rabbit_pass => $rabbit_pass,
+ rabbit_host => $nova_controller,
+ keystone_public_port => $keystone_public_port,
+ keystone_auth_port => $keystone_auth_port,
+ }
+
+ # Open designate API to Labs web UIs and the commandline on labcontrol
+ ferm::rule { 'designate-api':
+ rule => "saddr (@resolve(${osm_host}) @resolve(${horizon_host})
@resolve(${nova_controller})) proto tcp dport (9001) ACCEPT;",
+ }
+
+ # Allow labs instances to hit the designate api.
+ #
+ # This is not as permissive as it looks; The wmfkeystoneauth
+ # plugin (via the password whitelist) only allows 'novaobserver'
+ # to authenticate from within labs, and the novaobserver is
+ # limited by the designate policy.json to read-only queries.
+ include network::constants
+ $labs_networks = join($network::constants::labs_networks, ' ')
+ ferm::rule { 'designate-api-for-labs':
+ rule => "saddr (${labs_networks}) proto tcp dport (9001) ACCEPT;",
+ }
+
+ # allow axfr traffic between mdns and pdns on the pdns hosts
+ ferm::rule { 'mdns-axfr':
+ rule => "saddr (${primary_pdns_ip} ${secondary_pdns_ip} ) proto tcp
dport (5354) ACCEPT;",
+ }
+
+ ferm::rule { 'mdns-axfr-udp':
+ rule => "saddr (${primary_pdns_ip} ${secondary_pdns_ip} ) proto udp
dport (5354) ACCEPT;",
+ }
+}
diff --git a/modules/profile/manifests/openstack/labtest/designate/service.pp
b/modules/profile/manifests/openstack/labtest/designate/service.pp
new file mode 100644
index 0000000..4609348
--- /dev/null
+++ b/modules/profile/manifests/openstack/labtest/designate/service.pp
@@ -0,0 +1,39 @@
+class profile::openstack::labtest::designate::service(
+ $version = hiera('profile::openstack::labtest::version'),
+ $designate_host = hiera('profile::openstack::labtest::designate_host'),
+ $nova_controller = hiera('profile::openstack::labtest::nova_controller'),
+ $puppetmaster_hostname =
hiera('profile::openstack::labtest::puppetmaster_hostname'),
+ $db_pass = hiera('profile::openstack::labtest::designate::db_pass'),
+ $db_host = hiera('profile::openstack::labtest::designate::db_host'),
+ $domain_id_internal_forward =
hiera('profile::openstack::labtest::designate::domain_id_internal_forward'),
+ $domain_id_internal_reverse =
hiera('profile::openstack::labtest::designate::domain_id_internal_reverse'),
+ $ldap_user_pass = hiera('profile::openstack::labtest::ldap_user_pass'),
+ $pdns_db_pass =
hiera('profile::openstack::labtest::designate::pdns_db_pass'),
+ $db_admin_pass =
hiera('profile::openstack::labtest::designate::db_admin_pass'),
+ $primary_pdns = hiera('profile::openstack::labtest::pdns::host'),
+ $secondary_pdns =
hiera('profile::openstack::labtest::pdns::host_secondary'),
+ $rabbit_pass = hiera('profile::openstack::labtest::nova::rabbit_pass'),
+ $osm_host = hiera('profile::openstack::labtest::osm_host'),
+ $horizon_host = hiera('profile::openstack::labtest::horizon_host'),
+ ) {
+
+ require ::profile::openstack::labtest::clientlib
+ class{'::profile::openstack::base::designate::service':
+ version => $version,
+ designate_host => $designate_host,
+ db_pass => $db_pass,
+ db_host => $db_host,
+ domain_id_internal_forward => $domain_id_internal_forward,
+ domain_id_internal_reverse => $domain_id_internal_reverse,
+ puppetmaster_hostname => $puppetmaster_hostname,
+ nova_controller => $nova_controller,
+ ldap_user_pass => $ldap_user_pass,
+ pdns_db_pass => $pdns_db_pass,
+ db_admin_pass => $db_admin_pass,
+ primary_pdns => $primary_pdns,
+ secondary_pdns => $secondary_pdns,
+ rabbit_pass => $rabbit_pass,
+ osm_host => $osm_host,
+ horizon_host => $horizon_host,
+ }
+}
diff --git a/modules/profile/manifests/openstack/labtestn/designate/service.pp
b/modules/profile/manifests/openstack/labtestn/designate/service.pp
new file mode 100644
index 0000000..b7b95ab
--- /dev/null
+++ b/modules/profile/manifests/openstack/labtestn/designate/service.pp
@@ -0,0 +1,39 @@
+class profile::openstack::labtestn::designate::service(
+ $version = hiera('profile::openstack::labtestn::version'),
+ $designate_host = hiera('profile::openstack::labtestn::designate_host'),
+ $nova_controller = hiera('profile::openstack::labtestn::nova_controller'),
+ $puppetmaster_hostname =
hiera('profile::openstack::labtestn::puppetmaster_hostname'),
