Contrail controller nodes deployment stage 2

This commit contains puppet code which manages configuration files,
installs the opencontrail neutron plugin and restarts services.
Part of MOS controller configuration also implemented here.

Change-Id: Ibb9126d0e1493ae3c6d22bf7315c27656d1d8c43

.gitignore

@@ -5,6 +5,7 @@ repositories/centos/*
 repositories/ubuntu/*
 deployment_scripts/puppet/modules/inifile
 deployment_scripts/puppet/modules/stdlib
+deployment_scripts/puppet/modules/contrail/files/opencontrail
 build.sh
 *.fp
 

deployment_scripts/puppet/manifests/site-compute-post.pp

@@ -14,7 +14,7 @@ apt::source { 'contrail-from-fuel-master':
   include_src  => false,
 } ->
 
-class { contrail::packages:
+class { contrail::package:
   install        => 'contrail-openstack-vrouter',
   remove         => ['openvswitch-common','openvswitch-datapath-lts-saucy-dkms','openvswitch-switch',
                     'nova-network','nova-api'],

deployment_scripts/puppet/manifests/site-contrail-post2.pp

@@ -1,4 +1,11 @@
 include contrail
-if $contrail::node_name == $contrail::deployment_node {
-  
+if $contrail::node_name =~ /^contrail.\d+$/ {
+  class { 'contrail::neutron':
+  } ->
+  class { 'contrail::config':
+    node_role => $contrail::node_role,
+  } ~>
+  class { 'contrail::service':
+    node_role => $contrail::node_role,
+  }
 }

deployment_scripts/puppet/manifests/site-contrail-post5.pp

@@ -1,4 +0,0 @@
-include contrail
-if $contrail::node_name == $contrail::deployment_node {
-  
-}

deployment_scripts/puppet/manifests/site-contrail-pre.pp

@@ -13,15 +13,14 @@ class { 'contrail::network':
 class { contrail::ssh:
   password_auth => 'yes',
 } ->
-
-class { contrail::packages:
-  install        => ['python-crypto','python-netaddr','python-paramiko',
-                    'contrail-fabric-utils','contrail-setup'],
-  pip_install    => ['ecdsa-0.10','Fabric-1.7.0'],
-  responsefile   => 'contrail.preseed',
-} ->
 # Workaround for contrail shipped tzdata-java package
 package { 'tzdata':
   ensure  => '2014e-0ubuntu0.12.04'
-}
-
+} ->
+class { contrail::package:
+  install        => ['python-crypto','python-netaddr','python-paramiko',
+                    'openjdk-6-jre-headless',
+                    'contrail-fabric-utils','contrail-setup'],
+  pip_install    => ['ecdsa-0.10','Fabric-1.7.0'],
+  responsefile   => 'contrail.preseed',
+} 

deployment_scripts/puppet/manifests/site-controller-post.pp

@@ -1 +1,7 @@
 include contrail
+class { 'contrail::config':
+  node_role => $contrail::node_role,
+} ~>
+class { 'contrail::service':
+  node_role => $contrail::node_role,
+}

deployment_scripts/puppet/manifests/site-controller-pre.pp

@@ -1,8 +1,8 @@
 # Remove automatically installed plugin's repo.
 # Some packages conflicts with default repo on openstack-controller nodes
-file {"remove-plugin-aptsource":
+file {'remove-plugin-aptsource':
   # TODO!
   #path => "/etc/apt/sources.list.d/contrail-{plugin_version}.list",
-  path => "/etc/apt/sources.list.d/contrail-1.0.0.list",
+  path => '/etc/apt/sources.list.d/contrail-1.0.0.list',
   ensure => absent,
 }

deployment_scripts/puppet/modules/contrail/files/ha.py.patch

@@ -0,0 +1,17 @@
+--- ha.py	2015-03-10 22:01:08.309814785 +0300
++++ /opt/contrail/utils/fabfile/tasks/ha.py
+@@ -199,9 +199,12 @@
+ 
+ def setup_keepalived_node(role):
+     """Task to provision VIP for node with keepalived"""
+-    mgmt_ip = hstr_to_ip(env.host_string)
+     self_host = get_control_host_string(env.host_string)
+-    self_ip = hstr_to_ip(self_host)
++
++    # looks like smth messed up several levels below, so vars are swapped and
++    # it's the only way which works
++    self_ip = env.hoststring_mgm_ip[env.host_string]
++    mgmt_ip = env.hoststring_public_ip[env.host_string]
+ 
+     internal_vip = get_openstack_internal_vip()
+     external_vip = get_openstack_external_vip()

deployment_scripts/puppet/modules/contrail/files/keepalived_conf_template.py.patch

