def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_cinder.crt'
)
ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_cinder.key'
)
service = 'cinder'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_redis_manifest(config, messages):
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
redis_master_host = config['CONFIG_REDIS_MASTER_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host
else:
config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host
# master
manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST']
manifestdata = getManifestTemplate("redis.pp")
master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules(
master_clients, config['CONFIG_REDIS_PORT'])
manifestdata += createFirewallResources('FIREWALL_REDIS_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# slaves
if config['CONFIG_REDIS_HA'] == 'y':
for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']):
config['CONFIG_REDIS_HOST'] = slave
manifestfile = "%s_redis_slave.pp" % slave
manifestdata = getManifestTemplate("redis_slave.pp")
slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
config['FIREWALL_REDIS_SLAVE_RULES'] = (
_create_redis_firewall_rules(slave_clients,
config['CONFIG_REDIS_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_REDIS_SLAVE_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# sentinels
if config['CONFIG_REDIS_HA'] == 'y':
for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']):
manifestfile = "%s_redis_sentinel.pp" % sentinel
manifestdata = getManifestTemplate("redis_sentinel.pp")
config['FIREWALL_SENTINEL_RULES'] = (
_create_redis_firewall_rules(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']),
config['CONFIG_REDIS_SENTINEL_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_SENTINEL_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_redis_manifest(config, messages):
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
redis_master_host = config['CONFIG_REDIS_MASTER_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host
else:
config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host
# master
manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST']
manifestdata = getManifestTemplate("redis.pp")
master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules(
master_clients, config['CONFIG_REDIS_PORT'])
manifestdata += createFirewallResources('FIREWALL_REDIS_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# slaves
if config['CONFIG_REDIS_HA'] == 'y':
for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']):
config['CONFIG_REDIS_HOST'] = slave
manifestfile = "%s_redis_slave.pp" % slave
manifestdata = getManifestTemplate("redis_slave.pp")
slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union(
split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']))
config['FIREWALL_REDIS_SLAVE_RULES'] = (
_create_redis_firewall_rules(
slave_clients, config['CONFIG_REDIS_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_REDIS_SLAVE_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
# sentinels
if config['CONFIG_REDIS_HA'] == 'y':
for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']):
manifestfile = "%s_redis_sentinel.pp" % sentinel
manifestdata = getManifestTemplate("redis_sentinel.pp")
config['FIREWALL_SENTINEL_RULES'] = (
_create_redis_firewall_rules(
split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']),
config['CONFIG_REDIS_SENTINEL_PORT']))
manifestdata += createFirewallResources(
'FIREWALL_SENTINEL_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "cinder"))
manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("cinder")
for backend in config['CONFIG_CINDER_BACKEND']:
manifestdata += getManifestTemplate('cinder_%s' % backend)
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_ceilometer')
if config['CONFIG_SWIFT_INSTALL'] == 'y':
manifestdata += getManifestTemplate('cinder_backup')
fw_details = dict()
for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']):
if (config['CONFIG_NOVA_INSTALL'] == 'y' and
config['CONFIG_VMWARE_BACKEND'] == 'n'):
key = "cinder_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
else:
key = "cinder_all"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3260']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_RULES')
# cinder API should be open for everyone
fw_details = dict()
key = "cinder_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "cinder-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8776']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CINDER_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt')
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key')
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt')
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key')
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ironic.crt'
)
ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ironic.key'
)
service = 'ironic'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_api_manifest(config, messages):
# Since this step is running first, let's create necesary variables here
# and make them global
global compute_hosts, network_hosts
com_var = config.get("CONFIG_COMPUTE_HOSTS", "")
compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()])
net_var = config.get("CONFIG_NETWORK_HOSTS", "")
network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()])
