diff options
| author |   Dan Radez <dradez@redhat.com> | 2015-09-04 14:38:56 -0400 |
|---|---|---|
| committer | Dan Radez <dradez@redhat.com> | 2015-09-04 14:43:31 -0400 |
| commit | 8f49d7a5efc0e847ecffcb05f6aff2186d8cecc9 (patch) | |
| tree | 0970daa3d2c30f93fe6aa40cfbfb63549e5182d6 | |
| parent | ab4950db472c20b57bff533f1f330b5b794aa35b (diff) | |
| parent | 591a1c4327c0793b4a15443f9e72b79ffbeaa226 (diff) | |
Merge branch 'master' into merge-master-arno
Change-Id: Idbe1d8ba5f1fe44ae5c5e407d5999c28909639c5
Signed-off-by: Dan Radez <dradez@redhat.com>
238 files changed, 16150 insertions, 2830 deletions
diff --git a/common/docs/user-guide.rst b/common/docs/user-guide.rst index 8e02224..08b2767 100644 --- a/common/docs/user-guide.rst +++ b/common/docs/user-guide.rst @@ -21,14 +21,13 @@ Version history | **Date** | **Ver.** | **Author** | **Comment** | | | | | | +--------------------+--------------------+--------------------+--------------------+ -| 2015-05-28 | 0.0.1 | Christopher Price | Initial version | +| 2015-06-04 | 1.0.0 | Christopher Price | Initial revision | | | | (Ericsson AB) | | +--------------------+--------------------+--------------------+--------------------+ -| 2015-06-02 | 0.0.2 | Christopher Price | Minor Updates | -| | | (Ericsson AB) | | +| 2015-06-05 | 1.0.1 | Christopher Price | Corrected links & | +| | | (Ericsson AB) | e-mail address | +--------------------+--------------------+--------------------+--------------------+ - .. contents:: Table of Contents :backlinks: none @@ -60,16 +59,16 @@ Hardware Requirements The Arno release of OPNFV is intended to be run as a baremetal deployment on a "Pharos compliant" lab infrastructure. The Pharos project in OPNFV is a community activity to provide guidance and establish requirements on hardware platforms supporting the Arno virtualisation platform. -Prior to deploying the OPNFV platform it is important that the hardware infrastructure be configured according to the Pharos specification: http://artifacts.opnfv.org/pharos/docs/spec.html +Prior to deploying the OPNFV platform it is important that the hardware infrastructure be configured according to the Pharos specification: https://www.opnfv.org/sites/opnfv/files/release/pharos-spec.arno.2015.1.0.pdf Arno Platform Deployment ------------------------ The Arno platform supports installation and deployment using two deployment tools; a Foreman based deployment toolchain and a Fuel based deployment toolchain. -In order to deploy the Arno release on a Pharos compliant lab using the Foreman deployment toolchain you should follow in the Foreman installation guide: http://artifacts.opnfv.org/genesis/foreman/docs/installation-instructions.html +In order to deploy the Arno release on a Pharos compliant lab using the Foreman deployment toolchain you should follow in the Foreman installation guide: https://www.opnfv.org/sites/opnfv/files/release/foreman_install-guide.arno.2015.1.0.pdf -In order to deploy the Arno release on a Pharos compliant lab using the Fuel deployment toolchain you should follow in the Fuel installation guide: http://artifacts.opnfv.org/genesis/fuel/docs/installation-instructions.html +In order to deploy the Arno release on a Pharos compliant lab using the Fuel deployment toolchain you should follow in the Fuel installation guide: https://www.opnfv.org/sites/opnfv/files/release/install-guide.arno.2015.1.0.pdf Enabling or disabling OpenDaylight and the native Neutron driver ---------------------------------------------------------------- @@ -79,7 +78,7 @@ You may find that you wish to adjust the system by enabling or disabling the nat Deployment Validation --------------------- -Once installed you should validate the deployment completed successfully by executing the automated basic platform validation routines outlined in the Arno testing documentation: http://artifacts.opnfv.org/functest/docs/functest.html +Once installed you should validate the deployment completed successfully by executing the automated basic platform validation routines outlined in the Arno testing documentation: https://www.opnfv.org/sites/opnfv/files/release/functest.arno.2015.1.0.pdf Operating the Arno platform =========================== @@ -117,7 +116,7 @@ You can engage with the community to help us improve and further develop the OPN - To access Jira for issue reporting or improvement proposals head to: https://jira.opnfv.org/ - To get started helping out developing the platform head to: https://wiki.opnfv.org/developer -Alternatively if you are intending to invest your time as a user of the platform you can ask questions and request help from our mailing list at: mailto://support@opnfv.org +Alternatively if you are intending to invest your time as a user of the platform you can ask questions and request help from our mailing list at: mailto://opnfv-users@lists.opnfv.org License ======= @@ -149,7 +148,7 @@ Fuel `Fuel User Guide <http://docs.fuel-infra.org/openstack/fuel/fuel-6.0/user-guide.html>`_ :Authors: Christopher Price (christopher.price@ericsson.com) -:Version: 0.0.2 +:Version: 1.0.1 **Documentation tracking** diff --git a/common/puppet-opnfv/manifests/compute.pp b/common/puppet-opnfv/manifests/compute.pp index 0b81757..2fed241 100644 --- a/common/puppet-opnfv/manifests/compute.pp +++ b/common/puppet-opnfv/manifests/compute.pp @@ -51,11 +51,11 @@ class opnfv::compute { if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } ##HA Global params - if $ha_flag { + if $ha_flag and str2bool($ha_flag) { if $private_network == '' { fail('private_network is empty') } if !