diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..279f58d --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +.build +*.rpm +*.deb +deployment_scripts/modules/murano diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.md b/README.md new file mode 100644 index 0000000..10d0f90 --- /dev/null +++ b/README.md @@ -0,0 +1,4 @@ +fuel-plugin-murano +================== + +Plugin description diff --git a/components.yaml b/components.yaml new file mode 100644 index 0000000..9d49189 --- /dev/null +++ b/components.yaml @@ -0,0 +1,19 @@ +- name: additional_service:detach-murano + description: "Murano is an application catalog, which allows application developers and cloud administrators to publish various cloud-ready applications in a browsable categorized catalog, which may be used by the cloud users (including the inexperienced ones) to pick-up the needed applications and services and composes the reliable environments out of them in a “push-the-button” manner." + label: "Install Murano plugin" + compatible: + - name: hypervisor:qemu + - name: hypervisor:vmware + - name: network:neutron:core:ml2 + - name: network:neutron:ml2:vlan + - name: network:neutron:ml2:tun + - name: storage:block:lvm + - name: storage:block:ceph + - name: storage:object:ceph + - name: storage:ephemeral:ceph + - name: storage:image:ceph + - name: additional_service:sahara + - name: additional_service:ceilometer + - name: additional_service:ironic + incompatible: + - name: additional_service:murano diff --git a/deployment_scripts/manifests/murano.pp b/deployment_scripts/manifests/murano.pp new file mode 100644 index 0000000..b250c83 --- /dev/null +++ b/deployment_scripts/manifests/murano.pp @@ -0,0 +1,173 @@ +notice('MURANO PLUGIN: murano.pp') + +prepare_network_config(hiera_hash('network_scheme', {})) + +$murano_hash = hiera_hash('murano', {}) +$murano_plugins = pick($murano_hash['plugins'], {}) +$rabbit_hash = hiera_hash('rabbit', {}) +$neutron_config = hiera_hash('neutron_config', {}) +$public_ssl_hash = hiera_hash('public_ssl', {}) +$ssl_hash = hiera_hash('use_ssl', {}) +$external_dns = hiera_hash('external_dns', {}) +$primary_murano = roles_include(['primary-murano-node']) +$public_ip = hiera('public_vip') +$database_ip = hiera('database_vip') +$management_ip = hiera('management_vip') +$region = hiera('region', 'RegionOne') +$use_neutron = hiera('use_neutron', false) +$service_endpoint = hiera('service_endpoint') +$syslog_log_facility_murano = hiera('syslog_log_facility_murano') +$debug = pick($murano_hash['debug'], hiera('debug', false)) +$verbose = pick($murano_hash['verbose'], hiera('verbose', true)) +$default_log_levels = hiera_hash('default_log_levels', {}) +$use_syslog = hiera('use_syslog', true) +$use_stderr = hiera('use_stderr', false) +$rabbit_ha_queues = hiera('rabbit_ha_queues', false) +$amqp_port = hiera('amqp_port') +$amqp_hosts = hiera('amqp_hosts') +$external_lb = hiera('external_lb', false) + +$internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') +$internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_ip]) +$admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') +$admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('keystone_endpoint', ''), $service_endpoint, $management_ip]) +$api_bind_host = get_network_role_property('management', 'ipaddr') + +if $use_neutron { + $external_network = try_get_value($neutron_config, 'default_floating_net', 'net04_ext') + $default_router = 'murano-default-router' +} else { + $external_network = undef + $default_router = undef +} + +$firewall_rule = '202 murano-api' +$api_bind_port = '8082' + +$murano_user = pick($murano_hash['user'], 'murano') +$murano_password = $murano_hash['user_password'] +$tenant = pick($murano_hash['tenant'], 'services') + +$db_type = 'mysql' +$db_user = pick($murano_hash['db_user'], 'murano') +$db_name = pick($murano_hash['db_name'], 'murano') +$db_password = pick($murano_hash['db_password']) +$db_host = pick($murano_hash['db_host'], $database_ip) +# LP#1526938 - python-mysqldb supports this, python-pymysql does not +if $::os_package_type == 'debian' { + $extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 } +} else { + $extra_params = { 'charset' => 'utf8' } +} +$db_connection = os_database_connection({ + 'dialect' => $db_type, + 'host' => $db_host, + 'database' => $db_name, + 'username' => $db_user, + 'password' => $db_password, + 'extra' => $extra_params +}) + +$repository_url = has_key($murano_hash, 'murano_repo_url') ? { + true => $murano_hash['murano_repo_url'], + default => 'http://storage.apps.openstack.org', +} + +####### Disable upstart startup on install ####### +tweaks::ubuntu_service_override { ['murano-api', 'murano-engine']: + package_name => 'murano', +} + +include ::firewall +firewall { $firewall_rule : + dport => $api_bind_port, + proto => 'tcp', + action => 'accept', +} + +if $murano_plugins and has_key($murano_plugins, 'glance_artifacts_plugin') and $murano_plugins['glance_artifacts_plugin']['enabled'] { + $packages_service = 'glance' + + package {'murano-glance-artifacts-plugin': + ensure => installed, + } +} else { + $packages_service = 'murano' +} + +class { '::murano' : + verbose => $verbose, + debug => $debug, + use_syslog => $use_syslog, + use_stderr => $use_stderr, + log_facility => $syslog_log_facility_murano, + database_connection => $db_connection, + sync_db => $primary_murano, + auth_uri => "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/", + admin_user => $murano_user, + admin_password => $murano_password, + admin_tenant_name => $tenant, + identity_uri => "${admin_auth_protocol}://${admin_auth_address}:35357/", + notification_driver => 'messagingv2', + use_neutron => $use_neutron, + packages_service => $packages_service, + rabbit_os_user => $rabbit_hash['user'], + rabbit_os_password => $rabbit_hash['password'], + rabbit_os_port => $amqp_port, + rabbit_os_host => split($amqp_hosts, ','), + rabbit_ha_queues => $rabbit_ha_queues, + rabbit_own_host => $public_ip, + rabbit_own_port => $murano_hash['rabbit']['port'], + rabbit_own_vhost => $murano_hash['rabbit']['vhost'], + rabbit_own_user => $rabbit_hash['user'], + rabbit_own_password => $rabbit_hash['password'], + default_router => $default_router, + default_nameservers => join($external_dns['dns_list'], ','), + service_host => $api_bind_host, + service_port => $api_bind_port, + external_network => $external_network, + use_trusts => true, +} + +class { '::murano::api': + host => $api_bind_host, + port => $api_bind_port, +} + +include ::murano::engine +include ::murano::client + +if $primary_murano { + murano::application { 'io.murano' : } +} + +$haproxy_stats_url = "http://${management_ip}:10000/;csv" +$murano_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http') +$murano_address = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$service_endpoint, $management_ip]) +$murano_url = "${murano_protocol}://${murano_address}:${api_bind_port}" +$lb_defaults = { 'provider' => 'haproxy', 'url' => $haproxy_stats_url } + +if $external_lb { + $lb_backend_provider = 'http' + $lb_url = $murano_url +} + +$lb_hash = { + 'murano-api' => { + name => 'murano-api', + provider => $lb_backend_provider, + url => $lb_url + } +} + +class {'::osnailyfacter::wait_for_keystone_backends':} -> +::osnailyfacter::wait_for_backend {'murano-api': + lb_hash => $lb_hash, + lb_defaults => $lb_defaults +} + +Service['murano-api'] -> + ::Osnailyfacter::Wait_for_backend['murano-api'] -> + Murano::Application['io.murano'] + +Firewall[$firewall_rule] -> Class['murano::api'] diff --git a/deployment_scripts/manifests/murano_cfapi.pp b/deployment_scripts/manifests/murano_cfapi.pp new file mode 100644 index 0000000..a8a0877 --- /dev/null +++ b/deployment_scripts/manifests/murano_cfapi.pp @@ -0,0 +1,69 @@ +notice('MURANO PLUGIN: murano_cfapi.pp') + +prepare_network_config(hiera_hash('network_scheme', {})) + +$access_hash = hiera_hash('access', {}) +$murano_cfapi_hash = hiera_hash('murano_cfapi', {}) +$cfapi_enabled = $murano_cfapi_hash['enabled'] +$public_ip = hiera('public_vip') +$management_ip = hiera('management_vip') +$public_ssl_hash = hiera_hash('public_ssl', {}) +$ssl_hash = hiera_hash('use_ssl', {}) +$service_endpoint = hiera('service_endpoint') +$external_lb = hiera('external_lb', false) + +$public_auth_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'protocol', 'http') +$public_auth_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'keystone', 'public', 'hostname', [$public_ip]) + +$cfapi_bind_host = get_network_role_property('management', 'ipaddr') +$cfapi_bind_port = '8083' + +$firewall_rule = '203 murano-cfapi' +include ::firewall +firewall { $firewall_rule : + dport => $cfapi_bind_port, + proto => 'tcp', + action => 'accept', +} + +####### Disable upstart startup on install ####### +tweaks::ubuntu_service_override { ['murano-cfapi']: + package_name => 'murano-cfapi', +} + +class { '::murano::cfapi' : + tenant => $access_hash['tenant'], + enabled => $cfapi_enabled, + bind_host => $cfapi_bind_host, + bind_port => $cfapi_bind_port, + auth_url => "${public_auth_protocol}://${public_auth_address}:5000/", +} + +if $cfapi_enabled { + $haproxy_stats_url = "http://${management_ip}:10000/;csv" + $murano_cfapi_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http') + $murano_cfapi_address = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$service_endpoint, $management_ip]) + $murano_cfapi_url = "${murano_cfapi_protocol}://${murano_cfapi_address}:${cfapi_bind_port}" + $lb_defaults = { 'provider' => 'haproxy', 'url' => $haproxy_stats_url } + + if $external_lb { + $lb_backend_provider = 'http' + $lb_url = $murano_cfapi_url + } + + $lb_hash = { + 'murano-cfapi' => { + name => 'murano-cfapi', + provider => $lb_backend_provider, + url => $lb_url + } + } + + ::osnailyfacter::wait_for_backend {'murano-cfapi': + lb_hash => $lb_hash, + lb_defaults => $lb_defaults + } + Service['murano-cfapi'] -> ::Osnailyfacter::Wait_for_backend['murano-cfapi'] +} + +Firewall[$firewall_rule] -> Class['murano::cfapi'] diff --git a/deployment_scripts/manifests/murano_dashboard.pp b/deployment_scripts/manifests/murano_dashboard.pp new file mode 100644 index 0000000..ca7b2d4 --- /dev/null +++ b/deployment_scripts/manifests/murano_dashboard.pp @@ -0,0 +1,30 @@ +notice('MURANO PLUGIN: murano_dashboard.pp') + +$murano_hash = hiera_hash('murano', {}) +$murano_plugins = $murano_hash['plugins'] +$repository_url = has_key($murano_hash, 'murano_repo_url') ? { + true => $murano_hash['murano_repo_url'], + default => 'http://storage.apps.openstack.org', +} +if has_key($murano_plugins, 'glance_artifacts_plugin') and $murano_plugins['glance_artifacts_plugin']['enabled'] { + $use_glare = true +} else { + $use_glare = false +} + +include ::murano::params +include ::murano::client +include ::horizon::params + +ensure_resource('service', 'httpd', { + 'ensure' => 'running', + 'enable' => true, + 'restart' => true, + 'name' => $::horizon::params::http_service, +}) + +class { '::murano::dashboard': + enable_glare => $use_glare, + repo_url => $repository_url, + sync_db => false, +} diff --git a/deployment_scripts/manifests/murano_db.pp b/deployment_scripts/manifests/murano_db.pp new file mode 100644 index 0000000..38bfcc4 --- /dev/null +++ b/deployment_scripts/manifests/murano_db.pp @@ -0,0 +1,45 @@ +notice('MURANO PLUGIN: murano_db.pp') + +$murano_hash = hiera_hash('murano', {}) +$mysql_hash = hiera_hash('mysql', {}) +$management_vip = hiera('management_vip', undef) +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = pick($murano_hash['db_user'], 'murano') +$db_name = pick($murano_hash['db_name'], 'murano') +$db_password = pick($murano_hash['db_password'], $mysql_root_password) + +$db_host = pick($murano_hash['db_host'], $database_vip) +$db_create = pick($murano_hash['db_create'], $mysql_db_create) +$db_root_user = pick($murano_hash['root_user'], $mysql_root_user) +$db_root_password = pick($murano_hash['root_password'], $mysql_root_password) + +$allowed_hosts = [ 'localhost', '127.0.0.1', '%' ] + +class { '::openstack::galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), +} + +class { 'murano::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, +} + +class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, +} + +Class['openstack::galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['murano::db::mysql'] + +class mysql::server {} +include mysql::server diff --git a/deployment_scripts/manifests/murano_haproxy.pp b/deployment_scripts/manifests/murano_haproxy.pp new file mode 100644 index 0000000..4e7c155 --- /dev/null +++ b/deployment_scripts/manifests/murano_haproxy.pp @@ -0,0 +1,71 @@ +notice('MURANO PLUGIN: haproxy_murano.pp') + +$murano_hash = hiera_hash('murano',{}) +$murano_cfapi_hash = hiera_hash('murano_cfapi', {}) +$public_ssl_hash = hiera_hash('public_ssl', {}) +$ssl_hash = hiera_hash('use_ssl', {}) +$external_lb = hiera('external_lb', false) + +if (!$external_lb) { + $public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'murano', 'public', 'usage', false) + $public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'murano', 'public', 'path', ['']) + $internal_ssl = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'usage', false) + $internal_ssl_path = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'path', ['']) + + $server_names = $murano_hash['murano_nodes'] + $ipaddresses = $murano_hash['murano_ipaddresses'] + $murano_cfapi = pick($murano_cfapi_hash['enabled'], false) + $public_virtual_ip = hiera('public_vip') + $internal_virtual_ip = hiera('management_vip') + + Openstack::Ha::Haproxy_service { + internal_virtual_ip => $internal_virtual_ip, + ipaddresses => $ipaddresses, + public_virtual_ip => $public_virtual_ip, + server_names => $server_names, + public => true, + } + + openstack::ha::haproxy_service { 'murano-api': + order => '190', + listen_port => 8082, + public_ssl => $public_ssl, + public_ssl_path => $public_ssl_path, + internal_ssl => $internal_ssl, + internal_ssl_path => $internal_ssl_path, + require_service => 'murano_api', + haproxy_config_options => { + 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', + }, + } + + if $murano_cfapi { + openstack::ha::haproxy_service { 'murano-cfapi': + order => '192', + listen_port => 8083, + public_ssl => $public_ssl, + public_ssl_path => $public_ssl_path, + internal_ssl => $internal_ssl, + internal_ssl_path => $internal_ssl_path, + require_service => 'murano_cfapi', + haproxy_config_options => { + 'http-request' => 'set-header X-Forwarded-Proto https if { ssl_fc }', + }, + } + } + + openstack::ha::haproxy_service { 'murano_rabbitmq': + order => '191', + listen_port => 55572, + define_backups => true, + internal => false, + haproxy_config_options => { + 'option' => ['tcpka'], + 'timeout client' => '48h', + 'timeout server' => '48h', + 'balance' => 'roundrobin', + 'mode' => 'tcp' + }, + balancermember_options => 'check inter 5000 rise 2 fall 3', + } +} diff --git a/deployment_scripts/manifests/murano_hiera_override.pp b/deployment_scripts/manifests/murano_hiera_override.pp new file mode 100644 index 0000000..384b859 --- /dev/null +++ b/deployment_scripts/manifests/murano_hiera_override.pp @@ -0,0 +1,66 @@ +notice('MURANO PLUGIN: murano_hiera_override.pp') + +$detach_murano_plugin = hiera('detach-murano', undef) +$hiera_dir = '/etc/hiera/plugins' +$plugin_name = 'detach-murano' +$plugin_yaml = "${plugin_name}.yaml" + +if $detach_murano_plugin { + $network_metadata = hiera_hash('network_metadata') + $murano_nodes = get_nodes_hash_by_roles($network_metadata, ['primary-murano-node', 'murano-node']) + $murano_address_map = get_node_to_ipaddr_map_by_network_role($murano_nodes, 'management') + $murano_nodes_ips = values($murano_address_map) + $murano_nodes_names = keys($murano_address_map) + $murano_cfapi_enabled = $detach_murano_plugin['murano_cfapi'] + $murano_repo_url = $detach_murano_plugin['murano_repo_url'] + $murano_glance_artifacts = $detach_murano_plugin['murano_glance_artifacts'] + $syslog_log_facility_murano = hiera('syslog_log_facility_murano', 'LOG_LOCAL0') + $default_log_levels = hiera('default_log_levels') + $murano_db_password = $detach_murano_plugin['murano_db_password'] + $murano_user_password = $detach_murano_plugin['murano_user_password'] + + ################### + $calculated_content = inline_template(' +murano: + murano_ipaddresses: +<% +@murano_nodes_ips.each do |muranoip| +%> - <%= muranoip %> +<% end -%> + murano_nodes: +<% +@murano_nodes_names.each do |muranoname| +%> - <%= muranoname %> +<% end -%> + rabbit: + vhost: "/" + port: "55572" + db_password: <%= @murano_db_password %> + user_password: <%= @murano_user_password %> + murano_repo_url: <%= @murano_repo_url %> + plugins: + glance_artifacts_plugin: + enabled: <%= @murano_glance_artifacts %> +murano_cfapi: + enabled: <%= @murano_cfapi_enabled %> +syslog_log_facility_murano: <%= @syslog_log_facility_murano %> +"murano::logging::default_log_levels": +<% +@default_log_levels.each do |k,v| +%> <%= k %>: <%= v %> +<% end -%> +') + + ################### + file {'/etc/hiera/override': + ensure => directory, + } -> + file { "${hiera_dir}/${plugin_yaml}": + ensure => file, + content => "${calculated_content}", + } + + package {'ruby-deep-merge': + ensure => 'installed', + } +} diff --git a/deployment_scripts/manifests/murano_keystone.pp b/deployment_scripts/manifests/murano_keystone.pp new file mode 100644 index 0000000..035b782 --- /dev/null +++ b/deployment_scripts/manifests/murano_keystone.pp @@ -0,0 +1,54 @@ +notice('MURANO PLUGIN: murano_keystone.pp') + +$murano_hash = hiera_hash('murano', {}) +$murano_cfapi_hash = hiera_hash('murano_cfapi', {}) +$public_ip = hiera('public_vip') +$management_ip = hiera('management_vip') +$region = hiera('region', 'RegionOne') +$public_ssl_hash = hiera('public_ssl') +$ssl_hash = hiera_hash('use_ssl', {}) + +$public_protocol = get_ssl_property($ssl_hash, $public_ssl_hash, 'murano', 'public', 'protocol', 'http') +$public_address = get_ssl_property($ssl_hash, $public_ssl_hash, 'murano', 'public', 'hostname', [$public_ip]) +$internal_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'protocol', 'http') +$internal_address = get_ssl_property($ssl_hash, {}, 'murano', 'internal', 'hostname', [$management_ip]) +$admin_protocol = get_ssl_property($ssl_hash, {}, 'murano', 'admin', 'protocol', 'http') +$admin_address = get_ssl_property($ssl_hash, {}, 'murano', 'admin', 'hostname', [$management_ip]) + +$api_bind_port = '8082' +$tenant = pick($murano_hash['tenant'], 'services') +$public_url = "${public_protocol}://${public_address}:${api_bind_port}" +$internal_url = "${internal_protocol}://${internal_address}:${api_bind_port}" +$admin_url = "${admin_protocol}://${admin_address}:${api_bind_port}" + +class {'::osnailyfacter::wait_for_keystone_backends':} +class { 'murano::keystone::auth': + password => $murano_hash['user_password'], + service_type => 'application-catalog', + region => $region, + tenant => $tenant, + public_url => $public_url, + internal_url => $internal_url, + admin_url => $admin_url, +} + +Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['murano::keystone::auth'] + +if $murano_cfapi_hash['enabled'] { + $cfapi_bind_port = '8083' + $cfapi_public_url = "${public_protocol}://${public_address}:${cfapi_bind_port}" + $cfapi_internal_url = "${internal_protocol}://${internal_address}:${cfapi_bind_port}" + $cfapi_admin_url = "${admin_protocol}://${admin_address}:${cfapi_bind_port}" + + class { 'murano::keystone::cfapi_auth': + password => $murano_hash['user_password'], + service_type => 'service-broker', + region => $region, + tenant => $tenant, + public_url => $cfapi_public_url, + internal_url => $cfapi_internal_url, + admin_url => $cfapi_admin_url, + } + + Class['::osnailyfacter::wait_for_keystone_backends'] -> Class['murano::keystone::cfapi_auth'] +} diff --git a/deployment_scripts/manifests/murano_logging.pp b/deployment_scripts/manifests/murano_logging.pp new file mode 100644 index 0000000..3a57438 --- /dev/null +++ b/deployment_scripts/manifests/murano_logging.pp @@ -0,0 +1,13 @@ +notice('MURANO PLUGIN: logging-murano.pp') + +$content=':syslogtag, contains, "murano" -/var/log/murano-all.log\n +### stop further processing for the matched entries\n +& ~' + +include ::rsyslog::params + +::rsyslog::snippet { '55-murano': + content => $content, +} + +Rsyslog::Snippet['55-murano'] ~> Service[$::rsyslog::params::service_name] diff --git a/deployment_scripts/manifests/murano_rabbitmq.pp b/deployment_scripts/manifests/murano_rabbitmq.pp new file mode 100644 index 0000000..969c7e5 --- /dev/null +++ b/deployment_scripts/manifests/murano_rabbitmq.pp @@ -0,0 +1,62 @@ +notice('MODULAR: murano/rabbitmq.pp') + +$rabbit_hash = hiera_hash('rabbit', {}) +$murano_hash = hiera_hash('murano', {}) + +if $rabbit_hash == {} { + fail('No rabbit_hash defined') +} +if !