From e9c946be1479dc6e6a4fe1a91b280403d1b7942c Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 21 Jan 2015 13:37:23 -0500 Subject: [PATCH 01/46] -Updated init to call repo -repo makes sure RDO repo is added, along with correctly replacing /etc/hosts/ -both are staged first before running quickstack --- manifests/repo.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 manifests/repo.pp diff --git a/manifests/repo.pp b/manifests/repo.pp new file mode 100644 index 0000000..41a284a --- /dev/null +++ b/manifests/repo.pp @@ -0,0 +1,12 @@ +class trystack::repo { + file {'/etc/hosts': + source=> 'puppet:///modules/trystack/etc.hosts', + } + + yumrepo { "openstack-juno": + baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/", + descr => "RDO Community repository", + enabled => 1, + gpgcheck => 0, + } +} From fdbbb849f20eb17b5d628a21805173ceb6e74fd9 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 21 Jan 2015 13:40:22 -0500 Subject: [PATCH 02/46] forgot to include init.pp --- manifests/init.pp | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index a99b7ff..b90c342 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,5 +1,9 @@ class trystack { - file {'/etc/hosts': - content=> 'file:///modules/trystack/etc.hosts', + stage { 'first': + before => Stage['main'], + } + + class { "trystack::repo": + stage => first, } } From c046cea0f5108d892c4fef5043d69ae85a5c8a4c Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 5 Feb 2015 12:41:43 -0500 Subject: [PATCH 03/46] Added support for controller_networker consolidation and opendaylight. Addition of controller_networker.pp allows user in foreman to launch controller_networker node consolidated. Modifications to all files include support for using opendaylight as an ML2 driver. Opendaylight is installed on network or controller_networker node. ML2 is configured to point to opendaylight on control or controller_networker node. New global parameters for foreman: odl_flag = 'true' (optional, set to opendaylight to use opendaylight) odl_rest_port = '8081' (optional, defaults to 8081 if not provided. Must not be 8080 if using controller_networker.pp) odl_control_ip = '10.4.9.2' (optional for controller_networker.pp, must be provided otherwise. Private ip of ODL interface) --- manifests/compute.pp | 18 +++- manifests/controller.pp | 15 ++++ manifests/controller_networker.pp | 135 ++++++++++++++++++++++++++++++ manifests/network.pp | 28 ++++++- 4 files changed, 193 insertions(+), 3 deletions(-) create mode 100644 manifests/controller_networker.pp diff --git a/manifests/compute.pp b/manifests/compute.pp index 26f29b8..8b51a80 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -1,6 +1,17 @@ class trystack::compute { + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $private_ip == '' { fail('private_ip is empty') } + if $odl_control_ip == '' { $odl_control_ip = $private_ip } + if $mysql_ip == '' { fail('mysql_ip is empty') } if $amqp_ip == '' { fail('mysql_ip is empty') } @@ -49,9 +60,12 @@ cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, - agent_type => 'ovs', + agent_type => $this_agent, enable_tunneling => true, + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, + neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, neutron_host => $private_ip, @@ -59,7 +73,7 @@ #ovs_bridge_mappings = $quickstack::params::ovs_bridge_mappings, #ovs_bridge_uplinks = $quickstack::params::ovs_bridge_uplinks, #ovs_vlan_ranges = $quickstack::params::ovs_vlan_ranges, - ovs_tunnel_iface => 'em1', + ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', ovs_l2_population => 'True', diff --git a/manifests/controller.pp b/manifests/controller.pp index c1d165d..5b494a0 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -1,4 +1,14 @@ class trystack::controller { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + } + if $admin_email == '' { fail('admin_email is empty') } if $admin_password == '' { fail('admin_password is empty') } @@ -6,6 +16,8 @@ if $public_ip == '' { fail('public_ip is empty') } if $private_ip == '' { fail('private_ip is empty') } + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + if $mysql_ip == '' { fail('mysql_ip is empty') } if $mysql_root_password == '' { fail('mysql_root_password is empty') } if $amqp_ip == '' { fail('amqp_ip is empty') } @@ -87,6 +99,7 @@ horizon_cert => $quickstack::params::horizon_cert, horizon_key => $quickstack::params::horizon_key, + ml2_mechanism_drivers => $ml2_mech_drivers, #neutron => true, neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, neutron_db_password => $neutron_db_password, @@ -94,6 +107,8 @@ nova_db_password => $nova_db_password, nova_user_password => $nova_user_password, + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, swift_shared_secret => $swift_shared_secret, swift_admin_password => $swift_admin_password, diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp new file mode 100644 index 0000000..8eeca30 --- /dev/null +++ b/manifests/controller_networker.pp @@ -0,0 +1,135 @@ +class trystack::controller_networker { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + class {"opendaylight": + odl_rest_port => $odl_rest_port, + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + } + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } + if $admin_email == '' { fail('admin_email is empty') } + if $admin_password == '' { fail('admin_password is empty') } + + if $public_ip == '' { fail('public_ip is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { $odl_control_ip = $private_ip } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $memcache_ip == '' { fail('memcache_ip is empty') } + if $neutron_ip == '' { fail('neutron_ip is empty') } + + if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } + if $keystone_db_password == '' { fail('keystone_db_password is empty') } + + if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } + #if $trystack_db_password == '' { fail('trystack_db_password is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $cinder_user_password == '' { fail('cinder_user_password is empty') } + if $cinder_db_password == '' { fail('cinder_db_password is empty') } + + if $glance_user_password == '' { fail('glance_user_password is empty') } + if $glance_db_password == '' { fail('glance_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + if $heat_user_password == '' { fail('heat_user_password is empty') } + if $heat_db_password == '' { fail('heat_db_password is empty') } + if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } + + if $swift_user_password == '' { fail('swift_user_password is empty') } + if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } + if $swift_admin_password == '' { fail('swift_admin_password is empty') } + + class { "quickstack::neutron::controller_networker": + admin_email => $admin_email, + admin_password => $admin_password, + agent_type => $this_agent, + enable_tunneling => true, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_tunnel_types => ['vxlan'], + ovs_l2_population => 'True', + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, + + ml2_mechanism_drivers => $ml2_mech_drivers, + + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + +} diff --git a/manifests/network.pp b/manifests/network.pp index 006ec3a..3d645d8 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -1,6 +1,27 @@ class trystack::network { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + class {"opendaylight": + odl_rest_port => $odl_rest_port, + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + } + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + + + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + if $mysql_ip == '' { fail('mysql_ip is empty') } if $amqp_ip == '' { fail('amqp_ip is empty') } @@ -12,6 +33,8 @@ if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } class { "quickstack::neutron::networker": + agent_type => $this_agent, + ml2_mechanism_drivers => $ml2_mech_drivers, neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, @@ -22,7 +45,7 @@ agent_type => 'ovs', enable_tunneling => true, - ovs_tunnel_iface => 'em1', + ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', ovs_l2_population => 'True', ovs_tunnel_types => ['vxlan'], @@ -34,5 +57,8 @@ amqp_host => $amqp_ip, amqp_username => 'guest', amqp_password => 'guest', + + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, } } From 9827095c4d763cc2a7c0e8a18afc01512d9ea2fe Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 11 Feb 2015 11:20:51 -0500 Subject: [PATCH 04/46] Added minor check to see if osfamily is redhat before trying to yum install repo. --- manifests/repo.pp | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index 41a284a..128a3df 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,12 +1,11 @@ class trystack::repo { - file {'/etc/hosts': - source=> 'puppet:///modules/trystack/etc.hosts', - } - + if $::osfamily == 'RedHat' { yumrepo { "openstack-juno": baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/", descr => "RDO Community repository", enabled => 1, gpgcheck => 0, - } + } + } + } From a3262746b45982f574190c422e3bfe14d939248b Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 23 Feb 2015 14:14:19 -0500 Subject: [PATCH 05/46] Fix for disabling selinux as well as minor change to staging. Patch fixes: - Modifies selinux to be permissive (for opendaylight/openstack operation) - Modifies prestaging for puppet to be "presetup" instead "first". Quickstack uses "first" to install other services, and we want the repo to be installed even before that so used an earlier staging area. --- manifests/init.pp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index b90c342..cd622a6 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,9 +1,15 @@ class trystack { - stage { 'first': - before => Stage['main'], + exec {'disable selinux': + command => '/usr/sbin/setenforce 0', + unless => '/usr/sbin/getenforce | grep Permissive', + } + include stdlib + stage { 'presetup': + before => Stage['setup'], } class { "trystack::repo": - stage => first, + stage => presetup, } + } From b69d627d402c5a1bde1e41f68924e7cd7ec03744 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 23 Feb 2015 14:21:16 -0500 Subject: [PATCH 06/46] Fixes issue with trying to provision a host inside of a firewall by configuring yum proxy Added puppet code to configure /etc/yum.conf with the proxy address of global parameter proxy_address. Example: proxy_address="http://mycache.mydomain.com:3128" --- manifests/repo.pp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index 128a3df..5c6a54c 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,5 +1,16 @@ class trystack::repo { if $::osfamily == 'RedHat' { + if $proxy_address != '' { + $myline= "proxy=${proxy_address}" + include stdlib + file_line { 'yumProxy': + ensure => present, + path => '/etc/yum.conf', + line => $myline, + before => Yumrepo['openstack-juno'], + } + } + yumrepo { "openstack-juno": baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/", descr => "RDO Community repository", @@ -7,5 +18,4 @@ gpgcheck => 0, } } - } From 63502fb909b81a7c0b706baf4e562c31218a514f Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 9 Mar 2015 13:06:09 -0400 Subject: [PATCH 07/46] Adds tempest puppet module for a tempest host. - Initially just provides a required package for tempest to run --- manifests/tempest.