Rush has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/373598 )
Change subject: openstack: openstack2/keystone/monitor move to profile base
......................................................................
openstack: openstack2/keystone/monitor move to profile base
* move to profile base as it is set in every deployment
profile anyway
* dynamic public_port
* dynamic auth_port
* stop checking inactive controllers for keystone
specific things
Bug: T171494
Change-Id: Ibeb1eca9f8ef64836cf6728ac5a0917e74b47193
---
M modules/openstack2/manifests/keystone/monitor.pp
M modules/profile/manifests/openstack/base/keystone/service.pp
M modules/profile/manifests/openstack/labtest/keystone/service.pp
M modules/profile/manifests/openstack/labtestn/keystone/service.pp
M modules/profile/manifests/openstack/main/keystone/service.pp
5 files changed, 48 insertions(+), 29 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/98/373598/1
diff --git a/modules/openstack2/manifests/keystone/monitor.pp
b/modules/openstack2/manifests/keystone/monitor.pp
index 10441ad..86073af 100644
--- a/modules/openstack2/manifests/keystone/monitor.pp
+++ b/modules/openstack2/manifests/keystone/monitor.pp
@@ -4,38 +4,35 @@
#
# This also checks the functionality of the keystone API generally.
-class openstack2::keystone::monitor() {
+class openstack2::keystone::monitor(
+ $active,
+ $auth_port,
+ $public_port,
+ ) {
- monitoring::service { 'keystone-http-35357':
- description => 'keystone admin endpoint',
- check_command => 'check_http_on_port!35357',
+ # monitoring::service doesn't take a bool
+ if $active {
+ $ensure = 'present'
+ }
+ else {
+ $ensure = 'absent'
}
- monitoring::service { 'keystone-http-5000': # v2 api is limited here
- description => 'keystone public endoint',
- check_command => 'check_http_on_port!5000',
+ monitoring::service { "keystone-http-${auth_port}":
+ ensure => $ensure,
+ description => "keystone admin endpoint port ${auth_port}",
+ check_command => "check_http_on_port!${auth_port}",
}
- # Script to check all keystone projects for a given user and role
- file { '/usr/local/bin/check_keystone_roles.py':
- ensure => present,
- source => 'puppet:///modules/openstack/check_keystone_roles.py',
- mode => '0755',
- owner => 'root',
- group => 'root',
- }
-
- # Script to make sure that service projects e.g. 'admin' exists
- file { '/usr/local/bin/check_keystone_projects.py':
- ensure => present,
- source => 'puppet:///modules/openstack/check_keystone_projects.py',
- mode => '0755',
- owner => 'root',
- group => 'root',
+ monitoring::service { "keystone-http-${public_port}": # v2 api is limited
here
+ ensure => $ensure,
+ description => "keystone public endoint port ${public_port}",
+ check_command => "check_http_on_port!${public_port}",
}
# Make sure 'novaobserver' has 'observer' everywhere
nrpe::monitor_service { 'check-novaobserver-membership':
+ ensure => $ensure,
nrpe_command => '/usr/local/bin/check_keystone_roles.py novaobserver
observer',
description => 'novaobserver has only observer role',
require => File['/usr/local/bin/check_keystone_roles.py'],
@@ -43,6 +40,7 @@
# Make sure 'novaadmin' has 'projectadmin' and 'user' everywhere
nrpe::monitor_service { 'check-novaadmin-membership':
+ ensure => $ensure,
nrpe_command => '/usr/local/bin/check_keystone_roles.py novaadmin user
projectadmin',
description => 'novaadmin has roles in every project',
require => File['/usr/local/bin/check_keystone_roles.py'],
@@ -50,8 +48,28 @@
# Verify service projects
nrpe::monitor_service { 'check-keystone-projects':
+ ensure => $ensure,
nrpe_command => '/usr/local/bin/check_keystone_projects.py',
description => 'Keystone admin and observer projects exist',
require => File['/usr/local/bin/check_keystone_roles.py'],
}
+
+ # Script to check all keystone projects for a given user and role
+ file { '/usr/local/bin/check_keystone_roles.py':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source => 'puppet:///modules/openstack/check_keystone_roles.py',
+ }
+
+ # Script to make sure that service projects e.g. 'admin' exists
+ file { '/usr/local/bin/check_keystone_projects.py':
+ ensure => 'present',
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source => 'puppet:///modules/openstack/check_keystone_projects.py',
+ }
+
}
diff --git a/modules/profile/manifests/openstack/base/keystone/service.pp
b/modules/profile/manifests/openstack/base/keystone/service.pp
index 1b7d8e2..d174c95 100644
--- a/modules/profile/manifests/openstack/base/keystone/service.pp
+++ b/modules/profile/manifests/openstack/base/keystone/service.pp
@@ -15,6 +15,7 @@
$ldap_user_pass = hiera('profile::openstack::base::ldap_user_pass'),
$auth_protocol =
hiera('profile::openstack::base::keystone::auth_protocol'),
$auth_port = hiera('profile::openstack::base::keystone::auth_port'),
+ $public_port = hiera('profile::openstack::base::keystone::public_port'),
$wiki_status_page_prefix =
hiera('profile::openstack::base::keystone::wiki_status_page_prefix'),
$wiki_status_consumer_token =
hiera('profile::openstack::base::keystone::wiki_status_consumer_token'),
$wiki_status_consumer_secret =
hiera('profile::openstack::base::keystone::wiki_status_consumer_secret'),
@@ -54,4 +55,10 @@
wiki_access_token => $wiki_access_token,
wiki_access_secret => $wiki_access_secret,
}
+
+ class {'openstack2::keystone::monitor':
+ active => $::fqdn == $nova_controller,
+ auth_port => $auth_port,
+ public_port => $public_port,
+ }
}
diff --git a/modules/profile/manifests/openstack/labtest/keystone/service.pp
b/modules/profile/manifests/openstack/labtest/keystone/service.pp
index 7fe2f64..62ca78f 100644
--- a/modules/profile/manifests/openstack/labtest/keystone/service.pp
+++ b/modules/profile/manifests/openstack/labtest/keystone/service.pp
@@ -45,6 +45,4 @@
class {'profile::openstack::base::keystone::hooks':
version => $version,
}
-
- class {'openstack2::keystone::monitor':}
}
diff --git a/modules/profile/manifests/openstack/labtestn/keystone/service.pp
b/modules/profile/manifests/openstack/labtestn/keystone/service.pp
index 65077bf..17c62fd 100644
--- a/modules/profile/manifests/openstack/labtestn/keystone/service.pp
+++ b/modules/profile/manifests/openstack/labtestn/keystone/service.pp
@@ -45,6 +45,4 @@
class {'profile::openstack::base::keystone::hooks':
version => $version,
}
-
- class {'openstack2::keystone::monitor':}
}
diff --git a/modules/profile/manifests/openstack/main/keystone/service.pp
b/modules/profile/manifests/openstack/main/keystone/service.pp
index 9997622..c36d02d 100644
--- a/modules/profile/manifests/openstack/main/keystone/service.pp
+++ b/modules/profile/manifests/openstack/main/keystone/service.pp
@@ -43,8 +43,6 @@
version => $version,
}
- class {'openstack2::keystone::monitor':}
-
class {'openstack2::keystone::cleanup':
active => $::fqdn == $nova_controller,
db_user => $db_user,
--
To view, visit https://gerrit.wikimedia.org/r/373598
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibeb1eca9f8ef64836cf6728ac5a0917e74b47193
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
