924 lines
33 KiB
Puppet
924 lines
33 KiB
Puppet
#
|
|
# Parameter values in this file should be changed, taking into consideration your
|
|
# networking setup and desired OpenStack settings.
|
|
#
|
|
# Please consult with the latest Fuel User Guide before making edits.
|
|
#
|
|
|
|
### GENERAL CONFIG ###
|
|
# This section sets main parameters such as hostnames and IP addresses of different nodes
|
|
|
|
# This is the name of the public interface. The public network provides address space for Floating IPs, as well as public IP accessibility to the API endpoints.
|
|
$public_interface = 'eth1'
|
|
$public_br = 'br-ex'
|
|
|
|
# This is the name of the internal interface. It will be attached to the management network, where data exchange between components of the OpenStack cluster will happen.
|
|
$internal_interface = 'eth0'
|
|
$internal_br = 'br-mgmt'
|
|
|
|
# This is the name of the private interface. All traffic within OpenStack tenants' networks will go through this interface.
|
|
$private_interface = 'eth2'
|
|
|
|
# Public and Internal VIPs. These virtual addresses are required by HA topology and will be managed by keepalived.
|
|
$internal_virtual_ip = '10.0.0.253'
|
|
# Change this IP to IP routable from your 'public' network,
|
|
# e. g. Internet or your office LAN, in which your public
|
|
# interface resides
|
|
$public_virtual_ip = '10.0.204.253'
|
|
|
|
case $::operatingsystem {
|
|
'redhat' : {
|
|
$queue_provider = 'qpid'
|
|
$custom_mysql_setup_class = 'pacemaker_mysql'
|
|
}
|
|
default: {
|
|
$queue_provider='rabbitmq'
|
|
$custom_mysql_setup_class='galera'
|
|
}
|
|
}
|
|
|
|
|
|
$nodes_harr = [
|
|
{
|
|
'name' => 'master',
|
|
'role' => 'master',
|
|
'internal_address' => '10.0.0.101',
|
|
'public_address' => '10.0.204.101',
|
|
'mountpoints'=> "1 1\n2 1",
|
|
'storage_local_net_ip' => '10.0.0.101',
|
|
},
|
|
{
|
|
'name' => 'fuel-cobbler',
|
|
'role' => 'cobbler',
|
|
'internal_address' => '10.0.0.102',
|
|
'public_address' => '10.0.204.102',
|
|
'mountpoints'=> "1 1\n2 1",
|
|
'storage_local_net_ip' => '10.0.0.102',
|
|
},
|
|
{
|
|
'name' => 'fuel-controller-01',
|
|
'role' => 'primary-controller',
|
|
'internal_address' => '10.0.0.103',
|
|
'public_address' => '10.0.204.103',
|
|
'swift_zone' => 1,
|
|
'mountpoints'=> "1 1\n2 1",
|
|
'storage_local_net_ip' => '10.0.0.103',
|
|
},
|
|
{
|
|
'name' => 'fuel-controller-02',
|
|
'role' => 'controller',
|
|
'internal_address' => '10.0.0.104',
|
|
'public_address' => '10.0.204.104',
|
|
'swift_zone' => 2,
|
|
'mountpoints'=> "1 2\n 2 1",
|
|
'storage_local_net_ip' => '10.0.0.110',
|
|
},
|
|
{
|
|
'name' => 'fuel-controller-03',
|
|
'role' => 'controller',
|
|
'internal_address' => '10.0.0.105',
|
|
'public_address' => '10.0.204.105',
|
|
'swift_zone' => 3,
|
|
'mountpoints'=> "1 2\n 2 1",
|
|
'storage_local_net_ip' => '10.0.0.110',
|
|
},
|
|
{
|
|
'name' => 'fuel-compute-01',
|
|
'role' => 'compute',
|
|
'internal_address' => '10.0.0.106',
|
|
'public_address' => '10.0.204.106',
|
|
},
|
|
{
|
|
'name' => 'fuel-compute-02',
|
|
'role' => 'compute',
|
|
'internal_address' => '10.0.0.107',
|
|
'public_address' => '10.0.204.107',
|
|
},
|
|
]
|
|
|
|
$nodes = $nodes_harr
|
|
$default_gateway = '10.0.204.1'
|
|
|
|
# Specify nameservers here.
|
|
# Need points to cobbler node IP, or to special prepared nameservers if you known what you do.
|
|
$dns_nameservers = ['10.0.204.1','8.8.8.8']
