From 6ec9f25b1aaa02988fb32c030fb00156c2732c24 Mon Sep 17 00:00:00 2001 From: Javeria Khan Date: Wed, 6 Jan 2016 11:20:43 -0800 Subject: [PATCH] Initial Commit - Fuel PLUMgrid Plugin - Supports MOS 7.0 deployment Change-Id: I3f6a17ba3b8720e22d3d1be29e45b13077879210 Signed-off-by: Javeria Khan --- LICENSE | 202 ++++++++++++++++++ README.md | 61 ++++++ deployment_scripts/cleanup_os.sh | 35 +++ deployment_scripts/pg_os_version.sh | 30 +++ deployment_scripts/plumgrid_fabric.sh | 48 +++++ deployment_scripts/post_pg_license.sh | 60 ++++++ .../puppet/manifests/director.pp | 167 +++++++++++++++ .../puppet/manifests/director_fixes.pp | 34 +++ deployment_scripts/puppet/manifests/edge.pp | 159 ++++++++++++++ .../puppet/manifests/gateway.pp | 63 ++++++ .../puppet/manifests/pg_common.pp | 85 ++++++++ .../puppet/manifests/pre_deployment.pp | 23 ++ deployment_scripts/puppet/manifests/tools.pp | 51 +++++ .../modules/plumgrid/files/network.filters | 92 ++++++++ .../modules/plumgrid/files/plumgrid_plugin.py | 26 +++ .../modules/plumgrid/manifests/firewall.pp | 51 +++++ .../puppet/modules/plumgrid/manifests/init.pp | 105 +++++++++ .../modules/plumgrid/manifests/params.pp | 34 +++ .../puppet/modules/plumgrid/manifests/repo.pp | 62 ++++++ .../modules/plumgrid/templates/hosts.erb | 10 + .../modules/plumgrid/templates/ifcs.conf.erb | 7 + .../plumgrid/templates/plumgrid.conf.erb | 13 ++ .../puppet/modules/sal/manifests/init.pp | 40 ++++ .../modules/sal/manifests/keepalived.pp | 50 +++++ .../puppet/modules/sal/manifests/nginx.pp | 56 +++++ .../modules/sal/templates/default.conf.erb | 139 ++++++++++++ .../modules/sal/templates/keepalived.conf.erb | 30 +++ deployment_tasks.yaml | 115 ++++++++++ environment_config.yaml | 77 +++++++ metadata.yaml | 26 +++ network_roles.yaml | 6 + node_roles.yaml | 7 + pre_build_hook | 5 + repositories/centos/.gitkeep | 0 repositories/ubuntu/.gitkeep | 0 tasks.yaml | 6 + volumes.yaml | 5 + 37 files changed, 1980 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100644 deployment_scripts/cleanup_os.sh create mode 100644 deployment_scripts/pg_os_version.sh create mode 100644 deployment_scripts/plumgrid_fabric.sh create mode 100644 deployment_scripts/post_pg_license.sh create mode 100644 deployment_scripts/puppet/manifests/director.pp create mode 100644 deployment_scripts/puppet/manifests/director_fixes.pp create mode 100644 deployment_scripts/puppet/manifests/edge.pp create mode 100644 deployment_scripts/puppet/manifests/gateway.pp create mode 100644 deployment_scripts/puppet/manifests/pg_common.pp create mode 100644 deployment_scripts/puppet/manifests/pre_deployment.pp create mode 100644 deployment_scripts/puppet/manifests/tools.pp create mode 100644 deployment_scripts/puppet/modules/plumgrid/files/network.filters create mode 100644 deployment_scripts/puppet/modules/plumgrid/files/plumgrid_plugin.py create mode 100644 deployment_scripts/puppet/modules/plumgrid/manifests/firewall.pp create mode 100644 deployment_scripts/puppet/modules/plumgrid/manifests/init.pp create mode 100644 deployment_scripts/puppet/modules/plumgrid/manifests/params.pp create mode 100644 deployment_scripts/puppet/modules/plumgrid/manifests/repo.pp create mode 100644 deployment_scripts/puppet/modules/plumgrid/templates/hosts.erb create mode 100644 deployment_scripts/puppet/modules/plumgrid/templates/ifcs.conf.erb create mode 100644 deployment_scripts/puppet/modules/plumgrid/templates/plumgrid.conf.erb create mode 100644 deployment_scripts/puppet/modules/sal/manifests/init.pp create mode 100644 deployment_scripts/puppet/modules/sal/manifests/keepalived.pp create mode 100644 deployment_scripts/puppet/modules/sal/manifests/nginx.pp create mode 100644 deployment_scripts/puppet/modules/sal/templates/default.conf.erb create mode 100644 deployment_scripts/puppet/modules/sal/templates/keepalived.conf.erb create mode 100644 deployment_tasks.yaml create mode 100644 environment_config.yaml create mode 100644 metadata.yaml create mode 100644 network_roles.yaml create mode 100644 node_roles.yaml create mode 100755 pre_build_hook create mode 100644 repositories/centos/.gitkeep create mode 100644 repositories/ubuntu/.gitkeep create mode 100644 tasks.yaml create mode 100644 volumes.yaml diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..cbb7626 --- /dev/null +++ b/README.md @@ -0,0 +1,61 @@ +PLUMgrid plugin for Mirantis Fuel +================================= + +License +------- +Copyright 2016 PLUMgrid Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +PLUMgrid Plugin +--------------- +PLUMgrid is a core neutron networking plugin that has been a part of OpenStack +neutron since Grizzly. It offers a Network Virtualization Platform that uses +direct communication with the Hypervisor layer to provide all the networking +functionality requested through Neutron APIs. It implements Neutron v2 APIs +and helps configure L2/L3 virtual networks created through the PLUMgrid Platform. +It also implements External Networks and Port Binding Extensions. + +Building the plugin +------------------- +1. Clone the PLUMgrid Fuel plugin repository: + + ``# git clone https://github.com/openstack/fuel-plugin-plumgrid`` + +2. Install Fuel Plugin Builder: + + ``pip install fuel-plugin-builder`` + +3. Navigate to the cloned PLUMgrid Fuel plugin folder and build the plugin: + + ``cd plumgrid-fuel-plugin/`` + + ``fpb --build .`` + +3. The plumgrid-.rpm plugin file will be created. + +4. Copy this file to the Fuel Master node with secure copy (scp): + + ``scp plumgrid-.rpm root@::/tmp`` + +5. On the Fuel Master node, Install the PLUMgrid plugin with: + + ``cd /tmp`` + ``fuel plugins --install plumgrid-.rpm`` + +6. The plugin is now ready for use and can be enabled on the Settings tab, PLUMgrid Plugin section + of the Fuel web UI. + +Note: Contact PLUMgrid for an Installation Pack info@plumgrid.com +(includes full/trial license, packages and deployment documentation) + diff --git a/deployment_scripts/cleanup_os.sh b/deployment_scripts/cleanup_os.sh new file mode 100644 index 0000000..d26ae40 --- /dev/null +++ b/deployment_scripts/cleanup_os.sh @@ -0,0 +1,35 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +if [[ ! -f "/root/cleanup_os" ]];then + source /root/openrc + router_id=`neutron router-list | grep "network_id" | awk '{print $2}'` + neutron router-gateway-clear $router_id + subnet_id=`neutron router-port-list $router_id | grep "subnet_id" | awk '{print $8}' | awk -F '\"' '{print $2}'` + neutron router-interface-delete $router_id $subnet_id + neutron router-delete $router_id + neutron subnet-delete $subnet_id + neutron net-delete net04 + neutron net-delete net04_ext + admin_id=`keystone tenant-list|grep admin|awk -F '|' '{ print $2 }'` + neutron security-group-delete --tenant-id $admin_id + neutron security-group-delete default + touch /root/cleanup_os + +else + echo "Cleanup already preformed before, skipping." +fi diff --git a/deployment_scripts/pg_os_version.sh b/deployment_scripts/pg_os_version.sh new file mode 100644 index 0000000..b9d2e5e --- /dev/null +++ b/deployment_scripts/pg_os_version.sh @@ -0,0 +1,30 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +. /tmp/plumgrid_config + +curl -Lks http://$pg_repo:81/files/lvm-installer.sh -o /tmp/lvm-installer.sh + +curl -Lks http://$pg_repo:81/files/pg_os_version.yaml -o /tmp/pg_os_version.yaml + +pg_version=$(cat /tmp/lvm-installer.sh | grep pg_ver= | awk 'NR==1 {print}'| cut -c9-| sed 's/-.*//') + +os_version=$(cat /tmp/pg_os_version.yaml | grep $pg_version-k | cut -d ' ' -f2) + +if [ -n "$os_version" ]; then + grep -q -F "networking_pg_version: $os_version" /etc/astute.yaml || echo "networking_pg_version: $os_version" >> /etc/astute.yaml +fi diff --git a/deployment_scripts/plumgrid_fabric.sh b/deployment_scripts/plumgrid_fabric.sh new file mode 100644 index 0000000..e90c4ed --- /dev/null +++ b/deployment_scripts/plumgrid_fabric.sh @@ -0,0 +1,48 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +. /tmp/plumgrid_config + +fabric_ip=$(ip addr show br-mgmt | awk '$1=="inet" {print $2}' | awk -F '/' '{print $1}' | awk -F '.' '{print $4}' | head -1) +fabric_dev=$(brctl show br-mgmt | awk -F ' ' '{print $4}' | awk 'FNR == 2 {print}' | awk -F '.' '{print $1}') + +# remove the default bridge, if it exists +BRIDGE_AUX=$(brctl show | grep br-aux || true) + +if [[ ! -z "${BRIDGE_AUX}" ]];then + + brctl delif br-aux $fabric_dev + ifconfig br-aux down + brctl delbr br-aux + rm -f /etc/network/interfaces.d/ifcfg-br-aux + +fi + +fabric_netmask=$(ifconfig br-mgmt | grep Mask | sed s/^.*Mask://) +fabric_net=$(echo $fabric_network | cut -f2 -d: | cut -f1-3 -d.) + +ifconfig $fabric_dev $fabric_net.$fabric_ip netmask $fabric_netmask +ifconfig $fabric_dev mtu 1580 + +if [[ -f "/etc/network/interfaces.d/ifcfg-$fabric_dev" ]];then + rm /etc/network/interfaces.d/ifcfg-$fabric_dev +fi + +echo -e "auto $fabric_dev\niface $fabric_dev inet static\naddress $fabric_net.$fabric_ip/24\nmtu 1580" >> /etc/network/interfaces.d/ifcfg-$fabric_dev + +grep -q -F "fabric_dev: $fabric_dev" /etc/astute.yaml || echo "fabric_dev: $fabric_dev" >> /etc/astute.yaml + diff --git a/deployment_scripts/post_pg_license.sh b/deployment_scripts/post_pg_license.sh new file mode 100644 index 0000000..3d1595f --- /dev/null +++ b/deployment_scripts/post_pg_license.sh @@ -0,0 +1,60 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +. /tmp/plumgrid_config + +if [[ ! -f "/root/post_director" ]];then + + #Wait for the platform to come up + sleep 5 + retry_cnt=0 + http_status="" + + while [[ "$http_status" != "200" ]]; do + if [[ $retry_cnt -ge 30 ]]; then + echo "Failed to login to platform for 60 seconds, exiting..." + exit 1 + fi + + #Login to PLUMgrid + http_status=$(curl -H "Accept: application/json" -H "Content-Type: application/json" -k -X \ + POST https://$vip/0/login -d '{"userName":"plumgrid","password":"plumgrid"}' \ + -c /tmp/cookie -i | grep HTTP | awk '{print $2}') + + echo $http_status + + let "retry_cnt= $retry_cnt + 1" + sleep 2 + done + + #Install License + install_status=$(curl -H "Accept: application/json" -H "Content-Type: application/json" \ + https://$vip/0/tenant_manager/license_key/key1 -k -X PUT -d '{"license": '\"$license\"'}' \ + -i -b /tmp/cookie -k| grep HTTP | awk '{print $2}') + + echo $install_status + + if [[ $install_status -ne 200 ]]; then + echo "Error installing license, exiting..." + exit 1 + fi + + touch /root/post_director + +else + echo "This Director has already been configured, skipping." +fi diff --git a/deployment_scripts/puppet/manifests/director.pp b/deployment_scripts/puppet/manifests/director.pp new file mode 100644 index 0000000..09cf207 --- /dev/null +++ b/deployment_scripts/puppet/manifests/director.pp @@ -0,0 +1,167 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/director.pp') + +# Fuel settings +$fuel_hash = hiera_hash('public_ssl', {}) +$fuel_hostname = pick($fuel_hash['hostname']) + +# PLUMgrid settings +$plumgrid_hash = hiera_hash('plumgrid', {}) +$plumgrid_pkg_repo = pick($plumgrid_hash['plumgrid_package_repo']) +$plumgrid_lic = pick($plumgrid_hash['plumgrid_license']) +$plumgrid_vip = pick($plumgrid_hash['plumgrid_virtual_ip']) +$plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) +$plumgrid_username = pick($plumgrid_hash['plumgrid_username']) +$plumgrid_password = pick($plumgrid_hash['plumgrid_password']) +$networking_pg_version = hiera('networking_pg_version', '2015.1.1.1') + +# PLUMgrid Zone settings +$network_metadata = hiera_hash('network_metadata') +$haproxy_vip = pick($network_metadata['vips']['public']['ipaddr']) +$controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') +$controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ',') +$mgmt_net = hiera('management_network_range') +$fabric_dev = hiera('fabric_dev') + +# Neutron settings +$neutron_config = hiera_hash('quantum_settings', {}) +$metadata_secret = pick($neutron_config['metadata']['metadata_proxy_shared_secret'], 'root') +$service_endpoint = hiera('service_endpoint') + +# Neutron DB settings +$neutron_db_password = $neutron_config['database']['passwd'] +$neutron_db_user = pick($neutron_config['database']['user'], 'neutron') +$neutron_db_name = pick($neutron_config['database']['name'], 'neutron') +$neutron_db_host = pick($neutron_config['database']['host'], hiera('database_vip')) + +$neutron_db_uri = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}?&read_timeout=60" + +# OpenStack Access settings +$access_hash = hiera_hash('access', {}) +$admin_password = pick($access_hash['password']) + +# Add fuel node fqdn to /etc/hosts +host { 'fuel': + ip => $haproxy_vip, + host_aliases => $fuel_hostname, +} + +class { 'plumgrid': + plumgrid_ip => $controller_ipaddresses, + mgmt_dev => 'br-mgmt', + fabric_dev => $fabric_dev, + lvm_keypath => "/var/lib/plumgrid/zones/$plumgrid_zone/id_rsa.pub", +} + +class { 'sal': + plumgrid_ip => $controller_ipaddresses, + virtual_ip => $plumgrid_vip, +} + +class { plumgrid::firewall: + source_net => $mgmt_net, + dest_net => $mgmt_net, +} + +# Setup Neutron PLUMgrid Configurations + +package { 'neutron-server': + ensure => 'present', + name => 'neutron-server', +} + +service { 'neutron-server': + ensure => 'running', + name => 'neutron-server', + enable => true, +} + +file { '/etc/neutron/neutron.conf': + ensure => present, + notify => Service['neutron-server'], +} + +file_line { 'Enable PLUMgrid core plugin': + path => '/etc/neutron/neutron.conf', + line => 'core_plugin=neutron.plugins.plumgrid.plumgrid_plugin.plumgrid_plugin.NeutronPluginPLUMgridV2', + match => '^core_plugin.*$', + require => File['/etc/neutron/neutron.conf'], +} + +file_line { 'Disable service plugins': + path => '/etc/neutron/neutron.conf', + line => 'service_plugins = ""', + match => '^service_plugins.*$', + require => File['/etc/neutron/neutron.conf'], +} + +file { '/etc/nova/nova.conf': + ensure => present, + notify => Service['neutron-server'], +} + +file_line { 'Set libvirt vif': + path => '/etc/nova/nova.conf', + line => 'libvirt_vif_type=ethernet', + match => '^libvirt_vif_type.*$', + require => File['/etc/nova/nova.conf'] +} + +file_line { 'Set libvirt cpu mode': + path => '/etc/nova/nova.conf', + line => 'libvirt_cpu_mode=none', + match => '^libvirt_cpu_mode.*$', + require => File['/etc/nova/nova.conf'] +} + +# Setting PLUMgrid Config Files + +class { '::neutron::plugins::plumgrid': + director_server => $plumgrid_vip, + username => $plumgrid_username, + password => $plumgrid_password, + admin_password => $admin_password, + controller_priv_host => $service_endpoint, + connection => $neutron_db_uri, + nova_metadata_ip => '169.254.169.254', + nova_metadata_port => '8775', + metadata_proxy_shared_secret => $metadata_secret, +}-> +package { 'networking-plumgrid': + ensure => $networking_pg_version, + provider => 'pip', + notify => Service["$::neutron::params::server_service"], +} + +if ($networking_pg_version != '2015.1.1.1'){ + exec { "plumgrid-db-manage upgrade heads": + command => "/usr/local/bin/plumgrid-db-manage upgrade heads", + notify => Service["$::neutron::params::server_service"], + require => Package['networking-plumgrid'] + } +} + +# Update PLUMgrid plugin file + +file { 'plumgrid_plugin.py': + path => '/usr/lib/python2.7/dist-packages/neutron/plugins/plumgrid/plumgrid_plugin/plumgrid_plugin.py', + ensure => present, + mode => '0644', + source => 'puppet:///modules/plumgrid/plumgrid_plugin.py', + notify => Service["$::neutron::params::server_service"] +} diff --git a/deployment_scripts/puppet/manifests/director_fixes.pp b/deployment_scripts/puppet/manifests/director_fixes.pp new file mode 100644 index 0000000..31f91ac --- /dev/null +++ b/deployment_scripts/puppet/manifests/director_fixes.pp @@ -0,0 +1,34 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/director_fixes.pp') + +file { '/etc/apache2/ports.conf': + ensure => present, +} + +file_line { 'ensure no port conflict between apache and keystone': + path => '/etc/apache2/ports.conf', + line => 'NameVirtualHost *:35357', + ensure => 'absent', + require => File['/etc/apache2/ports.conf'] +} + +file_line { 'ensure no port conflict between apache-keystone': + path => '/etc/apache2/ports.conf', + line => 'NameVirtualHost *:5000', + ensure => 'absent', + require => File['/etc/apache2/ports.conf'] +} diff --git a/deployment_scripts/puppet/manifests/edge.pp b/deployment_scripts/puppet/manifests/edge.pp new file mode 100644 index 0000000..4717d31 --- /dev/null +++ b/deployment_scripts/puppet/manifests/edge.pp @@ -0,0 +1,159 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/edge.pp') + +# Metadata settings +$metadata_hash = hiera_hash('quantum_settings', {}) +$metadata_secret = pick($metadata_hash['metadata']['metadata_proxy_shared_secret'], 'root') + +# PLUMgrid settings +$plumgrid_hash = hiera_hash('plumgrid', {}) +$plumgrid_pkg_repo = pick($plumgrid_hash['plumgrid_package_repo']) +$plumgrid_vip = pick($plumgrid_hash['plumgrid_virtual_ip']) + +# PLUMgrid Zone settings +$network_metadata = hiera_hash('network_metadata') +$controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') +$controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ',') +$mgmt_net = hiera('management_network_range') +$fabric_dev = hiera('fabric_dev') +$plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) + +class { 'plumgrid': + plumgrid_ip => $controller_ipaddresses, + mgmt_dev => 'br-mgmt', + fabric_dev => $fabric_dev, + lvm_keypath => "/var/lib/plumgrid/zones/$plumgrid_zone/id_rsa.pub", +} + +class { plumgrid::firewall: + source_net=> $mgmt_net, + dest_net=> $mgmt_net, +} + +package { 'nova-api': + ensure => present, + name => 'nova-api', +} + +package { 'nova-compute': + ensure => present, + name => 'nova-compute', +} + +file { '/etc/nova/nova.conf': + ensure => present, + notify => [ Service['nova-compute'], Service['nova-api'] ] +} + +file_line { 'Set libvirt vif': + path => '/etc/nova/nova.conf', + line => 'libvirt_vif_type=ethernet', + match => '^libvirt_vif_type.*$', + require => File['/etc/nova/nova.conf'] +} + +file_line { 'Set libvirt cpu mode': + path => '/etc/nova/nova.conf', + line => 'libvirt_cpu_mode=none', + match => '^libvirt_cpu_mode.*$', + require => File['/etc/nova/nova.conf'] +} + +# Enabling Metadata on Computes +file_line { 'Enable Metadata Proxy': + path => '/etc/nova/nova.conf', + line => 'service_metadata_proxy=True', + match => '^#service_metadata_proxy=false', + require => File['/etc/nova/nova.conf'] +} + +file_line { 'Set Metadata Shared Secret': + path => '/etc/nova/nova.conf', + line => "metadata_proxy_shared_secret=$metadata_secret", + match => '^#metadata_proxy_shared_secret=', + require => File['/etc/nova/nova.conf'] +} + +service { 'libvirt-bin': + ensure => running, + name => 'libvirt-bin', + enable => true, +} + +service { 'nova-api': + ensure => running, + name => 'nova-api', + require => Package['nova-api'], + enable => true, +} + +service { 'nova-compute': + ensure => running, + name => 'nova-compute', + require => Package['nova-compute'], + enable => true, +} + +file { '/etc/libvirt/qemu.conf': + ensure => present, + notify => Service['libvirt-bin'], +} + +file_line { 'Libvirt QEMU settings': + path => '/etc/libvirt/qemu.conf', + line => 'cgroup_device_acl = ["/dev/null", "/dev/full", "/dev/zero", "/dev/random", "/dev/urandom", "/dev/ptmx", "/dev/kvm", "/dev/kqemu", "/dev/rtc", "/dev/hpet", "/dev/net/tun"]', + require => File['/etc/libvirt/qemu.conf'], +} + +# Enable packet forwarding for IPv4 +exec { 'sysctl -w net.ipv4.ip_forward=1': + command => '/sbin/sysctl -w net.ipv4.ip_forward=1' +} + +file { '/etc/sysctl.conf': + ensure => present +} + +file_line { 'Enable IP4 packet forwarding': + path => '/etc/sysctl.conf', + line => 'net.ipv4.ip_forward=1', + match => '^#net.ipv4.ip_forward=1', + require => File['/etc/sysctl.conf'] +} + +Package['nova-api'] -> File['/etc/nova/rootwrap.d/network.filters'] ~> Service['nova-compute'] + +file { '/etc/nova/rootwrap.d/network.filters': + ensure => present, + mode => '0644', + source => 'puppet:///modules/plumgrid/network.filters' +} + +file_line { 'unmount plumgrid.fuse post-stop': + path => '/etc/init/plumgrid.conf', + line => ' umount --fake /run/libvirt/lxc/plumgrid.fuse', + after => 'virsh -c lxc: destroy plumgrid', + require => Package[$plumgrid::params::plumgrid_package] +} + +file_line { 'unmount plumgrid.fuse pre-start': + path => '/etc/init/plumgrid.conf', + line => ' umount --fake /run/libvirt/lxc/plumgrid.fuse', + after => '/opt/pg/scripts/systemd_pre_start.sh', + require => Package[$plumgrid::params::plumgrid_package] +} diff --git a/deployment_scripts/puppet/manifests/gateway.pp b/deployment_scripts/puppet/manifests/gateway.pp new file mode 100644 index 0000000..4eea773 --- /dev/null +++ b/deployment_scripts/puppet/manifests/gateway.pp @@ -0,0 +1,63 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/gateway.pp') + +# PLUMgrid settings +$plumgrid_hash = hiera_hash('plumgrid', {}) +$plumgrid_gw_devs = pick($plumgrid_hash['gateway_devs']) + +# PLUMgrid Zone settings +$network_metadata = hiera_hash('network_metadata') +$controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') +$controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ',') +$mgmt_net = hiera('management_network_range') +$fabric_dev = hiera('fabric_dev') +$plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) + +class { 'plumgrid': + plumgrid_ip => $controller_ipaddresses, + mgmt_dev => 'br-mgmt', + fabric_dev => $fabric_dev, + gateway_devs => split($plumgrid_gw_devs, ','), + lvm_keypath => "/var/lib/plumgrid/zones/$plumgrid_zone/id_rsa.pub", +} + +class { plumgrid::firewall: + source_net => $mgmt_net, + dest_net => $mgmt_net, +} + +package { 'iptables-persistent': + ensure => present, + name => 'iptables-persistent' +} + +# Enable packet forwarding for IPv4 +exec { 'sysctl -w net.ipv4.ip_forward=1': + command => '/sbin/sysctl -w net.ipv4.ip_forward=1' +} + +file { '/etc/sysctl.conf': + ensure => present +} + +file_line { 'Enable IP4 packet forwarding': + path => '/etc/sysctl.conf', + line => 'net.ipv4.ip_forward=1', + match => '^#net.ipv4.ip_forward=1', + require => File['/etc/sysctl.conf'] +} diff --git a/deployment_scripts/puppet/manifests/pg_common.pp b/deployment_scripts/puppet/manifests/pg_common.pp new file mode 100644 index 0000000..1f2a6f9 --- /dev/null +++ b/deployment_scripts/puppet/manifests/pg_common.pp @@ -0,0 +1,85 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/pre_node.pp') + +$fuel_hash = hiera_hash('public_ssl', {}) +$fuel_hostname = pick($fuel_hash['hostname']) + +$metadata_hash = hiera_hash('quantum_settings', {}) +$metadata = pick($metadata_hash['metadata']['metadata_proxy_shared_secret'], 'root') + +$plumgrid_hash = hiera_hash('plumgrid', {}) +$plumgrid_pkg_repo = pick($plumgrid_hash['plumgrid_package_repo']) +$plumgrid_lic = pick($plumgrid_hash['plumgrid_license']) +$plumgrid_vip = pick($plumgrid_hash['plumgrid_virtual_ip']) +$plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) +$fabric_network = pick($plumgrid_hash['plumgrid_fabric_network']) + +$network_metadata = hiera_hash('network_metadata') +$haproxy_vip = pick($network_metadata['vips']['public']['ipaddr']) +$controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') +$controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ',') + +$pg_packages = [ 'python-pip', 'apparmor-utils' ] + +package { $pg_packages: + ensure => present, + require => Exec['apt-get update'] +} + +exec { 'aa-disable': + command => 'aa-disable /sbin/dhclient', + path => ['/usr/sbin', '/bin/'], + onlyif => 'aa-status | grep /sbin/dhclient', + subscribe => Package['apparmor-utils'] +} + +exec { "apt-get update": + command => "/usr/bin/apt-get update" +} + +file { '/tmp/plumgrid_config': + ensure => file, + content => "fuel_hostname=$fuel_hostname\nhaproxy_vip=$haproxy_vip\ndirector_ip=$controller_ipaddresses\nedge_ip=$compute_ipaddresses\nmetadata_secret=$metadata\nlicense=$plumgrid_lic\nvip=$plumgrid_vip\npg_repo=$plumgrid_pkg_repo\nzone_name=$plumgrid_zone\nfabric_network=$fabric_network", +} + +exec { 'ovs_rmmod': + command => 'rmmod openvswitch', + path => '/sbin', + onlyif => 'lsmod | /bin/grep openvswitch' +} + +package { 'openvswitch-*': + ensure => absent +} + +file { ['/var/lib/plumgrid', '/var/lib/plumgrid/zones', "/var/lib/plumgrid/zones/$plumgrid_zone"]: + ensure => directory, + mode => 0755, +}-> +exec { "lcm_key": + command => "/usr/bin/curl -Lks http://$plumgrid_pkg_repo:81/files/ssh_keys/zones/$plumgrid_zone/id_rsa.pub -o /var/lib/plumgrid/zones/$plumgrid_zone/id_rsa.pub", +} + +exec { "get_GPG": + command => "/usr/bin/curl -Lks http://$plumgrid_pkg_repo:81/plumgrid/GPG-KEY -o /tmp/GPG-KEY", +}-> +exec { "apt-key": + path => '/bin:/usr/bin', + environment => 'HOME=/root', + command => 'apt-key add /tmp/GPG-KEY', +} diff --git a/deployment_scripts/puppet/manifests/pre_deployment.pp b/deployment_scripts/puppet/manifests/pre_deployment.pp new file mode 100644 index 0000000..9ca8b0b --- /dev/null +++ b/deployment_scripts/puppet/manifests/pre_deployment.pp @@ -0,0 +1,23 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/pre_deployment.pp') + +package { 'libvirt0' : + ensure => '1.2.2-0ubuntu13.1.16', +} -> +package { 'libvirt-bin' : + ensure => '1.2.2-0ubuntu13.1.16', +} diff --git a/deployment_scripts/puppet/manifests/tools.pp b/deployment_scripts/puppet/manifests/tools.pp new file mode 100644 index 0000000..0683e08 --- /dev/null +++ b/deployment_scripts/puppet/manifests/tools.pp @@ -0,0 +1,51 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: plumgrid/tools.pp') + +# PLUMgrid settings +$metadata_hash = hiera_hash('quantum_settings', {}) +$metadata = pick($metadata_hash['metadata']['metadata_proxy_shared_secret'], 'root') +$plumgrid_hash = hiera_hash('plumgrid', {}) +$plumgrid_pkg_repo = pick($plumgrid_hash['plumgrid_package_repo']) +$plumgrid_vip = pick($plumgrid_hash['plumgrid_virtual_ip']) +$plumgrid_gw_devs = pick($plumgrid_hash['gateway_devs']) +$plumgrid_zone = pick($plumgrid_hash['plumgrid_zone']) +$fabric_network = pick($plumgrid_hash['plumgrid_fabric_network']) + +# PLUMgrid Zone settings +$network_metadata = hiera_hash('network_metadata') +$controller_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$controller_address_map = get_node_to_ipaddr_map_by_network_role($controller_nodes, 'mgmt/vip') +$controller_ipaddresses = join(hiera_array('controller_ipaddresses', values($controller_address_map)), ' ') + +$compute_nodes = get_nodes_hash_by_roles($network_metadata, ['compute']) +$compute_address_map = get_node_to_ipaddr_map_by_network_role($compute_nodes, 'mgmt/vip') +$compute_ipaddresses = join(hiera_array('compute_ipaddresses', values($compute_address_map)), ' ') + +$gateway_nodes = get_nodes_hash_by_roles($network_metadata, ['PLUMgrid-Gateway']) +$gateway_address_map = get_node_to_ipaddr_map_by_network_role($gateway_nodes, 'mgmt/vip') +$gateway_ipaddresses = join(hiera_array('gateway_ipaddresses', values($gateway_address_map)), ' ') + +file { '/etc/plumgrid': + ensure => directory, + mode => 0755, +} + +file { '/etc/plumgrid/plumgrid.conf': + ensure => file, + mode => 0755, + content => "zone_name=\"$plumgrid_zone\"\npg_director_ips=\"$controller_ipaddresses\"\npg_virt_ip=\"$plumgrid_vip\"\nplumgrid_repo_url=\"$plumgrid_pkg_repo\"\ncontrollers=\"$controller_ipaddresses\"\ncomputes=\"$compute_ipaddresses\"\nfabric_net=\"$fabric_network\"\nadd_gateway=\"yes\"\ngateway_devs=\"$plumgrid_gw_devs\"\ngateway_ips=\"$gateway_ipaddresses\"" +} diff --git a/deployment_scripts/puppet/modules/plumgrid/files/network.filters b/deployment_scripts/puppet/modules/plumgrid/files/network.filters new file mode 100644 index 0000000..1b3f070 --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/files/network.filters @@ -0,0 +1,92 @@ +# nova-rootwrap command filters for network nodes +# This file should be owned by (and only-writeable by) the root user + +[Filters] +# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up' +# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev +# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i.. +# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'.. +# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',.. +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',.. +# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev) +# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1] +# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge +# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', .. +# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',.. +# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ... +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,.. +# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up' +# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up' +# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, .. +# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up' +# nova/network/linux_net.py: 'ip', 'route', 'add', .. +# nova/network/linux_net.py: 'ip', 'route', 'del', . +# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev +ip: CommandFilter, ip, root + +# nova/virt/libvirt/vif.py: 