# This is a hack around us needing to generate the neutron metadata
# password, but the nova puppet plugin uses the existence of that
# password to determine whether or not to configure neutron metadata
# proxy support. So the nova_api.pp template needs unquoted 'undef'
# to disable metadata support if neutron is not being installed.
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \
"%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api")
fw_details = dict()
key = "nova_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "nova api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate("keystone")
if config["CONFIG_IP_VERSION"] == "ipv6":
host = config["CONFIG_CONTROLLER_HOST"]
config["CONFIG_KEYSTONE_HOST_URL"] = "[%s]" % host
else:
config["CONFIG_KEYSTONE_HOST_URL"] = config["CONFIG_CONTROLLER_HOST"]
config["CONFIG_KEYSTONE_PUBLIC_URL"] = "http://%s:5000/%s" % (
config["CONFIG_KEYSTONE_HOST_URL"],
config["CONFIG_KEYSTONE_API_VERSION"],
)
config["CONFIG_KEYSTONE_ADMIN_URL"] = "http://%s:35357" % (config["CONFIG_KEYSTONE_HOST_URL"])
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "keystone"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["5000", "35357"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_KEYSTONE_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_KEYSTONE_RULES")
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
if config['CONFIG_IP_VERSION'] == 'ipv6':
host = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % (
config['CONFIG_KEYSTONE_HOST_URL'],
config['CONFIG_KEYSTONE_API_VERSION']
)
config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % (
config['CONFIG_KEYSTONE_HOST_URL']
)
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config["CONFIG_AMQP_ENABLE_SSL"] == "y":
ssl_host = config["CONFIG_CONTROLLER_HOST"]
ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt"
ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key"
service = "heat"
generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file)
manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8004"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
# Setting the default to 'swift' when Ironic is enabled
if config['CONFIG_IRONIC_INSTALL'] == 'y':
backend = 'swift'
config['CONFIG_GLANCE_BACKEND'] = backend
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_glance.crt'
)
ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_glance.key'
)
service = 'glance'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_trove.crt'
)
ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_trove.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'trove'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
manifestdata += getManifestTemplate("apache_ports")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt')
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
if config['CONFIG_IP_VERSION'] == 'ipv6':
host = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST']
config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % (
config['CONFIG_KEYSTONE_HOST_URL'],
config['CONFIG_KEYSTONE_API_VERSION']
)
config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % (
config['CONFIG_KEYSTONE_HOST_URL']
)
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_api_manifest(config, messages):
# Since this step is running first, let's create necesary variables here
# and make them global
global compute_hosts, network_hosts
com_var = config.get("CONFIG_COMPUTE_HOSTS", "")
compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()])
net_var = config.get("CONFIG_NETWORK_HOSTS", "")
network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()])
# This is a hack around us needing to generate the neutron metadata
# password, but the nova puppet plugin uses the existence of that
# password to determine whether or not to configure neutron metadata
# proxy support. So the nova_api.pp template needs unquoted 'undef'
# to disable metadata support if neutron is not being installed.
if config['CONFIG_NEUTRON_INSTALL'] != 'y':
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef'
else:
config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = "%s" % config['CONFIG_NEUTRON_METADATA_PW']
manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("nova_api")
fw_details = dict()
key = "nova_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "nova api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8773', '8774', '8775']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_NOVA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_SAHARA_HOST']
ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_sahara.crt'
)
ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_sahara.key'
)
service = 'sahara'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
manifestdata += getManifestTemplate('sahara_ceilometer')
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages):
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_CONTROLLER_HOST']
ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_heat.crt'
)
ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_heat.key'
)
service = 'heat'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat")
manifestdata += getManifestTemplate("keystone_heat")
fw_details = dict()
key = "heat"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8004']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "aodh"))
manifestdata += getManifestTemplate("aodh")
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_aodh.crt'
)
ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_aodh.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'aodh'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "aodh_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "aodh-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8042']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AODH_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AODH_RULES')
appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([sentinel_format %
(host, sentinel_port)
for host in sentinel_hosts
if host != sentinel_contact])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt'
)
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key'
)
