def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "aodh")) manifestdata += getManifestTemplate("aodh") manifestdata += getManifestTemplate("apache_ports") if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt') ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_aodh.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'aodh' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "aodh_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "aodh-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AODH_RULES') appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config): manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST'] manifestdata += getManifestTemplate("cinder.pp") if config['CONFIG_CINDER_BACKEND'] == "gluster": manifestdata += getManifestTemplate("cinder_gluster.pp") if config['CONFIG_CINDER_BACKEND'] == "nfs": manifestdata += getManifestTemplate("cinder_nfs.pp") if config['CONFIG_CINDER_BACKEND'] == "vmdk": manifestdata += getManifestTemplate("cinder_vmdk.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': config['CONFIG_SWIFT_PROXY'] = config['CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip() manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "'3260', '8776'" config['FIREWALL_CHAIN'] = "INPUT" if config['CONFIG_NOVA_INSTALL'] == 'y': for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "aodh")) manifestdata += getManifestTemplate("aodh") if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt' ) ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_aodh.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'aodh' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "aodh_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "aodh-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AODH_RULES') appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_trove.crt' ) ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_trove.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'trove' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW'] manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "trove")) manifestdata += getManifestTemplate('trove.pp') fw_details = dict() key = "trove" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "trove api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_glance.crt') ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_glance.key') service = 'glance' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config["CONFIG_AMQP_ENABLE_SSL"] == "y": ssl_host = config["CONFIG_CONTROLLER_HOST"] ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt" ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key" service = "heat" generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "heat" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8004"] fw_details[key]["proto"] = "tcp" config["FIREWALL_HEAT_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_HEAT_RULES") appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_common_manifest(config, messages): global compute_hosts, network_hosts network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron' or 'nova') network_multi = len(network_hosts) > 1 dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() if host in compute_hosts and host not in dbacces_hosts: # we should omit password in case we are installing only # nova-compute to the host perms = "nova" else: perms = "nova:%(CONFIG_NOVA_DB_PW)s" sqlconn = "mysql://%s@%%(CONFIG_MYSQL_HOST)s/nova" % perms config['CONFIG_NOVA_SQL_CONN'] = sqlconn % config # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host if (network_type == 'nova' and network_multi and host in compute_hosts): metadata = host else: metadata = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) data += getManifestTemplate("nova_common.pp") appendManifestFile(os.path.split(manifestfile)[1], data)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_SAHARA_HOST'] ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_sahara.crt' ) ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_sahara.key' ) service = 'sahara' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate(get_mq(config, "sahara")) manifestdata += getManifestTemplate("sahara.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('sahara_ceilometer') fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "sahara api" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_heat.crt' ) ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_heat.key' ) service = 'heat' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8004'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata += getManifestTemplate("cinder.pp") if config['CONFIG_CINDER_BACKEND'] == "gluster": manifestdata += getManifestTemplate("cinder_gluster.pp") if config['CONFIG_CINDER_BACKEND'] == "nfs": manifestdata += getManifestTemplate("cinder_nfs.pp") if config['CONFIG_CINDER_BACKEND'] == "vmdk": manifestdata += getManifestTemplate("cinder_vmdk.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "['3260', '8776']" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] # Setting the default to 'swift' when Ironic is enabled if config['CONFIG_IRONIC_INSTALL'] == 'y': backend = 'swift' config['CONFIG_GLANCE_BACKEND'] = backend manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_heat.crt') ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_heat.key') service = 'heat' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8004'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata += getManifestTemplate("cinder.pp") if config['CONFIG_CINDER_BACKEND'] == "lvm": manifestdata += getManifestTemplate("cinder_lvm.pp") elif config['CONFIG_CINDER_BACKEND'] == "gluster": manifestdata += getManifestTemplate("cinder_gluster.pp") elif config['CONFIG_CINDER_BACKEND'] == "nfs": manifestdata += getManifestTemplate("cinder_nfs.pp") elif config['CONFIG_CINDER_BACKEND'] == "vmdk": manifestdata += getManifestTemplate("cinder_vmdk.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "['3260', '8776']" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_common_manifest(config, messages): global compute_hosts, network_hosts network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron' or 'nova') network_multi = len(network_hosts) > 1 dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): pw_in_sqlconn = False if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() if host in compute_hosts and host not in dbacces_hosts: # we should omit password in case we are installing only # nova-compute to the host perms = "nova" pw_in_sqlconn = False else: perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] pw_in_sqlconn = True mariadb_host_url = config['CONFIG_MARIADB_HOST_URL'] sqlconn = "mysql+pymysql://%s@%s/nova" % (perms, mariadb_host_url) if pw_in_sqlconn: config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn else: config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host if (network_type == 'nova' and network_multi and host in compute_hosts): metadata = host else: metadata = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) if pw_in_sqlconn: data += getManifestTemplate("nova_common_pw") else: data += getManifestTemplate("nova_common_nopw") # We need to have class nova before class nova::api, so prepend # instead of append prependManifestFile(os.path.split(manifestfile)[1], data) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': nova_hosts = compute_hosts nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')]) ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_nova.crt') ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_nova.key') service = 'nova' for host in nova_hosts: generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ironic.crt' ) ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ironic.key' ) service = 'ironic' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ironic")) manifestdata += getManifestTemplate("ironic.pp") fw_details = dict() key = "ironic-api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ironic-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['6385'] fw_details[key]['proto'] = "tcp" config['FIREWALL_IRONIC_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config): manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % controller.CONF['CONFIG_CINDER_HOST'] manifestdata += getManifestTemplate("cinder.pp") if config['CONFIG_CINDER_BACKEND'] == "gluster": manifestdata += getManifestTemplate("cinder_gluster.pp") if config['CONFIG_CINDER_BACKEND'] == "nfs": manifestdata += getManifestTemplate("cinder_nfs.pp") if config['CONFIG_CINDER_BACKEND'] == "vmdk": manifestdata += getManifestTemplate("cinder_vmdk.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': config['CONFIG_SWIFT_PROXY'] = config[ 'CONFIG_SWIFT_PROXY_HOSTS'].split(',')[0].strip() manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "'3260', '8776'" config['FIREWALL_CHAIN'] = "INPUT" if config['CONFIG_NOVA_INSTALL'] == 'y': for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_glance.crt' ) ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_glance.key' ) service = 'glance' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifests(config): global q_hosts service_plugins = [] if config['CONFIG_NEUTRON_LBAAS_HOSTS']: service_plugins.append( 'neutron.services.loadbalancer.plugin.LoadBalancerPlugin' ) if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2': # ML2 uses the L3 Router service plugin to implement l3 agent service_plugins.append( 