$keystone_private_vip { fail('keystone_private_vip is empty') } if !$glance_private_vip { fail('glance_private_vip is empty') } - if !$nova_private_vip { fail('nova_private_vip is empty') } + if !$nova_public_vip { fail('nova_public_vip is empty') } if !$nova_db_password { $nova_db_password = $single_password } if !$nova_user_password { $nova_user_password = $single_password } if !$controllers_ip_array { fail('controllers_ip_array is empty') } @@ -78,19 +78,30 @@ class opnfv::compute { } else { ##non HA params - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if !$private_ip { fail('private_ip is empty') } - $keystone_private_vip = $private_ip - $glance_private_vip = $private_ip - $nova_private_vip = $private_ip - $neutron_private_vip = $private_ip - if !$nova_db_password { fail('nova_db_password is empty') } - if !$nova_user_password { fail('nova_user_password is empty') } - if !$odl_control_ip { $odl_control_ip = $private_ip } - if !$mysql_ip { $mysql_ip = $private_ip } - if !$amqp_ip { $amqp_ip = $private_ip } - if !$amqp_username { $amqp_username = 'guest' } - if !$amqp_password { $amqp_password = 'guest' } + ##Mandatory + if $private_network == '' { fail('private_network is empty') } + if ($odl_flag != '') and str2bool($odl_flag) { + if $odl_control_ip == '' { fail('odl_control_ip is empty') } + } + if $controller_ip == '' { fail('controller_ip is empty') } + + ##Optional + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + + $keystone_private_vip = $controller_ip + $glance_private_vip = $controller_ip + $nova_public_vip = $controller_ip + $neutron_private_vip = $controller_ip + + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$mysql_ip { $mysql_ip = $controller_ip } + if !$amqp_ip { $amqp_ip = $controller_ip } + if !$amqp_username { $amqp_username = $single_username } + if !$amqp_password { $amqp_password = $single_password } if !$ceph_mon_host { $ceph_mon_host= ["$private_ip"] } if !$ceph_mon_initial_members { $ceph_mon_initial_members = ["$::hostname"] } } @@ -103,7 +114,7 @@ class opnfv::compute { libvirt_inject_password => 'false', libvirt_inject_key => 'false', libvirt_images_type => 'rbd', - nova_host => $nova_private_vip, + nova_host => $nova_public_vip, nova_db_password => $nova_db_password, nova_user_password => $nova_user_password, private_network => '', diff --git a/common/puppet-opnfv/manifests/controller_networker.pp b/common/puppet-opnfv/manifests/controller_networker.pp index 157bc8f..60cae34 100644 --- a/common/puppet-opnfv/manifests/controller_networker.pp +++ b/common/puppet-opnfv/manifests/controller_networker.pp @@ -302,6 +302,7 @@ class opnfv::controller_networker { class { "quickstack::pacemaker::neutron": agent_type => $this_agent, enable_tunneling => 'true', + external_network_bridge => 'br-ex', ml2_mechanism_drivers => $ml2_mech_drivers, ml2_network_vlan_ranges => ["physnet1:10:50"], odl_controller_ip => $odl_control_ip, @@ -309,6 +310,18 @@ class opnfv::controller_networker { ovs_tunnel_iface => $ovs_tunnel_if, ovs_tunnel_types => ["vxlan"], verbose => 'true', + neutron_conf_additional_params => { default_quota => 'default', + quota_network => '50', + quota_subnet => '50', + quota_port => 'default', + quota_security_group => '50', + quota_security_group_rule => 'default', + quota_vip => 'default', + quota_pool => 'default', + quota_router => '50', + quota_floatingip => '100', + network_auto_schedule => 'default', + }, } if ($external_network_flag != '') and str2bool($external_network_flag) { @@ -316,50 +329,47 @@ class opnfv::controller_networker { } } else { - if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') } - if $public_ip == '' { fail('public_ip is empty') } - if $private_ip == '' { fail('private_ip is empty') } - - if $odl_control_ip == '' { $odl_control_ip = $private_ip } - - if $mysql_ip == '' { fail('mysql_ip is empty') } - if $mysql_root_password == '' { fail('mysql_root_password is empty') } - if $amqp_ip == '' { fail('amqp_ip is empty') } - - if $memcache_ip == '' { fail('memcache_ip is empty') } - if $neutron_ip == '' { fail('neutron_ip is empty') } - - if $keystone_db_password == '' { fail('keystone_db_password is empty') } - - if $horizon_secret_key == '' { fail('horizon_secret_key is empty') } - - if $nova_user_password == '' { fail('nova_user_password is empty') } - if $nova_db_password == '' { fail('nova_db_password is empty') } - - if $cinder_user_password == '' { fail('cinder_user_password is empty') } - if $cinder_db_password == '' { fail('cinder_db_password is empty') } - - if $glance_user_password == '' { fail('glance_user_password is empty') } - if $glance_db_password == '' { fail('glance_db_password is empty') } - - if $neutron_user_password == '' { fail('neutron_user_password is empty') } - if $neutron_db_password == '' { fail('neutron_db_password is empty') } - if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') } - - if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') } - if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') } - - if $heat_user_password == '' { fail('heat_user_password is empty') } - if $heat_db_password == '' { fail('heat_db_password is empty') } - if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') } - - if $swift_user_password == '' { fail('swift_user_password is empty') } - if $swift_shared_secret == '' { fail('swift_shared_secret is empty') } - if $swift_admin_password == '' { fail('swift_admin_password is empty') } + ##Mandatory Non-HA parameters + if $private_network == '' { fail('private_network is empty') } + if $public_network == '' { fail('public_network is empty') } + ##Optional Non-HA parameters if !