Rush has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/373685 )
Change subject: openstack: misc components to module/role/profile
......................................................................
openstack: misc components to module/role/profile
* spreadcheck to openstack2/monitor
* env scripts to openstack2/util
* use admin_scripts instead of virtscripts dir for
consistency
* remove file path specific headers for scripts
as they are too brittle
* make file resources consistent for ordering of params
* keystone-public-uwsgi file cleanup
Bug: T171494
Change-Id: Ibc8e47e4ab670c242014807588a7bb871ee134e0
---
A hieradata/codfw/profile/openstack/labtest/designate.yaml
A hieradata/codfw/profile/openstack/labtestn/designate.yaml
A hieradata/eqiad/profile/openstack/main/designate.yaml
A hieradata/eqiad/profile/openstack/main/monitor.yaml
D modules/openstack/files/liberty/virtscripts/makedomain
M modules/openstack/files/mitaka/virtscripts/cold-migrate
M modules/openstack/files/mitaka/virtscripts/cold-nova-migrate
D modules/openstack/files/mitaka/virtscripts/live-migrate
M modules/openstack/files/mitaka/virtscripts/logstat.py
M modules/openstack/files/mitaka/virtscripts/prod.sh
D modules/openstack/manifests/envscripts.pp
M modules/openstack/manifests/horizon/service.pp
D modules/openstack/templates/novaenv.sh.erb
D modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb
D modules/openstack2/files/keystone-admin-uwsgi.logrotate
D modules/openstack2/files/keystone-public-uwsgi.logrotate
R modules/openstack2/files/liberty/admin_scripts/cold-migrate
R modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate
R modules/openstack2/files/liberty/admin_scripts/live-migrate
R modules/openstack2/files/liberty/admin_scripts/logstat.py
R modules/openstack2/files/liberty/admin_scripts/makedomain
R modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py
R modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py
R modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py
R modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py
R modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py
R modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py
R modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py
R modules/openstack2/files/liberty/admin_scripts/prod.sh
R modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py
C modules/openstack2/files/mitaka/admin_scripts/cold-migrate
C modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate
C modules/openstack2/files/mitaka/admin_scripts/live-migrate
C modules/openstack2/files/mitaka/admin_scripts/logstat.py
C modules/openstack2/files/mitaka/admin_scripts/makedomain
C modules/openstack2/files/mitaka/admin_scripts/prod.sh
R modules/openstack2/files/monitor/spreadcheck.py
R modules/openstack2/manifests/monitor/spreadcheck.pp
R modules/openstack2/manifests/util/admin_scripts.pp
A modules/openstack2/manifests/util/envscripts.pp
R modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb
A modules/openstack2/templates/util/novaenv.sh.erb
A modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb
M modules/profile/manifests/openstack/base/keystone/service.pp
M modules/profile/manifests/openstack/labtest/keystone/service.pp
M modules/profile/manifests/openstack/labtestn/keystone/service.pp
M modules/profile/manifests/openstack/main/keystone/service.pp
M modules/role/manifests/horizon.pp
M modules/role/manifests/labs/openstack/nova/controller.pp
49 files changed, 161 insertions(+), 470 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/85/373685/1
diff --git a/hieradata/codfw/profile/openstack/labtest/designate.yaml
b/hieradata/codfw/profile/openstack/labtest/designate.yaml
new file mode 100644
index 0000000..9087fd7
--- /dev/null
+++ b/hieradata/codfw/profile/openstack/labtest/designate.yaml
@@ -0,0 +1 @@
+profile::openstack::labtest::designate::wmflabsdotorg_project: 'wmflabsdotorg'
diff --git a/hieradata/codfw/profile/openstack/labtestn/designate.yaml
b/hieradata/codfw/profile/openstack/labtestn/designate.yaml
new file mode 100644
index 0000000..e718654
--- /dev/null
+++ b/hieradata/codfw/profile/openstack/labtestn/designate.yaml
@@ -0,0 +1 @@
+profile::openstack::labtestn::designate::wmflabsdotorg_project: 'wmflabsdotorg'
diff --git a/hieradata/eqiad/profile/openstack/main/designate.yaml
b/hieradata/eqiad/profile/openstack/main/designate.yaml
new file mode 100644
index 0000000..b6a217c
--- /dev/null
+++ b/hieradata/eqiad/profile/openstack/main/designate.yaml
@@ -0,0 +1 @@
+profile::openstack::main::designate::wmflabsdotorg_project: 'wmflabsdotorg'
diff --git a/hieradata/eqiad/profile/openstack/main/monitor.yaml
b/hieradata/eqiad/profile/openstack/main/monitor.yaml
new file mode 100644
index 0000000..bd5223c
--- /dev/null
+++ b/hieradata/eqiad/profile/openstack/main/monitor.yaml
@@ -0,0 +1 @@
+profile::openstack::main::monitor::spread_check_user: 'Nova Tools Bot'
diff --git a/modules/openstack/files/liberty/virtscripts/makedomain
b/modules/openstack/files/liberty/virtscripts/makedomain
deleted file mode 100755
index 6f987cc..0000000
--- a/modules/openstack/files/liberty/virtscripts/makedomain
+++ /dev/null
@@ -1,113 +0,0 @@
-#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/makedomain
-#####################################################################
-"""
-makedomain is a tool for creating subdomains of existing designate domains.
-
-Designate forbids creation of a subdomain when the superdomain already exists
-as part of a different project. It does, however, support cross-project
-transfers of such domains.
-
-So, this is a helper script which creates domains in the wmflabsdotorg project,
-waits for them to become ACTIVE and then transfers them.
-
-Note that this only works with the keystone v2.0 API.
-
-"""
-
-import argparse
-import ldap
-import os
-import socket
-import subprocess
-import time
-import yaml
-
-from keystoneclient.auth.identity import generic
-from keystoneclient import session as keystone_session
-from designateclient.v2 import client
-
-
-def createdomain(url, user, password, project, domain, ttl=120):
- auth = generic.Password(
- auth_url=url,
- username=user,
- password=password,
- user_domain_name='Default',
- project_domain_name='Default',
- tenant_name='wmflabsdotorg')
-
- createSession = keystone_session.Session(auth=auth)
- createClient = client.Client(session=createSession)
-
- auth = generic.Password(
- auth_url=url,
- username=user,
- password=password,
- user_domain_name='Default',
- project_domain_name='Default',
- tenant_name=project)
-
- targetSession = keystone_session.Session(auth=auth)
- targetClient = client.Client(session=targetSession)
-
- # Create the zone in the initial wmflabsdotorg project. This
- # is needed since wmflabs.org lives in that project and
- # designate prevents subdomain creation elsewhere.