$rabbit_hash['password'] { + fail('Rabbit password is not set') +} + +$rabbit_user = pick($rabbit_hash['user'], 'nova') +$rabbit_password = $rabbit_hash['password'] +$rabbit_vhost = $murano_hash['rabbit']['vhost'] + +$rabbit_node_name = 'murano@localhost' +$rabbit_service_name = 'murano-rabbitmq' + +################################################################# + +package { 'murano-rabbitmq': + ensure => present, +} + +service { $rabbit_service_name : + ensure => 'running', + name => $rabbit_service_name, + enable => true, +} + +exec { 'remove_murano_guest' : + command => "rabbitmqctl -n '${rabbit_node_name}' delete_user guest", + onlyif => "rabbitmqctl -n '${rabbit_node_name}' list_users | grep -qE '^guest\\s*\\['", + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], +} + +exec { 'create_murano_user' : + command => "rabbitmqctl -n '${rabbit_node_name}' add_user '${rabbit_user}' '${rabbit_password}'", + unless => "rabbitmqctl -n '${rabbit_node_name}' list_users | grep -qE '^${rabbit_user}\\s*\\['", + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], +} + +exec { 'create_murano_vhost' : + command => "rabbitmqctl -n '${rabbit_node_name}' add_vhost '${rabbit_vhost}'", + unless => "rabbitmqctl -n '${rabbit_node_name}' list_vhosts | grep -qE '^${rabbit_vhost}$'", + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], +} + +exec { 'set_murano_user_permissions' : + command => "rabbitmqctl -n '${rabbit_node_name}' set_permissions -p '${rabbit_vhost}' '${rabbit_user}' '.*' '.*' '.*'", + unless => "rabbitmqctl -n '${rabbit_node_name}' list_user_permissions '${rabbit_user}' | grep -qE '^${rabbit_vhost}\\s*\\.\\*\\s*\\.\\*\\s*\\.\\*$'", + path => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ], +} + +Package['murano-rabbitmq'] ~> Service[$rabbit_service_name] + +Service[$rabbit_service_name] -> + Exec['remove_murano_guest'] -> + Exec['create_murano_user'] -> + Exec['create_murano_vhost'] -> + Exec['set_murano_user_permissions'] diff --git a/deployment_scripts/manifests/update_openrc.pp b/deployment_scripts/manifests/update_openrc.pp new file mode 100644 index 0000000..3791924 --- /dev/null +++ b/deployment_scripts/manifests/update_openrc.pp @@ -0,0 +1,71 @@ +notice('MURANO PLUGIN: update_openrc.pp') + +$murano_hash = hiera_hash('murano', {}) +$murano_plugins = $murano_hash['plugins'] +$murano_repo_url = $murano_hash['murano_repo_url'] + +$operator_user_hash = hiera_hash('operator_user', {}) +$service_user_hash = hiera_hash('service_user', {}) +$operator_user_name = pick($operator_user_hash['name'], 'fueladmin') +$operator_user_homedir = pick($operator_user_hash['homedir'], '/home/fueladmin') +$service_user_name = pick($service_user_hash['name'], 'fuel') +$service_user_homedir = pick($service_user_hash['homedir'], '/var/lib/fuel') + +file_line { 'murano_repo_url root': + line => "export MURANO_REPO_URL=\'${murano_repo_url}\'", + match => '^export\ MURANO_REPO_URL\=', + path => '/root/openrc', +} + +file_line { "murano_repo_url ${operator_user_name}": + line => "export MURANO_REPO_URL=\'${murano_repo_url}\'", + match => '^export\ MURANO_REPO_URL\=', + path => "${operator_user_homedir}/openrc", +} + +file_line { "murano_repo_url ${service_user_name}": + line => "export MURANO_REPO_URL=\'${murano_repo_url}\'", + match => '^export\ MURANO_REPO_URL\=', + path => "${service_user_homedir}/openrc", +} + +if has_key($murano_plugins, 'glance_artifacts_plugin') and $murano_plugins['glance_artifacts_plugin']['enabled'] { + file_line { 'murano_glare_plugin root': + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => '/root/openrc', + } + + file_line { "murano_glare_plugin ${operator_user_name}": + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => "${operator_user_homedir}/openrc", + } + + file_line { "murano_glare_plugin ${service_user_name}": + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => "${service_user_homedir}/openrc", + } +} else { + file_line { 'murano_glare_plugin': + ensure => absent, + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => '/root/openrc', + } + + file_line { "murano_glare_plugin ${operator_user_name}": + ensure => absent, + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => "${operator_user_homedir}/openrc", + } + + file_line { "murano_glare_plugin ${service_user_name}": + ensure => absent, + line => "export MURANO_PACKAGES_SERVICE='glance'", + match => '^export\ MURANO_PACKAGES_SERVICE\=', + path => "${service_user_homedir}/openrc", + } +} diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml new file mode 100644 index 0000000..cf3f741 --- /dev/null +++ b/deployment_tasks.yaml @@ -0,0 +1,174 @@ +- id: primary-murano-node + type: group + role: [primary-murano-node] + tasks: &common_tasks + - hiera + - setup_repositories + - fuel_pkgs + - globals + - tools + - logging + - netconfig + - hosts + required_for: [deploy_end] + requires: [primary-controller] + parameters: + strategy: + type: one_by_one + +- id: murano-node + type: group + role: [murano-node] + tasks: *common_tasks + required_for: [deploy_end] + requires: [primary-murano-node] + parameters: + strategy: + type: parallel + +- id: hiera-murano-override + version: 2.0.0 + type: puppet + groups: ['primary-controller', 'controller', 'primary-murano-node', 'murano-node'] + required_for: [logging] + requires: [globals] + parameters: + puppet_manifest: manifests/murano_hiera_override.pp + puppet_modules: /etc/puppet/modules + timeout: 120 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-keystone-endpoints + version: 2.0.0 + type: puppet + groups: ['primary-controller'] + required_for: [murano-controller-end] + requires: [primary-keystone, keystone] + cross-depends: + - name: keystone + parameters: + puppet_manifest: manifests/murano_keystone.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 1800 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-database + version: 2.0.0 + type: puppet + groups: ['primary-controller'] + cross-depends: + - name: /(primary-)?database/ + required_for: [murano-controller-end] + requires: [primary-database, database] + parameters: + puppet_manifest: manifests/murano_db.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 1800 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-dashboard + version: 2.0.0 + type: puppet + groups: ['primary-controller','controller'] + required_for: [murano-controller-end] + requires: [horizon] + parameters: + puppet_manifest: manifests/murano_dashboard.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 1800 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-controller-end + version: 2.0.0 + type: skipped + groups: ['primary-controller','controller'] + required_for: [deploy_end] + requires: [] + +- id: murano-update-openrc + version: 2.0.0 + type: puppet + groups: ['primary-controller', 'controller'] + required_for: [murano-controller-end] + requires: [primary-keystone, keystone] + cross-depends: + - name: keystone + parameters: + puppet_manifest: manifests/update_openrc.pp + puppet_modules: /etc/puppet/modules + timeout: 120 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-haproxy + version: 2.0.0 + type: puppet + groups: ['primary-controller', 'controller'] + required_for: [murano-controller-end] + requires: [deploy_start, primary-cluster-haproxy, cluster-haproxy] + cross-depends: + - name: /(primary-)?cluster-haproxy/ + role: self + parameters: + puppet_manifest: manifests/murano_haproxy.pp + puppet_modules: /etc/puppet/modules + timeout: 300 + # reexecute_on is needed for scale-down operations + reexecute_on: + - deploy_changes + +- id: murano-logging + version: 2.0.0 + type: puppet + groups: ['primary-murano-node', 'murano-node'] + required_for: [murano-services] + requires: [logging] + parameters: + puppet_manifest: manifests/murano_logging.pp + puppet_modules: /etc/puppet/modules + timeout: 1800 + +- id: murano-services + version: 2.0.0 + type: puppet + groups: ['primary-murano-node', 'murano-node'] + required_for: [deploy_end] + requires: [hosts] + cross-depends: + - name: murano-controller-end + parameters: + puppet_manifest: manifests/murano.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 3600 + +- id: murano-node-rabbitmq + version: 2.0.0 + type: puppet + groups: ['primary-murano-node', 'murano-node'] + required_for: [murano-services] + requires: [hosts] + parameters: + puppet_manifest: manifests/murano_rabbitmq.