$amqp_username { $amqp_username = $single_username } if !$amqp_password { $amqp_password = $single_password } + if !$mysql_root_password { $mysql_root_password = $single_password } + if !$keystone_db_password { $keystone_db_password = $single_password } + if !$horizon_secret_key { $horizon_secret_key = $single_password } + if !$nova_db_password { $nova_db_password = $single_password } + if !$nova_user_password { $nova_user_password = $single_password } + if !$cinder_db_password { $cinder_db_password = $single_password } + if !$cinder_user_password { $cinder_user_password = $single_password } + if !$glance_db_password { $glance_db_password = $single_password } + if !$glance_user_password { $glance_user_password = $single_password } + if !$neutron_db_password { $neutron_db_password = $single_password } + if !$neutron_user_password { $neutron_user_password = $single_password } + if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password } + if !$ceilometer_user_password { $ceilometer_user_password = $single_password } + if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password } + if !$heat_user_password { $heat_user_password = $single_password } + if !$heat_db_password { $heat_db_password = $single_password } + if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' } + if !$swift_user_password { $swift_user_password = $single_password } + if !$swift_shared_secret { $swift_shared_secret = $single_password } + if !$swift_admin_password { $swift_admin_password = $single_password } + ##Find private interface + $ovs_tunnel_if = get_nic_from_network("$private_network") + ##Find private ip + $private_ip = get_ip_from_nic("$ovs_tunnel_if") + #Find public NIC + $public_nic = get_nic_from_network("$public_network") + $public_ip = get_ip_from_nic("$public_nic") + + if !$mysql_ip { $mysql_ip = $private_ip } + if !$amqp_ip { $amqp_ip = $private_ip } + if !$memcache_ip { $memcache_ip = $private_ip } + if !$neutron_ip { $neutron_ip = $private_ip } + if !$odl_control_ip { $odl_control_ip = $private_ip } class { "quickstack::neutron::controller_networker": admin_email => $admin_email, @@ -414,6 +424,8 @@ class opnfv::controller_networker { horizon_cert => $quickstack::params::horizon_cert, horizon_key => $quickstack::params::horizon_key, + keystonerc => true, + ml2_mechanism_drivers => $ml2_mech_drivers, #neutron => true, diff --git a/common/puppet-opnfv/manifests/external_net_presetup.pp b/common/puppet-opnfv/manifests/external_net_presetup.pp index b7c7c5f..96038c0 100644 --- a/common/puppet-opnfv/manifests/external_net_presetup.pp +++ b/common/puppet-opnfv/manifests/external_net_presetup.pp @@ -85,7 +85,7 @@ class opnfv::external_net_presetup { owner => 'root', group => 'root', mode => '0644', - content => template('trystack/br_ex.erb'), + content => template('opnfv/br_ex.erb'), before => Class["quickstack::pacemaker::params"], } -> diff --git a/common/puppet-opnfv/manifests/external_net_setup.pp b/common/puppet-opnfv/manifests/external_net_setup.pp index af00f20..fc014d4 100644 --- a/common/puppet-opnfv/manifests/external_net_setup.pp +++ b/common/puppet-opnfv/manifests/external_net_setup.pp @@ -60,7 +60,7 @@ class opnfv::external_net_setup { provider_network_type => flat, provider_physical_network => 'physnet1', router_external => true, - tenant_name => 'admin', + tenant_name => 'services', } -> neutron_subnet { 'provider_subnet': @@ -70,8 +70,9 @@ class opnfv::external_net_setup { gateway_ip => $public_gateway, allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ], dns_nameservers => $public_dns, + enable_dhcp => false, network_name => 'provider_network', - tenant_name => 'admin', + tenant_name => 'services', } -> neutron_router { 'provider_router': diff --git a/common/puppet-opnfv/manifests/init.pp b/common/puppet-opnfv/manifests/init.pp index 7b68df5..d26bd7a 100644 --- a/common/puppet-opnfv/manifests/init.pp +++ b/common/puppet-opnfv/manifests/init.pp @@ -18,7 +18,6 @@ class opnfv { include opnfv::resolver include opnfv::ntp include opnfv::add_packages - include opnfv::odl_docker include opnfv::opncheck } diff --git a/common/puppet-opnfv/manifests/odl_docker.pp b/common/puppet-opnfv/manifests/odl_docker.pp deleted file mode 100644 index 6e70ba0..0000000 --- a/common/puppet-opnfv/manifests/odl_docker.pp +++ /dev/null @@ -1,50 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# daniel.smith@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -class opnfv::odl_docker -{ - case $::fuel_settings['role'] { - /controller/: { - - file { "/opt": - ensure => "directory", - } - - file { "/opt/opnfv": - ensure => "directory", - owner => "root", - group => "root", - mode => 777, - } - - file { "/opt/opnfv/odl": - ensure => "directory", - } - - file { "/opt/opnfv/odl/odl_docker_image.tar": - ensure => present, - source => "/etc/puppet/modules/opnfv/odl_docker/odl_docker_image.tar", - mode => 750, - } - - file { "/opt/opnfv/odl/docker-latest": - ensure => present, - source => "/etc/puppet/modules/opnfv/odl_docker/docker-latest", - mode => 750, - } - - file { "/opt/opnfv/odl/start_odl_conatiner.sh": - ensure => present, - source => "/etc/puppet/modules/opnfv/scripts/start_odl_container.sh", - mode => 750, - } - } - } -} - diff --git a/common/puppet-opnfv/manifests/templates/br_ex.erb b/common/puppet-opnfv/manifests/templates/br_ex.erb new file mode 100644 index 0000000..6c0e7e7 --- /dev/null +++ b/common/puppet-opnfv/manifests/templates/br_ex.erb @@ -0,0 +1,10 @@ +DEVICE=br-ex +DEVICETYPE=ovs +IPADDR=<%= @public_nic_ip %> +NETMASK=<%= @public_nic_netmask %> +GATEWAY=<%= @public_gateway %> +BOOTPROTO=static +ONBOOT=yes +TYPE=OVSBridge +PROMISC=yes +PEERDNS=no diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile b/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile deleted file mode 100644 index 80a92d8..0000000 --- a/common/puppet-opnfv/manifests/templates/dockerfile/Dockerfile +++ /dev/null @@ -1,82 +0,0 @@ -#################################################################### -# Copyright (c) 2015 Ericsson AB and others. -# daniel.smith@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# -# DOCKERFILE TO CREATE ODL IN CONTAINER AND EXPOSE DLUX AND OVSDB TO ODL -# -############################################################################# - - -#Set the base image - note: the current release of Karaf is using Jdk7 and alot of 12.04, so we will use it rather than 14.04 and backport a ton of stuff -FROM ubuntu:12.04 - -# Maintainer Info -MAINTAINER Daniel Smith - - -#Run apt-get update one start just to check for updates when building -RUN echo "Updating APT" -RUN apt-get update -RUN echo "Adding wget" -RUN apt-get install -y wget -RUN apt-get install -y net-tools -RUN apt-get install -y openjdk-7-jre -RUN apt-get install -y openjdk-7-jdk -RUN apt-get install -y openssh-server -RUN apt-get install -y vim -RUN apt-get install -y expect -RUN apt-get install -y daemontools -RUN mkdir -p /opt/odl_source -RUN bash -c 'echo "export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64" >> ~/.bashrc' - - - -#Now lets got and fetch the ODL distribution -RUN echo "Fetching ODL" -RUN wget https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.2.3-Helium-SR3/distribution-karaf-0.2.3-Helium-SR3.tar.gz -O /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz - -RUN echo "Untarring ODL inplace" -RUN mkdir -p /opt/odl -RUN tar zxvf /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz -C /opt/odl - -RUN echo "Installing DLUX and other features into ODL" -#COPY dockerfile/container_scripts/start_odl_docker.sh /etc/init.d/start_odl_docker.sh -COPY container_scripts/start_odl_docker_container.sh /etc/init.d/ -COPY container_scripts/speak.sh /etc/init.d/ -#COPY dockerfile/container_scripts/speak.sh /etc/init.d/speak.sh -RUN chmod 777 /etc/init.d/start_odl_docker_container.sh -RUN chmod 777 /etc/init.d/speak.sh - - - -# Expose the ports - -# PORTS FOR BASE SYSTEM AND DLUX -EXPOSE 8101 -EXPOSE 6633 -EXPOSE 1099 -EXPOSE 43506 -EXPOSE 8181 -EXPOSE 8185 -EXPOSE 9000 -EXPOSE 39378 -EXPOSE 33714 -EXPOSE 44444 -EXPOSE 6653 - -# PORTS FOR OVSDB AND ODL CONTROL -EXPOSE 12001 -EXPOSE 6640 -EXPOSE 8080 -EXPOSE 7800 -EXPOSE 55130 -EXPOSE 52150 -EXPOSE 36826 - -# set the ENTRYPOINT - An entry point allows us to run this container as an exectuable -CMD ["/etc/init.d/start_odl_docker_container.sh"] diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh deleted file mode 100644 index 533942e..0000000 --- a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/check_feature.sh +++ /dev/null @@ -1,18 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# daniel.smith@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -#!/usr/bin/expect -spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client -expect "root>" -send "feature:list | grep -i odl-restconf\r" -send "\r\r\r" -expect "root>" -send "logout\r" - - diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh deleted file mode 100644 index 95bbaf4..0000000 --- a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/speak.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/expect -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# daniel.smith@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# -# Simple expect script to start up ODL client and load feature set for DLUX and OVSDB -# NOTE: THIS WILL BE REPLACED WITH A PROGRAMATIC METHOD SHORTLY -################################################################################# - -spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client -expect "root>" -send "feature:install odl-base-all odl-aaa-authn odl-restconf odl-nsf-all odl-adsal-northbound odl-mdsal-apidocs odl-ovsdb-openstack odl-ovsdb-northbound odl-dlux-core" -send "\r\r\r" -expect "root>" -send "logout\r" diff --git a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh b/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh deleted file mode 100644 index 8ae05f7..0000000 --- a/common/puppet-opnfv/manifests/templates/dockerfile/container_scripts/start_odl_docker_container.