Initial plugin checkin

This checks in the astara plugin in its current state. It currently
supports deploying into MOS 8.0/liberty only.

Change-Id: Ibe7ca298c4adcdd237202b520271100231b2a1d2
This commit is contained in:
Adam Gandelman 2016-05-05 13:07:56 -07:00
parent cf3b401848
commit a7614c8593
46 changed files with 2037 additions and 0 deletions

2
AUTHORS Normal file
View File

@ -0,0 +1,2 @@
Adam Gandelman <adamg@ubuntu.com>
Eric Lopez <eric.lopez@akanda.io>

27
INSTALL.rst Normal file
View File

@ -0,0 +1,27 @@
Create Manually Installed Astara Fuel 8.0 Plugin on Ubuntu Trusty 14.04
=======================================================================
``https://wiki.openstack.org/wiki/Fuel/Plugins#Preparing_an_environment_for_plugin_development``
sudo apt-get install createrepo rpm dpkg-dev
easy_install pip
pip install fuel-plugin-builder
git clone https://github.com/stackforge/fuel-plugins.git
cd fuel-plugins/fuel_plugin_builder/
sudo python setup.py develop
``https://wiki.openstack.org/wiki/Fuel/Plugins#Using_Fuel_Plugin_Builder_tool``
fpb --create fuel-plugin-astara
fpb --build fuel-plugin-astara
Debug UI
--------
blah blah
Debug Deployment
----------------
blah blah

202
LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

135
README.rst Normal file
View File

@ -0,0 +1,135 @@
Astara plugin for Mirantis Fuel
===============================
Astara is a network orchestration service designed for provisioning Neutron
managed virtual network functions in an OpenStack deployment.
Limitations:
------------
Currently this plugin is not compatible with the following features:
- Neutron DVR
- FWaaS
- LBaaSv1
- other SDN solutions
Compatible versions:
--------------------
- Mirantis Fuel 8.0
- Akanda Astara 8.0
To obtain the plugin:
---------------------
The Astara plugin can be downloaded from the [Fuel Plugin Catalog](
https://www.mirantis.com/products/openstack-drivers-and-plugins/fuel-plugins/).
To install the plugin:
----------------------
- Prepare a clean fuel master node.
- Copy the plugin onto the fuel master node:
scp astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm root@<Fuel_Master_Node_IP>:/tmp
- Install the plugin on the fuel master node:
cd /tmp
fuel plugins --install astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm
- Check the plugin was installed:
fuel plugins --list
User Guide
----------
To deploy a cluster with the Astara plugin, use the Fuel web UI to deploy an
OpenStack cluster in the usual way, with the following guidelines:
- Create a new OpenStack environment, selecting:
Liberty on Ubuntu Trusty
"Neutron with VLAN segmentation" or "Neutron with tunneling segmentation" as the networking setup
- Under the network tab, configure the 'Network' settings for your environment. For example (exact values will
depend on your setup):
Public (External):
- IP Range: 172.16.0.2 - 172.16.0.126
- CIDR: 172.16.0.0/24
- Use VLAN tagging: No
- Gateway: 172.16.0.1
- Floating IP range: 172.16.0.130 - 172.16.0.254
Management (Management):
- Under the settings tab, make sure the following options are checked:
"Use Astara Network Orchestrator"
- Under the setting tab, configure Astara Management Service Port, API Port, and Management IPv6 prefix
- Astara Management IPv6 Prefix
- Astara Management Service Port
- Astara API Service Port
- Add nodes
- Deploy changes
Deployment details
------------------
Deployment of Openstack using Astara Network Orchestrator does the following:
- Configures Nova:
Enable Metadata Service
Enable IPv6
Enables Nova to attach external networks to an VM Instance
- Configures Neutron:
Disables Metadata Agent, L3 Agent, and DHCP Agent
Enables Astara API extensions
Enables Astara service plugin
Enables Astara core plugin
- Uploads Astara Router Service VM into Openstack Image Service (glance)
- Configure Horizon:
Enable Astara dashboard extensions
Configure Astara management service details
- Create Public and Management Networks for Openstack deployment
Known issues
------------
None.
Release Notes
-------------
**1.0.0**
* Initial release of the plugin

29
components.yaml Normal file
View File

@ -0,0 +1,29 @@
# This file contains wizard components descriptions that are pretty similar to
# the `environment_config.yaml`.
# Please, take a look at following link for the details:
# - https://blueprints.launchpad.net/fuel/+spec/component-registry
# - https://specs.openstack.org/openstack/fuel-specs/specs/8.0/component-registry.html
- name: 'additional_service:astara'
label: "Install Astara (Openstack Network Orchestrator)"
description: "If selected, Astara's Network Orchestrator will be installed. Astara
is a production grade L3-L7 Network Service Platform for Neutron"
bind: !!pairs
- "cluster:net_provider": "neutron"
requires:
- name: 'network:neutron:core:ml2'
compatible:
- name: 'hypervisor:libvirt:*'
- name: 'hypervisor:kvm'
- name: 'hypervisor:qemu'
- name: 'network:neutron:vlan'
- name: 'network:neutron:tun'
- name: "storage:block:lvm"
- name: "storage:image:ceph"
- name: "storage:object:ceph"
- name: "additional_service:ceilometer"
- name: "storage:block:ceph"
- name: "storage:ephemeral:ceph"
incompatible:
- name: 'hypervisor:vmware'
description: 'Astara is not compatible with VMware vSphere'

View File

@ -0,0 +1,5 @@
notice('MODULE: astara-neutron install')
include astara
class { 'astara::astara_neutron::install': }

