norcams · trondham · Sep 9, 2019
diff --git a/Puppetfile b/Puppetfile
@@ -164,6 +164,7 @@ mod 'keystone', :ref => '13.3.1',                   :git => github + 'openstack/
 mod 'swift', :ref => 'norcams/ocata',               :git => github + 'norcams/puppet-swift'
 mod 'ceilometer', :ref => '13.3.1',                 :git => github + 'openstack/puppet-ceilometer'
 mod 'designate', :ref => '13.3.1',                  :git => github + 'openstack/puppet-designate'
+mod 'mistral', :ref => '13.3.1',                    :git => github + 'openstack/puppet-mistral'
 
 mod 'oslo', :ref => '13.3.1',                       :git => github + 'openstack/puppet-oslo'
 mod 'openstacklib', :ref => '13.3.1',               :git => github + 'openstack/puppet-openstacklib'

diff --git a/Vagrantfile b/Vagrantfile
@@ -76,6 +76,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
         libvirt.nested = true
         libvirt.cpus   = n['cpus']
         libvirt.memory = n['memory']
+        libvirt.qemu_use_session = false
       end
 
       box.vm.provider :virtualbox do |vbox|

diff --git a/hieradata/common/common.yaml b/hieradata/common/common.yaml
@@ -234,6 +234,9 @@ endpoint__network__public:        "https://network.api.%{hiera('domain_public')}
 endpoint__designate__admin:       "http://dns.%{hiera('domain_trp')}:9001/"
 endpoint__designate__internal:    "http://dns.%{hiera('domain_trp')}:9001/"
 endpoint__designate__public:      "https://dns.api.%{hiera('domain_public')}:9001/"
+endpoint__mistral__admin:         "http://workflow.%{hiera('domain_trp')}:8989/v2"
+endpoint__mistral__internal:      "http://workflow.%{hiera('domain_trp')}:8989/v2"
+endpoint__mistral__public:        "https://workflow.api.%{hiera('domain_public')}:8989/v2"
 endpoint__metric__admin:          "http://metric.%{hiera('domain_trp')}:8041"
 endpoint__metric__internal:       "http://metric.%{hiera('domain_trp')}:8041"
 endpoint__metric__public:         "https://metric.api.%{hiera('domain_public')}:8041"
@@ -271,8 +274,11 @@ profile::network::services::dns_records:
     "%{::location}-image-02.%{hiera('domain_mgmt')}":       "%{hiera('netcfg_mgmt_net_c0')}.37"
     "%{::location}-image-03.%{hiera('domain_mgmt')}":       "%{hiera('netcfg_mgmt_net_c0')}.38"
     "%{::location}-dns-03.%{hiera('domain_mgmt')}":         "%{hiera('netcfg_mgmt_net_c0')}.39"
+    "%{::location}-workflow-01.%{hiera('domain_mgmt')}":    "%{hiera('netcfg_mgmt_net_c0')}.40"
     "%{::location}-db-global-01.%{hiera('domain_mgmt')}":   "%{hiera('netcfg_mgmt_net_c0')}.41"
     "%{::location}-db-regional-01.%{hiera('domain_mgmt')}": "%{hiera('netcfg_mgmt_net_c0')}.42"
+    "%{::location}-workflow-02.%{hiera('domain_mgmt')}":    "%{hiera('netcfg_mgmt_net_c0')}.44"
+    "%{::location}-workflow-03.%{hiera('domain_mgmt')}":    "%{hiera('netcfg_mgmt_net_c0')}.45"
     "%{::location}-volume-01.%{hiera('domain_mgmt')}":      "%{hiera('netcfg_mgmt_net_c0')}.46"
     "%{::location}-volume-02.%{hiera('domain_mgmt')}":      "%{hiera('netcfg_mgmt_net_c0')}.47"
     "%{::location}-access-01.%{hiera('domain_mgmt')}":      "%{hiera('netcfg_mgmt_net_c0')}.56"
@@ -413,6 +419,7 @@ profile::network::services::dns_records:
     "identity.%{hiera('domain_trp')}":                      "%{hiera('netcfg_trp_net_c0')}.86"
     "object.%{hiera('domain_trp')}":                        "%{hiera('netcfg_trp_net_c0')}.86"
     "metric.%{hiera('domain_trp')}":                        "%{hiera('netcfg_trp_net_c0')}.86"
+    "workflow.%{hiera('domain_trp')}":                      "%{hiera('netcfg_trp_net_c0')}.86"
   PTR:
     # mgmt
     "1.%{hiera('reverse_mgmt_c0')}":      "%{::location}-torack-01.%{hiera('domain_mgmt')}"
@@ -437,8 +444,11 @@ profile::network::services::dns_records:
     "37.%{hiera('reverse_mgmt_c0')}":     "%{::location}-image-02.%{hiera('domain_mgmt')}"
     "38.%{hiera('reverse_mgmt_c0')}":     "%{::location}-image-03.%{hiera('domain_mgmt')}"
     "39.%{hiera('reverse_mgmt_c0')}":     "%{::location}-dns-03.%{hiera('domain_mgmt')}"
+    "40.%{hiera('reverse_mgmt_c0')}":     "%{::location}-workflow-01.%{hiera('domain_mgmt')}"
     "41.%{hiera('reverse_mgmt_c0')}":     "%{::location}-db-01.%{hiera('domain_mgmt')}"
     "42.%{hiera('reverse_mgmt_c0')}":     "%{::location}-db-02.%{hiera('domain_mgmt')}"
+    "44.%{hiera('reverse_mgmt_c0')}":     "%{::location}-workflow-02.%{hiera('domain_mgmt')}"
+    "45.%{hiera('reverse_mgmt_c0')}":     "%{::location}-workflow-03.%{hiera('domain_mgmt')}"
     "46.%{hiera('reverse_mgmt_c0')}":     "%{::location}-volume-01.%{hiera('domain_mgmt')}"
     "47.%{hiera('reverse_mgmt_c0')}":     "%{::location}-volume-02.%{hiera('domain_mgmt')}"
     "51.%{hiera('reverse_mgmt_c0')}":     "%{::location}-dashboard-01.%{hiera('domain_mgmt')}"