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# daniel.smith@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -# -# Simple expect script to start up ODL client and load feature set for DLUX and OVSDB -# NOTE: THIS WILL BE REPLACED WITH A PROGRAMATIC METHOD SHORTLY -################################################################################# -# Start up script for calling karaf / ODL inside a docker container. -# -# This script will also call a couple expect scripts to load the feature set that we want - - -#ENV -export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64 - -#MAIN -echo "Starting up the da Sheilds..." -/opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/karaf server & -echo "Sleeping 5 bad hack" -sleep 10 -echo "should see stuff listening now" -netstat -na -echo " should see proess running for karaf" -ps -efa -echo " Starting the packages we want" -/etc/init.d/speak.sh -echo "Printout the status - if its right, you should see 8181 appear now" -netstat -na -ps -efa - - - -## This is a loop that keeps our container going currently, prinout the "status of karaf" to the docker logs every minute -## Cheap - but effective -while true; -do - echo "Checking status of ODL:" - /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/status - sleep 60 -done - - diff --git a/compass/ci/build.sh b/compass/ci/build.sh index 4e5b87b..2b7fd9a 100755 --- a/compass/ci/build.sh +++ b/compass/ci/build.sh @@ -84,7 +84,7 @@ EOF # BEGIN of variables to customize # BUILD_BASE=$(readlink -e ../build/) -RESULT_DIR="${BUILD_BASE}/release" +export RESULT_DIR="${BUILD_BASE}/release" BUILD_SPEC="${BUILD_BASE}/config.mk" CACHE_DIR="cache" LOCAL_CACHE_ARCH_NAME="compass-cache" @@ -112,11 +112,11 @@ DEBUG=0 INTEGRATION_TEST=0 FULL_INTEGRATION_TEST=0 INTERACTIVE=0 -BUILD_CACHE_URI= +export BUILD_CACHE_URI= BUILD_SPEC= BUILD_DIR= BUILD_LOG= -BUILD_VERSION= +export BUILD_VERSION= MAKE_ARGS= # # END of script assigned variables @@ -133,6 +133,8 @@ source ${INCLUDE_DIR}/build.sh.debug ############################################################################ # BEGIN of main # +build_prepare + while getopts "s:c:v:f:l:r:RtTh" OPTION do case $OPTION in @@ -376,15 +378,15 @@ mkdir -p ${BUILD_DIR} cp ${BUILD_BASE}/.versions ${BUILD_DIR} cp ${RESULT_DIR}/*.iso* ${BUILD_DIR} -if [ $POPULATE_CACHE -eq 1 ]; then - if [ ! -z ${BUILD_CACHE_URI} ]; then - echo "Building cache ..." - tar --dereference -C ${BUILD_BASE} -caf ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz ${CACHE_DIR} - echo "Uploading cache ${BUILD_CACHE_URI}/${REMOTE_CACHE_ARCH_NAME}" - ${REMOTE_ACCESS_METHD} -T ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz ${BUILD_CACHE_URI}/${REMOTE_CACHE_ARCH_NAME}.tgz - rm ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz - fi -fi +#if [ $POPULATE_CACHE -eq 1 ]; then +# if [ ! -z ${BUILD_CACHE_URI} ]; then +# echo "Building cache ..." +# tar --dereference -C ${BUILD_BASE} -caf ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz ${CACHE_DIR} +# echo "Uploading cache ${BUILD_CACHE_URI}/${REMOTE_CACHE_ARCH_NAME}" +# ${REMOTE_ACCESS_METHD} -T ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz ${BUILD_CACHE_URI}/${REMOTE_CACHE_ARCH_NAME}.tgz +# rm ${BUILD_BASE}/${LOCAL_CACHE_ARCH_NAME}.tgz +# fi +#fi echo "Success!!!" exit 0 # diff --git a/compass/ci/deploy.sh b/compass/ci/deploy.sh index fe754aa..197bf63 100755 --- a/compass/ci/deploy.sh +++ b/compass/ci/deploy.sh @@ -1,5 +1,9 @@ -SCRIPT_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) -CONF_NAME=$1 -source ${SCRIPT_DIR}/../deploy/prepare.sh || exit $? -source ${SCRIPT_DIR}/../deploy/setup-env.sh || exit $? -source ${SCRIPT_DIR}/../deploy/deploy-vm.sh || exit $? +#set -x +COMPASS_DIR=`cd ${BASH_SOURCE[0]%/*}/../;pwd` +export COMPASS_DIR + +apt-get install screen +screen -ls |grep deploy|awk -F. '{print $1}'|xargs kill -9 +screen -wipe +#screen -dmSL deploy bash $COMPASS_DIR/ci/launch.sh $* +$COMPASS_DIR/ci/launch.sh $* diff --git a/compass/ci/launch.sh b/compass/ci/launch.sh new file mode 100755 index 0000000..316b06f --- /dev/null +++ b/compass/ci/launch.sh @@ -0,0 +1,65 @@ +#set -x +WORK_DIR=$COMPASS_DIR/ci/work + +if [[ $# -ge 1 ]];then + CONF_NAME=$1 +else + CONF_NAME=cluster +fi + +source ${COMPASS_DIR}/ci/log.sh +source ${COMPASS_DIR}/deploy/conf/${CONF_NAME}.conf +source ${COMPASS_DIR}/deploy/prepare.sh +source ${COMPASS_DIR}/deploy/network.sh + +if [[ ! -z $VIRT_NUMBER ]];then + source ${COMPASS_DIR}/deploy/host_vm.sh +else + source ${COMPASS_DIR}/deploy/host_baremetal.sh +fi + +source ${COMPASS_DIR}/deploy/compass_vm.sh +source ${COMPASS_DIR}/deploy/deploy_host.sh + +######################### main process + +if ! prepare_env;then + echo "prepare_env failed" + exit 1 +fi + +log_info "########## get host mac begin #############" +machines=`get_host_macs` +if [[ -z $machines ]];then + log_error "get_host_macs failed" + exit 1 +fi + +log_info "deploy host macs: $machines" +export machines + +log_info "########## set up network begin #############" +if ! create_nets;then + log_error "create_nets failed" + exit 1 +fi + +if ! launch_compass;then + log_error "launch_compass failed" + exit 1 +fi +if [[ ! -z $VIRT_NUMBER ]];then + if ! launch_host_vms;then + log_error "launch_host_vms failed" + exit 1 + fi +fi +if ! deploy_host;then + #tear_down_machines + #tear_down_compass + exit 1 +else + #tear_down_machines + #tear_down_compass + exit 0 +fi diff --git a/compass/ci/log.sh b/compass/ci/log.sh new file mode 100755 index 0000000..f54fdca --- /dev/null +++ b/compass/ci/log.sh @@ -0,0 +1,22 @@ +#!