diff --git a/manifests/ceph_deploy.pp b/manifests/ceph_deploy.pp new file mode 100644 index 0000000..973e256 --- /dev/null +++ b/manifests/ceph_deploy.pp @@ -0,0 +1,82 @@ +class trystack::ceph_deploy ( + $fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc', + $osd_pool_default_pg_num = '128', + $osd_pool_default_size = '1', + $osd_pool_default_min_size = '1', + $mon_initial_members = '', + $mon_host = '', + $cluster_network = "10.4.8.0/21", + $public_network = "10.4.8.0/21", + $osd_journal_size = '1000', + $osd_ip = '', + $mon_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $admin_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==', + $volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==', + $boostrap_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', +) { + + class { 'ceph': + fsid => $fsid, + osd_pool_default_pg_num => $osd_pool_default_pg_num, + osd_pool_default_size => $osd_pool_default_size, + osd_pool_default_min_size => $osd_pool_default_min_size, + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, + cluster_network => $cluster_network, + public_network => $public_network, + } + -> + ceph_config { + 'global/osd_journal_size': value => $osd_journal_size; + } + -> + ceph::mon { $::hostname: + public_addr => $osd_ip, + key => $mon_key, + } + + Ceph::Key { + inject => true, + inject_as_id => 'mon.', + inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring", + } + + ceph::key { 'client.admin': + secret => $admin_key, + cap_mon => 'allow *', + cap_osd => 'allow *', + cap_mds => 'allow', + mode => '0644', + } + ceph::key { 'client.images': + secret => $images_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images', + inject => true, + mode => '0644', + } + + ceph::key { 'client.volumes': + secret => $volumes_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes', + inject => true, + mode => '0644', + } + ceph::key { 'client.bootstrap-osd': + secret => $boostrap_key, + cap_mon => 'allow profile bootstrap-osd', + keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring', + } + -> + ceph::osd { '/osd0': } + -> + exec { 'create volumes pool': + command => "/usr/bin/ceph osd pool create volumes $osd_pool_default_pg_num", + } + -> + exec { 'create images pool': + command => "/usr/bin/ceph osd pool create images $osd_pool_default_pg_num", + } +} diff --git a/manifests/compute.pp b/manifests/compute.pp index 26f29b8..4ae38da 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -1,74 +1,154 @@ class trystack::compute { + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } - if $private_ip == '' { fail('private_ip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('mysql_ip is empty') } - - if $admin_password == '' { fail('admin_password is empty') } - - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - - if $neutron_user_password == '' { fail('nova_user_password is empty') } - if $neutron_db_password == '' { fail('nova_db_password is empty') } - - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + ##Common Parameters + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$private_subnet { fail('private_subnet is empty')} + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + + + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } + + if !$admin_password { $admin_password = $single_password } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + + ##HA Global params + if $ha_flag and str2bool($ha_flag) { + if $private_network == '' { fail('private_network is empty') } + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_ip_array = split($controllers_ip_array, ',') + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + if !$odl_control_ip { $odl_control_ip = $controllers_ip_array[0] } + if !$db_vip { fail('db_vip is empty') } + $mysql_ip = $db_vip + if !$amqp_vip { fail('amqp_vip is empty') } + $amqp_ip = $amqp_vip + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } + if !$ceph_mon_host { $ceph_mon_host = $controllers_ip_array } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + + } else { + ##non HA params + ##Mandatory + if $private_network == '' { fail('private_network is empty') } + if ($odl_flag != '') and str2bool($odl_flag) { + if $odl_control_ip == '' { fail('odl_control_ip is empty') } + } + if $controller_ip == '' { fail('controller_ip is empty') } + + ##Optional + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + + $keystone_private_vip = $controller_ip + $glance_private_vip = $controller_ip + $nova_public_vip = $controller_ip + $neutron_private_vip = $controller_ip + + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$mysql_ip { $mysql_ip = $controller_ip } + if !