def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt')
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
config['CONFIG_SWIFT_PROXY'] = config['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip()
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "'3260', '8776'"
config['FIREWALL_CHAIN'] = "INPUT"
if config['CONFIG_NOVA_INSTALL'] == 'y':
for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt'
)
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_trove.crt'
)
ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_trove.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'trove'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt')
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key')
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
ssl_host = config["CONFIG_CONTROLLER_HOST"]
ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt"
ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key"
service = "heat"
generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)
manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8004"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
'neutron' or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s"
sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_SAHARA_HOST']
ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_sahara.crt'
)
ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_sahara.key'
)
service = 'sahara'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('sahara_ceilometer')
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt'
)
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key'
)
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260', '8776']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y'
and config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
# Setting the default to 'swift' when Ironic is enabled
if config['CONFIG_IRONIC_INSTALL'] == 'y':
backend = 'swift'
config['CONFIG_GLANCE_BACKEND'] = backend
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt')
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key')
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "lvm":
manifestdata += getManifestTemplate("cinder_lvm.pp")
elif config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
elif config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
elif config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260', '8776']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron'
or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url)
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi
and host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw")
else:
data += getManifestTemplate("nova_common_nopw")
# We need to have class nova before class nova::api, so prepend
# instead of append
prependManifestFile(os.path.split(manifestfile)[1], data)
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
nova_hosts = compute_hosts
nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_nova.crt')
ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_nova.key')
service = 'nova'
for host in nova_hosts:
generate_ssl_cert(config, host, service, ssl_key_file,
ssl_cert_file)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ironic.crt'
)
ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ironic.key'
)
service = 'ironic'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron'
or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
else:
perms = "nova:%(CONFIG_NOVA_DB_PW)s"
sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms
config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi
and host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
data += getManifestTemplate("nova_common.pp")
appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config):
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST']
manifestdata += getManifestTemplate("cinder.pp")
if config['CONFIG_CINDER_BACKEND'] == "gluster":
manifestdata += getManifestTemplate("cinder_gluster.pp")
if config['CONFIG_CINDER_BACKEND'] == "nfs":
manifestdata += getManifestTemplate("cinder_nfs.pp")
if config['CONFIG_CINDER_BACKEND'] == "vmdk":
manifestdata += getManifestTemplate("cinder_vmdk.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
config['CONFIG_SWIFT_PROXY'] = config[
'CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip()
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "'3260', '8776'"
config['FIREWALL_CHAIN'] = "INPUT"
if config['CONFIG_NOVA_INSTALL'] == 'y':
for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt'
)
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key'
)
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifests(config):
global q_hosts
service_plugins = []
if config['CONFIG_NEUTRON_LBAAS_HOSTS']:
service_plugins.append(
'neutron.services.loadbalancer.plugin.LoadBalancerPlugin'
)
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2':
# ML2 uses the L3 Router service plugin to implement l3 agent
service_plugins.append(
'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'
)
config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins
else 'undef')
if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch':
nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local")
plugin_manifest = 'neutron_ovs_plugin_%s.pp' % nettype
elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge':
plugin_manifest = 'neutron_lb_plugin.pp'
elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2':
plugin_manifest = 'neutron_ml2_plugin.pp'
# host to which allow neutron server
allowed_hosts = set(q_hosts)
if config['CONFIG_CLIENT_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_OSCLIENT_HOST'])
if config['CONFIG_HORIZON_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_HORIZON_HOST'])
if config['CONFIG_NOVA_INSTALL'] == 'y':
allowed_hosts.add(config['CONFIG_NOVA_API_HOST'])
config['FIREWALL_SERVICE_NAME'] = "neutron server"
config['FIREWALL_PORTS'] = "'9696'"
config['FIREWALL_CHAIN'] = "INPUT"
for host in q_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron.pp")
manifest_data += getManifestTemplate(get_mq(config, "neutron"))
appendManifestFile(manifest_file, manifest_data, 'neutron')
if host in api_hosts:
manifest_file = "%s_neutron.pp" % (host,)
manifest_data = getManifestTemplate("neutron_api.pp")
# Firewall Rules
for f_host in allowed_hosts:
config['FIREWALL_ALLOWED'] = "'%s'" % f_host
config['FIREWALL_SERVICE_ID'] = "neutron_server_%s_%s" % (host, f_host)
manifest_data += getManifestTemplate("firewall.pp")
appendManifestFile(manifest_file, manifest_data, 'neutron')
# Set up any l2 plugin configs we need anywhere we install neutron
# XXX I am not completely sure about this, but it seems necessary:
manifest_data = getManifestTemplate(plugin_manifest)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_common_manifest(config, messages):
global compute_hosts, network_hosts
network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and
'neutron' or 'nova')
network_multi = len(network_hosts) > 1
dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')])
dbacces_hosts |= network_hosts
for manifestfile, marker in manifestfiles.getFiles():
pw_in_sqlconn = False
if manifestfile.endswith("_nova.pp"):
host, manifest = manifestfile.split('_', 1)
host = host.strip()
if host in compute_hosts and host not in dbacces_hosts:
# we should omit password in case we are installing only
# nova-compute to the host
perms = "nova"
pw_in_sqlconn = False
else:
perms = "nova:%s" % config['CONFIG_NOVA_DB_PW']
pw_in_sqlconn = True
mariadb_host_url = config['CONFIG_MARIADB_HOST_URL']
sqlconn = "mysql://%s@%s/nova" % (perms, mariadb_host_url)
if pw_in_sqlconn:
config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn
else:
config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn
# for nova-network in multihost mode each compute host is metadata
# host otherwise we use api host
if (network_type == 'nova' and network_multi and
host in compute_hosts):
metadata = host
else:
metadata = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_NOVA_METADATA_HOST'] = metadata
data = getManifestTemplate(get_mq(config, "nova_common"))
if pw_in_sqlconn:
data += getManifestTemplate("nova_common_pw")
else:
data += getManifestTemplate("nova_common_nopw")
appendManifestFile(os.path.split(manifestfile)[1], data)
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
nova_hosts = compute_hosts
nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')])
ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_nova.crt'
)
ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_nova.key'
)
service = 'nova'
for host in nova_hosts:
generate_ssl_cert(config, host, service,
ssl_key_file, ssl_cert_file)
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([sentinel_format %
(host, sentinel_port)
for host in sentinel_hosts
if host != sentinel_contact])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder.pp")
backends = config['CONFIG_CINDER_BACKEND'].strip('[]')
backends = [i.strip('\' ') for i in backends.split(',')]
if 'netapp' in backends:
backends.remove('netapp')
puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp"
puppet_cdot_nfs = "cinder_netapp_cdot_nfs.pp"
puppet_7mode_iscsi = "cinder_netapp_7mode_iscsi.pp"
puppet_7mode_nfs = "cinder_netapp_7mode_nfs.pp"
puppet_eseries = "cinder_netapp_eseries.pp"
if config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_cluster":
if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi":
manifestdata += getManifestTemplate(puppet_cdot_iscsi)
elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs":
manifestdata += getManifestTemplate(puppet_cdot_nfs)
elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_7mode":
if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi":
manifestdata += getManifestTemplate(puppet_7mode_iscsi)
elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs":
manifestdata += getManifestTemplate(puppet_7mode_nfs)
elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "eseries":
manifestdata += getManifestTemplate(puppet_eseries)
for backend in backends:
manifestdata += getManifestTemplate('cinder_%s.pp' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
# cinder API should be open for everyone
config['FIREWALL_SERVICE_NAME'] = "cinder-api"
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_API"
config['FIREWALL_PORTS'] = "['8776']"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_cinder.crt'
)
ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_cinder.key'
)
service = 'cinder'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder.pp")
backends = config['CONFIG_CINDER_BACKEND'].strip('[]')
backends = [i.strip('\' ') for i in backends.split(',')]
if 'netapp' in backends:
backends.remove('netapp')
puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp"
puppet_cdot_nfs = "cinder_netapp_cdot_nfs.pp"
puppet_7mode_iscsi = "cinder_netapp_7mode_iscsi.pp"
puppet_7mode_nfs = "cinder_netapp_7mode_nfs.pp"
puppet_eseries = "cinder_netapp_eseries.pp"
if config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_cluster":
if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi":
manifestdata += getManifestTemplate(puppet_cdot_iscsi)
elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs":
manifestdata += getManifestTemplate(puppet_cdot_nfs)
elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_7mode":
if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi":
manifestdata += getManifestTemplate(puppet_7mode_iscsi)
elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs":
manifestdata += getManifestTemplate(puppet_7mode_nfs)
elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "eseries":
manifestdata += getManifestTemplate(puppet_eseries)
for backend in backends:
manifestdata += getManifestTemplate('cinder_%s.pp' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer.pp')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup.pp')
config['FIREWALL_SERVICE_NAME'] = "cinder"
config['FIREWALL_PORTS'] = "['3260']"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
if (config['CONFIG_NOVA_INSTALL'] == 'y'
and config['CONFIG_VMWARE_BACKEND'] == 'n'):
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_ALL"
manifestdata += getManifestTemplate("firewall.pp")
# cinder API should be open for everyone
config['FIREWALL_SERVICE_NAME'] = "cinder-api"
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "cinder_API"
config['FIREWALL_PORTS'] = "['8776']"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([
sentinel_format % (host, sentinel_port)
for host in sentinel_hosts if host != sentinel_contact
])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages):
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp")
appendManifestFile(manifestfile, manifestdata)
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
config['FIREWALL_PORTS'] = "'8000'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat_cfn"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
config['FIREWALL_SERVICE_NAME'] = "heat_cfn"
config['FIREWALL_PORTS'] = "'8000'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat_cfn"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp")
config['FIREWALL_SERVICE_NAME'] = "heat"
config['FIREWALL_PORTS'] = "'8004'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat.pp")
if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y':
manifestdata += getManifestTemplate("heat_trusts.pp")
config['FIREWALL_SERVICE_NAME'] = "heat"
config['FIREWALL_PORTS'] = "'8004'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "heat"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
if config['CONFIG_HEAT_CLOUDWATCH_INSTALL'] == 'y':
config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_CLOUDWATCH_HOST']
else:
config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_HOST']
if config['CONFIG_HEAT_CFN_INSTALL'] == 'y':
config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_CFN_HOST']
else:
config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_HOST']
manifestfile = "%s_heat.pp" % controller.CONF['CONFIG_HEAT_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
manifestfile = "%s_ceilometer.pp" % config["CONFIG_CEILOMETER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp")
config["FIREWALL_ALLOWED"] = "'ALL'"
config["FIREWALL_SERVICE_NAME"] = "ceilometer-api"
config["FIREWALL_SERVICE_ID"] = "ceilometer_api"
config["FIREWALL_PORTS"] = "'8777'"
config["FIREWALL_CHAIN"] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp")
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config["CONFIG_NOVA_INSTALL"] == "n":
manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CEILOMETER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api'
config['FIREWALL_SERVICE_ID'] = 'ceilometer_api'
config['FIREWALL_PORTS'] = "'8777'"
config['FIREWALL_CHAIN'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp")
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_manila.crt'
)
ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_manila.key'
)
service = 'manila'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
# Change these from text to Boolean values
boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS']
for key in [k for k in boolean_keys if k in config]:
if config[key].lower() == "true":
config[key] = True
elif config[key].lower() == "false":
config[key] = False
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
manifestdata += getManifestTemplate("manila_network.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_manila.crt')
ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_manila.key')
service = 'manila'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
# Change these from text to Boolean values
boolean_keys = [
'CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'
]
for key in [k for k in boolean_keys if k in config]:
if config[key].lower() == "true":
config[key] = True
elif config[key].lower() == "false":
config[key] = False
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
manifestdata += getManifestTemplate("manila_network.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages):
