Refactor map file to import role data only
The smallest piece of salt formula is state. In our formulas each
state is an abstraction of 'role' for example:
* controller (installs api services)
* volume (installs cinder-volume)
* client (installs cinder resources like volumes, snapshots)
Each state have its own API (the format of pillar it accepts). We would
like to keep pillar data unified and in long term automatically
validated. By importing anything non role-specific makes
unification/automatic validation hard to maintain.
This patch refactor map.jinja and cinder config file templates to import
only role specific data from map file.
Change-Id: I3550c27abb4dfa28743cc83a872b6101c2958e93
Related-Prod: PROD-16497
diff --git a/cinder/controller.sls b/cinder/controller.sls
index 79678de..34ff377 100644
--- a/cinder/controller.sls
+++ b/cinder/controller.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
{%- if controller.get('enabled', False) %}
{%- set user = controller %}
@@ -222,7 +222,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ controller.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
{%- endif %}
@@ -237,7 +237,7 @@
{%- else %}
file.exists:
- - name: {{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
{%- endif %}
diff --git a/cinder/files/mitaka/cinder.conf.controller.Debian b/cinder/files/mitaka/cinder.conf.controller.Debian
index 7451507..f7cf594 100644
--- a/cinder/files/mitaka/cinder.conf.controller.Debian
+++ b/cinder/files/mitaka/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -142,11 +142,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
rabbit_userid = {{ controller.message_queue.user }}
@@ -174,7 +170,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/mitaka/cinder.conf.volume.Debian b/cinder/files/mitaka/cinder.conf.volume.Debian
index 537d8bd..678dde0 100644
--- a/cinder/files/mitaka/cinder.conf.volume.Debian
+++ b/cinder/files/mitaka/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -127,11 +127,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
rabbit_userid = {{ volume.message_queue.user }}
@@ -159,7 +155,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/files/newton/cinder.conf.controller.Debian b/cinder/files/newton/cinder.conf.controller.Debian
index 2badf88..9508d32 100644
--- a/cinder/files/newton/cinder.conf.controller.Debian
+++ b/cinder/files/newton/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -151,11 +151,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
@@ -187,7 +183,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/newton/cinder.conf.volume.Debian b/cinder/files/newton/cinder.conf.volume.Debian
index d814522..53846d3 100644
--- a/cinder/files/newton/cinder.conf.volume.Debian
+++ b/cinder/files/newton/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -140,11 +140,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
[keystone_authtoken]
@@ -175,7 +171,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/files/ocata/cinder.conf.controller.Debian b/cinder/files/ocata/cinder.conf.controller.Debian
index 27febf4..9900510 100644
--- a/cinder/files/ocata/cinder.conf.controller.Debian
+++ b/cinder/files/ocata/cinder.conf.controller.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import controller, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import controller with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -151,11 +151,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if controller.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ controller.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ controller.message_queue.ssl.get('cacert_file', controller.cacert_file) }}
{%- endif %}
@@ -191,7 +187,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ controller.database.engine }}+pymysql://{{ controller.database.user }}:{{ controller.database.password }}@{{ controller.database.host }}/{{ controller.database.name }}?charset=utf8{%- if controller.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ controller.database.ssl.get('cacert_file', controller.cacert_file) }}{% endif %}
{%- if controller.backend is defined %}
diff --git a/cinder/files/ocata/cinder.conf.volume.Debian b/cinder/files/ocata/cinder.conf.volume.Debian
index b7dc395..3b7de33 100644
--- a/cinder/files/ocata/cinder.conf.volume.Debian
+++ b/cinder/files/ocata/cinder.conf.volume.Debian
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
[DEFAULT]
rootwrap_config = /etc/cinder/rootwrap.conf
@@ -140,11 +140,7 @@
kombu_ssl_version = TLSv1_2
{%- endif %}
-{%- if volume.message_queue.ssl.cacert_file is defined %}
-kombu_ssl_ca_certs = {{ volume.message_queue.ssl.cacert_file }}
-{%- else %}
-kombu_ssl_ca_certs={{ system_cacerts_file }}
-{%- endif %}
+kombu_ssl_ca_certs = {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
[keystone_authtoken]
@@ -179,7 +175,7 @@
max_pool_size=30
max_retries=-1
max_overflow=40
-connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}{% endif %}
+connection = {{ volume.database.engine }}+pymysql://{{ volume.database.user }}:{{ volume.database.password }}@{{ volume.database.host }}/{{ volume.database.name }}?charset=utf8{%- if volume.database.get('ssl',{}).get('enabled',False) %}&ssl_ca={{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}{% endif %}
{%- if volume.backend is defined %}
diff --git a/cinder/map.jinja b/cinder/map.jinja
index b8806e6..3922417 100644
--- a/cinder/map.jinja
+++ b/cinder/map.jinja
@@ -1,9 +1,12 @@
-{%- set system_cacerts_file = salt['grains.filter_by']({
- 'Debian': '/etc/ssl/certs/ca-certificates.crt',
- 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
-})%}
+{%- set default_params = {
+ 'cacert_file': salt['grains.filter_by']({
+ 'Debian': '/etc/ssl/certs/ca-certificates.crt',
+ 'RedHat': '/etc/pki/tls/certs/ca-bundle.crt'
+ })}
+%}
{% set controller = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['cinder-api', 'cinder-scheduler', 'lvm2', 'python-cinder', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-scheduler'],
@@ -13,8 +16,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -30,8 +33,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -39,9 +42,10 @@
}
},
-}, merge=pillar.cinder.get('controller', {})) %}
+}, merge=pillar.cinder.get('controller', {}), base='BaseDefaults') %}
{% set volume = salt['grains.filter_by']({
+ 'BaseDefaults': default_params,
'Debian': {
'pkgs': ['cinder-volume', 'lvm2', 'sysfsutils', 'sg3-utils', 'python-cinder','python-mysqldb','p7zip', 'gettext-base', 'python-memcache', 'python-pycadf'],
'services': ['cinder-volume'],
@@ -50,8 +54,8 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
@@ -67,15 +71,15 @@
'audit': {
'enabled': false
},
- 'cinder_uid': 304,
- 'cinder_gid': 304,
+ 'cinder_uid': 304,
+ 'cinder_gid': 304,
'backup': {
'pkgs': ['cinder-backup'],
'services': ['cinder-backup'],
'engine': None
}
},
-}, merge=pillar.cinder.get('volume', {})) %}
+}, merge=pillar.cinder.get('volume', {}), base='BaseDefaults') %}
{% set client = salt['grains.filter_by']({
'Debian': {
diff --git a/cinder/volume.sls b/cinder/volume.sls
index 383f0ba..4df74c7 100644
--- a/cinder/volume.sls
+++ b/cinder/volume.sls
@@ -1,4 +1,4 @@
-{%- from "cinder/map.jinja" import volume, system_cacerts_file with context %}
+{%- from "cinder/map.jinja" import volume with context %}
{%- if volume.enabled %}
{%- if not pillar.cinder.get('controller', {}).get('enabled', False) %}
@@ -32,7 +32,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ volume.message_queue.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ volume.message_queue.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
{%- endif %}
@@ -46,7 +46,7 @@
- makedirs: true
{%- else %}
file.exists:
- - name: {{ volume.database.ssl.get('cacert_file', system_cacerts_file) }}
+ - name: {{ volume.database.ssl.get('cacert_file', volume.cacert_file) }}
{%- endif %}
{%- endif %}