'ovs-vsctl', ... +# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ... +# nova/network/linux_net.py: 'ovs-vsctl', .... +ovs-vsctl: CommandFilter, ovs-vsctl, root + +# nova/network/linux_net.py: 'ovs-ofctl', .... +ovs-ofctl: CommandFilter, ovs-ofctl, root + +# nova/virt/libvirt/vif.py: 'ivs-ctl', ... +# nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ... +# nova/network/linux_net.py: 'ivs-ctl', .... +ivs-ctl: CommandFilter, ivs-ctl, root + +# nova/virt/libvirt/vif.py: 'ifc_ctl', ... +ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root +ifc_ctl_pp: CommandFilter, /opt/pg/bin/ifc_ctl_pp, root + +# nova/virt/libvirt/vif.py: 'mm-ctl', ... +mm-ctl: CommandFilter, mm-ctl, root + +# nova/network/linux_net.py: 'ebtables', '-D' ... +# nova/network/linux_net.py: 'ebtables', '-I' ... +ebtables: CommandFilter, ebtables, root +ebtables_usr: CommandFilter, ebtables, root + +# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ... +iptables-save: CommandFilter, iptables-save, root +ip6tables-save: CommandFilter, ip6tables-save, root + +# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,) +iptables-restore: CommandFilter, iptables-restore, root +ip6tables-restore: CommandFilter, ip6tables-restore, root + +# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ... +# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],.. +arping: CommandFilter, arping, root + +# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address +dhcp_release: CommandFilter, dhcp_release, root + +# nova/network/linux_net.py: 'kill', '-9', pid +# nova/network/linux_net.py: 'kill', '-HUP', pid +kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP + +# nova/network/linux_net.py: 'kill', pid +kill_radvd: KillFilter, root, /usr/sbin/radvd + +# nova/network/linux_net.py: dnsmasq call +dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq + +# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'.. +radvd: CommandFilter, radvd, root + +# nova/network/linux_net.py: 'brctl', 'addbr', bridge +# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0 +# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off' +# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface +brctl: CommandFilter, brctl, root + +# nova/network/linux_net.py: 'sysctl', .... +sysctl: CommandFilter, sysctl, root + +# nova/network/linux_net.py: 'conntrack' +conntrack: CommandFilter, conntrack, root diff --git a/deployment_scripts/puppet/modules/plumgrid/files/plumgrid_plugin.py b/deployment_scripts/puppet/modules/plumgrid/files/plumgrid_plugin.py new file mode 100644 index 0000000..460f6e8 --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/files/plumgrid_plugin.py @@ -0,0 +1,26 @@ +# Copyright 2016 PLUMgrid, Inc. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +from networking_plumgrid.neutron.plugins import plugin + + +class NeutronPluginPLUMgridV2(plugin.NeutronPluginPLUMgridV2): + + vndr_exts = plugin.NeutronPluginPLUMgridV2.supported_extension_aliases + supported_extension_aliases = ["binding", "external-net", "extraroute", + "provider", "quotas", "router", + "security-group"] + vndr_exts + + def __init__(self): + super(NeutronPluginPLUMgridV2, self).__init__() diff --git a/deployment_scripts/puppet/modules/plumgrid/manifests/firewall.pp b/deployment_scripts/puppet/modules/plumgrid/manifests/firewall.pp new file mode 100644 index 0000000..3565fea --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/manifests/firewall.pp @@ -0,0 +1,51 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class plumgrid::firewall ( + $source_net = undef, + $dest_net = undef, +) { + + if $source_net != undef { + firewall { '001 plumgrid udp': + proto => 'udp', + action => 'accept', + state => ['NEW'], + destination => $dest_net, + source => $source_net, + before => Class['plumgrid'], + } + firewall { '001 plumgrid rpc': + proto => 'tcp', + action => 'accept', + state => ['NEW'], + destination => $dest_net, + source => $source_net, + before => Class['plumgrid'], + } + firewall { '040 allow vrrp': + proto => 'vrrp', + action => 'accept', + before => Class['plumgrid'], + } + firewall { '040 keepalived': + proto => 'all', + action => 'accept', + destination => '224.0.0.18/32', + source => $source_net, + before => Class['plumgrid'], + } + } +} diff --git a/deployment_scripts/puppet/modules/plumgrid/manifests/init.pp b/deployment_scripts/puppet/modules/plumgrid/manifests/init.pp new file mode 100644 index 0000000..587bc4b --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/manifests/init.pp @@ -0,0 +1,105 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class plumgrid ( + $plumgrid_ip = '', + $plumgrid_port = 8001, + $rest_ip = '0.0.0.0', + $rest_port = '9180', + $mgmt_dev = 'br-mgmt', + $fabric_dev = 'bond0', + $fabric_mode = 'host', + $gateway_devs = [], + $demux_devs = [], + $license = '', + $lvm_keypath = '', + $mcollective = false, + $manage_repo = $plumgrid::params::manage_repo, + $repo_baseurl = '', + $repo_component = '', + $physical_location = '', +) inherits plumgrid::params { + Exec { path => [ '/bin', '/sbin' , '/usr/bin', '/usr/sbin', '/usr/local/bin', ] } + + $pg_package = $plumgrid::params::plumgrid_package + $lxc_root_path = '/var/lib/libvirt/filesystems/plumgrid' + $lxc_data_path = '/var/lib/libvirt/filesystems/plumgrid-data' + + $ips = split($plumgrid_ip, ',') + $firstip = $ips[0] + $ips_awk = join($ips, '|') + + package { "iovisor-dkms": + ensure => "latest", + }-> + package { $pg_package: + ensure => "latest", + } + if $lvm_keypath != '' { + ssh_authorized_key { "root@lvm": + key => regsubst(chomp(file($lvm_keypath)), '^\S* (\S*) \S*$', '\1'), + type => 'ssh-rsa', + user => 'root', + target => "${lxc_data_path}/root/.ssh/authorized_keys", + require => Package[$pg_package], + before => Service['plumgrid'], + } + } + file { "${lxc_data_path}/conf/etc/hostname": + content => $hostname, + require => Package[$pg_package], + before => Service['plumgrid'], + } + file { "${lxc_data_path}/conf/etc/hosts": + content => template('plumgrid/hosts.erb'), + require => Package[$pg_package], + before => Service['plumgrid'], + } + exec { 'pick-fabric_dev-by-route': + creates => "${lxc_data_path}/conf/pg/.auto_dev-fabric", + command => "ip route get ${firstip} | awk 'NR==1 && \$2==\"dev\" {print \$3; exit 0} NR==1 && \$2==\"via\" {print \$5; exit 0} NR>1 { exit 1 }' > ${lxc_data_path}/conf/pg/.auto_dev-fabric || ip addr show | awk '/(${ips_awk})\\// {print \$NF}' > ${lxc_data_path}/conf/pg/.auto_dev-fabric", + require => Package[$pg_package], + }-> + exec { 'check-fabric_dev-by-route': + command => 'echo "Please provide \"mgmt_dev\" and \"fabric_dev\" parameters for \"plumgrid\" class using foreman UI" && exit 1', + unless => "test -s ${lxc_data_path}/conf/pg/.auto_dev-fabric", + } + file { "${lxc_data_path}/conf/pg/.plumgrid.conf": + ensure => file, + content => template('plumgrid/plumgrid.conf.erb'), + require => Package[$pg_package], + }~> + exec { 'generate-plumgrid.conf': + refreshonly => true, + command => "sed \"s/%AUTO_DEV%/`head -n1 ${lxc_data_path}/conf/pg/.auto_dev-fabric`/g\" ${lxc_data_path}/conf/pg/.plumgrid.conf > ${lxc_data_path}/conf/pg/plumgrid.conf", + subscribe => Exec['pick-fabric_dev-by-route'], + notify => Service['plumgrid'], + } + file { "${lxc_data_path}/conf/pg/.ifcs.conf": + content => template("${module_name}/ifcs.conf.erb"), + require => Package[$pg_package], + }~> + exec { 'generate-ifcs.conf': + refreshonly => true, + command => "sed \"s/%AUTO_DEV%/`head -n1 ${lxc_data_path}/conf/pg/.auto_dev-fabric`/g\" ${lxc_data_path}/conf/pg/.ifcs.conf > ${lxc_data_path}/conf/pg/ifcs.conf", + subscribe => Exec['pick-fabric_dev-by-route'], + notify => Service['plumgrid'], + } + + service { 'plumgrid': + ensure => running, + enable => true, + } +} diff --git a/deployment_scripts/puppet/modules/plumgrid/manifests/params.pp b/deployment_scripts/puppet/modules/plumgrid/manifests/params.pp new file mode 100644 index 0000000..d60035b --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/manifests/params.pp @@ -0,0 +1,34 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class plumgrid::params { + $plumgrid_package = 'plumgrid-lxc' + case $::osfamily { + 'RedHat', 'Linux': { + $manage_repo = false + $libvirt_package = 'libvirt-daemon-driver-lxc' + $libvirt_service = 'libvirtd' + $kernel_header_package = 'kernel-devel' + } + 'Debian': { + $manage_repo = true + $libvirt_package = 'libvirt-bin' + $libvirt_service = 'libvirt-bin' + $kernel_header_package = "linux-headers-${kernelrelease}" + } + } + $fabric_dev = '%AUTO_DEV%' + $mgmt_dev = '%AUTO_DEV%' +} diff --git a/deployment_scripts/puppet/modules/plumgrid/manifests/repo.pp b/deployment_scripts/puppet/modules/plumgrid/manifests/repo.pp new file mode 100644 index 0000000..c75dd72 --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/manifests/repo.pp @@ -0,0 +1,62 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class plumgrid::repo ( + $ensure = 'present', + $os_release = 'icehouse', + $repo_baseurl, + $repo_component, +) { + if $ensure == 'present' { + case $::osfamily { + 'RedHat', 'Linux': { + if $repo_baseurl and $repo_baseurl != '' { + yumrepo { 'plumgrid': + baseurl => "${repo_baseurl}/${repo_component}/el${operatingsystemmajrelease}/${architecture}", + descr => "PLUMgrid Repo", + enabled => 1, + gpgcheck => 1, + gpgkey => "${repo_baseurl}/GPG-KEY", + } + } + } + 'Debian': { + apt::source { 'openstack': + location => 'http://ubuntu-cloud.archive.canonical.com/ubuntu', + release => "${::lsbdistcodename}-updates/${os_release}", + repos => 'main', + key => 'ECD76E3E', + key_server => 'keyserver.ubuntu.com', + include_src => false, + } + Apt::Source['openstack'] -> Package['plumgrid-lxc'] + } + default: { + fail("Unsupported repository for osfamily: ${::osfamily}, OS: ${::operatingsystem}, module ${module_name}") + } + } + } else { + case $::osfamily { + 'RedHat', 'Linux': { + if $repo_baseurl and $repo_baseurl != '' { + yumrepo { 'plumgrid': ensure => absent, } + } + } + 'Debian': { + apt::source { 'openstack': ensure => absent, } + } + } + } +} diff --git a/deployment_scripts/puppet/modules/plumgrid/templates/hosts.erb b/deployment_scripts/puppet/modules/plumgrid/templates/hosts.erb new file mode 100644 index 0000000..525d52d --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/templates/hosts.erb @@ -0,0 +1,10 @@ +# File created by puppet +127.0.0.1 localhost +127.0.1.1 <%= @fqdn %> <%= @hostname %> + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters diff --git a/deployment_scripts/puppet/modules/plumgrid/templates/ifcs.conf.erb b/deployment_scripts/puppet/modules/plumgrid/templates/ifcs.conf.erb new file mode 100644 index 0000000..c7802e9 --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/templates/ifcs.conf.erb @@ -0,0 +1,7 @@ +<%= @fabric_dev %> = fabric_core host +<%- @gateway_devs.uniq.each do |entry| -%> +<%= entry %> = access_phys +<%- end -%> +<%- @demux_devs.uniq.each do |entry| -%> +<%= entry %> = trunk_ifc +<%- end -%> diff --git a/deployment_scripts/puppet/modules/plumgrid/templates/plumgrid.conf.erb b/deployment_scripts/puppet/modules/plumgrid/templates/plumgrid.conf.erb new file mode 100644 index 0000000..ed5fdd8 --- /dev/null +++ b/deployment_scripts/puppet/modules/plumgrid/templates/plumgrid.conf.erb @@ -0,0 +1,13 @@ +plumgrid_ip=<%= @plumgrid_ip %> +plumgrid_port=<%= @plumgrid_port %> +mgmt_dev=<%= @mgmt_dev %> +label=<%= @hostname %> +plumgrid_rsync_port=2222 +plumgrid_rest_addr=<%= @rest_ip %>:<%= @rest_port %> +fabric_mode=<%= @fabric_mode %> +plumgrid_syslog_ng_ip=<%= @plumgrid_syslog_ng_ip %> +plumgrid_syslog_ng_port=<%= @plumgrid_syslog_ng_port %> +plumgrid_monitor_interval=<%= @plumgrid_monitor_interval %> +start_plumgrid_iovisor=yes +start_plumgrid=`/opt/pg/scripts/pg_is_director.sh $plumgrid_ip` +location=<%= @physical_location %> diff --git a/deployment_scripts/puppet/modules/sal/manifests/init.pp b/deployment_scripts/puppet/modules/sal/manifests/init.pp new file mode 100644 index 0000000..df512e6 --- /dev/null +++ b/deployment_scripts/puppet/modules/sal/manifests/init.pp @@ -0,0 +1,40 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class sal ($plumgrid_ip = '', + $virtual_ip = '', + $rest_port = '9180', + $mgmt_dev = '%AUTO_DEV%', + ) { + $lxc_root_path = '/var/lib/libvirt/filesystems/plumgrid' + $lxc_data_path = '/var/lib/libvirt/filesystems/plumgrid-data' + + firewall { '001 allow PG Console access': + destination => $virtual_ip, + dport => 443, + proto => tcp, + action => accept, + before => [ Class['sal::nginx'], Class['sal::keepalived'] ], + } + + class { 'sal::nginx': + plumgrid_ip => $plumgrid_ip, + virtual_ip => $virtual_ip, + } + class { 'sal::keepalived': + virtual_ip => $virtual_ip, + mgmt_dev => $mgmt_dev, + } +} diff --git a/deployment_scripts/puppet/modules/sal/manifests/keepalived.pp b/deployment_scripts/puppet/modules/sal/manifests/keepalived.pp new file mode 100644 index 0000000..161fe43 --- /dev/null +++ b/deployment_scripts/puppet/modules/sal/manifests/keepalived.pp @@ -0,0 +1,50 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class sal::keepalived ($virtual_ip, + $mgmt_dev, + $keepalived_password = 'keepaliv', + ) { +Exec { path => [ '/bin', '/sbin' , '/usr/bin', '/usr/sbin', '/usr/local/bin', ] } + +$keepalived_priority = 100 +$keepalived_router_id = regsubst($virtual_ip, '^\d+\.\d+\.\d+\.(\d+)$', '\1') + +if $keepalived_router_id == '' { + fail('invalid virtual_ip, use x.x.x.x notation') + } + +exec { 'pick-vip_dev-by-route': + creates => "${::sal::lxc_data_path}/conf/pg/.auto_dev-vip", + command => "ip route get ${virtual_ip} | awk 'NR==1 && \$2==\"dev\" {print \$3; exit 0} NR==1 && \$2==\"via\" {print \$5; exit 0} NR>1 { exit 1 }' > ${::sal::lxc_data_path}/conf/pg/.auto_dev-vip || ip addr show | awk '/(${virtual_ip})\\// {print \$NF}' > ${::sal::lxc_data_path}/conf/pg/.auto_dev-vip", + require => Package['plumgrid-lxc'], +}-> +exec { 'check-vip_dev-by-route': + command => 'echo "Please provide \"mgmt_dev\" parameter for \"sal\" class using foreman UI" && exit 1', + unless => "test -s ${::sal::lxc_data_path}/conf/pg/.auto_dev-vip", +} + +file { "${::sal::lxc_data_path}/conf/etc/.keepalived.conf": + ensure => file, + content => template('sal/keepalived.conf.erb'), + require => Package['plumgrid-lxc'], +}~> +exec { 'generate-keepalived.conf': + refreshonly => true, + command => "sed \"s/%AUTO_DEV%/`head -n1 ${::sal::lxc_data_path}/conf/pg/.auto_dev-vip`/g\" ${::sal::lxc_data_path}/conf/etc/.keepalived.conf > ${::sal::lxc_data_path}/conf/etc/keepalived.conf", + subscribe => Exec['pick-vip_dev-by-route'], + notify => Service['plumgrid'], +} +} diff --git a/deployment_scripts/puppet/modules/sal/manifests/nginx.pp b/deployment_scripts/puppet/modules/sal/manifests/nginx.pp new file mode 100644 index 0000000..e7dc3ab --- /dev/null +++ b/deployment_scripts/puppet/modules/sal/manifests/nginx.pp @@ -0,0 +1,56 @@ +# +# Copyright (c) 2016, PLUMgrid Inc, http://plumgrid.com +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class sal::nginx ($plumgrid_ip = '', + $virtual_ip = '', + $use_default_cert = true, + ) { + if ($use_default_cert) { + $nginx_cert = "${::sal::lxc_data_path}/ssl/nginx/default.crt" + $nginx_key = "${::sal::lxc_data_path}/ssl/nginx/default.key" + } else { + # update with your parameters to generate a self-signed certificate + $location = "Sunnyvale" + $country = "US" + $state = "CA" + $organization = "ACME" + $unit = "IT" + $commonname = "www.example.com" + $keyname = "www_example_com" + + $nginx_cert = "${::sal::lxc_data_path}/ssl/nginx/${keyname}.crt" + $nginx_key = "${::sal::lxc_data_path}/ssl/nginx/${keyname}.key" + + $subject = "/C=${country}/ST=${state}/L=${location}/O=${organization}/OU=${unit}/CN=${commonname}" + $createcertificate = "/usr/bin/openssl req -new -newkey rsa:2048 -x509 -days 3650 -nodes -out ${nginx_cert} -keyout ${nginx_key} -subj \"${subject}\"" + + exec { "openssl-csr": + command => $createcertificate, + creates => [$nginx_cert, $nginx_key], + require => Package['plumgrid-lxc'], + } + } + + $nginx_virtual_ip = regsubst($virtual_ip, '^(\d+\.\d+\.\d+\.\d+)$', '\1') + if $nginx_virtual_ip == '' { + fail('invalid virtual_ip, use x.x.x.x notation') + } + $nginx_real_ips = split($plumgrid_ip, ',') + file { "${::sal::lxc_data_path}/conf/pg/nginx.conf": + ensure => file, + content => template('sal/default.conf.erb'), + require => Package['plumgrid-lxc'], + } +} diff --git a/deployment_scripts/puppet/modules/sal/templates/default.conf.erb b/deployment_scripts/puppet/modules/sal/templates/default.conf.erb new file mode 100644 index 0000000..bb59170 --- /dev/null +++ b/deployment_scripts/puppet/modules/sal/templates/default.conf.erb @@ -0,0 +1,139 @@ +upstream sal { + server unix:/opt/pg/tmp/sal-web.socket; + keepalive 16; +} + +upstream websocket { + server unix:/opt/pg/tmp/sal-ws.socket; + keepalive 16; +} + +upstream pgCli { + server <%= @nginx_virtual_ip %>:3000; +} + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +lua_socket_log_errors off; +#lua_code_cache off; +lua_shared_dict rest_servers 16K; +lua_shared_dict apache_servers 16K; +lua_shared_dict tc_servers 16K; +init_by_lua 'lb = require "lb" +init_servers = { +<%- @nginx_real_ips.each do |real| -%> + ["<%= real %>"] = true, +<%- end -%> +}'; + +# Redirect http to https +server { + listen <%= @nginx_virtual_ip %>:9080; + server_name $hostname; + return 301 https://$host$request_uri; +} + +server { + listen <%= @nginx_virtual_ip %>:443 ssl; + ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5; + ssl_certificate /opt/pg/sal/nginx/ssl/default.crt; + ssl_certificate_key /opt/pg/sal/nginx/ssl/default.key; + #ssl_session_cache shared:SSL:10m; + #ssl_session_timeout 10m; + + server_name $hostname; + root /opt/pg/web; + index login.html; + + location /cli/ { + proxy_pass http://pgCli/; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + } + + location /vtap/ { + alias /opt/pg/vtap; + } + + # REST API calls start with /v[0-9]/, a keyword, or a capital letter. + # Note: Regular expressions have higher precedence than prefix matches + # so don't combine with /0/... + location ~ ^/(v[0-9]/|pg/|docs|api-docs|[A-Z]) { + set $active_upstream "http://sal"; + access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then + if ngx.req.get_uri_args()["server"]~=ngx.var.host then + ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri + end + end'; + + proxy_pass $active_upstream; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /0/ { + set $active_upstream "http://sal"; + access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then + if ngx.req.get_uri_args()["server"]~=ngx.var.host then + ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri + end + end'; + + proxy_pass $active_upstream; + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location /0/websocket { + set $active_upstream "http://websocket"; + access_by_lua 'if ngx.req.get_uri_args()["server"]~=nil then + if ngx.req.get_uri_args()["server"]~=ngx.var.host then + ngx.var.active_upstream = "https://"..ngx.req.get_uri_args()["server"]..ngx.var.request_uri + end + end'; + proxy_pass $active_upstream; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + } +} + +server { + listen unix:/opt/pg/tmp/sal-rest.socket; + + # debug socket + listen 127.0.0.1:9080; + + location / { + set $active_upstream ""; + access_by_lua 'ngx.var.active_upstream = find_next(ngx.shared.rest_servers, <%= @rest_port %>)'; + proxy_pass http://$active_upstream:<%= @rest_port %>; + } + + location /_debug/rest_servers { + access_by_lua 'find_next(ngx.shared.rest_servers, <%= @rest_port %>)'; + content_by_lua ' + for _, ip in pairs(ngx.shared.rest_servers:get_keys()) do + ngx.say(ip.."="..ngx.shared.rest_servers:get(ip)) + end + '; + } + + location /_debug/tc_servers { + access_by_lua 'find_next(ngx.shared.tc_servers, 12349)'; + content_by_lua ' + for _, ip in pairs(ngx.shared.tc_servers:get_keys()) do + ngx.say(ip.."="..ngx.shared.tc_servers:get(ip)) + end + '; + } +} diff --git a/deployment_scripts/puppet/modules/sal/templates/keepalived.conf.erb b/deployment_scripts/puppet/modules/sal/templates/keepalived.conf.erb new file mode 100644 index 0000000..f64caeb --- /dev/null +++ b/deployment_scripts/puppet/modules/sal/templates/keepalived.conf.erb @@ -0,0 +1,30 @@ +global_defs { + router_id <%= @hostname %> +} + +vrrp_script chk_nginx { + script "killall -0 nginx" + interval 2 +} + +vrrp_instance nos { + virtual_router_id <%= @keepalived_router_id %> + + # for electing MASTER, highest priority wins. + priority <%= @keepalived_priority %> + state BACKUP + nopreempt + + interface <%= @mgmt_dev %> + + virtual_ipaddress { + <%= @virtual_ip %> dev <%= @mgmt_dev %> label <%= @mgmt_dev %>:1 + } + track_script { + chk_nginx + } + authentication { + auth_type PASS + auth_pass <%= @keepalived_password %> + } +} diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml new file mode 100644 index 0000000..2d9a37a --- /dev/null +++ b/deployment_tasks.yaml @@ -0,0 +1,115 @@ +- id: PLUMgrid-Gateway + type: group + role: [PLUMgrid-Gateway] + tasks: [hiera, globals, logging, tools, netconfig] + required_for: [deploy_end] + requires: [deploy_start] + parameters: + strategy: + type: parallel + +- id: pgtools-support + role: ['controller', 'primary-controller'] + required_for: [post_deployment_end] + requires: [post_deployment_start] + type: puppet + parameters: + puppet_manifest: puppet/manifests/tools.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: check-pgzone + role: ['controller', 'compute', 'PLUMgrid-Gateway', 'primary-controller'] + required_for: [post_deployment_end, pg_common] + requires: [post_deployment_start] + type: puppet + parameters: + puppet_manifest: puppet/manifests/pre_deployment.