From 1d3409e381af59a6365d90e1721e8865929aac3a Mon Sep 17 00:00:00 2001 From: Dmitry Shulyak Date: Wed, 11 Nov 2015 15:26:18 +0200 Subject: [PATCH] Save generated resources with inputs --- f2s/resources/apache/actions/run.pp | 13 + f2s/resources/apache/meta.yaml | 12 + f2s/resources/api-proxy/actions/run.pp | 16 + f2s/resources/api-proxy/meta.yaml | 16 + .../ceilometer-compute/actions/run.pp | 59 +++ f2s/resources/ceilometer-compute/meta.yaml | 10 + .../ceilometer-controller/actions/run.pp | 111 ++++++ f2s/resources/ceilometer-controller/meta.yaml | 44 +++ .../ceilometer-keystone/actions/run.pp | 41 +++ f2s/resources/ceilometer-keystone/meta.yaml | 20 ++ .../ceilometer-radosgw-user/actions/run.pp | 20 ++ .../ceilometer-radosgw-user/meta.yaml | 14 + f2s/resources/ceph-compute/actions/run.pp | 97 +++++ f2s/resources/ceph-compute/meta.yaml | 10 + f2s/resources/ceph-mon/actions/run.pp | 95 +++++ f2s/resources/ceph-mon/meta.yaml | 32 ++ f2s/resources/ceph-radosgw/actions/run.pp | 103 ++++++ f2s/resources/ceph-radosgw/meta.yaml | 26 ++ .../ceph_create_pools/actions/run.pp | 80 +++++ f2s/resources/ceph_create_pools/meta.yaml | 12 + f2s/resources/cinder-db/actions/run.pp | 53 +++ f2s/resources/cinder-db/meta.yaml | 20 ++ f2s/resources/cinder-keystone/actions/run.pp | 51 +++ f2s/resources/cinder-keystone/meta.yaml | 20 ++ f2s/resources/cluster-haproxy/actions/run.pp | 20 ++ f2s/resources/cluster-haproxy/meta.yaml | 24 ++ f2s/resources/cluster-vrouter/actions/run.pp | 7 + f2s/resources/cluster-vrouter/meta.yaml | 12 + f2s/resources/cluster/actions/run.pp | 49 +++ f2s/resources/cluster/meta.yaml | 16 + f2s/resources/cluster_health/actions/run.pp | 20 ++ f2s/resources/cluster_health/meta.yaml | 24 ++ .../configure_default_route/actions/run.pp | 11 + .../configure_default_route/meta.yaml | 10 + .../connectivity_tests/actions/run.pp | 5 + f2s/resources/connectivity_tests/meta.yaml | 12 + f2s/resources/conntrackd/actions/run.pp | 79 ++++ f2s/resources/conntrackd/meta.yaml | 14 + .../controller_remaining_tasks/actions/run.pp | 49 +++ .../controller_remaining_tasks/meta.yaml | 16 + f2s/resources/database/actions/run.pp | 132 +++++++ f2s/resources/database/meta.yaml | 30 ++ .../actions/run.pp | 41 +++ .../disable_keystone_service_token/meta.yaml | 12 + f2s/resources/dns-client/actions/run.pp | 8 + f2s/resources/dns-client/meta.yaml | 12 + f2s/resources/dns-server/actions/run.pp | 16 + f2s/resources/dns-server/meta.yaml | 18 + .../dump_rabbitmq_definitions/actions/run.pp | 28 ++ .../dump_rabbitmq_definitions/meta.yaml | 12 + .../actions/run.pp | 10 + .../enable_cinder_volume_service/meta.yaml | 10 + .../actions/run.pp | 10 + .../enable_nova_compute_service/meta.yaml | 10 + f2s/resources/enable_rados/actions/run.pp | 17 + f2s/resources/enable_rados/meta.yaml | 10 + f2s/resources/firewall/actions/run.pp | 132 +++++++ f2s/resources/firewall/meta.yaml | 16 + f2s/resources/fuel_pkgs/actions/run.pp | 10 + f2s/resources/fuel_pkgs/meta.yaml | 10 + f2s/resources/generate_vms/actions/run.pp | 49 +++ f2s/resources/generate_vms/meta.yaml | 10 + f2s/resources/glance-db/actions/run.pp | 53 +++ f2s/resources/glance-db/meta.yaml | 22 ++ f2s/resources/glance-keystone/actions/run.pp | 42 +++ f2s/resources/glance-keystone/meta.yaml | 20 ++ f2s/resources/glance/actions/run.pp | 128 +++++++ f2s/resources/glance/meta.yaml | 46 +++ f2s/resources/globals/actions/run.pp | 293 +++++++++++++++ f2s/resources/globals/meta.yaml | 124 +++++++ f2s/resources/heat-db/actions/run.pp | 53 +++ f2s/resources/heat-db/meta.yaml | 20 ++ f2s/resources/heat-keystone/actions/run.pp | 59 +++ f2s/resources/heat-keystone/meta.yaml | 20 ++ f2s/resources/heat/actions/run.pp | 156 ++++++++ f2s/resources/heat/meta.yaml | 52 +++ f2s/resources/hiera/actions/run.pp | 75 ++++ f2s/resources/hiera/meta.yaml | 8 + f2s/resources/horizon/actions/run.pp | 68 ++++ f2s/resources/horizon/meta.yaml | 44 +++ f2s/resources/hosts/actions/run.pp | 5 + f2s/resources/hosts/meta.yaml | 10 + f2s/resources/ironic-api/actions/run.pp | 61 ++++ f2s/resources/ironic-api/meta.yaml | 8 + f2s/resources/ironic-compute/actions/run.pp | 98 +++++ f2s/resources/ironic-compute/meta.yaml | 10 + f2s/resources/ironic-conductor/actions/run.pp | 121 +++++++ f2s/resources/ironic-conductor/meta.yaml | 10 + f2s/resources/ironic-db/actions/run.pp | 51 +++ f2s/resources/ironic-db/meta.yaml | 20 ++ f2s/resources/ironic-keystone/actions/run.pp | 39 ++ f2s/resources/ironic-keystone/meta.yaml | 20 ++ f2s/resources/keystone-db/actions/run.pp | 54 +++ f2s/resources/keystone-db/meta.yaml | 22 ++ f2s/resources/keystone/actions/run.pp | 236 ++++++++++++ f2s/resources/keystone/meta.yaml | 74 ++++ f2s/resources/logging/actions/run.pp | 67 ++++ f2s/resources/logging/meta.yaml | 24 ++ f2s/resources/memcached/actions/run.pp | 8 + f2s/resources/memcached/meta.yaml | 12 + f2s/resources/murano-db/actions/run.pp | 57 +++ f2s/resources/murano-db/meta.yaml | 22 ++ f2s/resources/murano-keystone/actions/run.pp | 36 ++ f2s/resources/murano-keystone/meta.yaml | 22 ++ f2s/resources/murano/actions/run.pp | 163 +++++++++ f2s/resources/murano/meta.yaml | 56 +++ f2s/resources/netconfig/actions/run.pp | 106 ++++++ f2s/resources/netconfig/meta.yaml | 24 ++ f2s/resources/neutron-db/actions/run.pp | 59 +++ f2s/resources/neutron-db/meta.yaml | 26 ++ f2s/resources/neutron-keystone/actions/run.pp | 50 +++ f2s/resources/neutron-keystone/meta.yaml | 22 ++ f2s/resources/nova-db/actions/run.pp | 53 +++ f2s/resources/nova-db/meta.yaml | 20 ++ f2s/resources/nova-keystone/actions/run.pp | 56 +++ f2s/resources/nova-keystone/meta.yaml | 20 ++ f2s/resources/ntp-check/actions/run.pp | 6 + f2s/resources/ntp-check/meta.yaml | 12 + f2s/resources/ntp-client/actions/run.pp | 26 ++ f2s/resources/ntp-client/meta.yaml | 10 + f2s/resources/ntp-server/actions/run.pp | 31 ++ f2s/resources/ntp-server/meta.yaml | 12 + f2s/resources/openstack-cinder/actions/run.pp | 107 ++++++ f2s/resources/openstack-cinder/meta.yaml | 56 +++ .../openstack-controller/actions/run.pp | 233 ++++++++++++ f2s/resources/openstack-controller/meta.yaml | 110 ++++++ .../actions/run.pp | 23 ++ .../openstack-haproxy-ceilometer/meta.yaml | 16 + .../openstack-haproxy-cinder/actions/run.pp | 24 ++ .../openstack-haproxy-cinder/meta.yaml | 26 ++ .../openstack-haproxy-glance/actions/run.pp | 26 ++ .../openstack-haproxy-glance/meta.yaml | 24 ++ .../openstack-haproxy-heat/actions/run.pp | 24 ++ .../openstack-haproxy-heat/meta.yaml | 26 ++ .../openstack-haproxy-horizon/actions/run.pp | 24 ++ .../openstack-haproxy-horizon/meta.yaml | 26 ++ .../openstack-haproxy-ironic/actions/run.pp | 22 ++ .../openstack-haproxy-ironic/meta.yaml | 8 + .../openstack-haproxy-keystone/actions/run.pp | 29 ++ .../openstack-haproxy-keystone/meta.yaml | 28 ++ .../openstack-haproxy-murano/actions/run.pp | 24 ++ .../openstack-haproxy-murano/meta.yaml | 18 + .../openstack-haproxy-mysqld/actions/run.pp | 31 ++ .../openstack-haproxy-mysqld/meta.yaml | 32 ++ .../openstack-haproxy-neutron/actions/run.pp | 22 ++ .../openstack-haproxy-neutron/meta.yaml | 24 ++ .../openstack-haproxy-nova/actions/run.pp | 25 ++ .../openstack-haproxy-nova/meta.yaml | 24 ++ .../openstack-haproxy-radosgw/actions/run.pp | 34 ++ .../openstack-haproxy-radosgw/meta.yaml | 16 + .../openstack-haproxy-sahara/actions/run.pp | 24 ++ .../openstack-haproxy-sahara/meta.yaml | 18 + .../openstack-haproxy-stats/actions/run.pp | 7 + .../openstack-haproxy-stats/meta.yaml | 16 + .../openstack-haproxy-swift/actions/run.pp | 37 ++ .../openstack-haproxy-swift/meta.yaml | 28 ++ .../openstack-haproxy/actions/run.pp | 3 + f2s/resources/openstack-haproxy/meta.yaml | 10 + .../actions/run.pp | 39 ++ .../openstack-network-agents-dhcp/meta.yaml | 18 + .../actions/run.pp | 59 +++ .../openstack-network-agents-l3/meta.yaml | 20 ++ .../actions/run.pp | 57 +++ .../meta.yaml | 28 ++ .../actions/run.pp | 110 ++++++ .../openstack-network-common-config/meta.yaml | 34 ++ .../actions/run.pp | 267 ++++++++++++++ .../openstack-network-compute-nova/meta.yaml | 10 + .../openstack-network-networks/actions/run.pp | 106 ++++++ .../openstack-network-networks/meta.yaml | 18 + .../actions/run.pp | 171 +++++++++ .../openstack-network-plugins-l2/meta.yaml | 26 ++ .../openstack-network-routers/actions/run.pp | 32 ++ .../openstack-network-routers/meta.yaml | 18 + .../actions/run.pp | 95 +++++ .../openstack-network-server-config/meta.yaml | 30 ++ .../actions/run.pp | 81 +++++ .../openstack-network-server-nova/meta.yaml | 22 ++ f2s/resources/pre_hiera_config/actions/run.pp | 75 ++++ f2s/resources/pre_hiera_config/meta.yaml | 8 + f2s/resources/public_vip_ping/actions/run.pp | 17 + f2s/resources/public_vip_ping/meta.yaml | 14 + f2s/resources/rabbitmq/actions/run.pp | 165 +++++++++ f2s/resources/rabbitmq/meta.yaml | 40 +++ f2s/resources/sahara-db/actions/run.pp | 57 +++ f2s/resources/sahara-db/meta.yaml | 22 ++ f2s/resources/sahara-keystone/actions/run.pp | 34 ++ f2s/resources/sahara-keystone/meta.yaml | 20 ++ f2s/resources/sahara/actions/run.pp | 156 ++++++++ f2s/resources/sahara/meta.yaml | 52 +++ .../ssl-add-trust-chain/actions/run.pp | 42 +++ f2s/resources/ssl-add-trust-chain/meta.yaml | 14 + f2s/resources/ssl-keys-saving/actions/run.pp | 22 ++ f2s/resources/ssl-keys-saving/meta.yaml | 12 + f2s/resources/swift-keystone/actions/run.pp | 45 +++ f2s/resources/swift-keystone/meta.yaml | 20 ++ .../swift-rebalance-cron/actions/run.pp | 24 ++ f2s/resources/swift-rebalance-cron/meta.yaml | 20 ++ f2s/resources/swift/actions/run.pp | 147 ++++++++ f2s/resources/swift/meta.yaml | 60 ++++ f2s/resources/tools/actions/run.pp | 42 +++ f2s/resources/tools/meta.yaml | 14 + .../top-role-ceph-osd/actions/run.pp | 57 +++ f2s/resources/top-role-ceph-osd/meta.yaml | 10 + .../top-role-cinder-vmware/actions/run.pp | 11 + .../top-role-cinder-vmware/meta.yaml | 10 + f2s/resources/top-role-cinder/actions/run.pp | 308 ++++++++++++++++ f2s/resources/top-role-cinder/meta.yaml | 10 + .../top-role-compute-vmware/actions/run.pp | 18 + .../top-role-compute-vmware/meta.yaml | 10 + f2s/resources/top-role-compute/actions/run.pp | 339 ++++++++++++++++++ f2s/resources/top-role-compute/meta.yaml | 10 + f2s/resources/top-role-mongo/actions/run.pp | 32 ++ f2s/resources/top-role-mongo/meta.yaml | 10 + .../top-role-primary-mongo/actions/run.pp | 32 ++ .../top-role-primary-mongo/meta.yaml | 10 + f2s/resources/umm/actions/run.pp | 3 + f2s/resources/umm/meta.yaml | 10 + f2s/resources/update_hosts/actions/run.pp | 5 + f2s/resources/update_hosts/meta.yaml | 10 + f2s/resources/updatedb/actions/run.pp | 21 ++ f2s/resources/updatedb/meta.yaml | 12 + f2s/resources/virtual_ips/actions/run.pp | 3 + f2s/resources/virtual_ips/meta.yaml | 14 + f2s/resources/vmware-vcenter/actions/run.pp | 19 + f2s/resources/vmware-vcenter/meta.yaml | 24 ++ .../workloads_collector_add/actions/run.pp | 21 ++ .../workloads_collector_add/meta.yaml | 14 + requirements.txt | 4 +- 229 files changed, 9681 insertions(+), 2 deletions(-) create mode 100644 f2s/resources/apache/actions/run.pp create mode 100644 f2s/resources/apache/meta.yaml create mode 100644 f2s/resources/api-proxy/actions/run.pp create mode 100644 f2s/resources/api-proxy/meta.yaml create mode 100644 f2s/resources/ceilometer-compute/actions/run.pp create mode 100644 f2s/resources/ceilometer-compute/meta.yaml create mode 100644 f2s/resources/ceilometer-controller/actions/run.pp create mode 100644 f2s/resources/ceilometer-controller/meta.yaml create mode 100644 f2s/resources/ceilometer-keystone/actions/run.pp create mode 100644 f2s/resources/ceilometer-keystone/meta.yaml create mode 100644 f2s/resources/ceilometer-radosgw-user/actions/run.pp create mode 100644 f2s/resources/ceilometer-radosgw-user/meta.yaml create mode 100644 f2s/resources/ceph-compute/actions/run.pp create mode 100644 f2s/resources/ceph-compute/meta.yaml create mode 100644 f2s/resources/ceph-mon/actions/run.pp create mode 100644 f2s/resources/ceph-mon/meta.yaml create mode 100644 f2s/resources/ceph-radosgw/actions/run.pp create mode 100644 f2s/resources/ceph-radosgw/meta.yaml create mode 100644 f2s/resources/ceph_create_pools/actions/run.pp create mode 100644 f2s/resources/ceph_create_pools/meta.yaml create mode 100644 f2s/resources/cinder-db/actions/run.pp create mode 100644 f2s/resources/cinder-db/meta.yaml create mode 100644 f2s/resources/cinder-keystone/actions/run.pp create mode 100644 f2s/resources/cinder-keystone/meta.yaml create mode 100644 f2s/resources/cluster-haproxy/actions/run.pp create mode 100644 f2s/resources/cluster-haproxy/meta.yaml create mode 100644 f2s/resources/cluster-vrouter/actions/run.pp create mode 100644 f2s/resources/cluster-vrouter/meta.yaml create mode 100644 f2s/resources/cluster/actions/run.pp create mode 100644 f2s/resources/cluster/meta.yaml create mode 100644 f2s/resources/cluster_health/actions/run.pp create mode 100644 f2s/resources/cluster_health/meta.yaml create mode 100644 f2s/resources/configure_default_route/actions/run.pp create mode 100644 f2s/resources/configure_default_route/meta.yaml create mode 100644 f2s/resources/connectivity_tests/actions/run.pp create mode 100644 f2s/resources/connectivity_tests/meta.yaml create mode 100644 f2s/resources/conntrackd/actions/run.pp create mode 100644 f2s/resources/conntrackd/meta.yaml create mode 100644 f2s/resources/controller_remaining_tasks/actions/run.pp create mode 100644 f2s/resources/controller_remaining_tasks/meta.yaml create mode 100644 f2s/resources/database/actions/run.pp create mode 100644 f2s/resources/database/meta.yaml create mode 100644 f2s/resources/disable_keystone_service_token/actions/run.pp create mode 100644 f2s/resources/disable_keystone_service_token/meta.yaml create mode 100644 f2s/resources/dns-client/actions/run.pp create mode 100644 f2s/resources/dns-client/meta.yaml create mode 100644 f2s/resources/dns-server/actions/run.pp create mode 100644 f2s/resources/dns-server/meta.yaml create mode 100644 f2s/resources/dump_rabbitmq_definitions/actions/run.pp create mode 100644 f2s/resources/dump_rabbitmq_definitions/meta.yaml create mode 100644 f2s/resources/enable_cinder_volume_service/actions/run.pp create mode 100644 f2s/resources/enable_cinder_volume_service/meta.yaml create mode 100644 f2s/resources/enable_nova_compute_service/actions/run.pp create mode 100644 f2s/resources/enable_nova_compute_service/meta.yaml create mode 100644 f2s/resources/enable_rados/actions/run.pp create mode 100644 f2s/resources/enable_rados/meta.yaml create mode 100644 f2s/resources/firewall/actions/run.pp create mode 100644 f2s/resources/firewall/meta.yaml create mode 100644 f2s/resources/fuel_pkgs/actions/run.pp create mode 100644 f2s/resources/fuel_pkgs/meta.yaml create mode 100644 f2s/resources/generate_vms/actions/run.pp create mode 100644 f2s/resources/generate_vms/meta.yaml create mode 100644 f2s/resources/glance-db/actions/run.pp create mode 100644 f2s/resources/glance-db/meta.yaml create mode 100644 f2s/resources/glance-keystone/actions/run.pp create mode 100644 f2s/resources/glance-keystone/meta.yaml create mode 100644 f2s/resources/glance/actions/run.pp create mode 100644 f2s/resources/glance/meta.yaml create mode 100644 f2s/resources/globals/actions/run.pp create mode 100644 f2s/resources/globals/meta.yaml create mode 100644 f2s/resources/heat-db/actions/run.pp create mode 100644 f2s/resources/heat-db/meta.yaml create mode 100644 f2s/resources/heat-keystone/actions/run.pp create mode 100644 f2s/resources/heat-keystone/meta.yaml create mode 100644 f2s/resources/heat/actions/run.pp create mode 100644 f2s/resources/heat/meta.yaml create mode 100644 f2s/resources/hiera/actions/run.pp create mode 100644 f2s/resources/hiera/meta.yaml create mode 100644 f2s/resources/horizon/actions/run.pp create mode 100644 f2s/resources/horizon/meta.yaml create mode 100644 f2s/resources/hosts/actions/run.pp create mode 100644 f2s/resources/hosts/meta.yaml create mode 100644 f2s/resources/ironic-api/actions/run.pp create mode 100644 f2s/resources/ironic-api/meta.yaml create mode 100644 f2s/resources/ironic-compute/actions/run.pp create mode 100644 f2s/resources/ironic-compute/meta.yaml create mode 100644 f2s/resources/ironic-conductor/actions/run.pp create mode 100644 f2s/resources/ironic-conductor/meta.yaml create mode 100644 f2s/resources/ironic-db/actions/run.pp create mode 100644 f2s/resources/ironic-db/meta.yaml create mode 100644 f2s/resources/ironic-keystone/actions/run.pp create mode 100644 f2s/resources/ironic-keystone/meta.yaml create mode 100644 f2s/resources/keystone-db/actions/run.pp create mode 100644 f2s/resources/keystone-db/meta.yaml create mode 100644 f2s/resources/keystone/actions/run.pp create mode 100644 f2s/resources/keystone/meta.yaml create mode 100644 f2s/resources/logging/actions/run.pp create mode 100644 f2s/resources/logging/meta.yaml create mode 100644 f2s/resources/memcached/actions/run.pp create mode 100644 f2s/resources/memcached/meta.yaml create mode 100644 f2s/resources/murano-db/actions/run.pp create mode 100644 f2s/resources/murano-db/meta.yaml create mode 100644 f2s/resources/murano-keystone/actions/run.pp create mode 100644 f2s/resources/murano-keystone/meta.yaml create mode 100644 f2s/resources/murano/actions/run.pp create mode 100644 f2s/resources/murano/meta.yaml create mode 100644 f2s/resources/netconfig/actions/run.pp create mode 100644 f2s/resources/netconfig/meta.yaml create mode 100644 f2s/resources/neutron-db/actions/run.pp create mode 100644 f2s/resources/neutron-db/meta.yaml create mode 100644 f2s/resources/neutron-keystone/actions/run.pp create mode 100644 f2s/resources/neutron-keystone/meta.yaml create mode 100644 f2s/resources/nova-db/actions/run.pp create mode 100644 f2s/resources/nova-db/meta.yaml create mode 100644 f2s/resources/nova-keystone/actions/run.pp create mode 100644 f2s/resources/nova-keystone/meta.yaml create mode 100644 f2s/resources/ntp-check/actions/run.pp create mode 100644 f2s/resources/ntp-check/meta.yaml create mode 100644 f2s/resources/ntp-client/actions/run.pp create mode 100644 f2s/resources/ntp-client/meta.yaml create mode 100644 f2s/resources/ntp-server/actions/run.pp create mode 100644 f2s/resources/ntp-server/meta.yaml create mode 100644 f2s/resources/openstack-cinder/actions/run.pp create mode 100644 f2s/resources/openstack-cinder/meta.yaml create mode 100644 f2s/resources/openstack-controller/actions/run.pp create mode 100644 f2s/resources/openstack-controller/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-ceilometer/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-ceilometer/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-cinder/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-cinder/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-glance/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-glance/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-heat/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-heat/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-horizon/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-horizon/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-ironic/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-ironic/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-keystone/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-keystone/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-murano/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-murano/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-mysqld/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-mysqld/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-neutron/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-neutron/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-nova/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-nova/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-radosgw/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-radosgw/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-sahara/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-sahara/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-stats/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-stats/meta.yaml create mode 100644 f2s/resources/openstack-haproxy-swift/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy-swift/meta.yaml create mode 100644 f2s/resources/openstack-haproxy/actions/run.pp create mode 100644 f2s/resources/openstack-haproxy/meta.yaml create mode 100644 f2s/resources/openstack-network-agents-dhcp/actions/run.pp create mode 100644 f2s/resources/openstack-network-agents-dhcp/meta.yaml create mode 100644 f2s/resources/openstack-network-agents-l3/actions/run.pp create mode 100644 f2s/resources/openstack-network-agents-l3/meta.yaml create mode 100644 f2s/resources/openstack-network-agents-metadata/actions/run.pp create mode 100644 f2s/resources/openstack-network-agents-metadata/meta.yaml create mode 100644 f2s/resources/openstack-network-common-config/actions/run.pp create mode 100644 f2s/resources/openstack-network-common-config/meta.yaml create mode 100644 f2s/resources/openstack-network-compute-nova/actions/run.pp create mode 100644 f2s/resources/openstack-network-compute-nova/meta.yaml create mode 100644 f2s/resources/openstack-network-networks/actions/run.pp create mode 100644 f2s/resources/openstack-network-networks/meta.yaml create mode 100644 f2s/resources/openstack-network-plugins-l2/actions/run.pp create mode 100644 f2s/resources/openstack-network-plugins-l2/meta.yaml create mode 100644 f2s/resources/openstack-network-routers/actions/run.pp create mode 100644 f2s/resources/openstack-network-routers/meta.yaml create mode 100644 f2s/resources/openstack-network-server-config/actions/run.pp create mode 100644 f2s/resources/openstack-network-server-config/meta.yaml create mode 100644 f2s/resources/openstack-network-server-nova/actions/run.pp create mode 100644 f2s/resources/openstack-network-server-nova/meta.yaml create mode 100644 f2s/resources/pre_hiera_config/actions/run.pp create mode 100644 f2s/resources/pre_hiera_config/meta.yaml create mode 100644 f2s/resources/public_vip_ping/actions/run.pp create mode 100644 f2s/resources/public_vip_ping/meta.yaml create mode 100644 f2s/resources/rabbitmq/actions/run.pp create mode 100644 f2s/resources/rabbitmq/meta.yaml create mode 100644 f2s/resources/sahara-db/actions/run.pp create mode 100644 f2s/resources/sahara-db/meta.yaml create mode 100644 f2s/resources/sahara-keystone/actions/run.pp create mode 100644 f2s/resources/sahara-keystone/meta.yaml create mode 100644 f2s/resources/sahara/actions/run.pp create mode 100644 f2s/resources/sahara/meta.yaml create mode 100644 f2s/resources/ssl-add-trust-chain/actions/run.pp create mode 100644 f2s/resources/ssl-add-trust-chain/meta.yaml create mode 100644 f2s/resources/ssl-keys-saving/actions/run.pp create mode 100644 f2s/resources/ssl-keys-saving/meta.yaml create mode 100644 f2s/resources/swift-keystone/actions/run.pp create mode 100644 f2s/resources/swift-keystone/meta.yaml create mode 100644 f2s/resources/swift-rebalance-cron/actions/run.pp create mode 100644 f2s/resources/swift-rebalance-cron/meta.yaml create mode 100644 f2s/resources/swift/actions/run.pp create mode 100644 f2s/resources/swift/meta.yaml create mode 100644 f2s/resources/tools/actions/run.pp create mode 100644 f2s/resources/tools/meta.yaml create mode 100644 f2s/resources/top-role-ceph-osd/actions/run.pp create mode 100644 f2s/resources/top-role-ceph-osd/meta.yaml create mode 100644 f2s/resources/top-role-cinder-vmware/actions/run.pp create mode 100644 f2s/resources/top-role-cinder-vmware/meta.yaml create mode 100644 f2s/resources/top-role-cinder/actions/run.pp create mode 100644 f2s/resources/top-role-cinder/meta.yaml create mode 100644 f2s/resources/top-role-compute-vmware/actions/run.pp create mode 100644 f2s/resources/top-role-compute-vmware/meta.yaml create mode 100644 f2s/resources/top-role-compute/actions/run.pp create mode 100644 f2s/resources/top-role-compute/meta.yaml create mode 100644 f2s/resources/top-role-mongo/actions/run.pp create mode 100644 f2s/resources/top-role-mongo/meta.yaml create mode 100644 f2s/resources/top-role-primary-mongo/actions/run.pp create mode 100644 f2s/resources/top-role-primary-mongo/meta.yaml create mode 100644 f2s/resources/umm/actions/run.pp create mode 100644 f2s/resources/umm/meta.yaml create mode 100644 f2s/resources/update_hosts/actions/run.pp create mode 100644 f2s/resources/update_hosts/meta.yaml create mode 100644 f2s/resources/updatedb/actions/run.pp create mode 100644 f2s/resources/updatedb/meta.yaml create mode 100644 f2s/resources/virtual_ips/actions/run.pp create mode 100644 f2s/resources/virtual_ips/meta.yaml create mode 100644 f2s/resources/vmware-vcenter/actions/run.pp create mode 100644 f2s/resources/vmware-vcenter/meta.yaml create mode 100644 f2s/resources/workloads_collector_add/actions/run.pp create mode 100644 f2s/resources/workloads_collector_add/meta.yaml diff --git a/f2s/resources/apache/actions/run.pp b/f2s/resources/apache/actions/run.pp new file mode 100644 index 00000000..f1dbfb9c --- /dev/null +++ b/f2s/resources/apache/actions/run.pp @@ -0,0 +1,13 @@ +notice('MODULAR: apache.pp') + +# adjustments to defaults for LP#1485644 for scale +sysctl::value { 'net.core.somaxconn': value => '4096' } +sysctl::value { 'net.ipv4.tcp_max_syn_backlog': value => '8192' } + +class { 'osnailyfacter::apache': + purge_configs => true, + listen_ports => hiera_array('apache_ports', ['80', '8888']), +} + +include ::osnailyfacter::apache_mpm + diff --git a/f2s/resources/apache/meta.yaml b/f2s/resources/apache/meta.yaml new file mode 100644 index 00000000..8a642df7 --- /dev/null +++ b/f2s/resources/apache/meta.yaml @@ -0,0 +1,12 @@ +id: apache +handler: puppetv2 +version: '8.0' +inputs: + apache_ports: + value: null + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/api-proxy/actions/run.pp b/f2s/resources/api-proxy/actions/run.pp new file mode 100644 index 00000000..80fd7158 --- /dev/null +++ b/f2s/resources/api-proxy/actions/run.pp @@ -0,0 +1,16 @@ +notice('MODULAR: api-proxy.pp') + +$max_header_size = hiera('max_header_size', '81900') + +# Apache and listen ports +class { 'osnailyfacter::apache': + listen_ports => hiera_array('apache_ports', ['80', '8888']), +} + +# API proxy vhost +class {'osnailyfacter::apache_api_proxy': + master_ip => hiera('master_ip'), + max_header_size => $max_header_size, +} + +include ::tweaks::apache_wrappers diff --git a/f2s/resources/api-proxy/meta.yaml b/f2s/resources/api-proxy/meta.yaml new file mode 100644 index 00000000..786ec7f9 --- /dev/null +++ b/f2s/resources/api-proxy/meta.yaml @@ -0,0 +1,16 @@ +id: api-proxy +handler: puppetv2 +version: '8.0' +inputs: + apache_ports: + value: null + fqdn: + value: null + master_ip: + value: null + max_header_size: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ceilometer-compute/actions/run.pp b/f2s/resources/ceilometer-compute/actions/run.pp new file mode 100644 index 00000000..53fde2a5 --- /dev/null +++ b/f2s/resources/ceilometer-compute/actions/run.pp @@ -0,0 +1,59 @@ +notice('MODULAR: ceilometer/compute.pp') + +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$syslog_log_facility = hiera('syslog_log_facility_ceilometer', 'LOG_LOCAL0') +$rabbit_hash = hiera_hash('rabbit_hash') +$management_vip = hiera('management_vip') +$service_endpoint = hiera('service_endpoint') + +$default_ceilometer_hash = { + 'enabled' => false, + 'db_password' => 'ceilometer', + 'user_password' => 'ceilometer', + 'metering_secret' => 'ceilometer', + 'http_timeout' => '600', + 'event_time_to_live' => '604800', + 'metering_time_to_live' => '604800', +} + +$region = hiera('region', 'RegionOne') +$ceilometer_hash = hiera_hash('ceilometer_hash', $default_ceilometer_hash) +$ceilometer_region = pick($ceilometer_hash['region'], $region) +$ceilometer_enabled = $ceilometer_hash['enabled'] +$amqp_password = $rabbit_hash['password'] +$amqp_user = $rabbit_hash['user'] +$ceilometer_user_password = $ceilometer_hash['user_password'] +$ceilometer_metering_secret = $ceilometer_hash['metering_secret'] +$verbose = pick($ceilometer_hash['verbose'], hiera('verbose', true)) +$debug = pick($ceilometer_hash['debug'], hiera('debug', false)) + +if ($ceilometer_enabled) { + class { 'openstack::ceilometer': + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + syslog_log_facility => $syslog_log_facility, + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $amqp_user, + amqp_password => $amqp_password, + keystone_user => $ceilometer_hash['user'], + keystone_tenant => $ceilometer_hash['tenant'], + keystone_region => $ceilometer_region, + keystone_host => $service_endpoint, + keystone_password => $ceilometer_user_password, + on_compute => true, + metering_secret => $ceilometer_metering_secret, + event_time_to_live => $ceilometer_hash['event_time_to_live'], + metering_time_to_live => $ceilometer_hash['metering_time_to_live'], + http_timeout => $ceilometer_hash['http_timeout'], + } + + # We need to restart nova-compute service in orderto apply new settings + include ::nova::params + service { 'nova-compute': + ensure => 'running', + name => $::nova::params::compute_service_name, + } +} diff --git a/f2s/resources/ceilometer-compute/meta.yaml b/f2s/resources/ceilometer-compute/meta.yaml new file mode 100644 index 00000000..a96b8ea0 --- /dev/null +++ b/f2s/resources/ceilometer-compute/meta.yaml @@ -0,0 +1,10 @@ +id: ceilometer-compute +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ceilometer-controller/actions/run.pp b/f2s/resources/ceilometer-controller/actions/run.pp new file mode 100644 index 00000000..0a062b5c --- /dev/null +++ b/f2s/resources/ceilometer-controller/actions/run.pp @@ -0,0 +1,111 @@ +notice('MODULAR: ceilometer/controller.pp') + +$default_ceilometer_hash = { + 'enabled' => false, + 'db_password' => 'ceilometer', + 'user_password' => 'ceilometer', + 'metering_secret' => 'ceilometer', + 'http_timeout' => '600', + 'event_time_to_live' => '604800', + 'metering_time_to_live' => '604800', +} + +$ceilometer_hash = hiera_hash('ceilometer', $default_ceilometer_hash) +$verbose = pick($ceilometer_hash['verbose'], hiera('verbose', true)) +$debug = pick($ceilometer_hash['debug'], hiera('debug', false)) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$syslog_log_facility = hiera('syslog_log_facility_ceilometer', 'LOG_LOCAL0') +$nodes_hash = hiera('nodes') +$storage_hash = hiera('storage') +$rabbit_hash = hiera_hash('rabbit_hash') +$management_vip = hiera('management_vip') +$region = hiera('region', 'RegionOne') +$ceilometer_region = pick($ceilometer_hash['region'], $region) +$mongo_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('mongo_roles')) +$mongo_address_map = get_node_to_ipaddr_map_by_network_role($mongo_nodes, 'mongo/db') + +$default_mongo_hash = { + 'enabled' => false, +} + +$mongo_hash = hiera_hash('mongo', $default_mongo_hash) + +if $mongo_hash['enabled'] and $ceilometer_hash['enabled'] { + $exteranl_mongo_hash = hiera_hash('external_mongo') + $ceilometer_db_user = $exteranl_mongo_hash['mongo_user'] + $ceilometer_db_password = $exteranl_mongo_hash['mongo_password'] + $ceilometer_db_dbname = $exteranl_mongo_hash['mongo_db_name'] + $external_mongo = true +} else { + $ceilometer_db_user = 'ceilometer' + $ceilometer_db_password = $ceilometer_hash['db_password'] + $ceilometer_db_dbname = 'ceilometer' + $external_mongo = false + $exteranl_mongo_hash = {} +} + +$ceilometer_enabled = $ceilometer_hash['enabled'] +$ceilometer_user_password = $ceilometer_hash['user_password'] +$ceilometer_metering_secret = $ceilometer_hash['metering_secret'] +$ceilometer_db_type = 'mongodb' +$swift_rados_backend = $storage_hash['objects_ceph'] +$amqp_password = $rabbit_hash['password'] +$amqp_user = $rabbit_hash['user'] +$rabbit_ha_queues = true +$service_endpoint = hiera('service_endpoint') +$ha_mode = pick($ceilometer_hash['ha_mode'], true) + +prepare_network_config(hiera('network_scheme', {})) +$api_bind_address = get_network_role_property('ceilometer/api', 'ipaddr') + +if $ceilometer_hash['enabled'] { + if $external_mongo { + $mongo_hosts = $exteranl_mongo_hash['hosts_ip'] + if $exteranl_mongo_hash['mongo_replset'] { + $mongo_replicaset = $exteranl_mongo_hash['mongo_replset'] + } else { + $mongo_replicaset = undef + } + } else { + $mongo_hosts = join(values($mongo_address_map), ',') + # MongoDB is alsways configured with replica set + $mongo_replicaset = 'ceilometer' + } +} + +############################################################################### + +if ($ceilometer_enabled) { + class { 'openstack::ceilometer': + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + syslog_log_facility => $syslog_log_facility, + db_type => $ceilometer_db_type, + db_host => $mongo_hosts, + db_user => $ceilometer_db_user, + db_password => $ceilometer_db_password, + db_dbname => $ceilometer_db_dbname, + swift_rados_backend => $swift_rados_backend, + metering_secret => $ceilometer_metering_secret, + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $amqp_user, + amqp_password => $amqp_password, + rabbit_ha_queues => $rabbit_ha_queues, + keystone_host => $service_endpoint, + keystone_password => $ceilometer_user_password, + keystone_user => $ceilometer_hash['user'], + keystone_tenant => $ceilometer_hash['tenant'], + keystone_region => $ceilometer_region, + host => $api_bind_address, + ha_mode => $ha_mode, + on_controller => true, + ext_mongo => $external_mongo, + mongo_replicaset => $mongo_replicaset, + event_time_to_live => $ceilometer_hash['event_time_to_live'], + metering_time_to_live => $ceilometer_hash['metering_time_to_live'], + http_timeout => $ceilometer_hash['http_timeout'], + } +} diff --git a/f2s/resources/ceilometer-controller/meta.yaml b/f2s/resources/ceilometer-controller/meta.yaml new file mode 100644 index 00000000..871b296d --- /dev/null +++ b/f2s/resources/ceilometer-controller/meta.yaml @@ -0,0 +1,44 @@ +id: ceilometer-controller +handler: puppetv2 +version: '8.0' +inputs: + ceilometer: + value: null + debug: + value: null + fqdn: + value: null + management_vip: + value: null + mongo: + value: null + mongo_roles: + value: null + network_metadata: + value: null + network_scheme: + value: null + nodes: + value: null + puppet_modules: + value: null + rabbit: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + storage: + value: null + syslog_log_facility_ceilometer: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/ceilometer-keystone/actions/run.pp b/f2s/resources/ceilometer-keystone/actions/run.pp new file mode 100644 index 00000000..c6ddaef1 --- /dev/null +++ b/f2s/resources/ceilometer-keystone/actions/run.pp @@ -0,0 +1,41 @@ +notice('MODULAR: ceilometer/keystone.pp') + +$ceilometer_hash = hiera_hash('ceilometer', {}) +$public_vip = hiera('public_vip') +$public_ssl_hash = hiera('public_ssl') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} +$admin_address = hiera('management_vip') +$region = pick($ceilometer_hash['region'], hiera('region', 'RegionOne')) +$password = $ceilometer_hash['user_password'] +$auth_name = pick($ceilometer_hash['auth_name'], 'ceilometer') +$configure_endpoint = pick($ceilometer_hash['configure_endpoint'], true) +$configure_user = pick($ceilometer_hash['configure_user'], true) +$configure_user_role = pick($ceilometer_hash['configure_user_role'], true) +$service_name = pick($ceilometer_hash['service_name'], 'ceilometer') +$tenant = pick($ceilometer_hash['tenant'], 'services') + +validate_string($public_address) +validate_string($password) + +$public_url = "${public_protocol}://${public_address}:8777" +$admin_url = "http://${admin_address}:8777" + +class { '::ceilometer::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, + public_url => $public_url, + internal_url => $admin_url, + admin_url => $admin_url, + region => $region, +} diff --git a/f2s/resources/ceilometer-keystone/meta.yaml b/f2s/resources/ceilometer-keystone/meta.yaml new file mode 100644 index 00000000..5163496e --- /dev/null +++ b/f2s/resources/ceilometer-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: ceilometer-keystone +handler: puppetv2 +version: '8.0' +inputs: + ceilometer: + value: null + fqdn: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/ceilometer-radosgw-user/actions/run.pp b/f2s/resources/ceilometer-radosgw-user/actions/run.pp new file mode 100644 index 00000000..4d12f91b --- /dev/null +++ b/f2s/resources/ceilometer-radosgw-user/actions/run.pp @@ -0,0 +1,20 @@ +notice('MODULAR: ceilometer/radosgw_user.pp') + +$default_ceilometer_hash = { + 'enabled' => false, +} + +$ceilometer_hash = hiera_hash('ceilometer', $default_ceilometer_hash) + +if $ceilometer_hash['enabled'] { + include ceilometer::params + + ceilometer_radosgw_user { 'ceilometer': + caps => {'buckets' => 'read', 'usage' => 'read'}, + } ~> + service { $::ceilometer::params::agent_central_service_name: + ensure => 'running', + enable => true, + provider => 'pacemaker', + } +} diff --git a/f2s/resources/ceilometer-radosgw-user/meta.yaml b/f2s/resources/ceilometer-radosgw-user/meta.yaml new file mode 100644 index 00000000..145ea0a7 --- /dev/null +++ b/f2s/resources/ceilometer-radosgw-user/meta.yaml @@ -0,0 +1,14 @@ +id: ceilometer-radosgw-user +handler: puppetv2 +version: '8.0' +inputs: + ceilometer: + value: null + fqdn: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null diff --git a/f2s/resources/ceph-compute/actions/run.pp b/f2s/resources/ceph-compute/actions/run.pp new file mode 100644 index 00000000..757231e6 --- /dev/null +++ b/f2s/resources/ceph-compute/actions/run.pp @@ -0,0 +1,97 @@ +notice('MODULAR: ceph/ceph_compute.pp') + +$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public') +$storage_hash = hiera_hash('storage_hash', {}) +$use_neutron = hiera('use_neutron') +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_ceph = hiera('syslog_log_facility_ceph','LOG_LOCAL0') +$keystone_hash = hiera_hash('keystone_hash', {}) +# Cinder settings +$cinder_pool = 'volumes' +# Glance settings +$glance_pool = 'images' +#Nova Compute settings +$compute_user = 'compute' +$compute_pool = 'compute' + + +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' +} else { + $glance_backend = 'swift' +} + +if ($storage_hash['volumes_ceph'] or + $storage_hash['images_ceph'] or + $storage_hash['objects_ceph'] or + $storage_hash['ephemeral_ceph'] +) { + $use_ceph = true +} else { + $use_ceph = false +} + +if $use_ceph { + $ceph_primary_monitor_node = hiera('ceph_primary_monitor_node') + $primary_mons = keys($ceph_primary_monitor_node) + $primary_mon = $ceph_primary_monitor_node[$primary_mons[0]]['name'] + + prepare_network_config(hiera_hash('network_scheme')) + $ceph_cluster_network = get_network_role_property('ceph/replication', 'network') + $ceph_public_network = get_network_role_property('ceph/public', 'network') + + class {'ceph': + primary_mon => $primary_mon, + mon_hosts => keys($mon_address_map), + mon_ip_addresses => values($mon_address_map), + cluster_node_address => $public_vip, + osd_pool_default_size => $storage_hash['osd_pool_size'], + osd_pool_default_pg_num => $storage_hash['pg_num'], + osd_pool_default_pgp_num => $storage_hash['pg_num'], + use_rgw => false, + glance_backend => $glance_backend, + rgw_pub_ip => $public_vip, + rgw_adm_ip => $management_vip, + rgw_int_ip => $management_vip, + cluster_network => $ceph_cluster_network, + public_network => $ceph_public_network, + use_syslog => $use_syslog, + syslog_log_level => hiera('syslog_log_level_ceph', 'info'), + syslog_log_facility => $syslog_log_facility_ceph, + rgw_keystone_admin_token => $keystone_hash['admin_token'], + ephemeral_ceph => $storage_hash['ephemeral_ceph'] + } + + + service { $::ceph::params::service_nova_compute :} + + ceph::pool {$compute_pool: + user => $compute_user, + acl => "mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${cinder_pool}, allow rx pool=${glance_pool}, allow rwx pool=${compute_pool}'", + keyring_owner => 'nova', + pg_num => $storage_hash['pg_num'], + pgp_num => $storage_hash['pg_num'], + } + + include ceph::nova_compute + + if ($storage_hash['ephemeral_ceph']) { + include ceph::ephemeral + Class['ceph::conf'] -> Class['ceph::ephemeral'] ~> + Service[$::ceph::params::service_nova_compute] + } + + Class['ceph::conf'] -> + Ceph::Pool[$compute_pool] -> + Class['ceph::nova_compute'] ~> + Service[$::ceph::params::service_nova_compute] + + Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], + cwd => '/root', + } + +} diff --git a/f2s/resources/ceph-compute/meta.yaml b/f2s/resources/ceph-compute/meta.yaml new file mode 100644 index 00000000..8690c5f0 --- /dev/null +++ b/f2s/resources/ceph-compute/meta.yaml @@ -0,0 +1,10 @@ +id: ceph-compute +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ceph-mon/actions/run.pp b/f2s/resources/ceph-mon/actions/run.pp new file mode 100644 index 00000000..f9d66765 --- /dev/null +++ b/f2s/resources/ceph-mon/actions/run.pp @@ -0,0 +1,95 @@ +notice('MODULAR: ceph/mon.pp') + +$storage_hash = hiera('storage', {}) +$use_neutron = hiera('use_neutron') +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_ceph = hiera('syslog_log_facility_ceph','LOG_LOCAL0') +$keystone_hash = hiera('keystone', {}) +$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public') + +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' +} else { + $glance_backend = 'swift' +} + +if ($storage_hash['volumes_ceph'] or + $storage_hash['images_ceph'] or + $storage_hash['objects_ceph'] or + $storage_hash['ephemeral_ceph'] +) { + $use_ceph = true +} else { + $use_ceph = false +} + +if $use_ceph { + $ceph_primary_monitor_node = hiera('ceph_primary_monitor_node') + $primary_mons = keys($ceph_primary_monitor_node) + $primary_mon = $ceph_primary_monitor_node[$primary_mons[0]]['name'] + + prepare_network_config(hiera_hash('network_scheme')) + $ceph_cluster_network = get_network_role_property('ceph/replication', 'network') + $ceph_public_network = get_network_role_property('ceph/public', 'network') + $mon_addr = get_network_role_property('ceph/public', 'ipaddr') + + class {'ceph': + primary_mon => $primary_mon, + mon_hosts => keys($mon_address_map), + mon_ip_addresses => values($mon_address_map), + mon_addr => $mon_addr, + cluster_node_address => $public_vip, + osd_pool_default_size => $storage_hash['osd_pool_size'], + osd_pool_default_pg_num => $storage_hash['pg_num'], + osd_pool_default_pgp_num => $storage_hash['pg_num'], + use_rgw => false, + glance_backend => $glance_backend, + rgw_pub_ip => $public_vip, + rgw_adm_ip => $management_vip, + rgw_int_ip => $management_vip, + cluster_network => $ceph_cluster_network, + public_network => $ceph_public_network, + use_syslog => $use_syslog, + syslog_log_level => hiera('syslog_log_level_ceph', 'info'), + syslog_log_facility => $syslog_log_facility_ceph, + rgw_keystone_admin_token => $keystone_hash['admin_token'], + ephemeral_ceph => $storage_hash['ephemeral_ceph'] + } + + if ($storage_hash['volumes_ceph']) { + include ::cinder::params + service { 'cinder-volume': + ensure => 'running', + name => $::cinder::params::volume_service, + hasstatus => true, + hasrestart => true, + } + + service { 'cinder-backup': + ensure => 'running', + name => $::cinder::params::backup_service, + hasstatus => true, + hasrestart => true, + } + + Class['ceph'] ~> Service['cinder-volume'] + Class['ceph'] ~> Service['cinder-backup'] + } + + if ($storage_hash['images_ceph']) { + include ::glance::params + service { 'glance-api': + ensure => 'running', + name => $::glance::params::api_service_name, + hasstatus => true, + hasrestart => true, + } + + Class['ceph'] ~> Service['glance-api'] + } + +} diff --git a/f2s/resources/ceph-mon/meta.yaml b/f2s/resources/ceph-mon/meta.yaml new file mode 100644 index 00000000..19d61849 --- /dev/null +++ b/f2s/resources/ceph-mon/meta.yaml @@ -0,0 +1,32 @@ +id: ceph-mon +handler: puppetv2 +version: '8.0' +inputs: + ceph_monitor_nodes: + value: null + ceph_primary_monitor_node: + value: null + fqdn: + value: null + keystone: + value: null + management_vip: + value: null + network_scheme: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null + syslog_log_facility_ceph: + value: null + syslog_log_level_ceph: + value: null + use_neutron: + value: null + use_syslog: + value: null diff --git a/f2s/resources/ceph-radosgw/actions/run.pp b/f2s/resources/ceph-radosgw/actions/run.pp new file mode 100644 index 00000000..cf5f131b --- /dev/null +++ b/f2s/resources/ceph-radosgw/actions/run.pp @@ -0,0 +1,103 @@ +notice('MODULAR: ceph/radosgw.pp') + +$storage_hash = hiera('storage', {}) +$use_neutron = hiera('use_neutron') +$public_vip = hiera('public_vip') +$keystone_hash = hiera('keystone', {}) +$management_vip = hiera('management_vip') +$service_endpoint = hiera('service_endpoint') +$public_ssl_hash = hiera('public_ssl') +$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public') + +if ($storage_hash['volumes_ceph'] or + $storage_hash['images_ceph'] or + $storage_hash['objects_ceph'] +) { + $use_ceph = true +} else { + $use_ceph = false +} + +if $use_ceph and $storage_hash['objects_ceph'] { + $ceph_primary_monitor_node = hiera('ceph_primary_monitor_node') + $primary_mons = keys($ceph_primary_monitor_node) + $primary_mon = $ceph_primary_monitor_node[$primary_mons[0]]['name'] + + prepare_network_config(hiera_hash('network_scheme')) + $ceph_cluster_network = get_network_role_property('ceph/replication', 'network') + $ceph_public_network = get_network_role_property('ceph/public', 'network') + $rgw_ip_address = get_network_role_property('ceph/radosgw', 'ipaddr') + + # Apache and listen ports + class { 'osnailyfacter::apache': + listen_ports => hiera_array('apache_ports', ['80', '8888']), + } + if ($::osfamily == 'Debian'){ + apache::mod {'rewrite': } + apache::mod {'fastcgi': } + } + include ::tweaks::apache_wrappers + include ceph::params + + $haproxy_stats_url = "http://${service_endpoint}:10000/;csv" + + haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + count => '200', + step => '6', + url => $haproxy_stats_url, + } + + haproxy_backend_status { 'keystone-public' : + name => 'keystone-1', + count => '200', + step => '6', + url => $haproxy_stats_url, + } + + Haproxy_backend_status['keystone-admin'] -> Class ['ceph::keystone'] + Haproxy_backend_status['keystone-public'] -> Class ['ceph::keystone'] + + class { 'ceph::radosgw': + # SSL + use_ssl => false, + public_ssl => $public_ssl_hash['services'], + + # Ceph + primary_mon => $primary_mon, + pub_ip => $public_vip, + adm_ip => $management_vip, + int_ip => $management_vip, + + # RadosGW settings + rgw_host => $::hostname, + rgw_ip => $rgw_ip_address, + rgw_port => '6780', + swift_endpoint_port => '8080', + rgw_keyring_path => '/etc/ceph/keyring.radosgw.gateway', + rgw_socket_path => '/tmp/radosgw.sock', + rgw_log_file => '/var/log/ceph/radosgw.log', + rgw_data => '/var/lib/ceph/radosgw', + rgw_dns_name => "*.