|
|
|
|
# Specify netmasks for internal and external networks.
|
|
$internal_netmask = '255.255.255.0'
|
|
$public_netmask = '255.255.255.0'
|
|
|
|
|
|
$node = filter_nodes($nodes,'name',$::hostname)
|
|
if empty($node) {
|
|
fail("Node $::hostname is not defined in the hash structure")
|
|
}
|
|
$internal_address = $node[0]['internal_address']
|
|
$public_address = $node[0]['public_address']
|
|
|
|
|
|
$controllers = merge_arrays(filter_nodes($nodes,'role','primary-controller'), filter_nodes($nodes,'role','controller'))
|
|
$controller_internal_addresses = nodes_to_hash($controllers,'name','internal_address')
|
|
$controller_public_addresses = nodes_to_hash($controllers,'name','public_address')
|
|
$controller_hostnames = sort(keys($controller_internal_addresses))
|
|
$controller_internal_ipaddresses = sort(values($controller_internal_addresses))
|
|
|
|
#Set this to anything other than pacemaker if you do not want Quantum HA
|
|
#Also, if you do not want Quantum HA, you MUST enable $quantum_network_node
|
|
#on the ONLY controller
|
|
$ha_provider = 'pacemaker'
|
|
$use_unicast_corosync = true
|
|
|
|
$nagios = false
|
|
# Set nagios master fqdn
|
|
$nagios_master = 'nagios-server.localdomain'
|
|
## proj_name name of environment nagios configuration
|
|
$proj_name = 'test'
|
|
|
|
#Specify if your installation contains multiple Nova controllers. Defaults to true as it is the most common scenario.
|
|
$multi_host = true
|
|
|
|
# Specify different DB credentials for various services
|
|
# HA DB provided through pacemaker_mysql or galera
|
|
$mysql_root_password = 'nova'
|
|
$admin_email = 'openstack@openstack.org'
|
|
$admin_password = 'nova'
|
|
validate_re($custom_mysql_setup_class,'galera|pacemaker_mysql')
|
|
|
|
$keystone_db_password = 'nova'
|
|
$keystone_admin_token = 'nova'
|
|
|
|
$glance_db_password = 'nova'
|
|
$glance_user_password = 'nova'
|
|
|
|
$nova_db_password = 'nova'
|
|
$nova_user_password = 'nova'
|
|
|
|
|
|
|
|
#AMQP backend rabbitmq or qpid
|
|
$queue_provider = 'qpid'
|
|
validate_re($queue_provider, 'rabbitmq|qpid')
|
|
|
|
$rabbit_password = 'nova'
|
|
$rabbit_user = 'nova'
|
|
|
|
$swift_user_password = 'swift_pass'
|
|
$swift_shared_secret = 'changeme'
|
|
|
|
$quantum_user_password = 'quantum_pass'
|
|
$quantum_db_password = 'quantum_pass'
|
|
$quantum_db_user = 'quantum'
|
|
$quantum_db_dbname = 'quantum'
|
|
|
|
# End DB credentials section
|
|
|
|
### GENERAL CONFIG END ###
|
|
|
|
|
|
### NETWORK/QUANTUM ###
|
|
# Specify network/quantum specific settings
|
|
|
|
# Should we use quantum or nova-network(deprecated).
|
|
# Consult OpenStack documentation for differences between them.
|
|
$quantum = true
|
|
$quantum_netnode_on_cnt = true
|
|
$quantum_use_namespaces = true
|
|
|
|
# a string "password" value that should be configured to authenticate requests for metadata
|
|
# from quantum-metadata-proxy to nova-api
|
|
$quantum_metadata_proxy_shared_secret = "connecting_nova-api_and_quantum-metadata-agent"
|
|
|
|
# Specify network creation criteria:
|
|
# Should puppet automatically create networks?
|
|
$create_networks = true
|
|
|
|
# Fixed IP addresses are typically used for communication between VM instances.
|
|
$fixed_range = '10.0.198.128/27'
|
|
|
|
# Floating IP addresses are used for communication of VM instances with the outside world (e.g. Internet).
|
|
$floating_range = '10.0.204.128/28'
|
|
|
|
# These parameters are passed to the previously specified network manager , e.g. nova-manage network create.
|
|
# Not used in Quantum.
|
|
# Consult openstack docs for corresponding network manager.
|
|
# https://fuel-dev.mirantis.com/docs/0.2/pages/0050-installation-instructions.html#network-setup
|
|
$num_networks = 1
|
|
$network_size = 31
|
|
$vlan_start = 300
|
|
|
|
# Quantum
|
|
|
|
# Segmentation type for isolating traffic between tenants
|
|
# Consult Openstack Quantum docs
|
|
$tenant_network_type = 'gre'
|
|
|
|
# Which IP address will be used for creating GRE tunnels.
|
|
$quantum_gre_bind_addr = $internal_address
|
|
|
|
# If $external_ipinfo option is not defined, the addresses will be allocated automatically from $floating_range:
|
|
# the first address will be defined as an external default router,
|
|
# the second address will be attached to an uplink bridge interface,
|
|
# the remaining addresses will be utilized for the floating IP address pool.
|
|
$external_ipinfo = {}
|
|
## $external_ipinfo = {
|
|
## 'public_net_router' => '10.0.74.129',
|
|
## 'ext_bridge' => '10.0.74.130',
|
|
## 'pool_start' => '10.0.74.131',
|
|
## 'pool_end' => '10.0.74.142',
|
|
## }
|
|
|
|
# Quantum segmentation range.
|
|
# For VLAN networks: valid VLAN VIDs can be 1 through 4094.
|
|
# For GRE networks: Valid tunnel IDs can be any 32-bit unsigned integer.
|
|
$segment_range = '900:999'