diff --git a/hieradata/common/modules/mistral.yaml b/hieradata/common/modules/mistral.yaml
@@ -0,0 +1,84 @@
+---
+# Configuration for Mistral (Workflow service)
+#
+# Uses puppet-mistral:
+#   https://github.com/openstack/puppet-mistral
+
+#---------------------------------------------------------------------
+# Logging (manifests/logging.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+mistral::logging::use_syslog:  true
+mistral::logging::use_journal: true
+mistral::logging::use_json:    false
+
+#---------------------------------------------------------------------
+# RabbitMQ (manifests/init.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+mistral::default_transport_url:       "%{hiera('service__transport__url')}"
+mistral::notification_transport_url:  "%{hiera('service__transport__url')}"
+
+#---------------------------------------------------------------------
+# Authentication (manifests/keystone/auth.pp)
+#   - runs on the IDENTITY node
+#---------------------------------------------------------------------
+mistral::keystone::auth::region:       "%{::location}"
+mistral::keystone::auth::public_url:   "%{hiera('endpoint__mistral__public')}"
+mistral::keystone::auth::admin_url:    "%{hiera('endpoint__mistral__admin')}"
+mistral::keystone::auth::internal_url: "%{hiera('endpoint__mistral__internal')}"
+mistral::keystone::auth::password:     "%{hiera('mistral_api_password')}"
+
+#---------------------------------------------------------------------
+# Authentication tokens (manifests/keystone/authtoken.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+mistral::keystone::authtoken::password:             "%{hiera('mistral_api_password')}"
+mistral::keystone::authtoken::auth_url:             "%{hiera('endpoint__identity__admin')}"
+mistral::keystone::authtoken::www_authenticate_uri: "%{hiera('endpoint__identity__public')}"
+mistral::keystone::authtoken::memcached_servers:    '127.0.0.1'
+mistral::keystone::authtoken::region_name:          "%{::location}"
+
+#---------------------------------------------------------------------
+# Database (manifests/db.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+mistral::db::database_connection: "mysql+pymysql://mistral:%{hiera('mistral::db::mysql::password')}@%{hiera('service__address__db_regional')}/mistral"
+mistral::db::database_max_retries: "-1"
+
+# puppet-mistral needs this for some mysterious reason
+mistral::database_connection:  "%{hiera('mistral::db::database_connection')}"
+mistral::database_max_retries: "%{hiera('mistral::db::database_max_retries')}"
+
+#---------------------------------------------------------------------
+# Database MySQL (manifests/db/mysql.pp)
+#   - runs on the DB node
+#---------------------------------------------------------------------
+mistral::db::mysql::user:   "mistral"
+mistral::db::mysql::dbname: "mistral"
+mistral::db::mysql::allowed_hosts:
+  - "%{hiera('netcfg_trp_netpart')}.%"
+
+#---------------------------------------------------------------------
+# API (manifests/api.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+# use defaults
+
+#---------------------------------------------------------------------
+# Engine (manifests/engine.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+# use defaults
+
+#---------------------------------------------------------------------
+# Executor (manifests/executor.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+# use defaults
+
+#---------------------------------------------------------------------
+# Event Engine (manifests/event_engine.pp)
+#   - runs on the WORKFLOW node
+#---------------------------------------------------------------------
+# use defaults
diff --git a/hieradata/common/roles/api.yaml b/hieradata/common/roles/api.yaml
@@ -39,8 +39,8 @@ profile::base::network::manage_dummy:                               true
 profile::highavailability::loadbalancing::haproxy::manage_haproxy:  true
 profile::highavailability::loadbalancing::haproxy::manage_firewall: true
 profile::highavailability::loadbalancing::haproxy::firewall_ports:
-  public:    ['80', '443', '5000', '8041', '8774', '8776', '9292', '9696', '6080', '8080', '8778', '9001']
-  internal:  ['5000', '8041', '8774', '8776', '9292', '9696', '35357', '8080', '8778', '9001']
+  public:    ['80', '443', '5000', '8041', '8774', '8776', '9292', '9696', '6080', '8080', '8778', '9001', '8989']
+  internal:  ['5000', '8041', '8774', '8776', '9292', '9696', '35357', '8080', '8778', '9001', '8989']
   mgmt:      ['9000']
   limited:   []
 