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 720 + +- id: pg_common + role: ['controller', 'compute', 'PLUMgrid-Gateway', 'primary-controller'] + required_for: [post_deployment_end, pg_fabric] + requires: [post_deployment_start, check-pgzone] + type: puppet + parameters: + puppet_manifest: puppet/manifests/pg_common.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: pg_os_version + role: ['controller', 'primary-controller'] + required_for: [post_deployment_end, setup-director] + requires: [post_deployment_start, pg_common] + type: shell + parameters: + cmd: bash pg_os_version.sh + timeout: 3000 + +- id: pg_fabric + role: ['controller', 'compute', 'PLUMgrid-Gateway', 'primary-controller'] + required_for: [post_deployment_end, setup-director] + requires: [post_deployment_start, pg_common] + type: shell + parameters: + cmd: bash plumgrid_fabric.sh + timeout: 3000 + +- id: setup-director + role: ['controller', 'primary-controller'] + required_for: [post_deployment_end, director-fixes] + requires: [post_deployment_start, pg_os_version, pg_fabric] + type: puppet + parameters: + puppet_manifest: puppet/manifests/director.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: director-fixes + role: ['controller', 'primary-controller'] + required_for: [post_deployment_end, post_pg_license] + requires: [post_deployment_start, setup-director] + type: puppet + parameters: + puppet_manifest: puppet/manifests/director_fixes.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: post_pg_license + role: ['primary-controller'] + required_for: [post_deployment_end, setup-edge, setup-gateway] + requires: [post_deployment_start, director-fixes] + type: shell + parameters: + cmd: bash post_pg_license.sh + timeout: 3000 + +- id: setup-edge + role: ['compute'] + required_for: [post_deployment_end] + requires: [post_deployment_start, post_pg_license] + type: puppet + parameters: + puppet_manifest: puppet/manifests/edge.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: setup-gateway + role: ['PLUMgrid-Gateway'] + required_for: [post_deployment_end, cleanup_os] + requires: [post_deployment_start, post_pg_license] + type: puppet + parameters: + puppet_manifest: puppet/manifests/gateway.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3000 + +- id: cleanup_os + role: ['primary-controller'] + required_for: [post_deployment_end] + requires: [post_deployment_start, setup-gateway] + type: shell + parameters: + cmd: bash cleanup_os.sh + timeout: 3000 diff --git a/environment_config.yaml b/environment_config.yaml new file mode 100644 index 0000000..9de2800 --- /dev/null +++ b/environment_config.yaml @@ -0,0 +1,77 @@ +attributes: + metadata: + restrictions: + - condition: "not (cluster:net_provider == 'neutron' and networking_parameters:segmentation_type == 'vlan')" + message: "Please use Neutron with VLAN segmentation, the only network type supported with PLUMgrid plugin." + plumgrid_username: + value: "plumgrid" + label: "Enter the username for PLUMgrid" + description: "Enter the default username for accessing PLUMgrid" + weight: 25 + type: "text" + regex: + source: '^\S+$' + error: "username cannot be empty or contain spaces" + plumgrid_password: + value: "plumgrid" + label: "Enter the password for PLUMgrid" + description: "Enter the default password for accessing PLUMgrid" + weight: 26 + type: "password" + regex: + source: '^\S+$' + error: "password cannot be empty or contain spaces" + plumgrid_package_repo: + value: '' + label: 'Repository for PLUMgrid packages' + description: 'The IP address for PLUMgrid LCM' + weight: 45 + type: "text" + regex: + source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$' + error: "Invalid IP address" + plumgrid_zone: + value: "" + label: "Enter the zone name for PLUMgrid LCM" + description: "Enter the zone name configured on the PLUMgrid LCM" + weight: 55 + type: "text" + regex: + source: '^\S+$' + error: "Zone name cannot be empty or contain spaces" + plumgrid_license: + value: "" + label: "Enter the license for PLUMgrid" + description: "Enter the license that will be used by the PLUMgrid platform" + weight: 65 + type: "text" + regex: + source: '^\S+$' + error: "License field cannot be empty or contain spaces" + gateway_devs: + value: "" + label: "Enter the interface(s) to be used by GW" + description: "Provide comma separated interfaces that will be used for external connectivity by the PLUMgrid gateway (eg. eth3,eth4)" + weight: 75 + type: "text" + regex: + source: '^(\S+,?\s*)+$' + error: "One or more comma seperated gateway interfaces must be entered (eg. eth3,eth4)" + plumgrid_virtual_ip: + value: '' + label: 'PLUMgrid VIP to access the PLUMgrid console' + description: 'The IP address for PLUMgrid console' + weight: 30 + type: "text" + regex: + source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$' + error: "Invalid IP address" + plumgrid_fabric_network: + value: '' + label: 'Enter the PLUMgrid Fabric Network' + description: 'Enter the network that will be used by PLUMgrid Fabric (no need to enter subnet)' + weight: 32 + type: "text" + regex: + source: '^((?:\d|1?\d\d|2[0-4]\d|25[0-5])(?:\.(?:\d|1?\d\d|2[0-4]\d|25[0-5])){3})|(?:^)$' + error: "Invalid IP address" diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..2f7c368 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,26 @@ +# Plugin name +name: plumgrid +# Human-readable name for your plugin +title: PLUMgrid plugin +# Plugin version +version: '1.0.0' +# Description +description: This plugin enables the usage of PLUMgrid ONS as the network backend. +# Required fuel version +fuel_version: ['7.0'] +# Specify license of your plugin +licenses: ['Apache License Version 2.0'] +authors: ['javeriak@plumgrid.com', 'abdullah.khan@plumgrid.com'] +homepage: 'https://github.com/openstack/fuel-plugin-plumgrid' +groups: ['network'] + +# The plugin is compatible with releases in the list +releases: + - os: ubuntu + version: 2015.1.0-7.0 + mode: ['ha', 'multinode'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/ubuntu + +# Version of plugin package +package_version: '3.0.0' diff --git a/network_roles.yaml b/network_roles.yaml new file mode 100644 index 0000000..959d15f --- /dev/null +++ b/network_roles.yaml @@ -0,0 +1,6 @@ +- id: "fabric" + default_mapping: "management" + properties: + subnet: true + gateway: false + vip: [] diff --git a/node_roles.yaml b/node_roles.yaml new file mode 100644 index 0000000..f292b97 --- /dev/null +++ b/node_roles.yaml @@ -0,0 +1,7 @@ +PLUMgrid-Gateway: + name: "PLUMgrid-Gateway" + description: "External Connectivity using PLUMgrid" + conflicts: + - compute + limits: + min: 1 diff --git a/pre_build_hook b/pre_build_hook new file mode 100755 index 0000000..dc05e98 --- /dev/null +++ b/pre_build_hook @@ -0,0 +1,5 @@ +#!/bin/bash + +# Add here any the actions which are required before plugin build +# like packages building, packages downloading from mirrors and so on. +# The script should return 0 if there were no errors. diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..75e743a --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,6 @@ +- role: '*' + stage: pre_deployment + type: shell + parameters: + cmd: echo OK + timeout: 30 diff --git a/volumes.yaml b/volumes.yaml new file mode 100644 index 0000000..13653b1 --- /dev/null +++ b/volumes.yaml @@ -0,0 +1,5 @@ +volumes_roles_mapping: + PG-GW: + - {allocate_size: "min", id: "os"} + - {allocate_size: "all", id: "vm"} +volumes: []