def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_CINDER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_cinder.crt' ) ssl_key_file = config['CONFIG_CINDER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_cinder.key' ) service = 'cinder' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder") for backend in config['CONFIG_CINDER_BACKEND']: manifestdata += getManifestTemplate('cinder_%s' % backend) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup') fw_details = dict() for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): key = "cinder_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host else: key = "cinder_all" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3260'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') # cinder API should be open for everyone fw_details = dict() key = "cinder_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8776'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_redis_manifest(config, messages): if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': redis_master_host = config['CONFIG_REDIS_MASTER_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host else: config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host # master manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST'] manifestdata = getManifestTemplate("redis.pp") master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules( master_clients, config['CONFIG_REDIS_PORT']) manifestdata += createFirewallResources('FIREWALL_REDIS_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') # slaves if config['CONFIG_REDIS_HA'] == 'y': for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']): config['CONFIG_REDIS_HOST'] = slave manifestfile = "%s_redis_slave.pp" % slave manifestdata = getManifestTemplate("redis_slave.pp") slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) config['FIREWALL_REDIS_SLAVE_RULES'] = ( _create_redis_firewall_rules(slave_clients, config['CONFIG_REDIS_PORT'])) manifestdata += createFirewallResources( 'FIREWALL_REDIS_SLAVE_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') # sentinels if config['CONFIG_REDIS_HA'] == 'y': for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']): manifestfile = "%s_redis_sentinel.pp" % sentinel manifestdata = getManifestTemplate("redis_sentinel.pp") config['FIREWALL_SENTINEL_RULES'] = ( _create_redis_firewall_rules( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']), config['CONFIG_REDIS_SENTINEL_PORT'])) manifestdata += createFirewallResources( 'FIREWALL_SENTINEL_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_redis_manifest(config, messages): if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': redis_master_host = config['CONFIG_REDIS_MASTER_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_MASTER_HOST_URL'] = "[%s]" % redis_master_host else: config['CONFIG_REDIS_MASTER_HOST_URL'] = redis_master_host # master manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_MASTER_HOST'] manifestdata = getManifestTemplate("redis.pp") master_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) config['FIREWALL_REDIS_RULES'] = _create_redis_firewall_rules( master_clients, config['CONFIG_REDIS_PORT']) manifestdata += createFirewallResources('FIREWALL_REDIS_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') # slaves if config['CONFIG_REDIS_HA'] == 'y': for slave in split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS']): config['CONFIG_REDIS_HOST'] = slave manifestfile = "%s_redis_slave.pp" % slave manifestdata = getManifestTemplate("redis_slave.pp") slave_clients = set([config['CONFIG_CONTROLLER_HOST']]).union( split_hosts(config['CONFIG_REDIS_SLAVE_HOSTS'])).union( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS'])) config['FIREWALL_REDIS_SLAVE_RULES'] = ( _create_redis_firewall_rules( slave_clients, config['CONFIG_REDIS_PORT'])) manifestdata += createFirewallResources( 'FIREWALL_REDIS_SLAVE_RULES') appendManifestFile(manifestfile, manifestdata, 'pre') # sentinels if config['CONFIG_REDIS_HA'] == 'y': for sentinel in split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']): manifestfile = "%s_redis_sentinel.pp" % sentinel manifestdata = getManifestTemplate("redis_sentinel.pp") config['FIREWALL_SENTINEL_RULES'] = ( _create_redis_firewall_rules( split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']), config['CONFIG_REDIS_SENTINEL_PORT'])) manifestdata += createFirewallResources( 'FIREWALL_SENTINEL_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "cinder")) manifestfile = "%s_cinder.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("cinder") for backend in config['CONFIG_CINDER_BACKEND']: manifestdata += getManifestTemplate('cinder_%s' % backend) if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_ceilometer') if config['CONFIG_SWIFT_INSTALL'] == 'y': manifestdata += getManifestTemplate('cinder_backup') fw_details = dict() for host in split_hosts(config['CONFIG_COMPUTE_HOSTS']): if (config['CONFIG_NOVA_INSTALL'] == 'y' and config['CONFIG_VMWARE_BACKEND'] == 'n'): key = "cinder_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host else: key = "cinder_all" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3260'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_RULES') # cinder API should be open for everyone fw_details = dict() key = "cinder_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "cinder-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8776'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CINDER_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CINDER_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_heat.crt') ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_heat.key') service = 'heat' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8004'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_glance.crt') ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_glance.key') service = 'glance' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_IRONIC_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ironic.crt' ) ssl_key_file = config['CONFIG_IRONIC_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ironic.key' ) service = 'ironic' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ironic")) manifestdata += getManifestTemplate("ironic.pp") fw_details = dict() key = "ironic-api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ironic-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['6385'] fw_details[key]['proto'] = "tcp" config['FIREWALL_IRONIC_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_api_manifest(config, messages): # Since this step is running first, let's create necesary variables here # and make them global global compute_hosts, network_hosts com_var = config.get("CONFIG_COMPUTE_HOSTS", "") compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()]) net_var = config.get("CONFIG_NETWORK_HOSTS", "") network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()]) # This is a hack around us needing to generate the neutron metadata # password, but the nova puppet plugin uses the existence of that # password to determine whether or not to configure neutron metadata # proxy support. So the nova_api.pp template needs unquoted 'undef' # to disable metadata support if neutron is not being installed. if config['CONFIG_NEUTRON_INSTALL'] != 'y': config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef' else: config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = \ "%s" % config['CONFIG_NEUTRON_METADATA_PW'] manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("nova_api") fw_details = dict() key = "nova_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "nova api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8773', '8774', '8775'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES') appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_keystone.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate("keystone") if config["CONFIG_IP_VERSION"] == "ipv6": host = config["CONFIG_CONTROLLER_HOST"] config["CONFIG_KEYSTONE_HOST_URL"] = "[%s]" % host else: config["CONFIG_KEYSTONE_HOST_URL"] = config["CONFIG_CONTROLLER_HOST"] config["CONFIG_KEYSTONE_PUBLIC_URL"] = "http://%s:5000/%s" % ( config["CONFIG_KEYSTONE_HOST_URL"], config["CONFIG_KEYSTONE_API_VERSION"], ) config["CONFIG_KEYSTONE_ADMIN_URL"] = "http://%s:35357" % (config["CONFIG_KEYSTONE_HOST_URL"]) fw_details = dict() key = "keystone" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "keystone" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["5000", "35357"] fw_details[key]["proto"] = "tcp" config["FIREWALL_KEYSTONE_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_KEYSTONE_RULES") appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone") if config['CONFIG_IP_VERSION'] == 'ipv6': host = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_KEYSTONE_HOST_URL'] = "[%s]" % host else: config['CONFIG_KEYSTONE_HOST_URL'] = config['CONFIG_CONTROLLER_HOST'] config['CONFIG_KEYSTONE_PUBLIC_URL'] = "http://%s:5000/%s" % ( config['CONFIG_KEYSTONE_HOST_URL'], config['CONFIG_KEYSTONE_API_VERSION'] ) config['CONFIG_KEYSTONE_ADMIN_URL'] = "http://%s:35357" % ( config['CONFIG_KEYSTONE_HOST_URL'] ) fw_details = dict() key = "keystone" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "keystone" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5000', '35357'] fw_details[key]['proto'] = "tcp" config['FIREWALL_KEYSTONE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config["CONFIG_AMQP_ENABLE_SSL"] == "y": ssl_host = config["CONFIG_CONTROLLER_HOST"] ssl_cert_file = config["CONFIG_HEAT_SSL_CERT"] = "/etc/pki/tls/certs/ssl_amqp_heat.crt" ssl_key_file = config["CONFIG_HEAT_SSL_KEY"] = "/etc/pki/tls/private/ssl_amqp_heat.key" service = "heat" generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "heat" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8004"] fw_details[key]["proto"] = "tcp" config["FIREWALL_HEAT_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_HEAT_RULES") appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] # Setting the default to 'swift' when Ironic is enabled if config['CONFIG_IRONIC_INSTALL'] == 'y': backend = 'swift' config['CONFIG_GLANCE_BACKEND'] = backend manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_GLANCE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_glance.crt' ) ssl_key_file = config['CONFIG_GLANCE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_glance.key' ) service = 'glance' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_TROVE_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_trove.crt' ) ssl_key_file = config['CONFIG_TROVE_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_trove.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'trove' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) if (config['CONFIG_TROVE_NOVA_USER'] == 'trove' and config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_TROVE_KS_PW'] manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "trove")) manifestdata += getManifestTemplate('trove.pp') fw_details = dict() key = "trove" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "trove api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages): manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "aodh")) manifestdata += getManifestTemplate("aodh") manifestdata += getManifestTemplate("apache_ports") if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt') ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_aodh.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'aodh' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "aodh_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "aodh-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AODH_RULES') appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_api_manifest(config, messages): # Since this step is running first, let's create necesary variables here # and make them global global compute_hosts, network_hosts com_var = config.get("CONFIG_COMPUTE_HOSTS", "") compute_hosts = set([i.strip() for i in com_var.split(",") if i.strip()]) net_var = config.get("CONFIG_NETWORK_HOSTS", "") network_hosts = set([i.strip() for i in net_var.split(",") if i.strip()]) # This is a hack around us needing to generate the neutron metadata # password, but the nova puppet plugin uses the existence of that # password to determine whether or not to configure neutron metadata # proxy support. So the nova_api.pp template needs unquoted 'undef' # to disable metadata support if neutron is not being installed. if config['CONFIG_NEUTRON_INSTALL'] != 'y': config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = 'undef' else: config['CONFIG_NEUTRON_METADATA_PW_UNQUOTED'] = "%s" % config['CONFIG_NEUTRON_METADATA_PW'] manifestfile = "%s_api_nova.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("nova_api") fw_details = dict() key = "nova_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "nova api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8773', '8774', '8775'] fw_details[key]['proto'] = "tcp" config['FIREWALL_NOVA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_NOVA_API_RULES') appendManifestFile(manifestfile, manifestdata, 'novaapi')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_SAHARA_HOST'] ssl_cert_file = config['CONFIG_SAHARA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_sahara.crt' ) ssl_key_file = config['CONFIG_SAHARA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_sahara.key' ) service = 'sahara' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate(get_mq(config, "sahara")) manifestdata += getManifestTemplate("sahara.pp") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': manifestdata += getManifestTemplate('sahara_ceilometer') fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "sahara api" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_manifest(config, messages): if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_CONTROLLER_HOST'] ssl_cert_file = config['CONFIG_HEAT_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_heat.crt' ) ssl_key_file = config['CONFIG_HEAT_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_heat.key' ) service = 'heat' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) manifestfile = "%s_heat.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat") manifestdata += getManifestTemplate("keystone_heat") fw_details = dict() key = "heat" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8004'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): manifestfile = "%s_aodh.