From a7614c8593d2b50309cc268704873a92f88b775d Mon Sep 17 00:00:00 2001 From: Adam Gandelman Date: Thu, 5 May 2016 13:07:56 -0700 Subject: [PATCH] Initial plugin checkin This checks in the astara plugin in its current state. It currently supports deploying into MOS 8.0/liberty only. Change-Id: Ibe7ca298c4adcdd237202b520271100231b2a1d2 --- AUTHORS | 2 + INSTALL.rst | 27 ++ LICENSE | 202 ++++++++++++++ README.rst | 135 +++++++++ components.yaml | 29 ++ ...ork_orchestrator_astara_neutron_install.pp | 5 + .../network_orchestrator_configure.pp | 123 +++++++++ .../network_orchestrator_create_resources.pp | 5 + .../manifests/network_orchestrator_db.pp | 58 ++++ .../network_orchestrator_hiera_override.pp | 103 +++++++ .../manifests/network_orchestrator_image.pp | 2 + .../manifests/network_orchestrator_install.pp | 5 + .../network_orchestrator_pre_deployment.pp | 1 + .../network_orchestrator_set_resources.pp | 3 + .../provider/astara_config/ini_setting.rb | 27 ++ .../astara/lib/puppet/type/astara_config.rb | 47 ++++ .../manifests/astara_neutron/install.pp | 21 ++ .../modules/astara/manifests/db/mysql.pp | 55 ++++ .../modules/astara/manifests/db/sync.pp | 10 + .../modules/astara/manifests/flavor/create.pp | 15 + .../puppet/modules/astara/manifests/image.pp | 25 ++ .../puppet/modules/astara/manifests/init.pp | 100 +++++++ .../modules/astara/manifests/install.pp | 24 ++ .../astara/manifests/networks/create.pp | 13 + .../modules/astara/manifests/networks/set.pp | 14 + .../modules/astara/manifests/repo/liberty.pp | 15 + .../astara/templates/orchestrator.ini.erb | 74 +++++ .../scripts/astara_post_deploy.sh | 111 ++++++++ .../scripts/controller_post_deploy.sh | 21 ++ .../scripts/create_neutron_networks.sh | 39 +++ .../scripts/create_nova_flavor.sh | 17 ++ deployment_scripts/scripts/functions | 258 ++++++++++++++++++ .../scripts/install_astara_from_src.sh | 87 ++++++ .../scripts/set_neutron_networks_config.sh | 39 +++ deployment_scripts/scripts/set_nova_flavor.sh | 13 + deployment_tasks.yaml | 177 ++++++++++++ environment_config.yaml | 55 ++++ metadata.yaml | 34 +++ network_roles.yaml | 17 ++ node_roles.yaml | 17 ++ pre_build_hook | 11 + repositories/centos/.gitignore | 0 repositories/centos/.gitkeep | 0 repositories/ubuntu/.gitignore | 0 repositories/ubuntu/.gitkeep | 0 tasks.yaml | 1 + 46 files changed, 2037 insertions(+) create mode 100644 AUTHORS create mode 100644 INSTALL.rst create mode 100644 LICENSE create mode 100644 README.rst create mode 100644 components.yaml create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_configure.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_db.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_image.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_install.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp create mode 100644 deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp create mode 100644 deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb create mode 100644 deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb create mode 100644 deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/db/sync.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/image.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/init.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/install.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/networks/create.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/networks/set.pp create mode 100644 deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp create mode 100644 deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb create mode 100755 deployment_scripts/scripts/astara_post_deploy.sh create mode 100755 deployment_scripts/scripts/controller_post_deploy.sh create mode 100755 deployment_scripts/scripts/create_neutron_networks.sh create mode 100755 deployment_scripts/scripts/create_nova_flavor.sh create mode 100644 deployment_scripts/scripts/functions create mode 100755 deployment_scripts/scripts/install_astara_from_src.sh create mode 100755 deployment_scripts/scripts/set_neutron_networks_config.sh create mode 100755 deployment_scripts/scripts/set_nova_flavor.sh create mode 100644 deployment_tasks.yaml create mode 100644 environment_config.yaml create mode 100644 metadata.yaml create mode 100644 network_roles.yaml create mode 100644 node_roles.yaml create mode 100755 pre_build_hook create mode 100644 repositories/centos/.gitignore create mode 100644 repositories/centos/.gitkeep create mode 100644 repositories/ubuntu/.gitignore create mode 100644 repositories/ubuntu/.gitkeep create mode 100644 tasks.yaml diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..7aaa45e --- /dev/null +++ b/AUTHORS @@ -0,0 +1,2 @@ +Adam Gandelman +Eric Lopez diff --git a/INSTALL.rst b/INSTALL.rst new file mode 100644 index 0000000..86ea99f --- /dev/null +++ b/INSTALL.rst @@ -0,0 +1,27 @@ +Create Manually Installed Astara Fuel 8.0 Plugin on Ubuntu Trusty 14.04 +======================================================================= + +``https://wiki.openstack.org/wiki/Fuel/Plugins#Preparing_an_environment_for_plugin_development`` + + sudo apt-get install createrepo rpm dpkg-dev + easy_install pip + pip install fuel-plugin-builder + git clone https://github.com/stackforge/fuel-plugins.git + cd fuel-plugins/fuel_plugin_builder/ + sudo python setup.py develop + +``https://wiki.openstack.org/wiki/Fuel/Plugins#Using_Fuel_Plugin_Builder_tool`` + + fpb --create fuel-plugin-astara + fpb --build fuel-plugin-astara + + +Debug UI +-------- + +blah blah + +Debug Deployment +---------------- + +blah blah diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..e06d208 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ +Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..6a65327 --- /dev/null +++ b/README.rst @@ -0,0 +1,135 @@ +Astara plugin for Mirantis Fuel +=============================== + +Astara is a network orchestration service designed for provisioning Neutron +managed virtual network functions in an OpenStack deployment. + +Limitations: +------------ + Currently this plugin is not compatible with the following features: + + - Neutron DVR + - FWaaS + - LBaaSv1 + - other SDN solutions + + +Compatible versions: +-------------------- + + - Mirantis Fuel 8.0 + - Akanda Astara 8.0 + +To obtain the plugin: +--------------------- + +The Astara plugin can be downloaded from the [Fuel Plugin Catalog]( +https://www.mirantis.com/products/openstack-drivers-and-plugins/fuel-plugins/). + + +To install the plugin: +---------------------- + +- Prepare a clean fuel master node. + +- Copy the plugin onto the fuel master node: + + scp astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm root@:/tmp + +- Install the plugin on the fuel master node: + + cd /tmp + + fuel plugins --install astara-fuel-plugin-1.0-1.0.0-0.noarch.rpm + +- Check the plugin was installed: + + fuel plugins --list + + +User Guide +---------- + +To deploy a cluster with the Astara plugin, use the Fuel web UI to deploy an +OpenStack cluster in the usual way, with the following guidelines: + +- Create a new OpenStack environment, selecting: + + Liberty on Ubuntu Trusty + + "Neutron with VLAN segmentation" or "Neutron with tunneling segmentation" as the networking setup + +- Under the network tab, configure the 'Network' settings for your environment. For example (exact values will + depend on your setup): + + Public (External): + + - IP Range: 172.16.0.2 - 172.16.0.126 + - CIDR: 172.16.0.0/24 + - Use VLAN tagging: No + - Gateway: 172.16.0.1 + - Floating IP range: 172.16.0.130 - 172.16.0.254 + + + Management (Management): + +- Under the settings tab, make sure the following options are checked: + + "Use Astara Network Orchestrator" + +- Under the setting tab, configure Astara Management Service Port, API Port, and Management IPv6 prefix + + - Astara Management IPv6 Prefix + - Astara Management Service Port + - Astara API Service Port + +- Add nodes + +- Deploy changes + + +Deployment details +------------------ +Deployment of Openstack using Astara Network Orchestrator does the following: + +- Configures Nova: + + Enable Metadata Service + + Enable IPv6 + + Enables Nova to attach external networks to an VM Instance + +- Configures Neutron: + + Disables Metadata Agent, L3 Agent, and DHCP Agent + + Enables Astara API extensions + + Enables Astara service plugin + + Enables Astara core plugin + +- Uploads Astara Router Service VM into Openstack Image Service (glance) + +- Configure Horizon: + + Enable Astara dashboard extensions + + Configure Astara management service details + +- Create Public and Management Networks for Openstack deployment + + +Known issues +------------ + +None. + +Release Notes +------------- + +**1.0.0** + +* Initial release of the plugin + diff --git a/components.yaml b/components.yaml new file mode 100644 index 0000000..692cc44 --- /dev/null +++ b/components.yaml @@ -0,0 +1,29 @@ +# This file contains wizard components descriptions that are pretty similar to +# the `environment_config.yaml`. +# Please, take a look at following link for the details: +# - https://blueprints.launchpad.net/fuel/+spec/component-registry +# - https://specs.openstack.org/openstack/fuel-specs/specs/8.0/component-registry.html + +- name: 'additional_service:astara' + label: "Install Astara (Openstack Network Orchestrator)" + description: "If selected, Astara's Network Orchestrator will be installed. Astara + is a production grade L3-L7 Network Service Platform for Neutron" + bind: !!pairs + - "cluster:net_provider": "neutron" + requires: + - name: 'network:neutron:core:ml2' + compatible: + - name: 'hypervisor:libvirt:*' + - name: 'hypervisor:kvm' + - name: 'hypervisor:qemu' + - name: 'network:neutron:vlan' + - name: 'network:neutron:tun' + - name: "storage:block:lvm" + - name: "storage:image:ceph" + - name: "storage:object:ceph" + - name: "additional_service:ceilometer" + - name: "storage:block:ceph" + - name: "storage:ephemeral:ceph" + incompatible: + - name: 'hypervisor:vmware' + description: 'Astara is not compatible with VMware vSphere' diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp b/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp new file mode 100644 index 0000000..58f0ecc --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_astara_neutron_install.pp @@ -0,0 +1,5 @@ +notice('MODULE: astara-neutron install') + +include astara + +class { 'astara::astara_neutron::install': } diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp b/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp new file mode 100644 index 0000000..fdf475a --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_configure.pp @@ -0,0 +1,123 @@ +notice('MODULAR: astara config') + +$astara_settings = hiera('fuel-plugin-astara') + +# pass through fuel plugin config +astara_config { + 'DEFAULT/astara_api_port': value => $astara_settings['astara_api_port']; + 'DEFAULT/astara_mgt_service_port': value => $astara_settings['astra_mgmt_service_port']; + 'DEFAULT/management_prefix': value => $astara_settings['astra_mgmt_ipv6_prefix']; +} + +# piece together authtoken config from hiera, using neutron's service creds. +$neutron_settings = hiera('quantum_settings') +$neutron_keystone_settings = $neutron_settings['keystone'] +$keystone_settings = hiera_hash('keystone', {}) +$service_endpoint = hiera('service_endpoint') +$management_vip = hiera('management_vip') + +$ssl_hash = hiera_hash('use_ssl', {}) +$internal_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') +$internal_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip]) +$internal_port = '5000' + +$public_url = "${public_protocol}://${public_address}:${public_port}" +$admin_url = "${admin_protocol}://${admin_address}:${admin_port}" +$internal_url = "${internal_protocol}://${internal_address}:${internal_port}" + +$admin_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') + +$auth_suffix = pick($keystone_settings['auth_suffix'], '/') +$auth_url = "${internal_url}${auth_suffix}" + +# XXX need to replace with zookeeper +$memcache_addresses = hiera('memcached_addresses') +$memcache_address = $memcache_addresses[0] + +$region = hiera('region', 'RegionOne') + +# setup keystone authtoken middleware +astara_config { + 'keystone_authtoken/auth_plugin': value => 'password'; + 'DEFAULT/auth_url': value => $auth_url; + 'keystone_authtoken/auth_uri': value => $auth_url; + 'keystone_authtoken/auth_url': value => $internal_url; + 'keystone_authtoken/project_domain_id': value => 'default'; + 'keystone_authtoken/user_domain_id': value => 'default'; + 'keystone_authtoken/project_name': value => 'services'; + 'keystone_authtoken/username': value => 'neutron'; + 'keystone_authtoken/password': value => $neutron_keystone_settings['admin_password']; + 'keystone_authtoken/auth_region': value => $region; +} + + +# setup db access to the controller with the known password +$database_vip = hiera('database_vip', $management_vip) +$db_host = pick($astara_settings['db_host'], $database_vip) +$db_user = pick($astara_settings['db_user'], 'astara') +$db_name = pick($astara_settings['db_name'], 'astara') +#$db_password = pick($astara_settings['astara_db_password'], 'astara') +$db_password = 'astara' +$database_connection = "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8" +astara_config { + 'database/connection': value => $database_connection; +} + +# setup access to neutron's rabbit queue +# matching neutron's rabbit setup here -- it uses nova's credentials? +$rabbit_settings = hiera('rabbit') +$rabbit_user = 'nova' +$rabbit_password = $rabbit_settings['password'] +$rabbit_host = hiera('amqp_hosts') + +astara_config { + 'DEFAULT/control_exchange': value => 'neturon'; + 'DEFAULT/rpc_backend': value => 'rabbit'; + 'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true; + 'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host; +} + +# setup the neutron L3 agent +neutron_config { + 'agent/root_helper': value => 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'; + 'oslo_messaging_rabbit/rabbit_userid': value => $rabbit_user; + 'oslo_messaging_rabbit/rabbit_password': value => $rabbit_password, secret => true; + # XXX note sure where non-default 5673 comes from? + 'oslo_messaging_rabbit/rabbit_hosts': value => $rabbit_host; +} + + +# drop an openrc for the neutron service tenant +class { 'openstack::auth_file': + admin_user => 'neutron', + admin_password => $neutron_keystone_settings['admin_password'], + admin_tenant => 'services', + region_name => $region, + auth_url => $auth_url, +} + +astara_config { + 'DEFAULT/endpoint_type': value => 'internalURL'; + 'DEFAULT/log_file': value => '/var/log/astara/astara-orchestrator.log'; +} + +# Setup coordination cluster services. +# NOTE: we use memcache here for testing until a zookeeper module is available in feul +astara_config { + 'coordination/enabled': value => 'True'; + 'coordination/url': value => "memcached://${memcache_address}:11211"; +} + +# setup metadata proxy access +astara_config { + 'DEFAULT/nova_metadata_ip': value => $management_vip; + 'DEFAULT/neutron_metadata_proxy_shared_secret': value => $neutron_settings["metadata"]["metadata_proxy_shared_secret"]; +} + +# TODO(adam_g): flavor ids are hard-coded as params to astara::flavor::create, +# should be centralized somewhere. +astara_config { + 'router/instance_flavor': value => "511"; + 'loadbalancer/instance_flavor': value => "511"; +} diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp b/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp new file mode 100644 index 0000000..46d7426 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_create_resources.pp @@ -0,0 +1,5 @@ + +class { 'astara::db::sync': } +class { 'astara::flavor::create': } +class { 'astara::networks::create': } + diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_db.pp b/deployment_scripts/puppet/manifests/network_orchestrator_db.pp new file mode 100644 index 0000000..f2faee6 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_db.pp @@ -0,0 +1,58 @@ + +notice('MODULAR: astara/db.pp') + +$node_name = hiera('node_name') + +$astara_settings = hiera('fuel-plugin-astara') +$mysql_hash = hiera_hash('mysql_hash', {}) + +$database_vip = hiera('database_vip') + +$mysql_root_user = pick($mysql_hash['root_user'], 'root') +$mysql_db_create = pick($mysql_hash['db_create'], true) +$mysql_root_password = $mysql_hash['root_password'] + +$db_user = 'astara' +$db_name = 'astara' +#$db_password = pick($astara_settings['astara_db_password'], $mysql_root_password) +# XXX TODO pull generated passwd from environment config +$db_password = 'astara' + +$db_host = pick($astara_settings['metadata']['db_host'], $database_vip) +$db_create = pick($astara_settings['metadata']['db_create'], $mysql_db_create) +$db_root_user = pick($astara_settings['metadata']['root_user'], $mysql_root_user) +$db_root_password = pick($astara_settings['metadata']['root_password'], $mysql_root_password) + +$allowed_hosts = [ $node_name, 'localhost', '127.0.0.1', '%' ] + +validate_string($mysql_root_user) + +if $db_create { + + class { 'galera::client': + custom_setup_class => hiera('mysql_custom_setup_class', 'galera'), + } + + class { 'astara::db::mysql': + user => $db_user, + password => $db_password, + dbname => $db_name, + allowed_hosts => $allowed_hosts, + } + + class { 'osnailyfacter::mysql_access': + db_host => $db_host, + db_user => $db_root_user, + db_password => $db_root_password, + } + + Class['galera::client'] -> + Class['osnailyfacter::mysql_access'] -> + Class['astara::db::mysql'] + +} + +class mysql::config {} +include mysql::config +class mysql::server {} +include mysql::server diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp b/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp new file mode 100644 index 0000000..1ad4b86 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_hiera_override.pp @@ -0,0 +1,103 @@ +notice('MODULAR: network-orchestrator-node/network_hiera_override.pp') + +$network_node_plugin = hiera('astara', undef) +$hiera_dir = '/etc/hiera/override' +$plugin_name = 'network-orchestrator-node' +$plugin_yaml = "${plugin_name}.yaml" + +if $network_orchestrator_node_plugin { + $network_metadata = hiera_hash('network_metadata') + $network_roles = ['primary-network-orchestrator-node', 'network-orchestrator-node'] + $network_nodes = get_nodes_hash_by_roles($network_metadata, $network_roles) + $management_vip = $network_metadata['vips']['management']['ipaddr'] + $public_vip = $network_metadata['vips']['public']['ipaddr'] + + $quantum_hash = hiera_hash('quantum_settings') + + case hiera_array('role', 'none') { + /network-orchestartor-node/: { + + if hiera('role', 'none') == 'primary-network-orchestrator-node' { + $primary_controller = true + } else { + $primary_controller = false + } + $use_neutron = true + $corosync_roles = $network_roles + $deploy_vrouter = false + $haproxy_nodes = false + $corosync_nodes = $network_nodes + $new_quantum_settings_hash = { + 'neutron_agents' => [''], + 'neutron_server_enable' => false, + 'conf_nova' => false + } + $neutron_settings = merge($quantum_hash, $new_quantum_settings_hash) + } + /controller/: { + $use_neutron = true + $new_quantum_settings_hash = { + 'neutron_agents' => [''], + } + $neutron_settings = merge($quantum_hash, $new_quantum_settings_hash) + + if hiera('role', 'none') =~ /^primary/ { + $primary_controller = 'true' + } else { + $primary_controller = 'false' + } + } + default: { + $use_neutron = true + } + } + +################### + $calculated_content = inline_template(' +<% if @corosync_nodes -%> +<% require "yaml" -%> +corosync_nodes: +<%= YAML.dump(@corosync_nodes).sub(/--- *$/,"") %> +<% end -%> +<% if @corosync_roles -%> +corosync_roles: +<% +@corosync_roles.each do |crole| +%> - <%= crole %> +<% end -%> +<% end -%> +<% if @neutron_settings -%> +<% require "yaml" -%> +quantum_settings: +<%= YAML.dump(@neutron_settings).sub(/--- *$/,"") %> +<% end -%> +deploy_vrouter: <%= @deploy_vrouter %> +primary_controller: <%= @primary_controller %> +management_vip: <%= @management_vip %> +database_vip: <%= @management_vip %> +service_endpoint: <%= @management_vip %> +public_vip: <%= @public_vip %> +use_neutron: <%= @use_neutron %> + ') + +################### + + file {'/etc/hiera/override': + ensure => directory, + } -> + file { '/etc/hiera/override/common.yaml': + ensure => file, + content => "${calculated_content}\n", + } + + package {'ruby-deep-merge': + ensure => 'installed', + } + + file_line {'hiera.yaml': + path => '/etc/hiera.yaml', + line => " - override/${plugin_name}", + after => ' - override/module/%{calling_module}', + } + +} diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_image.pp b/deployment_scripts/puppet/manifests/network_orchestrator_image.pp new file mode 100644 index 0000000..e5ac513 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_image.pp @@ -0,0 +1,2 @@ + +class { 'astara::image': } diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_install.pp b/deployment_scripts/puppet/manifests/network_orchestrator_install.pp new file mode 100644 index 0000000..b7beb93 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_install.pp @@ -0,0 +1,5 @@ +notice('MODULAR: astara install') + +include astara + +class { 'astara::install': } diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp b/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp new file mode 100644 index 0000000..4283453 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_pre_deployment.pp @@ -0,0 +1 @@ +notice('MODULAR: no-op astara pre-deployment task') diff --git a/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp b/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp new file mode 100644 index 0000000..c9f5142 --- /dev/null +++ b/deployment_scripts/puppet/manifests/network_orchestrator_set_resources.pp @@ -0,0 +1,3 @@ + +class { 'astara::networks::set': } + diff --git a/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb b/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb new file mode 100644 index 0000000..87ffbe3 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/lib/puppet/provider/astara_config/ini_setting.rb @@ -0,0 +1,27 @@ +Puppet::Type.type(:astara_config).provide( + :ini_setting, + :parent => Puppet::Type.type(:ini_setting).provider(:ruby) +) do + + def section + resource[:name].split('/', 2).first + end + + def setting + resource[:name].split('/', 2).last + end + + def separator + '=' + end + + def self.file_path + '/etc/astara/orchestrator.ini' + end + + # added for backwards compatibility with older versions of inifile + def file_path + self.class.file_path + end + +end diff --git a/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb b/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb new file mode 100644 index 0000000..02fd347 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/lib/puppet/type/astara_config.rb @@ -0,0 +1,47 @@ +Puppet::Type.newtype(:astara_config) do + + ensurable + + newparam(:name, :namevar => true) do + desc 'Section/setting name to manage from /etc/astara/orchestrator.ini' + newvalues(/\S+\/\S+/) + end + + newproperty(:value) do + desc 'The value of the setting to be defined.' + munge do |value| + value = value.to_s.strip + value.capitalize! if value =~ /^(true|false)$/i + value + end + + def is_to_s( currentvalue ) + if resource.secret? + return '[old secret redacted]' + else + return currentvalue + end + end + + def should_to_s( newvalue ) + if resource.secret? + return '[new secret redacted]' + else + return newvalue + end + end + end + + newparam(:secret, :boolean => true) do + desc 'Whether to hide the value from Puppet logs. Defaults to `false`.' + + newvalues(:true, :false) + + defaultto false + end + + autorequire(:package) do + 'astara-common' + end + +end diff --git a/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp b/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp new file mode 100644 index 0000000..afe16e2 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/astara_neutron/install.pp @@ -0,0 +1,21 @@ + +notice('MODULAR: astara::astara_neutron::install') + +class astara::astara_neutron::install { + class { 'astara::repo::liberty': } + + package { 'neutron-plugin-astara': + ensure => present, + require => Class['astara::repo::liberty'], + } + + # TODO: These will need to be special cased for when we deploy the Mitaka + # version (akanda -> astara) + neutron_config { + 'DEFAULT/core_plugin': value => 'akanda.neutron.plugins.ml2_neutron_plugin.Ml2Plugin'; + 'DEFAULT/api_extensions_path': value => '/usr/lib/python2.7/dist-packages/akanda/neutron/extensions'; + 'DEFAULT/service_plugins': value => 'akanda.neutron.plugins.ml2_neutron_plugin.L3RouterPlugin'; + 'DEFAULT/notification_driver': value => 'neutron.openstack.common.notifier.rpc_notifier'; + 'DEFAULT/astara_auto_add_resources': value => 'False'; + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp b/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp new file mode 100644 index 0000000..3c584ff --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/db/mysql.pp @@ -0,0 +1,55 @@ +# The astara::db::mysql class creates a MySQL database for astara. +# It must be used on the MySQL server +# +# == Parameters +# +# [*password*] +# password to connect to the database. Mandatory. +# +# [*dbname*] +# name of the database. Optional. Defaults to astara. +# +# [*user*] +# user to connect to the database. Optional. Defaults to astara. +# +# [*host*] +# the default source host user is allowed to connect from. +# Optional. Defaults to 'localhost' +# +# [*allowed_hosts*] +# other hosts the user is allowd to connect from. +# Optional. Defaults to undef. +# +# [*charset*] +# the database charset. Optional. Defaults to 'utf8' +# +# [*collate*] +# the database collation. Optional. Defaults to 'utf8_general_ci' +# +# [*mysql_module*] +# (optional) Deprecated. Does nothing. +# +# [*cluster_id*] +# (optional) Deprecated. Does nothing. + +class astara::db::mysql( + $password, + $dbname = 'astara', + $user = 'astara', + $host = '127.0.0.1', + $charset = 'utf8', + $collate = 'utf8_general_ci', + $allowed_hosts = undef, +) { + + ::openstacklib::db::mysql { 'astara': + user => $user, + password_hash => mysql_password($password), + dbname => $dbname, + host => $host, + charset => $charset, + collate => $collate, + allowed_hosts => $allowed_hosts, + } + +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp b/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp new file mode 100644 index 0000000..e28aa23 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/db/sync.pp @@ -0,0 +1,10 @@ +notice('MODULAR: astara::db::sync') + +class astara::db::sync { + exec { 'astara-db-sync': + command => 'astara-dbsync --config-file /etc/astara/orchestrator.ini upgrade head', + path => '/usr/bin', + user => 'astara', + logoutput => on_failure, + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp b/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp new file mode 100644 index 0000000..8d252c1 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/flavor/create.pp @@ -0,0 +1,15 @@ +notice('MODULAR: astara::flavor::create') + +class astara::flavor::create ( + $ram = '512', + $disk = '3', + $vcpus = '1', + $flavor_name = 'm1.astara', + $flavor_id = '511', +) { + exec { 'create': + path => '/bin:/usr/bin', + command => '/bin/bash ./scripts/create_nova_flavor.sh ${ram} ${disk} ${vcpus} ${flavor_name} ${id}', + logoutput => true, + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/image.pp b/deployment_scripts/puppet/modules/astara/manifests/image.pp new file mode 100644 index 0000000..eda790c --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/image.pp @@ -0,0 +1,25 @@ +notice('MODULAR: Grabbing astara appliance image') + +class astara::image { + + $astara_settings = hiera('fuel-plugin-astara') + $image_url = $astara_settings['astara_appliance_image_location'] + + exec { 'need_image': + command => '/bin/true', + onlyif => '/usr/bin/test ! -e /root/astara_appliance.qcow2', + } + notice("Downloading astara applinace from ${image_url}") + + exec { "/usr/bin/wget -O astara_appliance.qcow2 --timestamping ${image_url}": + alias => "get-image", + cwd => "/tmp", + require => Exec['need_image'], + } + + file { "/root/astara_appliance.qcow2": + ensure => present, + source => "/tmp/astara_appliance.qcow2", + require => Exec["get-image"] } + +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/init.pp b/deployment_scripts/puppet/modules/astara/manifests/init.pp new file mode 100644 index 0000000..76ca939 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/init.pp @@ -0,0 +1,100 @@ +# +# Copyright (c) 2016, Akanda Inc, http://akanda.io +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +notice('MODULAR: astara/init.pp') + +# Parameters for configuring Astara Fuel plugin +class astara { + $astara_settings = hiera('fuel-plugin-astara') + $mgt_service_port = $astara_settings['astara_mgmt_service_port'] +} +# +# $astara_settings = hiera('astara', {}) +# $management_vip = hiera('management_vip') +# +# # Settings for Neutron +# $neutron_settings = hiera_hash('quantum_settings', {}) +# +# # Setting for Authenication +# $ssl_hash = hiera_hash('use_ssl', {}) +# $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') +# $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [hiera('service_endpoint', ''), $management_vip]) +# $admin_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') +# $admin_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [hiera('service_endpoint', ''), $management_vip]) +# +# $auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/v2.0/" +# $auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/" +# $identity_uri = "${admin_auth_protocol}://${admin_auth_address}:35357/" +# $auth_region = hiera('region', 'RegionOne') +# $project_domain_id = hiera('project_domain', 'default') +# $project_name = hiera('$hiera workloads_collector['tenant']', 'services') +# $user_domain_id = hiera('user_domain', 'default') +# $neutron_user = hiera('neutron_user', 'neutron') +# $neutron_password = hiera('neutron_user_password') +# +# # Settings for Database +# $database_vip = hiera('database_vip', undef) +# $db_type = 'mysql' +# $db_host = pick($astara_settings['db_host'], $database_vip) +# $db_user = pick($astara_settings['username'], 'astara') +# $db_password = $astara_settings['db_password'] +# $db_name = pick($astara_settings['db_name'], 'astara') +# $db_connection = os_database_connection({ +# 'dialect' => $db_type, +# 'host' => $db_host, +# 'database' => $db_name, +# 'username' => $db_user, +# 'password' => $db_password, +# 'charset' => 'utf8' +# }) +# +# # Settings for RabbitMQ +# $rabbit = hiera_hash('rabbit_hash') +# $rabbit_user = $rabbit['user'] +# $rabbit_password = $rabbit['password'] +# $rabbit_hosts = split(hiera('amqp_hosts',''), ',') +# +# # Settings for Astara +## $mangement_network_id = +## $management_subnet_id = +# $management_prefix = $astara_settings['astara-mgmt-ipv6-prefix'] +## $external_network_id = +## $external_subnet_id = +# $external_prefix = $neutron_settings['predefined_networks']['admin_floating_net']['L3']['subnet'] +# $enable_drivers = pick($astara_settings['enable_drivers'], 'router') +# $interface_driver = pick($astara_settings['interface_driver'], 'astara.common.linux.interface.OVSInterfaceDriver') +# $instance_provider = pick($astara_settings['instance_provider'], 'on-demand') +# $bind_api_port = $astara_settings['astara-api-port'] +# $bind_mgmt_port = $astara_settings['astara-mgmt-service-port'] +# +# #$appliance_router_image = { +# # "os_name" => "astara_router", +# # "loc_path" => $settings['astara_appliance_image_loc'] +# # "container_format" => "bare", +# # "disk_format" => "qcow2", +# # "glance_properties" => "", +# # "img_name" => "astara_router", +# # "public" => "true" +# #} +# #$appliance_lb_image = { +# # "os_name" => "astara_nginx", +# # "loc_path" => $settings['astara_appliance_image_loc'] +# # "container_format" => "bare", +# # "disk_format" => "qcow2", +# # "glance_properties" => "", +# # "img_name" => "astara_nginx", +# # "public" => "true" +# #} +#} diff --git a/deployment_scripts/puppet/modules/astara/manifests/install.pp b/deployment_scripts/puppet/modules/astara/manifests/install.pp new file mode 100644 index 0000000..6c1a2eb --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/install.pp @@ -0,0 +1,24 @@ + +# dependency issues between liberty and mitaka prevent a packaged +# installation right now +#class astara::install { +# class { 'astara::repo': } +# +# package { 'astara-orchestrator': +# ensure => 'present', +# require => Class['astara::repo'], +# tag => ['openstack', 'astara-orchestrator-package'], +# } +#} + + +# install from src in a venv instead. +class astara::install { + $astara_settings = hiera('fuel-plugin-astara') + $astara_repo_url = pick($astara_settings['git_repo_url'], 'https://github.com/openstack/astara.git') + $astara_repo_branch = pick($astara_settings['git_branch'], 'stable/mitaka') + $repo_dir = '/opt/astara' + exec { 'install-from-src': + command => "/bin/bash ./scripts/install_astara_from_src.sh ${astara_repo_url} ${astara_repo_branch} ${$repo_dir}" + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp b/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp new file mode 100644 index 0000000..2ca599c --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/networks/create.pp @@ -0,0 +1,13 @@ +notice('MODULAR: astara::networks::create') + +$astara_settings = hiera('fuel-plugin-astara') +$mgt_net_name = $astara_settings['astara_mgmt_name'] +$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix'] + +class astara::networks::create { + exec { 'create networks': + path => '/bin:/usr/bin', + command => '/bin/bash ./scripts/create_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}', + logoutput => true, + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp b/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp new file mode 100644 index 0000000..bf428ef --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/networks/set.pp @@ -0,0 +1,14 @@ +notice('MODULAR: astara::networks::set') + +$astara_settings = hiera('fuel-plugin-astara') + +$mgt_net_name = $astara_settings['astara_mgmt_name'] +$mgt_prefix = $astara_settings['astara_mgmt_ipv6_prefix'] + +class astara::networks::set { + exec { 'set networks': + path => '/bin:/usr/bin', + command => '/bin/bash ./scripts/set_neutron_networks.sh ${mgt_net_name} ${mgt_prefix}', + logoutput => true, + } +} diff --git a/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp b/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp new file mode 100644 index 0000000..d5b1940 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/manifests/repo/liberty.pp @@ -0,0 +1,15 @@ +class astara::repo::liberty { + include apt + if hiera('fuel_version') != '8.0' { + fail('Currently Astara deployment supported only with Fuel 8.0/liberty') + } + + # we install liberty on all nodes except the astara nodes + notice('MODULAR: astara - Installing controller version for Liberty') + apt::ppa { 'ppa:astara-drivers/astara-liberty': } + exec { + 'apt-get update': + path => '/usr/bin/', + require => Apt::Ppa['ppa:astara-drivers/astara-liberty'] + } +} diff --git a/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb b/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb new file mode 100644 index 0000000..f958c06 --- /dev/null +++ b/deployment_scripts/puppet/modules/astara/templates/orchestrator.ini.erb @@ -0,0 +1,74 @@ +[DEFAULT] <% settings = scope.lookupvar('@fuel-plugin-astara') %> +debug = False + +log_dir = /var/log/astara +log_file = /var/log/astara/orchestrator.log + +auth_region = <%= @astara_settings['auth_region'] %> +auth_url = <%= @astara_settings['auth_url'] %> + +instance_provider = <%= @astara_settings['instance_provider'] %> +management_network_id = <%= @astara_settings['management_network_id'] %> +management_subnet_id = <%= @astara_settings['management_subnet_id'] %> +management_prefix = <%= @astara_settings['management_prefix'] %> + +enabled_drivers = <%= @astara_settings['enabled_drivers'] %> + +external_network_id = <%= @astara_settings['external_network_id'] %> +external_subnet_id = <%= @astara_settings['external_subnet_id'] %> +external_prefix = <%= @astara_settings['external_prefix'] %> + +interface_driver = <%= @astara_settings['interface_driver'] %> + +plug_external_port = True + +ssh_public_key = /etc/astara/id_rsa.pub + +provider_rules_path = /etc/astara/provider_rules.json + +reboot_error_threshold =32 +num_worker_threads = 2 +num_worker_processes = 2 +boot_timeout = 3000 + +host = <%= @astara_settings['controller'] %> + +[AGENT] +root_helper = sudo /usr/bin/astara-rootwrap /etc/astara/rootwrap.conf + +[ceilometer] + +[coordination] + +[database] +connection = <%= @astara_settings['db_connection'] %> + +[keystone_authtoken] +auth_plugin = password +auth_uri = <%= @astara_settings['auth_uri'] %> +auth_url = <%= @astara_settings['auth_url'] %> +identity_uri = <%= @astara_settings['identity_uri'] %> +project_domain_id = <%= @astara_settings['project_domain_id'] %> +project_name = <%= @astara_settings['project_name'] %> +user_domain_id = <%= @astara_settings['user_domain_id'] %> +password = <%= @astara_settings['keystone_passwd'] %> +username = <%= @astara_settings['keystone_user'] %> + +[loadbalancer] +# image_uuid = <%= @astara_settings['lb_image_uuid'] %> +# instance_flavor = <%= @astara_settings['lb_instance_flavor'] %> + +[matchmaker_redis] + +[oslo_messaging_amqp] + +[oslo_messaging_rabbit] +rabbit_host = <%= @astara_settings['rabbit_host'] %> +rabbit_userid = <%= @astara_settings['rabbit_user'] %> +rabbit_password = <%= @astara_settings['rabbit_password'] %> + +[pez] + +[router] +image_uuid = <%= @astara_settings['router_image_uuid'] %> +instance_flavor = <%= @astara_settings['router_instance_flavor'] %> diff --git a/deployment_scripts/scripts/astara_post_deploy.sh b/deployment_scripts/scripts/astara_post_deploy.sh new file mode 100755 index 0000000..33ecfad --- /dev/null +++ b/deployment_scripts/scripts/astara_post_deploy.sh @@ -0,0 +1,111 @@ +#!/bin/bash -e + +# Publish or find the astara image, set its id in config +# Install the fuel public ssh pub key as the astara ssh key +# Restart astara + neutron l2 + +source $(dirname $0)/functions +source /root/openrc +export OS_ENDPOINT_TYPE=internalURL + +ROLE=${1:-"network-orchestrator-node"} + +echo "Running post-deployment task for $role" + +TIMEOUT=600 + +IMG_FILE="/root/astara_appliance.qcow2" +IMG_NAME="astara_appliance" + +if [[ ! -e $IMG_FILE ]]; then + echo "No image file found at $IMG_FILE" && exit 1 +fi + +if ! which glance; then + sudo apt-get install -y python-glanceclient +fi + +if ! which openstack; then + sudo apt-get install -y python-openstackclient +fi + +if ! which neutron; then + sudo apt-get -y install python-neutronclient +fi + +# glanceclient + openstack clients are a mess and cannot request at the internal +# url.... :( +internal_url=`openstack catalog show image -c endpoints -f value | grep internal | awk '{ print $2 }'` +OS_IMG_URL="--os-image-url=$internal_url" + +function publish_image { + if glance $OS_IMG_URL image-list | grep $IMG_NAME; then + return + fi + echo "Publishing astara image into glance" + glance $OS_IMG_URL image-create --name $IMG_NAME --visibility=public --container-format=bare --disk-format=qcow2 --file $IMG_FILE + echo "Published astara image $IMG_FILE into glance" +} + + +function find_image { + echo "Finding astara image in glance" + for i in $(seq 0 $TIMEOUT); do + IMG_ID=$(glance $OS_IMG_URL image-list | grep $IMG_NAME | awk '{ print $2 }') + echo $IMG_ID + if [[ -n "$IMG_ID" ]]; then + echo "Found astara applinace image in glance /w id $IMG_ID" + return + fi + echo 'zzz' + sleep 1 + done + echo "Did not find astara appliance image in glance after $TIMEOUT seconds" + exit 1 +} + +function scrub_neutron { + # scrub the fuel created routers and ports that existed before the l3 agent was + # removed + for router in $(neutron router-list -c id -f value); do + subnets=$(neutron router-port-list -c id -c fixed_ips -f value $router | awk '{ print $3 }' | sed -e 's/,//g') + for subnet in $subnets; do + subnet=$(echo $subnet | sed -e's/"//g') + neutron router-gateway-clear $router $subnet || true + neutron router-interface-delete $router $subnet || true + done + done + + for router in $(neutron router-list -c id -f value); do + neutron router-delete $router + done + sleep 3 + for port in $(neutron port-list -c id -f value); do + neutron port-delete $port + done +} + +if [[ "$ROLE" == "primary-network-orchestrator-node" ]]; then + publish_image + scrub_neutron +fi + +find_image + +iniset /etc/astara/orchestrator.ini router image_uuid $IMG_ID +iniset /etc/astara/orchestrator.ini loadbalancer image_uuid $IMG_ID + +# ssh key installation +echo "$(cat /root/.ssh/authorized_keys)" >/etc/astara/appliance_key.pub +iniset /etc/astara/orchestrator.ini DEFAULT ssh_public_key /etc/astara/appliance_key.pub + +service astara-orchestrator stop || true + +service neutron-plugin-openvswitch-agent restart + +# ensure bridges get created first +sleep 5 + +service astara-orchestrator start + +exit 0 diff --git a/deployment_scripts/scripts/controller_post_deploy.sh b/deployment_scripts/scripts/controller_post_deploy.sh new file mode 100755 index 0000000..34b68cd --- /dev/null +++ b/deployment_scripts/scripts/controller_post_deploy.sh @@ -0,0 +1,21 @@ +#!