Merge "Add support for the OpenStack Icehouse Release (2014.1)"

2014-07-03 20:21:46 +00:00 · 2014-07-03 20:21:46 +00:00 · 90fcd4b6f6
parent 2a8d7adbb4 2bff9da142
commit 90fcd4b6f6
15 changed files with 280 additions and 11 deletions
--- a/2
+++ b/2
@ -9,5 +9,5 @@ project_page 'https://github.com/hastexo/kickstack'

 dependency 'hastexo/exportfact', '>= 0.1.1'
 dependency 'puppetlabs/lvm', '>= 0.1.2'
-dependency 'puppetlabs/openstack', '>= 3.0.0'
+dependency 'puppetlabs/openstack', '>= 4.0.0'
 dependency 'rgevaert/pwgen', '>= 0.0.1'
--- a/manifests/cinder/api.pp
+++ b/manifests/cinder/api.pp
@ -11,6 +11,7 @@ class kickstack::cinder::api inherits kickstack {
    keystone_user     => 'cinder',
    keystone_password => $service_password,
    keystone_auth_host => $keystone_internal_address,
+    keystone_auth_uri => "http://${keystone_internal_address}:5000/v2.0",
    package_ensure => $::kickstack::package_version,
  }

--- a/manifests/heat/config.pp
+++ b/manifests/heat/config.pp
@ -18,7 +18,7 @@ class kickstack::heat::config inherits kickstack {
        rpc_backend     => 'heat.openstack.common.rpc.impl_kombu',
        rabbit_host     => $rabbit_host,
        rabbit_password => $rabbit_password,
-        rabbit_virtualhost => $::kickstack::rabbit_virtual_host,
+        rabbit_virtual_host => $::kickstack::rabbit_virtual_host,
        rabbit_userid   => $::kickstack::rabbit_userid,
        keystone_host   => $auth_host,
        keystone_tenant => $kickstack::keystone_service_tenant,
--- a/manifests/heat/engine.pp
+++ b/manifests/heat/engine.pp
@ -1,9 +1,16 @@
 class kickstack::heat::engine inherits kickstack {
-  
+
+  include pwgen
  include ::kickstack::heat::config

+  $heat_auth_encryption_key = pick(getvar("${fact_prefix}heat_auth_encryption_key"),pwgen())
  $apis = split($::kickstack::heat_apis,',')

+  kickstack::exportfact::export { 'heat_auth_encryption_key':
+    value => $heat_auth_encryption_key,
+    tag => 'heat'
+  }
+
  if 'heat' in $apis {
    $metadata_server = getvar("${fact_prefix}heat_metadata_server")
    $metadata_server_url = "http://${metadata_server}:8000"
@ -20,6 +27,7 @@ class kickstack::heat::engine inherits kickstack {
      heat_metadata_server_url => $metadata_server_url,
      heat_waitcondition_server_url => $waitcondition_server_url,
      heat_watch_server_url => $watch_server_url,
+      auth_encryption_key => $heat_auth_encryption_key,
    }
  }
  
--- a/manifests/neutron/agent/l2/compute.pp
+++ b/manifests/neutron/agent/l2/compute.pp
@ -6,6 +6,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {

  case "$::kickstack::neutron_plugin" {
    'ovs': {
+      file { "/etc/neutron/plugins/openvswitch/":
+        ensure => directory,
+      }
+      file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
+        content => template("kickstack/l2-agent-config.erb"),
+        replace => false,
+      }
      case $tenant_network_type {
        'gre': {
          $local_tunnel_ip = getvar("ipaddress_${nic_data}")
@ -18,6 +25,7 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {
            tunnel_bridge      => $::kickstack::neutron_tunnel_bridge,
            tunnel_types       => ['gre'],
            package_ensure => $::kickstack::package_version,
+            require        => [ File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
          }
        }
        default: {
@ -32,6 +40,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {
          }
        }
      }
+      case $::osfamily {
+        'Debian': {
+          file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
+            content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
+          }
+        }
+      }
    }
    'linuxbridge': {
      class { "neutron::agents::linuxbridge":
--- a/manifests/neutron/agent/l2/network.pp
+++ b/manifests/neutron/agent/l2/network.pp
@ -7,6 +7,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack {

  case "$::kickstack::neutron_plugin" {
    'ovs': {
+      file { "/etc/neutron/plugins/openvswitch/":
+        ensure => directory,
+      }
+      file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
+        content => template("kickstack/l2-agent-config.erb"),
+        replace => false,
+      }
      case $tenant_network_type {
        'gre': {
          $local_tunnel_ip = getvar("ipaddress_${nic_data}")
@ -20,8 +27,8 @@ class kickstack::neutron::agent::l2::network inherits kickstack {
            local_ip           => $local_tunnel_ip,
            tunnel_bridge      => $::kickstack::neutron_tunnel_bridge,
            tunnel_types       => ['gre'],
-            require            => Class['::kickstack::neutron::agent::l3'],
            package_ensure => $::kickstack::package_version,
+            require        => [ Class['::kickstack::neutron::agent::l3'], File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
          }
        }
        default: {
@ -39,6 +46,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack {
          }
        }
      }
+      case $::osfamily {
+        'Debian': {
+          file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
+            content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
+          }
+        }
+      }
    }
    'linuxbridge': {
      class { "neutron::agents::linuxbridge":
--- a/manifests/neutron/plugin.pp
+++ b/manifests/neutron/plugin.pp
@ -22,12 +22,6 @@ class kickstack::neutron::plugin inherits kickstack {
        tunnel_id_ranges => $tunnel_id_ranges,
        package_ensure => $::kickstack::package_version,
      }
-      # This needs to be set for the plugin, not the agent
-      # (the latter is what the Neutron module assumes)
-      neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver':
-        value => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
-        require => Class['neutron::plugins::ovs']
-      }
    }
    'linuxbridge': {
      class { "neutron::plugins::linuxbridge":
--- a/manifests/neutron/server.pp
+++ b/manifests/neutron/server.pp
@ -5,12 +5,15 @@ class kickstack::neutron::server inherits kickstack {

  $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
  $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
+  $database_connection = getvar("${fact_prefix}neutron_sql_connection")
+  $nova_api_address = getvar("${fact_prefix}nova_api_address")

  class { '::neutron::server':
    auth_tenant   => $kickstack::keystone_service_tenant,
    auth_user     => 'neutron',
    auth_password => $service_password,
    auth_host     => $keystone_internal_address,
+    database_connection => $database_connection,
    package_ensure => $::kickstack::package_version,
  }

@ -25,4 +28,12 @@ class kickstack::neutron::server inherits kickstack {
    require => Class['::neutron::server']
  }

+  case $::osfamily {
+    'Debian': {
+      file { 'neutron-server-default':
+        path => '/etc/default/neutron-server',
+        content => template("kickstack/default.neutron-server.erb"),
+      }
+    }
+  }
 }
--- a/manifests/neutron/server/notifications.pp
+++ b/manifests/neutron/server/notifications.pp
@ -0,0 +1,20 @@
+class kickstack::neutron::server::notifications inherits kickstack {
+
+  include kickstack::neutron::config
+  include pwgen
+
+  $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
+  $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
+  $database_connection = getvar("${fact_prefix}neutron_sql_connection")
+  $nova_service_password = getvar("${fact_prefix}nova_keystone_password")
+  $nova_api_address = getvar("${fact_prefix}nova_api_address")
+
+  class { '::neutron::server::notifications':
+    nova_url               => "http://${nova_api_address}:8774/v2",
+    nova_admin_username    => 'nova',
+    nova_admin_tenant_name => $kickstack::keystone_service_tenant,
+    nova_admin_password    => $nova_service_password,
+    nova_admin_auth_url    => "http://${keystone_internal_address}:35357/v2.0",
+    nova_region_name       => $kickstack::params::keystone_region,
+  }
+}
--- a/manifests/node/api.pp
+++ b/manifests/node/api.pp
@ -40,10 +40,17 @@ class kickstack::node::api inherits kickstack {
    # This looks a bit silly, but is currently necessary: in order to configure nova-api
    # as a Neutron client, we first need to install nova-api and neutron-server in one
    # run, and then fix up Nova with the Neutron configuration in the next run.
+    #
+    # The same applies to Neutron with regards to Nova notifications, but the other way
+    # around.
    $neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password")
+    $nova_keystone_password = getvar("${::kickstack::fact_prefix}nova_keystone_password")
    if $neutron_keystone_password {
      include kickstack::nova::neutronclient
    }
+    if $nova_keystone_password {
+      include kickstack::neutron::server::notifications
+    }
  }

  if $keystone_internal_address and $heat_sql_conn and $amqp_host and $amqp_password {
--- a/manifests/nova/api.pp
+++ b/manifests/nova/api.pp
@ -32,6 +32,12 @@ class kickstack::nova::api inherits kickstack {
    require           => Class['::nova::api']
  }