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "aodh")) manifestdata += getManifestTemplate("aodh") if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_AODH_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_aodh.crt' ) ssl_key_file = config['CONFIG_AODH_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_aodh.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'aodh' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "aodh_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "aodh-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8042'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AODH_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AODH_RULES') appendManifestFile(manifestfile, manifestdata, 'aodh')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': # Determine if we need to configure multiple sentinel hosts as # fallbacks for use in coordination url. sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( sentinel_host) else: config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if len(sentinel_hosts) > 1: sentinel_format = 'sentinel_fallback=%s:%s' if config['CONFIG_IP_VERSION'] == 'ipv6': sentinel_format = 'sentinel_fallback=[%s]:%s' sentinel_fallbacks = '&'.join([sentinel_format % (host, sentinel_port) for host in sentinel_hosts if host != sentinel_contact]) else: sentinel_fallbacks = '' config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt' ) ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key' ) ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': # Determine if we need to configure multiple sentinel hosts as # fallbacks for use in coordination url. sentinel_hosts = split_hosts(config['CONFIG_REDIS_SENTINEL_HOSTS']) sentinel_port = config['CONFIG_REDIS_SENTINEL_PORT'] sentinel_host = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = "[%s]" % ( sentinel_host) else: config['CONFIG_REDIS_SENTINEL_CONTACT_HOST_URL'] = sentinel_host sentinel_contact = config['CONFIG_REDIS_SENTINEL_CONTACT_HOST'] if len(sentinel_hosts) > 1: sentinel_format = 'sentinel_fallback=%s:%s' if config['CONFIG_IP_VERSION'] == 'ipv6': sentinel_format = 'sentinel_fallback=[%s]:%s' sentinel_fallbacks = '&'.join([ sentinel_format % (host, sentinel_port) for host in sentinel_hosts if host != sentinel_contact ]) else: sentinel_fallbacks = '' config['CONFIG_REDIS_SENTINEL_FALLBACKS'] = sentinel_fallbacks if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_cert_file = config['CONFIG_CEILOMETER_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_ceilometer.crt') ssl_key_file = config['CONFIG_CEILOMETER_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_ceilometer.key') ssl_host = config['CONFIG_CONTROLLER_HOST'] service = 'ceilometer' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_dhcp_manifests(config, messages): global network_hosts plugin = config['CONFIG_NEUTRON_L2_PLUGIN'] for host in network_hosts: config["CONFIG_NEUTRON_DHCP_HOST"] = host config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config) if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): manifest_data = getManifestTemplate("neutron_dhcp_mtu.pp") else: manifest_data = getManifestTemplate("neutron_dhcp.pp") manifest_file = "%s_neutron.pp" % (host,) # Firewall Rules for dhcp in fw_details = dict() key = "neutron_dhcp_in_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron dhcp in" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['67'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_DHCPIN_RULES' ) # Firewall Rules for dhcp out fw_details = dict() key = "neutron_dhcp_out_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron dhcp out" fw_details[key]['chain'] = "OUTPUT" fw_details[key]['ports'] = ['68'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_DHCPOUT_RULES' ) appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_dhcp_manifests(config, messages): global network_hosts for host in network_hosts: config["CONFIG_NEUTRON_DHCP_HOST"] = host config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config) if use_openvswitch_vxlan(config) or use_openvswitch_gre(config): manifest_data = getManifestTemplate("neutron_dhcp_mtu") else: manifest_data = getManifestTemplate("neutron_dhcp") manifest_file = "%s_neutron.pp" % (host,) # Firewall Rules for dhcp in fw_details = dict() key = "neutron_dhcp_in_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron dhcp in" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['67'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPIN_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_DHCPIN_RULES' ) # Firewall Rules for dhcp out fw_details = dict() key = "neutron_dhcp_out_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "neutron dhcp out" fw_details[key]['chain'] = "OUTPUT" fw_details[key]['ports'] = ['68'] fw_details[key]['proto'] = "udp" config['FIREWALL_NEUTRON_DHCPOUT_RULES'] = fw_details manifest_data += createFirewallResources( 'FIREWALL_NEUTRON_DHCPOUT_RULES' ) appendManifestFile(manifest_file, manifest_data, 'neutron')