/bin/bash -e + +source /root/openrc + +for agent in dhcp metadata l3; do + echo "Disablng $agent neutron agent in pacemaker cluster." + pcs resource disable clone_p_neutron-${agent}-agent + for id in $(neutron agent-list | grep $agent | awk '{ print $2 }'); do + echo "Deleting $agent $id from neutron." + neutron agent-delete $id + done +done + +# The debian/ubuntu packaging has a bug that makes it impossible to gracefully +# load your specific config files without mangling its upstart conf. +sed -i 's/\$CONF_ARG$/--config-file \/etc\/neutron\/plugins\/ml2\/ml2_conf.ini/g' /etc/init/neutron-server.conf + +# Kick neutron-server after everythings been installed + configured +service neutron-server restart || true + +exit 0 diff --git a/deployment_scripts/scripts/create_neutron_networks.sh b/deployment_scripts/scripts/create_neutron_networks.sh new file mode 100755 index 0000000..fe0cdda --- /dev/null +++ b/deployment_scripts/scripts/create_neutron_networks.sh @@ -0,0 +1,39 @@ +#!/bin/bash -e + +if ! which neutron; then + sudo apt-get -y install python-neutronclient +fi + +source /root/openrc + +source $(dirname $0)/functions + + +mgt_name=${1:-"astara_mgmt"} +mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"} + + +net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')" +if [[ -z "$net_id" ]]; then + echo "Creating astara mgt net: $mgt_name" + net_id=$(neutron net-create $mgt_name | grep " id " | awk '{ print $4 }') + echo "Created astara mgt net: $net_id" +else + echo "Found existing astara mgt net: $net_id" +fi + +subnet_id="$(neutron subnet-list | grep " $mgt_prefix " | awk '{ print $2 }')" +if [[ -z "$subnet_id" ]]; then + echo "Creating new astara mgt subnet for $mgt_prefix" + if [[ "$mgt_prefix" =~ ':' ]]; then + subnet_create_args="--name astara_mgmt --ip-version=6 --ipv6_address_mode=slaac --enable_dhcp" + fi + subnet_id=$(neutron subnet-create $mgt_name $mgt_prefix $subnet_create_args | grep ' id ' | awk '{ print $4 }') + +else + echo "Found existing mgt subnet for $mgt_prefix; $subnet_id" +fi + + +iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id +iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id diff --git a/deployment_scripts/scripts/create_nova_flavor.sh b/deployment_scripts/scripts/create_nova_flavor.sh new file mode 100755 index 0000000..be0174f --- /dev/null +++ b/deployment_scripts/scripts/create_nova_flavor.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +if ! which nova; then + sudo apt-get -y install python-novaclient +fi + +ram=${1:-512} +disk=${2:-3} +vcpus=${3:-1} +flavor_name=${4:-m1.astara} +id=${5:-511} + +source /root/openrc + +if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then + nova flavor-create $flavor_name $id $ram $disk $vcpus +fi diff --git a/deployment_scripts/scripts/functions b/deployment_scripts/scripts/functions new file mode 100644 index 0000000..58386e2 --- /dev/null +++ b/deployment_scripts/scripts/functions @@ -0,0 +1,258 @@ +#!/bin/bash +# +# **inc/ini-config** - Configuration/INI functions +# +# Support for manipulating INI-style configuration files +# +# These functions have no external dependencies and no side-effects + +# Save trace setting +INC_CONF_TRACE=$(set +o | grep xtrace) +set +o xtrace + + +# Config Functions +# ================ + +# Append a new option in an ini file without replacing the old value +# iniadd [-sudo] config-file section option value1 value2 value3 ... +function iniadd { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="-sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + shift 3 + + local values="$(iniget_multiline $file $section $option) $@" + iniset_multiline $sudo $file $section $option $values + $xtrace +} + +# Comment an option in an INI file +# inicomment [-sudo] config-file section option +function inicomment { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + + $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|^\($option[ \t]*=.*$\)|#\1|" "$file" + $xtrace +} + +# Get an option from an INI file +# iniget config-file section option +function iniget { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local line + + line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file") + echo ${line#*=} + $xtrace +} + +# Get a multiple line option from an INI file +# iniget_multiline config-file section option +function iniget_multiline { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local values + + values=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { s/^$option[ \t]*=[ \t]*//gp; }" "$file") + echo ${values} + $xtrace +} + +# Determinate is the given option present in the INI file +# ini_has_option config-file section option +function ini_has_option { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local file=$1 + local section=$2 + local option=$3 + local line + + line=$(sed -ne "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ p; }" "$file") + $xtrace + [ -n "$line" ] +} + +# Add another config line for a multi-line option. +# It's normally called after iniset of the same option and assumes +# that the section already exists. +# +# Note that iniset_multiline requires all the 'lines' to be supplied +# in the argument list. Doing that will cause incorrect configuration +# if spaces are used in the config values. +# +# iniadd_literal [-sudo] config-file section option value +function iniadd_literal { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + local value=$4 + + if [[ -z $section || -z $option ]]; then + $xtrace + return + fi + + # Add it + $sudo sed -i -e "/^\[$section\]/ a\\ +$option = $value +" "$file" + + $xtrace +} + +# Remove an option from an INI file +# inidelete [-sudo] config-file section option +function inidelete { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + + if [[ -z $section || -z $option ]]; then + $xtrace + return + fi + + # Remove old values + $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file" + + $xtrace +} + +# Set an option in an INI file +# iniset [-sudo] config-file section option value +# - if the file does not exist, it is created +function iniset { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + local value=$4 + + if [[ -z $section || -z $option ]]; then + $xtrace + return + fi + + if ! grep -q "^\[$section\]" "$file" 2>/dev/null; then + # Add section at the end + echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null + fi + if ! ini_has_option "$file" "$section" "$option"; then + # Add it + $sudo sed -i -e "/^\[$section\]/ a\\ +$option = $value +" "$file" + else + local sep=$(echo -ne "\x01") + # Replace it + $sudo sed -i -e '/^\['${section}'\]/,/^\[.*\]/ s'${sep}'^\('${option}'[ \t]*=[ \t]*\).