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 manifests/tempest.pp diff --git a/manifests/tempest.pp b/manifests/tempest.pp new file mode 100644 index 0000000..c5b917c --- /dev/null +++ b/manifests/tempest.pp @@ -0,0 +1,12 @@ +#The required package for tempest is missing in Khaleesi along with EPEL for CentOS. +#This is a workaround for now since we require EPEL with Foreman/Puppet +#Also is a good place to put anything additional that we wish to install on the tempest node. + +class trystack::tempest { + + if $::osfamily == 'RedHat' { + package { 'subunit-filters': + ensure => present, + } + } +} From f4d0cf09f1374476571238aa24bfe6c4888cef49 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 16 Mar 2015 10:27:26 -0400 Subject: [PATCH 08/46] Fixes duplicate this_agent and ml2_mechanism_drivers params. The parameters were duplicated and causing the class to fail when applied. --- manifests/network.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/network.pp b/manifests/network.pp index 3d645d8..ee5fe84 100644 --- a/manifests/network.pp +++ b/manifests/network.pp @@ -34,7 +34,6 @@ class { "quickstack::neutron::networker": agent_type => $this_agent, - ml2_mechanism_drivers => $ml2_mech_drivers, neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, @@ -43,7 +42,6 @@ controller_priv_host => $private_ip, - agent_type => 'ovs', enable_tunneling => true, ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', From 5b9af18095a31bbd2854b66c1a7cb3640e46040b Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 30 Mar 2015 09:44:33 -0400 Subject: [PATCH 09/46] Added ceph repos to repolist This is needed for ceph to install correctly. Needed for cinder backend. --- manifests/repo.pp | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/manifests/repo.pp b/manifests/repo.pp index 5c6a54c..feb8327 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -17,5 +17,25 @@ enabled => 1, gpgcheck => 0, } + + yumrepo { + "ceph": + baseurl => "http://ceph.com/rpm-giant/el7/\$basearch", + descr => "Ceph packages for \$basearch", + enabled => 1, + gpgcheck => 0; + "Ceph-noarch": + baseurl => "http://ceph.com/rpm-giant/el7/noarch", + descr => "Ceph noarch packages", + enabled => 1, + gpgcheck => 0; + "ceph-source": + baseurl => "http://ceph.com/rpm-giant/el7/SRPMS", + descr => "Ceph source packages", + enabled => 1, + gpgcheck => 0; + } + + } } From 526a42998c2c96781f58964d18eac344cf37fd5a Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 30 Mar 2015 16:56:31 -0400 Subject: [PATCH 10/46] Adds HA support for control node --- manifests/controller_networker.pp | 419 ++++++++++++++++++++++-------- 1 file changed, 311 insertions(+), 108 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 8eeca30..c4d005c 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -1,135 +1,338 @@ class trystack::controller_networker { - ###use 8081 as a default work around swift service - if $odl_rest_port == '' {$odl_rest_port = '8081'} - + if $odl_rest_port == '' { $odl_rest_port= '8081'} if ($odl_flag != '') and str2bool($odl_flag) { $ml2_mech_drivers = ['opendaylight'] $this_agent = 'opendaylight' class {"opendaylight": - odl_rest_port => $odl_rest_port, - extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + features => ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management', 'odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-ovsdb-library', 'odl-ovsdb-plugin', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound'], + odl_rest_port => $odl_rest_port, } } else { $ml2_mech_drivers = ['openvswitch','l2population'] $this_agent = 'ovs' } - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $admin_email == '' { fail('admin_email is empty') } if $admin_password == '' { fail('admin_password is empty') } + if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } - if $odl_control_ip == '' { $odl_control_ip = $private_ip } + ##Check for HA, if not leave old functionality alone + if $ha_flag { + ##Mandatory HA variables + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + if !$horizon_secret { fail('horizon_secret is empty') } + if !$amqp_vip { fail('amqp_vip is empty') } + if !$private_subnet { fail('private_subnet is empty')} + if !$public_subnet { fail('public_subnet is empty') } + if !$cinder_admin_vip { fail('cinder_admin_vip is empty') } + if !$cinder_private_vip { fail('cinder_private_vip is empty') } + if !$cinder_public_vip { fail('cinder_public_vip is empty') } + if !$db_vip { fail('db_vip is empty') } + if !$glance_admin_vip { fail('glance_admin_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$glance_public_vip { fail('glance_public_vip is empty') } + if !$horizon_admin_vip { fail('horizon_admin_vip is empty') } + if !$horizon_private_vip { fail('horizon_private_vip is empty') } + if !$horizon_public_vip { fail('horizon_public_vip is empty') } + if !$keystone_admin_vip { fail('keystone_admin_vip is empty') } + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$keystone_public_vip { fail('keystone_public_vip is empty') } + if !$loadbalancer_vip { fail('loadbalancer_vip is empty') } + if !$neutron_admin_vip { fail('neutron_admin_vip is empty') } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + if !$neutron_public_vip { fail('neutron_public_vip is empty') } + if !$nova_admin_vip { fail('nova_admin_vip is empty') } + if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $mysql_root_password == '' { fail('mysql_root_password is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } + ##Optional HA variables + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array} + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } + if !$glance_db_password { $glance_db_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$keystone_user_password { $keystone_user_password = $single_password } + if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array } + if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} + if !$pcmk_server_names {$pcmk_server_names = ["pcmk-$controllers_hostnames_array[0]", "pcmk-$controllers_hostnames_array[1]", "pcmk-$controllers_hostnames_array[2]"] } - if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } - if $keystone_db_password == '' { fail('keystone_db_password is empty') } + class { "quickstack::openstack_common": } - if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } - #if $trystack_db_password == '' { fail('trystack_db_password is empty') } + class { "quickstack::pacemaker::ceilometer": + ceilometer_metering_secret => $single_password, + } - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } + class { "quickstack::pacemaker::cinder": + backend_rbd => true, + rbd_secret_uuid => $rbd_secret_uuid, + use_syslog => true, + verbose => true, + volume => true, + } - if $cinder_user_password == '' { fail('cinder_user_password is empty') } - if $cinder_db_password == '' { fail('cinder_db_password is empty') } + class { "quickstack::pacemaker::common": } - if $glance_user_password == '' { fail('glance_user_password is empty') } - if $glance_db_password == '' { fail('glance_db_password is empty') } + class { "quickstack::pacemaker::galera": + mysqlrootpw => $mysql_root_password, + wsrep_cluster_members => $controllers_ip_array, + } - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + class { "quickstack::pacemaker::glance": + backend => 'rbd', + debug => true, + pcmk_fs_manage => 'false', + use_syslog => true, + verbose => true + } + + class { "quickstack::pacemaker::heat": } + + class { "quickstack::pacemaker::horizon": + horizon_ca => '/etc/ipa/ca.crt', + horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt', + horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key', + secret_key => $horizon_secret, + verbose => 'true', + } + + class { "quickstack::pacemaker::keystone": + admin_email => $admin_email, + admin_password => $admin_password, + admin_token => $keystone_admin_token, + cinder => 'true', + heat => 'false', + heat_cfn => 'false', + keystonerc => 'true', + use_syslog => 'true', + verbose => 'true', + } + + class { "quickstack::pacemaker::load_balancer": } + class { "quickstack::pacemaker::memcached": } + + class { "quickstack::pacemaker::neutron": + agent_type => $this_agent, + enable_tunneling => 'true', + ml2_mechanism_drivers => $ml2_mech_drivers, + ml2_network_vlan_ranges => ["physnet1:10:50"], + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_types => ["vxlan"], + verbose => 'true', + } + + class { "quickstack::pacemaker::nosql": } + class { "quickstack::pacemaker::nova": + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + } + + class { "quickstack::pacemaker::params": + amqp_password => $single_password, + amqp_username => $single_username, + amqp_vip => $amqp_vip, + ceph_cluster_network => $private_subnet, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_osd_pool_size => $ceph_osd_pool_size, + ceph_public_network => $ceph_public_network, + ceph_volumes_key => $ceph_volumes_key, + cinder_admin_vip => $cinder_admin_vip, + cinder_db_password => $cinder_db_password, + cinder_private_vip => $cinder_private_vip, + cinder_public_vip => $cinder_public_vip, + cinder_user_password => $cinder_user_password, + cluster_control_ip => $cluster_control_ip, + db_vip => $db_vip, + glance_admin_vip => $glance_admin_vip, + glance_db_password => $glance_db_password, + glance_private_vip => $glance_private_vip, + glance_public_vip => $glance_public_vip, + glance_user_password => $glance_user_password, + heat_cfn_enabled => 'false', + horizon_admin_vip => $horizon_admin_vip, + horizon_private_vip => $horizon_private_vip, + horizon_public_vip => $horizon_public_vip, + include_ceilometer => 'false', + include_cinder => 'true', + include_glance => 'true', + include_heat => 'false', + include_horizon => 'true', + include_keystone => 'true', + include_neutron => 'true', + include_nosql => 'false', + include_nova => 'true', + include_swift => 'false', + keystone_admin_vip => $keystone_admin_vip, + keystone_db_password => $keystone_db_password, + keystone_private_vip => $keystone_private_vip, + keystone_public_vip => $keystone_public_vip, + keystone_user_password => $keystone_user_password, + lb_backend_server_addrs => $lb_backend_server_addrs, + lb_backend_server_names => $lb_backend_server_names, + loadbalancer_vip => $loadbalancer_vip, + neutron => 'true', + neutron_admin_vip => $neutron_admin_vip, + neutron_db_password => $neutron_db_password, + neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret, + neutron_private_vip => $neutron_private_vip, + neutron_public_vip => $neutron_public_vip, + neutron_user_password => $neutron_user_password, + nova_admin_vip => $nova_admin_vip, + nova_db_password => $nova_db_password, + nova_private_vip => $nova_private_vip, + nova_public_vip => $nova_public_vip, + nova_user_password => $nova_user_password, + pcmk_iface => $ovs_tunnel_if, + pcmk_server_addrs => $pcmk_server_addrs, + pcmk_server_names => $pcmk_server_names, + private_iface => $ovs_tunnel_if, + } + + class { "quickstack::pacemaker::qpid": } + class { "quickstack::pacemaker::rabbitmq": } + class { "quickstack::pacemaker::swift": } + + } else { + + if $public_ip == '' { fail('public_ip is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { $odl_control_ip = $private_ip } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $memcache_ip == '' { fail('memcache_ip is empty') } + if $neutron_ip == '' { fail('neutron_ip is empty') } - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } - - if $heat_user_password == '' { fail('heat_user_password is empty') } - if $heat_db_password == '' { fail('heat_db_password is empty') } - if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } - - if $swift_user_password == '' { fail('swift_user_password is empty') } - if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } - if $swift_admin_password == '' { fail('swift_admin_password is empty') } - - class { "quickstack::neutron::controller_networker": - admin_email => $admin_email, - admin_password => $admin_password, - agent_type => $this_agent, - enable_tunneling => true, - ovs_tunnel_iface => $ovs_tunnel_if, - ovs_tunnel_network => '', - ovs_tunnel_types => ['vxlan'], - ovs_l2_population => 'True', - external_network_bridge => 'br-ex', - tenant_network_type => 'vxlan', - tunnel_id_ranges => '1:1000', - controller_admin_host => $private_ip, - controller_priv_host => $private_ip, - controller_pub_host => $public_ip, - ssl => false, - #support_profile => $quickstack::params::support_profile, - #freeipa => $quickstack::params::freeipa, - - mysql_host => $mysql_ip, - mysql_root_password => $mysql_root_password, - #amqp_provider => $amqp_provider, - amqp_host => $amqp_ip, - amqp_username => 'guest', - amqp_password => 'guest', - #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, - - keystone_admin_token => $keystone_admin_token, - keystone_db_password => $keystone_db_password, - - ceilometer_metering_secret => $ceilometer_metering_secret, - ceilometer_user_password => $ceilometer_user_password, - - cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, - cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, - cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, - cinder_user_password => $cinder_user_password, - cinder_db_password => $cinder_db_password, - - glance_db_password => $glance_db_password, - glance_user_password => $glance_user_password, - - heat_cfn => true, - heat_cloudwatch => true, - heat_db_password => $heat_db_password, - heat_user_password => $heat_user_password, - heat_auth_encrypt_key => $heat_auth_encrypt_key, - - horizon_secret_key => $horizon_secret_key, - horizon_ca => $quickstack::params::horizon_ca, - horizon_cert => $quickstack::params::horizon_cert, - horizon_key => $quickstack::params::horizon_key, + if $keystone_db_password == '' { fail('keystone_db_password is empty') } + + if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $cinder_user_password == '' { fail('cinder_user_password is empty') } + if $cinder_db_password == '' { fail('cinder_db_password is empty') } + + if $glance_user_password == '' { fail('glance_user_password is empty') } + if $glance_db_password == '' { fail('glance_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + if $heat_user_password == '' { fail('heat_user_password is empty') } + if $heat_db_password == '' { fail('heat_db_password is empty') } + if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } + + if $swift_user_password == '' { fail('swift_user_password is empty') } + if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } + if $swift_admin_password == '' { fail('swift_admin_password is empty') } + + class { "quickstack::neutron::controller_networker": + admin_email => $admin_email, + admin_password => $admin_password, + agent_type => $this_agent, + enable_tunneling => true, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_tunnel_types => ['vxlan'], + ovs_l2_population => 'True', + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, - ml2_mechanism_drivers => $ml2_mech_drivers, - - #neutron => true, - neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, - neutron_db_password => $neutron_db_password, - neutron_user_password => $neutron_user_password, - - nova_db_password => $nova_db_password, - nova_user_password => $nova_user_password, - - odl_controller_ip => $odl_control_ip, - odl_controller_port => $odl_rest_port, - swift_shared_secret => $swift_shared_secret, - swift_admin_password => $swift_admin_password, - swift_ringserver_ip => '192.168.203.1', - swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], - swift_storage_device => 'device1', - } + ml2_mechanism_drivers => $ml2_mech_drivers, + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + + } } From 9c9ac7d71973ca4583684a40ab4fb1de2cf200f5 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 12:03:26 -0400 Subject: [PATCH 11/46] Adds HA and Ceph support for compute --- manifests/compute.pp | 133 +++++++++++++++++++++++++++++-------------- 1 file changed, 91 insertions(+), 42 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 8b51a80..86612a6 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -8,57 +8,110 @@ $this_agent = 'ovs' } + ##Common Parameters if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if $private_ip == '' { fail('private_ip is empty') } - if $odl_control_ip == '' { $odl_control_ip = $private_ip } - - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $amqp_ip == '' { fail('mysql_ip is empty') } if $admin_password == '' { fail('admin_password is empty') } - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - - if $neutron_user_password == '' { fail('nova_user_password is empty') } - if $neutron_db_password == '' { fail('nova_db_password is empty') } - - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$private_subnet { fail('private_subnet is empty')} + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + + + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } + + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + + ##HA Global params + if $ha_flag { + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + if !$odl_control_ip { $odl_control_ip = $controllers_ip_array[0] } + if !$db_vip { fail('db_vip is empty') } + $mysql_ip = $db_vip + if !$amqp_vip { fail('amqp_vip is empty') } + $amqp_ip = $amqp_vip + if !$amqp_username { $amqp_user = $single_username } + if !$amqp_password { $amqp_pass = $single_password } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } + if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + } else { + ##non HA params + if !$private_ip { fail('private_ip is empty') } + $keystone_private_vip = $private_ip + $glance_private_vip = $private_ip + $nova_private_vip = $private_ip + $neutron_private_vip = $private_ip + if !$nova_db_password { fail('nova_db_password is empty') } + if !$nova_user_password { fail('nova_user_password is empty') } + if !$odl_control_ip { $odl_control_ip = $private_ip } + if !$mysql_ip { $mysql_ip = $private_ip } + if !$amqp_ip { $amqp_ip = $private_ip } + if !$amqp_username { $amqp_user = 'guest' } + if !$amqp_password { $amqp_pass = 'guest' } + if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } + } class { "quickstack::neutron::compute": - auth_host => $private_ip, - glance_host => $private_ip, + auth_host => $keystone_private_vip, + glance_host => $glance_private_vip, libvirt_images_rbd_pool => 'volumes', libvirt_images_rbd_ceph_conf => '/etc/ceph/ceph.conf', libvirt_inject_password => 'false', libvirt_inject_key => 'false', libvirt_images_type => 'rbd', - nova_host => $private_ip, - nova_db_password => $nova_db_password, - nova_user_password => $nova_user_password, + nova_host => $nova_private_vip, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, private_network => '', - private_iface => '', + private_iface => $ovs_tunnel_if, private_ip => '', rbd_user => 'volumes', - rbd_secret_uuid => '', + rbd_secret_uuid => $rbd_secret_uuid, network_device_mtu => $quickstack::params::network_device_mtu, - admin_password => $admin_password, - ssl => false, - - mysql_host => $mysql_ip, - mysql_ca => $quickstack::params::mysql_ca, - amqp_host => $amqp_ip, - amqp_username => 'guest', - amqp_password => 'guest', - #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, - - ceilometer => 'true', - ceilometer_metering_secret => $ceilometer_metering_secret, - ceilometer_user_password => $ceilometer_user_password, - - cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + admin_password => $admin_password, + ssl => false, + + mysql_host => $mysql_ip, + mysql_ca => '/etc/ipa/ca.crt', + amqp_host => $amqp_ip, + amqp_username => $amqp_username, + amqp_password => $amqp_password, + + ceilometer => 'false', + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_rbd => 'true', + glance_backend_rbd => 'true', + ceph_cluster_network => $ceph_public_network, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_pool_default_size => $ceph_osd_pool_size, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_volumes_key => $ceph_volumes_key, agent_type => $this_agent, enable_tunneling => true, @@ -68,21 +121,17 @@ neutron_db_password => $neutron_db_password, neutron_user_password => $neutron_user_password, - neutron_host => $private_ip, + neutron_host => $neutron_private_vip, - #ovs_bridge_mappings = $quickstack::params::ovs_bridge_mappings, - #ovs_bridge_uplinks = $quickstack::params::ovs_bridge_uplinks, - #ovs_vlan_ranges = $quickstack::params::ovs_vlan_ranges, ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_network => '', - ovs_l2_population => 'True', + ovs_l2_population => 'false', tenant_network_type => 'vxlan', tunnel_id_ranges => '1:1000', - #ovs_vxlan_udp_port = $quickstack::params::ovs_vxlan_udp_port, ovs_tunnel_types => ['vxlan'], - verbose => $quickstack::params::verbose, + verbose => 'true', security_group_api => 'neutron', } From 016fdfda1dcd38750b622a43604ac25ff7f9e163 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 12:07:40 -0400 Subject: [PATCH 12/46] Removes opendaylight install and adds fixes Changes include: - Remove ODL install. We will use a separate class for this now - Fixes amqp_password, amqp_username to be variables defaulted to single_username, single_password - Adds default value for rbd_secret_uuid as this var should not be mandatory - Defaults odl_control_ip to be the first controller in the array --- manifests/controller_networker.pp | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index c4d005c..d3bb64f 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -3,12 +3,7 @@ if ($odl_flag != '') and str2bool($odl_flag) { $ml2_mech_drivers = ['opendaylight'] $this_agent = 'opendaylight' - class {"opendaylight": - features => ['config', 'standard', 'region', 'package', 'kar', 'ssh', 'management', 'odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-ovsdb-library', 'odl-ovsdb-plugin', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound'], - odl_rest_port => $odl_rest_port, - } - } - else { + } else { $ml2_mech_drivers = ['openvswitch','l2population'] $this_agent = 'ovs' } @@ -56,6 +51,8 @@ ##Optional HA variables + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } @@ -78,6 +75,11 @@ if !$nova_user_password { $nova_user_password = $single_password } if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} if !$pcmk_server_names {$pcmk_server_names = ["pcmk-$controllers_hostnames_array[0]", "pcmk-$controllers_hostnames_array[1]", "pcmk-$controllers_hostnames_array[2]"] } + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + + ##we assume here that if not provided, the first controller is where ODL will reside + ##this is fine for now as we will replace ODL with ODL HA when it is ready + if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] } class { "quickstack::openstack_common": } @@ -151,8 +153,8 @@ } class { "quickstack::pacemaker::params": - amqp_password => $single_password, - amqp_username => $single_username, + amqp_password => $amqp_password, + amqp_username => $amqp_username, amqp_vip => $amqp_vip, ceph_cluster_network => $private_subnet, ceph_fsid => $ceph_fsid, From 2e78e55a00c5a4458a2c695e0c2229357d431416 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 12:44:37 -0400 Subject: [PATCH 13/46] Installs opendaylight via opendaylight puppet module --- manifests/opendaylight_controller.pp | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 manifests/opendaylight_controller.pp diff --git a/manifests/opendaylight_controller.pp b/manifests/opendaylight_controller.pp new file mode 100644 index 0000000..bbf0333 --- /dev/null +++ b/manifests/opendaylight_controller.pp @@ -0,0 +1,7 @@ +class trystack::opendaylight_controller { + if $odl_rest_port == '' { $odl_rest_port= '8081'} + class {"opendaylight": + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + odl_rest_port => $odl_rest_port, + } +} From c73bbf4c1a33ea7eae93f60b727a1d33fcbc7102 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 13:33:16 -0400 Subject: [PATCH 14/46] Changes keystone, sql, neutron_metadata to default to single_password --- manifests/controller_networker.pp | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index d3bb64f..3210c07 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -7,27 +7,28 @@ $ml2_mech_drivers = ['openvswitch','l2population'] $this_agent = 'ovs' } + + ##Mandatory Common variables if $admin_email == '' { fail('admin_email is empty') } if $admin_password == '' { fail('admin_password is empty') } - if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if $mysql_root_password == '' { fail('mysql_root_password is empty') } ##Most users will only care about a single user/password for all services ##so lets create one variable that can be used instead of separate usernames/passwords if !