From 4039d84dfbb40a88c90cc58d3823360c565766d9 Mon Sep 17 00:00:00 2001 From: Tim Rozet Date: Thu, 21 May 2015 17:05:53 -0400 Subject: Adds Heat and external network support Patch changes behavior to do the following External Network: - openvswitch is now installed at the beginning of the puppet run - public interface config is changed to be an ovsport on br-ex - br-ex is created with the IP address formerly on public interface - neutron is configured to use br-ex - after neutron is running, an external provider_network and provider_subnet are created New global parameters required (only if external_network_flag is true): - public_gateway - public_dns - public_network - public_subnet - public_allocation_start - public_allocation_end Heat is now in HA and added to deployment by default: Introduces 6 new required global params: - heat_admin_vip - heat_private_vip - heat_public_vip - heat_cfn_admin_vip - heat_cfn_private_vip - heat_cfn_public_vip JIRA: BGS-31 Change-Id: Ic4428b31c2a3028aa46c4da73e4d0f338b6651d3 Signed-off-by: Tim Rozet --- .../puppet-opnfv/manifests/controller_networker.pp | 54 +++++++++-- .../manifests/external_net_presetup.pp | 102 +++++++++++++++++++++ .../puppet-opnfv/manifests/external_net_setup.pp | 77 ++++++++++++++++ common/puppet-opnfv/manifests/init.pp | 4 - common/puppet-opnfv/manifests/repo.pp | 30 ++++++ common/puppet-opnfv/templates/br_ex.erb | 10 ++ 6 files changed, 266 insertions(+), 11 deletions(-) create mode 100644 common/puppet-opnfv/manifests/external_net_presetup.pp create mode 100644 common/puppet-opnfv/manifests/external_net_setup.pp create mode 100644 common/puppet-opnfv/templates/br_ex.erb diff --git a/common/puppet-opnfv/manifests/controller_networker.pp b/common/puppet-opnfv/manifests/controller_networker.pp index cff258d..18a876c 100644 --- a/common/puppet-opnfv/manifests/controller_networker.pp +++ b/common/puppet-opnfv/manifests/controller_networker.pp @@ -73,6 +73,12 @@ class opnfv::controller_networker { if !$nova_private_vip { fail('nova_private_vip is empty') } if !$nova_public_vip { fail('nova_public_vip is empty') } if $private_network == '' { fail('private_network is empty') } + if !$heat_admin_vip { fail('heat_admin_vip is empty') } + if !$heat_private_vip { fail('heat_private_vip is empty') } + if !$heat_public_vip { fail('heat_public_vip is empty') } + if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') } + if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') } + if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') } ##Find private interface $ovs_tunnel_if = get_nic_from_network("$private_network") @@ -93,6 +99,7 @@ class opnfv::controller_networker { if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } if !$horizon_secret { $horizon_secret = $single_password } if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } if !$keystone_db_password { $keystone_db_password = $single_password } if !$keystone_user_password { $keystone_user_password = $single_password } if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array } @@ -104,6 +111,10 @@ class opnfv::controller_networker { if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } if !$storage_network { $storage_iface = $ovs_tunnel_if } else { @@ -119,6 +130,13 @@ class opnfv::controller_networker { "$storage_iface", "") + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "opnfv::external_net_presetup": + stage => presetup, + require => Class['opnfv::repo'], + } + } + class { "opnfv::ceph_deploy": fsid => $ceph_fsid, osd_pool_default_size => $ceph_osd_pool_size, @@ -159,14 +177,25 @@ class opnfv::controller_networker { glance_private_vip => $glance_private_vip, glance_public_vip => $glance_public_vip, glance_user_password => $glance_user_password, - heat_cfn_enabled => 'false', + heat_auth_encryption_key => $heat_auth_encryption_key, + heat_cfn_admin_vip => $heat_cfn_admin_vip, + heat_cfn_private_vip => $heat_cfn_private_vip, + heat_cfn_public_vip => $heat_cfn_public_vip, + heat_cfn_user_password => $heat_cfn_user_password, + heat_cloudwatch_enabled => 'true', + heat_cfn_enabled => 'true', + heat_db_password => $heat_db_password, + heat_admin_vip => $heat_admin_vip, + heat_private_vip => $heat_private_vip, + heat_public_vip => $heat_public_vip, + heat_user_password => $heat_user_password, horizon_admin_vip => $horizon_admin_vip, horizon_private_vip => $horizon_private_vip, horizon_public_vip => $horizon_public_vip, include_ceilometer => 'false', include_cinder => 'true', include_glance => 'true', - include_heat => 'false', + include_heat => 'true', include_horizon => 'true', include_keystone => 'true', include_neutron => 'true', @@ -217,8 +246,8 @@ class opnfv::controller_networker { admin_password => $admin_password, admin_token => $keystone_admin_token, cinder => 'true', - heat => 'false', - heat_cfn => 'false', + heat => 'true', + heat_cfn => 'true', keystonerc => 'true', use_syslog => 'true', verbose => 'true', @@ -246,7 +275,10 @@ class opnfv::controller_networker { volume => true, } -> - class { "quickstack::pacemaker::heat": } + class { "quickstack::pacemaker::heat": + use_syslog => true, + verbose => true, + } -> class { "quickstack::pacemaker::constraints": } @@ -278,6 +310,10 @@ class opnfv::controller_networker { verbose => 'true', } + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "opnfv::external_net_setup": } + } + } else { if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } if $public_ip == '' { fail('public_ip is empty') } @@ -320,6 +356,10 @@ class opnfv::controller_networker { if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } if $swift_admin_password == '' { fail('swift_admin_password is empty') } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + + class { "quickstack::neutron::controller_networker": admin_email => $admin_email, admin_password => $admin_password, @@ -343,8 +383,8 @@ class opnfv::controller_networker { mysql_root_password => $mysql_root_password, #amqp_provider => $amqp_provider, amqp_host => $amqp_ip, - amqp_username => 'guest', - amqp_password => 'guest', + amqp_username => $amqp_username, + amqp_password => $amqp_password, #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, keystone_admin_token => $keystone_admin_token, diff --git a/common/puppet-opnfv/manifests/external_net_presetup.pp b/common/puppet-opnfv/manifests/external_net_presetup.pp new file mode 100644 index 0000000..b7c7c5f --- /dev/null +++ b/common/puppet-opnfv/manifests/external_net_presetup.pp @@ -0,0 +1,102 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class opnfv::external_net_presetup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + if ($public_nic == '') or ($public_nic_ip == '') or ($public_nic == "br-ex") or ($public_nic == "br_ex") { + notify {"Skipping augeas, public_nic ${public_nic}, public_nic_ip ${public_nic_ip}":} + + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + unless => 'ip addr show br-ex | grep "inet "', + before => Exec['restart-network-public-nic-ip'], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + exec {'restart-network-public-nic-ip': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + onlyif => 'ip addr show | grep $(ip addr show br-ex | grep -Eo "inet [\.0-9]+" | cut -d " " -f2) | grep -v br-ex', + } + + } else { + #reconfigure public interface to be ovsport + augeas { "main-$public_nic": + context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", + changes => [ + "rm IPADDR", + "rm NETMASK", + "rm GATEWAY", + "rm DNS1", + "rm BOOTPROTO", + "rm DEFROUTE", + "rm IPV6_DEFROUTE", + "rm IPV6_PEERDNS", + "rm IPV6_PEERROUTES", + "rm PEERROUTES", + "set PEERDNS no", + "set BOOTPROTO static", + "set IPV6INIT