@@ -84,6 +84,7 @@ profile::highavailability::loadbalancing::haproxy::haproxy_mapfile:
       - "image.api.%{hiera('domain_public')}:9292":         'bk_image'
       - "object.api.%{hiera('domain_public')}:8080":        'bk_object'
       - "dns.api.%{hiera('domain_public')}:9001":           'bk_dns'
+      - "workflow.api.%{hiera('domain_public')}:8989":      'bk_workflow'
       - "status.%{hiera('domain_frontend')}":               'bk_status'
       - "status-%{::location}.%{hiera('domain_frontend')}": 'bk_status'
       - "request.%{hiera('domain_frontend')}":              'bk_request'
@@ -104,6 +105,7 @@ profile::highavailability::loadbalancing::haproxy::haproxy_mapfile:
       - "volume.%{hiera('domain_trp')}:8776":           'bk_volume'
       - "image.%{hiera('domain_trp')}:9292":            'bk_image'
       - "dns.%{hiera('domain_trp')}:9001":              'bk_dns'
+      - "workflow.%{hiera('domain_trp')}:8989":         'bk_workflow'
       - "object.%{hiera('domain_trp')}:8080":           'bk_object'
 
 # HAproxy backends: public, internal and haproxy monitor
@@ -119,6 +121,7 @@ profile::highavailability::loadbalancing::haproxy::haproxy_frontends:
       "%{::ipaddress_public1}:9292":  ['ssl', 'crt', "%{hiera('star_api_ssl_pem')}"]
       "%{::ipaddress_public1}:9696":  ['ssl', 'crt', "%{hiera('star_api_ssl_pem')}"]
       "%{::ipaddress_public1}:9001":  ['ssl', 'crt', "%{hiera('star_api_ssl_pem')}"]
+      "%{::ipaddress_public1}:8989":  ['ssl', 'crt', "%{hiera('star_api_ssl_pem')}"]
       "%{::ipaddress_public1}:443":   ['ssl', 'crt', "%{hiera('status_ssl_pem')}"]
       "%{::ipaddress_public1}:80":    []
       "%{::ipaddress_public1}:6080":  ['ssl', 'crt', "%{hiera('console_ssl_pem')}"]
@@ -145,6 +148,7 @@ profile::highavailability::loadbalancing::haproxy::haproxy_frontends:
       "%{::ipaddress_trp1}:9696":  [] # neutron
       "%{::ipaddress_trp1}:8080":  [] # object
       "%{::ipaddress_trp1}:9001":  [] # designate
+      "%{::ipaddress_trp1}:8989":  [] # mistral
       "%{::ipaddress_trp1}:8778":  [] # placement
     options:
       - capture:        'request header Host len 64' #for debug
@@ -198,6 +202,11 @@ profile::highavailability::loadbalancing::haproxy::haproxy_backends:
       - option:       'httplog'
       - errorfile:    '503 /etc/haproxy/error.api.http'
       - balance:      'roundrobin'
+  bk_workflow:
+    options:
+      - option:       'httplog'
+      - errorfile:    '503 /etc/haproxy/error.api.http'
+      - balance:      'roundrobin'
   bk_object:
     options:
       - option:
@@ -245,6 +254,8 @@ status__backend__names:    ['%{::location}-status-01']
 status__backend__ips:      ["%{hiera('netcfg_trp_netpart')}.21"]
 dns__backend__names:       ['%{::location}-dns-01']
 dns__backend__ips:         ["%{hiera('netcfg_trp_netpart')}.34"]
+workflow__backend__names:  ['%{::location}-workflow-01']
+workflow__backend__ips:    ["%{hiera('netcfg_trp_netpart')}.40"]
 console__backend__names:   ['%{::location}-console-01']
 console__backend__ips:     ["%{hiera('netcfg_trp_netpart')}.61"]
 access__backend__names:    ['%{::location}-access-01']
@@ -313,6 +324,12 @@ profile::highavailability::loadbalancing::haproxy::haproxy_balancermembers:
     ipaddresses:        "%{alias('dns__backend__ips')}"
     ports:              '9001'
     options:            'check'
+  workflow:
+    listening_service:  'bk_workflow'
+    server_names:       "%{alias('workflow__backend__names')}"
+    ipaddresses:        "%{alias('workflow__backend__ips')}"
+    ports:              '8989'
+    options:            'check'
   console:
     listening_service:  'bk_console'
     server_names:       "%{alias('console__backend__names')}"
@@ -378,6 +395,10 @@ profile::base::selinux::ports:
     seltype:  'http_port_t'
     protocol: 'tcp'
     port:     9001
+  workflow-http:
+    seltype:  'http_port_t'
+    protocol: 'tcp'
+    port:     8989
 
