Rush has uploaded a new change for review. ( https://gerrit.wikimedia.org/r/373685 )
Change subject: openstack: misc components to module/role/profile ...................................................................... openstack: misc components to module/role/profile * spreadcheck to openstack2/monitor * env scripts to openstack2/util * use admin_scripts instead of virtscripts dir for consistency * remove file path specific headers for scripts as they are too brittle * make file resources consistent for ordering of params * keystone-public-uwsgi file cleanup Bug: T171494 Change-Id: Ibc8e47e4ab670c242014807588a7bb871ee134e0 --- A hieradata/codfw/profile/openstack/labtest/designate.yaml A hieradata/codfw/profile/openstack/labtestn/designate.yaml A hieradata/eqiad/profile/openstack/main/designate.yaml A hieradata/eqiad/profile/openstack/main/monitor.yaml D modules/openstack/files/liberty/virtscripts/makedomain M modules/openstack/files/mitaka/virtscripts/cold-migrate M modules/openstack/files/mitaka/virtscripts/cold-nova-migrate D modules/openstack/files/mitaka/virtscripts/live-migrate M modules/openstack/files/mitaka/virtscripts/logstat.py M modules/openstack/files/mitaka/virtscripts/prod.sh D modules/openstack/manifests/envscripts.pp M modules/openstack/manifests/horizon/service.pp D modules/openstack/templates/novaenv.sh.erb D modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb D modules/openstack2/files/keystone-admin-uwsgi.logrotate D modules/openstack2/files/keystone-public-uwsgi.logrotate R modules/openstack2/files/liberty/admin_scripts/cold-migrate R modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate R modules/openstack2/files/liberty/admin_scripts/live-migrate R modules/openstack2/files/liberty/admin_scripts/logstat.py R modules/openstack2/files/liberty/admin_scripts/makedomain R modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py R modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py R modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py R modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py R modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py R modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py R modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py R modules/openstack2/files/liberty/admin_scripts/prod.sh R modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py C modules/openstack2/files/mitaka/admin_scripts/cold-migrate C modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate C modules/openstack2/files/mitaka/admin_scripts/live-migrate C modules/openstack2/files/mitaka/admin_scripts/logstat.py C modules/openstack2/files/mitaka/admin_scripts/makedomain C modules/openstack2/files/mitaka/admin_scripts/prod.sh R modules/openstack2/files/monitor/spreadcheck.py R modules/openstack2/manifests/monitor/spreadcheck.pp R modules/openstack2/manifests/util/admin_scripts.pp A modules/openstack2/manifests/util/envscripts.pp R modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb A modules/openstack2/templates/util/novaenv.sh.erb A modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb M modules/profile/manifests/openstack/base/keystone/service.pp M modules/profile/manifests/openstack/labtest/keystone/service.pp M modules/profile/manifests/openstack/labtestn/keystone/service.pp M modules/profile/manifests/openstack/main/keystone/service.pp M modules/role/manifests/horizon.pp M modules/role/manifests/labs/openstack/nova/controller.pp 49 files changed, 161 insertions(+), 470 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/85/373685/1 diff --git a/hieradata/codfw/profile/openstack/labtest/designate.yaml b/hieradata/codfw/profile/openstack/labtest/designate.yaml new file mode 100644 index 0000000..9087fd7 --- /dev/null +++ b/hieradata/codfw/profile/openstack/labtest/designate.yaml @@ -0,0 +1 @@ +profile::openstack::labtest::designate::wmflabsdotorg_project: 'wmflabsdotorg' diff --git a/hieradata/codfw/profile/openstack/labtestn/designate.yaml b/hieradata/codfw/profile/openstack/labtestn/designate.yaml new file mode 100644 index 0000000..e718654 --- /dev/null +++ b/hieradata/codfw/profile/openstack/labtestn/designate.yaml @@ -0,0 +1 @@ +profile::openstack::labtestn::designate::wmflabsdotorg_project: 'wmflabsdotorg' diff --git a/hieradata/eqiad/profile/openstack/main/designate.yaml b/hieradata/eqiad/profile/openstack/main/designate.yaml new file mode 100644 index 0000000..b6a217c --- /dev/null +++ b/hieradata/eqiad/profile/openstack/main/designate.yaml @@ -0,0 +1 @@ +profile::openstack::main::designate::wmflabsdotorg_project: 'wmflabsdotorg' diff --git a/hieradata/eqiad/profile/openstack/main/monitor.yaml b/hieradata/eqiad/profile/openstack/main/monitor.yaml new file mode 100644 index 0000000..bd5223c --- /dev/null +++ b/hieradata/eqiad/profile/openstack/main/monitor.yaml @@ -0,0 +1 @@ +profile::openstack::main::monitor::spread_check_user: 'Nova Tools Bot' diff --git a/modules/openstack/files/liberty/virtscripts/makedomain b/modules/openstack/files/liberty/virtscripts/makedomain deleted file mode 100755 index 6f987cc..0000000 --- a/modules/openstack/files/liberty/virtscripts/makedomain +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/makedomain -##################################################################### -""" -makedomain is a tool for creating subdomains of existing designate domains. - -Designate forbids creation of a subdomain when the superdomain already exists -as part of a different project. It does, however, support cross-project -transfers of such domains. - -So, this is a helper script which creates domains in the wmflabsdotorg project, -waits for them to become ACTIVE and then transfers them. - -Note that this only works with the keystone v2.0 API. - -""" - -import argparse -import ldap -import os -import socket -import subprocess -import time -import yaml - -from keystoneclient.auth.identity import generic -from keystoneclient import session as keystone_session -from designateclient.v2 import client - - -def createdomain(url, user, password, project, domain, ttl=120): - auth = generic.Password( - auth_url=url, - username=user, - password=password, - user_domain_name='Default', - project_domain_name='Default', - tenant_name='wmflabsdotorg') - - createSession = keystone_session.Session(auth=auth) - createClient = client.Client(session=createSession) - - auth = generic.Password( - auth_url=url, - username=user, - password=password, - user_domain_name='Default', - project_domain_name='Default', - tenant_name=project) - - targetSession = keystone_session.Session(auth=auth) - targetClient = client.Client(session=targetSession) - - # Create the zone in the initial wmflabsdotorg project. This - # is needed since wmflabs.org lives in that project and - # designate prevents subdomain creation elsewhere. - zone = createClient.zones.create(domain, email='r...@wmflabs.org', ttl=ttl) - newzoneid = zone['id'] - status = 'PENDING' - # Wait for the domain to actually exist before we transfer it - while status == 'PENDING': - zone = createClient.zones.get(domain) - status = zone['status'] - time.sleep(2) - - transferRequest = createClient.zone_transfers.create_request(domain, project) - transferId = transferRequest['id'] - transferKey = transferRequest['key'] - - transferConfirm = targetClient.zone_transfers.accept_request(transferId, transferKey) - -if __name__ == "__main__": - argparser = argparse.ArgumentParser('makesubdomain', - description='''Create a subdomain of wmflabs.org in a project''') - - argparser.add_argument( - '--designate-user', - help='username for nova auth', - default=os.environ.get('OS_USERNAME', None) - ) - argparser.add_argument( - '--designate-pass', - help='password for nova auth', - default=os.environ.get('OS_PASSWORD', None) - ) - argparser.add_argument( - '--keystone-url', - help='url for keystone auth and catalog', - default=os.environ.get('OS_AUTH_URL', None) - ) - argparser.add_argument( - '--project', - help='project for domain creation', - required=True, - ) - argparser.add_argument( - '--domain', - help='domain to create', - required=True, - ) - - args = argparser.parse_args() - - if not args.domain.endswith('.'): - args.domain = "%s." % args.domain - - createdomain(args.keystone_url, - args.designate_user, - args.designate_pass, - args.project, - args.domain) diff --git a/modules/openstack/files/mitaka/virtscripts/cold-migrate b/modules/openstack/files/mitaka/virtscripts/cold-migrate index b7d7dcc..a291ffb 100755 --- a/modules/openstack/files/mitaka/virtscripts/cold-migrate +++ b/modules/openstack/files/mitaka/virtscripts/cold-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/cold-migrate -##################################################################### """ cold-migrate stops an instance, moves it to a new host, and starts it. It also has to twiddle with the nova diff --git a/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate b/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate index c9620b4..c2df3ff 100755 --- a/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate +++ b/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/cold-nova-migrate -##################################################################### """ cold-nova-migrate is a not-very-smart wrapper around the standard 'nova migrate' feature. As documented, nova migration requires diff --git a/modules/openstack/files/mitaka/virtscripts/live-migrate b/modules/openstack/files/mitaka/virtscripts/live-migrate deleted file mode 100755 index 4dfe433..0000000 --- a/modules/openstack/files/mitaka/virtscripts/live-migrate +++ /dev/null @@ -1,161 +0,0 @@ -#!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/live-migrate -##################################################################### -""" - live-migrate is a wrapper around nova's built-in block migrate - service. - - A standard block-migrate has the side-effect of expanding our - compact qcow2 instances and gobbling disk space. This script - block-migrates but then suspends and re-compresses the instances - after arrival. - - Live migration will cause service interruption on instances - during the suspension, but does not manifest as a reboot - on the instance. -""" - -import argparse -import time -import subprocess - -from novaclient.v1_1 import client - - -class NovaInstance(object): - - def __init__(self, novaclient, instance_id): - self.novaclient = novaclient - self.instance_id = instance_id - self.refresh_instance() - - def refresh_instance(self): - self.instance = self.novaclient.servers.get(self.instance_id) - - def wait_for_status(self, desiredstatus): - oldstatus = "" - - while self.instance.status != desiredstatus: - if self.instance.status != oldstatus: - oldstatus = self.instance.status - print "Current status is %s; waiting for it to change to %s." % ( - self.instance.status, desiredstatus) - - time.sleep(1) - self.refresh_instance() - - def migrate(self, destination): - print "Instance %s is now on host %s with state %s" % ( - self.instance_id, - self.instance._info['OS-EXT-SRV-ATTR:host'], - self.instance.status) - - self.instance.live_migrate(destination, True, True) - self.wait_for_status('MIGRATING') - self.wait_for_status('ACTIVE') - - if self.instance.status != 'ACTIVE': - print "Failed to migrate instance, best to check by hand and see what happened." - return(1) - - imagedir = "/var/lib/nova/instances/%s" % self.instance_id - former = "%s/disk.big" % imagedir - future = "%s/disk" % imagedir - - args = ["ssh", "-i", "/root/.ssh/compute-hosts-key", - "nova@%s.eqiad.wmnet" % destination, - "ls", future] - r = subprocess.call(args) - if r: - print ("Instance migrated but has unusual disk arrangement, so there will be " - "no post-migration shrinking.") - return(0) - - print "Instance has migrated. Now suspending and recompressing..." - self.instance.suspend() - self.wait_for_status('SUSPENDED') - - args = ["ssh", "-i", "/root/.ssh/compute-hosts-key", - "nova@%s.eqiad.wmnet" % destination, - "mv", future, former] - r = subprocess.call(args) - if r: - print "Unable to backup the instance's disk; aborting." - return(1) - - args = ["ssh", "-i", "/root/.ssh/compute-hosts-key", - "nova@%s.eqiad.wmnet" % destination, - "qemu-img", "convert", "-O", "qcow2", - former, future] - r = subprocess.call(args) - if r: - print "Failed to recompress the original image. Possible disaster." - return(1) - - args = ["ssh", "-i", "/root/.ssh/compute-hosts-key", - "nova@%s.eqiad.wmnet" % destination, - "rm", former] - r = subprocess.call(args) - if r: - print "Failed to clean up the original uncompressed disk image. Weird." - return(1) - - self.instance.resume() - self.wait_for_status('ACTIVE') - - print - print "Instance %s is now on host %s with status %s" % ( - self.instance_id, - self.instance._info['OS-EXT-SRV-ATTR:host'], - self.instance.status) - - -if __name__ == "__main__": - argparser = argparse.ArgumentParser('live-migrate', - description='''Move an instance to a different compute node''') - argparser.add_argument( - '--nova-user', - help='username for nova auth', - default='novaadmin' - ) - argparser.add_argument( - '--nova-pass', - help='password for nova auth', - required=True, - ) - argparser.add_argument( - '--nova-url', - help='url for nova auth', - default='http://labcontrol1001.wikimedia.org:35357/v2.0' - ) - argparser.add_argument( - '--nova-project', - help='project for nova auth', - default='admin' - ) - argparser.add_argument( - 'instanceid', - help='instance id to migrate', - ) - argparser.add_argument( - 'destination', - help='destination host, e.g. labvirt1005', - ) - args = argparser.parse_args() - - sshargs = ["ssh", "-i", "/root/.ssh/compute-hosts-key", - "nova@%s.eqiad.wmnet" % args.destination, "true"] - r = subprocess.call(sshargs) - if r: - print "Remote execution failed; this whole enterprise is doomed." - exit(1) - - novaclient = client.Client(args.nova_user, - args.nova_pass, - args.nova_project, - args.nova_url) - - instance = NovaInstance(novaclient, args.instanceid) - instance.migrate(args.destination) diff --git a/modules/openstack/files/mitaka/virtscripts/logstat.py b/modules/openstack/files/mitaka/virtscripts/logstat.py index beb91c9..bd0ac72 100644 --- a/modules/openstack/files/mitaka/virtscripts/logstat.py +++ b/modules/openstack/files/mitaka/virtscripts/logstat.py @@ -1,8 +1,4 @@ #!/usr/bin/env python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/logstat.py -##################################################################### # encoding: utf-8 """ logstat.py diff --git a/modules/openstack/files/mitaka/virtscripts/prod.sh b/modules/openstack/files/mitaka/virtscripts/prod.sh index 1c072f5..6fc44f7 100644 --- a/modules/openstack/files/mitaka/virtscripts/prod.sh +++ b/modules/openstack/files/mitaka/virtscripts/prod.sh @@ -1,8 +1,4 @@ #!/bin/bash -##################################################################### -### THIS FILE IS MANAGED BY PUPPET -### puppet:///modules/openstack/mitaka/virtscripts/prod.sh -##################################################################### set -x diff --git a/modules/openstack/manifests/envscripts.pp b/modules/openstack/manifests/envscripts.pp deleted file mode 100644 index a668a42..0000000 --- a/modules/openstack/manifests/envscripts.pp +++ /dev/null @@ -1,23 +0,0 @@ -# Scripts to set up shell environment for openstack commandline -class openstack::envscripts( - $novaconfig, - $designateconfig - ) { - - $nova_region = $::site - # Handy script to set up environment for commandline nova magic - file { '/root/novaenv.sh': - content => template('openstack/novaenv.sh.erb'), - mode => '0755', - owner => 'root', - group => 'root', - } - - # Handy script to set up environment for commandline glance magic - file { '/root/wmflabsorg-domainadminenv.sh': - content => template('openstack/wmflabsorg-domainadminenv.sh.erb'), - mode => '0755', - owner => 'root', - group => 'root', - } -} diff --git a/modules/openstack/manifests/horizon/service.pp b/modules/openstack/manifests/horizon/service.pp index 3a70b66..b7ce1a9 100644 --- a/modules/openstack/manifests/horizon/service.pp +++ b/modules/openstack/manifests/horizon/service.pp @@ -264,7 +264,7 @@ # Arbitrary handy script that needs to be on the horizon host because it only works with Liberty file { '/root/makedomain': - source => "puppet:///modules/openstack/${openstack_version}/virtscripts/makedomain", + source => "puppet:///modules/openstack2/${openstack_version}/admin_scripts/makedomain", owner => 'root', group => 'root', mode => '0744', diff --git a/modules/openstack/templates/novaenv.sh.erb b/modules/openstack/templates/novaenv.sh.erb deleted file mode 100644 index fdb1d34..0000000 --- a/modules/openstack/templates/novaenv.sh.erb +++ /dev/null @@ -1,10 +0,0 @@ -export OS_USERNAME="novaadmin" -export OS_PROJECT_DOMAIN_ID="default" -export OS_USER_DOMAIN_ID="default" -export OS_PASSWORD="<%= @novaconfig['ldap_user_pass'] %>" -export OS_AUTH_URL="http://<%= @novaconfig['controller_hostname'] %>:35357/v3" -export OS_REGION_NAME="<%= @nova_region %>" -export OS_TENANT_NAME="admin" -export OS_NO_CACHE=1 -export OS_IDENTITY_API_VERSION=3 -export NOVA_MYSQL_PASS="<%= @novaconfig['db_pass'] %>" diff --git a/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb b/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb deleted file mode 100644 index d5debb6..0000000 --- a/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb +++ /dev/null @@ -1,11 +0,0 @@ -# The wmflabs.org domain is stored in a special project called 'wmflabsorg'. -# This script sets up credentials for access within that project. -export OS_USERNAME="<%= @designateconfig['wmflabsdotorg_admin'] %>" -export OS_PROJECT_DOMAIN_ID="default" -export OS_USER_DOMAIN_ID="default" -export OS_PASSWORD="<%= @designateconfig['wmflabsdotorg_pass'] %>" -export OS_AUTH_URL="http://<%= @novaconfig['controller_hostname'] %>:35357/v3" -export OS_REGION_NAME="<%= @nova_region %>" -export OS_TENANT_NAME="<%= @designateconfig['wmflabsdotorg_project'] %>" -export OS_NO_CACHE=1 -export OS_IDENTITY_API_VERSION=3 diff --git a/modules/openstack2/files/keystone-admin-uwsgi.logrotate b/modules/openstack2/files/keystone-admin-uwsgi.logrotate deleted file mode 100644 index ad9a1b4..0000000 --- a/modules/openstack2/files/keystone-admin-uwsgi.logrotate +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/designate/keystone-admin-uwsgi.log { - daily - missingok - compress - delaycompress - notifempty - copytruncate -} diff --git a/modules/openstack2/files/keystone-public-uwsgi.logrotate b/modules/openstack2/files/keystone-public-uwsgi.logrotate deleted file mode 100644 index 7766a2b..0000000 --- a/modules/openstack2/files/keystone-public-uwsgi.logrotate +++ /dev/null @@ -1,8 +0,0 @@ -/var/log/designate/keystone-public-uwsgi.log { - daily - missingok - compress - delaycompress - notifempty - copytruncate -} diff --git a/modules/openstack/files/liberty/virtscripts/cold-migrate b/modules/openstack2/files/liberty/admin_scripts/cold-migrate similarity index 96% rename from modules/openstack/files/liberty/virtscripts/cold-migrate rename to modules/openstack2/files/liberty/admin_scripts/cold-migrate index e9f92ff..a291ffb 100755 --- a/modules/openstack/files/liberty/virtscripts/cold-migrate +++ b/modules/openstack2/files/liberty/admin_scripts/cold-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/cold-migrate -##################################################################### """ cold-migrate stops an instance, moves it to a new host, and starts it. It also has to twiddle with the nova diff --git a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate b/modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate similarity index 93% rename from modules/openstack/files/liberty/virtscripts/cold-nova-migrate rename to modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate index ad0256f..c2df3ff 100755 --- a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate +++ b/modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/cold-nova-migrate -##################################################################### """ cold-nova-migrate is a not-very-smart wrapper around the standard 'nova migrate' feature. As documented, nova migration requires diff --git a/modules/openstack/files/liberty/virtscripts/live-migrate b/modules/openstack2/files/liberty/admin_scripts/live-migrate similarity index 95% rename from modules/openstack/files/liberty/virtscripts/live-migrate rename to modules/openstack2/files/liberty/admin_scripts/live-migrate index 7afa7c6..4269fc1 100755 --- a/modules/openstack/files/liberty/virtscripts/live-migrate +++ b/modules/openstack2/files/liberty/admin_scripts/live-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/live-migrate -##################################################################### """ live-migrate is a wrapper around nova's built-in block migrate service. diff --git a/modules/openstack/files/liberty/virtscripts/logstat.py b/modules/openstack2/files/liberty/admin_scripts/logstat.py similarity index 96% rename from modules/openstack/files/liberty/virtscripts/logstat.py rename to modules/openstack2/files/liberty/admin_scripts/logstat.py index ce68344..bd0ac72 100644 --- a/modules/openstack/files/liberty/virtscripts/logstat.py +++ b/modules/openstack2/files/liberty/admin_scripts/logstat.py @@ -1,8 +1,4 @@ #!/usr/bin/env python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/logstat.py -##################################################################### # encoding: utf-8 """ logstat.py diff --git a/modules/openstack/files/mitaka/virtscripts/makedomain b/modules/openstack2/files/liberty/admin_scripts/makedomain similarity index 93% rename from modules/openstack/files/mitaka/virtscripts/makedomain rename to modules/openstack2/files/liberty/admin_scripts/makedomain index b23e22c..f2cb519 100755 --- a/modules/openstack/files/mitaka/virtscripts/makedomain +++ b/modules/openstack2/files/liberty/admin_scripts/makedomain @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/makedomain -##################################################################### """ makedomain is a tool for creating subdomains of existing designate domains. diff --git a/modules/openstack/files/novastats/alltrusty.py b/modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py similarity index 100% rename from modules/openstack/files/novastats/alltrusty.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py diff --git a/modules/openstack/files/novastats/diskspace.py b/modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py similarity index 100% rename from modules/openstack/files/novastats/diskspace.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py diff --git a/modules/openstack/files/novastats/dnsleaks.py b/modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py similarity index 100% rename from modules/openstack/files/novastats/dnsleaks.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py diff --git a/modules/openstack/files/novastats/flavorreport.py b/modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py similarity index 100% rename from modules/openstack/files/novastats/flavorreport.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py diff --git a/modules/openstack/files/novastats/imagestats.py b/modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py similarity index 100% rename from modules/openstack/files/novastats/imagestats.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py diff --git a/modules/openstack/files/novastats/proxyleaks.py b/modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py similarity index 100% rename from modules/openstack/files/novastats/proxyleaks.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py diff --git a/modules/openstack/files/novastats/puppetleaks.py b/modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py similarity index 100% rename from modules/openstack/files/novastats/puppetleaks.py rename to modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py diff --git a/modules/openstack/files/liberty/virtscripts/prod.sh b/modules/openstack2/files/liberty/admin_scripts/prod.sh similarity index 86% rename from modules/openstack/files/liberty/virtscripts/prod.sh rename to modules/openstack2/files/liberty/admin_scripts/prod.sh index d6badd9..6fc44f7 100644 --- a/modules/openstack/files/liberty/virtscripts/prod.sh +++ b/modules/openstack2/files/liberty/admin_scripts/prod.sh @@ -1,8 +1,4 @@ #!/bin/bash -##################################################################### -### THIS FILE IS MANAGED BY PUPPET -### puppet:///modules/openstack/liberty/virtscripts/prod.sh -##################################################################### set -x diff --git a/modules/openstack/files/utils/wikitech-grep.py b/modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py similarity index 100% rename from modules/openstack/files/utils/wikitech-grep.py rename to modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py diff --git a/modules/openstack/files/liberty/virtscripts/cold-migrate b/modules/openstack2/files/mitaka/admin_scripts/cold-migrate similarity index 96% copy from modules/openstack/files/liberty/virtscripts/cold-migrate copy to modules/openstack2/files/mitaka/admin_scripts/cold-migrate index e9f92ff..a291ffb 100755 --- a/modules/openstack/files/liberty/virtscripts/cold-migrate +++ b/modules/openstack2/files/mitaka/admin_scripts/cold-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/cold-migrate -##################################################################### """ cold-migrate stops an instance, moves it to a new host, and starts it. It also has to twiddle with the nova diff --git a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate b/modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate similarity index 93% copy from modules/openstack/files/liberty/virtscripts/cold-nova-migrate copy to modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate index ad0256f..c2df3ff 100755 --- a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate +++ b/modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/cold-nova-migrate -##################################################################### """ cold-nova-migrate is a not-very-smart wrapper around the standard 'nova migrate' feature. As documented, nova migration requires diff --git a/modules/openstack/files/liberty/virtscripts/live-migrate b/modules/openstack2/files/mitaka/admin_scripts/live-migrate similarity index 95% copy from modules/openstack/files/liberty/virtscripts/live-migrate copy to modules/openstack2/files/mitaka/admin_scripts/live-migrate index 7afa7c6..4269fc1 100755 --- a/modules/openstack/files/liberty/virtscripts/live-migrate +++ b/modules/openstack2/files/mitaka/admin_scripts/live-migrate @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/live-migrate -##################################################################### """ live-migrate is a wrapper around nova's built-in block migrate service. diff --git a/modules/openstack/files/liberty/virtscripts/logstat.py b/modules/openstack2/files/mitaka/admin_scripts/logstat.py similarity index 96% copy from modules/openstack/files/liberty/virtscripts/logstat.py copy to modules/openstack2/files/mitaka/admin_scripts/logstat.py index ce68344..bd0ac72 100644 --- a/modules/openstack/files/liberty/virtscripts/logstat.py +++ b/modules/openstack2/files/mitaka/admin_scripts/logstat.py @@ -1,8 +1,4 @@ #!/usr/bin/env python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/liberty/virtscripts/logstat.py -##################################################################### # encoding: utf-8 """ logstat.py diff --git a/modules/openstack/files/mitaka/virtscripts/makedomain b/modules/openstack2/files/mitaka/admin_scripts/makedomain similarity index 93% copy from modules/openstack/files/mitaka/virtscripts/makedomain copy to modules/openstack2/files/mitaka/admin_scripts/makedomain index b23e22c..f2cb519 100755 --- a/modules/openstack/files/mitaka/virtscripts/makedomain +++ b/modules/openstack2/files/mitaka/admin_scripts/makedomain @@ -1,8 +1,4 @@ #!/usr/bin/python -##################################################################### -# THIS FILE IS MANAGED BY PUPPET -# puppet:///modules/openstack/mitaka/virtscripts/makedomain -##################################################################### """ makedomain is a tool for creating subdomains of existing designate domains. diff --git a/modules/openstack/files/liberty/virtscripts/prod.sh b/modules/openstack2/files/mitaka/admin_scripts/prod.sh similarity index 86% copy from modules/openstack/files/liberty/virtscripts/prod.sh copy to modules/openstack2/files/mitaka/admin_scripts/prod.sh index d6badd9..6fc44f7 100644 --- a/modules/openstack/files/liberty/virtscripts/prod.sh +++ b/modules/openstack2/files/mitaka/admin_scripts/prod.sh @@ -1,8 +1,4 @@ #!/bin/bash -##################################################################### -### THIS FILE IS MANAGED BY PUPPET -### puppet:///modules/openstack/liberty/virtscripts/prod.sh -##################################################################### set -x diff --git a/modules/openstack/files/spreadcheck.py b/modules/openstack2/files/monitor/spreadcheck.py similarity index 100% rename from modules/openstack/files/spreadcheck.py rename to modules/openstack2/files/monitor/spreadcheck.py diff --git a/modules/openstack/manifests/spreadcheck.pp b/modules/openstack2/manifests/monitor/spreadcheck.pp similarity index 62% rename from modules/openstack/manifests/spreadcheck.pp rename to modules/openstack2/manifests/monitor/spreadcheck.pp index 4a72c0e..e25fd3e 100644 --- a/modules/openstack/manifests/spreadcheck.pp +++ b/modules/openstack2/manifests/monitor/spreadcheck.pp @@ -1,36 +1,41 @@ -# == Class: openstack::spreadcheck +# == Class: openstack::monitor::spreadcheck # NRPE check to see if critical instances for a project # are spread out enough among the labvirt* hosts -class openstack::spreadcheck( - $novaconfig, +class openstack2::monitor::spreadcheck( + $active, + $nova_controller, + $nova_user, + $nova_password, ) { - - include ::passwords::labs::toollabs - - $nova_user = $passwords::labs::toollabs::nova_user - $nova_password = $passwords::labs::toollabs::nova_password - $nova_controller_hostname = $novaconfig['controller_hostname'] + # monitoring::service doesn't take a bool + if $active { + $ensure = 'present' + } + else { + $ensure = 'absent' + } # Script that checks how 'spread out' critical instances for a project # are. See T101635 