- zone = createClient.zones.create(domain, email='r...@wmflabs.org', ttl=ttl)
- newzoneid = zone['id']
- status = 'PENDING'
- # Wait for the domain to actually exist before we transfer it
- while status == 'PENDING':
- zone = createClient.zones.get(domain)
- status = zone['status']
- time.sleep(2)
-
- transferRequest = createClient.zone_transfers.create_request(domain,
project)
- transferId = transferRequest['id']
- transferKey = transferRequest['key']
-
- transferConfirm = targetClient.zone_transfers.accept_request(transferId,
transferKey)
-
-if __name__ == "__main__":
- argparser = argparse.ArgumentParser('makesubdomain',
- description='''Create a subdomain of
wmflabs.org in a project''')
-
- argparser.add_argument(
- '--designate-user',
- help='username for nova auth',
- default=os.environ.get('OS_USERNAME', None)
- )
- argparser.add_argument(
- '--designate-pass',
- help='password for nova auth',
- default=os.environ.get('OS_PASSWORD', None)
- )
- argparser.add_argument(
- '--keystone-url',
- help='url for keystone auth and catalog',
- default=os.environ.get('OS_AUTH_URL', None)
- )
- argparser.add_argument(
- '--project',
- help='project for domain creation',
- required=True,
- )
- argparser.add_argument(
- '--domain',
- help='domain to create',
- required=True,
- )
-
- args = argparser.parse_args()
-
- if not args.domain.endswith('.'):
- args.domain = "%s." % args.domain
-
- createdomain(args.keystone_url,
- args.designate_user,
- args.designate_pass,
- args.project,
- args.domain)
diff --git a/modules/openstack/files/mitaka/virtscripts/cold-migrate
b/modules/openstack/files/mitaka/virtscripts/cold-migrate
index b7d7dcc..a291ffb 100755
--- a/modules/openstack/files/mitaka/virtscripts/cold-migrate
+++ b/modules/openstack/files/mitaka/virtscripts/cold-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/cold-migrate
-#####################################################################
"""
cold-migrate stops an instance, moves it to a new host,
and starts it. It also has to twiddle with the nova
diff --git a/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate
b/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate
index c9620b4..c2df3ff 100755
--- a/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate
+++ b/modules/openstack/files/mitaka/virtscripts/cold-nova-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/cold-nova-migrate
-#####################################################################
"""
cold-nova-migrate is a not-very-smart wrapper around the standard
'nova migrate' feature. As documented, nova migration requires
diff --git a/modules/openstack/files/mitaka/virtscripts/live-migrate
b/modules/openstack/files/mitaka/virtscripts/live-migrate
deleted file mode 100755
index 4dfe433..0000000
--- a/modules/openstack/files/mitaka/virtscripts/live-migrate
+++ /dev/null
@@ -1,161 +0,0 @@
-#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/live-migrate
-#####################################################################
-"""
- live-migrate is a wrapper around nova's built-in block migrate
- service.
-
- A standard block-migrate has the side-effect of expanding our
- compact qcow2 instances and gobbling disk space. This script
- block-migrates but then suspends and re-compresses the instances
- after arrival.
-
- Live migration will cause service interruption on instances
- during the suspension, but does not manifest as a reboot
- on the instance.
-"""
-
-import argparse
-import time
-import subprocess
-
-from novaclient.v1_1 import client
-
-
-class NovaInstance(object):
-
- def __init__(self, novaclient, instance_id):
- self.novaclient = novaclient
- self.instance_id = instance_id
- self.refresh_instance()
-
- def refresh_instance(self):
- self.instance = self.novaclient.servers.get(self.instance_id)
-
- def wait_for_status(self, desiredstatus):
- oldstatus = ""
-
- while self.instance.status != desiredstatus:
- if self.instance.status != oldstatus:
- oldstatus = self.instance.status
- print "Current status is %s; waiting for it to change to %s."
% (
- self.instance.status, desiredstatus)
-
- time.sleep(1)
- self.refresh_instance()
-
- def migrate(self, destination):
- print "Instance %s is now on host %s with state %s" % (
- self.instance_id,
- self.instance._info['OS-EXT-SRV-ATTR:host'],
- self.instance.status)
-
- self.instance.live_migrate(destination, True, True)
- self.wait_for_status('MIGRATING')
- self.wait_for_status('ACTIVE')
-
- if self.instance.status != 'ACTIVE':
- print "Failed to migrate instance, best to check by hand and see
what happened."
- return(1)
-
- imagedir = "/var/lib/nova/instances/%s" % self.instance_id
- former = "%s/disk.big" % imagedir
- future = "%s/disk" % imagedir
-
- args = ["ssh", "-i", "/root/.ssh/compute-hosts-key",
- "nova@%s.eqiad.wmnet" % destination,
- "ls", future]
- r = subprocess.call(args)
- if r:
- print ("Instance migrated but has unusual disk arrangement, so
there will be "
- "no post-migration shrinking.")
- return(0)
-
- print "Instance has migrated. Now suspending and recompressing..."
- self.instance.suspend()
- self.wait_for_status('SUSPENDED')
-
- args = ["ssh", "-i", "/root/.ssh/compute-hosts-key",
- "nova@%s.eqiad.wmnet" % destination,
- "mv", future, former]
- r = subprocess.call(args)
- if r:
- print "Unable to backup the instance's disk; aborting."
- return(1)
-
- args = ["ssh", "-i", "/root/.ssh/compute-hosts-key",
- "nova@%s.eqiad.wmnet" % destination,
- "qemu-img", "convert", "-O", "qcow2",
- former, future]
- r = subprocess.call(args)
- if r:
- print "Failed to recompress the original image. Possible
disaster."
- return(1)
-
- args = ["ssh", "-i", "/root/.ssh/compute-hosts-key",
- "nova@%s.eqiad.wmnet" % destination,
- "rm", former]
- r = subprocess.call(args)
- if r:
- print "Failed to clean up the original uncompressed disk image.
Weird."
- return(1)
-
- self.instance.resume()
- self.wait_for_status('ACTIVE')
-
- print
- print "Instance %s is now on host %s with status %s" % (
- self.instance_id,
- self.instance._info['OS-EXT-SRV-ATTR:host'],
- self.instance.status)
-
-
-if __name__ == "__main__":
- argparser = argparse.ArgumentParser('live-migrate',
- description='''Move an instance to a
different compute node''')
- argparser.add_argument(
- '--nova-user',
- help='username for nova auth',
- default='novaadmin'
- )
- argparser.add_argument(
- '--nova-pass',
- help='password for nova auth',
- required=True,
- )
- argparser.add_argument(
- '--nova-url',
- help='url for nova auth',
- default='http://labcontrol1001.wikimedia.org:35357/v2.0'
- )
- argparser.add_argument(
- '--nova-project',
- help='project for nova auth',
- default='admin'
- )
- argparser.add_argument(
- 'instanceid',
- help='instance id to migrate',
- )
- argparser.add_argument(
- 'destination',
- help='destination host, e.g. labvirt1005',
- )
- args = argparser.parse_args()
-
- sshargs = ["ssh", "-i", "/root/.ssh/compute-hosts-key",
- "nova@%s.eqiad.wmnet" % args.destination, "true"]
- r = subprocess.call(sshargs)
- if r:
- print "Remote execution failed; this whole enterprise is doomed."
- exit(1)
-
- novaclient = client.Client(args.nova_user,
- args.nova_pass,
- args.nova_project,
- args.nova_url)
-
- instance = NovaInstance(novaclient, args.instanceid)
- instance.migrate(args.destination)
diff --git a/modules/openstack/files/mitaka/virtscripts/logstat.py
b/modules/openstack/files/mitaka/virtscripts/logstat.py
index beb91c9..bd0ac72 100644
--- a/modules/openstack/files/mitaka/virtscripts/logstat.py
+++ b/modules/openstack/files/mitaka/virtscripts/logstat.py
@@ -1,8 +1,4 @@
#!/usr/bin/env python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/logstat.py
-#####################################################################
# encoding: utf-8
"""
logstat.py
diff --git a/modules/openstack/files/mitaka/virtscripts/prod.sh
b/modules/openstack/files/mitaka/virtscripts/prod.sh
index 1c072f5..6fc44f7 100644
--- a/modules/openstack/files/mitaka/virtscripts/prod.sh
+++ b/modules/openstack/files/mitaka/virtscripts/prod.sh
@@ -1,8 +1,4 @@
#!/bin/bash
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/openstack/mitaka/virtscripts/prod.sh
-#####################################################################
set -x
diff --git a/modules/openstack/manifests/envscripts.pp
b/modules/openstack/manifests/envscripts.pp
deleted file mode 100644
index a668a42..0000000
--- a/modules/openstack/manifests/envscripts.pp
+++ /dev/null
@@ -1,23 +0,0 @@
-# Scripts to set up shell environment for openstack commandline
-class openstack::envscripts(
- $novaconfig,
- $designateconfig
- ) {
-
- $nova_region = $::site
- # Handy script to set up environment for commandline nova magic
- file { '/root/novaenv.sh':
- content => template('openstack/novaenv.sh.erb'),
- mode => '0755',
- owner => 'root',
- group => 'root',
- }
-
- # Handy script to set up environment for commandline glance magic
- file { '/root/wmflabsorg-domainadminenv.sh':
- content => template('openstack/wmflabsorg-domainadminenv.sh.erb'),
- mode => '0755',
- owner => 'root',
- group => 'root',
- }
-}
diff --git a/modules/openstack/manifests/horizon/service.pp
b/modules/openstack/manifests/horizon/service.pp
index 3a70b66..b7ce1a9 100644
--- a/modules/openstack/manifests/horizon/service.pp
+++ b/modules/openstack/manifests/horizon/service.pp
@@ -264,7 +264,7 @@
# Arbitrary handy script that needs to be on the horizon host because it
only works with Liberty
file { '/root/makedomain':
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/makedomain",
+ source =>
"puppet:///modules/openstack2/${openstack_version}/admin_scripts/makedomain",
owner => 'root',
group => 'root',
mode => '0744',
diff --git a/modules/openstack/templates/novaenv.sh.erb
b/modules/openstack/templates/novaenv.sh.erb
deleted file mode 100644
index fdb1d34..0000000
--- a/modules/openstack/templates/novaenv.sh.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-export OS_USERNAME="novaadmin"
-export OS_PROJECT_DOMAIN_ID="default"
-export OS_USER_DOMAIN_ID="default"
-export OS_PASSWORD="<%= @novaconfig['ldap_user_pass'] %>"
-export OS_AUTH_URL="http://<%= @novaconfig['controller_hostname'] %>:35357/v3"
-export OS_REGION_NAME="<%= @nova_region %>"
-export OS_TENANT_NAME="admin"
-export OS_NO_CACHE=1
-export OS_IDENTITY_API_VERSION=3
-export NOVA_MYSQL_PASS="<%= @novaconfig['db_pass'] %>"
diff --git a/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb
b/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb
deleted file mode 100644
index d5debb6..0000000
--- a/modules/openstack/templates/wmflabsorg-domainadminenv.sh.erb
+++ /dev/null
@@ -1,11 +0,0 @@
-# The wmflabs.org domain is stored in a special project called 'wmflabsorg'.
-# This script sets up credentials for access within that project.
-export OS_USERNAME="<%= @designateconfig['wmflabsdotorg_admin'] %>"
-export OS_PROJECT_DOMAIN_ID="default"
-export OS_USER_DOMAIN_ID="default"
-export OS_PASSWORD="<%= @designateconfig['wmflabsdotorg_pass'] %>"
-export OS_AUTH_URL="http://<%= @novaconfig['controller_hostname'] %>:35357/v3"
-export OS_REGION_NAME="<%= @nova_region %>"
-export OS_TENANT_NAME="<%= @designateconfig['wmflabsdotorg_project'] %>"
-export OS_NO_CACHE=1
-export OS_IDENTITY_API_VERSION=3
diff --git a/modules/openstack2/files/keystone-admin-uwsgi.logrotate
b/modules/openstack2/files/keystone-admin-uwsgi.logrotate
deleted file mode 100644
index ad9a1b4..0000000
--- a/modules/openstack2/files/keystone-admin-uwsgi.logrotate
+++ /dev/null
@@ -1,8 +0,0 @@
-/var/log/designate/keystone-admin-uwsgi.log {
- daily
- missingok
- compress
- delaycompress
- notifempty
- copytruncate
-}
diff --git a/modules/openstack2/files/keystone-public-uwsgi.logrotate
b/modules/openstack2/files/keystone-public-uwsgi.logrotate
deleted file mode 100644
index 7766a2b..0000000
--- a/modules/openstack2/files/keystone-public-uwsgi.logrotate
+++ /dev/null
@@ -1,8 +0,0 @@
-/var/log/designate/keystone-public-uwsgi.log {
- daily
- missingok
- compress
- delaycompress
- notifempty
- copytruncate
-}
diff --git a/modules/openstack/files/liberty/virtscripts/cold-migrate
b/modules/openstack2/files/liberty/admin_scripts/cold-migrate
similarity index 96%
rename from modules/openstack/files/liberty/virtscripts/cold-migrate
rename to modules/openstack2/files/liberty/admin_scripts/cold-migrate
index e9f92ff..a291ffb 100755
--- a/modules/openstack/files/liberty/virtscripts/cold-migrate
+++ b/modules/openstack2/files/liberty/admin_scripts/cold-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/cold-migrate
-#####################################################################
"""
cold-migrate stops an instance, moves it to a new host,
and starts it. It also has to twiddle with the nova
diff --git a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate
b/modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate
similarity index 93%
rename from modules/openstack/files/liberty/virtscripts/cold-nova-migrate
rename to modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate
index ad0256f..c2df3ff 100755
--- a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate
+++ b/modules/openstack2/files/liberty/admin_scripts/cold-nova-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/cold-nova-migrate
-#####################################################################
"""
cold-nova-migrate is a not-very-smart wrapper around the standard
'nova migrate' feature. As documented, nova migration requires
diff --git a/modules/openstack/files/liberty/virtscripts/live-migrate
b/modules/openstack2/files/liberty/admin_scripts/live-migrate
similarity index 95%
rename from modules/openstack/files/liberty/virtscripts/live-migrate
rename to modules/openstack2/files/liberty/admin_scripts/live-migrate
index 7afa7c6..4269fc1 100755
--- a/modules/openstack/files/liberty/virtscripts/live-migrate
+++ b/modules/openstack2/files/liberty/admin_scripts/live-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/live-migrate
-#####################################################################
"""
live-migrate is a wrapper around nova's built-in block migrate
service.
diff --git a/modules/openstack/files/liberty/virtscripts/logstat.py
b/modules/openstack2/files/liberty/admin_scripts/logstat.py
similarity index 96%
rename from modules/openstack/files/liberty/virtscripts/logstat.py
rename to modules/openstack2/files/liberty/admin_scripts/logstat.py
index ce68344..bd0ac72 100644
--- a/modules/openstack/files/liberty/virtscripts/logstat.py
+++ b/modules/openstack2/files/liberty/admin_scripts/logstat.py
@@ -1,8 +1,4 @@
#!/usr/bin/env python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/logstat.py
-#####################################################################
# encoding: utf-8
"""
logstat.py
diff --git a/modules/openstack/files/mitaka/virtscripts/makedomain
b/modules/openstack2/files/liberty/admin_scripts/makedomain
similarity index 93%
rename from modules/openstack/files/mitaka/virtscripts/makedomain
rename to modules/openstack2/files/liberty/admin_scripts/makedomain
index b23e22c..f2cb519 100755
--- a/modules/openstack/files/mitaka/virtscripts/makedomain
+++ b/modules/openstack2/files/liberty/admin_scripts/makedomain
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/makedomain
-#####################################################################
"""
makedomain is a tool for creating subdomains of existing designate domains.
diff --git a/modules/openstack/files/novastats/alltrusty.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py
similarity index 100%
rename from modules/openstack/files/novastats/alltrusty.py
rename to modules/openstack2/files/liberty/admin_scripts/novastats/alltrusty.py
diff --git a/modules/openstack/files/novastats/diskspace.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py
similarity index 100%
rename from modules/openstack/files/novastats/diskspace.py
rename to modules/openstack2/files/liberty/admin_scripts/novastats/diskspace.py
diff --git a/modules/openstack/files/novastats/dnsleaks.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py
similarity index 100%
rename from modules/openstack/files/novastats/dnsleaks.py
rename to modules/openstack2/files/liberty/admin_scripts/novastats/dnsleaks.py
diff --git a/modules/openstack/files/novastats/flavorreport.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py
similarity index 100%
rename from modules/openstack/files/novastats/flavorreport.py
rename to
modules/openstack2/files/liberty/admin_scripts/novastats/flavorreport.py
diff --git a/modules/openstack/files/novastats/imagestats.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py
similarity index 100%
rename from modules/openstack/files/novastats/imagestats.py
rename to modules/openstack2/files/liberty/admin_scripts/novastats/imagestats.py
diff --git a/modules/openstack/files/novastats/proxyleaks.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py
similarity index 100%
rename from modules/openstack/files/novastats/proxyleaks.py
rename to modules/openstack2/files/liberty/admin_scripts/novastats/proxyleaks.py
diff --git a/modules/openstack/files/novastats/puppetleaks.py
b/modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py
similarity index 100%
rename from modules/openstack/files/novastats/puppetleaks.py
rename to
modules/openstack2/files/liberty/admin_scripts/novastats/puppetleaks.py
diff --git a/modules/openstack/files/liberty/virtscripts/prod.sh
b/modules/openstack2/files/liberty/admin_scripts/prod.sh
similarity index 86%
rename from modules/openstack/files/liberty/virtscripts/prod.sh
rename to modules/openstack2/files/liberty/admin_scripts/prod.sh
index d6badd9..6fc44f7 100644
--- a/modules/openstack/files/liberty/virtscripts/prod.sh
+++ b/modules/openstack2/files/liberty/admin_scripts/prod.sh
@@ -1,8 +1,4 @@
#!/bin/bash
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/openstack/liberty/virtscripts/prod.sh
-#####################################################################
set -x
diff --git a/modules/openstack/files/utils/wikitech-grep.py
b/modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py
similarity index 100%
rename from modules/openstack/files/utils/wikitech-grep.py
rename to modules/openstack2/files/liberty/admin_scripts/wikitech-grep.py
diff --git a/modules/openstack/files/liberty/virtscripts/cold-migrate
b/modules/openstack2/files/mitaka/admin_scripts/cold-migrate
similarity index 96%
copy from modules/openstack/files/liberty/virtscripts/cold-migrate
copy to modules/openstack2/files/mitaka/admin_scripts/cold-migrate
index e9f92ff..a291ffb 100755
--- a/modules/openstack/files/liberty/virtscripts/cold-migrate
+++ b/modules/openstack2/files/mitaka/admin_scripts/cold-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/cold-migrate
-#####################################################################
"""
cold-migrate stops an instance, moves it to a new host,
and starts it. It also has to twiddle with the nova
diff --git a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate
b/modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate
similarity index 93%
copy from modules/openstack/files/liberty/virtscripts/cold-nova-migrate
copy to modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate
index ad0256f..c2df3ff 100755
--- a/modules/openstack/files/liberty/virtscripts/cold-nova-migrate
+++ b/modules/openstack2/files/mitaka/admin_scripts/cold-nova-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/cold-nova-migrate
-#####################################################################
"""
cold-nova-migrate is a not-very-smart wrapper around the standard
'nova migrate' feature. As documented, nova migration requires
diff --git a/modules/openstack/files/liberty/virtscripts/live-migrate
b/modules/openstack2/files/mitaka/admin_scripts/live-migrate
similarity index 95%
copy from modules/openstack/files/liberty/virtscripts/live-migrate
copy to modules/openstack2/files/mitaka/admin_scripts/live-migrate
index 7afa7c6..4269fc1 100755
--- a/modules/openstack/files/liberty/virtscripts/live-migrate
+++ b/modules/openstack2/files/mitaka/admin_scripts/live-migrate
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/live-migrate
-#####################################################################
"""
live-migrate is a wrapper around nova's built-in block migrate
service.
