diff options
Diffstat (limited to 'manifests')
28 files changed, 2280 insertions, 393 deletions
diff --git a/manifests/certmonger/mysql.pp b/manifests/certmonger/mysql.pp index 9cb6b13..dd9b184 100644 --- a/manifests/certmonger/mysql.pp +++ b/manifests/certmonger/mysql.pp @@ -45,7 +45,7 @@ class tripleo::certmonger::mysql ( include ::certmonger include ::mysql::params - $postsave_cmd = "systemctl reload ${::mysql::params::service_name}" + $postsave_cmd = "systemctl reload ${::mysql::params::server_service_name}" certmonger_certificate { 'mysql' : ensure => 'present', certfile => $service_certificate, @@ -69,6 +69,6 @@ class tripleo::certmonger::mysql ( require => Certmonger_certificate['mysql'], } - File[$service_certificate] ~> Service<| title == $::mysql::params::service_name |> - File[$service_key] ~> Service<| title == $::mysql::params::service_name |> + File[$service_certificate] ~> Service<| title == $::mysql::params::server_service_name |> + File[$service_key] ~> Service<| title == $::mysql::params::server_service_name |> } diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp index 7af7fbc..39120d9 100644 --- a/manifests/firewall/pre.pp +++ b/manifests/firewall/pre.pp @@ -54,4 +54,10 @@ class tripleo::firewall::pre( extras => $firewall_settings, } + tripleo::firewall::rule{ '004 accept ipv6 dhcpv6': + dport => '546', + proto => 'udp', + state => ['NEW'], + destination => 'fe80::/64', + } } diff --git a/manifests/haproxy.pp b/manifests/haproxy.pp index c399a96..e1c44ee 100644 --- a/manifests/haproxy.pp +++ b/manifests/haproxy.pp @@ -64,6 +64,26 @@ # Can be a string or an array. # Defaults to undef # +# [*contrail_config_hosts*] +# (optional) Specify the contrail config hosts ips. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config_hosts_names*] +# (optional) Specify the contrail config hosts. +# Defaults to hiera('contrail_config_node_ips') +# +# [*contrail_config*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_config_enabled') +# +# [*contrail_webui*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_webui_enabled') +# +# [*contrail_analytics*] +# (optional) Switch to check that contrail config is enabled. +# Defaults to hiera('contrail_analytics_enabled') +# # [*public_virtual_ip*] # Public IP or group of IPs to bind the pools # Can be a string or an array. @@ -143,6 +163,10 @@ # (optional) Enable or not Cinder API binding # Defaults to hiera('cinder_api_enabled', false) # +# [*congress*] +# (optional) Enable or not Congress API binding +# Defaults to hiera('congress_enabled', false) +# # [*manila*] # (optional) Enable or not Manila API binding # Defaults to hiera('manila_api_enabled', false) @@ -324,6 +348,10 @@ # (optional) Specify the network cinder is running on. # Defaults to hiera('cinder_api_network', undef) # +# [*congress_network*] +# (optional) Specify the network congress is running on. +# Defaults to hiera('congress_api_network', undef) +# # [*docker_registry_network*] # (optional) Specify the network docker-registry is running on. # Defaults to hiera('docker_registry_network', undef) @@ -511,6 +539,11 @@ class tripleo::haproxy ( $haproxy_stats_password = undef, $controller_hosts = hiera('controller_node_ips'), $controller_hosts_names = hiera('controller_node_names', undef), + $contrail_config_hosts = hiera('contrail_config_node_ips', undef), + $contrail_config_hosts_names = hiera('contrail_config_node_names', undef), + $contrail_analytics = hiera('contrail_analytics_enabled', false), + $contrail_config = hiera('contrail_config_enabled', false), + $contrail_webui = hiera('contrail_webui_enabled', false), $service_certificate = undef, $use_internal_certificates = false, $internal_certificates_specs = {}, @@ -523,6 +556,7 @@ class tripleo::haproxy ( $keystone_public = hiera('keystone_enabled', false), $neutron = hiera('neutron_api_enabled', false), $cinder = hiera('cinder_api_enabled', false), + $congress = hiera('congress_enabled', false), $manila = hiera('manila_api_enabled', false), $sahara = hiera('sahara_api_enabled', false), $tacker = hiera('tacker_enabled', false), @@ -567,6 +601,7 @@ class tripleo::haproxy ( $ceilometer_network = hiera('ceilometer_api_network', undef), $ceph_rgw_network = hiera('ceph_rgw_network', undef), $cinder_network = hiera('cinder_api_network', undef), + $congress_network = hiera('congress_api_network', undef), $docker_registry_network = hiera('docker_registry_network', undef), $glance_api_network = hiera('glance_api_network', undef), $gnocchi_network = hiera('gnocchi_api_network', undef), @@ -604,6 +639,16 @@ class tripleo::haproxy ( ceilometer_api_ssl_port => 13777, cinder_api_port => 8776, cinder_api_ssl_port => 13776, + congress_api_port => 1789, + congress_api_ssl_port => 13789, + contrail_config_port => 8082, + contrail_config_ssl_port => 18082, + contrail_discovery_port => 5998, + contrail_discovery_ssl_port => 15998, + contrail_analytics_port => 8090, + contrail_analytics_ssl_port => 18090, + contrail_webui_http_port => 8080, + contrail_webui_https_port => 8143, docker_registry_port => 8787, docker_registry_ssl_port => 13787, glance_api_port => 9292, @@ -863,6 +908,7 @@ class tripleo::haproxy ( }, public_ssl_port => $ports[neutron_api_ssl_port], service_network => $neutron_network, + member_options => union($haproxy_member_options, $internal_tls_member_options), } } @@ -885,6 +931,24 @@ class tripleo::haproxy ( } } + if $congress { + ::tripleo::haproxy::endpoint { 'congress': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('congress_api_vip', $controller_virtual_ip), + service_port => $ports[congress_api_port], + ip_addresses => hiera('congress_node_ips', $controller_hosts_real), + server_names => hiera('congress_api_node_names', $controller_hosts_names_real), + mode => 'http', + listen_options => { + 'http-request' => [ + 'set-header X-Forwarded-Proto https if { ssl_fc }', + 'set-header X-Forwarded-Proto http if !{ ssl_fc }'], + }, + public_ssl_port => $ports[congress_api_ssl_port], + service_network => $congress_network, + } + } + if $manila { ::tripleo::haproxy::endpoint { 'manila': public_virtual_ip => $public_virtual_ip, @@ -1530,5 +1594,50 @@ class tripleo::haproxy ( public_ssl_port => $ports[ui_ssl_port], } } - + if $contrail_config { + ::tripleo::haproxy::endpoint { 'contrail_config': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_config_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_config_ssl_port], + } + ::tripleo::haproxy::endpoint { 'contrail_discovery': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_config_vip', $controller_virtual_ip), + service_port => $ports[contrail_discovery_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_discovery_ssl_port], + } + } + if $contrail_analytics { + ::tripleo::haproxy::endpoint { 'contrail_analytics': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_analytics_vip', $controller_virtual_ip), + service_port => $ports[contrail_analytics_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_analytics_ssl_port], + } + } + if $contrail_webui { + ::tripleo::haproxy::endpoint { 'contrail_webui_http': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_http_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_http_port], + } + ::tripleo::haproxy::endpoint { 'contrail_webui_https': + public_virtual_ip => $public_virtual_ip, + internal_ip => hiera('contrail_webui_vip', $controller_virtual_ip), + service_port => $ports[contrail_webui_https_port], + ip_addresses => hiera('contrail_config_node_ips'), + server_names => hiera('contrail_config_node_ips'), + public_ssl_port => $ports[contrail_webui_https_port], + } + } } diff --git a/manifests/host/sriov/numvfs_persistence.pp b/manifests/host/sriov/numvfs_persistence.pp index ec8c875..4c6af83 100644 --- a/manifests/host/sriov/numvfs_persistence.pp +++ b/manifests/host/sriov/numvfs_persistence.pp @@ -4,7 +4,7 @@ # === Parameters: # # [*vf_defs*] -# (required) Array of of <physical_interface>:<numvfs>. +# (required) Array of <physical_interface>:<numvfs>. # Example: ['eth1:10','eth2:8'] # # [*content_string*] diff --git a/manifests/keepalived.pp b/manifests/keepalived.pp index 0e9262d..a6d5832 100644 --- a/manifests/keepalived.pp +++ b/manifests/keepalived.pp @@ -113,10 +113,15 @@ class tripleo::keepalived ( if $internal_api_virtual_ip and $internal_api_virtual_ip != $controller_virtual_ip { $internal_api_virtual_interface = interface_for_ip($internal_api_virtual_ip) + if is_ipv6_address($internal_api_virtual_ip) { + $internal_api_virtual_netmask = '64' + } else { + $internal_api_virtual_netmask = '32' + } # KEEPALIVE INTERNAL API NETWORK keepalived::instance { '53': interface => $internal_api_virtual_interface, - virtual_ips => [join([$internal_api_virtual_ip, ' dev ', $internal_api_virtual_interface])], + virtual_ips => [join(["${internal_api_virtual_ip}/${internal_api_virtual_netmask}", ' dev ', $internal_api_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -125,10 +130,15 @@ class tripleo::keepalived ( if $storage_virtual_ip and $storage_virtual_ip != $controller_virtual_ip { $storage_virtual_interface = interface_for_ip($storage_virtual_ip) + if is_ipv6_address($storage_virtual_ip) { + $storage_virtual_netmask = '64' + } else { + $storage_virtual_netmask = '32' + } # KEEPALIVE STORAGE NETWORK keepalived::instance { '54': interface => $storage_virtual_interface, - virtual_ips => [join([$storage_virtual_ip, ' dev ', $storage_virtual_interface])], + virtual_ips => [join(["${storage_virtual_ip}/${storage_virtual_netmask}", ' dev ', $storage_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -137,10 +147,15 @@ class tripleo::keepalived ( if $storage_mgmt_virtual_ip and $storage_mgmt_virtual_ip != $controller_virtual_ip { $storage_mgmt_virtual_interface = interface_for_ip($storage_mgmt_virtual_ip) + if is_ipv6_address($storage_mgmt_virtual_ip) { + $storage_mgmt_virtual_netmask = '64' + } else { + $storage_mgmt_virtual_netmask = '32' + } # KEEPALIVE STORAGE MANAGEMENT NETWORK keepalived::instance { '55': interface => $storage_mgmt_virtual_interface, - virtual_ips => [join([$storage_mgmt_virtual_ip, ' dev ', $storage_mgmt_virtual_interface])], + virtual_ips => [join(["${storage_mgmt_virtual_ip}/${storage_mgmt_virtual_netmask}", ' dev ', $storage_mgmt_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, @@ -149,10 +164,15 @@ class tripleo::keepalived ( if $redis_virtual_ip and $redis_virtual_ip != $controller_virtual_ip { $redis_virtual_interface = interface_for_ip($redis_virtual_ip) + if is_ipv6_address($redis_virtual_ip) { + $redis_virtual_netmask = '64' + } else { + $redis_virtual_netmask = '32' + } # KEEPALIVE STORAGE MANAGEMENT NETWORK keepalived::instance { '56': interface => $redis_virtual_interface, - virtual_ips => [join([$redis_virtual_ip, ' dev ', $redis_virtual_interface])], + virtual_ips => [join(["${redis_virtual_ip}/${redis_virtual_netmask}", ' dev ', $redis_virtual_interface])], state => 'MASTER', track_script => ['haproxy'], priority => 101, diff --git a/manifests/network/contrail/analytics.pp b/manifests/network/contrail/analytics.pp index 4359a43..e34c7e6 100644 --- a/manifests/network/contrail/analytics.pp +++ b/manifests/network/contrail/analytics.pp @@ -43,6 +43,21 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*analytics_aaa_mode*] +# (optional) analytics aaa mode parameter +# String value. +# Defaults to hiera('contrail::analytics_aaa_mode') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -53,11 +68,26 @@ # Integer value. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # String value. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. @@ -76,7 +106,7 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. @@ -103,6 +133,31 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # +# [*public_vip*] +# (optional) Public virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*rabbit_server*] +# (optional) IPv4 addresses of rabbit server. +# Array of String (IPv4) value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) Rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) Rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) port of rabbit server +# String value. +# Defaults to hiera('contrail::rabbit_port') +# # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. @@ -123,123 +178,209 @@ # Integer value. # Defaults to 8081 # +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. # Defaults to hiera('contrail::zk_server_ip') # class tripleo::network::contrail::analytics( - $host_ip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $collector_http_server_port = 8089, - $collector_sandesh_port = 8086, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $http_server_port = 8090, - $insecure = hiera('contrail::insecure'), - $kafka_broker_list = hiera('contrail::kafka_broker_list'), - $memcached_servers = hiera('contrail::memcached_server'), - $redis_server = '127.0.0.1', - $redis_server_port = 6379, - $rest_api_ip = '0.0.0.0', - $rest_api_port = 8081, - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $analytics_aaa_mode = hiera('contrail::analytics_aaa_mode'), + $cassandra_server_list = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $collector_http_server_port = hiera('contrail::analytics::collector_http_server_port'), + $collector_sandesh_port = hiera('contrail::analytics::collector_sandesh_port'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $http_server_port = hiera('contrail::analytics::http_server_port'), + $host_ip = hiera('contrail::analytics::host_ip'), + $insecure = hiera('contrail::insecure'), + $kafka_broker_list = hiera('contrail_analytics_database_node_ips'), + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::analytics::redis_server'), + $redis_server_port = hiera('contrail::analytics::redis_server_port'), + $rest_api_ip = hiera('contrail::analytics::rest_api_ip'), + $rest_api_port = hiera('contrail::analytics::rest_api_port'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { + $cassandra_server_list_9042 = join([join($cassandra_server_list, ':9042 '),':9042'],'') + $kafka_broker_list_9092 = join([join($kafka_broker_list, ':9092 '),':9092'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ":${rabbit_port},"),":${rabbit_port}"],'') + $redis_config = "bind ${host_ip} 127.0.0.1" + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181 '),':2181'],'') + $zk_server_ip_2181_comma = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, 'admin_user' => $admin_user, 'auth_host' => $auth_host, - 'auth_port' => $auth_port, + 'auth_port' => $auth_port_ssl, 'auth_protocol' => $auth_protocol, 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, - }, - }, - } -> - class {'::contrail::analytics': - analytics_api_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'host_ip' => $host_ip, - 'http_server_port' => $http_server_port, - 