$single_username { $single_username = 'octopus' } if !$single_password { $single_password = 'octopus' } + if !$keystone_admin_token { $keystone_admin_token = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + ##Check for HA, if not leave old functionality alone if $ha_flag { ##Mandatory HA variables if !$controllers_ip_array { fail('controllers_ip_array is empty') } if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } - if !$horizon_secret { fail('horizon_secret is empty') } if !$amqp_vip { fail('amqp_vip is empty') } if !$private_subnet { fail('private_subnet is empty')} - if !$public_subnet { fail('public_subnet is empty') } if !$cinder_admin_vip { fail('cinder_admin_vip is empty') } if !$cinder_private_vip { fail('cinder_private_vip is empty') } if !$cinder_public_vip { fail('cinder_public_vip is empty') } @@ -64,6 +65,7 @@ if !$cinder_db_password { $cinder_db_password = $single_password } if !$cinder_user_password { $cinder_user_password = $single_password } if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } + if !$horizon_secret { $horizon_secret = $single_password } if !$glance_db_password { $glance_db_password = $single_password } if !$keystone_db_password { $keystone_db_password = $single_password } if !$keystone_user_password { $keystone_user_password = $single_password } From d32a2a35570763dc61fe35e174df3d6a08cb12d5 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 13:41:07 -0400 Subject: [PATCH 15/46] Fixes ha_flag to check to see if it is true instead of just exists --- manifests/controller_networker.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 3210c07..b12bf56 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -23,7 +23,7 @@ if !$mysql_root_password { $mysql_root_password = $single_password } ##Check for HA, if not leave old functionality alone - if $ha_flag { + if $ha_flag and str2bool($ha_flag) { ##Mandatory HA variables if !$controllers_ip_array { fail('controllers_ip_array is empty') } if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } From 1552f3f94469d33dee82c7208bb885fc24148dd7 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 13:44:25 -0400 Subject: [PATCH 16/46] Changes admin_password to default to single_password instead of being a Mandatory variable --- manifests/controller_networker.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index b12bf56..ee7360a 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -10,7 +10,6 @@ ##Mandatory Common variables if $admin_email == '' { fail('admin_email is empty') } - if $admin_password == '' { fail('admin_password is empty') } if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } ##Most users will only care about a single user/password for all services @@ -21,6 +20,7 @@ if !$keystone_admin_token { $keystone_admin_token = $single_password } if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } if !$mysql_root_password { $mysql_root_password = $single_password } + if !$admin_password { $admin_password = $single_password } ##Check for HA, if not leave old functionality alone if $ha_flag and str2bool($ha_flag) { From 111c02a55f539e07fce474b9faaa139cadb2e054 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 14:28:06 -0400 Subject: [PATCH 17/46] Fixes admin_password to be a default and checks for controller array to make sure it exists. --- manifests/compute.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 86612a6..1a5ca26 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -11,8 +11,6 @@ ##Common Parameters if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if $admin_password == '' { fail('admin_password is empty') } - if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } if !$private_subnet { fail('private_subnet is empty')} if !$ceph_public_network { $ceph_public_network = $private_subnet } @@ -28,6 +26,7 @@ if !$single_username { $single_username = 'octopus' } if !$single_password { $single_password = 'octopus' } + if !$admin_password { $admin_password = $single_password } if !$neutron_db_password { $neutron_db_password = $single_password } if !$neutron_user_password { $neutron_user_password = $single_password } @@ -42,6 +41,7 @@ if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } if !$controllers_ip_array { fail('controllers_ip_array is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } if !$odl_control_ip { $odl_control_ip = $controllers_ip_array[0] } if !$db_vip { fail('db_vip is empty') } $mysql_ip = $db_vip @@ -50,7 +50,7 @@ if !$amqp_username { $amqp_user = $single_username } if !$amqp_password { $amqp_pass = $single_password } if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } - if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } + if !$ceph_mon_host { $ceph_mon_host = $controllers_ip_array } if !$neutron_private_vip { fail('neutron_private_vip is empty') } } else { ##non HA params From a6fde2d31b05b1dae3c5804af797ce62f843458a Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 31 Mar 2015 17:29:49 -0400 Subject: [PATCH 18/46] Fixes various ordering issues and array usage problems Tested on intelpod1 and works --- manifests/controller_networker.pp | 155 ++++++++++++++++-------------- 1 file changed, 82 insertions(+), 73 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index ee7360a..5f0e322 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -26,7 +26,9 @@ if $ha_flag and str2bool($ha_flag) { ##Mandatory HA variables if !$controllers_ip_array { fail('controllers_ip_array is empty') } + $controllers_ip_array = split($controllers_ip_array, ',') if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array = split($controllers_hostnames_array, ',') if !$amqp_vip { fail('amqp_vip is empty') } if !$private_subnet { fail('private_subnet is empty')} if !$cinder_admin_vip { fail('cinder_admin_vip is empty') } @@ -76,84 +78,16 @@ if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} - if !$pcmk_server_names {$pcmk_server_names = ["pcmk-$controllers_hostnames_array[0]", "pcmk-$controllers_hostnames_array[1]", "pcmk-$controllers_hostnames_array[2]"] } + if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } ##we assume here that if not provided, the first controller is where ODL will reside ##this is fine for now as we will replace ODL with ODL HA when it is ready if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] } - class { "quickstack::openstack_common": } - - class { "quickstack::pacemaker::ceilometer": - ceilometer_metering_secret => $single_password, - } - - class { "quickstack::pacemaker::cinder": - backend_rbd => true, - rbd_secret_uuid => $rbd_secret_uuid, - use_syslog => true, - verbose => true, - volume => true, - } - - class { "quickstack::pacemaker::common": } - - class { "quickstack::pacemaker::galera": - mysqlrootpw => $mysql_root_password, - wsrep_cluster_members => $controllers_ip_array, - } - - class { "quickstack::pacemaker::glance": - backend => 'rbd', - debug => true, - pcmk_fs_manage => 'false', - use_syslog => true, - verbose => true - } - - class { "quickstack::pacemaker::heat": } - - class { "quickstack::pacemaker::horizon": - horizon_ca => '/etc/ipa/ca.crt', - horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt', - horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key', - secret_key => $horizon_secret, - verbose => 'true', - } - - class { "quickstack::pacemaker::keystone": - admin_email => $admin_email, - admin_password => $admin_password, - admin_token => $keystone_admin_token, - cinder => 'true', - heat => 'false', - heat_cfn => 'false', - keystonerc => 'true', - use_syslog => 'true', - verbose => 'true', - } - - class { "quickstack::pacemaker::load_balancer": } - class { "quickstack::pacemaker::memcached": } - - class { "quickstack::pacemaker::neutron": - agent_type => $this_agent, - enable_tunneling => 'true', - ml2_mechanism_drivers => $ml2_mech_drivers, - ml2_network_vlan_ranges => ["physnet1:10:50"], - odl_controller_ip => $odl_control_ip, - odl_controller_port => $odl_rest_port, - ovs_tunnel_iface => $ovs_tunnel_if, - ovs_tunnel_types => ["vxlan"], - verbose => 'true', - } - - class { "quickstack::pacemaker::nosql": } - class { "quickstack::pacemaker::nova": - neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, - } + class { "quickstack::openstack_common": } + -> class { "quickstack::pacemaker::params": amqp_password => $amqp_password, amqp_username => $amqp_username, @@ -218,10 +152,85 @@ pcmk_server_names => $pcmk_server_names, private_iface => $ovs_tunnel_if, } - - class { "quickstack::pacemaker::qpid": } + -> + class { "quickstack::pacemaker::common": } + -> + class { "quickstack::pacemaker::load_balancer": } + -> + class { "quickstack::pacemaker::galera": + mysql_root_password => $mysql_root_password, + wsrep_cluster_members => $controllers_ip_array, + } + -> + class { "quickstack::pacemaker::qpid": } + -> class { "quickstack::pacemaker::rabbitmq": } + -> + class { "quickstack::pacemaker::keystone": + admin_email => $admin_email, + admin_password => $admin_password, + admin_token => $keystone_admin_token, + cinder => 'true', + heat => 'false', + heat_cfn => 'false', + keystonerc => 'true', + use_syslog => 'true', + verbose => 'true', + } + -> class { "quickstack::pacemaker::swift": } + -> + class { "quickstack::pacemaker::glance": + backend => 'rbd', + debug => true, + pcmk_fs_manage => 'false', + use_syslog => true, + verbose => true + } + -> + class { "quickstack::pacemaker::nova": + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + } + -> + class { "quickstack::pacemaker::cinder": + backend_rbd => true, + rbd_secret_uuid => $rbd_secret_uuid, + use_syslog => true, + verbose => true, + volume => true, + } + -> + class { "quickstack::pacemaker::heat": } + -> + class { "quickstack::pacemaker::constraints": } + + class { "quickstack::pacemaker::nosql": } + + class { "quickstack::pacemaker::memcached": } + + class { "quickstack::pacemaker::ceilometer": + ceilometer_metering_secret => $single_password, + } + + class { "quickstack::pacemaker::horizon": + horizon_ca => '/etc/ipa/ca.crt', + horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt', + horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key', + secret_key => $horizon_secret, + verbose => 'true', + } + + class { "quickstack::pacemaker::neutron": + agent_type => $this_agent, + enable_tunneling => 'true', + ml2_mechanism_drivers => $ml2_mech_drivers, + ml2_network_vlan_ranges => ["physnet1:10:50"], + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_types => ["vxlan"], + verbose => 'true', + } } else { From 58b3c9059da3babfbb258922ef902a4fa701a13d Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 1 Apr 2015 11:55:51 -0400 Subject: [PATCH 19/46] Fixes array parsing issue with global parameter --- manifests/compute.pp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/manifests/compute.pp b/manifests/compute.pp index 1a5ca26..0591a13 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -42,6 +42,8 @@ if !