file { '/usr/local/bin/spreadcheck.py': - ensure => present, - source => 'puppet:///modules/openstack/spreadcheck.py', - mode => '0755', + ensure => 'present', owner => 'root', group => 'root', + mode => '0755', + source => 'puppet:///modules/openstack2/monitor/spreadcheck.py', } # Config file to check how spread out toollabs critical instances are file { '/usr/local/etc/spreadcheck-tools.yaml': - ensure => present, - content => template('openstack/spreadcheck-tools.yaml.erb'), - mode => '0400', + ensure => 'present', owner => 'nagios', group => 'nagios', + mode => '0400', + content => template('openstack2/monitor/spreadcheck-tools.yaml.erb'), } nrpe::monitor_service { 'check-tools-spread': + ensure => $ensure, nrpe_command => '/usr/local/bin/spreadcheck.py --config /usr/local/etc/spreadcheck-tools.yaml', description => 'Tool Labs instance distribution', require => File[ diff --git a/modules/openstack/manifests/adminscripts.pp b/modules/openstack2/manifests/util/admin_scripts.pp similarity index 63% rename from modules/openstack/manifests/adminscripts.pp rename to modules/openstack2/manifests/util/admin_scripts.pp index e654a97..9348fcf 100644 --- a/modules/openstack/manifests/adminscripts.pp +++ b/modules/openstack2/manifests/util/admin_scripts.pp @@ -1,13 +1,9 @@ # helper scripts for Labs openstack administration -class openstack::adminscripts( - $novaconfig, - $openstack_version = $::openstack::version, - $nova_region = $::site, +class openstack2::util::admin_scripts( + $version, ) { - $wikitech_nova_ldap_user_pass = $novaconfig['ldap_user_pass'] - $nova_controller_hostname = $novaconfig['controller_hostname'] - + require_package('nova-common') # Installing this package ensures that we have all the UIDs that # are used to store an instance volume. That's important for # when we rsync files via this host. @@ -18,28 +14,28 @@ # Script to cold-migrate instances between compute nodes file { '/root/cold-nova-migrate': ensure => present, - source => "puppet:///modules/openstack/${openstack_version}/virtscripts/cold-nova-migrate", - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/cold-nova-migrate", } # Script to migrate (with suspension) instances between compute nodes file { '/root/live-migrate': ensure => present, - source => "puppet:///modules/openstack/${openstack_version}/virtscripts/live-migrate", - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/live-migrate", } # Set up keystone services (example script) file { '/root/prod-example.sh': ensure => present, - source => "puppet:///modules/openstack/${openstack_version}/virtscripts/prod.sh", - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/prod.sh", } file { '/root/novastats': @@ -48,69 +44,72 @@ } file { '/root/novastats/imagestats.py': - ensure => present, - source => 'puppet:///modules/openstack/novastats/imagestats.py', - mode => '0755', - owner => 'root', - group => 'root', + ensure => present, + owner => 'root', + group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/imagestats.py", + require => File['/root/novastats'], } file { '/root/novastats/diskspace.py': ensure => present, - source => 'puppet:///modules/openstack/novastats/diskspace.py', - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/diskspace.py", + require => File['/root/novastats'], } file { '/root/novastats/dnsleaks.py': - ensure => present, - source => 'puppet:///modules/openstack/novastats/dnsleaks.py', - mode => '0755', + ensure => 'present', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/dnsleaks.py", } file { '/root/novastats/proxyleaks.py': - ensure => present, - source => 'puppet:///modules/openstack/novastats/proxyleaks.py', - mode => '0755', + ensure => 'present', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/proxyleaks.py", } file { '/root/novastats/puppetleaks.py': - ensure => present, - source => 'puppet:///modules/openstack/novastats/puppetleaks.py', - mode => '0755', + ensure => 'present', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/puppetleaks.py", } file { '/root/novastats/flavorreport.py': ensure => present, - source => 'puppet:///modules/openstack/novastats/flavorreport.py', - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/flavorreport.py", } file { '/root/novastats/alltrusty.py': ensure => present, - source => 'puppet:///modules/openstack/novastats/alltrusty.py', - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/novastats/alltrusty.py", } file { '/usr/local/sbin/wikitech-grep': ensure => present, - source => 'puppet:///modules/openstack/utils/wikitech-grep.py', - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/wikitech-grep.py", } + # XXX: per deployment? file { '/root/.ssh/compute-hosts-key': content => secret('ssh/nova/nova.key'), owner => 'nova', @@ -125,9 +124,9 @@ # when nova is misbehaving. file { '/root/cold-migrate': ensure => present, - source => "puppet:///modules/openstack/${openstack_version}/virtscripts/cold-migrate", - mode => '0755', owner => 'root', group => 'root', + mode => '0755', + source => "puppet:///modules/openstack2/${version}/admin_scripts/cold-migrate", } } diff --git a/modules/openstack2/manifests/util/envscripts.pp b/modules/openstack2/manifests/util/envscripts.pp new file mode 100644 index 0000000..7c43be8 --- /dev/null +++ b/modules/openstack2/manifests/util/envscripts.pp @@ -0,0 +1,27 @@ +# Scripts to set up shell environment for openstack commandline +class openstack2::util::envscripts( + $ldap_user_pass, + $nova_controller, + $region, + $nova_db_pass, + $wmflabsdotorg_admin, + $wmflabsdotorg_pass, + $wmflabsdotorg_project, + ) { + + # Handy script to set up environment for commandline nova magic + file { '/root/novaenv.sh': + owner => 'root', + group => 'root', + mode => '0755', + content => template('openstack2/util/novaenv.sh.erb'), + } + + # Handy script to set up environment for commandline glance magic + file { '/root/wmflabsorg-domainadminenv.sh': + owner => 'root', + group => 'root', + mode => '0755', + content => template('openstack2/util/wmflabsorg-domainadminenv.sh.erb'), + } +} diff --git a/modules/openstack/templates/spreadcheck-tools.yaml.erb