stackforge
/
kickstack
Code Issues Proposed changes

Retire stackforge/kickstack

This commit is contained in:
Monty Taylor 2015-10-17 16:03:24 -04:00
parent 5619fd7695
commit 8c7846569e
78 changed files with 7 additions and 2659 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitreview
View File

@ -1,4 +0,0 @@
[gerrit]
host=review.openstack.org
port=29418
project=stackforge/kickstack.git

176
LICENSE
View File

@ -1,176 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.

13
Modulefile
View File

@ -1,13 +0,0 @@
name 'hastexo/kickstack'
version '0.2.9'
source 'https://github.com/hastexo/kickstack'
author 'Florian Haas,Syed Armani,Andreas Kurz,Martin Loschwitz'
license 'Apache License 2.0'
summary 'Rapid OpenStack deployment with puppet-dashboard or any other Puppet ENC'
description 'Puppet module to rapidly install and deploy OpenStack, based on the Stackforge Puppet modules, configurable through parameters from puppet-dashboard, Puppet Enterprise, The Foreman, or any other Puppet External Node Classifier (ENC)'
project_page 'https://github.com/hastexo/kickstack'
dependency 'hastexo/exportfact', '>= 0.1.1'
dependency 'puppetlabs/lvm', '>= 0.1.2'
dependency 'puppetlabs/openstack', '>= 4.0.0'
dependency 'rgevaert/pwgen', '>= 0.0.1'

37
README.md
View File

@ -1,37 +0,0 @@
# Important
Kickstack is now **retired**. It was originally conceived as a
simplified method of deploying OpenStack with a higher-level Puppet
abstraction than the then-available vendor deployment facilities
provided. During the OpenStack Icehouse and Juno releases, all major
OpenStack vendors released deployment facilities that render Kickstack
obsolete, and that is a good thing.
Some alternatives that you may want to try (note: this list was
written at the time of the OpenStack Juno release, and will not be
updated):
- Puppet based: Packstack/Quickstack (RDO), Staypuft (RHEL OSP), Fuel
(Mirantis OpenStack)
- Non Puppet based: Juju (Ubuntu), Crowbar (SUSE Cloud)
This repository is kept around for reference purposes only.
# Kickstack: Kickstart your OpenStack
Kickstack is a
pure-[Puppet](http://puppetlabs.com/puppet/what-is-puppet/) rapid
deployment system for [OpenStack](http://www.openstack.org). It uses
Puppet modules hosted at
[StackForge](http://ci.openstack.org/stackforge.html) that are also
available through the [Puppet Forge](http://forge.puppetlabs.com).
Kickstack adds a thin, pure-Puppet wrapper layer on top of these
modules that enables you to deploy an OpenStack cloud in minutes.
For more detailed information, see
* [What does Kickstack do?](doc/purpose.md)
* [What do I need to run Kickstack?](doc/prerequisites.md)
* [How do I enable nodes for Kickstack?](doc/deployment.md)

7
README.rst Normal file
View File

@ -0,0 +1,7 @@
This project is no longer maintained.
The contents of this repository are still available in the Git source code
management system. To see the contents of this repository before it reached
its end of life, please check out the previous commit with
"git checkout HEAD^1".

130
doc/deployment.md
View File

@ -1,130 +0,0 @@
# How do I enable nodes for Kickstack?
You have several options:
- Using straightforward text-based Puppet configuration, using
configuration files like `site.pp` and `nodes.pp`.
- Through a user interface that operates as a Puppet External Node
Classifier (ENC) and can assign nodes to classes. Examples for such
ENCs are the
[Puppet Dashboard](https://puppetlabs.com/puppet/related-projects/dashboard/),
the
[Puppet Enterprise](http://docs.puppetlabs.com/pe/3.0/index.html)
Console, and [The Foreman](http://theforeman.org/).
- Writing your own ENC.
Regardless of which option you choose, you enable OpenStack node roles
by assigning nodes to one or several of the Kickstack
classes. Likewise, you can tweak your configuration by setting any of
the global variables that Kickstack understands (which, by default,
are all prefixed with `kickstack_` so they do not collide with other
global variables that are already in your configuration).
**Eeeek! Global variables? Really?** Relax. All Kickstack classes
inherit from a common base class, [`kickstack`](../manifests/init.pp),
which is a perfectly normal parameterized class. It is just that the
default values of the parameters of that class can be set with global
variables,
[falling back to reasonable defaults if the global variable is undefined](../manifests/params.pp). That
enables Kickstack to just `include` all of its classes, making their
use very simple, while still retaining the ability to configure
everything to your needs. If you don't like the global variables
approach, that's perfectly fine, you can still use Kickstack's classes
directly and set the parameters within your class declarations.
## Using Kickstack without an ENC
If you _do not_ run an ENC, then your Kickstack configuration goes
into standard Puppet manifests like `site.pp` and `nodes.pp`. A
Kickstack-enabled small OpenStack cloud with a handful of nodes might
look like this:
```puppet
node alice {
include kickstack::node::infrastructure
include kickstack::node::auth
include kickstack::node::controller
include kickstack::node::api
include kickstack::node::storage
include kickstack::node::dashboard
}
node bob {
include kickstack::node::network
}
node default {
include kickstack::node::compute
}
```
In this configuration, your node `alice` is your controller and API
node that also hosts your database, AMQP server and dashboard, `bob`
is your network node, and all other nodes are compute nodes.
Modifying your configuration is achieved through the use of global
variables prefixed with `kickstack_`. For example, you might want to
use Apache Qpid instead of the default RabbitMQ as your AMQP server:
```puppet
kickstack_rpc = 'qpid'
node alice {
include kickstack::node::infrastructure
include kickstack::node::auth
# ... continued as above
```
Note that this approach is not very scalable and perhaps not the most
user-friendly, but it does give you the opportunity to keep all of
your Kickstack-related configuration in a single set of (hopefully
version-controlled) plain text files.
## Using Kickstack with an existing ENC
If your Puppet configuration includes an External Node Classifier
(ENC), then that ENC will give you the opportunity of defining
classes, assigning them to nodes, and also setting parameters (on a
per-node or per-group level).
For example, Puppet Dashboard enables you to create classes (matching
the classes defined in your Puppet module configuration) and set
parameters (passed into your configuration as global variables). You
may want to pre-populate your Puppet dashboard database with classes
and a `kickstack` group before adding nodes:
```sql
INSERT INTO node_classes (name, created_at, updated_at)
VALUES (
('kickstack::node::infrastructure',NOW(),NOW()),
('kickstack::node::auth',NOW(),NOW()),
('kickstack::node::api',NOW(),NOW()),
('kickstack::node::controller',NOW(),NOW()),
('kickstack::node::storage',NOW(),NOW()),
('kickstack::node::dashboard',NOW(),NOW()),
('kickstack::node::network',NOW(),NOW()),
('kickstack::node::compute',NOW(),NOW())
);
INSERT INTO node_groups (name, created_at, updated_at)
VALUES (
('kickstack',NOW(),NOW())
);
```
Then, you can assign classes to nodes from the Puppet Dashboard, and
also add them to the `kickstack` group. Then, you set your parameters
for the `kickstack` group, and all the member nodes will automatically
inherit them.
## Using Kickstack with your own ENC
Writing a Puppet ENC is beyond the scope of this README, please refer
to the
[Puppet documentation](http://docs.puppetlabs.com/guides/external_nodes.html)
for details.
If you already have a self-written ENC, however, all you need to do to
make Kickstack work is to have it include the appropriate
`kickstack::node::` classes in the YAML output for your nodes, and set
the `kickstack_` variables for them.

51
doc/prerequisites.md
View File

@ -1,51 +0,0 @@
# What do I need to run Kickstack?
## Puppet prerequisites
First, you obviously need a Puppet master, running Puppet 3 or
later.
There is one non-default configuration option that you have to enable
for Kickstack to function, which is support for Exported
Resources. Please see
[the Puppet documentation on Exported Resources](http://docs.puppetlabs.com/puppet/2.7/reference/lang_exported.html)
for details.
Just as obviously, your OpenStack nodes need to be configured as
Puppet agents, also running Puppet 3 or later, properly authenticated
to the master and able to run `puppet agent`.
## Puppet modules
All of Kickstack's dependencies are available as published modules on
the Puppet Forge. You can install Kickstack, along with all of its
dependencies, with one simple command:
puppet module install hastexo-kickstack
## Networking prerequisites
Kickstack requires that your cloud infrastructure has access to 3
different networks:
* The **management network,** which your cloud nodes use for access to
the database, RPC service, and OpenStack APIs.
* The **data network,** which runs the internal, virtual networks
managed by OpenStack Networking.
* The **external network**, which connects your cloud to the outside
world.
Kickstack by default assumes that on your nodes,
* the management network is connected to **eth0**,
* the data network is connected to **eth1**,
* the external network is connected to **eth2**.
If you configuration does not match that assumption, you can override
the defaults by setting the `kickstack_nic_management`,
`kickstack_nic_data` and `kickstack_nic_external` parameters,
respectively.
Kickstack will properly read these interfaces' IP addresses from your
nodes' network configuration, but it will not touch that network
configuration itself.

59
doc/purpose.md
View File

@ -1,59 +0,0 @@
# What does Kickstack do?
Kickstack operates on the assumption that in an OpenStack cluster
_nodes_ (physical servers) fulfill certain _roles._ These roles are
* _atomic,_ meaning that typically, the services belonging to a role
are not split across several nodes; and
* _composable,_ meaning it is perfectly feasible for any node to have
several roles at the same time.
Note that this, of course, includes the possibility of one node role
being deployed onto several nodes -- for the purpose of either
scalability or high availability.
In Kickstack, you simply assign roles to nodes, optionally set
parameters to modify your service configuration, and let Puppet do the
rest.
## High-level configuration
Kickstack places an emphasis on high-level configuration, rather than
forcing you to deal with little details. For example, switching your
entire infrastructure from one RPC server to another simply means
changing one configuration parameter, `kickstack_rpc`, from `rabbitmq`
to `qpid`. Then, Kickstack will not only install and configure that
service for you, but also reconfigure *all* your dependent services to
use the new RPC server type.
Likewise, Kickstack will auto-configure service passwords and make
them known to the services that need them. It will also inform
services of the network information and credentials they need to to
connect to other services, etc.
## Order of service deployment
In OpenStack, certain services must be deployed in a certain
order. For example, database and RPC server must come first, then we
can install Keystone for authentication. Once Keystone is set up, we
can add service endpoints, and so forth.
Kickstack enforces this order of service deployment across all the
nodes it manages. For example, while it is perfectly fine to designate
a node as a Keystone authentication node, the Puppet runs on that node
will essentially be empty until a configured Keystone database is
known to the system. Likewise, a compute node will just not install
until there is a Nova API service to manage it.
## Shared information between nodes
To share information between nodes, Kickstack makes use of the
`exportfact` module. Exportfact is a simple module that uses Puppet
Exported Resources to share Facts between nodes. These facts obviously
contain potentially sensitive information such as passwords which,
while they are transmitted securely *between* nodes (between the
Puppet agent and master), are stored unencrypted both on the Puppet
master and on the Puppet agent. Since this is no different from what
would normally be stored on an OpenStack node anyway -- in files that
are only readable by `root` and the respective service user, such as
`cinder` -- this adds no significant *additional* security exposure.

2
files/mysql/skip-name-resolve.cnf
View File

@ -1,2 +0,0 @@
[mysqld]
skip-name-resolve

8
manifests/ceilometer/agent/compute.pp
View File

@ -1,8 +0,0 @@
class kickstack::ceilometer::agent::compute inherits kickstack {
include kickstack::ceilometer::config
include kickstack::ceilometer::auth
class { '::ceilometer::agent::compute': }
}

12
manifests/ceilometer/agent/metering.pp
View File

@ -1,12 +0,0 @@
class kickstack::ceilometer::agent::metering inherits kickstack {
include kickstack::ceilometer::config
include kickstack::ceilometer::auth
class { '::ceilometer::collector': }
class { '::ceilometer::agent::central':
require => Class['::ceilometer::collector'],
}
}

26
manifests/ceilometer/api.pp
View File

@ -1,26 +0,0 @@
class kickstack::ceilometer::api inherits kickstack {
include kickstack::ceilometer::config
include pwgen
$auth_host = getvar("${fact_prefix}keystone_internal_address")
$service_password = pick(getvar("${fact_prefix}ceilometer_keystone_password"),pwgen())
$sql_conn = getvar("${fact_prefix}ceilometer_sql_connection")
class { '::ceilometer::api':
keystone_host => $auth_host,
keystone_tenant => $kickstack::keystone_service_tenant,
keystone_user => 'ceilometer',
keystone_password => $service_password,
}
kickstack::endpoint { 'ceilometer':
service_password => $service_password,
require => Class['::ceilometer::api']
}
class { '::ceilometer::db':
database_connection => $sql_conn,
}
}

15
manifests/ceilometer/auth.pp
View File

@ -1,15 +0,0 @@
class kickstack::ceilometer::auth inherits kickstack {
$auth_host = getvar("${fact_prefix}keystone_internal_address")
$service_password = getvar("${fact_prefix}ceilometer_keystone_password")
$auth_url = "http://${auth_host}:5000/v2.0"
class { '::ceilometer::agent::auth':
auth_url => $auth_url,
auth_region => $::kickstack::keystone_region,
auth_user => 'ceilometer',
auth_password => $service_password,
auth_tenant_name => $::kickstack::keystone_service_tenant,
}
}

52
manifests/ceilometer/config.pp
View File

@ -1,52 +0,0 @@
class kickstack::ceilometer::config inherits kickstack {
include pwgen
$admin_password = getvar("${fact_prefix}ceilometer_keystone_password")
$sql_conn = getvar("${fact_prefix}ceilometer_sql_connection")
$existing_secret = getvar("${fact_prefix}ceilometer_metering_secret")
if $existing_secret {
$metering_secret = $existing_secret
} else {
$metering_secret = pwgen()
kickstack::exportfact::export { 'ceilometer_metering_secret':
value => $metering_secret,
tag => 'ceilometer',
}
}
case "$::kickstack::rpc" {
'rabbitmq': {
$rabbit_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$rabbit_password = getvar("${fact_prefix}rabbit_password")
class { '::ceilometer':
package_ensure => $::kickstack::package_version,
metering_secret => $metering_secret,
rpc_backend => 'ceilometer.openstack.common.rpc.impl_kombu',
rabbit_host => $rabbit_host,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $::kickstack::rabbit_virtual_host,
rabbit_userid => $::kickstack::rabbit_userid,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
'qpid': {
$qpid_hostname = getvar("${::kickstack::fact_prefix}qpid_hostname")
$qpid_password = getvar("${fact_prefix}qpid_password")
class { '::ceilometer':
package_ensure => $::kickstack::package_version,
metering_secret => $metering_secret,
rpc_backend => 'ceilometer.openstack.common.rpc.impl_qpid',
qpid_hostname => $qpid_hostname,
qpid_password => $qpid_password,
qpid_realm => $::kickstack::qpid_realm,
qpid_user => $::kickstack::qpid_user,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
}
}

5
manifests/ceilometer/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::ceilometer::db inherits kickstack {
kickstack::db { 'ceilometer': }
}

22
manifests/cinder/api.pp
View File

@ -1,22 +0,0 @@
class kickstack::cinder::api inherits kickstack {
include kickstack::cinder::config
include pwgen
$service_password = pick(getvar("${fact_prefix}cinder_keystone_password"),pwgen())
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
class { '::cinder::api':
keystone_tenant => $kickstack::keystone_service_tenant,
keystone_user => 'cinder',
keystone_password => $service_password,
keystone_auth_host => $keystone_internal_address,
keystone_auth_uri => "http://${keystone_internal_address}:5000/v2.0",
package_ensure => $::kickstack::package_version,
}
kickstack::endpoint { 'cinder':
service_password => $service_password,
require => Class['::cinder::api']
}
}

45
manifests/cinder/config.pp
View File

@ -1,45 +0,0 @@
class kickstack::cinder::config inherits kickstack {
$sql_conn = getvar("${fact_prefix}cinder_sql_connection")
case "$::kickstack::rpc" {
"rabbitmq": {
$rabbit_host = getvar("${fact_prefix}rabbit_host")
$rabbit_password = getvar("${fact_prefix}rabbit_password")
if $rabbit_host and $rabbit_password {
class { 'cinder':
sql_connection => "$sql_conn",
rpc_backend => 'cinder.openstack.common.rpc.impl_kombu',
rabbit_host => "$rabbit_host",
rabbit_virtual_host => "$::kickstack::rabbit_virtual_host",
rabbit_userid => "$::kickstack::rabbit_userid",
rabbit_password => $rabbit_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
else {
warning("Facts ${fact_prefix}rabbit_host or ${fact_prefix}rabbit_password unset, cannot configure cinder")
}
}
"qpid": {
$qpid_hostname = getvar("${fact_prefix}qpid_hostname")
$qpid_password = getvar("${fact_prefix}rabbit_password")
if $qpid_hostname and $qpid_password {
class { 'cinder':
sql_connection => "$sql_conn",
rpc_backend => 'cinder.openstack.common.rpc.impl_qpid',
qpid_hostname => "$qpid_hostname",
qpid_realm => "$::kickstack::qpid_realm",
qpid_username => "$::kickstack::qpid_username",
qpid_password => $qpid_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
else {
warning("Facts ${fact_prefix}qpid_hostname or ${fact_prefix}qpid_password unset, cannot configure cinder")
}
}
}
}

5
manifests/cinder/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::cinder::db inherits kickstack {
kickstack::db { 'cinder': }
}

9
manifests/cinder/scheduler.pp
View File

@ -1,9 +0,0 @@
class kickstack::cinder::scheduler inherits kickstack {
include kickstack::cinder::config
class { '::cinder::scheduler':
scheduler_driver => 'cinder.scheduler.simple.SimpleScheduler',
package_ensure => $::kickstack::package_version,
}
}

35
manifests/cinder/volume.pp
View File

@ -1,35 +0,0 @@
class kickstack::cinder::volume inherits kickstack {
include kickstack::cinder::config
class { '::cinder::volume':
package_ensure => $::kickstack::package_version,
}
case $::kickstack::cinder_backend {
'iscsi': {
$pv = "$::kickstack::cinder_lvm_pv"
$vg = "$::kickstack::cinder_lvm_vg"
physical_volume { "$pv":
ensure => present
}
volume_group { "$vg":
ensure => present,
physical_volumes => "$pv",
require => Physical_volume["$pv"]
}
class { '::cinder::volume::iscsi':
iscsi_ip_address => getvar("ipaddress_${nic_management}"),
require => Volume_group["$vg"]
}
}
'rbd': {
$rbd_secret_uuid = getvar("${fact_prefix}rbd_secret_uuid")
class { '::cinder::volume::rbd':
rbd_pool => $cinder_rbd_pool,
rbd_user => $cinder_rbd_user,
rbd_secret_uuid => $rbd_secret_uuid
}
}
}
}

32
manifests/database.pp
View File

@ -1,32 +0,0 @@
class kickstack::database inherits kickstack {
case $::kickstack::database {
'mysql': {
$mysql_service = 'mysql'
ensure_resource('class',
'mysql::server',
{ config_hash => {
'root_password' => $::kickstack::mysql_root_password,
'bind_address' => '0.0.0.0'
}})
ensure_resource('file',
'/etc/mysql/conf.d/skip-name-resolve.cnf',
{ source => 'puppet:///modules/kickstack/mysql/skip-name-resolve.cnf',
})
}
'postgresql': {
ensure_resource('class',
'postgresql::server',
{ config_hash => {
'ip_mask_deny_postgres_user' => '0.0.0.0/32',
'ip_mask_allow_all_users' => '0.0.0.0/0',
'listen_addresses' => '*',
'postgres_password' => $kickstack::postgres_password }})
}
default: {
fail("Unsupported value for \$::kickstack::database: ${::kickstack::database}")
}
}
}

53
manifests/db.pp
View File

@ -1,53 +0,0 @@
define kickstack::db {
include pwgen
$fact_prefix = $::kickstack::fact_prefix
$database = $::kickstack::database
$servicename = $name
$username = $name
# Retrieve the currently set password for the service from its
# kickstack_*_sql_connection fact.
# If it's unset, generate one and subsequently export it.
$sql_connection = getvar("${fact_prefix}${servicename}_sql_connection")
$sql_password = $sql_connection ? {
undef => pwgen(),
default => pick(regsubst(getvar("${fact_prefix}${servicename}_sql_connection"),
".*://${username}:(.*)@.*/${servicename}",
'\1'),
pwgen())
}
# Export facts about the database only after configuring the database
Class["${servicename}::db::${database}"] -> Exportfact::Export<| tag == "$database" |>
# Configure the service database (classes look like nova::db::mysql or
# glance::db:postgresql, for example).
# If running on mysql, set the "allowed_hosts" parameter to % so we
# can connect to the database from anywhere.
case "${database}" {
'mysql': {
class { "${servicename}::db::mysql":
user => $username,
password => $sql_password,
charset => 'utf8',
allowed_hosts => '%',
notify => Kickstack::Exportfact::Export["${name}_sql_connection"]
}
}
default: {
class { "${name}::db::${database}":
password => $sql_password
}
}
}
# Export the MySQL connection string for the service
kickstack::exportfact::export { "${name}_sql_connection":
value => "${database}://${name}:${sql_password}@${hostname}/${name}",
tag => "$database"
}
}

24
manifests/endpoint.pp
View File

@ -1,24 +0,0 @@
define kickstack::endpoint ( $service_password,
$servicename = $name,
$classname = 'auth',
$factname = "${name}_keystone_password" ) {
$fullclassname = "${servicename}::keystone::${classname}"
# Installs the service user endpoint.
class { $fullclassname:
password => $service_password,
public_address => "${hostname}${::kickstack::keystone_public_suffix}",
admin_address => "${hostname}${::kickstack::keystone_admin_suffix}",
internal_address => $hostname,
region => $::kickstack::keystone_region,
require => Class['::keystone'],
}
kickstack::exportfact::export { $factname:
value => $service_password,
tag => $servicename,
require => Class[$fullclassname]
}
}

10
manifests/exportfact/export.pp
View File

@ -1,10 +0,0 @@
define kickstack::exportfact::export (
$value
) {
::exportfact::export { "${kickstack::fact_prefix}${name}":
value => $value,
category => "$kickstack::fact_category"
}
}

33
manifests/glance/api.pp
View File

@ -1,33 +0,0 @@
class kickstack::glance::api inherits kickstack {
include kickstack::glance::config
include pwgen
$auth_host = getvar("${fact_prefix}keystone_internal_address")
$service_password = pick(getvar("${fact_prefix}glance_keystone_password"),pwgen())
$sql_conn = getvar("${fact_prefix}glance_sql_connection")
$reg_host = getvar("${fact_prefix}glance_registry_host")
class { '::glance::api':
verbose => $kickstack::verbose,
debug => $kickstack::debug,
auth_type => 'keystone',
auth_host => $auth_host,
keystone_tenant => $kickstack::keystone_service_tenant,
keystone_user => 'glance',
keystone_password => $service_password,
sql_connection => $sql_conn,
registry_host => $reg_host,
}
kickstack::endpoint { 'glance':
service_password => $service_password,
require => Class['::glance::api']
}
kickstack::exportfact::export { 'glance_api_host':
value => $hostname,
tag => 'glance',
require => Class['::glance::api']
}
}

5
manifests/glance/config.pp
View File

@ -1,5 +0,0 @@
class kickstack::glance::config inherits kickstack {
class { '::glance':
package_ensure => $::kickstack::package_version,
}
}

5
manifests/glance/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::glance::db inherits kickstack {
kickstack::db { 'glance': }
}

26
manifests/glance/registry.pp
View File

@ -1,26 +0,0 @@
class kickstack::glance::registry inherits kickstack {
include kickstack::glance::config
$service_password = getvar("${fact_prefix}glance_keystone_password")
$sql_conn = getvar("${fact_prefix}glance_sql_connection")
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
class { '::glance::registry':
verbose => $kickstack::verbose,
debug => $kickstack::debug,
auth_host => "$keystone_internal_address",
keystone_tenant => "$keystone_service_tenant",
keystone_user => 'glance',
keystone_password => "$service_password",
sql_connection => "$sql_conn",
}
# Export the registry host name string for the service
kickstack::exportfact::export { "glance_registry_host":
value => "${hostname}",
tag => "glance",
require => Class['::glance::registry']
}
}

58
manifests/heat/api.pp
View File

@ -1,58 +0,0 @@
class kickstack::heat::api inherits kickstack {
include pwgen
include ::kickstack::heat::config
$apis = split($::kickstack::heat_apis,',')
if 'heat' in $apis {
$heat_admin_password = pick(getvar("${fact_prefix}heat_keystone_password"),pwgen())
class { '::heat::api':
enabled => true,
}
kickstack::endpoint { 'heat':
service_password => $heat_admin_password,
require => Class['::heat::api']
}
kickstack::exportfact::export { 'heat_metadata_server':
value => $hostname,
tag => 'heat',
require => Class['::heat::api']
}
}
if 'cfn' in $apis {
$cfn_admin_password = pick(getvar("${fact_prefix}heat_cfn_keystone_password"),pwgen())
class { '::heat::api_cfn':
enabled => true,
}
kickstack::endpoint { 'heat_cfn':
servicename => 'heat',
classname => 'auth_cfn',
factname => "heat_cfn_keystone_password",
service_password => $cfn_admin_password,
require => Class['::heat::api_cfn']
}
}
if 'cloudwatch' in $apis {
class { '::heat::api_cloudwatch':
enabled => true,
}
kickstack::exportfact::export { 'heat_watch_server':
value => $hostname,
tag => 'heat',
require => Class['::heat::api_cloudwatch']
}
# The puppet-heat module has no facility for setting up the
# CloudWatch Keystone endpoint.
}
}

52
manifests/heat/config.pp
View File

@ -1,52 +0,0 @@
class kickstack::heat::config inherits kickstack {
include pwgen
$admin_password = getvar("${fact_prefix}heat_keystone_password")
$auth_host = getvar("${fact_prefix}keystone_internal_address")
$auth_uri = "http://${auth_host}:5000/v2.0"
$sql_conn = getvar("${fact_prefix}heat_sql_connection")
case "$::kickstack::rpc" {
'rabbitmq': {
$rabbit_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$rabbit_password = getvar("${fact_prefix}rabbit_password")
class { '::heat':
package_ensure => $::kickstack::package_version,
auth_uri => $auth_uri,
sql_connection => $sql_conn,
rpc_backend => 'heat.openstack.common.rpc.impl_kombu',
rabbit_host => $rabbit_host,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $::kickstack::rabbit_virtual_host,
rabbit_userid => $::kickstack::rabbit_userid,
keystone_host => $auth_host,
keystone_tenant => $kickstack::keystone_service_tenant,
keystone_user => 'heat',
keystone_password => $admin_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
'qpid': {
$qpid_hostname = getvar("${::kickstack::fact_prefix}qpid_hostname")
$qpid_password = getvar("${fact_prefix}qpid_password")
class { '::heat':
package_ensure => $::kickstack::package_version,
sql_connection => $sql_conn,
auth_uri => $auth_uri,
rpc_backend => 'heat.openstack.common.rpc.impl_qpid',
qpid_hostname => $qpid_hostname,
qpid_password => $qpid_password,
qpid_realm => $::kickstack::qpid_realm,
qpid_user => $::kickstack::qpid_user,
keystone_host => $auth_host,
keystone_tenant => $kickstack::keystone_service_tenant,
keystone_user => 'heat',
keystone_password => $admin_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
}
}
}
}

5
manifests/heat/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::heat::db inherits kickstack {
kickstack::db { 'heat': }
}

34
manifests/heat/engine.pp
View File

@ -1,34 +0,0 @@
class kickstack::heat::engine inherits kickstack {
include pwgen
include ::kickstack::heat::config
$heat_auth_encryption_key = pick(getvar("${fact_prefix}heat_auth_encryption_key"),pwgen())
$apis = split($::kickstack::heat_apis,',')
kickstack::exportfact::export { 'heat_auth_encryption_key':
value => $heat_auth_encryption_key,
tag => 'heat'
}
if 'heat' in $apis {
$metadata_server = getvar("${fact_prefix}heat_metadata_server")
$metadata_server_url = "http://${metadata_server}:8000"
$waitcondition_server_url = "http://${metadata_server}:8000/v1/waitcondition"
}
if 'cloudwatch' in $apis {
$watch_server = getvar("${fact_prefix}heat_watch_server")
$watch_server_url = "http://${watch_server}:8003"
}
if $apis {
class { '::heat::engine':
heat_metadata_server_url => $metadata_server_url,
heat_waitcondition_server_url => $waitcondition_server_url,
heat_watch_server_url => $watch_server_url,
auth_encryption_key => $heat_auth_encryption_key,
}
}
}

49
manifests/horizon.pp
View File

@ -1,49 +0,0 @@
class kickstack::horizon inherits kickstack {
$keystone_host = getvar("${::kickstack::fact_prefix}keystone_internal_address")
$secret_key = getvar("${::kickstack::fact_prefix}horizon_secret_key")
$new_secret_key = pick($secret_key,pwgen())
package { 'memcached':
ensure => installed;
}
if $::kickstack::debug {
$django_debug = 'True'
$log_level = 'DEBUG'
} elsif $::kickstack::verbose {
$django_debug = 'False'
$log_level = 'INFO'
} else {
$django_debug = 'False'
$log_level = 'WARNING'
}
class { '::horizon':
require => Package['memcached'],
secret_key => $new_secret_key,
fqdn => $::kickstack::horizon_allow_any_hostname ? {
true => '*',
default => pick($fqdn,$hostname)
},
cache_server_ip => '127.0.0.1',
cache_server_port => '11211',
swift => false,
keystone_host => $keystone_host,
keystone_default_role => 'Member',
django_debug => $django_debug,
api_result_limit => 1000,
log_level => $log_level,
can_set_mount_point => 'True',
listen_ssl => false;
}
unless $secret_key == $new_secret_key {
kickstack::exportfact::export { 'horizon_secret_key':
value => $new_secret_key,
tag => 'horizon',
require => Class['::horizon']
}
}
}

72
manifests/init.pp
View File

@ -1,72 +0,0 @@
# Class: kickstack
#
# This module manages kickstack, a thin wrapper around the Stackforge
# Puppet modules that enables easy deployment with any Puppet External
# Node Classifier (ENC), such as Puppet Dashboard, Puppet Enterprise,
# or The Foreman.
#
# Parameters:
# fact_prefix - Prefix to be used for the facts passed around
# between various nodes in the kickstack installation. If your
# Puppet environment manages only one single kickstack deployment,
# there is no need to change this. However, if you use one Puppet
# environment to manage several kickstack installations, you will
# need to set these to distinguish the kickstack installations from
# each other.
# fact_filename - The name of the file (relative to facter/facts.d)
# where kickstack stores its custom facts.
class kickstack (
$fact_prefix = $kickstack::params::fact_prefix,
$fact_filename = $kickstack::params::fact_filename,
$fact_category = $kickstack::params::fact_category,
$release = $kickstack::params::release,
$package_version = $kickstack::params::package_version,
$name_resolution = $kickstack::params::name_resolution,
$verbose = $kickstack::params::verbose,
$debug = $kickstack::params::debug,
$database = $kickstack::params::database,
$rpc = $kickstack::params::rpc,
$rabbit_userid = $kickstack::params::rabbit_userid,
$rabbit_virtual_host = $kickstack::params::rabbit_virtual_host,
$qpid_username = $kickstack::params::qpid_username,
$qpid_realm = $kickstack::params::qpid_realm,
$keystone_region = $kickstack::params::keystone_region,
$keystone_public_suffix = $kickstack::params::keystone_public_suffix,
$keystone_admin_suffix = $kickstack::params::keystone_admin_suffix,
$keystone_admin_tenant = $kickstack::params::keystone_admin_tenant,
$keystone_service_tenant = $kickstack::params::keystone_service_tenant,
$keystone_admin_email = $kickstack::params::keystone_admin_email,
$cinder_backend = $kickstack::params::cinder_backend,
$cinder_lvm_pv = $kickstack::params::cinder_lvm_pv,
$cinder_lvm_vg = $kickstack::params::cinder_lvm_vg,
$cinder_rbd_pool = $kickstack::params::cinder_rbd_pool,
$cinder_rbd_user = $kickstack::params::cinder_rbd_user,
$neutron_network_type = $kickstack::params::neutron_network_type,
$neutron_plugin = $kickstack::params::neutron_plugin,
$neutron_physnet = $kickstack::params::neutron_physnet,
$neutron_tenant_network_type = $kickstack::params::neutron_tenant_network_type,
$neutron_network_vlan_ranges = $kickstack::params::neutron_network_vlan_ranges,
$neutron_tunnel_id_ranges = $kickstack::params::neutron_tunnel_id_ranges,
$neutron_integration_bridge = $kickstack::params::neutron_integration_bridge,
$neutron_tunnel_bridge = $kickstack::params::neutron_tunnel_bridge,
$neutron_external_bridge = $kickstack::params::neutron_external_bridge,
$nic_management = $kickstack::params::nic_management,
$nic_data = $kickstack::params::nic_data,
$nic_external = $kickstack::params::nic_external,
$neutron_router_id = $kickstack::params::neutron_router_id,
$neutron_gateway_external_network_id = $kickstack::params::neutron_gateway_external_network_id,
$nova_compute_driver = $kickstack::params::nova_compute_driver,
$nova_compute_libvirt_type = $kickstack::params::nova_compute_libvirt_type,
$xenapi_connection_url = $kickstack::params::xenapi_connection_url,
$xenapi_connection_username = $kickstack::params::xenapi_connection_username,
$xenapi_connection_password = $kickstack::params::xenapi_connection_password,
$horizon_allow_any_hostname = $kickstack::params::horizon_allow_any_hostname,
$heat_apis = $kickstack::params::heat_apis,
) inherits kickstack::params {
include ::exportfact
include kickstack::repo
include kickstack::nameresolution
::exportfact::import { $fact_category: }
}

62
manifests/keystone/api.pp
View File

@ -1,62 +0,0 @@
class kickstack::keystone::api inherits kickstack {
include pwgen
$admin_token = pick(getvar("${fact_prefix}keystone_admin_token"),pwgen())
$admin_password = pick(getvar("${fact_prefix}keystone_admin_password"),pwgen())
$admin_tenant = $::kickstack::keystone_admin_tenant
$sql_conn = getvar("${fact_prefix}keystone_sql_connection")
class { '::keystone':
package_ensure => $::kickstack::package_version,
verbose => $kickstack::verbose,
debug => $kickstack::debug,
catalog_type => 'sql',
admin_token => $admin_token,
sql_connection => $sql_conn,
}
# Installs the service user endpoint.
class { '::keystone::endpoint':
public_address => "${hostname}${keystone_public_suffix}",
admin_address => "${hostname}${keystone_admin_suffix}",
internal_address => $hostname,
region => $keystone_region,
require => Class['::keystone']
}
kickstack::exportfact::export { "keystone_admin_token":
value => "${admin_token}",
tag => "keystone",
require => Class['::keystone']
}
kickstack::exportfact::export { "keystone_internal_address":
value => "${hostname}",
tag => "keystone",
require => Class['::keystone::endpoint']
}
# Adds the admin credential to keystone.
class { '::keystone::roles::admin':
email => $kickstack::keystone_admin_email,
password => $admin_password,
admin_tenant => $admin_tenant,
service_tenant => $kickstack::keystone_service_tenant,
require => Class['::keystone::endpoint']
}
file { '/root/openstackrc':
owner => root,
group => root,
mode => '0640',
content => template('kickstack/openstackrc.erb'),
require => Class['::keystone::roles::admin']
}
kickstack::exportfact::export { "keystone_admin_password":
value => $admin_password,
tag => "keystone",
require => Class['::keystone::roles::admin']
}
}

5
manifests/keystone/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::keystone::db inherits kickstack {
kickstack::db { 'keystone': }
}

31
manifests/nameresolution.pp
View File

@ -1,31 +0,0 @@
# Simple convenience class for name resolution.
#
# Exports the current host's name, along with the IP address
# associated with the management NIC.
#
# Currently supports only entries in /etc/hosts. Alternative
# implementations might dynamically manage DNS entries.
class kickstack::nameresolution inherits kickstack {
case $::kickstack::name_resolution {
'hosts': {
$host = pick($fqdn,$hostname)
if $fqdn {
$aliases = [ $hostname ]
} else {
$aliases = []
}
@@host { $host:
ip => getvar("ipaddress_${::kickstack::nic_management}"),
host_aliases => $aliases,
comment => 'Managed by Puppet',
tag => 'hostname'
}
Host <<| tag == 'hostname' |>> { }
}
default: {
fail("Unsupported value for \$kickstack::name_resolution: $::kickstack::name_resolution")
}
}
}

17
manifests/neutron/agent/dhcp.pp
View File

@ -1,17 +0,0 @@
class kickstack::neutron::agent::dhcp inherits kickstack {
include kickstack::neutron::config
class { "::neutron::agents::dhcp":
debug => $::kickstack::debug,
interface_driver => $::kickstack::neutron_plugin ? {
'ovs' => 'neutron.agent.linux.interface.OVSInterfaceDriver',
'linuxbridge' => 'neutron.agent.linux.interface.BridgeInterfaceDriver'
},
use_namespaces => $::kickstack::neutron_network_type ? {
'per-tenant-router' => true,
default => false
},
package_ensure => $::kickstack::package_version,
}
}

57
manifests/neutron/agent/l2/compute.pp
View File

@ -1,57 +0,0 @@
class kickstack::neutron::agent::l2::compute inherits kickstack {
include kickstack::neutron::config
$tenant_network_type = "$::kickstack::neutron_tenant_network_type"
case "$::kickstack::neutron_plugin" {
'ovs': {
file { "/etc/neutron/plugins/openvswitch/":
ensure => directory,
}
file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
content => template("kickstack/l2-agent-config.erb"),
replace => false,
}
case $tenant_network_type {
'gre': {
$local_tunnel_ip = getvar("ipaddress_${nic_data}")
class { 'neutron::agents::ovs':
bridge_mappings => [],
bridge_uplinks => [],
integration_bridge => $::kickstack::neutron_integration_bridge,
enable_tunneling => true,
local_ip => $local_tunnel_ip,
tunnel_bridge => $::kickstack::neutron_tunnel_bridge,
tunnel_types => ['gre'],
package_ensure => $::kickstack::package_version,
require => [ File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
}
}
default: {
$bridge_uplinks = ["br-${nic_data}:${nic_data}"]
class { 'neutron::agents::ovs':
bridge_mappings => ["${::kickstack::neutron_physnet}:br-${nic_data}"],
bridge_uplinks => $bridge_uplinks,
integration_bridge => $::kickstack::neutron_integration_bridge,
enable_tunneling => false,
local_ip => '',
package_ensure => $::kickstack::package_version,
}
}
}
case $::osfamily {
'Debian': {
file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
}
}
}
}
'linuxbridge': {
class { "neutron::agents::linuxbridge":
physical_interface_mappings => "default:$nic_data"
}
}
}
}

64
manifests/neutron/agent/l2/network.pp
View File

@ -1,64 +0,0 @@
class kickstack::neutron::agent::l2::network inherits kickstack {
include kickstack::neutron::config
$tenant_network_type = "$::kickstack::neutron_tenant_network_type"
$external_bridge = $::kickstack::neutron_external_bridge
case "$::kickstack::neutron_plugin" {
'ovs': {
file { "/etc/neutron/plugins/openvswitch/":
ensure => directory,
}
file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
content => template("kickstack/l2-agent-config.erb"),
replace => false,
}
case $tenant_network_type {
'gre': {
$local_tunnel_ip = getvar("ipaddress_${nic_data}")
$bridge_uplinks = ["${external_bridge}:${nic_external}"]
class { 'neutron::agents::ovs':
bridge_mappings => [],
bridge_uplinks => [],
integration_bridge => $::kickstack::neutron_integration_bridge,
enable_tunneling => true,
local_ip => $local_tunnel_ip,
tunnel_bridge => $::kickstack::neutron_tunnel_bridge,
tunnel_types => ['gre'],
package_ensure => $::kickstack::package_version,
require => [ Class['::kickstack::neutron::agent::l3'], File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
}
}
default: {
$bridge_uplinks = ["br-${nic_data}:${nic_data}"]
unless $kickstack::neutron_network_type == 'single-flat' {
$bridge_uplinks += ["${external_bridge}:${nic_external}"]
}
class { 'neutron::agents::ovs':
bridge_mappings => ["${::kickstack::neutron_physnet}:br-${nic_data}"],
bridge_uplinks => $bridge_uplinks,
integration_bridge => $::kickstack::neutron_integration_bridge,
enable_tunneling => false,
local_ip => '',
package_ensure => $::kickstack::package_version,
}
}
}
case $::osfamily {
'Debian': {
file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
}
}
}
}
'linuxbridge': {
class { "neutron::agents::linuxbridge":
physical_interface_mappings => "default:$nic_data",
package_ensure => $::kickstack::package_version,
}
}
}
}

