407 lines
18 KiB
Puppet
407 lines
18 KiB
Puppet
# Copyright (C) 2015-2016 Mirantis
|
|
# Copyright (C) 2016 AT&T
|
|
|
|
class openstack_tasks::openstack_controller::openstack_controller {
|
|
|
|
notice('MODULAR: openstack_controller/openstack_controller.pp')
|
|
|
|
$network_scheme = hiera_hash('network_scheme', {})
|
|
$network_metadata = hiera_hash('network_metadata', {})
|
|
prepare_network_config($network_scheme)
|
|
|
|
$primary_controller = hiera('primary_controller')
|
|
$use_syslog = hiera('use_syslog', true)
|
|
$use_stderr = hiera('use_stderr', false)
|
|
$syslog_log_facility_nova = hiera('syslog_log_facility_nova','LOG_LOCAL6')
|
|
$management_vip = hiera('management_vip')
|
|
$ceilometer_hash = hiera_hash('ceilometer', {})
|
|
$sahara_hash = hiera_hash('sahara', {})
|
|
$storage_hash = hiera_hash('storage', {})
|
|
$nova_hash = hiera_hash('nova', {})
|
|
$nova_rate_limits = $nova_hash['nova_rate_limits']
|
|
$nova_config_hash = hiera_hash('nova_config', {})
|
|
$nova_report_interval = hiera('nova_report_interval', '60')
|
|
$nova_service_down_time = hiera('nova_service_down_time', '180')
|
|
$api_bind_address = get_network_role_property('nova/api', 'ipaddr')
|
|
$rabbit_hash = hiera_hash('rabbit', {})
|
|
$service_endpoint = hiera('service_endpoint')
|
|
$ssl_hash = hiera_hash('use_ssl', {})
|
|
$node_hash = hiera_hash('node_hash', {})
|
|
$sahara_enabled = pick($sahara_hash['enabled'], false)
|
|
$kombu_compression = hiera('kombu_compression', $::os_service_default)
|
|
|
|
$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', [$nova_hash['auth_protocol'], 'http'])
|
|
$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
|
|
$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http'])
|
|
$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
|
|
|
|
$keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
|
|
$keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
|
|
$keystone_ec2_url = "${keystone_auth_uri}v2.0/ec2tokens"
|
|
|
|
# get glance api servers list
|
|
$glance_endpoint_default = hiera('glance_endpoint', $management_vip)
|
|
$glance_protocol = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http')
|
|
$glance_endpoint = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default)
|
|
$glance_api_servers = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292")
|
|
|
|
$keystone_user = pick($nova_hash['user'], 'nova')
|
|
$keystone_tenant = pick($nova_hash['tenant'], 'services')
|
|
$region_name = hiera('region', 'RegionOne')
|
|
$workers_max = hiera('workers_max', $::os_workers)
|
|
$service_workers = pick($nova_hash['workers'],
|
|
min(max($::processorcount, 2), $workers_max))
|
|
$compute_nodes = get_nodes_hash_by_roles($network_metadata, ['compute'])
|
|
$huge_pages_nodes = filter_nodes_with_enabled_option($compute_nodes, 'nova_hugepages_enabled')
|
|
$cpu_pinning_nodes = filter_nodes_with_enabled_option($compute_nodes, 'nova_cpu_pinning_enabled')
|
|
|
|
$ironic_hash = hiera_hash('ironic', {})
|
|
|
|
$openstack_controller_hash = hiera_hash('openstack_controller', {})
|
|
|
|
$external_lb = hiera('external_lb', false)
|
|
|
|
$neutron_config = hiera_hash('quantum_settings')
|
|
$neutron_metadata_proxy_secret = $neutron_config['metadata']['metadata_proxy_shared_secret']
|
|