+  kickstack::exportfact::export { "nova_api_address":
+    value => "${hostname}",
+    tag => "nova",
+    require => Class['::nova::api']
+  }
+
  # Export the metadata API IP address and shared secret, to be picked up
  # by the Neutron metadata proxy agent on the network node
  kickstack::exportfact::export { "nova_metadata_ip":
@ -39,6 +45,7 @@ class kickstack::nova::api inherits kickstack {
    tag => "nova",
    require => Class['::nova::api']
  }
+
  kickstack::exportfact::export { "neutron_metadata_shared_secret":
    value => $neutron_secret,
    tag => 'nova',
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@ -1,5 +1,5 @@
 class kickstack::repo inherits kickstack {
-  class { '::openstack::repo':
+  class { '::openstack::resources::repo':
    release => $::kickstack::release
  }
 }
--- a/templates/default.neutron-server.erb
+++ b/templates/default.neutron-server.erb
@ -0,0 +1,5 @@
+# defaults for neutron-server
+
+# path to config file corresponding to the core_plugin specified in
+# neutron.conf
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
--- a/templates/init.neutron-plugin-openvswitch-agent.erb
+++ b/templates/init.neutron-plugin-openvswitch-agent.erb
@ -0,0 +1,17 @@
+# vim:set ft=upstart ts=2 et:
+description "Neutron OpenvSwitch Plugin Agent"
+author "Chuck Short <zulcss@ubuntu.com>"
+
+start on runlevel [2345] and started neutron-ovs-cleanup
+stop on runlevel [!2345]
+
+respawn
+
+chdir /var/run
+
+pre-start script
+  mkdir -p /var/run/neutron
+  chown neutron:root /var/run/neutron
+end script
+
+exec start-stop-daemon --start --chuid neutron --exec /usr/bin/neutron-openvswitch-agent -- --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file=/var/log/neutron/openvswitch-agent.log
--- a/templates/l2-agent-config.erb
+++ b/templates/l2-agent-config.erb
@ -0,0 +1,170 @@
+[ovs]
+# (StrOpt) Type of network to allocate for tenant networks. The
+# default value 'local' is useful only for single-box testing and
+# provides no connectivity between hosts. You MUST either change this
+# to 'vlan' and configure network_vlan_ranges below or change this to
+# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for
+# tenant networks to provide connectivity between hosts. Set to 'none'
+# to disable creation of tenant networks.
+#
+# tenant_network_type = local
+# Example: tenant_network_type = gre
+# Example: tenant_network_type = vxlan
+
+# (ListOpt) Comma-separated list of
+# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
+# of VLAN IDs on named physical networks that are available for
+# allocation. All physical networks listed are available for flat and
+# VLAN provider network creation. Specified ranges of VLAN IDs are
+# available for tenant network allocation if tenant_network_type is
+# 'vlan'. If empty, only gre, vxlan and local networks may be created.
+#
+# network_vlan_ranges =
+# Example: network_vlan_ranges = physnet1:1000:2999
+
+# (BoolOpt) Set to True in the server and the agents to enable support
+# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and
+# GRE or VXLAN tunneling.
+#
+# WARNING: This option will be deprecated in the Icehouse release, at which
+#          point setting tunnel_type below will be required to enable
+#          tunneling.
+#
+# enable_tunneling = False
+
+# (StrOpt) The type of tunnel network, if any, supported by the plugin. If
+# this is set, it will cause tunneling to be enabled. If this is not set and
+# the option enable_tunneling is set, this will default to 'gre'.
+#
+# tunnel_type =
+# Example: tunnel_type = gre
+# Example: tunnel_type = vxlan
+
+# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
+# enumerating ranges of GRE or VXLAN tunnel IDs that are available for
+# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'.
+#
+# tunnel_id_ranges =
+# Example: tunnel_id_ranges = 1:1000
+
+# Do not change this parameter unless you have a good reason to.
+# This is the name of the OVS integration bridge. There is one per hypervisor.