diff --git a/modules/openstack/files/liberty/virtscripts/logstat.py
b/modules/openstack2/files/mitaka/admin_scripts/logstat.py
similarity index 96%
copy from modules/openstack/files/liberty/virtscripts/logstat.py
copy to modules/openstack2/files/mitaka/admin_scripts/logstat.py
index ce68344..bd0ac72 100644
--- a/modules/openstack/files/liberty/virtscripts/logstat.py
+++ b/modules/openstack2/files/mitaka/admin_scripts/logstat.py
@@ -1,8 +1,4 @@
#!/usr/bin/env python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/liberty/virtscripts/logstat.py
-#####################################################################
# encoding: utf-8
"""
logstat.py
diff --git a/modules/openstack/files/mitaka/virtscripts/makedomain
b/modules/openstack2/files/mitaka/admin_scripts/makedomain
similarity index 93%
copy from modules/openstack/files/mitaka/virtscripts/makedomain
copy to modules/openstack2/files/mitaka/admin_scripts/makedomain
index b23e22c..f2cb519 100755
--- a/modules/openstack/files/mitaka/virtscripts/makedomain
+++ b/modules/openstack2/files/mitaka/admin_scripts/makedomain
@@ -1,8 +1,4 @@
#!/usr/bin/python
-#####################################################################
-# THIS FILE IS MANAGED BY PUPPET
-# puppet:///modules/openstack/mitaka/virtscripts/makedomain
-#####################################################################
"""
makedomain is a tool for creating subdomains of existing designate domains.
diff --git a/modules/openstack/files/liberty/virtscripts/prod.sh
b/modules/openstack2/files/mitaka/admin_scripts/prod.sh
similarity index 86%
copy from modules/openstack/files/liberty/virtscripts/prod.sh
copy to modules/openstack2/files/mitaka/admin_scripts/prod.sh
index d6badd9..6fc44f7 100644
--- a/modules/openstack/files/liberty/virtscripts/prod.sh
+++ b/modules/openstack2/files/mitaka/admin_scripts/prod.sh
@@ -1,8 +1,4 @@
#!/bin/bash
-#####################################################################
-### THIS FILE IS MANAGED BY PUPPET
-### puppet:///modules/openstack/liberty/virtscripts/prod.sh
-#####################################################################
set -x
diff --git a/modules/openstack/files/spreadcheck.py
b/modules/openstack2/files/monitor/spreadcheck.py
similarity index 100%
rename from modules/openstack/files/spreadcheck.py
rename to modules/openstack2/files/monitor/spreadcheck.py
diff --git a/modules/openstack/manifests/spreadcheck.pp
b/modules/openstack2/manifests/monitor/spreadcheck.pp
similarity index 62%
rename from modules/openstack/manifests/spreadcheck.pp
rename to modules/openstack2/manifests/monitor/spreadcheck.pp
index 4a72c0e..e25fd3e 100644
--- a/modules/openstack/manifests/spreadcheck.pp
+++ b/modules/openstack2/manifests/monitor/spreadcheck.pp
@@ -1,36 +1,41 @@
-# == Class: openstack::spreadcheck
+# == Class: openstack::monitor::spreadcheck
# NRPE check to see if critical instances for a project
# are spread out enough among the labvirt* hosts
-class openstack::spreadcheck(
- $novaconfig,
+class openstack2::monitor::spreadcheck(
+ $active,
+ $nova_controller,
+ $nova_user,
+ $nova_password,
) {
-
- include ::passwords::labs::toollabs
-
- $nova_user = $passwords::labs::toollabs::nova_user
- $nova_password = $passwords::labs::toollabs::nova_password
- $nova_controller_hostname = $novaconfig['controller_hostname']
+ # monitoring::service doesn't take a bool
+ if $active {
+ $ensure = 'present'
+ }
+ else {
+ $ensure = 'absent'
+ }
# Script that checks how 'spread out' critical instances for a project
# are. See T101635
file { '/usr/local/bin/spreadcheck.py':
- ensure => present,
- source => 'puppet:///modules/openstack/spreadcheck.py',
- mode => '0755',
+ ensure => 'present',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source => 'puppet:///modules/openstack2/monitor/spreadcheck.py',
}
# Config file to check how spread out toollabs critical instances are
file { '/usr/local/etc/spreadcheck-tools.yaml':
- ensure => present,
- content => template('openstack/spreadcheck-tools.yaml.erb'),
- mode => '0400',
+ ensure => 'present',
owner => 'nagios',
group => 'nagios',
+ mode => '0400',
+ content => template('openstack2/monitor/spreadcheck-tools.yaml.erb'),
}
nrpe::monitor_service { 'check-tools-spread':
+ ensure => $ensure,
nrpe_command => '/usr/local/bin/spreadcheck.py --config
/usr/local/etc/spreadcheck-tools.yaml',
description => 'Tool Labs instance distribution',
require => File[
diff --git a/modules/openstack/manifests/adminscripts.pp
b/modules/openstack2/manifests/util/admin_scripts.pp
similarity index 63%
rename from modules/openstack/manifests/adminscripts.pp
rename to modules/openstack2/manifests/util/admin_scripts.pp
index e654a97..9348fcf 100644
--- a/modules/openstack/manifests/adminscripts.pp
+++ b/modules/openstack2/manifests/util/admin_scripts.pp
@@ -1,13 +1,9 @@
# helper scripts for Labs openstack administration
-class openstack::adminscripts(
- $novaconfig,
- $openstack_version = $::openstack::version,
- $nova_region = $::site,
+class openstack2::util::admin_scripts(
+ $version,
) {
- $wikitech_nova_ldap_user_pass = $novaconfig['ldap_user_pass']
- $nova_controller_hostname = $novaconfig['controller_hostname']
-
+ require_package('nova-common')