+ $db_pass = hiera('profile::openstack::labtestn::designate::db_pass'),
+ $db_host = hiera('profile::openstack::labtestn::designate::db_host'),
+ $domain_id_internal_forward =
hiera('profile::openstack::labtestn::designate::domain_id_internal_forward'),
+ $domain_id_internal_reverse =
hiera('profile::openstack::labtestn::designate::domain_id_internal_reverse'),
+ $ldap_user_pass = hiera('profile::openstack::labtestn::ldap_user_pass'),
+ $pdns_db_pass =
hiera('profile::openstack::labtestn::designate::pdns_db_pass'),
+ $db_admin_pass =
hiera('profile::openstack::labtestn::designate::db_admin_pass'),
+ $primary_pdns = hiera('profile::openstack::labtestn::pdns::host'),
+ $secondary_pdns =
hiera('profile::openstack::labtestn::pdns::host_secondary'),
+ $rabbit_pass = hiera('profile::openstack::labtestn::nova::rabbit_pass'),
+ $osm_host = hiera('profile::openstack::labtestn::osm_host'),
+ $horizon_host = hiera('profile::openstack::labtestn::horizon_host'),
+ ) {
+
+ require ::profile::openstack::labtestn::clientlib
+ class{'::profile::openstack::base::designate::service':
+ version => $version,
+ designate_host => $designate_host,
+ db_pass => $db_pass,
+ db_host => $db_host,
+ domain_id_internal_forward => $domain_id_internal_forward,
+ domain_id_internal_reverse => $domain_id_internal_reverse,
+ puppetmaster_hostname => $puppetmaster_hostname,
+ nova_controller => $nova_controller,
+ ldap_user_pass => $ldap_user_pass,
+ pdns_db_pass => $pdns_db_pass,
+ db_admin_pass => $db_admin_pass,
+ primary_pdns => $primary_pdns,
+ secondary_pdns => $secondary_pdns,
+ rabbit_pass => $rabbit_pass,
+ osm_host => $osm_host,
+ horizon_host => $horizon_host,
+ }
+}
diff --git a/modules/profile/manifests/openstack/main/designate/service.pp
b/modules/profile/manifests/openstack/main/designate/service.pp
new file mode 100644
index 0000000..a351174
--- /dev/null
+++ b/modules/profile/manifests/openstack/main/designate/service.pp
@@ -0,0 +1,44 @@
+class profile::openstack::main::designate::service(
+ $version = hiera('profile::openstack::main::version'),
+ $designate_host = hiera('profile::openstack::main::designate_host'),
+ $nova_controller = hiera('profile::openstack::main::nova_controller'),
+ $puppetmaster_hostname =
hiera('profile::openstack::main::puppetmaster_hostname'),
+ $db_pass = hiera('profile::openstack::main::designate::db_pass'),
+ $db_host = hiera('profile::openstack::main::designate::db_host'),
+ $domain_id_internal_forward =
hiera('profile::openstack::main::designate::domain_id_internal_forward'),
+ $domain_id_internal_reverse =
hiera('profile::openstack::main::designate::domain_id_internal_reverse'),
+ $ldap_user_pass = hiera('profile::openstack::main::ldap_user_pass'),
+ $pdns_db_pass = hiera('profile::openstack::main::designate::pdns_db_pass'),
+ $db_admin_pass =
hiera('profile::openstack::main::designate::db_admin_pass'),
+ $primary_pdns = hiera('profile::openstack::main::pdns::host'),
+ $secondary_pdns = hiera('profile::openstack::main::pdns::host_secondary'),
+ $rabbit_pass = hiera('profile::openstack::main::nova::rabbit_pass'),
+ $osm_host = hiera('profile::openstack::main::osm_host'),
+ $horizon_host = hiera('profile::openstack::main::horizon_host'),
+ ) {
+
+ require ::profile::openstack::main::clientlib
+ class{'::profile::openstack::base::designate::service':
+ version => $version,
+ designate_host => $designate_host,
+ db_pass => $db_pass,
+ db_host => $db_host,
+ domain_id_internal_forward => $domain_id_internal_forward,
+ domain_id_internal_reverse => $domain_id_internal_reverse,
+ puppetmaster_hostname => $puppetmaster_hostname,
+ nova_controller => $nova_controller,
+ ldap_user_pass => $ldap_user_pass,
+ pdns_db_pass => $pdns_db_pass,
+ db_admin_pass => $db_admin_pass,
+ primary_pdns => $primary_pdns,
+ secondary_pdns => $secondary_pdns,
+ rabbit_pass => $rabbit_pass,
+ osm_host => $osm_host,
+ horizon_host => $horizon_host,
+ }
+
+
+ class {'::openstack2::designate::monitor':
+ active => ($::fqdn == $designate_host),
+ }
+}
diff --git a/modules/role/manifests/labs/openstack/designate/server.pp
b/modules/role/manifests/labs/openstack/designate/server.pp
deleted file mode 100644
index a76fd22..0000000