@@ -0,0 +1,12 @@
+--- /tmp/keepalived_conf_template.py_orig       2015-03-11 11:42:43.303260933 +0000
++++ /usr/local/lib/python2.7/dist-packages/contrail_provisioning/common/templates/keepalived_conf_template.py   2015-03-11 11:43:22.477893123 +0000
+@@ -40,8 +40,7 @@
+             chk_ctrldatanet_$__vip_str__
+         }
+         track_interface {
+-            $__internal_device__
+-            $__external_device__
++            $__device__
+         }
+ }
+ """)

deployment_scripts/puppet/modules/contrail/files/provision.py.patch

@@ -0,0 +1,52 @@
++++ /opt/contrail/utils/fabfile/tasks/provision.py
+@@ -91,9 +91,32 @@
+     #server  10.84.14.2 10.84.14.2:9111 check
+ 
+ $__rabbitmq_config__
++
++################################################
++#contrail-webui-marker-start
++frontend contrail-webui-api *:443
++    mode tcp
++    default_backend contrail-webui-api
++
++backend contrail-webui-api
++    mode tcp
++    balance roundrobin
++    option nolinger
++    stick on src
++    stick-table type ip size 200k expire 30m
++    option tcp-check
++    tcp-check connect port 8143
++    default-server error-limit 1 on-error mark-down
++$__contrail_web_servers__
++#contrail-webui-marker-end
++###############################################
++
++
+ #contrail-config-marker-end
+ """)
+ 
++    web_listen_port = 8143
++    web_server_lines = ''
+     q_listen_port = 9697
+     q_server_lines = ''
+     api_listen_port = 9100
+@@ -117,6 +140,9 @@
+         '    server %s %s:%s check inter 2000 rise 2 fall 3\n' \
+                     %(host_ip, host_ip, str(q_listen_port))
+         for i in range(nworkers):
++            web_server_lines = web_server_lines + \
++            '    server %s %s:%s check inter 2000 rise 2 fall 3\n' \
++                        %(host_ip, host_ip, str(web_listen_port + i))
+             api_server_lines = api_server_lines + \
+             '    server %s %s:%s check inter 2000 rise 2 fall 3\n' \
+                         %(host_ip, host_ip, str(api_listen_port + i))
+@@ -136,6 +162,7 @@
+         haproxy_config = template.safe_substitute({
+             '__contrail_quantum_servers__': q_server_lines,
+             '__contrail_api_backend_servers__': api_server_lines,
++            '__contrail_web_servers__': web_server_lines,
+             '__contrail_disc_backend_servers__': disc_server_lines,
+             '__contrail_hap_user__': 'haproxy',
+             '__contrail_hap_passwd__': 'contrail123',

deployment_scripts/puppet/modules/contrail/manifests/config.pp

@@ -0,0 +1,19 @@
+class contrail::config ( $node_role ) {
+  case $node_role {
+   'controller','primary_controller': {
+    nova_config {
+      'DEFAULT/network_api_class': value=> 'nova.network.neutronv2.api.API';
+      'DEFAULT/neutron_url': value => "http://${contrail::public_last}:9696";
+      'DEFAULT/neutron_admin_tenant_name': value=> 'services';
+      'DEFAULT/neutron_admin_username': value=> 'neutron';
+      'DEFAULT/neutron_admin_password': value=> "${contrail::keystone['admin_token']}";
+      'DEFAULT/neutron_url_timeout': value=> '300';
+      'DEFAULT/neutron_admin_auth_url': value=> "http://${contrail::mos_mgmt_vip}:35357/v2.0/";
+      'DEFAULT/firewall_driver': value=> 'nova.virt.firewall.NoopFirewallDriver';
+      'DEFAULT/enabled_apis': value=> 'ec2;osapi_compute;metadata';
+      'DEFAULT/security_group_api': value=> 'neutron';
+      'DEFAULT/service_neutron_metadata_proxy': value=> 'True';
+    }
+   }
+  }
+}

