diff options
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/haproxy.pp | 80 | ||||
| -rw-r--r-- | manifests/network/contrail/analytics.pp | 331 | ||||
| -rw-r--r-- | manifests/network/contrail/analyticsdatabase.pp | 202 | ||||
| -rw-r--r-- | manifests/network/contrail/config.pp | 397 | ||||
| -rw-r--r-- | manifests/network/contrail/control.pp | 197 | ||||
| -rw-r--r-- | manifests/network/contrail/database.pp | 149 | ||||
| -rw-r--r-- | manifests/network/contrail/heat.pp | 86 | ||||
| -rw-r--r-- | manifests/network/contrail/neutron_plugin.pp | 231 | ||||
| -rw-r--r-- | manifests/network/contrail/provision.pp | 96 | ||||
| -rw-r--r-- | manifests/network/contrail/vrouter.pp | 302 | ||||
| -rw-r--r-- | manifests/network/contrail/webui.pp | 104 |
11 files changed, 1857 insertions, 318 deletions
diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index f34c58f..e1c44ee 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -519,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -616,6 +641,14 @@ class tripleo::haproxy ( cinder_api_ssl_port => 13776, congress_api_port => 1789, congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, @@ -1561,5 +1594,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 4359a43..e34c7e6 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -43,6 +43,21 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*analytics_aaa_mode*] +# (optional) analytics aaa mode parameter +# String value. +# Defaults to hiera('contrail::analytics_aaa_mode') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -53,11 +68,26 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # String value. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. @@ -76,7 +106,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -103,6 +133,31 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # +# [*public_vip*] +# (optional) Public virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*rabbit_server*] +# (optional) IPv4 addresses of rabbit server. +# Array of String (IPv4) value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) Rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) Rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) port of rabbit server +# String value. +# Defaults to hiera('contrail::rabbit_port') +# # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. @@ -123,123 +178,209 @@ # Integer value. # Defaults to 8081 # +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. # Defaults to hiera('contrail::zk_server_ip') # class tripleo::network::contrail::analytics( - $host_ip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $collector_http_server_port = 8089, - $collector_sandesh_port = 8086, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $http_server_port = 8090, - $insecure = hiera('contrail::insecure'), - $kafka_broker_list = hiera('contrail::kafka_broker_list'), - $memcached_servers = hiera('contrail::memcached_server'), - $redis_server = '127.0.0.1', - $redis_server_port = 6379, - $rest_api_ip = '0.0.0.0', - $rest_api_port = 8081, - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), + $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), + $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = hiera('contrail::analytics::http_server_port'), + $host_ip = hiera('contrail::analytics::host_ip'), + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::analytics::redis_server'), + $redis_server_port = hiera('contrail::analytics::redis_server_port'), + $rest_api_ip = hiera('contrail::analytics::rest_api_ip'), + $rest_api_port = hiera('contrail::analytics::rest_api_port'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { + $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') + $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $redis_config = "bind ${host_ip} 127.0.0.1" + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') + $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port, + 'auth_port' => $auth_port_ssl, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, - }, - }, - } -> - class {'::contrail::analytics': - analytics_api_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'host_ip' => $host_ip, - 'http_server_port' => $http_server_port, - 'redis_server' => $redis_server, - 'rest_api_ip' => $rest_api_ip, - 'rest_api_port' => $rest_api_port, - }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, - }, - 'REDIS' => { - 'redis_server_port' => $redis_server_port, - 'redis_query_port' => $redis_server_port, - 'server' => $redis_server, - }, - }, - collector_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'hostip' => $host_ip, - 'http_server_port' => $collector_http_server_port, - 'kafka_broker_list' => $kafka_broker_list, - 'zookeeper_server_list' => $zk_server_ip, - }, - 'COLLECTOR' => { - 'port' => $collector_sandesh_port, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + } + } else { + $keystone_config = { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + } + } + if $step >= 3 { + class {'::contrail::analytics': + alarm_gen_config => { + 'DEFAULTS' => { + 'host_ip' => $host_ip, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'rabbitmq_server_list' => $rabbit_server_list_5672, + 'rabbitmq_user' => $rabbit_user, + 'rabbitmq_password' => $rabbit_password, + 'zk_list' => $zk_server_ip_2181, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - query_engine_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'hostip' => $host_ip, + analytics_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + analytics_api_config => { + 'DEFAULTS' => { + 'api_server' => "${api_server}:${api_port}", + 'aaa_mode' => $analytics_aaa_mode, + 'cassandra_server_list' => $cassandra_server_list_9042, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + 'KEYSTONE' => $keystone_config, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + collector_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'zookeeper_server_list' => $zk_server_ip_2181_comma, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - }, - snmp_collector_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + query_engine_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + snmp_collector_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - topology_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + redis_config => $redis_config, + topology_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + vnc_api_lib_config => $vnc_api_lib_config, + keystone_config => { + 'KEYSTONE' => $keystone_config, }, - }, + } + } + if $step >= 5 { + class {'::contrail::analytics::provision_analytics': + api_address => $api_server, + api_port => $api_port, + analytics_node_address => $host_ip, + analytics_node_name => $::fqdn, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp new file mode 100644 index 0000000..88b0327 --- /dev/null +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -0,0 +1,202 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analyticsdatabase +# +# Configure Contrail Analytics Database services +# +# == Parameters: +# +# [*auth_host*] +# (optional) IPv4 VIP of Keystone +# String (IPv4) value +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*api_server*] +# (optional) IPv4 VIP of Contrail Config API +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Contrail Config API +# String value +# Defaults to hiera('contrail::api_port') +# +# [*admin_password*] +# (optional) Keystone Admin password +# String value +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) Keystone Admin tenant name +# String value +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) Keystone Admin token +# String value +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) Keystone Admin user +# String value +# Defaults to hiera('contrail::admin_user') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cassandra_servers*] +# (optional) List of analytics cassandra servers +# List (IPv4) value +# Defaults to hiera('contrail_analytics_database_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 VIP of Contrail Discovery +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) host IP address of Database node +# String (IPv4) value. +# Defaults to hiera('contrail::analytics::database::host_ip') +# +# [*host_name*] +# (optional) host name of database node +# String value +# Defaults to $::hostname +# +# [*kafka_hostnames*] +# (optional) list of kafka server hostnames +# List value +# Defaults to hiera('contrail_analytics_database_short_node_names', '') +# +# [*public_vip*] +# (optional) Public VIP +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) step in the stack +# String value +# Defaults to hiera('step') +# +# [*zookeeper_server_ips*] +# (optional) list of zookeeper server IPs +# List value +# Defaults to hiera('contrail_database_node_ips') +# +class tripleo::network::contrail::analyticsdatabase( + $step = hiera('step'), + $auth_host = hiera('contrail::auth_host'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_servers = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::analytics::database::host_ip'), + $host_name = $::hostname, + $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), + $public_vip = hiera('public_virtual_ip'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), +) +{ + if $auth_protocol == 'https' { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $step == 2 { + class {'::contrail::analyticsdatabase': + analyticsdatabase_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'kafka_hostnames' => $kafka_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 2e50108..e9c7a9e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -19,19 +19,6 @@ # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Control -# String (IPv4) value. -# -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_username*] -# (optional) ifmap username -# String value. -# Defaults to hiera('contrail::ifmap_username'), -# # [*admin_password*] # (optional) admin password # String value. @@ -42,16 +29,21 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # -# [*admin_token*] -# (optional) admin token -# String value. -# Defaults to hiera('contrail::admin_token'), -# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user'), # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -68,13 +60,33 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip'), +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port'), # +# [*host_ip*] +# (optional) IP address of host +# String (IPv4) value. +# Defaults to hiera('contrail::control::host_ip') +# +# [*ibgp_auto_mesh*] +# (optional) iBPG auto mesh +# String value. +# Defaults to true +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::ifmap_password'), +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure'), @@ -84,70 +96,103 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # +# [*public_vip*] +# (optional) Public Virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*router_asn*] +# (optional) Autonomus System Number +# String value +# Defaults to hiera('contrail::control::asn') +# +# [*secret*] +# (optional) RNDC secret for named +# String value +# Defaults to hiera('contrail::control::rndc_secret') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# class tripleo::network::contrail::control( - $host_ip, - $ifmap_password, - $ifmap_username, - $admin_password = hiera('contrail::admin_password'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $insecure = hiera('contrail::insecure'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::control::host_ip'), + $ibgp_auto_mesh = true, + $ifmap_password = hiera('contrail::control::host_ip'), + $ifmap_username = hiera('contrail::control::host_ip'), + $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $router_asn = hiera('contrail::control::asn'), + $secret = hiera('contrail::control::rndc_secret'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { - 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, - 'admin_password' => $admin_password, - 'admin_user' => $admin_user, - 