$amqp_ip { $amqp_ip = $controller_ip } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } + } class { "quickstack::neutron::compute": - auth_host => $private_ip, - glance_host => $private_ip, + auth_host => $keystone_private_vip, + glance_host => $glance_private_vip, libvirt_images_rbd_pool => 'volumes', libvirt_images_rbd_ceph_conf => '/etc/ceph/ceph.conf', libvirt_inject_password => 'false', libvirt_inject_key => 'false', libvirt_images_type => 'rbd', - nova_host => $private_ip, - nova_db_password => $nova_db_password, - nova_user_password => $nova_user_password, + nova_host => $nova_public_vip, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, private_network => '', - private_iface => '', + private_iface => $ovs_tunnel_if, private_ip => '', rbd_user => 'volumes', - rbd_secret_uuid => '', + rbd_secret_uuid => $rbd_secret_uuid, network_device_mtu => $quickstack::params::network_device_mtu, - admin_password => $admin_password, - ssl => false, - - mysql_host => $mysql_ip, - mysql_ca => $quickstack::params::mysql_ca, - amqp_host => $amqp_ip, - amqp_username => 'guest', - amqp_password => 'guest', - #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, - - ceilometer => 'true', - ceilometer_metering_secret => $ceilometer_metering_secret, - ceilometer_user_password => $ceilometer_user_password, - - cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, - - agent_type => 'ovs', + admin_password => $admin_password, + ssl => false, + + mysql_host => $mysql_ip, + mysql_ca => '/etc/ipa/ca.crt', + amqp_host => $amqp_ip, + amqp_username => $amqp_username, + amqp_password => $amqp_password, + + ceilometer => 'false', + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_rbd => 'true', + glance_backend_rbd => 'true', + ceph_cluster_network => $ceph_public_network, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_pool_default_size => $ceph_osd_pool_size, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_volumes_key => $ceph_volumes_key, + + agent_type => $this_agent, enable_tunneling => true, + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, + neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, - neutron_host => $private_ip, + neutron_host => $neutron_private_vip, - #ovs_bridge_mappings = $quickstack::params::ovs_bridge_mappings, - #ovs_bridge_uplinks = $quickstack::params::ovs_bridge_uplinks, - #ovs_vlan_ranges = $quickstack::params::ovs_vlan_ranges, - ovs_tunnel_iface => 'em1', + ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', - ovs_l2_population => 'True', + ovs_l2_population => 'false', tenant_network_type => 'vxlan', tunnel_id_ranges => '1:1000', - #ovs_vxlan_udp_port = $quickstack::params::ovs_vxlan_udp_port, ovs_tunnel_types => ['vxlan'], - verbose => $quickstack::params::verbose, + verbose => 'true', security_group_api => 'neutron', } diff --git a/manifests/controller.pp b/manifests/controller.pp index c1d165d..5b494a0 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -1,4 +1,14 @@ class trystack::controller { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + } + if $admin_email == '' { fail('admin_email is empty') } if $admin_password == '' { fail('admin_password is empty') } @@ -6,6 +16,8 @@ if $public_ip == '' { fail('public_ip is empty') } if $private_ip == '' { fail('private_ip is empty') } + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + if $mysql_ip == '' { fail('mysql_ip is empty') } if $mysql_root_password == '' { fail('mysql_root_password is empty') } if $amqp_ip == '' { fail('amqp_ip is empty') } @@ -87,6 +99,7 @@ horizon_cert => $quickstack::params::horizon_cert, horizon_key => $quickstack::params::horizon_key, + ml2_mechanism_drivers => $ml2_mech_drivers, #neutron => true, neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, neutron_db_password => $neutron_db_password, @@ -94,6 +107,8 @@ nova_db_password => $nova_db_password, nova_user_password => $nova_user_password, + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, swift_shared_secret => $swift_shared_secret, swift_admin_password => $swift_admin_password, diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp new file mode 100644 index 0000000..1e158eb --- /dev/null +++ b/manifests/controller_networker.pp @@ -0,0 +1,430 @@ +class trystack::controller_networker { + if $odl_rest_port == '' { $odl_rest_port= '8081'} + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + } else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + ##Mandatory Common variables + if $admin_email == '' { fail('admin_email is empty') } + + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } + + if !