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
# Determine if we need to configure multiple sentinel hosts as
# fallbacks for use in coordination url.
sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])
sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT']
sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % (
sentinel_host)
else:
config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host
sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST']
if len(sentinel_hosts) > 1:
sentinel_format = 'sentinel_fallback=%s:%s'
if config['CONFIG_IP_VERSION'] == 'ipv6':
sentinel_format = 'sentinel_fallback=[%s]:%s'
sentinel_fallbacks = '&'.join([
sentinel_format % (host, sentinel_port)
for host in sentinel_hosts if host != sentinel_contact
])
else:
sentinel_fallbacks = ''
config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_ceilometer.crt')
ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_ceilometer.key')
ssl_host = config['CONFIG_CONTROLLER_HOST']
service = 'ceilometer'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_dhcp_manifests(config, messages):
global network_hosts
plugin = config['CONFIG_NEUTRON_L2_PLUGIN']
for host in network_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
manifest_data = getManifestTemplate("neutron_dhcp_mtu.pp")
else:
manifest_data = getManifestTemplate("neutron_dhcp.pp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
fw_details = dict()
key = "neutron_dhcp_in_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp in"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['67']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPIN_RULES'
)
# Firewall Rules for dhcp out
fw_details = dict()
key = "neutron_dhcp_out_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp out"
fw_details[key]['chain'] = "OUTPUT"
fw_details[key]['ports'] = ['68']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPOUT_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_dhcp_manifests(config, messages):
global network_hosts
for host in network_hosts:
config["CONFIG_NEUTRON_DHCP_HOST"] = host
config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
if use_openvswitch_vxlan(config) or use_openvswitch_gre(config):
manifest_data = getManifestTemplate("neutron_dhcp_mtu")
else:
manifest_data = getManifestTemplate("neutron_dhcp")
manifest_file = "%s_neutron.pp" % (host,)
# Firewall Rules for dhcp in
fw_details = dict()
key = "neutron_dhcp_in_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp in"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['67']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPIN_RULES'
)
# Firewall Rules for dhcp out
fw_details = dict()
key = "neutron_dhcp_out_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "neutron dhcp out"
fw_details[key]['chain'] = "OUTPUT"
fw_details[key]['ports'] = ['68']
fw_details[key]['proto'] = "udp"
config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details
manifest_data += createFirewallResources(
'FIREWALL_NEUTRON_DHCPOUT_RULES'
)
appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_ENABLE_SSL'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y':
server.append(
"openssl req -batch -new -x509 -nodes -keyout %s "
"-out %s -days 1095"
% (config['CONFIG_AMQP_SSL_KEY_FILE'],
config['CONFIG_AMQP_SSL_CERT_FILE'])
)
server.execute()
else:
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_PORT'] = "5671"
config['CONFIG_AMQP_SSL_CERT_FILE'] = ''
config['CONFIG_AMQP_SSL_KEY_FILE'] = ''
config['CONFIG_AMQP_NSS_CERTDB_PW'] = ''
config['CONFIG_AMQP_ENABLE_SSL'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
config['CONFIG_AMQP_AUTH_USER'] = '******'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']
fw_details = dict()
# All hosts should be able to talk to amqp
for host in filtered_hosts(config, exclude=False):
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_MARIADB_INSTALL'] == 'y':
suffix = 'install'
host = config['CONFIG_MARIADB_HOST']
else:
suffix = 'noinstall'
host = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_MARIADB_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_MARIADB_HOST_URL'] = host
manifestfile = "%s_mariadb.pp" % host
manifestdata = [getManifestTemplate('mariadb_%s' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mariadb_%s_%s" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in [
'nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara', 'trove',
'ironic', 'manila'
]:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
if (config['CONFIG_GNOCCHI_INSTALL'] == 'y'
and config['CONFIG_CEILOMETER_INSTALL'] == 'y'):
append_for('gnocchi', suffix)
hosts = filtered_hosts(config, exclude=False, dbhost=True)
fw_details = dict()
for host in hosts:
key = "mariadb_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "mariadb"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3306']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MARIADB_RULES'] = fw_details
manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES'))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages):
manifestfile = "%s_gnocchi.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("gnocchi")
fw_details = dict()
