stackforge
/
puppet-openstack-cloud
Code Issues Proposed changes

Merge "contrail: Initial commit"

This commit is contained in:
Jenkins 2015-06-30 03:43:45 +00:00 committed by Gerrit Code Review
parent c719fe5d3b 610927499e
commit 0d5d46b896
22 changed files with 1214 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Puppetfile
View File

@ -40,7 +40,7 @@ mod 'keystone',
:ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b'
mod 'neutron',
:git => 'git://github.com/enovance/puppet-neutron.git',
:ref => 'd5628a9ca16140e3c08c98d56feecaf56e898f35'
:ref => '183541d3890cd212db5a581470bdf98c21c40ad7'
mod 'nova',
:git => 'git://github.com/enovance/puppet-nova.git',
:ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4'
@ -80,6 +80,9 @@ mod 'cassandra',
mod 'concat',
:git => 'git://github.com/enovance/puppet-concat.git',
:ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5'
mod 'contrail',
:git => 'git://github.com/enovance/puppet-contrail.git',
:ref => '2b135d5b9f00c26b357bf2f55082701f01e0670a'
mod 'corosync',
:git => 'git://github.com/enovance/puppetlabs-corosync.git',
:ref => '7bbdcd8c57beab6ba24b06ef5aaee2462f8d3d24'

2
files/qemu/qemu.conf
View File

@ -8,4 +8,4 @@ cgroup_device_acl = [
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet", "/dev/net/tun",
]
clear_emulator_capabilities = 0
clear_emulator_capabilities = 1

10
manifests/compute/hypervisor.pp
View File

@ -122,6 +122,10 @@
# (optional) Hostname or IP used to connect to console service.
# Defaults to false (use nova_public_host)
#
# [*include_vswitch*]
# (optional) Should the class cloud::network::vswitch should be included.
# Defaults to true
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
@ -147,6 +151,7 @@ class cloud::compute::hypervisor(
$manage_tso = true,
$nova_shell = false,
$firewall_settings = {},
$include_vswitch = true,
# when using NFS storage backend
$nfs_enabled = false,
$nfs_device = false,
@ -158,7 +163,10 @@ class cloud::compute::hypervisor(
include 'cloud::params'
include 'cloud::telemetry'
include 'cloud::network'
include 'cloud::network::vswitch'
if $include_vswitch {
include 'cloud::network::vswitch'
}
if $libvirt_type == 'kvm' and ! $::vtx {
fail('libvirt_type is set to KVM and VTX seems to be disabled on this node.')

1
manifests/loadbalancer.pp
View File

@ -626,6 +626,7 @@ class cloud::loadbalancer(
){
include cloud::params
include cloud::network::contrail::haproxy
$common_tcp_options = {
'mode' => 'tcp',

13
manifests/network.pp
View File

@ -53,9 +53,14 @@
#
# [*plugin*]
# (optional) Neutron plugin name
# Supported values: 'ml2', 'n1kv'.
# Supported values: 'ml2', 'n1kv', 'opencontrail'.
# Defaults to 'ml2'
#
# [*service_plugins*]
# (optional) List of service plugin entrypoints to be loaded from the neutron
# service_plugins namespace
# Defaults to ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin']
#
class cloud::network(
$verbose = true,
$debug = true,
@ -66,6 +71,7 @@ class cloud::network(
$log_facility = 'LOG_LOCAL0',
$dhcp_lease_duration = '120',
$plugin = 'ml2',
$service_plugins = ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'],
) {
# Disable twice logging if syslog is enabled
@ -88,6 +94,9 @@ class cloud::network(
'n1kv': {
$core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2'
}
'opencontrail': {
$core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2'
}
default: {
fail("${plugin} plugin is not supported.")
}
@ -106,7 +115,7 @@ class cloud::network(
use_syslog => $use_syslog,
dhcp_agents_per_network => '2',
core_plugin => $core_plugin,
service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'],
service_plugins => $service_plugins,
log_dir => $log_dir,
dhcp_lease_duration => $dhcp_lease_duration,
report_interval => '30',

59
manifests/network/contrail/analytics.pp Normal file
View File

@ -0,0 +1,59 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::analytics
#
# Install a Contrail analytics node
#
# === Parameters:
#
# [*bind_ip*]
# (optional) Address on which the Contrail analytics api is listening on
# Defaults to '127.0.0.1'
#
# [*port*]
# (optional) Port where Contrail analytics api is bound to
# Used for firewall purpose.
# Default to 8081
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::analytics (
$bind_ip = '127.0.0.1',
$port = 8081,
$firewall_settings = {},
){
include ::contrail::analytics
@@haproxy::balancermember{"${::fqdn}-contrail-analytics-api":
listening_service => 'contrail_analytics_api',
server_names => $::hostname,
ipaddresses => $bind_ip,
ports => $port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail analytics access':
port => [$port, '8086'],
extras => $firewall_settings,
}
}
}

78
manifests/network/contrail/config.pp Normal file
View File

@ -0,0 +1,78 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::config
#
# Install a Contrail config node
#
# === Parameters:
#
# [*api_bind_ip*]
# (optional) Address on which the Contrail config api is listening on
# Defaults to '127.0.0.1'
#
# [*discovery_bind_ip*]
# (optional) Address on which the Contrail discovery is listening on
# Defaults to '127.0.0.1'
#
# [*api_port*]
# (optional) Port where Contrail config api is bound to
# Used for firewall purpose.
# Default to 9100
#
# [*discovery_port*]
# (optional) Port where Contrail discovery is bound to
# Used for firewall purpose.
# Default to 9110
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::config (
$api_bind_ip = '127.0.0.1',
$discovery_bind_ip = '127.0.0.1',
$api_port = 9100,
$discovery_port = 9110,
$firewall_settings = {},
){
include ::contrail::config
@@haproxy::balancermember{"${::fqdn}-contrail-config-api":
listening_service => 'contrail_config_api',
server_names => $::hostname,
ipaddresses => $api_bind_ip,
ports => $api_port,
options => 'check inter 2000 rise 2 fall 5'
}
@@haproxy::balancermember{"${::fqdn}-contrail-config-discovery":
listening_service => 'contrail_config_discovery',
server_names => $::hostname,
ipaddresses => $discovery_bind_ip,
ports => $discovery_port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail config access':
port => ['8443', '8087', '8088', $discovery_port, $api_port],
extras => $firewall_settings,
}
}
}

40
manifests/network/contrail/control.pp Normal file
View File

@ -0,0 +1,40 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::control
#
# Install a Contrail control node
#
# === Parameters:
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::control (
$firewall_settings = {},
){
include ::contrail::control
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail control access':
port => ['8083', '5269', '8092', '8093'],
extras => $firewall_settings,
}
}
}

46
manifests/network/contrail/database.pp Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::database
#
# Install a Contrail database node
#
# === Parameters:
#
# [*port*]
# (optional) Port where Kafka is bound to
# Used for firewall purpose.
# Default to 9042
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::database (
$port = 9042,
$firewall_settings = {},
){
include ::contrail::database
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail database access':
port => $port,
extras => $firewall_settings,
}
}
}