View File

@ -0,0 +1,123 @@
notice('MODULAR: astara config')
$astara_settings = hiera('fuel-plugin-astara')
# pass through fuel plugin config
astara_config {
'DEFAULT/astara_api_port': value => $astara_settings['astara_api_port'];
'DEFAULT/astara_mgt_service_port': value => $astara_settings['astra_mgmt_service_port'];
'DEFAULT/management_prefix': value => $astara_settings['astra_mgmt_ipv6_prefix'];
}
# piece together authtoken config from hiera, using neutron's service creds.
$neutron_settings = hiera('quantum_settings')
$neutron_keystone_settings = $neutron_settings['keystone']
$keystone_settings = hiera_hash('keystone', {})
$service_endpoint = hiera('service_endpoint')
$management_vip = hiera('management_vip')
$ssl_hash = hiera_hash('use_ssl', {})
$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
$internal_port = '5000'
$public_url = "${public_protocol}://${public_address}:${public_port}"
$admin_url = "${admin_protocol}://${admin_address}:${admin_port}"
$internal_url = "${internal_protocol}://${internal_address}:${internal_port}"
$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
$auth_suffix = pick($keystone_settings['auth_suffix'], '/')
$auth_url = "${internal_url}${auth_suffix}"
# XXX need to replace with zookeeper
$memcache_addresses = hiera('memcached_addresses')
$memcache_address = $memcache_addresses[0]
$region = hiera('region', 'RegionOne')
# setup keystone authtoken middleware
astara_config {
'keystone_authtoken/auth_plugin': value => 'password';
'DEFAULT/auth_url': value => $auth_url;
'keystone_authtoken/auth_uri': value => $auth_url;
'keystone_authtoken/auth_url': value => $internal_url;
'keystone_authtoken/project_domain_id': value => 'default';
'keystone_authtoken/user_domain_id': value => 'default';
'keystone_authtoken/project_name': value => 'services';
'keystone_authtoken/username': value => 'neutron';
'keystone_authtoken/password': value => $neutron_keystone_settings['admin_password'];
'keystone_authtoken/auth_region': value => $region;
}
# setup db access to the controller with the known password
$database_vip = hiera('database_vip', $management_vip)
$db_host = pick($astara_settings['db_host'], $database_vip)
$db_user = pick($astara_settings['db_user'], 'astara')
$db_name = pick($astara_settings['db_name'], 'astara')
#$db_password = pick($astara_settings['astara_db_password'], 'astara')
$db_password = 'astara'
$database_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8"
astara_config {
'database/connection': value => $database_connection;
}
# setup access to neutron's rabbit queue
# matching neutron's rabbit setup here -- it uses nova's credentials?
$rabbit_settings = hiera('rabbit')
$rabbit_user = 'nova'
$rabbit_password = $rabbit_settings['password']
$rabbit_host = hiera('amqp_hosts')
astara_config {
'DEFAULT/control_exchange': value => 'neturon';
'DEFAULT/rpc_backend': value => 'rabbit';
'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user;
'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true;
'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host;
}
# setup the neutron L3 agent
neutron_config {
'agent/root_helper': value => 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf';
'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user;
'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true;
# XXX note sure where non-default 5673 comes from?
'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host;
}
# drop an openrc for the neutron service tenant
class { 'openstack::auth_file':
admin_user => 'neutron',
admin_password => $neutron_keystone_settings['admin_password'],
admin_tenant => 'services',
region_name => $region,
auth_url => $auth_url,
}
astara_config {
'DEFAULT/endpoint_type': value => 'internalURL';
'DEFAULT/log_file': value => '/var/log/astara/astara-orchestrator.log';
}
# Setup coordination cluster services.
# NOTE: we use memcache here for testing until a zookeeper module is available in feul
astara_config {
'coordination/enabled': value => 'True';
'coordination/url': value => "memcached://${memcache_address}:11211";
}
# setup metadata proxy access
astara_config {
'DEFAULT/nova_metadata_ip': value => $management_vip;
'DEFAULT/neutron_metadata_proxy_shared_secret': value => $neutron_settings["metadata"]["metadata_proxy_shared_secret"];
}
# TODO(adam_g): flavor ids are hard-coded as params to astara::flavor::create,
# should be centralized somewhere.
astara_config {
'router/instance_flavor': value => "511";
'loadbalancer/instance_flavor': value => "511";
}

View File

@ -0,0 +1,5 @@
class { 'astara::db::sync': }
class { 'astara::flavor::create': }
class { 'astara::networks::create': }

View File

@ -0,0 +1,58 @@
notice('MODULAR: astara/db.pp')
$node_name = hiera('node_name')
$astara_settings = hiera('fuel-plugin-astara')
$mysql_hash = hiera_hash('mysql_hash', {})
$database_vip = hiera('database_vip')
$mysql_root_user = pick($mysql_hash['root_user'], 'root')
$mysql_db_create = pick($mysql_hash['db_create'], true)
$mysql_root_password = $mysql_hash['root_password']
$db_user = 'astara'
$db_name = 'astara'
#$db_password = pick($astara_settings['astara_db_password'], $mysql_root_password)
# XXX TODO pull generated passwd from environment config
$db_password = 'astara'
$db_host = pick($astara_settings['metadata']['db_host'], $database_vip)
$db_create = pick($astara_settings['metadata']['db_create'], $mysql_db_create)
$db_root_user = pick($astara_settings['metadata']['root_user'], $mysql_root_user)
$db_root_password = pick($astara_settings['metadata']['root_password'], $mysql_root_password)
$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ]
validate_string($mysql_root_user)
if $db_create {
class { 'galera::client':
custom_setup_class => hiera('mysql_custom_setup_class', 'galera'),
}
class { 'astara::db::mysql':
user => $db_user,
password => $db_password,
dbname => $db_name,
allowed_hosts => $allowed_hosts,
}
class { 'osnailyfacter::mysql_access':
db_host => $db_host,
db_user => $db_root_user,
db_password => $db_root_password,
}
Class['galera::client'] ->
Class['osnailyfacter::mysql_access'] ->
Class['astara::db::mysql']
}
class mysql::config {}
include mysql::config
class mysql::server {}
include mysql::server

