Rush has submitted this change and it was merged.
Change subject: openstack: refactor designate role/class for labtest
......................................................................
openstack: refactor designate role/class for labtest
Change-Id: I0e9eda122fd3cc009840b7e315257980c234c9be
---
M modules/ldap/manifests/client/utils.pp
M modules/openstack/manifests/designate/service.pp
M modules/openstack/templates/kilo/designate/designate.conf.erb
M modules/role/manifests/labs/openstack/designate.pp
4 files changed, 43 insertions(+), 38 deletions(-)
Approvals:
Rush: Looks good to me, approved
jenkins-bot: Verified
diff --git a/modules/ldap/manifests/client/utils.pp
b/modules/ldap/manifests/client/utils.pp
index ed97c6e..368dd82 100644
--- a/modules/ldap/manifests/client/utils.pp
+++ b/modules/ldap/manifests/client/utils.pp
@@ -2,6 +2,7 @@
# include ldap::client::utils, since some scripts use getent for ldap user info
# Remember though, that including ldap::client::nss will mean users in the
# ldap database will then be listed as users of the system, so use care.
+
class ldap::client::utils($ldapconfig) {
package { [
'python-ldap',
diff --git a/modules/openstack/manifests/designate/service.pp
b/modules/openstack/manifests/designate/service.pp
index f7e3fde..d4174fc 100644
--- a/modules/openstack/manifests/designate/service.pp
+++ b/modules/openstack/manifests/designate/service.pp
@@ -1,11 +1,20 @@
# Designate provides DNSaaS services for OpenStack
# https://wiki.openstack.org/wiki/Designate
-class openstack::designate::service ($openstack_version=$::openstack::version,
$designateconfig) {
+
+class openstack::designate::service (
+ $openstack_version=$::openstack::version,
+ $active_server,
+ $nova_controller,
+ $keystone_host,
+ $keystoneconfig,
+ $designateconfig,
+)
+ {
require openstack::repo
- include passwords::openstack::nova
- $ldap_user_pass = $passwords::openstack::nova::nova_ldap_user_pass
+ $keystone_host_ip = ipresolve($keystone_host,4)
+ $nova_controller_ip = ipresolve($nova_controller)
require_package(
'python-designateclient',
@@ -19,10 +28,6 @@
'python-novaclient',
'python-nova-fixed-multi'
)
-
-
- # This password is to allow designate to write to instance metadata
- $wikitech_nova_ldap_user_pass =
$passwords::openstack::nova::nova_ldap_user_pass
file {
'/etc/designate/designate.conf':
@@ -72,10 +77,22 @@
mode => '0444',
}
+ file { '/var/lib/designate/.ssh/':
+ ensure => directory,
+ owner => 'designate',
+ group => 'designate',
+ }
+
+ file { '/var/lib/designate/.ssh/id_rsa':
+ owner => 'designate',
+ group => 'designate',
+ mode => '0400',
+ content => secret('ssh/puppet_cert_manager/cert_manager')
+ }
# include rootwrap.d entries
- if $::fqdn == hiera('labs_designate_hostname') {
+ if $::fqdn == $active_server {
service {'designate-api':
ensure => running,
require => Package['designate-api'];
diff --git a/modules/openstack/templates/kilo/designate/designate.conf.erb
b/modules/openstack/templates/kilo/designate/designate.conf.erb
index b57efd3..85692fd 100644
--- a/modules/openstack/templates/kilo/designate/designate.conf.erb
+++ b/modules/openstack/templates/kilo/designate/designate.conf.erb
@@ -100,11 +100,11 @@
# Keystone Middleware
#-----------------------
[keystone_authtoken]
-auth_host = <%= @designateconfig["keystone_auth_host"] %>
-auth_port = <%= @designateconfig["keystone_auth_port"] %>
-auth_protocol = <%= @designateconfig["keystone_auth_protocol"] %>
-admin_token = <%= @designateconfig["keystone_admin_token"] %>
-auth_uri = <%= @designateconfig["auth_uri"] %>
+auth_host = <%= @keystone_host_ip %>