 # Errorpage for api, not used for status!
 profile::highavailability::loadbalancing::haproxy::haproxy_errorpage:

diff --git a/hieradata/common/roles/dashboard.yaml b/hieradata/common/roles/dashboard.yaml
@@ -26,6 +26,10 @@ profile::openstack::dashboard::designate_packages:
   'python2-designateclient': {}
   'openstack-designate-ui': {}
 
+profile::openstack::dashboard::mistral_packages:
+  'python2-mistralclient': {}
+  'openstack-mistral-ui': {}
+
 profile::base::common::manage_cron:                                true
 profile::base::selinux::manage_selinux:                            true
 profile::base::network::manage_dummy:                              true

diff --git a/hieradata/common/roles/identity.yaml b/hieradata/common/roles/identity.yaml
@@ -19,6 +19,7 @@ profile::base::common::packages:
   'MariaDB-client': {}
   'openstack-selinux': {}
   'python2-designateclient': {}
+  'python2-mistralclient': {}
 
 memcached::max_memory: '40%'
 

diff --git a/hieradata/common/roles/workflow.yaml b/hieradata/common/roles/workflow.yaml
@@ -0,0 +1,39 @@
+---
+include:
+  default:
+    - profile::openstack::mistral
+    - profile::openstack::cache
+    - profile::logging::rsyslog::client
+    - profile::openstack::openrc
+
+# Username and password for the mistral service
+profile::openstack::openrc::password:     "%{hiera('mistral_api_password')}"
+profile::openstack::openrc::username:     'mistral'
+profile::openstack::openrc::project_name: 'services'
+
+# Set SELinux enforcing
+profile::base::selinux::manage_selinux: true
+
+# Add iptables rules
+profile::openstack::mistral::manage_firewall: true
+
+# Some extra packages we want installed
+profile::base::common::packages:
+  'python2-openstackclient': {}
+  'openstack-utils': {}
+  'openstack-selinux': {}
+  'patch': {}
+
+# Don't purge sudo stuff
+sudo::purge: false
+
+# Override repo "rdo-release"
+#openstack_version: 'rocky'
+
+# Enable extra yum repo
+profile::base::yumrepo::repo_hash:
+  rdo-release:
+    ensure: present
+
+# Make sure that memcached doesn't too much memory
+memcached::max_memory: '20%'
diff --git a/hieradata/nodes/test01/test01-workflow-01.yaml b/hieradata/nodes/test01/test01-workflow-01.yaml
@@ -0,0 +1,14 @@
+---
+network::interfaces_hash:
+  'eth0':
+    ipaddress: "%{hiera('netcfg_mgmt_netpart')}.40"
+    netmask:   "%{hiera('netcfg_mgmt_netmask')}"
+    gateway:   "%{hiera('netcfg_mgmt_gateway')}"
+    mtu:       '1500'
+    dns1:      "%{hiera('netcfg_dns_server1')}"
+    dns2:      "%{hiera('netcfg_dns_server2')}"
+  'eth1':
+    ipaddress: "%{hiera('netcfg_trp_netpart')}.40"
+    netmask:   "%{hiera('netcfg_trp_netmask')}"
+    defroute:  'no'
+    mtu:       '1500'
diff --git a/hieradata/nodes/test02/test02-workflow-01.yaml b/hieradata/nodes/test02/test02-workflow-01.yaml
@@ -0,0 +1,14 @@
+---
+network::interfaces_hash:
+  'eth0':
+    ipaddress: "%{hiera('netcfg_mgmt_netpart')}.40"
+    netmask:   "%{hiera('netcfg_mgmt_netmask')}"
+    gateway:   "%{hiera('netcfg_mgmt_gateway')}"
+    mtu:       '1500'
+    dns1:      "%{hiera('netcfg_dns_server1')}"
+    dns2:      "%{hiera('netcfg_dns_server2')}"
+  'eth1':