'redis_server' => $redis_server, - 'rest_api_ip' => $rest_api_ip, - 'rest_api_port' => $rest_api_port, - }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, - }, - 'REDIS' => { - 'redis_server_port' => $redis_server_port, - 'redis_query_port' => $redis_server_port, - 'server' => $redis_server, - }, - }, - collector_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'hostip' => $host_ip, - 'http_server_port' => $collector_http_server_port, - 'kafka_broker_list' => $kafka_broker_list, - 'zookeeper_server_list' => $zk_server_ip, - }, - 'COLLECTOR' => { - 'port' => $collector_sandesh_port, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + } + } else { + $keystone_config = { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + } + } + if $step >= 3 { + class {'::contrail::analytics': + alarm_gen_config => { + 'DEFAULTS' => { + 'host_ip' => $host_ip, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'rabbitmq_server_list' => $rabbit_server_list_5672, + 'rabbitmq_user' => $rabbit_user, + 'rabbitmq_password' => $rabbit_password, + 'zk_list' => $zk_server_ip_2181, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - query_engine_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'hostip' => $host_ip, + analytics_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + analytics_api_config => { + 'DEFAULTS' => { + 'api_server' => "${api_server}:${api_port}", + 'aaa_mode' => $analytics_aaa_mode, + 'cassandra_server_list' => $cassandra_server_list_9042, + 'host_ip' => $host_ip, + 'http_server_port' => $http_server_port, + 'rest_api_ip' => $rest_api_ip, + 'rest_api_port' => $rest_api_port, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, + 'REDIS' => { + 'redis_server_port' => $redis_server_port, + 'redis_query_port' => $redis_server_port, + 'server' => $redis_server, + }, + 'KEYSTONE' => $keystone_config, }, - 'REDIS' => { - 'port' => $redis_server_port, - 'server' => $redis_server, + collector_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + 'http_server_port' => $collector_http_server_port, + 'kafka_broker_list' => $kafka_broker_list_9092, + 'zookeeper_server_list' => $zk_server_ip_2181_comma, + }, + 'COLLECTOR' => { + 'port' => $collector_sandesh_port, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - }, - snmp_collector_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + query_engine_config => { + 'DEFAULT' => { + 'cassandra_server_list' => $cassandra_server_list_9042, + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'REDIS' => { + 'port' => $redis_server_port, + 'server' => $redis_server, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + snmp_collector_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - }, - topology_config => { - 'DEFAULTS' => { - 'zk_server_ip' => $zk_server_ip, + redis_config => $redis_config, + topology_config => { + 'DEFAULTS' => { + 'zookeeper' => $zk_server_ip_2181_comma, + }, + 'DISCOVERY' => { + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + }, }, - 'DISCOVERY' => { - 'disc_server_ip' => $disc_server_ip, - 'disc_server_port' => $disc_server_port, + vnc_api_lib_config => $vnc_api_lib_config, + keystone_config => { + 'KEYSTONE' => $keystone_config, }, - }, + } + } + if $step >= 5 { + class {'::contrail::analytics::provision_analytics': + api_address => $api_server, + api_port => $api_port, + analytics_node_address => $host_ip, + analytics_node_name => $::fqdn, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/analyticsdatabase.pp b/manifests/network/contrail/analyticsdatabase.pp new file mode 100644 index 0000000..88b0327 --- /dev/null +++ b/manifests/network/contrail/analyticsdatabase.pp @@ -0,0 +1,202 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::analyticsdatabase +# +# Configure Contrail Analytics Database services +# +# == Parameters: +# +# [*auth_host*] +# (optional) IPv4 VIP of Keystone +# String (IPv4) value +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*api_server*] +# (optional) IPv4 VIP of Contrail Config API +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Contrail Config API +# String value +# Defaults to hiera('contrail::api_port') +# +# [*admin_password*] +# (optional) Keystone Admin password +# String value +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) Keystone Admin tenant name +# String value +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) Keystone Admin token +# String value +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) Keystone Admin user +# String value +# Defaults to hiera('contrail::admin_user') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cassandra_servers*] +# (optional) List of analytics cassandra servers +# List (IPv4) value +# Defaults to hiera('contrail_analytics_database_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 VIP of Contrail Discovery +# String (IPv4) value +# Defaults to hiera('contrail_config_vip') +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) host IP address of Database node +# String (IPv4) value. +# Defaults to hiera('contrail::analytics::database::host_ip') +# +# [*host_name*] +# (optional) host name of database node +# String value +# Defaults to $::hostname +# +# [*kafka_hostnames*] +# (optional) list of kafka server hostnames +# List value +# Defaults to hiera('contrail_analytics_database_short_node_names', '') +# +# [*public_vip*] +# (optional) Public VIP +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) step in the stack +# String value +# Defaults to hiera('step') +# +# [*zookeeper_server_ips*] +# (optional) list of zookeeper server IPs +# List value +# Defaults to hiera('contrail_database_node_ips') +# +class tripleo::network::contrail::analyticsdatabase( + $step = hiera('step'), + $auth_host = hiera('contrail::auth_host'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_servers = hiera('contrail_analytics_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::analytics::database::host_ip'), + $host_name = $::hostname, + $kafka_hostnames = hiera('contrail_analytics_database_short_node_names', ''), + $public_vip = hiera('public_virtual_ip'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), +) +{ + if $auth_protocol == 'https' { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $step == 2 { + class {'::contrail::analyticsdatabase': + analyticsdatabase_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'kafka_hostnames' => $kafka_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + } +} diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } diff --git a/manifests/network/contrail/control.pp b/manifests/network/contrail/control.pp index 2e50108..e9c7a9e 100644 --- a/manifests/network/contrail/control.pp +++ b/manifests/network/contrail/control.pp @@ -19,19 +19,6 @@ # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Control -# String (IPv4) value. -# -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_username*] -# (optional) ifmap username -# String value. -# Defaults to hiera('contrail::ifmap_username'), -# # [*admin_password*] # (optional) admin password # String value. @@ -42,16 +29,21 @@ # String value. # Defaults to hiera('contrail::admin_tenant_name'), # -# [*admin_token*] -# (optional) admin token -# String value. -# Defaults to hiera('contrail::admin_token'), -# # [*admin_user*] # (optional) admin user name. # String value. # Defaults to hiera('contrail::admin_user'), # +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth_host*] # (optional) keystone