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 1800 + +- id: murano-node-cfapi + version: 2.0.0 + type: puppet + groups: ['primary-murano-node', 'murano-node'] + required_for: [deploy_end] + requires: [murano-services] + parameters: + puppet_manifest: manifests/murano_cfapi.pp + puppet_modules: /etc/puppet/modules:modules + timeout: 3600 + condition: "settings:detach-murano.murano_cfapi.value == true" diff --git a/environment_config.yaml b/environment_config.yaml new file mode 100644 index 0000000..4304fac --- /dev/null +++ b/environment_config.yaml @@ -0,0 +1,45 @@ +attributes: + metadata: + group: 'openstack_services' + restrictions: + - condition: "settings:additional_components.murano.value == true" + message: "Murano plugin can't be deployed with enabled Murano from box" + murano_repo_url: + value: "http://storage.apps.openstack.org/" + label: "Murano Repository URL" + description: "" + weight: 10 + type: "text" + regex: + source: '^(http(s?):\/\/)?([a-zA-Z\d]+[a-zA-Z\d_\-.]*)(:[0-9]+)?(\/[a-zA-Z0-9_\-\s.\/\?%#&=]*)?$' + error: "Invalid URL, ie: http://storage.apps.openstack.org/" + murano_user_password: + value: '' + label: 'User password' + description: 'The password of the Murano user' + weight: 11 + type: "password" + regex: + source: '^[\S]{4,}$' + error: "You must provide a password with at least 4 characters" + murano_db_password: + value: '' + label: 'DB User password' + description: 'The password of the Murano user in database' + weight: 12 + type: "password" + regex: + source: '^[\S]{4,}$' + error: "You must provide a password with at least 4 characters" + murano_cfapi: + value: false + label: "Install Murano service broker for Cloud Foundry" + description: "If selected, Murano service broker will be installed" + weight: 20 + type: "checkbox" + murano_glance_artifacts: + value: true + label: "Enable glance artifact repository" + description: "If selected glance artifact repository will be enabled" + weight: 30 + type: "checkbox" diff --git a/functions.sh b/functions.sh new file mode 100644 index 0000000..c07df71 --- /dev/null +++ b/functions.sh @@ -0,0 +1,45 @@ +#!/bin/bash +# Copyright 2016 Mirantis, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eux + +ROOT="$(dirname "$(readlink -f "$0")")" +MODULES_DIR="${ROOT}"/deployment_scripts/modules +RPM_REPO="${ROOT}"/repositories/centos/ +DEB_REPO="${ROOT}"/repositories/ubuntu/ + +# Download RPM or DEB packages and store them in the local repository directory +function download_package { + while [ $# -gt 0 ]; do + if [[ "$1" == *.deb ]]; then + REPO=$DEB_REPO + elif [[ "$1" == *.rpm ]]; then + REPO=$RPM_REPO + else + echo "Invalid URL for download_package(): $1" + fi + + FILE=$(basename "$1") + wget -qO - "$1" > "$REPO"/"$FILE" + shift + done +} + +# Download official Puppet module and store it in the local directory +function download_puppet_module { + rm -rf "${MODULES_DIR:?}"/"$1" + mkdir -p "${MODULES_DIR}"/"$1" + wget -qO- "$2" | tar -C "${MODULES_DIR}/$1" --strip-components=1 -xz +} diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..653dd20 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,19 @@ +name: detach-murano +title: Murano plugin +version: '1.0.0' +description: Install Murano applications +fuel_version: ['9.0'] +licenses: ['Apache License Version 2.0'] +authors: ['Denis Egorenko', 'Mirantis'] +homepage: 'https://github.com/openstack/fuel-plugin-murano' +groups: ['network'] +is_hotpluggable: true + +releases: + - os: ubuntu + version: liberty-9.0 + mode: ['ha'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/ubuntu + +package_version: '4.0.0' diff --git a/node_roles.yaml b/node_roles.yaml new file mode 100644 index 0000000..b662a8f --- /dev/null +++ b/node_roles.yaml @@ -0,0 +1,8 @@ +murano-node: + name: "Murano node" + description: "" + has_primary: true + public_ip_required: false + weight: 100 + limits: + min: 1 diff --git a/pre_build_hook b/pre_build_hook new file mode 100755 index 0000000..7afa733 --- /dev/null +++ b/pre_build_hook @@ -0,0 +1,9 @@ +#!/bin/bash +set -eux + +. "$(dirname "$(readlink -f "$0")")"/functions.sh + +MURANO_REF="master" +MURANO_TARBALL_URL="https://github.com/openstack/puppet-murano/archive/${MURANO_REF}.tar.gz" + +download_puppet_module "murano" ${MURANO_TARBALL_URL} diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/volumes.yaml b/volumes.yaml new file mode 100644 index 0000000..72f6d98 --- /dev/null +++ b/volumes.yaml @@ -0,0 +1,4 @@ +volumes: [] +volumes_roles_mapping: + murano-node: + - {allocate_size: "min", id: "os"}