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin' ) config['SERVICE_PLUGINS'] = (str(service_plugins) if service_plugins else 'undef') if config['CONFIG_NEUTRON_L2_PLUGIN'] == 'openvswitch': nettype = config.get("CONFIG_NEUTRON_OVS_TENANT_NETWORK_TYPE", "local") plugin_manifest = 'neutron_ovs_plugin_%s.pp' % nettype elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'linuxbridge': plugin_manifest = 'neutron_lb_plugin.pp' elif config['CONFIG_NEUTRON_L2_PLUGIN'] == 'ml2': plugin_manifest = 'neutron_ml2_plugin.pp' # host to which allow neutron server allowed_hosts = set(q_hosts) if config['CONFIG_CLIENT_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_OSCLIENT_HOST']) if config['CONFIG_HORIZON_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_HORIZON_HOST']) if config['CONFIG_NOVA_INSTALL'] == 'y': allowed_hosts.add(config['CONFIG_NOVA_API_HOST']) config['FIREWALL_SERVICE_NAME'] = "neutron server" config['FIREWALL_PORTS'] = "'9696'" config['FIREWALL_CHAIN'] = "INPUT" for host in q_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron.pp") manifest_data += getManifestTemplate(get_mq(config, "neutron")) appendManifestFile(manifest_file, manifest_data, 'neutron') if host in api_hosts: manifest_file = "%s_neutron.pp" % (host,) manifest_data = getManifestTemplate("neutron_api.pp") # Firewall Rules for f_host in allowed_hosts: config['FIREWALL_ALLOWED'] = "'%s'" % f_host config['FIREWALL_SERVICE_ID'] = "neutron_server_%s_%s" % (host, f_host) manifest_data += getManifestTemplate("firewall.pp") appendManifestFile(manifest_file, manifest_data, 'neutron') # Set up any l2 plugin configs we need anywhere we install neutron # XXX I am not completely sure about this, but it seems necessary: manifest_data = getManifestTemplate(plugin_manifest) appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_common_manifest(config, messages): global compute_hosts, network_hosts network_type = (config['CONFIG_NEUTRON_INSTALL'] == "y" and 'neutron' or 'nova') network_multi = len(network_hosts) > 1 dbacces_hosts = set([config.get('CONFIG_CONTROLLER_HOST')]) dbacces_hosts |= network_hosts for manifestfile, marker in manifestfiles.getFiles(): pw_in_sqlconn = False if manifestfile.endswith("_nova.pp"): host, manifest = manifestfile.split('_', 1) host = host.strip() if host in compute_hosts and host not in dbacces_hosts: # we should omit password in case we are installing only # nova-compute to the host perms = "nova" pw_in_sqlconn = False else: perms = "nova:%s" % config['CONFIG_NOVA_DB_PW'] pw_in_sqlconn = True mariadb_host_url = config['CONFIG_MARIADB_HOST_URL'] sqlconn = "mysql://%s@%s/nova" % (perms, mariadb_host_url) if pw_in_sqlconn: config['CONFIG_NOVA_SQL_CONN_PW'] = sqlconn else: config['CONFIG_NOVA_SQL_CONN_NOPW'] = sqlconn # for nova-network in multihost mode each compute host is metadata # host otherwise we use api host if (network_type == 'nova' and network_multi and host in compute_hosts): metadata = host else: metadata = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_NOVA_METADATA_HOST'] = metadata data = getManifestTemplate(get_mq(config, "nova_common")) if pw_in_sqlconn: data += getManifestTemplate("nova_common_pw") else: data += getManifestTemplate("nova_common_nopw") appendManifestFile(os.path.split(manifestfile)[1], data) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': nova_hosts = compute_hosts nova_hosts |= set([config.get('CONFIG_CONTROLLER_HOST')]) ssl_cert_file = config['CONFIG_NOVA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_nova.crt' ) ssl_key_file = config['CONFIG_NOVA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_nova.key' ) service = 'nova' for host in nova_hosts: generate_ssl_cert(config, host, service, ssl_key_file, ssl_cert_file)
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': # Determine if we need to configure multiple sentinel hosts as # fallbacks for use in coordination url. sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( sentinel_host) else: config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if len(sentinel_hosts) > 1: sentinel_format = 'sentinel_fallback=%s:%s' if config['CONFIG_IP_VERSION'] == 'ipv6': sentinel_format = 'sentinel_fallback=[%s]:%s' sentinel_fallbacks = '&'.join([sentinel_format % (host, sentinel_port) for host in sentinel_hosts if host != sentinel_contact]) else: sentinel_fallbacks = '' config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt' ) ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder.pp") backends = config['CONFIG_CINDER_BACKEND'].strip('[]') backends = [i.strip('\' ') for i in backends.split(',')] if 'netapp' in backends: backends.remove('netapp') puppet_cdot_iscsi = "cinder_netapp_cdot_iscsi.pp" puppet_cdot_nfs = "cinder_netapp_cdot_nfs.pp" puppet_7mode_iscsi = "cinder_netapp_7mode_iscsi.pp" puppet_7mode_nfs = "cinder_netapp_7mode_nfs.pp" puppet_eseries = "cinder_netapp_eseries.pp" if config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_cluster": if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi": manifestdata += getManifestTemplate(puppet_cdot_iscsi) elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs": manifestdata += getManifestTemplate(puppet_cdot_nfs) elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "ontap_7mode": if config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "iscsi": manifestdata += getManifestTemplate(puppet_7mode_iscsi) elif config['CONFIG_CINDER_NETAPP_STORAGE_PROTOCOL'] == "nfs": manifestdata += getManifestTemplate(puppet_7mode_nfs) elif config['CONFIG_CINDER_NETAPP_STORAGE_FAMILY'] == "eseries": manifestdata += getManifestTemplate(puppet_eseries) for backend in backends: manifestdata += getManifestTemplate('cinder_%s.pp' % backend) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer.pp') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup.pp') config['FIREWALL_SERVICE_NAME'] = "cinder" config['FIREWALL_PORTS'] = "['3260']" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "cinder_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_ALL" manifestdata += getManifestTemplate("firewall.pp") # cinder API should be open for everyone config['FIREWALL_SERVICE_NAME'] = "cinder-api" config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "cinder_API" config['FIREWALL_PORTS'] = "['8776']" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_cinder.crt' ) ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_cinder.key' ) service = 'cinder' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder") for backend in config['CONFIG_CINDER_BACKEND']: manifestdata += getManifestTemplate('cinder_%s' % backend) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup') fw_details = dict() for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): key = "cinder_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host else: key = "cinder_all" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3260'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') # cinder API should be open for everyone fw_details = dict() key = "cinder_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8776'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat.pp") if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': manifestdata += getManifestTemplate("heat_trusts.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': # Determine if we need to configure multiple sentinel hosts as # fallbacks for use in coordination url. sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( sentinel_host) else: config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if len(sentinel_hosts) > 1: sentinel_format = 'sentinel_fallback=%s:%s' if config['CONFIG_IP_VERSION'] == 'ipv6': sentinel_format = 'sentinel_fallback=[%s]:%s' sentinel_fallbacks = '&'.join([ sentinel_format % (host, sentinel_port) for host in sentinel_hosts if host != sentinel_contact ]) else: sentinel_fallbacks = '' config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt') ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn.pp") config['FIREWALL_SERVICE_NAME'] = "heat_cfn" config['FIREWALL_PORTS'] = "'8000'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "heat_cfn" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat.pp") if config.get('CONFIG_HEAT_USING_TRUSTS', 'n') == 'y': manifestdata += getManifestTemplate("heat_trusts.pp") config['FIREWALL_SERVICE_NAME'] = "heat" config['FIREWALL_PORTS'] = "'8004'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "heat" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config): if config['CONFIG_HEAT_CLOUDWATCH_INSTALL'] == 'y': config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_CLOUDWATCH_HOST'] else: config['CONFIG_HEAT_WATCH_HOST'] = config['CONFIG_HEAT_HOST'] if config['CONFIG_HEAT_CFN_INSTALL'] == 'y': config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_CFN_HOST'] else: config['CONFIG_HEAT_METADATA_HOST'] = config['CONFIG_HEAT_HOST'] manifestfile = "%s_heat.pp" % controller.CONF['CONFIG_HEAT_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder") for backend in config['CONFIG_CINDER_BACKEND']: manifestdata += getManifestTemplate('cinder_%s' % backend) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup') fw_details = dict() for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): key = "cinder_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host else: key = "cinder_all" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3260'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') # cinder