+auth_port = <%= @keystoneconfig["auth_port"] %>
+auth_protocol = <%= @keystoneconfig['auth_protocol'] %>
+admin_token = <%= @keystoneconfig['admin_token'] %>
+auth_uri = http://<%= @nova_controller_ip %>:5000
#-----------------------
# Sink Service
@@ -220,7 +220,7 @@
reverse_domain_id = '8d114f3c-815b-466c-bdd4-9b91f704ea60'
reverse_format = '%(hostname)s.%(project_name)s.%(domain)s'
keystone_auth_name = "novaadmin"
-keystone_auth_pass = "<%= @wikitech_nova_ldap_user_pass %>"
+keystone_auth_pass = "<%= @keystoneconfig['ldap_user_pass'] %>"
keystone_auth_project = "testlabs"
keystone_auth_url = "http://<%= @designateconfig['controller_hostname']
%>:35357/v3"
@@ -237,11 +237,11 @@
ldapusername = uid=novaadmin,ou=people,dc=wikimedia,dc=org
ldappassword = <%= @ldap_user_pass %>
nova_auth_name = "novaadmin"
-nova_auth_pass = "<%= @wikitech_nova_ldap_user_pass %>"
+nova_auth_pass = "<%= @keystoneconfig['ldap_user_pass'] %>"
nova_auth_project = "testlabs"
nova_auth_url = "http://<%= @designateconfig['controller_hostname']
%>:35357/v2.0"
keystone_auth_name = "novaadmin"
-keystone_auth_pass = "<%= @wikitech_nova_ldap_user_pass %>"
+keystone_auth_pass = "<%= @keystoneconfig['ldap_user_pass'] %>"
keystone_auth_project = "testlabs"
keystone_auth_url = "http://<%= @designateconfig['controller_hostname']
%>:35357/v3"
diff --git a/modules/role/manifests/labs/openstack/designate.pp
b/modules/role/manifests/labs/openstack/designate.pp
index 0d0f7ea..81d7b94 100644
--- a/modules/role/manifests/labs/openstack/designate.pp
+++ b/modules/role/manifests/labs/openstack/designate.pp
@@ -3,41 +3,28 @@
system::role { $name: }
include openstack
+
$keystone_host = hiera('labs_keystone_host')
$nova_controller = hiera('labs_nova_controller')
+ $designate_host = hiera('labs_designate_hostname')
$keystoneconfig = hiera_hash('keystoneconfig', {})
$designateconfig = hiera_hash('designateconfig', {})
- $wikitech_ip = ipresolve('wikitech.wikimedia.org',4)
- $horizon_ip = ipresolve('horizon.wikimedia.org',4)
- $controller_ip = ipresolve($nova_controller,4)
-
- $designateconfig['auth_uri'] =
"http://${nova_controller}:5000";
- $designateconfig['keystone_auth_host'] = ipresolve($keystone_host,4)
- $designateconfig['keystone_auth_port'] = $keystoneconfig['auth_port']
- $designateconfig['keystone_admin_token'] = $keystoneconfig['admin_token']
- $designateconfig['keystone_auth_protocol'] =
$keystoneconfig['auth_protocol']
+ $controller_ip = ipresolve($nova_controller,4)
+ $horizon_ip = ipresolve('horizon.wikimedia.org',4)
+ $wikitech_ip = ipresolve('wikitech.wikimedia.org',4)
class { 'openstack::designate::service':
+ active_server => $designate_host,
+ nova_controller => $nova_controller,
+ keystone_host => $keystone_host,
+ keystoneconfig => $keystoneconfig,
designateconfig => $designateconfig,
}
# Poke a firewall hole for the designate api
ferm::rule { 'designate-api':
rule => "saddr (${wikitech_ip} ${horizon_ip} ${controller_ip}) proto
tcp dport (9001) ACCEPT;",
- }
-
- file { '/var/lib/designate/.ssh/':
- ensure => directory,
- owner => 'designate',
- group => 'designate',
- }
-
- file { '/var/lib/designate/.ssh/id_rsa':
- owner => 'designate',
- group => 'designate',
- mode => '0400',
- content => secret('ssh/puppet_cert_manager/cert_manager')
}
}
--
To view, visit https://gerrit.wikimedia.org/r/256477
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0e9eda122fd3cc009840b7e315257980c234c9be
Gerrit-PatchSet: 4
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
Gerrit-Reviewer: Rush <r...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