$nova_user_password { $nova_user_password = $single_password } if !$controllers_ip_array { fail('controllers_ip_array is empty') } if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_ip_array = split($controllers_ip_array, ',') + $controllers_hostnames_array = split($controllers_hostnames_array, ',') if !$odl_control_ip { $odl_control_ip = $controllers_ip_array[0] } if !$db_vip { fail('db_vip is empty') } $mysql_ip = $db_vip From 5899a5332ca80a6574d6c357352b647af7527d02 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 1 Apr 2015 12:13:56 -0400 Subject: [PATCH 20/46] Syntax change to make if statment more clear --- manifests/opendaylight_controller.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/opendaylight_controller.pp b/manifests/opendaylight_controller.pp index bbf0333..527f995 100644 --- a/manifests/opendaylight_controller.pp +++ b/manifests/opendaylight_controller.pp @@ -1,5 +1,5 @@ class trystack::opendaylight_controller { - if $odl_rest_port == '' { $odl_rest_port= '8081'} + if !$odl_rest_port { $odl_rest_port = '8081'} class {"opendaylight": extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], odl_rest_port => $odl_rest_port, From a05a34c31af499f5977247f3f887d5b7ef3269df Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 1 Apr 2015 15:10:05 -0400 Subject: [PATCH 21/46] Fixes incorrect amqp variable usage --- manifests/compute.pp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 0591a13..371f85d 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -49,8 +49,8 @@ $mysql_ip = $db_vip if !$amqp_vip { fail('amqp_vip is empty') } $amqp_ip = $amqp_vip - if !$amqp_username { $amqp_user = $single_username } - if !$amqp_password { $amqp_pass = $single_password } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } if !$ceph_mon_host { $ceph_mon_host = $controllers_ip_array } if !$neutron_private_vip { fail('neutron_private_vip is empty') } @@ -66,8 +66,8 @@ if !$odl_control_ip { $odl_control_ip = $private_ip } if !$mysql_ip { $mysql_ip = $private_ip } if !$amqp_ip { $amqp_ip = $private_ip } - if !$amqp_username { $amqp_user = 'guest' } - if !$amqp_password { $amqp_pass = 'guest' } + if !$amqp_username { $amqp_username = 'guest' } + if !$amqp_password { $amqp_password = 'guest' } if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } } From 187203772ddb79a6f4f3b8ca05c5b36e98def82c Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 6 Apr 2015 17:54:55 -0400 Subject: [PATCH 22/46] Adds ceph_deploy class for deploying ceph mon+osd --- manifests/ceph_deploy.pp | 72 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 manifests/ceph_deploy.pp diff --git a/manifests/ceph_deploy.pp b/manifests/ceph_deploy.pp new file mode 100644 index 0000000..ae1e444 --- /dev/null +++ b/manifests/ceph_deploy.pp @@ -0,0 +1,72 @@ +class trystack::ceph_deploy ( + fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc', + osd_pool_default_pg_num = '128', + osd_pool_default_size = '1', + osd_pool_default_min_size = '1', + mon_initial_members = '', + mon_host = '', + cluster_network = "10.4.8.0/21", + public_network = "10.4.8.0/21", + osd_journal_size = '1000', + osd_ip = '', + mon_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + admin_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==', + volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==', + boostrap_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', +) { + + class { 'ceph': + fsid => $fsid, + osd_pool_default_pg_num => $osd_pool_default_pg_num, + osd_pool_default_size => $osd_pool_default_size, + osd_pool_default_min_size => $osd_pool_default_min_size, + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, + cluster_network => $cluster_network, + public_network => $public_network, + } + -> + ceph_config { + 'global/osd_journal_size': value => $osd_journal_size; + } + -> + ceph::mon { $::hostname: + public_addr => $osd_ip, + key => $mon_key, + } + + Ceph::Key { + inject => true, + inject_as_id => 'mon.', + inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring", + } + + ceph::key { 'client.admin': + secret => $admin_key, + cap_mon => 'allow *', + cap_osd => 'allow *', + cap_mds => 'allow', + } + ceph::key { 'client.images': + secret => $images_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images', + inject => true, + } + + ceph::key { 'client.volumes': + secret => $volumes_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes', + inject => true, + } + ceph::key { 'client.bootstrap-osd': + secret => $boostrap_key, + cap_mon => 'allow profile bootstrap-osd', + keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring', + } + -> + ceph::osd { '/osd0': } + +} From a3472800154145a6d0e3004f1d84f8454b179405 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Mon, 6 Apr 2015 17:57:28 -0400 Subject: [PATCH 23/46] Adds ceph --- manifests/controller_networker.pp | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 5f0e322..01e633a 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -26,8 +26,10 @@ if $ha_flag and str2bool($ha_flag) { ##Mandatory HA variables if !$controllers_ip_array { fail('controllers_ip_array is empty') } + $controllers_ip_array_str = $controllers_ip_array $controllers_ip_array = split($controllers_ip_array, ',') if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array $controllers_hostnames_array = split($controllers_hostnames_array, ',') if !$amqp_vip { fail('amqp_vip is empty') } if !$private_subnet { fail('private_subnet is empty')} @@ -80,12 +82,30 @@ if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$storage_iface { $storage_iface = $ovs_tunnel_if } ##we assume here that if not provided, the first controller is where ODL will reside ##this is fine for now as we will replace ODL with ODL HA when it is ready if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] } - + ###find interface ip of storage network + $osd_ip = find_ip("", + "$storage_iface", + "") + + class { "trystack::ceph_deploy": + fsid => $ceph_fsid, + osd_pool_default_size => $ceph_osd_pool_size, + osd_pool_default_size => $ceph_osd_journal_size, + mon_initial_members => $controllers_hostnames_array_str, + mon_host => $controllers_ip_array_str, + osd_ip => $osd_ip, + public_network => $ceph_public_network, + cluster_network => $ceph_public_network, + images_key => $ceph_images_key, + volumes_key => $ceph_volumes_key, + } + -> class { "quickstack::openstack_common": } -> class { "quickstack::pacemaker::params": From 20343fdade37eef3d4c072a34eeb31f642ac21a6 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 8 Apr 2015 13:34:30 -0400 Subject: [PATCH 24/46] Fixed variable references in parameters --- manifests/ceph_deploy.pp | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/manifests/ceph_deploy.pp b/manifests/ceph_deploy.pp index ae1e444..82d4e39 100644 --- a/manifests/ceph_deploy.pp +++ b/manifests/ceph_deploy.pp @@ -1,19 +1,19 @@ class trystack::ceph_deploy ( - fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc', - osd_pool_default_pg_num = '128', - osd_pool_default_size = '1', - osd_pool_default_min_size = '1', - mon_initial_members = '', - mon_host = '', - cluster_network = "10.4.8.0/21", - public_network = "10.4.8.0/21", - osd_journal_size = '1000', - osd_ip = '', - mon_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', - admin_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', - images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==', - volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==', - boostrap_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc', + $osd_pool_default_pg_num = '128', + $osd_pool_default_size = '1', + $osd_pool_default_min_size = '1', + $mon_initial_members = '', + $mon_host = '', + $cluster_network = "10.4.8.0/21", + $public_network = "10.4.8.0/21", + $osd_journal_size = '1000', + $osd_ip = '', + $mon_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $admin_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==', + $volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==', + $boostrap_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', ) { class { 'ceph': From a0ebcf715e8747de78d94f3a5db017786b6d46d2 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 8 Apr 2015 14:14:41 -0400 Subject: [PATCH 25/46] Fixes permissions so that OpenStack can contact the cluster + adds pool creation for volumes/images --- manifests/ceph_deploy.pp | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/ceph_deploy.pp b/manifests/ceph_deploy.pp index 82d4e39..973e256 100644 --- a/manifests/ceph_deploy.pp +++ b/manifests/ceph_deploy.pp @@ -47,12 +47,14 @@ cap_mon => 'allow *', cap_osd => 'allow *', cap_mds => 'allow', + mode => '0644', } ceph::key { 'client.images': secret => $images_key, cap_mon => 'allow r', cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images', inject => true, + mode => '0644', } ceph::key { 'client.volumes': @@ -60,6 +62,7 @@ cap_mon => 'allow r', cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes', inject => true, + mode => '0644', } ceph::key { 'client.bootstrap-osd': secret => $boostrap_key, @@ -68,5 +71,12 @@ } -> ceph::osd { '/osd0': } - + -> + exec { 'create volumes pool': + command => "/usr/bin/ceph osd pool create volumes $osd_pool_default_pg_num", + } + -> + exec { 'create images pool': + command => "/usr/bin/ceph osd pool create images $osd_pool_default_pg_num", + } } From 9a9c62d0fb3a19677d1669b8dbef6daa34705506 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 8 Apr 2015 14:17:27 -0400 Subject: [PATCH 26/46] Fixes osd_journal variable bug --- manifests/controller_networker.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 01e633a..8d6db36 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -96,7 +96,7 @@ class { "trystack::ceph_deploy": fsid => $ceph_fsid, osd_pool_default_size => $ceph_osd_pool_size, - osd_pool_default_size => $ceph_osd_journal_size, + osd_journal_size => $ceph_osd_journal_size, mon_initial_members => $controllers_hostnames_array_str, mon_host => $controllers_ip_array_str, osd_ip => $osd_ip, From 59414179b1c40edd9a9737ba62a7f44a2ed702a9 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 8 Apr 2015 14:33:14 -0400 Subject: [PATCH 27/46] Ceph is actually included in EPEL for CentOS 7 and these repos are legacy. python-ceph package is now renamed python-rados package --- manifests/repo.pp | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index feb8327..7509ae9 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -18,24 +18,5 @@ gpgcheck => 0, } - yumrepo { - "ceph": - baseurl => "http://ceph.com/rpm-giant/el7/\$basearch", - descr => "Ceph packages for \$basearch", - enabled => 1, - gpgcheck => 0; - "Ceph-noarch": - baseurl => "http://ceph.com/rpm-giant/el7/noarch", - descr => "Ceph noarch packages", - enabled => 1, - gpgcheck => 0; - "ceph-source": - baseurl => "http://ceph.com/rpm-giant/el7/SRPMS", - descr => "Ceph source packages", - enabled => 1, - gpgcheck => 0; - } - - } } From 58a4aee28a2bab8f0bcd1b5b8c1ecc9ceb3d78f1 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 8 Apr 2015 14:35:43 -0400 Subject: [PATCH 28/46] Adds python-rados which now replaces python ceph + includes NTP Can get ntp here: puppet module install puppetlabs-ntp --- manifests/init.pp | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/manifests/init.pp b/manifests/init.pp index cd622a6..d3fcb15 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -3,13 +3,20 @@ command => '/usr/sbin/setenforce 0', unless => '/usr/sbin/getenforce | grep Permissive', } + include stdlib stage { 'presetup': before => Stage['setup'], } + class { '::ntp': + stage => presetup, + } class { "trystack::repo": stage => presetup, } - + -> + package { "python-rados": + ensure => latest, + } } From 6e5d2f9f5d80d22ef4d2385de2ea30d0eef3e70b Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 16 Apr 2015 14:35:28 -0400 Subject: [PATCH 29/46] Changes HA to not use interface parameters ovs_tunnel_if is no longer needed for HA. Now use private_network, storage_network with x.x.x.x format network (10.0.0.0). The interface will be found during puppet application. --- manifests/compute.pp | 8 ++++++-- manifests/controller_networker.pp | 12 +++++++++--- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 371f85d..3a7a013 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -9,8 +9,6 @@ } ##Common Parameters - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } if !