no", + "set IPV6_AUTOCONF no", + "set ONBOOT yes", + "set TYPE OVSPort", + "set OVS_BRIDGE br-ex", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Service["openvswitch"], + } + + -> + #create br-ex interface + file { 'external_bridge': + path => '/etc/sysconfig/network-scripts/ifcfg-br-ex', + owner => 'root', + group => 'root', + mode => '0644', + content => template('trystack/br_ex.erb'), + before => Class["quickstack::pacemaker::params"], + } + -> + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + } +} diff --git a/common/puppet-opnfv/manifests/external_net_setup.pp b/common/puppet-opnfv/manifests/external_net_setup.pp new file mode 100644 index 0000000..df9bdac --- /dev/null +++ b/common/puppet-opnfv/manifests/external_net_setup.pp @@ -0,0 +1,77 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class opnfv::external_net_setup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + Anchor[ 'neutron configuration anchor end' ] + -> + #update bridge-mappings to physnet1 + file_line { 'ovs': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => '[ovs]', + } + -> + #update bridge-mappings to physnet1 + file_line { 'bridge_mapping': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => 'bridge_mappings = physnet1:br-ex', + } + -> + Exec["pcs-neutron-server-set-up"] + +##this way we only let controller1 create the neutron resources +##controller1 should be the active neutron-server at provisioining time + + if $hostname == $controllers_hostnames_array[0] { + Exec["all-neutron-nodes-are-up"] + -> + neutron_network { 'provider_network': + ensure => present, + name => 'provider_network', + admin_state_up => true, + provider_network_type => flat, + provider_physical_network => 'physnet1', + router_external => true, + tenant_name => 'admin', + } + -> + neutron_subnet { 'provider_subnet': + ensure => present, + name => provider_subnet, + cidr => $public_subnet, + gateway_ip => $public_gateway, + allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ], + dns_nameservers => $public_dns, + network_name => 'provider_network', + tenant_name => 'admin', + } + } +} diff --git a/common/puppet-opnfv/manifests/init.pp b/common/puppet-opnfv/manifests/init.pp index 11ef18f..7b68df5 100644 --- a/common/puppet-opnfv/manifests/init.pp +++ b/common/puppet-opnfv/manifests/init.pp @@ -24,10 +24,6 @@ class opnfv { if $::osfamily == 'RedHat' { - exec {'disable selinux': - command => '/usr/sbin/setenforce 0', - unless => '/usr/sbin/getenforce | grep Permissive', - } include stdlib stage { 'presetup': before => Stage['setup'], diff --git a/common/puppet-opnfv/manifests/repo.pp b/common/puppet-opnfv/manifests/repo.pp index eb3a2e6..fe89305 100644 --- a/common/puppet-opnfv/manifests/repo.pp +++ b/common/puppet-opnfv/manifests/repo.pp @@ -33,5 +33,35 @@ class opnfv::repo { gpgcheck => 0, } + exec {'disable selinux': + command => '/usr/sbin/setenforce 0', + unless => '/usr/sbin/getenforce | grep Permissive', + } + -> + service { "network": + ensure => "running", + enable => "true", + hasrestart => true, + restart => '/usr/bin/systemctl restart network', + } + -> + service { 'NetworkManager': + ensure => "stopped", + enable => "false", + } + ~> + exec { 'restart-network-presetup': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + -> + package { 'openvswitch': + ensure => installed, + } + -> + service {'openvswitch': + ensure => 'running', + } } } diff --git a/common/puppet-opnfv/templates/br_ex.erb b/common/puppet-opnfv/templates/br_ex.erb new file mode 100644 index 0000000..6c0e7e7 --- /dev/null +++ b/common/puppet-opnfv/templates/br_ex.erb @@ -0,0 +1,10 @@ +DEVICE=br-ex +DEVICETYPE=ovs +IPADDR=<%= @public_nic_ip %> +NETMASK=<%= @public_nic_netmask %> +GATEWAY=<%= @public_gateway %> +BOOTPROTO=static +ONBOOT=yes +TYPE=OVSBridge +PROMISC=yes +PEERDNS=no -- cgit 1.2.3-korg