${::domain}", + rgw_print_continue => true, + + #rgw Keystone settings + rgw_use_pki => false, + rgw_use_keystone => true, + rgw_keystone_url => "${service_endpoint}:35357", + rgw_keystone_admin_token => $keystone_hash['admin_token'], + rgw_keystone_token_cache_size => '10', + rgw_keystone_accepted_roles => '_member_, Member, admin, swiftoperator', + rgw_keystone_revocation_interval => '1000000', + rgw_nss_db_path => '/etc/ceph/nss', + + #rgw Log settings + use_syslog => hiera('use_syslog', true), + syslog_facility => hiera('syslog_log_facility_ceph', 'LOG_LOCAL0'), + syslog_level => hiera('syslog_log_level_ceph', 'info'), + } + + Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], + cwd => '/root', + } +} diff --git a/f2s/resources/ceph-radosgw/meta.yaml b/f2s/resources/ceph-radosgw/meta.yaml new file mode 100644 index 00000000..c577ef39 --- /dev/null +++ b/f2s/resources/ceph-radosgw/meta.yaml @@ -0,0 +1,26 @@ +id: ceph-radosgw +handler: puppetv2 +version: '8.0' +inputs: + ceph_monitor_nodes: + value: null + fqdn: + value: null + keystone: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null + storage: + value: null + use_neutron: + value: null diff --git a/f2s/resources/ceph_create_pools/actions/run.pp b/f2s/resources/ceph_create_pools/actions/run.pp new file mode 100644 index 00000000..6fdb2ee4 --- /dev/null +++ b/f2s/resources/ceph_create_pools/actions/run.pp @@ -0,0 +1,80 @@ +notice('MODULAR: ceph/ceph_pools') + +$storage_hash = hiera('storage', {}) +$osd_pool_default_pg_num = $storage_hash['pg_num'] +$osd_pool_default_pgp_num = $storage_hash['pg_num'] +# Cinder settings +$cinder_user = 'volumes' +$cinder_pool = 'volumes' +# Cinder Backup settings +$cinder_backup_user = 'backups' +$cinder_backup_pool = 'backups' +# Glance settings +$glance_user = 'images' +$glance_pool = 'images' + + +Exec { path => [ '/bin/', '/sbin/' , '/usr/bin/', '/usr/sbin/' ], + cwd => '/root', +} + +# DO NOT SPLIT ceph auth command lines! See http://tracker.ceph.com/issues/3279 +ceph::pool {$glance_pool: + user => $glance_user, + acl => "mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${glance_pool}'", + keyring_owner => 'glance', + pg_num => $osd_pool_default_pg_num, + pgp_num => $osd_pool_default_pg_num, +} + +ceph::pool {$cinder_pool: + user => $cinder_user, + acl => "mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${cinder_pool}, allow rx pool=${glance_pool}'", + keyring_owner => 'cinder', + pg_num => $osd_pool_default_pg_num, + pgp_num => $osd_pool_default_pg_num, +} + +ceph::pool {$cinder_backup_pool: + user => $cinder_backup_user, + acl => "mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=${cinder_backup_pool}, allow rx pool=${cinder_pool}'", + keyring_owner => 'cinder', + pg_num => $osd_pool_default_pg_num, + pgp_num => $osd_pool_default_pg_num, +} + +Ceph::Pool[$glance_pool] -> Ceph::Pool[$cinder_pool] -> Ceph::Pool[$cinder_backup_pool] + +if ($storage_hash['volumes_ceph']) { + include ::cinder::params + service { 'cinder-volume': + ensure => 'running', + name => $::cinder::params::volume_service, + hasstatus => true, + hasrestart => true, + } + + Ceph::Pool[$cinder_pool] ~> Service['cinder-volume'] + + service { 'cinder-backup': + ensure => 'running', + name => $::cinder::params::backup_service, + hasstatus => true, + hasrestart => true, + } + + Ceph::Pool[$cinder_backup_pool] ~> Service['cinder-backup'] +} + +if ($storage_hash['images_ceph']) { + include ::glance::params + service { 'glance-api': + ensure => 'running', + name => $::glance::params::api_service_name, + hasstatus => true, + hasrestart => true, + } + + Ceph::Pool[$glance_pool] ~> Service['glance-api'] +} + diff --git a/f2s/resources/ceph_create_pools/meta.yaml b/f2s/resources/ceph_create_pools/meta.yaml new file mode 100644 index 00000000..97de7472 --- /dev/null +++ b/f2s/resources/ceph_create_pools/meta.yaml @@ -0,0 +1,12 @@ +id: ceph_create_pools +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null diff --git a/f2s/resources/cinder-db/actions/run.pp b/f2s/resources/cinder-db/actions/run.pp new file mode 100644 index 00000000..e51e3383 --- /dev/null +++ b/f2s/resources/cinder-db/actions/run.pp @@ -0,0 +1,53 @@ +notice('MODULAR: cinder/db.pp') + +$cinder_hash = hiera_hash('cinder', {}) +$mysql_hash = hiera_hash('mysql_hash', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($cinder_hash['db_user'], 'cinder') +$db_name = pick($cinder_hash['db_name'], 'cinder') +$db_password = pick($cinder_hash['db_password'], $mysql_root_password) + +$db_host = pick($cinder_hash['db_host'], $database_vip) +$db_create = pick($cinder_hash['db_create'], $mysql_db_create) +$db_root_user = pick($cinder_hash['root_user'], $mysql_root_user) +$db_root_password = pick($cinder_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'cinder::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['cinder::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/cinder-db/meta.yaml b/f2s/resources/cinder-db/meta.yaml new file mode 100644 index 00000000..6865e031 --- /dev/null +++ b/f2s/resources/cinder-db/meta.yaml @@ -0,0 +1,20 @@ +id: cinder-db +handler: puppetv2 +version: '8.0' +inputs: + cinder: + value: null + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql_custom_setup_class: + value: null + mysql_hash: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/cinder-keystone/actions/run.pp b/f2s/resources/cinder-keystone/actions/run.pp new file mode 100644 index 00000000..1b93e142 --- /dev/null +++ b/f2s/resources/cinder-keystone/actions/run.pp @@ -0,0 +1,51 @@ +notice('MODULAR: cinder/keystone.pp') + +$cinder_hash = hiera_hash('cinder', {}) +$public_ssl_hash = hiera('public_ssl') +$public_vip = hiera('public_vip') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} +$admin_protocol = 'http' +$admin_address = hiera('management_vip') +$region = pick($cinder_hash['region'], hiera('region', 'RegionOne')) + +$password = $cinder_hash['user_password'] +$auth_name = pick($cinder_hash['auth_name'], 'cinder') +$configure_endpoint = pick($cinder_hash['configure_endpoint'], true) +$configure_user = pick($cinder_hash['configure_user'], true) +$configure_user_role = pick($cinder_hash['configure_user_role'], true) +$service_name = pick($cinder_hash['service_name'], 'cinder') +$tenant = pick($cinder_hash['tenant'], 'services') + +$port = '8776' + +$public_url = "${public_protocol}://${public_address}:${port}/v1/%(tenant_id)s" +$admin_url = "${admin_protocol}://${admin_address}:${port}/v1/%(tenant_id)s" + +$public_url_v2 = "${public_protocol}://${public_address}:${port}/v2/%(tenant_id)s" +$admin_url_v2 = "${admin_protocol}://${admin_address}:${port}/v2/%(tenant_id)s" + +validate_string($public_address) +validate_string($password) + +class { '::cinder::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, + public_url => $public_url, + internal_url => $admin_url, + admin_url => $admin_url, + public_url_v2 => $public_url_v2, + internal_url_v2 => $admin_url_v2, + admin_url_v2 => $admin_url_v2, + region => $region, +} diff --git a/f2s/resources/cinder-keystone/meta.yaml b/f2s/resources/cinder-keystone/meta.yaml new file mode 100644 index 00000000..c2ec3ec4 --- /dev/null +++ b/f2s/resources/cinder-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: cinder-keystone +handler: puppetv2 +version: '8.0' +inputs: + cinder: + value: null + fqdn: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/cluster-haproxy/actions/run.pp b/f2s/resources/cluster-haproxy/actions/run.pp new file mode 100644 index 00000000..9c604867 --- /dev/null +++ b/f2s/resources/cluster-haproxy/actions/run.pp @@ -0,0 +1,20 @@ +notice('MODULAR: cluster-haproxy.pp') + +$network_scheme = hiera('network_scheme', {}) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip', '') +$service_endpoint = hiera('service_endpoint', '') +$primary_controller = hiera('primary_controller') +$haproxy_hash = hiera_hash('haproxy', {}) + +#FIXME(mattymo): Replace with only VIPs for roles assigned to this node +$stats_ipaddresses = delete_undef_values([$management_vip, $database_vip, $service_endpoint, '127.0.0.1']) + +class { 'cluster::haproxy': + haproxy_maxconn => '16000', + haproxy_bufsize => '32768', + primary_controller => $primary_controller, + debug => pick($haproxy_hash['debug'], hiera('debug', false)), + other_networks => direct_networks($network_scheme['endpoints']), + stats_ipaddresses => $stats_ipaddresses +} diff --git a/f2s/resources/cluster-haproxy/meta.yaml b/f2s/resources/cluster-haproxy/meta.yaml new file mode 100644 index 00000000..c1e45fb8 --- /dev/null +++ b/f2s/resources/cluster-haproxy/meta.yaml @@ -0,0 +1,24 @@ +id: cluster-haproxy +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + debug: + value: null + fqdn: + value: null + haproxy: + value: null + management_vip: + value: null + network_scheme: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null diff --git a/f2s/resources/cluster-vrouter/actions/run.pp b/f2s/resources/cluster-vrouter/actions/run.pp new file mode 100644 index 00000000..09125d94 --- /dev/null +++ b/f2s/resources/cluster-vrouter/actions/run.pp @@ -0,0 +1,7 @@ +notice('MODULAR: cluster-vrouter.pp') + +$network_scheme = hiera('network_scheme', {}) + +class { 'cluster::vrouter_ocf': + other_networks => direct_networks($network_scheme['endpoints']), +} diff --git a/f2s/resources/cluster-vrouter/meta.yaml b/f2s/resources/cluster-vrouter/meta.yaml new file mode 100644 index 00000000..6f6fd6b5 --- /dev/null +++ b/f2s/resources/cluster-vrouter/meta.yaml @@ -0,0 +1,12 @@ +id: cluster-vrouter +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/cluster/actions/run.pp b/f2s/resources/cluster/actions/run.pp new file mode 100644 index 00000000..87aa1242 --- /dev/null +++ b/f2s/resources/cluster/actions/run.pp @@ -0,0 +1,49 @@ +notice('MODULAR: cluster.pp') + +if !(hiera('role') in hiera('corosync_roles')) { + fail('The node role is not in corosync roles') +} + +prepare_network_config(hiera_hash('network_scheme')) + +$corosync_nodes = corosync_nodes( + get_nodes_hash_by_roles( + hiera_hash('network_metadata'), + hiera('corosync_roles') + ), + 'mgmt/corosync' +) + +class { 'cluster': + internal_address => get_network_role_property('mgmt/corosync', 'ipaddr'), + corosync_nodes => $corosync_nodes, +} + +pcmk_nodes { 'pacemaker' : + nodes => $corosync_nodes, + add_pacemaker_nodes => false, +} + +Service <| title == 'corosync' |> { + subscribe => File['/etc/corosync/service.d'], + require => File['/etc/corosync/corosync.conf'], +} + +Service['corosync'] -> Pcmk_nodes<||> +Pcmk_nodes<||> -> Service<| provider == 'pacemaker' |> + +# Sometimes during first start pacemaker can not connect to corosync +# via IPC due to pacemaker and corosync processes are run under different users +if($::operatingsystem == 'Ubuntu') { + $pacemaker_run_uid = 'hacluster' + $pacemaker_run_gid = 'haclient' + + file {'/etc/corosync/uidgid.d/pacemaker': + content =>"uidgid { + uid: ${pacemaker_run_uid} + gid: ${pacemaker_run_gid} +}" + } + + File['/etc/corosync/corosync.conf'] -> File['/etc/corosync/uidgid.d/pacemaker'] -> Service <| title == 'corosync' |> +} diff --git a/f2s/resources/cluster/meta.yaml b/f2s/resources/cluster/meta.yaml new file mode 100644 index 00000000..a01566c4 --- /dev/null +++ b/f2s/resources/cluster/meta.yaml @@ -0,0 +1,16 @@ +id: cluster +handler: puppetv2 +version: '8.0' +inputs: + corosync_roles: + value: null + fqdn: + value: null + network_metadata: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/cluster_health/actions/run.pp b/f2s/resources/cluster_health/actions/run.pp new file mode 100644 index 00000000..d6906cd6 --- /dev/null +++ b/f2s/resources/cluster_health/actions/run.pp @@ -0,0 +1,20 @@ +notice('MODULAR: cluster/health.pp') + +if !(hiera('role') in hiera('corosync_roles')) { + fail('The node role is not in corosync roles') +} + +# load the mounted filesystems from our custom fact, remove boot +$mount_points = delete(split($::mounts, ','), '/boot') + +$disks = hiera('corosync_disks', $mount_points) +$min_disk_free = hiera('corosync_min_disk_space', '512M') +$disk_unit = hiera('corosync_disk_unit', 'M') +$monitor_interval = hiera('corosync_disk_monitor_interval', '15s') + +class { 'cluster::sysinfo': + disks => $disks, + min_disk_free => $min_disk_free, + disk_unit => $disk_unit, + monitor_interval => $monitor_interval, +} diff --git a/f2s/resources/cluster_health/meta.yaml b/f2s/resources/cluster_health/meta.yaml new file mode 100644 index 00000000..9ffaf7b6 --- /dev/null +++ b/f2s/resources/cluster_health/meta.yaml @@ -0,0 +1,24 @@ +id: cluster_health +handler: puppetv2 +version: '8.0' +inputs: + corosync_disk_monitor: + value: null + corosync_disk_monitor_interval: + value: null + corosync_disk_unit: + value: null + corosync_disks: + value: null + corosync_min_disk_space: + value: null + corosync_monitor_interval: + value: null + corosync_roles: + value: null + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/configure_default_route/actions/run.pp b/f2s/resources/configure_default_route/actions/run.pp new file mode 100644 index 00000000..775cc48e --- /dev/null +++ b/f2s/resources/configure_default_route/actions/run.pp @@ -0,0 +1,11 @@ +notice('MODULAR: configure_default_route.pp') + +$network_scheme = hiera('network_scheme') +$management_vrouter_vip = hiera('management_vrouter_vip') + +prepare_network_config($network_scheme) +$management_int = get_network_role_property('management', 'interface') +$fw_admin_int = get_network_role_property('fw-admin', 'interface') +$ifconfig = configure_default_route($network_scheme, $management_vrouter_vip, $fw_admin_int, $management_int ) + +notice ($ifconfig) diff --git a/f2s/resources/configure_default_route/meta.yaml b/f2s/resources/configure_default_route/meta.yaml new file mode 100644 index 00000000..bc69b391 --- /dev/null +++ b/f2s/resources/configure_default_route/meta.yaml @@ -0,0 +1,10 @@ +id: configure_default_route +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/connectivity_tests/actions/run.pp b/f2s/resources/connectivity_tests/actions/run.pp new file mode 100644 index 00000000..54296d8b --- /dev/null +++ b/f2s/resources/connectivity_tests/actions/run.pp @@ -0,0 +1,5 @@ +notice('MODULAR: connectivity_tests.pp') +# Pull the list of repos from hiera +$repo_setup = hiera('repo_setup') +# test that the repos are accessible +url_available($repo_setup['repos']) diff --git a/f2s/resources/connectivity_tests/meta.yaml b/f2s/resources/connectivity_tests/meta.yaml new file mode 100644 index 00000000..a1408eec --- /dev/null +++ b/f2s/resources/connectivity_tests/meta.yaml @@ -0,0 +1,12 @@ +id: connectivity_tests +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + repo_setup: + value: null + role: + value: null diff --git a/f2s/resources/conntrackd/actions/run.pp b/f2s/resources/conntrackd/actions/run.pp new file mode 100644 index 00000000..360d98ff --- /dev/null +++ b/f2s/resources/conntrackd/actions/run.pp @@ -0,0 +1,79 @@ +notice('MODULAR: conntrackd.pp') + +prepare_network_config(hiera('network_scheme', {})) +$vrouter_name = hiera('vrouter_name', 'pub') + +case $operatingsystem { + Centos: { $conntrackd_package = 'conntrack-tools' } + Ubuntu: { $conntrackd_package = 'conntrackd' } +} + + +### CONNTRACKD for CentOS 6 doesn't work under namespaces ## + +if $operatingsystem == 'Ubuntu' { + $bind_address = get_network_role_property('mgmt/vip', 'ipaddr') + $mgmt_bridge = get_network_role_property('mgmt/vip', 'interface') + + package { $conntrackd_package: + ensure => installed, + } -> + + file { '/etc/conntrackd/conntrackd.conf': + content => template('cluster/conntrackd.conf.erb'), + } -> + + cs_resource {'p_conntrackd': + ensure => present, + primitive_class => 'ocf', + provided_by => 'fuel', + primitive_type => 'ns_conntrackd', + metadata => { + 'migration-threshold' => 'INFINITY', + 'failure-timeout' => '180s' + }, + parameters => { + 'bridge' => $mgmt_bridge, + }, + complex_type => 'master', + ms_metadata => { + 'notify' => 'true', + 'ordered' => 'false', + 'interleave' => 'true', + 'clone-node-max' => '1', + 'master-max' => '1', + 'master-node-max' => '1', + 'target-role' => 'Master' + }, + operations => { + 'monitor' => { + 'interval' => '30', + 'timeout' => '60' + }, + 'monitor:Master' => { + 'role' => 'Master', + 'interval' => '27', + 'timeout' => '60' + }, + }, + } + + cs_colocation { "conntrackd-with-${vrouter_name}-vip": + primitives => [ 'master_p_conntrackd:Master', "vip__vrouter_${vrouter_name}" ], + } + + File['/etc/conntrackd/conntrackd.conf'] -> Cs_resource['p_conntrackd'] -> Service['p_conntrackd'] -> Cs_colocation["conntrackd-with-${vrouter_name}-vip"] + + service { 'p_conntrackd': + ensure => 'running', + enable => true, + provider => 'pacemaker', + } + + # Workaround to ensure log is rotated properly + file { '/etc/logrotate.d/conntrackd': + content => template('openstack/95-conntrackd.conf.erb'), + } + + Package[$conntrackd_package] -> File['/etc/logrotate.d/conntrackd'] +} diff --git a/f2s/resources/conntrackd/meta.yaml b/f2s/resources/conntrackd/meta.yaml new file mode 100644 index 00000000..45f8f638 --- /dev/null +++ b/f2s/resources/conntrackd/meta.yaml @@ -0,0 +1,14 @@ +id: conntrackd +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null + vrouter_name: + value: null diff --git a/f2s/resources/controller_remaining_tasks/actions/run.pp b/f2s/resources/controller_remaining_tasks/actions/run.pp new file mode 100644 index 00000000..d20ddc5d --- /dev/null +++ b/f2s/resources/controller_remaining_tasks/actions/run.pp @@ -0,0 +1,49 @@ +notice('MODULAR: controller.pp') + +# Pulling hiera +$primary_controller = hiera('primary_controller') +$neutron_mellanox = hiera('neutron_mellanox', false) +$use_neutron = hiera('use_neutron', false) + +# Do the stuff +if $neutron_mellanox { + $mellanox_mode = $neutron_mellanox['plugin'] +} else { + $mellanox_mode = 'disabled' +} + +if $primary_controller { + if ($mellanox_mode == 'ethernet') { + $test_vm_pkg = 'cirros-testvm-mellanox' + } else { + $test_vm_pkg = 'cirros-testvm' + } + package { 'cirros-testvm' : + ensure => 'installed', + name => $test_vm_pkg, + } +} + +Exec { logoutput => true } + +if ($::mellanox_mode == 'ethernet') { + $ml2_eswitch = $neutron_mellanox['ml2_eswitch'] + class { 'mellanox_openstack::controller': + eswitch_vnic_type => $ml2_eswitch['vnic_type'], + eswitch_apply_profile_patch => $ml2_eswitch['apply_profile_patch'], + } +} + +# NOTE(bogdando) for nodes with pacemaker, we should use OCF instead of monit + +# BP https://blueprints.launchpad.net/mos/+spec/include-openstackclient +package { 'python-openstackclient' : + ensure => installed, +} + +# Reduce swapiness on controllers, see LP#1413702 +sysctl::value { 'vm.swappiness': + value => '10' +} + +# vim: set ts=2 sw=2 et : diff --git a/f2s/resources/controller_remaining_tasks/meta.yaml b/f2s/resources/controller_remaining_tasks/meta.yaml new file mode 100644 index 00000000..e5d4d401 --- /dev/null +++ b/f2s/resources/controller_remaining_tasks/meta.yaml @@ -0,0 +1,16 @@ +id: controller_remaining_tasks +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + neutron_mellanox: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/database/actions/run.pp b/f2s/resources/database/actions/run.pp new file mode 100644 index 00000000..b056e3fb --- /dev/null +++ b/f2s/resources/database/actions/run.pp @@ -0,0 +1,132 @@ +notice('MODULAR: database.pp') + +prepare_network_config(hiera('network_scheme', {})) +$use_syslog = hiera('use_syslog', true) +$primary_controller = hiera('primary_controller') +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip', $management_vip) + +$network_scheme = hiera('network_scheme', {}) +$mgmt_iface = get_network_role_property('mgmt/database', 'interface') +$direct_networks = split(direct_networks($network_scheme['endpoints'], $mgmt_iface, 'netmask'), ' ') +$access_networks = flatten(['localhost', '127.0.0.1', '240.0.0.0/255.255.0.0', $direct_networks]) + +$haproxy_stats_port = '10000' +$haproxy_stats_url = "http://${database_vip}:${haproxy_stats_port}/;csv" + +$mysql_database_password = $mysql_hash['root_password'] +$enabled = pick($mysql_hash['enabled'], true) + +$galera_node_address = get_network_role_property('mgmt/database', 'ipaddr') +$galera_nodes = values(get_node_to_ipaddr_map_by_network_role(hiera_hash('database_nodes'), 'mgmt/database')) +$galera_primary_controller = hiera('primary_database', $primary_controller) +$mysql_bind_address = '0.0.0.0' +$galera_cluster_name = 'openstack' + +$mysql_skip_name_resolve = true +$custom_setup_class = hiera('mysql_custom_setup_class', 'galera') + +# Get galera gcache factor based on cluster node's count +$galera_gcache_factor = count(unique(filter_hash(hiera('nodes', []), 'uid'))) + +$status_user = 'clustercheck' +$status_password = $mysql_hash['wsrep_password'] +$backend_port = '3307' +$backend_timeout = '10' + +############################################################################# +validate_string($status_password) +validate_string($mysql_database_password) +validate_string($status_password) + +if $enabled { + + if $custom_setup_class { + file { '/etc/mysql/my.cnf': + ensure => absent, + require => Class['mysql::server'] + } + $config_hash_real = { + 'config_file' => '/etc/my.cnf' + } + } else { + $config_hash_real = { } + } + + if '/var/lib/mysql' in split($::mounts, ',') { + $ignore_db_dirs = ['lost+found'] + } else { + $ignore_db_dirs = [] + } + + class { 'mysql::server': + bind_address => '0.0.0.0', + etc_root_password => true, + root_password => $mysql_database_password, + old_root_password => '', + galera_cluster_name => $galera_cluster_name, + primary_controller => $galera_primary_controller, + galera_node_address => $galera_node_address, + galera_nodes => $galera_nodes, + galera_gcache_factor => $galera_gcache_factor, + enabled => $enabled, + custom_setup_class => $custom_setup_class, + mysql_skip_name_resolve => $mysql_skip_name_resolve, + use_syslog => $use_syslog, + config_hash => $config_hash_real, + ignore_db_dirs => $ignore_db_dirs, + } + + class { 'osnailyfacter::mysql_user': + password => $mysql_database_password, + access_networks => $access_networks, + } + + exec { 'initial_access_config': + command => '/bin/ln -sf /etc/mysql/conf.d/password.cnf /root/.my.cnf', + } + + if ($custom_mysql_setup_class == 'percona_packages' and $::osfamily == 'RedHat') { + # This is a work around to prevent the conflict between the + # MySQL-shared-wsrep package (included as a dependency for MySQL-python) and + # the Percona shared package Percona-XtraDB-Cluster-shared-56. They both + # provide the libmysql client libraries. Since we are requiring the + # installation of the Percona package here before mysql::python, the python + # client is happy and the server installation won't fail due to the + # installation of our shared package + package { 'Percona-XtraDB-Cluster-shared-56': + ensure => 'present', + before => Class['mysql::python'], + } + } + + $management_networks = get_routable_networks_for_network_role($network_scheme, 'mgmt/database', ' ') + + class { 'openstack::galera::status': + status_user => $status_user, + status_password => $status_password, + status_allow => $galera_node_address, + backend_host => $galera_node_address, + backend_port => $backend_port, + backend_timeout => $backend_timeout, + only_from => "127.0.0.1 240.0.0.2 ${management_networks}", + } + + haproxy_backend_status { 'mysql': + name => 'mysqld', + url => $haproxy_stats_url, + } + + class { 'osnailyfacter::mysql_access': + db_password => $mysql_database_password, + } + + Class['mysql::server'] -> + Class['osnailyfacter::mysql_user'] -> + Exec['initial_access_config'] -> + Class['openstack::galera::status'] -> + Haproxy_backend_status['mysql'] -> + Class['osnailyfacter::mysql_access'] + +} diff --git a/f2s/resources/database/meta.yaml b/f2s/resources/database/meta.yaml new file mode 100644 index 00000000..4da75f77 --- /dev/null +++ b/f2s/resources/database/meta.yaml @@ -0,0 +1,30 @@ +id: database +handler: puppetv2 +version: '8.0' +inputs: + database_nodes: + value: null + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + network_scheme: + value: null + nodes: + value: null + primary_controller: + value: null + primary_database: + value: null + puppet_modules: + value: null + role: + value: null + use_syslog: + value: null diff --git a/f2s/resources/disable_keystone_service_token/actions/run.pp b/f2s/resources/disable_keystone_service_token/actions/run.pp new file mode 100644 index 00000000..2708a261 --- /dev/null +++ b/f2s/resources/disable_keystone_service_token/actions/run.pp @@ -0,0 +1,41 @@ +notice('MODULAR: service_token_off.pp') + +#################################################################### +# Used as singular by post-deployment action to disable admin_token +# + +$keystone_params = hiera_hash('keystone_hash', {}) + +if $keystone_params['service_token_off'] { + + include ::keystone::params + include ::tweaks::apache_wrappers + + keystone_config { + 'DEFAULT/admin_token': ensure => absent; + } + + # Get paste.ini source + $keystone_paste_ini = $::keystone::params::paste_config ? { + undef => '/etc/keystone/keystone-paste.ini', + default => $::keystone::params::paste_config, + } + + # Remove admin_token_auth middleware from public/admin/v3 pipelines + exec { 'remove_admin_token_auth_middleware': + path => ['/bin', '/usr/bin'], + command => "sed -i.dist 's/ admin_token_auth//' $keystone_paste_ini", + onlyif => "fgrep -q ' admin_token_auth' $keystone_paste_ini", + } + + service { 'httpd': + ensure => 'running', + name => $::tweaks::apache_wrappers::service_name, + enable => true, + } + + # Restart service that changes to take effect + Keystone_config<||> ~> Service['httpd'] + Exec['remove_admin_token_auth_middleware'] ~> Service['httpd'] + +} diff --git a/f2s/resources/disable_keystone_service_token/meta.yaml b/f2s/resources/disable_keystone_service_token/meta.yaml new file mode 100644 index 00000000..19882fda --- /dev/null +++ b/f2s/resources/disable_keystone_service_token/meta.yaml @@ -0,0 +1,12 @@ +id: disable_keystone_service_token +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + keystone_hash: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/dns-client/actions/run.pp b/f2s/resources/dns-client/actions/run.pp new file mode 100644 index 00000000..f7207b37 --- /dev/null +++ b/f2s/resources/dns-client/actions/run.pp @@ -0,0 +1,8 @@ +notice('MODULAR: dns-client.pp') + +$management_vip = hiera('management_vrouter_vip') + +class { 'osnailyfacter::resolvconf': + management_vip => $management_vip, +} + diff --git a/f2s/resources/dns-client/meta.yaml b/f2s/resources/dns-client/meta.yaml new file mode 100644 index 00000000..a53f2682 --- /dev/null +++ b/f2s/resources/dns-client/meta.yaml @@ -0,0 +1,12 @@ +id: dns-client +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vrouter_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/dns-server/actions/run.pp b/f2s/resources/dns-server/actions/run.pp new file mode 100644 index 00000000..54f0ad75 --- /dev/null +++ b/f2s/resources/dns-server/actions/run.pp @@ -0,0 +1,16 @@ +notice('MODULAR: dns-server.pp') + +$dns_servers = hiera('external_dns') +$primary_controller = hiera('primary_controller') +$master_ip = hiera('master_ip') +$management_vrouter_vip = hiera('management_vrouter_vip') + +class { 'osnailyfacter::dnsmasq': + external_dns => strip(split($dns_servers['dns_list'], ',')), + master_ip => $master_ip, + management_vrouter_vip => $management_vrouter_vip, +} -> + +class { 'cluster::dns_ocf': + primary_controller => $primary_controller, +} diff --git a/f2s/resources/dns-server/meta.yaml b/f2s/resources/dns-server/meta.yaml new file mode 100644 index 00000000..7faa8ea2 --- /dev/null +++ b/f2s/resources/dns-server/meta.yaml @@ -0,0 +1,18 @@ +id: dns-server +handler: puppetv2 +version: '8.0' +inputs: + external_dns: + value: null + fqdn: + value: null + management_vrouter_vip: + value: null + master_ip: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/dump_rabbitmq_definitions/actions/run.pp b/f2s/resources/dump_rabbitmq_definitions/actions/run.pp new file mode 100644 index 00000000..063d90e1 --- /dev/null +++ b/f2s/resources/dump_rabbitmq_definitions/actions/run.pp @@ -0,0 +1,28 @@ +notice('MODULAR: dump_rabbitmq_definitions.pp') + +$definitions_dump_file = '/etc/rabbitmq/definitions' +$rabbit_hash = hiera_hash('rabbit_hash', + { + 'user' => false, + 'password' => false, + } + ) +$rabbit_enabled = pick($rabbit_hash['enabled'], true) + + +if ($rabbit_enabled) { + $rabbit_api_endpoint = 'http://localhost:15672/api/definitions' + $rabbit_credentials = "${rabbit_hash['user']}:${rabbit_hash['password']}" + + exec { 'rabbitmq-dump-definitions': + path => ['/usr/bin', '/usr/sbin', '/sbin', '/bin'], + command => "curl -u ${rabbit_credentials} ${rabbit_api_endpoint} -o ${definitions_dump_file}", + } + + file { $definitions_dump_file: + ensure => file, + owner => 'root', + group => 'root', + mode => '0600', + } +} diff --git a/f2s/resources/dump_rabbitmq_definitions/meta.yaml b/f2s/resources/dump_rabbitmq_definitions/meta.yaml new file mode 100644 index 00000000..44e9109c --- /dev/null +++ b/f2s/resources/dump_rabbitmq_definitions/meta.yaml @@ -0,0 +1,12 @@ +id: dump_rabbitmq_definitions +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + rabbit_hash: + value: null + role: + value: null diff --git a/f2s/resources/enable_cinder_volume_service/actions/run.pp b/f2s/resources/enable_cinder_volume_service/actions/run.pp new file mode 100644 index 00000000..3dbe8e63 --- /dev/null +++ b/f2s/resources/enable_cinder_volume_service/actions/run.pp @@ -0,0 +1,10 @@ +include cinder::params + +$volume_service = $::cinder::params::volume_service + +service { $volume_service: + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, +} diff --git a/f2s/resources/enable_cinder_volume_service/meta.yaml b/f2s/resources/enable_cinder_volume_service/meta.yaml new file mode 100644 index 00000000..404d0853 --- /dev/null +++ b/f2s/resources/enable_cinder_volume_service/meta.yaml @@ -0,0 +1,10 @@ +id: enable_cinder_volume_service +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/enable_nova_compute_service/actions/run.pp b/f2s/resources/enable_nova_compute_service/actions/run.pp new file mode 100644 index 00000000..8738f70e --- /dev/null +++ b/f2s/resources/enable_nova_compute_service/actions/run.pp @@ -0,0 +1,10 @@ +include nova::params + +$compute_service_name = $::nova::params::compute_service_name + +service { $compute_service_name: + ensure => running, + enable => true, + hasstatus => true, + hasrestart => true, +} diff --git a/f2s/resources/enable_nova_compute_service/meta.yaml b/f2s/resources/enable_nova_compute_service/meta.yaml new file mode 100644 index 00000000..dd1bd484 --- /dev/null +++ b/f2s/resources/enable_nova_compute_service/meta.yaml @@ -0,0 +1,10 @@ +id: enable_nova_compute_service +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/enable_rados/actions/run.pp b/f2s/resources/enable_rados/actions/run.pp new file mode 100644 index 00000000..e9ebbab5 --- /dev/null +++ b/f2s/resources/enable_rados/actions/run.pp @@ -0,0 +1,17 @@ +include ::ceph::params + +$radosgw_service = $::ceph::params::service_radosgw + +# ensure the service is running and will start on boot +service { $radosgw_service: + ensure => running, + enable => true, +} + +# The Ubuntu upstart script is incompatible with the upstart provider +# This will force the service to fall back to the debian init script +if ($::operatingsystem == 'Ubuntu') { + Service['radosgw'] { + provider => 'debian' + } +} diff --git a/f2s/resources/enable_rados/meta.yaml b/f2s/resources/enable_rados/meta.yaml new file mode 100644 index 00000000..b2706e00 --- /dev/null +++ b/f2s/resources/enable_rados/meta.yaml @@ -0,0 +1,10 @@ +id: enable_rados +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/firewall/actions/run.pp b/f2s/resources/firewall/actions/run.pp new file mode 100644 index 00000000..e22fe133 --- /dev/null +++ b/f2s/resources/firewall/actions/run.pp @@ -0,0 +1,132 @@ +notice('MODULAR: firewall.pp') + +$network_scheme = hiera_hash('network_scheme') +$ironic_hash = hiera_hash('ironic', {}) + +# Workaround for fuel bug with firewall +firewall {'003 remote rabbitmq ': + sport => [ 4369, 5672, 41055, 55672, 61613 ], + source => hiera('master_ip'), + proto => 'tcp', + action => 'accept', + require => Class['openstack::firewall'], +} + +firewall {'004 remote puppet ': + sport => [ 8140 ], + source => hiera('master_ip'), + proto => 'tcp', + action => 'accept', + require => Class['openstack::firewall'], +} + +# allow local rabbitmq admin traffic for LP#1383258 +firewall {'005 local rabbitmq admin': + sport => [ 15672 ], + iniface => 'lo', + proto => 'tcp', + action => 'accept', + require => Class['openstack::firewall'], +} + +# reject all non-local rabbitmq admin traffic for LP#1450443 +firewall {'006 reject non-local rabbitmq admin': + sport => [ 15672 ], + proto => 'tcp', + action => 'drop', + require => Class['openstack::firewall'], +} + +# allow connections from haproxy namespace +firewall {'030 allow connections from haproxy namespace': + source => '240.0.0.2', + action => 'accept', + require => Class['openstack::firewall'], +} + +prepare_network_config(hiera_hash('network_scheme')) +class { 'openstack::firewall' : + nova_vnc_ip_range => get_routable_networks_for_network_role($network_scheme, 'nova/api'), + nova_api_ip_range => get_network_role_property('nova/api', 'network'), + libvirt_network => get_network_role_property('management', 'network'), + keystone_network => get_network_role_property('keystone/api', 'network'), +} + +if $ironic_hash['enabled'] { + $nodes_hash = hiera('nodes', {}) + $roles = node_roles($nodes_hash, hiera('uid')) + $network_metadata = hiera_hash('network_metadata', {}) + $baremetal_int = get_network_role_property('ironic/baremetal', 'interface') + $baremetal_vip = $network_metadata['vips']['baremetal']['ipaddr'] + $baremetal_ipaddr = get_network_role_property('ironic/baremetal', 'ipaddr') + $baremetal_network = get_network_role_property('ironic/baremetal', 'network') + + firewallchain { 'baremetal:filter:IPv4': + ensure => present, + } -> + firewall { '999 drop all baremetal': + chain => 'baremetal', + action => 'drop', + proto => 'all', + } -> + firewall {'00 baremetal-filter': + proto => 'all', + iniface => $baremetal_int, + jump => 'baremetal', + require => Class['openstack::firewall'], + } + + if member($roles, 'controller') or member($roles, 'primary-controller') { + firewall { '100 allow baremetal ping from VIP': + chain => 'baremetal', + source => $baremetal_vip, + destination => $baremetal_ipaddr, + proto => 'icmp', + icmp => 'echo-request', + action => 'accept', + } + firewall { '207 ironic-api' : + dport => '6385', + proto => 'tcp', + action => 'accept', + } + } + + if