b/modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb similarity index 80% rename from modules/openstack/templates/spreadcheck-tools.yaml.erb rename to modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb index d2706ce..8933895 100644 --- a/modules/openstack/templates/spreadcheck-tools.yaml.erb +++ b/modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb @@ -12,4 +12,4 @@ credentials: username: '<%= @nova_user %>' api_key: '<%= @nova_password %>' - auth_url: 'http://<%= @nova_controller_hostname %>:35357/v2.0' + auth_url: 'http://<%= @nova_controller %>:35357/v2.0' diff --git a/modules/openstack2/templates/util/novaenv.sh.erb b/modules/openstack2/templates/util/novaenv.sh.erb new file mode 100644 index 0000000..a1fb102 --- /dev/null +++ b/modules/openstack2/templates/util/novaenv.sh.erb @@ -0,0 +1,10 @@ +export OS_USERNAME="novaadmin" +export OS_PROJECT_DOMAIN_ID="default" +export OS_USER_DOMAIN_ID="default" +export OS_PASSWORD="<%= @ldap_user_pass %>" +export OS_AUTH_URL="http://<%= @nova_controller %>:35357/v3" +export OS_REGION_NAME="<%= @region %>" +export OS_TENANT_NAME="admin" +export OS_NO_CACHE=1 +export OS_IDENTITY_API_VERSION=3 +export NOVA_MYSQL_PASS="<%= @nova_db_pass %>" diff --git a/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb b/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb new file mode 100644 index 0000000..a85d39b --- /dev/null +++ b/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb @@ -0,0 +1,11 @@ +# The wmflabs.org domain is stored in a special project called 'wmflabsorg'. +# This script sets up credentials for access within that project. +export OS_USERNAME="<%= @wmflabsdotorg_admin %>" +export OS_PROJECT_DOMAIN_ID="default" +export OS_USER_DOMAIN_ID="default" +export OS_PASSWORD="<%= @wmflabsdotorg_pass %>" +export OS_AUTH_URL="http://<%= @nova_controller %>:35357/v3" +export OS_REGION_NAME="<%= @region %>" +export OS_TENANT_NAME="<%= @wmflabsdotorg_project %>" +export OS_NO_CACHE=1 +export OS_IDENTITY_API_VERSION=3 diff --git a/modules/profile/manifests/openstack/base/keystone/service.pp b/modules/profile/manifests/openstack/base/keystone/service.pp index d174c95..19d4a7f 100644 --- a/modules/profile/manifests/openstack/base/keystone/service.pp +++ b/modules/profile/manifests/openstack/base/keystone/service.pp @@ -1,11 +1,13 @@ class profile::openstack::base::keystone::service( $version = hiera('profile::openstack::base::version'), + $region = hiera('profile::openstack::base::region'), $nova_controller = hiera('profile::openstack::base::nova_controller'), $osm_host = hiera('profile::openstack::base::osm_host'), $db_name = hiera('profile::openstack::base::keystone::db_name'), $db_user = hiera('profile::openstack::base::keystone::db_user'), $db_pass = hiera('profile::openstack::base::keystone::db_pass'), $db_host = hiera('profile::openstack::base::keystone::db_host'), + $nova_db_pass = hiera('profile::openstack::base::nova::db_pass'), $token_driver = hiera('profile::openstack::base::keystone::token_driver'), $ldap_hosts = hiera('profile::openstack::base::ldap_hosts'), $ldap_base_dn = hiera('profile::openstack::base::ldap_base_dn'), @@ -25,6 +27,9 @@ $wiki_consumer_secret = hiera('profile::openstack::base::keystone::wiki_consumer_secret'), $wiki_access_token = hiera('profile::openstack::base::keystone::wiki_access_token'), $wiki_access_secret = hiera('profile::openstack::base::keystone::wiki_access_secret'), + $wmflabsdotorg_admin = hiera('profile::openstack::base::designate::wmflabsdotorg_admin'), + $wmflabsdotorg_pass = hiera('profile::openstack::base::designate::wmflabsdotorg_pass'), + $wmflabsdotorg_project = hiera('profile::openstack::base::designate::wmflabsdotorg_project'), ) { class {'openstack2::keystone::service': @@ -61,4 +66,18 @@ auth_port => $auth_port, public_port => $public_port, } + + class {'openstack2::util::envscripts': + ldap_user_pass => $ldap_user_pass, + nova_controller => $nova_controller, + region => $region, + nova_db_pass => $nova_db_pass, + wmflabsdotorg_admin => $wmflabsdotorg_admin, + wmflabsdotorg_pass => $wmflabsdotorg_pass, + wmflabsdotorg_project => $wmflabsdotorg_project, + } + + class {'openstack2::util::admin_scripts': + version => $version, + } } diff --git a/modules/profile/manifests/openstack/labtest/keystone/service.pp b/modules/profile/manifests/openstack/labtest/keystone/service.pp index 62ca78f..0999378 100644 --- a/modules/profile/manifests/openstack/labtest/keystone/service.pp +++ b/modules/profile/manifests/openstack/labtest/keystone/service.pp @@ -5,6 +5,7 @@ $db_host = hiera('profile::openstack::labtest::keystone::db_host'), $token_driver = hiera('profile::openstack::labtest::keystone::token_driver'), $db_pass = hiera('profile::openstack::labtest::keystone::db_pass'), + $nova_db_pass = hiera('profile::openstack::labtest::nova::db_pass'), $ldap_hosts = hiera('profile::openstack::labtest::ldap_hosts'), $ldap_user_pass = hiera('profile::openstack::labtest::ldap_user_pass'), $wiki_status_consumer_token = hiera('profile::openstack::labtest::keystone::wiki_status_consumer_token'), @@ -15,6 +16,9 @@ $wiki_consumer_secret = hiera('profile::openstack::labtest::keystone::wiki_consumer_secret'), $wiki_access_token = hiera('profile::openstack::labtest::keystone::wiki_access_token'), $wiki_access_secret = hiera('profile::openstack::labtest::keystone::wiki_access_secret'), + $wmflabsdotorg_admin = hiera('profile::openstack::base::designate::wmflabsdotorg_admin'), + $wmflabsdotorg_pass = hiera('profile::openstack::base::designate::wmflabsdotorg_pass'), + $wmflabsdotorg_project = hiera('profile::openstack::base::designate::wmflabsdotorg_project'), ) { package {'mysql-server': @@ -29,6 +33,7 @@ db_host => $db_host, token_driver => $token_driver, db_pass => $db_pass, + nova_db_pass => $nova_db_pass, ldap_hosts => $ldap_hosts, ldap_user_pass => $ldap_user_pass, wiki_status_consumer_token => $wiki_status_consumer_token, @@ -39,6 +44,9 @@ wiki_consumer_secret => $wiki_consumer_secret, wiki_access_token => $wiki_access_token, wiki_access_secret => $wiki_access_secret, + wmflabsdotorg_admin => $wmflabsdotorg_admin, + wmflabsdotorg_pass => $wmflabsdotorg_pass, + wmflabsdotorg_project => $wmflabsdotorg_project, require => Package['mysql-server'], } diff --git a/modules/profile/manifests/openstack/labtestn/keystone/service.pp b/modules/profile/manifests/openstack/labtestn/keystone/service.pp index 17c62fd..a577bab 100644 --- a/modules/profile/manifests/openstack/labtestn/keystone/service.pp +++ b/modules/profile/manifests/openstack/labtestn/keystone/service.pp @@ -5,6 +5,7 @@ $db_host = hiera('profile::openstack::labtestn::keystone::db_host'), $token_driver = hiera('profile::openstack::labtestn::keystone::token_driver'), $db_pass = hiera('profile::openstack::labtestn::keystone::db_pass'), + $nova_db_pass = hiera('profile::openstack::labtestn::nova::db_pass'), $ldap_hosts = hiera('profile::openstack::labtestn::ldap_hosts'), $ldap_user_pass = hiera('profile::openstack::labtestn::ldap_user_pass'), $wiki_status_consumer_token = hiera('profile::openstack::labtestn::keystone::wiki_status_consumer_token'), @@ -15,6 +16,9 @@ $wiki_consumer_secret = hiera('profile::openstack::labtestn::keystone::wiki_consumer_secret'), $wiki_access_token = hiera('profile::openstack::labtestn::keystone::wiki_access_token'), $wiki_access_secret = hiera('profile::openstack::labtestn::keystone::wiki_access_secret'), + $wmflabsdotorg_admin = hiera('profile::openstack::labtestn::designate::wmflabsdotorg_admin'), + $wmflabsdotorg_pass = hiera('profile::openstack::labtestn::designate::wmflabsdotorg_pass'), + $wmflabsdotorg_project = hiera('profile::openstack::labtestn::designate::wmflabsdotorg_project'), ) { package {'mysql-server': @@ -29,6 +33,7 @@ db_host => $db_host, token_driver => $token_driver, db_pass => $db_pass, + nova_db_pass => $nova_db_pass, ldap_hosts => $ldap_hosts, ldap_user_pass => $ldap_user_pass, wiki_status_consumer_token => $wiki_status_consumer_token, @@ -39,6 +44,9 @@ wiki_consumer_secret => $wiki_consumer_secret, wiki_access_token => $wiki_access_token, wiki_access_secret => $wiki_access_secret, + wmflabsdotorg_admin => $wmflabsdotorg_admin, + wmflabsdotorg_pass => $wmflabsdotorg_pass, + wmflabsdotorg_project => $wmflabsdotorg_project, require => Package['mysql-server'], } diff --git a/modules/profile/manifests/openstack/main/keystone/service.pp b/modules/profile/manifests/openstack/main/keystone/service.pp index c36d02d..5a4baed 100644 --- a/modules/profile/manifests/openstack/main/keystone/service.pp +++ b/modules/profile/manifests/openstack/main/keystone/service.pp @@ -7,6 +7,7 @@ $db_pass = hiera('profile::openstack::main::keystone::db_pass'), $db_name = hiera(profile::openstack::base::keystone::db_name), $db_user = hiera(profile::openstack::base::keystone::db_user), + $nova_db_pass = hiera('profile::openstack::main::nova::db_pass'), $ldap_hosts = hiera('profile::openstack::main::ldap_hosts'), $ldap_user_pass = hiera('profile::openstack::main::ldap_user_pass'), $wiki_status_consumer_token = hiera('profile::openstack::main::keystone::wiki_status_consumer_token'), @@ -17,6 +18,8 @@ $wiki_consumer_secret = hiera('profile::openstack::main::keystone::wiki_consumer_secret'), $wiki_access_token = hiera('profile::openstack::main::keystone::wiki_access_token'), $wiki_access_secret = hiera('profile::openstack::main::keystone::wiki_access_secret'), + $spread_check_user = hiera('profile::openstack::main::monitor::spread_check_user'), + $spread_check_password = hiera('profile::openstack::main::monitor::spread_check_password'), ) { require profile::openstack::main::clientlib @@ -27,6 +30,7 @@ db_host => $db_host, token_driver => $token_driver, db_pass => $db_pass, + nova_db_pass => $nova_db_pass, ldap_hosts => $ldap_hosts, ldap_user_pass => $ldap_user_pass, wiki_status_consumer_token => $wiki_status_consumer_token, @@ -37,6 +41,9 @@ wiki_consumer_secret => $wiki_consumer_secret, wiki_access_token => $wiki_access_token, wiki_access_secret => $wiki_access_secret, + wmflabsdotorg_admin => $wmflabsdotorg_admin, + wmflabsdotorg_pass => $wmflabsdotorg_pass, + wmflabsdotorg_project => $wmflabsdotorg_project, } class {'profile::openstack::base::keystone::hooks': @@ -50,4 +57,11 @@ db_host => $db_host, db_name => $db_name, } + + class {'openstack2::monitor::spreadcheck': + active => $::fqdn == $nova_controller, + nova_controller => $nova_controller, + nova_user => $spread_check_user, + nova_password => $spread_check_password, + } } diff --git a/modules/role/manifests/horizon.pp b/modules/role/manifests/horizon.pp index f116d74..fcbb23b 100644 --- a/modules/role/manifests/horizon.pp +++ b/modules/role/manifests/horizon.pp @@ -1,4 +1,6 @@ class role::horizon { + # TODO: Add openstack2::util::envscripts during profile conversion + include role::labs::openstack::nova::common $novaconfig = $role::labs::openstack::nova::common::novaconfig $designateconfig = hiera_hash('designateconfig', {}) @@ -13,10 +15,5 @@ proto => 'tcp', port => '80', srange => '$PRODUCTION_NETWORKS', - } - - class { '::openstack::envscripts': - novaconfig => $novaconfig, - designateconfig => $designateconfig } } diff --git a/modules/role/manifests/labs/openstack/nova/controller.pp b/modules/role/manifests/labs/openstack/nova/controller.pp index 8e77168..28db88c 100644 --- a/modules/role/manifests/labs/openstack/nova/controller.pp +++ b/modules/role/manifests/labs/openstack/nova/controller.pp @@ -10,19 +10,6 @@ $novaconfig = $role::labs::openstack::nova::common::novaconfig $designateconfig = hiera_hash('designateconfig', {}) - class { '::openstack::adminscripts': - novaconfig => $novaconfig - } - - class { '::openstack::envscripts': - novaconfig => $novaconfig, - designateconfig => $designateconfig - } - - class { '::openstack::spreadcheck': - novaconfig => $novaconfig - } - # TOBE: hiera'd $labs_vms = $novaconfig['fixed_range'] $labs_metal = join(hiera('labs_baremetal_servers', []), ' ') -- To view, visit https://gerrit.wikimedia.org/r/373685 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ibc8e47e4ab670c242014807588a7bb871ee134e0 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Rush <r...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits