From a795b59c0465d84b70eea6a64371863e7aa01d85 Mon Sep 17 00:00:00 2001 From: Tony Hansen Date: Fri, 29 Sep 2017 01:15:29 +0000 Subject: update pgaas blueprints DO NOT MERGE YET update the blueprints Change-Id: Iabadee34fd308a79945f5d2c6c93a0a627aa0640 Signed-off-by: Tony Hansen Issue-id: DCAEGEN2-49 Signed-off-by: Tony Hansen --- blueprints/pgaas-cluster.yaml-template | 444 +++++++++++++++++++++++++++++++ blueprints/pgaas-database.yaml-template | 65 +++++ blueprints/pgaas-disk.yaml-template | 120 +++++++++ blueprints/pgaas-getdbinfo.yaml-template | 74 ++++++ blueprints/pgaas.yaml-template | 421 +++++++++++++++++++++++++++++ 5 files changed, 1124 insertions(+) create mode 100644 blueprints/pgaas-cluster.yaml-template create mode 100644 blueprints/pgaas-database.yaml-template create mode 100644 blueprints/pgaas-disk.yaml-template create mode 100644 blueprints/pgaas-getdbinfo.yaml-template create mode 100644 blueprints/pgaas.yaml-template (limited to 'blueprints') diff --git a/blueprints/pgaas-cluster.yaml-template b/blueprints/pgaas-cluster.yaml-template new file mode 100644 index 0000000..520def7 --- /dev/null +++ b/blueprints/pgaas-cluster.yaml-template @@ -0,0 +1,444 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: + +# TODO +# add consul registration + +# ============LICENSE_START==================================================== +# org.onap.dcae +# ============================================================================= +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END====================================================== + +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This blueprint is used to install and to uninstall a central postgres as a platform service. + This blueprint depends upon the deployment of the pgaas_plugin, the PGaaS Cinder volume, and Consul. + This blueprint is part of a suite of three blueprints that allow a PGaaS + cluster to be created that has persistent databases stored in Cinder. + pgaas-disk allocates the cinder volumes. It must be run first. + pgaas-cluster creates the PG service and attaches the cinder volumes. It must be run second. + pgaas-database creates a database. It must be run third, for each persistent database. + If the cluster is uninstalled, the persistent databases are unaffected. + If a database blueprint is uninstalled, the persistent database goes away. + If the disk blueprint is uninstalled, all persistent databases go away, along with the server instance. + +imports: + - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml + - http://www.getcloudify.org/spec/openstack-plugin/1.4/plugin.yaml + - http://www.getcloudify.org/spec/fabric-plugin/1.4.1/plugin.yaml + + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/relationship/1.0.0/node-type.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/pgaas_plugin/1.0.0/pgaas_types.yaml + +inputs: + # environment info + blueprint_version: + type: string + default: 'VERSION-STAMP-GOES-HERE' + flavor_id: + type: string + key_filename: + type: string + keypair: + type: string + location_domain: + type: string + location_prefix: + type: string + openstack: {} + private_net: + type: string + public_net: + type: string + security_group: + type: string + ubuntu1604image_id: + type: string + + # pgaas-specific info + pgaas_cluster_name: + type: string + default: pgcl + + vm_init_pgrs: + type: string + default: | + #!/bin/sh + echo All output will be found in /tmp/ins.out and /tmp/ins.err + exec > /tmp/ins.out 2> /tmp/ins.err + set -x + if [ "$(dnsdomainname 2>/dev/null)" = "" ] + then + echo WARNING WARNING WARNING + echo The DNS DHCP settings did not work properly. + exit 1 + fi + + CONFDIR=/var/config/DCAE/chef/ + mkdir -p $CONFDIR + + CONF=$CONFDIR/pgaas-postgres.conf + cat < $CONF + master: ${MASTER%%.*} + secondmaster: notused + DRTR_NODE_KSTOREFILE: /opt/app/dcae-certificate/keystore.jks + DRTR_NODE_KSTOREPASS: "No Certificate" + DRTR_NODE_PVTKEYPASS: "No Certificate" + PG_NODES: $PG_NODES + PG_JAVA_HOME : /opt/app/java/jdk/jdk170 + PG_CLUSTER: central + EOF + + apt-get update + + # invoking apt-get separately allows a failure to be ignored + for i in openjdk-7-jdk openjdk-8-jdk python-pip python3-pip curl gawk; do apt-get install -y $i;done + pip install pyyaml + + # prevent servers from starting + echo "exit 101" > /usr/sbin/policy-rc.d; chmod a+x /usr/sbin/policy-rc.d + + # invoking apt-get separately allows a failure to be ignored + for i in postgresql libpq5 repmgr python-psycopg2 python3-psycopg2 libgetopt-java; do apt-get install -y $i; done + + # allow servers to autostart again + rm -f /usr/sbin/policy-rc.d + + ( umask 077; sed 's/^/*:*:*:postgres:/' < /root/.pgrspw > ~postgres/.pgpass; chown postgres:postgres ~postgres/.pgpass ) + + if [ ! -f $CONF ] + then echo "$CONF does not exist" 1>&2; exit 1 + fi + + echo Look in /tmp/pgaas.out for output from installing PGaaS + NEXUS={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform }}/debs + for pkg in cdf_17.10.0-LATEST.deb pgaas_17.10.0-LATEST.deb + do + OUT=/tmp/$pkg + curl -s -k -f -o $OUT $NEXUS/$pkg + dpkg --install $OUT + done + + case $(hostname) in + do + *00 ) WRITE=-write ;; + *01 ) WRITE= ;; + esac + curl -v -X PUT -H "Content-Type: application/json" "http://${LOCATION_PREFIX}cnsl00.${LOCATION_DOMAIN}:8500/v1/agent/service/register" -d '{"name" : "${CLUSTER_NAME}${WRITE}", "Address" : "${LOCAL_IP}", "Port" : 5432}" + + echo ALL DONE + +node_templates: + key_pair: + type: cloudify.openstack.nodes.KeyPair + properties: + private_key_path: { get_input: key_filename } + use_external_resource: True + resource_id: { get_input: keypair } + openstack_config: &open_conf + get_input: openstack + private_net: + type: cloudify.openstack.nodes.Network + properties: + use_external_resource: True + resource_id: { get_input: private_net } + openstack_config: *open_conf + security_group: + type: cloudify.openstack.nodes.SecurityGroup + properties: + use_external_resource: True + resource_id: { get_input: security_group } + openstack_config: *open_conf + + fixedip_pgrs00: + type: cloudify.openstack.nodes.Port + properties: + port: + extra_dhcp_opts: + - opt_name: 'domain-name' + opt_value: { get_input: location_domain } + openstack_config: *open_conf + relationships: + - type: cloudify.relationships.contained_in + target: private_net + floatingip_pgrs00: + type: cloudify.openstack.nodes.FloatingIP + properties: + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + floating_network_name: { get_input: public_net } + dns_pgrs00: + type: dcae.nodes.dns.arecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + ip_addresses: + - { get_attribute: [ floatingip_pgrs00, floating_ip_address ] } + relationships: + - type: cloudify.relationships.depends_on + target: floatingip_pgrs00 + host_pgrs00: + type: cloudify.openstack.nodes.Server + properties: + install_agent: false + image: { get_input: ubuntu1604image_id } + flavor: { get_input: flavor_id } + management_network_name: { get_input: private_net } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + name: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00' ] } + userdata: + concat: + - |- + #!/bin/sh + mkdir /root/.sshkey + echo ' + - { get_attribute: [ pgaas_cluster, public ] } + - |- + ' >/root/.sshkey/id_rsa.pub + echo ' + - { get_attribute: [ pgaas_cluster, base64private ] } + - |- + ' | base64 -d >/root/.sshkey/id_rsa + chmod 700 /root/.sshkey + chmod 600 /root/.sshkey/* + ( umask 077; echo -n postgres | cat - /root/.sshkey/id_rsa | md5sum | awk '{ print $1 }' > /root/.pgrspw ) + set -x + - "\n" + - "CLUSTER_NAME='" + - { get_input: pgaas_cluster_name } + - "'\n" + - "LOCATION_PREFIX='" + - { get_input: location_prefix } + - "'\n" + - "LOCATION_DOMAIN='" + - { get_input: location_domain } + - "'\n" + - "MASTER='" + - { get_property: [ dns_pgrs00, fqdn ] } + - "'\n" + - "LOCAL_IP='" + - { get_attribute: [ host_pgrs00, ip ] } + - "'\n" + - "PG_NODES='" + - { get_property: [ dns_pgrs00, fqdn ] } + - '|' + - { get_property: [ dns_pgrs01, fqdn ] } + - "'\n" + - { get_input: vm_init_pgrs } + relationships: + - type: cloudify.openstack.server_connected_to_port + target: fixedip_pgrs00 + - type: cloudify.openstack.server_connected_to_security_group + target: security_group + - type: cloudify.openstack.server_connected_to_floating_ip + target: floatingip_pgrs00 + - type: cloudify.openstack.server_connected_to_keypair + target: key_pair + - type: cloudify.relationships.depends_on + target: dns_pgrs00 + - type: cloudify.relationships.depends_on + target: pgaas_cluster + fixedip_pgrs01: + type: cloudify.openstack.nodes.Port + properties: + port: + extra_dhcp_opts: + - opt_name: 'domain-name' + opt_value: { get_input: location_domain } + openstack_config: *open_conf + relationships: + - type: cloudify.relationships.contained_in + target: private_net + floatingip_pgrs01: + type: cloudify.openstack.nodes.FloatingIP + properties: + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + floating_network_name: { get_input: public_net } + dns_pgrs01: + type: dcae.nodes.dns.arecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + ip_addresses: + - { get_attribute: [ floatingip_pgrs01, floating_ip_address ] } + relationships: + - type: cloudify.relationships.depends_on + target: floatingip_pgrs01 + host_pgrs01: + type: cloudify.openstack.nodes.Server + properties: + install_agent: false + image: { get_input: ubuntu1604image_id } + flavor: { get_input: flavor_id } + management_network_name: { get_input: private_net } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + name: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01' ] } + userdata: + concat: + - |- + #!/bin/sh + mkdir /root/.sshkey + echo ' + - { get_attribute: [ pgaas_cluster, public ] } + - |- + ' >/root/.sshkey/id_rsa.pub + echo ' + - { get_attribute: [ pgaas_cluster, base64private ] } + - |- + ' | base64 -d >/root/.sshkey/id_rsa + chmod 700 /root/.sshkey + chmod 600 /root/.sshkey/* + ( umask 077; echo -n postgres | cat - /root/.sshkey/id_rsa | md5sum | awk '{ print $1 }' > /root/.pgrspw ) + set -x + - "\n" + - "CLUSTER_NAME='" + - { get_input: pgaas_cluster_name } + - "'\n" + - "LOCATION_PREFIX='" + - { get_input: location_prefix } + - "'\n" + - "LOCATION_DOMAIN='" + - { get_input: location_domain } + - "'\n" + - "MASTER='" + - { get_property: [ dns_pgrs00, fqdn ] } + - "'\n" + - "LOCAL_IP='" + - { get_attribute: [ host_pgrs01, ip ] } + - "'\n" + - "PG_NODES='" + - { get_property: [ dns_pgrs00, fqdn ] } + - '|' + - { get_property: [ dns_pgrs01, fqdn ] } + - "'\n" + - { get_input: vm_init_pgrs } + relationships: + - type: cloudify.openstack.server_connected_to_port + target: fixedip_pgrs01 + - type: cloudify.openstack.server_connected_to_security_group + target: security_group + - type: cloudify.openstack.server_connected_to_floating_ip + target: floatingip_pgrs01 + - type: cloudify.openstack.server_connected_to_keypair + target: key_pair + - type: cloudify.relationships.depends_on + target: dns_pgrs01 + - type: cloudify.relationships.depends_on + target: pgaas_cluster + + # cinder connections + volume_pgrs00: + type: cloudify.openstack.nodes.Volume + properties: + resource_id: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00' ] } + openstack_config: *open_conf + use_external_resource: True + relationships: + - type: cloudify.openstack.volume_attached_to_server + target: host_pgrs00 + + volume_pgrs01: + type: cloudify.openstack.nodes.Volume + properties: + resource_id: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01' ] } + openstack_config: *open_conf + use_external_resource: True + relationships: + - type: cloudify.openstack.volume_attached_to_server + target: host_pgrs01 + + # CNAME records + dns_pgrs_rw: + type: dcae.nodes.dns.cnamerecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + cname: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + + dns_pgrs_ro: + type: dcae.nodes.dns.cnamerecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + cname: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + + # tie to pgaas_plugin database + pgaas_cluster: + type: dcae.nodes.pgaas.cluster + properties: + writerfqdn: { get_property: [ dns_pgrs_rw, fqdn ] } + use_existing: true + relationships: + - type: cloudify.relationships.depends_on + target: dns_pgrs_rw + - type: cloudify.relationships.depends_on + target: dns_pgrs_ro + +outputs: + public_ip00: + value: { get_attribute: [host_pgrs00, ip] } + public_ip01: + value: { get_attribute: [host_pgrs01, ip] } + writerfqdn: + value: { get_property: [ dns_pgrs_rw, fqdn ] } + readerfqdn: + value: { get_property: [ dns_pgrs_ro, fqdn ] } + dns_pgrs00: + value: { get_property: [ dns_pgrs00, fqdn ] } + dns_pgrs01: + value: { get_property: [ dns_pgrs01, fqdn ] } + version: + value: { get_input: blueprint_version } diff --git a/blueprints/pgaas-database.yaml-template b/blueprints/pgaas-database.yaml-template new file mode 100644 index 0000000..c387d18 --- /dev/null +++ b/blueprints/pgaas-database.yaml-template @@ -0,0 +1,65 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: + +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This blueprint is used to install and to uninstall a persistent database into the central postgres as a platform service. + This blueprint depends upon the deployment of the pgaas_plugin, the PGaaS Cinder volume, the PGaaS service, and Consul. + This blueprint is part of a suite of three blueprints that allow a PGaaS + cluster to be created that has persistent databases stored in Cinder. + pgaas-disk allocates the cinder volumes. It must be run first. + pgaas-cluster creates the PG service and attaches the cinder volumes. It must be run second. + pgaas-database creates a database. It must be run third, for each persistent database. + If the cluster is uninstalled, the persistent databases are unaffected. + If a database blueprint is uninstalled, the persistent database goes away. + If the disk blueprint is uninstalled, all persistent databases go away, along with the server instance. + +imports: + - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml + + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/pgaas_plugin/1.0.0/pgaas_types.yaml + +inputs: + # environment info + blueprint_version: + type: string + default: 'VERSION-STAMP-GOES-HERE' + flavor_id: + type: string + key_filename: + type: string + keypair: + type: string + location_domain: + type: string + location_prefix: + type: string + openstack: {} + private_net: + type: string + public_net: + type: string + security_group: + type: string + ubuntu1604image_id: + type: string + + # pgaas-specific info + pgaas_cluster_name: + type: string + default: pgcl + database_contacts: {} + default: {} + database_description: + type: string + default: 'This is a sample database' + database_name: + type: string + default: sample + +node_templates: + pgaasdbtest: + type: dcae.nodes.pgaas.database + properties: + writerfqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } + name: { get_input: database_name } diff --git a/blueprints/pgaas-disk.yaml-template b/blueprints/pgaas-disk.yaml-template new file mode 100644 index 0000000..e4c53b3 --- /dev/null +++ b/blueprints/pgaas-disk.yaml-template @@ -0,0 +1,120 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: + +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This blueprint is used to install and to uninstall the cinder volumes for + a central postgres as a platform service. + This blueprint depends upon the deployment of Consul and the pgaas_plugin. + This blueprint is part of a suite of three blueprints that allow a PGaaS + cluster to be created that has persistent databases stored in Cinder. + pgaas-disk allocates the cinder volumes. It must be run first. + pgaas-cluster creates the PG service and attaches the cinder volumes. It must be run second. + pgaas-database creates a database. It must be run third, for each persistent database. + If the cluster is uninstalled, the persistent databases are unaffected. + If a database blueprint is uninstalled, the persistent database goes away. + If the disk blueprint is uninstalled, all persistent databases go away, along with the server instance. + +imports: + - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml + - http://www.getcloudify.org/spec/openstack-plugin/1.4/plugin.yaml + - http://www.getcloudify.org/spec/fabric-plugin/1.4.1/plugin.yaml + + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/sshkeyshare/sshkey_types.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/relationship/1.0.0/node-type.