server ip address # String (IPv4) value. @@ -68,13 +60,33 @@ # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip'), +# Defaults to hiera('contrail_config_vip') # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port'), # +# [*host_ip*] +# (optional) IP address of host +# String (IPv4) value. +# Defaults to hiera('contrail::control::host_ip') +# +# [*ibgp_auto_mesh*] +# (optional) iBPG auto mesh +# String value. +# Defaults to true +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::ifmap_password'), +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::ifmap_username'), +# # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure'), @@ -84,70 +96,103 @@ # String (IPv4) value + port # Defaults to hiera('contrail::memcached_servers'), # +# [*public_vip*] +# (optional) Public Virtual IP address +# String (IPv4) value +# Defaults to hiera('public_virtual_ip') +# +# [*router_asn*] +# (optional) Autonomus System Number +# String value +# Defaults to hiera('contrail::control::asn') +# +# [*secret*] +# (optional) RNDC secret for named +# String value +# Defaults to hiera('contrail::control::rndc_secret') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# class tripleo::network::contrail::control( - $host_ip, - $ifmap_password, - $ifmap_username, - $admin_password = hiera('contrail::admin_password'), + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), - $insecure = hiera('contrail::insecure'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::control::host_ip'), + $ibgp_auto_mesh = true, + $ifmap_password = hiera('contrail::control::host_ip'), + $ifmap_username = hiera('contrail::control::host_ip'), + $insecure = hiera('contrail::insecure'), $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $router_asn = hiera('contrail::control::asn'), + $secret = hiera('contrail::control::rndc_secret'), ) { - class {'::contrail::keystone': - keystone_config => { - 'KEYSTONE' => { - 'admin_tenant_name' => $admin_tenant_name, - 'admin_token' => $admin_token, - 'admin_password' => $admin_password, - 'admin_user' => $admin_user, - 'auth_host' => $auth_host, - 'auth_port' => $auth_port, - 'auth_protocol' => $auth_protocol, - 'insecure' => $insecure, - 'memcached_servers' => $memcached_servers, + $control_ifmap_user = "${ifmap_username}.control" + $control_ifmap_password = "${ifmap_username}.control" + $dns_ifmap_user = "${ifmap_username}.dns" + $dns_ifmap_password = "${ifmap_username}.dns" + + if $step >= 3 { + class {'::contrail::control': + secret => $secret, + control_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $control_ifmap_user, + 'user' => $control_ifmap_password, + }, }, - }, - } -> - class {'::contrail::control': - control_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, + dns_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + 'rndc_secret' => $secret, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + 'IFMAP' => { + 'password' => $dns_ifmap_user, + 'user' => $dns_ifmap_password, + } }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, + control_nodemgr_config => { + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - }, - }, - dns_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - 'IFMAP' => { - 'password' => $ifmap_password, - 'user' => $ifmap_username, - } - }, - control_nodemgr_config => { - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + } + } + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + api_port => $api_port, + control_node_address => $host_ip, + control_node_name => $::hostname, + ibgp_auto_mesh => $ibgp_auto_mesh, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + router_asn => $router_asn, + } } } diff --git a/manifests/network/contrail/database.pp b/manifests/network/contrail/database.pp index 58f2670..f74eb1c 100644 --- a/manifests/network/contrail/database.pp +++ b/manifests/network/contrail/database.pp @@ -13,41 +13,154 @@ # License for the specific language governing permissions and limitations # under the License. # -# == Class: tripleo::network::contrail::control +# == Class: tripleo::network::contrail::database # -# Configure Contrail Control services +# Configure Contrail Database services # # == Parameters: # -# [*host_ip*] -# (required) host IP address of Database node +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address # String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*cassandra_servers*] +# (optional) List IPs+port of Cassandra servers +# Array of strings value. +# Defaults to hiera('contrail_database_node_ips') # # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), # # [*disc_server_port*] # (optional) port Discovery server listens on. # Integer value. # Defaults to hiera('contrail::disc_server_port') # +# [*host_ip*] +# (required) host IP address of Database node +# String (IPv4) value. +# +# [*host_name*] +# (optional) host name of Database node +# String value. +# Defaults to $::hostname +# +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*zookeeper_client_ip*] +# (optional) Zookeeper listen address +# String (IPv4) value. +# Defaults to hiera('contrail::database::host_ip') +# +# [*zookeeper_hostnames*] +# (optional) Zookeeper hostname list +# Array of string value. +# Defaults to hiera('contrail_database_short_node_names') +# +# [*zookeeper_server_ips*] +# (optional) Zookeeper ip list +# Array of string (IPv4) values +# Defaults to hiera('contrail_database_node_ips') +# class tripleo::network::contrail::database( - $host_ip, - $disc_server_ip = hiera('contrail::disc_server_ip'), - $disc_server_port = hiera('contrail::disc_server_port'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $cassandra_servers = hiera('contrail_database_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::database::host_ip'), + $host_name = $::hostname, + $public_vip = hiera('public_virtual_ip'), + $step = hiera('step'), + $zookeeper_client_ip = hiera('contrail::database::host_ip'), + $zookeeper_hostnames = hiera('contrail_database_short_node_names'), + $zookeeper_server_ips = hiera('contrail_database_node_ips'), ) { - class {'::contrail::database': - database_nodemgr_config => { - 'DEFAULTS' => { - 'hostip' => $host_ip, - }, - 'DISCOVERY' => { - 'port' => $disc_server_port, - 'server' => $disc_server_ip, - }, - }, + if $step == 2 { + class {'::contrail::database': + database_params => { + 'auth_host' => $auth_host, + 'api_server' => $api_server, + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'cassandra_servers' => $cassandra_servers, + 'host_ip' => $host_ip, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'zookeeper_client_ip' => $zookeeper_client_ip, + 'zookeeper_hostnames' => $zookeeper_hostnames, + 'zookeeper_server_ips' => $zookeeper_server_ips, + database_nodemgr_config => { + 'DEFAULT' => { + 'hostip' => $host_ip, + }, + 'DISCOVERY' => { + 'port' => $disc_server_port, + 'server' => $disc_server_ip, + }, + }, + } + } + } + if $step >= 5 { + class {'::contrail::database::provision_database': + api_address => $api_server, + api_port => $api_port, + database_node_address => $host_ip, + database_node_name => $host_name, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } } } diff --git a/manifests/network/contrail/heat.pp b/manifests/network/contrail/heat.pp new file mode 100644 index 0000000..637fdda --- /dev/null +++ b/manifests/network/contrail/heat.pp @@ -0,0 +1,80 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::heat +# +# Configure Contrail Heat plugin +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*use_ssl*] +# (optional) switch for ssl usage +# String value. +# Defaults to 'False' +# +class tripleo::network::contrail::heat( + $admin_password = hiera('contrail::admin_password'), + $admin_user = hiera('contrail::admin_user'), + $api_port = 8082, + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $step = hiera('step'), + $use_ssl = 'False', +) +{ + class {'::contrail::heat': + heat_config => { + 'clients_contrail' => { + 'api_base_url' => '/', + 'api_server' => $api_server, + 'api_port' => $api_port, + 'auth_host_ip' => $auth_host, + 'user' => $admin_user, + 'password' => $admin_password, + 'use_ssl' => $use_ssl, + }, + }, + } +} diff --git a/manifests/network/contrail/neutron_plugin.pp b/manifests/network/contrail/neutron_plugin.pp new file mode 100644 index 0000000..d9aa587 --- /dev/null +++ b/manifests/network/contrail/neutron_plugin.pp @@ -0,0 +1,203 @@ +# This class installs and configures Opencontrail Neutron Plugin. +# +# === Parameters +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*contrail_extensions*] +# Array of OpenContrail extensions to be supported +# Defaults to $::os_service_default +# Example: +# +# class {'neutron::plugins::opencontrail' : +# contrail_extensions => ['ipam:neutron_plugin_contrail.plugins.opencontrail.contrail_plugin_ipam.NeutronPluginContrailIpam'] +# } +# +# [*package_ensure*] +# (optional) Ensure state for package. +# Defaults to 'present'. +# +# [*purge_config*] +# (optional) Whether to set only the specified config options +# in the opencontrail config. +# Defaults to false. +# +class tripleo::network::contrail::neutron_plugin ( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('tripleo::haproxy::service_certificate',false), + $cert_file = hiera('tripleo::haproxy::service_certificate',false), + $contrail_extensions = hiera('contrail::vrouter::contrail_extensions'), + $package_ensure = 'present', + $purge_config = false, +) { + + include ::neutron::deps + include ::neutron::params + + validate_array($contrail_extensions) + + package { 'neutron-plugin-contrail': + ensure => $package_ensure, + name => $::neutron::params::opencontrail_plugin_package, + tag => ['neutron-package', 'openstack'], + } + package {'python-contrail': + ensure => installed, + } + + ensure_resource('file', '/etc/neutron/plugins/opencontrail', { + ensure => directory, + owner => 'root', + group => 'neutron', + mode => '0640'} + ) + + if $::osfamily == 'Debian' { + file_line { '/etc/default/neutron-server:NEUTRON_PLUGIN_CONFIG': + path => '/etc/default/neutron-server', + match => '^NEUTRON_PLUGIN_CONFIG=(.*)$', + line => "NEUTRON_PLUGIN_CONFIG=${::neutron::params::opencontrail_config_file}", + tag => 'neutron-file-line', + } + } + + if $::osfamily == 'Redhat' { + file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::neutron::params::opencontrail_config_file, + require => Package[$::neutron::params::opencontrail_plugin_package], + tag => 'neutron-config-file', + } + $api_paste_config_file = '/usr/share/neutron/api-paste.ini' + } + ini_setting { 'filter:user_token': + ensure => present, + path => $api_paste_config_file, + section => 'filter:user_token', + setting => 'paste.filter_factory', + value => 'neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory', + } + ini_setting { 'composite:neutronapi_v2_0': + ensure => present, + path => $api_paste_config_file, + section => 'composite:neutronapi_v2_0', + setting => 'keystone', + value => 'user_token cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0', + } + resources { 'neutron_plugin_opencontrail': + purge => $purge_config, + } + + exec { 'add neutron user to haproxy group': + command => '/usr/sbin/usermod -a -G haproxy neutron', + } + + if $auth_protocol == 'https' { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port_ssl,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'KEYSTONE/cafile': value => $ca_file; + 'KEYSTONE/certfile': value => $cert_file; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port_ssl; + 'keystone_authtoken/cafile': value => $ca_file; + 'keystone_authtoken/certfile': value => $cert_file; + } + } else { + $auth_url = join([$auth_protocol,'://',$auth_host,':',$auth_port,'/v2.0']) + neutron_plugin_opencontrail { + 'APISERVER/api_server_ip': value => $api_server; + 'APISERVER/api_server_port': value => $api_port; + 'APISERVER/contrail_extensions': value => join($contrail_extensions, ','); + 'KEYSTONE/auth_url': value => $auth_url; + 'KEYSTONE/admin_user' : value => $admin_user; + 'KEYSTONE/admin_tenant_name': value => $admin_tenant_name; + 'KEYSTONE/admin_password': value => $admin_password, secret =>true; + 'KEYSTONE/admin_token': value => $admin_token, secret =>true; + 'keystone_authtoken/admin_user': value => $admin_user; + 'keystone_authtoken/admin_tenant': value => $admin_tenant_name; + 'keystone_authtoken/admin_password': value => $admin_password, secret =>true; + 'keystone_authtoken/auth_host': value => $auth_host; + 'keystone_authtoken/auth_protocol': value => $auth_protocol; + 'keystone_authtoken/auth_port': value => $auth_port; + } + } +} diff --git a/manifests/network/contrail/provision.pp b/manifests/network/contrail/provision.pp new file mode 100644 index 0000000..3025737 --- /dev/null +++ b/manifests/network/contrail/provision.pp @@ -0,0 +1,92 @@ +# +# Copyright (C) 2015 Juniper Networks +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::network::contrail::provision +# +# Provisions Contrail Control and link local services +# +# == Parameters: +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password'), +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name'), +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token'), +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user'), +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host'), +# +# [*auth_port*] +# (optional) keystone port. +# Defaults to hiera('contrail::auth_port'), +# +# [*auth_protocol*] +# (optional) authentication protocol. +# Defaults to hiera('contrail::auth_protocol'), +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +class tripleo::network::contrail::provision( + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_protocol = hiera('contrail::auth_protocol'), + $step = hiera('step'), +) +{ + if $step >= 5 { + class {'::contrail::control::provision_control': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + } + class {'::contrail::control::provision_linklocal': + api_address => $api_server, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + ipfabric_service_ip => $api_server, + } + } +} diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} diff --git a/manifests/network/contrail/webui.pp b/manifests/network/contrail/webui.pp index 0b308a4..b621811 100644 --- a/manifests/network/contrail/webui.pp +++ b/manifests/network/contrail/webui.pp @@ -19,18 +19,6 @@ # # == Parameters: # -# [*contrail_analytics_vip*] -# (required) VIP of Contrail Analytics -# String (IPv4) value. -# -# [*contrail_config_vip*] -# (required) VIP of Contrail Config -# String (IPv4) value. -# -# [*neutron_vip*] -# (required) VIP of Neutron -# String (IPv4) value. -# # [*admin_password*] # (optional) admin password # String value. @@ -56,11 +44,46 @@ # String (IPv4) value. # Defaults to