|
|
|
|
# Set up OpenStack network manager. It is used ONLY in nova-network.
|
|
# Consult Openstack nova-network docs for possible values.
|
|
$network_manager = 'nova.network.manager.FlatDHCPManager'
|
|
|
|
# Assign floating IPs to VMs on startup automatically?
|
|
$auto_assign_floating_ip = false
|
|
|
|
# Database connection for Quantum configuration (quantum.conf)
|
|
#todo: check passing following line to quantum::*
|
|
$quantum_sql_connection = "mysql://${quantum_db_user}:${quantum_db_password}@${$internal_virtual_ip}/${quantum_db_dbname}"
|
|
|
|
|
|
if $quantum {
|
|
$public_int = $public_br
|
|
$internal_int = $internal_br
|
|
} else {
|
|
$public_int = $public_interface
|
|
$internal_int = $internal_interface
|
|
}
|
|
|
|
$vips = { # Do not convert to ARRAY, It's can't work in 2.7
|
|
public_old => {
|
|
nic => $public_int,
|
|
ip => $public_virtual_ip,
|
|
},
|
|
management_old => {
|
|
nic => $internal_int,
|
|
ip => $internal_virtual_ip,
|
|
},
|
|
}
|
|
|
|
#Stages configuration
|
|
stage {'first': } ->
|
|
stage {'openstack-custom-repo': } ->
|
|
stage {'netconfig': } ->
|
|
stage {'corosync_setup': } ->
|
|
stage {'cluster_head': } ->
|
|
stage {'openstack-firewall': } -> Stage['main']
|
|
|
|
|
|
#Network configuration
|
|
class {'l23network': use_ovs=>$quantum, stage=> 'netconfig'}
|
|
class node_netconfig (
|
|
$mgmt_ipaddr,
|
|
$mgmt_netmask = '255.255.255.0',
|
|
$public_ipaddr = undef,
|
|
$public_netmask= '255.255.255.0',
|
|
$save_default_gateway=false,
|
|
$quantum = $quantum,
|
|
) {
|
|
if $quantum {
|
|
l23network::l3::create_br_iface {'mgmt':
|
|
interface => $internal_interface, # !!! NO $internal_int /sv !!!
|
|
bridge => $internal_br,
|
|
ipaddr => $mgmt_ipaddr,
|
|
netmask => $mgmt_netmask,
|
|
dns_nameservers => $dns_nameservers,
|
|
save_default_gateway => $save_default_gateway,
|
|
} ->
|
|
l23network::l3::create_br_iface {'ex':
|
|
interface => $public_interface, # !! NO $public_int /sv !!!
|
|
bridge => $public_br,
|
|
ipaddr => $public_ipaddr,
|
|
netmask => $public_netmask,
|
|
gateway => $default_gateway,
|
|
}
|
|
} else {
|
|
# nova-network mode
|
|
l23network::l3::ifconfig {$public_int:
|
|
ipaddr => $public_ipaddr,
|
|
netmask => $public_netmask,
|
|
gateway => $default_gateway,
|
|
}
|
|
l23network::l3::ifconfig {$internal_int:
|
|
ipaddr => $mgmt_ipaddr,
|
|
netmask => $mgmt_netmask,
|
|
dns_nameservers => $dns_nameservers,
|
|
}
|
|
}
|
|
l23network::l3::ifconfig {$private_interface: ipaddr=>'none' }
|
|
}
|
|
### NETWORK/QUANTUM END ###
|
|
|
|
|
|
# This parameter specifies the the identifier of the current cluster. This is needed in case of multiple environments.
|
|
# installation. Each cluster requires a unique integer value.
|
|
# Valid identifier range is 1 to 254
|
|
$deployment_id = '79'
|
|
|
|
# Below you can enable or disable various services based on the chosen deployment topology:
|
|
### CINDER/VOLUME ###
|
|
|
|
# Should we use cinder or nova-volume(obsolete)
|
|
# Consult openstack docs for differences between them
|
|
$cinder = true
|
|
|
|
# Choose which nodes to install cinder onto
|
|
# 'compute' -> compute nodes will run cinder
|
|
# 'controller' -> controller nodes will run cinder
|
|
# 'storage' -> storage nodes will run cinder
|
|
# 'fuel-controller-XX' -> specify particular host(s) by hostname
|
|
# 'XXX.XXX.XXX.XXX' -> specify particular host(s) by IP address
|
|
# 'all' -> compute, controller, and storage nodes will run cinder (excluding swift and proxy nodes)
|
|
|
|
$cinder_nodes = ['controller']