deployment_scripts/puppet/modules/contrail/manifests/init.pp

@@ -14,6 +14,9 @@ $node_role = hiera('role')
 $node_name = hiera('user_node_name')
 $nodes= hiera('nodes')
 
+$keystone=hiera('keystone')
+$mos_mgmt_vip=hiera('management_vip')
+
 # Network configuration
 prepare_network_config($network_scheme)
 $ifname = get_private_ifname()

deployment_scripts/puppet/modules/contrail/manifests/neutron.pp

@@ -0,0 +1,7 @@
+class contrail::neutron {
+  file { '/usr/share/pyshared/neutron_plugin_contrail/plugins/opencontrail':
+    ensure  => directory,
+    source  => "puppet:///modules/contrail/opencontrail",
+    recurse => true,
+  }
+}

deployment_scripts/puppet/modules/contrail/manifests/package.pp

@@ -1,4 +1,4 @@
-class contrail::packages (
+class contrail::package (
   $install,
   $remove = undef,
   $responsefile = undef,

deployment_scripts/puppet/modules/contrail/manifests/service.pp

@@ -0,0 +1,25 @@
+class contrail::service ( $node_role ) {
+
+  case $node_role {
+    'base-os': {
+      $services = $operatingsystem ? {
+        Ubuntu  => ['haproxy','keepalived','neutron-server'],
+        default => undef,
+      }
+    }
+    'controller','primary_controller': {
+      $services = $operatingsystem ? {
+        Ubuntu  => ['nova-api','nova-scheduler','nova-conductor'],
+        default => undef,
+      }
+    }
+  }
+
+  if ( $services ) {
+    service { $services:
+      ensure => running,
+      enable => true,
+    }
+  }
+
+}

deployment_scripts/puppet/modules/contrail/manifests/setup.pp

@@ -3,6 +3,34 @@ class contrail::setup (
   ) {
 
   if $node_name == $contrail::deployment_node {
+    file_line { 'disable_sslv3':
+      path => '/etc/java-6-openjdk/security/java.security',
+      line => 'jdk.tls.disabledAlgorithms=SSLv3',
+    } ->
+    file {'/tmp/ha.py.patch':
+      ensure => file,
+      source => 'puppet:///modules/contrail/ha.py.patch'
+    } ->
+    exec {'ha.py.patch':
+    command => '/usr/bin/patch -f -p0 < /tmp/ha.py.patch'
+    } ->
+
+    file {'/tmp/keepalived_conf_template.py.patch':
+      ensure => file,
+      source => 'puppet:///modules/contrail/keepalived_conf_template.py.patch'
+    } ->
+    exec {'keepalived_conf_template.py.patch':
+    command => '/usr/bin/patch -f -p0 < /tmp/keepalived_conf_template.py.patch'
+    } ->
+
+    file {'/tmp/provision.py.patch':
+      ensure => file,
+      source => 'puppet:///modules/contrail/provision.py.patch'
+    } ->
+    exec {'provision.py.patch':
+    command => '/usr/bin/patch -f -p0 < /tmp/provision.py.patch'
+    } ->
+
     # Database installation
     run_fabric { 'install_database': } ->
     run_fabric { 'setup_database': } ->

deployment_scripts/puppet/modules/contrail/templates/testbed.py.erb

@@ -8,6 +8,8 @@ os_public_vip=scope.function_hiera(['public_vip'])
 
