diff options
Diffstat (limited to 'common/puppet-opnfv')
21 files changed, 1670 insertions, 0 deletions
diff --git a/common/puppet-opnfv/manifests/ceph_deploy.pp b/common/puppet-opnfv/manifests/ceph_deploy.pp new file mode 100644 index 000000000..57202aaf7 --- /dev/null +++ b/common/puppet-opnfv/manifests/ceph_deploy.pp @@ -0,0 +1,102 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#Class installs and configures a ceph cluster +#Creates a single OSD per host and configures host as a monitor +#Inserts authentication keyrings for volumes and images users +#Creates OSD pools for volumes and images (needed by OpenStack) +#Depends on puppet module: https://github.com/stackforge/puppet-ceph/ + +class opnfv::ceph_deploy ( + $fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc', + $osd_pool_default_pg_num = '128', + $osd_pool_default_size = '1', + $osd_pool_default_min_size = '1', + $mon_initial_members = '', + $mon_host = '', + $cluster_network = "10.4.8.0/21", + $public_network = "10.4.8.0/21", + $osd_journal_size = '1000', + $osd_ip = '', + $mon_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $admin_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', + $images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==', + $volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==', + $boostrap_key = 'AQDcvhVV+H08DBAA5/0GGcfBQxz+/eKAdbJdTQ==', +) { + + class { 'ceph': + fsid => $fsid, + osd_pool_default_pg_num => $osd_pool_default_pg_num, + osd_pool_default_size => $osd_pool_default_size, + osd_pool_default_min_size => $osd_pool_default_min_size, + mon_initial_members => $mon_initial_members, + mon_host => $mon_host, + cluster_network => $cluster_network, + public_network => $public_network, + } + -> + ceph_config { + 'global/osd_journal_size': value => $osd_journal_size; + } + -> + ceph::mon { $::hostname: + public_addr => $osd_ip, + key => $mon_key, + } + + Ceph::Key { + inject => true, + inject_as_id => 'mon.', + inject_keyring => "/var/lib/ceph/mon/ceph-${::hostname}/keyring", + } + + ceph::key { 'client.admin': + secret => $admin_key, + cap_mon => 'allow *', + cap_osd => 'allow *', + cap_mds => 'allow', + mode => '0644', + } + ceph::key { 'client.images': + secret => $images_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=images', + inject => true, + mode => '0644', + } + + ceph::key { 'client.volumes': + secret => $volumes_key, + cap_mon => 'allow r', + cap_osd => 'allow class-read object_prefix rbd_children, allow rwx pool=volumes', + inject => true, + mode => '0644', + } + ceph::key { 'client.bootstrap-osd': + secret => $boostrap_key, + cap_mon => 'allow profile bootstrap-osd', + keyring_path => '/var/lib/ceph/bootstrap-osd/ceph.keyring', + } + -> + ceph::osd { '/osd0': } + -> + exec { 'create volumes pool': + command => "/usr/bin/ceph osd pool create volumes $osd_pool_default_pg_num", + } + -> + exec { 'create images pool': + command => "/usr/bin/ceph osd pool create images $osd_pool_default_pg_num", + } +} diff --git a/common/puppet-opnfv/manifests/compute.pp b/common/puppet-opnfv/manifests/compute.pp new file mode 100644 index 000000000..0b8175762 --- /dev/null +++ b/common/puppet-opnfv/manifests/compute.pp @@ -0,0 +1,163 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#Provides a manifest to configure OpenStack compute node in HA or non-HA +#environment, with Ceph configured as Cinder backend storage. +#ha_flag set to true will use virtual IP addresses (VIPs provided by +#global params) as the provider to the compute node for HA + +class opnfv::compute { + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + ##Common Parameters + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$private_subnet { fail('private_subnet is empty')} + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + + + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } + + if !$admin_password { $admin_password = $single_password } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + + ##HA Global params + if $ha_flag { + if $private_network == '' { fail('private_network is empty') } + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_ip_array = split($controllers_ip_array, ',') + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + if !$odl_control_ip { $odl_control_ip = $controllers_ip_array[0] } + if !$db_vip { fail('db_vip is empty') } + $mysql_ip = $db_vip + if !$amqp_vip { fail('amqp_vip is empty') } + $amqp_ip = $amqp_vip + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array } + if !$ceph_mon_host { $ceph_mon_host = $controllers_ip_array } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + + } else { + ##non HA params + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } + if !$private_ip { fail('private_ip is empty') } + $keystone_private_vip = $private_ip + $glance_private_vip = $private_ip + $nova_private_vip = $private_ip + $neutron_private_vip = $private_ip + if !$nova_db_password { fail('nova_db_password is empty') } + if !$nova_user_password { fail('nova_user_password is empty') } + if !$odl_control_ip { $odl_control_ip = $private_ip } + if !$mysql_ip { $mysql_ip = $private_ip } + if !$amqp_ip { $amqp_ip = $private_ip } + if !$amqp_username { $amqp_username = 'guest' } + if !