+    ipaddress: "%{hiera('netcfg_trp_netpart')}.40"
+    netmask:   "%{hiera('netcfg_trp_netmask')}"
+    defroute:  'no'
+    mtu:       '1500'
diff --git a/hieradata/nodes/vagrant/vagrant-workflow-01.yaml b/hieradata/nodes/vagrant/vagrant-workflow-01.yaml
@@ -0,0 +1,12 @@
+---
+network::interfaces_hash:
+  'eth1':
+    onboot:    'yes'
+    mtu:       '1500'
+    ipaddress: "%{hiera('netcfg_mgmt_netpart')}.40"
+    netmask:   "%{hiera('netcfg_mgmt_netmask')}"
+  'eth2':
+    onboot:    'yes'
+    mtu:       '1500'
+    ipaddress: "%{hiera('netcfg_trp_netpart')}.40"
+    netmask:   "%{hiera('netcfg_trp_netmask')}"
diff --git a/hieradata/vagrant/common.yaml b/hieradata/vagrant/common.yaml
@@ -162,6 +162,7 @@ profile::network::services::dns_records:
     "metric.api.%{hiera('domain_public')}":               "%{hiera('netcfg_public_netpart')}.250"
     "object.api.%{hiera('domain_public')}":               "%{hiera('netcfg_public_netpart')}.250"
     "dns.api.%{hiera('domain_public')}":                  "%{hiera('netcfg_public_netpart')}.250"
+    "workflow.api.%{hiera('domain_public')}":             "%{hiera('netcfg_public_netpart')}.250"
     "report.%{hiera('domain_frontend')}":                 "%{hiera('netcfg_public_netpart')}.250"
     "ns.%{hiera('domain_public')}":                       "%{hiera('netcfg_public_netpart')}.251"
     "resolver.%{hiera('domain_public')}":                 "%{hiera('netcfg_public_netpart')}.252"
@@ -203,6 +204,7 @@ gnocchi_api_password:                               'gnocchi_pass'
 ceilometer_api_password:                            'ceilometer_pass'
 access_api_password:                                'access_pass'
 designate_api_password:                             'designate_pass'
+mistral_api_password:                               'mistral_pass'
 radosgw_api_password:                               'radosgw_pass'
 
 # rabbitmq
@@ -252,6 +254,10 @@ nova_rabbit_password:                              'nova_quest'
 designate::db::mysql::password:                     'designate_pass'
 designate::rabbit_password:                         'guest'
 
+# mistral.yaml
+mistral::db::mysql::password:                       'mistral_pass'
+mistral::rabbit_password:                           'guest'
+
 # imagebuilder
 imagebuilder_password:                              'imagebuilder_pass'
 

diff --git a/hieradata/vagrant/modules/profile.yaml b/hieradata/vagrant/modules/profile.yaml
@@ -32,6 +32,11 @@ profile::openstack::identity::radosgw_enabled:        true
 profile::openstack::identity::designate_enabled:  true
 profile::openstack::dashboard::enable_designate:  true
 
+# Enable mistral in vagrant
+profile::openstack::identity::mistral_enabled:  true
+profile::openstack::dashboard::enable_mistral:  true
+profile::openstack::database::sql::mistral_enabled:  true
+
 # sensu
 sensu__memory__check:     "check-memory-percent.rb -w 90 -c 95"
 

diff --git a/nodes.yaml b/nodes.yaml
@@ -123,6 +123,7 @@ nodesets:
     - role:       "dashboard"
     - role:       "admin"
     - role:       "dns"
+    - role:       "workflow"
     - role:       "identity"
     - role:       "novactrl"
     - role:       "image"