|
|
|
|
#Set it to true if your want cinder-volume been installed to the host
|
|
#Otherwise it will install api and scheduler services
|
|
$manage_volumes = true
|
|
|
|
# Setup network address, which Cinder uses to export iSCSI targets.
|
|
$cinder_iscsi_bind_addr = $internal_address
|
|
|
|
# Below you can add physical volumes to cinder. Please replace values with the actual names of devices.
|
|
# This parameter defines which partitions to aggregate into cinder-volumes or nova-volumes LVM VG
|
|
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
# USE EXTREME CAUTION WITH THIS SETTING! IF THIS PARAMETER IS DEFINED,
|
|
# IT WILL AGGREGATE THE VOLUMES INTO AN LVM VOLUME GROUP
|
|
# AND ALL THE DATA THAT RESIDES ON THESE VOLUMES WILL BE LOST!
|
|
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
# Leave this parameter empty if you want to create [cinder|nova]-volumes VG by yourself
|
|
$nv_physical_volume = ['/dev/sdz', '/dev/sdy', '/dev/sdx']
|
|
|
|
#Evaluate cinder node selection
|
|
if ($cinder) {
|
|
if (member($cinder_nodes,'all')) {
|
|
$is_cinder_node = true
|
|
} elsif (member($cinder_nodes,$::hostname)) {
|
|
$is_cinder_node = true
|
|
} elsif (member($cinder_nodes,$internal_address)) {
|
|
$is_cinder_node = true
|
|
} elsif ($node[0]['role'] =~ /controller/ ) {
|
|
$is_cinder_node = member($cinder_nodes,'controller')
|
|
} else {
|
|
$is_cinder_node = member($cinder_nodes,$node[0]['role'])
|
|
}
|
|
} else {
|
|
$is_cinder_node = false
|
|
}
|
|
|
|
|
|
### CINDER/VOLUME END ###
|
|
|
|
### GLANCE and SWIFT ###
|
|
|
|
# Which backend to use for glance
|
|
# Supported backends are "swift" and "file"
|
|
$glance_backend = 'swift'
|
|
|
|
# Use loopback device for swift:
|
|
# set 'loopback' or false
|
|
# This parameter controls where swift partitions are located:
|
|
# on physical partitions or inside loopback devices.
|
|
$swift_loopback = 'loopback'
|
|
|
|
# Which IP address to bind swift components to: e.g., which IP swift-proxy should listen on
|
|
$swift_local_net_ip = $internal_address
|
|
|
|
# IP node of controller used during swift installation
|
|
# and put into swift configs
|
|
$controller_node_public = $internal_virtual_ip
|
|
|
|
|
|
# Hash of proxies hostname|fqdn => ip mappings.
|
|
# This is used by controller_ha.pp manifests for haproxy setup
|
|
# of swift_proxy backends
|
|
$swift_proxies = $controller_internal_addresses
|
|
|
|
|
|
# Set hostname of swift_master.
|
|
# It tells on which swift proxy node to build
|
|
# *ring.gz files. Other swift proxies/storages
|
|
# will rsync them.
|
|
if $node[0]['role'] == 'primary-controller' {
|
|
$primary_proxy = true
|
|
} else {
|
|
$primary_proxy = false
|
|
}
|
|
if $node[0]['role'] == 'primary-controller' {
|
|
$primary_controller = true
|
|
} else {
|
|
$primary_controller = false
|
|
}
|
|
$master_swift_proxy_nodes = filter_nodes($nodes,'role','primary-controller')
|
|
$master_swift_proxy_ip = $master_swift_proxy_nodes[0]['internal_address']
|
|
|
|
### Glance and swift END ###
|
|
|
|
### Syslog ###
|
|
# Enable error messages reporting to rsyslog. Rsyslog must be installed in this case.
|
|
$use_syslog = true
|
|
# Default log level would have been used, if non verbose and non debug
|
|
$syslog_log_level = 'ERROR'
|
|
# Syslog facilities for main openstack services, choose any, may overlap if needed
|
|
# local0 is reserved for HA provisioning and orchestration services,
|
|
# local1 is reserved for openstack-dashboard
|
|
$syslog_log_facility_glance = 'LOCAL2'
|
|
$syslog_log_facility_cinder = 'LOCAL3'
|
|
$syslog_log_facility_quantum = 'LOCAL4'
|
|
$syslog_log_facility_nova = 'LOCAL6'
|
|
$syslog_log_facility_keystone = 'LOCAL7'
|
|
|
|
if $use_syslog {
|
|
class { "::openstack::logging":
|
|
stage => 'first',
|
|
role => 'client',
|
|
show_timezone => false,
|
|
# log both locally include auth, and remote
|
|
log_remote => true,
|
|
log_local => true,
|
|
log_auth_local => true,
|
|
# keep four weekly log rotations, force rotate if 300M size have exceeded
|
|
rotation => 'weekly',
|
|
keep => '4',
|
|
# should be > 30M
|
|
limitsize => '300M',
|
|
# remote servers to send logs to
|
|
rservers => [{'remote_type'=>'udp', 'server'=>'master', 'port'=>'514'},],
|
|
# should be true, if client is running at virtual node
|
|
virtual => true,
|
|
# facilities
|
|
syslog_log_facility_glance => $syslog_log_facility_glance,
|
|
syslog_log_facility_cinder => $syslog_log_facility_cinder,
|
|
syslog_log_facility_quantum => $syslog_log_facility_quantum,
|
|
syslog_log_facility_nova => $syslog_log_facility_nova,
|
|
syslog_log_facility_keystone => $syslog_log_facility_keystone,
|
|
# Rabbit doesn't support syslog directly, should be >= syslog_log_level,
|
|
# otherwise none rabbit's messages would have gone to syslog
|
|
rabbit_log_level => $syslog_log_level,
|
|
}
|
|
}
|
|
|
|
# Example for server role class definition for remote logging node:
|
|
# class {::openstack::logging:
|
|
# role => 'server',
|
|
# log_remote => false,
|
|
# log_local => true,
|
|
# log_auth_local => true,
|
|
# rotation => 'daily',
|
|
# keep => '7',
|
|
# limitsize => '100M',
|
|
# port => '514',
|
|
# proto => 'udp',
|
|
# #high precision timespamps
|
|
# show_timezone => true,
|
|
# #should be true, if server is running at virtual node
|
|
# #virtual => false,
|
|
# }
|
|
### Syslog END ###
|
|
case $::osfamily {
|
|
"Debian": {
|
|
$rabbitmq_version_string = '2.8.7-1'
|
|
}
|
|
"RedHat": {
|
|
$rabbitmq_version_string = '2.8.7-2.el6'