$amqp_password { $amqp_password = 'guest' } + if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } + } + + class { "quickstack::neutron::compute": + auth_host => $keystone_private_vip, + glance_host => $glance_private_vip, + libvirt_images_rbd_pool => 'volumes', + libvirt_images_rbd_ceph_conf => '/etc/ceph/ceph.conf', + libvirt_inject_password => 'false', + libvirt_inject_key => 'false', + libvirt_images_type => 'rbd', + nova_host => $nova_private_vip, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + private_network => '', + private_iface => $ovs_tunnel_if, + private_ip => '', + rbd_user => 'volumes', + rbd_secret_uuid => $rbd_secret_uuid, + network_device_mtu => $quickstack::params::network_device_mtu, + + admin_password => $admin_password, + ssl => false, + + mysql_host => $mysql_ip, + mysql_ca => '/etc/ipa/ca.crt', + amqp_host => $amqp_ip, + amqp_username => $amqp_username, + amqp_password => $amqp_password, + + ceilometer => 'false', + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_rbd => 'true', + glance_backend_rbd => 'true', + ceph_cluster_network => $ceph_public_network, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_pool_default_size => $ceph_osd_pool_size, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_volumes_key => $ceph_volumes_key, + + agent_type => $this_agent, + enable_tunneling => true, + + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, + + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + neutron_host => $neutron_private_vip, + + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_l2_population => 'false', + + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + ovs_tunnel_types => ['vxlan'], + + verbose => 'true', + security_group_api => 'neutron', + + } +} diff --git a/common/puppet-opnfv/manifests/controller.pp b/common/puppet-opnfv/manifests/controller.pp new file mode 100644 index 000000000..97b01813f --- /dev/null +++ b/common/puppet-opnfv/manifests/controller.pp @@ -0,0 +1,135 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class opnfv::controller { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + } + + + if $admin_email == '' { fail('admin_email is empty') } + if $admin_password == '' { fail('admin_password is empty') } + + if $public_ip == '' { fail('public_ip is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $memcache_ip == '' { fail('memcache_ip is empty') } + if $neutron_ip == '' { fail('neutron_ip is empty') } + + if $keystone_admin_token == '' { fail('keystone_admin_token is empty') } + if $keystone_db_password == '' { fail('keystone_db_password is empty') } + + if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } + #if $trystack_db_password == '' { fail('trystack_db_password is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $cinder_user_password == '' { fail('cinder_user_password is empty') } + if $cinder_db_password == '' { fail('cinder_db_password is empty') } + + if $glance_user_password == '' { fail('glance_user_password is empty') } + if $glance_db_password == '' { fail('glance_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + if $heat_user_password == '' { fail('heat_user_password is empty') } + if $heat_db_password == '' { fail('heat_db_password is empty') } + if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } + + if $swift_user_password == '' { fail('swift_user_password is empty') } + if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } + if $swift_admin_password == '' { fail('swift_admin_password is empty') } + + class { "quickstack::neutron::controller": + admin_email => $admin_email, + admin_password => $admin_password, + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, + + ml2_mechanism_drivers => $ml2_mech_drivers, + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + +} diff --git a/common/puppet-opnfv/manifests/controller_networker.pp b/common/puppet-opnfv/manifests/controller_networker.pp new file mode 100644 index 000000000..157bc8f24 --- /dev/null +++ b/common/puppet-opnfv/manifests/controller_networker.pp @@ -0,0 +1,438 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#Provides HA or non-HA setup for OpenStack Controller with ODL integration +#Mandatory common and HA variables are needed to setup each Controller +#ha_flag set to true will provide OpenStack HA of the following services: +#rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron +#includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc) + +class opnfv::controller_networker { + if $odl_rest_port == '' { $odl_rest_port= '8081'} + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + } else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + ##Mandatory Common variables + if $admin_email == '' { fail('admin_email is empty') } + + ##Most users will only care about a single user/password for all services + ##so lets create one variable that can be used instead of separate usernames/passwords + if !$single_username { $single_username = 'octopus' } + if !$single_password { $single_password = 'octopus' } + + if !$keystone_admin_token { $keystone_admin_token = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + if !$admin_password { $admin_password = $single_password } + + ##Check for HA, if not leave old functionality alone + if $ha_flag and str2bool($ha_flag) { + ##Mandatory HA variables + if !$controllers_ip_array { fail('controllers_ip_array is empty') } + $controllers_ip_array_str = $controllers_ip_array + $controllers_ip_array = split($controllers_ip_array, ',') + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + if !$amqp_vip { fail('amqp_vip is empty') } + if !$private_subnet { fail('private_subnet is empty')} + if !$cinder_admin_vip { fail('cinder_admin_vip is empty') } + if !$cinder_private_vip { fail('cinder_private_vip is empty') } + if !$cinder_public_vip { fail('cinder_public_vip is empty') } + if !$db_vip { fail('db_vip is empty') } + if !$glance_admin_vip { fail('glance_admin_vip is empty') } + if !$glance_private_vip { fail('glance_private_vip is empty') } + if !$glance_public_vip { fail('glance_public_vip is empty') } + if !