183
manifests/network/contrail/haproxy.pp Normal file
View File

@ -0,0 +1,183 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::haproxy
#
# Create the haproxy stanzas for Contrail related services
#
# === Parameters:
#
# [*contrail_analytics_api*]
# (optional) Enable or not Contrail analytics api public binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure
# Defaults to false
#
# [*contrail_config_api*]
# (optional) Enable or not Contrail config api binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to false
#
# [*contrail_config_discovery*]
# (optional) Enable or not Contrail discoverybinding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to false
#
# [*contrail_webui_http*]
# (optional) Enable or not Contrail webui http binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to true
#
# [*contrail_webui_https*]
# (optional) Enable or not Contrail webui https binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure
# Defaults to true
#
# [*contrail_analytics_api_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_config_api_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_config_discovery_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_webui_http_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_webui_https_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_analytics_api_port*]
# (optional) TCP port to connect to Contrail analytics api from public network
# Defaults to '8081'
#
# [*contrail_config_api_port*]
# (optional) TCP port to connect to Contrail config api from public network
# Defaults to '8082'
#
# [*contrail_config_discovery_port*]
# (optional) TCP port to connect to Contrail discovery from public network
# Defaults to '5998'
#
# [*contrail_webui_http_port*]
# (optional) TCP port to connect to Contrail webui http from public network
# Defaults to '8079'
#
# [*contrail_webui_https_port*]
# (optional) TCP port to connect to Contrail webui https from public network
# Defaults to '8143'
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::haproxy (
$contrail_analytics_api = false,
$contrail_config_api = false,
$contrail_config_discovery = false,
$contrail_webui_http = false,
$contrail_webui_https = false,
$contrail_analytics_api_bind_options = [],
$contrail_config_api_bind_options = [],
$contrail_config_discovery_bind_options = [],
$contrail_webui_http_bind_options = [],
$contrail_webui_https_bind_options = [],
$contrail_analytics_api_port = 8081,
$contrail_config_api_port = 8082,
$contrail_config_discovery_port = 5998,
$contrail_webui_http_port = 8079,
$contrail_webui_https_port = 8143,
$firewall_settings = {},
){
cloud::loadbalancer::binding { 'contrail_analytics_api':
ip => $contrail_analytics_api,
port => $contrail_analytics_api_port,
bind_options => $contrail_analytics_api_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger', 'tcp-check'],
'default-server' => 'error-limit 1 on-error mark-down',
},
}
cloud::loadbalancer::binding { 'contrail_config_api':
ip => $contrail_config_api,
port => $contrail_config_api_port,
bind_options => $contrail_config_api_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger'],
},
}
cloud::loadbalancer::binding { 'contrail_config_discovery':
ip => $contrail_config_discovery,
port => $contrail_config_discovery_port,
bind_options => $contrail_config_discovery_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger'],
},
}
cloud::loadbalancer::binding { 'contrail_webui_http':
ip => $contrail_webui_http,
port => $contrail_webui_http_port,
bind_options => $contrail_webui_http_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'source',
},
}
cloud::loadbalancer::binding { 'contrail_webui_https':
ip => $contrail_webui_https,
port => $contrail_webui_https_port,
bind_options => $contrail_webui_https_bind_options,
httpchk => 'ssl-hello-chk',
firewall_settings => $firewall_settings,
options => {
'mode' => 'tcp',
'balance' => 'source',
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
}
}
}

79
manifests/network/contrail/rabbitmq.pp Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::rabbitmq
#
# This resource creates RabbitMQ resources for Contrail
#
# == Parameters:
#
# [*user*]
# (optional) The username to use when connecting to Rabbit
# Defaults to 'contrail'
#
# [*password*]
# (optional) The password to use when connecting to Rabbit
# Defaults to 'contrailpassword'
#
# [*vhost*]
# (optional) The virtual host to use when connecting to Rabbit
# Defaults to '/'
#
# [*is_admin*]
# (optional) If the user should be admin or not
# Defaults to true
#
# [*configure_permission*]
# (optional) Define configure permission
# Defaults to '.*'
#
# [*write_permission*]
# (optional) Define write permission
# Defaults to '.*'
#
# [*read_permission*]
# (optional) Define read permission
# Defaults to '.*'
#
class cloud::network::contrail::rabbitmq (
$user = 'contrail',
$password = 'contrailpassword',
$vhost = '/',
$is_admin = true,
$configure_permission = '.*',
$write_permission = '.*',
$read_permission = '.*',
) {
rabbitmq_user { $user :
admin => $is_admin,
password => $password,
provider => 'rabbitmqctl',
}
if !defined(Rabbitmq_vhost[$vhost]) {
rabbitmq_vhost { $vhost :
provider => 'rabbitmqctl',
}
}
rabbitmq_user_permissions { "${user}@${vhost}" :
configure_permission => $configure_permission,
write_permission => $write_permission,
read_permission => $read_permission,
provider => 'rabbitmqctl',
}
}

27
manifests/network/contrail/vrouter.pp Normal file
View File

@ -0,0 +1,27 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::vrouter
#
# Install a Contrail vrouter agent on the node
#
# === Parameters:
#
class cloud::network::contrail::vrouter (
){
include ::contrail::vrouter
}

79
manifests/network/contrail/webui.pp Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::webui
#
# Install a Contrail webui node
#
# === Parameters:
#
# [*http_bind_ip*]
# (optional) Address on which the Contrail webui http service is listening on
# Defaults to '127.0.0.1'
#
# [*https_bind_ip*]
# (optional) Address on which the Contrail webui https service is listening on
# Defaults to '127.0.0.1'
#
# [*http_port*]
# (optional) Port where Contrail webui http service is bound to
# Used for firewall purpose.
# Default to 9100
#
# [*https_port*]
# (optional) Port where Contrail webui https is bound to
# Used for firewall purpose.
# Default to 9110
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::webui (
$http_bind_ip = '127.0.0.1',
$https_bind_ip = '127.0.0.1',
$http_port = 8080,
$https_port = 8143,
$firewall_settings = {},
$firewall_settings = {},
){
include ::contrail::webui
@@haproxy::balancermember{"${::fqdn}-contrail-webui-http":
listening_service => 'contrail_webui_http',
server_names => $::hostname,
ipaddresses => $http_bind_ip,
ports => $http_port,
options => 'check inter 2000 rise 2 fall 5'
}
@@haproxy::balancermember{"${::fqdn}-contrail-webui-https":
listening_service => 'contrail_webui_https',
server_names => $::hostname,
ipaddresses => $https_bind_ip,
ports => $https_port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail webui access':
port => [$http_port, $https_port],
extras => $firewall_settings,
}
}
}