View File

@ -0,0 +1,103 @@
notice('MODULAR: network-orchestrator-node/network_hiera_override.pp')
$network_node_plugin = hiera('astara', undef)
$hiera_dir = '/etc/hiera/override'
$plugin_name = 'network-orchestrator-node'
$plugin_yaml = "${plugin_name}.yaml"
if $network_orchestrator_node_plugin {
$network_metadata = hiera_hash('network_metadata')
$network_roles = ['primary-network-orchestrator-node', 'network-orchestrator-node']
$network_nodes = get_nodes_hash_by_roles($network_metadata, $network_roles)
$management_vip = $network_metadata['vips']['management']['ipaddr']
$public_vip = $network_metadata['vips']['public']['ipaddr']
$quantum_hash = hiera_hash('quantum_settings')
case hiera_array('role', 'none') {
/network-orchestartor-node/: {
if hiera('role', 'none') == 'primary-network-orchestrator-node' {
$primary_controller = true
} else {
$primary_controller = false
}
$use_neutron = true
$corosync_roles = $network_roles
$deploy_vrouter = false
$haproxy_nodes = false
$corosync_nodes = $network_nodes
$new_quantum_settings_hash = {
'neutron_agents' => [''],
'neutron_server_enable' => false,
'conf_nova' => false
}
$neutron_settings = merge($quantum_hash, $new_quantum_settings_hash)
}
/controller/: {
$use_neutron = true
$new_quantum_settings_hash = {
'neutron_agents' => [''],
}
$neutron_settings = merge($quantum_hash, $new_quantum_settings_hash)
if hiera('role', 'none') =~ /^primary/ {
$primary_controller = 'true'
} else {
$primary_controller = 'false'
}
}
default: {
$use_neutron = true
}
}
###################
$calculated_content = inline_template('
<% if @corosync_nodes -%>
<% require "yaml" -%>
corosync_nodes:
<%= YAML.dump(@corosync_nodes).sub(/--- *$/,"") %>
<% end -%>
<% if @corosync_roles -%>
corosync_roles:
<%
@corosync_roles.each do |crole|
%> - <%= crole %>
<% end -%>
<% end -%>
<% if @neutron_settings -%>
<% require "yaml" -%>
quantum_settings:
<%= YAML.dump(@neutron_settings).sub(/--- *$/,"") %>
<% end -%>
deploy_vrouter: <%= @deploy_vrouter %>
primary_controller: <%= @primary_controller %>
management_vip: <%= @management_vip %>
database_vip: <%= @management_vip %>
service_endpoint: <%= @management_vip %>
public_vip: <%= @public_vip %>
use_neutron: <%= @use_neutron %>
')
###################
file {'/etc/hiera/override':
ensure => directory,
} ->
file { '/etc/hiera/override/common.yaml':
ensure => file,
content => "${calculated_content}\n",
}
package {'ruby-deep-merge':
ensure => 'installed',
}
file_line {'hiera.yaml':
path => '/etc/hiera.yaml',
line => " - override/${plugin_name}",
after => ' - override/module/%{calling_module}',
}
}

View File

@ -0,0 +1,2 @@
class { 'astara::image': }

View File

@ -0,0 +1,5 @@
notice('MODULAR: astara install')
include astara
class { 'astara::install': }

View File

@ -0,0 +1 @@
notice('MODULAR: no-op astara pre-deployment task')

View File

@ -0,0 +1,3 @@
class { 'astara::networks::set': }

View File

@ -0,0 +1,27 @@
Puppet::Type.type(:astara_config).provide(
:ini_setting,
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
) do
def section
resource[:name].split('/', 2).first
end
def setting
resource[:name].split('/', 2).last
end
def separator
'='
end
def self.file_path
'/etc/astara/orchestrator.ini'
end
# added for backwards compatibility with older versions of inifile
def file_path
self.class.file_path
end
end

View File

@ -0,0 +1,47 @@
Puppet::Type.newtype(:astara_config) do
ensurable
newparam(:name, :namevar => true) do
desc 'Section/setting name to manage from /etc/astara/orchestrator.ini'
newvalues(/\S+\/\S+/)
end
newproperty(:value) do
desc 'The value of the setting to be defined.'
munge do |value|
value = value.to_s.strip
value.capitalize! if value =~ /^(true|false)$/i
value
end
def is_to_s( currentvalue )
if resource.secret?
return '[old secret redacted]'
else
return currentvalue
end
end
def should_to_s( newvalue )
if resource.secret?
return '[new secret redacted]'
else
return newvalue
end
end
end
newparam(:secret, :boolean => true) do
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
newvalues(:true, :false)
defaultto false
end
autorequire(:package) do
'astara-common'
end
end

View File

@ -0,0 +1,21 @@
notice('MODULAR: astara::astara_neutron::install')
class astara::astara_neutron::install {
class { 'astara::repo::liberty': }
package { 'neutron-plugin-astara':
ensure => present,
require => Class['astara::repo::liberty'],
}
# TODO: These will need to be special cased for when we deploy the Mitaka
# version (akanda -> astara)
neutron_config {
'DEFAULT/core_plugin': value => 'akanda.neutron.plugins.ml2_neutron_plugin.Ml2Plugin';
'DEFAULT/api_extensions_path': value => '/usr/lib/python2.7/dist-packages/akanda/neutron/extensions';
'DEFAULT/service_plugins': value => 'akanda.neutron.plugins.ml2_neutron_plugin.L3RouterPlugin';
'DEFAULT/notification_driver': value => 'neutron.openstack.common.notifier.rpc_notifier';
'DEFAULT/astara_auto_add_resources': value => 'False';
}
}

View File

@ -0,0 +1,55 @@
# The astara::db::mysql class creates a MySQL database for astara.
# It must be used on the MySQL server
#
# == Parameters
#
# [*password*]
# password to connect to the database. Mandatory.
#
# [*dbname*]
# name of the database. Optional. Defaults to astara.
#
# [*user*]
# user to connect to the database. Optional. Defaults to astara.
#
# [*host*]
# the default source host user is allowed to connect from.
# Optional. Defaults to 'localhost'
#
# [*allowed_hosts*]
# other hosts the user is allowd to connect from.
# Optional. Defaults to undef.
#
# [*charset*]
# the database charset. Optional. Defaults to 'utf8'
#
# [*collate*]
# the database collation. Optional. Defaults to 'utf8_general_ci'
#
# [*mysql_module*]
# (optional) Deprecated. Does nothing.
#
# [*cluster_id*]
# (optional) Deprecated. Does nothing.
class astara::db::mysql(
$password,
$dbname = 'astara',
$user = 'astara',
$host = '127.0.0.1',
$charset = 'utf8',
$collate = 'utf8_general_ci',
$allowed_hosts = undef,
) {
::openstacklib::db::mysql { 'astara':
user => $user,
password_hash => mysql_password($password),
dbname => $dbname,
host => $host,
charset => $charset,
collate => $collate,
allowed_hosts => $allowed_hosts,
}
}

View File

@ -0,0 +1,10 @@
notice('MODULAR: astara::db::sync')
class astara::db::sync {
exec { 'astara-db-sync':
command => 'astara-dbsync --config-file /etc/astara/orchestrator.ini upgrade head',
path => '/usr/bin',
user => 'astara',
logoutput => on_failure,
}
}