38
manifests/neutron/agent/l3.pp
View File

@ -1,38 +0,0 @@
class kickstack::neutron::agent::l3 inherits kickstack {
include kickstack::neutron::config
$external_bridge = $::kickstack::neutron_external_bridge
vs_bridge { $external_bridge:
ensure => present,
}
vs_port { $::kickstack::nic_external:
ensure => present,
bridge => $external_bridge,
}
class { "::neutron::agents::l3":
debug => $::kickstack::debug,
interface_driver => $::kickstack::neutron_plugin ? {
'ovs' => 'neutron.agent.linux.interface.OVSInterfaceDriver',
'linuxbridge' => 'neutron.agent.linux.interface.BridgeInterfaceDriver'
},
external_network_bridge => $::kickstack::neutron_external_bridge,
use_namespaces => $::kickstack::neutron_network_type ? {
'per-tenant-router' => true,
default => false
},
router_id => $::kickstack::neutron_network_type ? {
'provider-router' => "$::kickstack::neutron_router_id",
default => undef
},
gateway_external_network_id => $::kickstack::neutron_network_type ? {
'provider-router' => "$::kickstack::neutron_gateway_external_network_id",
default => undef
},
package_ensure => $::kickstack::package_version,
require => Vs_bridge[$external_bridge],
}
}

23
manifests/neutron/agent/metadata.pp
View File

@ -1,23 +0,0 @@
class kickstack::neutron::agent::metadata inherits kickstack {
include kickstack::neutron::config
$secret = getvar("${fact_prefix}neutron_metadata_shared_secret")
$service_password = getvar("${fact_prefix}neutron_keystone_password")
$metadata_ip = getvar("${fact_prefix}nova_metadata_ip")
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
class { '::neutron::agents::metadata':
shared_secret => $secret,
auth_password => "$service_password",
debug => $kickstack::debug,
auth_tenant => "$kickstack::keystone_service_tenant",
auth_user => 'neutron',
auth_url => "http://${keystone_internal_address}:35357/v2.0",
auth_region => "$kickstack::keystone_region",
metadata_ip => $metadata_ip,
package_ensure => $::kickstack::package_version,
}
}

5
manifests/neutron/client.pp
View File

@ -1,5 +0,0 @@
class kickstack::neutron::client inherits kickstack {
kickstack::client { 'neutron': }
}

56
manifests/neutron/config.pp
View File

@ -1,56 +0,0 @@
class kickstack::neutron::config inherits kickstack {
$allow_overlapping_ips = "$::kickstack::neutron_network_type" ? {
'single-flat' => false,
'provider-router' => false,
'per-tenant-router' => true,
}
$core_plugin = "$::kickstack::neutron_plugin" ? {
'ovs' => 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2',
'linuxbridge'=> 'neutron.plugins.linuxbridge.lb_neutron_plugin.LinuxBridgePluginV2'
}
case "$::kickstack::rpc" {
"rabbitmq": {
$rabbit_host = getvar("${fact_prefix}rabbit_host")
$rabbit_password = getvar("${fact_prefix}rabbit_password")
if $rabbit_host and $rabbit_password {
class { 'neutron':
rpc_backend => 'neutron.openstack.common.rpc.impl_kombu',
rabbit_host => "$rabbit_host",
rabbit_virtual_host => "$::kickstack::rabbit_virtual_host",
rabbit_user => "$::kickstack::rabbit_userid",
rabbit_password => $rabbit_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
allow_overlapping_ips => $allow_overlapping_ips,
core_plugin => $core_plugin,
}
}
else {
warning("Facts ${fact_prefix}rabbit_host or ${fact_prefix}rabbit_password unset, cannot configure neutron")
}
}
"qpid": {
$qpid_hostname = getvar("${fact_prefix}qpid_hostname")
$qpid_password = getvar("${fact_prefix}rabbit_password")
if $qpid_hostname and $qpid_password {
class { 'neutron':
rpc_backend => 'neutron.openstack.common.rpc.impl_qpid',
qpid_hostname => "$qpid_hostname",
qpid_realm => "$::kickstack::qpid_realm",
qpid_username => "$::kickstack::qpid_username",
qpid_password => $qpid_password,
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
allow_overlapping_ips => $allow_overlapping_ips,
core_plugin => $core_plugin,
}
}
else {
warning("Facts ${fact_prefix}qpid_hostname or ${fact_prefix}qpid_password unset, cannot configure neutron")
}
}
}
}

5
manifests/neutron/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::neutron::db inherits kickstack {
kickstack::db { 'neutron': }
}

35
manifests/neutron/plugin.pp
View File

@ -1,35 +0,0 @@
class kickstack::neutron::plugin inherits kickstack {
include kickstack::neutron::config
$sql_conn = getvar("${fact_prefix}neutron_sql_connection")
$tenant_network_type = "$::kickstack::neutron_tenant_network_type"
$network_vlan_ranges = $tenant_network_type ? {
'gre' => '',
default => "${::kickstack::neutron_physnet}:${::kickstack::neutron_network_vlan_ranges}",
}
$tunnel_id_ranges = $tenant_network_type ? {
'gre' => $::kickstack::neutron_tunnel_id_ranges,
default => '',
}
case "$::kickstack::neutron_plugin" {
'ovs': {
class { "neutron::plugins::ovs":
sql_connection => $sql_conn,
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
tunnel_id_ranges => $tunnel_id_ranges,
package_ensure => $::kickstack::package_version,
}
}
'linuxbridge': {
class { "neutron::plugins::linuxbridge":
sql_connection => $sql_conn,
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
package_ensure => $::kickstack::package_version,
}
}
}
}

39
manifests/neutron/server.pp
View File

@ -1,39 +0,0 @@
class kickstack::neutron::server inherits kickstack {
include kickstack::neutron::config
include pwgen
$service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$database_connection = getvar("${fact_prefix}neutron_sql_connection")
$nova_api_address = getvar("${fact_prefix}nova_api_address")
class { '::neutron::server':
auth_tenant => $kickstack::keystone_service_tenant,
auth_user => 'neutron',
auth_password => $service_password,
auth_host => $keystone_internal_address,
database_connection => $database_connection,
package_ensure => $::kickstack::package_version,
}
kickstack::endpoint { 'neutron':
service_password => $service_password,
require => Class['::neutron::server']
}
kickstack::exportfact::export { "neutron_host":
value => "${hostname}",
tag => 'neutron',
require => Class['::neutron::server']
}
case $::osfamily {
'Debian': {
file { 'neutron-server-default':
path => '/etc/default/neutron-server',
content => template("kickstack/default.neutron-server.erb"),
}
}
}
}

20
manifests/neutron/server/notifications.pp
View File

@ -1,20 +0,0 @@
class kickstack::neutron::server::notifications inherits kickstack {
include kickstack::neutron::config
include pwgen
$service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$database_connection = getvar("${fact_prefix}neutron_sql_connection")
$nova_service_password = getvar("${fact_prefix}nova_keystone_password")
$nova_api_address = getvar("${fact_prefix}nova_api_address")
class { '::neutron::server::notifications':
nova_url => "http://${nova_api_address}:8774/v2",
nova_admin_username => 'nova',
nova_admin_tenant_name => $kickstack::keystone_service_tenant,
nova_admin_password => $nova_service_password,
nova_admin_auth_url => "http://${keystone_internal_address}:35357/v2.0",
nova_region_name => $kickstack::params::keystone_region,
}
}

63
manifests/node/api.pp
View File

@ -1,63 +0,0 @@
class kickstack::node::api inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$glance_sql_conn = getvar("${fact_prefix}glance_sql_connection")
$cinder_sql_conn = getvar("${fact_prefix}cinder_sql_connection")
$neutron_sql_conn = getvar("${fact_prefix}neutron_sql_connection")
$nova_sql_conn = getvar("${fact_prefix}nova_sql_connection")
$heat_sql_conn = getvar("${fact_prefix}heat_sql_connection")
$ceilometer_sql_conn = getvar("${fact_prefix}ceilometer_sql_connection")
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $keystone_internal_address and $glance_sql_conn {
include kickstack::glance::api
}
if $keystone_internal_address and $cinder_sql_conn and $amqp_host and $amqp_password {
include kickstack::cinder::api
}
if $keystone_internal_address and $amqp_host and $amqp_password {
include kickstack::neutron::server
if $neutron_sql_conn {
include kickstack::neutron::plugin
}
}
if $keystone_internal_address and $nova_sql_conn and $amqp_host and $amqp_password {
include kickstack::nova::api
# This looks a bit silly, but is currently necessary: in order to configure nova-api
# as a Neutron client, we first need to install nova-api and neutron-server in one
# run, and then fix up Nova with the Neutron configuration in the next run.
#
# The same applies to Neutron with regards to Nova notifications, but the other way
# around.
$neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password")
$nova_keystone_password = getvar("${::kickstack::fact_prefix}nova_keystone_password")
if $neutron_keystone_password {
include kickstack::nova::neutronclient
}
if $nova_keystone_password {
include kickstack::neutron::server::notifications
}
}
if $keystone_internal_address and $heat_sql_conn and $amqp_host and $amqp_password {
include kickstack::heat::api
}
if $keystone_internal_address and $ceilometer_sql_conn and $amqp_host and $amqp_password {
include kickstack::ceilometer::api
}
}

8
manifests/node/auth.pp
View File

@ -1,8 +0,0 @@
class kickstack::node::auth inherits kickstack {
$keystone_sql_conn = getvar("${fact_prefix}keystone_sql_connection")
if $keystone_sql_conn {
include kickstack::keystone::api
}
}

8
manifests/node/client.pp
View File

@ -1,8 +0,0 @@
class kickstack::node::client inherits kickstack {
include ::keystone::client
include ::glance::client
include ::cinder::client
include ::neutron::client
include ::heat::client
include ::ceilometer::client
}

38
manifests/node/compute.pp
View File

@ -1,38 +0,0 @@
class kickstack::node::compute inherits kickstack {
# Compute nodes require AMQP connectivity,
# a nova Keystone endpoint, an SQL connection,
# and a glance API server
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
$nova_sql_conn = getvar("${::kickstack::fact_prefix}nova_sql_connection")
$nova_keystone_password = getvar("${::kickstack::fact_prefix}nova_keystone_password")
$neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password")
$glance_api_host = getvar("${::kickstack::fact_prefix}glance_api_host")
$ceilometer_sql_conn = getvar("${::kickstack::fact_prefix}ceilometer_sql_connection")
$ceilometer_keystone_password = getvar("${::kickstack::fact_prefix}ceilometer_keystone_password")
$ceilometer_metering_secret = getvar("${::kickstack::fact_prefix}ceilometer_metering_secret")
if $amqp_host and $amqp_password {
include kickstack::neutron::agent::l2::compute
if $nova_sql_conn and $nova_keystone_password and $glance_api_host {
include kickstack::nova::compute
}
if $neutron_keystone_password {
include kickstack::nova::neutronclient
}
if $ceilometer_sql_conn and $ceilometer_keystone_password and $ceilometer_metering_secret {
include kickstack::ceilometer::agent::compute
}
}
}

41
manifests/node/controller.pp
View File

@ -1,41 +0,0 @@
class kickstack::node::controller inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$glance_sql_conn = getvar("${fact_prefix}glance_sql_connection")
$glance_keystone_password = getvar("${fact_prefix}glance_keystone_password")
$cinder_sql_conn = getvar("${fact_prefix}cinder_sql_connection")
$cinder_keystone_password = getvar("${fact_prefix}cinder_keystone_password")
$nova_sql_conn = getvar("${fact_prefix}nova_sql_connection")
$nova_keystone_password = getvar("${fact_prefix}nova_keystone_password")
$neutron_sql_conn = getvar("${fact_prefix}neutron_sql_connection")
$neutron_keystone_password = getvar("${fact_prefix}neutron_keystone_password")
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $glance_sql_conn and $glance_keystone_password {
include kickstack::glance::registry
}
if $amqp_host and $amqp_password {
if $cinder_sql_conn and $cinder_keystone_password {
include kickstack::cinder::scheduler
}
if $nova_sql_conn and $nova_keystone_password {
include kickstack::nova::cert
include kickstack::nova::conductor
include kickstack::nova::consoleauth
include kickstack::nova::objectstore
include kickstack::nova::scheduler
}
}
}

23
manifests/node/dashboard.pp
View File

@ -1,23 +0,0 @@
class kickstack::node::dashboard inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$nova_keystone_password = getvar("${fact_prefix}nova_keystone_password")
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $keystone_internal_address {
include kickstack::horizon
if $nova_keystone_password and $amqp_host and $amqp_password {
include kickstack::nova::vncproxy
}
}
}

17
manifests/node/infrastructure.pp
View File

@ -1,17 +0,0 @@
class kickstack::node::infrastructure inherits kickstack {
include kickstack::rpc
include kickstack::database
include kickstack::keystone::db
include kickstack::glance::db
include kickstack::cinder::db
include kickstack::neutron::db
include kickstack::nova::db
if $::kickstack::heat_apis {
include kickstack::heat::db
}
include kickstack::ceilometer::db
}

23
manifests/node/metering.pp
View File

@ -1,23 +0,0 @@
class kickstack::node::metering inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$ceilometer_sql_conn = getvar("${fact_prefix}ceilometer_sql_connection")
$ceilometer_keystone_password = getvar("${fact_prefix}ceilometer_keystone_password")
$ceilometer_metering_secret = getvar("${::kickstack::fact_prefix}ceilometer_metering_secret")
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $ceilometer_sql_conn and $ceilometer_keystone_password and $ceilometer_metering_secret {
include ::kickstack::ceilometer::agent::metering
}
}

35
manifests/node/network.pp
View File

@ -1,35 +0,0 @@
class kickstack::node::network inherits kickstack {
# Network nodes require a neutron Keystone endpoint.
# The L2 agents need an SQL connection.
# The metadata agent also requires the shared secret set by Nova API.
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
default: {
fail("Unsupported value for \$::kickstack::rpc: $::kickstack::rpc")
}
}
$neutron_sql_conn = getvar("${::kickstack::fact_prefix}neutron_sql_connection")
$neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password")
$neutron_metadata_shared_secret = getvar("${::kickstack::fact_prefix}neutron_metadata_shared_secret")
if $amqp_host and $amqp_password and $neutron_keystone_password {
include kickstack::neutron::agent::dhcp
include kickstack::neutron::agent::l3
if $neutron_sql_conn {
include kickstack::neutron::agent::l2::network
}
if $neutron_metadata_shared_secret {
include kickstack::neutron::agent::metadata
}
}
}

34
manifests/node/orchestration.pp
View File

@ -1,34 +0,0 @@
class kickstack::node::orchestration inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$heat_sql_conn = getvar("${fact_prefix}heat_sql_connection")
$heat_keystone_password = getvar("${fact_prefix}heat_keystone_password")
$apis = split($::kickstack::heat_apis,',')
if 'heat' in $apis {
$metadata_server = getvar("${fact_prefix}heat_metadata_server")
}
if 'cloudwatch' in $apis {
$watch_server = getvar("${fact_prefix}heat_watch_server")
}
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $amqp_host and $amqp_password {
if $heat_sql_conn and $heat_keystone_password {
if $metadata_server or $watch_server {
include kickstack::heat::engine
}
}
}
}

21
manifests/node/storage.pp
View File

@ -1,21 +0,0 @@
class kickstack::node::storage inherits kickstack {
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$cinder_sql_conn = getvar("${fact_prefix}cinder_sql_connection")
$cinder_keystone_password = getvar("${fact_prefix}cinder_keystone_password")
case $::kickstack::rpc {
'rabbitmq': {
$amqp_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$amqp_password = getvar("${::kickstack::fact_prefix}rabbit_password")
}
'qpid': {
$amqp_host = getvar("${::kickstack::fact_prefix}qpid_host")
$amqp_password = getvar("${::kickstack::fact_prefix}qpid_password")
}
}
if $keystone_internal_address and $cinder_sql_conn and $cinder_keystone_password and $amqp_host and $amqp_password {
include kickstack::cinder::volume
}
}

54
manifests/nova/api.pp
View File

@ -1,54 +0,0 @@
class kickstack::nova::api inherits kickstack {
include kickstack::nova::config
include pwgen
# Grab the Keystone admin password from a kickstack fact and configure
# Keystone accordingly. If no fact has been set, generate a password.
$admin_password = pick(getvar("${fact_prefix}nova_keystone_password"),pwgen())
$auth_host = getvar("${fact_prefix}keystone_internal_address")
$neutron_secret = pick(getvar("${fact_prefix}neutron_metadata_shared_secret"),pwgen())
# Stupid hack: Grizzly packages in Ubuntu Cloud Archive
# require python-eventlet > 0.9, but the python-nova
# package in UCA does not reflect this
package { 'python-eventlet':
ensure => latest
}
class { '::nova::api':
enabled => true,
auth_strategy => 'keystone',
auth_host => $auth_host,
admin_tenant_name => $kickstack::keystone_service_tenant,
admin_user => 'nova',
admin_password => $admin_password,
enabled_apis => 'ec2,osapi_compute,metadata',
neutron_metadata_proxy_shared_secret => $neutron_secret
}
kickstack::endpoint { 'nova':
service_password => $admin_password,
require => Class['::nova::api']
}
kickstack::exportfact::export { "nova_api_address":
value => "${hostname}",
tag => "nova",
require => Class['::nova::api']
}
# Export the metadata API IP address and shared secret, to be picked up
# by the Neutron metadata proxy agent on the network node
kickstack::exportfact::export { "nova_metadata_ip":
value => getvar("ipaddress_${nic_management}"),
tag => "nova",
require => Class['::nova::api']
}
kickstack::exportfact::export { "neutron_metadata_shared_secret":
value => $neutron_secret,
tag => 'nova',
require => Class['::nova::api']
}
}

7
manifests/nova/cert.pp
View File

@ -1,7 +0,0 @@
class kickstack::nova::cert inherits kickstack {
include kickstack::nova::config
kickstack::nova::service { 'cert': }
}

35
manifests/nova/compute.pp
View File

@ -1,35 +0,0 @@
class kickstack::nova::compute inherits kickstack {
include kickstack::nova::config
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$neutron_admin_password = getvar("${fact_prefix}neutron_keystone_password")
$neutron_host = getvar("${fact_prefix}neutron_host")
$vncproxy_host = getvar("${fact_prefix}vncproxy_host")
$vncserver_listen_address = getvar("ipaddress_${::kickstack::nic_management}")
class { '::nova::compute':
enabled => true,
vnc_enabled => true,
vncserver_proxyclient_address => $vncserver_listen_address,
vncproxy_host => $vncproxy_host,
virtio_nic => true,
}
case "$::kickstack::nova_compute_driver" {
'libvirt': {
class { '::nova::compute::libvirt':
libvirt_type => "$::kickstack::nova_compute_libvirt_type",
vncserver_listen => $vncserver_listen_address
}
}
'xenserver': {
class { '::nova::compute::xenserver':
xenapi_connection_url => "$::kickstack::nova_compute_xenapi_connection_url",
xenapi_connection_username => "$::kickstack::nova_compute_xenapi_connection_username",
xenapi_connection_password => "$::kickstack::nova_compute_xenapi_connection_password"
}
}
}
}

7
manifests/nova/conductor.pp
View File

@ -1,7 +0,0 @@
class kickstack::nova::conductor inherits kickstack {
include kickstack::nova::config
kickstack::nova::service { 'conductor': }
}

44
manifests/nova/config.pp
View File

@ -1,44 +0,0 @@
class kickstack::nova::config inherits kickstack {
$sql_conn = getvar("${fact_prefix}nova_sql_connection")
$glance_api_servers = getvar("${fact_prefix}glance_api_host")
case "$::kickstack::rpc" {
'rabbitmq': {
$rabbit_host = getvar("${::kickstack::fact_prefix}rabbit_host")
$rabbit_password = getvar("${fact_prefix}rabbit_password")
class { '::nova':
ensure_package => $::kickstack::package_version,
sql_connection => $sql_conn,
rpc_backend => 'nova.openstack.common.rpc.impl_kombu',
rabbit_host => $rabbit_host,
rabbit_password => $rabbit_password,
rabbit_virtual_host => $::kickstack::rabbit_virtual_host,
rabbit_userid => $::kickstack::rabbit_userid,
auth_strategy => 'keystone',
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
glance_api_servers => "${glance_api_servers}:9292",
# install_utilities => false
}
}
'qpid': {
$qpid_hostname = getvar("${::kickstack::fact_prefix}qpid_hostname")
$qpid_password = getvar("${fact_prefix}qpid_password")
class { '::nova':
ensure_package => $::kickstack::package_version,
sql_connection => $sql_conn,
rpc_backend => 'nova.openstack.common.rpc.impl_qpid',
qpid_hostname => $qpid_hostname,
qpid_password => $qpid_password,
qpid_realm => $::kickstack::qpid_realm,
qpid_user => $::kickstack::qpid_user,
auth_strategy => 'keystone',
verbose => $::kickstack::verbose,
debug => $::kickstack::debug,
glance_api_servers => "${glance_api_servers}:9292",
# install_utilities => false
}
}
}
}

7
manifests/nova/consoleauth.pp
View File

@ -1,7 +0,0 @@
class kickstack::nova::consoleauth inherits kickstack {
include kickstack::nova::config
kickstack::nova::service { 'consoleauth': }
}

5
manifests/nova/db.pp
View File

@ -1,5 +0,0 @@
class kickstack::nova::db inherits kickstack {
kickstack::db { 'nova': }
}

19
manifests/nova/neutronclient.pp
View File

@ -1,19 +0,0 @@
class kickstack::nova::neutronclient inherits kickstack {
include kickstack::nova::config
$keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
$neutron_admin_password = getvar("${fact_prefix}neutron_keystone_password")
$neutron_host = getvar("${fact_prefix}neutron_host")
class { '::nova::network::neutron':
neutron_admin_password => $neutron_admin_password,
neutron_auth_strategy => 'keystone',
neutron_url => "http://${neutron_host}:9696",
neutron_admin_tenant_name => "$::kickstack::keystone_service_tenant",
neutron_region_name => "$::kickstack::keystone_region",
neutron_admin_username => 'neutron',
neutron_admin_auth_url => "http://${keystone_internal_address}:35357/v2.0",
security_group_api => 'neutron',
}
}

7
manifests/nova/objectstore.pp
View File

@ -1,7 +0,0 @@
class kickstack::nova::objectstore inherits kickstack {
include kickstack::nova::config
kickstack::nova::service { 'objectstore': }
}

7
manifests/nova/scheduler.pp
View File

@ -1,7 +0,0 @@
class kickstack::nova::scheduler inherits kickstack {
include kickstack::nova::config
kickstack::nova::service { 'scheduler': }
}

11
manifests/nova/service.pp
View File

@ -1,11 +0,0 @@
define kickstack::nova::service {
$servicename = $name
$classname = "::nova::${servicename}"
# Installs the Nova service
class { "${classname}":
enabled => true,
ensure_package => $::kickstack::package_version
}
}

18
manifests/nova/vncproxy.pp
View File

@ -1,18 +0,0 @@
class kickstack::nova::vncproxy inherits kickstack {
include kickstack::nova::config
class { '::nova::vncproxy':
enabled => true,
host => getvar("ipaddress_${::kickstack::nic_management}"),
ensure_package => $::kickstack::package_version
}
unless getvar("${::kickstack::fact_prefix}vncproxy_host") {
kickstack::exportfact::export { "vncproxy_host":
value => "${hostname}",
tag => "nova",
require => Class['::nova::vncproxy']
}
}
}

253
manifests/params.pp
View File

@ -1,253 +0,0 @@
class kickstack::params {
$variable_prefix = 'kickstack_'
# The fact prefix to be used for exportfact:
# * default "kickstack_"
# * override by setting "kickstack_fact_prefix"
$fact_prefix = pick(getvar("::${variable_prefix}fact_prefix"),
$variable_prefix)
# The fact category to be used for exportfact, also sets
# the filename in /etc/facter.d (<category>.txt):
# * default "kickstack"
# * override by setting "kickstack_fact_category"
$fact_category = pick(getvar("::${variable_prefix}fact_category"),
'kickstack')
# Version number of OpenStack *server* packages.
#
# * default 'installed', meaning use whatever version is available
# at the time of installation, and don't upgrade
# * set to 'latest' to use whichever is the latest version available
# in the package repos, upgrading existing packages if necessary
# * set to a specific version number if you want to lock your system
# to a particular build
#
# Note: if you set this to a specific version, then this assumes
# that your distro synchronizes version numbers across OpenStack
# server packages.
$package_version = pick(getvar("::${variable_prefix}package_version"),
'installed')
# The OpenStack release to install
# * default 'havana'
# * override by using a different OpenStack release name
# (all lowercase)
# This is for new installations only; don't expect this to magically
# support rolling releases.
$release = pick(getvar("::${variable_prefix}release"),
'havana')
# The strategy to use so machines can make their hostnames known to
# each other.
# * default "hosts" -- manage /etc/hosts
$name_resolution = pick(getvar("::${variable_prefix}name_resolution"),
'hosts')
# Enables verbose logging globally
$verbose = str2bool(pick(getvar("::${variable_prefix}verbose"),
'false'))
# Enables debug logging globally
$debug = str2bool(pick(getvar("::${variable_prefix}debug"),
'false'))
# The database backend type:
# * default "mysql"
# * override by setting "kickstack_database"
$database = pick(getvar("::${variable_prefix}database"),
'mysql')
# The mysql "root" user's password
# (ignored unless kickstack_database=='mysql')
# * default "kickstack"
# * override by setting "kickstack_mysql_root_password"
$mysql_root_password = pick(getvar("::${variable_prefix}mysql_root_password"),
'kickstack')
# The "postgres" user's password
# (ignored unless kickstack_database=='postgresql')
# * default "kickstack"
# * override by setting "kickstack_postgres_password"
$postgres_password = pick(getvar("::${variable_prefix}postgres_password"),
'kickstack')
# The RPC server type:
# * default "rabbitmq"
# * override by setting "kickstack_amqp"
$rpc = pick(getvar("::${variable_prefix}rpc"),
'rabbitmq')
# RabbitMQ user name:
$rabbit_userid = pick(getvar("::${variable_prefix}rabbit_userid"),
'kickstack')
# RabbitMQ virtual host
$rabbit_virtual_host = pick(getvar("::${variable_prefix}rabbit_virtual_host"),
'/')
# Qpid user name:
$qpid_username = pick(getvar("::${variable_prefix}qpid_username"),
'kickstack')
# Qpid realm:
$qpid_realm = getvar("::${variable_prefix}qpid_realm")
# The Keystone region to manage
$keystone_region = pick(getvar("::${variable_prefix}keystone_region"),
'kickstack')
# The suffix to append to the keystone hostname for publishing
# the public service endpoint (default: none)
$keystone_public_suffix = getvar("::${variable_prefix}keystone_public_suffix")
# The suffix to append to the keystone hostname for publishing
# the admin service endpoint (default: none)
$keystone_admin_suffix = getvar("::${variable_prefix}keystone_admin_suffix")
# The tenant set up so that individual OpenStack services can
# authenticate with Keystone
$keystone_service_tenant = pick(getvar("::${variable_prefix}keystone_service_tenant"),
'services')
# The special tenant set up for administrative purposes
$keystone_admin_tenant = pick(getvar("::${variable_prefix}keystone_admin_tenant"),
'openstack')
# The email address set for the admin user
$keystone_admin_email = pick(getvar("::${variable_prefix}keystone_admin_email"),
"admin@${hostname}")
# The backend to use with Cinder. Supported: iscsi (default)
$cinder_backend = pick(getvar("::${variable_prefix}cinder_backend"),
'iscsi')
# The device to create the LVM physical volume on. Ignored unless
# $cinder_backend==iscsi.
$cinder_lvm_pv = pick(getvar("::${variable_prefix}cinder_lvm_pv"),
'/dev/disk/by-partlabel/cinder-volumes')
# The LVM volume group name to use for volumes. Ignored unless
# $cinder_backend==iscsi.
$cinder_lvm_vg = pick(getvar("::${variable_prefix}cinder_lvm_vg"),
'cinder-volumes')
# The RADOS pool to use for volumes. Ignored unless $cinder_backend==rbd.
$cinder_rbd_pool = pick(getvar("::${variable_prefix}cinder_rbd_pool"),
'cinder-volumes')
# The RADOS user to use for volumes. Ignored unless $cinder_backend==rbd.
$cinder_rbd_user = pick(getvar("::${variable_prefix}cinder_rbd_pool"),
'cinder')
# The network type to configure for Neutron. See
# http://docs.openstack.org/grizzly/openstack-network/admin/content/use_cases.html
# Supported:
# single-flat
# provider-router
# per-tenant-router (default)
$neutron_network_type = pick(getvar("::${variable_prefix}neutron_network_type"),
'per-tenant-router')
# The plugin to use with Neutron.
# Supported:
# linuxbridge
# ovs (default)
$neutron_plugin = pick(getvar("::${variable_prefix}neutron_plugin"),
'ovs')
# The tenant network type to use with the Neutron ovs and linuxbridge plugins
# Supported: gre (default), flat, vlan
$neutron_tenant_network_type = pick(getvar("::${variable_prefix}neutron_tenant_network_type"),
'gre')
# The Neutron physical network name to define (ignored if
# tenant_network_type=='gre'
$neutron_physnet = pick(getvar("::${variable_prefix}neutron_physnet"),
'physnet1')
# The network VLAN ranges to use with the Neutron ovs and
# linuxbridge plugins (ignored unless neutron_tenant_network_type ==
# 'vlan')
$neutron_network_vlan_ranges = pick(getvar("::${variable_prefix}neutron_network_vlan_ranges"),
'2000:3999')
# The tunnel ID ranges to use with the Neutron ovs plugin, when in gre mode
# (ignored unless neutron_tenant_network_type == 'gre')
$neutron_tunnel_id_ranges = pick(getvar("::${variable_prefix}neutron_tunnel_id_ranges"),
'1:1000')
# The Neutron integration bridge
# Default: br-int (normally doesn't need to be changed)
$neutron_integration_bridge = pick(getvar("::${variable_prefix}neutron_integration_bridge"),
'br-int')
# The Neutron tunnel bridge (irrelevant unless
# $neutron_tenant_network_type=='gre')
# Default: br-tun (normally doesn't need to be changed)
$neutron_tunnel_bridge = pick(getvar("::${variable_prefix}neutron_tunnel_bridge"),
'br-tun')
# The Neutron external bridge
# Default: br-ex (normally doesn't need to be changed)
$neutron_external_bridge = pick(getvar("::${variable_prefix}neutron_external_bridge"),
'br-ex')
# The interface over which to run your nodes' management network traffic.
# Normally, this would be your primary network interface.
$nic_management = pick(getvar("::${variable_prefix}nic_management"),
'eth0')
# The interface over which to run your tenant guest traffic.
# This would be a secondary interface, present on your network node
# and compute nodes.
$nic_data = pick(getvar("::${variable_prefix}nic_data"),
'eth1')
# The interface you use to connect to the public network. This
# interface would only be present on your network nodes, and
# possibly also on your API nodes if you wish to expose the API
# services publicly.
$nic_external = pick(getvar("::${variable_prefix}nic_external"),
'eth2')
# The Neutron router uuid (irrelevant unless
# $neutron_network_type=='provider_router')
$neutron_router_id = getvar("::${variable_prefix}neutron_router_id")
# The Neutron external network uuid (irrelevant unless
# $neutron_network_type=='provider_router')
$neutron_gateway_external_network_id = getvar("::${variable_prefix}gateway_external_network_id")
# The nova-compute backend driver.
# Supported: libvirt (default), xenserver
$nova_compute_driver = pick(getvar("::${variable_prefix}nova_compute_driver"),
'libvirt')
# The hypervisor to use with libvirt (ignored unless
# nova_compute_driver==libvirt)
# Supported: kvm (default), qemu
$nova_compute_libvirt_type = pick(getvar("::${variable_prefix}nova_compute_libvirt_type"),
'kvm')
# The XenAPI connection URL (ignored unless nova_compute_driver==xenserver)
$xenapi_connection_url = getvar("::${variable_prefix}xenapi_connection_url")
# The XenAPI user name (ignored unless nova_compute_driver==xenserver)
$xenapi_connection_username = getvar("::${variable_prefix}xenapi_connection_username")
# The XenAPI password (ignored unless nova_compute_driver==xenserver)
$xenapi_connection_password = getvar("::${variable_prefix}xenapi_connection_password")
# Allow access to Horizon using any host name?
# Default is false, meaning allow Horizon access only through the
# FQDN of the dashboard host.
# Set to true if you want to access by IP address, through an SSH
# tunnel, etc.
$horizon_allow_any_hostname = str2bool(pick(getvar("::${variable_prefix}horizon_allow_any_hostname"),'false'))
# Enabled Heat APIs (comma-separated list of exposed APIs)
# Can be any combination of 'heat', 'cfn', and 'cloudwatch'
# Default is just 'heat' (the native Heat API)
$heat_apis = pick(getvar("::${variable_prefix}heat_apis"),'heat')
}