member($roles, 'ironic') { + firewall { '101 allow baremetal-related': + chain => 'baremetal', + source => $baremetal_network, + destination => $baremetal_ipaddr, + proto => 'all', + state => ['RELATED', 'ESTABLISHED'], + action => 'accept', + } + + firewall { '102 allow baremetal-rsyslog': + chain => 'baremetal', + source => $baremetal_network, + destination => $baremetal_ipaddr, + proto => 'udp', + dport => '514', + action => 'accept', + } + + firewall { '103 allow baremetal-TFTP': + chain => 'baremetal', + source => $baremetal_network, + destination => $baremetal_ipaddr, + proto => 'udp', + dport => '69', + action => 'accept', + } + + k_mod {'nf_conntrack_tftp': + ensure => 'present' + } + + file_line {'nf_conntrack_tftp_on_boot': + path => '/etc/modules', + line => 'nf_conntrack_tftp', + } + } +} diff --git a/f2s/resources/firewall/meta.yaml b/f2s/resources/firewall/meta.yaml new file mode 100644 index 00000000..927da034 --- /dev/null +++ b/f2s/resources/firewall/meta.yaml @@ -0,0 +1,16 @@ +id: firewall +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + ironic: + value: null + master_ip: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/fuel_pkgs/actions/run.pp b/f2s/resources/fuel_pkgs/actions/run.pp new file mode 100644 index 00000000..d425f78a --- /dev/null +++ b/f2s/resources/fuel_pkgs/actions/run.pp @@ -0,0 +1,10 @@ +notice('MODULAR: fuel_pkgs.pp') + +$fuel_packages = [ + 'fuel-ha-utils', + 'fuel-misc', +] + +package { $fuel_packages : + ensure => 'latest', +} diff --git a/f2s/resources/fuel_pkgs/meta.yaml b/f2s/resources/fuel_pkgs/meta.yaml new file mode 100644 index 00000000..364f7324 --- /dev/null +++ b/f2s/resources/fuel_pkgs/meta.yaml @@ -0,0 +1,10 @@ +id: fuel_pkgs +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/generate_vms/actions/run.pp b/f2s/resources/generate_vms/actions/run.pp new file mode 100644 index 00000000..29a8201e --- /dev/null +++ b/f2s/resources/generate_vms/actions/run.pp @@ -0,0 +1,49 @@ +notice('MODULAR: generate_vms.pp') + +$libvirt_dir = '/etc/libvirt/qemu' +$template_dir = '/var/lib/nova' +$packages = ['qemu-utils', 'qemu-kvm', 'libvirt-bin', 'xmlstarlet'] +$libvirt_service_name = 'libvirtd' + +$vms = hiera_array('vms_conf') + +define vm_config { + $details = $name + $id = $details['id'] + + file { "${template_dir}/template_${id}_vm.xml": + owner => 'root', + group => 'root', + content => template('osnailyfacter/vm_libvirt.erb'), + } +} + +package { $packages: + ensure => 'installed', +} + +service { $libvirt_service_name: + ensure => 'running', + require => Package[$packages], + before => Exec['generate_vms'], +} + +file { "${libvirt_dir}/autostart": + ensure => 'directory', + require => Package[$packages], +} + +file { "${template_dir}": + ensure => 'directory', +} + +vm_config { $vms: + before => Exec['generate_vms'], + require => File["${template_dir}"], +} + +exec { 'generate_vms': + command => "/usr/bin/generate_vms.sh ${libvirt_dir} ${template_dir}", + path => ['/usr/sbin', '/usr/bin' , '/sbin', '/bin'], + require => [File["${template_dir}"], File["${libvirt_dir}/autostart"]], +} diff --git a/f2s/resources/generate_vms/meta.yaml b/f2s/resources/generate_vms/meta.yaml new file mode 100644 index 00000000..dc6c9553 --- /dev/null +++ b/f2s/resources/generate_vms/meta.yaml @@ -0,0 +1,10 @@ +id: generate_vms +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/glance-db/actions/run.pp b/f2s/resources/glance-db/actions/run.pp new file mode 100644 index 00000000..bdec1277 --- /dev/null +++ b/f2s/resources/glance-db/actions/run.pp @@ -0,0 +1,53 @@ +notice('MODULAR: glance/db.pp') + +$glance_hash = hiera_hash('glance', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($glance_hash['db_user'], 'glance') +$db_name = pick($glance_hash['db_name'], 'glance') +$db_password = pick($glance_hash['db_password'], $mysql_root_password) + +$db_host = pick($glance_hash['db_host'], $database_vip) +$db_create = pick($glance_hash['db_create'], $mysql_db_create) +$db_root_user = pick($glance_hash['root_user'], $mysql_root_user) +$db_root_password = pick($glance_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ hiera('node_name'), 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) +validate_string($database_vip) + + +if $db_create { + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'glance::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['glance::db::mysql'] +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/glance-db/meta.yaml b/f2s/resources/glance-db/meta.yaml new file mode 100644 index 00000000..47107d52 --- /dev/null +++ b/f2s/resources/glance-db/meta.yaml @@ -0,0 +1,22 @@ +id: glance-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + glance: + value: null + management_vip: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + node_name: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/glance-keystone/actions/run.pp b/f2s/resources/glance-keystone/actions/run.pp new file mode 100644 index 00000000..6a06be29 --- /dev/null +++ b/f2s/resources/glance-keystone/actions/run.pp @@ -0,0 +1,42 @@ +notice('MODULAR: glance/keystone.pp') + +$glance_hash = hiera_hash('glance', {}) +$public_vip = hiera('public_vip') +$public_ssl_hash = hiera('public_ssl') +$admin_address = hiera('management_vip') +$region = pick($glance_hash['region'], hiera('region', 'RegionOne')) +$password = $glance_hash['user_password'] +$auth_name = pick($glance_hash['auth_name'], 'glance') +$configure_endpoint = pick($glance_hash['configure_endpoint'], true) +$configure_user = pick($glance_hash['configure_user'], true) +$configure_user_role = pick($glance_hash['configure_user_role'], true) +$service_name = pick($glance_hash['service_name'], 'glance') +$tenant = pick($glance_hash['tenant'], 'services') + +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$public_url = "${public_protocol}://${public_address}:9292" +$admin_url = "http://${admin_address}:9292" + +validate_string($public_address) +validate_string($password) + +class { '::glance::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $admin_url, + region => $region, +} diff --git a/f2s/resources/glance-keystone/meta.yaml b/f2s/resources/glance-keystone/meta.yaml new file mode 100644 index 00000000..59a923d2 --- /dev/null +++ b/f2s/resources/glance-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: glance-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + glance: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/glance/actions/run.pp b/f2s/resources/glance/actions/run.pp new file mode 100644 index 00000000..66d8de90 --- /dev/null +++ b/f2s/resources/glance/actions/run.pp @@ -0,0 +1,128 @@ +notice('MODULAR: glance.pp') + +$network_scheme = hiera_hash('network_scheme', {}) +$network_metadata = hiera_hash('network_metadata', {}) +prepare_network_config($network_scheme) + +$glance_hash = hiera_hash('glance', {}) +$verbose = pick($glance_hash['verbose'], hiera('verbose', true)) +$debug = pick($glance_hash['debug'], hiera('debug', false)) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip') +$service_endpoint = hiera('service_endpoint') +$storage_hash = hiera('storage') +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$syslog_log_facility = hiera('syslog_log_facility_glance') +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$max_pool_size = hiera('max_pool_size') +$max_overflow = hiera('max_overflow') +$ceilometer_hash = hiera_hash('ceilometer', {}) +$region = hiera('region','RegionOne') +$glance_endpoint = $management_vip +$service_workers = pick($glance_hash['glance_workers'], min(max($::processorcount, 2), 16)) + +$db_type = 'mysql' +$db_host = pick($glance_hash['db_host'], $database_vip) +$api_bind_address = get_network_role_property('glance/api', 'ipaddr') +$enabled = true +$max_retries = '-1' +$idle_timeout = '3600' +$auth_uri = "http://${service_endpoint}:5000/" + +$rabbit_password = $rabbit_hash['password'] +$rabbit_user = $rabbit_hash['user'] +$rabbit_hosts = split(hiera('amqp_hosts',''), ',') +$rabbit_virtual_host = '/' + +$glance_db_user = pick($glance_hash['db_user'], 'glance') +$glance_db_dbname = pick($glance_hash['db_name'], 'glance') +$glance_db_password = $glance_hash['db_password'] +$glance_user = pick($glance_hash['user'],'glance') +$glance_user_password = $glance_hash['user_password'] +$glance_tenant = pick($glance_hash['tenant'],'services') +$glance_vcenter_host = $glance_hash['vc_host'] +$glance_vcenter_user = $glance_hash['vc_user'] +$glance_vcenter_password = $glance_hash['vc_password'] +$glance_vcenter_datacenter = $glance_hash['vc_datacenter'] +$glance_vcenter_datastore = $glance_hash['vc_datastore'] +$glance_vcenter_image_dir = $glance_hash['vc_image_dir'] +$glance_vcenter_api_retry_count = '20' +$glance_image_cache_max_size = $glance_hash['image_cache_max_size'] +$glance_pipeline = pick($glance_hash['pipeline'], 'keystone') +$glance_large_object_size = pick($glance_hash['large_object_size'], '5120') + +$rados_connect_timeout = '30' + +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' + $glance_known_stores = [ 'glance.store.rbd.Store', 'glance.store.http.Store' ] + $glance_show_image_direct_url = pick($glance_hash['show_image_direct_url'], true) +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' + $glance_known_stores = [ 'glance.store.vmware_datastore.Store', 'glance.store.http.Store' ] + $glance_show_image_direct_url = pick($glance_hash['show_image_direct_url'], true) +} else { + $glance_backend = 'swift' + $glance_known_stores = [ 'glance.store.swift.Store', 'glance.store.http.Store' ] + $swift_store_large_object_size = $glance_large_object_size + $glance_show_image_direct_url = pick($glance_hash['show_image_direct_url'], false) +} + +############################################################################### + +class { 'openstack::glance': + verbose => $verbose, + debug => $debug, + db_type => $db_type, + db_host => $db_host, + glance_db_user => $glance_db_user, + glance_db_dbname => $glance_db_dbname, + glance_db_password => $glance_db_password, + glance_user => $glance_user, + glance_user_password => $glance_user_password, + glance_tenant => $glance_tenant, + glance_vcenter_host => $glance_vcenter_host, + glance_vcenter_user => $glance_vcenter_user, + glance_vcenter_password => $glance_vcenter_password, + glance_vcenter_datacenter => $glance_vcenter_datacenter, + glance_vcenter_datastore => $glance_vcenter_datastore, + glance_vcenter_image_dir => $glance_vcenter_image_dir, + glance_vcenter_api_retry_count => $glance_vcenter_api_retry_count, + auth_uri => $auth_uri, + keystone_host => $service_endpoint, + region => $region, + bind_host => $api_bind_address, + enabled => $enabled, + glance_backend => $glance_backend, + registry_host => $glance_endpoint, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + show_image_direct_url => $glance_show_image_direct_url, + swift_store_large_object_size => $swift_store_large_object_size, + pipeline => $glance_pipeline, + syslog_log_facility => $syslog_log_facility, + glance_image_cache_max_size => $glance_image_cache_max_size, + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + idle_timeout => $idle_timeout, + rabbit_password => $rabbit_password, + rabbit_userid => $rabbit_user, + rabbit_hosts => $rabbit_hosts, + rabbit_virtual_host => $rabbit_virtual_host, + known_stores => $glance_known_stores, + ceilometer => $ceilometer_hash[enabled], + service_workers => $service_workers, + rados_connect_timeout => $rados_connect_timeout, +} + +####### Disable upstart startup on install ####### +if($::operatingsystem == 'Ubuntu') { + tweaks::ubuntu_service_override { 'glance-api': + package_name => 'glance-api', + } + tweaks::ubuntu_service_override { 'glance-registry': + package_name => 'glance-registry', + } +} diff --git a/f2s/resources/glance/meta.yaml b/f2s/resources/glance/meta.yaml new file mode 100644 index 00000000..e65d4f01 --- /dev/null +++ b/f2s/resources/glance/meta.yaml @@ -0,0 +1,46 @@ +id: glance +handler: puppetv2 +version: '8.0' +inputs: + amqp_hosts: + value: null + ceilometer: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + glance: + value: null + management_vip: + value: null + max_overflow: + value: null + max_pool_size: + value: null + network_metadata: + value: null + network_scheme: + value: null + puppet_modules: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + storage: + value: null + syslog_log_facility_glance: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/globals/actions/run.pp b/f2s/resources/globals/actions/run.pp new file mode 100644 index 00000000..e8d712fd --- /dev/null +++ b/f2s/resources/globals/actions/run.pp @@ -0,0 +1,293 @@ +notice('MODULAR: globals.pp') + +$service_token_off = false +$globals_yaml_file = '/etc/hiera/globals.yaml' + +# remove cached globals values before anything else +remove_file($globals_yaml_file) + +$network_scheme = hiera_hash('network_scheme', {}) +if empty($network_scheme) { + fail("Network_scheme not given in the astute.yaml") +} +$network_metadata = hiera_hash('network_metadata', {}) +if empty($network_metadata) { + fail("Network_metadata not given in the astute.yaml") +} + +$node_name = regsubst(hiera('fqdn', $::hostname), '\..*$', '') +$node = $network_metadata['nodes'][$node_name] +if empty($node) { + fail("Node hostname is not defined in the astute.yaml") +} + +prepare_network_config($network_scheme) + +# DEPRICATED +$nodes_hash = hiera('nodes', {}) + +$deployment_mode = hiera('deployment_mode', 'ha_compact') +$roles = $node['node_roles'] +$storage_hash = hiera('storage', {}) +$syslog_hash = hiera('syslog', {}) +$base_syslog_hash = hiera('base_syslog', {}) +$sahara_hash = hiera('sahara', {}) +$murano_hash = hiera('murano', {}) +$heat_hash = hiera_hash('heat', {}) +$vcenter_hash = hiera('vcenter', {}) +$nova_hash = hiera_hash('nova', {}) +$mysql_hash = hiera('mysql', {}) +$rabbit_hash = hiera_hash('rabbit', {}) +$glance_hash = hiera_hash('glance', {}) +$swift_hash = hiera('swift', {}) +$cinder_hash = hiera_hash('cinder', {}) +$ceilometer_hash = hiera('ceilometer',{}) +$access_hash = hiera_hash('access', {}) +$mp_hash = hiera('mp', {}) +$keystone_hash = merge({'service_token_off' => $service_token_off}, + hiera_hash('keystone', {})) + +$node_role = hiera('role') +$dns_nameservers = hiera('dns_nameservers', []) +$use_ceilometer = $ceilometer_hash['enabled'] +$use_neutron = hiera('quantum', false) +$use_ovs = hiera('use_ovs', $use_neutron) +$verbose = true +$debug = hiera('debug', false) +$use_monit = false +$master_ip = hiera('master_ip') +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_glance = hiera('syslog_log_facility_glance', 'LOG_LOCAL2') +$syslog_log_facility_cinder = hiera('syslog_log_facility_cinder', 'LOG_LOCAL3') +$syslog_log_facility_neutron = hiera('syslog_log_facility_neutron', 'LOG_LOCAL4') +$syslog_log_facility_nova = hiera('syslog_log_facility_nova','LOG_LOCAL6') +$syslog_log_facility_keystone = hiera('syslog_log_facility_keystone', 'LOG_LOCAL7') +$syslog_log_facility_murano = hiera('syslog_log_facility_murano', 'LOG_LOCAL0') +$syslog_log_facility_heat = hiera('syslog_log_facility_heat','LOG_LOCAL0') +$syslog_log_facility_sahara = hiera('syslog_log_facility_sahara','LOG_LOCAL0') +$syslog_log_facility_ceilometer = hiera('syslog_log_facility_ceilometer','LOG_LOCAL0') +$syslog_log_facility_ceph = hiera('syslog_log_facility_ceph','LOG_LOCAL0') + +$nova_report_interval = hiera('nova_report_interval', 60) +$nova_service_down_time = hiera('nova_service_down_time', 180) +$apache_ports = hiera_array('apache_ports', ['80', '8888', '5000', '35357']) + +$openstack_version = hiera('openstack_version', + { + 'keystone' => 'installed', + 'glance' => 'installed', + 'horizon' => 'installed', + 'nova' => 'installed', + 'novncproxy' => 'installed', + 'cinder' => 'installed', + } +) + +$nova_rate_limits = hiera('nova_rate_limits', + { + 'POST' => 100000, + 'POST_SERVERS' => 100000, + 'PUT' => 1000, + 'GET' => 100000, + 'DELETE' => 100000 + } +) + +$cinder_rate_limits = hiera('cinder_rate_limits', + { + 'POST' => 100000, + 'POST_SERVERS' => 100000, + 'PUT' => 100000, + 'GET' => 100000, + 'DELETE' => 100000 + } +) + +$default_gateway = get_default_gateways() +$public_vip = $network_metadata['vips']['public']['ipaddr'] +$management_vip = $network_metadata['vips']['management']['ipaddr'] +$public_vrouter_vip = $network_metadata['vips']['vrouter_pub']['ipaddr'] +$management_vrouter_vip = $network_metadata['vips']['vrouter']['ipaddr'] + +$database_vip = is_hash($network_metadata['vips']['database']) ? { + true => pick($network_metadata['vips']['database']['ipaddr'], $management_vip), + default => $management_vip +} +$service_endpoint = is_hash($network_metadata['vips']['service_endpoint']) ? { + true => pick($network_metadata['vips']['service_endpoint']['ipaddr'], $management_vip), + default => $management_vip +} + +if $use_neutron { + $novanetwork_params = {} + $neutron_config = hiera_hash('quantum_settings') + $network_provider = 'neutron' + $neutron_db_password = $neutron_config['database']['passwd'] + $neutron_user_password = $neutron_config['keystone']['admin_password'] + $neutron_metadata_proxy_secret = $neutron_config['metadata']['metadata_proxy_shared_secret'] + $base_mac = $neutron_config['L2']['base_mac'] + $management_network_range = get_network_role_property('mgmt/vip', 'network') +} else { + $neutron_config = {} + $novanetwork_params = hiera('novanetwork_parameters') + $network_size = $novanetwork_params['network_size'] + $num_networks = $novanetwork_params['num_networks'] + $network_provider = 'nova' + if ( $novanetwork_params['network_manager'] == 'FlatDHCPManager') { + $private_int = get_network_role_property('novanetwork/fixed', 'interface') + } else { + $private_int = get_network_role_property('novanetwork/vlan', 'interface') + $vlan_start = $novanetwork_params['vlan_start'] + $network_config = { + 'vlan_start' => $vlan_start, + } + } + $network_manager = "nova.network.manager.${novanetwork_params['network_manager']}" + $management_network_range = hiera('management_network_range') +} + +if $node_role == 'primary-controller' { + $primary_controller = true +} else { + $primary_controller = false +} + +$controllers_hash = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$mountpoints = filter_hash($mp_hash,'point') + +# AMQP configuration +$queue_provider = hiera('queue_provider','rabbitmq') +$rabbit_ha_queues = true + +if !$rabbit_hash['user'] { + $rabbit_hash['user'] = 'nova' +} + +$amqp_port = hiera('amqp_ports', '5673') +if hiera('amqp_hosts', false) { + # using pre-defined in astute.yaml RabbitMQ servers + $amqp_hosts = hiera('amqp_hosts') +} else { + # using RabbitMQ servers on controllers + # todo(sv): switch from 'controller' nodes to 'rmq' nodes as soon as it was implemented as additional node-role + $controllers_with_amqp_server = get_node_to_ipaddr_map_by_network_role($controllers_hash, 'mgmt/messaging') + $amqp_nodes = ipsort(values($controllers_with_amqp_server)) + # amqp_hosts() randomize order of RMQ endpoints and put local one first + $amqp_hosts = amqp_hosts($amqp_nodes, $amqp_port, get_network_role_property('mgmt/messaging', 'ipaddr')) +} + +# MySQL and SQLAlchemy backend configuration +$custom_mysql_setup_class = hiera('custom_mysql_setup_class', 'galera') +$max_pool_size = hiera('max_pool_size', min($::processorcount * 5 + 0, 30 + 0)) +$max_overflow = hiera('max_overflow', min($::processorcount * 5 + 0, 60 + 0)) +$max_retries = hiera('max_retries', '-1') +$idle_timeout = hiera('idle_timeout','3600') +$nova_db_password = $nova_hash['db_password'] +$sql_connection = "mysql://nova:${nova_db_password}@${database_vip}/nova?read_timeout = 6 0" +$mirror_type = hiera('mirror_type', 'external') +$multi_host = hiera('multi_host', true) + +# Determine who should get the volume service +if (member($roles, 'cinder') and $storage_hash['volumes_lvm']) { + $manage_volumes = 'iscsi' +} elsif (member($roles, 'cinder') and $storage_hash['volumes_vmdk']) { + $manage_volumes = 'vmdk' +} elsif ($storage_hash['volumes_ceph']) { + $manage_volumes = 'ceph' +} else { + $manage_volumes = false +} + +# Define ceph-related variables +$ceph_primary_monitor_node = get_nodes_hash_by_roles($network_metadata, ['primary-controller']) +$ceph_monitor_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$ceph_rgw_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +#Determine who should be the default backend +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' + $glance_known_stores = [ 'glance.store.rbd.Store', 'glance.store.http.Store' ] +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' + $glance_known_stores = [ 'glance.store.vmware_datastore.Store', 'glance.store.http.Store' ] +} else { + $glance_backend = 'file' + $glance_known_stores = false +} + +# Define ceilometer-related variables: +# todo: use special node-roles instead controllers in the future +$ceilometer_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +# Define memcached-related variables: +$memcache_roles = hiera('memcache_roles', ['primary-controller', 'controller']) + +# Define node roles, that will carry corosync/pacemaker +$corosync_roles = hiera('corosync_roles', ['primary-controller', 'controller']) + +# Define cinder-related variables +# todo: use special node-roles instead controllers in the future +$cinder_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +# Define horizon-related variables: +# todo: use special node-roles instead controllers in the future +$horizon_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +# Define swift-related variables +# todo(sv): use special node-roles instead controllers in the future +$swift_master_role = 'primary-controller' +$swift_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$swift_proxies = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) +$swift_proxy_caches = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) # memcache for swift +$is_primary_swift_proxy = $primary_controller + +# Define murano-related variables +$murano_roles = ['primary-controller', 'controller'] + +# Define heat-related variables: +$heat_roles = ['primary-controller', 'controller'] + +# Define sahara-related variable +$sahara_roles = ['primary-controller', 'controller'] + +# Define ceilometer-releated parameters +if !$ceilometer_hash['event_time_to_live'] { $ceilometer_hash['event_time_to_live'] = '604800'} +if !$ceilometer_hash['metering_time_to_live'] { $ceilometer_hash['metering_time_to_live'] = '604800' } +if !$ceilometer_hash['http_timeout'] { $ceilometer_hash['http_timeout'] = '600' } + +# Define database-related variables: +# todo: use special node-roles instead controllers in the future +$database_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +# Define Nova-API variables: +# todo: use special node-roles instead controllers in the future +$nova_api_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +# Define mongo-related variables +$mongo_roles = ['primary-mongo', 'mongo'] + +# Define neutron-related variables: +# todo: use special node-roles instead controllers in the future +$neutron_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']) + +#Define Ironic-related variables: +$ironic_api_nodes = $controllers_hash + +# Change nova_hash to add vnc port to it +# TODO(sbog): change this when we will get rid of global hashes +$public_ssl_hash = hiera('public_ssl') +if $public_ssl_hash['services'] { + $nova_hash['vncproxy_protocol'] = 'https' +} else { + $nova_hash['vncproxy_protocol'] = 'http' +} + +# save all these global variables into hiera yaml file for later use +# by other manifests with hiera function +file { $globals_yaml_file : + ensure => 'present', + mode => '0644', + owner => 'root', + group => 'root', + content => template('osnailyfacter/globals_yaml.erb') +} diff --git a/f2s/resources/globals/meta.yaml b/f2s/resources/globals/meta.yaml new file mode 100644 index 00000000..f2fb6373 --- /dev/null +++ b/f2s/resources/globals/meta.yaml @@ -0,0 +1,124 @@ +id: globals +handler: puppetv2 +version: '8.0' +inputs: + access: + value: null + amqp_hosts: + value: null + amqp_ports: + value: null + apache_ports: + value: null + base_syslog: + value: null + ceilometer: + value: null + cinder: + value: null + cinder_rate_limits: + value: null + corosync_roles: + value: null + custom_mysql_setup_class: + value: null + debug: + value: null + deployment_mode: + value: null + dns_nameservers: + value: null + fqdn: + value: null + glance: + value: null + heat: + value: null + idle_timeout: + value: null + keystone: + value: null + master_ip: + value: null + max_overflow: + value: null + max_pool_size: + value: null + max_retries: + value: null + memcache_roles: + value: null + mirror_type: + value: null + mp: + value: null + multi_host: + value: null + murano: + value: null + mysql: + value: null + network_metadata: + value: null + network_scheme: + value: null + nodes: + value: null + nova: + value: null + nova_rate_limits: + value: null + nova_report_interval: + value: null + nova_service_down_time: + value: null + openstack_version: + value: null + public_ssl: + value: null + puppet_modules: + value: null + quantum: + value: null + quantum_settings: + value: null + queue_provider: + value: null + rabbit: + value: null + role: + value: null + sahara: + value: null + storage: + value: null + swift: + value: null + syslog: + value: null + syslog_log_facility_ceilometer: + value: null + syslog_log_facility_ceph: + value: null + syslog_log_facility_cinder: + value: null + syslog_log_facility_glance: + value: null + syslog_log_facility_heat: + value: null + syslog_log_facility_keystone: + value: null + syslog_log_facility_murano: + value: null + syslog_log_facility_neutron: + value: null + syslog_log_facility_nova: + value: null + syslog_log_facility_sahara: + value: null + use_ovs: + value: null + use_syslog: + value: null + vcenter: + value: null diff --git a/f2s/resources/heat-db/actions/run.pp b/f2s/resources/heat-db/actions/run.pp new file mode 100644 index 00000000..ed7c4c9a --- /dev/null +++ b/f2s/resources/heat-db/actions/run.pp @@ -0,0 +1,53 @@ +notice('MODULAR: heat/db.pp') + +$heat_hash = hiera_hash('heat', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($heat_hash['db_user'], 'heat') +$db_name = pick($heat_hash['db_name'], 'heat') +$db_password = pick($heat_hash['db_password'], $mysql_root_password) + +$db_host = pick($heat_hash['db_host'], $database_vip) +$db_create = pick($heat_hash['db_create'], $mysql_db_create) +$db_root_user = pick($heat_hash['root_user'], $mysql_root_user) +$db_root_password = pick($heat_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'heat::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['heat::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/heat-db/meta.yaml b/f2s/resources/heat-db/meta.yaml new file mode 100644 index 00000000..5dad6756 --- /dev/null +++ b/f2s/resources/heat-db/meta.yaml @@ -0,0 +1,20 @@ +id: heat-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + heat: + value: null + management_vip: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/heat-keystone/actions/run.pp b/f2s/resources/heat-keystone/actions/run.pp new file mode 100644 index 00000000..50034745 --- /dev/null +++ b/f2s/resources/heat-keystone/actions/run.pp @@ -0,0 +1,59 @@ +notice('MODULAR: heat/keystone.pp') + +$heat_hash = hiera_hash('heat', {}) +$public_vip = hiera('public_vip') +$admin_address = hiera('management_vip') +$region = pick($heat_hash['region'], hiera('region', 'RegionOne')) +$public_ssl_hash = hiera('public_ssl') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$password = $heat_hash['user_password'] +$auth_name = pick($heat_hash['auth_name'], 'heat') +$configure_endpoint = pick($heat_hash['configure_endpoint'], true) +$configure_user = pick($heat_hash['configure_user'], true) +$configure_user_role = pick($heat_hash['configure_user_role'], true) +$service_name = pick($heat_hash['service_name'], 'heat') +$tenant = pick($heat_hash['tenant'], 'services') + +validate_string($public_address) +validate_string($password) + +$public_url = "${public_protocol}://${public_address}:8004/v1/%(tenant_id)s" +$admin_url = "http://${admin_address}:8004/v1/%(tenant_id)s" +$public_url_cfn = "${public_protocol}://${public_address}:8000/v1" +$admin_url_cfn = "http://${admin_address}:8000/v1" + + + +class { '::heat::keystone::auth' : + password => $password, + auth_name => $auth_name, + region => $region, + tenant => $keystone_tenant, + email => "${auth_name}@localhost", + configure_endpoint => true, + trusts_delegated_roles => $trusts_delegated_roles, + public_url => $public_url, + internal_url => $admin_url, + admin_url => $admin_url, +} + +class { '::heat::keystone::auth_cfn' : + password => $password, + auth_name => "${auth_name}-cfn", + service_type => 'cloudformation', + region => $region, + tenant => $keystone_tenant, + email => "${auth_name}-cfn@localhost", + configure_endpoint => true, + public_url => $public_url_cfn, + internal_url => $admin_url_cfn, + admin_url => $admin_url_cfn, +} diff --git a/f2s/resources/heat-keystone/meta.yaml b/f2s/resources/heat-keystone/meta.yaml new file mode 100644 index 00000000..f6376fe6 --- /dev/null +++ b/f2s/resources/heat-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: heat-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + heat: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/heat/actions/run.pp b/f2s/resources/heat/actions/run.pp new file mode 100644 index 00000000..528e2eb3 --- /dev/null +++ b/f2s/resources/heat/actions/run.pp @@ -0,0 +1,156 @@ +notice('MODULAR: heat.pp') + +prepare_network_config(hiera('network_scheme', {})) +$management_vip = hiera('management_vip') +$heat_hash = hiera_hash('heat', {}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$max_retries = hiera('max_retries') +$max_pool_size = hiera('max_pool_size') +$max_overflow = hiera('max_overflow') +$idle_timeout = hiera('idle_timeout') +$service_endpoint = hiera('service_endpoint') +$debug = pick($heat_hash['debug'], hiera('debug', false)) +$verbose = pick($heat_hash['verbose'], hiera('verbose', true)) +$use_stderr = hiera('use_stderr', false) +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_heat = hiera('syslog_log_facility_heat') +$deployment_mode = hiera('deployment_mode') +$bind_address = get_network_role_property('heat/api', 'ipaddr') +$database_password = $heat_hash['db_password'] +$keystone_user = pick($heat_hash['user'], 'heat') +$keystone_tenant = pick($heat_hash['tenant'], 'services') +$db_host = pick($heat_hash['db_host'], hiera('database_vip')) +$database_user = pick($heat_hash['db_user'], 'heat') +$database_name = hiera('heat_db_name', 'heat') +$read_timeout = '60' +$sql_connection = "mysql://${database_user}:${database_password}@${db_host}/${database_name}?read_timeout=${read_timeout}" +$region = hiera('region', 'RegionOne') +$public_ssl_hash = hiera('public_ssl') + +####### Disable upstart startup on install ####### +if $::operatingsystem == 'Ubuntu' { + tweaks::ubuntu_service_override { 'heat-api-cloudwatch': + package_name => 'heat-api-cloudwatch', + } + tweaks::ubuntu_service_override { 'heat-api-cfn': + package_name => 'heat-api-cfn', + } + tweaks::ubuntu_service_override { 'heat-api': + package_name => 'heat-api', + } + tweaks::ubuntu_service_override { 'heat-engine': + package_name => 'heat-engine', + } + + Tweaks::Ubuntu_service_override['heat-api'] -> Service['heat-api'] + Tweaks::Ubuntu_service_override['heat-api-cfn'] -> Service['heat-api-cfn'] + Tweaks::Ubuntu_service_override['heat-api-cloudwatch'] -> Service['heat-api-cloudwatch'] + Tweaks::Ubuntu_service_override['heat-engine'] -> Service['heat-engine'] +} + +class { 'openstack::heat' : + external_ip => $management_vip, + keystone_auth => pick($heat_hash['keystone_auth'], true), + api_bind_host => $bind_address, + api_cfn_bind_host => $bind_address, + api_cloudwatch_bind_host => $bind_address, + keystone_host => $service_endpoint, + keystone_user => $keystone_user, + keystone_password => $heat_hash['user_password'], + keystone_tenant => $keystone_tenant, + keystone_ec2_uri => "http://${service_endpoint}:5000/v2.0", + region => $region, + public_ssl => $public_ssl_hash['services'], + rpc_backend => 'rabbit', + amqp_hosts => split(hiera('amqp_hosts',''), ','), + amqp_user => $rabbit_hash['user'], + amqp_password => $rabbit_hash['password'], + sql_connection => $sql_connection, + db_host => $db_host, + db_password => $database_password, + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + idle_timeout => $idle_timeout, + debug => $debug, + verbose => $verbose, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + syslog_log_facility => $syslog_log_facility_heat, + auth_encryption_key => $heat_hash['auth_encryption_key'], +} + +if hiera('heat_ha_engine', true){ + if ($deployment_mode == 'ha') or ($deployment_mode == 'ha_compact') { + include ::heat_ha::engine + } +} + +#------------------------------ + +class heat::docker_resource ( + $enabled = true, + $package_name = 'heat-docker', +) { + if $enabled { + package { 'heat-docker': + ensure => installed, + name => $package_name, + } + + Package['heat-docker'] ~> Service<| title == 'heat-engine' |> + } +} + +if $::osfamily == 'RedHat' { + $docker_resource_package_name = 'openstack-heat-docker' +} elsif $::osfamily == 'Debian' { + $docker_resource_package_name = 'heat-docker' +} + +class { 'heat::docker_resource' : + package_name => $docker_resource_package_name, +} + +$haproxy_stats_url = "http://${service_endpoint}:10000/;csv" + +haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + count => '200', + step => '6', + url => $haproxy_stats_url, +} + +class { 'heat::keystone::domain' : + auth_url => "http://${service_endpoint}:35357/v2.0", + keystone_admin => $keystone_user, + keystone_password => $heat_hash['user_password'], + keystone_tenant => $keystone_tenant, + domain_name => 'heat', + domain_admin => 'heat_admin', + domain_password => $heat_hash['user_password'], +} + +Class['heat'] -> +Haproxy_backend_status['keystone-admin'] -> +Class['heat::keystone::domain'] ~> +Service<| title == 'heat-engine' |> + +###################### + +exec { 'wait_for_heat_config' : + command => 'sync && sleep 3', + provider => 'shell', +} + +Heat_config <||> -> Exec['wait_for_heat_config'] -> Service['heat-api'] +Heat_config <||> -> Exec['wait_for_heat_config'] -> Service['heat-api-cfn'] +Heat_config <||> -> Exec['wait_for_heat_config'] -> Service['heat-api-cloudwatch'] +Heat_config <||> -> Exec['wait_for_heat_config'] -> Service['heat-engine'] + +###################### + +class mysql::server {} +class mysql::config {} +include mysql::server +include mysql::config diff --git a/f2s/resources/heat/meta.yaml b/f2s/resources/heat/meta.yaml new file mode 100644 index 00000000..56e72f52 --- /dev/null +++ b/f2s/resources/heat/meta.yaml @@ -0,0 +1,52 @@ +id: heat +handler: puppetv2 +version: '8.0' +inputs: + amqp_hosts: + value: null + database_vip: + value: null + debug: + value: null + deployment_mode: + value: null + fqdn: + value: null + heat: + value: null + heat_db_name: + value: null + heat_ha_engine: + value: null + idle_timeout: + value: null + management_vip: + value: null + max_overflow: + value: null + max_pool_size: + value: null + max_retries: + value: null + network_scheme: + value: null + public_ssl: + value: null + puppet_modules: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + syslog_log_facility_heat: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/hiera/actions/run.pp b/f2s/resources/hiera/actions/run.pp new file mode 100644 index 00000000..e23a1cb7 --- /dev/null +++ b/f2s/resources/hiera/actions/run.pp @@ -0,0 +1,75 @@ +notice('MODULAR: hiera.pp') + +$deep_merge_package_name = $::osfamily ? { + /RedHat/ => 'rubygem-deep_merge', + /Debian/ => 'ruby-deep-merge', +} + +$data_dir = '/etc/hiera' +$data = [ + 'override/node/%{::fqdn}', + 'override/class/%{calling_class}', + 'override/module/%{calling_module}', + 'override/plugins', + 'override/common', + 'class/%{calling_class}', + 'module/%{calling_module}', + 'nodes', + 'globals', + 'astute' +] +$astute_data_file = '/etc/astute.yaml' +$hiera_main_config = '/etc/hiera.yaml' +$hiera_puppet_config = '/etc/puppet/hiera.yaml' +$hiera_data_file = "${data_dir}/astute.yaml" + +File { + owner => 'root', + group => 'root', + mode => '0644', +} + +$hiera_config_content = inline_template(' +--- +:backends: + - yaml + +:hierarchy: +<% @data.each do |name| -%> + - <%= name %> +<% end -%> + +:yaml: + :datadir: <%= @data_dir %> +:merge_behavior: deeper +:logger: noop +') + +file { 'hiera_data_dir' : + ensure => 'directory', + path => $data_dir, +} + +file { 'hiera_config' : + ensure => 'present', + path => $hiera_main_config, + content => $hiera_config_content, +} + +file { 'hiera_data_astute' : + ensure => 'symlink', + path => $hiera_data_file, + target => $astute_data_file, +} + +file { 'hiera_puppet_config' : + ensure => 'symlink', + path => $hiera_puppet_config, + target => $hiera_main_config, +} + +# needed to support the 'deeper' merge_behavior setting for hiera +package { 'rubygem-deep_merge': + ensure => present, + name => $deep_merge_package_name, +} diff --git a/f2s/resources/hiera/meta.yaml b/f2s/resources/hiera/meta.yaml new file mode 100644 index 00000000..00e83c27 --- /dev/null +++ b/f2s/resources/hiera/meta.yaml @@ -0,0 +1,8 @@ +id: hiera +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/horizon/actions/run.pp b/f2s/resources/horizon/actions/run.pp new file mode 100644 index 00000000..4368443b --- /dev/null +++ b/f2s/resources/horizon/actions/run.pp @@ -0,0 +1,68 @@ +notice('MODULAR: horizon.pp') + +prepare_network_config(hiera('network_scheme', {})) +$horizon_hash = hiera_hash('horizon', {}) +$service_endpoint = hiera('service_endpoint') +$memcache_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles')) +$memcache_address_map = get_node_to_ipaddr_map_by_network_role($memcache_nodes, 'mgmt/memcache') +$bind_address = get_network_role_property('horizon', 'ipaddr') +$neutron_advanced_config = hiera_hash('neutron_advanced_configuration', {}) +$public_ssl = hiera('public_ssl') +$ssl_no_verify = $public_ssl['horizon'] + +if $horizon_hash['secret_key'] { + $secret_key = $horizon_hash['secret_key'] +} else { + $secret_key = 'dummy_secret_key' +} + +$neutron_dvr = pick($neutron_advanced_config['neutron_dvr'], false) + +$keystone_scheme = 'http' +$keystone_host = $service_endpoint +$keystone_port = '5000' +$keystone_api = 'v2.0' +$keystone_url = "${keystone_scheme}://${keystone_host}:${keystone_port}/${keystone_api}" + +$neutron_options = {'enable_distributed_router' => $neutron_dvr} + +class { 'openstack::horizon': + secret_key => $secret_key, + cache_server_ip => ipsort(values($memcache_address_map)), + package_ensure => hiera('horizon_package_ensure', 'installed'), + bind_address => $bind_address, + cache_server_port => hiera('memcache_server_port', '11211'), + cache_backend => 'django.core.cache.backends.memcached.MemcachedCache', + cache_options => {'SOCKET_TIMEOUT' => 1,'SERVER_RETRIES' => 1,'DEAD_RETRY' => 1}, + neutron => hiera('use_neutron'), + keystone_url => $keystone_url, + use_ssl => hiera('horizon_use_ssl', false), + ssl_no_verify => $ssl_no_verify, + verbose => pick($horizon_hash['verbose'], hiera('verbose', true)), + debug => pick($horizon_hash['debug'], hiera('debug')), + use_syslog => hiera('use_syslog', true), + nova_quota => hiera('nova_quota'), + servername => hiera('public_vip'), + neutron_options => $neutron_options, +} + +$haproxy_stats_url = "http://${service_endpoint}:10000/;csv" + +haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + count => '30', + step => '3', + url => $haproxy_stats_url, +} + +haproxy_backend_status { 'keystone-public' : + name => 'keystone-1', + count => '30', + step => '3', + url => $haproxy_stats_url, +} + +Class['openstack::horizon'] -> Haproxy_backend_status['keystone-admin'] +Class['openstack::horizon'] -> Haproxy_backend_status['keystone-public'] + +include ::tweaks::apache_wrappers diff --git a/f2s/resources/horizon/meta.yaml b/f2s/resources/horizon/meta.yaml new file mode 100644 index 00000000..36337d34 --- /dev/null +++ b/f2s/resources/horizon/meta.yaml @@ -0,0 +1,44 @@ +id: horizon +handler: puppetv2 +version: '8.0' +inputs: + apache_ports: + value: null + debug: + value: null + fqdn: + value: null + horizon: + value: null + horizon_package_ensure: + value: null + horizon_use_ssl: + value: null + memcache_roles: + value: null + memcache_server_port: + value: null + network_metadata: + value: null + network_scheme: + value: null + neutron_advanced_configuration: + value: null + nova_quota: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null + use_neutron: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/hosts/actions/run.pp b/f2s/resources/hosts/actions/run.pp new file mode 100644 index 00000000..e82bddff --- /dev/null +++ b/f2s/resources/hosts/actions/run.pp @@ -0,0 +1,5 @@ +notice('MODULAR: hosts.pp') + +class { "l23network::hosts_file": + nodes => hiera('nodes'), +} diff --git a/f2s/resources/hosts/meta.yaml b/f2s/resources/hosts/meta.yaml new file mode 100644 index 00000000..8d8ece6a --- /dev/null +++ b/f2s/resources/hosts/meta.yaml @@ -0,0 +1,10 @@ +id: hosts +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + nodes: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/ironic-api/actions/run.pp b/f2s/resources/ironic-api/actions/run.pp new file mode 100644 index 00000000..b4fc31ef --- /dev/null +++ b/f2s/resources/ironic-api/actions/run.pp @@ -0,0 +1,61 @@ +notice('MODULAR: ironic/ironic.pp') + +$ironic_hash = hiera_hash('ironic', {}) +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') + +$network_metadata = hiera_hash('network_metadata', {}) + +$database_vip = hiera('database_vip') +$keystone_endpoint = hiera('service_endpoint') +$neutron_endpoint = hiera('neutron_endpoint', $management_vip) +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") +$debug = hiera('debug', false) +$verbose = hiera('verbose', true) +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_ironic = hiera('syslog_log_facility_ironic', 'LOG_USER') +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$rabbit_ha_queues = hiera('rabbit_ha_queues') +$amqp_hosts = hiera('amqp_hosts') +$amqp_port = hiera('amqp_port', '5673') +$rabbit_hosts = split($amqp_hosts, ',') +$neutron_config = hiera_hash('quantum_settings') + +$db_host = pick($ironic_hash['db_host'], $database_vip) +$db_user = pick($ironic_hash['db_user'], 'ironic') +$db_name = pick($ironic_hash['db_name'], 'ironic') +$db_password = pick($ironic_hash['db_password'], 'ironic') +$database_connection = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?charset=utf8&read_timeout=60" + +$ironic_tenant = pick($ironic_hash['tenant'],'services') +$ironic_user = pick($ironic_hash['auth_name'],'ironic') +$ironic_user_password = pick($ironic_hash['user_password'],'ironic') + +prepare_network_config(hiera('network_scheme', {})) + +$baremetal_vip = $network_metadata['vips']['baremetal']['ipaddr'] + +class { 'ironic': + verbose => $verbose, + debug => $debug, + rabbit_hosts => $rabbit_hosts, + rabbit_port => $amqp_port, + rabbit_userid => $rabbit_hash['user'], + rabbit_password => $rabbit_hash['password'], + amqp_durable_queues => $rabbit_ha_queues, + use_syslog => $use_syslog, + log_facility => $syslog_log_facility_ironic, + database_connection => $database_connection, + glance_api_servers => $glance_api_servers, +} + +class { 'ironic::client': } + +class { 'ironic::api': + host_ip => get_network_role_property('ironic/api', 'ipaddr'), + auth_host => $keystone_endpoint, + admin_tenant_name => $ironic_tenant, + admin_user => $ironic_user, + admin_password => $ironic_user_password, + neutron_url => "http://${neutron_endpoint}:9696", +} diff --git a/f2s/resources/ironic-api/meta.yaml b/f2s/resources/ironic-api/meta.yaml new file mode 100644 index 00000000..caebd7d7 --- /dev/null +++ b/f2s/resources/ironic-api/meta.yaml @@ -0,0 +1,8 @@ +id: ironic-api +handler: puppetv2 +version: '8.0' +inputs: + ironic: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/ironic-compute/actions/run.pp b/f2s/resources/ironic-compute/actions/run.pp new file mode 100644 index 00000000..b637a8e6 --- /dev/null +++ b/f2s/resources/ironic-compute/actions/run.pp @@ -0,0 +1,98 @@ +##################################################################################### +### ironic-compute is additional compute role with compute_driver=ironic. ### +### It can't be assigned with nova-compute to the same node. It doesn't include ### +### openstack::compute class it is configured separately. ### +##################################################################################### + +notice('MODULAR: ironic/ironic-compute.pp') + +$ironic_hash = hiera_hash('ironic', {}) +$nova_hash = hiera_hash('nova', {}) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip') +$service_endpoint = hiera('service_endpoint') +$neutron_endpoint = hiera('neutron_endpoint', $management_vip) +$ironic_endpoint = hiera('ironic_endpoint', $management_vip) +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") +$debug = hiera('debug', false) +$verbose = hiera('verbose', true) +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_ironic = hiera('syslog_log_facility_ironic', 'LOG_LOCAL0') +$syslog_log_facility_nova = hiera('syslog_log_facility_nova', 'LOG_LOCAL6') +$amqp_hosts = hiera('amqp_hosts') +$rabbit_hash = hiera_hash('rabbit_hash') +$nova_report_interval = hiera('nova_report_interval') +$nova_service_down_time = hiera('nova_service_down_time') +$neutron_config = hiera_hash('quantum_settings') + +$ironic_tenant = pick($ironic_hash['tenant'],'services') +$ironic_user = pick($ironic_hash['auth_name'],'ironic') +$ironic_user_password = pick($ironic_hash['user_password'],'ironic') + +$db_host = pick($nova_hash['db_host'], $database_vip) +$db_user = pick($nova_hash['db_user'], 'nova') +$db_name = pick($nova_hash['db_name'], 'nova') +$db_password = pick($nova_hash['db_password'], 'nova') +$database_connection = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?read_timeout=60" + +$memcache_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles')) +$cache_server_ip = ipsort(values(get_node_to_ipaddr_map_by_network_role($memcache_nodes,'mgmt/memcache'))) +$memcached_addresses = suffix($cache_server_ip, inline_template(":<%= @cache_server_port %>")) +$notify_on_state_change = 'vm_and_task_state' + + +class { '::nova': + install_utilities => false, + ensure_package => installed, + database_connection => $database_connection, + rpc_backend => 'nova.openstack.common.rpc.impl_kombu', + #FIXME(bogdando) we have to split amqp_hosts until all modules synced + rabbit_hosts => split($amqp_hosts, ','), + rabbit_userid => $rabbit_hash['user'], + rabbit_password => $rabbit_hash['password'], + image_service => 'nova.image.glance.GlanceImageService', + glance_api_servers => $glance_api_servers, + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + log_facility => $syslog_log_facility_nova, + state_path => $nova_hash['state_path'], + report_interval => $nova_report_interval, + service_down_time => $nova_service_down_time, + notify_on_state_change => $notify_on_state_change, + memcached_servers => $memcached_addresses, +} + + +class { '::nova::compute': + ensure_package => installed, + enabled => true, + vnc_enabled => false, + force_config_drive => $nova_hash['force_config_drive'], + #NOTE(bogdando) default became true in 4.0.0 puppet-nova (was false) + neutron_enabled => true, + default_availability_zone => $nova_hash['default_availability_zone'], + default_schedule_zone => $nova_hash['default_schedule_zone'], + reserved_host_memory => '0', +} + + +class { 'nova::compute::ironic': + admin_url => "http://${service_endpoint}:35357/v2.0", + admin_user => $ironic_user, + admin_tenant_name => $ironic_tenant, + admin_passwd => $ironic_user_password, + api_endpoint => "http://${ironic_endpoint}:6385/v1", +} + +class { 'nova::network::neutron': + neutron_admin_password => $neutron_config['keystone']['admin_password'], + neutron_url => "http://${neutron_endpoint}:9696", + neutron_admin_auth_url => "http://${service_endpoint}:35357/v2.0", +} + +file { '/etc/nova/nova-compute.conf': + ensure => absent, + require => Package['nova-compute'], +} ~> Service['nova-compute'] + diff --git a/f2s/resources/ironic-compute/meta.yaml b/f2s/resources/ironic-compute/meta.yaml new file mode 100644 index 00000000..8debec41 --- /dev/null +++ b/f2s/resources/ironic-compute/meta.yaml @@ -0,0 +1,10 @@ +id: ironic-compute +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ironic-conductor/actions/run.pp b/f2s/resources/ironic-conductor/actions/run.pp new file mode 100644 index 00000000..1dc47155 --- /dev/null +++ b/f2s/resources/ironic-conductor/actions/run.pp @@ -0,0 +1,121 @@ +notice('MODULAR: ironic/ironic-conductor.pp') + +$network_scheme = hiera('network_scheme', {}) +prepare_network_config($network_scheme) +$baremetal_address = get_network_role_property('ironic/baremetal', 'ipaddr') +$ironic_hash = hiera_hash('ironic', {}) +$management_vip = hiera('management_vip') + +$network_metadata = hiera_hash('network_metadata', {}) +$baremetal_vip = $network_metadata['vips']['baremetal']['ipaddr'] + +$database_vip = hiera('database_vip') +$service_endpoint = hiera('service_endpoint') +$neutron_endpoint = hiera('neutron_endpoint', $management_vip) +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") +$amqp_hosts = hiera('amqp_hosts') +$rabbit_hosts = split($amqp_hosts, ',') +$debug = hiera('debug', false) +$verbose = hiera('verbose', true) +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_ironic = hiera('syslog_log_facility_ironic', 'LOG_USER') +$rabbit_hash = hiera_hash('rabbit_hash') +$rabbit_ha_queues = hiera('rabbit_ha_queues') + +$ironic_tenant = pick($ironic_hash['tenant'],'services') +$ironic_user = pick($ironic_hash['auth_name'],'ironic') +$ironic_user_password = pick($ironic_hash['user_password'],'ironic') +$ironic_swift_tempurl_key = pick($ironic_hash['swift_tempurl_key'],'ironic') + +$db_host = pick($ironic_hash['db_host'], $database_vip) +$db_user = pick($ironic_hash['db_user'], 'ironic') +$db_name = pick($ironic_hash['db_name'], 'ironic') +$db_password = pick($ironic_hash['db_password'], 'ironic') +$database_connection = "mysql://${db_name}:${db_password}@${db_host}/${db_name}?charset=utf8&read_timeout=60" + +$tftp_root = '/var/lib/ironic/tftpboot' + +package { 'ironic-fa-deploy': + ensure => 'present', +} + +class { '::ironic': + verbose => $verbose, + debug => $debug, + enabled_drivers => ['fuel_ssh', 'fuel_ipmitool', 'fake'], + rabbit_hosts => $rabbit_hosts, + rabbit_userid => $rabbit_hash['user'], + rabbit_password => $rabbit_hash['password'], + amqp_durable_queues => $rabbit_ha_queues, + use_syslog => $use_syslog, + log_facility => $syslog_log_facility_ironic, + database_connection => $database_connection, + glance_api_servers => $glance_api_servers, +} + +class { '::ironic::client': } + +class { '::ironic::conductor': } + +class { '::ironic::drivers::pxe': + tftp_server => $baremetal_address, + tftp_root => $tftp_root, + tftp_master_path => "${tftp_root}/master_images", +} + +ironic_config { + 'neutron/url': value => "http://${neutron_endpoint}:9696"; + 'keystone_authtoken/auth_uri': value => "http://${service_endpoint}:5000/"; + 'keystone_authtoken/auth_host': value => $service_endpoint; + 'keystone_authtoken/admin_tenant_name': value => $ironic_tenant; + 'keystone_authtoken/admin_user': value => $ironic_user; + 'keystone_authtoken/admin_password': value => $ironic_user_password, secret => true; + 'glance/swift_temp_url_key': value => $ironic_swift_tempurl_key; + 'glance/swift_endpoint_url': value => "http://${baremetal_vip}:8080"; + 'conductor/api_url': value => "http://${baremetal_vip}:6385"; +} + +file { $tftp_root: + ensure => directory, + owner => 'ironic', + group => 'ironic', + mode => '0755', + require => Class['ironic'], +} + +file { "${tftp_root}/pxelinux.0": + ensure => present, + source => '/usr/lib/syslinux/pxelinux.0', + require => Package['syslinux'], +} + +file { "${tftp_root}/map-file": + content => "r ^([^/]) ${tftp_root}/\\1", +} + +class { '::tftp': + username => 'ironic', + directory => $tftp_root, + options => "--map-file ${tftp_root}/map-file", + inetd => false, + require => File["${tftp_root}/map-file"], +} + +package { 'syslinux': + ensure => 'present', +} + +package { 'ipmitool': + ensure => 'present', + before => Class['::ironic::conductor'], +} + +file { "/etc/ironic/fuel_key": + ensure => present, + source => '/var/lib/astute/ironic/ironic', + owner => 'ironic', + group => 'ironic', + mode => '0600', + require => Class['ironic'], +} + diff --git a/f2s/resources/ironic-conductor/meta.yaml b/f2s/resources/ironic-conductor/meta.yaml new file mode 100644 index 00000000..a3762264 --- /dev/null +++ b/f2s/resources/ironic-conductor/meta.yaml @@ -0,0 +1,10 @@ +id: ironic-conductor +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ironic-db/actions/run.pp b/f2s/resources/ironic-db/actions/run.pp new file mode 100644 index 00000000..b663b73f --- /dev/null +++ b/f2s/resources/ironic-db/actions/run.pp @@ -0,0 +1,51 @@ +notice('MODULAR: ironic/db.pp') + +$ironic_hash = hiera_hash('ironic', {}) +$mysql_hash = hiera_hash('mysql', {}) +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($ironic_hash['db_user'], 'ironic') +$db_name = pick($ironic_hash['db_name'], 'ironic') +$db_password = pick($ironic_hash['db_password'], $mysql_root_password) + +$db_host = pick($ironic_hash['db_host'], $database_vip) +$db_create = pick($ironic_hash['db_create'], $mysql_db_create) +$db_root_user = pick($ironic_hash['root_user'], $mysql_root_user) +$db_root_password = pick($ironic_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ hiera('node_name'), 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) +validate_string($database_vip) + +if $db_create { + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'ironic::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['ironic::db::mysql'] +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/ironic-db/meta.yaml b/f2s/resources/ironic-db/meta.yaml new file mode 100644 index 00000000..5f307f46 --- /dev/null +++ b/f2s/resources/ironic-db/meta.yaml @@ -0,0 +1,20 @@ +id: ironic-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + ironic: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + node_name: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ironic-keystone/actions/run.pp b/f2s/resources/ironic-keystone/actions/run.pp new file mode 100644 index 00000000..da4f136b --- /dev/null +++ b/f2s/resources/ironic-keystone/actions/run.pp @@ -0,0 +1,39 @@ +notice('MODULAR: ironic/keystone.pp') + +$ironic_hash = hiera_hash('ironic', {}) +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$public_ssl_hash = hiera('public_ssl') +$ironic_tenant = pick($ironic_hash['tenant'],'services') +$ironic_user = pick($ironic_hash['auth_name'],'ironic') +$ironic_user_password = pick($ironic_hash['user_password'],'ironic') +$configure_endpoint = pick($ironic_hash['configure_endpoint'], true) +$configure_user = pick($ironic_hash['configure_user'], true) +$configure_user_role = pick($ironic_hash['configure_user_role'], true) +$service_name = pick($ironic_hash['service_name'], 'ironic') + +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$region = hiera('region', 'RegionOne') +$public_url = "${public_protocol}://${public_address}:6385" +$admin_url = "http://${management_vip}:6385" +$internal_url = "http://${management_vip}:6385" + +class { 'ironic::keystone::auth': + password => $ironic_user_password, + region => $region, + public_url => $public_url, + internal_url => $internal_url, + admin_url => $admin_url, + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, +} diff --git a/f2s/resources/ironic-keystone/meta.yaml b/f2s/resources/ironic-keystone/meta.yaml new file mode 100644 index 00000000..ccf4ca9a --- /dev/null +++ b/f2s/resources/ironic-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: ironic-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + ironic: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/keystone-db/actions/run.pp b/f2s/resources/keystone-db/actions/run.pp new file mode 100644 index 00000000..f6d5947c --- /dev/null +++ b/f2s/resources/keystone-db/actions/run.pp @@ -0,0 +1,54 @@ +notice('MODULAR: keystone/db.pp') + +$node_name = hiera('node_name') +$network_metadata = hiera_hash('network_metadata', {}) + +$keystone_hash = hiera_hash('keystone', {}) +$mysql_hash = hiera_hash('mysql', {}) +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($keystone_hash['db_user'], 'keystone') +$db_name = pick($keystone_hash['db_name'], 'keystone') +$db_password = pick($keystone_hash['db_password'], $mysql_root_password) + +$db_host = pick($keystone_hash['db_host'], $database_vip) +$db_create = pick($keystone_hash['db_create'], $mysql_db_create) +$db_root_user = pick($keystone_hash['root_user'], $mysql_root_user) +$db_root_password = pick($keystone_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +if $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'keystone::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['keystone::db::mysql'] + + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/keystone-db/meta.yaml b/f2s/resources/keystone-db/meta.yaml new file mode 100644 index 00000000..40db7bb2 --- /dev/null +++ b/f2s/resources/keystone-db/meta.yaml @@ -0,0 +1,22 @@ +id: keystone-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + keystone: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + network_metadata: + value: null + node_name: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/keystone/actions/run.pp b/f2s/resources/keystone/actions/run.pp new file mode 100644 index 00000000..d37f3a0e --- /dev/null +++ b/f2s/resources/keystone/actions/run.pp @@ -0,0 +1,236 @@ +notice('MODULAR: keystone.pp') + +$network_scheme = hiera_hash('network_scheme', {}) +$network_metadata = hiera_hash('network_metadata', {}) +prepare_network_config($network_scheme) + +$node_name = hiera('node_name') + +$keystone_hash = hiera_hash('keystone', {}) +$verbose = pick($keystone_hash['verbose'], hiera('verbose', true)) +$debug = pick($keystone_hash['debug'], hiera('debug', false)) +$use_neutron = hiera('use_neutron', false) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$access_hash = hiera_hash('access',{}) +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip') +$public_vip = hiera('public_vip') +$service_endpoint = hiera('service_endpoint') +$glance_hash = hiera_hash('glance', {}) +$nova_hash = hiera_hash('nova', {}) +$cinder_hash = hiera_hash('cinder', {}) +$ceilometer_hash = hiera_hash('ceilometer', {}) +$syslog_log_facility = hiera('syslog_log_facility_keystone') +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$neutron_user_password = hiera('neutron_user_password', false) +$service_workers = pick($keystone_hash['workers'], + min(max($::processorcount, 2), 16)) + +$db_type = 'mysql' +$db_host = pick($keystone_hash['db_host'], $database_vip) +$db_password = $keystone_hash['db_password'] +$db_name = pick($keystone_hash['db_name'], 'keystone') +$db_user = pick($keystone_hash['db_user'], 'keystone') + +$admin_token = $keystone_hash['admin_token'] +$admin_tenant = $access_hash['tenant'] +$admin_email = $access_hash['email'] +$admin_user = $access_hash['user'] +$admin_password = $access_hash['password'] +$region = hiera('region', 'RegionOne') + +$public_ssl_hash = hiera('public_ssl') +$public_service_endpoint = hiera('public_service_endpoint', $public_vip) +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_service_endpoint, +} + +$admin_address = $service_endpoint +$local_address_for_bind = get_network_role_property('keystone/api', 'ipaddr') + +$memcache_server_port = hiera('memcache_server_port', '11211') +$memcache_pool_maxsize = '100' +$memcache_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles')) +$memcache_address_map = get_node_to_ipaddr_map_by_network_role($memcache_nodes, 'mgmt/memcache') + +$public_port = '5000' +$admin_port = '35357' +$internal_port = '5000' +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$public_url = "${public_protocol}://${public_address}:${public_port}" +$admin_url = "http://${admin_address}:${admin_port}" +$internal_url = "http://${service_endpoint}:${internal_port}" + +$revoke_driver = 'keystone.contrib.revoke.backends.sql.Revoke' + +$enabled = true +$ssl = false + +$vhost_limit_request_field_size = 'LimitRequestFieldSize 81900' + +$rabbit_password = $rabbit_hash['password'] +$rabbit_user = $rabbit_hash['user'] +$rabbit_hosts = split(hiera('amqp_hosts',''), ',') +$rabbit_virtual_host = '/' + +$max_pool_size = hiera('max_pool_size') +$max_overflow = hiera('max_overflow') +$max_retries = '-1' +$database_idle_timeout = '3600' + +$murano_settings_hash = hiera('murano_settings', {}) +if has_key($murano_settings_hash, 'murano_repo_url') { + $murano_repo_url = $murano_settings_hash['murano_repo_url'] +} else { + $murano_repo_url = 'http://storage.apps.openstack.org' +} + +############################################################################### + +####### KEYSTONE ########### +class { 'openstack::keystone': + verbose => $verbose, + debug => $debug, + db_type => $db_type, + db_host => $db_host, + db_password => $db_password, + db_name => $db_name, + db_user => $db_user, + admin_token => $admin_token, + public_address => $public_address, + public_ssl => $public_ssl_hash['services'], + public_hostname => $public_ssl_hash['hostname'], + internal_address => $service_endpoint, + admin_address => $admin_address, + public_bind_host => $local_address_for_bind, + admin_bind_host => $local_address_for_bind, + enabled => $enabled, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + syslog_log_facility => $syslog_log_facility, + region => $region, + memcache_servers => values($memcache_address_map), + memcache_server_port => $memcache_server_port, + memcache_pool_maxsize => $memcache_pool_maxsize, + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + rabbit_password => $rabbit_password, + rabbit_userid => $rabbit_user, + rabbit_hosts => $rabbit_hosts, + rabbit_virtual_host => $rabbit_virtual_host, + database_idle_timeout => $database_idle_timeout, + revoke_driver => $revoke_driver, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $internal_url, + ceilometer => $ceilometer_hash['enabled'], + service_workers => $service_workers, +} + +####### WSGI ########### + +class { 'osnailyfacter::apache': + listen_ports => hiera_array('apache_ports', ['80', '8888', '5000', '35357']), +} + +class { 'keystone::wsgi::apache': + priority => '05', + threads => 3, + workers => min($::processorcount, 6), + ssl => $ssl, + vhost_custom_fragment => $vhost_limit_request_field_size, + access_log_format => '%h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"', + + wsgi_script_ensure => $::osfamily ? { + 'RedHat' => 'link', + default => 'file', + }, + wsgi_script_source => $::osfamily ? { + # TODO: (adidenko) use file from package for Debian, when + # https://bugs.launchpad.net/fuel/+bug/1476688 is fixed. + # 'Debian' => '/usr/share/keystone/wsgi.py', + 'RedHat' => '/usr/share/keystone/keystone.wsgi', + default => undef, + }, +} + +include ::tweaks::apache_wrappers + +############################################################################### + +class { 'keystone::roles::admin': + admin => $admin_user, + password => $admin_password, + email => $admin_email, + admin_tenant => $admin_tenant, +} + +class { 'openstack::auth_file': + admin_user => $admin_user, + admin_password => $admin_password, + admin_tenant => $admin_tenant, + region_name => $region, + controller_node => $service_endpoint, + murano_repo_url => $murano_repo_url, +} + +# Get paste.ini source +include keystone::params +$keystone_paste_ini = $::keystone::params::paste_config ? { + undef => '/etc/keystone/keystone-paste.ini', + default => $::keystone::params::paste_config, +} + +# Make sure admin token auth middleware is in place +exec { 'add_admin_token_auth_middleware': + path => ['/bin', '/usr/bin'], + command => "sed -i 's/\\( token_auth \\)/\\1admin_token_auth /' $keystone_paste_ini", + unless => "fgrep -q ' admin_token_auth' $keystone_paste_ini", + require => Package['keystone'], +} + +#Can't use openrc to create admin user +exec { 'purge_openrc': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + command => 'rm -f /root/openrc', + onlyif => 'test -f /root/openrc', +} + +Exec <| title == 'keystone-manage db_sync' |> ~> +Exec <| title == 'purge_openrc' |> + +Exec <| title == 'add_admin_token_auth_middleware' |> -> +Exec <| title == 'keystone-manage db_sync' |> -> +Exec <| title == 'purge_openrc' |> -> +Class['keystone::roles::admin'] -> +Class['openstack::auth_file'] + +$haproxy_stats_url = "http://${service_endpoint}:10000/;csv" + +haproxy_backend_status { 'keystone-public' : + name => 'keystone-1', + url => $haproxy_stats_url, +} + +haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + url => $haproxy_stats_url, +} + +Service['keystone'] -> Haproxy_backend_status<||> +Service<| title == 'httpd' |> -> Haproxy_backend_status<||> +Haproxy_backend_status<||> -> Class['keystone::roles::admin'] + +####### Disable upstart startup on install ####### +if ($::operatingsystem == 'Ubuntu') { + tweaks::ubuntu_service_override { 'keystone': + package_name => 'keystone', + } +} diff --git a/f2s/resources/keystone/meta.yaml b/f2s/resources/keystone/meta.yaml new file mode 100644 index 00000000..fce3075d --- /dev/null +++ b/f2s/resources/keystone/meta.yaml @@ -0,0 +1,74 @@ +id: keystone +handler: puppetv2 +version: '8.0' +inputs: + access: + value: null + amqp_hosts: + value: null + apache_ports: + value: null + ceilometer: + value: null + cinder: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + glance: + value: null + keystone: + value: null + management_vip: + value: null + max_overflow: + value: null + max_pool_size: + value: null + memcache_roles: + value: null + memcache_server_port: + value: null + murano_settings: + value: null + network_metadata: + value: null + network_scheme: + value: null + neutron_user_password: + value: null + node_name: + value: null + nodes: + value: null + nova: + value: null + public_service_endpoint: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + syslog_log_facility_keystone: + value: null + use_neutron: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/logging/actions/run.pp b/f2s/resources/logging/actions/run.pp new file mode 100644 index 00000000..44bbab58 --- /dev/null +++ b/f2s/resources/logging/actions/run.pp @@ -0,0 +1,67 @@ +notice('MODULAR: logging.pp') + +$base_syslog_hash = hiera('base_syslog_hash') +$syslog_hash = hiera('syslog_hash') +$use_syslog = hiera('use_syslog', true) +$debug = pick($syslog_hash['debug'], hiera('debug', false)) +$nodes_hash = hiera('nodes', {}) +$roles = node_roles($nodes_hash, hiera('uid')) + +################################################## + +$base_syslog_rserver = { + 'remote_type' => 'tcp', + 'server' => $base_syslog_hash['syslog_server'], + 'port' => $base_syslog_hash['syslog_port'] +} + +$syslog_rserver = { + 'remote_type' => $syslog_hash['syslog_transport'], + 'server' => $syslog_hash['syslog_server'], + 'port' => $syslog_hash['syslog_port'], +} + +if $syslog_hash['metadata']['enabled'] { + $rservers = [$base_syslog_rserver, $syslog_rserver] +} else { + $rservers = [$base_syslog_rserver] +} + +if $use_syslog { + if ($::operatingsystem == 'Ubuntu') { + # ensure the var log folder permissions are correct even if it's a mount + # LP#1489347 + file { '/var/log': + owner => 'root', + group => 'syslog', + mode => '0775', + } + } + + if member($roles, 'ironic') { + $ironic_collector = true + } + + class { '::openstack::logging': + role => 'client', + show_timezone => true, + # log both locally include auth, and remote + log_remote => true, + log_local => true, + log_auth_local => true, + # keep four weekly log rotations, + # force rotate if 300M size have exceeded + rotation => 'weekly', + keep => '4', + minsize => '10M', + maxsize => '100M', + # remote servers to send logs to + rservers => $rservers, + # should be true, if client is running at virtual node + virtual => str2bool($::is_virtual), + # Rabbit doesn't support syslog directly + rabbit_log_level => 'NOTICE', + debug => $debug, + ironic_collector => $ironic_collector, + } +} diff --git a/f2s/resources/logging/meta.yaml b/f2s/resources/logging/meta.yaml new file mode 100644 index 00000000..443636ca --- /dev/null +++ b/f2s/resources/logging/meta.yaml @@ -0,0 +1,24 @@ +id: logging +handler: puppetv2 +version: '8.0' +inputs: + base_syslog_hash: + value: null + debug: + value: null + fqdn: + value: null + node_role: + value: null + nodes: + value: null + puppet_modules: + value: null + role: + value: null + syslog_hash: + value: null + uid: + value: null + use_syslog: + value: null diff --git a/f2s/resources/memcached/actions/run.pp b/f2s/resources/memcached/actions/run.pp new file mode 100644 index 00000000..877a381f --- /dev/null +++ b/f2s/resources/memcached/actions/run.pp @@ -0,0 +1,8 @@ +notice('MODULAR: memcached.pp') + +prepare_network_config(hiera('network_scheme', {})) + +class { 'memcached': + listen_ip => get_network_role_property('mgmt/memcache', 'ipaddr'), + max_memory => '50%', +} diff --git a/f2s/resources/memcached/meta.yaml b/f2s/resources/memcached/meta.yaml new file mode 100644 index 00000000..a7395ba4 --- /dev/null +++ b/f2s/resources/memcached/meta.yaml @@ -0,0 +1,12 @@ +id: memcached +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/murano-db/actions/run.pp b/f2s/resources/murano-db/actions/run.pp new file mode 100644 index 00000000..ddc326ba --- /dev/null +++ b/f2s/resources/murano-db/actions/run.pp @@ -0,0 +1,57 @@ +notice('MODULAR: murano/db.pp') + +$node_name = hiera('node_name') +$murano_hash = hiera_hash('murano_hash', {}) +$murano_enabled = pick($murano_hash['enabled'], false) +$mysql_hash = hiera_hash('mysql_hash', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($murano_hash['db_user'], 'murano') +$db_name = pick($murano_hash['db_name'], 'murano') +$db_password = pick($murano_hash['db_password'], $mysql_root_password) + +$db_host = pick($murano_hash['db_host'], $database_vip) +$db_create = pick($murano_hash['db_create'], $mysql_db_create) +$db_root_user = pick($murano_hash['root_user'], $mysql_root_user) +$db_root_password = pick($murano_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $murano_enabled and $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'murano::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['murano::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server +class murano::api {} +include murano::api diff --git a/f2s/resources/murano-db/meta.yaml b/f2s/resources/murano-db/meta.yaml new file mode 100644 index 00000000..a2ebcfdc --- /dev/null +++ b/f2s/resources/murano-db/meta.yaml @@ -0,0 +1,22 @@ +id: murano-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + murano: + value: null + murano_hash: + value: null + mysql_hash: + value: null + node_name: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/murano-keystone/actions/run.pp b/f2s/resources/murano-keystone/actions/run.pp new file mode 100644 index 00000000..4d132d74 --- /dev/null +++ b/f2s/resources/murano-keystone/actions/run.pp @@ -0,0 +1,36 @@ +notice('MODULAR: murano/keystone.pp') + +$murano_hash = hiera_hash('murano_hash', {}) +$public_ip = hiera('public_vip') +$management_ip = hiera('management_vip') +$public_ssl = hiera('public_ssl') +$region = hiera('region', 'RegionOne') + + +$public_protocol = $public_ssl['services'] ? { + true => 'https', + default => 'http', +} + +$public_address = $public_ssl['services'] ? { + true => $public_ssl['hostname'], + default => $public_ip, +} + +$api_bind_port = '8082' + +$tenant = pick($murano_hash['tenant'], 'services') +$public_url = "${public_protocol}://${public_address}:${api_bind_port}" +$admin_url = "http://${management_ip}:${api_bind_port}" + +################################################################# + +class { 'murano::keystone::auth': + password => $murano_hash['user_password'], + service_type => 'application_catalog', + region => $region, + tenant => $tenant, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $admin_url, +} diff --git a/f2s/resources/murano-keystone/meta.yaml b/f2s/resources/murano-keystone/meta.yaml new file mode 100644 index 00000000..1283949d --- /dev/null +++ b/f2s/resources/murano-keystone/meta.yaml @@ -0,0 +1,22 @@ +id: murano-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + murano_hash: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null diff --git a/f2s/resources/murano/actions/run.pp b/f2s/resources/murano/actions/run.pp new file mode 100644 index 00000000..90750555 --- /dev/null +++ b/f2s/resources/murano/actions/run.pp @@ -0,0 +1,163 @@ +notice('MODULAR: murano.pp') + +prepare_network_config(hiera('network_scheme', {})) + +$murano_hash = hiera_hash('murano_hash', {}) +$murano_settings_hash = hiera_hash('murano_settings', {}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$heat_hash = hiera_hash('heat_hash', {}) +$neutron_config = hiera_hash('neutron_config', {}) +$node_role = hiera('node_role') +$public_ip = hiera('public_vip') +$database_ip = hiera('database_vip') +$management_ip = hiera('management_vip') +$region = hiera('region', 'RegionOne') +$use_neutron = hiera('use_neutron', false) +$service_endpoint = hiera('service_endpoint') +$syslog_log_facility_murano = hiera('syslog_log_facility_murano') +$debug = pick($murano_hash['debug'], hiera('debug', false)) +$verbose = pick($murano_hash['verbose'], hiera('verbose', true)) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$rabbit_ha_queues = hiera('rabbit_ha_queues') +$amqp_port = hiera('amqp_port') +$amqp_hosts = hiera('amqp_hosts') +$public_ssl = hiera_hash('public_ssl', {}) + +################################################################# + +if $murano_hash['enabled'] { + $public_protocol = pick($public_ssl['services'], false) ? { + true => 'https', + default => 'http', + } + + $public_address = pick($public_ssl['services'], false) ? { + true => pick($public_ssl['hostname']), + default => $public_ip, + } + + $firewall_rule = '202 murano-api' + + $api_bind_port = '8082' + $api_bind_host = get_network_role_property('murano/api', 'ipaddr') + + $murano_user = pick($murano_hash['user'], 'murano') + $tenant = pick($murano_hash['tenant'], 'services') + $internal_url = "http://${api_bind_host}:${api_bind_port}" + $db_user = pick($murano_hash['db_user'], 'murano') + $db_name = pick($murano_hash['db_name'], 'murano') + $db_password = pick($murano_hash['db_password']) + $db_host = pick($murano_hash['db_host'], $database_ip) + $read_timeout = '60' + $sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=${read_timeout}" + + $external_network = $use_neutron ? { + true => get_ext_net_name($neutron_config['predefined_networks']), + default => undef, + } + + $repository_url = has_key($murano_settings_hash, 'murano_repo_url') ? { + true => $murano_settings_hash['murano_repo_url'], + default => 'http://storage.apps.openstack.org', + } + + ####### Disable upstart startup on install ####### + tweaks::ubuntu_service_override { ['murano-api', 'murano-engine']: + package_name => 'murano', + } + + firewall { $firewall_rule : + dport => $api_bind_port, + proto => 'tcp', + action => 'accept', + } + + class { 'murano' : + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + log_facility => $syslog_log_facility_murano, + database_connection => $sql_connection, + keystone_uri => "${public_protocol}://${public_address}:5000/v2.0/", + keystone_username => $murano_user, + keystone_password => $murano_hash['user_password'], + keystone_tenant => $tenant, + identity_uri => "http://${service_endpoint}:35357/", + use_neutron => $use_neutron, + rabbit_os_user => $rabbit_hash['user'], + rabbit_os_password => $rabbit_hash['password'], + rabbit_os_port => $amqp_port, + rabbit_os_hosts => split($amqp_hosts, ','), + rabbit_ha_queues => $rabbit_ha_queues, + rabbit_own_host => $public_ip, + rabbit_own_port => '55572', + rabbit_own_user => 'murano', + rabbit_own_password => $heat_hash['rabbit_password'], + service_host => $api_bind_host, + service_port => $api_bind_port, + external_network => $external_network, + } + + class { 'murano::api': + host => $api_bind_host, + port => $api_bind_port, + } + + class { 'murano::engine': } + + class { 'murano::client': } + + class { 'murano::dashboard': + api_url => $internal_url, + repo_url => $repository_url, + } + + class { 'murano::rabbitmq': + rabbit_user => 'murano', + rabbit_password => $heat_hash['rabbit_password'], + rabbit_port => '55572', + } + + $haproxy_stats_url = "http://${management_ip}:10000/;csv" + + haproxy_backend_status { 'murano-api' : + name => 'murano-api', + url => $haproxy_stats_url, + } + + if ($node_role == 'primary-controller') { + haproxy_backend_status { 'keystone-public' : + name => 'keystone-1', + url => $haproxy_stats_url, + } + + haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + url => $haproxy_stats_url, + } + + murano::application { 'io.murano' : + os_tenant_name => $tenant, + os_username => $murano_user, + os_password => $murano_hash['user_password'], + os_auth_url => "${public_protocol}://${public_address}:5000/v2.0/", + os_region => $region, + mandatory => true, + } + + Haproxy_backend_status['keystone-admin'] -> Haproxy_backend_status['murano-api'] + Haproxy_backend_status['keystone-public'] -> Haproxy_backend_status['murano-api'] + Haproxy_backend_status['murano-api'] -> Murano::Application['io.murano'] + + Service['murano-api'] -> Murano::Application<| mandatory == true |> + } + + Firewall[$firewall_rule] -> Class['murano::api'] + Service['murano-api'] -> Haproxy_backend_status['murano-api'] +} +######################### + +class openstack::firewall {} +include openstack::firewall diff --git a/f2s/resources/murano/meta.yaml b/f2s/resources/murano/meta.yaml new file mode 100644 index 00000000..4482611a --- /dev/null +++ b/f2s/resources/murano/meta.yaml @@ -0,0 +1,56 @@ +id: murano +handler: puppetv2 +version: '8.0' +inputs: + amqp_hosts: + value: null + amqp_port: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + heat_hash: + value: null + management_vip: + value: null + murano: + value: null + murano_hash: + value: null + murano_settings: + value: null + network_scheme: + value: null + neutron_config: + value: null + node_role: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + rabbit_ha_queues: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + syslog_log_facility_murano: + value: null + use_neutron: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/netconfig/actions/run.pp b/f2s/resources/netconfig/actions/run.pp new file mode 100644 index 00000000..7494a336 --- /dev/null +++ b/f2s/resources/netconfig/actions/run.pp @@ -0,0 +1,106 @@ +notice('MODULAR: netconfig.pp') + +$network_scheme = hiera('network_scheme') + +if ( $::l23_os =~ /(?i:centos6)/ and $::kernelmajversion == '3.10' ) { + $ovs_datapath_package_name = 'kmod-openvswitch-lt' +} + +class { 'l23network' : + use_ovs => hiera('use_ovs', false), + use_ovs_dkms_datapath_module => $::l23_os ? { + /(?i:redhat7|centos7)/ => false, + default => true + }, + ovs_datapath_package_name => $ovs_datapath_package_name, +} +prepare_network_config($network_scheme) +$sdn = generate_network_config() +notify {'SDN': message => $sdn } + +#Set arp_accept to 1 by default #lp1456272 +sysctl::value { 'net.ipv4.conf.all.arp_accept': value => '1' } +sysctl::value { 'net.ipv4.conf.default.arp_accept': value => '1' } + +# setting kernel reserved ports +# defaults are 49000,49001,35357,41055,41056,58882 +class { 'openstack::reserved_ports': } + +### TCP connections keepalives and failover related parameters ### +# configure TCP keepalive for host OS. +# Send 3 probes each 8 seconds, if the connection was idle +# for a 30 seconds. Consider it dead, if there was no responces +# during the check time frame, i.e. 30+3*8=54 seconds overall. +# (note: overall check time frame should be lower then +# nova_report_interval). +class { 'openstack::keepalive' : + tcpka_time => '30', + tcpka_probes => '8', + tcpka_intvl => '3', + tcp_retries2 => '5', +} + +# increase network backlog for performance on fast networks +sysctl::value { 'net.core.netdev_max_backlog': value => '261144' } + +L2_port<||> -> Sysfs_config_value<||> +L3_ifconfig<||> -> Sysfs_config_value<||> +L3_route<||> -> Sysfs_config_value<||> + +class { 'sysfs' :} + +if hiera('set_rps', true) { + sysfs_config_value { 'rps_cpus' : + ensure => 'present', + name => '/etc/sysfs.d/rps_cpus.conf', + value => cpu_affinity_hex($::processorcount), + sysfs => '/sys/class/net/*/queues/rx-*/rps_cpus', + exclude => '/sys/class/net/lo/*', + } +} + +if hiera('set_xps', true) { + sysfs_config_value { 'xps_cpus' : + ensure => 'present', + name => '/etc/sysfs.d/xps_cpus.conf', + value => cpu_affinity_hex($::processorcount), + sysfs => '/sys/class/net/*/queues/tx-*/xps_cpus', + exclude => '/sys/class/net/lo/*', + } +} + +if !defined(Package['irqbalance']) { + package { 'irqbalance': + ensure => installed, + } +} + +if !defined(Service['irqbalance']) { + service { 'irqbalance': + ensure => running, + require => Package['irqbalance'], + } +} + +# We need to wait at least 30 seconds for the bridges and other interfaces to +# come up after being created. This should allow for all interfaces to be up +# and ready for traffic before proceeding with further deploy steps. LP#1458954 +exec { 