$horizon_admin_vip { fail('horizon_admin_vip is empty') } + if !$horizon_private_vip { fail('horizon_private_vip is empty') } + if !$horizon_public_vip { fail('horizon_public_vip is empty') } + if !$keystone_admin_vip { fail('keystone_admin_vip is empty') } + if !$keystone_private_vip { fail('keystone_private_vip is empty') } + if !$keystone_public_vip { fail('keystone_public_vip is empty') } + if !$loadbalancer_vip { fail('loadbalancer_vip is empty') } + if !$neutron_admin_vip { fail('neutron_admin_vip is empty') } + if !$neutron_private_vip { fail('neutron_private_vip is empty') } + if !$neutron_public_vip { fail('neutron_public_vip is empty') } + if !$nova_admin_vip { fail('nova_admin_vip is empty') } + if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } + if $private_network == '' { fail('private_network is empty') } + if !$heat_admin_vip { fail('heat_admin_vip is empty') } + if !$heat_private_vip { fail('heat_private_vip is empty') } + if !$heat_public_vip { fail('heat_public_vip is empty') } + if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') } + if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') } + if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') } + + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + + ##Optional HA variables + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' } + if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' } + if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array } + if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array} + if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' } + if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' } + if !$ceph_public_network { $ceph_public_network = $private_subnet } + if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] } + if !$horizon_secret { $horizon_secret = $single_password } + if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$keystone_user_password { $keystone_user_password = $single_password } + if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array } + if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_proxy_secret { $neutron_metadata_proxy_secret = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array} + if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] } + if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } + if !$storage_network { + $storage_iface = $ovs_tunnel_if + } else { + $storage_iface = get_nic_from_network("$storage_network") + } + + ##we assume here that if not provided, the first controller is where ODL will reside + ##this is fine for now as we will replace ODL with ODL HA when it is ready + if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] } + + ###find interface ip of storage network + $osd_ip = find_ip("", + "$storage_iface", + "") + + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "opnfv::external_net_presetup": + stage => presetup, + require => Class['opnfv::repo'], + } + } + + class { "opnfv::ceph_deploy": + fsid => $ceph_fsid, + osd_pool_default_size => $ceph_osd_pool_size, + osd_journal_size => $ceph_osd_journal_size, + mon_initial_members => $controllers_hostnames_array_str, + mon_host => $controllers_ip_array_str, + osd_ip => $osd_ip, + public_network => $ceph_public_network, + cluster_network => $ceph_public_network, + images_key => $ceph_images_key, + volumes_key => $ceph_volumes_key, + } + -> + class { "quickstack::openstack_common": } + -> + class { "quickstack::pacemaker::params": + amqp_password => $amqp_password, + amqp_username => $amqp_username, + amqp_vip => $amqp_vip, + ceph_cluster_network => $private_subnet, + ceph_fsid => $ceph_fsid, + ceph_images_key => $ceph_images_key, + ceph_mon_host => $ceph_mon_host, + ceph_mon_initial_members => $ceph_mon_initial_members, + ceph_osd_journal_size => $ceph_osd_journal_size, + ceph_osd_pool_size => $ceph_osd_pool_size, + ceph_public_network => $ceph_public_network, + ceph_volumes_key => $ceph_volumes_key, + cinder_admin_vip => $cinder_admin_vip, + cinder_db_password => $cinder_db_password, + cinder_private_vip => $cinder_private_vip, + cinder_public_vip => $cinder_public_vip, + cinder_user_password => $cinder_user_password, + cluster_control_ip => $cluster_control_ip, + db_vip => $db_vip, + glance_admin_vip => $glance_admin_vip, + glance_db_password => $glance_db_password, + glance_private_vip => $glance_private_vip, + glance_public_vip => $glance_public_vip, + glance_user_password => $glance_user_password, + heat_auth_encryption_key => $heat_auth_encryption_key, + heat_cfn_admin_vip => $heat_cfn_admin_vip, + heat_cfn_private_vip => $heat_cfn_private_vip, + heat_cfn_public_vip => $heat_cfn_public_vip, + heat_cfn_user_password => $heat_cfn_user_password, + heat_cloudwatch_enabled => 'true', + heat_cfn_enabled => 'true', + heat_db_password => $heat_db_password, + heat_admin_vip => $heat_admin_vip, + heat_private_vip => $heat_private_vip, + heat_public_vip => $heat_public_vip, + heat_user_password => $heat_user_password, + horizon_admin_vip => $horizon_admin_vip, + horizon_private_vip => $horizon_private_vip, + horizon_public_vip => $horizon_public_vip, + include_ceilometer => 'false', + include_cinder => 'true', + include_glance => 'true', + include_heat => 'true', + include_horizon => 'true', + include_keystone => 'true', + include_neutron => 'true', + include_nosql => 'false', + include_nova => 'true', + include_swift => 'false', + keystone_admin_vip => $keystone_admin_vip, + keystone_db_password => $keystone_db_password, + keystone_private_vip => $keystone_private_vip, + keystone_public_vip => $keystone_public_vip, + keystone_user_password => $keystone_user_password, + lb_backend_server_addrs => $lb_backend_server_addrs, + lb_backend_server_names => $lb_backend_server_names, + loadbalancer_vip => $loadbalancer_vip, + neutron => 'true', + neutron_admin_vip => $neutron_admin_vip, + neutron_db_password => $neutron_db_password, + neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret, + neutron_private_vip => $neutron_private_vip, + neutron_public_vip => $neutron_public_vip, + neutron_user_password => $neutron_user_password, + nova_admin_vip => $nova_admin_vip, + nova_db_password => $nova_db_password, + nova_private_vip => $nova_private_vip, + nova_public_vip => $nova_public_vip, + nova_user_password => $nova_user_password, + pcmk_iface => $ovs_tunnel_if, + pcmk_server_addrs => $pcmk_server_addrs, + pcmk_server_names => $pcmk_server_names, + private_iface => $ovs_tunnel_if, + } + -> + class { "quickstack::pacemaker::common": } + -> + class { "quickstack::pacemaker::load_balancer": } + -> + class { "quickstack::pacemaker::galera": + mysql_root_password => $mysql_root_password, + wsrep_cluster_members => $controllers_ip_array, + } + -> + class { "quickstack::pacemaker::qpid": } + -> + class { "quickstack::pacemaker::rabbitmq": } + -> + class { "quickstack::pacemaker::keystone": + admin_email => $admin_email, + admin_password => $admin_password, + admin_token => $keystone_admin_token, + cinder => 'true', + heat => 'true', + heat_cfn => 'true', + keystonerc => 'true', + use_syslog => 'true', + verbose => 'true', + } + -> + class { "quickstack::pacemaker::swift": } + -> + class { "quickstack::pacemaker::glance": + backend => 'rbd', + debug => true, + pcmk_fs_manage => 'false', + use_syslog => true, + verbose => true + } + -> + class { "quickstack::pacemaker::nova": + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + } + -> + class { "quickstack::pacemaker::cinder": + backend_rbd => true, + rbd_secret_uuid => $rbd_secret_uuid, + use_syslog => true, + verbose => true, + volume => true, + } + -> + class { "quickstack::pacemaker::heat": + use_syslog => true, + verbose => true, + } + -> + class { "quickstack::pacemaker::constraints": } + + class { "quickstack::pacemaker::nosql": } + + class { "quickstack::pacemaker::memcached": } + + class { "quickstack::pacemaker::ceilometer": + ceilometer_metering_secret => $single_password, + } + + class { "quickstack::pacemaker::horizon": + horizon_ca => '/etc/ipa/ca.crt', + horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt', + horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key', + secret_key => $horizon_secret, + verbose => 'true', + } + + class { "quickstack::pacemaker::neutron": + agent_type => $this_agent, + enable_tunneling => 'true', + ml2_mechanism_drivers => $ml2_mech_drivers, + ml2_network_vlan_ranges => ["physnet1:10:50"], + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_types => ["vxlan"], + verbose => 'true', + } + + if ($external_network_flag != '') and str2bool($external_network_flag) { + class { "opnfv::external_net_setup": } + } + + } else { + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } + if $public_ip == '' { fail('public_ip is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { $odl_control_ip = $private_ip } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $mysql_root_password == '' { fail('mysql_root_password is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $memcache_ip == '' { fail('memcache_ip is empty') } + if $neutron_ip == '' { fail('neutron_ip is empty') } + + if $keystone_db_password == '' { fail('keystone_db_password is empty') } + + if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $cinder_user_password == '' { fail('cinder_user_password is empty') } + if $cinder_db_password == '' { fail('cinder_db_password is empty') } + + if $glance_user_password == '' { fail('glance_user_password is empty') } + if $glance_db_password == '' { fail('glance_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } + if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } + + if $heat_user_password == '' { fail('heat_user_password is empty') } + if $heat_db_password == '' { fail('heat_db_password is empty') } + if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } + + if $swift_user_password == '' { fail('swift_user_password is empty') } + if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } + if $swift_admin_password == '' { fail('swift_admin_password is empty') } + + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } + + + class { "quickstack::neutron::controller_networker": + admin_email => $admin_email, + admin_password => $admin_password, + agent_type => $this_agent, + enable_tunneling => true, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_tunnel_types => ['vxlan'], + ovs_l2_population => 'True', + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + controller_admin_host => $private_ip, + controller_priv_host => $private_ip, + controller_pub_host => $public_ip, + ssl => false, + #support_profile => $quickstack::params::support_profile, + #freeipa => $quickstack::params::freeipa, + + mysql_host => $mysql_ip, + mysql_root_password => $mysql_root_password, + #amqp_provider => $amqp_provider, + amqp_host => $amqp_ip, + amqp_username => $amqp_username, + amqp_password => $amqp_password, + #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password, + + keystone_admin_token => $keystone_admin_token, + keystone_db_password => $keystone_db_password, + + ceilometer_metering_secret => $ceilometer_metering_secret, + ceilometer_user_password => $ceilometer_user_password, + + cinder_backend_gluster => $quickstack::params::cinder_backend_gluster, + cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name, + cinder_gluster_shares => $quickstack::params::cinder_gluster_shares, + cinder_user_password => $cinder_user_password, + cinder_db_password => $cinder_db_password, + + glance_db_password => $glance_db_password, + glance_user_password => $glance_user_password, + + heat_cfn => true, + heat_cloudwatch => true, + heat_db_password => $heat_db_password, + heat_user_password => $heat_user_password, + heat_auth_encrypt_key => $heat_auth_encrypt_key, + + horizon_secret_key => $horizon_secret_key, + horizon_ca => $quickstack::params::horizon_ca, + horizon_cert => $quickstack::params::horizon_cert, + horizon_key => $quickstack::params::horizon_key, + + ml2_mechanism_drivers => $ml2_mech_drivers, + + #neutron => true, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + odl_controller_ip => $odl_control_ip, + odl_controller_port => $odl_rest_port, + + swift_shared_secret => $swift_shared_secret, + swift_admin_password => $swift_admin_password, + swift_ringserver_ip => '192.168.203.1', + swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"], + swift_storage_device => 'device1', + } + + } +} diff --git a/common/puppet-opnfv/manifests/external_net_presetup.pp b/common/puppet-opnfv/manifests/external_net_presetup.pp new file mode 100644 index 000000000..b7c7c5f07 --- /dev/null +++ b/common/puppet-opnfv/manifests/external_net_presetup.pp @@ -0,0 +1,102 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class opnfv::external_net_presetup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + if ($public_nic == '') or ($public_nic_ip == '') or ($public_nic == "br-ex") or ($public_nic == "br_ex") { + notify {"Skipping augeas, public_nic ${public_nic}, public_nic_ip ${public_nic_ip}":} + + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + unless => 'ip addr show br-ex | grep "inet "', + before => Exec['restart-network-public-nic-ip'], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + exec {'restart-network-public-nic-ip': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + onlyif => 'ip addr show | grep $(ip addr show br-ex | grep -Eo "inet [\.0-9]+" | cut -d " " -f2) | grep -v br-ex', + } + + } else { + #reconfigure public interface to be ovsport + augeas { "main-$public_nic": + context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic", + changes => [ + "rm IPADDR", + "rm NETMASK", + "rm GATEWAY", + "rm DNS1", + "rm BOOTPROTO", + "rm DEFROUTE", + "rm IPV6_DEFROUTE", + "rm IPV6_PEERDNS", + "rm IPV6_PEERROUTES", + "rm PEERROUTES", + "set PEERDNS no", + "set BOOTPROTO static", + "set IPV6INIT no", + "set IPV6_AUTOCONF no", + "set ONBOOT yes", + "set TYPE OVSPort", + "set OVS_BRIDGE br-ex", + "set PROMISC yes" + + ], + before => Class["quickstack::pacemaker::params"], + require => Service["openvswitch"], + } + + -> + #create br-ex interface + file { 'external_bridge': + path => '/etc/sysconfig/network-scripts/ifcfg-br-ex', + owner => 'root', + group => 'root', + mode => '0644', + content => template('trystack/br_ex.erb'), + before => Class["quickstack::pacemaker::params"], + } + -> + exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex': + path => ["/usr/sbin/", "/usr/bin/"], + } + ~> + exec {'systemctl restart network': + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + + } +} diff --git a/common/puppet-opnfv/manifests/external_net_setup.pp b/common/puppet-opnfv/manifests/external_net_setup.pp new file mode 100644 index 000000000..af00f203e --- /dev/null +++ b/common/puppet-opnfv/manifests/external_net_setup.pp @@ -0,0 +1,85 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +class opnfv::external_net_setup { + + if $public_gateway == '' { fail('public_gateway is empty') } + if $public_dns == '' { fail('public_dns is empty') } + if $public_network == '' { fail('public_network is empty') } + if $public_subnet == '' { fail('public_subnet is empty') } + if $public_allocation_start == '' { fail('public_allocation_start is empty') } + if $public_allocation_end == '' { fail('public_allocation_end is empty') } + if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') } + $controllers_hostnames_array_str = $controllers_hostnames_array + $controllers_hostnames_array = split($controllers_hostnames_array, ',') + + #find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_nic_ip = get_ip_from_nic("$public_nic") + $public_nic_netmask = get_netmask_from_nic("$public_nic") + + Anchor[ 'neutron configuration anchor end' ] + -> + #update bridge-mappings to physnet1 + file_line { 'ovs': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => '[ovs]', + } + -> + #update bridge-mappings to physnet1 + file_line { 'bridge_mapping': + ensure => present, + path => '/etc/neutron/plugin.ini', + line => 'bridge_mappings = physnet1:br-ex', + } + -> + Exec["pcs-neutron-server-set-up"] + +##this way we only let controller1 create the neutron resources +##controller1 should be the active neutron-server at provisioining time + + if $hostname == $controllers_hostnames_array[0] { + Exec["all-neutron-nodes-are-up"] + -> + neutron_network { 'provider_network': + ensure => present, + name => 'provider_network', + admin_state_up => true, + provider_network_type => flat, + provider_physical_network => 'physnet1', + router_external => true, + tenant_name => 'admin', + } + -> + neutron_subnet { 'provider_subnet': + ensure => present, + name => provider_subnet, + cidr => $public_subnet, + gateway_ip => $public_gateway, + allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ], + dns_nameservers => $public_dns, + network_name => 'provider_network', + tenant_name => 'admin', + } + -> + neutron_router { 'provider_router': + ensure => present, + name => 'provider_router', + admin_state_up => true, + gateway_network_name => 'provider_network', + tenant_name => 'admin', + } + } +} diff --git a/common/puppet-opnfv/manifests/init.pp b/common/puppet-opnfv/manifests/init.pp new file mode 100644 index 000000000..7b68df57a --- /dev/null +++ b/common/puppet-opnfv/manifests/init.pp @@ -0,0 +1,44 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class opnfv { + if $::osfamily == 'Fuel' { + include opnfv::resolver + include opnfv::ntp + include opnfv::add_packages + include opnfv::odl_docker + include opnfv::opncheck + } + + if $::osfamily == 'RedHat' { + + include stdlib + stage { 'presetup': + before => Stage['setup'], + } + + class { '::ntp': + stage => presetup, + } + + class { "opnfv::repo": + stage => presetup, + } + -> + package { "python-rados": + ensure => latest, + } + } +} diff --git a/common/puppet-opnfv/manifests/network.pp b/common/puppet-opnfv/manifests/network.pp new file mode 100644 index 000000000..91e769378 --- /dev/null +++ b/common/puppet-opnfv/manifests/network.pp @@ -0,0 +1,77 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class opnfv::network { + ###use 8081 as a default work around swift service + if $odl_rest_port == '' {$odl_rest_port = '8081'} + + if ($odl_flag != '') and str2bool($odl_flag) { + $ml2_mech_drivers = ['opendaylight'] + $this_agent = 'opendaylight' + class {"opendaylight": + odl_rest_port => $odl_rest_port, + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + } + } + else { + $ml2_mech_drivers = ['openvswitch','l2population'] + $this_agent = 'ovs' + } + + + + if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } + if $private_ip == '' { fail('private_ip is empty') } + + if $odl_control_ip == '' { fail('odl_controL_ip is empty, should be the IP of your network node private interface') } + + if $mysql_ip == '' { fail('mysql_ip is empty') } + if $amqp_ip == '' { fail('amqp_ip is empty') } + + if $nova_user_password == '' { fail('nova_user_password is empty') } + if $nova_db_password == '' { fail('nova_db_password is empty') } + + if $neutron_user_password == '' { fail('neutron_user_password is empty') } + if $neutron_db_password == '' { fail('neutron_db_password is empty') } + if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } + + class { "quickstack::neutron::networker": + agent_type => $this_agent, + neutron_metadata_proxy_secret => $neutron_metadata_shared_secret, + neutron_db_password => $neutron_db_password, + neutron_user_password => $neutron_user_password, + nova_db_password => $nova_db_password, + nova_user_password => $nova_user_password, + + controller_priv_host => $private_ip, + + enable_tunneling => true, + ovs_tunnel_iface => $ovs_tunnel_if, + ovs_tunnel_network => '', + ovs_l2_population => 'True', + ovs_tunnel_types => ['vxlan'], + external_network_bridge => 'br-ex', + tenant_network_type => 'vxlan', + tunnel_id_ranges => '1:1000', + + mysql_host => $mysql_ip, + amqp_host => $amqp_ip, + amqp_username => 'guest', + amqp_password => 'guest', + + ml2_mechanism_drivers => $ml2_mech_drivers, + odl_controller_ip => $odl_control_ip, + } +} diff --git a/common/puppet-opnfv/manifests/ntp.pp b/common/puppet-opnfv/manifests/ntp.pp new file mode 100644 index 000000000..c27175ece --- /dev/null +++ b/common/puppet-opnfv/manifests/ntp.pp @@ -0,0 +1,72 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +# Class: Ntp +# +# Add Ntp content passed through astute.yaml into ntp.conf depending on the role +# +# Suitable yaml content: +# <begin> +# opnfv: +# ntp: +# controller: | +# line 1 +# line 2 +# compute: | +# line 1 +# line 2 +# <end> +# +# +# + +class opnfv::ntp( + $file='/etc/ntp.conf' +) { + + if $::fuel_settings['role'] { + if ($::fuel_settings['opnfv'] and + $::fuel_settings['opnfv']['ntp']) { + case $::fuel_settings['role'] { + /controller/: { + if $::fuel_settings['opnfv']['ntp']['controller'] { + $template = 'opnfv/ntp.conf.controller.erb' + $file_content = $::fuel_settings['opnfv']['ntp']['controller'] + } + } + /compute/: { + if $::fuel_settings['opnfv']['ntp']['compute'] { + $template = 'opnfv/ntp.conf.compute.erb' + $file_content = $::fuel_settings['opnfv']['ntp']['compute'] + } + } + } + } + } + + if $file_content { + package { 'ntp': + ensure => installed, + } + + file { $file: + content => template($template), + notify => Service['ntp'], + } + + service { 'ntp': + ensure => running, + enable => true, + require => [ Package['ntp'], File[$file]] + } + } +} + + diff --git a/common/puppet-opnfv/manifests/odl_docker.pp b/common/puppet-opnfv/manifests/odl_docker.pp new file mode 100644 index 000000000..6e70ba077 --- /dev/null +++ b/common/puppet-opnfv/manifests/odl_docker.pp @@ -0,0 +1,50 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# daniel.smith@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +class opnfv::odl_docker +{ + case $::fuel_settings['role'] { + /controller/: { + + file { "/opt": + ensure => "directory", + } + + file { "/opt/opnfv": + ensure => "directory", + owner => "root", + group => "root", + mode => 777, + } + + file { "/opt/opnfv/odl": + ensure => "directory", + } + + file { "/opt/opnfv/odl/odl_docker_image.tar": + ensure => present, + source => "/etc/puppet/modules/opnfv/odl_docker/odl_docker_image.tar", + mode => 750, + } + + file { "/opt/opnfv/odl/docker-latest": + ensure => present, + source => "/etc/puppet/modules/opnfv/odl_docker/docker-latest", + mode => 750, + } + + file { "/opt/opnfv/odl/start_odl_conatiner.sh": + ensure => present, + source => "/etc/puppet/modules/opnfv/scripts/start_odl_container.sh", + mode => 750, + } + } + } +} + diff --git a/common/puppet-opnfv/manifests/odl_service.pp b/common/puppet-opnfv/manifests/odl_service.pp new file mode 100644 index 000000000..bbe8218f8 --- /dev/null +++ b/common/puppet-opnfv/manifests/odl_service.pp @@ -0,0 +1,24 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +#Class installs opendaylight with a default rest port of 8081 +#This is to work around OpenStack Swift which also uses common port 8080 + +class opnfv::odl_service { + if !