5
manifests/repo.pp
View File

@ -1,5 +0,0 @@
class kickstack::repo inherits kickstack {
class { '::openstack::resources::repo':
release => $::kickstack::release
}
}

50
manifests/rpc.pp
View File

@ -1,50 +0,0 @@
class kickstack::rpc inherits kickstack {
case "$rpc" {
'rabbitmq': {
Class['nova::rabbitmq'] -> Exportfact::Export<| tag == 'rabbit' |>
$rabbit_password = pick(getvar("${::kickstack::fact_prefix}rabbit_password"),pwgen())
class { 'nova::rabbitmq':
userid => "$::kickstack::rabbit_userid",
password => "$rabbit_password",
virtual_host => "$::kickstack::rabbit_virtual_host"
}
kickstack::exportfact::export { "rabbit_host":
value => "$hostname",
tag => "rabbit"
}
kickstack::exportfact::export { "rabbit_password":
value => "$rabbit_password",
tag => "rabbit"
}
}
'qpid': {
Class['nova::qpid'] -> Exportfact::Export<| tag == 'qpid' |>
$qpid_password = pick(getvar("${::kickstack::fact_prefix}qpid_password"),pwgen())
class { 'nova::qpid':
user => "$::kickstack_qpid_username",
password => "$qpid_password",
realm => "$::kickstack_qpid_realm"
}
kickstack::exportfact::export { "qpid_hostname":
value => "$hostname",
tag => "qpid"
}
kickstack::exportfact::export { "qpid_password":
value => "$qpid_password",
tag => "qpid"
}
}
default: {
warn("Unsupported RPC server type: ${rpc_server}")
}
}
}

5
templates/default.neutron-server.erb
View File

@ -1,5 +0,0 @@
# defaults for neutron-server
# path to config file corresponding to the core_plugin specified in
# neutron.conf
NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"

17
templates/init.neutron-plugin-openvswitch-agent.erb
View File

@ -1,17 +0,0 @@
# vim:set ft=upstart ts=2 et:
description "Neutron OpenvSwitch Plugin Agent"
author "Chuck Short <zulcss@ubuntu.com>"
start on runlevel [2345] and started neutron-ovs-cleanup
stop on runlevel [!2345]
respawn
chdir /var/run
pre-start script
mkdir -p /var/run/neutron
chown neutron:root /var/run/neutron
end script
exec start-stop-daemon --start --chuid neutron --exec /usr/bin/neutron-openvswitch-agent -- --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file=/var/log/neutron/openvswitch-agent.log

170
templates/l2-agent-config.erb
View File

@ -1,170 +0,0 @@
[ovs]
# (StrOpt) Type of network to allocate for tenant networks. The
# default value 'local' is useful only for single-box testing and
# provides no connectivity between hosts. You MUST either change this
# to 'vlan' and configure network_vlan_ranges below or change this to
# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for
# tenant networks to provide connectivity between hosts. Set to 'none'
# to disable creation of tenant networks.
#
# tenant_network_type = local
# Example: tenant_network_type = gre
# Example: tenant_network_type = vxlan
# (ListOpt) Comma-separated list of
# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
# of VLAN IDs on named physical networks that are available for
# allocation. All physical networks listed are available for flat and
# VLAN provider network creation. Specified ranges of VLAN IDs are
# available for tenant network allocation if tenant_network_type is
# 'vlan'. If empty, only gre, vxlan and local networks may be created.
#
# network_vlan_ranges =
# Example: network_vlan_ranges = physnet1:1000:2999
# (BoolOpt) Set to True in the server and the agents to enable support
# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and
# GRE or VXLAN tunneling.
#
# WARNING: This option will be deprecated in the Icehouse release, at which
# point setting tunnel_type below will be required to enable
# tunneling.
#
# enable_tunneling = False
# (StrOpt) The type of tunnel network, if any, supported by the plugin. If
# this is set, it will cause tunneling to be enabled. If this is not set and
# the option enable_tunneling is set, this will default to 'gre'.
#
# tunnel_type =
# Example: tunnel_type = gre
# Example: tunnel_type = vxlan
# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
# enumerating ranges of GRE or VXLAN tunnel IDs that are available for
# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'.
#
# tunnel_id_ranges =
# Example: tunnel_id_ranges = 1:1000
# Do not change this parameter unless you have a good reason to.
# This is the name of the OVS integration bridge. There is one per hypervisor.
# The integration bridge acts as a virtual "patch bay". All VM VIFs are
# attached to this bridge and then "patched" according to their network
# connectivity.
#
# integration_bridge = br-int
# Only used for the agent if tunnel_id_ranges (above) is not empty for
# the server. In most cases, the default value should be fine.
#
# tunnel_bridge = br-tun
# Peer patch port in integration bridge for tunnel bridge
# int_peer_patch_port = patch-tun
# Peer patch port in tunnel bridge for integration bridge
# tun_peer_patch_port = patch-int
# Uncomment this line for the agent if tunnel_id_ranges (above) is not
# empty for the server. Set local-ip to be the local IP address of
# this hypervisor.
#
# local_ip =
# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
# mapping physical network names to the agent's node-specific OVS
# bridge names to be used for flat and VLAN networks. The length of
# bridge names should be no more than 11. Each bridge must
# exist, and should have a physical network interface configured as a
# port. All physical networks listed in network_vlan_ranges on the
# server should have mappings to appropriate bridges on each agent.
#
# bridge_mappings =
# Example: bridge_mappings = physnet1:br-eth1
[agent]
# Agent's polling interval in seconds
# polling_interval = 2
# Minimize polling by monitoring ovsdb for interface changes
# minimize_polling = True
# When minimize_polling = True, the number of seconds to wait before
# respawning the ovsdb monitor after losing communication with it
# ovsdb_monitor_respawn_interval = 30
# (ListOpt) The types of tenant network tunnels supported by the agent.
# Setting this will enable tunneling support in the agent. This can be set to
# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
# disable tunneling support in the agent. When running the agent with the OVS
# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section.
# When running the agent with ML2, you can specify as many values here as
# your compute hosts supports.
#
# tunnel_types =
tunnel_types =gre
# Example: tunnel_types = gre
# Example: tunnel_types = vxlan
# Example: tunnel_types = vxlan, gre
# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
# default, this will make use of the Open vSwitch default value of '4789' if
# not specified.
#
# vxlan_udp_port =
# Example: vxlan_udp_port = 8472
# (IntOpt) This is the MTU size of veth interfaces.
# Do not change unless you have a good reason to.
# The default MTU size of veth interfaces is 1500.
# veth_mtu =
# Example: veth_mtu = 1504
# (BoolOpt) Flag to enable l2-population extension. This option should only be
# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
# optimize tunnel management.
#
# l2_population = False
[securitygroup]
# Firewall driver for realizing neutron security group function.
# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
# Controls if neutron security group is enabled or not.
# It should be false when you use nova security group.
# enable_security_group = True
#-----------------------------------------------------------------------------
# Sample Configurations.
#-----------------------------------------------------------------------------
#
# 1. With VLANs on eth1.
# [ovs]
# network_vlan_ranges = default:2000:3999
# tunnel_id_ranges =
# integration_bridge = br-int
# bridge_mappings = default:br-eth1
#
# 2. With GRE tunneling.
# [ovs]
# network_vlan_ranges =
# tunnel_id_ranges = 1:1000
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
#
# 3. With VXLAN tunneling.
# [ovs]
# network_vlan_ranges =
# tenant_network_type = vxlan
# tunnel_type = vxlan
# tunnel_id_ranges = 1:1000
# integration_bridge = br-int
# tunnel_bridge = br-tun
# local_ip = 10.0.0.3
# [agent]
# tunnel_types = vxlan

6
templates/openstackrc.erb
View File

@ -1,6 +0,0 @@
OS_USERNAME="admin"
OS_PASSWORD="<%= @admin_password %>"
OS_TENANT_NAME="<%= @admin_tenant %>"
OS_AUTH_URL="http://<%= @hostname %>:5000/v2.0"
export OS_USERNAME OS_PASSWORD OS_TENANT_NAME OS_AUTH_URL