'wait-for-interfaces': + path => '/usr/bin:/bin', + command => 'sleep 32', +} + +# check that network was configured successfully +# and the default gateway is online +$default_gateway = hiera('default_gateway') + +ping_host { $default_gateway : + ensure => 'up', +} +L2_port<||> -> Ping_host[$default_gateway] +L2_bond<||> -> Ping_host[$default_gateway] +L3_ifconfig<||> -> Ping_host[$default_gateway] +L3_route<||> -> Ping_host[$default_gateway] + +Class['l23network'] -> +Exec['wait-for-interfaces'] diff --git a/f2s/resources/netconfig/meta.yaml b/f2s/resources/netconfig/meta.yaml new file mode 100644 index 00000000..695c9e22 --- /dev/null +++ b/f2s/resources/netconfig/meta.yaml @@ -0,0 +1,24 @@ +id: netconfig +handler: puppetv2 +version: '8.0' +inputs: + default_gateway: + value: null + fqdn: + value: null + network_metadata: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null + set_rps: + value: null + set_xps: + value: null + use_neutron: + value: null + use_ovs: + value: null diff --git a/f2s/resources/neutron-db/actions/run.pp b/f2s/resources/neutron-db/actions/run.pp new file mode 100644 index 00000000..8cdbae15 --- /dev/null +++ b/f2s/resources/neutron-db/actions/run.pp @@ -0,0 +1,59 @@ +notice('MODULAR: openstack-network/db.pp') + +$node_name = hiera('node_name') +$use_neutron = hiera('use_neutron', false) +$neutron_hash = hiera_hash('quantum_settings', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$neutron_db = merge($neutron_hash['database'], {}) + +$db_user = pick($neutron_db['db_user'], 'neutron') +$db_name = pick($neutron_db['db_name'], 'neutron') +$db_password = pick($neutron_db['passwd'], $mysql_root_password) + +$db_host = pick($neutron_db['db_host'], $database_vip) +$db_create = pick($neutron_db['db_create'], $mysql_db_create) +$db_root_user = pick($neutron_db['root_user'], $mysql_root_user) +$db_root_password = pick($neutron_db['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $use_neutron and $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'neutron::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['neutron::db::mysql'] + +} + +# =========================================================================== + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/neutron-db/meta.yaml b/f2s/resources/neutron-db/meta.yaml new file mode 100644 index 00000000..bf93b0e4 --- /dev/null +++ b/f2s/resources/neutron-db/meta.yaml @@ -0,0 +1,26 @@ +id: neutron-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + neutron_db_password: + value: null + node_name: + value: null + puppet_modules: + value: null + quantum_settings: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/neutron-keystone/actions/run.pp b/f2s/resources/neutron-keystone/actions/run.pp new file mode 100644 index 00000000..937b42b7 --- /dev/null +++ b/f2s/resources/neutron-keystone/actions/run.pp @@ -0,0 +1,50 @@ +notice('MODULAR: openstack-network/keystone.pp') + +$use_neutron = hiera('use_neutron', false) +$neutron_hash = hiera_hash('quantum_settings', {}) +$public_vip = hiera('public_vip') +$public_ssl_hash = hiera('public_ssl') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} +$admin_address = hiera('management_vip') +$admin_protocol = 'http' +$region = pick($neutron_hash['region'], hiera('region', 'RegionOne')) + +$password = $neutron_hash['keystone']['admin_password'] +$auth_name = pick($neutron_hash['auth_name'], 'neutron') +$configure_endpoint = pick($neutron_hash['configure_endpoint'], true) +$configure_user = pick($neutron_hash['configure_user'], true) +$configure_user_role = pick($neutron_hash['configure_user_role'], true) +$service_name = pick($neutron_hash['service_name'], 'neutron') +$tenant = pick($neutron_hash['tenant'], 'services') + +$port = '9696' + +$public_url = "${public_protocol}://${public_address}:${port}" +$internal_url = "${admin_protocol}://${admin_address}:${port}" +$admin_url = "${admin_protocol}://${admin_address}:${port}" + + +validate_string($public_address) +validate_string($password) + +if $use_neutron { + class { '::neutron::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, + public_url => $public_url, + internal_url => $internal_url, + admin_url => $admin_url, + region => $region, + } +} diff --git a/f2s/resources/neutron-keystone/meta.yaml b/f2s/resources/neutron-keystone/meta.yaml new file mode 100644 index 00000000..9f3a3479 --- /dev/null +++ b/f2s/resources/neutron-keystone/meta.yaml @@ -0,0 +1,22 @@ +id: neutron-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + quantum_settings: + value: null + region: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/nova-db/actions/run.pp b/f2s/resources/nova-db/actions/run.pp new file mode 100644 index 00000000..88470175 --- /dev/null +++ b/f2s/resources/nova-db/actions/run.pp @@ -0,0 +1,53 @@ +notice('MODULAR: openstack-controller/db.pp') + +$nova_hash = hiera_hash('nova', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($nova_hash['db_user'], 'nova') +$db_name = pick($nova_hash['db_name'], 'nova') +$db_password = pick($nova_hash['db_password'], $mysql_root_password) + +$db_host = pick($nova_hash['db_host'], $database_vip) +$db_create = pick($nova_hash['db_create'], $mysql_db_create) +$db_root_user = pick($nova_hash['root_user'], $mysql_root_user) +$db_root_password = pick($nova_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $::hostname, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'nova::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['nova::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/f2s/resources/nova-db/meta.yaml b/f2s/resources/nova-db/meta.yaml new file mode 100644 index 00000000..7335e140 --- /dev/null +++ b/f2s/resources/nova-db/meta.yaml @@ -0,0 +1,20 @@ +id: nova-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql: + value: null + mysql_custom_setup_class: + value: null + nova: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/nova-keystone/actions/run.pp b/f2s/resources/nova-keystone/actions/run.pp new file mode 100644 index 00000000..0f5a4fc8 --- /dev/null +++ b/f2s/resources/nova-keystone/actions/run.pp @@ -0,0 +1,56 @@ +notice('MODULAR: openstack-controller/keystone.pp') + +$nova_hash = hiera_hash('nova', {}) +$public_vip = hiera('public_vip') +$public_ssl_hash = hiera('public_ssl') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} +$admin_protocol = 'http' +$admin_address = hiera('management_vip') +$region = pick($nova_hash['region'], hiera('region', 'RegionOne')) + +$password = $nova_hash['user_password'] +$auth_name = pick($nova_hash['auth_name'], 'nova') +$configure_endpoint = pick($nova_hash['configure_endpoint'], true) +$configure_user = pick($nova_hash['configure_user'], true) +$configure_user_role = pick($nova_hash['configure_user_role'], true) +$service_name = pick($nova_hash['service_name'], 'nova') +$tenant = pick($nova_hash['tenant'], 'services') + +$compute_port = '8774' +$public_base_url = "${public_protocol}://${public_address}:${compute_port}" +$admin_base_url = "${admin_protocol}://${admin_address}:${compute_port}" + +$ec2_port = '8773' +$ec2_public_url = "${public_protocol}://${public_address}:${ec2_port}/services/Cloud" +$ec2_internal_url = "${admin_protocol}://${admin_address}:${ec2_port}/services/Cloud" +$ec2_admin_url = "${admin_protocol}://${admin_address}:${ec2_port}/services/Admin" + +validate_string($public_address) +validate_string($password) + +class { '::nova::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + configure_endpoint_v3 => $configure_endpoint, + configure_user => $configure_user, + configure_user_role => $configure_user_role, + service_name => $service_name, + public_url => "${public_base_url}/v2/%(tenant_id)s", + public_url_v3 => "${public_base_url}/v3", + internal_url => "${admin_base_url}/v2/%(tenant_id)s", + internal_url_v3 => "${admin_base_url}/v3", + admin_url => "${admin_base_url}/v2/%(tenant_id)s", + admin_url_v3 => "${admin_base_url}/v3", + region => $region, + ec2_public_url => $ec2_public_url, + ec2_internal_url => $ec2_internal_url, + ec2_admin_url => $ec2_admin_url, +} diff --git a/f2s/resources/nova-keystone/meta.yaml b/f2s/resources/nova-keystone/meta.yaml new file mode 100644 index 00000000..58021f68 --- /dev/null +++ b/f2s/resources/nova-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: nova-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + nova: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null diff --git a/f2s/resources/ntp-check/actions/run.pp b/f2s/resources/ntp-check/actions/run.pp new file mode 100644 index 00000000..193e64f2 --- /dev/null +++ b/f2s/resources/ntp-check/actions/run.pp @@ -0,0 +1,6 @@ +notice('MODULAR: ntp-check.pp') +# get the ntp configuration from hiera +$ntp_servers = hiera('external_ntp') +# take the comma seperated list and turn it into an array of servers and then +# pass it to the ntp_available function to check that at least 1 server works +ntp_available(strip(split($ntp_servers['ntp_list'], ','))) diff --git a/f2s/resources/ntp-check/meta.yaml b/f2s/resources/ntp-check/meta.yaml new file mode 100644 index 00000000..a25929c7 --- /dev/null +++ b/f2s/resources/ntp-check/meta.yaml @@ -0,0 +1,12 @@ +id: ntp-check +handler: puppetv2 +version: '8.0' +inputs: + external_ntp: + value: null + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ntp-client/actions/run.pp b/f2s/resources/ntp-client/actions/run.pp new file mode 100644 index 00000000..38a37f2b --- /dev/null +++ b/f2s/resources/ntp-client/actions/run.pp @@ -0,0 +1,26 @@ +notice('MODULAR: ntp-client.pp') + +$management_vrouter_vip = hiera('management_vrouter_vip') +$ntp_servers = hiera_array('ntp_servers', [$management_vrouter_vip]) +$nodes_hash = hiera('nodes', {}) +$roles = node_roles($nodes_hash, hiera('uid')) + +if !(member($roles, 'controller') or member($roles, 'primary-controller')) { + class { 'ntp': + servers => $ntp_servers, + service_ensure => 'running', + service_enable => true, + disable_monitor => true, + iburst_enable => true, + tinker => true, + panic => '0', + stepout => '5', + minpoll => '3', + } + + include ntp::params + tweaks::ubuntu_service_override { 'ntpd': + package_name => $ntp::params::package_name, + service_name => $ntp::params::service_name, + } +} diff --git a/f2s/resources/ntp-client/meta.yaml b/f2s/resources/ntp-client/meta.yaml new file mode 100644 index 00000000..568e2f2e --- /dev/null +++ b/f2s/resources/ntp-client/meta.yaml @@ -0,0 +1,10 @@ +id: ntp-client +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ntp-server/actions/run.pp b/f2s/resources/ntp-server/actions/run.pp new file mode 100644 index 00000000..6055f681 --- /dev/null +++ b/f2s/resources/ntp-server/actions/run.pp @@ -0,0 +1,31 @@ +notice('MODULAR: ntp-server.pp') + +$ntp_servers = hiera('external_ntp') + +class { 'ntp': + servers => strip(split($ntp_servers['ntp_list'], ',')), + service_enable => true, + service_ensure => 'running', + disable_monitor => true, + iburst_enable => true, + tinker => true, + panic => '0', + stepout => '5', + minpoll => '3', + restrict => [ + '-4 default kod nomodify notrap nopeer noquery', + '-6 default kod nomodify notrap nopeer noquery', + '127.0.0.1', + '::1', + ], +} + +class { 'cluster::ntp_ocf': } + +if $::operatingsystem == 'Ubuntu' { + include ntp::params + tweaks::ubuntu_service_override { 'ntpd': + package_name => $ntp::params::package_name, + service_name => $ntp::params::service_name, + } +} diff --git a/f2s/resources/ntp-server/meta.yaml b/f2s/resources/ntp-server/meta.yaml new file mode 100644 index 00000000..78918ad7 --- /dev/null +++ b/f2s/resources/ntp-server/meta.yaml @@ -0,0 +1,12 @@ +id: ntp-server +handler: puppetv2 +version: '8.0' +inputs: + external_ntp: + value: null + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-cinder/actions/run.pp b/f2s/resources/openstack-cinder/actions/run.pp new file mode 100644 index 00000000..7ea72770 --- /dev/null +++ b/f2s/resources/openstack-cinder/actions/run.pp @@ -0,0 +1,107 @@ +notice('MODULAR: openstack-cinder.pp') + +#Network stuff +prepare_network_config(hiera('network_scheme', {})) +$cinder_hash = hiera_hash('cinder_hash', {}) +$management_vip = hiera('management_vip') +$queue_provider = hiera('queue_provider', 'rabbitmq') +$cinder_volume_group = hiera('cinder_volume_group', 'cinder') +$nodes_hash = hiera('nodes', {}) +$storage_hash = hiera_hash('storage', {}) +$ceilometer_hash = hiera_hash('ceilometer_hash',{}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$service_endpoint = hiera('service_endpoint') +$service_workers = pick($cinder_hash['workers'], + min(max($::processorcount, 2), 16)) + +$cinder_db_password = $cinder_hash[db_password] +$cinder_user_password = $cinder_hash[user_password] +$keystone_user = pick($cinder_hash['user'], 'cinder') +$keystone_tenant = pick($cinder_hash['tenant'], 'services') +$region = hiera('region', 'RegionOne') +$db_host = pick($cinder_hash['db_host'], hiera('database_vip')) +$cinder_db_user = pick($cinder_hash['db_user'], 'cinder') +$cinder_db_name = pick($cinder_hash['db_name'], 'cinder') +$roles = node_roles($nodes_hash, hiera('uid')) +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") + +# Determine who should get the volume service +if (member($roles, 'cinder') and $storage_hash['volumes_lvm']) { + $manage_volumes = 'iscsi' +} elsif ($storage_hash['volumes_ceph']) { + $manage_volumes = 'ceph' +} elsif member($roles, 'cinder-vmware') { + $manage_volumes = 'vmdk' +} else { + $manage_volumes = false +} + +# SQLAlchemy backend configuration +$max_pool_size = min($::processorcount * 5 + 0, 30 + 0) +$max_overflow = min($::processorcount * 5 + 0, 60 + 0) +$max_retries = '-1' +$idle_timeout = '3600' + +$keystone_auth_protocol = 'http' +$keystone_auth_host = $service_endpoint +$service_port = '5000' +$auth_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" +$identity_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" + +$openstack_version = { + 'keystone' => 'installed', + 'glance' => 'installed', + 'horizon' => 'installed', + 'nova' => 'installed', + 'novncproxy' => 'installed', + 'cinder' => 'installed', +} + +######### Cinder Controller Services ######## +class {'openstack::cinder': + sql_connection => "mysql://${cinder_db_user}:${cinder_db_password}@${db_host}/${cinder_db_name}?charset=utf8&read_timeout=60", + queue_provider => $queue_provider, + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $rabbit_hash['user'], + amqp_password => $rabbit_hash['password'], + rabbit_ha_queues => true, + volume_group => $cinder_volume_group, + physical_volume => undef, + manage_volumes => $manage_volumes, + enabled => true, + glance_api_servers => $glance_api_servers, + auth_host => $service_endpoint, + bind_host => get_network_role_property('cinder/api', 'ipaddr'), + iscsi_bind_host => get_network_role_property('cinder/iscsi', 'ipaddr'), + keystone_user => $keystone_user, + keystone_tenant => $keystone_tenant, + auth_uri => $auth_uri, + region => $region, + identity_uri => $identity_uri, + cinder_user_password => $cinder_user_password, + use_syslog => hiera('use_syslog', true), + use_stderr => hiera('use_stderr', false), + verbose => pick($cinder_hash['verbose'], hiera('verbose', true)), + debug => pick($cinder_hash['debug'], hiera('debug', true)), + syslog_log_facility => hiera('syslog_log_facility_cinder', 'LOG_LOCAL3'), + cinder_rate_limits => hiera('cinder_rate_limits'), + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + idle_timeout => $idle_timeout, + ceilometer => $ceilometer_hash[enabled], + service_workers => $service_workers, +} # end class + +####### Disable upstart startup on install ####### +if($::operatingsystem == 'Ubuntu') { + tweaks::ubuntu_service_override { 'cinder-api': + package_name => 'cinder-api', + } + tweaks::ubuntu_service_override { 'cinder-backup': + package_name => 'cinder-backup', + } + tweaks::ubuntu_service_override { 'cinder-scheduler': + package_name => 'cinder-scheduler', + } +} diff --git a/f2s/resources/openstack-cinder/meta.yaml b/f2s/resources/openstack-cinder/meta.yaml new file mode 100644 index 00000000..5b0ade7a --- /dev/null +++ b/f2s/resources/openstack-cinder/meta.yaml @@ -0,0 +1,56 @@ +id: openstack-cinder +handler: puppetv2 +version: '8.0' +inputs: + amqp_hosts: + value: null + ceilometer_hash: + value: null + cinder: + value: null + cinder_hash: + value: null + cinder_rate_limits: + value: null + cinder_volume_group: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + glance_api_servers: + value: null + management_vip: + value: null + network_scheme: + value: null + nodes: + value: null + puppet_modules: + value: null + queue_provider: + value: null + rabbit_ha_queues: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + storage: + value: null + syslog_log_facility_cinder: + value: null + uid: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/openstack-controller/actions/run.pp b/f2s/resources/openstack-controller/actions/run.pp new file mode 100644 index 00000000..9406d362 --- /dev/null +++ b/f2s/resources/openstack-controller/actions/run.pp @@ -0,0 +1,233 @@ +notice('MODULAR: openstack-controller.pp') + +$network_scheme = hiera_hash('network_scheme', {}) +$network_metadata = hiera_hash('network_metadata', {}) +prepare_network_config($network_scheme) + +$nova_rate_limits = hiera('nova_rate_limits') +$primary_controller = hiera('primary_controller') +$use_neutron = hiera('use_neutron', false) +$nova_report_interval = hiera('nova_report_interval') +$nova_service_down_time = hiera('nova_service_down_time') +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$syslog_log_facility_glance = hiera('syslog_log_facility_glance', 'LOG_LOCAL2') +$syslog_log_facility_neutron = hiera('syslog_log_facility_neutron', 'LOG_LOCAL4') +$syslog_log_facility_nova = hiera('syslog_log_facility_nova','LOG_LOCAL6') +$syslog_log_facility_keystone = hiera('syslog_log_facility_keystone', 'LOG_LOCAL7') +$management_vip = hiera('management_vip') +$public_vip = hiera('public_vip') +$sahara_hash = hiera_hash('sahara', {}) +$nodes_hash = hiera('nodes', {}) +$mysql_hash = hiera_hash('mysql', {}) +$access_hash = hiera_hash('access', {}) +$keystone_hash = hiera_hash('keystone', {}) +$glance_hash = hiera_hash('glance', {}) +$storage_hash = hiera_hash('storage', {}) +$nova_hash = hiera_hash('nova', {}) +$nova_config_hash = hiera_hash('nova_config', {}) +$api_bind_address = get_network_role_property('nova/api', 'ipaddr') +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$ceilometer_hash = hiera_hash('ceilometer',{}) +$syslog_log_facility_ceph = hiera('syslog_log_facility_ceph','LOG_LOCAL0') +$workloads_hash = hiera_hash('workloads_collector', {}) +$service_endpoint = hiera('service_endpoint') +$db_host = pick($nova_hash['db_host'], hiera('database_vip')) +$nova_db_user = pick($nova_hash['db_user'], 'nova') +$keystone_user = pick($nova_hash['user'], 'nova') +$keystone_tenant = pick($nova_hash['tenant'], 'services') +$glance_api_servers = hiera('glance_api_servers', "$management_vip:9292") +$region = hiera('region', 'RegionOne') +$service_workers = pick($nova_hash['workers'], + min(max($::processorcount, 2), 16)) +$ironic_hash = hiera_hash('ironic', {}) + +$memcache_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles')) +$memcache_ipaddrs = ipsort(values(get_node_to_ipaddr_map_by_network_role($memcache_nodes,'mgmt/memcache'))) +$roles = node_roles($nodes_hash, hiera('uid')) +$openstack_controller_hash = hiera_hash('openstack_controller', {}) + +$floating_hash = {} + +if $use_neutron { + $network_provider = 'neutron' + $novanetwork_params = {} + $neutron_config = hiera_hash('quantum_settings') + $neutron_db_password = $neutron_config['database']['passwd'] + $neutron_user_password = $neutron_config['keystone']['admin_password'] + $neutron_metadata_proxy_secret = $neutron_config['metadata']['metadata_proxy_shared_secret'] + $base_mac = $neutron_config['L2']['base_mac'] +} else { + $network_provider = 'nova' + $floating_ips_range = hiera('floating_network_range') + $neutron_config = {} + $novanetwork_params = hiera('novanetwork_parameters') +} + +# SQLAlchemy backend configuration +$max_pool_size = min($::processorcount * 5 + 0, 30 + 0) +$max_overflow = min($::processorcount * 5 + 0, 60 + 0) +$max_retries = '-1' +$idle_timeout = '3600' + +# TODO: openstack_version is confusing, there's such string var in hiera and hardcoded hash +$hiera_openstack_version = hiera('openstack_version') +$openstack_version = { + 'keystone' => 'installed', + 'glance' => 'installed', + 'horizon' => 'installed', + 'nova' => 'installed', + 'novncproxy' => 'installed', + 'cinder' => 'installed', +} + +################################################################# +if hiera('use_vcenter', false) or hiera('libvirt_type') == 'vcenter' { + $multi_host = false +} else { + $multi_host = true +} + +class { '::openstack::controller': + private_interface => $use_neutron ? { true=>false, default=>hiera('private_int')}, + public_interface => hiera('public_int', undef), + public_address => $public_vip, # It is feature for HA mode. + internal_address => $management_vip, # All internal traffic goes + admin_address => $management_vip, # through load balancer. + floating_range => $use_neutron ? { true =>$floating_hash, default =>false}, + fixed_range => $use_neutron ? { true =>false, default =>hiera('fixed_network_range')}, + multi_host => $multi_host, + network_config => hiera('network_config', {}), + num_networks => hiera('num_networks', undef), + network_size => hiera('network_size', undef), + network_manager => hiera('network_manager', undef), + network_provider => $network_provider, + verbose => pick($openstack_controller_hash['verbose'], true), + debug => pick($openstack_controller_hash['debug'], hiera('debug', true)), + auto_assign_floating_ip => hiera('auto_assign_floating_ip', false), + glance_api_servers => $glance_api_servers, + primary_controller => $primary_controller, + novnc_address => $api_bind_address, + nova_db_user => $nova_db_user, + nova_db_password => $nova_hash[db_password], + nova_user => $keystone_user, + nova_user_password => $nova_hash[user_password], + nova_user_tenant => $keystone_tenant, + nova_hash => $nova_hash, + queue_provider => 'rabbitmq', + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $rabbit_hash['user'], + amqp_password => $rabbit_hash['password'], + rabbit_ha_queues => true, + cache_server_ip => $memcache_ipaddrs, + api_bind_address => $api_bind_address, + db_host => $db_host, + service_endpoint => $service_endpoint, + neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret, + cinder => true, + ceilometer => $ceilometer_hash[enabled], + service_workers => $service_workers, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + syslog_log_facility_nova => $syslog_log_facility_nova, + nova_rate_limits => $nova_rate_limits, + nova_report_interval => $nova_report_interval, + nova_service_down_time => $nova_service_down_time, + ha_mode => true, + # SQLALchemy backend + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + idle_timeout => $idle_timeout, +} + +#TODO: PUT this configuration stanza into nova class +nova_config { 'DEFAULT/use_cow_images': value => hiera('use_cow_images')} + +if $primary_controller { + + $haproxy_stats_url = "http://${management_vip}:10000/;csv" + + haproxy_backend_status { 'nova-api' : + name => 'nova-api-2', + url => $haproxy_stats_url, + } + + Openstack::Ha::Haproxy_service <| |> -> Haproxy_backend_status <| |> + + Class['nova::api'] -> Haproxy_backend_status['nova-api'] + + exec { 'create-m1.micro-flavor' : + path => '/sbin:/usr/sbin:/bin:/usr/bin', + environment => [ + "OS_TENANT_NAME=${keystone_tenant}", + "OS_USERNAME=${keystone_user}", + "OS_PASSWORD=${nova_hash['user_password']}", + "OS_AUTH_URL=http://${service_endpoint}:5000/v2.0/", + 'OS_ENDPOINT_TYPE=internalURL', + "OS_REGION_NAME=${region}", + "NOVA_ENDPOINT_TYPE=internalURL", + ], + command => 'bash -c "nova flavor-create --is-public true m1.micro auto 64 0 1"', + #FIXME(mattymo): Upstream bug PUP-2299 for retries in unless/onlyif + unless => 'bash -c "for tries in {1..10}; do nova flavor-list | grep -q m1.micro && exit 0; sleep 2; done"; exit 1', + tries => 10, + try_sleep => 2, + require => Class['nova'], + } + + Haproxy_backend_status <| |> -> Exec<| title == 'create-m1.micro-flavor' |> + + if ! $use_neutron { + nova_floating_range { $floating_ips_range: + ensure => 'present', + pool => 'nova', + username => $access_hash[user], + api_key => $access_hash[password], + auth_method => 'password', + auth_url => "http://${service_endpoint}:5000/v2.0/", + authtenant_name => $access_hash[tenant], + api_retries => 10, + } + Haproxy_backend_status['nova-api'] -> Nova_floating_range <| |> + } +} + +nova_config { + 'DEFAULT/teardown_unused_network_gateway': value => 'True' +} + +if $sahara_hash['enabled'] { + $nova_scheduler_default_filters = [ 'DifferentHostFilter' ] + if $storage_hash['volumes_lvm'] { + $cinder_scheduler_filters = [ 'InstanceLocalityFilter' ] + } else { + $cinder_scheduler_filters = [] + } +} else { + $nova_scheduler_default_filters = [] + $cinder_scheduler_filters = [] +} + +if $ironic_hash['enabled'] { + $scheduler_host_manager = 'nova.scheduler.ironic_host_manager.IronicHostManager' +} + +class { '::nova::scheduler::filter': + cpu_allocation_ratio => pick($nova_hash['cpu_allocation_ratio'], '8.0'), + disk_allocation_ratio => pick($nova_hash['disk_allocation_ratio'], '1.0'), + ram_allocation_ratio => pick($nova_hash['ram_allocation_ratio'], '1.0'), + scheduler_host_subset_size => pick($nova_hash['scheduler_host_subset_size'], '30'), + scheduler_default_filters => concat($nova_scheduler_default_filters, pick($nova_config_hash['default_filters'], [ 'RetryFilter', 'AvailabilityZoneFilter', 'RamFilter', 'CoreFilter', 'DiskFilter', 'ComputeFilter', 'ComputeCapabilitiesFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter' ])), + scheduler_host_manager => $scheduler_host_manager, +} + +class { 'cinder::scheduler::filter': + scheduler_default_filters => concat($cinder_scheduler_filters, [ 'AvailabilityZoneFilter', 'CapacityFilter', 'CapabilitiesFilter' ]) +} + +# From logasy filter.pp +nova_config { + 'DEFAULT/ram_weight_multiplier': value => '1.0' +} + diff --git a/f2s/resources/openstack-controller/meta.yaml b/f2s/resources/openstack-controller/meta.yaml new file mode 100644 index 00000000..05b1cf94 --- /dev/null +++ b/f2s/resources/openstack-controller/meta.yaml @@ -0,0 +1,110 @@ +id: openstack-controller +handler: puppetv2 +version: '8.0' +inputs: + access: + value: null + amqp_hosts: + value: null + auto_assign_floating_ip: + value: null + ceilometer: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + glance: + value: null + glance_api_servers: + value: null + ironic: + value: null + keystone: + value: null + libvirt_type: + value: null + management_vip: + value: null + memcache_roles: + value: null + mysql: + value: null + network_config: + value: null + network_manager: + value: null + network_metadata: + value: null + network_scheme: + value: null + network_size: + value: null + nodes: + value: null + nova: + value: null + nova_config: + value: null + nova_quota: + value: null + nova_rate_limits: + value: null + nova_report_interval: + value: null + nova_service_down_time: + value: null + num_networks: + value: null + openstack_controller: + value: null + openstack_version: + value: null + primary_controller: + value: null + public_int: + value: null + public_vip: + value: null + puppet_modules: + value: null + quantum_settings: + value: null + rabbit_hash: + value: null + region: + value: null + role: + value: null + sahara: + value: null + service_endpoint: + value: null + storage: + value: null + syslog_log_facility_ceph: + value: null + syslog_log_facility_glance: + value: null + syslog_log_facility_keystone: + value: null + syslog_log_facility_neutron: + value: null + syslog_log_facility_nova: + value: null + uid: + value: null + use_cow_images: + value: null + use_neutron: + value: null + use_stderr: + value: null + use_syslog: + value: null + use_vcenter: + value: null + workloads_collector: + value: null diff --git a/f2s/resources/openstack-haproxy-ceilometer/actions/run.pp b/f2s/resources/openstack-haproxy-ceilometer/actions/run.pp new file mode 100644 index 00000000..74edc62e --- /dev/null +++ b/f2s/resources/openstack-haproxy-ceilometer/actions/run.pp @@ -0,0 +1,23 @@ +notice('MODULAR: openstack-haproxy-ceilometer.pp') + +$ceilometer_hash = hiera_hash('ceilometer',{}) +# NOT enabled by default +$use_ceilometer = pick($ceilometer_hash['enabled'], false) +$public_ssl_hash = hiera('public_ssl') +$ceilometer_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceilometer_nodes'), 'ceilometer/api') + +if ($use_ceilometer) { + $server_names = hiera_array('ceilometer_names', keys($ceilometer_address_map)) + $ipaddresses = hiera_array('ceilometer_ipaddresses', values($ceilometer_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure ceilometer ha proxy + class { '::openstack::ha::ceilometer': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-ceilometer/meta.yaml b/f2s/resources/openstack-haproxy-ceilometer/meta.yaml new file mode 100644 index 00000000..f61cb4dc --- /dev/null +++ b/f2s/resources/openstack-haproxy-ceilometer/meta.yaml @@ -0,0 +1,16 @@ +id: openstack-haproxy-ceilometer +handler: puppetv2 +version: '8.0' +inputs: + ceilometer: + value: null + ceilometer_nodes: + value: null + fqdn: + value: null + public_ssl: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-cinder/actions/run.pp b/f2s/resources/openstack-haproxy-cinder/actions/run.pp new file mode 100644 index 00000000..238e0ecd --- /dev/null +++ b/f2s/resources/openstack-haproxy-cinder/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: openstack-haproxy-cinder.pp') + +$network_metadata = hiera_hash('network_metadata') +$cinder_hash = hiera_hash('cinder_hash', {}) +# enabled by default +$use_cinder = pick($cinder_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') + +$cinder_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('cinder_nodes'), 'cinder/api') +if ($use_cinder) { + $server_names = hiera_array('cinder_names', keys($cinder_address_map)) + $ipaddresses = hiera_array('cinder_ipaddresses', values($cinder_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure cinder ha proxy + class { '::openstack::ha::cinder': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-cinder/meta.yaml b/f2s/resources/openstack-haproxy-cinder/meta.yaml new file mode 100644 index 00000000..e831c7d4 --- /dev/null +++ b/f2s/resources/openstack-haproxy-cinder/meta.yaml @@ -0,0 +1,26 @@ +id: openstack-haproxy-cinder +handler: puppetv2 +version: '8.0' +inputs: + cinder_hash: + value: null + cinder_ipaddresses: + value: null + cinder_names: + value: null + cinder_nodes: + value: null + fqdn: + value: null + management_vip: + value: null + network_metadata: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-glance/actions/run.pp b/f2s/resources/openstack-haproxy-glance/actions/run.pp new file mode 100644 index 00000000..14dec201 --- /dev/null +++ b/f2s/resources/openstack-haproxy-glance/actions/run.pp @@ -0,0 +1,26 @@ +notice('MODULAR: openstack-haproxy-glance.pp') + +$network_metadata = hiera_hash('network_metadata') +$glance_hash = hiera_hash('glance', {}) +# enabled by default +$use_glance = pick($glance_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') + + +#todo(sv): change to 'glance' as soon as glance as node-role was ready +$glances_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'glance/api') + +if ($use_glance) { + $server_names = hiera_array('glance_names', keys($glances_address_map)) + $ipaddresses = hiera_array('glance_ipaddresses', values($glances_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + class { '::openstack::ha::glance': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-glance/meta.yaml b/f2s/resources/openstack-haproxy-glance/meta.yaml new file mode 100644 index 00000000..0b24818f --- /dev/null +++ b/f2s/resources/openstack-haproxy-glance/meta.yaml @@ -0,0 +1,24 @@ +id: openstack-haproxy-glance +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + glance: + value: null + glance_ipaddresses: + value: null + glance_names: + value: null + management_vip: + value: null + network_metadata: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-heat/actions/run.pp b/f2s/resources/openstack-haproxy-heat/actions/run.pp new file mode 100644 index 00000000..4bbf4336 --- /dev/null +++ b/f2s/resources/openstack-haproxy-heat/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: openstack-haproxy-heat.pp') + +$heat_hash = hiera_hash('heat', {}) +# enabled by default +$use_heat = pick($heat_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') +$network_metadata = hiera_hash('network_metadata') +$heat_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('heat_roles')), 'heat/api') + +if ($use_heat) { + $server_names = hiera_array('heat_names',keys($heat_address_map)) + $ipaddresses = hiera_array('heat_ipaddresses', values($heat_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + +# configure heat ha proxy + class { '::openstack::ha::heat': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-heat/meta.yaml b/f2s/resources/openstack-haproxy-heat/meta.yaml new file mode 100644 index 00000000..eaef0fa4 --- /dev/null +++ b/f2s/resources/openstack-haproxy-heat/meta.yaml @@ -0,0 +1,26 @@ +id: openstack-haproxy-heat +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + heat: + value: null + heat_ipaddresses: + value: null + heat_names: + value: null + heat_roles: + value: null + management_vip: + value: null + network_metadata: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-horizon/actions/run.pp b/f2s/resources/openstack-haproxy-horizon/actions/run.pp new file mode 100644 index 00000000..a491245a --- /dev/null +++ b/f2s/resources/openstack-haproxy-horizon/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: openstack-haproxy-horizon.pp') + +$network_metadata = hiera_hash('network_metadata') +$horizon_hash = hiera_hash('horizon', {}) +# enabled by default +$use_horizon = pick($horizon_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') + +$horizon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('horizon_nodes'), 'horizon') +if ($use_horizon) { + $server_names = hiera_array('horizon_names', keys($horizon_address_map)) + $ipaddresses = hiera_array('horizon_ipaddresses', values($horizon_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure horizon ha proxy + class { '::openstack::ha::horizon': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + use_ssl => $public_ssl_hash['horizon'], + } +} diff --git a/f2s/resources/openstack-haproxy-horizon/meta.yaml b/f2s/resources/openstack-haproxy-horizon/meta.yaml new file mode 100644 index 00000000..01b55985 --- /dev/null +++ b/f2s/resources/openstack-haproxy-horizon/meta.yaml @@ -0,0 +1,26 @@ +id: openstack-haproxy-horizon +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + horizon: + value: null + horizon_ipaddresses: + value: null + horizon_names: + value: null + horizon_nodes: + value: null + management_vip: + value: null + network_metadata: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-ironic/actions/run.pp b/f2s/resources/openstack-haproxy-ironic/actions/run.pp new file mode 100644 index 00000000..df256fc6 --- /dev/null +++ b/f2s/resources/openstack-haproxy-ironic/actions/run.pp @@ -0,0 +1,22 @@ +notice('MODULAR: openstack-haproxy-ironic.pp') + +$network_metadata = hiera_hash('network_metadata') +$public_ssl_hash = hiera('public_ssl') +$ironic_hash = hiera_hash('ironic', {}) + +$ironic_address_map = get_node_to_ipaddr_map_by_network_role(hiera('ironic_api_nodes'), 'ironic/api') + +$server_names = hiera_array('ironic_server_names', keys($ironic_address_map)) +$ipaddresses = hiera_array('ironic_ipaddresses', values($ironic_address_map)) +$public_virtual_ip = hiera('public_vip') +$internal_virtual_ip = hiera('management_vip') +$baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr'] + +class { '::openstack::ha::ironic': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + baremetal_virtual_ip => $baremetal_virtual_ip, +} diff --git a/f2s/resources/openstack-haproxy-ironic/meta.yaml b/f2s/resources/openstack-haproxy-ironic/meta.yaml new file mode 100644 index 00000000..88ca5135 --- /dev/null +++ b/f2s/resources/openstack-haproxy-ironic/meta.yaml @@ -0,0 +1,8 @@ +id: openstack-haproxy-ironic +handler: puppetv2 +version: '8.0' +inputs: + ironic: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/openstack-haproxy-keystone/actions/run.pp b/f2s/resources/openstack-haproxy-keystone/actions/run.pp new file mode 100644 index 00000000..8772ac4c --- /dev/null +++ b/f2s/resources/openstack-haproxy-keystone/actions/run.pp @@ -0,0 +1,29 @@ +notice('MODULAR: openstack-haproxy-keystone.pp') + +$network_metadata = hiera_hash('network_metadata') +$keystone_hash = hiera_hash('keystone', {}) +# enabled by default +$use_keystone = pick($keystone_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') + +#todo(sv): change to 'keystone' as soon as keystone as node-role was ready +$keystones_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, ['primary-controller', 'controller']), 'keystone/api') + +if ($use_keystone) { + $server_names = pick(hiera_array('keystone_names', undef), + keys($keystones_address_map)) + $ipaddresses = pick(hiera_array('keystone_ipaddresses', undef), + values($keystones_address_map)) + $public_virtual_ip = pick(hiera('public_service_endpoint', undef), hiera('public_vip')) + $internal_virtual_ip = pick(hiera('service_endpoint', undef), hiera('management_vip')) + + + # configure keystone ha proxy + class { '::openstack::ha::keystone': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-keystone/meta.yaml b/f2s/resources/openstack-haproxy-keystone/meta.yaml new file mode 100644 index 00000000..f55d40d0 --- /dev/null +++ b/f2s/resources/openstack-haproxy-keystone/meta.yaml @@ -0,0 +1,28 @@ +id: openstack-haproxy-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + keystone: + value: null + keystone_ipaddresses: + value: null + keystone_names: + value: null + management_vip: + value: null + network_metadata: + value: null + public_service_endpoint: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null diff --git a/f2s/resources/openstack-haproxy-murano/actions/run.pp b/f2s/resources/openstack-haproxy-murano/actions/run.pp new file mode 100644 index 00000000..5224a2e0 --- /dev/null +++ b/f2s/resources/openstack-haproxy-murano/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: openstack-haproxy-murano.pp') + +$murano_hash = hiera_hash('murano_hash',{}) +# NOT enabled by default +$use_murano = pick($murano_hash['enabled'], false) +$public_ssl_hash = hiera('public_ssl') +$network_metadata = hiera_hash('network_metadata') +$murano_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('murano_roles')), 'murano/api') + +if ($use_murano) { + $server_names = hiera_array('murano_names',keys($murano_address_map)) + $ipaddresses = hiera_array('murano_ipaddresses', values($murano_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure murano ha proxy + class { '::openstack::ha::murano': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-murano/meta.yaml b/f2s/resources/openstack-haproxy-murano/meta.yaml new file mode 100644 index 00000000..98c4a60a --- /dev/null +++ b/f2s/resources/openstack-haproxy-murano/meta.yaml @@ -0,0 +1,18 @@ +id: openstack-haproxy-murano +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + murano_hash: + value: null + murano_roles: + value: null + network_metadata: + value: null + public_ssl: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-mysqld/actions/run.pp b/f2s/resources/openstack-haproxy-mysqld/actions/run.pp new file mode 100644 index 00000000..d2ba97c7 --- /dev/null +++ b/f2s/resources/openstack-haproxy-mysqld/actions/run.pp @@ -0,0 +1,31 @@ +notice('MODULAR: openstack-haproxy-mysqld.pp') + +$network_metadata = hiera_hash('network_metadata') +$mysql_hash = hiera_hash('mysql', {}) +# enabled by default +$use_mysql = pick($mysql_hash['enabled'], true) + +$custom_mysql_setup_class = hiera('custom_mysql_setup_class', 'galera') +$public_ssl_hash = hiera('public_ssl') + +$database_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('database_nodes'), 'mgmt/database') + +# only do this if mysql is enabled and we are using one of the galera/percona classes +if $use_mysql and ($custom_mysql_setup_class in ['galera', 'percona', 'percona_packages']) { + $server_names = hiera_array('mysqld_names', keys($database_address_map)) + $ipaddresses = hiera_array('mysqld_ipaddresses', values($database_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = pick(hiera('database_vip', undef), hiera('management_vip')) + + $primary_controller = hiera('primary_controller') + + + # configure mysql ha proxy + class { '::openstack::ha::mysqld': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + is_primary_controller => $primary_controller, + } +} diff --git a/f2s/resources/openstack-haproxy-mysqld/meta.yaml b/f2s/resources/openstack-haproxy-mysqld/meta.yaml new file mode 100644 index 00000000..749d697e --- /dev/null +++ b/f2s/resources/openstack-haproxy-mysqld/meta.yaml @@ -0,0 +1,32 @@ +id: openstack-haproxy-mysqld +handler: puppetv2 +version: '8.0' +inputs: + custom_mysql_setup_class: + value: null + database_nodes: + value: null + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql: + value: null + mysqld_ipaddresses: + value: null + mysqld_names: + value: null + network_metadata: + value: null + primary_controller: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-neutron/actions/run.pp b/f2s/resources/openstack-haproxy-neutron/actions/run.pp new file mode 100644 index 00000000..738ccfde --- /dev/null +++ b/f2s/resources/openstack-haproxy-neutron/actions/run.pp @@ -0,0 +1,22 @@ +notice('MODULAR: openstack-haproxy-neutron.pp') + +# NOT enabled by default +$use_neutron = hiera('use_neutron', false) +$public_ssl_hash = hiera('public_ssl') + +$neutron_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('neutron_nodes'), 'neutron/api') +if ($use_neutron) { + $server_names = hiera_array('neutron_names', keys($neutron_address_map)) + $ipaddresses = hiera_array('neutron_ipaddresses', values($neutron_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure neutron ha proxy + class { '::openstack::ha::neutron': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-neutron/meta.yaml b/f2s/resources/openstack-haproxy-neutron/meta.yaml new file mode 100644 index 00000000..b99d5a34 --- /dev/null +++ b/f2s/resources/openstack-haproxy-neutron/meta.yaml @@ -0,0 +1,24 @@ +id: openstack-haproxy-neutron +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + neutron_ipaddresses: + value: null + neutron_names: + value: null + neutron_nodes: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-haproxy-nova/actions/run.pp b/f2s/resources/openstack-haproxy-nova/actions/run.pp new file mode 100644 index 00000000..060d9db7 --- /dev/null +++ b/f2s/resources/openstack-haproxy-nova/actions/run.pp @@ -0,0 +1,25 @@ +notice('MODULAR: openstack-haproxy-nova.pp') + +$nova_hash = hiera_hash('nova', {}) +# enabled by default +$use_nova = pick($nova_hash['enabled'], true) +$public_ssl_hash = hiera('public_ssl') + +$nova_api_address_map = get_node_to_ipaddr_map_by_network_role(hiera('nova_api_nodes'), 'nova/api') + +if ($use_nova) { + $server_names = hiera_array('nova_names', keys($nova_api_address_map)) + $ipaddresses = hiera_array('nova_ipaddresses', values($nova_api_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + + # configure nova ha proxy + class { '::openstack::ha::nova': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-nova/meta.yaml b/f2s/resources/openstack-haproxy-nova/meta.yaml new file mode 100644 index 00000000..a4dfc852 --- /dev/null +++ b/f2s/resources/openstack-haproxy-nova/meta.yaml @@ -0,0 +1,24 @@ +id: openstack-haproxy-nova +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + nova: + value: null + nova_api_nodes: + value: null + nova_ipaddresses: + value: null + nova_names: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-haproxy-radosgw/actions/run.pp b/f2s/resources/openstack-haproxy-radosgw/actions/run.pp new file mode 100644 index 00000000..f5911423 --- /dev/null +++ b/f2s/resources/openstack-haproxy-radosgw/actions/run.pp @@ -0,0 +1,34 @@ +notice('MODULAR: openstack-haproxy-radosgw.pp') + +$network_metadata = hiera_hash('network_metadata') +$storage_hash = hiera_hash('storage', {}) +$public_ssl_hash = hiera('public_ssl') + + +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $use_swift = true +} else { + $use_swift = false +} +if !($use_swift) and ($storage_hash['objects_ceph']) { + $use_radosgw = true +} else { + $use_radosgw = false +} + +if $use_radosgw { + $rgw_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_rgw_nodes'), 'ceph/radosgw') + $server_names = hiera_array('radosgw_server_names', keys($rgw_address_map)) + $ipaddresses = hiera_array('radosgw_ipaddresses', values($rgw_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure radosgw ha proxy + class { '::openstack::ha::radosgw': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-radosgw/meta.yaml b/f2s/resources/openstack-haproxy-radosgw/meta.yaml new file mode 100644 index 00000000..4fe901ff --- /dev/null +++ b/f2s/resources/openstack-haproxy-radosgw/meta.yaml @@ -0,0 +1,16 @@ +id: openstack-haproxy-radosgw +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_metadata: + value: null + public_ssl: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null diff --git a/f2s/resources/openstack-haproxy-sahara/actions/run.pp b/f2s/resources/openstack-haproxy-sahara/actions/run.pp new file mode 100644 index 00000000..4f76a2f2 --- /dev/null +++ b/f2s/resources/openstack-haproxy-sahara/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: openstack-haproxy-sahara.pp') + +$sahara_hash = hiera_hash('sahara_hash',{}) +# NOT enabled by default +$use_sahara = pick($sahara_hash['enabled'], false) +$public_ssl_hash = hiera('public_ssl') +$network_metadata = hiera_hash('network_metadata') +$sahara_address_map = get_node_to_ipaddr_map_by_network_role(get_nodes_hash_by_roles($network_metadata, hiera('sahara_roles')), 'sahara/api') + +if ($use_sahara) { + $server_names = hiera_array('sahara_names',keys($sahara_address_map)) + $ipaddresses = hiera_array('sahara_ipaddresses', values($sahara_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + # configure sahara ha proxy + class { '::openstack::ha::sahara': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + } +} diff --git a/f2s/resources/openstack-haproxy-sahara/meta.yaml b/f2s/resources/openstack-haproxy-sahara/meta.yaml new file mode 100644 index 00000000..fdfcbe77 --- /dev/null +++ b/f2s/resources/openstack-haproxy-sahara/meta.yaml @@ -0,0 +1,18 @@ +id: openstack-haproxy-sahara +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_metadata: + value: null + public_ssl: + value: null + puppet_modules: + value: null + role: + value: null + sahara_hash: + value: null + sahara_roles: + value: null diff --git a/f2s/resources/openstack-haproxy-stats/actions/run.pp b/f2s/resources/openstack-haproxy-stats/actions/run.pp new file mode 100644 index 00000000..cfcf71d6 --- /dev/null +++ b/f2s/resources/openstack-haproxy-stats/actions/run.pp @@ -0,0 +1,7 @@ +notice('MODULAR: openstack-haproxy-stats.pp') + +$internal_virtual_ip = unique([hiera('management_vip'), hiera('database_vip'), hiera('service_endpoint')]) + +class { '::openstack::ha::stats': + internal_virtual_ip => $internal_virtual_ip, +} diff --git a/f2s/resources/openstack-haproxy-stats/meta.yaml b/f2s/resources/openstack-haproxy-stats/meta.yaml new file mode 100644 index 00000000..98072cdc --- /dev/null +++ b/f2s/resources/openstack-haproxy-stats/meta.yaml @@ -0,0 +1,16 @@ +id: openstack-haproxy-stats +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null diff --git a/f2s/resources/openstack-haproxy-swift/actions/run.pp b/f2s/resources/openstack-haproxy-swift/actions/run.pp new file mode 100644 index 00000000..01819d46 --- /dev/null +++ b/f2s/resources/openstack-haproxy-swift/actions/run.pp @@ -0,0 +1,37 @@ +notice('MODULAR: openstack-haproxy-swift.pp') + +$network_metadata = hiera_hash('network_metadata') +$storage_hash = hiera_hash('storage', {}) +$swift_proxies = hiera_hash('swift_proxies', undef) +$public_ssl_hash = hiera('public_ssl') +$ironic_hash = hiera_hash('ironic', {}) + +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $use_swift = true +} else { + $use_swift = false +} + +$swift_proxies_address_map = get_node_to_ipaddr_map_by_network_role($swift_proxies, 'swift/api') + +if ($use_swift) { + + $server_names = hiera_array('swift_server_names', keys($swift_proxies_address_map)) + $ipaddresses = hiera_array('swift_ipaddresses', values($swift_proxies_address_map)) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + if $ironic_hash['enabled'] { + $baremetal_virtual_ip = $network_metadata['vips']['baremetal']['ipaddr'] + } + + # configure swift ha proxy + class { '::openstack::ha::swift': + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public_ssl => $public_ssl_hash['services'], + baremetal_virtual_ip => $baremetal_virtual_ip, + } +} diff --git a/f2s/resources/openstack-haproxy-swift/meta.yaml b/f2s/resources/openstack-haproxy-swift/meta.yaml new file mode 100644 index 00000000..985d727a --- /dev/null +++ b/f2s/resources/openstack-haproxy-swift/meta.yaml @@ -0,0 +1,28 @@ +id: openstack-haproxy-swift +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + ironic: + value: null + management_vip: + value: null + network_metadata: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null + swift_ipaddresses: + value: null + swift_proxies: + value: null + swift_server_names: + value: null diff --git a/f2s/resources/openstack-haproxy/actions/run.pp b/f2s/resources/openstack-haproxy/actions/run.pp new file mode 100644 index 00000000..c38ce7dc --- /dev/null +++ b/f2s/resources/openstack-haproxy/actions/run.pp @@ -0,0 +1,3 @@ +notice('MODULAR: openstack-haproxy.pp') +# This is a placeholder task that is used to tie all the haproxy tasks together. +# Any haproxy configurations should go in a openstack-haproxy- task diff --git a/f2s/resources/openstack-haproxy/meta.yaml b/f2s/resources/openstack-haproxy/meta.yaml new file mode 100644 index 00000000..7ce44222 --- /dev/null +++ b/f2s/resources/openstack-haproxy/meta.yaml @@ -0,0 +1,10 @@ +id: openstack-haproxy +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-network-agents-dhcp/actions/run.pp b/f2s/resources/openstack-network-agents-dhcp/actions/run.pp new file mode 100644 index 00000000..2c8a35f8 --- /dev/null +++ b/f2s/resources/openstack-network-agents-dhcp/actions/run.pp @@ -0,0 +1,39 @@ +notice('MODULAR: openstack-network/agents/dhcp.pp') + +$use_neutron = hiera('use_neutron', false) + +class neutron {} +class { 'neutron' :} + +if $use_neutron { + + $debug = hiera('debug', true) + $resync_interval = '30' + $isolated_metadata = try_get_value($neutron_config, 'metadata/isolated_metadata', true) + + $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { }) + $ha_agent = try_get_value($neutron_advanced_config, 'dhcp_agent_ha', true) + + class { 'neutron::agents::dhcp': + debug => $debug, + resync_interval => $resync_interval, + manage_service => true, + enable_isolated_metadata => $isolated_metadata, + dhcp_delete_namespaces => true, + enabled => true, + } + + if $ha_agent { + $primary_controller = hiera('primary_controller') + class { 'cluster::neutron::dhcp' : + primary => $primary_controller, + } + } + + #======================== + package { 'neutron': + name => 'binutils', + ensure => 'installed', + } + +} diff --git a/f2s/resources/openstack-network-agents-dhcp/meta.yaml b/f2s/resources/openstack-network-agents-dhcp/meta.yaml new file mode 100644 index 00000000..0a9fdba2 --- /dev/null +++ b/f2s/resources/openstack-network-agents-dhcp/meta.yaml @@ -0,0 +1,18 @@ +id: openstack-network-agents-dhcp +handler: puppetv2 +version: '8.0' +inputs: + debug: + value: null + fqdn: + value: null + neutron_advanced_configuration: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-agents-l3/actions/run.pp b/f2s/resources/openstack-network-agents-l3/actions/run.pp new file mode 100644 index 00000000..8a275768 --- /dev/null +++ b/f2s/resources/openstack-network-agents-l3/actions/run.pp @@ -0,0 +1,59 @@ +notice('MODULAR: openstack-network/agents/l3.pp') + +$use_neutron = hiera('use_neutron', false) + +class neutron {} +class { 'neutron' :} + +$neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { }) +$dvr = pick($neutron_advanced_config['neutron_dvr'], false) + +$role = hiera('role') +$controller = $role in ['controller', 'primary-controller'] +$compute = $role in ['compute'] + +if $use_neutron and ($controller or ($dvr and $compute)) { + $debug = hiera('debug', true) + $metadata_port = '8775' + $network_scheme = hiera('network_scheme', {}) + + if $controller { + if $dvr { + $agent_mode = 'dvr-snat' + } else { + $agent_mode = 'legacy' + } + } else { + # works on copute nodes only if dvr is enabled + $agent_mode = 'dvr' + } + + prepare_network_config($network_scheme) + + $ha_agent = try_get_value($neutron_advanced_config, 'l3_agent_ha', true) + $external_network_bridge = get_network_role_property('neutron/floating', 'interface') + + class { 'neutron::agents::l3': + debug => $debug, + metadata_port => $metadata_port, + external_network_bridge => $external_network_bridge, + manage_service => true, + enabled => true, + router_delete_namespaces => true, + agent_mode => $agent_mode, + } + + if $ha_agent { + $primary_controller = hiera('primary_controller') + cluster::neutron::l3 { 'default-l3' : + primary => $primary_controller, + } + } + + #======================== + package { 'neutron': + name => 'binutils', + ensure => 'installed', + } + +} diff --git a/f2s/resources/openstack-network-agents-l3/meta.yaml b/f2s/resources/openstack-network-agents-l3/meta.yaml new file mode 100644 index 00000000..83a470da --- /dev/null +++ b/f2s/resources/openstack-network-agents-l3/meta.yaml @@ -0,0 +1,20 @@ +id: openstack-network-agents-l3 +handler: puppetv2 +version: '8.0' +inputs: + debug: + value: null + fqdn: + value: null + network_scheme: + value: null + neutron_advanced_configuration: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-agents-metadata/actions/run.pp b/f2s/resources/openstack-network-agents-metadata/actions/run.pp new file mode 100644 index 00000000..56f24e3a --- /dev/null +++ b/f2s/resources/openstack-network-agents-metadata/actions/run.pp @@ -0,0 +1,57 @@ +notice('MODULAR: openstack-network/agents/metadata.pp') + +$use_neutron = hiera('use_neutron', false) + +class neutron {} +class { 'neutron' :} + +if $use_neutron { + $debug = hiera('debug', true) + $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { }) + $ha_agent = try_get_value($neutron_advanced_config, 'metadata_agent_ha', true) + + $auth_region = hiera('region', 'RegionOne') + $service_endpoint = hiera('service_endpoint') + $auth_api_version = 'v2.0' + $admin_identity_uri = "http://${service_endpoint}:35357" + $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" + + $neutron_config = hiera_hash('neutron_config') + + $keystone_user = try_get_value($neutron_config, 'keystone/admin_user', 'neutron') + $keystone_tenant = try_get_value($neutron_config, 'keystone/admin_tenant', 'services') + $neutron_user_password = try_get_value($neutron_config, 'keystone/admin_password') + + $shared_secret = try_get_value($neutron_config, 'metadata/metadata_proxy_shared_secret') + + $management_vip = hiera('management_vip') + $nova_endpoint = hiera('nova_endpoint', $management_vip) + + class { 'neutron::agents::metadata': + debug => $debug, + auth_region => $auth_region, + auth_url => $admin_auth_url, + auth_user => $keystone_user, + auth_tenant => $keystone_tenant, + auth_password => $neutron_user_password, + shared_secret => $shared_secret, + metadata_ip => $nova_endpoint, + manage_service => true, + enabled => true, + + } + + if $ha_agent { + $primary_controller = hiera('primary_controller') + class { 'cluster::neutron::metadata' : + primary => $primary_controller, + } + } + + #======================== + package { 'neutron': + name => 'binutils', + ensure => 'installed', + } + +} diff --git a/f2s/resources/openstack-network-agents-metadata/meta.yaml b/f2s/resources/openstack-network-agents-metadata/meta.yaml new file mode 100644 index 00000000..6b288cd4 --- /dev/null +++ b/f2s/resources/openstack-network-agents-metadata/meta.yaml @@ -0,0 +1,28 @@ +id: openstack-network-agents-metadata +handler: puppetv2 +version: '8.0' +inputs: + debug: + value: null + fqdn: + value: null + management_vip: + value: null + neutron_advanced_configuration: + value: null + neutron_config: + value: null + nova_endpoint: + value: null + primary_controller: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-common-config/actions/run.pp b/f2s/resources/openstack-network-common-config/actions/run.pp new file mode 100644 index 00000000..66b49530 --- /dev/null +++ b/f2s/resources/openstack-network-common-config/actions/run.pp @@ -0,0 +1,110 @@ +notice('MODULAR: openstack-network/common-config.pp') + +$use_neutron = hiera('use_neutron', false) + +if $use_neutron { + + $openstack_network_hash = hiera_hash('openstack_network', { }) + $neutron_config = hiera_hash('neutron_config') + + $core_plugin = 'neutron.plugins.ml2.plugin.Ml2Plugin' + $service_plugins = [ + 'neutron.services.l3_router.l3_router_plugin.L3RouterPlugin', + 'neutron.services.metering.metering_plugin.MeteringPlugin', + ] + + $rabbit_hash = hiera_hash('rabbit_hash', { }) + $ceilometer_hash = hiera_hash('ceilometer', { }) + $network_scheme = hiera_hash('network_scheme') + + $verbose = pick($openstack_network_hash['verbose'], hiera('verbose', true)) + $debug = pick($openstack_network_hash['debug'], hiera('debug', true)) + $use_syslog = hiera('use_syslog', true) + $use_stderr = hiera('use_stderr', false) + $log_facility = hiera('syslog_log_facility_neutron', 'LOG_LOCAL4') + + prepare_network_config($network_scheme) + $bind_host = get_network_role_property('neutron/api', 'ipaddr') + + $base_mac = $neutron_config['L2']['base_mac'] + $use_ceilometer = $ceilometer_hash['enabled'] + $amqp_hosts = split(hiera('amqp_hosts', ''), ',') + $amqp_user = $rabbit_hash['user'] + $amqp_password = $rabbit_hash['password'] + + $segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type') + + $nets = $neutron_config['predefined_networks'] + + if $segmentation_type == 'vlan' { + $net_role_property = 'neutron/private' + $iface = get_network_role_property($net_role_property, 'phys_dev') + $mtu_for_virt_network = pick(get_transformation_property('mtu', $iface[0]), '1500') + $overlay_net_mtu = $mtu_for_virt_network + } else { + $net_role_property = 'neutron/mesh' + $iface = get_network_role_property($net_role_property, 'phys_dev') + $physical_net_mtu = pick(get_transformation_property('mtu', $iface[0]), '1500') + + if $segmentation_type == 'gre' { + $mtu_offset = '42' + } else { + # vxlan is the default segmentation type for non-vlan cases + $mtu_offset = '50' + } + + if $physical_net_mtu { + $overlay_net_mtu = $physical_net_mtu - $mtu_offset + } else { + $overlay_net_mtu = '1500' - $mtu_offset + } + + } + + class { 'neutron' : + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + log_facility => $log_facility, + bind_host => $bind_host, + base_mac => $base_mac, + core_plugin => $core_plugin, + service_plugins => $service_plugins, + allow_overlapping_ips => true, + mac_generation_retries => '32', + dhcp_lease_duration => '600', + dhcp_agents_per_network => '2', + report_interval => '10', + rabbit_user => $amqp_user, + rabbit_hosts => $amqp_hosts, + rabbit_password => $amqp_password, + kombu_reconnect_delay => '5.0', + network_device_mtu => $overlay_net_mtu, + advertise_mtu => true, + } + + if $use_syslog { + neutron_config { 'DEFAULT/use_syslog_rfc_format': value => true; } + } + + if $use_ceilometer { + neutron_config { 'DEFAULT/notification_driver': value => 'messaging' } + } + +} + +### SYSCTL ### + +# All nodes with network functions should have net forwarding. +# Its a requirement for network namespaces to function. +sysctl::value { 'net.ipv4.ip_forward': value => '1' } + +# All nodes with network functions should have these thresholds +# to avoid "Neighbour table overflow" problem +sysctl::value { 'net.ipv4.neigh.default.gc_thresh1': value => '4096' } +sysctl::value { 'net.ipv4.neigh.default.gc_thresh2': value => '8192' } +sysctl::value { 'net.ipv4.neigh.default.gc_thresh3': value => '16384' } + +Sysctl::Value <| |> -> Nova_config <||> +Sysctl::Value <| |> -> Neutron_config <||> diff --git a/f2s/resources/openstack-network-common-config/meta.yaml b/f2s/resources/openstack-network-common-config/meta.yaml new file mode 100644 index 00000000..b13c01fc --- /dev/null +++ b/f2s/resources/openstack-network-common-config/meta.yaml @@ -0,0 +1,34 @@ +id: openstack-network-common-config +handler: puppetv2 +version: '8.0' +inputs: + amqp_hosts: + value: null + ceilometer: + value: null + debug: + value: null + fqdn: + value: null + network_scheme: + value: null + neutron_config: + value: null + openstack_network: + value: null + puppet_modules: + value: null + rabbit_hash: + value: null + role: + value: null + syslog_log_facility_neutron: + value: null + use_neutron: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/openstack-network-compute-nova/actions/run.pp b/f2s/resources/openstack-network-compute-nova/actions/run.pp new file mode 100644 index 00000000..3fdd4b33 --- /dev/null +++ b/f2s/resources/openstack-network-compute-nova/actions/run.pp @@ -0,0 +1,267 @@ +notice('MODULAR: openstack-network/compute-nova.pp') + +$use_neutron = hiera('use_neutron', false) + +if $use_neutron { + include nova::params + $neutron_config = hiera_hash('neutron_config') + $neutron_integration_bridge = 'br-int' + $nova_hash = hiera_hash('nova') + $libvirt_vif_driver = pick($nova_hash['libvirt_vif_driver'], 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver') + + $management_vip = hiera('management_vip') + $service_endpoint = hiera('service_endpoint', $management_vip) + $neutron_endpoint = hiera('neutron_endpoint', $management_vip) + $admin_password = try_get_value($neutron_config, 'keystone/admin_password') + $admin_tenant_name = try_get_value($neutron_config, 'keystone/admin_tenant', 'services') + $admin_username = try_get_value($neutron_config, 'keystone/admin_user', 'neutron') + $region_name = hiera('region', 'RegionOne') + $auth_api_version = 'v2.0' + $admin_identity_uri = "http://${service_endpoint}:35357" + $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" + $neutron_url = "http://${neutron_endpoint}:9696" + + service { 'libvirt' : + ensure => 'running', + enable => true, + # Workaround for bug LP #1469308 + # also service name for Ubuntu and Centos is the same. + name => 'libvirtd', + provider => $nova::params::special_service_provider, + } + + exec { 'destroy_libvirt_default_network': + command => 'virsh net-destroy default', + onlyif => 'virsh net-info default | grep -qE "Active:.* yes"', + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], + tries => 3, + require => Service['libvirt'], + } + + exec { 'undefine_libvirt_default_network': + command => 'virsh net-undefine default', + onlyif => 'virsh net-info default 2>&1 > /dev/null', + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], + tries => 3, + require => Exec['destroy_libvirt_default_network'], + } + + Service['libvirt'] ~> Exec['destroy_libvirt_default_network'] + + # script called by qemu needs to manipulate the tap device + file_line { 'clear_emulator_capabilities': + path => '/etc/libvirt/qemu.conf', + line => 'clear_emulator_capabilities = 0', + notify => Service['libvirt'] + } + + file_line { 'no_qemu_selinux': + path => '/etc/libvirt/qemu.conf', + line => 'security_driver = "none"', + notify => Service['libvirt'] + } + + class { 'nova::compute::neutron': + libvirt_vif_driver => $libvirt_vif_driver, + } + + nova_config { + 'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver'; + 'DEFAULT/linuxnet_ovs_integration_bridge': value => $neutron_integration_bridge; + 'DEFAULT/network_device_mtu': value => '65000'; + } + + class { 'nova::network::neutron' : + neutron_admin_password => $admin_password, + neutron_admin_tenant_name => $admin_tenant_name, + neutron_region_name => $region_name, + neutron_admin_username => $admin_username, + neutron_admin_auth_url => $admin_auth_url, + neutron_url => $neutron_url, + neutron_ovs_bridge => $neutron_integration_bridge, + } + + augeas { 'sysctl-net.bridge.bridge-nf-call-arptables': + context => '/files/etc/sysctl.conf', + changes => "set net.bridge.bridge-nf-call-arptables '1'", + before => Service['libvirt'], + } + augeas { 'sysctl-net.bridge.bridge-nf-call-iptables': + context => '/files/etc/sysctl.conf', + changes => "set net.bridge.bridge-nf-call-iptables '1'", + before => Service['libvirt'], + } + augeas { 'sysctl-net.bridge.bridge-nf-call-ip6tables': + context => '/files/etc/sysctl.conf', + changes => "set net.bridge.bridge-nf-call-ip6tables '1'", + before => Service['libvirt'], + } + + # We need to restart nova-compute service in orderto apply new settings + # nova-compute must not be restarted until integration bridge is created by + # Neutron L2 agent. + # The reason is described here https://bugs.launchpad.net/fuel/+bug/1477475 + exec { 'wait-for-int-br': + command => "ovs-vsctl br-exists $neutron_integration_bridge", + path => [ '/sbin', '/bin', '/usr/bin', '/usr/sbin' ], + try_sleep => 6, + tries => 10, + } + Exec['wait-for-int-br'] -> Service['nova-compute'] + service { 'nova-compute': + ensure => 'running', + name => $::nova::params::compute_service_name, + } + Nova_config<| |> ~> Service['nova-compute'] + + if($::operatingsystem == 'Ubuntu') { + tweaks::ubuntu_service_override { 'nova-network': + package_name => 'nova-network', + } + } + +} else { + + $network_scheme = hiera('network_scheme', { }) + prepare_network_config($network_scheme) + + $nova_hash = hiera_hash('nova_hash', { }) + $bind_address = get_network_role_property('nova/api', 'ipaddr') + $public_int = get_network_role_property('public/vip', 'interface') + $private_interface = get_network_role_property('nova/private', 'interface') + $public_interface = $public_int ? { undef=>'', default => $public_int } + $auto_assign_floating_ip = hiera('auto_assign_floating_ip', false) + $nova_rate_limits = hiera('nova_rate_limits') + $network_size = hiera('network_size', undef) + $network_manager = hiera('network_manager', undef) + $network_config = hiera('network_config', { }) + $create_networks = true + $num_networks = hiera('num_networks', '1') + $novanetwork_params = hiera('novanetwork_parameters') + $fixed_range = hiera('fixed_network_range') + $use_vcenter = hiera('use_vcenter', false) + $enabled_apis = 'metadata' + $dns_nameservers = hiera_array('dns_nameservers', []) + + if ! $fixed_range { + fail('Must specify the fixed range when using nova-networks') + } + + if $use_vcenter { + $enable_nova_net = false + nova_config { + 'DEFAULT/multi_host': value => 'False'; + 'DEFAULT/send_arp_for_ha': value => 'False'; + } + } else { + include keystone::python + + Nova_config<| |> -> Service['nova-network'] + + case $::osfamily { + 'RedHat': { + $pymemcache_package_name = 'python-memcached' + } + 'Debian': { + $pymemcache_package_name = 'python-memcache' + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem},\ + module ${module_name} only support osfamily RedHat and Debian") + } + } + + if !defined(Package[$pymemcache_package_name]) { + package { $pymemcache_package_name: + ensure => 'present', + } -> + Nova::Generic_service <| title == 'api' |> + } + + class { 'nova::api': + ensure_package => 'installed', + enabled => true, + admin_tenant_name => $admin_tenant_name, + admin_user => 'nova', + admin_password => $nova_hash['user_password'], + enabled_apis => $enabled_apis, + api_bind_address => $bind_address, + ratelimits => $nova_rate_limits, + # NOTE(bogdando) 1 api worker for compute node is enough + osapi_compute_workers => '1', + } + + if $::operatingsystem == 'Ubuntu' { + tweaks::ubuntu_service_override { 'nova-api': + package_name => 'nova-api', + } + } + + nova_config { + 'DEFAULT/multi_host' : value => 'True'; + 'DEFAULT/send_arp_for_ha' : value => 'True'; + 'DEFAULT/metadata_host' : value => $bind_address; + } + + if ! $public_interface { + fail('public_interface must be defined for multi host compute nodes') + } + + $enable_nova_net = true + + if $auto_assign_floating_ip { + nova_config { 'DEFAULT/auto_assign_floating_ip': value => 'True' } + } + } + +# Stub for networking-refresh that is needed by Nova::Network/Nova::Generic_service[network] +# We do not need it due to l23network is doing all stuff +# BTW '/sbin/ifdown -a ; /sbin/ifup -a' does not work on CentOS + exec { 'networking-refresh': + command => '/bin/echo "networking-refresh has been refreshed"', + refreshonly => true, + } + +# Stubs for nova_paste_api_ini + exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', + refreshonly => true, + } + +# Stubs for nova_network + file { '/etc/nova/nova.conf': + ensure => 'present', + } + +# Stubs for nova-api + package { 'nova-common': + name => 'binutils', + ensure => 'installed', + } + + if $::operatingsystem == 'Ubuntu' { + tweaks::ubuntu_service_override { 'nova-network': + package_name => 'nova-network', + } + } + + class { 'nova::network': + ensure_package => 'installed', + private_interface => $private_interface, + public_interface => $public_interface, + fixed_range => $fixed_range, + floating_range => false, + network_manager => $network_manager, + config_overrides => $network_config, + create_networks => $create_networks, + num_networks => $num_networks, + network_size => $network_size, + dns1 => $dns_nameservers[0], + dns2 => $dns_nameservers[1], + enabled => $enable_nova_net, + install_service => $enable_nova_net, + } +#NOTE(aglarendil): lp/1381164 + nova_config { 'DEFAULT/force_snat_range': value => '0.0.0.0/0' } + +} diff --git a/f2s/resources/openstack-network-compute-nova/meta.yaml b/f2s/resources/openstack-network-compute-nova/meta.yaml new file mode 100644 index 00000000..fda3312e --- /dev/null +++ b/f2s/resources/openstack-network-compute-nova/meta.yaml @@ -0,0 +1,10 @@ +id: openstack-network-compute-nova +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/openstack-network-networks/actions/run.pp b/f2s/resources/openstack-network-networks/actions/run.pp new file mode 100644 index 00000000..a61d775b --- /dev/null +++ b/f2s/resources/openstack-network-networks/actions/run.pp @@ -0,0 +1,106 @@ +notice('MODULAR: openstack-network/networks.pp') + +if hiera('use_neutron', false) { + $access_hash = hiera('access', { }) + $keystone_admin_tenant = $access_hash['tenant'] + $neutron_config = hiera_hash('neutron_config') + $floating_net = try_get_value($neutron_config, 'default_floating_net', 'net04_ext') + $private_net = try_get_value($neutron_config, 'default_private_net', 'net04') + $default_router = try_get_value($neutron_config, 'default_router', 'router04') + $segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type') + $nets = $neutron_config['predefined_networks'] + + if $segmentation_type == 'vlan' { + $network_type = 'vlan' + $segmentation_id_range = split(try_get_value($neutron_config, 'L2/phys_nets/physnet2/vlan_range', ''), ':') + } elsif $segmentation_type == 'gre' { + $network_type = 'gre' + $segmentation_id_range = split(try_get_value($neutron_config, 'L2/tunnel_id_ranges', ''), ':') + } else { + $network_type = 'vxlan' + $segmentation_id_range = split(try_get_value($neutron_config, 'L2/tunnel_id_ranges', ''), ':') + } + + $fallback_segment_id = $segmentation_id_range[0] + $private_net_segment_id = try_get_value($nets, "${private_net}/L2/segment_id", $fallback_segment_id) + $private_net_physnet = try_get_value($nets, "${private_net}/L2/physnet", false) + $private_net_shared = try_get_value($nets, "${private_net}/shared", false) + $private_net_router_external = false + $floating_net_physnet = try_get_value($nets, "${floating_net}/L2/physnet", false) + $floating_net_router_external = try_get_value($nets, "${floating_net}/L2/router_ext") + $floating_net_floating_range = try_get_value($nets, "${floating_net}/L3/floating", '') + $floating_net_shared = try_get_value($nets, "${floating_net}/shared", false) + + if !empty($floating_net_floating_range) { + $floating_net_allocation_pool = format_allocation_pools($floating_net_floating_range) + } + + $tenant_name = try_get_value($access_hash, 'tenant', 'admin') + + neutron_network { $floating_net : + ensure => 'present', + provider_physical_network => $floating_net_physnet, + provider_network_type => 'local', + router_external => $floating_net_router_external, + tenant_name => $tenant_name, + shared => $floating_net_shared + } + + neutron_subnet { "${floating_net}__subnet" : + ensure => 'present', + cidr => try_get_value($nets, "${floating_net}/L3/subnet"), + network_name => $floating_net, + tenant_name => $tenant_name, + gateway_ip => try_get_value($nets, "${floating_net}/L3/gateway"), + enable_dhcp => false, + allocation_pools => $floating_net_allocation_pool, + } + + neutron_network { $private_net : + ensure => 'present', + provider_physical_network => $private_net_physnet, + provider_network_type => $network_type, + provider_segmentation_id => $private_net_segment_id, + router_external => $private_net_router_external, + tenant_name => $tenant_name, + shared => $private_net_shared + } + + neutron_subnet { "${private_net}__subnet" : + ensure => 'present', + cidr => try_get_value($nets, "${private_net}/L3/subnet"), + network_name => $private_net, + tenant_name => $tenant_name, + gateway_ip => try_get_value($nets, "${private_net}/L3/gateway"), + enable_dhcp => true, + dns_nameservers => try_get_value($nets, "${private_net}/L3/nameservers"), + } + + if has_key($nets, 'baremetal') { + $baremetal_physnet = try_get_value($nets, 'baremetal/L2/physnet', false) + $baremetal_segment_id = try_get_value($nets, 'baremetal/L2/segment_id') + $baremetal_router_external = try_get_value($nets, 'baremetal/L2/router_ext') + $baremetal_shared = try_get_value($nets, 'baremetal/shared', false) + + neutron_network { 'baremetal' : + ensure => 'present', + provider_physical_network => $baremetal_physnet, + provider_network_type => 'flat', + provider_segmentation_id => $baremetal_segment_id, + router_external => $baremetal_router_external, + tenant_name => $tenant_name, + shared => $baremetal_shared + } + + neutron_subnet { 'baremetal__subnet' : + ensure => 'present', + cidr => try_get_value($nets, 'baremetal/L3/subnet'), + network_name => 'baremetal', + tenant_name => $tenant_name, + gateway_ip => try_get_value($nets, 'baremetal/L3/gateway'), + enable_dhcp => true, + dns_nameservers => try_get_value($nets, 'baremetal/L3/nameservers'), + } + } + +} diff --git a/f2s/resources/openstack-network-networks/meta.yaml b/f2s/resources/openstack-network-networks/meta.yaml new file mode 100644 index 00000000..ff50ce0a --- /dev/null +++ b/f2s/resources/openstack-network-networks/meta.yaml @@ -0,0 +1,18 @@ +id: openstack-network-networks +handler: puppetv2 +version: '8.0' +inputs: + access: + value: null + fqdn: + value: null + neutron_config: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-plugins-l2/actions/run.pp b/f2s/resources/openstack-network-plugins-l2/actions/run.pp new file mode 100644 index 00000000..2c0ecf02 --- /dev/null +++ b/f2s/resources/openstack-network-plugins-l2/actions/run.pp @@ -0,0 +1,171 @@ +notice('MODULAR: openstack-network/plugins/ml2.pp') + +$use_neutron = hiera('use_neutron', false) + +class neutron {} +class { 'neutron' :} + +if $use_neutron { + include ::neutron::params + + $role = hiera('role') + $controller = $role in ['controller', 'primary-controller'] + $primary_controller = $role in ['primary-controller'] + $compute = $role in ['compute'] + + $neutron_config = hiera_hash('neutron_config') + $neutron_server_enable = pick($neutron_config['neutron_server_enable'], true) + + $management_vip = hiera('management_vip') + $service_endpoint = hiera('service_endpoint', $management_vip) + $auth_api_version = 'v2.0' + $identity_uri = "http://${service_endpoint}:5000" + $auth_url = "${identity_uri}/${auth_api_version}" + $auth_password = $neutron_config['keystone']['admin_password'] + $auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron') + $auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services') + $auth_region = hiera('region', 'RegionOne') + $auth_endpoint_type = 'internalURL' + + $network_scheme = hiera_hash('network_scheme') + prepare_network_config($network_scheme) + + $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { }) + $l2_population = try_get_value($neutron_advanced_config, 'neutron_l2_pop', false) + $dvr = try_get_value($neutron_advanced_config, 'neutron_dvr', false) + $segmentation_type = try_get_value($neutron_config, 'L2/segmentation_type') + + if $segmentation_type == 'vlan' { + $net_role_property = 'neutron/private' + $iface = get_network_role_property($net_role_property, 'phys_dev') + $physical_net_mtu = pick(get_transformation_property('mtu', $iface[0]), '1500') + $overlay_net_mtu = $physical_net_mtu + $enable_tunneling = false + $network_vlan_ranges_physnet2 = try_get_value($neutron_config, 'L2/phys_nets/physnet2/vlan_range') + $network_vlan_ranges = ["physnet2:${network_vlan_ranges_physnet2}"] + $physnet2_bridge = try_get_value($neutron_config, 'L2/phys_nets/physnet2/bridge') + $physnet2 = "physnet2:${physnet2_bridge}" + $physnet_ironic_bridge = try_get_value($neutron_config, 'L2/phys_nets/physnet-ironic/bridge', false) + + if $physnet_ironic_bridge { + $physnet_ironic = "physnet-ironic:${physnet_ironic_bridge}" + }else { + $physnet_ironic = [] + } + + $physnets_array = [$physnet2, $physnet_ironic] + $bridge_mappings = delete_undef_values($physnets_array) + $physical_network_mtus = ["physnet2:${physical_net_mtu}"] + $tunnel_id_ranges = [] + $network_type = 'vlan' + } else { + $net_role_property = 'neutron/mesh' + $tunneling_ip = get_network_role_property($net_role_property, 'ipaddr') + $iface = get_network_role_property($net_role_property, 'phys_dev') + $physical_net_mtu = pick(get_transformation_property('mtu', $iface[0]), '1500') + $tunnel_id_ranges = [try_get_value($neutron_config, 'L2/tunnel_id_ranges')] + $network_vlan_ranges = [] + $physical_network_mtus = [] + + if $segmentation_type == 'gre' { + $mtu_offset = '42' + $network_type = 'gre' + } else { + # vxlan is the default segmentation type for non-vlan cases + $mtu_offset = '50' + $network_type = 'vxlan' + } + + if $physical_net_mtu { + $overlay_net_mtu = $physical_net_mtu - $mtu_offset + } else { + $overlay_net_mtu = '1500' - $mtu_offset + } + + $enable_tunneling = true + $tunnel_types = [$network_type] + } + + $type_drivers = ['local', 'flat', 'vlan', 'gre', 'vxlan'] + $tenant_network_types = ['flat', $network_type] + $mechanism_drivers = split(try_get_value($neutron_config, 'L2/mechanism_drivers', 'openvswitch,l2population'), ',') + $flat_networks = ['*'] + $vxlan_group = '224.0.0.1' + + class { 'neutron::plugins::ml2': + type_drivers => $type_drivers, + tenant_network_types => $tenant_network_types, + mechanism_drivers => $mechanism_drivers, + flat_networks => $flat_networks, + network_vlan_ranges => $network_vlan_ranges, + tunnel_id_ranges => $tunnel_id_ranges, + vxlan_group => $vxlan_group, + vni_ranges => $tunnel_id_ranges, + physical_network_mtus => $physical_network_mtus, + path_mtu => $overlay_net_mtu, + } + + class { 'neutron::agents::ml2::ovs': + bridge_mappings => $bridge_mappings, + enable_tunneling => $enable_tunneling, + local_ip => $tunneling_ip, + tunnel_types => $tunnel_types, + enable_distributed_routing => $dvr, + l2_population => $l2_population, + arp_responder => $l2_population, + manage_vswitch => false, + manage_service => true, + enabled => true, + } + + # Synchronize database after plugin was configured + if $primary_controller { + include ::neutron::db::sync + } + + if ! $compute { + if $neutron_server_enable { + $service_ensure = 'running' + } else { + $service_ensure = 'stopped' + } + service { 'neutron-server': + name => $::neutron::params::server_service, + enable => $neutron_server_enable, + ensure => $service_ensure, + hasstatus => true, + hasrestart => true, + tag => 'neutron-service', + } -> + exec { 'waiting-for-neutron-api': + environment => [ + "OS_TENANT_NAME=${auth_tenant}", + "OS_USERNAME=${auth_user}", + "OS_PASSWORD=${auth_password}", + "OS_AUTH_URL=${auth_url}", + "OS_REGION_NAME=${auth_region}", + "OS_ENDPOINT_TYPE=${auth_endpoint_type}", + ], + path => '/usr/sbin:/usr/bin:/sbin:/bin', + tries => '30', + try_sleep => '4', + command => 'neutron net-list --http-timeout=4 2>&1 > /dev/null', + provider => 'shell' + } + + $ha_agent = try_get_value($neutron_advanced_config, 'l2_agent_ha', true) + if $ha_agent { + #Exec<| title == 'waiting-for-neutron-api' |> -> + class { 'cluster::neutron::ovs' : + primary => $primary_controller, + } + } + } + + # Stub for upstream neutron manifests + package { 'neutron': + name => 'binutils', + ensure => 'installed', + } + +} diff --git a/f2s/resources/openstack-network-plugins-l2/meta.yaml b/f2s/resources/openstack-network-plugins-l2/meta.yaml new file mode 100644 index 00000000..1e9bfe50 --- /dev/null +++ b/f2s/resources/openstack-network-plugins-l2/meta.yaml @@ -0,0 +1,26 @@ +id: openstack-network-plugins-l2 +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + network_scheme: + value: null + neutron_advanced_configuration: + value: null + neutron_config: + value: null + puppet_modules: + value: null + quantum_settings: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-routers/actions/run.pp b/f2s/resources/openstack-network-routers/actions/run.pp new file mode 100644 index 00000000..7d2eb7cb --- /dev/null +++ b/f2s/resources/openstack-network-routers/actions/run.pp @@ -0,0 +1,32 @@ +notice('MODULAR: openstack-network/routers.pp') + +$use_neutron = hiera('use_neutron', false) + +if $use_neutron { + + $access_hash = hiera('access', { }) + $keystone_admin_tenant = pick($access_hash['tenant'], 'admin') + $neutron_config = hiera_hash('neutron_config') + $floating_net = try_get_value($neutron_config, 'default_floating_net', 'net04_ext') + $private_net = try_get_value($neutron_config, 'default_private_net', 'net04') + $default_router = try_get_value($neutron_config, 'default_router', 'router04') + $nets = $neutron_config['predefined_networks'] + + neutron_router { $default_router: + ensure => 'present', + gateway_network_name => $floating_net, + name => $default_router, + tenant_name => $keystone_admin_tenant, + } -> + + neutron_router_interface { "${default_router}:${private_net}__subnet": + ensure => 'present', + } + + if has_key($nets, 'baremetal') { + neutron_router_interface { "${default_router}:baremetal__subnet": + ensure => 'present', + require => Neutron_router[$default_router] + } + } +} diff --git a/f2s/resources/openstack-network-routers/meta.yaml b/f2s/resources/openstack-network-routers/meta.yaml new file mode 100644 index 00000000..2902337c --- /dev/null +++ b/f2s/resources/openstack-network-routers/meta.yaml @@ -0,0 +1,18 @@ +id: openstack-network-routers +handler: puppetv2 +version: '8.0' +inputs: + access: + value: null + fqdn: + value: null + neutron_config: + value: null + primary_controller: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-server-config/actions/run.pp b/f2s/resources/openstack-network-server-config/actions/run.pp new file mode 100644 index 00000000..ad088e61 --- /dev/null +++ b/f2s/resources/openstack-network-server-config/actions/run.pp @@ -0,0 +1,95 @@ +notice('MODULAR: openstack-network/server-config.pp') + +$use_neutron = hiera('use_neutron', false) + +class neutron { } +class { 'neutron' : } + +if $use_neutron { + + $neutron_config = hiera_hash('neutron_config') + $neutron_server_enable = pick($neutron_config['neutron_server_enable'], true) + $database_vip = hiera('database_vip') + $management_vip = hiera('management_vip') + $service_endpoint = hiera('service_endpoint', $management_vip) + $nova_endpoint = hiera('nova_endpoint', $management_vip) + $nova_hash = hiera_hash('nova', { }) + $primary_controller = hiera('primary_controller', false) + + $neutron_db_password = $neutron_config['database']['passwd'] + $neutron_db_user = try_get_value($neutron_config, 'database/user', 'neutron') + $neutron_db_name = try_get_value($neutron_config, 'database/name', 'neutron') + $neutron_db_host = try_get_value($neutron_config, 'database/host', $database_vip) + + $neutron_db_uri = "mysql://${neutron_db_user}:${neutron_db_password}@${neutron_db_host}/${neutron_db_name}?