key = "gnocchi_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "gnocchi-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8041']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GNOCCHI_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GNOCCHI_RULES')
appendManifestFile(manifestfile, manifestdata, 'gnocchi')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_manila.crt'
)
ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_manila.key'
)
service = 'manila'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
# Change these from text to Boolean values
boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS']
for key in [k for k in boolean_keys if k in config]:
if config[key].lower() == "true":
config[key] = True
elif config[key].lower() == "false":
config[key] = False
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
manifestdata += getManifestTemplate("manila_network.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_ENABLE_SSL'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y':
server.append("openssl req -batch -new -x509 -nodes -keyout %s "
"-out %s -days 1095" %
(config['CONFIG_AMQP_SSL_KEY_FILE'],
config['CONFIG_AMQP_SSL_CERT_FILE']))
server.execute()
else:
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_PORT'] = "5671"
config['CONFIG_AMQP_SSL_CERT_FILE'] = ''
config['CONFIG_AMQP_SSL_KEY_FILE'] = ''
config['CONFIG_AMQP_NSS_CERTDB_PW'] = ''
config['CONFIG_AMQP_ENABLE_SSL'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
config['CONFIG_AMQP_AUTH_USER'] = '******'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']
fw_details = dict()
# All hosts should be able to talk to amqp
for host in filtered_hosts(config, exclude=False):
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_UNSUPPORTED'] != 'y':
config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
ssl_host = config['CONFIG_STORAGE_HOST']
ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = (
'/etc/pki/tls/certs/ssl_amqp_manila.crt')
ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = (
'/etc/pki/tls/private/ssl_amqp_manila.key')
service = 'manila'
generate_ssl_cert(config, ssl_host, service, ssl_key_file,
ssl_cert_file)
# Change these from text to Boolean values
boolean_keys = [
'CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS',
'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'
]
for key in [k for k in boolean_keys if k in config]:
if config[key].lower() == "true":
config[key] = True
elif config[key].lower() == "false":
config[key] = False
manifestdata = getManifestTemplate(get_mq(config, "manila"))
manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST']
manifestdata += getManifestTemplate("manila.pp")
manifestdata += getManifestTemplate("manila_network.pp")
backends = config['CONFIG_MANILA_BACKEND']
for backend in backends:
manifestdata += getManifestTemplate('manila_%s.pp' % backend)
# manila API should be open for everyone
fw_details = dict()
key = "manila_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "manila-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8786']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MANILA_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_proxy")
fw_details = dict()
key = "swift_proxy"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "swift proxy"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8080']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate("keystone")
fw_details = dict()
key = "keystone"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "keystone"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5000', '35357']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_KEYSTONE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_mongodb_manifest(config, messages):
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb")
fw_details = dict()
key = "mongodb_server"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "mongodb-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['27017']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MONGODB_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_mongodb_manifest(config, messages):
manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST']
manifestdata = getManifestTemplate("mongodb.pp")
fw_details = dict()
key = "mongodb_server"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "mongodb-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['27017']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MONGODB_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_proxy_manifest(config, messages):
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_proxy")
fw_details = dict()
key = "swift_proxy"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "swift proxy"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8080']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_SSL_ENABLED'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
amqp_host = config['CONFIG_AMQP_HOST']
service = 'AMQP'
ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
config['CONFIG_SSL_CACERT']
)
generate_ssl_cert(config, amqp_host, service, ssl_key_file,
ssl_cert_file)
else:
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_ENABLED'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
config['CONFIG_AMQP_AUTH_USER'] = '******'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']
fw_details = dict()
# All hosts should be able to talk to amqp
for host in filtered_hosts(config, exclude=False):
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn.pp")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat cfn"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_redis_manifest(config, messages):
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_HOST']
manifestdata = getManifestTemplate("redis.pp")
fw_details = dict()
key = "redis_server"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "redis-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = config['CONFIG_REDIS_PORT']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_REDIS_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_REDIS_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_redis_manifest(config, messages):
if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis':
manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_HOST']
manifestdata = getManifestTemplate("redis.pp")
fw_details = dict()
key = "redis_server"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST']
fw_details[key]['service_name'] = "redis-server"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = config['CONFIG_REDIS_PORT']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_REDIS_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_REDIS_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "heat cfn"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8000']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_HEAT_CFN_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES')
appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages):
server = utils.ScriptRunner(config['CONFIG_AMQP_HOST'])
if config['CONFIG_AMQP_ENABLE_SSL'] == 'y':
config['CONFIG_AMQP_SSL_ENABLED'] = True
config['CONFIG_AMQP_PROTOCOL'] = 'ssl'
config['CONFIG_AMQP_CLIENTS_PORT'] = "5671"
amqp_host = config['CONFIG_AMQP_HOST']
service = 'AMQP'
ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key'
ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt'
cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = (
config['CONFIG_SSL_CACERT'])
generate_ssl_cert(config, amqp_host, service, ssl_key_file,
ssl_cert_file)
else:
# Set default values
config['CONFIG_AMQP_CLIENTS_PORT'] = "5672"
config['CONFIG_AMQP_SSL_ENABLED'] = False
config['CONFIG_AMQP_PROTOCOL'] = 'tcp'
if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n':
config['CONFIG_AMQP_AUTH_PASSWORD'] = '******'
config['CONFIG_AMQP_AUTH_USER'] = '******'
manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST']
manifestdata = getManifestTemplate('amqp')
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST']
else:
config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST']
fw_details = dict()
# All hosts should be able to talk to amqp
for host in filtered_hosts(config, exclude=False):
key = "amqp_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "amqp"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['5671', '5672']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_AMQP_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_AMQP_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate(get_mq(config, "sahara"))
manifestdata += getManifestTemplate("sahara.pp")
fw_details = dict()
key = "sahara-api"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "sahara api"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8386"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_SAHARA_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_cfn_manifest(config, messages):
manifestfile = "%s_heatcnf.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "heat"))
manifestdata += getManifestTemplate("heat_cfn")
fw_details = dict()
key = "heat_cfn"
fw_details.setdefault(key, {})
fw_details[key]["host"] = "ALL"
fw_details[key]["service_name"] = "heat cfn"
fw_details[key]["chain"] = "INPUT"
fw_details[key]["ports"] = ["8000"]
fw_details[key]["proto"] = "tcp"
config["FIREWALL_HEAT_CFN_RULES"] = fw_details
manifestdata += createFirewallResources("FIREWALL_HEAT_CFN_RULES")
appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages):
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ironic"))
manifestdata += getManifestTemplate("ironic.pp")
fw_details = dict()
key = "ironic-api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ironic-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6385']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_IRONIC_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES')
appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages):
if config['CONFIG_MARIADB_INSTALL'] == 'y':
suffix = 'install'
host = config['CONFIG_MARIADB_HOST']
else:
suffix = 'noinstall'
host = config['CONFIG_CONTROLLER_HOST']
if config['CONFIG_IP_VERSION'] == 'ipv6':
config['CONFIG_MARIADB_HOST_URL'] = "[%s]" % host
else:
config['CONFIG_MARIADB_HOST_URL'] = host
manifestfile = "%s_mariadb.pp" % host
manifestdata = [getManifestTemplate('mariadb_%s' % suffix)]
def append_for(module, suffix):