hiera('contrail::auth_host') # +# [*auth_port_public*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port_public') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_port_ssl_public*] +# (optional) keystone public ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl_public') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*contrail_analytics_vip*] +# (optional) VIP of Contrail Analytics +# String (IPv4) value. +# Defaults to hiera('contrail_analytics_vip') +# +# [*contrail_config_vip*] +# (optional) VIP of Contrail Config +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# # [*contrail_webui_http_port*] # (optional) Webui HTTP Port # Integer value. @@ -71,38 +94,55 @@ # Integer value. # Defaults to 8143 # +# [*neutron_vip*] +# (optional) VIP of Neutron +# String (IPv4) value. +# Defaults to hiera('neutron_api_vip') +# # [*redis_ip*] # (optional) IP of Redis # String (IPv4) value. # Defaults to '127.0.0.1' # class tripleo::network::contrail::webui( - $contrail_analytics_vip, - $contrail_config_vip, - $neutron_vip, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth_host = hiera('contrail::auth_host'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $contrail_webui_http_port = 8080, - $contrail_webui_https_port = 8143, - $redis_ip = '127.0.0.1', + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $auth_host = hiera('contrail::auth_host'), + $auth_protocol = hiera('contrail::auth_protocol'), + $auth_port_public = hiera('contrail::auth_port_public'), + $auth_port_ssl_public = hiera('contrail::auth_port_ssl_public'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $cert_file = hiera('contrail::cert_file'), + $contrail_analytics_vip = hiera('contrail_analytics_vip'), + $contrail_config_vip = hiera('contrail_config_vip'), + $contrail_webui_http_port = hiera('contrail::webui::http_port'), + $contrail_webui_https_port = hiera('contrail::webui::https_port'), + $neutron_vip = hiera('neutron_api_vip'), + $redis_ip = hiera('contrail::webui::redis_ip'), ) { + if $auth_protocol == 'https' { + $auth_port = $auth_port_ssl_public + } else { + $auth_port = $auth_port_public + } class {'::contrail::webui': - openstack_vip => $auth_host, - contrail_config_vip => $contrail_config_vip, - contrail_analytics_vip => $contrail_analytics_vip, - neutron_vip => $neutron_vip, - cassandra_ip => $cassandra_server_list, - redis_ip => $redis_ip, - contrail_webui_http_port => $contrail_webui_http_port, - contrail_webui_https_port => $contrail_webui_https_port, admin_user => $admin_user, admin_password => $admin_password, admin_token => $admin_token, admin_tenant_name => $admin_tenant_name, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + cassandra_ip => $cassandra_server_list, + cert_file => $cert_file, + contrail_config_vip => $contrail_config_vip, + contrail_analytics_vip => $contrail_analytics_vip, + contrail_webui_http_port => $contrail_webui_http_port, + contrail_webui_https_port => $contrail_webui_https_port, + neutron_vip => $neutron_vip, + openstack_vip => $auth_host, + redis_ip => $redis_ip, } } diff --git a/manifests/profile/base/auditd.pp b/manifests/profile/base/auditd.pp new file mode 100644 index 0000000..628db08 --- /dev/null +++ b/manifests/profile/base/auditd.pp @@ -0,0 +1,30 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == class: tripleo::profile::base::auditd +# +# auditd profile for tripleo +# +# === Parameters +# +# [*step*] +# Defaults to hiera('step') +# +class tripleo::profile::base::auditd ( + $step = hiera('step'), +) { + if $step >= 4 { + include ::auditd + } +} diff --git a/manifests/profile/base/congress.pp b/manifests/profile/base/congress.pp new file mode 100644 index 0000000..1731e81 --- /dev/null +++ b/manifests/profile/base/congress.pp @@ -0,0 +1,86 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::congress +# +# Congress server profile for tripleo +# +# === Parameters +# +# [*bootstrap_node*] +# (Optional) The hostname of the node responsible for bootstrapping tasks +# Defaults to hiera('bootstrap_nodeid') +# +# [*messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_service_name', 'rabbit') +# +# [*messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*messaging_password*] +# Password for messaging congress queue +# Defaults to hiera('congress::rabbit_password') +# +# [*messaging_port*] +# IP port for messaging service +# Defaults to hiera('congress::rabbit_port', 5672) +# +# [*messaging_username*] +# Username for messaging congress queue +# Defaults to hiera('congress::rabbit_userid', 'guest') +# +# [*messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to hiera('congress::rabbit_use_ssl', '0') +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') + +class tripleo::profile::base::congress ( + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $messaging_driver = hiera('messaging_service_name', 'rabbit'), + $messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $messaging_password = hiera('congress::rabbit_password'), + $messaging_port = hiera('congress::rabbit_port', '5672'), + $messaging_username = hiera('congress::rabbit_userid', 'guest'), + $messaging_use_ssl = hiera('congress::rabbit_use_ssl', '0'), + $step = hiera('step'), +) { + if $::hostname == downcase($bootstrap_node) { + $sync_db = true + } else { + $sync_db = false + } + + if $step >= 4 or ($step >= 3 and $sync_db){ + $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($messaging_use_ssl))) + class { '::congress': + sync_db => $sync_db, + default_transport_url => os_transport_url({ + 'transport' => $messaging_driver, + 'hosts' => $messaging_hosts, + 'port' => sprintf('%s', $messaging_port), + 'username' => $messaging_username, + 'password' => $messaging_password, + 'ssl' => $messaging_use_ssl_real, + }), + } + + include ::congress::server + include ::congress::db + } +} diff --git a/manifests/profile/base/database/mysql.pp b/manifests/profile/base/database/mysql.pp index 6f93903..4ccfabc 100644 --- a/manifests/profile/base/database/mysql.pp +++ b/manifests/profile/base/database/mysql.pp @@ -151,6 +151,9 @@ class tripleo::profile::base::database::mysql ( if hiera('cinder_api_enabled', false) { include ::cinder::db::mysql } + if hiera('congress_enabled', false) { + include ::congress::db::mysql + } if hiera('glance_api_enabled', false) { include ::glance::db::mysql } diff --git a/manifests/profile/base/docker_registry.pp b/manifests/profile/base/docker_registry.pp index 05a516d..ebe84bf 100644 --- a/manifests/profile/base/docker_registry.pp +++ b/manifests/profile/base/docker_registry.pp @@ -19,21 +19,22 @@ # === Parameters: # # [*registry_host*] -# (String) IP address on which the Docker registry is listening on +# (String) IP address or hostname the Docker registry binds to # Defaults to hiera('controller_host') # # [*registry_port*] # (Integer) The port on which the Docker registry is listening on # Defaults to 8787 # -# [*controller_admin_vip*] -# (String) VIP of the host -# Defaults to hiera('controller_admin_vip') +# [*registry_admin_host*] +# (String) IP address or hostname the Docker registry binds to in the admin +# network +# Defaults to hiera('controller_admin_host') # class tripleo::profile::base::docker_registry ( - $registry_host = hiera('controller_host'), - $registry_port = 8787, - $controller_admin_vip = hiera('controller_admin_vip'), + $registry_host = hiera('controller_host'), + $registry_port = 8787, + $registry_admin_host = hiera('controller_admin_host'), ) { # We