From 9c9667e214987fe4a41a96d13f58541f0ddd53a2 Mon Sep 17 00:00:00 2001 From: Michael Henkel Date: Fri, 27 Jan 2017 00:36:54 +0100 Subject: Re-organizes Contrail services to the correct roles In current setup some Contrail services belong to the wrong roles. The Contrail control plane can be impacted if the Analytics database has problems. Furthermore contrail tripleo puppet modules are being refactored to conform to the new interface of the puppet-contrail modules. Closes-Bug: 1659560 Change-Id: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818 --- manifests/network/contrail/config.pp | 397 ++++++++++++++++++++++++++--------- 1 file changed, 301 insertions(+), 96 deletions(-) (limited to 'manifests/network/contrail/config.pp') diff --git a/manifests/network/contrail/config.pp b/manifests/network/contrail/config.pp index 7b9c85f..d02ab44 100644 --- a/manifests/network/contrail/config.pp +++ b/manifests/network/contrail/config.pp @@ -19,21 +19,11 @@ # # == Parameters: # -# [*ifmap_password*] -# (required) ifmap password -# String value. -# -# [*ifmap_server_ip*] -# (required) ifmap server ip address. -# String value. # -# [*ifmap_username*] -# (required) ifmap username +# [*aaa_mode*] +# (optional) aaa mode parameter # String value. -# -# [*rabbit_server*] -# (required) IPv4 address of rabbit server. -# String (IPv4) value. +# Defaults to hiera('contrail::aaa_mode') # # [*admin_password*] # (optional) admin password @@ -55,6 +45,16 @@ # String value. # Defaults to hiera('contrail::admin_user') # +# [*api_server*] +# (optional) VIP of Config API +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) Port of Config API +# String value. +# Defaults to hiera('contrail::api_port') +# # [*auth*] # (optional) Authentication method. # Defaults to hiera('contrail::auth') @@ -68,81 +68,232 @@ # (optional) keystone port. # Defaults to hiera('contrail::auth_port') # +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# # [*auth_protocol*] # (optional) authentication protocol. # Defaults to hiera('contrail::auth_protocol') # +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# # [*cassandra_server_list*] # (optional) List IPs+port of Cassandra servers # Array of strings value. # Defaults to hiera('contrail::cassandra_server_list') # +# [*config_hostnames*] +# (optional) Config hostname list +# Array of string value. +# Defaults to hiera('contrail_config_short_node_names') +# +# [*control_server_list*] +# (optional) IPv4 addresses of control server. +# Array of string (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# # [*disc_server_ip*] # (optional) IPv4 address of discovery server. # String (IPv4) value. -# Defaults to hiera('contrail::disc_server_ip') +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port of discovery server +# String value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*host_ip*] +# (optional) IPv4 address of Config server +# String (IPv4) value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_password*] +# (optional) ifmap password +# String value. +# Defaults to hiera('contrail::config::ifmap_password') +# +# [*ifmap_server_ip*] +# (optional) ifmap server ip address. +# String value. +# Defaults to hiera('contrail::config::host_ip') +# +# [*ifmap_username*] +# (optional) ifmap username +# String value. +# Defaults to hiera('contrail::config::ifmap_password') # # [*insecure*] # (optional) insecure mode. # Defaults to hiera('contrail::insecure') # +# [*ipfabric_service_port*] +# (optional) linklocal ip fabric port +# String value +# Defaults to 8775 +# # [*listen_ip_address*] # (optional) IP address to listen on. # String (IPv4) value. -# Defaults to '0.0.0.0' +# Defaults to hiera('contrail::config::listen_ip_address') # # [*listen_port*] # (optional) Listen port for config-api -# Defaults to 8082 +# Defaults to hiera('contrail::api_port') +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_port*] +# (optional) port of link local service +# String value +# Defaults