$default_floating_net = pick($neutron_config['default_floating_net'], 'net04_ext')
|
|
$pci_vendor_devs = pick($neutron_config['supported_pci_vendor_devs'], false)
|
|
|
|
$repo_setup = hiera_hash('repo_setup', {})
|
|
$repo_type = pick_default($repo_setup['repo_type'], '')
|
|
# Boolean value for further usage
|
|
if $pci_vendor_devs {
|
|
$sriov_enabled = true
|
|
} else {
|
|
$sriov_enabled = false
|
|
}
|
|
|
|
if size($huge_pages_nodes) > 0 {
|
|
$use_huge_pages = true
|
|
} else {
|
|
$use_huge_pages = false
|
|
}
|
|
|
|
if size($cpu_pinning_nodes) > 0 {
|
|
$enable_cpu_pinning = true
|
|
} else {
|
|
$enable_cpu_pinning = false
|
|
}
|
|
|
|
$db_type = pick($nova_hash['db_type'], 'mysql+pymysql')
|
|
$db_host = pick($nova_hash['db_host'], hiera('database_vip'))
|
|
$db_user = pick($nova_hash['db_user'], 'nova')
|
|
$db_password = $nova_hash['db_password']
|
|
$db_name = pick($nova_hash['db_name'], 'nova')
|
|
$api_db_user = pick($nova_hash['api_db_user'], 'nova_api')
|
|
$api_db_password = pick($nova_hash['api_db_password'], $nova_hash['db_password'])
|
|
$api_db_name = pick($nova_hash['api_db_name'], 'nova_api')
|
|
# LP#1526938 - python-mysqldb supports this, python-pymysql does not
|
|
if $::os_package_type == 'debian' {
|
|
$extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 }
|
|
} else {
|
|
$extra_params = { 'charset' => 'utf8' }
|
|
}
|
|
$db_connection = os_database_connection({
|
|
'dialect' => $db_type,
|
|
'host' => $db_host,
|
|
'database' => $db_name,
|
|
'username' => $db_user,
|
|
'password' => $db_password,
|
|
'extra' => $extra_params
|
|
})
|
|
$api_db_connection = os_database_connection({
|
|
'dialect' => $db_type,
|
|
'host' => $db_host,
|
|
'database' => $api_db_name,
|
|
'username' => $api_db_user,
|
|
'password' => $api_db_password,
|
|
'extra' => $extra_params
|
|
})
|
|
|
|
$transport_url = hiera('transport_url','rabbit://guest:password@127.0.0.1:5672/')
|
|
|
|
# SQLAlchemy backend configuration
|
|
$max_pool_size = hiera('max_pool_size', min($::os_workers * 5 + 0, 30 + 0))
|
|
$max_overflow = hiera('max_overflow', min($::os_workers * 5 + 0, 60 + 0))
|
|
$idle_timeout = hiera('idle_timeout', '3600')
|
|
$max_retries = hiera('max_retries', '-1')
|
|
|
|
if hiera('nova_quota') {
|
|
$nova_quota_driver = 'nova.quota.DbQuotaDriver'
|
|
} else {
|
|
$nova_quota_driver = 'nova.quota.NoopQuotaDriver'
|
|
}
|
|
|
|
$notify_on_state_change = 'vm_and_task_state'
|
|
|
|
# From legacy params.pp
|
|
case $::osfamily {
|
|
'RedHat': {
|
|
$pymemcache_package_name = 'python-memcached'
|
|
}
|
|
'Debian': {
|
|
$pymemcache_package_name = 'python-memcache'
|
|
}
|
|
default: {
|
|
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem},\
|
|
module ${module_name} only support osfamily RedHat and Debian")
|
|
}
|
|
}
|
|
|
|
$memcached_servers = hiera('memcached_servers')
|
|
$local_memcached_server = hiera('local_memcached_server')
|
|
|
|
$debug = pick($openstack_controller_hash['debug'], hiera('debug', true))
|
|
|
|
$fping_path = $::osfamily ? {
|
|
'Debian' => '/usr/bin/fping',
|
|
'RedHat' => '/usr/sbin/fping',
|
|
default => fail('Unsupported Operating System.'),
|
|
}
|
|
|
|
$rabbit_heartbeat_timeout_threshold = pick($nova_hash['rabbit_heartbeat_timeout_threshold'], $rabbit_hash['heartbeat_timeout_threshold'], 60)
|
|