--- a/modules/role/manifests/labs/openstack/designate/server.pp
+++ /dev/null
@@ -1,60 +0,0 @@
-class role::labs::openstack::designate::server {
-
- system::role { $name: }
-
- include openstack
-
- $keystone_host = hiera('labs_keystone_host')
- $nova_controller = hiera('labs_nova_controller')
- $designate_host = hiera('labs_designate_hostname')
- $osm_host = hiera('labs_osm_host')
- $horizon_host = hiera('labs_horizon_host')
-
- $keystoneconfig = hiera_hash('keystoneconfig', {})
- $designateconfig = hiera_hash('designateconfig', {})
-
- $controller_ip = ipresolve($nova_controller,4)
- $horizon_ip = ipresolve($horizon_host,4)
- $wikitech_ip = ipresolve($osm_host,4)
-
- $dnsconfig = hiera_hash('labsdnsconfig', {})
- $dns_host = $dnsconfig['host']
- $dns_host_secondary = $dnsconfig['host_secondary']
- $dns_host_ip = ipresolve ($dns_host)
- $dns_host_secondary_ip = ipresolve ($dns_host_secondary)
-
- class { 'openstack::designate::service':
- active_server => $designate_host,
- nova_controller => $nova_controller,
- keystone_host => $keystone_host,
- keystoneconfig => $keystoneconfig,
- designateconfig => $designateconfig,
- primary_pdns_ip => $dns_host_ip,
- secondary_pdns_ip => $dns_host_secondary_ip,
- }
-
- # Open designate API to Labs web UIs and the commandline on labcontrol
- ferm::rule { 'designate-api':
- rule => "saddr (${wikitech_ip} ${horizon_ip} ${controller_ip}) proto
tcp dport (9001) ACCEPT;",
- }
-
- # Allow labs instances to hit the designate api.
- #
- # This is not as permissive as it looks; The wmfkeystoneauth
- # plugin (via the password whitelist) only allows 'novaobserver'
- # to authenticate from within labs, and the novaobserver is
- # limited by the designate policy.json to read-only queries.
- include network::constants
- $labs_networks = join($network::constants::labs_networks, ' ')
- ferm::rule { 'designate-api-for-labs':
- rule => "saddr (${labs_networks}) proto tcp dport (9001) ACCEPT;",
- }
-
- # allow axfr traffic between mdns and pdns on the pdns hosts
- ferm::rule { 'mdns-axfr':
- rule => "saddr (${dns_host_ip} ${dns_host_secondary_ip} ) proto tcp
dport (5354) ACCEPT;",
- }
- ferm::rule { 'mdns-axfr-udp':
- rule => "saddr (${dns_host_ip} ${dns_host_secondary_ip} ) proto udp
dport (5354) ACCEPT;",
- }
-}
diff --git a/modules/role/manifests/wmcs/openstack/labtest/services.pp
b/modules/role/manifests/wmcs/openstack/labtest/services.pp
index 690b2b2..13efc1d 100644
--- a/modules/role/manifests/wmcs/openstack/labtest/services.pp
+++ b/modules/role/manifests/wmcs/openstack/labtest/services.pp
@@ -1,3 +1,4 @@
class role::wmcs::openstack::labtest::services {
- include profile::openstack::labtest::cloudrepo
+ include ::profile::openstack::labtest::cloudrepo
+ include ::profile::openstack::labtest::designate::service
}
diff --git a/modules/role/manifests/wmcs/openstack/labtestn/services.pp
b/modules/role/manifests/wmcs/openstack/labtestn/services.pp
index f0762b5..b4f9fd0 100644
--- a/modules/role/manifests/wmcs/openstack/labtestn/services.pp
+++ b/modules/role/manifests/wmcs/openstack/labtestn/services.pp
@@ -1,3 +1,4 @@
class role::wmcs::openstack::labtestn::services {
- include profile::openstack::labtestn::cloudrepo
+ include ::profile::openstack::labtestn::cloudrepo
+ include ::profile::openstack::labtestn::designate::service
}
diff --git a/modules/role/manifests/wmcs/openstack/main/services.pp
b/modules/role/manifests/wmcs/openstack/main/services.pp
index 340d369..4405938 100644
--- a/modules/role/manifests/wmcs/openstack/main/services.pp
+++ b/modules/role/manifests/wmcs/openstack/main/services.pp
@@ -1,3 +1,4 @@
class role::wmcs::openstack::main::services {
- include profile::openstack::main::cloudrepo
+ include ::profile::openstack::main::cloudrepo
+ include ::profile::openstack::main::designate::service
}
--
To view, visit https://gerrit.wikimedia.org/r/376848
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ib66fdb449af65f8c3608a6d225ee80976f4acd7d
Gerrit-PatchSet: 20
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Alex Monk <kren...@gmail.com>
Gerrit-Reviewer: Giuseppe Lavagetto <glavage...@wikimedia.org>
Gerrit-Reviewer: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