# Modules have to be appended to the existing mysql.pp
# otherwise pp will fail for some of them saying that
# Mysql::Config definition is missing.
template = "mariadb_%s_%s" % (module, suffix)
manifestdata.append(getManifestTemplate(template))
append_for("keystone", suffix)
for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara',
'trove', 'ironic', 'manila', 'gnocchi']:
if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y':
append_for(mod, suffix)
hosts = filtered_hosts(config, exclude=False, dbhost=True)
fw_details = dict()
for host in hosts:
key = "mariadb_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "mariadb"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['3306']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_MARIADB_RULES'] = fw_details
manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES'))
appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages):
manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("glance")
if config['CONFIG_CEILOMETER_INSTALL'] == 'y':
mq_template = get_mq(config, "glance_ceilometer")
manifestdata += getManifestTemplate(mq_template)
fw_details = dict()
key = "glance_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "glance"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['9292']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_GLANCE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages):
if (config['CONFIG_TROVE_NOVA_USER'] == 'admin' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_KEYSTONE_ADMIN_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages):
if (config['CONFIG_TROVE_NOVA_USER'] == 'admin' and
config['CONFIG_TROVE_NOVA_PW'] == ''):
config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_KEYSTONE_ADMIN_PW']
manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"]
manifestdata = getManifestTemplate(get_mq(config, "trove"))
manifestdata += getManifestTemplate('trove.pp')
fw_details = dict()
key = "trove"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "trove api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8779']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_TROVE_API_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES')
appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer.pp")
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages):
manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST']
manifestdata = getManifestTemplate(get_mq(config, "ceilometer"))
manifestdata += getManifestTemplate("ceilometer")
fw_details = dict()
key = "ceilometer_api"
fw_details.setdefault(key, {})
fw_details[key]['host'] = "ALL"
fw_details[key]['service_name'] = "ceilometer-api"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['8777']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_CEILOMETER_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES')
# Add a template that creates a group for nova because the ceilometer
# class needs it
if config['CONFIG_NOVA_INSTALL'] == 'n':
manifestdata += getManifestTemplate("ceilometer_nova_disabled")
appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_storage_manifest(config, messages):
global devices
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_storage")
# this need to happen once per storage device
for device in devices:
host = config['CONFIG_STORAGE_HOST']
devicename = device['device_name']
device = device['device']
fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"]
if device:
check_device(host, device)
manifestdata += ('\nswift::storage::%s { "%s":\n'
' device => "%s",\n}\n' %
(fstype, devicename, device))
else:
# create loopback device if none was specified
config['CONFIG_SWIFT_STORAGE_SEEK'] = get_storage_size(config)
manifestdata += "\n" + getManifestTemplate("swift_loopback")
# set allowed hosts for firewall
hosts = set([config['CONFIG_STORAGE_HOST']])
if config['CONFIG_NOVA_INSTALL'] == 'y':
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
fw_details = dict()
for host in hosts:
key = "swift_storage_and_rsync_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "swift storage and rsync"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6000', '6001', '6002', '873']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES')
appendManifestFile(manifestfile, manifestdata)
def create_storage_manifest(config, messages):
global devices
manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST']
manifestdata = getManifestTemplate("swift_storage")
# this need to happen once per storage device
for device in devices:
host = config['CONFIG_STORAGE_HOST']
devicename = device['device_name']
device = device['device']
fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"]
if device:
check_device(host, device)
manifestdata += ('\nswift::storage::%s { "%s":\n'
' device => "%s",\n}\n'
% (fstype, devicename, device))
else:
# create loopback device if none was specified
config['CONFIG_SWIFT_STORAGE_SEEK'] = get_storage_size(config)
manifestdata += "\n" + getManifestTemplate("swift_loopback")
# set allowed hosts for firewall
hosts = set([config['CONFIG_STORAGE_HOST']])
if config['CONFIG_NOVA_INSTALL'] == 'y':
hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS'])
fw_details = dict()
for host in hosts:
key = "swift_storage_and_rsync_%s" % host
fw_details.setdefault(key, {})
fw_details[key]['host'] = "%s" % host
fw_details[key]['service_name'] = "swift storage and rsync"
fw_details[key]['chain'] = "INPUT"
fw_details[key]['ports'] = ['6000', '6001', '6002', '873']
fw_details[key]['proto'] = "tcp"
config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details
manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES')
appendManifestFile(manifestfile, manifestdata)