$keystone_admin_token { $keystone_admin_token = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + if !$admin_password { $admin_password = $single_password } + + ##Check for HA, if not leave old functionality alone + if $ha_flag and str2bool($ha_flag) { + ##Mandatory HA variables + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + $controllers_ip_array_str = $controllers_ip_array + $controllers_ip_array = split($controllers_ip_array, ',') + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + if !$amqp_vip { fail('amqp_vip is empty') } + if !$private_subnet { fail('private_subnet is empty')} + if !$cinder_admin_vip { fail('cinder_admin_vip is empty') } + if !$cinder_private_vip { fail('cinder_private_vip is empty') } + if !$cinder_public_vip { fail('cinder_public_vip is empty') } + if !$db_vip { fail('db_vip is empty') } + if !$glance_admin_vip { fail('glance_admin_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$glance_public_vip { fail('glance_public_vip is empty') } + if !$horizon_admin_vip { fail('horizon_admin_vip is empty') } + if !$horizon_private_vip { fail('horizon_private_vip is empty') } + if !$horizon_public_vip { fail('horizon_public_vip is empty') } + if !$keystone_admin_vip { fail('keystone_admin_vip is empty') } + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$keystone_public_vip { fail('keystone_public_vip is empty') } + if !$loadbalancer_vip { fail('loadbalancer_vip is empty') } + if !$neutron_admin_vip { fail('neutron_admin_vip is empty') } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + if !$neutron_public_vip { fail('neutron_public_vip is empty') } + if !$nova_admin_vip { fail('nova_admin_vip is empty') } + if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } + if $private_network == '' { fail('private_network is empty') } + if !$heat_admin_vip { fail('heat_admin_vip is empty') } + if !$heat_private_vip { fail('heat_private_vip is empty') } + if !$heat_public_vip { fail('heat_public_vip is empty') } + if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') } + if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') } + if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + + ##Optional HA variables + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array} + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } + if !$horizon_secret { $horizon_secret = $single_password } + if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$keystone_user_password { $keystone_user_password = $single_password } + if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array } + if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_proxy_secret { $neutron_metadata_proxy_secret = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} + if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } + if !$storage_network { + $storage_iface = $ovs_tunnel_if + } else { + $storage_iface = get_nic_from_network("$storage_network") + } + + ##we assume here that if not provided, the first controller is where ODL will reside + ##this is fine for now as we will replace ODL with ODL HA when it is ready + if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] } + + ###find interface ip of storage network + $osd_ip = find_ip("", + "$storage_iface", + "") + + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_presetup": + stage => presetup, + require => Class['trystack::repo'], + } + } + + class { "trystack::ceph_deploy": + fsid => $ceph_fsid, + osd_pool_default_size => $ceph_osd_pool_size, + osd_journal_size => $ceph_osd_journal_size, + mon_initial_members => $controllers_hostnames_array_str, + mon_host => $controllers_ip_array_str, + osd_ip => $osd_ip, + public_network => $ceph_public_network, + cluster_network => $ceph_public_network, + images_key => $ceph_images_key, + volumes_key => $ceph_volumes_key, + } + -> + class { "quickstack::openstack_common": } + -> + class { "quickstack::pacemaker::params": + amqp_password => $amqp_password, + amqp_username => $amqp_username, + amqp_vip => $amqp_vip, + ceph_cluster_network => $private_subnet, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_osd_pool_size => $ceph_osd_pool_size, + ceph_public_network => $ceph_public_network, + ceph_volumes_key => $ceph_volumes_key, + cinder_admin_vip => $cinder_admin_vip, + cinder_db_password => $cinder_db_password, + cinder_private_vip => $cinder_private_vip, + cinder_public_vip => $cinder_public_vip, + cinder_user_password => $cinder_user_password, + cluster_control_ip => $cluster_control_ip, + db_vip => $db_vip, + glance_admin_vip => $glance_admin_vip, + glance_db_password => $glance_db_password, + glance_private_vip => $glance_private_vip, + glance_public_vip => $glance_public_vip, + glance_user_password => $glance_user_password, + heat_auth_encryption_key => $heat_auth_encryption_key, + heat_cfn_admin_vip => $heat_cfn_admin_vip, + heat_cfn_private_vip => $heat_cfn_private_vip, + heat_cfn_public_vip => $heat_cfn_public_vip, + heat_cfn_user_password => $heat_cfn_user_password, + heat_cloudwatch_enabled => 'true', + heat_cfn_enabled => 'true', + heat_db_password => $heat_db_password, + heat_admin_vip => $heat_admin_vip, + heat_private_vip => $heat_private_vip, + heat_public_vip => $heat_public_vip, + heat_user_password => $heat_user_password, + horizon_admin_vip => $horizon_admin_vip, + horizon_private_vip => $horizon_private_vip, + horizon_public_vip => $horizon_public_vip, + include_ceilometer => 'false', + include_cinder => 'true', + include_glance => 'true', + include_heat => 'true', + include_horizon => 'true', + include_keystone => 'true', + include_neutron => 'true', + include_nosql => 'false', + include_nova => 'true', + include_swift => 'false', + keystone_admin_vip => $keystone_admin_vip, + keystone_db_password => $keystone_db_password, + keystone_private_vip => $keystone_private_vip, + keystone_public_vip => $keystone_public_vip, + keystone_user_password => $keystone_user_password, + lb_backend_server_addrs => $lb_backend_server_addrs, + lb_backend_server_names => $lb_backend_server_names, + loadbalancer_vip => $loadbalancer_vip, + neutron => 'true', + neutron_admin_vip => $neutron_admin_vip, + neutron_db_password => $neutron_db_password, + neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret, + neutron_private_vip => $neutron_private_vip, + neutron_public_vip => $neutron_public_vip, + neutron_user_password => $neutron_user_password, + nova_admin_vip => $nova_admin_vip, + nova_db_password => $nova_db_password, + nova_private_vip => $nova_private_vip, + nova_public_vip => $nova_public_vip, + nova_user_password => $nova_user_password, + pcmk_iface => $ovs_tunnel_if, + pcmk_server_addrs => $pcmk_server_addrs, + pcmk_server_names => $pcmk_server_names, + private_iface => $ovs_tunnel_if, + } + -> + class { "quickstack::pacemaker::common": } + -> + class { "quickstack::pacemaker::load_balancer": } + -> + class { "quickstack::pacemaker::galera": + mysql_root_password => $mysql_root_password, + wsrep_cluster_members => $controllers_ip_array, + } + -> + class { "quickstack::pacemaker::qpid": } + -> + class { "quickstack::pacemaker::rabbitmq": } + -> + class { "quickstack::pacemaker::keystone": + admin_email => $admin_email, + admin_password => $admin_password, + admin_token => $keystone_admin_token, + cinder => 'true', + heat => 'true', + heat_cfn => 'true', + keystonerc => 'true', + use_syslog => 'true', + verbose => 'true', + } + -> + class { "quickstack::pacemaker::swift": } + -> + class { "quickstack::pacemaker::glance": + backend => 'rbd', + debug => true, + pcmk_fs_manage => 'false', + use_syslog => true, + verbose => true + } + -> + class { "quickstack::pacemaker::nova": + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + } + -> + class { "quickstack::pacemaker::cinder": + backend_rbd => true, + rbd_secret_uuid => $rbd_secret_uuid, + use_syslog => true, + verbose => true, + volume => true, + } + -> + class { "quickstack::pacemaker::heat": + use_syslog => true, + verbose => true, + } + -> + class { "quickstack::pacemaker::constraints": } + + class { "quickstack::pacemaker::nosql": } + + class { "quickstack::pacemaker::memcached": } + + class { "quickstack::pacemaker::ceilometer": + ceilometer_metering_secret => $single_password, + } + + class { "quickstack::pacemaker::horizon": + horizon_ca => '/etc/ipa/ca.crt', + horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt', + horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key', + secret_key => $horizon_secret, + verbose => 'true', + } + + class { "quickstack::pacemaker::neutron": + agent_type => $this_agent, + enable_tunneling => 'true', + external_network_bridge => 'br-ex', + ml2_mechanism_drivers => $ml2_mech_drivers, + ml2_network_vlan_ranges => ["physnet1:10:50"], + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_types => ["vxlan"], + verbose => 'true', + neutron_conf_additional_params => { default_quota => 'default', + quota_network => '50', + quota_subnet => '50', + quota_port => 'default', + quota_security_group => '50', + quota_security_group_rule => 'default', + quota_vip => 'default', + quota_pool => 'default', + quota_router => '50', + quota_floatingip => '100', + network_auto_schedule => 'default', + }, + } + + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_setup": } + } + + } else { + ##Mandatory Non-HA parameters + if $private_network == '' { fail('private_network is empty') } + if $public_network == '' { fail('public_network is empty') } + + ##Optional Non-HA parameters + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$horizon_secret_key { $horizon_secret_key = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } + if !