From 9c9667e214987fe4a41a96d13f58541f0ddd53a2 Mon Sep 17 00:00:00 2001 From: Michael Henkel Date: Fri, 27 Jan 2017 00:36:54 +0100 Subject: Re-organizes Contrail services to the correct roles In current setup some Contrail services belong to the wrong roles. The Contrail control plane can be impacted if the Analytics database has problems. Furthermore contrail tripleo puppet modules are being refactored to conform to the new interface of the puppet-contrail modules. Closes-Bug: 1659560 Change-Id: Id0dd35b95c5fe9d0fcc1e16c4b7d6cc601f10818 --- manifests/network/contrail/vrouter.pp | 302 ++++++++++++++++++++++++++++++++++ 1 file changed, 302 insertions(+) create mode 100644 manifests/network/contrail/vrouter.pp (limited to 'manifests/network/contrail/vrouter.pp') diff --git a/manifests/network/contrail/vrouter.pp b/manifests/network/contrail/vrouter.pp new file mode 100644 index 0000000..2bccd1d --- /dev/null +++ b/manifests/network/contrail/vrouter.pp @@ -0,0 +1,302 @@ +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# == Class: tripleo::profile::base::neutron::opencontrail::vrouter +# +# Opencontrail profile to run the contrail vrouter +# +# === Parameters +# +# [*step*] +# (Optional) The current step of the deployment +# Defaults to hiera('step') +# +# [*admin_password*] +# (optional) admin password +# String value. +# Defaults to hiera('contrail::admin_password') +# +# [*admin_tenant_name*] +# (optional) admin tenant name. +# String value. +# Defaults to hiera('contrail::admin_tenant_name') +# +# [*admin_token*] +# (optional) admin token +# String value. +# Defaults to hiera('contrail::admin_token') +# +# [*admin_user*] +# (optional) admin user name. +# String value. +# Defaults to hiera('contrail::admin_user') +# +# [*api_server*] +# (optional) IP address of api server +# String value. +# Defaults to hiera('contrail_config_vip') +# +# [*api_port*] +# (optional) port of api server +# String value. +# Defaults to hiera('contrail::api_port') +# +# [*auth_host*] +# (optional) keystone server ip address +# String (IPv4) value. +# Defaults to hiera('contrail::auth_host') +# +# [*auth_port*] +# (optional) keystone port. +# Integer value. +# Defaults to hiera('contrail::auth_port') +# +# [*auth_port_ssl*] +# (optional) keystone ssl port. +# Integer value. +# Defaults to hiera('contrail::auth_port_ssl') +# +# [*auth_protocol*] +# (optional) authentication protocol. +# String value. +# Defaults to hiera('contrail::auth_protocol') +# +# [*ca_file*] +# (optional) ca file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*cert_file*] +# (optional) cert file name +# String value. +# Defaults to hiera('contrail::service_certificate',false) +# +# [*control_server*] +# (optional) Contrail control server IP +# Array of String (IPv4) value. +# Defaults to hiera('contrail_control_node_ips') +# +# [*disc_server_ip*] +# (optional) IPv4 address of discovery server. +# String (IPv4) value. +# Defaults to hiera('contrail_config_vip'), +# +# [*disc_server_port*] +# (optional) port Discovery server listens on. +# Integer value. +# Defaults to hiera('contrail::disc_server_port') +# +# [*gateway*] +# (optional) Default GW for vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::gateway') +# +# [*host_ip*] +# (optional) host IP address of vrouter +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::host_ip') +# +# [*insecure*] +# (optional) insecure connections allowed +# String value. +# Defaults to hiera('contrail::insecure') +# +# [*memcached_servers*] +# (optional) memcached server ip +# String (IPv4) value. +# Defaults to hiera('contrail::memcached_server') +# +# [*metadata_secret*] +# (optional) secret for metadata +# String value. +# Defaults to hiera('contrail::vrouter::metadata_proxy_shared_secret') +# +# [*netmask*] +# (optional) netmask for vrouter interface +# String (IPv4) value. +# Defaults to hiera('contrail::vrouter::netmask') +# +# [*physical_interface*] +# (optional) vrouter interface +# String value. +# Defaults to hiera('contrail::vrouter::physical_interface') +# +# [*public_vip*] +# (optional) Public VIP to Keystone +# String (IPv4) value. +# Defaults to hiera('public_virtual_ip') +# +# [*is_tsn*] +# (optional) Turns vrouter into TSN +# String value. +# Defaults to hiera('contrail::vrouter::is_tsn',false) +# +class tripleo::network::contrail::vrouter ( + $step = hiera('step'), + $admin_password = hiera('contrail::admin_password'), + $admin_tenant_name = hiera('contrail::admin_tenant_name'), + $admin_token = hiera('contrail::admin_token'), + $admin_user = hiera('contrail::admin_user'), + $api_port = hiera('contrail::api_port'), + $api_server = hiera('contrail_config_vip'), + $auth_host = hiera('contrail::auth_host'), + $auth_port = hiera('contrail::auth_port'), + $auth_port_ssl = hiera('contrail::auth_port_ssl'), + $auth_protocol = hiera('contrail::auth_protocol'), + $ca_file = hiera('contrail::service_certificate',false), + $cert_file = hiera('contrail::service_certificate',false), + $control_server = hiera('contrail_control_node_ips'), + $disc_server_ip = hiera('contrail_config_vip'), + $disc_server_port = hiera('contrail::disc_server_port'), + $gateway = hiera('contrail::vrouter::gateway'), + $host_ip = hiera('contrail::vrouter::host_ip'), + $insecure = hiera('contrail::insecure'), + $memcached_servers = hiera('contrail::memcached_server'), + $metadata_secret = hiera('contrail::vrouter::metadata_proxy_shared_secret'), + $netmask = hiera('contrail::vrouter::netmask'), + $physical_interface = hiera('contrail::vrouter::physical_interface'), + $public_vip = hiera('public_virtual_ip'), + $is_tsn = hiera('contrail::vrouter::is_tsn',false), +) { + $cidr = netmask_to_cidr($netmask) + notify { 'cidr': + message => $cidr, + } + $macaddress = inline_template("<%= scope.lookupvar('::macaddress_${physical_interface}') -%>") + #include ::contrail::vrouter + # NOTE: it's not possible to use this class without a functional + # contrail controller up and running + $control_server_list = join($control_server, ' ') + if $auth_protocol == 'https' { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port_ssl, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + 'AUTHN_PORT' => $auth_port_ssl, + 'AUTHN_PROTOCOL' => $auth_protocol, + 'certfile' => $cert_file, + 'cafile' => $ca_file, + }, + } + } else { + $keystone_config = { + 'KEYSTONE' => { + 'admin_password' => $admin_password, + 'admin_tenant_name' => $admin_tenant_name, + 'admin_token' => $admin_token, + 'admin_user' => $admin_user, + 'auth_host' => $auth_host, + 'auth_port' => $auth_port, + 'auth_protocol' => $auth_protocol, + 'insecure' => $insecure, + 'memcached_servers' => $memcached_servers, + }, + } + $vnc_api_lib_config = { + 'auth' => { + 'AUTHN_SERVER' => $public_vip, + }, + } + } + if $is_tsn { + $vrouter_agent_config = { + 'DEBUG' => { + 'agent_mode' => 'tsn', + }, + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } else { + $vrouter_agent_config = { + 'CONTROL-NODE' => { + 'server' => $control_server_list, + }, + 'VIRTUAL-HOST-INTERFACE' => { + 'compute_node_address' => $host_ip, + 'gateway' => $gateway, + 'ip' => "${host_ip}/${cidr}", + 'name' => 'vhost0', + 'physical_interface' => $physical_interface, + }, + 'METADATA' => { + 'metadata_proxy_secret' => $metadata_secret, + }, + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + } + } + class {'::contrail::vrouter': + discovery_ip => $disc_server_ip, + gateway => $gateway, + host_ip => $host_ip, + is_tsn => $is_tsn, + macaddr => $macaddress, + mask => $cidr, + netmask => $netmask, + physical_interface => $physical_interface, + vhost_ip => $host_ip, + keystone_config => $keystone_config, + vrouter_agent_config => $vrouter_agent_config, + vrouter_nodemgr_config => { + 'DISCOVERY' => { + 'server' => $disc_server_ip, + 'port' => $disc_server_port, + }, + }, + vnc_api_lib_config => $vnc_api_lib_config, + } + if $step >= 5 { + class {'::contrail::vrouter::provision_vrouter': + api_address => $api_server, + api_port => $api_port, + host_ip => $host_ip, + node_name => $::hostname, + keystone_admin_user => $admin_user, + keystone_admin_password => $admin_password, + keystone_admin_tenant_name => $admin_tenant_name, + is_tsn => $is_tsn, + } + } +} -- cgit 1.2.3-korg