$private_subnet { fail('private_subnet is empty')} if !$ceph_public_network { $ceph_public_network = $private_subnet } @@ -35,6 +33,7 @@ ##HA Global params if $ha_flag { + if $private_network == '' { fail('private_network is empty') } if !$keystone_private_vip { fail('keystone_private_vip is empty') } if !$glance_private_vip { fail('glance_private_vip is empty') } if !$nova_private_vip { fail('nova_private_vip is empty') } @@ -54,8 +53,13 @@ if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } if !$ceph_mon_host { $ceph_mon_host = $controllers_ip_array } if !$neutron_private_vip { fail('neutron_private_vip is empty') } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + } else { ##non HA params + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if !$private_ip { fail('private_ip is empty') } $keystone_private_vip = $private_ip $glance_private_vip = $private_ip diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 8d6db36..3032b09 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -10,7 +10,6 @@ ##Mandatory Common variables if $admin_email == '' { fail('admin_email is empty') } - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } ##Most users will only care about a single user/password for all services ##so lets create one variable that can be used instead of separate usernames/passwords @@ -53,7 +52,10 @@ if !$nova_admin_vip { fail('nova_admin_vip is empty') } if !$nova_private_vip { fail('nova_private_vip is empty') } if !$nova_public_vip { fail('nova_public_vip is empty') } + if $private_network == '' { fail('private_network is empty') } + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") ##Optional HA variables if !$amqp_username { $amqp_username = $single_username } @@ -82,7 +84,11 @@ if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } - if !$storage_iface { $storage_iface = $ovs_tunnel_if } + if !$storage_network { + $storage_iface = $ovs_tunnel_if + } else { + $storage_iface = get_nic_from_network("$storage_network") + } ##we assume here that if not provided, the first controller is where ODL will reside ##this is fine for now as we will replace ODL with ODL HA when it is ready @@ -253,7 +259,7 @@ } } else { - + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $public_ip == '' { fail('public_ip is empty') } if $private_ip == '' { fail('private_ip is empty') } From 16a02f97286a78c2414afd4bbf5215868e79bc08 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 29 Apr 2015 14:54:38 -0400 Subject: [PATCH 30/46] Fixes missing glance_user_password This was masked by the fact that hiera was not disabled so puppet was just grabbing a random value from a yaml file for this variable. --- manifests/controller_networker.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 3032b09..c49bca4 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -73,6 +73,7 @@ if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } if !$horizon_secret { $horizon_secret = $single_password } if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } if !$keystone_db_password { $keystone_db_password = $single_password } if !$keystone_user_password { $keystone_user_password = $single_password } if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array } From 271285d01fd10cb394741b47f99ee042b756b28a Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Fri, 1 May 2015 15:47:50 -0400 Subject: [PATCH 31/46] Adds Heat to the HA deployment Introduces 6 new required global params: - heat_admin_vip - heat_private_vip - heat_public_vip - heat_cfn_admin_vip - heat_cfn_private_vip - heat_cfn_public_vip --- manifests/controller_networker.pp | 34 ++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index c49bca4..43f1970 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -53,6 +53,12 @@ if !$nova_private_vip { fail('nova_private_vip is empty') } if !$nova_public_vip { fail('nova_public_vip is empty') } if $private_network == '' { fail('private_network is empty') } + if !$heat_admin_vip { fail('heat_admin_vip is empty') } + if !$heat_private_vip { fail('heat_private_vip is empty') } + if !$heat_public_vip { fail('heat_public_vip is empty') } + if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') } + if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') } + if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') } ##Find private interface $ovs_tunnel_if = get_nic_from_network("$private_network") @@ -85,6 +91,10 @@ if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } if !$storage_network { $storage_iface = $ovs_tunnel_if } else { @@ -140,14 +150,25 @@ glance_private_vip => $glance_private_vip, glance_public_vip => $glance_public_vip, glance_user_password => $glance_user_password, - heat_cfn_enabled => 'false', + heat_auth_encryption_key => $heat_auth_encryption_key, + heat_cfn_admin_vip => $heat_cfn_admin_vip, + heat_cfn_private_vip => $heat_cfn_private_vip, + heat_cfn_public_vip => $heat_cfn_public_vip, + heat_cfn_user_password => $heat_cfn_user_password, + heat_cloudwatch_enabled => 'true', + heat_cfn_enabled => 'true', + heat_db_password => $heat_db_password, + heat_admin_vip => $heat_admin_vip, + heat_private_vip => $heat_private_vip, + heat_public_vip => $heat_public_vip, + heat_user_password => $heat_user_password, horizon_admin_vip => $horizon_admin_vip, horizon_private_vip => $horizon_private_vip, horizon_public_vip => $horizon_public_vip, include_ceilometer => 'false', include_cinder => 'true', include_glance => 'true', - include_heat => 'false', + include_heat => 'true', include_horizon => 'true', include_keystone => 'true', include_neutron => 'true', @@ -198,8 +219,8 @@ admin_password => $admin_password, admin_token => $keystone_admin_token, cinder => 'true', - heat => 'false', - heat_cfn => 'false', + heat => 'true', + heat_cfn => 'true', keystonerc => 'true', use_syslog => 'true', verbose => 'true', @@ -227,7 +248,10 @@ volume => true, } -> - class { "quickstack::pacemaker::heat": } + class { "quickstack::pacemaker::heat": + use_syslog => true, + verbose => true, + } -> class { "quickstack::pacemaker::constraints": } From 5c107c5015ded191313dbef51cc0759cb33b3b0b Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Fri, 1 May 2015 15:47:50 -0400 Subject: [PATCH 32/46] Adds external network setup functionality Changes include: - openvswitch resource now defined in init.pp. Instead of in quickstack::neutron::all to avoid dependency cycle. - external_net_setup.pp configures br-ex, neutron, and creates provider network and subnet - controller_networker.pp calls external_net_setup.pp if "external_network_flag" is true New global parameters required (only if external_network_flag is true): - public_gateway - public_dns - public_network - public_subnet --- manifests/controller_networker.pp | 12 ++- manifests/external_net_setup.pp | 133 ++++++++++++++++++++++++++++++ manifests/init.pp | 9 ++ 3 files changed, 152 insertions(+), 2 deletions(-) create mode 100644 manifests/external_net_setup.pp diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 43f1970..e932d95 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -110,6 +110,10 @@ "$storage_iface", "") + if ($odl_flag != '') and str2bool($odl_flag) and ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_setup": } + } + class { "trystack::ceph_deploy": fsid => $ceph_fsid, osd_pool_default_size => $ceph_osd_pool_size, @@ -325,6 +329,10 @@ if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } if $swift_admin_password == '' { fail('swift_admin_password is empty') } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + + class { "quickstack::neutron::controller_networker": admin_email => $admin_email, admin_password => $admin_password, @@ -348,8 +356,8 @@ mysql_root_password => $mysql_root_password, #amqp_provider => $amqp_provider, amqp_host => $amqp_ip, - amqp_username => 'guest', - amqp_password => 'guest', + amqp_username => $amqp_username, + amqp_password => $amqp_password, #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, keystone_admin_token => $keystone_admin_token, diff --git a/manifests/external_net_setup.pp b/manifests/external_net_setup.pp new file mode 100644 index 0000000..15c3c2e --- /dev/null +++ b/manifests/external_net_setup.pp @@ -0,0 +1,133 @@ +class trystack::external_net_setup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + #reconfigure public interface to be ovsport + augeas { "main-$public_nic": + context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", + changes => [ + "rm IPADDR", + "rm NETMASK", + "rm GATEWAY", + "rm DNS1", + "rm BOOTPROTO", + "set ONBOOT yes", + "set TYPE OVSPort", + "set OVS_BRIDGE br-ex", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Package["openvswitch"], + } + + ~> + exec {"ifdown $public_nic": + path => "/usr/sbin", + refreshonly => true, + } + ~> + exec {"ifup $public_nic": + path => "/usr/sbin", + refreshonly => true, + } + + #create br-ex interface + augeas { "main-br-ex ": + context => '/files/etc/sysconfig/network-scripts/ifcfg-br-ex', + changes => [ + "set DEVICE br-ex", + "set DEVICETYPE ovs", + "set IPADDR '$public_nic_ip'", + "set NETMASK '$public_nic_netmask'", + "set GATEWAY '$public_gateway'", + "set DNS1 '$public_dns'", + "set BOOTPROTO static", + "set ONBOOT yes", + "set TYPE OVSBridge", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Package["openvswitch"] + } + + ~> + + exec {'ifdown br-ex': + path => "/usr/sbin", + refreshonly => true, + } + ~> + exec {'ifup br-ex': + path => "/usr/sbin", + refreshonly => true, + } + ~> + exec {"ovs-vsctl add-port br-ex $public_nic": + path => "/usr/bin", + refreshonly => true, + unless => "ovs-vsctl list-ifaces br-ex | grep $public_nic" + } + + + Class["trystack::controller_networker"] + -> + #update bridge-mappings to physnet1 + file_line { 'ovs': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => '[ovs]', + require => Class["trystack::controller_networker"], + } + -> + #update bridge-mappings to physnet1 + file_line { 'bridge_mapping': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => 'bridge_mappings = physnet1:br-ex', + require => Class["trystack::controller_networker"], + } + ~> + Service['neutron-server'] + +##this way we only let controller1 create the neutron resources +##controller1 should be the active neutron-server at provisioining time + + if $hostname == $controllers_hostnames_array[0] { + neutron_network { 'provider_network': + ensure => present, + name => 'provider_network', + admin_state_up => true, + provider_network_type => flat, + provider_physical_network => 'physnet1', + router_external => true, + tenant_name => 'admin', + require => Service['neutron-server'], + } + -> + neutron_subnet { 'provider_subnet': + ensure => present, + name => provider_subnet, + cidr => $public_subnet, + gateway_ip => $public_gateway, + allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ], + dns_nameservers => $public_dns, + network_name => 'provider_network', + tenant_name => 'admin', + } + } +} diff --git a/manifests/init.pp b/manifests/init.pp index d3fcb15..ca131f5 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -19,4 +19,13 @@ package { "python-rados": ensure => latest, } + + package { 'openvswitch': + ensure => installed, + } + -> + service {'openvswitch': + ensure => 'running', + } + } From ec954a7b8c6087efc3bcad0ddae5421044884d54 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 20 May 2015 14:28:39 -0400 Subject: [PATCH 33/46] Adds working external network support Patch changes behavior to do the following: - openvswitch is now installed at the beginning of the puppet run - public interface config is changed to be an ovsport on br-ex - br-ex is created with the IP address formerly on public interface - neutron is configured to use br-ex - after neutron is running, an external provider_network and provider_subnet are created --- manifests/controller_networker.pp | 8 +-- manifests/external_net_presetup.pp | 88 ++++++++++++++++++++++++++++++ manifests/external_net_setup.pp | 80 ++------------------------- manifests/init.pp | 16 ++---- manifests/repo.pp | 27 +++++++++ templates/br_ex.erb | 10 ++++ 6 files changed, 139 insertions(+), 90 deletions(-) create mode 100644 manifests/external_net_presetup.pp create mode 100644 templates/br_ex.erb diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index e932d95..b8e809a 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -110,10 +110,6 @@ "$storage_iface", "") - if ($odl_flag != '') and str2bool($odl_flag) and ($external_network_flag != '') and str2bool($external_network_flag) { - class { "trystack::external_net_setup": } - } - class { "trystack::ceph_deploy": fsid => $ceph_fsid, osd_pool_default_size => $ceph_osd_pool_size, @@ -287,6 +283,10 @@ verbose => 'true', } + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_setup": } + } + } else { if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $public_ip == '' { fail('public_ip is empty') } diff --git a/manifests/external_net_presetup.pp b/manifests/external_net_presetup.pp new file mode 100644 index 0000000..992a37b --- /dev/null +++ b/manifests/external_net_presetup.pp @@ -0,0 +1,88 @@ +class trystack::external_net_presetup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + if ($public_nic == '') or ($public_nic_ip == '') or ($public_nic == "br-ex") or ($public_nic == "br_ex") { + notify {"Skipping augeas, public_nic ${public_nic}, public_nic_ip ${public_nic_ip}":} + + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + unless => 'ip addr show br-ex | grep "inet "', + before => Exec['restart-network-public-nic-ip'], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + exec {'restart-network-public-nic-ip': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + onlyif => 'ip addr show | grep $(ip addr show br-ex | grep -Eo "inet [\.0-9]+" | cut -d " " -f2) | grep -v br-ex', + } + + } else { + #reconfigure public interface to be ovsport + augeas { "main-$public_nic": + context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", + changes => [ + "rm IPADDR", + "rm NETMASK", + "rm GATEWAY", + "rm DNS1", + "rm BOOTPROTO", + "rm DEFROUTE", + "rm IPV6_DEFROUTE", + "rm IPV6_PEERDNS", + "rm IPV6_PEERROUTES", + "rm PEERROUTES", + "set PEERDNS no", + "set BOOTPROTO static", + "set IPV6INIT no", + "set IPV6_AUTOCONF no", + "set ONBOOT yes", + "set TYPE OVSPort", + "set OVS_BRIDGE br-ex", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Service["openvswitch"], + } + + -> + #create br-ex interface + file { 'external_bridge': + path => '/etc/sysconfig/network-scripts/ifcfg-br-ex', + owner => 'root', + group => 'root', + mode => '0644', + content => template('trystack/br_ex.erb'), + before => Class["quickstack::pacemaker::params"], + } + -> + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + } +} diff --git a/manifests/external_net_setup.pp b/manifests/external_net_setup.pp index 15c3c2e..f6a79e1 100644 --- a/manifests/external_net_setup.pp +++ b/manifests/external_net_setup.pp @@ -15,83 +15,13 @@ $public_nic_ip = get_ip_from_nic("$public_nic") $public_nic_netmask = get_netmask_from_nic("$public_nic") - #reconfigure public interface to be ovsport - augeas { "main-$public_nic": - context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", - changes => [ - "rm IPADDR", - "rm NETMASK", - "rm GATEWAY", - "rm DNS1", - "rm BOOTPROTO", - "set ONBOOT yes", - "set TYPE OVSPort", - "set OVS_BRIDGE br-ex", - "set PROMISC yes" - - ], - before => Class["quickstack::pacemaker::params"], - require => Package["openvswitch"], - } - - ~> - exec {"ifdown $public_nic": - path => "/usr/sbin", - refreshonly => true, - } - ~> - exec {"ifup $public_nic": - path => "/usr/sbin", - refreshonly => true, - } - - #create br-ex interface - augeas { "main-br-ex ": - context => '/files/etc/sysconfig/network-scripts/ifcfg-br-ex', - changes => [ - "set DEVICE br-ex", - "set DEVICETYPE ovs", - "set IPADDR '$public_nic_ip'", - "set NETMASK '$public_nic_netmask'", - "set GATEWAY '$public_gateway'", - "set DNS1 '$public_dns'", - "set BOOTPROTO static", - "set ONBOOT yes", - "set TYPE OVSBridge", - "set PROMISC yes" - - ], - before => Class["quickstack::pacemaker::params"], - require => Package["openvswitch"] - } - - ~> - - exec {'ifdown br-ex': - path => "/usr/sbin", - refreshonly => true, - } - ~> - exec {'ifup br-ex': - path => "/usr/sbin", - refreshonly => true, - } - ~> - exec {"ovs-vsctl add-port br-ex $public_nic": - path => "/usr/bin", - refreshonly => true, - unless => "ovs-vsctl list-ifaces br-ex | grep $public_nic" - } - - - Class["trystack::controller_networker"] + Anchor[ 'neutron configuration anchor end' ] -> #update bridge-mappings to physnet1 file_line { 'ovs': ensure => present, path => '/etc/neutron/plugin.ini', line => '[ovs]', - require => Class["trystack::controller_networker"], } -> #update bridge-mappings to physnet1 @@ -99,15 +29,16 @@ ensure => present, path => '/etc/neutron/plugin.ini', line => 'bridge_mappings = physnet1:br-ex', - require => Class["trystack::controller_networker"], } - ~> - Service['neutron-server'] + -> + Exec["pcs-neutron-server-set-up"] ##this way we only let controller1 create the neutron resources ##controller1 should be the active neutron-server at provisioining time if $hostname == $controllers_hostnames_array[0] { + Exec["all-neutron-nodes-are-up"] + -> neutron_network { 'provider_network': ensure => present, name => 'provider_network', @@ -116,7 +47,6 @@ provider_physical_network => 'physnet1', router_external => true, tenant_name => 'admin', - require => Service['neutron-server'], } -> neutron_subnet { 'provider_subnet': diff --git a/manifests/init.pp b/manifests/init.pp index ca131f5..862ee88 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,8 +1,4 @@ class trystack { - exec {'disable selinux': - command => '/usr/sbin/setenforce 0', - unless => '/usr/sbin/getenforce | grep Permissive', - } include stdlib stage { 'presetup': @@ -20,12 +16,10 @@ ensure => latest, } - package { 'openvswitch': - ensure => installed, - } - -> - service {'openvswitch': - ensure => 'running', + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_presetup": + stage => presetup, + require => Class['trystack::repo'], + } } - } diff --git a/manifests/repo.pp b/manifests/repo.pp index 7509ae9..b15991c 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -19,4 +19,31 @@ } } + + exec {'disable selinux': + command => '/usr/sbin/setenforce 0', + unless => '/usr/sbin/getenforce | grep Permissive', + } + -> + service { 'NetworkManager': + ensure => "stopped", + enable => "false", + } + -> + service { "network": + ensure => "running", + enable => "true", + hasrestart => true, + restart => '/usr/bin/systemctl restart network', + } + + -> + package { 'openvswitch': + ensure => installed, + } + -> + service {'openvswitch': + ensure => 'running', + } + } diff --git a/templates/br_ex.erb b/templates/br_ex.erb new file mode 100644 index 0000000..6c0e7e7 --- /dev/null +++ b/templates/br_ex.erb @@ -0,0 +1,10 @@ +DEVICE=br-ex +DEVICETYPE=ovs +IPADDR=<%= @public_nic_ip %> +NETMASK=<%= @public_nic_netmask %> +GATEWAY=<%= @public_gateway %> +BOOTPROTO=static +ONBOOT=yes +TYPE=OVSBridge +PROMISC=yes +PEERDNS=no From 40e3d4f988281a021274404e330b710c3b5fed8f Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 20 May 2015 18:16:30 -0400 Subject: [PATCH 34/46] Moves external network presetup from init to controller_networker Bug where external network was being applied to compute nodes. --- manifests/controller_networker.pp | 7 +++++++ manifests/init.pp | 6 ------ 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index b8e809a..e754ad5 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -110,6 +110,13 @@ "$storage_iface", "") + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "trystack::external_net_presetup": + stage => presetup, + require => Class['trystack::repo'], + } + } + class { "trystack::ceph_deploy": fsid => $ceph_fsid, osd_pool_default_size => $ceph_osd_pool_size, diff --git a/manifests/init.pp b/manifests/init.pp index 862ee88..afc6c13 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -16,10 +16,4 @@ ensure => latest, } - if ($external_network_flag != '') and str2bool($external_network_flag) { - class { "trystack::external_net_presetup": - stage => presetup, - require => Class['trystack::repo'], - } - } } From b67fcbab5444657388f16e22382abdecf933c546 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 20 May 2015 22:29:29 -0400 Subject: [PATCH 35/46] Compute nodes networking is stopping. I think this is because NetworkManager is stopped and then dhcp doesn't renew. This patch adds a network restart after networkmanager is killed to try to resolve the issue. --- manifests/repo.pp | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index b15991c..4ef2d25 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -25,18 +25,23 @@ unless => '/usr/sbin/getenforce | grep Permissive', } -> - service { 'NetworkManager': - ensure => "stopped", - enable => "false", - } - -> service { "network": ensure => "running", enable => "true", hasrestart => true, restart => '/usr/bin/systemctl restart network', } - + -> + service { 'NetworkManager': + ensure => "stopped", + enable => "false", + } + ~> + exec { 'restart-network-presetup': + command => 'systemctl restart network' + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } -> package { 'openvswitch': ensure => installed, From 06fa22c5c3c433ddba477097c99c97ee543c27c0 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 21 May 2015 00:22:14 -0400 Subject: [PATCH 36/46] Fixes syntax error --- manifests/repo.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/repo.pp b/manifests/repo.pp index 4ef2d25..981271b 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -38,7 +38,7 @@ } ~> exec { 'restart-network-presetup': - command => 'systemctl restart network' + command => 'systemctl restart network', path => ["/usr/sbin/", "/usr/bin/"], refreshonly => 'true', } From b2b60640c952ef935d836ff508a0cb3030629589 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Fri, 22 May 2015 10:48:52 -0400 Subject: [PATCH 37/46] Modifies default values for quota with neutron --- manifests/controller_networker.