manifestfile = "%s_glance.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "glance_API"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat cfn"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8000"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat cfn"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def createcomputemanifest(config):
global compute_hosts, network_hosts
for host in compute_hosts:
config["CONFIG_NOVA_COMPUTE_HOST"] = host
manifestdata = getManifestTemplate("nova_compute.pp")
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
config['CONFIG_CINDER_BACKEND'] == 'gluster'):
manifestdata += getManifestTemplate("nova_gluster.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
config['CONFIG_CINDER_BACKEND'] == 'nfs'):
manifestdata += getManifestTemplate("nova_nfs.pp")
manifestfile = "%s_nova.pp" % host
nova_config_options = NovaConfig()
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
nova_config_options.addOption("DEFAULT/flat_interface",
config['CONFIG_NOVA_COMPUTE_PRIVIF'])
check_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF'])
try:
bring_up_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF'])
except ScriptRuntimeError as ex:
# just warn user to do it by himself
controller.MESSAGES.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate(get_mq(config, "nova_ceilometer"))
# According to the docs the only element that connects directly to nova compute
# is nova scheduler
# http://docs.openstack.org/developer/nova/nova.concepts.html#concept-system-architecture
config['FIREWALL_ALLOWED'] = "'%s'" % (config['CONFIG_NOVA_SCHED_HOST'].strip())
config['FIREWALL_SERVICE_NAME'] = "nova compute"
config['FIREWALL_SERVICE_ID'] = "nova_compute"
config['FIREWALL_PORTS'] = "'5900-5999'"
config['FIREWALL_CHAIN'] = "INPUT"
manifestdata += getManifestTemplate("firewall.pp")
manifestdata += "\n" + nova_config_options.getManifestEntry()
appendManifestFile(manifestfile, manifestdata)
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat cfn"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def createcomputemanifest(config):
global compute_hosts, network_hosts
for host in compute_hosts:
config["CONFIG_NOVA_COMPUTE_HOST"] = host
manifestdata = getManifestTemplate("nova_compute.pp")
if config['CONFIG_VMWARE_BACKEND'] == 'y':
manifestdata += getManifestTemplate("nova_compute_vmware.pp")
else:
manifestdata += getManifestTemplate("nova_compute_libvirt.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
config['CONFIG_CINDER_BACKEND'] == 'gluster'):
manifestdata += getManifestTemplate("nova_gluster.pp")
if (config['CONFIG_VMWARE_BACKEND'] != 'y' and
config['CONFIG_CINDER_INSTALL'] == 'y' and
config['CONFIG_CINDER_BACKEND'] == 'nfs'):
manifestdata += getManifestTemplate("nova_nfs.pp")
manifestfile = "%s_nova.pp" % host
nova_config_options = NovaConfig()
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
if host not in network_hosts:
nova_config_options.addOption("DEFAULT/flat_interface",
config['CONFIG_NOVA_COMPUTE_PRIVIF'])
check_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF'])
try:
bring_up_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF'])
except ScriptRuntimeError as ex:
# just warn user to do it by himself
controller.MESSAGES.append(str(ex))
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate(get_mq(config, "nova_ceilometer"))
# According to the docs the only element that connects directly to nova compute
# is nova scheduler
# http://docs.openstack.org/developer/nova/nova.concepts.html#concept-system-architecture
# config['FIREWALL_ALLOWED'] = "'%s'" % (config['CONFIG_NOVA_SCHED_HOST'].strip())
# config['FIREWALL_SERVICE_NAME'] = "nova compute"
# config['FIREWALL_SERVICE_ID'] = "nova_compute"
# config['FIREWALL_PORTS'] = "'5900-5999'"
# config['FIREWALL_CHAIN'] = "INPUT"
# manifestdata += getManifestTemplate("firewall.pp")
manifestdata += "\n" + nova_config_options.getManifestEntry()
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp")
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api'
config['FIREWALL_SERVICE_ID'] = 'ceilometer_api'
config['FIREWALL_PORTS'] = "'8777'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
manifestdata += getManifestTemplate("firewall.pp")
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
config['FIREWALL_CHAIN'] = "INPUT"
config['FIREWALL_PROTOCOL'] = 'tcp'
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "glance_API"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def createmanifest(config):
manifestfile = "%s_glance.pp" % controller.CONF['CONFIG_GLANCE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate(get_mq(config, "glance_ceilometer"))
config['FIREWALL_SERVICE_NAME'] = "glance"
config['FIREWALL_PORTS'] = "'9292'"
config['FIREWALL_CHAIN'] = "INPUT"
if config['CONFIG_NOVA_INSTALL'] == 'y':
for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']):
config['FIREWALL_ALLOWED'] = "'%s'" % host
config['FIREWALL_SERVICE_ID'] = "glance_%s" % host
manifestdata += getManifestTemplate("firewall.pp")
else:
config['FIREWALL_ALLOWED'] = "'ALL'"
config['FIREWALL_SERVICE_ID'] = "glance_ALL"
manifestdata += getManifestTemplate("firewall.pp")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages):
if (config['CONFIG_TROVE_NOVA_USER'] == 'admin' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_KEYSTONE_ADMIN_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