View File

@ -0,0 +1,15 @@
notice('MODULAR: astara::flavor::create')
class astara::flavor::create (
$ram = '512',
$disk = '3',
$vcpus = '1',
$flavor_name = 'm1.astara',
$flavor_id = '511',
) {
exec { 'create':
path => '/bin:/usr/bin',
command => '/bin/bash ./scripts/create_nova_flavor.sh ${ram} ${disk} ${vcpus} ${flavor_name} ${id}',
logoutput => true,
}
}

View File

@ -0,0 +1,25 @@
notice('MODULAR: Grabbing astara appliance image')
class astara::image {
$astara_settings = hiera('fuel-plugin-astara')
$image_url = $astara_settings['astara_appliance_image_location']
exec { 'need_image':
command => '/bin/true',
onlyif => '/usr/bin/test ! -e /root/astara_appliance.qcow2',
}
notice("Downloading astara applinace from ${image_url}")
exec { "/usr/bin/wget -O astara_appliance.qcow2 --timestamping ${image_url}":
alias => "get-image",
cwd => "/tmp",
require => Exec['need_image'],
}
file { "/root/astara_appliance.qcow2":
ensure => present,
source => "/tmp/astara_appliance.qcow2",
require => Exec["get-image"] }
}

View File

@ -0,0 +1,100 @@
#
# Copyright (c) 2016, Akanda Inc, http://akanda.io
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
notice('MODULAR: astara/init.pp')
# Parameters for configuring Astara Fuel plugin
class astara {
$astara_settings = hiera('fuel-plugin-astara')
$mgt_service_port = $astara_settings['astara_mgmt_service_port']
}
#
# $astara_settings = hiera('astara', {})
# $management_vip = hiera('management_vip')
#
# # Settings for Neutron
# $neutron_settings = hiera_hash('quantum_settings', {})
#
# # Setting for Authenication
# $ssl_hash = hiera_hash('use_ssl', {})
# $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
# $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $management_vip])
# $admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
# $admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip])
#
# $auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/"
# $auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
# $identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/"
# $auth_region = hiera('region', 'RegionOne')
# $project_domain_id = hiera('project_domain', 'default')
# $project_name = hiera('$hiera workloads_collector['tenant']', 'services')
# $user_domain_id = hiera('user_domain', 'default')
# $neutron_user = hiera('neutron_user', 'neutron')
# $neutron_password = hiera('neutron_user_password')
#
# # Settings for Database
# $database_vip = hiera('database_vip', undef)
# $db_type = 'mysql'
# $db_host = pick($astara_settings['db_host'], $database_vip)
# $db_user = pick($astara_settings['username'], 'astara')
# $db_password = $astara_settings['db_password']
# $db_name = pick($astara_settings['db_name'], 'astara')
# $db_connection = os_database_connection({
# 'dialect' => $db_type,
# 'host' => $db_host,
# 'database' => $db_name,
# 'username' => $db_user,
# 'password' => $db_password,
# 'charset' => 'utf8'
# })
#
# # Settings for RabbitMQ
# $rabbit = hiera_hash('rabbit_hash')
# $rabbit_user = $rabbit['user']
# $rabbit_password = $rabbit['password']
# $rabbit_hosts = split(hiera('amqp_hosts',''), ',')
#
# # Settings for Astara
## $mangement_network_id =
## $management_subnet_id =
# $management_prefix = $astara_settings['astara-mgmt-ipv6-prefix']
## $external_network_id =
## $external_subnet_id =
# $external_prefix = $neutron_settings['predefined_networks']['admin_floating_net']['L3']['subnet']
# $enable_drivers = pick($astara_settings['enable_drivers'], 'router')
# $interface_driver = pick($astara_settings['interface_driver'], 'astara.common.linux.interface.OVSInterfaceDriver')
# $instance_provider = pick($astara_settings['instance_provider'], 'on-demand')
# $bind_api_port = $astara_settings['astara-api-port']
# $bind_mgmt_port = $astara_settings['astara-mgmt-service-port']
#
# #$appliance_router_image = {
# # "os_name" => "astara_router",
# # "loc_path" => $settings['astara_appliance_image_loc']
# # "container_format" => "bare",
# # "disk_format" => "qcow2",
# # "glance_properties" => "",
# # "img_name" => "astara_router",
# # "public" => "true"
# #}
# #$appliance_lb_image = {
# # "os_name" => "astara_nginx",
# # "loc_path" => $settings['astara_appliance_image_loc']
# # "container_format" => "bare",
# # "disk_format" => "qcow2",
# # "glance_properties" => "",
# # "img_name" => "astara_nginx",
# # "public" => "true"
# #}
#}

View File

@ -0,0 +1,24 @@
# dependency issues between liberty and mitaka prevent a packaged
# installation right now
#class astara::install {
# class { 'astara::repo': }
#
# package { 'astara-orchestrator':
# ensure => 'present',
# require => Class['astara::repo'],
# tag => ['openstack', 'astara-orchestrator-package'],
# }
#}
# install from src in a venv instead.
class astara::install {
$astara_settings = hiera('fuel-plugin-astara')
$astara_repo_url = pick($astara_settings['git_repo_url'], 'https://github.com/openstack/astara.git')
$astara_repo_branch = pick($astara_settings['git_branch'], 'stable/mitaka')
$repo_dir = '/opt/astara'
exec { 'install-from-src':
command => "/bin/bash ./scripts/install_astara_from_src.sh ${astara_repo_url} ${astara_repo_branch} ${$repo_dir}"
}
}

View File

@ -0,0 +1,13 @@
notice('MODULAR: astara::networks::create')
$astara_settings = hiera('fuel-plugin-astara')
$mgt_net_name = $astara_settings['astara_mgmt_name']
$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix']
class astara::networks::create {
exec { 'create networks':
path => '/bin:/usr/bin',
command => '/bin/bash ./scripts/create_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}',
logoutput => true,
}
}

View File

@ -0,0 +1,14 @@
notice('MODULAR: astara::networks::set')
$astara_settings = hiera('fuel-plugin-astara')
$mgt_net_name = $astara_settings['astara_mgmt_name']
$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix']
class astara::networks::set {
exec { 'set networks':
path => '/bin:/usr/bin',
command => '/bin/bash ./scripts/set_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}',
logoutput => true,
}
}