 deployment_node_priv_ip=''
 mgm_ip=Array.new
+mgm_ip_baseos=Array.new
+public_ip_baseos=Array.new
 priv_ip=Array.new
 role_all=[]
 role_ctrl=[]
@@ -21,6 +23,8 @@ case node['role']
     role_os << 'os_ctrl_'+mgm_ip.count.to_s
   when 'base-os'
     priv_ip << scope.function_get_ip_from_range([ scope.lookupvar('contrail::private_first'),scope.lookupvar('contrail::private_last'),scope.lookupvar('contrail::netmask_short'),node['uid'],'first'])
+    public_ip_baseos << scope.function_get_ip_from_range([ scope.lookupvar('contrail::public_first'),scope.lookupvar('contrail::public_last'),scope.lookupvar('contrail::public_prefix'),node['uid'],'last'])
+    mgm_ip_baseos << node['internal_address']
     # Also find out a deployment node
     if node['user_node_name'] == scope.lookupvar('contrail::deployment_node')
       deployment_node_priv_ip=priv_ip.last
@@ -45,6 +49,18 @@ c_ctrl_<%= i+1 %> = 'root@<%= ip %>'
 c_db_<%= i+1 %> = 'root@<%= ip %>'
 <%- end -%>
 
+env.hoststring_mgm_ip= {
+<%- mgm_ip_baseos.each_with_index do |ip, i| -%>
+c_ctrl_<%= i+1 %> : '<%= ip %>',
+<%- end -%>
+}
+
+env.hoststring_public_ip= {
+<%- public_ip_baseos.each_with_index do |ip, i| -%>
+c_ctrl_<%= i+1 %> : '<%= ip %>',
+<%- end -%>
+}
+
 #External routers
 ext_routers = [
 <%-

pre_build_hook

@@ -8,13 +8,19 @@ set -eux
 ROOT="$(dirname `readlink -f $0`)"
 MODULES="${ROOT}"/deployment_scripts/puppet/modules
 mkdir -p "${MODULES}"
-REPO_PATH='https://github.com/stackforge/fuel-library/tarball/f43d885914d74fbd062096763222f350f47480e1'
+FUEL_REPO_PATH='https://github.com/stackforge/fuel-library/tarball/f43d885914d74fbd062096763222f350f47480e1'
+NEUTRON_REPO_PATH='https://github.com/Juniper/contrail-neutron-plugin/tarball/3189155c572e95d4e5eb1b5cf65ee919c6082841'
 RPM_REPO="${ROOT}"/repositories/centos/
 DEB_REPO="${ROOT}"/repositories/ubuntu/
 
-wget -qO- "${REPO_PATH}" | \
+wget -qO- "${FUEL_REPO_PATH}" | \
       tar -C "${MODULES}" --strip-components=3 -zxvf - \
       stackforge-fuel-library-f43d885/deployment/puppet/{inifile,stdlib}
+
+wget -qO- "${NEUTRON_REPO_PATH}" | \
+      tar -C "${MODULES}/contrail/files" --strip-components=3 -zxvf - \
+      Juniper-contrail-neutron-plugin-3189155/neutron_plugin_contrail/plugins/opencontrail
+
 #
 # packages required for cassandra and zookeeper:
 deb_packages=('http://us.archive.ubuntu.com/ubuntu/pool/main/p/pcsc-lite/libpcsclite1_1.7.4-2ubuntu2_amd64.deb'

tasks.yaml

@@ -82,6 +82,13 @@
     puppet_manifest: puppet/manifests/site-compute-post.pp
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 720
+# TODO: Use "type: reboot" when new plugin sdk will be released.
+- role: ['compute']
+  stage: post_deployment
+  type: shell
+  parameters:
+    cmd: '/sbin/reboot'
+    timeout: 720
 - role: ['base-os']
   stage: post_deployment
   type: puppet
@@ -89,10 +96,4 @@
     puppet_manifest: puppet/manifests/site-contrail-post4.pp
     puppet_modules: puppet/modules:/etc/puppet/modules
     timeout: 720
-- role: ['base-os']
-  stage: post_deployment
-  type: puppet
-  parameters:
-    puppet_manifest: puppet/manifests/site-contrail-post5.pp
-    puppet_modules: puppet/modules:/etc/puppet/modules
-    timeout: 720
+