|
|
}
|
|
}
|
|
#
|
|
# OpenStack packages and customized component versions to be installed.
|
|
# Use 'latest' to get the most recent ones or specify exact version if you need to install custom version.
|
|
$openstack_version = {
|
|
'keystone' => 'latest',
|
|
'glance' => 'latest',
|
|
'horizon' => 'latest',
|
|
'nova' => 'latest',
|
|
'novncproxy' => 'latest',
|
|
'cinder' => 'latest',
|
|
'rabbitmq_version' => $rabbitmq_version_string,
|
|
}
|
|
|
|
# Which package repo mirror to use. Currently "default".
|
|
# "custom" is used by Mirantis for testing purposes.
|
|
# Local puppet-managed repo option planned for future releases.
|
|
# If you want to set up a local repository, you will need to manually adjust mirantis_repos.pp,
|
|
# though it is NOT recommended.
|
|
$mirror_type = 'default'
|
|
$enable_test_repo = false
|
|
$repo_proxy = undef
|
|
|
|
# This parameter specifies the verbosity level of log messages
|
|
# in openstack components config.
|
|
# Debug would have set DEBUG level and ignore verbose settings, if any.
|
|
# Verbose would have set INFO level messages
|
|
# In case of non debug and non verbose - WARNING, default level would have set.
|
|
# Note: if syslog on, this default level may be configured (for syslog) with syslog_log_level option.
|
|
$verbose = true
|
|
$debug = true
|
|
|
|
#Rate Limits for cinder and Nova
|
|
#Cinder and Nova can rate-limit your requests to API services.
|
|
#These limits can be reduced for your installation or usage scenario.
|
|
#Change the following variables if you want. They are measured in requests per minute.
|
|
$nova_rate_limits = {
|
|
'POST' => 1000,
|
|
'POST_SERVERS' => 1000,
|
|
'PUT' => 1000, 'GET' => 1000,
|
|
'DELETE' => 1000
|
|
}
|
|
$cinder_rate_limits = {
|
|
'POST' => 1000,
|
|
'POST_SERVERS' => 1000,
|
|
'PUT' => 1000, 'GET' => 1000,
|
|
'DELETE' => 1000
|
|
}
|
|
|
|
|
|
Exec { logoutput => true }
|
|
#Specify desired NTP servers here.
|
|
#If you leave it undef pool.ntp.org
|
|
#will be used
|
|
|
|
$ntp_servers = ['pool.ntp.org']
|
|
|
|
class {'openstack::clocksync': ntp_servers=>$ntp_servers}
|
|
|
|
#Exec clocksync from openstack::clocksync before services
|
|
#connectinq to AMQP server are started.
|
|
|
|
Exec<| title == 'clocksync' |>->Nova::Generic_service<| |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'quantum-l3' |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'quantum-dhcp-service' |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'quantum-ovs-plugin-service' |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'cinder-volume' |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'cinder-api' |>
|
|
Exec<| title == 'clocksync' |>->Service<| title == 'cinder-scheduler' |>
|
|
Exec<| title == 'clocksync' |>->Exec<| title == 'keystone-manage db_sync' |>
|
|
Exec<| title == 'clocksync' |>->Exec<| title == 'glance-manage db_sync' |>
|
|
Exec<| title == 'clocksync' |>->Exec<| title == 'nova-manage db sync' |>
|
|
Exec<| title == 'clocksync' |>->Exec<| title == 'initial-db-sync' |>
|
|
Exec<| title == 'clocksync' |>->Exec<| title == 'post-nova_config' |>
|
|
|
|
|
|
### END OF PUBLIC CONFIGURATION PART ###
|
|
# Normally, you do not need to change anything after this string
|
|
|
|
# Globally apply an environment-based tag to all resources on each node.
|
|
tag("${::deployment_id}::${::environment}")
|
|
|
|
|
|
class { 'openstack::mirantis_repos':
|
|
stage => 'openstack-custom-repo',
|
|
type=>$mirror_type,
|
|
enable_test_repo=>$enable_test_repo,
|
|
repo_proxy=>$repo_proxy,
|
|
}
|
|
|
|
class { '::openstack::firewall':
|
|
stage => 'openstack-firewall'
|
|
}
|
|
|
|
if !defined(Class['selinux']) and ($::osfamily == 'RedHat') {
|
|
class { 'selinux':
|
|
mode=>"disabled",
|
|
stage=>"openstack-custom-repo"
|
|
}
|
|
}
|
|
|
|
|
|
if $::operatingsystem == 'Ubuntu' {
|
|
class { 'openstack::apparmor::disable': stage => 'openstack-custom-repo' }
|
|
}
|
|
|
|
sysctl::value { 'net.ipv4.conf.all.rp_filter': value => '0' }
|
|
|
|
# Dashboard(horizon) https/ssl mode
|
|
# false: normal mode with no encryption
|
|
# 'default': uses keys supplied with the ssl module package
|
|
# 'exist': assumes that the keys (domain name based certificate) are provisioned in advance
|
|
# 'custom': require fileserver static mount point [ssl_certs] and hostname based certificate existence
|
|
$horizon_use_ssl = false
|
|
|
|
|
|
# Class for calling corosync::virtual_ip in the specifis stage
|
|
$vip_keys = keys($vips)
|
|
class virtual_ips () {
|
|
cluster::virtual_ips { $vip_keys:
|
|
vips => $vips,
|
|
}
|
|
}
|
|
|
|
|
|
|
|
class compact_controller (
|
|
$quantum_network_node = $quantum_netnode_on_cnt
|
|
) {
|
|
class { 'openstack::controller_ha':
|
|
controller_public_addresses => $controller_public_addresses,
|
|
controller_internal_addresses => $controller_internal_addresses,
|
|
internal_address => $internal_address,
|
|
public_interface => $public_int,
|
|
internal_interface => $internal_int,
|
|
private_interface => $private_interface,
|
|
internal_virtual_ip => $internal_virtual_ip,
|
|
public_virtual_ip => $public_virtual_ip,
|
|
primary_controller => $primary_controller,
|
|
floating_range => $floating_range,
|
|
fixed_range => $fixed_range,
|
|
multi_host => $multi_host,
|
|
network_manager => $network_manager,
|
|
num_networks => $num_networks,
|
|
network_size => $network_size,
|
|
network_config => { 'vlan_start' => $vlan_start },
|
|
verbose => $verbose,
|
|
debug => $debug,
|
|
auto_assign_floating_ip => $auto_assign_floating_ip,
|
|
mysql_root_password => $mysql_root_password,
|
|
admin_email => $admin_email,
|
|
admin_password => $admin_password,
|
|
keystone_db_password => $keystone_db_password,
|
|
keystone_admin_token => $keystone_admin_token,
|
|
glance_db_password => $glance_db_password,
|
|
glance_user_password => $glance_user_password,
|
|
nova_db_password => $nova_db_password,
|
|
nova_user_password => $nova_user_password,
|
|
queue_provider => $queue_provider,
|
|
rabbit_password => $rabbit_password,
|
|
rabbit_user => $rabbit_user,
|
|
rabbit_nodes => $controller_hostnames,
|
|
qpid_password => $rabbit_password,
|
|
qpid_user => $rabbit_user,
|
|
qpid_nodes => [$internal_virtual_ip],
|
|
memcached_servers => $controller_hostnames,
|
|
export_resources => false,
|
|
glance_backend => $glance_backend,
|
|
swift_proxies => $swift_proxies,
|
|
quantum => $quantum,
|
|
quantum_user_password => $quantum_user_password,
|
|
quantum_db_password => $quantum_db_password,
|
|
quantum_db_user => $quantum_db_user,
|
|
quantum_db_dbname => $quantum_db_dbname,
|
|
quantum_network_node => $quantum_network_node,
|
|
quantum_netnode_on_cnt => $quantum_netnode_on_cnt,
|
|
quantum_gre_bind_addr => $quantum_gre_bind_addr,
|
|
quantum_external_ipinfo => $external_ipinfo,
|
|
tenant_network_type => $tenant_network_type,
|
|
segment_range => $segment_range,
|
|
cinder => $cinder,
|
|
cinder_iscsi_bind_addr => $cinder_iscsi_bind_addr,
|
|
manage_volumes => $cinder ? { false => $manage_volumes, default =>$is_cinder_node },
|
|
galera_nodes => $controller_hostnames,
|
|
custom_mysql_setup_class => $custom_mysql_setup_class,
|
|
nv_physical_volume => $nv_physical_volume,
|
|
use_syslog => $use_syslog,
|
|
syslog_log_level => $syslog_log_level,
|
|
syslog_log_facility_glance => $syslog_log_facility_glance,
|
|
syslog_log_facility_cinder => $syslog_log_facility_cinder,
|
|
syslog_log_facility_quantum => $syslog_log_facility_quantum,
|
|
syslog_log_facility_nova => $syslog_log_facility_nova,
|
|
syslog_log_facility_keystone => $syslog_log_facility_keystone,
|
|
nova_rate_limits => $nova_rate_limits,
|
|
cinder_rate_limits => $cinder_rate_limits,
|
|
horizon_use_ssl => $horizon_use_ssl,
|
|
use_unicast_corosync => $use_unicast_corosync,
|
|
ha_provider => $ha_provider
|
|
}
|
|
class { 'swift::keystone::auth':