View File

@ -0,0 +1,15 @@
class astara::repo::liberty {
include apt
if hiera('fuel_version') != '8.0' {
fail('Currently Astara deployment supported only with Fuel 8.0/liberty')
}
# we install liberty on all nodes except the astara nodes
notice('MODULAR: astara - Installing controller version for Liberty')
apt::ppa { 'ppa:astara-drivers/astara-liberty': }
exec {
'apt-get update':
path => '/usr/bin/',
require => Apt::Ppa['ppa:astara-drivers/astara-liberty']
}
}

View File

@ -0,0 +1,74 @@
[DEFAULT] <% settings = scope.lookupvar('@fuel-plugin-astara') %>
debug = False
log_dir = /var/log/astara
log_file = /var/log/astara/orchestrator.log
auth_region = <%= @astara_settings['auth_region'] %>
auth_url = <%= @astara_settings['auth_url'] %>
instance_provider = <%= @astara_settings['instance_provider'] %>
management_network_id = <%= @astara_settings['management_network_id'] %>
management_subnet_id = <%= @astara_settings['management_subnet_id'] %>
management_prefix = <%= @astara_settings['management_prefix'] %>
enabled_drivers = <%= @astara_settings['enabled_drivers'] %>
external_network_id = <%= @astara_settings['external_network_id'] %>
external_subnet_id = <%= @astara_settings['external_subnet_id'] %>
external_prefix = <%= @astara_settings['external_prefix'] %>
interface_driver = <%= @astara_settings['interface_driver'] %>
plug_external_port = True
ssh_public_key = /etc/astara/id_rsa.pub
provider_rules_path = /etc/astara/provider_rules.json
reboot_error_threshold =32
num_worker_threads = 2
num_worker_processes = 2
boot_timeout = 3000
host = <%= @astara_settings['controller'] %>
[AGENT]
root_helper = sudo /usr/bin/astara-rootwrap /etc/astara/rootwrap.conf
[ceilometer]
[coordination]
[database]
connection = <%= @astara_settings['db_connection'] %>
[keystone_authtoken]
auth_plugin = password
auth_uri = <%= @astara_settings['auth_uri'] %>
auth_url = <%= @astara_settings['auth_url'] %>
identity_uri = <%= @astara_settings['identity_uri'] %>
project_domain_id = <%= @astara_settings['project_domain_id'] %>
project_name = <%= @astara_settings['project_name'] %>
user_domain_id = <%= @astara_settings['user_domain_id'] %>
password = <%= @astara_settings['keystone_passwd'] %>
username = <%= @astara_settings['keystone_user'] %>
[loadbalancer]
# image_uuid = <%= @astara_settings['lb_image_uuid'] %>
# instance_flavor = <%= @astara_settings['lb_instance_flavor'] %>
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_rabbit]
rabbit_host = <%= @astara_settings['rabbit_host'] %>
rabbit_userid = <%= @astara_settings['rabbit_user'] %>
rabbit_password = <%= @astara_settings['rabbit_password'] %>
[pez]
[router]
image_uuid = <%= @astara_settings['router_image_uuid'] %>
instance_flavor = <%= @astara_settings['router_instance_flavor'] %>

View File

@ -0,0 +1,111 @@
#!/bin/bash -e
# Publish or find the astara image, set its id in config
# Install the fuel public ssh pub key as the astara ssh key
# Restart astara + neutron l2
source $(dirname $0)/functions
source /root/openrc
export OS_ENDPOINT_TYPE=internalURL
ROLE=${1:-"network-orchestrator-node"}
echo "Running post-deployment task for $role"
TIMEOUT=600
IMG_FILE="/root/astara_appliance.qcow2"
IMG_NAME="astara_appliance"
if [[ ! -e $IMG_FILE ]]; then
echo "No image file found at $IMG_FILE" && exit 1
fi
if ! which glance; then
sudo apt-get install -y python-glanceclient
fi
if ! which openstack; then
sudo apt-get install -y python-openstackclient
fi
if ! which neutron; then
sudo apt-get -y install python-neutronclient
fi
# glanceclient + openstack clients are a mess and cannot request at the internal
# url.... :(
internal_url=`openstack catalog show image -c endpoints -f value | grep internal | awk '{ print $2 }'`
OS_IMG_URL="--os-image-url=$internal_url"
function publish_image {
if glance $OS_IMG_URL image-list | grep $IMG_NAME; then
return
fi
echo "Publishing astara image into glance"
glance $OS_IMG_URL image-create --name $IMG_NAME --visibility=public --container-format=bare --disk-format=qcow2 --file $IMG_FILE
echo "Published astara image $IMG_FILE into glance"
}
function find_image {
echo "Finding astara image in glance"
for i in $(seq 0 $TIMEOUT); do
IMG_ID=$(glance $OS_IMG_URL image-list | grep $IMG_NAME | awk '{ print $2 }')
echo $IMG_ID
if [[ -n "$IMG_ID" ]]; then
echo "Found astara applinace image in glance /w id $IMG_ID"
return
fi
echo 'zzz'
sleep 1
done
echo "Did not find astara appliance image in glance after $TIMEOUT seconds"
exit 1
}
function scrub_neutron {
# scrub the fuel created routers and ports that existed before the l3 agent was
# removed
for router in $(neutron router-list -c id -f value); do
subnets=$(neutron router-port-list -c id -c fixed_ips -f value $router | awk '{ print $3 }' | sed -e 's/,//g')
for subnet in $subnets; do
subnet=$(echo $subnet | sed -e's/"//g')
neutron router-gateway-clear $router $subnet || true
neutron router-interface-delete $router $subnet || true
done
done
for router in $(neutron router-list -c id -f value); do
neutron router-delete $router
done
sleep 3
for port in $(neutron port-list -c id -f value); do
neutron port-delete $port
done
}
if [[ "$ROLE" == "primary-network-orchestrator-node" ]]; then
publish_image
scrub_neutron
fi
find_image
iniset /etc/astara/orchestrator.ini router image_uuid $IMG_ID
iniset /etc/astara/orchestrator.ini loadbalancer image_uuid $IMG_ID
# ssh key installation
echo "$(cat /root/.ssh/authorized_keys)" >/etc/astara/appliance_key.pub
iniset /etc/astara/orchestrator.ini DEFAULT ssh_public_key /etc/astara/appliance_key.pub
service astara-orchestrator stop || true
service neutron-plugin-openvswitch-agent restart
# ensure bridges get created first
sleep 5
service astara-orchestrator start
exit 0