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index e754ad5..e147528 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -288,6 +288,18 @@ ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_types => ["vxlan"], verbose => 'true', + neutron_conf_additional_params => { default_quota => 'default', + quota_network => '50', + quota_subnet => '50', + quota_port => 'default', + quota_security_group => '50', + quota_security_group_rule => 'default', + quota_vip => 'default', + quota_pool => 'default', + quota_router => '50', + quota_floatingip => '100', + network_auto_schedule => 'default', + }, } if ($external_network_flag != '') and str2bool($external_network_flag) { From f3067fed067427e2ebfe98c1e03578f11b91235e Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 2 Jun 2015 11:06:45 -0400 Subject: [PATCH 38/46] Fixes missing neutron_metadata_proxy_secret variable --- manifests/controller_networker.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index e147528..b5bfbd5 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -86,6 +86,7 @@ if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array } if !$neutron_db_password { $neutron_db_password = $single_password } if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_proxy_secret { $neutron_metadata_proxy_secret = $single_password } if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} From 05278b8ac3bd229cb79ede6fb332f35fc6a29501 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 2 Jun 2015 13:12:59 -0400 Subject: [PATCH 39/46] Adds provider router needed for rally tests to run correctly. --- manifests/external_net_setup.pp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manifests/external_net_setup.pp b/manifests/external_net_setup.pp index f6a79e1..b52450c 100644 --- a/manifests/external_net_setup.pp +++ b/manifests/external_net_setup.pp @@ -59,5 +59,13 @@ network_name => 'provider_network', tenant_name => 'admin', } + -> + neutron_router { 'provider_router': + ensure => present, + name => 'provider_router', + admin_state_up => true, + gateway_network_name => 'provider_network', + tenant_name => 'admin', + } } } From edd8c488d2571e0e32811a91c1ba07538fd6e78e Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Fri, 5 Jun 2015 14:33:40 -0400 Subject: [PATCH 40/46] Fixes external router "provider_router" so that it's external interface is actually placed on br-ex --- manifests/controller_networker.pp | 1 + 1 file changed, 1 insertion(+) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index b5bfbd5..7d55ca1 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -282,6 +282,7 @@ class { "quickstack::pacemaker::neutron": agent_type => $this_agent, enable_tunneling => 'true', + external_network_bridge => 'br-ex', ml2_mechanism_drivers => $ml2_mech_drivers, ml2_network_vlan_ranges => ["physnet1:10:50"], odl_controller_ip => $odl_control_ip, From d36cf9902b73bc783892e8fbf2e3ba832c4454b3 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 9 Jun 2015 15:54:41 -0400 Subject: [PATCH 41/46] Simplifies the non-HA deployment for parameters Now for non-HA deployment you only need: private_network public_network Which are determined by deploy.sh for you. --- manifests/controller_networker.pp | 77 +++++++++++++++---------------- 1 file changed, 37 insertions(+), 40 deletions(-) diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index 7d55ca1..e675345 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -309,50 +309,47 @@ } } else { - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - - if $odl_control_ip == '' { $odl_control_ip = $private_ip } - - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $mysql_root_password == '' { fail('mysql_root_password is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - - if $keystone_db_password == '' { fail('keystone_db_password is empty') } - - if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } - - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - - if $cinder_user_password == '' { fail('cinder_user_password is empty') } - if $cinder_db_password == '' { fail('cinder_db_password is empty') } - - if $glance_user_password == '' { fail('glance_user_password is empty') } - if $glance_db_password == '' { fail('glance_db_password is empty') } - - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } - - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } - - if $heat_user_password == '' { fail('heat_user_password is empty') } - if $heat_db_password == '' { fail('heat_db_password is empty') } - if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } - - if $swift_user_password == '' { fail('swift_user_password is empty') } - if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } - if $swift_admin_password == '' { fail('swift_admin_password is empty') } + ##Mandatory Non-HA parameters + if $private_network == '' { fail('private_network is empty') } + if $public_network == '' { fail('public_network is empty') } + ##Optional Non-HA parameters if !$amqp_username { $amqp_username = $single_username } if !$amqp_password { $amqp_password = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$horizon_secret_key { $horizon_secret_key = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } + if !$swift_user_password { $swift_user_password = $single_password } + if !$swift_shared_secret { $swift_shared_secret = $single_password } + if !$swift_admin_password { $swift_admin_password = $single_password } + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + #Find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_ip = get_ip_from_nic("$public_nic") + + if !$mysql_ip { $mysql_ip = $private_ip } + if !$amqp_ip { $amqp_ip = $private_ip } + if !$memcache_ip { $memcache_ip = $private_ip } + if !$neutron_ip { $neutron_ip = $private_ip } + if !$odl_control_ip { $odl_control_ip = $private_ip } class { "quickstack::neutron::controller_networker": admin_email => $admin_email, From a33ca8ade4d292fecc7e5193af1961ac6359f49a Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 9 Jun 2015 18:04:40 -0400 Subject: [PATCH 42/46] Simplifies parameters for compute.pp Now only required parameters: private_network private_subnet --- manifests/compute.pp | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 3a7a013..0af5e32 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -59,19 +59,27 @@ } else { ##non HA params - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if !$private_ip { fail('private_ip is empty') } + ##Mandatory + if $private_network == '' { fail('private_network is empty') } + + ##Optional + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + $keystone_private_vip = $private_ip $glance_private_vip = $private_ip $nova_private_vip = $private_ip $neutron_private_vip = $private_ip - if !$nova_db_password { fail('nova_db_password is empty') } - if !$nova_user_password { fail('nova_user_password is empty') } + + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } if !$odl_control_ip { $odl_control_ip = $private_ip } if !$mysql_ip { $mysql_ip = $private_ip } if !$amqp_ip { $amqp_ip = $private_ip } - if !$amqp_username { $amqp_username = 'guest' } - if !$amqp_password { $amqp_password = 'guest' } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } } From 6a5d47189d8d43c9364e4de12f4396c2a6e3442d Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Tue, 9 Jun 2015 18:13:39 -0400 Subject: [PATCH 43/46] Fixes check for ha_flag being true as a boolean --- manifests/compute.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 0af5e32..dbefef6 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -32,7 +32,7 @@ if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } ##HA Global params - if $ha_flag { + if $ha_flag and str2bool($ha_flag) { if $private_network == '' { fail('private_network is empty') } if !$keystone_private_vip { fail('keystone_private_vip is empty') } if !$glance_private_vip { fail('glance_private_vip is empty') } From 9cdc1ce24398c7a3e3e40d6a98c81e1f56389bd5 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 11 Jun 2015 12:54:58 -0400 Subject: [PATCH 44/46] Fixes non-ha odl_control_ip var on compute, and adds keystonerc to non-ha controller --- manifests/compute.pp | 4 +++- manifests/controller_networker.pp | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index dbefef6..74eaa88 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -61,6 +61,9 @@ ##non HA params ##Mandatory if $private_network == '' { fail('private_network is empty') } + if ($odl_flag != '') and str2bool($odl_flag) { + if $odl_control_ip == '' { fail('odl_control_ip is empty') } + } ##Optional ##Find private interface @@ -75,7 +78,6 @@ if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } - if !$odl_control_ip { $odl_control_ip = $private_ip } if !$mysql_ip { $mysql_ip = $private_ip } if !$amqp_ip { $amqp_ip = $private_ip } if !$amqp_username { $amqp_username = $single_username } diff --git a/manifests/controller_networker.pp b/manifests/controller_networker.pp index e675345..1e158eb 100644 --- a/manifests/controller_networker.pp +++ b/manifests/controller_networker.pp @@ -403,6 +403,8 @@ horizon_ca => $quickstack::params::horizon_ca, horizon_cert => $quickstack::params::horizon_cert, horizon_key => $quickstack::params::horizon_key, + + keystonerc => true, ml2_mechanism_drivers => $ml2_mech_drivers, From 3f7a754eed822f3293c904ac8e09151c3dee93b1 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 11 Jun 2015 22:39:20 -0400 Subject: [PATCH 45/46] Fixes variables to point to controller (controller_ip) --- manifests/compute.pp | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 74eaa88..759a348 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -64,6 +64,7 @@ if ($odl_flag != '') and str2bool($odl_flag) { if $odl_control_ip == '' { fail('odl_control_ip is empty') } } + if $controller_ip == '' { fail('controller_ip is empty') } ##Optional ##Find private interface @@ -71,15 +72,15 @@ ##Find private ip $private_ip = get_ip_from_nic("$ovs_tunnel_if") - $keystone_private_vip = $private_ip - $glance_private_vip = $private_ip - $nova_private_vip = $private_ip - $neutron_private_vip = $private_ip + $keystone_private_vip = $controller_ip + $glance_private_vip = $controller_ip + $nova_private_vip = $controller_ip + $neutron_private_vip = $controller_ip if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } - if !$mysql_ip { $mysql_ip = $private_ip } - if !$amqp_ip { $amqp_ip = $private_ip } + if !$mysql_ip { $mysql_ip = $controller_ip } + if !$amqp_ip { $amqp_ip = $controller_ip } if !$amqp_username { $amqp_username = $single_username } if !$amqp_password { $amqp_password = $single_password } if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } From b4bccac4f18ffff456d8745f32f77f376a8d1ec7 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Wed, 17 Jun 2015 16:07:14 -0400 Subject: [PATCH 46/46] Fixes nova_host to point to public ip of nova (for vncproxy access) --- manifests/compute.pp | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 759a348..4ae38da 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -36,7 +36,7 @@ if $private_network == '' { fail('private_network is empty') } if !$keystone_private_vip { fail('keystone_private_vip is empty') } if !$glance_private_vip { fail('glance_private_vip is empty') } - if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } if !$controllers_ip_array { fail('controllers_ip_array is empty') } @@ -74,7 +74,7 @@ $keystone_private_vip = $controller_ip $glance_private_vip = $controller_ip - $nova_private_vip = $controller_ip + $nova_public_vip = $controller_ip $neutron_private_vip = $controller_ip if !$nova_db_password { $nova_db_password = $single_password } @@ -95,7 +95,7 @@ libvirt_inject_password => 'false', libvirt_inject_key => 'false', libvirt_images_type => 'rbd', - nova_host => $nova_private_vip, + nova_host => $nova_public_vip, nova_db_password => $nova_db_password, nova_user_password => $nova_user_password, private_network => '',