&read_timeout=60" + + $auth_password = $neutron_config['keystone']['admin_password'] + $auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron') + $auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services') + $auth_region = hiera('region', 'RegionOne') + $auth_endpoint_type = 'internalURL' + + $auth_api_version = 'v2.0' + $identity_uri = "http://${service_endpoint}:5000/" + #$auth_url = "${identity_uri}${auth_api_version}" + $nova_admin_auth_url = "http://${service_endpoint}:35357/" + $nova_url = "http://${nova_endpoint}:8774/v2" + + $service_workers = pick($neutron_config['workers'], min(max($::processorcount, 2), 16)) + + $neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { }) + $dvr = pick($neutron_advanced_config['neutron_dvr'], false) + + $nova_auth_user = pick($nova_hash['user'], 'nova') + $nova_auth_password = $nova_hash['user_password'] + $nova_auth_tenant = pick($nova_hash['tenant'], 'services') + + class { 'neutron::server': + sync_db => false, + + auth_password => $auth_password, + auth_tenant => $auth_tenant, + auth_region => $auth_region, + auth_user => $auth_user, + identity_uri => $identity_uri, + auth_uri => $identity_uri, + + database_retry_interval => '2', + database_connection => $neutron_db_uri, + database_max_retries => '-1', + + agent_down_time => '30', + allow_automatic_l3agent_failover => true, + + api_workers => $service_workers, + rpc_workers => $service_workers, + + router_distributed => $dvr, + enabled => false, #$neutron_server_enable, + manage_service => true, + } + + include neutron::params + tweaks::ubuntu_service_override { "$::neutron::params::server_service": + package_name => $neutron::params::server_package ? { + false => $neutron::params::package_name, + default => $neutron::params::server_package + } + } + + class { 'neutron::server::notifications': + nova_url => $nova_url, + auth_url => $nova_admin_auth_url, + username => $nova_auth_user, + tenant_name => $nova_auth_tenant, + password => $nova_auth_password, + region_name => $auth_region, + } + + # Stub for Nuetron package + package { 'neutron': + name => 'binutils', + ensure => 'installed', + } + +} diff --git a/f2s/resources/openstack-network-server-config/meta.yaml b/f2s/resources/openstack-network-server-config/meta.yaml new file mode 100644 index 00000000..a75a3086 --- /dev/null +++ b/f2s/resources/openstack-network-server-config/meta.yaml @@ -0,0 +1,30 @@ +id: openstack-network-server-config +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + neutron_advanced_configuration: + value: null + neutron_config: + value: null + nova: + value: null + nova_endpoint: + value: null + primary_controller: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + use_neutron: + value: null diff --git a/f2s/resources/openstack-network-server-nova/actions/run.pp b/f2s/resources/openstack-network-server-nova/actions/run.pp new file mode 100644 index 00000000..4640a581 --- /dev/null +++ b/f2s/resources/openstack-network-server-nova/actions/run.pp @@ -0,0 +1,81 @@ +notice('MODULAR: openstack-network/server-nova.pp') + +$use_neutron = hiera('use_neutron', false) + +if $use_neutron { + $neutron_config = hiera_hash('neutron_config') + $management_vip = hiera('management_vip') + $service_endpoint = hiera('service_endpoint', $management_vip) + $neutron_endpoint = hiera('neutron_endpoint', $management_vip) + $admin_password = try_get_value($neutron_config, 'keystone/admin_password') + $admin_tenant_name = try_get_value($neutron_config, 'keystone/admin_tenant', 'services') + $admin_username = try_get_value($neutron_config, 'keystone/admin_user', 'neutron') + $region_name = hiera('region', 'RegionOne') + $auth_api_version = 'v2.0' + $admin_identity_uri = "http://${service_endpoint}:35357" + $admin_auth_url = "${admin_identity_uri}/${auth_api_version}" + $neutron_url = "http://${neutron_endpoint}:9696" + $neutron_ovs_bridge = 'br-int' + $conf_nova = pick($neutron_config['conf_nova'], true) + $floating_net = pick($neutron_config['default_floating_net'], 'net04_ext') + + class { 'nova::network::neutron' : + neutron_admin_password => $admin_password, + neutron_admin_tenant_name => $admin_tenant_name, + neutron_region_name => $region_name, + neutron_admin_username => $admin_username, + neutron_admin_auth_url => $admin_auth_url, + neutron_url => $neutron_url, + neutron_ovs_bridge => $neutron_ovs_bridge, + } + + if $conf_nova { + include nova::params + service { 'nova-api': + ensure => 'running', + name => $nova::params::api_service_name, + } + + nova_config { 'DEFAULT/default_floating_pool': value => $floating_net } + Nova_config<| |> ~> Service['nova-api'] + } + +} else { + + $ensure_package = 'installed' + $private_interface = hiera('private_int', undef) + $public_interface = hiera('public_int', undef) + $fixed_range = hiera('fixed_network_range', undef) + $network_manager = hiera('network_manager', undef) + $network_config = hiera('network_config', { }) + $create_networks = true + $num_networks = hiera('num_networks', undef) + $network_size = hiera('network_size', undef) + $nameservers = hiera('dns_nameservers', undef) + $enable_nova_net = false + + class { 'nova::network' : + ensure_package => $ensure_package, + private_interface => $private_interface, + public_interface => $public_interface, + fixed_range => $fixed_range, + floating_range => false, + network_manager => $network_manager, + config_overrides => $network_config, + create_networks => $create_networks, + num_networks => $num_networks, + network_size => $network_size, + dns1 => $nameservers[0], + dns2 => $nameservers[1], + enabled => $enable_nova_net, + install_service => false, # bacause controller + } + + # NOTE(aglarendil): lp/1381164 + nova_config { 'DEFAULT/force_snat_range' : value => '0.0.0.0/0' } + +# ========================================================================= + + file { '/etc/nova/nova.conf' : ensure => 'present' } + +} diff --git a/f2s/resources/openstack-network-server-nova/meta.yaml b/f2s/resources/openstack-network-server-nova/meta.yaml new file mode 100644 index 00000000..a4fe1708 --- /dev/null +++ b/f2s/resources/openstack-network-server-nova/meta.yaml @@ -0,0 +1,22 @@ +id: openstack-network-server-nova +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + neutron_config: + value: null + neutron_endpoint: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + use_neutron: + value: null diff --git a/f2s/resources/pre_hiera_config/actions/run.pp b/f2s/resources/pre_hiera_config/actions/run.pp new file mode 100644 index 00000000..e23a1cb7 --- /dev/null +++ b/f2s/resources/pre_hiera_config/actions/run.pp @@ -0,0 +1,75 @@ +notice('MODULAR: hiera.pp') + +$deep_merge_package_name = $::osfamily ? { + /RedHat/ => 'rubygem-deep_merge', + /Debian/ => 'ruby-deep-merge', +} + +$data_dir = '/etc/hiera' +$data = [ + 'override/node/%{::fqdn}', + 'override/class/%{calling_class}', + 'override/module/%{calling_module}', + 'override/plugins', + 'override/common', + 'class/%{calling_class}', + 'module/%{calling_module}', + 'nodes', + 'globals', + 'astute' +] +$astute_data_file = '/etc/astute.yaml' +$hiera_main_config = '/etc/hiera.yaml' +$hiera_puppet_config = '/etc/puppet/hiera.yaml' +$hiera_data_file = "${data_dir}/astute.yaml" + +File { + owner => 'root', + group => 'root', + mode => '0644', +} + +$hiera_config_content = inline_template(' +--- +:backends: + - yaml + +:hierarchy: +<% @data.each do |name| -%> + - <%= name %> +<% end -%> + +:yaml: + :datadir: <%= @data_dir %> +:merge_behavior: deeper +:logger: noop +') + +file { 'hiera_data_dir' : + ensure => 'directory', + path => $data_dir, +} + +file { 'hiera_config' : + ensure => 'present', + path => $hiera_main_config, + content => $hiera_config_content, +} + +file { 'hiera_data_astute' : + ensure => 'symlink', + path => $hiera_data_file, + target => $astute_data_file, +} + +file { 'hiera_puppet_config' : + ensure => 'symlink', + path => $hiera_puppet_config, + target => $hiera_main_config, +} + +# needed to support the 'deeper' merge_behavior setting for hiera +package { 'rubygem-deep_merge': + ensure => present, + name => $deep_merge_package_name, +} diff --git a/f2s/resources/pre_hiera_config/meta.yaml b/f2s/resources/pre_hiera_config/meta.yaml new file mode 100644 index 00000000..3eada3fc --- /dev/null +++ b/f2s/resources/pre_hiera_config/meta.yaml @@ -0,0 +1,8 @@ +id: pre_hiera_config +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/public_vip_ping/actions/run.pp b/f2s/resources/public_vip_ping/actions/run.pp new file mode 100644 index 00000000..d8f2eaea --- /dev/null +++ b/f2s/resources/public_vip_ping/actions/run.pp @@ -0,0 +1,17 @@ +notice('MODULAR: public_vip_ping.pp') + +prepare_network_config(hiera('network_scheme', {})) +$run_ping_checker = hiera('run_ping_checker', true) +$network_scheme = hiera('network_scheme') +$public_iface = get_network_role_property('public/vip', 'interface') +$ping_host_list = $network_scheme['endpoints'][$public_iface]['gateway'] + +if $run_ping_checker { + $vip = 'vip__public' + + cluster::virtual_ip_ping { $vip : + host_list => $ping_host_list, + } + +} + diff --git a/f2s/resources/public_vip_ping/meta.yaml b/f2s/resources/public_vip_ping/meta.yaml new file mode 100644 index 00000000..e4f7bec4 --- /dev/null +++ b/f2s/resources/public_vip_ping/meta.yaml @@ -0,0 +1,14 @@ +id: public_vip_ping +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null + run_ping_checker: + value: null diff --git a/f2s/resources/rabbitmq/actions/run.pp b/f2s/resources/rabbitmq/actions/run.pp new file mode 100644 index 00000000..6856787c --- /dev/null +++ b/f2s/resources/rabbitmq/actions/run.pp @@ -0,0 +1,165 @@ +notice('MODULAR: rabbitmq.pp') + +$network_scheme = hiera_hash('network_scheme', {}) +prepare_network_config($network_scheme) + +$queue_provider = hiera('queue_provider', 'rabbitmq') + +if $queue_provider == 'rabbitmq' { + $erlang_cookie = hiera('erlang_cookie', 'EOKOWXQREETZSHFNTPEY') + $version = hiera('rabbit_version', '3.3.5') + $deployment_mode = hiera('deployment_mode', 'ha_compact') + $amqp_port = hiera('amqp_port', '5673') + $rabbit_hash = hiera_hash('rabbit_hash', + { + 'user' => false, + 'password' => false, + } + ) + $debug = pick($rabbit_hash['debug'], hiera('debug', false)) + $enabled = pick($rabbit_hash['enabled'], true) + $use_pacemaker = pick($rabbit_hash['pacemaker'], true) + + case $::osfamily { + 'RedHat': { + $command_timeout = "'-s KILL'" + $package_provider = 'yum' + } + 'Debian': { + $command_timeout = "'--signal=KILL'" + $package_provider = 'apt' + } + default: { + fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem},\ + module ${module_name} only support osfamily RedHat and Debian") + } + } + + if ($debug) { + # FIXME(aschultz): debug wasn't introduced until v3.5.0, when we upgrade + # we should change info to debug. Also don't forget to fix tests! + $rabbit_levels = '[{connection,info}]' + } else { + $rabbit_levels = '[{connection,info}]' + } + + $cluster_partition_handling = hiera('rabbit_cluster_partition_handling', 'autoheal') + $mnesia_table_loading_timeout = hiera('mnesia_table_loading_timeout', '10000') + $rabbitmq_bind_ip_address = pick(get_network_role_property('mgmt/messaging', 'ipaddr'), 'UNSET') + + # NOTE(bogdando) not a hash. Keep an indentation as is + $rabbit_tcp_listen_options = hiera('rabbit_tcp_listen_options', + '[ + binary, + {packet, raw}, + {reuseaddr, true}, + {backlog, 128}, + {nodelay, true}, + {exit_on_close, false}, + {keepalive, true} + ]' + ) + $config_kernel_variables = hiera('rabbit_config_kernel_variables', + { + 'inet_dist_listen_min' => '41055', + 'inet_dist_listen_max' => '41055', + 'inet_default_connect_options' => '[{nodelay,true}]', + 'net_ticktime' => '10', + } + ) + $config_variables = hiera('rabbit_config_variables', + { + 'log_levels' => $rabbit_levels, + 'default_vhost' => "<<\"/\">>", + 'default_permissions' => '[<<".*">>, <<".*">>, <<".*">>]', + 'tcp_listen_options' => $rabbit_tcp_listen_options, + 'cluster_partition_handling' => $cluster_partition_handling, + 'mnesia_table_loading_timeout' => $mnesia_table_loading_timeout, + 'collect_statistics_interval' => '30000', + 'disk_free_limit' => '5000000', # Corosync checks for disk space, reduce rabbitmq check to 5M see LP#1493520 comment #15 + } + ) + $config_rabbitmq_management_variables = hiera('rabbit_config_management_variables', + { + 'rates_mode' => 'none' + } + ) + + $thread_pool_calc = min(100,max(12*$physicalprocessorcount,30)) + + if $deployment_mode == 'ha_compact' { + $rabbit_pid_file = '/var/run/rabbitmq/p_pid' + } else { + $rabbit_pid_file = '/var/run/rabbitmq/pid' + } + $environment_variables = hiera('rabbit_environment_variables', + { + 'SERVER_ERL_ARGS' => "\"+K true +A${thread_pool_calc} +P 1048576\"", + 'PID_FILE' => $rabbit_pid_file, + } + ) + + if ($enabled) { + class { '::rabbitmq': + admin_enable => true, + repos_ensure => false, + package_provider => $package_provider, + package_source => undef, + service_ensure => 'running', + service_manage => true, + port => $amqp_port, + delete_guest_user => true, + default_user => $rabbit_hash['user'], + default_pass => $rabbit_hash['password'], + # NOTE(bogdando) set to true and uncomment the lines below, if puppet should create a cluster + # We don't want it as far as OCF script creates the cluster + config_cluster => false, + #erlang_cookie => $erlang_cookie, + #wipe_db_on_cookie_change => true, + #cluster_nodes => $rabbitmq_cluster_nodes, + #cluster_node_type => 'disc', + #cluster_partition_handling => $cluster_partition_handling, + version => $version, + node_ip_address => $rabbitmq_bind_ip_address, + config_kernel_variables => $config_kernel_variables, + config_rabbitmq_management_variables => $config_rabbitmq_management_variables, + config_variables => $config_variables, + environment_variables => $environment_variables, + } + + if ($use_pacemaker) { + # Install rabbit-fence daemon + class { 'cluster::rabbitmq_fence': + enabled => $enabled, + require => Class['::rabbitmq'] + } + } + + class { 'nova::rabbitmq': + enabled => $enabled, + # Do not install rabbitmq from nova classes + rabbitmq_class => false, + userid => $rabbit_hash['user'], + password => $rabbit_hash['password'], + require => Class['::rabbitmq'], + } + + if ($use_pacemaker) { + class { 'pacemaker_wrappers::rabbitmq': + command_timeout => $command_timeout, + debug => $debug, + erlang_cookie => $erlang_cookie, + admin_user => $rabbit_hash['user'], + admin_pass => $rabbit_hash['password'], + before => Class['nova::rabbitmq'], + } + } + + include rabbitmq::params + tweaks::ubuntu_service_override { 'rabbitmq-server': + package_name => $rabbitmq::params::package_name, + service_name => $rabbitmq::params::service_name, + } + } + +} diff --git a/f2s/resources/rabbitmq/meta.yaml b/f2s/resources/rabbitmq/meta.yaml new file mode 100644 index 00000000..7438c205 --- /dev/null +++ b/f2s/resources/rabbitmq/meta.yaml @@ -0,0 +1,40 @@ +id: rabbitmq +handler: puppetv2 +version: '8.0' +inputs: + amqp_port: + value: null + debug: + value: null + deployment_mode: + value: null + erlang_cookie: + value: null + fqdn: + value: null + mnesia_table_loading_timeout: + value: null + network_scheme: + value: null + puppet_modules: + value: null + queue_provider: + value: null + rabbit_cluster_partition_handling: + value: null + rabbit_config_kernel_variables: + value: null + rabbit_config_management_variables: + value: null + rabbit_config_variables: + value: null + rabbit_environment_variables: + value: null + rabbit_hash: + value: null + rabbit_tcp_listen_options: + value: null + rabbit_version: + value: null + role: + value: null diff --git a/f2s/resources/sahara-db/actions/run.pp b/f2s/resources/sahara-db/actions/run.pp new file mode 100644 index 00000000..68501ffc --- /dev/null +++ b/f2s/resources/sahara-db/actions/run.pp @@ -0,0 +1,57 @@ +notice('MODULAR: sahara/db.pp') + +$node_name = hiera('node_name') +$sahara_hash = hiera_hash('sahara_hash', {}) +$sahara_enabled = pick($sahara_hash['enabled'], false) +$mysql_hash = hiera_hash('mysql_hash', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip', undef) + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($sahara_hash['db_user'], 'sahara') +$db_name = pick($sahara_hash['db_name'], 'sahara') +$db_password = pick($sahara_hash['db_password'], $mysql_root_password) + +$db_host = pick($sahara_hash['db_host'], $database_vip) +$db_create = pick($sahara_hash['db_create'], $mysql_db_create) +$db_root_user = pick($sahara_hash['root_user'], $mysql_root_user) +$db_root_password = pick($sahara_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $sahara_enabled and $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'sahara::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['sahara::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server +class sahara::api {} +include sahara::api diff --git a/f2s/resources/sahara-db/meta.yaml b/f2s/resources/sahara-db/meta.yaml new file mode 100644 index 00000000..0e3b85d4 --- /dev/null +++ b/f2s/resources/sahara-db/meta.yaml @@ -0,0 +1,22 @@ +id: sahara-db +handler: puppetv2 +version: '8.0' +inputs: + database_vip: + value: null + fqdn: + value: null + management_vip: + value: null + mysql_hash: + value: null + node_name: + value: null + puppet_modules: + value: null + role: + value: null + sahara: + value: null + sahara_hash: + value: null diff --git a/f2s/resources/sahara-keystone/actions/run.pp b/f2s/resources/sahara-keystone/actions/run.pp new file mode 100644 index 00000000..546018a0 --- /dev/null +++ b/f2s/resources/sahara-keystone/actions/run.pp @@ -0,0 +1,34 @@ +notice('MODULAR: sahara/keystone.pp') + +$sahara_hash = hiera_hash('sahara_hash', {}) +$public_ssl_hash = hiera('public_ssl') +$public_vip = hiera('public_vip') +$admin_address = hiera('management_vip') +$api_bind_port = '8386' +$sahara_user = pick($sahara_hash['user'], 'sahara') +$sahara_password = pick($sahara_hash['user_password']) +$tenant = pick($sahara_hash['tenant'], 'services') +$region = pick($sahara_hash['region'], hiera('region', 'RegionOne')) +$service_name = pick($sahara_hash['service_name'], 'sahara') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} +$public_url = "${public_protocol}://${public_address}:${api_bind_port}/v1.1/%(tenant_id)s" +$admin_url = "http://${admin_address}:${api_bind_port}/v1.1/%(tenant_id)s" + +class { 'sahara::keystone::auth': + auth_name => $sahara_user, + password => $sahara_password, + service_type => 'data_processing', + service_name => $service_name, + region => $region, + tenant => $tenant, + public_url => $public_url, + admin_url => $admin_url, + internal_url => $admin_url, +} diff --git a/f2s/resources/sahara-keystone/meta.yaml b/f2s/resources/sahara-keystone/meta.yaml new file mode 100644 index 00000000..e5716756 --- /dev/null +++ b/f2s/resources/sahara-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: sahara-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + sahara_hash: + value: null diff --git a/f2s/resources/sahara/actions/run.pp b/f2s/resources/sahara/actions/run.pp new file mode 100644 index 00000000..82b1c42b --- /dev/null +++ b/f2s/resources/sahara/actions/run.pp @@ -0,0 +1,156 @@ +notice('MODULAR: sahara.pp') + +prepare_network_config(hiera('network_scheme', {})) + +$access_admin = hiera_hash('access_hash', {}) +$sahara_hash = hiera_hash('sahara_hash', {}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$public_ssl_hash = hiera('public_ssl') +$ceilometer_hash = hiera_hash('ceilometer_hash', {}) +$primary_controller = hiera('primary_controller') +$public_vip = hiera('public_vip') +$database_vip = hiera('database_vip', undef) +$management_vip = hiera('management_vip') +$use_neutron = hiera('use_neutron', false) +$service_endpoint = hiera('service_endpoint') +$syslog_log_facility_sahara = hiera('syslog_log_facility_sahara') +$debug = pick($sahara_hash['debug'], hiera('debug', false)) +$verbose = pick($sahara_hash['verbose'], hiera('verbose', true)) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$rabbit_ha_queues = hiera('rabbit_ha_queues') +$amqp_port = hiera('amqp_port') +$amqp_hosts = hiera('amqp_hosts') + +################################################################# + +if $sahara_hash['enabled'] { + $firewall_rule = '201 sahara-api' + $api_bind_port = '8386' + $api_bind_host = get_network_role_property('sahara/api', 'ipaddr') + $public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, + } + $public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', + } + $sahara_user = pick($sahara_hash['user'], 'sahara') + $sahara_password = pick($sahara_hash['user_password']) + $tenant = pick($sahara_hash['tenant'], 'services') + $db_user = pick($sahara_hash['db_user'], 'sahara') + $db_name = pick($sahara_hash['db_name'], 'sahara') + $db_password = pick($sahara_hash['db_password']) + $db_host = pick($sahara_hash['db_host'], $database_vip) + $max_pool_size = min($::processorcount * 5 + 0, 30 + 0) + $max_overflow = min($::processorcount * 5 + 0, 60 + 0) + $max_retries = '-1' + $idle_timeout = '3600' + $read_timeout = '60' + $sql_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?read_timeout=${read_timeout}" + + ####### Disable upstart startup on install ####### + tweaks::ubuntu_service_override { 'sahara-api': + package_name => 'sahara', + } + + firewall { $firewall_rule : + dport => $api_bind_port, + proto => 'tcp', + action => 'accept', + } + + class { 'sahara' : + host => $api_bind_host, + port => $api_bind_port, + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + plugins => [ 'ambari', 'cdh', 'mapr', 'spark', 'vanilla' ], + log_facility => $syslog_log_facility_sahara, + database_connection => $sql_connection, + database_max_pool_size => $max_pool_size, + database_max_overflow => $max_overflow, + database_max_retries => $max_retries, + database_idle_timeout => $idle_timeout, + auth_uri => "http://${service_endpoint}:5000/v2.0/", + identity_uri => "http://${service_endpoint}:35357/", + rpc_backend => 'rabbit', + use_neutron => $use_neutron, + admin_user => $sahara_user, + admin_password => $sahara_password, + admin_tenant_name => $tenant, + rabbit_userid => $rabbit_hash['user'], + rabbit_password => $rabbit_hash['password'], + rabbit_ha_queues => $rabbit_ha_queues, + rabbit_port => $amqp_port, + rabbit_hosts => split($amqp_hosts, ',') + } + + if $public_ssl_hash['services'] { + file { '/etc/pki/tls/certs': + mode => 755, + } + + file { '/etc/pki/tls/certs/public_haproxy.pem': + mode => 644, + } + + sahara_config { + 'object_store_access/public_identity_ca_file': value => '/etc/pki/tls/certs/public_haproxy.pem'; + 'object_store_access/public_object_store_ca_file': value => '/etc/pki/tls/certs/public_haproxy.pem'; + } + } + + class { 'sahara::service::api': } + + class { 'sahara::service::engine': } + + class { 'sahara::client': } + + if $ceilometer_hash['enabled'] { + class { '::sahara::notify': + enable_notifications => true, + } + } + + $haproxy_stats_url = "http://${management_vip}:10000/;csv" + + haproxy_backend_status { 'sahara' : + name => 'sahara', + url => $haproxy_stats_url, + } + + if $primary_controller { + haproxy_backend_status { 'keystone-public' : + name => 'keystone-1', + url => $haproxy_stats_url, + } + + haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + url => $haproxy_stats_url, + } + + class { 'sahara_templates::create_templates' : + use_neutron => $use_neutron, + auth_user => $access_admin['user'], + auth_password => $access_admin['password'], + auth_tenant => $access_admin['tenant'], + auth_uri => "${public_protocol}://${public_address}:5000/v2.0/", + } + + Haproxy_backend_status['keystone-admin'] -> Haproxy_backend_status['sahara'] + Haproxy_backend_status['keystone-public'] -> Haproxy_backend_status['sahara'] + Haproxy_backend_status['sahara'] -> Class['sahara_templates::create_templates'] + } + + Firewall[$firewall_rule] -> Class['sahara::service::api'] + Service['sahara-api'] -> Haproxy_backend_status['sahara'] +} +######################### + +class openstack::firewall {} +include openstack::firewall diff --git a/f2s/resources/sahara/meta.yaml b/f2s/resources/sahara/meta.yaml new file mode 100644 index 00000000..e74714fb --- /dev/null +++ b/f2s/resources/sahara/meta.yaml @@ -0,0 +1,52 @@ +id: sahara +handler: puppetv2 +version: '8.0' +inputs: + access_hash: + value: null + amqp_hosts: + value: null + amqp_port: + value: null + ceilometer_hash: + value: null + database_vip: + value: null + debug: + value: null + fqdn: + value: null + management_vip: + value: null + network_scheme: + value: null + primary_controller: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + rabbit_ha_queues: + value: null + rabbit_hash: + value: null + role: + value: null + sahara: + value: null + sahara_hash: + value: null + service_endpoint: + value: null + syslog_log_facility_sahara: + value: null + use_neutron: + value: null + use_stderr: + value: null + use_syslog: + value: null + verbose: + value: null diff --git a/f2s/resources/ssl-add-trust-chain/actions/run.pp b/f2s/resources/ssl-add-trust-chain/actions/run.pp new file mode 100644 index 00000000..231088d0 --- /dev/null +++ b/f2s/resources/ssl-add-trust-chain/actions/run.pp @@ -0,0 +1,42 @@ +notice('MODULAR: ssl_add_trust_chain.pp') + +$public_ssl_hash = hiera('public_ssl') +$ip = hiera('public_vip') + +case $::osfamily { + /(?i)redhat/: { + file { '/etc/pki/ca-trust/source/anchors/public_haproxy.pem': + ensure => 'link', + target => '/etc/pki/tls/certs/public_haproxy.pem', + }-> + + exec { 'enable_trust': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + command => 'update-ca-trust force-enable', + }-> + + exec { 'add_trust': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + command => 'update-ca-trust extract', + } + } + /(?i)debian/: { + file { '/usr/local/share/ca-certificates/public_haproxy.crt': + ensure => 'link', + target => '/etc/pki/tls/certs/public_haproxy.pem', + }-> + + exec { 'add_trust': + path => '/bin:/usr/bin:/sbin:/usr/sbin', + command => 'update-ca-certificates', + } + } + default: { + fail("Unsupported OS: ${::osfamily}/${::operatingsystem}") + } +} + +host { $public_ssl_hash['hostname']: + ensure => present, + ip => $ip, +} diff --git a/f2s/resources/ssl-add-trust-chain/meta.yaml b/f2s/resources/ssl-add-trust-chain/meta.yaml new file mode 100644 index 00000000..40c9ce36 --- /dev/null +++ b/f2s/resources/ssl-add-trust-chain/meta.yaml @@ -0,0 +1,14 @@ +id: ssl-add-trust-chain +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/ssl-keys-saving/actions/run.pp b/f2s/resources/ssl-keys-saving/actions/run.pp new file mode 100644 index 00000000..862b1f21 --- /dev/null +++ b/f2s/resources/ssl-keys-saving/actions/run.pp @@ -0,0 +1,22 @@ +notice('MODULAR: ssl_keys_saving.pp') + +$public_ssl_hash = hiera_hash('public_ssl') +$pub_certificate_content = $public_ssl_hash['cert_data']['content'] +$base_path = "/etc/pki/tls/certs" +$pki_path = [ "/etc/pki", "/etc/pki/tls" ] +$astute_base_path = "/var/lib/astute/haproxy" + +File { + owner => 'root', + group => 'root', + mode => '0644', +} + +file { [ $pki_path, $base_path, $astute_base_path ]: + ensure => directory, +} + +file { ["$base_path/public_haproxy.pem", "$astute_base_path/public_haproxy.pem"]: + ensure => present, + content => $pub_certificate_content, +} diff --git a/f2s/resources/ssl-keys-saving/meta.yaml b/f2s/resources/ssl-keys-saving/meta.yaml new file mode 100644 index 00000000..e59e90fe --- /dev/null +++ b/f2s/resources/ssl-keys-saving/meta.yaml @@ -0,0 +1,12 @@ +id: ssl-keys-saving +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + public_ssl: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/swift-keystone/actions/run.pp b/f2s/resources/swift-keystone/actions/run.pp new file mode 100644 index 00000000..6e7e5770 --- /dev/null +++ b/f2s/resources/swift-keystone/actions/run.pp @@ -0,0 +1,45 @@ +notice('MODULAR: swift/keystone.pp') + +$swift_hash = hiera_hash('swift', {}) +$public_vip = hiera('public_vip') +$admin_address = hiera('management_vip') +$region = pick($swift_hash['region'], hiera('region', 'RegionOne')) +$public_ssl_hash = hiera('public_ssl') +$public_address = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} +$public_protocol = $public_ssl_hash['services'] ? { + true => 'https', + default => 'http', +} + +$password = $swift_hash['user_password'] +$auth_name = pick($swift_hash['auth_name'], 'swift') +$configure_endpoint = pick($swift_hash['configure_endpoint'], true) +$service_name = pick($swift_hash['service_name'], 'swift') +$tenant = pick($swift_hash['tenant'], 'services') + +validate_string($public_address) +validate_string($password) + +$public_url = "${public_protocol}://${public_address}:8080/v1/AUTH_%(tenant_id)s" +$admin_url = "http://${admin_address}:8080/v1/AUTH_%(tenant_id)s" + +# Amazon S3 endpoints +$public_url_s3 = "${public_protocol}://${public_address}:8080" +$admin_url_s3 = "http://${admin_address}:8080" + +class { '::swift::keystone::auth': + password => $password, + auth_name => $auth_name, + configure_endpoint => $configure_endpoint, + service_name => $service_name, + public_url => $public_url, + internal_url => $admin_url, + admin_url => $admin_url, + public_url_s3 => $public_url_s3, + internal_url_s3 => $admin_url_s3, + admin_url_s3 => $admin_url_s3, + region => $region, +} diff --git a/f2s/resources/swift-keystone/meta.yaml b/f2s/resources/swift-keystone/meta.yaml new file mode 100644 index 00000000..10f75482 --- /dev/null +++ b/f2s/resources/swift-keystone/meta.yaml @@ -0,0 +1,20 @@ +id: swift-keystone +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + management_vip: + value: null + public_ssl: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + swift: + value: null diff --git a/f2s/resources/swift-rebalance-cron/actions/run.pp b/f2s/resources/swift-rebalance-cron/actions/run.pp new file mode 100644 index 00000000..272e8e34 --- /dev/null +++ b/f2s/resources/swift-rebalance-cron/actions/run.pp @@ -0,0 +1,24 @@ +notice('MODULAR: swift/rebalance_cronjob.pp') + +$network_metadata = hiera_hash('network_metadata') +# $network_scheme = hiera_hash('network_scheme') +# prepare_network_config($network_scheme) + +$storage_hash = hiera('storage_hash') +$swift_master_role = hiera('swift_master_role', 'primary-controller') +$ring_min_part_hours = hiera('swift_ring_min_part_hours', 1) + +# Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $master_swift_replication_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role]) + $master_swift_replication_nodes_list = values($master_swift_replication_nodes) + $master_swift_replication_ip = $master_swift_replication_nodes_list[0]['network_roles']['swift/replication'] + + + # setup a cronjob to rebalance and repush rings periodically + class { 'openstack::swift::rebalance_cronjob': + ring_rebalance_period => min($ring_min_part_hours * 2, 23), + master_swift_replication_ip => $master_swift_replication_ip, + primary_proxy => hiera('is_primary_swift_proxy'), + } +} diff --git a/f2s/resources/swift-rebalance-cron/meta.yaml b/f2s/resources/swift-rebalance-cron/meta.yaml new file mode 100644 index 00000000..380a46b2 --- /dev/null +++ b/f2s/resources/swift-rebalance-cron/meta.yaml @@ -0,0 +1,20 @@ +id: swift-rebalance-cron +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + is_primary_swift_proxy: + value: null + network_metadata: + value: null + puppet_modules: + value: null + role: + value: null + storage_hash: + value: null + swift_master_role: + value: null + swift_ring_min_part_hours: + value: null diff --git a/f2s/resources/swift/actions/run.pp b/f2s/resources/swift/actions/run.pp new file mode 100644 index 00000000..aec24337 --- /dev/null +++ b/f2s/resources/swift/actions/run.pp @@ -0,0 +1,147 @@ +notice('MODULAR: swift.pp') + +$network_scheme = hiera_hash('network_scheme') +$network_metadata = hiera_hash('network_metadata') +prepare_network_config($network_scheme) + +$swift_hash = hiera_hash('swift_hash') +$swift_master_role = hiera('swift_master_role', 'primary-controller') +$swift_nodes = hiera_hash('swift_nodes', {}) +$swift_operator_roles = pick($swift_hash['swift_operator_roles'], ['admin', 'SwiftOperator']) +$swift_proxies_addr_list = values(get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxies', {}), 'swift/api')) +# todo(sv) replace 'management' to mgmt/memcache +$memcaches_addr_list = values(get_node_to_ipaddr_map_by_network_role(hiera_hash('swift_proxy_caches', {}), 'management')) +$is_primary_swift_proxy = hiera('is_primary_swift_proxy', false) +$proxy_port = hiera('proxy_port', '8080') +$storage_hash = hiera_hash('storage_hash') +$mp_hash = hiera('mp') +$management_vip = hiera('management_vip') +$public_vip = hiera('public_vip') +$swift_api_ipaddr = get_network_role_property('swift/api', 'ipaddr') +$swift_storage_ipaddr = get_network_role_property('swift/replication', 'ipaddr') +$debug = pick($swift_hash['debug'], hiera('debug', false)) +$verbose = pick($swift_hash['verbose'], hiera('verbose', false)) +# NOTE(mattymo): Changing ring_part_power or part_hours on redeploy leads to data loss +$ring_part_power = pick($swift_hash['ring_part_power'], 10) +$ring_min_part_hours = hiera('swift_ring_min_part_hours', 1) +$deploy_swift_storage = hiera('deploy_swift_storage', true) +$deploy_swift_proxy = hiera('deploy_swift_proxy', true) +$create_keystone_auth = pick($swift_hash['create_keystone_auth'], true) +#Keystone settings +$service_endpoint = hiera('service_endpoint') +$keystone_user = pick($swift_hash['user'], 'swift') +$keystone_password = pick($swift_hash['user_password'], 'passsword') +$keystone_tenant = pick($swift_hash['tenant'], 'services') +$keystone_protocol = pick($swift_hash['auth_protocol'], 'http') +$region = hiera('region', 'RegionOne') +$service_workers = pick($swift_hash['workers'], + min(max($::processorcount, 2), 16)) + +# Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $master_swift_proxy_nodes = get_nodes_hash_by_roles($network_metadata, [$swift_master_role]) + $master_swift_proxy_nodes_list = values($master_swift_proxy_nodes) + $master_swift_proxy_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/api'], '\/\d+$', '') + $master_swift_replication_ip = regsubst($master_swift_proxy_nodes_list[0]['network_roles']['swift/replication'], '\/\d+$', '') + $swift_partition = hiera('swift_partition', '/var/lib/glance/node') + + if ($deploy_swift_storage){ + if !defined(File['/var/lib/glance']) { + file {'/var/lib/glance': + ensure => 'directory', + group => 'swift', + require => Package['swift'], + } -> Service <| tag == 'swift-service' |> + } else { + File['/var/lib/glance'] { + ensure => 'directory', + group => 'swift', + require +> Package['swift'], + } + File['/var/lib/glance'] -> Service <| tag == 'swift-service' |> + } + + class { 'openstack::swift::storage_node': + storage_type => false, + loopback_size => '5243780', + storage_mnt_base_dir => $swift_partition, + storage_devices => filter_hash($mp_hash,'point'), + swift_zone => $master_swift_proxy_nodes_list[0]['swift_zone'], + swift_local_net_ip => $swift_storage_ipaddr, + master_swift_proxy_ip => $master_swift_proxy_ip, + master_swift_replication_ip => $master_swift_replication_ip, + sync_rings => ! $is_primary_swift_proxy, + debug => $debug, + verbose => $verbose, + log_facility => 'LOG_SYSLOG', + } + } + + if $is_primary_swift_proxy { + ring_devices {'all': + storages => $swift_nodes, + require => Class['swift'], + } + } + + if $deploy_swift_proxy { + $sto_nets = get_routable_networks_for_network_role($network_scheme, 'swift/replication', ' ') + $man_nets = get_routable_networks_for_network_role($network_scheme, 'swift/api', ' ') + + class { 'openstack::swift::proxy': + swift_user_password => $swift_hash['user_password'], + swift_operator_roles => $swift_operator_roles, + swift_proxies_cache => $memcaches_addr_list, + ring_part_power => $ring_part_power, + primary_proxy => $is_primary_swift_proxy, + swift_proxy_local_ipaddr => $swift_api_ipaddr, + swift_replication_local_ipaddr => $swift_storage_ipaddr, + master_swift_proxy_ip => $master_swift_proxy_ip, + master_swift_replication_ip => $master_swift_replication_ip, + proxy_port => $proxy_port, + proxy_workers => $service_workers, + debug => $debug, + verbose => $verbose, + log_facility => 'LOG_SYSLOG', + ceilometer => hiera('use_ceilometer',false), + ring_min_part_hours => $ring_min_part_hours, + admin_user => $keystone_user, + admin_tenant_name => $keystone_tenant, + admin_password => $keystone_password, + auth_host => $service_endpoint, + auth_protocol => $keystone_protocol, + } -> + class { 'openstack::swift::status': + endpoint => "http://${swift_api_ipaddr}:${proxy_port}", + vip => $management_vip, + only_from => "127.0.0.1 240.0.0.2 ${sto_nets} ${man_nets}", + con_timeout => 5 + } -> + class { 'swift::dispersion': + auth_url => "http://$service_endpoint:5000/v2.0/", + auth_user => $keystone_user, + auth_tenant => $keystone_tenant, + auth_pass => $keystone_password, + auth_version => '2.0', + } + + Service<| tag == 'swift-service' |> -> Class['swift::dispersion'] + + if defined(Class['openstack::swift::storage_node']) { + Class['openstack::swift::storage_node'] -> Class['swift::dispersion'] + } + } +} + +# 'ceilometer' class is being declared inside openstack::ceilometer class +# which is declared inside openstack::controller class in the other task. +# So we need a stub here for dependency from swift::proxy::ceilometer +class ceilometer {} +include ceilometer + +# Class[Swift::Proxy::Cache] requires Class[Memcached] if memcache_servers +# contains 127.0.0.1. But we're deploying memcached in another task. So we +# need to add this stub here. +class memcached {} +include