def create_manifest(config, messages): server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': config['CONFIG_AMQP_ENABLE_SSL'] = True config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y': server.append( "openssl req -batch -new -x509 -nodes -keyout %s " "-out %s -days 1095" % (config['CONFIG_AMQP_SSL_KEY_FILE'], config['CONFIG_AMQP_SSL_CERT_FILE']) ) server.execute() else: # Set default values config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_SSL_PORT'] = "5671" config['CONFIG_AMQP_SSL_CERT_FILE'] = '' config['CONFIG_AMQP_SSL_KEY_FILE'] = '' config['CONFIG_AMQP_NSS_CERTDB_PW'] = '' config['CONFIG_AMQP_ENABLE_SSL'] = False config['CONFIG_AMQP_PROTOCOL'] = 'tcp' if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': config['CONFIG_AMQP_AUTH_PASSWORD'] = '******' config['CONFIG_AMQP_AUTH_USER'] = '******' manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestdata = getManifestTemplate('amqp') if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST'] else: config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST'] fw_details = dict() # All hosts should be able to talk to amqp for host in filtered_hosts(config, exclude=False): key = "amqp_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "amqp" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5671', '5672'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AMQP_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_MARIADB_INSTALL'] == 'y': suffix = 'install' host = config['CONFIG_MARIADB_HOST'] else: suffix = 'noinstall' host = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_MARIADB_HOST_URL'] = "[%s]" % host else: config['CONFIG_MARIADB_HOST_URL'] = host manifestfile = "%s_mariadb.pp" % host manifestdata = [getManifestTemplate('mariadb_%s' % suffix)] def append_for(module, suffix): # Modules have to be appended to the existing mysql.pp # otherwise pp will fail for some of them saying that # Mysql::Config definition is missing. template = "mariadb_%s_%s" % (module, suffix) manifestdata.append(getManifestTemplate(template)) append_for("keystone", suffix) for mod in [ 'nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara', 'trove', 'ironic', 'manila' ]: if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y': append_for(mod, suffix) if (config['CONFIG_GNOCCHI_INSTALL'] == 'y' and config['CONFIG_CEILOMETER_INSTALL'] == 'y'): append_for('gnocchi', suffix) hosts = filtered_hosts(config, exclude=False, dbhost=True) fw_details = dict() for host in hosts: key = "mariadb_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "mariadb" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3306'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MARIADB_RULES'] = fw_details manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES')) appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages): manifestfile = "%s_gnocchi.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("gnocchi") fw_details = dict() key = "gnocchi_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "gnocchi-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8041'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GNOCCHI_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GNOCCHI_RULES') appendManifestFile(manifestfile, manifestdata, 'gnocchi')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_manila.crt' ) ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_manila.key' ) service = 'manila' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) # Change these from text to Boolean values boolean_keys = ['CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS', 'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS'] for key in [k for k in boolean_keys if k in config]: if config[key].lower() == "true": config[key] = True elif config[key].lower() == "false": config[key] = False manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") manifestdata += getManifestTemplate("manila_network.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_manifest(config, messages): server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': config['CONFIG_AMQP_ENABLE_SSL'] = True config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" if config['CONFIG_AMQP_SSL_SELF_SIGNED'] == 'y': server.append("openssl req -batch -new -x509 -nodes -keyout %s " "-out %s -days 1095" % (config['CONFIG_AMQP_SSL_KEY_FILE'], config['CONFIG_AMQP_SSL_CERT_FILE'])) server.execute() else: # Set default values config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_SSL_PORT'] = "5671" config['CONFIG_AMQP_SSL_CERT_FILE'] = '' config['CONFIG_AMQP_SSL_KEY_FILE'] = '' config['CONFIG_AMQP_NSS_CERTDB_PW'] = '' config['CONFIG_AMQP_ENABLE_SSL'] = False config['CONFIG_AMQP_PROTOCOL'] = 'tcp' if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': config['CONFIG_AMQP_AUTH_PASSWORD'] = '******' config['CONFIG_AMQP_AUTH_USER'] = '******' manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestdata = getManifestTemplate('amqp') if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST'] else: config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST'] fw_details = dict() # All hosts should be able to talk to amqp for host in filtered_hosts(config, exclude=False): key = "amqp_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "amqp" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5671', '5672'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AMQP_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_UNSUPPORTED'] != 'y': config['CONFIG_STORAGE_HOST'] = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': ssl_host = config['CONFIG_STORAGE_HOST'] ssl_cert_file = config['CONFIG_MANILA_SSL_CERT'] = ( '/etc/pki/tls/certs/ssl_amqp_manila.crt') ssl_key_file = config['CONFIG_MANILA_SSL_KEY'] = ( '/etc/pki/tls/private/ssl_amqp_manila.key') service = 'manila' generate_ssl_cert(config, ssl_host, service, ssl_key_file, ssl_cert_file) # Change these from text to Boolean values boolean_keys = [ 'CONFIG_MANILA_GENERIC_DRV_HANDLES_SHARE_SERVERS', 'CONFIG_MANILA_NETAPP_DRV_HANDLES_SHARE_SERVERS' ] for key in [k for k in boolean_keys if k in config]: if config[key].lower() == "true": config[key] = True elif config[key].lower() == "false": config[key] = False manifestdata = getManifestTemplate(get_mq(config, "manila")) manifestfile = "%s_manila.pp" % config['CONFIG_STORAGE_HOST'] manifestdata += getManifestTemplate("manila.pp") manifestdata += getManifestTemplate("manila_network.pp") backends = config['CONFIG_MANILA_BACKEND'] for backend in backends: manifestdata += getManifestTemplate('manila_%s.pp' % backend) # manila API should be open for everyone fw_details = dict() key = "manila_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "manila-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8786'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MANILA_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MANILA_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='manila')
def create_proxy_manifest(config, messages): manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("swift_proxy") fw_details = dict() key = "swift_proxy" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "swift proxy" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8080'] fw_details[key]['proto'] = "tcp" config['FIREWALL_SWIFT_PROXY_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_SWIFT_PROXY_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): manifestfile = "%s_keystone.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate("keystone") fw_details = dict() key = "keystone" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "keystone" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5000', '35357'] fw_details[key]['proto'] = "tcp" config['FIREWALL_KEYSTONE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_KEYSTONE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_mongodb_manifest(config, messages): manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST'] manifestdata = getManifestTemplate("mongodb") fw_details = dict() key = "mongodb_server" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "mongodb-server" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['27017'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MONGODB_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_mongodb_manifest(config, messages): manifestfile = "%s_mongodb.pp" % config['CONFIG_MONGODB_HOST'] manifestdata = getManifestTemplate("mongodb.pp") fw_details = dict() key = "mongodb_server" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "mongodb-server" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['27017'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MONGODB_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_MONGODB_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': config['CONFIG_AMQP_SSL_ENABLED'] = True config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" amqp_host = config['CONFIG_AMQP_HOST'] service = 'AMQP' ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key' ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt' cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = ( config['CONFIG_SSL_CACERT'] ) generate_ssl_cert(config, amqp_host, service, ssl_key_file, ssl_cert_file) else: # Set default values config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_SSL_ENABLED'] = False config['CONFIG_AMQP_PROTOCOL'] = 'tcp' if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': config['CONFIG_AMQP_AUTH_PASSWORD'] = '******' config['CONFIG_AMQP_AUTH_USER'] = '******' manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestdata = getManifestTemplate('amqp') if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST'] else: config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST'] fw_details = dict() # All hosts