$swift_user_password { $swift_user_password = $single_password } + if !$swift_shared_secret { $swift_shared_secret = $single_password } + if !$swift_admin_password { $swift_admin_password = $single_password } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + #Find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_ip = get_ip_from_nic("$public_nic") + + if !$mysql_ip { $mysql_ip = $private_ip } + if !$amqp_ip { $amqp_ip = $private_ip } + if !$memcache_ip { $memcache_ip = $private_ip } + if !$neutron_ip { $neutron_ip = $private_ip } + if !$odl_control_ip { $odl_control_ip = $private_ip } + + class { "quickstack::neutron::controller_networker": + admin_email => $admin_email, + admin_password => $admin_password, + agent_type => $this_agent, + enable_tunneling => true, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_tunnel_types => ['vxlan'], + ovs_l2_population => 'True', + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => $amqp_username, + amqp_password => $amqp_password, + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, + + keystonerc => true, + + ml2_mechanism_drivers => $ml2_mech_drivers, + + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + + } +} diff --git a/manifests/external_net_presetup.pp b/manifests/external_net_presetup.pp new file mode 100644 index 0000000..992a37b --- /dev/null +++ b/manifests/external_net_presetup.pp @@ -0,0 +1,88 @@ +class trystack::external_net_presetup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + if ($public_nic == '') or ($public_nic_ip == '') or ($public_nic == "br-ex") or ($public_nic == "br_ex") { + notify {"Skipping augeas, public_nic ${public_nic}, public_nic_ip ${public_nic_ip}":} + + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + unless => 'ip addr show br-ex | grep "inet "', + before => Exec['restart-network-public-nic-ip'], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + exec {'restart-network-public-nic-ip': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + onlyif => 'ip addr show | grep $(ip addr show br-ex | grep -Eo "inet [\.0-9]+" | cut -d " " -f2) | grep -v br-ex', + } + + } else { + #reconfigure public interface to be ovsport + augeas { "main-$public_nic": + context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", + changes => [ + "rm IPADDR", + "rm NETMASK", + "rm GATEWAY", + "rm DNS1", + "rm BOOTPROTO", + "rm DEFROUTE", + "rm IPV6_DEFROUTE", + "rm IPV6_PEERDNS", + "rm IPV6_PEERROUTES", + "rm PEERROUTES", + "set PEERDNS no", + "set BOOTPROTO static", + "set IPV6INIT no", + "set IPV6_AUTOCONF no", + "set ONBOOT yes", + "set TYPE OVSPort", + "set OVS_BRIDGE br-ex", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Service["openvswitch"], + } + + -> + #create br-ex interface + file { 'external_bridge': + path => '/etc/sysconfig/network-scripts/ifcfg-br-ex', + owner => 'root', + group => 'root', + mode => '0644', + content => template('trystack/br_ex.erb'), + before => Class["quickstack::pacemaker::params"], + } + -> + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + } +} diff --git a/manifests/external_net_setup.pp b/manifests/external_net_setup.pp new file mode 100644 index 0000000..b52450c --- /dev/null +++ b/manifests/external_net_setup.pp @@ -0,0 +1,71 @@ +class trystack::external_net_setup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + Anchor[ 'neutron configuration anchor end' ] + -> + #update bridge-mappings to physnet1 + file_line { 'ovs': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => '[ovs]', + } + -> + #update bridge-mappings to physnet1 + file_line { 'bridge_mapping': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => 'bridge_mappings = physnet1:br-ex', + } + -> + Exec["pcs-neutron-server-set-up"] + +##this way we only let controller1 create the neutron resources +##controller1 should be the active neutron-server at provisioining time + + if $hostname == $controllers_hostnames_array[0] { + Exec["all-neutron-nodes-are-up"] + -> + neutron_network { 'provider_network': + ensure => present, + name => 'provider_network', + admin_state_up => true, + provider_network_type => flat, + provider_physical_network => 'physnet1', + router_external => true, + tenant_name => 'admin', + } + -> + neutron_subnet { 'provider_subnet': + ensure => present, + name => provider_subnet, + cidr => $public_subnet, + gateway_ip => $public_gateway, + allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ], + dns_nameservers => $public_dns, + network_name => 'provider_network', + tenant_name => 'admin', + } + -> + neutron_router { 'provider_router': + ensure => present, + name => 'provider_router', + admin_state_up => true, + gateway_network_name => 'provider_network', + tenant_name => 'admin', + } + } +} diff --git a/manifests/init.pp b/manifests/init.pp index a99b7ff..afc6c13 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,19 @@ class trystack { - file {'/etc/hosts': - content=> 'file:///modules/trystack/etc.hosts', + + include stdlib + stage { 'presetup': + before => Stage['setup'], } + class { '::ntp': + stage => presetup, + } + + class { "trystack::repo": + stage => presetup, + } + -> + package { "python-rados": + ensure => latest, + } + } diff --git a/manifests/network.pp b/manifests/network.pp index 006ec3a..ee5fe84 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -1,6 +1,27 @@ class trystack::network { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + class {"opendaylight": + odl_rest_port => $odl_rest_port, + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + } + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + + + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + if $mysql_ip == '' { fail('mysql_ip is empty') } if $amqp_ip == '' { fail('amqp_ip is empty') } @@ -12,6 +33,7 @@ if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } class { "quickstack::neutron::networker": + agent_type => $this_agent, neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, @@ -20,9 +42,8 @@ controller_priv_host => $private_ip, - agent_type => 'ovs', enable_tunneling => true, - ovs_tunnel_iface => 'em1', + ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', ovs_l2_population => 'True', ovs_tunnel_types => ['vxlan'], @@ -34,5 +55,8 @@ amqp_host => $amqp_ip, amqp_username => 'guest', amqp_password => 'guest', + + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, } } diff --git a/manifests/opendaylight_controller.pp b/manifests/opendaylight_controller.pp new file mode 100644 index 0000000..527f995 --- /dev/null +++ b/manifests/opendaylight_controller.pp @@ -0,0 +1,7 @@ +class trystack::opendaylight_controller { + if !$odl_rest_port { $odl_rest_port = '8081'} + class {"opendaylight": + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + odl_rest_port => $odl_rest_port, + } +} diff --git a/manifests/repo.pp b/manifests/repo.pp new file mode 100644 index 0000000..981271b --- /dev/null +++ b/manifests/repo.pp @@ -0,0 +1,54 @@ +class trystack::repo { + if $::osfamily == 'RedHat' { + if $proxy_address != '' { + $myline= "proxy=${proxy_address}" + include stdlib + file_line { 'yumProxy': + ensure => present, + path => '/etc/yum.conf', + line => $myline, + before => Yumrepo['openstack-juno'], + } + } + + yumrepo { "openstack-juno": + baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/", + descr => "RDO Community repository", + enabled => 1, + gpgcheck => 0, + } + + } + + exec {'disable selinux': + command => '/usr/sbin/setenforce 0', + unless => '/usr/sbin/getenforce | grep Permissive', + } + -> + service { "network": + ensure => "running", + enable => "true", + hasrestart => true, + restart => '/usr/bin/systemctl restart network', + } + -> + service { 'NetworkManager': + ensure => "stopped", + enable => "false", + } + ~> + exec { 'restart-network-presetup': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + -> + package { 'openvswitch': + ensure => installed, + } + -> + service {'openvswitch': + ensure => 'running', + } + +} diff --git a/manifests/tempest.pp b/manifests/tempest.pp new file mode 100644 index 0000000..c5b917c --- /dev/null +++ b/manifests/tempest.pp @@ -0,0 +1,12 @@ +#The required package for tempest is missing in Khaleesi along with EPEL for CentOS. +#This is a workaround for now since we require EPEL with Foreman/Puppet +#Also is a good place to put anything additional that we wish to install on the tempest node. + +class trystack::tempest { + + if $::osfamily == 'RedHat' { + package { 'subunit-filters': + ensure => present, + } + } +} diff --git a/templates/br_ex.erb b/templates/br_ex.erb new file mode 100644 index 0000000..6c0e7e7 --- /dev/null +++ b/templates/br_ex.erb @@ -0,0 +1,10 @@ +DEVICE=br-ex +DEVICETYPE=ovs +IPADDR=<%= @public_nic_ip %> +NETMASK=<%= @public_nic_netmask %> +GATEWAY=<%= @public_gateway %> +BOOTPROTO=static +ONBOOT=yes +TYPE=OVSBridge +PROMISC=yes +PEERDNS=no