$rabbit_heartbeat_rate = pick($nova_hash['rabbit_heartbeat_rate'], $rabbit_hash['rabbit_heartbeat_rate'], 2)
|
|
|
|
#################################################################
|
|
|
|
class { '::nova':
|
|
database_connection => $db_connection,
|
|
api_database_connection => $api_db_connection,
|
|
default_transport_url => $transport_url,
|
|
image_service => 'nova.image.glance.GlanceImageService',
|
|
glance_api_servers => $glance_api_servers,
|
|
debug => $debug,
|
|
log_facility => $syslog_log_facility_nova,
|
|
use_syslog => $use_syslog,
|
|
use_stderr => $use_stderr,
|
|
database_idle_timeout => $idle_timeout,
|
|
report_interval => $nova_report_interval,
|
|
service_down_time => $nova_service_down_time,
|
|
notify_api_faults => pick($nova_hash['notify_api_faults'], false),
|
|
notification_driver => $ceilometer_hash['notification_driver'],
|
|
notify_on_state_change => $notify_on_state_change,
|
|
cinder_catalog_info => pick($nova_hash['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'),
|
|
database_max_pool_size => $max_pool_size,
|
|
database_max_retries => $max_retries,
|
|
database_max_overflow => $max_overflow,
|
|
kombu_compression => $kombu_compression,
|
|
rabbit_heartbeat_timeout_threshold => $rabbit_heartbeat_timeout_threshold,
|
|
rabbit_heartbeat_rate => $rabbit_heartbeat_rate,
|
|
os_region_name => $region_name,
|
|
}
|
|
|
|
# TODO(aschultz): this is being removed in M, do we need it?
|
|
if $use_syslog {
|
|
nova_config {
|
|
'DEFAULT/use_syslog_rfc_format': value => true;
|
|
}
|
|
}
|
|
|
|
if pick($nova_hash['use_cache'], true) {
|
|
class { '::nova::cache':
|
|
enabled => true,
|
|
backend => 'oslo_cache.memcache_pool',
|
|
memcache_servers => $local_memcached_server,
|
|
}
|
|
} else {
|
|
ensure_packages($pymemcache_package_name)
|
|
}
|
|
|
|
class { '::nova::quota':
|
|
quota_instances => pick($nova_hash['quota_instances'], 100),
|
|
quota_cores => pick($nova_hash['quota_cores'], 100),
|
|
quota_ram => pick($nova_hash['quota_ram'], 51200),
|
|
quota_floating_ips => pick($nova_hash['quota_floating_ips'], 100),
|
|
quota_fixed_ips => pick($nova_hash['quota_fixed_ips'], -1),
|
|
quota_metadata_items => pick($nova_hash['quota_metadata_items'], 1024),
|
|
quota_injected_files => pick($nova_hash['quota_injected_files'], 50),
|
|
quota_injected_file_content_bytes => pick($nova_hash['quota_injected_file_content_bytes'], 102400),
|
|
quota_injected_file_path_length => pick($nova_hash['quota_injected_file_path_length'], 4096),
|
|
quota_security_groups => pick($nova_hash['quota_security_groups'], 10),
|
|
quota_security_group_rules => pick($nova_hash['quota_security_group_rules'], 20),
|
|
quota_key_pairs => pick($nova_hash['quota_key_pairs'], 10),
|
|
quota_server_groups => pick($nova_hash['quota_server_groups'], 10),
|
|
quota_server_group_members => pick($nova_hash['quota_server_group_members'], 10),
|
|
reservation_expire => pick($nova_hash['reservation_expire'], 86400),
|
|
until_refresh => pick($nova_hash['until_refresh'], 0),
|
|
max_age => pick($nova_hash['max_age'], 0),
|
|
quota_driver => $nova_quota_driver
|
|
}
|
|
|
|
$default_limits = {
|
|
'POST' => 10,
|
|
'POST_SERVERS' => 50,
|
|
'PUT' => 10,
|
|
'GET' => 3,
|
|
'DELETE' => 100,
|
|
}
|
|
|
|
$merged_limits = merge($default_limits, $nova_rate_limits)
|
|
$post_limit = $merged_limits['POST']
|
|