API should be open for everyone fw_details = dict() key = "cinder_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8776'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config): manifestfile = "%s_ceilometer.pp" % config["CONFIG_CEILOMETER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer.pp") config["FIREWALL_ALLOWED"] = "'ALL'" config["FIREWALL_SERVICE_NAME"] = "ceilometer-api" config["FIREWALL_SERVICE_ID"] = "ceilometer_api" config["FIREWALL_PORTS"] = "'8777'" config["FIREWALL_CHAIN"] = "INPUT" manifestdata += getManifestTemplate("firewall.pp") # Add a template that creates a group for nova because the ceilometer # class needs it if config["CONFIG_NOVA_INSTALL"] == "n": manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CEILOMETER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer.pp") config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api' config['FIREWALL_SERVICE_ID'] = 'ceilometer_api' config['FIREWALL_PORTS'] = "'8777'" config['FIREWALL_CHAIN'] = "INPUT" manifestdata += getManifestTemplate("firewall.pp") # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_manila.crt' ) ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_manila.key' ) service = 'manila' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) # Change these from text to Boolean values boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS', 'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'] for key in [k for k in boolean_keys if k in config]: if config[key].lower() == "true": config[key] = True elif config[key].lower() == "false": config[key] = False manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") manifestdata += getManifestTemplate("manila_network.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_manila.crt') ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_manila.key') service = 'manila' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) # Change these from text to Boolean values boolean_keys = [ 'CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS', 'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS' ] for key in [k for k in boolean_keys if k in config]: if config[key].lower() == "true": config[key] = True elif config[key].lower() == "false": config[key] = False manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") manifestdata += getManifestTemplate("manila_network.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages): manifestfile = "%s_glance.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) config['FIREWALL_SERVICE_NAME'] = "glance" config['FIREWALL_PORTS'] = "'9292'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "glance_API" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "heat cfn" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8000"] fw_details[key]["proto"] = "tcp" config["FIREWALL_HEAT_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_HEAT_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn.pp") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat cfn" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8000'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CFN_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def createcomputemanifest(config): global compute_hosts, network_hosts for host in compute_hosts: config["CONFIG_NOVA_COMPUTE_HOST"] = host manifestdata = getManifestTemplate("nova_compute.pp") if config['CONFIG_VMWARE_BACKEND'] == 'y': manifestdata += getManifestTemplate("nova_compute_vmware.pp") else: manifestdata += getManifestTemplate("nova_compute_libvirt.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and config['CONFIG_CINDER_BACKEND'] == 'gluster'): manifestdata += getManifestTemplate("nova_gluster.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and config['CONFIG_CINDER_BACKEND'] == 'nfs'): manifestdata += getManifestTemplate("nova_nfs.pp") manifestfile = "%s_nova.pp" % host nova_config_options = NovaConfig() if config['CONFIG_NEUTRON_INSTALL'] != 'y': if host not in network_hosts: nova_config_options.addOption("DEFAULT/flat_interface", config['CONFIG_NOVA_COMPUTE_PRIVIF']) check_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF']) try: bring_up_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF']) except ScriptRuntimeError as ex: # just warn user to do it by himself controller.MESSAGES.append(str(ex)) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate(get_mq(config, "nova_ceilometer")) # According to the docs the only element that connects directly to nova compute # is nova scheduler # http://docs.openstack.org/developer/nova/nova.concepts.html#concept-system-architecture config['FIREWALL_ALLOWED'] = "'%s'" % (config['CONFIG_NOVA_SCHED_HOST'].strip()) config['FIREWALL_SERVICE_NAME'] = "nova compute" config['FIREWALL_SERVICE_ID'] = "nova_compute" config['FIREWALL_PORTS'] = "'5900-5999'" config['FIREWALL_CHAIN'] = "INPUT" manifestdata += getManifestTemplate("firewall.pp") manifestdata += "\n" + nova_config_options.getManifestEntry() appendManifestFile(manifestfile, manifestdata)