# Installing this package ensures that we have all the UIDs that
# are used to store an instance volume. That's important for
# when we rsync files via this host.
@@ -18,28 +14,28 @@
# Script to cold-migrate instances between compute nodes
file { '/root/cold-nova-migrate':
ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/cold-nova-migrate",
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/cold-nova-migrate",
}
# Script to migrate (with suspension) instances between compute nodes
file { '/root/live-migrate':
ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/live-migrate",
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/live-migrate",
}
# Set up keystone services (example script)
file { '/root/prod-example.sh':
ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/prod.sh",
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/prod.sh",
}
file { '/root/novastats':
@@ -48,69 +44,72 @@
}
file { '/root/novastats/imagestats.py':
- ensure => present,
- source => 'puppet:///modules/openstack/novastats/imagestats.py',
- mode => '0755',
- owner => 'root',
- group => 'root',
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/imagestats.py",
+ require => File['/root/novastats'],
}
file { '/root/novastats/diskspace.py':
ensure => present,
- source => 'puppet:///modules/openstack/novastats/diskspace.py',
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/diskspace.py",
+ require => File['/root/novastats'],
}
file { '/root/novastats/dnsleaks.py':
- ensure => present,
- source => 'puppet:///modules/openstack/novastats/dnsleaks.py',
- mode => '0755',
+ ensure => 'present',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/dnsleaks.py",
}
file { '/root/novastats/proxyleaks.py':
- ensure => present,
- source => 'puppet:///modules/openstack/novastats/proxyleaks.py',
- mode => '0755',
+ ensure => 'present',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/proxyleaks.py",
}
file { '/root/novastats/puppetleaks.py':
- ensure => present,
- source => 'puppet:///modules/openstack/novastats/puppetleaks.py',
- mode => '0755',
+ ensure => 'present',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/puppetleaks.py",
}
file { '/root/novastats/flavorreport.py':
ensure => present,
- source => 'puppet:///modules/openstack/novastats/flavorreport.py',
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/flavorreport.py",
}
file { '/root/novastats/alltrusty.py':
ensure => present,
- source => 'puppet:///modules/openstack/novastats/alltrusty.py',
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/novastats/alltrusty.py",
}
file { '/usr/local/sbin/wikitech-grep':
ensure => present,
- source => 'puppet:///modules/openstack/utils/wikitech-grep.py',
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/wikitech-grep.py",
}
+ # XXX: per deployment?
file { '/root/.ssh/compute-hosts-key':
content => secret('ssh/nova/nova.key'),
owner => 'nova',
@@ -125,9 +124,9 @@
# when nova is misbehaving.
file { '/root/cold-migrate':
ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/cold-migrate",
- mode => '0755',
owner => 'root',
group => 'root',
+ mode => '0755',
+ source =>
"puppet:///modules/openstack2/${version}/admin_scripts/cold-migrate",
}
}
diff --git a/modules/openstack2/manifests/util/envscripts.pp
b/modules/openstack2/manifests/util/envscripts.pp
new file mode 100644
index 0000000..7c43be8
--- /dev/null
+++ b/modules/openstack2/manifests/util/envscripts.pp
@@ -0,0 +1,27 @@
+# Scripts to set up shell environment for openstack commandline
+class openstack2::util::envscripts(
+ $ldap_user_pass,
+ $nova_controller,
+ $region,
+ $nova_db_pass,
+ $wmflabsdotorg_admin,
+ $wmflabsdotorg_pass,
+ $wmflabsdotorg_project,
+ ) {
+
+ # Handy script to set up environment for commandline nova magic
+ file { '/root/novaenv.sh':
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ content => template('openstack2/util/novaenv.sh.erb'),
+ }
+
+ # Handy script to set up environment for commandline glance magic
+ file { '/root/wmflabsorg-domainadminenv.sh':
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
+ content =>
template('openstack2/util/wmflabsorg-domainadminenv.sh.erb'),
+ }
+}
diff --git a/modules/openstack/templates/spreadcheck-tools.yaml.erb
b/modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb
similarity index 80%
rename from modules/openstack/templates/spreadcheck-tools.yaml.erb
rename to modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb
index d2706ce..8933895 100644
--- a/modules/openstack/templates/spreadcheck-tools.yaml.erb
+++ b/modules/openstack2/templates/monitor/spreadcheck-tools.yaml.erb
@@ -12,4 +12,4 @@
credentials:
username: '<%= @nova_user %>'
api_key: '<%= @nova_password %>'
- auth_url: 'http://<%= @nova_controller_hostname %>:35357/v2.0'
+ auth_url: 'http://<%= @nova_controller %>:35357/v2.0'
diff --git a/modules/openstack2/templates/util/novaenv.sh.erb
b/modules/openstack2/templates/util/novaenv.sh.erb
new file mode 100644
index 0000000..a1fb102
--- /dev/null
+++ b/modules/openstack2/templates/util/novaenv.sh.erb
@@ -0,0 +1,10 @@
+export OS_USERNAME="novaadmin"
+export OS_PROJECT_DOMAIN_ID="default"
+export OS_USER_DOMAIN_ID="default"
+export OS_PASSWORD="<%= @ldap_user_pass %>"
+export OS_AUTH_URL="http://<%= @nova_controller %>:35357/v3"
+export OS_REGION_NAME="<%= @region %>"
+export OS_TENANT_NAME="admin"
+export OS_NO_CACHE=1
+export OS_IDENTITY_API_VERSION=3
+export NOVA_MYSQL_PASS="<%= @nova_db_pass %>"
diff --git a/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb
b/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb
new file mode 100644
index 0000000..a85d39b
--- /dev/null
+++ b/modules/openstack2/templates/util/wmflabsorg-domainadminenv.sh.erb
@@ -0,0 +1,11 @@
+# The wmflabs.org domain is stored in a special project called 'wmflabsorg'.