|
|
password => $swift_user_password,
|
|
public_address => $public_virtual_ip,
|
|
internal_address => $internal_virtual_ip,
|
|
admin_address => $internal_virtual_ip,
|
|
}
|
|
}
|
|
|
|
# Definition of OpenStack controller nodes.
|
|
node /fuel-controller-[\d+]/ {
|
|
include stdlib
|
|
class { 'operatingsystem::checksupported':
|
|
stage => 'first'
|
|
}
|
|
|
|
class {'::node_netconfig':
|
|
mgmt_ipaddr => $::internal_address,
|
|
mgmt_netmask => $::internal_netmask,
|
|
public_ipaddr => $::public_address,
|
|
public_netmask => $::public_netmask,
|
|
stage => 'netconfig',
|
|
}
|
|
if $nagios {
|
|
class {'nagios':
|
|
proj_name => $proj_name,
|
|
services => [
|
|
'host-alive','nova-novncproxy','keystone', 'nova-scheduler',
|
|
'nova-consoleauth', 'nova-cert', 'haproxy', 'nova-api', 'glance-api',
|
|
'glance-registry','horizon', 'rabbitmq', 'mysql', 'swift-proxy',
|
|
'swift-account', 'swift-container', 'swift-object',
|
|
],
|
|
whitelist => ['127.0.0.1', $nagios_master],
|
|
hostgroup => 'controller',
|
|
}
|
|
}
|
|
|
|
###
|
|
# cluster init
|
|
class { '::cluster': stage => 'corosync_setup' } ->
|
|
class { 'virtual_ips':
|
|
stage => 'corosync_setup'
|
|
}
|
|
include ::haproxy::params
|
|
class { 'cluster::haproxy':
|
|
global_options => merge($::haproxy::params::global_options, {'log' => "/dev/log local0"}),
|
|
defaults_options => merge($::haproxy::params::defaults_options, {'mode' => 'http'}),
|
|
stage => 'cluster_head',
|
|
}
|
|
#
|
|
###
|
|
class { compact_controller: }
|
|
$swift_zone = $node[0]['swift_zone']
|
|
|
|
class { 'openstack::swift::storage_node':
|
|
storage_type => $swift_loopback,
|
|
swift_zone => $swift_zone,
|
|
swift_local_net_ip => $swift_local_net_ip,
|
|
master_swift_proxy_ip => $master_swift_proxy_ip,
|
|
sync_rings => ! $primary_proxy,
|
|
#disable cinder in storage-node in order to avoid
|
|
#duplicate classes call with different parameters
|
|
cinder => false,
|
|
cinder_iscsi_bind_addr => $cinder_iscsi_bind_addr,
|
|
manage_volumes => false,
|
|
nv_physical_volume => $nv_physical_volume,
|
|
db_host => $internal_virtual_ip,
|
|
service_endpoint => $internal_virtual_ip,
|
|
cinder_rate_limits => $cinder_rate_limits,
|
|
queue_provider => $queue_provider,
|
|
rabbit_nodes => $controller_hostnames,
|
|
rabbit_password => $rabbit_password,
|
|
rabbit_user => $rabbit_user,
|
|
rabbit_ha_virtual_ip => $internal_virtual_ip,
|
|
syslog_log_level => $syslog_log_level,
|
|
syslog_log_facility_cinder => $syslog_log_facility_cinder,
|
|
qpid_nodes => [$internal_virtual_ip],
|
|
qpid_password => $rabbit_password,
|
|
qpid_user => $rabbit_user,
|
|
}
|
|
|
|
if $primary_proxy {
|
|
ring_devices {'all':
|
|
storages => $controllers
|
|
}
|
|
}
|
|
|
|
class { 'openstack::swift::proxy':
|
|
swift_user_password => $swift_user_password,
|
|
swift_proxies => $swift_proxies,
|
|
primary_proxy => $primary_proxy,
|
|
controller_node_address => $internal_virtual_ip,
|
|
swift_local_net_ip => $swift_local_net_ip,
|
|
master_swift_proxy_ip => $master_swift_proxy_ip,
|
|
}
|
|
|
|
Class ['openstack::swift::proxy'] -> Class['openstack::swift::storage_node']