View File

@ -0,0 +1,21 @@
#!/bin/bash -e
source /root/openrc
for agent in dhcp metadata l3; do
echo "Disablng $agent neutron agent in pacemaker cluster."
pcs resource disable clone_p_neutron-${agent}-agent
for id in $(neutron agent-list | grep $agent | awk '{ print $2 }'); do
echo "Deleting $agent $id from neutron."
neutron agent-delete $id
done
done
# The debian/ubuntu packaging has a bug that makes it impossible to gracefully
# load your specific config files without mangling its upstart conf.
sed -i 's/\$CONF_ARG$/--config-file \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini/g' /etc/init/neutron-server.conf
# Kick neutron-server after everythings been installed + configured
service neutron-server restart || true
exit 0

View File

@ -0,0 +1,39 @@
#!/bin/bash -e
if ! which neutron; then
sudo apt-get -y install python-neutronclient
fi
source /root/openrc
source $(dirname $0)/functions
mgt_name=${1:-"astara_mgmt"}
mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"}
net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')"
if [[ -z "$net_id" ]]; then
echo "Creating astara mgt net: $mgt_name"
net_id=$(neutron net-create $mgt_name | grep " id " | awk '{ print $4 }')
echo "Created astara mgt net: $net_id"
else
echo "Found existing astara mgt net: $net_id"
fi
subnet_id="$(neutron subnet-list | grep " $mgt_prefix " | awk '{ print $2 }')"
if [[ -z "$subnet_id" ]]; then
echo "Creating new astara mgt subnet for $mgt_prefix"
if [[ "$mgt_prefix" =~ ':' ]]; then
subnet_create_args="--name astara_mgmt --ip-version=6 --ipv6_address_mode=slaac --enable_dhcp"
fi
subnet_id=$(neutron subnet-create $mgt_name $mgt_prefix $subnet_create_args | grep ' id ' | awk '{ print $4 }')
else
echo "Found existing mgt subnet for $mgt_prefix; $subnet_id"
fi
iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id
iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id

View File

@ -0,0 +1,17 @@
#!/bin/bash
if ! which nova; then
sudo apt-get -y install python-novaclient
fi
ram=${1:-512}
disk=${2:-3}
vcpus=${3:-1}
flavor_name=${4:-m1.astara}
id=${5:-511}
source /root/openrc
if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then
nova flavor-create $flavor_name $id $ram $disk $vcpus
fi

View File

@ -0,0 +1,258 @@
#!/bin/bash
#
# **inc/ini-config** - Configuration/INI functions
#
# Support for manipulating INI-style configuration files
#
# These functions have no external dependencies and no side-effects
# Save trace setting
INC_CONF_TRACE=$(set +o | grep xtrace)
set +o xtrace
# Config Functions
# ================
# Append a new option in an ini file without replacing the old value
# iniadd [-sudo] config-file section option value1 value2 value3 ...
function iniadd {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="-sudo "
shift
fi
local file=$1
local section=$2
local option=$3
shift 3
local values="$(iniget_multiline $file $section $option) $@"
iniset_multiline $sudo $file $section $option $values
$xtrace
}
# Comment an option in an INI file
# inicomment [-sudo] config-file section option
function inicomment {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
$sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file"
$xtrace
}
# Get an option from an INI file
# iniget config-file section option
function iniget {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local file=$1
local section=$2
local option=$3
local line
line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
echo ${line#*=}
$xtrace
}
# Get a multiple line option from an INI file
# iniget_multiline config-file section option
function iniget_multiline {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local file=$1
local section=$2
local option=$3
local values
values=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { s/^$option[ \t]*=[ \t]*//gp; }" "$file")
echo ${values}
$xtrace
}
# Determinate is the given option present in the INI file
# ini_has_option config-file section option
function ini_has_option {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local file=$1
local section=$2
local option=$3
local line
line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file")
$xtrace
[ -n "$line" ]
}
# Add another config line for a multi-line option.
# It's normally called after iniset of the same option and assumes
# that the section already exists.
#
# Note that iniset_multiline requires all the 'lines' to be supplied
# in the argument list. Doing that will cause incorrect configuration
# if spaces are used in the config values.
#
# iniadd_literal [-sudo] config-file section option value
function iniadd_literal {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
local value=$4
if [[ -z $section || -z $option ]]; then
$xtrace
return
fi
# Add it
$sudo sed -i -e "/^\[$section\]/ a\\
$option = $value
" "$file"
$xtrace
}
# Remove an option from an INI file
# inidelete [-sudo] config-file section option
function inidelete {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
if [[ -z $section || -z $option ]]; then
$xtrace
return
fi
# Remove old values
$sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
$xtrace
}
# Set an option in an INI file
# iniset [-sudo] config-file section option value
# - if the file does not exist, it is created
function iniset {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
local value=$4
if [[ -z $section || -z $option ]]; then
$xtrace
return
fi
if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then
# Add section at the end
echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
fi
if ! ini_has_option "$file" "$section" "$option"; then
# Add it
$sudo sed -i -e "/^\[$section\]/ a\\
$option = $value
" "$file"
else
local sep=$(echo -ne "\x01")
# Replace it
$sudo sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file"
fi
$xtrace
}
# Set a multiple line option in an INI file
# iniset_multiline [-sudo] config-file section option value1 value2 valu3 ...
function iniset_multiline {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
shift 3
local values
for v in $@; do
# The later sed command inserts each new value in the line next to
# the section identifier, which causes the values to be inserted in
# the reverse order. Do a reverse here to keep the original order.
values="$v ${values}"
done
if ! grep -q "^\[$section\]" "$file"; then
# Add section at the end
echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null
else
# Remove old values
$sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file"
fi
# Add new ones
for v in $values; do
$sudo sed -i -e "/^\[$section\]/ a\\
$option = $v
" "$file"
done
$xtrace
}
# Uncomment an option in an INI file
# iniuncomment config-file section option
function iniuncomment {
local xtrace=$(set +o | grep xtrace)
set +o xtrace
local sudo=""
if [ $1 == "-sudo" ]; then
sudo="sudo "
shift
fi
local file=$1
local section=$2
local option=$3
$sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file"
$xtrace
}
# Restore xtrace
$INC_CONF_TRACE
# Local variables:
# mode: shell-script
# End:

View File

@ -0,0 +1,87 @@
#!/bin/bash -ex
repo=$1
branch=$2
dest=$3
venv=/opt/venv/astara
apt-get -y install python-dev libmysqlclient-dev
if ! which pip ; then
apt-get -y install python-pip
fi
if ! which git; then
apt-get -y install git
fi
if ! which virtualenv ; then
pip install virtualenv
fi
if [[ ! -d $dest ]] ; then
git clone $repo $dest
(cd $dest && git checkout $branch)
fi
dirs="/var/log/astara /var/lib/astara /etc/astara"
for dir in $dirs; do
mkdir -p $dir
done
if ! getent group astara > /dev/null 2>&1
then
addgroup --system astara >/dev/null
fi
if ! getent passwd astara > /dev/null 2>&1
then
adduser --system --home /var/lib/astara --ingroup astara --no-create-home --shell /bin/false astara
fi
for i in $(ls $dest/etc/); do
if [[ ! -e /etc/astara/$i ]]; then
cp -r $dest/etc/$i /etc/astara
fi
done
chown -R astara:adm /var/log/astara/
chmod 0750 /var/log/astara/
chown astara:astara -R /var/lib/astara/ /etc/astara/
chmod 0750 /etc/astara/
cat >/etc/sudoers.d/astara_sudoers <<END
Defaults:astara !requiretty
astara ALL = (root) NOPASSWD: /usr/bin/astara-rootwrap
END
chmod 0440 /etc/sudoers.d/astara_sudoers
if [[ ! -d $venv ]]; then
mkdir -p $(dirname $venv)
virtualenv $venv
fi
cat >/etc/init/astara-orchestrator.conf <<END
description "Astara Network Orchestrator server"
author "Eric Lopez <eric.lopez@akanda.io>"
start on runlevel [2345]
stop on runlevel [!2345]
respawn
chdir /var/run
exec start-stop-daemon --start --chuid astara --exec /usr/bin/astara-orchestrator -- --config-file=/etc/astara/orchestrator.ini
END
if ! which astara-orchestrator; then
$venv/bin/pip install -r $dest/requirements.txt $dest
$venv/bin/pip install "PyMySQL>=0.6.2"
$venv/bin/pip install "MySQL-python;python_version=='2.7'"
for bin in $(ls $venv/bin/astara*) ; do
if [[ ! -e /usr/bin/$(basename $bin) ]]; then
ln -s $bin /usr/bin/$(basename $bin)
fi
done
fi

View File

@ -0,0 +1,39 @@
#!/bin/bash -e
# Spin indefinitely until our mgt net and subnet show up in neutron. This will
# be timed out by deployment_tasks if it does not succeed.
source /root/openrc
source $(dirname $0)/functions
if ! which neutron; then
sudo apt-get -y install python-neutronclient
fi
mgt_name=${1:-"astara_mgmt"}
mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"}
while [[ -z "$net_id" ]]; do
net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')"
if [[ -z "$net_id" ]]; then
echo "Still waiting on mgt net"
sleep 1
else
echo "Found astara mgt net: $net_id"
break
fi
done
while [[ -z "$subnet_id" ]]; do
subnet_id="$(neutron subnet-list | grep " $mgt_prefix" | awk '{ print $2 }')"
if [[ -z "$subnet_id" ]]; then
echo "Still waiting on mgt subnet"
sleep 1
else
echo "Found astara mgt subnet: $subnet_id"
break
fi
done
iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id
iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id

View File

@ -0,0 +1,13 @@
#!/bin/bash
ram=${1:-512}
disk=${2:-3}
vcpus=${3:-1}
flavor_name=${4:-m1.astara}
id=${5:-511}
source /root/openrc
if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then
nova flavor-create $flavor_name $id $ram $disk $vcpus
fi

177
deployment_tasks.yaml Normal file
View File

@ -0,0 +1,177 @@
# These tasks will be merged into deployment graph. Here you
# can specify new tasks for any roles, even built-in ones.
# Deployment Groups
- id: primary-network-orchestrator-node
type: group
role: [primary-network-orchestrator-node]
requires: [primary-controller, controller]
required_for: [deploy_end]
tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig,
hosts, firewall, deploy_start]
parameters:
strategy:
type: one_by_one
- id: network-orchestrator-node
type: group
role: [primary-network-orchestrator-node]
requires: [primary-controller, controller, primary-network-orchestrator-node]
required_for: [deploy_end]
tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig,
hosts, firewall, deploy_start]
parameters:
strategy:
type: parallel
# Deployment Tasks
# No idea what purpose this hiera override task serves.
- id: network-orchestrator-pre-deployment-task
type: puppet
groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node]
requires: [pre_deployment_start]
required_for: [pre_deployment_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_pre_deployment.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-hiera-override
type: puppet
groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node]
requires: [globals]
required_for: [logging]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_hiera_override.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
# These tasks execute on the controller
- id: network-orchestrator-node-db-task
type: puppet
groups: [primary-controller]
requires: [primary-database, database]
required_for: [deploy_end]
cross-depends:
- name: /(primary-)?database/
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_db.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-astara-neutron-install-task
type: puppet
role: [primary-controller, controller]
requires: [post_deployment_start]
required_for: [post_deployment_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_astara_neutron_install.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-astara-neutron-configure-task
type: shell
role: [primary-controller, controller]
requires: [post_deployment_start, network-orchestrator-node-astara-neutron-install-task]
required_for: [post_deployment_end]
parameters:
cmd: ./scripts/controller_post_deploy.sh
timeout: 1800
# These tasks execute on the astara node
- id: network-orchestrator-node-install-task
type: puppet
groups: [primary-network-orchestrator-node, network-orchestrator-node]
requires: [network-orchestrator-hiera-override, netconfig]
required_for: [deploy_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_install.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-ml2-task
type: puppet
groups: [primary-network-orchestrator-node, network-orchestrator-node]
requires: [network-orchestrator-node-install-task]
required_for: [deploy_end]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/plugins/ml2.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-ml2-config-task
type: puppet
groups: [primary-network-orchestrator-node, network-orchestrator-node]
requires: [network-orchestrator-node-ml2-task]
required_for: [deploy_end]
parameters:
puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/common-config.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-configure-task
type: puppet
groups: [primary-network-orchestrator-node, network-orchestrator-node]
requires: [network-orchestrator-node-install-task, network-orchestrator-node-ml2-task]
required_for: [deploy_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_configure.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-node-image-task
type: puppet
groups: [primary-network-orchestrator-node]
requires: [network-orchestrator-node-install-task]
required_for: [deploy_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_image.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 3800
# This task creates neutron networks, nova flavors and syncs db
# on the primary
- id: network-orchestrator-node-create-resources-task
type: puppet
groups: [primary-network-orchestrator-node]
requires: [network-orchestrator-node-configure-task]
required_for: [network-orchestrator-node-set-resources-task]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_create_resources.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
# This task configures non-primary nodes to use those created resources
- id: network-orchestrator-node-set-resources-task
type: puppet
groups: [network-orchestrator-node]
requires: [network-orchestrator-node-create-resources-task]
required_for: [deploy_end]
parameters:
puppet_manifest: puppet/manifests/network_orchestrator_set_resources.pp
puppet_modules: puppet/modules:/etc/puppet/modules
timeout: 1800
- id: network-orchestrator-primary-node-post-deployment-task
type: shell
role: [primary-network-orchestrator-node]
requires: [post_deployment_start, upload_cirros]
required_for: [network-orchestrator-node-post-deployment-task]
parameters:
cmd: ./scripts/astara_post_deploy.sh primary-network-orchestrator-node
timeout: 1800
retries: 3
interval: 20
- id: network-orchestrator-node-post-deployment-task
type: shell
role: [network-orchestrator-node]
requires: [network-orchestrator-primary-node-post-deployment-task]
required_for: [post_deployment_end]
parameters:
cmd: ./scripts/astara_post_deploy.sh network-orchestrator-node
timeout: 1800
retries: 3
interval: 20