122
manifests/network/controller.pp
View File

@ -108,7 +108,7 @@
#
# [*plugin*]
# (optional) Neutron plugin name
# Supported values: 'ml2', 'n1kv'.
# Supported values: 'ml2', 'n1kv', 'opencontrail'.
# Defaults to 'ml2'
#
# [*l3_ha*]
@ -124,6 +124,18 @@
# (optional) TCP port to connect to Keystone API from admin network
# Defaults to '35357'
#
# [*ks_keystone_admin_user*]
# (optional) Admin user to connect to Keystone API
# Defaults to 'admin'
#
# [*ks_keystone_admin_password*]
# (optional) Password for admin user to connect to Keystone API
# Defaults to 'password'
#
# [*ks_keystone_admin_token*]
# (optional) Token to connect to Keystone API as admin user
# Defaults to undef
#
# [*provider_vlan_ranges*]
# (optionnal) VLAN range for provider networks
# Defaults to ['physnet1:1000:2999']
@ -151,7 +163,25 @@
# [*vni_ranges*]
# (optional) VxLan Network ID range. used by the ml2 plugin
# List of colon-separated id ranges
# Defautls to ['1:10000']
# Defaults to ['1:10000']
#
# [*contrail_api_server_ip*]
# (optional) IP address of the Contrail API
# Defaults to 127.0.0.1
#
# [*contrail_api_server_port*]
# (optional) Port of the Contrail API
# Defaults to 8082
#
# [*contrail_multi_tenancy*]
# (optional) Should Contrail support multi tenancy
# Boolean.
# Defaults to true
#
# [*contrail_extensions*]
# (optional) Array of extensions enabled for Contrail
# Array of extensions
# Defaults to ['']
#
# [*mechanism_drivers*]
# (optional) Neutron mechanism drivers to run
@ -160,43 +190,52 @@
# Defaults to ['linuxbridge', 'openvswitch','l2population']
#
class cloud::network::controller(
$neutron_db_host = '127.0.0.1',
$neutron_db_user = 'neutron',
$neutron_db_password = 'neutronpassword',
$neutron_db_idle_timeout = 5000,
$ks_neutron_password = 'neutronpassword',
$ks_keystone_admin_host = '127.0.0.1',
$ks_keystone_admin_proto = 'http',
$ks_keystone_public_port = 5000,
$ks_neutron_public_port = 9696,
$api_eth = '127.0.0.1',
$ks_admin_tenant = 'admin',
$nova_url = 'http://127.0.0.1:8774/v2',
$nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0',
$nova_admin_username = 'nova',
$nova_admin_tenant_name = 'services',
$nova_admin_password = 'novapassword',
$nova_region_name = 'RegionOne',
$manage_ext_network = false,
$firewall_settings = {},
$flat_networks = ['public'],
$tenant_network_types = ['gre'],
$type_drivers = ['gre', 'vlan', 'flat'],
$provider_vlan_ranges = ['physnet1:1000:2999'],
$plugin = 'ml2',
$mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'],
$l3_ha = false,
$router_distributed = false,
$neutron_db_host = '127.0.0.1',
$neutron_db_user = 'neutron',
$neutron_db_password = 'neutronpassword',
$neutron_db_idle_timeout = 5000,
$ks_neutron_password = 'neutronpassword',
$ks_keystone_admin_host = '127.0.0.1',
$ks_keystone_admin_proto = 'http',
$ks_keystone_admin_port = 35357,
$ks_keystone_admin_user = 'admin',
$ks_admin_tenant = 'admin',
$ks_keystone_admin_password = 'password',
$ks_keystone_admin_token = undef,
$ks_keystone_public_port = 5000,
$ks_neutron_public_port = 9696,
$api_eth = '127.0.0.1',
$nova_url = 'http://127.0.0.1:8774/v2',
$nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0',
$nova_admin_username = 'nova',
$nova_admin_tenant_name = 'services',
$nova_admin_password = 'novapassword',
$nova_region_name = 'RegionOne',
$manage_ext_network = false,
$firewall_settings = {},
$flat_networks = ['public'],
$tenant_network_types = ['gre'],
$type_drivers = ['gre', 'vlan', 'flat'],
$provider_vlan_ranges = ['physnet1:1000:2999'],
$plugin = 'ml2',
$mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'],
$l3_ha = false,
$router_distributed = false,
# only needed by cisco n1kv plugin
$n1kv_vsm_ip = '127.0.0.1',
$n1kv_vsm_password = 'secrete',
$ks_keystone_admin_port = 35357,
$n1kv_vsm_ip = '127.0.0.1',
$n1kv_vsm_password = 'secrete',
# only needed by ml2 plugin
$tunnel_id_ranges = ['1:10000'],
$vni_ranges = ['1:10000'],
$tunnel_id_ranges = ['1:10000'],
$vni_ranges = ['1:10000'],
# only needed by opencontrail plugin
$contrail_api_server_ip = '127.0.0.1',
$contrail_api_server_port = '8082',
$contrail_multi_tenancy = true,
$contrail_extensions = [''],
) {
include 'cloud::network'
include ::neutron::quota
$encoded_user = uriescape($neutron_db_user)
$encoded_password = uriescape($neutron_db_password)
@ -258,6 +297,21 @@ class cloud::network::controller(
}
}
'opencontrail': {
$core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2'
class { 'neutron::plugins::opencontrail':
api_server_ip => $contrail_api_server_ip ,
api_server_port => $contrail_api_server_port,
multi_tenancy => $contrail_multi_tenancy,
contrail_extensions => $contrail_extensions,
keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/",
keystone_admin_user => $ks_keystone_admin_user,
keystone_admin_tenant_name => $ks_admin_tenant,
keystone_admin_password => $ks_keystone_admin_password,
keystone_admin_token => $ks_keystone_admin_token,
}
}
default: {
fail("${plugin} plugin is not supported.")
}

21
manifests/network/metadata.pp
View File

@ -76,18 +76,15 @@ class cloud::network::metadata(
include 'cloud::network::vswitch'
class { 'neutron::agents::metadata':
enabled => $enabled,
shared_secret => $neutron_metadata_proxy_shared_secret,
debug => $debug,
metadata_ip => $nova_metadata_server,
auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0",
auth_password => $ks_neutron_password,
auth_region => $auth_region,
metadata_workers => $::processorcount
}
neutron_metadata_agent_config {
'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto;
enabled => $enabled,
shared_secret => $neutron_metadata_proxy_shared_secret,
debug => $debug,
metadata_ip => $nova_metadata_server,
auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0",
auth_password => $ks_neutron_password,
auth_region => $auth_region,
metadata_workers => $::processorcount,
metadata_protocol => $ks_nova_internal_proto,
}
}