want a v2 registry package{'docker-registry': @@ -55,7 +56,7 @@ class tripleo::profile::base::docker_registry ( line => join ([ 'INSECURE_REGISTRY="', '--insecure-registry ', $registry_host, ':', $registry_port, ' ', - '--insecure-registry ', $controller_admin_vip, ':', $registry_port, '"']), + '--insecure-registry ', $registry_admin_host, ':', $registry_port, '"']), match => 'INSECURE_REGISTRY=', require => Package['docker'], notify => Service['docker'], diff --git a/manifests/profile/base/horizon.pp b/manifests/profile/base/horizon.pp index be07c0e..bd28ab0 100644 --- a/manifests/profile/base/horizon.pp +++ b/manifests/profile/base/horizon.pp @@ -30,7 +30,7 @@ class tripleo::profile::base::horizon ( # Horizon include ::apache::mod::remoteip include ::apache::mod::status - if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers') { + if 'cisco_n1kv' in hiera('neutron::plugins::ml2::mechanism_drivers', undef) { $_profile_support = 'cisco' } else { $_profile_support = 'None' diff --git a/manifests/profile/base/keystone.pp b/manifests/profile/base/keystone.pp index e84e22f..72049e3 100644 --- a/manifests/profile/base/keystone.pp +++ b/manifests/profile/base/keystone.pp @@ -209,6 +209,9 @@ class tripleo::profile::base::keystone ( if hiera('cinder_api_enabled', false) { include ::cinder::keystone::auth } + if hiera('congress_enabled', false) { + include ::congress::keystone::auth + } if hiera('glance_api_enabled', false) { include ::glance::keystone::auth } diff --git a/manifests/profile/base/neutron/server.pp b/manifests/profile/base/neutron/server.pp index fcd804d..5d6909f 100644 --- a/manifests/profile/base/neutron/server.pp +++ b/manifests/profile/base/neutron/server.pp @@ -22,10 +22,34 @@ # (Optional) The hostname of the node responsible for bootstrapping tasks # Defaults to hiera('bootstrap_nodeid') # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*certificates_specs*] +# (Optional) The specifications to give to certmonger for the certificate(s) +# it will create. +# Example with hiera: +# apache_certificates_specs: +# httpd-internal_api: +# hostname: <overcloud controller fqdn> +# service_certificate: <service certificate path> +# service_key: <service key path> +# principal: "haproxy/<overcloud controller fqdn>" +# Defaults to hiera('apache_certificate_specs', {}). +# +# [*dvr_enabled*] +# (Optional) Is dvr enabled, used when no override is passed to +# l3_ha_override to calculate enabling l3 HA. +# Defaults to hiera('neutron::server::router_distributed') or false +# +# [*enable_internal_tls*] +# (Optional) Whether TLS in the internal network is enabled or not. +# Defaults to hiera('enable_internal_tls', false) +# +# [*generate_service_certificates*] +# (Optional) Whether or not certmonger will generate certificates for +# HAProxy. This could be as many as specified by the $certificates_specs +# variable. +# Note that this doesn't configure the certificates in haproxy, it merely +# creates the certificates. +# Defaults to hiera('generate_service_certificate', false). # # [*l3_ha_override*] # (Optional) Override the calculated value for neutron::server::l3_ha @@ -41,17 +65,49 @@ # (we need to default neutron_l3_short_node_names to an empty list # because some neutron backends disable the l3 agent) # -# [*dvr_enabled*] -# (Optional) Is dvr enabled, used when no override is passed to -# l3_ha_override to calculate enabling l3 HA. -# Defaults to hiera('neutron::server::router_distributed') or false +# [*neutron_network*] +# (Optional) The network name where the neutron endpoint is listening on. +# This is set by t-h-t. +# Defaults to hiera('neutron_api_network', undef) +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +# [*tls_proxy_bind_ip*] +# IP on which the TLS proxy will listen on. Required only if +# enable_internal_tls is set. +# Defaults to undef +# +# [*tls_proxy_fqdn*] +# fqdn on which the tls proxy will listen on. required only used if +# enable_internal_tls is set. +# defaults to undef +# +# [*tls_proxy_port*] +# port on which the tls proxy will listen on. Only used if +# enable_internal_tls is set. +# defaults to 9696 +# class tripleo::profile::base::neutron::server ( - $bootstrap_node = hiera('bootstrap_nodeid', undef), - $step = hiera('step'), - $l3_ha_override = '', - $l3_nodes = hiera('neutron_l3_short_node_names', []), - $dvr_enabled = hiera('neutron::server::router_distributed', false) + $bootstrap_node = hiera('bootstrap_nodeid', undef), + $certificates_specs = hiera('apache_certificates_specs', {}), + $dvr_enabled = hiera('neutron::server::router_distributed', false), + $enable_internal_tls = hiera('enable_internal_tls', false), + $generate_service_certificates = hiera('generate_service_certificates', false), + $l3_ha_override = '', + $l3_nodes = hiera('neutron_l3_short_node_names', []), + $neutron_network = hiera('neutron_api_network', undef), + $step = hiera('step'), + $tls_proxy_bind_ip = undef, + $tls_proxy_fqdn = undef, + $tls_proxy_port = 9696, ) { + if $enable_internal_tls and $generate_service_certificates { + ensure_resources('tripleo::certmonger::httpd', $certificates_specs) + } + if $::hostname == downcase($bootstrap_node) { $sync_db = true } else { @@ -74,6 +130,23 @@ class tripleo::profile::base::neutron::server ( # it will try to populate tables and we need to make sure this happens # before it starts on other nodes if $step >= 4 and $sync_db or $step >= 5 and !$sync_db { + if $enable_internal_tls { + if !$neutron_network { + fail('neutron_api_network is not set in the hieradata.') + } + $tls_certfile = $certificates_specs["httpd-${neutron_network}"]['service_certificate'] + $tls_keyfile = $certificates_specs["httpd-${neutron_network}"]['service_key'] + + ::tripleo::tls_proxy { 'neutron-api': + servername => $tls_proxy_fqdn, + ip => $tls_proxy_bind_ip, + port => $tls_proxy_port, + tls_cert => $tls_certfile, + tls_key => $tls_keyfile, + notify => Class['::neutron::server'], + } + } + include ::neutron::server::notifications # We need to override the hiera value neutron::server::sync_db which is set # to true diff --git a/manifests/profile/base/nova/api.pp b/manifests/profile/base/nova/api.pp index 8ded3ef..83baae2 100644 --- a/manifests/profile/base/nova/api.pp +++ b/manifests/profile/base/nova/api.pp @@ -85,25 +85,8 @@ class tripleo::profile::base::nova::api ( $tls_keyfile = undef } - if ($step >= 3 and $sync_db) { - $messaging_hosts_real = any2array($::tripleo::profile::base::nova::messaging_hosts) - # TODO(aschultz): remove sprintf once we properly type the port, needs - # to be a string for the os_transport_url function. - $messaging_port_real = sprintf('%s', $::tripleo::profile::base::nova::messaging_port) - $messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($::tripleo::profile::base::nova::messaging_use_ssl))) - - #TODO(emilien): enable it again when it's fixed upstream in nova - # https://bugs.launchpad.net/tripleo/+bug/1649341 - # class { '::nova::db::sync_cell_v2': - # transport_url => os_transport_url({ - # 'transport' => $::tripleo::profile::base::nova::messaging_driver, - # 'hosts' => $messaging_hosts_real, - # 'port' => $messaging_port_real, - # 'username' => $::tripleo::profile::base::nova::messaging_username, - # 'password' => $::tripleo::profile::base::nova::messaging_password, - # 'ssl' => $messaging_use_ssl_real, - # }), - # } + if $step >= 3 and $sync_db { + include ::nova::cell_v2::simple_setup } if $step >= 4 or ($step >= 3 and $sync_db) { diff --git a/manifests/profile/base/octavia/health_manager.pp b/manifests/profile/base/octavia/health_manager.pp new file mode 100644 index 0000000..bac5f65 --- /dev/null +++ b/manifests/profile/base/octavia/health_manager.pp @@ -0,0 +1,33 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::health_manager +# +# Octavia Health Manager server for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::health_manager ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + if $step >= 5 { + include ::octavia::health_manager + } +} diff --git a/manifests/profile/base/octavia/housekeeping.pp b/manifests/profile/base/octavia/housekeeping.pp new file mode 100644 index 0000000..0dcd5cf --- /dev/null +++ b/manifests/profile/base/octavia/housekeeping.