+# This script sets up credentials for access within that project.
+export OS_USERNAME="<%= @wmflabsdotorg_admin %>"
+export OS_PROJECT_DOMAIN_ID="default"
+export OS_USER_DOMAIN_ID="default"
+export OS_PASSWORD="<%= @wmflabsdotorg_pass %>"
+export OS_AUTH_URL="http://<%= @nova_controller %>:35357/v3"
+export OS_REGION_NAME="<%= @region %>"
+export OS_TENANT_NAME="<%= @wmflabsdotorg_project %>"
+export OS_NO_CACHE=1
+export OS_IDENTITY_API_VERSION=3
diff --git a/modules/profile/manifests/openstack/base/keystone/service.pp
b/modules/profile/manifests/openstack/base/keystone/service.pp
index d174c95..19d4a7f 100644
--- a/modules/profile/manifests/openstack/base/keystone/service.pp
+++ b/modules/profile/manifests/openstack/base/keystone/service.pp
@@ -1,11 +1,13 @@
class profile::openstack::base::keystone::service(
$version = hiera('profile::openstack::base::version'),
+ $region = hiera('profile::openstack::base::region'),
$nova_controller = hiera('profile::openstack::base::nova_controller'),
$osm_host = hiera('profile::openstack::base::osm_host'),
$db_name = hiera('profile::openstack::base::keystone::db_name'),
$db_user = hiera('profile::openstack::base::keystone::db_user'),
$db_pass = hiera('profile::openstack::base::keystone::db_pass'),
$db_host = hiera('profile::openstack::base::keystone::db_host'),
+ $nova_db_pass = hiera('profile::openstack::base::nova::db_pass'),
$token_driver = hiera('profile::openstack::base::keystone::token_driver'),
$ldap_hosts = hiera('profile::openstack::base::ldap_hosts'),
$ldap_base_dn = hiera('profile::openstack::base::ldap_base_dn'),
@@ -25,6 +27,9 @@
$wiki_consumer_secret =
hiera('profile::openstack::base::keystone::wiki_consumer_secret'),
$wiki_access_token =
hiera('profile::openstack::base::keystone::wiki_access_token'),
$wiki_access_secret =
hiera('profile::openstack::base::keystone::wiki_access_secret'),
+ $wmflabsdotorg_admin =
hiera('profile::openstack::base::designate::wmflabsdotorg_admin'),
+ $wmflabsdotorg_pass =
hiera('profile::openstack::base::designate::wmflabsdotorg_pass'),
+ $wmflabsdotorg_project =
hiera('profile::openstack::base::designate::wmflabsdotorg_project'),
) {
class {'openstack2::keystone::service':
@@ -61,4 +66,18 @@
auth_port => $auth_port,
public_port => $public_port,
}
+
+ class {'openstack2::util::envscripts':
+ ldap_user_pass => $ldap_user_pass,
+ nova_controller => $nova_controller,
+ region => $region,
+ nova_db_pass => $nova_db_pass,
+ wmflabsdotorg_admin => $wmflabsdotorg_admin,
+ wmflabsdotorg_pass => $wmflabsdotorg_pass,
+ wmflabsdotorg_project => $wmflabsdotorg_project,
+ }
+
+ class {'openstack2::util::admin_scripts':
+ version => $version,
+ }
}
diff --git a/modules/profile/manifests/openstack/labtest/keystone/service.pp
b/modules/profile/manifests/openstack/labtest/keystone/service.pp
index 62ca78f..0999378 100644
--- a/modules/profile/manifests/openstack/labtest/keystone/service.pp
+++ b/modules/profile/manifests/openstack/labtest/keystone/service.pp
@@ -5,6 +5,7 @@
$db_host = hiera('profile::openstack::labtest::keystone::db_host'),
$token_driver =
hiera('profile::openstack::labtest::keystone::token_driver'),
$db_pass = hiera('profile::openstack::labtest::keystone::db_pass'),
+ $nova_db_pass = hiera('profile::openstack::labtest::nova::db_pass'),
$ldap_hosts = hiera('profile::openstack::labtest::ldap_hosts'),
$ldap_user_pass = hiera('profile::openstack::labtest::ldap_user_pass'),
$wiki_status_consumer_token =
hiera('profile::openstack::labtest::keystone::wiki_status_consumer_token'),
@@ -15,6 +16,9 @@
$wiki_consumer_secret =
hiera('profile::openstack::labtest::keystone::wiki_consumer_secret'),
$wiki_access_token =
hiera('profile::openstack::labtest::keystone::wiki_access_token'),
$wiki_access_secret =
hiera('profile::openstack::labtest::keystone::wiki_access_secret'),
+ $wmflabsdotorg_admin =
hiera('profile::openstack::base::designate::wmflabsdotorg_admin'),
+ $wmflabsdotorg_pass =
hiera('profile::openstack::base::designate::wmflabsdotorg_pass'),
+ $wmflabsdotorg_project =
hiera('profile::openstack::base::designate::wmflabsdotorg_project'),
) {
package {'mysql-server':
@@ -29,6 +33,7 @@
db_host => $db_host,
token_driver => $token_driver,
db_pass => $db_pass,
+ nova_db_pass => $nova_db_pass,
ldap_hosts => $ldap_hosts,
ldap_user_pass => $ldap_user_pass,
wiki_status_consumer_token => $wiki_status_consumer_token,
@@ -39,6 +44,9 @@
wiki_consumer_secret => $wiki_consumer_secret,
wiki_access_token => $wiki_access_token,
wiki_access_secret => $wiki_access_secret,
+ wmflabsdotorg_admin => $wmflabsdotorg_admin,
+ wmflabsdotorg_pass => $wmflabsdotorg_pass,
+ wmflabsdotorg_project => $wmflabsdotorg_project,
require => Package['mysql-server'],
}
diff --git a/modules/profile/manifests/openstack/labtestn/keystone/service.pp
b/modules/profile/manifests/openstack/labtestn/keystone/service.pp
index 17c62fd..a577bab 100644
--- a/modules/profile/manifests/openstack/labtestn/keystone/service.pp
+++ b/modules/profile/manifests/openstack/labtestn/keystone/service.pp
@@ -5,6 +5,7 @@
$db_host = hiera('profile::openstack::labtestn::keystone::db_host'),
$token_driver =
hiera('profile::openstack::labtestn::keystone::token_driver'),
$db_pass = hiera('profile::openstack::labtestn::keystone::db_pass'),
+ $nova_db_pass = hiera('profile::openstack::labtestn::nova::db_pass'),