+# The integration bridge acts as a virtual "patch bay". All VM VIFs are
+# attached to this bridge and then "patched" according to their network
+# connectivity.
+#
+# integration_bridge = br-int
+
+# Only used for the agent if tunnel_id_ranges (above) is not empty for
+# the server.  In most cases, the default value should be fine.
+#
+# tunnel_bridge = br-tun
+
+# Peer patch port in integration bridge for tunnel bridge
+# int_peer_patch_port = patch-tun
+
+# Peer patch port in tunnel bridge for integration bridge
+# tun_peer_patch_port = patch-int
+
+# Uncomment this line for the agent if tunnel_id_ranges (above) is not
+# empty for the server. Set local-ip to be the local IP address of
+# this hypervisor.
+#
+# local_ip =
+
+# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
+# mapping physical network names to the agent's node-specific OVS
+# bridge names to be used for flat and VLAN networks. The length of
+# bridge names should be no more than 11. Each bridge must
+# exist, and should have a physical network interface configured as a
+# port. All physical networks listed in network_vlan_ranges on the
+# server should have mappings to appropriate bridges on each agent.
+#
+# bridge_mappings =
+# Example: bridge_mappings = physnet1:br-eth1
+
+[agent]
+# Agent's polling interval in seconds
+# polling_interval = 2
+
+# Minimize polling by monitoring ovsdb for interface changes
+# minimize_polling = True
+
+# When minimize_polling = True, the number of seconds to wait before
+# respawning the ovsdb monitor after losing communication with it
+# ovsdb_monitor_respawn_interval = 30
+
+# (ListOpt) The types of tenant network tunnels supported by the agent.
+# Setting this will enable tunneling support in the agent. This can be set to
+# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
+# disable tunneling support in the agent. When running the agent with the OVS
+# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section.
+# When running the agent with ML2, you can specify as many values here as
+# your compute hosts supports.
+#
+# tunnel_types =
+tunnel_types =gre
+# Example: tunnel_types = gre
+# Example: tunnel_types = vxlan
+# Example: tunnel_types = vxlan, gre
+
+# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
+# default, this will make use of the Open vSwitch default value of '4789' if
+# not specified.
+#
+# vxlan_udp_port =
+# Example: vxlan_udp_port = 8472
+
+# (IntOpt) This is the MTU size of veth interfaces.
+# Do not change unless you have a good reason to.
+# The default MTU size of veth interfaces is 1500.
+# veth_mtu =
+# Example: veth_mtu = 1504
+
+# (BoolOpt) Flag to enable l2-population extension. This option should only be
+# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
+# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
+# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
+# optimize tunnel management.
+#
+# l2_population = False
+
+[securitygroup]
+# Firewall driver for realizing neutron security group function.
+# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+
+# Controls if neutron security group is enabled or not.
+# It should be false when you use nova security group.
+# enable_security_group = True
+
+#-----------------------------------------------------------------------------
+# Sample Configurations.
+#-----------------------------------------------------------------------------
+#
+# 1. With VLANs on eth1.
+# [ovs]
+# network_vlan_ranges = default:2000:3999
+# tunnel_id_ranges =
+# integration_bridge = br-int
+# bridge_mappings = default:br-eth1
+#
+# 2. With GRE tunneling.
+# [ovs]
+# network_vlan_ranges =
+# tunnel_id_ranges = 1:1000
+# integration_bridge = br-int
+# tunnel_bridge = br-tun
+# local_ip = 10.0.0.3
+#
+# 3. With VXLAN tunneling.
+# [ovs]
+# network_vlan_ranges =
+# tenant_network_type = vxlan
+# tunnel_type = vxlan
+# tunnel_id_ranges = 1:1000
+# integration_bridge = br-int
+# tunnel_bridge = br-tun
+# local_ip = 10.0.0.3
+# [agent]
+# tunnel_types = vxlan