$put_limit = $merged_limits['PUT']
|
|
$get_limit = $merged_limits['GET']
|
|
$delete_limit = $merged_limits['DELETE']
|
|
$post_servers_limit = $merged_limits['POST_SERVERS']
|
|
$nova_rate_limits_string = inline_template('<%="(POST, *, .*, #{@post_limit} , MINUTE);\
|
|
(POST, %(*/servers), ^/servers, #{@post_servers_limit} , DAY);(PUT, %(*) , .*, #{@put_limit}\
|
|
, MINUTE);(GET, %(*changes-since*), .*changes-since.*, #{@get_limit}, MINUTE);(DELETE, %(*),\
|
|
.*, #{@delete_limit} , MINUTE)" %>')
|
|
|
|
class { '::nova::keystone::authtoken':
|
|
username => $keystone_user,
|
|
password => $nova_hash['user_password'],
|
|
project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
|
auth_url => $keystone_auth_url,
|
|
auth_uri => $keystone_auth_uri,
|
|
auth_version => pick($nova_hash['auth_version'], $::os_service_default),
|
|
memcached_servers => $local_memcached_server,
|
|
}
|
|
if $repo_type == 'uca' {
|
|
class { 'osnailyfacter::apache':
|
|
listen_ports => hiera_array('apache_ports', ['0.0.0.0:80', '0.0.0.0:8888', '0.0.0.0:5000', '0.0.0.0:35357', '0.0.0.0:8777','0.0.0.0:8042']),
|
|
}
|
|
|
|
$ssl = false
|
|
class {'::nova::wsgi::apache_placement':
|
|
ssl => $ssl,
|
|
priority => '36',
|
|
bind_host => $bind_host,
|
|
api_port => 8778,
|
|
}
|
|
class {'::nova::placement':
|
|
password => $nova_hash['user_password'],
|
|
auth_url => $keystone_auth_url,
|
|
os_interface => 'internal',
|
|
project_name => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
|
|
os_region_name => $region_name
|
|
}
|
|
}
|
|
# Configure nova-api
|
|
class { '::nova::api':
|
|
enabled => true,
|
|
api_bind_address => $api_bind_address,
|
|
metadata_listen => $api_bind_address,
|
|
ratelimits => $nova_rate_limits_string,
|
|
neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_secret,
|
|
osapi_compute_workers => $service_workers,
|
|
metadata_workers => $service_workers,
|
|
sync_db => $primary_controller,
|
|
sync_db_api => $primary_controller,
|
|
fping_path => $fping_path,
|
|
api_paste_config => '/etc/nova/api-paste.ini',
|
|
default_floating_pool => $default_floating_net,
|
|
enable_proxy_headers_parsing => true,
|
|
allow_resize_to_same_host => pick($nova_hash['allow_resize_to_same_host'], true),
|
|
require => Package['nova-common'],
|
|
}
|
|
|
|
# tweak both 'nova-db-sync' and 'nova-db-sync-api' execs
|
|
# TODO(mmalchuk) remove this after LP#1628580 merged
|
|
Exec<| title == 'nova-db-sync' or title == 'nova-db-sync-api' |> {
|
|
tries => '10',
|
|
try_sleep => '5',
|
|
}
|
|
|
|
Package[$pymemcache_package_name] -> Nova::Generic_service <| title == 'api' |>
|
|
|
|
class { '::nova::conductor':
|
|
enabled => true,
|
|
workers => $service_workers,
|
|
use_local => pick($nova_hash['use_local'], false),
|
|
}
|
|
|
|
# a bunch of nova services that require no configuration
|
|
class { [
|
|
'::nova::scheduler',
|
|
'::nova::cert',
|
|
'::nova::consoleauth',
|
|
]:
|
|
enabled => true,
|
|
}
|
|
|
|
class { '::nova::vncproxy':
|
|
enabled => true,
|
|
host => $api_bind_address,
|
|
}
|
|
|
|
include ::nova::params
|
|
|
|
####### Disable upstart startup on install #######
|
|
if($::operatingsystem == 'Ubuntu') {
|
|
tweaks::ubuntu_service_override { 'nova-cert':
|
|
package_name => 'nova-cert',
|
|
}
|
|
tweaks::ubuntu_service_override { 'nova-conductor':