to 80 +# +# [*linklocal_service_name*] +# (optional) name of link local service +# String value +# Defaults to metadata +# +# [*linklocal_service_ip*] +# (optional) IPv4 address of link local service +# String (IPv4) value +# Defaults to 169.254.169.254 # # [*memcached_servers*] # (optional) IPv4 address of memcached servers # String (IPv4) value + port # Defaults to hiera('contrail::memcached_server') # -# [*multi_tenancy*] -# (optional) Defines if mutli-tenancy is enabled. -# Defaults to hiera('contrail::multi_tenancy') +# [*public_vip*] +# (optional) Public virtual ip +# String value. +# Defaults to hiera('public_virtual_ip') +# +# [*step*] +# (optional) Step stack is in +# Integer value. +# Defaults to hiera('step') +# +# [*rabbit_server*] +# (optional) rabbit server +# Array of string value. +# Defaults to hiera('rabbitmq_node_ips') +# +# [*rabbit_user*] +# (optional) rabbit user +# String value. +# Defaults to hiera('contrail::rabbit_user') +# +# [*rabbit_password*] +# (optional) rabbit password +# String value. +# Defaults to hiera('contrail::rabbit_password') +# +# [*rabbit_port*] +# (optional) rabbit server port +# String value. +# Defaults to hiera('contrail::rabbit_port') # # [*redis_server*] # (optional) IPv4 address of redis server. # String (IPv4) value. -# Defaults to '127.0.0.1' +# Defaults to hiera('contrail::config::redis_server') # # [*zk_server_ip*] # (optional) List IPs+port of Zookeeper servers # Array of strings value. -# Defaults to hiera('contrail::zk_server_ip') +# Defaults to hiera('contrail_database_node_ips') # class tripleo::network::contrail::config( - $ifmap_password, - $ifmap_server_ip, - $ifmap_username, - $rabbit_server, - $admin_password = hiera('contrail::admin_password'), - $admin_tenant_name = hiera('contrail::admin_tenant_name'), - $admin_token = hiera('contrail::admin_token'), - $admin_user = hiera('contrail::admin_user'), - $auth = hiera('contrail::auth'), - $auth_host = hiera('contrail::auth_host'), - $auth_port = hiera('contrail::auth_port'), - $auth_protocol = hiera('contrail::auth_protocol'), - $cassandra_server_list = hiera('contrail::cassandra_server_list'), - $disc_server_ip = hiera('contrail::disc_server_ip'), - $insecure = hiera('contrail::insecure'), - $listen_ip_address = '0.0.0.0', - $listen_port = 8082, - $memcached_servers = hiera('contrail::memcached_server'), - $multi_tenancy = hiera('contrail::multi_tenancy'), - $redis_server = '127.0.0.1', - $zk_server_ip = hiera('contrail::zk_server_ip'), + $step = hiera('step'), + $aaa_mode = hiera('contrail::aaa_mode'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_server = hiera('contrail_config_vip'), + $api_port = hiera('contrail::api_port'), + $auth = hiera('contrail::auth'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $cassandra_server_list = hiera('contrail_database_node_ips'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $config_hostnames = hiera('contrail_config_short_node_names'), + $control_server_list = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $host_ip = hiera('contrail::config::host_ip'), + $ifmap_password = hiera('contrail::config::ifmap_password'), + $ifmap_server_ip = hiera('contrail::config::host_ip'), + $ifmap_username = hiera('contrail::config::ifmap_username'), + $insecure = hiera('contrail::insecure'), + $ipfabric_service_port = 8775, + $listen_ip_address = hiera('contrail::config::listen_ip_address'), + $listen_port = hiera('contrail::api_port'), + $linklocal_service_port = 80, + $linklocal_service_name = 'metadata', + $linklocal_service_ip = '169.254.169.254', + $memcached_servers = hiera('contrail::memcached_server'), + $public_vip = hiera('public_virtual_ip'), + $rabbit_server = hiera('rabbitmq_node_ips'), + $rabbit_user = hiera('contrail::rabbit_user'), + $rabbit_password = hiera('contrail::rabbit_password'), + $rabbit_port = hiera('contrail::rabbit_port'), + $redis_server = hiera('contrail::config::redis_server'), + $zk_server_ip = hiera('contrail_database_node_ips'), ) { validate_ip_address($listen_ip_address) validate_ip_address($disc_server_ip) validate_ip_address($ifmap_server_ip) - class {'::contrail::keystone': - keystone_config => { + $basicauthusers_property_control = map($control_server_list) |$item| { "${item}.control:${item}.control" } + $basicauthusers_property_dns = $control_server_list.map |$item| { "${item}.dns:${item}.dns" } + $basicauthusers_property = concat($basicauthusers_property_control, $basicauthusers_property_dns) + $cassandra_server_list_9160 = join([join($cassandra_server_list, ':9160 '),':9160'],'') + $rabbit_server_list_5672 = join([join($rabbit_server, ':5672,'),':5672'],'') + $zk_server_ip_2181 = join([join($zk_server_ip, ':2181,'),':2181'],'') + + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { 'KEYSTONE' => { 'admin_password' => $admin_password, 'admin_tenant_name' => $admin_tenant_name, @@ -154,62 +305,116 @@ class tripleo::network::contrail::config( 'insecure' => $insecure, 'memcached_servers' => $memcached_servers, }, - }, - } -> - class {'::contrail::config': - api_config => { - 'DEFAULTS' => { - 'auth' => $auth, - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'listen_ip_addr' => $listen_ip_address, - 'listen_port' => $listen_port, - 'multi_tenancy' => $multi_tenancy, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, }, - }, - device_manager_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + } + } + if $step >= 3 { + class {'::contrail::config': + api_config => { + 'DEFAULTS' => { + 'aaa_mode' => $aaa_mode, + 'auth' => $auth, + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'listen_ip_addr' => $listen_ip_address, + 'listen_port' => $listen_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - schema_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, - 'zk_server_ip' => $zk_server_ip, + basicauthusers_property => $basicauthusers_property, + config_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, }, - }, - discovery_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'zk_server_ip' => $zk_server_ip, + device_manager_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, - svc_monitor_config => { - 'DEFAULTS' => { - 'cassandra_server_list' => $cassandra_server_list, - 'disc_server_ip' => $disc_server_ip, - 'ifmap_password' => $ifmap_password, - 'ifmap_server_ip' => $ifmap_server_ip, - 'ifmap_username' => $ifmap_username, - 'rabbit_server' => $rabbit_server, - 'redis_server' => $redis_server, + discovery_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'zk_server_ip' => $zk_server_ip_2181, + }, }, - }, + keystone_config => $keystone_config, + schema_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + svc_monitor_config => { + 'DEFAULTS' => { + 'cassandra_server_list' => $cassandra_server_list_9160, + 'disc_server_ip' => $disc_server_ip, + 'disc_server_port' => $disc_server_port, + 'ifmap_password' => $ifmap_password, + 'ifmap_server_ip' => $ifmap_server_ip, + 'ifmap_username' => $ifmap_username, + 'rabbit_server' => $rabbit_server_list_5672, + 'rabbit_user' => $rabbit_user, + 'rabbit_password' => $rabbit_password, + 'redis_server' => $redis_server, + 'zk_server_ip' => $zk_server_ip_2181, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + } + if $step >= 5 { + class {'::contrail::config::provision_config': + api_address => $api_server, + api_port => $api_port, + config_node_address => $host_ip, + config_node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + openstack_vip => $public_vip, + } + if $config_hostnames[0] == $::hostname { + class {'::contrail::config::provision_linklocal': + api_address => $api_server, + api_port => $api_port, + ipfabric_service_ip => $api_server, + ipfabric_service_port => $ipfabric_service_port, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + linklocal_service_name => $linklocal_service_name, + linklocal_service_ip => $linklocal_service_ip, + linklocal_service_port => $linklocal_service_port, + } + } } } -- cgit 1.2.3-korg