summaryrefslogtreecommitdiffstats
path: root/extraconfig
diff options
context:
space:
mode:
authorDan Prince <dprince@redhat.com>2016-12-11 14:54:16 -0500
committerDan Prince <dprince@redhat.com>2017-01-06 20:01:14 -0500
commitb1fe2e8d60ad3dcfeec858539343be57115dd698 (patch)
tree9dd232ab6e7345ac8d3ff38a1155b6414b92e7fc /extraconfig
parent10044ba2afe6e33ca22ef656ec298203a485b550 (diff)
Template and role support for the undercloud
Add a new roles data YAML file and environment to help create the undercloud via t-h-t. Partially-implements: blueprint heat-undercloud Change-Id: I36df7fa86c2ff40026d59f02248af529a4a81861
Diffstat (limited to 'extraconfig')
-rwxr-xr-xextraconfig/post_deploy/undercloud_post.sh126
-rw-r--r--extraconfig/post_deploy/undercloud_post.yaml93
2 files changed, 219 insertions, 0 deletions
diff --git a/extraconfig/post_deploy/undercloud_post.sh b/extraconfig/post_deploy/undercloud_post.sh
new file mode 100755
index 00000000..8bcae1d3
--- /dev/null
+++ b/extraconfig/post_deploy/undercloud_post.sh
@@ -0,0 +1,126 @@
+#!/bin/bash
+set -eux
+
+ln -sf /etc/puppet/hiera.yaml /etc/hiera.yaml
+
+
+# WRITE OUT STACKRC
+if [ ! -e /root/stackrc ]; then
+ touch /root/stackrc
+ chmod 0600 /root/stackrc
+
+cat >> /root/stackrc <<-EOF_CAT
+export OS_PASSWORD=$admin_password
+export OS_AUTH_URL=$auth_url
+export OS_USERNAME=admin
+export OS_TENANT_NAME=admin
+export COMPUTE_API_VERSION=1.1
+export NOVA_VERSION=1.1
+export OS_BAREMETAL_API_VERSION=1.15
+export OS_NO_CACHE=True
+export OS_CLOUDNAME=undercloud
+EOF_CAT
+
+ if [ -n "$ssl_certificate" ]; then
+cat >> /root/stackrc <<-EOF_CAT
+export PYTHONWARNINGS="ignore:Certificate has no, ignore:A true SSLContext object is not available"
+EOF_CAT
+ fi
+fi
+
+source /root/stackrc
+
+if [ ! -f /root/.ssh/authorized_keys ]; then
+ sudo mkdir -p /root/.ssh
+ sudo chmod 7000 /root/.ssh/
+ sudo touch /root/.ssh/authorized_keys
+ sudo chmod 600 /root/.ssh/authorized_keys
+fi
+
+if [ ! -f /root/.ssh/id_rsa ]; then
+ ssh-keygen -b 1024 -N '' -f /root/.ssh/id_rsa
+fi
+
+if ! grep "$(cat /root/.ssh/id_rsa.pub)" /root/.ssh/authorized_keys; then
+ cat /root/.ssh/id_rsa.pub >> /root/.ssh/authorized_keys
+fi
+
+PHYSICAL_NETWORK=ctlplane
+
+ctlplane_id=$(openstack network list -f csv -c ID -c Name --quote none | tail -n +2 | grep ctlplane | cut -d, -f1)
+subnet_ids=$(openstack subnet list -f csv -c ID --quote none | tail -n +2)
+subnet_id=
+
+for subnet_id in $subnet_ids; do
+ network_id=$(openstack subnet show -f value -c network_id $subnet_id)
+ if [ "$network_id" = "$ctlplane_id" ]; then
+ break
+ fi
+done
+
+net_create=1
+if [ -n "$subnet_id" ]; then
+ cidr=$(openstack subnet show $subnet_id -f value -c cidr)
+ if [ "$cidr" = "$undercloud_network_cidr" ]; then
+ net_create=0
+ else
+ echo "New cidr $undercloud_network_cidr does not equal old cidr $cidr"
+ echo "Will attempt to delete and recreate subnet $subnet_id"
+ fi
+fi
+
+if [ "$net_create" -eq "1" ]; then
+ # Delete the subnet and network to make sure it doesn't already exist
+ if openstack subnet list | grep start; then
+ openstack subnet delete $(openstack subnet list | grep start | awk '{print $4}')
+ fi
+ if openstack network show ctlplane; then
+ openstack network delete ctlplane
+ fi
+
+
+ NETWORK_ID=$(openstack network create --provider-network-type=flat --provider-physical-network=ctlplane ctlplane | grep " id " | awk '{print $4}')
+
+ NAMESERVER_ARG=""
+ if [ -n "${undercloud_nameserver:-}" ]; then
+ NAMESERVER_ARG="--dns-nameserver $undercloud_nameserver"
+ fi
+
+ openstack subnet create --network=$NETWORK_ID \
+ --gateway=$undercloud_network_gateway \
+ --subnet-range=$undercloud_network_cidr \
+ --allocation-pool start=$undercloud_dhcp_start,end=$undercloud_dhcp_end \
+ --host-route destination=169.254.169.254/32,gateway=$local_ip \
+ $NAMESERVER_ARG ctlplane
+fi
+
+# Disable nova quotas
+openstack quota set --cores -1 --instances -1 --ram -1 $(openstack project show admin | awk '$2=="id" {print $4}')
+
+# MISTRAL WORKFLOW CONFIGURATION
+if [ "$(hiera mistral_api_enabled)" = "true" ]; then
+ # load workflows
+ for workbook in $(openstack workbook list | grep tripleo | cut -f 2 -d ' '); do
+ openstack workbook delete $workbook
+ done
+ for workflow in $(openstack workflow list | grep tripleo | cut -f 2 -d ' '); do
+ openstack workflow delete $workflow
+ done
+ for workbook in $(ls /usr/share/openstack-tripleo-common/workbooks/*); do
+ openstack workbook create $workbook
+ done
+
+ # Store the SNMP password in a mistral environment
+ if ! openstack workflow env show tripleo.undercloud-config &>/dev/null; then
+ TMP_MISTRAL_ENV=$(mktemp)
+ echo "{\"name\": \"tripleo.undercloud-config\", \"variables\": {\"undercloud_ceilometer_snmpd_password\": \"$snmp_readonly_user_password\"}}" > $TMP_MISTRAL_ENV
+ openstack workflow env create $TMP_MISTRAL_ENV
+ fi
+
+fi
+
+# IP forwarding is needed to allow the overcloud nodes access to the outside
+# internet in cases where they are on an isolated network.
+sysctl -w net.ipv4.ip_forward=1
+# Make it persistent
+echo "net.ipv4.ip_forward=1" > /etc/sysctl.d/ip-forward.conf
diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml
new file mode 100644
index 00000000..38a9181e
--- /dev/null
+++ b/extraconfig/post_deploy/undercloud_post.yaml
@@ -0,0 +1,93 @@
+heat_template_version: ocata
+
+description: >
+ Post-deployment for the TripleO undercloud
+
+parameters:
+ servers:
+ type: json
+ DeployedServerPortMap:
+ default: {}
+ type: json
+ UndercloudDhcpRangeStart:
+ type: string
+ default: '192.168.24.5'
+ UndercloudDhcpRangeEnd:
+ type: string
+ default: '192.168.24.24'
+ UndercloudNetworkCidr:
+ type: string
+ default: '192.168.24.0/24'
+ UndercloudNetworkGateway:
+ type: string
+ default: '192.168.24.1'
+ UndercloudNameserver:
+ type: string
+ default: ''
+ AdminPassword: #supplied by tripleo-undercloud-passwords.yaml
+ type: string
+ description: The password for the keystone admin account, used for monitoring, querying neutron etc.
+ hidden: True
+ SSLCertificate:
+ description: >
+ The content of the SSL certificate (without Key) in PEM format.
+ type: string
+ default: ""
+ hidden: True
+ SnmpdReadonlyUserPassword:
+ description: The user password for SNMPd with readonly rights running on all Overcloud nodes
+ type: string
+ hidden: true
+
+conditions:
+
+ ssl_disabled: {equals : [{get_param: SSLCertificate}, ""]}
+
+resources:
+
+ UndercloudPostConfig:
+ type: OS::Heat::SoftwareConfig
+ properties:
+ group: script
+ inputs:
+ - name: deploy_identifier
+ - name: local_ip
+ - name: undercloud_dhcp_start
+ - name: undercloud_dhcp_end
+ - name: undercloud_network_cidr
+ - name: undercloud_network_gateway
+ - name: undercloud_nameserver
+ - name: admin_password
+ - name: auth_url
+ - name: snmp_readonly_user_password
+ config: {get_file: ./undercloud_post.sh}
+
+ UndercloudPostDeployment:
+ type: OS::Heat::SoftwareDeployments
+ properties:
+ servers: {get_param: servers}
+ config: {get_resource: UndercloudPostConfig}
+ input_values:
+ local_ip: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
+ undercloud_dhcp_start: {get_param: UndercloudDhcpRangeStart}
+ undercloud_dhcp_end: {get_param: UndercloudDhcpRangeEnd}
+ undercloud_network_cidr: {get_param: UndercloudNetworkCidr}
+ undercloud_network_gateway: {get_param: UndercloudNetworkGateway}
+ undercloud_nameserver: {get_param: UndercloudNameserver}
+ ssl_certificate: {get_param: SSLCertificate}
+ admin_password: {get_param: AdminPassword}
+ snmp_readonly_user_password: {get_param: SnmpdReadonlyUserPassword}
+ # if SSL is enabled we use the public virtual ip as the stackrc endpoint
+ auth_url:
+ if:
+ - ssl_disabled
+ - list_join:
+ - ''
+ - - 'http://'
+ - {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
+ - ':5000/v2.0'
+ - list_join:
+ - ''
+ - - 'https://'
+ - {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
+ - ':13000/v2.0'