should be able to talk to amqp for host in filtered_hosts(config, exclude=False): key = "amqp_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "amqp" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5671', '5672'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AMQP_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn.pp") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat cfn" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8000'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CFN_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_redis_manifest(config, messages): if config['CONFIG_CEILOMETER_COORDINATION_BACKEND'] == 'redis': manifestfile = "%s_redis.pp" % config['CONFIG_REDIS_HOST'] manifestdata = getManifestTemplate("redis.pp") fw_details = dict() key = "redis_server" fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % config['CONFIG_CONTROLLER_HOST'] fw_details[key]['service_name'] = "redis-server" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = config['CONFIG_REDIS_PORT'] fw_details[key]['proto'] = "tcp" config['FIREWALL_REDIS_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_REDIS_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "heat cfn" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8000'] fw_details[key]['proto'] = "tcp" config['FIREWALL_HEAT_CFN_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_HEAT_CFN_RULES') appendManifestFile(manifestfile, manifestdata, marker='heat')
def create_manifest(config, messages): server = utils.ScriptRunner(config['CONFIG_AMQP_HOST']) if config['CONFIG_AMQP_ENABLE_SSL'] == 'y': config['CONFIG_AMQP_SSL_ENABLED'] = True config['CONFIG_AMQP_PROTOCOL'] = 'ssl' config['CONFIG_AMQP_CLIENTS_PORT'] = "5671" amqp_host = config['CONFIG_AMQP_HOST'] service = 'AMQP' ssl_key_file = '/etc/pki/tls/private/ssl_amqp.key' ssl_cert_file = '/etc/pki/tls/certs/ssl_amqp.crt' cacert = config['CONFIG_AMQP_SSL_CACERT_FILE'] = ( config['CONFIG_SSL_CACERT']) generate_ssl_cert(config, amqp_host, service, ssl_key_file, ssl_cert_file) else: # Set default values config['CONFIG_AMQP_CLIENTS_PORT'] = "5672" config['CONFIG_AMQP_SSL_ENABLED'] = False config['CONFIG_AMQP_PROTOCOL'] = 'tcp' if config['CONFIG_AMQP_ENABLE_AUTH'] == 'n': config['CONFIG_AMQP_AUTH_PASSWORD'] = '******' config['CONFIG_AMQP_AUTH_USER'] = '******' manifestfile = "%s_amqp.pp" % config['CONFIG_AMQP_HOST'] manifestdata = getManifestTemplate('amqp') if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_AMQP_HOST_URL'] = "[%s]" % config['CONFIG_AMQP_HOST'] else: config['CONFIG_AMQP_HOST_URL'] = config['CONFIG_AMQP_HOST'] fw_details = dict() # All hosts should be able to talk to amqp for host in filtered_hosts(config, exclude=False): key = "amqp_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "amqp" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['5671', '5672'] fw_details[key]['proto'] = "tcp" config['FIREWALL_AMQP_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_AMQP_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): manifestfile = "%s_sahara.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate(get_mq(config, "sahara")) manifestdata += getManifestTemplate("sahara.pp") fw_details = dict() key = "sahara-api" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "sahara api" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8386"] fw_details[key]["proto"] = "tcp" config["FIREWALL_SAHARA_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_SAHARA_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker='sahara')
def create_cfn_manifest(config, messages): manifestfile = "%s_heatcnf.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "heat")) manifestdata += getManifestTemplate("heat_cfn") fw_details = dict() key = "heat_cfn" fw_details.setdefault(key, {}) fw_details[key]["host"] = "ALL" fw_details[key]["service_name"] = "heat cfn" fw_details[key]["chain"] = "INPUT" fw_details[key]["ports"] = ["8000"] fw_details[key]["proto"] = "tcp" config["FIREWALL_HEAT_CFN_RULES"] = fw_details manifestdata += createFirewallResources("FIREWALL_HEAT_CFN_RULES") appendManifestFile(manifestfile, manifestdata, marker="heat")
def create_manifest(config, messages): manifestfile = "%s_ironic.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ironic")) manifestdata += getManifestTemplate("ironic.pp") fw_details = dict() key = "ironic-api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ironic-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['6385'] fw_details[key]['proto'] = "tcp" config['FIREWALL_IRONIC_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_IRONIC_API_RULES') appendManifestFile(manifestfile, manifestdata, 'pre')