memcached + diff --git a/f2s/resources/swift/meta.yaml b/f2s/resources/swift/meta.yaml new file mode 100644 index 00000000..bcbe1073 --- /dev/null +++ b/f2s/resources/swift/meta.yaml @@ -0,0 +1,60 @@ +id: swift +handler: puppetv2 +version: '8.0' +inputs: + debug: + value: null + deploy_swift_proxy: + value: null + deploy_swift_storage: + value: null + fqdn: + value: null + is_primary_swift_proxy: + value: null + management_vip: + value: null + mp: + value: null + network_metadata: + value: null + network_scheme: + value: null + nodes: + value: null + proxy_port: + value: null + public_vip: + value: null + puppet_modules: + value: null + region: + value: null + role: + value: null + service_endpoint: + value: null + storage: + value: null + storage_hash: + value: null + swift: + value: null + swift_hash: + value: null + swift_master_role: + value: null + swift_nodes: + value: null + swift_partition: + value: null + swift_proxies: + value: null + swift_proxy_caches: + value: null + swift_ring_min_part_hours: + value: null + use_ceilometer: + value: null + verbose: + value: null diff --git a/f2s/resources/tools/actions/run.pp b/f2s/resources/tools/actions/run.pp new file mode 100644 index 00000000..f2b1ef72 --- /dev/null +++ b/f2s/resources/tools/actions/run.pp @@ -0,0 +1,42 @@ +notice('MODULAR: tools.pp') + +class { 'osnailyfacter::atop': } +class { 'osnailyfacter::ssh': } + +if $::virtual != 'physical' { + class { 'osnailyfacter::acpid': } +} + +$tools = [ + 'screen', + 'tmux', + 'man', + 'htop', + 'tcpdump', + 'strace', + 'fuel-misc' +] + +package { $tools : + ensure => 'present', +} + +package { 'cloud-init': + ensure => 'absent', +} + +if $::osfamily == 'Debian' { + apt::conf { 'notranslations': + ensure => 'present', + content => 'Acquire::Languages "none";', + notify_update => false, + } +} + +$puppet = hiera('puppet') +class { 'osnailyfacter::puppet_pull': + modules_source => $puppet['modules'], + manifests_source => $puppet['manifests'], +} + +$deployment_mode = hiera('deployment_mode') diff --git a/f2s/resources/tools/meta.yaml b/f2s/resources/tools/meta.yaml new file mode 100644 index 00000000..480a3777 --- /dev/null +++ b/f2s/resources/tools/meta.yaml @@ -0,0 +1,14 @@ +id: tools +handler: puppetv2 +version: '8.0' +inputs: + deployment_mode: + value: null + fqdn: + value: null + puppet: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-ceph-osd/actions/run.pp b/f2s/resources/top-role-ceph-osd/actions/run.pp new file mode 100644 index 00000000..93bb6ee4 --- /dev/null +++ b/f2s/resources/top-role-ceph-osd/actions/run.pp @@ -0,0 +1,57 @@ +notice('MODULAR: ceph-osd.pp') + +# Pulling hiera +$storage_hash = hiera('storage', {}) +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$use_neutron = hiera('use_neutron', false) +$mp_hash = hiera('mp') +$verbose = pick($storage_hash['verbose'], true) +$debug = pick($storage_hash['debug'], hiera('debug', true)) +$use_monit = false +$auto_assign_floating_ip = hiera('auto_assign_floating_ip', false) +$keystone_hash = hiera('keystone', {}) +$access_hash = hiera('access', {}) +$network_scheme = hiera_hash('network_scheme') +$neutron_mellanox = hiera('neutron_mellanox', false) +$syslog_hash = hiera('syslog', {}) +$use_syslog = hiera('use_syslog', true) +$mon_address_map = get_node_to_ipaddr_map_by_network_role(hiera_hash('ceph_monitor_nodes'), 'ceph/public') +$ceph_primary_monitor_node = hiera('ceph_primary_monitor_node') +$primary_mons = keys($ceph_primary_monitor_node) +$primary_mon = $ceph_primary_monitor_node[$primary_mons[0]]['name'] +prepare_network_config($network_scheme) +$ceph_cluster_network = get_network_role_property('ceph/replication', 'network') +$ceph_public_network = get_network_role_property('ceph/public', 'network') + +class {'ceph': + primary_mon => $primary_mon, + mon_hosts => keys($mon_address_map), + mon_ip_addresses => values($mon_address_map), + cluster_node_address => $public_vip, + osd_pool_default_size => $storage_hash['osd_pool_size'], + osd_pool_default_pg_num => $storage_hash['pg_num'], + osd_pool_default_pgp_num => $storage_hash['pg_num'], + use_rgw => $storage_hash['objects_ceph'], + glance_backend => $glance_backend, + rgw_pub_ip => $public_vip, + rgw_adm_ip => $management_vip, + rgw_int_ip => $management_vip, + cluster_network => $ceph_cluster_network, + public_network => $ceph_public_network, + use_syslog => $use_syslog, + syslog_log_level => hiera('syslog_log_level_ceph', 'info'), + syslog_log_facility => hiera('syslog_log_facility_ceph','LOG_LOCAL0'), + rgw_keystone_admin_token => $keystone_hash['admin_token'], + ephemeral_ceph => $storage_hash['ephemeral_ceph'], +} + +$osd_devices = split($::osd_devices_list, ' ') +#Class Ceph is already defined so it will do it's thing. +notify {"ceph_osd: ${osd_devices}": } +notify {"osd_devices: ${::osd_devices_list}": } +# TODO(bogdando) add monit ceph-osd services monitoring, if required + +################################################################# + +# vim: set ts=2 sw=2 et : diff --git a/f2s/resources/top-role-ceph-osd/meta.yaml b/f2s/resources/top-role-ceph-osd/meta.yaml new file mode 100644 index 00000000..17500bcd --- /dev/null +++ b/f2s/resources/top-role-ceph-osd/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-ceph-osd +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-cinder-vmware/actions/run.pp b/f2s/resources/top-role-cinder-vmware/actions/run.pp new file mode 100644 index 00000000..0f96eebe --- /dev/null +++ b/f2s/resources/top-role-cinder-vmware/actions/run.pp @@ -0,0 +1,11 @@ +notice('MODULAR: cinder-vmware.pp') + +$nodes_hash = hiera('nodes', {}) +$roles = node_roles($nodes_hash, hiera('uid')) +$cinder_hash = hiera_hash('cinder_hash', {}) + +if (member($roles, 'cinder-vmware')) { + $debug = pick($cinder_hash['debug'], hiera('debug', true)) + $volumes = get_cinder_vmware_data($cinder_hash['instances'], $debug) + create_resources(vmware::cinder::vmdk, $volumes) +} diff --git a/f2s/resources/top-role-cinder-vmware/meta.yaml b/f2s/resources/top-role-cinder-vmware/meta.yaml new file mode 100644 index 00000000..b990a06d --- /dev/null +++ b/f2s/resources/top-role-cinder-vmware/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-cinder-vmware +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-cinder/actions/run.pp b/f2s/resources/top-role-cinder/actions/run.pp new file mode 100644 index 00000000..5cd24839 --- /dev/null +++ b/f2s/resources/top-role-cinder/actions/run.pp @@ -0,0 +1,308 @@ +notice('MODULAR: cinder.pp') + +# Pulling hiera +prepare_network_config(hiera('network_scheme', {})) +$cinder_hash = hiera_hash('cinder_hash', {}) +$storage_address = get_network_role_property('cinder/iscsi', 'ipaddr') +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$primary_controller = hiera('primary_controller') +$use_neutron = hiera('use_neutron', false) +$mp_hash = hiera('mp') +$verbose = pick($cinder_hash['verbose'], true) +$debug = pick($cinder_hash['debug'], hiera('debug', true)) +$use_monit = false +$auto_assign_floating_ip = hiera('auto_assign_floating_ip', false) +$nodes_hash = hiera('nodes', {}) +$storage_hash = hiera_hash('storage_hash', {}) +$vcenter_hash = hiera('vcenter', {}) +$nova_hash = hiera_hash('nova_hash', {}) +$mysql_hash = hiera_hash('mysql_hash', {}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$glance_hash = hiera_hash('glance_hash', {}) +$keystone_hash = hiera_hash('keystone_hash', {}) +$ceilometer_hash = hiera_hash('ceilometer_hash',{}) +$access_hash = hiera('access', {}) +$network_scheme = hiera_hash('network_scheme') +$neutron_mellanox = hiera('neutron_mellanox', false) +$syslog_hash = hiera('syslog', {}) +$base_syslog_hash = hiera('base_syslog', {}) +$use_stderr = hiera('use_stderr', false) +$use_syslog = hiera('use_syslog', true) +$syslog_log_facility_glance = hiera('syslog_log_facility_glance', 'LOG_LOCAL2') +$syslog_log_facility_cinder = hiera('syslog_log_facility_cinder', 'LOG_LOCAL3') +$syslog_log_facility_neutron = hiera('syslog_log_facility_neutron', 'LOG_LOCAL4') +$syslog_log_facility_nova = hiera('syslog_log_facility_nova','LOG_LOCAL6') +$syslog_log_facility_keystone = hiera('syslog_log_facility_keystone', 'LOG_LOCAL7') +$syslog_log_facility_murano = hiera('syslog_log_facility_murano', 'LOG_LOCAL0') +$syslog_log_facility_sahara = hiera('syslog_log_facility_sahara','LOG_LOCAL0') +$syslog_log_facility_ceph = hiera('syslog_log_facility_ceph','LOG_LOCAL0') + +$cinder_db_password = $cinder_hash[db_password] +$keystone_user = pick($cinder_hash['user'], 'cinder') +$keystone_tenant = pick($cinder_hash['tenant'], 'services') +$db_host = pick($cinder_hash['db_host'], hiera('database_vip')) +$cinder_db_user = pick($cinder_hash['db_user'], 'cinder') +$cinder_db_name = pick($cinder_hash['db_name'], 'cinder') + +$service_endpoint = hiera('service_endpoint') +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") + +$keystone_auth_protocol = 'http' +$keystone_auth_host = $service_endpoint +$service_port = '5000' +$auth_uri = "${keystone_auth_protocol}://${keystone_auth_host}:${service_port}/" + +# TODO: openstack_version is confusing, there's such string var in hiera and hardcoded hash +$hiera_openstack_version = hiera('openstack_version') +$openstack_version = { + 'keystone' => 'installed', + 'glance' => 'installed', + 'horizon' => 'installed', + 'nova' => 'installed', + 'novncproxy' => 'installed', + 'cinder' => 'installed', +} + +$queue_provider = hiera('queue_provider', 'rabbitmq') +$custom_mysql_setup_class='galera' + +# Do the stuff +if $neutron_mellanox { + $mellanox_mode = $neutron_mellanox['plugin'] +} else { + $mellanox_mode = 'disabled' +} + +if (!empty(filter_nodes(hiera('nodes'), 'role', 'ceph-osd')) or + $storage_hash['volumes_ceph'] or + $storage_hash['images_ceph'] or + $storage_hash['objects_ceph'] +) { + $use_ceph = true +} else { + $use_ceph = false +} + +if $use_neutron { + $neutron_config = hiera('quantum_settings') +} else { + $neutron_config = {} +} + +if $primary_controller { + if ($mellanox_mode == 'ethernet') { + $test_vm_pkg = 'cirros-testvm-mellanox' + } else { + $test_vm_pkg = 'cirros-testvm' + } + package { 'cirros-testvm' : + ensure => 'installed', + name => $test_vm_pkg, + } +} + +if !$rabbit_hash['user'] { + $rabbit_hash['user'] = 'nova' +} + +if ! $use_neutron { + $floating_ips_range = hiera('floating_network_range') +} +$floating_hash = {} + +##CALCULATED PARAMETERS + + +##NO NEED TO CHANGE + +$node = filter_nodes($nodes_hash, 'name', $::hostname) +if empty($node) { + fail("Node $::hostname is not defined in the hash structure") +} + +$roles = node_roles($nodes_hash, hiera('uid')) +$mountpoints = filter_hash($mp_hash,'point') + +# SQLAlchemy backend configuration +$max_pool_size = min($::processorcount * 5 + 0, 30 + 0) +$max_overflow = min($::processorcount * 5 + 0, 60 + 0) +$max_retries = '-1' +$idle_timeout = '3600' + +# Determine who should get the volume service + +if (member($roles, 'cinder') and $storage_hash['volumes_lvm']) { + $manage_volumes = 'iscsi' +} elsif (member($roles, 'cinder') and $storage_hash['volumes_vmdk']) { + $manage_volumes = 'vmdk' +} elsif ($storage_hash['volumes_ceph']) { + $manage_volumes = 'ceph' +} else { + $manage_volumes = false +} + +#Determine who should be the default backend + +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' + $glance_known_stores = [ 'glance.store.rbd.Store', 'glance.store.http.Store' ] +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' + $glance_known_stores = [ 'glance.store.vmware_datastore.Store', 'glance.store.http.Store' ] +} else { + $glance_backend = 'swift' + $glance_known_stores = [ 'glance.store.swift.Store', 'glance.store.http.Store' ] +} + +# NOTE(bogdando) for controller nodes running Corosync with Pacemaker +# we delegate all of the monitor functions to RA instead of monit. +if member($roles, 'controller') or member($roles, 'primary-controller') { + $use_monit_real = false +} else { + $use_monit_real = $use_monit +} + +if $use_monit_real { + # Configure service names for monit watchdogs and 'service' system path + # FIXME(bogdando) replace service_path to systemd, once supported + include nova::params + include cinder::params + include neutron::params + $nova_compute_name = $::nova::params::compute_service_name + $nova_api_name = $::nova::params::api_service_name + $nova_network_name = $::nova::params::network_service_name + $cinder_volume_name = $::cinder::params::volume_service + $ovs_vswitchd_name = $::l23network::params::ovs_service_name + case $::osfamily { + 'RedHat' : { + $service_path = '/sbin/service' + } + 'Debian' : { + $service_path = '/usr/sbin/service' + } + default : { + fail("Unsupported osfamily: ${osfamily} for os ${operatingsystem}") + } + } +} + +#HARDCODED PARAMETERS + +$multi_host = true +$mirror_type = 'external' +Exec { logoutput => true } + + +################################################################# +# we need to evaluate ceph here, because ceph notifies/requires +# other services that are declared in openstack manifests +if ($use_ceph and !$storage_hash['volumes_lvm']) { + $primary_mons = $controllers + $primary_mon = $controllers[0]['name'] + + if ($use_neutron) { + prepare_network_config(hiera_hash('network_scheme')) + $ceph_cluster_network = get_network_role_property('ceph/replication', 'network') + $ceph_public_network = get_network_role_property('ceph/public', 'network') + } else { + $ceph_cluster_network = hiera('storage_network_range') + $ceph_public_network = hiera('management_network_range') + } + + class {'ceph': + primary_mon => $primary_mon, + mon_hosts => nodes_with_roles($nodes_hash, ['primary-controller', 'controller', 'ceph-mon'], 'name'), + mon_ip_addresses => nodes_with_roles($nodes_hash, ['primary-controller', 'controller', 'ceph-mon'], 'internal_address'), + cluster_node_address => $public_vip, + osd_pool_default_size => $storage_hash['osd_pool_size'], + osd_pool_default_pg_num => $storage_hash['pg_num'], + osd_pool_default_pgp_num => $storage_hash['pg_num'], + use_rgw => $storage_hash['objects_ceph'], + glance_backend => $glance_backend, + rgw_pub_ip => $public_vip, + rgw_adm_ip => $management_vip, + rgw_int_ip => $management_vip, + cluster_network => $ceph_cluster_network, + public_network => $ceph_public_network, + use_syslog => $use_syslog, + syslog_log_facility => $syslog_log_facility_ceph, + rgw_keystone_admin_token => $keystone_hash['admin_token'], + ephemeral_ceph => $storage_hash['ephemeral_ceph'] + } +} + +################################################################# + +include keystone::python +#FIXME(bogdando) notify services on python-amqp update, if needed +package { 'python-amqp': + ensure => present +} +if member($roles, 'controller') or member($roles, 'primary-controller') { + $bind_host = get_network_role_property('cinder/api', 'ipaddr') +} else { + $bind_host = false + # Configure auth_strategy on cinder node, if cinder and controller are + # on the same node this parameter is configured by ::cinder::api + cinder_config { + 'DEFAULT/auth_strategy': value => 'keystone'; + } +} + +# NOTE(bogdando) deploy cinder volume node with disabled cinder-volume +# service #LP1398817. The orchestration will start and enable it back +# after the deployment is done. +class { 'openstack::cinder': + enable_volumes => false, + sql_connection => "mysql://${cinder_db_user}:${cinder_db_password}@${db_host}/${cinder_db_name}?charset=utf8&read_timeout=60", + glance_api_servers => $glance_api_servers, + bind_host => $bind_host, + queue_provider => $queue_provider, + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $rabbit_hash['user'], + amqp_password => $rabbit_hash['password'], + rabbit_ha_queues => hiera('rabbit_ha_queues', false), + volume_group => 'cinder', + manage_volumes => $manage_volumes, + iser => $storage_hash['iser'], + enabled => true, + auth_host => $service_endpoint, + iscsi_bind_host => $storage_address, + keystone_user => $keystone_user, + keystone_tenant => $keystone_tenant, + cinder_user_password => $cinder_hash[user_password], + syslog_log_facility => $syslog_log_facility_cinder, + debug => $debug, + verbose => $verbose, + use_stderr => $use_stderr, + use_syslog => $use_syslog, + max_retries => $max_retries, + max_pool_size => $max_pool_size, + max_overflow => $max_overflow, + idle_timeout => $idle_timeout, + ceilometer => $ceilometer_hash[enabled], + vmware_host_ip => $vcenter_hash['host_ip'], + vmware_host_username => $vcenter_hash['vc_user'], + vmware_host_password => $vcenter_hash['vc_password'], + auth_uri => $auth_uri, + identity_uri => $auth_uri, +} + +cinder_config { 'keymgr/fixed_key': + value => $cinder_hash[fixed_key]; +} + +# FIXME(bogdando) replace service_path and action to systemd, once supported +if $use_monit_real { + monit::process { $cinder_volume_name : + ensure => running, + matching => '/usr/bin/python /usr/bin/cinder-volume', + start_command => "${service_path} ${cinder_volume_name} restart", + stop_command => "${service_path} ${cinder_volume_name} stop", + pidfile => false, + } +} +################################################################# + +# vim: set ts=2 sw=2 et : diff --git a/f2s/resources/top-role-cinder/meta.yaml b/f2s/resources/top-role-cinder/meta.yaml new file mode 100644 index 00000000..1e8d09c7 --- /dev/null +++ b/f2s/resources/top-role-cinder/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-cinder +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-compute-vmware/actions/run.pp b/f2s/resources/top-role-compute-vmware/actions/run.pp new file mode 100644 index 00000000..16bd8e02 --- /dev/null +++ b/f2s/resources/top-role-compute-vmware/actions/run.pp @@ -0,0 +1,18 @@ +notice('MODULAR: vmware/compute-vmware.pp') + +$role = hiera('role') + +$debug = hiera('debug', true) +$ceilometer_hash = hiera('ceilometer',{}) + +$vcenter_hash = hiera('vcenter', {}) +$computes_hash = parse_vcenter_settings($vcenter_hash['computes']) + +$uid = hiera('uid') +$node_name = "node-$uid" +$defaults = { + current_node => $node_name, + vlan_interface => $vcenter_hash['esxi_vlan_interface'] + } + +create_resources(vmware::compute_vmware, $computes_hash, $defaults) diff --git a/f2s/resources/top-role-compute-vmware/meta.yaml b/f2s/resources/top-role-compute-vmware/meta.yaml new file mode 100644 index 00000000..14ecd29c --- /dev/null +++ b/f2s/resources/top-role-compute-vmware/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-compute-vmware +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-compute/actions/run.pp b/f2s/resources/top-role-compute/actions/run.pp new file mode 100644 index 00000000..f2539a74 --- /dev/null +++ b/f2s/resources/top-role-compute/actions/run.pp @@ -0,0 +1,339 @@ +notice('MODULAR: compute.pp') + +$network_scheme = hiera_hash('network_scheme', {}) +$network_metadata = hiera_hash('network_metadata', {}) +prepare_network_config($network_scheme) + +# Pulling hiera +$compute_hash = hiera_hash('compute', {}) +$node_name = hiera('node_name') +$public_int = hiera('public_int', undef) +$public_vip = hiera('public_vip') +$management_vip = hiera('management_vip') +$database_vip = hiera('database_vip') +$service_endpoint = hiera('service_endpoint') +$primary_controller = hiera('primary_controller') +$use_neutron = hiera('use_neutron', false) +$sahara_hash = hiera('sahara', {}) +$murano_hash = hiera('murano', {}) +$mp_hash = hiera('mp') +$verbose = pick($compute_hash['verbose'], true) +$debug = pick($compute_hash['debug'], hiera('debug', true)) +$use_monit = false +$auto_assign_floating_ip = hiera('auto_assign_floating_ip', false) +$nodes_hash = hiera('nodes', {}) +$storage_hash = hiera_hash('storage_hash', {}) +$vcenter_hash = hiera('vcenter', {}) +$nova_hash = hiera_hash('nova_hash', {}) +$nova_custom_hash = hiera_hash('nova_custom_hash', {}) +$rabbit_hash = hiera_hash('rabbit_hash', {}) +$glance_hash = hiera_hash('glance_hash', {}) +$keystone_hash = hiera_hash('keystone_hash', {}) +$swift_hash = hiera_hash('swift_hash', {}) +$cinder_hash = hiera_hash('cinder_hash', {}) +$ceilometer_hash = hiera_hash('ceilometer_hash',{}) +$access_hash = hiera('access', {}) +$swift_proxies = hiera('swift_proxies') +$swift_master_role = hiera('swift_master_role', 'primary-controller') +$neutron_mellanox = hiera('neutron_mellanox', false) +$syslog_hash = hiera('syslog', {}) +$base_syslog_hash = hiera('base_syslog', {}) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$syslog_log_facility_glance = hiera('syslog_log_facility_glance', 'LOG_LOCAL2') +$syslog_log_facility_cinder = hiera('syslog_log_facility_cinder', 'LOG_LOCAL3') +$syslog_log_facility_neutron = hiera('syslog_log_facility_neutron', 'LOG_LOCAL4') +$syslog_log_facility_nova = hiera('syslog_log_facility_nova','LOG_LOCAL6') +$syslog_log_facility_keystone = hiera('syslog_log_facility_keystone', 'LOG_LOCAL7') +$syslog_log_facility_murano = hiera('syslog_log_facility_murano', 'LOG_LOCAL0') +$syslog_log_facility_sahara = hiera('syslog_log_facility_sahara','LOG_LOCAL0') +$nova_rate_limits = hiera('nova_rate_limits') +$nova_report_interval = hiera('nova_report_interval') +$nova_service_down_time = hiera('nova_service_down_time') +$glance_api_servers = hiera('glance_api_servers', "${management_vip}:9292") +$config_drive_format = 'vfat' + +$public_ssl_hash = hiera('public_ssl') +$vncproxy_host = $public_ssl_hash['services'] ? { + true => $public_ssl_hash['hostname'], + default => $public_vip, +} + +$db_host = pick($nova_hash['db_host'], $database_vip) + +$block_device_allocate_retries = hiera('block_device_allocate_retries', 300) +$block_device_allocate_retries_interval = hiera('block_device_allocate_retries_interval', 3) + +# TODO: openstack_version is confusing, there's such string var in hiera and hardcoded hash +$hiera_openstack_version = hiera('openstack_version') +$openstack_version = { + 'keystone' => 'installed', + 'glance' => 'installed', + 'horizon' => 'installed', + 'nova' => 'installed', + 'novncproxy' => 'installed', + 'cinder' => 'installed', +} + +$queue_provider = hiera('queue_provider', 'rabbitmq') + +# Do the stuff +if $neutron_mellanox { + $mellanox_mode = $neutron_mellanox['plugin'] +} else { + $mellanox_mode = 'disabled' +} + +if $use_neutron { + $novanetwork_params = {} + $network_provider = 'neutron' + $neutron_config = hiera_hash('quantum_settings') + $neutron_db_password = $neutron_config['database']['passwd'] + $neutron_user_password = $neutron_config['keystone']['admin_password'] + $neutron_metadata_proxy_secret = $neutron_config['metadata']['metadata_proxy_shared_secret'] + $base_mac = $neutron_config['L2']['base_mac'] +} else { + $network_provider = 'nova' + $floating_ips_range = hiera('floating_network_range') + $neutron_config = {} + $novanetwork_params = hiera('novanetwork_parameters') +} + +if $primary_controller { + if ($mellanox_mode == 'ethernet') { + $test_vm_pkg = 'cirros-testvm-mellanox' + } else { + $test_vm_pkg = 'cirros-testvm' + } + package { 'cirros-testvm' : + ensure => 'installed', + name => $test_vm_pkg, + } +} + +if !$rabbit_hash['user'] { + $rabbit_hash['user'] = 'nova' +} + +$floating_hash = {} + +##CALCULATED PARAMETERS + +##TODO: simply parse nodes array +$memcache_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('memcache_roles')) +$memcache_ipaddrs = ipsort(values(get_node_to_ipaddr_map_by_network_role($memcache_nodes,'mgmt/memcache'))) +$roles = $network_metadata['nodes'][$node_name]['node_roles'] +$mountpoints = filter_hash($mp_hash,'point') + +# SQLAlchemy backend configuration +$max_pool_size = min($::processorcount * 5 + 0, 30 + 0) +$max_overflow = min($::processorcount * 5 + 0, 60 + 0) +$max_retries = '-1' +$idle_timeout = '3600' + +if ($storage_hash['volumes_lvm']) { + nova_config { 'keymgr/fixed_key': + value => $cinder_hash[fixed_key]; + } +} + +# Determine who should get the volume service + +if (member($roles, 'cinder') and $storage_hash['volumes_lvm']) { + $manage_volumes = 'iscsi' +} elsif (member($roles, 'cinder') and $storage_hash['volumes_vmdk']) { + $manage_volumes = 'vmdk' +} elsif ($storage_hash['volumes_ceph']) { + $manage_volumes = 'ceph' +} else { + $manage_volumes = false +} + +#Determine who should be the default backend + +if ($storage_hash['images_ceph']) { + $glance_backend = 'ceph' + $glance_known_stores = [ 'glance.store.rbd.Store', 'glance.store.http.Store' ] +} elsif ($storage_hash['images_vcenter']) { + $glance_backend = 'vmware' + $glance_known_stores = [ 'glance.store.vmware_datastore.Store', 'glance.store.http.Store' ] +} else { + $glance_backend = 'swift' + $glance_known_stores = [ 'glance.store.swift.Store', 'glance.store.http.Store' ] +} + +# Use Swift if it isn't replaced by vCenter, Ceph for BOTH images and objects +if !($storage_hash['images_ceph'] and $storage_hash['objects_ceph']) and !$storage_hash['images_vcenter'] { + $use_swift = true +} else { + $use_swift = false +} + +# NOTE(bogdando) for controller nodes running Corosync with Pacemaker +# we delegate all of the monitor functions to RA instead of monit. +if member($roles, 'controller') or member($roles, 'primary-controller') { + $use_monit_real = false +} else { + $use_monit_real = $use_monit +} + +if $use_monit_real { + # Configure service names for monit watchdogs and 'service' system path + # FIXME(bogdando) replace service_path to systemd, once supported + include nova::params + include cinder::params + include neutron::params + $nova_compute_name = $::nova::params::compute_service_name + $nova_api_name = $::nova::params::api_service_name + $nova_network_name = $::nova::params::network_service_name + $cinder_volume_name = $::cinder::params::volume_service + $ovs_vswitchd_name = $::l23network::params::ovs_service_name + case $::osfamily { + 'RedHat' : { + $service_path = '/sbin/service' + } + 'Debian' : { + $service_path = '/usr/sbin/service' + } + default : { + fail("Unsupported osfamily: ${osfamily} for os ${operatingsystem}") + } + } +} + +#HARDCODED PARAMETERS +if hiera('use_vcenter', false) { + $multi_host = false +} else { + $multi_host = true +} + +$mirror_type = 'external' +Exec { logoutput => true } + +include osnailyfacter::test_compute + +if ($::mellanox_mode == 'ethernet') { + $neutron_private_net = pick($neutron_config['default_private_net'], 'net04') + $physnet = $neutron_config['predefined_networks'][$neutron_private_net]['L2']['physnet'] + class { 'mellanox_openstack::compute': + physnet => $physnet, + physifc => $neutron_mellanox['physical_port'], + } +} + +# NOTE(bogdando) deploy compute node with disabled nova-compute +# service #LP1398817. The orchestration will start and enable it back +# after the deployment is done. +# FIXME(bogdando) This should be changed once the host aggregates implemented, bp disable-new-computes +class { 'openstack::compute': + enabled => false, + public_interface => $public_int ? { undef=>'', default=>$public_int}, + private_interface => $use_neutron ? { true=>false, default=>hiera('private_int', undef)}, + internal_address => get_network_role_property('nova/api', 'ipaddr'), + libvirt_type => hiera('libvirt_type', undef), + fixed_range => $use_neutron ? { true=>false, default=>hiera('fixed_network_range', undef)}, + network_manager => hiera('network_manager', undef), + network_config => hiera('network_config', {}), + multi_host => $multi_host, + queue_provider => $queue_provider, + amqp_hosts => hiera('amqp_hosts',''), + amqp_user => $rabbit_hash['user'], + amqp_password => $rabbit_hash['password'], + rabbit_ha_queues => $rabbit_ha_queues, + auto_assign_floating_ip => $auto_assign_floating_ip, + glance_api_servers => $glance_api_servers, + vncproxy_host => $vncproxy_host, + vncserver_listen => '0.0.0.0', + migration_support => true, + debug => $debug, + verbose => $verbose, + use_stderr => $use_stderr, + cinder_volume_group => 'cinder', + vnc_enabled => true, + manage_volumes => $manage_volumes, + nova_user_password => $nova_hash[user_password], + nova_hash => $nova_hash, + cache_server_ip => $memcache_ipaddrs, + service_endpoint => $service_endpoint, + cinder => true, + cinder_iscsi_bind_addr => get_network_role_property('cinder/iscsi', 'ipaddr'), + cinder_user_password => $cinder_hash[user_password], + cinder_db_password => $cinder_hash[db_password], + ceilometer => $ceilometer_hash[enabled], + ceilometer_metering_secret => $ceilometer_hash[metering_secret], + ceilometer_user_password => $ceilometer_hash[user_password], + db_host => $db_host, + network_provider => $network_provider, + neutron_user_password => $use_neutron ? { true=>$neutron_config['keystone']['admin_password'], default=>undef}, + base_mac => $base_mac, + + use_syslog => $use_syslog, + syslog_log_facility => $syslog_log_facility_nova, + syslog_log_facility_neutron => $syslog_log_facility_neutron, + nova_rate_limits => $nova_rate_limits, + nova_report_interval => $nova_report_interval, + nova_service_down_time => $nova_service_down_time, + state_path => $nova_hash[state_path], + neutron_settings => $neutron_config, + storage_hash => $storage_hash, + config_drive_format => $config_drive_format, +} + +# Required for fping API extension, see LP#1486404 +ensure_packages('fping') + +$nova_config_hash = { + 'DEFAULT/resume_guests_state_on_host_boot' => { value => hiera('resume_guests_state_on_host_boot', 'False') }, + 'DEFAULT/use_cow_images' => { value => hiera('use_cow_images', 'True') }, + 'DEFAULT/block_device_allocate_retries' => { value => $block_device_allocate_retries }, + 'DEFAULT/block_device_allocate_retries_interval' => { value => $block_device_allocate_retries_interval }, + 'libvirt/libvirt_inject_key' => { value => 'true' }, + 'libvirt/libvirt_inject_password' => { value => 'true' }, +} + +$nova_complete_hash = merge($nova_config_hash, $nova_custom_hash) + +class {'nova::config': + nova_config => $nova_complete_hash, +} + +# Configure monit watchdogs +# FIXME(bogdando) replace service_path and action to systemd, once supported +if $use_monit_real { + monit::process { $nova_compute_name : + ensure => running, + matching => '/usr/bin/python /usr/bin/nova-compute', + start_command => "${service_path} ${nova_compute_name} restart", + stop_command => "${service_path} ${nova_compute_name} stop", + pidfile => false, + } + if $use_neutron { + monit::process { $ovs_vswitchd_name : + ensure => running, + start_command => "${service_path} ${ovs_vswitchd_name} restart", + stop_command => "${service_path} ${ovs_vswitchd_name} stop", + pidfile => '/var/run/openvswitch/ovs-vswitchd.pid', + } + } else { + monit::process { $nova_network_name : + ensure => running, + matching => '/usr/bin/python /usr/bin/nova-network', + start_command => "${service_path} ${nova_network_name} restart", + stop_command => "${service_path} ${nova_network_name} stop", + pidfile => false, + } + monit::process { $nova_api_name : + ensure => running, + matching => '/usr/bin/python /usr/bin/nova-api', + start_command => "${service_path} ${nova_api_name} restart", + stop_command => "${service_path} ${nova_api_name} stop", + pidfile => false, + } + } +} + +######################################################################## + + +# vim: set ts=2 sw=2 et : diff --git a/f2s/resources/top-role-compute/meta.yaml b/f2s/resources/top-role-compute/meta.yaml new file mode 100644 index 00000000..37de35d3 --- /dev/null +++ b/f2s/resources/top-role-compute/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-compute +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-mongo/actions/run.pp b/f2s/resources/top-role-mongo/actions/run.pp new file mode 100644 index 00000000..9007e549 --- /dev/null +++ b/f2s/resources/top-role-mongo/actions/run.pp @@ -0,0 +1,32 @@ +notice('MODULAR: mongo.pp') + +prepare_network_config(hiera('network_scheme', {})) +$mongo_hash = hiera_hash('mongo', {}) +$mongo_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('mongo_roles')) +$mongo_address_map = get_node_to_ipaddr_map_by_network_role($mongo_nodes, 'mongo/db') +$bind_address = get_network_role_property('mongo/db', 'ipaddr') +$use_syslog = hiera('use_syslog', true) +$debug = pick($mongo_hash['debug'], hiera('debug', false)) +$ceilometer_hash = hiera_hash('ceilometer_hash') +$roles = hiera('roles') +$replset_name = 'ceilometer' +$mongodb_port = hiera('mongodb_port', '27017') + +#################################################################### +class { 'openstack::mongo': + mongodb_bind_address => [ '127.0.0.1', $bind_address ], + mongodb_port => $mongodb_port, + ceilometer_metering_secret => $ceilometer_hash['metering_secret'], + ceilometer_db_password => $ceilometer_hash['db_password'], + ceilometer_replset_members => values($mongo_address_map), + replset_name => $replset_name, + mongo_version => '2.6.10', + use_syslog => $use_syslog, + debug => $debug, +} + +if !(member($roles, 'controller') or member($roles, 'primary-controller')) { + sysctl::value { 'net.ipv4.tcp_keepalive_time': + value => '300', + } +} diff --git a/f2s/resources/top-role-mongo/meta.yaml b/f2s/resources/top-role-mongo/meta.yaml new file mode 100644 index 00000000..3503a37f --- /dev/null +++ b/f2s/resources/top-role-mongo/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-mongo +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/top-role-primary-mongo/actions/run.pp b/f2s/resources/top-role-primary-mongo/actions/run.pp new file mode 100644 index 00000000..9007e549 --- /dev/null +++ b/f2s/resources/top-role-primary-mongo/actions/run.pp @@ -0,0 +1,32 @@ +notice('MODULAR: mongo.pp') + +prepare_network_config(hiera('network_scheme', {})) +$mongo_hash = hiera_hash('mongo', {}) +$mongo_nodes = get_nodes_hash_by_roles(hiera('network_metadata'), hiera('mongo_roles')) +$mongo_address_map = get_node_to_ipaddr_map_by_network_role($mongo_nodes, 'mongo/db') +$bind_address = get_network_role_property('mongo/db', 'ipaddr') +$use_syslog = hiera('use_syslog', true) +$debug = pick($mongo_hash['debug'], hiera('debug', false)) +$ceilometer_hash = hiera_hash('ceilometer_hash') +$roles = hiera('roles') +$replset_name = 'ceilometer' +$mongodb_port = hiera('mongodb_port', '27017') + +#################################################################### +class { 'openstack::mongo': + mongodb_bind_address => [ '127.0.0.1', $bind_address ], + mongodb_port => $mongodb_port, + ceilometer_metering_secret => $ceilometer_hash['metering_secret'], + ceilometer_db_password => $ceilometer_hash['db_password'], + ceilometer_replset_members => values($mongo_address_map), + replset_name => $replset_name, + mongo_version => '2.6.10', + use_syslog => $use_syslog, + debug => $debug, +} + +if !(member($roles, 'controller') or member($roles, 'primary-controller')) { + sysctl::value { 'net.ipv4.tcp_keepalive_time': + value => '300', + } +} diff --git a/f2s/resources/top-role-primary-mongo/meta.yaml b/f2s/resources/top-role-primary-mongo/meta.yaml new file mode 100644 index 00000000..949bd9cf --- /dev/null +++ b/f2s/resources/top-role-primary-mongo/meta.yaml @@ -0,0 +1,10 @@ +id: top-role-primary-mongo +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/umm/actions/run.pp b/f2s/resources/umm/actions/run.pp new file mode 100644 index 00000000..5b6b58a7 --- /dev/null +++ b/f2s/resources/umm/actions/run.pp @@ -0,0 +1,3 @@ +notice('MODULAR: umm.pp') + +class {'umm': } diff --git a/f2s/resources/umm/meta.yaml b/f2s/resources/umm/meta.yaml new file mode 100644 index 00000000..5ac77d1b --- /dev/null +++ b/f2s/resources/umm/meta.yaml @@ -0,0 +1,10 @@ +id: umm +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/update_hosts/actions/run.pp b/f2s/resources/update_hosts/actions/run.pp new file mode 100644 index 00000000..e82bddff --- /dev/null +++ b/f2s/resources/update_hosts/actions/run.pp @@ -0,0 +1,5 @@ +notice('MODULAR: hosts.pp') + +class { "l23network::hosts_file": + nodes => hiera('nodes'), +} diff --git a/f2s/resources/update_hosts/meta.yaml b/f2s/resources/update_hosts/meta.yaml new file mode 100644 index 00000000..1bd6c7d3 --- /dev/null +++ b/f2s/resources/update_hosts/meta.yaml @@ -0,0 +1,10 @@ +id: update_hosts +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + nodes: + value: null + puppet_modules: + value: null diff --git a/f2s/resources/updatedb/actions/run.pp b/f2s/resources/updatedb/actions/run.pp new file mode 100644 index 00000000..ec929499 --- /dev/null +++ b/f2s/resources/updatedb/actions/run.pp @@ -0,0 +1,21 @@ +notice('MODULAR: ceph/updatedb.pp') + +$storage_hash = hiera('storage', {}) + +if ($storage_hash['volumes_ceph'] or + $storage_hash['images_ceph'] or + $storage_hash['objects_ceph'] +) { + $use_ceph = true +} else { + $use_ceph = false +} + +if $use_ceph { + + exec {"Ensure /var/lib/ceph in the updatedb PRUNEPATH": + path => [ '/usr/bin', '/bin' ], + command => "sed -i -Ee 's|(PRUNEPATHS *= *\"[^\"]*)|\\1 /var/lib/ceph|' /etc/updatedb.conf", + unless => "test ! -f /etc/updatedb.conf || grep 'PRUNEPATHS *= *.*/var/lib/ceph.*' /etc/updatedb.conf", + } +} diff --git a/f2s/resources/updatedb/meta.yaml b/f2s/resources/updatedb/meta.yaml new file mode 100644 index 00000000..f05727d0 --- /dev/null +++ b/f2s/resources/updatedb/meta.yaml @@ -0,0 +1,12 @@ +id: updatedb +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null + storage: + value: null diff --git a/f2s/resources/virtual_ips/actions/run.pp b/f2s/resources/virtual_ips/actions/run.pp new file mode 100644 index 00000000..b3f0fd1f --- /dev/null +++ b/f2s/resources/virtual_ips/actions/run.pp @@ -0,0 +1,3 @@ +notice('MODULAR: virtual_ips.pp') + +generate_vips() diff --git a/f2s/resources/virtual_ips/meta.yaml b/f2s/resources/virtual_ips/meta.yaml new file mode 100644 index 00000000..80e6f487 --- /dev/null +++ b/f2s/resources/virtual_ips/meta.yaml @@ -0,0 +1,14 @@ +id: virtual_ips +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + network_metadata: + value: null + network_scheme: + value: null + puppet_modules: + value: null + role: + value: null diff --git a/f2s/resources/vmware-vcenter/actions/run.pp b/f2s/resources/vmware-vcenter/actions/run.pp new file mode 100644 index 00000000..aabbf3d8 --- /dev/null +++ b/f2s/resources/vmware-vcenter/actions/run.pp @@ -0,0 +1,19 @@ +notice('MODULAR: vmware/vcenter.pp') + +$use_vcenter = hiera('use_vcenter', false) +$vcenter_hash = hiera('vcenter_hash') +$public_vip = hiera('public_vip') +$use_neutron = hiera('use_neutron', false) +$ceilometer_hash = hiera('ceilometer',{}) +$debug = pick($vcenter_hash['debug'], hiera('debug', false)) + +if $use_vcenter { + class { 'vmware': + vcenter_settings => $vcenter_hash['computes'], + vlan_interface => $vcenter_hash['esxi_vlan_interface'], + use_quantum => $use_neutron, + vnc_address => $public_vip, + ceilometer => $ceilometer_hash['enabled'], + debug => $debug, + } +} diff --git a/f2s/resources/vmware-vcenter/meta.yaml b/f2s/resources/vmware-vcenter/meta.yaml new file mode 100644 index 00000000..ccead16c --- /dev/null +++ b/f2s/resources/vmware-vcenter/meta.yaml @@ -0,0 +1,24 @@ +id: vmware-vcenter +handler: puppetv2 +version: '8.0' +inputs: + ceilometer: + value: null + debug: + value: null + fqdn: + value: null + novanetwork_parameters: + value: null + public_vip: + value: null + puppet_modules: + value: null + role: + value: null + use_neutron: + value: null + use_vcenter: + value: null + vcenter_hash: + value: null diff --git a/f2s/resources/workloads_collector_add/actions/run.pp b/f2s/resources/workloads_collector_add/actions/run.pp new file mode 100644 index 00000000..c9a8dbc6 --- /dev/null +++ b/f2s/resources/workloads_collector_add/actions/run.pp @@ -0,0 +1,21 @@ +notice('MODULAR: keystone/workloads_collector_add.pp') + +$workloads_hash = hiera('workloads_collector', {}) +$service_endpoint = hiera('service_endpoint') + +$haproxy_stats_url = "http://${service_endpoint}:10000/;csv" + +haproxy_backend_status { 'keystone-admin' : + name => 'keystone-2', + count => '200', + step => '6', + url => $haproxy_stats_url, +} -> + +class { 'openstack::workloads_collector': + enabled => $workloads_hash['enabled'], + workloads_username => $workloads_hash['username'], + workloads_password => $workloads_hash['password'], + workloads_tenant => $workloads_hash['tenant'], + workloads_create_user => true, +} diff --git a/f2s/resources/workloads_collector_add/meta.yaml b/f2s/resources/workloads_collector_add/meta.yaml new file mode 100644 index 00000000..19d04b77 --- /dev/null +++ b/f2s/resources/workloads_collector_add/meta.yaml @@ -0,0 +1,14 @@ +id: workloads_collector_add +handler: puppetv2 +version: '8.0' +inputs: + fqdn: + value: null + puppet_modules: + value: null + role: + value: null + service_endpoint: + value: null + workloads_collector: + value: null diff --git a/requirements.txt b/requirements.txt index b4a24369..2ef88140 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,9 +3,9 @@ ply click==4.0 jinja2==2.7.3 networkx>=1.10 -PyYAML>=3.1.0 +PyYAML jsonschema==2.4.0 -requests==2.7.0 +requests dictdiffer==0.4.0 enum34==1.0.4 redis==2.10.3