$odl_rest_port { $odl_rest_port = '8081'} + class {"opendaylight": + extra_features => ['odl-base-all', 'odl-aaa-authn', 'odl-restconf', 'odl-nsf-all', 'odl-adsal-northbound', 'odl-mdsal-apidocs', 'odl-ovsdb-openstack', 'odl-ovsdb-northbound', 'odl-dlux-core'], + odl_rest_port => $odl_rest_port, + } +} diff --git a/common/puppet-opnfv/manifests/repo.pp b/common/puppet-opnfv/manifests/repo.pp new file mode 100644 index 000000000..fe8930565 --- /dev/null +++ b/common/puppet-opnfv/manifests/repo.pp @@ -0,0 +1,67 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +class opnfv::repo { + if $::osfamily == 'RedHat' { + if $proxy_address != '' { + $myline= "proxy=${proxy_address}" + include stdlib + file_line { 'yumProxy': + ensure => present, + path => '/etc/yum.conf', + line => $myline, + before => Yumrepo['openstack-juno'], + } + } + + yumrepo { "openstack-juno": + baseurl => "http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/", + descr => "RDO Community repository", + enabled => 1, + gpgcheck => 0, + } + + exec {'disable selinux': + command => '/usr/sbin/setenforce 0', + unless => '/usr/sbin/getenforce | grep Permissive', + } + -> + service { "network": + ensure => "running", + enable => "true", + hasrestart => true, + restart => '/usr/bin/systemctl restart network', + } + -> + service { 'NetworkManager': + ensure => "stopped", + enable => "false", + } + ~> + exec { 'restart-network-presetup': + command => 'systemctl restart network', + path => ["/usr/sbin/", "/usr/bin/"], + refreshonly => 'true', + } + -> + package { 'openvswitch': + ensure => installed, + } + -> + service {'openvswitch': + ensure => 'running', + } + } +} diff --git a/common/puppet-opnfv/manifests/resolver.pp b/common/puppet-opnfv/manifests/resolver.pp new file mode 100644 index 000000000..2951f7e1f --- /dev/null +++ b/common/puppet-opnfv/manifests/resolver.pp @@ -0,0 +1,62 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +# Class: opnfv::resolver +# +# Add resolver content passed through astute.yaml into resolv.conf +# depending on the role +# +# Suitable yaml content: +# <begin> +# opnfv: +# dns: +# compute: +# - 100.100.100.2 +# - 100.100.100.3 +# controller: +# - 100.100.100.102 +# - 100.100.100.104 +# <end> +# +# +# + +class opnfv::resolver() +{ + if $::fuel_settings['role'] { + if $::fuel_settings['role'] == 'primary-controller' { + $role = 'controller' + } else { + $role = $::fuel_settings['role'] + } + + if ($::fuel_settings['opnfv'] + and $::fuel_settings['opnfv']['dns'] + and $::fuel_settings['opnfv']['dns'][$role]) { + $nameservers=$::fuel_settings['opnfv']['dns'][$role] + + file { '/etc/resolv.conf': + owner => root, + group => root, + mode => '0644', + content => template('opnfv/resolv.conf.erb'), + } +# /etc/resolv.conf is re-generated at each boot by resolvconf, so we +# need to store there as well. + file { '/etc/resolvconf/resolv.conf.d/head': + owner => root, + group => root, + mode => '0644', + content => template('opnfv/resolv.conf.erb'), + } + } + } +} + diff --git a/common/puppet-opnfv/manifests/tempest.pp b/common/puppet-opnfv/manifests/tempest.pp new file mode 100644 index 000000000..86f4212a9 --- /dev/null +++ b/common/puppet-opnfv/manifests/tempest.pp @@ -0,0 +1,27 @@ +#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +#The required package for tempest is missing in Khaleesi along with EPEL for CentOS. +#This is a workaround for now since we require EPEL with Foreman/Puppet +#Also is a good place to put anything additional that we wish to install on the tempest node. + +class opnfv::tempest { + + if $::osfamily == 'RedHat' { + package { 'subunit-filters': + ensure => present, + } + } +} diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile b/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile new file mode 100644 index 000000000..80a92d8c5 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile @@ -0,0 +1,82 @@ +#################################################################### +# Copyright (c) 2015 Ericsson AB and others. +# daniel.smith@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +# DOCKERFILE TO CREATE ODL IN CONTAINER AND EXPOSE DLUX AND OVSDB TO ODL +# +############################################################################# + + +#Set the base image - note: the current release of Karaf is using Jdk7 and alot of 12.04, so we will use it rather than 14.04 and backport a ton of stuff +FROM ubuntu:12.04 + +# Maintainer Info +MAINTAINER Daniel Smith + + +#Run apt-get update one start just to check for updates when building +RUN echo "Updating APT" +RUN apt-get update +RUN echo "Adding wget" +RUN apt-get install -y wget +RUN apt-get install -y net-tools +RUN apt-get install -y openjdk-7-jre +RUN apt-get install -y openjdk-7-jdk +RUN apt-get install -y openssh-server +RUN apt-get install -y vim +RUN apt-get install -y expect +RUN apt-get install -y daemontools +RUN mkdir -p /opt/odl_source +RUN bash -c 'echo "export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64" >> ~/.bashrc' + + + +#Now lets got and fetch the ODL distribution +RUN echo "Fetching ODL" +RUN wget