|
|
package_name => 'nova-conductor',
|
|
}
|
|
tweaks::ubuntu_service_override { 'nova-novncproxy':
|
|
package_name => $::nova::params::vncproxy_package_name,
|
|
}
|
|
tweaks::ubuntu_service_override { 'nova-api':
|
|
package_name => 'nova-api',
|
|
}
|
|
tweaks::ubuntu_service_override { 'nova-scheduler':
|
|
package_name => 'nova-scheduler',
|
|
}
|
|
tweaks::ubuntu_service_override { 'nova-consoleauth':
|
|
package_name => 'nova-consoleauth',
|
|
}
|
|
}
|
|
|
|
#TODO: PUT this configuration stanza into nova class
|
|
nova_config {
|
|
'DEFAULT/use_cow_images': value => hiera('use_cow_images');
|
|
'DEFAULT/force_raw_images': value => $nova_hash['force_raw_images'];
|
|
}
|
|
|
|
nova_config {
|
|
'DEFAULT/teardown_unused_network_gateway': value => 'True'
|
|
}
|
|
|
|
$nova_scheduler_default_filters = [ 'RetryFilter', 'AvailabilityZoneFilter', 'RamFilter', 'CoreFilter', 'DiskFilter', 'ComputeFilter', 'ComputeCapabilitiesFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter' ]
|
|
$sriov_filters = $sriov_enabled ? { true => [ 'PciPassthroughFilter','AggregateInstanceExtraSpecsFilter' ], default => []}
|
|
$sahara_filters = $sahara_enabled ? { true => [ 'DifferentHostFilter' ], default => []}
|
|
$huge_pages_filters = $use_huge_pages ? { true => [ 'NUMATopologyFilter' ], default => []}
|
|
$cpu_pinning_filters = $enable_cpu_pinning ? { true => [ 'NUMATopologyFilter', 'AggregateInstanceExtraSpecsFilter' ], default => []}
|
|
$nova_scheduler_filters = unique(concat(pick($nova_config_hash['default_filters'], $nova_scheduler_default_filters), $sahara_filters, $sriov_filters, $huge_pages_filters, $cpu_pinning_filters))
|
|
|
|
if $ironic_hash['enabled'] {
|
|
$scheduler_host_manager = 'ironic_host_manager'
|
|
$ironic_endpoint_default = hiera('ironic_endpoint', $management_vip)
|
|
$ironic_protocol = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'protocol', 'http')
|
|
$ironic_endpoint = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'hostname', $ironic_endpoint_default)
|
|
class { '::nova::ironic::common':
|
|
admin_username => pick($ironic_hash['auth_name'],'ironic'),
|
|
admin_password => pick($ironic_hash['user_password'],'ironic'),
|
|
admin_url => "${keystone_auth_url}v2.0",
|
|
admin_tenant_name => pick($ironic_hash['tenant'],'services'),
|
|
api_endpoint => "${ironic_protocol}://${ironic_endpoint}:6385/v1",
|
|
}
|
|
}
|
|
|
|
class { '::nova::scheduler::filter':
|
|
cpu_allocation_ratio => pick($nova_hash['cpu_allocation_ratio'], '8.0'),
|
|
disk_allocation_ratio => pick($nova_hash['disk_allocation_ratio'], '1.0'),
|
|
ram_allocation_ratio => pick($nova_hash['ram_allocation_ratio'], '1.0'),
|
|
scheduler_host_subset_size => pick($nova_hash['scheduler_host_subset_size'], '30'),
|
|
scheduler_default_filters => $nova_scheduler_filters,
|
|
scheduler_host_manager => $scheduler_host_manager,
|
|
}
|
|
|
|
# From logasy filter.pp
|
|
nova_config {
|
|
'DEFAULT/ram_weight_multiplier': value => '1.0'
|
|
}
|
|
|
|
|
|
# TODO (iberezovskiy): In Debian open-iscsi is dependency
|
|
# of os-brick package which is required for cinder.
|
|
# Remove this 'if' once UCA packages are updated as well
|
|
if $::os_package_type == 'ubuntu' and $storage_hash['volumes_ceph'] {
|
|
package { 'open-iscsi':
|
|
ensure => present,
|
|
}
|
|
}
|
|
|
|
}
|