80
spec/classes/cloud_network_contrail_analytics_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::analytics
#
require 'spec_helper'
describe 'cloud::network::contrail::analytics' do
shared_examples_for 'contrail-analytics server' do
let :params do
{ }
end
it 'configure contrail-analytics' do
is_expected.to contain_class('contrail::analytics')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-analytics firewall rules' do
is_expected.to contain_firewall('100 allow contrail analytics access').with(
:port => ['8081', '8086'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-analytics firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail analytics access').with(
:port => ['8081', '8086'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-analytics server'
end
end

80
spec/classes/cloud_network_contrail_config_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::config
#
require 'spec_helper'
describe 'cloud::network::contrail::config' do
shared_examples_for 'contrail-config server' do
let :params do
{ }
end
it 'configure contrail-config' do
is_expected.to contain_class('contrail::config')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-config firewall rules' do
is_expected.to contain_firewall('100 allow contrail config access').with(
:port => ['8443', '8087', '8088', '9110', '9100'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-config firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail config access').with(
:port => ['8443', '8087', '8088', '9110', '9100'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-config server'
end
end

80
spec/classes/cloud_network_contrail_database_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::database
#
require 'spec_helper'
describe 'cloud::network::contrail::database' do
shared_examples_for 'contrail-database server' do
let :params do
{ }
end
it 'configure contrail-database' do
is_expected.to contain_class('contrail::database')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-database firewall rules' do
is_expected.to contain_firewall('100 allow contrail database access').with(
:port => '9042',
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-database firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail database access').with(
:port => '9042',
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-database server'
end
end

65
spec/classes/cloud_network_contrail_haproxy_spec.rb Normal file
View File

@ -0,0 +1,65 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::haproxy
#
require 'spec_helper'
describe 'cloud::network::contrail::haproxy' do
shared_examples_for 'contrail-haproxy stanzas' do
let :params do
{ }
end
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_analytics_api').with(
:port => '8081'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_api').with(
:port => '8082'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_discovery').with(
:port => '5998'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_http').with(
:port => '8079'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_https').with(
:port => '8143'
)}
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-haproxy stanzas'
end
end

65
spec/classes/cloud_network_contrail_rabbitmq_spec.rb Normal file
View File

@ -0,0 +1,65 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::rabbitmq
#
require 'spec_helper'
describe 'cloud::network::contrail::rabbitmq' do
shared_examples_for 'contrail-rabbitmq settings' do
let :params do
{ }
end
it 'configure the contrail rabbitmq-user' do
is_expected.to contain_rabbitmq_user('contrail').with(
:admin => 'true',
:password => 'contrailpassword',
:provider => 'rabbitmqctl',
)
end
it 'configure the contrail rabbitmq-user-permissions' do
is_expected.to contain_rabbitmq_user_permissions('contrail@/').with(
:configure_permission => '.*',
:write_permission => '.*',
:read_permission => '.*',
:provider => 'rabbitmqctl',
)
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-rabbitmq settings'
end
end

50
spec/classes/cloud_network_contrail_vrouter_spec.rb Normal file
View File

@ -0,0 +1,50 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::vrouter
#
require 'spec_helper'
describe 'cloud::network::contrail::vrouter' do
shared_examples_for 'contrail-vrouter server' do
let :params do
{ }
end
it 'configure contrail-vrouter' do
is_expected.to contain_class('contrail::vrouter')
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-vrouter server'
end
end

80
spec/classes/cloud_network_contrail_webui_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::webui
#
require 'spec_helper'
describe 'cloud::network::contrail::webui' do
shared_examples_for 'contrail-webui server' do
let :params do
{ }
end
it 'configure contrail-webui' do
is_expected.to contain_class('contrail::webui')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-webui firewall rules' do
is_expected.to contain_firewall('100 allow contrail webui access').with(
:port => ['8080', '8143'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-webui firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail webui access').with(
:port => ['8080', '8143'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-webui server'
end
end