https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.2.3-Helium-SR3/distribution-karaf-0.2.3-Helium-SR3.tar.gz -O /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz + +RUN echo "Untarring ODL inplace" +RUN mkdir -p /opt/odl +RUN tar zxvf /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz -C /opt/odl + +RUN echo "Installing DLUX and other features into ODL" +#COPY dockerfile/container_scripts/start_odl_docker.sh /etc/init.d/start_odl_docker.sh +COPY container_scripts/start_odl_docker_container.sh /etc/init.d/ +COPY container_scripts/speak.sh /etc/init.d/ +#COPY dockerfile/container_scripts/speak.sh /etc/init.d/speak.sh +RUN chmod 777 /etc/init.d/start_odl_docker_container.sh +RUN chmod 777 /etc/init.d/speak.sh + + + +# Expose the ports + +# PORTS FOR BASE SYSTEM AND DLUX +EXPOSE 8101 +EXPOSE 6633 +EXPOSE 1099 +EXPOSE 43506 +EXPOSE 8181 +EXPOSE 8185 +EXPOSE 9000 +EXPOSE 39378 +EXPOSE 33714 +EXPOSE 44444 +EXPOSE 6653 + +# PORTS FOR OVSDB AND ODL CONTROL +EXPOSE 12001 +EXPOSE 6640 +EXPOSE 8080 +EXPOSE 7800 +EXPOSE 55130 +EXPOSE 52150 +EXPOSE 36826 + +# set the ENTRYPOINT - An entry point allows us to run this container as an exectuable +CMD ["/etc/init.d/start_odl_docker_container.sh"] diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh new file mode 100644 index 000000000..533942eb3 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh @@ -0,0 +1,18 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# daniel.smith@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +#!/usr/bin/expect +spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client +expect "root>" +send "feature:list | grep -i odl-restconf\r" +send "\r\r\r" +expect "root>" +send "logout\r" + + diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh new file mode 100644 index 000000000..95bbaf4e6 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh @@ -0,0 +1,20 @@ +#!/usr/bin/expect +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# daniel.smith@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +# Simple expect script to start up ODL client and load feature set for DLUX and OVSDB +# NOTE: THIS WILL BE REPLACED WITH A PROGRAMATIC METHOD SHORTLY +################################################################################# + +spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client +expect "root>" +send "feature:install odl-base-all odl-aaa-authn odl-restconf odl-nsf-all odl-adsal-northbound odl-mdsal-apidocs odl-ovsdb-openstack odl-ovsdb-northbound odl-dlux-core" +send "\r\r\r" +expect "root>" +send "logout\r" diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh new file mode 100644 index 000000000..8ae05f7bc --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh @@ -0,0 +1,48 @@ +#!/bin/bash +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# daniel.smith@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +# +# Simple expect script to start up ODL client and load feature set for DLUX and OVSDB +# NOTE: THIS WILL BE REPLACED WITH A PROGRAMATIC METHOD SHORTLY +################################################################################# +# Start up script for calling karaf / ODL inside a docker container. +# +# This script will also call a couple expect scripts to load the feature set that we want + + +#ENV +export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64 + +#MAIN +echo "Starting up the da Sheilds..." +/opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/karaf server & +echo "Sleeping 5 bad hack" +sleep 10 +echo "should see stuff listening now" +netstat -na +echo " should see proess running for karaf" +ps -efa +echo " Starting the packages we want" +/etc/init.d/speak.sh +echo "Printout the status - if its right, you should see 8181 appear now" +netstat -na +ps -efa + + + +## This is a loop that keeps our container going currently, prinout the "status of karaf" to the docker logs every minute +## Cheap - but effective +while true; +do + echo "Checking status of ODL:" + /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/status + sleep 60 +done + + diff --git a/common/puppet-opnfv/manifests/templates/ntp.conf.compute.erb b/common/puppet-opnfv/manifests/templates/ntp.conf.compute.erb new file mode 100644 index 000000000..ac6529314 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/ntp.conf.compute.erb @@ -0,0 +1,22 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +tinker panic 0 +driftfile /var/lib/ntp/ntp.drift +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery +restrict 127.0.0.1 +restrict ::1 +<%= @file_content %> + diff --git a/common/puppet-opnfv/manifests/templates/ntp.conf.controller.erb b/common/puppet-opnfv/manifests/templates/ntp.conf.controller.erb new file mode 100644 index 000000000..ac6529314 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/ntp.conf.controller.erb @@ -0,0 +1,22 @@ +############################################################################## +# Copyright (c) 2015 Ericsson AB and others. +# stefan.k.berg@ericsson.com +# jonas.bjurel@ericsson.com +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## + +tinker panic 0 +driftfile /var/lib/ntp/ntp.drift +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery +restrict 127.0.0.1 +restrict ::1 +<%= @file_content %> + diff --git a/common/puppet-opnfv/templates/br_ex.erb b/common/puppet-opnfv/templates/br_ex.erb new file mode 100644 index 000000000..6c0e7e7f0 --- /dev/null +++ b/common/puppet-opnfv/templates/br_ex.erb @@ -0,0 +1,10 @@ +DEVICE=br-ex +DEVICETYPE=ovs +IPADDR=<%= @public_nic_ip %> +NETMASK=<%= @public_nic_netmask %> +GATEWAY=<%= @public_gateway %> +BOOTPROTO=static +ONBOOT=yes +TYPE=OVSBridge +PROMISC=yes +PEERDNS=no |