'auth_host' => $auth_host, - 'auth_port' => $auth_port, - 'auth_protocol' => $auth_protocol, - 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, + $control_ifmap_user = "${ifmap_username}.control" + $control_ifmap_password = "${ifmap_username}.control" + $dns_ifmap_user = "${ifmap_username}.dns" + $dns_ifmap_password = "${ifmap_username}.dns" + + if $step >= 3 { + class {'::contrail::control': + secret => $secret, + control_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $control_ifmap_user, + 'user' => $control_ifmap_password, + }, }, - }, - } -> - class {'::contrail::control': - control_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, + dns_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + 'rndc_secret' => $secret, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $dns_ifmap_user, + 'user' => $dns_ifmap_password, + } }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - }, - }, - dns_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - } - }, - control_nodemgr_config => { - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + } + } + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + api_port => $api_port, + control_node_address => $host_ip, + control_node_name => $::hostname, + ibgp_auto_mesh => $ibgp_auto_mesh, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + router_asn => $router_asn, + } } } diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 58f2670..9786d8f 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -13,41 +13,154 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::network::contrail::control +# == Class: tripleo::network::contrail::database # -# Configure Contrail Control services +# Configure Contrail Database services # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Database node +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) VIP of Config API # String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_servers*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail_database_node_ips') # # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port') # +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*host_name*] +# (optional) host name of Database node +# String value. +# Defaults to $::hostname +# +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*zookeeper_client_ip*] +# (optional) Zookeeper listen address +# String (IPv4) value. +# Defaults to hiera('contrail::database::host_ip') +# +# [*zookeeper_hostnames*] +# (optional) Zookeeper hostname list +# Array of string value. +# Defaults to hiera('contrail_database_short_node_names') +# +# [*zookeeper_server_ips*] +# (optional) Zookeeper ip list +# Array of string (IPv4) values +# Defaults to hiera('contrail_database_node_ips') +# class tripleo::network::contrail::database( - $host_ip, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_servers = hiera('contrail_database_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::database::host_ip'), + $host_name = $::hostname, + $public_vip = hiera('public_virtual_ip'), + $zookeeper_client_ip = hiera('contrail::database::host_ip'), + $zookeeper_hostnames = hiera('contrail_database_short_node_names'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { - class {'::contrail::database': - database_nodemgr_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + if $step == 2 { + class {'::contrail::database': + database_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'zookeeper_client_ip' => $zookeeper_client_ip, + 'zookeeper_hostnames' => $zookeeper_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp new file mode 100644 index 0000000..c8998c9 --- /dev/null +++ b/manifests/network/contrail/heat.pp @@ -0,0 +1,86 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::heat +# +# Configure Contrail Heat plugin +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*use_ssl*] +# (optional) switch for ssl usage +# String value. +# Defaults to 'False' +# +class tripleo::network::contrail::heat( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = 8082, + $auth_host = hiera('contrail::auth_host'), + $use_ssl = 'False', +) +{ + + class {'::contrail::heat': + heat_config => { + 'clients_contrail' => { + 'api_base_url' => '/', + 'api_server' => $api_server, + 'api_port' => $api_port, + 'auth_host_ip' => $auth_host, + 'user' => $admin_user, + 'password' => $admin_password, + 'use_ssl' => $use_ssl, + }, + }, + } +} diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp new file mode 100644 index 0000000..a0d2b96 --- /dev/null +++ b/manifests/network/contrail/neutron_plugin.pp @@ -0,0 +1,231 @@ +# This class installs and configures Opencontrail Neutron Plugin. +# +# === Parameters +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*api_server_ip*] +# IP address of the API Server +# Defaults to $::os_service_default +# +# [*api_server_port*] +# Port of the API Server. +# Defaults to $::os_service_default +# +# [*contrail_extensions*] +# Array of OpenContrail extensions to be supported +# Defaults to $::os_service_default +# Example: +# +# class {'neutron::plugins::opencontrail' : +# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] +# } +# +# [*keystone_auth_url*] +# Url of the keystone auth server +# Defaults to $::os_service_default +# +# [*keystone_admin_user*] +# Admin user name +# Defaults to $::os_service_default +# +# [*keystone_admin_tenant_name*] +# Admin_tenant_name +# Defaults to $::os_service_default +# +# [*keystone_admin_password*] +# Admin password +# Defaults to $::os_service_default +# +# [*keystone_admin_token*] +# Admin token +# Defaults to $::os_service_default +# +# [*package_ensure*] +# (optional) Ensure state for package. +# Defaults to 'present'. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the opencontrail config. +# Defaults to false. +# +class tripleo::network::contrail::neutron_plugin ( + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $purge_config = false, + $package_ensure = 'present', +) { + + include ::neutron::deps + include ::neutron::params + + validate_array($contrail_extensions) + + package { 'neutron-plugin-contrail': + ensure => $package_ensure, + name => $::neutron::params::opencontrail_plugin_package, + tag => ['neutron-package', 'openstack'], + } + package {'python-contrail': + ensure => installed, + } + + ensure_resource('file', '/etc/neutron/plugins/opencontrail', { + ensure => directory, + owner => 'root', + group => 'neutron', + mode => '0640'} + ) + + if $::osfamily == 'Debian' { + file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG': + path => '/etc/default/neutron-server', + match => '^NEUTRON_PLUGIN_CONFIG=(.*)$', + line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}", + tag => 'neutron-file-line', + } + } + + if $::osfamily == 'Redhat' { + file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::neutron::params::opencontrail_config_file, + require => Package[$::neutron::params::opencontrail_plugin_package], + tag => 'neutron-config-file', + } + $api_paste_config_file = '/usr/share/neutron/api-paste.ini' + } + ini_setting { 'filter:user_token': + ensure => present, + path => $api_paste_config_file, + section => 'filter:user_token', + setting => 'paste.filter_factory', + value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory', + } + ini_setting { 'composite:neutronapi_v2_0': + ensure => present, + path => $api_paste_config_file, + section => 'composite:neutronapi_v2_0', + setting => 'keystone', + value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0', + } + resources { 'neutron_plugin_opencontrail': + purge => $purge_config, + } + + exec { 'add neutron user to haproxy group': + command => '/usr/sbin/usermod -a -G haproxy neutron', + } + + if $auth_protocol == 'https' { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'KEYSTONE/cafile': value => $ca_file; + 'KEYSTONE/certfile': value => $cert_file; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/cafile': value => $ca_file; + 'keystone_authtoken/certfile': value => $cert_file; + } + } else { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port; + } + } +} diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp new file mode 100644 index 0000000..d1c6d0d --- /dev/null +++ b/manifests/network/contrail/provision.pp @@ -0,0 +1,96 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::provision +# +# Provisions Contrail Control and link local services +# +# == Parameters: +# +# [*host_ip*] +# (required) host IP address of Control +# String (IPv4) value. +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +class tripleo::network::contrail::provision( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $api_server = hiera('contrail_config_vip'), +) +{ + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + } + class {'::contrail::control::provision_linklocal': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + ipfabric_service_ip => $api_server, + } + } +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index 0b308a4..b621811 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -19,18 +19,6 @@ # # == Parameters: # -# [*contrail_analytics_vip*] -# (required) VIP of Contrail Analytics -# String (IPv4) value. -# -# [*contrail_config_vip*] -# (required) VIP of Contrail Config -# String (IPv4) value. -# -# [*neutron_vip*] -# (required) VIP of Neutron -# String (IPv4) value. -# # [*admin_password*] # (optional) admin password # String value. @@ -56,11 +44,46 @@ # String (IPv4) value. # Defaults to hiera('contrail::auth_host') # +# [*auth_port_public*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port_public') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_port_ssl_public*] +# (optional) keystone public ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl_public') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*contrail_analytics_vip*] +# (optional) VIP of Contrail Analytics +# String (IPv4) value. +# Defaults to hiera('contrail_analytics_vip') +# +# [*contrail_config_vip*] +# (optional) VIP of Contrail Config +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# # [*contrail_webui_http_port*] # (optional) Webui HTTP Port # Integer value. @@ -71,38 +94,55 @@ # Integer value. # Defaults to 8143 # +# [*neutron_vip*] +# (optional) VIP of Neutron +# String (IPv4) value. +# Defaults to hiera('neutron_api_vip') +# # [*redis_ip*] # (optional) IP of Redis # String (IPv4) value. # Defaults to '127.0.0.1' # class tripleo::network::contrail::webui( - $contrail_analytics_vip, - $contrail_config_vip, - $neutron_vip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $contrail_webui_http_port = 8080, - $contrail_webui_https_port = 8143, - $redis_ip = '127.0.0.1', + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_public = hiera('contrail::auth_port_public'), + $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $cert_file = hiera('contrail::cert_file'), + $contrail_analytics_vip = hiera('contrail_analytics_vip'), + $contrail_config_vip = hiera('contrail_config_vip'), + $contrail_webui_http_port = hiera('contrail::webui::http_port'), + $contrail_webui_https_port = hiera('contrail::webui::https_port'), + $neutron_vip = hiera('neutron_api_vip'), + $redis_ip = hiera('contrail::webui::redis_ip'), ) { + if $auth_protocol == 'https' { + $auth_port = $auth_port_ssl_public + } else { + $auth_port = $auth_port_public + } class {'::contrail::webui': - openstack_vip => $auth_host, - contrail_config_vip => $contrail_config_vip, - contrail_analytics_vip => $contrail_analytics_vip, - neutron_vip => $neutron_vip, - cassandra_ip => $cassandra_server_list, - redis_ip => $redis_ip, - contrail_webui_http_port => $contrail_webui_http_port, - contrail_webui_https_port => $contrail_webui_https_port, admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + cassandra_ip => $cassandra_server_list, + cert_file => $cert_file, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + neutron_vip => $neutron_vip, + openstack_vip => $auth_host, + redis_ip => $redis_ip, } } |