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/pgaas_plugin/1.0.0/pgaas_types.yaml + +inputs: + # environment info + blueprint_version: + type: string + default: 'VERSION-STAMP-GOES-HERE' + flavor_id: + type: string + key_filename: + type: string + keypair: + type: string + location_domain: + type: string + location_prefix: + type: string + openstack: {} + private_net: + type: string + public_net: + type: string + security_group: + type: string + ubuntu1604image_id: + type: string + + # pgaas-specific info + pgaas_cluster_name: + type: string + default: pgcl + +node_templates: + key_pair: + type: cloudify.openstack.nodes.KeyPair + properties: + private_key_path: { get_input: key_filename } + use_external_resource: True + resource_id: { get_input: keypair } + openstack_config: &open_conf + get_input: openstack + + sharedsshkey_pgrs: + type: dcae.nodes.ssh.keypair + + private_net: + type: cloudify.openstack.nodes.Network + properties: + use_external_resource: True + resource_id: { get_input: private_net } + openstack_config: *open_conf + + security_group: + type: cloudify.openstack.nodes.SecurityGroup + properties: + use_external_resource: True + resource_id: { get_input: security_group } + openstack_config: *open_conf + + volume_pgrs00: + type: cloudify.openstack.nodes.Volume + properties: + resource_id: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00' ] } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + size: { get_input: cinder_volume_size } + + volume_pgrs01: + type: cloudify.openstack.nodes.Volume + properties: + resource_id: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01' ] } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + size: { get_input: cinder_volume_size } + + pgaas_cluster: + type: dcae.nodes.pgaas.cluster + properties: + writerfqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } + readerfqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '.', { get_input: location_domain } ] } + relationships: + - type: dcae.relationships.pgaas_cluster_uses_sshkeypair + target: sharedsshkey_pgrs + +outputs: + version: + value: { get_input: blueprint_version } diff --git a/blueprints/pgaas-getdbinfo.yaml-template b/blueprints/pgaas-getdbinfo.yaml-template new file mode 100644 index 0000000..9dfc89e --- /dev/null +++ b/blueprints/pgaas-getdbinfo.yaml-template @@ -0,0 +1,74 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: + +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This blueprint is an example of how an application can access the needed information about + a persistent database created as part of a PGaaS cluster. + + For a given database "dbname" on a given PGaaS cluster "PGCLUSTERNAME", + there are three roles created: + admin role: has complete administrative control over that database + user role: has complete read and write access on that database + viewer role: only has read access on that database + The various attributes will return the appropriate information + that can be used with that role: host fqdn, role name and password. + +imports: + - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml + + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/pgaas_plugin/1.0.0/pgaas_types.yaml + +inputs: + location_domain: + type: string + location_prefix: + type: string + pgaas_cluster_name: + type: string + default: pgcl + database_name: + type: string + default: sample + +node_templates: + pgclustername_dbname: + type: dcae.nodes.pgaas.database + properties: + writerfqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } + name: { get_input: database_name } + use_existing: true + +outputs: + # admin role has control over table/index/view creation/dropping + pgclustername_dbname_admin_host: + description: Hostname for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, admin, host ] } + pgclustername_dbname_admin_user: + description: Admin Username for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, admin, user ] } + pgclustername_dbname_admin_password: + description: Admin Password for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, admin, password ] } + + # user role can read and write the tables + pgclustername_dbname_user_host: + description: Hostname for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, user, host ] } + pgclustername_dbname_user_user: + description: User Username for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, user, user ] } + pgclustername_dbname_user_password: + description: User Password for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, user, password ] } + + # viewer role can only read from the tables + pgclustername_dbname_viewer_host: + description: Hostname for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, viewer, host ] } + pgclustername_dbname_viewer_user: + description: Viewer Username for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, viewer, user ] } + pgclustername_dbname_viewer_password: + description: Viewer Password for PGCLUSTERNAME dbname database + value: { get_attribute: [ pgclustername_dbname, viewer, password ] } diff --git a/blueprints/pgaas.yaml-template b/blueprints/pgaas.yaml-template new file mode 100644 index 0000000..810912e --- /dev/null +++ b/blueprints/pgaas.yaml-template @@ -0,0 +1,421 @@ +# -*- indent-tabs-mode: nil -*- # vi: set expandtab: + +# TODO +# add consul registration + +# ============LICENSE_START==================================================== +# org.onap.dcae +# ============================================================================= +# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved. +# ============================================================================= +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END====================================================== + +tosca_definitions_version: cloudify_dsl_1_3 + +description: > + This blueprint is used to install and to uninstall a central postgres as a platform service. + This blueprint depends upon the deployment of the pgaas_plugin and Consul. + +imports: + - http://www.getcloudify.org/spec/cloudify/3.4/types.yaml + - http://www.getcloudify.org/spec/openstack-plugin/1.4/plugin.yaml + - http://www.getcloudify.org/spec/fabric-plugin/1.4.1/plugin.yaml + + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/dnsdesig/dns_types.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform_plugins_releases }}/type_files/sshkeyshare/sshkey_types.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/relationship/1.0.0/node-type.yaml + - {{ ONAPTEMPLATE_RAWREPOURL_org_onap_dcaegen2_platform_plugins_releases }}/type_files/pgaas_plugin/1.0.0/pgaas_types.yaml + +inputs: + # environment info + blueprint_version: + type: string + default: 'VERSION-STAMP-GOES-HERE' + flavor_id: + type: string + key_filename: + type: string + keypair: + type: string + location_domain: + type: string + location_prefix: + type: string + openstack: {} + private_net: + type: string + public_net: + type: string + security_group: + type: string + ubuntu1604image_id: + type: string + + # pgaas-specific info + pgaas_cluster_name: + type: string + default: pstg + + vm_init_pgrs: + type: string + default: | + #!/bin/sh + echo All output will be found in /tmp/ins.out and /tmp/ins.err + exec > /tmp/ins.out 2> /tmp/ins.err + set -x + if [ "$(dnsdomainname 2>/dev/null)" = "" ] + then + echo WARNING WARNING WARNING + echo The DNS DHCP settings did not work properly. + exit 1 + fi + + CONFDIR=/var/config/DCAE/chef/ + mkdir -p $CONFDIR + + CONF=$CONFDIR/pgaas-postgres.conf + cat < $CONF + master: ${MASTER%%.*} + secondmaster: notused + DRTR_NODE_KSTOREFILE: /opt/app/dcae-certificate/keystore.jks + DRTR_NODE_KSTOREPASS: "No Certificate" + DRTR_NODE_PVTKEYPASS: "No Certificate" + PG_NODES: $PG_NODES + PG_JAVA_HOME : /opt/app/java/jdk/jdk170 + PG_CLUSTER: central + EOF + + apt-get update + + # invoking apt-get separately allows a failure to be ignored + for i in openjdk-7-jdk openjdk-8-jdk python-pip python3-pip curl gawk; do apt-get install -y $i;done + pip install pyyaml + + # prevent servers from starting + echo "exit 101" > /usr/sbin/policy-rc.d; chmod a+x /usr/sbin/policy-rc.d + + # invoking apt-get separately allows a failure to be ignored + for i in postgresql