$ldap_hosts = hiera('profile::openstack::labtestn::ldap_hosts'),
$ldap_user_pass = hiera('profile::openstack::labtestn::ldap_user_pass'),
$wiki_status_consumer_token =
hiera('profile::openstack::labtestn::keystone::wiki_status_consumer_token'),
@@ -15,6 +16,9 @@
$wiki_consumer_secret =
hiera('profile::openstack::labtestn::keystone::wiki_consumer_secret'),
$wiki_access_token =
hiera('profile::openstack::labtestn::keystone::wiki_access_token'),
$wiki_access_secret =
hiera('profile::openstack::labtestn::keystone::wiki_access_secret'),
+ $wmflabsdotorg_admin =
hiera('profile::openstack::labtestn::designate::wmflabsdotorg_admin'),
+ $wmflabsdotorg_pass =
hiera('profile::openstack::labtestn::designate::wmflabsdotorg_pass'),
+ $wmflabsdotorg_project =
hiera('profile::openstack::labtestn::designate::wmflabsdotorg_project'),
) {
package {'mysql-server':
@@ -29,6 +33,7 @@
db_host => $db_host,
token_driver => $token_driver,
db_pass => $db_pass,
+ nova_db_pass => $nova_db_pass,
ldap_hosts => $ldap_hosts,
ldap_user_pass => $ldap_user_pass,
wiki_status_consumer_token => $wiki_status_consumer_token,
@@ -39,6 +44,9 @@
wiki_consumer_secret => $wiki_consumer_secret,
wiki_access_token => $wiki_access_token,
wiki_access_secret => $wiki_access_secret,
+ wmflabsdotorg_admin => $wmflabsdotorg_admin,
+ wmflabsdotorg_pass => $wmflabsdotorg_pass,
+ wmflabsdotorg_project => $wmflabsdotorg_project,
require => Package['mysql-server'],
}
diff --git a/modules/profile/manifests/openstack/main/keystone/service.pp
b/modules/profile/manifests/openstack/main/keystone/service.pp
index c36d02d..5a4baed 100644
--- a/modules/profile/manifests/openstack/main/keystone/service.pp
+++ b/modules/profile/manifests/openstack/main/keystone/service.pp
@@ -7,6 +7,7 @@
$db_pass = hiera('profile::openstack::main::keystone::db_pass'),
$db_name = hiera(profile::openstack::base::keystone::db_name),
$db_user = hiera(profile::openstack::base::keystone::db_user),
+ $nova_db_pass = hiera('profile::openstack::main::nova::db_pass'),
$ldap_hosts = hiera('profile::openstack::main::ldap_hosts'),
$ldap_user_pass = hiera('profile::openstack::main::ldap_user_pass'),
$wiki_status_consumer_token =
hiera('profile::openstack::main::keystone::wiki_status_consumer_token'),
@@ -17,6 +18,8 @@
$wiki_consumer_secret =
hiera('profile::openstack::main::keystone::wiki_consumer_secret'),
$wiki_access_token =
hiera('profile::openstack::main::keystone::wiki_access_token'),
$wiki_access_secret =
hiera('profile::openstack::main::keystone::wiki_access_secret'),
+ $spread_check_user =
hiera('profile::openstack::main::monitor::spread_check_user'),
+ $spread_check_password =
hiera('profile::openstack::main::monitor::spread_check_password'),
) {
require profile::openstack::main::clientlib
@@ -27,6 +30,7 @@
db_host => $db_host,
token_driver => $token_driver,
db_pass => $db_pass,
+ nova_db_pass => $nova_db_pass,
ldap_hosts => $ldap_hosts,
ldap_user_pass => $ldap_user_pass,
wiki_status_consumer_token => $wiki_status_consumer_token,
@@ -37,6 +41,9 @@
wiki_consumer_secret => $wiki_consumer_secret,
wiki_access_token => $wiki_access_token,
wiki_access_secret => $wiki_access_secret,
+ wmflabsdotorg_admin => $wmflabsdotorg_admin,
+ wmflabsdotorg_pass => $wmflabsdotorg_pass,
+ wmflabsdotorg_project => $wmflabsdotorg_project,
}
class {'profile::openstack::base::keystone::hooks':
@@ -50,4 +57,11 @@
db_host => $db_host,
db_name => $db_name,
}
+
+ class {'openstack2::monitor::spreadcheck':
+ active => $::fqdn == $nova_controller,
+ nova_controller => $nova_controller,
+ nova_user => $spread_check_user,
+ nova_password => $spread_check_password,
+ }
}
diff --git a/modules/role/manifests/horizon.pp
b/modules/role/manifests/horizon.pp
index f116d74..fcbb23b 100644
--- a/modules/role/manifests/horizon.pp
+++ b/modules/role/manifests/horizon.pp
@@ -1,4 +1,6 @@
class role::horizon {
+ # TODO: Add openstack2::util::envscripts during profile conversion
+
include role::labs::openstack::nova::common
$novaconfig = $role::labs::openstack::nova::common::novaconfig
$designateconfig = hiera_hash('designateconfig', {})
@@ -13,10 +15,5 @@
proto => 'tcp',
port => '80',
srange => '$PRODUCTION_NETWORKS',
- }
-
- class { '::openstack::envscripts':
- novaconfig => $novaconfig,
- designateconfig => $designateconfig
}
}
diff --git a/modules/role/manifests/labs/openstack/nova/controller.pp
b/modules/role/manifests/labs/openstack/nova/controller.pp
index 8e77168..28db88c 100644
--- a/modules/role/manifests/labs/openstack/nova/controller.pp
+++ b/modules/role/manifests/labs/openstack/nova/controller.pp
@@ -10,19 +10,6 @@
$novaconfig = $role::labs::openstack::nova::common::novaconfig
$designateconfig = hiera_hash('designateconfig', {})
- class { '::openstack::adminscripts':
- novaconfig => $novaconfig
- }
-
- class { '::openstack::envscripts':
- novaconfig => $novaconfig,
- designateconfig => $designateconfig
- }
-
- class { '::openstack::spreadcheck':
- novaconfig => $novaconfig
- }
-
# TOBE: hiera'd
$labs_vms = $novaconfig['fixed_range']
$labs_metal = join(hiera('labs_baremetal_servers', []), ' ')
--
To view, visit https://gerrit.wikimedia.org/r/373685
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibc8e47e4ab670c242014807588a7bb871ee134e0
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