55
environment_config.yaml Normal file
View File

@ -0,0 +1,55 @@
attributes:
metadata:
restrictions:
- action: hide
condition: "cluster:net_provider != 'neutron'"
- condition: "settings:neutron_advanced_configuration.neutron_dvr.value == true"
message: "Neutron DVR must be disabled in order to use Astara plugin"
- condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == true"
message: "Neutron L3 HA must be disabled in order to use Astara plugin"
- condition: "settings:public_network_assignment.assign_to_all_nodes.value == false"
message: "Enable Public Network Access for all nodes"
- condition: "settings:neutron_advanced_configuration.neutron_l2_pop.value == false and networking_parameters:segmentation_type != 'vlan'"
message: "Enable Neutron L2 Population"
group: network
astara_db_password:
generator: "password"
astara_mgmt_name:
value: 'astara_mgmt'
label: 'Astara Management Network Name'
weight: 15
description: 'Set the Astara Management Neutron Network Name'
type: "text"
astara_mgmt_ipv6_prefix:
value: 'fdca:3ba5:a17a:acda::/64'
label: 'Astara Management IPv6 Prefix'
description: 'Set the IPv6 Prefix for the Management Network'
weight: 20
type: "text"
regex:
source: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))'
error: "Invalid IPv6 Prefix"
astara_mgmt_service_port:
value: '5000'
label: 'Astara Management Service Port'
description: 'Set the Astara Managment Service Port'
weight: 25
type: "text"
regex:
source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$'
error: "Must specify a management port (ie, 5000)"
astara_api_port:
value: '44250'
label: 'Astara API Service Port'
description: 'Set the Astara API Service Port'
weight: 30
type: "text"
regex:
source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$'
error: "Empty API Service Port"
astara_appliance_image_location:
value: 'http://tarballs.openstack.org/astara-appliance/images/astara_appliance_mitaka.qcow2'
label: 'Astara Appliance Image URL'
description: 'Set the Astara Appliance Image Download URL'
weight: 35
type: "text"

34
metadata.yaml Normal file
View File

@ -0,0 +1,34 @@
# Plugin name
name: fuel-plugin-astara
# Human-readable name for your plugin
title: Use Astara Network Orchestrator
# Plugin version
version: '1.0.32'
# Description
description: Enable to use Openstack Astara Network Orchestrator for Neutron Networking
# Required fuel version
fuel_version: ['8.0']
# Specify license of your plugin
licenses: ['Apache License Version 2.0']
# Specify author or company name
authors: ['Akanda, Inc.']
# A link to the plugin's page
homepage: 'https://github.com/openstack/fuel-plugins-astara'
# Specify a group which your plugin implements, possible options:
# network, storage, storage::cinder, storage::glance, hypervisor,
# equipment
groups: ['network']
# Change `false` to `true` if the plugin can be installed in the environment
# after the deployment.
is_hotpluggable: false
# The plugin is compatible with releases in the list
releases:
- os: ubuntu
version: liberty-8.0
mode: ['ha','multinode']
deployment_scripts_path: deployment_scripts/
repository_path: repositories/ubuntu
# Version of plugin package
package_version: '4.0.0'

17
network_roles.yaml Normal file
View File

@ -0,0 +1,17 @@
# Unique network role name
- id: "astara_neutron"
# Role mapping to network
default_mapping: "management"
properties:
# Should be true if network role requires subnet being set
subnet: true
# Should be true if network role requires gateway being set
gateway: false
# List of VIPs to be allocated
vip:
# Unique VIP name
- name: "astara_orchestrator_vip"
# Optional linux namespace for VIP
namespace: "haproxy"
alias: "rug_vip"
node_roles: ["primary-network-controller", "network-controller"]

17
node_roles.yaml Normal file
View File

@ -0,0 +1,17 @@
network-orchestrator-node:
# Role name
name: "Network Orchestrator Node"
# Role description
description: "Role to create a seperate Node for Astara Network Orchestartor Service"
# If primary then during orchestration this role will be
# separated into primary-role and role
has_primary: true
# Assign public IP to node if true
public_ip_required: false
# Weight that will be used to sort out the
# roles on the Fuel web UI
weight: 1000
conflicts:
- compute
limits:
min: 1

11
pre_build_hook Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
set -eux
ROOT="$(dirname `readlink -f $0`)"
RPM_REPO="${ROOT}"/repositories/centos/
DEB_REPO="${ROOT}"/repositories/ubuntu/
# DEB Package Files
# RPM Package Files
# wget -P "${RPM_REPO}" "${ASTARA_MITAKA_REPO_LOC}/"

0
repositories/centos/.gitignore vendored Normal file
View File

View File

0
repositories/ubuntu/.gitignore vendored Normal file
View File

View File

1
tasks.yaml Normal file
View File

@ -0,0 +1 @@
[]