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat cfn" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8000'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CFN_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def createcomputemanifest(config): global compute_hosts, network_hosts for host in compute_hosts: config["CONFIG_NOVA_COMPUTE_HOST"] = host manifestdata = getManifestTemplate("nova_compute.pp") if config['CONFIG_VMWARE_BACKEND'] == 'y': manifestdata += getManifestTemplate("nova_compute_vmware.pp") else: manifestdata += getManifestTemplate("nova_compute_libvirt.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and config['CONFIG_CINDER_BACKEND'] == 'gluster'): manifestdata += getManifestTemplate("nova_gluster.pp") if (config['CONFIG_VMWARE_BACKEND'] != 'y' and config['CONFIG_CINDER_INSTALL'] == 'y' and config['CONFIG_CINDER_BACKEND'] == 'nfs'): manifestdata += getManifestTemplate("nova_nfs.pp") manifestfile = "%s_nova.pp" % host nova_config_options = NovaConfig() if config['CONFIG_NEUTRON_INSTALL'] != 'y': if host not in network_hosts: nova_config_options.addOption("DEFAULT/flat_interface", config['CONFIG_NOVA_COMPUTE_PRIVIF']) check_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF']) try: bring_up_ifcfg(host, config['CONFIG_NOVA_COMPUTE_PRIVIF']) except ScriptRuntimeError as ex: # just warn user to do it by himself controller.MESSAGES.append(str(ex)) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate(get_mq(config, "nova_ceilometer")) # According to the docs the only element that connects directly to nova compute # is nova scheduler # http://docs.openstack.org/developer/nova/nova.concepts.html#concept-system-architecture # config['FIREWALL_ALLOWED'] = "'%s'" % (config['CONFIG_NOVA_SCHED_HOST'].strip()) # config['FIREWALL_SERVICE_NAME'] = "nova compute" # config['FIREWALL_SERVICE_ID'] = "nova_compute" # config['FIREWALL_PORTS'] = "'5900-5999'" # config['FIREWALL_CHAIN'] = "INPUT" # manifestdata += getManifestTemplate("firewall.pp") manifestdata += "\n" + nova_config_options.getManifestEntry() appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate(get_mq(config, "sahara")) manifestdata += getManifestTemplate("sahara.pp") fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "sahara api" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer.pp") config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_NAME'] = 'ceilometer-api' config['FIREWALL_SERVICE_ID'] = 'ceilometer_api' config['FIREWALL_PORTS'] = "'8777'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' manifestdata += getManifestTemplate("firewall.pp") # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ironic")) manifestdata += getManifestTemplate("ironic.pp") fw_details = dict() key = "ironic-api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ironic-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['6385'] fw_details[key]['proto'] = "tcp" config['FIREWALL_IRONIC_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) config['FIREWALL_SERVICE_NAME'] = "glance" config['FIREWALL_PORTS'] = "'9292'" config['FIREWALL_CHAIN'] = "INPUT" config['FIREWALL_PROTOCOL'] = 'tcp' config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "glance_API" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def createmanifest(config): manifestfile = "%s_glance.pp" % controller.CONF['CONFIG_GLANCE_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate(get_mq(config, "glance_ceilometer")) config['FIREWALL_SERVICE_NAME'] = "glance" config['FIREWALL_PORTS'] = "'9292'" config['FIREWALL_CHAIN'] = "INPUT" if config['CONFIG_NOVA_INSTALL'] == 'y': for host in split_hosts(config['CONFIG_NOVA_COMPUTE_HOSTS']): config['FIREWALL_ALLOWED'] = "'%s'" % host config['FIREWALL_SERVICE_ID'] = "glance_%s" % host manifestdata += getManifestTemplate("firewall.pp") else: config['FIREWALL_ALLOWED'] = "'ALL'" config['FIREWALL_SERVICE_ID'] = "glance_ALL" manifestdata += getManifestTemplate("firewall.pp") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages): if (config['CONFIG_TROVE_NOVA_USER'] == 'admin' and config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_KEYSTONE_ADMIN_PW'] manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "trove")) manifestdata += getManifestTemplate('trove.pp') fw_details = dict() key = "trove" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "trove api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='trove')