*$'${sep}'\1'"${value}"${sep} "$file" + fi + $xtrace +} + +# Set a multiple line option in an INI file +# iniset_multiline [-sudo] config-file section option value1 value2 valu3 ... +function iniset_multiline { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + + shift 3 + local values + for v in $@; do + # The later sed command inserts each new value in the line next to + # the section identifier, which causes the values to be inserted in + # the reverse order. Do a reverse here to keep the original order. + values="$v ${values}" + done + if ! grep -q "^\[$section\]" "$file"; then + # Add section at the end + echo -e "\n[$section]" | $sudo tee --append "$file" > /dev/null + else + # Remove old values + $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ { /^$option[ \t]*=/ d; }" "$file" + fi + # Add new ones + for v in $values; do + $sudo sed -i -e "/^\[$section\]/ a\\ +$option = $v +" "$file" + done + $xtrace +} + +# Uncomment an option in an INI file +# iniuncomment config-file section option +function iniuncomment { + local xtrace=$(set +o | grep xtrace) + set +o xtrace + local sudo="" + if [ $1 == "-sudo" ]; then + sudo="sudo " + shift + fi + local file=$1 + local section=$2 + local option=$3 + $sudo sed -i -e "/^\[$section\]/,/^\[.*\]/ s|[^ \t]*#[ \t]*\($option[ \t]*=.*$\)|\1|" "$file" + $xtrace +} + +# Restore xtrace +$INC_CONF_TRACE + +# Local variables: +# mode: shell-script +# End: diff --git a/deployment_scripts/scripts/install_astara_from_src.sh b/deployment_scripts/scripts/install_astara_from_src.sh new file mode 100755 index 0000000..6391a95 --- /dev/null +++ b/deployment_scripts/scripts/install_astara_from_src.sh @@ -0,0 +1,87 @@ +#!/bin/bash -ex + +repo=$1 +branch=$2 +dest=$3 +venv=/opt/venv/astara + +apt-get -y install python-dev libmysqlclient-dev + +if ! which pip ; then + apt-get -y install python-pip +fi + +if ! which git; then + apt-get -y install git +fi + +if ! which virtualenv ; then + pip install virtualenv +fi + +if [[ ! -d $dest ]] ; then + git clone $repo $dest + (cd $dest && git checkout $branch) +fi + +dirs="/var/log/astara /var/lib/astara /etc/astara" +for dir in $dirs; do + mkdir -p $dir +done + +if ! getent group astara > /dev/null 2>&1 +then + addgroup --system astara >/dev/null +fi + +if ! getent passwd astara > /dev/null 2>&1 +then + adduser --system --home /var/lib/astara --ingroup astara --no-create-home --shell /bin/false astara +fi + +for i in $(ls $dest/etc/); do + if [[ ! -e /etc/astara/$i ]]; then + cp -r $dest/etc/$i /etc/astara + fi +done + +chown -R astara:adm /var/log/astara/ +chmod 0750 /var/log/astara/ +chown astara:astara -R /var/lib/astara/ /etc/astara/ +chmod 0750 /etc/astara/ + +cat >/etc/sudoers.d/astara_sudoers </etc/init/astara-orchestrator.conf <" + +start on runlevel [2345] +stop on runlevel [!2345] + +respawn + +chdir /var/run + +exec start-stop-daemon --start --chuid astara --exec /usr/bin/astara-orchestrator -- --config-file=/etc/astara/orchestrator.ini +END + +if ! which astara-orchestrator; then + $venv/bin/pip install -r $dest/requirements.txt $dest + $venv/bin/pip install "PyMySQL>=0.6.2" + $venv/bin/pip install "MySQL-python;python_version=='2.7'" + for bin in $(ls $venv/bin/astara*) ; do + if [[ ! -e /usr/bin/$(basename $bin) ]]; then + ln -s $bin /usr/bin/$(basename $bin) + fi + done +fi diff --git a/deployment_scripts/scripts/set_neutron_networks_config.sh b/deployment_scripts/scripts/set_neutron_networks_config.sh new file mode 100755 index 0000000..975452f --- /dev/null +++ b/deployment_scripts/scripts/set_neutron_networks_config.sh @@ -0,0 +1,39 @@ +#!/bin/bash -e +# Spin indefinitely until our mgt net and subnet show up in neutron. This will +# be timed out by deployment_tasks if it does not succeed. + +source /root/openrc + +source $(dirname $0)/functions + +if ! which neutron; then + sudo apt-get -y install python-neutronclient +fi + +mgt_name=${1:-"astara_mgmt"} +mgt_prefix=${2:-"fdca:3ba5:a17a:acda::/64"} + +while [[ -z "$net_id" ]]; do + net_id="$(neutron net-list | grep " $mgt_name " | awk '{ print $2 }')" + if [[ -z "$net_id" ]]; then + echo "Still waiting on mgt net" + sleep 1 + else + echo "Found astara mgt net: $net_id" + break + fi +done + +while [[ -z "$subnet_id" ]]; do + subnet_id="$(neutron subnet-list | grep " $mgt_prefix" | awk '{ print $2 }')" + if [[ -z "$subnet_id" ]]; then + echo "Still waiting on mgt subnet" + sleep 1 + else + echo "Found astara mgt subnet: $subnet_id" + break + fi +done + +iniset /etc/astara/orchestrator.ini DEFAULT management_network_id $net_id +iniset /etc/astara/orchestrator.ini DEFAULT management_subnet_id $subnet_id diff --git a/deployment_scripts/scripts/set_nova_flavor.sh b/deployment_scripts/scripts/set_nova_flavor.sh new file mode 100755 index 0000000..e5f15e0 --- /dev/null +++ b/deployment_scripts/scripts/set_nova_flavor.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +ram=${1:-512} +disk=${2:-3} +vcpus=${3:-1} +flavor_name=${4:-m1.astara} +id=${5:-511} + +source /root/openrc + +if ! nova flavor-list | awk '{ print $4 }' | grep "^$flavor_name" ; then + nova flavor-create $flavor_name $id $ram $disk $vcpus +fi diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml new file mode 100644 index 0000000..3358668 --- /dev/null +++ b/deployment_tasks.yaml @@ -0,0 +1,177 @@ +# These tasks will be merged into deployment graph. Here you +# can specify new tasks for any roles, even built-in ones. + +# Deployment Groups + +- id: primary-network-orchestrator-node + type: group + role: [primary-network-orchestrator-node] + requires: [primary-controller, controller] + required_for: [deploy_end] + tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig, + hosts, firewall, deploy_start] + parameters: + strategy: + type: one_by_one + +- id: network-orchestrator-node + type: group + role: [primary-network-orchestrator-node] + requires: [primary-controller, controller, primary-network-orchestrator-node] + required_for: [deploy_end] + tasks: [fuel_pkgs, hiera, globals, tools, logging, netconfig, + hosts, firewall, deploy_start] + parameters: + strategy: + type: parallel + +# Deployment Tasks +# No idea what purpose this hiera override task serves. +- id: network-orchestrator-pre-deployment-task + type: puppet + groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node] + requires: [pre_deployment_start] + required_for: [pre_deployment_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_pre_deployment.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-hiera-override + type: puppet + groups: [primary-controller, controller, primary-network-orchestrator-node, network-orchestrator-node] + requires: [globals] + required_for: [logging] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_hiera_override.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +# These tasks execute on the controller +- id: network-orchestrator-node-db-task + type: puppet + groups: [primary-controller] + requires: [primary-database, database] + required_for: [deploy_end] + cross-depends: + - name: /(primary-)?database/ + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_db.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-astara-neutron-install-task + type: puppet + role: [primary-controller, controller] + requires: [post_deployment_start] + required_for: [post_deployment_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_astara_neutron_install.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-astara-neutron-configure-task + type: shell + role: [primary-controller, controller] + requires: [post_deployment_start, network-orchestrator-node-astara-neutron-install-task] + required_for: [post_deployment_end] + parameters: + cmd: ./scripts/controller_post_deploy.sh + timeout: 1800 + +# These tasks execute on the astara node +- id: network-orchestrator-node-install-task + type: puppet + groups: [primary-network-orchestrator-node, network-orchestrator-node] + requires: [network-orchestrator-hiera-override, netconfig] + required_for: [deploy_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_install.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-ml2-task + type: puppet + groups: [primary-network-orchestrator-node, network-orchestrator-node] + requires: [network-orchestrator-node-install-task] + required_for: [deploy_end] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/plugins/ml2.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-ml2-config-task + type: puppet + groups: [primary-network-orchestrator-node, network-orchestrator-node] + requires: [network-orchestrator-node-ml2-task] + required_for: [deploy_end] + parameters: + puppet_manifest: /etc/puppet/modules/osnailyfacter/modular/openstack-network/common-config.