Puppet Class: profile::cumin::cloud_master

Defined in:
modules/profile/manifests/cumin/cloud_master.pp

Summary

profile to manage cloud_cumin masters

Overview

SPDX-License-Identifier: Apache-2.0

Parameters:

  • datacenters (Array[String]) (defaults to: lookup('datacenters'))

    list of datacenters

  • kerberos_kadmin_host (Stdlib::Host) (defaults to: lookup('kerberos_kadmin_server_primary'))

    the host running kerberos kadmin

  • puppetdb_micro_host (Stdlib::Host) (defaults to: lookup('profile::cumin::cloud_master::puppetdb_micro_host'))

    the host running puppetdb-api micro service

  • puppetdb_micro_port (Stdlib::Port) (defaults to: lookup('profile::cumin::cloud_master::puppetdb_micro_port'))

    the port running puppetdb-api micro service

  • keystone_protocol (String) (defaults to: lookup('profile::openstack::base::keystone::auth_protocol'))
  • keystone_api_fqdn (Stdlib::Host) (defaults to: lookup('profile::cumin::cloud_master::keystone_api_fqdn'))
  • keystone_port (Stdlib::Port) (defaults to: lookup('profile::openstack::base::keystone::public_port'))
  • observer_username (String) (defaults to: lookup('profile::openstack::base::observer_user'))
  • observer_password (String) (defaults to: lookup('profile::openstack::main::observer_password'))
  • nova_dhcp_domain (Stdlib::Host) (defaults to: lookup('profile::cumin::cloud_master::nova_dhcp_domain'))
  • openstack_region (String) (defaults to: lookup('profile::cumin::cloud_master::openstack_region'))
  • cumin_connect_timeout (Integer) (defaults to: lookup('profile::cumin::master::connect_timeout', {'default_value' => 10}))


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# File 'modules/profile/manifests/cumin/cloud_master.pp', line 7

class profile::cumin::cloud_master (
    Array[String] $datacenters           = lookup('datacenters'),
    Stdlib::Host  $kerberos_kadmin_host  = lookup('kerberos_kadmin_server_primary'),
    String        $keystone_protocol     = lookup('profile::openstack::base::keystone::auth_protocol'),
    Stdlib::Host  $keystone_api_fqdn     = lookup('profile::cumin::cloud_master::keystone_api_fqdn'),
    Stdlib::Port  $keystone_port         = lookup('profile::openstack::base::keystone::public_port'),
    String        $observer_username     = lookup('profile::openstack::base::observer_user'),
    String        $observer_password     = lookup('profile::openstack::main::observer_password'),
    Stdlib::Host  $nova_dhcp_domain      = lookup('profile::cumin::cloud_master::nova_dhcp_domain'),
    String        $openstack_region      = lookup('profile::cumin::cloud_master::openstack_region'),
    Stdlib::Host  $puppetdb_micro_host   = lookup('profile::cumin::cloud_master::puppetdb_micro_host'),
    Stdlib::Port  $puppetdb_micro_port   = lookup('profile::cumin::cloud_master::puppetdb_micro_port'),
    Integer       $cumin_connect_timeout = lookup('profile::cumin::master::connect_timeout', {'default_value' => 10}),
) {
    include passwords::phabricator
    $with_openstack = true  # Used in the cumin/config.yaml.erb template
    $cumin_log_path = '/var/log/cumin'
    $ssh_config_path = '/etc/cumin/ssh_config'
    # Ensure to add FQDN of the current host also the first time the role is applied
    $cumin_masters = (wmflib::role::hosts('cluster::cloud_management') << $facts['networking']['fqdn']).sort.unique
    $mariadb_roles = Profile::Mariadb::Role
    $mariadb_sections = Profile::Mariadb::Valid_section
    $owners = profile::contacts::get_owners().values.flatten.unique
    $lvs_hosts = wmflib::service::get_lvs_class_hosts()

    keyholder::agent { 'cloud_cumin_master':
        trusted_groups => ['root'],
    }

    keyholder::agent { 'cumin_openstack_master':
        trusted_groups => ['root'],
    }

    ensure_packages([
        'clustershell',  # Installs nodeset CLI that is useful to mangle host lists.
        'cumin',
        'python3-dnspython',
        'python3-phabricator',
        'python3-requests',
        # Explicitely require cumin's suggested packages to enable OpenStack backend, bacause
        # --install-suggests would recursively install many more unwanted dependencies.
        'python3-keystoneauth1',
        'python3-keystoneclient',
        'python3-novaclient',
    ])

    file { $cumin_log_path:
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0750',
    }

    file { '/etc/cumin':
        ensure => directory,
        owner  => 'root',
        group  => 'root',
        mode   => '0755',
    }

    file { '/etc/cumin/config.yaml':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0640',
        content => template('profile/cumin/config.yaml.erb'),
    }

    file { '/etc/cumin/config-installer.yaml':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0640',
        content => template('profile/cumin/config-installer.yaml.erb'),
    }

    file { '/etc/cumin/aliases.yaml':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        content => template('profile/cumin/aliases.yaml.erb'),
    }

    file { $ssh_config_path:
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0640',
        content => template('profile/cumin/cloud_ssh_config.erb'),
    }

    class { 'phabricator::bot':
        username => 'ops-monitoring-bot',
        token    => $passwords::phabricator::ops_monitoring_bot_token,
        owner    => 'root',
        group    => 'root',
    }
}