|
|
}
|
|
|
|
# Definition of OpenStack compute nodes.
|
|
node /fuel-compute-[\d+]/ {
|
|
## Uncomment lines bellow if You want
|
|
## configure network of this nodes
|
|
## by puppet.
|
|
class {'::node_netconfig':
|
|
mgmt_ipaddr => $::internal_address,
|
|
mgmt_netmask => $::internal_netmask,
|
|
public_ipaddr => $::public_address,
|
|
public_netmask => $::public_netmask,
|
|
stage => 'netconfig',
|
|
}
|
|
include stdlib
|
|
class { 'operatingsystem::checksupported':
|
|
stage => 'first'
|
|
}
|
|
|
|
if $nagios {
|
|
class {'nagios':
|
|
proj_name => $proj_name,
|
|
services => [
|
|
'host-alive', 'nova-compute','nova-network','libvirt'
|
|
],
|
|
whitelist => ['127.0.0.1', $nagios_master],
|
|
hostgroup => 'compute',
|
|
}
|
|
}
|
|
|
|
class { 'openstack::compute':
|
|
public_interface => $public_int,
|
|
private_interface => $private_interface,
|
|
internal_address => $internal_address,
|
|
libvirt_type => 'kvm',
|
|
fixed_range => $fixed_range,
|
|
network_manager => $network_manager,
|
|
network_config => { 'vlan_start' => $vlan_start },
|
|
multi_host => $multi_host,
|
|
auto_assign_floating_ip => $auto_assign_floating_ip,
|
|
sql_connection => "mysql://nova:${nova_db_password}@${internal_virtual_ip}/nova",
|
|
queue_provider => $queue_provider,
|
|
rabbit_nodes => $controller_hostnames,
|
|
rabbit_password => $rabbit_password,
|
|
rabbit_user => $rabbit_user,
|
|
rabbit_ha_virtual_ip => $internal_virtual_ip,
|
|
qpid_nodes => [$internal_virtual_ip],
|
|
qpid_password => $rabbit_password,
|
|
qpid_user => $rabbit_user,
|
|
glance_api_servers => "${internal_virtual_ip}:9292",
|
|
vncproxy_host => $public_virtual_ip,
|
|
verbose => $verbose,
|
|
debug => $debug,
|
|
vnc_enabled => true,
|
|
nova_user_password => $nova_user_password,
|
|
cache_server_ip => $controller_hostnames,
|
|
service_endpoint => $internal_virtual_ip,
|
|
quantum => $quantum,
|
|
quantum_sql_connection => $quantum_sql_connection,
|
|
quantum_user_password => $quantum_user_password,
|
|
quantum_host => $internal_virtual_ip,
|
|
tenant_network_type => $tenant_network_type,
|
|
segment_range => $segment_range,
|
|
cinder => $cinder,
|
|
cinder_iscsi_bind_addr => $cinder_iscsi_bind_addr,
|
|
manage_volumes => $cinder ? { false => $manage_volumes, default =>$is_cinder_node },
|
|
nv_physical_volume => $nv_physical_volume,
|
|
db_host => $internal_virtual_ip,
|
|
cinder_rate_limits => $cinder_rate_limits,
|
|
ssh_private_key => 'puppet:///ssh_keys/openstack',
|
|
ssh_public_key => 'puppet:///ssh_keys/openstack.pub',
|
|
use_syslog => $use_syslog,
|
|
syslog_log_level => $syslog_log_level,
|
|
syslog_log_facility_quantum => $syslog_log_facility_quantum,
|
|
syslog_log_facility_cinder => $syslog_log_facility_cinder,
|
|
nova_rate_limits => $nova_rate_limits,
|
|
}
|
|
}
|
|
|
|
# Definition of OpenStack Quantum node.
|
|
node /fuel-quantum/ {
|
|
include stdlib
|
|
class { 'operatingsystem::checksupported':
|
|
stage => 'first'
|
|
}
|
|
|
|
class {'::node_netconfig':
|
|
mgmt_ipaddr => $::internal_address,
|
|
mgmt_netmask => $::internal_netmask,
|
|
public_ipaddr => 'none',
|
|
save_default_gateway => true,
|
|
stage => 'netconfig',
|
|
}
|
|
if ! $quantum_netnode_on_cnt {
|
|
class { 'openstack::quantum_router':
|
|
db_host => $internal_virtual_ip,
|
|
service_endpoint => $internal_virtual_ip,
|
|
auth_host => $internal_virtual_ip,
|
|
nova_api_vip => $internal_virtual_ip,
|
|
internal_address => $internal_address,
|
|
public_interface => $public_int,
|
|
private_interface => $private_interface,
|
|
floating_range => $floating_range,
|
|
fixed_range => $fixed_range,
|
|
create_networks => $create_networks,
|
|
verbose => $verbose,
|
|
debug => $debug,
|
|
queue_provider => $queue_provider,
|
|
rabbit_password => $rabbit_password,
|
|
rabbit_user => $rabbit_user,
|
|
rabbit_nodes => $controller_hostnames,
|
|
rabbit_ha_virtual_ip => $internal_virtual_ip,
|
|
qpid_nodes => [$internal_virtual_ip],
|
|
qpid_password => $rabbit_password,
|
|
qpid_user => $rabbit_user,
|
|
quantum => $quantum,
|
|
quantum_user_password => $quantum_user_password,
|
|
quantum_db_password => $quantum_db_password,
|
|
quantum_db_user => $quantum_db_user,
|
|
quantum_db_dbname => $quantum_db_dbname,
|
|
quantum_netnode_on_cnt=> false,
|
|
quantum_network_node => true,
|
|
tenant_network_type => $tenant_network_type,
|
|
segment_range => $segment_range,
|
|
external_ipinfo => $external_ipinfo,
|
|
api_bind_address => $internal_address,
|
|
use_syslog => $use_syslog,
|
|
syslog_log_level => $syslog_log_level,
|
|
syslog_log_facility_quantum => $syslog_log_facility_quantum,
|
|
}
|
|
class { 'openstack::auth_file':
|
|
admin_password => $admin_password,
|
|
keystone_admin_token => $keystone_admin_token,
|
|
controller_node => $internal_virtual_ip,
|
|
before => Class['openstack::quantum_router'],
|
|
}
|
|
}
|
|
}
|