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-configure-task + type: puppet + groups: [primary-network-orchestrator-node, network-orchestrator-node] + requires: [network-orchestrator-node-install-task, network-orchestrator-node-ml2-task] + required_for: [deploy_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_configure.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +- id: network-orchestrator-node-image-task + type: puppet + groups: [primary-network-orchestrator-node] + requires: [network-orchestrator-node-install-task] + required_for: [deploy_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_image.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 3800 + +# This task creates neutron networks, nova flavors and syncs db +# on the primary +- id: network-orchestrator-node-create-resources-task + type: puppet + groups: [primary-network-orchestrator-node] + requires: [network-orchestrator-node-configure-task] + required_for: [network-orchestrator-node-set-resources-task] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_create_resources.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + +# This task configures non-primary nodes to use those created resources +- id: network-orchestrator-node-set-resources-task + type: puppet + groups: [network-orchestrator-node] + requires: [network-orchestrator-node-create-resources-task] + required_for: [deploy_end] + parameters: + puppet_manifest: puppet/manifests/network_orchestrator_set_resources.pp + puppet_modules: puppet/modules:/etc/puppet/modules + timeout: 1800 + + +- id: network-orchestrator-primary-node-post-deployment-task + type: shell + role: [primary-network-orchestrator-node] + requires: [post_deployment_start, upload_cirros] + required_for: [network-orchestrator-node-post-deployment-task] + parameters: + cmd: ./scripts/astara_post_deploy.sh primary-network-orchestrator-node + timeout: 1800 + retries: 3 + interval: 20 + +- id: network-orchestrator-node-post-deployment-task + type: shell + role: [network-orchestrator-node] + requires: [network-orchestrator-primary-node-post-deployment-task] + required_for: [post_deployment_end] + parameters: + cmd: ./scripts/astara_post_deploy.sh network-orchestrator-node + timeout: 1800 + retries: 3 + interval: 20 diff --git a/environment_config.yaml b/environment_config.yaml new file mode 100644 index 0000000..0db8339 --- /dev/null +++ b/environment_config.yaml @@ -0,0 +1,55 @@ +attributes: + metadata: + restrictions: + - action: hide + condition: "cluster:net_provider != 'neutron'" + - condition: "settings:neutron_advanced_configuration.neutron_dvr.value == true" + message: "Neutron DVR must be disabled in order to use Astara plugin" + - condition: "settings:neutron_advanced_configuration.neutron_l3_ha.value == true" + message: "Neutron L3 HA must be disabled in order to use Astara plugin" + - condition: "settings:public_network_assignment.assign_to_all_nodes.value == false" + message: "Enable Public Network Access for all nodes" + - condition: "settings:neutron_advanced_configuration.neutron_l2_pop.value == false and networking_parameters:segmentation_type != 'vlan'" + message: "Enable Neutron L2 Population" + group: network + astara_db_password: + generator: "password" + astara_mgmt_name: + value: 'astara_mgmt' + label: 'Astara Management Network Name' + weight: 15 + description: 'Set the Astara Management Neutron Network Name' + type: "text" + astara_mgmt_ipv6_prefix: + value: 'fdca:3ba5:a17a:acda::/64' + label: 'Astara Management IPv6 Prefix' + description: 'Set the IPv6 Prefix for the Management Network' + weight: 20 + type: "text" + regex: + source: '(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))' + error: "Invalid IPv6 Prefix" + astara_mgmt_service_port: + value: '5000' + label: 'Astara Management Service Port' + description: 'Set the Astara Managment Service Port' + weight: 25 + type: "text" + regex: + source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$' + error: "Must specify a management port (ie, 5000)" + astara_api_port: + value: '44250' + label: 'Astara API Service Port' + description: 'Set the Astara API Service Port' + weight: 30 + type: "text" + regex: + source: '^([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$' + error: "Empty API Service Port" + astara_appliance_image_location: + value: 'http://tarballs.openstack.org/astara-appliance/images/astara_appliance_mitaka.qcow2' + label: 'Astara Appliance Image URL' + description: 'Set the Astara Appliance Image Download URL' + weight: 35 + type: "text" diff --git a/metadata.yaml b/metadata.yaml new file mode 100644 index 0000000..8430bf5 --- /dev/null +++ b/metadata.yaml @@ -0,0 +1,34 @@ +# Plugin name +name: fuel-plugin-astara +# Human-readable name for your plugin +title: Use Astara Network Orchestrator +# Plugin version +version: '1.0.32' +# Description +description: Enable to use Openstack Astara Network Orchestrator for Neutron Networking +# Required fuel version +fuel_version: ['8.0'] +# Specify license of your plugin +licenses: ['Apache License Version 2.0'] +# Specify author or company name +authors: ['Akanda, Inc.'] +# A link to the plugin's page +homepage: 'https://github.com/openstack/fuel-plugins-astara' +# Specify a group which your plugin implements, possible options: +# network, storage, storage::cinder, storage::glance, hypervisor, +# equipment +groups: ['network'] +# Change `false` to `true` if the plugin can be installed in the environment +# after the deployment. +is_hotpluggable: false + +# The plugin is compatible with releases in the list +releases: + - os: ubuntu + version: liberty-8.0 + mode: ['ha','multinode'] + deployment_scripts_path: deployment_scripts/ + repository_path: repositories/ubuntu + +# Version of plugin package +package_version: '4.0.0' diff --git a/network_roles.yaml b/network_roles.yaml new file mode 100644 index 0000000..781c3d6 --- /dev/null +++ b/network_roles.yaml @@ -0,0 +1,17 @@ +# Unique network role name +- id: "astara_neutron" + # Role mapping to network + default_mapping: "management" + properties: + # Should be true if network role requires subnet being set + subnet: true + # Should be true if network role requires gateway being set + gateway: false + # List of VIPs to be allocated + vip: + # Unique VIP name + - name: "astara_orchestrator_vip" + # Optional linux namespace for VIP + namespace: "haproxy" + alias: "rug_vip" + node_roles: ["primary-network-controller", "network-controller"] diff --git a/node_roles.yaml b/node_roles.yaml new file mode 100644 index 0000000..b9e0572 --- /dev/null +++ b/node_roles.yaml @@ -0,0 +1,17 @@ +network-orchestrator-node: + # Role name + name: "Network Orchestrator Node" + # Role description + description: "Role to create a seperate Node for Astara Network Orchestartor Service" + # If primary then during orchestration this role will be + # separated into primary-role and role + has_primary: true + # Assign public IP to node if true + public_ip_required: false + # Weight that will be used to sort out the + # roles on the Fuel web UI + weight: 1000 + conflicts: + - compute + limits: + min: 1 diff --git a/pre_build_hook b/pre_build_hook new file mode 100755 index 0000000..72f9a71 --- /dev/null +++ b/pre_build_hook @@ -0,0 +1,11 @@ +#!/bin/bash +set -eux + +ROOT="$(dirname `readlink -f $0`)" +RPM_REPO="${ROOT}"/repositories/centos/ +DEB_REPO="${ROOT}"/repositories/ubuntu/ + +# DEB Package Files +# RPM Package Files +# wget -P "${RPM_REPO}" "${ASTARA_MITAKA_REPO_LOC}/" + diff --git a/repositories/centos/.gitignore b/repositories/centos/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/repositories/centos/.gitkeep b/repositories/centos/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/.gitignore b/repositories/ubuntu/.gitignore new file mode 100644 index 0000000..e69de29 diff --git a/repositories/ubuntu/.gitkeep b/repositories/ubuntu/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/tasks.yaml @@ -0,0 +1 @@ +[]