libpq5 repmgr python-psycopg2 python3-psycopg2 libgetopt-java; do apt-get install -y $i; done + + # allow servers to autostart again + rm -f /usr/sbin/policy-rc.d + + ( umask 077; sed 's/^/*:*:*:postgres:/' < /root/.pgrspw > ~postgres/.pgpass; chown postgres:postgres ~postgres/.pgpass ) + + if [ ! -f $CONF ] + then echo "$CONF does not exist" 1>&2; exit 1 + fi + + echo Look in /tmp/pgaas.out for output from installing PGaaS + NEXUS={{ ONAPTEMPLATE_RAWREPOURL_org_onap_ccsdk_platform }}/debs + for pkg in cdf_17.10.0-LATEST.deb pgaas_17.10.0-LATEST.deb + do + OUT=/tmp/$pkg + curl -s -k -f -o $OUT $NEXUS/$pkg + dpkg --install $OUT + done + + case $(hostname) in + do + *00 ) WRITE=-write ;; + *01 ) WRITE= ;; + esac + curl -v -X PUT -H "Content-Type: application/json" "http://${LOCATION_PREFIX}cnsl00.${LOCATION_DOMAIN}:8500/v1/agent/service/register" -d '{"name" : "${CLUSTER_NAME}${WRITE}", "Address" : "${LOCAL_IP}", "Port" : 5432}" + + echo ALL DONE + +node_templates: + key_pair: + type: cloudify.openstack.nodes.KeyPair + properties: + private_key_path: { get_input: key_filename } + use_external_resource: True + resource_id: { get_input: keypair } + openstack_config: &open_conf + get_input: openstack + private_net: + type: cloudify.openstack.nodes.Network + properties: + use_external_resource: True + resource_id: { get_input: private_net } + openstack_config: *open_conf + security_group: + type: cloudify.openstack.nodes.SecurityGroup + properties: + use_external_resource: True + resource_id: { get_input: security_group } + openstack_config: *open_conf + + sharedsshkey_pgrs: + type: dcae.nodes.ssh.keypair + + fixedip_pgrs00: + type: cloudify.openstack.nodes.Port + properties: + port: + extra_dhcp_opts: + - opt_name: 'domain-name' + opt_value: { get_input: location_domain } + openstack_config: *open_conf + relationships: + - type: cloudify.relationships.contained_in + target: private_net + floatingip_pgrs00: + type: cloudify.openstack.nodes.FloatingIP + properties: + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + floating_network_name: { get_input: public_net } + dns_pgrs00: + type: dcae.nodes.dns.arecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + ip_addresses: + - { get_attribute: [ floatingip_pgrs00, floating_ip_address ] } + relationships: + - type: cloudify.relationships.depends_on + target: floatingip_pgrs00 + host_pgrs00: + type: cloudify.openstack.nodes.Server + properties: + install_agent: false + image: { get_input: ubuntu1604image_id } + flavor: { get_input: flavor_id } + management_network_name: { get_input: private_net } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + name: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00' ] } + userdata: + concat: + - |- + #!/bin/sh + mkdir /root/.sshkey + echo ' + - { get_attribute: [ sharedsshkey_pgrs, public ] } + - |- + ' >/root/.sshkey/id_rsa.pub + echo ' + - { get_attribute: [ sharedsshkey_pgrs, base64private ] } + - |- + ' | base64 -d >/root/.sshkey/id_rsa + chmod 700 /root/.sshkey + chmod 600 /root/.sshkey/* + ( umask 077; echo -n postgres | cat - /root/.sshkey/id_rsa | md5sum | awk '{ print $1 }' > /root/.pgrspw ) + set -x + - "\n" + - "CLUSTER_NAME='" + - { get_input: pgaas_cluster_name } + - "'\n" + - "LOCATION_PREFIX='" + - { get_input: location_prefix } + - "'\n" + - "LOCATION_DOMAIN='" + - { get_input: location_domain } + - "'\n" + - "MASTER='" + - { get_property: [ dns_pgrs00, fqdn ] } + - "'\n" + - "LOCAL_IP='" + - { get_attribute: [ host_pgrs00, ip ] } + - "'\n" + - "PG_NODES='" + - { get_property: [ dns_pgrs00, fqdn ] } + - '|' + - { get_property: [ dns_pgrs01, fqdn ] } + - "'\n" + - { get_input: vm_init_pgrs } + relationships: + - type: cloudify.openstack.server_connected_to_port + target: fixedip_pgrs00 + - type: cloudify.openstack.server_connected_to_security_group + target: security_group + - type: cloudify.openstack.server_connected_to_floating_ip + target: floatingip_pgrs00 + - type: cloudify.openstack.server_connected_to_keypair + target: key_pair + - type: cloudify.relationships.depends_on + target: dns_pgrs00 + - type: cloudify.relationships.depends_on + target: sharedsshkey_pgrs + fixedip_pgrs01: + type: cloudify.openstack.nodes.Port + properties: + port: + extra_dhcp_opts: + - opt_name: 'domain-name' + opt_value: { get_input: location_domain } + openstack_config: *open_conf + relationships: + - type: cloudify.relationships.contained_in + target: private_net + floatingip_pgrs01: + type: cloudify.openstack.nodes.FloatingIP + properties: + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + floating_network_name: { get_input: public_net } + dns_pgrs01: + type: dcae.nodes.dns.arecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + ip_addresses: + - { get_attribute: [ floatingip_pgrs01, floating_ip_address ] } + relationships: + - type: cloudify.relationships.depends_on + target: floatingip_pgrs01 + host_pgrs01: + type: cloudify.openstack.nodes.Server + properties: + install_agent: false + image: { get_input: ubuntu1604image_id } + flavor: { get_input: flavor_id } + management_network_name: { get_input: private_net } + openstack_config: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + name: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '01' ] } + userdata: + concat: + - |- + #!/bin/sh + mkdir /root/.sshkey + echo ' + - { get_attribute: [ sharedsshkey_pgrs, public ] } + - |- + ' >/root/.sshkey/id_rsa.pub + echo ' + - { get_attribute: [ sharedsshkey_pgrs, base64private ] } + - |- + ' | base64 -d >/root/.sshkey/id_rsa + chmod 700 /root/.sshkey + chmod 600 /root/.sshkey/* + ( umask 077; echo -n postgres | cat - /root/.sshkey/id_rsa | md5sum | awk '{ print $1 }' > /root/.pgrspw ) + set -x + - "\n" + - "CLUSTER_NAME='" + - { get_input: pgaas_cluster_name } + - "'\n" + - "LOCATION_PREFIX='" + - { get_input: location_prefix } + - "'\n" + - "LOCATION_DOMAIN='" + - { get_input: location_domain } + - "'\n" + - "MASTER='" + - { get_property: [ dns_pgrs00, fqdn ] } + - "'\n" + - "LOCAL_IP='" + - { get_attribute: [ host_pgrs01, ip ] } + - "'\n" + - "PG_NODES='" + - { get_property: [ dns_pgrs00, fqdn ] } + - '|' + - { get_property: [ dns_pgrs01, fqdn ] } + - "'\n" + - { get_input: vm_init_pgrs } + relationships: + - type: cloudify.openstack.server_connected_to_port + target: fixedip_pgrs01 + - type: cloudify.openstack.server_connected_to_security_group + target: security_group + - type: cloudify.openstack.server_connected_to_floating_ip + target: floatingip_pgrs01 + - type: cloudify.openstack.server_connected_to_keypair + target: key_pair + - type: cloudify.relationships.depends_on + target: dns_pgrs01 + - type: cloudify.relationships.depends_on + target: sharedsshkey_pgrs + + # CNAME records + dns_pgrs_rw: + type: dcae.nodes.dns.cnamerecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '-write.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + cname: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + + dns_pgrs_ro: + type: dcae.nodes.dns.cnamerecord + properties: + fqdn: { concat: [ { get_input: location_prefix }, '-', { get_input: pgaas_cluster_name }, '.', { get_input: location_domain } ] } + openstack: *open_conf + interfaces: + cloudify.interfaces.lifecycle: + create: + inputs: + args: + cname: { concat: [ { get_input: location_prefix }, { get_input: pgaas_cluster_name }, '00.', { get_input: location_domain } ] } + + # tie to pgaas_plugin database + pgaas_cluster: + type: dcae.nodes.pgaas.cluster + properties: + writerfqdn: { get_property: [ dns_pgrs_rw, fqdn ] } + readerfqdn: { get_property: [ dns_pgrs_ro, fqdn ] } + relationships: + - type: dcae.relationships.pgaas_cluster_uses_sshkeypair + target: sharedsshkey_pgrs + - type: cloudify.relationships.depends_on + target: dns_pgrs_rw + - type: cloudify.relationships.depends_on + target: dns_pgrs_ro + +outputs: + public_ip00: + value: { get_attribute: [host_pgrs00, ip] } + public_ip01: + value: { get_attribute: [host_pgrs01, ip] } + writerfqdn: + value: { get_property: [ dns_pgrs_rw, fqdn ] } + readerfqdn: + value: { get_property: [ dns_pgrs_ro, fqdn ] } + dns_pgrs00: + value: { get_property: [ dns_pgrs00, fqdn ] } + dns_pgrs01: + value: { get_property: [ dns_pgrs01, fqdn ] } + version: + value: { get_input: blueprint_version } -- cgit 1.2.3-korg