Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/373598 )
Change subject: openstack: openstack2/keystone/monitor move to profile base ...................................................................... openstack: openstack2/keystone/monitor move to profile base * move to profile base as it is set in every deployment profile anyway * dynamic public_port * dynamic auth_port * stop checking inactive controllers for keystone specific things Bug: T171494 Change-Id: Ibeb1eca9f8ef64836cf6728ac5a0917e74b47193 --- M modules/openstack2/manifests/keystone/monitor.pp M modules/profile/manifests/openstack/base/keystone/service.pp M modules/profile/manifests/openstack/labtest/keystone/service.pp M modules/profile/manifests/openstack/labtestn/keystone/service.pp M modules/profile/manifests/openstack/main/keystone/service.pp 5 files changed, 48 insertions(+), 29 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/98/373598/1 diff --git a/modules/openstack2/manifests/keystone/monitor.pp b/modules/openstack2/manifests/keystone/monitor.pp index 10441ad..86073af 100644 --- a/modules/openstack2/manifests/keystone/monitor.pp +++ b/modules/openstack2/manifests/keystone/monitor.pp @@ -4,38 +4,35 @@ # # This also checks the functionality of the keystone API generally. -class openstack2::keystone::monitor() { +class openstack2::keystone::monitor( + $active, + $auth_port, + $public_port, + ) { - monitoring::service { 'keystone-http-35357': - description => 'keystone admin endpoint', - check_command => 'check_http_on_port!35357', + # monitoring::service doesn't take a bool + if $active { + $ensure = 'present' + } + else { + $ensure = 'absent' } - monitoring::service { 'keystone-http-5000': # v2 api is limited here - description => 'keystone public endoint', - check_command => 'check_http_on_port!5000', + monitoring::service { "keystone-http-${auth_port}": + ensure => $ensure, + description => "keystone admin endpoint port ${auth_port}", + check_command => "check_http_on_port!${auth_port}", } - # Script to check all keystone projects for a given user and role - file { '/usr/local/bin/check_keystone_roles.py': - ensure => present, - source => 'puppet:///modules/openstack/check_keystone_roles.py', - mode => '0755', - owner => 'root', - group => 'root', - } - - # Script to make sure that service projects e.g. 'admin' exists - file { '/usr/local/bin/check_keystone_projects.py': - ensure => present, - source => 'puppet:///modules/openstack/check_keystone_projects.py', - mode => '0755', - owner => 'root', - group => 'root', + monitoring::service { "keystone-http-${public_port}": # v2 api is limited here + ensure => $ensure, + description => "keystone public endoint port ${public_port}", + check_command => "check_http_on_port!${public_port}", } # Make sure 'novaobserver' has 'observer' everywhere nrpe::monitor_service { 'check-novaobserver-membership': + ensure => $ensure, nrpe_command => '/usr/local/bin/check_keystone_roles.py novaobserver observer', description => 'novaobserver has only observer role', require => File['/usr/local/bin/check_keystone_roles.py'], @@ -43,6 +40,7 @@ # Make sure 'novaadmin' has 'projectadmin' and 'user' everywhere nrpe::monitor_service { 'check-novaadmin-membership': + ensure => $ensure, nrpe_command => '/usr/local/bin/check_keystone_roles.py novaadmin user projectadmin', description => 'novaadmin has roles in every project', require => File['/usr/local/bin/check_keystone_roles.py'], @@ -50,8 +48,28 @@ # Verify service projects nrpe::monitor_service { 'check-keystone-projects': + ensure => $ensure, nrpe_command => '/usr/local/bin/check_keystone_projects.py', description => 'Keystone admin and observer projects exist', require => File['/usr/local/bin/check_keystone_roles.py'], } + + # Script to check all keystone projects for a given user and role + file { '/usr/local/bin/check_keystone_roles.py': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/openstack/check_keystone_roles.py', + } + + # Script to make sure that service projects e.g. 'admin' exists + file { '/usr/local/bin/check_keystone_projects.py': + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0755', + source => 'puppet:///modules/openstack/check_keystone_projects.py', + } + } diff --git a/modules/profile/manifests/openstack/base/keystone/service.pp b/modules/profile/manifests/openstack/base/keystone/service.pp index 1b7d8e2..d174c95 100644 --- a/modules/profile/manifests/openstack/base/keystone/service.pp +++ b/modules/profile/manifests/openstack/base/keystone/service.pp @@ -15,6 +15,7 @@ $ldap_user_pass = hiera('profile::openstack::base::ldap_user_pass'), $auth_protocol = hiera('profile::openstack::base::keystone::auth_protocol'), $auth_port = hiera('profile::openstack::base::keystone::auth_port'), + $public_port = hiera('profile::openstack::base::keystone::public_port'), $wiki_status_page_prefix = hiera('profile::openstack::base::keystone::wiki_status_page_prefix'), $wiki_status_consumer_token = hiera('profile::openstack::base::keystone::wiki_status_consumer_token'), $wiki_status_consumer_secret = hiera('profile::openstack::base::keystone::wiki_status_consumer_secret'), @@ -54,4 +55,10 @@ wiki_access_token => $wiki_access_token, wiki_access_secret => $wiki_access_secret, } + + class {'openstack2::keystone::monitor': + active => $::fqdn == $nova_controller, + auth_port => $auth_port, + public_port => $public_port, + } } diff --git a/modules/profile/manifests/openstack/labtest/keystone/service.pp b/modules/profile/manifests/openstack/labtest/keystone/service.pp index 7fe2f64..62ca78f 100644 --- a/modules/profile/manifests/openstack/labtest/keystone/service.pp +++ b/modules/profile/manifests/openstack/labtest/keystone/service.pp @@ -45,6 +45,4 @@ class {'profile::openstack::base::keystone::hooks': version => $version, } - - class {'openstack2::keystone::monitor':} } diff --git a/modules/profile/manifests/openstack/labtestn/keystone/service.pp b/modules/profile/manifests/openstack/labtestn/keystone/service.pp index 65077bf..17c62fd 100644 --- a/modules/profile/manifests/openstack/labtestn/keystone/service.pp +++ b/modules/profile/manifests/openstack/labtestn/keystone/service.pp @@ -45,6 +45,4 @@ class {'profile::openstack::base::keystone::hooks': version => $version, } - - class {'openstack2::keystone::monitor':} } diff --git a/modules/profile/manifests/openstack/main/keystone/service.pp b/modules/profile/manifests/openstack/main/keystone/service.pp index 9997622..c36d02d 100644 --- a/modules/profile/manifests/openstack/main/keystone/service.pp +++ b/modules/profile/manifests/openstack/main/keystone/service.pp @@ -43,8 +43,6 @@ version => $version, } - class {'openstack2::keystone::monitor':} - class {'openstack2::keystone::cleanup': active => $::fqdn == $nova_controller, db_user => $db_user, -- To view, visit https://gerrit.wikimedia.org/r/373598 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibeb1eca9f8ef64836cf6728ac5a0917e74b47193 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush <r...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits