diff options
author | Michael Henkel <mhenkel@juniper.net> | 2017-01-27 00:36:54 +0100 |
---|---|---|
committer | Michael Henkel <mhenkel@juniper.net> | 2017-01-27 12:35:15 +0100 |
commit | 9c9667e214987fe4a41a96d13f58541f0ddd53a2 (patch) | |
tree | 9e607492632f5b1b78663185a834e50c5c689607 /manifests | |
parent | 4d356ed4ae5e609bf4ffc9a1729690e0b0c6df22 (diff) |
Re-organizes Contrail services to the correct roles
In current setup some Contrail services belong to the wrong roles.
The Contrail control plane can be impacted if the Analytics database has problems.
Furthermore contrail tripleo puppet modules are being refactored to conform to the
new interface of the puppet-contrail modules.
Closes-Bug: 1659560
Change-Id: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/haproxy.pp | 80 | ||||
-rw-r--r-- | manifests/network/contrail/analytics.pp | 331 | ||||
-rw-r--r-- | manifests/network/contrail/analyticsdatabase.pp | 202 | ||||
-rw-r--r-- | manifests/network/contrail/config.pp | 397 | ||||
-rw-r--r-- | manifests/network/contrail/control.pp | 197 | ||||
-rw-r--r-- | manifests/network/contrail/database.pp | 149 | ||||
-rw-r--r-- | manifests/network/contrail/heat.pp | 86 | ||||
-rw-r--r-- | manifests/network/contrail/neutron_plugin.pp | 231 | ||||
-rw-r--r-- | manifests/network/contrail/provision.pp | 96 | ||||
-rw-r--r-- | manifests/network/contrail/vrouter.pp | 302 | ||||
-rw-r--r-- | manifests/network/contrail/webui.pp | 104 |
11 files changed, 1857 insertions, 318 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index e90b0fb..c88fa82 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -519,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -616,6 +641,14 @@ class tripleo::haproxy ( cinder_api_ssl_port => 13776, congress_api_port => 1789, congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, @@ -1560,5 +1593,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 4359a43..e34c7e6 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -43,6 +43,21 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*analytics_aaa_mode*] +# (optional) analytics aaa mode parameter +# String value. +# Defaults to hiera('contrail::analytics_aaa_mode') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -53,11 +68,26 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # String value. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. @@ -76,7 +106,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -103,6 +133,31 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # +# [*public_vip*] +# (optional) Public virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*rabbit_server*] +# (optional) IPv4 addresses of rabbit server. +# Array of String (IPv4) value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) Rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) Rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) port of rabbit server +# String value. +# Defaults to hiera('contrail::rabbit_port') +# # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. @@ -123,123 +178,209 @@ # Integer value. # Defaults to 8081 # +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. # Defaults to hiera('contrail::zk_server_ip') # class tripleo::network::contrail::analytics( - $host_ip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $collector_http_server_port = 8089, - $collector_sandesh_port = 8086, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $http_server_port = 8090, - $insecure = hiera('contrail::insecure'), - $kafka_broker_list = hiera('contrail::kafka_broker_list'), - $memcached_servers = hiera('contrail::memcached_server'), - $redis_server = '127.0.0.1', - $redis_server_port = 6379, - $rest_api_ip = '0.0.0.0', - $rest_api_port = 8081, - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), + $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), + $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = hiera('contrail::analytics::http_server_port'), + $host_ip = hiera('contrail::analytics::host_ip'), + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::analytics::redis_server'), + $redis_server_port = hiera('contrail::analytics::redis_server_port'), + $rest_api_ip = hiera('contrail::analytics::rest_api_ip'), + $rest_api_port = hiera('contrail::analytics::rest_api_port'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { + $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') + $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $redis_config = "bind ${host_ip} 127.0.0.1" + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') + $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port, + 'auth_port' => $auth_port_ssl, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, - }, - }, - } -> - class {'::contrail::analytics': - analytics_api_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'host_ip' => $host_ip, - 'http_server_port' => $http_server_port, - 'redis_server' => $redis_server, - 'rest_api_ip' => $rest_api_ip, - 'rest_api_port' => $rest_api_port, - }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, - }, - 'REDIS' => { - 'redis_server_port' => $redis_server_port, - 'redis_query_port' => $redis_server_port, - 'server' => $redis_server, - }, - }, - collector_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'hostip' => $host_ip, - 'http_server_port' => $collector_http_server_port, - 'kafka_broker_list' => $kafka_broker_list, - 'zookeeper_server_list' => $zk_server_ip, - }, - 'COLLECTOR' => { - 'port' => $collector_sandesh_port, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + } + } else { + $keystone_config = { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + } + } + if $step >= 3 { + class {'::contrail::analytics': + alarm_gen_config => { + 'DEFAULTS' => { + 'host_ip' => $host_ip, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'rabbitmq_server_list' => $rabbit_server_list_5672, + 'rabbitmq_user' => $rabbit_user, + 'rabbitmq_password' => $rabbit_password, + 'zk_list' => $zk_server_ip_2181, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - query_engine_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'hostip' => $host_ip, + analytics_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + analytics_api_config => { + 'DEFAULTS' => { + 'api_server' => "${api_server}:${api_port}", + 'aaa_mode' => $analytics_aaa_mode, + 'cassandra_server_list' => $cassandra_server_list_9042, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + 'KEYSTONE' => $keystone_config, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + collector_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'zookeeper_server_list' => $zk_server_ip_2181_comma, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - }, - snmp_collector_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + query_engine_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + snmp_collector_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - topology_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + redis_config => $redis_config, + topology_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + vnc_api_lib_config => $vnc_api_lib_config, + keystone_config => { + 'KEYSTONE' => $keystone_config, }, - }, + } + } + if $step >= 5 { + class {'::contrail::analytics::provision_analytics': + api_address => $api_server, + api_port => $api_port, + analytics_node_address => $host_ip, + analytics_node_name => $::fqdn, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp new file mode 100644 index 0000000..88b0327 --- /dev/null +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -0,0 +1,202 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analyticsdatabase +# +# Configure Contrail Analytics Database services +# +# == Parameters: +# +# [*auth_host*] +# (optional) IPv4 VIP of Keystone +# String (IPv4) value +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*api_server*] +# (optional) IPv4 VIP of Contrail Config API +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Contrail Config API +# String value +# Defaults to hiera('contrail::api_port') +# +# [*admin_password*] +# (optional) Keystone Admin password +# String value +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) Keystone Admin tenant name +# String value +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) Keystone Admin token +# String value +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) Keystone Admin user +# String value +# Defaults to hiera('contrail::admin_user') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cassandra_servers*] +# (optional) List of analytics cassandra servers +# List (IPv4) value +# Defaults to hiera('contrail_analytics_database_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 VIP of Contrail Discovery +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) host IP address of Database node +# String (IPv4) value. +# Defaults to hiera('contrail::analytics::database::host_ip') +# +# [*host_name*] +# (optional) host name of database node +# String value +# Defaults to $::hostname +# +# [*kafka_hostnames*] +# (optional) list of kafka server hostnames +# List value +# Defaults to hiera('contrail_analytics_database_short_node_names', '') +# +# [*public_vip*] +# (optional) Public VIP +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) step in the stack +# String value +# Defaults to hiera('step') +# +# [*zookeeper_server_ips*] +# (optional) list of zookeeper server IPs +# List value +# Defaults to hiera('contrail_database_node_ips') +# +class tripleo::network::contrail::analyticsdatabase( + $step = hiera('step'), + $auth_host = hiera('contrail::auth_host'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_servers = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::analytics::database::host_ip'), + $host_name = $::hostname, + $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), + $public_vip = hiera('public_virtual_ip'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), +) +{ + if $auth_protocol == 'https' { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $step == 2 { + class {'::contrail::analyticsdatabase': + analyticsdatabase_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'kafka_hostnames' => $kafka_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 2e50108..e9c7a9e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -19,19 +19,6 @@ # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Control -# String (IPv4) value. -# -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_username*] -# (optional) ifmap username -# String value. -# Defaults to hiera('contrail::ifmap_username'), -# # [*admin_password*] # (optional) admin password # String value. @@ -42,16 +29,21 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # -# [*admin_token*] -# (optional) admin token -# String value. -# Defaults to hiera('contrail::admin_token'), -# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user'), # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -68,13 +60,33 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip'), +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port'), # +# [*host_ip*] +# (optional) IP address of host +# String (IPv4) value. +# Defaults to hiera('contrail::control::host_ip') +# +# [*ibgp_auto_mesh*] +# (optional) iBPG auto mesh +# String value. +# Defaults to true +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::ifmap_password'), +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure'), @@ -84,70 +96,103 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # +# [*public_vip*] +# (optional) Public Virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*router_asn*] +# (optional) Autonomus System Number +# String value +# Defaults to hiera('contrail::control::asn') +# +# [*secret*] +# (optional) RNDC secret for named +# String value +# Defaults to hiera('contrail::control::rndc_secret') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# class tripleo::network::contrail::control( - $host_ip, - $ifmap_password, - $ifmap_username, - $admin_password = hiera('contrail::admin_password'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $insecure = hiera('contrail::insecure'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::control::host_ip'), + $ibgp_auto_mesh = true, + $ifmap_password = hiera('contrail::control::host_ip'), + $ifmap_username = hiera('contrail::control::host_ip'), + $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $router_asn = hiera('contrail::control::asn'), + $secret = hiera('contrail::control::rndc_secret'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { - 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, - 'admin_password' => $admin_password, - 'admin_user' => $admin_user, - 'auth_host' => $auth_host, - 'auth_port' => $auth_port, - 'auth_protocol' => $auth_protocol, - 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, + $control_ifmap_user = "${ifmap_username}.control" + $control_ifmap_password = "${ifmap_username}.control" + $dns_ifmap_user = "${ifmap_username}.dns" + $dns_ifmap_password = "${ifmap_username}.dns" + + if $step >= 3 { + class {'::contrail::control': + secret => $secret, + control_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $control_ifmap_user, + 'user' => $control_ifmap_password, + }, }, - }, - } -> - class {'::contrail::control': - control_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, + dns_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + 'rndc_secret' => $secret, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $dns_ifmap_user, + 'user' => $dns_ifmap_password, + } }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - }, - }, - dns_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - } - }, - control_nodemgr_config => { - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + } + } + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + api_port => $api_port, + control_node_address => $host_ip, + control_node_name => $::hostname, + ibgp_auto_mesh => $ibgp_auto_mesh, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + router_asn => $router_asn, + } } } diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 58f2670..9786d8f 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -13,41 +13,154 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::network::contrail::control +# == Class: tripleo::network::contrail::database # -# Configure Contrail Control services +# Configure Contrail Database services # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Database node +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) VIP of Config API # String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_servers*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail_database_node_ips') # # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port') # +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*host_name*] +# (optional) host name of Database node +# String value. +# Defaults to $::hostname +# +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*zookeeper_client_ip*] +# (optional) Zookeeper listen address +# String (IPv4) value. +# Defaults to hiera('contrail::database::host_ip') +# +# [*zookeeper_hostnames*] +# (optional) Zookeeper hostname list +# Array of string value. +# Defaults to hiera('contrail_database_short_node_names') +# +# [*zookeeper_server_ips*] +# (optional) Zookeeper ip list +# Array of string (IPv4) values +# Defaults to hiera('contrail_database_node_ips') +# class tripleo::network::contrail::database( - $host_ip, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_servers = hiera('contrail_database_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::database::host_ip'), + $host_name = $::hostname, + $public_vip = hiera('public_virtual_ip'), + $zookeeper_client_ip = hiera('contrail::database::host_ip'), + $zookeeper_hostnames = hiera('contrail_database_short_node_names'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { - class {'::contrail::database': - database_nodemgr_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + if $step == 2 { + class {'::contrail::database': + database_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'zookeeper_client_ip' => $zookeeper_client_ip, + 'zookeeper_hostnames' => $zookeeper_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp new file mode 100644 index 0000000..c8998c9 --- /dev/null +++ b/manifests/network/contrail/heat.pp @@ -0,0 +1,86 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::heat +# +# Configure Contrail Heat plugin +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*use_ssl*] +# (optional) switch for ssl usage +# String value. +# Defaults to 'False' +# +class tripleo::network::contrail::heat( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = 8082, + $auth_host = hiera('contrail::auth_host'), + $use_ssl = 'False', +) +{ + + class {'::contrail::heat': + heat_config => { + 'clients_contrail' => { + 'api_base_url' => '/', + 'api_server' => $api_server, + 'api_port' => $api_port, + 'auth_host_ip' => $auth_host, + 'user' => $admin_user, + 'password' => $admin_password, + 'use_ssl' => $use_ssl, + }, + }, + } +} diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp new file mode 100644 index 0000000..a0d2b96 --- /dev/null +++ b/manifests/network/contrail/neutron_plugin.pp @@ -0,0 +1,231 @@ +# This class installs and configures Opencontrail Neutron Plugin. +# +# === Parameters +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*api_server_ip*] +# IP address of the API Server +# Defaults to $::os_service_default +# +# [*api_server_port*] +# Port of the API Server. +# Defaults to $::os_service_default +# +# [*contrail_extensions*] +# Array of OpenContrail extensions to be supported +# Defaults to $::os_service_default +# Example: +# +# class {'neutron::plugins::opencontrail' : +# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] +# } +# +# [*keystone_auth_url*] +# Url of the keystone auth server +# Defaults to $::os_service_default +# +# [*keystone_admin_user*] +# Admin user name +# Defaults to $::os_service_default +# +# [*keystone_admin_tenant_name*] +# Admin_tenant_name +# Defaults to $::os_service_default +# +# [*keystone_admin_password*] +# Admin password +# Defaults to $::os_service_default +# +# [*keystone_admin_token*] +# Admin token +# Defaults to $::os_service_default +# +# [*package_ensure*] +# (optional) Ensure state for package. +# Defaults to 'present'. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the opencontrail config. +# Defaults to false. +# +class tripleo::network::contrail::neutron_plugin ( + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $purge_config = false, + $package_ensure = 'present', +) { + + include ::neutron::deps + include ::neutron::params + + validate_array($contrail_extensions) + + package { 'neutron-plugin-contrail': + ensure => $package_ensure, + name => $::neutron::params::opencontrail_plugin_package, + tag => ['neutron-package', 'openstack'], + } + package {'python-contrail': + ensure => installed, + } + + ensure_resource('file', '/etc/neutron/plugins/opencontrail', { + ensure => directory, + owner => 'root', + group => 'neutron', + mode => '0640'} + ) + + if $::osfamily == 'Debian' { + file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG': + path => '/etc/default/neutron-server', + match => '^NEUTRON_PLUGIN_CONFIG=(.*)$', + line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}", + tag => 'neutron-file-line', + } + } + + if $::osfamily == 'Redhat' { + file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::neutron::params::opencontrail_config_file, + require => Package[$::neutron::params::opencontrail_plugin_package], + tag => 'neutron-config-file', + } + $api_paste_config_file = '/usr/share/neutron/api-paste.ini' + } + ini_setting { 'filter:user_token': + ensure => present, + path => $api_paste_config_file, + section => 'filter:user_token', + setting => 'paste.filter_factory', + value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory', + } + ini_setting { 'composite:neutronapi_v2_0': + ensure => present, + path => $api_paste_config_file, + section => 'composite:neutronapi_v2_0', + setting => 'keystone', + value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0', + } + resources { 'neutron_plugin_opencontrail': + purge => $purge_config, + } + + exec { 'add neutron user to haproxy group': + command => '/usr/sbin/usermod -a -G haproxy neutron', + } + + if $auth_protocol == 'https' { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'KEYSTONE/cafile': value => $ca_file; + 'KEYSTONE/certfile': value => $cert_file; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/cafile': value => $ca_file; + 'keystone_authtoken/certfile': value => $cert_file; + } + } else { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port; + } + } +} diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp new file mode 100644 index 0000000..d1c6d0d --- /dev/null +++ b/manifests/network/contrail/provision.pp @@ -0,0 +1,96 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::provision +# +# Provisions Contrail Control and link local services +# +# == Parameters: +# +# [*host_ip*] +# (required) host IP address of Control +# String (IPv4) value. +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +class tripleo::network::contrail::provision( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $api_server = hiera('contrail_config_vip'), +) +{ + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + } + class {'::contrail::control::provision_linklocal': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + ipfabric_service_ip => $api_server, + } + } +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index 0b308a4..b621811 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -19,18 +19,6 @@ # # == Parameters: # -# [*contrail_analytics_vip*] -# (required) VIP of Contrail Analytics -# String (IPv4) value. -# -# [*contrail_config_vip*] -# (required) VIP of Contrail Config -# String (IPv4) value. -# -# [*neutron_vip*] -# (required) VIP of Neutron -# String (IPv4) value. -# # [*admin_password*] # (optional) admin password # String value. @@ -56,11 +44,46 @@ # String (IPv4) value. # Defaults to hiera('contrail::auth_host') # +# [*auth_port_public*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port_public') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_port_ssl_public*] +# (optional) keystone public ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl_public') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*contrail_analytics_vip*] +# (optional) VIP of Contrail Analytics +# String (IPv4) value. +# Defaults to hiera('contrail_analytics_vip') +# +# [*contrail_config_vip*] +# (optional) VIP of Contrail Config +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# # [*contrail_webui_http_port*] # (optional) Webui HTTP Port # Integer value. @@ -71,38 +94,55 @@ # Integer value. # Defaults to 8143 # +# [*neutron_vip*] +# (optional) VIP of Neutron +# String (IPv4) value. +# Defaults to hiera('neutron_api_vip') +# # [*redis_ip*] # (optional) IP of Redis # String (IPv4) value. # Defaults to '127.0.0.1' # class tripleo::network::contrail::webui( - $contrail_analytics_vip, - $contrail_config_vip, - $neutron_vip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $contrail_webui_http_port = 8080, - $contrail_webui_https_port = 8143, - $redis_ip = '127.0.0.1', + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_public = hiera('contrail::auth_port_public'), + $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $cert_file = hiera('contrail::cert_file'), + $contrail_analytics_vip = hiera('contrail_analytics_vip'), + $contrail_config_vip = hiera('contrail_config_vip'), + $contrail_webui_http_port = hiera('contrail::webui::http_port'), + $contrail_webui_https_port = hiera('contrail::webui::https_port'), + $neutron_vip = hiera('neutron_api_vip'), + $redis_ip = hiera('contrail::webui::redis_ip'), ) { + if $auth_protocol == 'https' { + $auth_port = $auth_port_ssl_public + } else { + $auth_port = $auth_port_public + } class {'::contrail::webui': - openstack_vip => $auth_host, - contrail_config_vip => $contrail_config_vip, - contrail_analytics_vip => $contrail_analytics_vip, - neutron_vip => $neutron_vip, - cassandra_ip => $cassandra_server_list, - redis_ip => $redis_ip, - contrail_webui_http_port => $contrail_webui_http_port, - contrail_webui_https_port => $contrail_webui_https_port, admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + cassandra_ip => $cassandra_server_list, + cert_file => $cert_file, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + neutron_vip => $neutron_vip, + openstack_vip => $auth_host, + redis_ip => $redis_ip, } } |