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::housekeeping +# +# Octavia Housekeeping profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::housekeeping ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::housekeeping + } +} diff --git a/manifests/profile/base/octavia/worker.pp b/manifests/profile/base/octavia/worker.pp new file mode 100644 index 0000000..7df324d --- /dev/null +++ b/manifests/profile/base/octavia/worker.pp @@ -0,0 +1,34 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::octavia::worker +# +# Octavia Worker profile for tripleo +# +# === Parameters +# +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') +# +class tripleo::profile::base::octavia::worker ( + $step = hiera('step'), +) { + include ::tripleo::profile::base::octavia + + if $step >= 5 { + include ::octavia::worker + } +} diff --git a/manifests/profile/base/swift/proxy.pp b/manifests/profile/base/swift/proxy.pp index 5bd75bd..5f3408d 100644 --- a/manifests/profile/base/swift/proxy.pp +++ b/manifests/profile/base/swift/proxy.pp @@ -18,38 +18,58 @@ # # === Parameters # -# [*step*] -# (Optional) The current step in deployment. See tripleo-heat-templates -# for more details. -# Defaults to hiera('step') +# [*ceilometer_enabled*] +# Whether the ceilometer pipeline is enabled. +# Defaults to true # -# [*memcache_servers*] -# (Optional) List of memcache servers -# Defaults to hiera('memcached_node_ips') +# [*ceilometer_messaging_driver*] +# Driver for messaging service. +# Defaults to hiera('messaging_service_name', 'rabbit') +# +# [*ceilometer_messaging_hosts*] +# list of the messaging host fqdns +# Defaults to hiera('rabbitmq_node_names') +# +# [*ceilometer_messaging_password*] +# Password for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_password', undef) +# +# [*ceilometer_messaging_port*] +# IP port for messaging service +# Defaults to hiera('tripleo::profile::base::swift::proxy::rabbit_port', 5672) +# +# [*ceilometer_messaging_use_ssl*] +# Flag indicating ssl usage. +# Defaults to '0' +# +# [*ceilometer_messaging_username*] +# Username for messaging nova queue +# Defaults to hiera('swift::proxy::ceilometer::rabbit_user', 'guest') # # [*memcache_port*] # (Optional) memcache port # Defaults to 11211 # -# [*rabbit_hosts*] -# list of the rabbbit host fqdns -# Defaults to hiera('rabbitmq_node_names') -# -# [*rabbit_port*] -# IP port for rabbitmq service -# Defaults to 5672 +# [*memcache_servers*] +# (Optional) List of memcache servers +# Defaults to hiera('memcached_node_ips') # -# [*ceilometer_enabled*] -# Whether the ceilometer pipeline is enabled. -# Defaults to true +# [*step*] +# (Optional) The current step in deployment. See tripleo-heat-templates +# for more details. +# Defaults to hiera('step') # class tripleo::profile::base::swift::proxy ( - $step = hiera('step'), - $memcache_servers = hiera('memcached_node_ips'), - $memcache_port = 11211, - $rabbit_hosts = hiera('rabbitmq_node_names', undef), - $rabbit_port = 5672, - $ceilometer_enabled = true, + $ceilometer_enabled = true, + $ceilometer_messaging_driver = hiera('messaging_service_name', 'rabbit'), + $ceilometer_messaging_hosts = any2array(hiera('rabbitmq_node_names', undef)), + $ceilometer_messaging_password = hiera('swift::proxy::ceilometer::rabbit_password', undef), + $ceilometer_messaging_port = hiera('tripleo::profile::base::swift::proxy::rabbit_port', '5672'), + $ceilometer_messaging_use_ssl = '0', + $ceilometer_messaging_username = hiera('swift::proxy::ceilometer::rabbit_user', 'guest'), + $memcache_port = 11211, + $memcache_servers = hiera('memcached_node_ips'), + $step = hiera('step'), ) { if $step >= 4 { $swift_memcache_servers = suffix(any2array(normalize_ip_for_uri($memcache_servers)), ":${memcache_port}") @@ -68,10 +88,17 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::tempurl include ::swift::proxy::formpost include ::swift::proxy::bulk - $swift_rabbit_hosts = suffix(any2array($rabbit_hosts), ":${rabbit_port}") + $ceilometer_messaging_use_ssl_real = sprintf('%s', bool2num(str2bool($ceilometer_messaging_use_ssl))) if $ceilometer_enabled { class { '::swift::proxy::ceilometer': - rabbit_hosts => $swift_rabbit_hosts, + default_transport_url => os_transport_url({ + 'transport' => $ceilometer_messaging_driver, + 'hosts' => $ceilometer_messaging_hosts, + 'port' => sprintf('%s', $ceilometer_messaging_port), + 'username' => $ceilometer_messaging_username, + 'password' => $ceilometer_messaging_password, + 'ssl' => $ceilometer_messaging_use_ssl_real, + }), } } include ::swift::proxy::versioned_writes @@ -82,6 +109,7 @@ class tripleo::profile::base::swift::proxy ( include ::swift::proxy::account_quotas class { '::swift::objectexpirer': + pipeline => ['catch_errors', 'cache', 'proxy-server'], memcache_servers => $swift_memcache_servers } } diff --git a/manifests/profile/pacemaker/ceph/rbdmirror.pp b/manifests/profile/pacemaker/ceph/rbdmirror.pp index 308572c..4066225 100644 --- a/manifests/profile/pacemaker/ceph/rbdmirror.pp +++ b/manifests/profile/pacemaker/ceph/rbdmirror.pp @@ -26,6 +26,10 @@ # (Optional) Name assigned to the RBD mirror client # Defaults to 'rbd-mirror' # +# [*pcs_tries*] +# (Optional) The number of times pcs commands should be retried. +# Defaults to hiera('pcs_tries', 20) +# # [*stack_action*] # (Optional) Action executed on the stack. See tripleo-heat-templates # for more details. @@ -39,6 +43,7 @@ class tripleo::profile::pacemaker::ceph::rbdmirror ( $bootstrap_node = hiera('ceph_rbdmirror_short_bootstrap_node_name'), $client_name = 'openstack', + $pcs_tries = hiera('pcs_tries', 20), $stack_action = hiera('stack_action'), $step = hiera('step'), ) { @@ -57,7 +62,17 @@ class tripleo::profile::pacemaker::ceph::rbdmirror ( include ::tripleo::profile::base::ceph + if $step >= 2 { + pacemaker::property { 'ceph-rbdmirror-role-node-property': + property => 'ceph-rbdmirror-role', + value => true, + tries => $pcs_tries, + node => $::hostname, + } + } + if $step >= 3 { + require ::ceph::profile::client ceph::mirror { $client_name: rbd_mirror_enable => false, rbd_mirror_ensure => 'stopped', @@ -66,7 +81,13 @@ class tripleo::profile::pacemaker::ceph::rbdmirror ( # NOTE(gfidente): systemd uses the @ sign but it is an invalid # character in a pcmk resource name, so we need to use it only # for the name of the service - service_name => "ceph-rbd-mirror@${client_name}" + service_name => "ceph-rbd-mirror@${client_name}", + tries => $pcs_tries, + location_rule => { + resource_discovery => 'exclusive', + score => 0, + expression => ['ceph-rbdmirror-role eq true'], + } } } |