def create_manifest(config, messages): if config['CONFIG_MARIADB_INSTALL'] == 'y': suffix = 'install' host = config['CONFIG_MARIADB_HOST'] else: suffix = 'noinstall' host = config['CONFIG_CONTROLLER_HOST'] if config['CONFIG_IP_VERSION'] == 'ipv6': config['CONFIG_MARIADB_HOST_URL'] = "[%s]" % host else: config['CONFIG_MARIADB_HOST_URL'] = host manifestfile = "%s_mariadb.pp" % host manifestdata = [getManifestTemplate('mariadb_%s' % suffix)] def append_for(module, suffix): # Modules have to be appended to the existing mysql.pp # otherwise pp will fail for some of them saying that # Mysql::Config definition is missing. template = "mariadb_%s_%s" % (module, suffix) manifestdata.append(getManifestTemplate(template)) append_for("keystone", suffix) for mod in ['nova', 'cinder', 'glance', 'neutron', 'heat', 'sahara', 'trove', 'ironic', 'manila', 'gnocchi']: if config['CONFIG_%s_INSTALL' % mod.upper()] == 'y': append_for(mod, suffix) hosts = filtered_hosts(config, exclude=False, dbhost=True) fw_details = dict() for host in hosts: key = "mariadb_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "mariadb" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['3306'] fw_details[key]['proto'] = "tcp" config['FIREWALL_MARIADB_RULES'] = fw_details manifestdata.append(createFirewallResources('FIREWALL_MARIADB_RULES')) appendManifestFile(manifestfile, "\n".join(manifestdata), 'pre')
def create_manifest(config, messages): manifestfile = "%s_glance.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("glance") if config['CONFIG_CEILOMETER_INSTALL'] == 'y': mq_template = get_mq(config, "glance_ceilometer") manifestdata += getManifestTemplate(mq_template) fw_details = dict() key = "glance_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "glance" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['9292'] fw_details[key]['proto'] = "tcp" config['FIREWALL_GLANCE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_GLANCE_RULES') appendManifestFile(manifestfile, manifestdata)
def create_manifest(config, messages): if (config['CONFIG_TROVE_NOVA_USER'] == 'admin' and config['CONFIG_TROVE_NOVA_PW'] == ''): config['CONFIG_TROVE_NOVA_PW'] = config['CONFIG_KEYSTONE_ADMIN_PW'] manifestfile = "%s_trove.pp" % config["CONFIG_CONTROLLER_HOST"] manifestdata = getManifestTemplate(get_mq(config, "trove")) manifestdata += getManifestTemplate('trove.pp') fw_details = dict() key = "trove" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "trove api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8779'] fw_details[key]['proto'] = "tcp" config['FIREWALL_TROVE_API_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_TROVE_API_RULES') appendManifestFile(manifestfile, manifestdata, marker='trove')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer.pp") fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled.pp") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_manifest(config, messages): manifestfile = "%s_ceilometer.pp" % config['CONFIG_CONTROLLER_HOST'] manifestdata = getManifestTemplate(get_mq(config, "ceilometer")) manifestdata += getManifestTemplate("ceilometer") fw_details = dict() key = "ceilometer_api" fw_details.setdefault(key, {}) fw_details[key]['host'] = "ALL" fw_details[key]['service_name'] = "ceilometer-api" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['8777'] fw_details[key]['proto'] = "tcp" config['FIREWALL_CEILOMETER_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_CEILOMETER_RULES') # Add a template that creates a group for nova because the ceilometer # class needs it if config['CONFIG_NOVA_INSTALL'] == 'n': manifestdata += getManifestTemplate("ceilometer_nova_disabled") appendManifestFile(manifestfile, manifestdata, 'ceilometer')
def create_storage_manifest(config, messages): global devices manifestfile = "%s_swift.pp" % config['CONFIG_STORAGE_HOST'] manifestdata = getManifestTemplate("swift_storage") # this need to happen once per storage device for device in devices: host = config['CONFIG_STORAGE_HOST'] devicename = device['device_name'] device = device['device'] fstype = config["CONFIG_SWIFT_STORAGE_FSTYPE"] if device: check_device(host, device) manifestdata += ('\nswift::storage::%s { "%s":\n' ' device => "%s",\n}\n' % (fstype, devicename, device)) else: # create loopback device if none was specified config['CONFIG_SWIFT_STORAGE_SEEK'] = get_storage_size(config) manifestdata += "\n" + getManifestTemplate("swift_loopback") # set allowed hosts for firewall hosts = set([config['CONFIG_STORAGE_HOST']]) if config['CONFIG_NOVA_INSTALL'] == 'y': hosts |= split_hosts(config['CONFIG_COMPUTE_HOSTS']) fw_details = dict() for host in hosts: key = "swift_storage_and_rsync_%s" % host fw_details.setdefault(key, {}) fw_details[key]['host'] = "%s" % host fw_details[key]['service_name'] = "swift storage and rsync" fw_details[key]['chain'] = "INPUT" fw_details[key]['ports'] = ['6000', '6001', '6002', '873'] fw_details[key]['proto'] = "tcp" config['FIREWALL_SWIFT_STORAGE_RULES'] = fw_details manifestdata += createFirewallResources('FIREWALL_SWIFT_STORAGE_RULES') appendManifestFile(manifestfile, manifestdata)