/bin/bash +reset=`tput sgr0` +red=`tput setaf 1` +green=`tput setaf 2` +yellow=`tput setaf 3` + +function log_info() { + echo -e "${green}$*${reset}" +} + +function log_warn() { + echo -e "${yellow}$*${reset}" +} + +function log_error() { + echo -e "${red}$*${reset}" +} + +function log_progress() { + echo -en "${yellow}$*\r${reset}" +} + diff --git a/compass/deploy/ansible/openstack_juno/HA-ansible-multinodes.yml b/compass/deploy/ansible/openstack_juno/HA-ansible-multinodes.yml new file mode 100644 index 0000000..9c1d7e7 --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/HA-ansible-multinodes.yml @@ -0,0 +1,42 @@ +--- +- hosts: all + remote_user: root + sudo: true + roles: + - repo + - common + +- hosts: ha + remote_user: root + sudo: True + roles: + - ha + +- hosts: controller + remote_user: root + sudo: True + roles: + - database + - mq + - keystone + - nova-controller + - neutron-controller + - cinder-controller + - glance + - neutron-common + - neutron-network + - dashboard + +- hosts: compute + remote_user: root + sudo: True + roles: + - nova-compute + - neutron-compute + - cinder-volume + +- hosts: all + remote_user: root + sudo: True + roles: + - monitor diff --git a/compass/deploy/ansible/openstack_juno/allinone.yml b/compass/deploy/ansible/openstack_juno/allinone.yml new file mode 100644 index 0000000..15220ca --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/allinone.yml @@ -0,0 +1,38 @@ +--- +- hosts: all + remote_user: root + sudo: true + roles: + - repo + +- hosts: controller + sudo: True + roles: + - common + - database + - mq + - keystone + - nova-controller + - neutron-controller + - dashboard + - cinder-controller + - glance + +- hosts: network + sudo: True + roles: + - common + - neutron-network + +- hosts: storage + sudo: True + roles: + - common + - cinder-volume + +- hosts: compute + sudo: True + roles: + - common + - nova-compute + - neutron-compute diff --git a/compass/deploy/ansible/openstack_juno/compute.yml b/compass/deploy/ansible/openstack_juno/compute.yml new file mode 100644 index 0000000..b2679c0 --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/compute.yml @@ -0,0 +1,9 @@ +--- +- hosts: all + remote_user: vagrant + sudo: True + roles: + - repo + - common + - nova-compute + - neutron-compute diff --git a/compass/deploy/ansible/openstack_juno/controller.yml b/compass/deploy/ansible/openstack_juno/controller.yml new file mode 100644 index 0000000..7f4a10e --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/controller.yml @@ -0,0 +1,15 @@ +--- +- hosts: controller + remote_user: root + sudo: True + roles: + - repo + - common + - database + - mq + - keystone + - nova-controller + - neutron-controller + - dashboard + - cinder-controller + - glance diff --git a/compass/deploy/ansible/openstack_juno/group_vars/all b/compass/deploy/ansible/openstack_juno/group_vars/all new file mode 100644 index 0000000..5643fcd --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/group_vars/all @@ -0,0 +1,54 @@ +controller_host: 10.1.0.11 +network_host: 10.1.0.12 +compute_host: 10.1.0.13 +storage_host: 10.1.0.14 +odl_controller: 10.1.0.15 + +DEBUG: False +VERBOSE: False +NTP_SERVER_LOCAL: controller +DB_HOST: "{{ controller_host }}" +MQ_BROKER: rabbitmq + +OPENSTACK_REPO: cloudarchive-juno.list +ADMIN_TOKEN: admin +CEILOMETER_TOKEN: c095d479023a0fd58a54 +RABBIT_PASS: guest +KEYSTONE_DBPASS: keystone_db_secret +DEMO_PASS: demo_secret +ADMIN_PASS: admin_secret +GLANCE_DBPASS: glance_db_secret +GLANCE_PASS: glance_secret +NOVA_DBPASS: nova_db_secret +NOVA_PASS: nova_secret +DASH_DBPASS: dash_db_secret +CINDER_DBPASS: cinder_db_secret +CINDER_PASS: cinder_secret +NEUTRON_DBPASS: neutron_db_secret +NEUTRON_PASS: netron_secret +NEUTRON_TYPE_DRIVERS: ['flat', 'gre', 'vxlan'] +NEUTRON_TENANT_NETWORK_TYPES: ['vxlan'] +#NEUTRON_MECHANISM_DRIVERS: ['opendaylight'] +NEUTRON_MECHANISM_DRIVERS: ['openvswitch'] +NEUTRON_TUNNEL_TYPES: ['vxlan'] +METADATA_SECRET: metadata_secret +INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS: 10.1.1.21 +INTERFACE_NAME: eth2 + +EXTERNAL_NETWORK_CIDR: 203.0.113.0/24 +EXTERNAL_NETWORK_GATEWAY: 203.0.113.1 +FLOATING_IP_START: 203.0.113.101 +FLOATING_IP_END: 203.0.113.200 + +juno_cloud_archive: deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/juno main +build_in_image: http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img +build_in_image_name: cirros-0.3.3-x86_64-disk.img + +physical_device: /dev/sdb + +internal_interface: ansible_eth1 +internal_ip: "{{ hostvars[inventory_hostname][internal_interface]['ipv4']['address'] }}" + +odl_username: admin +odl_password: admin +odl_api_port: 8080 diff --git a/compass/deploy/ansible/openstack_juno/multinodes.yml b/compass/deploy/ansible/openstack_juno/multinodes.yml new file mode 100644 index 0000000..ffd29d5 --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/multinodes.yml @@ -0,0 +1,75 @@ +--- +- hosts: all + remote_user: root + sudo: true + roles: + - repo + +- hosts: database + sudo: True + roles: + - common + - database + +- hosts: messaging + sudo: True + roles: + - common + - mq + +- hosts: identity + sudo: True + roles: + - common + - keystone + +- hosts: compute-controller + sudo: True + roles: + - common + - nova-controller + +- hosts: network-server + sudo: True + roles: + - common + - neutron-controller + +- hosts: storage-controller + sudo: True + roles: + - common + - cinder-controller + +- hosts: image + sudo: True + roles: + - common + - glance + +- hosts: dashboard + sudo: True + roles: + - common + - dashboard + +- hosts: network-worker + sudo: True + roles: + - common + - neutron-network + +- hosts: storage-volume + sudo: True + roles: + - common + - cinder-volume + +- hosts: compute-worker + sudo: True + roles: + - common + - nova-compute + - neutron-compute + + diff --git a/compass/deploy/ansible/openstack_juno/network.yml b/compass/deploy/ansible/openstack_juno/network.yml new file mode 100644 index 0000000..558f317 --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/network.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + remote_user: vagrant + sudo: True + roles: + - repo + - common + - neutron-network diff --git a/compass/deploy/ansible/openstack_juno/single-controller.yml b/compass/deploy/ansible/openstack_juno/single-controller.yml new file mode 100644 index 0000000..15220ca --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/single-controller.yml @@ -0,0 +1,38 @@ +--- +- hosts: all + remote_user: root + sudo: true + roles: + - repo + +- hosts: controller + sudo: True + roles: + - common + - database + - mq + - keystone + - nova-controller + - neutron-controller + - dashboard + - cinder-controller + - glance + +- hosts: network + sudo: True + roles: + - common + - neutron-network + +- hosts: storage + sudo: True + roles: + - common + - cinder-volume + +- hosts: compute + sudo: True + roles: + - common + - nova-compute + - neutron-compute diff --git a/compass/deploy/ansible/openstack_juno/storage.yml b/compass/deploy/ansible/openstack_juno/storage.yml new file mode 100644 index 0000000..3c0aa41 --- /dev/null +++ b/compass/deploy/ansible/openstack_juno/storage.yml @@ -0,0 +1,8 @@ +--- +- hosts: all + remote_user: vagrant + sudo: True + roles: + - repo + - common + - cinder-volume diff --git a/compass/deploy/ansible/roles/cinder-controller/handlers/main.yml b/compass/deploy/ansible/roles/cinder-controller/handlers/main.yml new file mode 100644 index 0000000..ef671dd --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart cinder-scheduler + service: name=cinder-scheduler state=restarted enabled=yes +- name: restart cinder-api + service: name=cinder-api state=restarted enabled=yes + diff --git a/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_config.yml b/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_config.yml new file mode 100644 index 0000000..7796cf7 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_config.yml @@ -0,0 +1,20 @@ +--- +- name: sync cinder db + shell: su -s /bin/sh -c "cinder-manage db sync" cinder && cinder + register: result + until: result.rc == 0 + retries: 5 + delay: 3 + notify: + - restart cinder-scheduler + - restart cinder-api + +- meta: flush_handlers + +- name: upload cinder keystone register script + template: src=cinder_init.sh dest=/opt/cinder_init.sh mode=0744 + +- name: run cinder register script + shell: for i in {0..5}; do /opt/cinder_init.sh && touch cinder_init_complete; if [ $? != 0 ]; then sleep 5; else break; fi; done + args: + creates: cinder_init_complete diff --git a/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_install.yml b/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_install.yml new file mode 100644 index 0000000..03ad432 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/tasks/cinder_install.yml @@ -0,0 +1,20 @@ +--- +- name: install cinder packages + apt: name={{ item }} state=present force=yes + with_items: + - cinder-api + - cinder-scheduler + - python-cinderclient + +- name: generate cinder service list + shell: echo {{ item }} >> /opt/service + with_items: + - cinder-api + - cinder-scheduler + +- name: upload cinder conf + template: src=cinder.conf dest=/etc/cinder/cinder.conf + notify: + - restart cinder-scheduler + - restart cinder-api + diff --git a/compass/deploy/ansible/roles/cinder-controller/tasks/main.yml b/compass/deploy/ansible/roles/cinder-controller/tasks/main.yml new file mode 100644 index 0000000..1dbe91f --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- include: cinder_install.yml + tags: + - install + - cinder-install + - cinder + +- include: cinder_config.yml + when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == '' + tags: + - config + - cinder-config + - cinder diff --git a/compass/deploy/ansible/roles/cinder-controller/templates/api-paste.ini b/compass/deploy/ansible/roles/cinder-controller/templates/api-paste.ini new file mode 100644 index 0000000..b568a17 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/templates/api-paste.ini @@ -0,0 +1,71 @@ +############# +# OpenStack # +############# + +[composite:osapi_volume] +use = call:cinder.api:root_app_factory +/: apiversions +/v1: openstack_volume_api_v1 +/v2: openstack_volume_api_v2 + +[composite:openstack_volume_api_v1] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = request_id faultwrap sizelimit osprofiler noauth apiv1 +keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 +keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1 + +[composite:openstack_volume_api_v2] +use = call:cinder.api.middleware.auth:pipeline_factory +noauth = request_id faultwrap sizelimit osprofiler noauth apiv2 +keystone = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 +keystone_nolimit = request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2 + +[filter:request_id] +paste.filter_factory = cinder.openstack.common.middleware.request_id:RequestIdMiddleware.factory + +[filter:faultwrap] +paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory + +[filter:osprofiler] +paste.filter_factory = osprofiler.web:WsgiMiddleware.factory +hmac_keys = SECRET_KEY +enabled = yes + +[filter:noauth] +paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory + +[filter:sizelimit] +paste.filter_factory = cinder.api.middleware.sizelimit:RequestBodySizeLimiter.factory + +[app:apiv1] +paste.app_factory = cinder.api.v1.router:APIRouter.factory + +[app:apiv2] +paste.app_factory = cinder.api.v2.router:APIRouter.factory + +[pipeline:apiversions] +pipeline = faultwrap osvolumeversionapp + +[app:osvolumeversionapp] +paste.app_factory = cinder.api.versions:Versions.factory + +[filter:authtoken] +paste.filter_factory = keystoneclient.middleware.auth_token:filter_factory +# auth_host = 127.0.0.1 +# auth_port = 35357 +# auth_protocol = http +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = cinder +admin_password = {{ CINDER_PASS }} + +########## +# Shared # +########## + +[filter:keystonecontext] +paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory + +[filter:authtoken] +paste.filter_factory = keystonemiddleware.auth_token:filter_factory diff --git a/compass/deploy/ansible/roles/cinder-controller/templates/cinder.conf b/compass/deploy/ansible/roles/cinder-controller/templates/cinder.conf new file mode 100644 index 0000000..e34fd2f --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/templates/cinder.conf @@ -0,0 +1,63 @@ +[DEFAULT] +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_confg = /etc/cinder/api-paste.ini +iscsi_helper = tgtadm +volume_name_template = volume-%s +volume_group = cinder-volumes +verbose = {{ VERBOSE }} +debug = {{ DEBUG }} +auth_strategy = keystone +state_path = /var/lib/cinder +lock_path = /var/lock/cinder +notification_driver=cinder.openstack.common.notifier.rpc_notifier +volumes_dir = /var/lib/cinder/volumes + +log_file=/var/log/cinder/cinder.log + +control_exchange = cinder +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_port = 5672 +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +my_ip = {{ storage_controller_host }} + +glance_host = {{ HA_VIP }} +glance_port = 9292 +api_rate_limit = False +storage_availability_zone = nova + +quota_volumes = 10 +quota_gigabytes=1000 +quota_driver=cinder.quota.DbQuotaDriver + +osapi_volume_listen = {{ storage_controller_host }} +osapi_volume_listen_port = 8776 + +db_backend = sqlalchemy +volume_name_template = volume-%s +snapshot_name_template = snapshot-%s + +max_gigabytes=10000 +volume_group=cinder-volumes + +volume_clear=zero +volume_clear_size=10 + +iscsi_ip_address={{ storage_controller_host }} +iscsi_port=3260 +iscsi_helper=tgtadm + +volumes_dir=/var/lib/cinder/volumes + +volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = cinder +admin_password = {{ CINDER_PASS }} + +[database] +connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder diff --git a/compass/deploy/ansible/roles/cinder-controller/templates/cinder_init.sh b/compass/deploy/ansible/roles/cinder-controller/templates/cinder_init.sh new file mode 100644 index 0000000..0ec61b6 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-controller/templates/cinder_init.sh @@ -0,0 +1,6 @@ +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=cinder --pass={{ CINDER_PASS }} --email=cinder@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=cinder --tenant=service --role=admin + +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=cinder --type=volume --description="OpenStack Block Storage" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ volume / {print $2}') --publicurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s --internalurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s --adminurl=http://{{ HA_VIP }}:8776/v1/%\(tenant_id\)s + diff --git a/compass/deploy/ansible/roles/cinder-volume/files/loop.yml b/compass/deploy/ansible/roles/cinder-volume/files/loop.yml new file mode 100644 index 0000000..e872652 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-volume/files/loop.yml @@ -0,0 +1 @@ +physical_device: /dev/loop0 diff --git a/compass/deploy/ansible/roles/cinder-volume/handlers/main.yml b/compass/deploy/ansible/roles/cinder-volume/handlers/main.yml new file mode 100644 index 0000000..ad917ce --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-volume/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart cinder-volume + service: name=cinder-volume state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/cinder-volume/tasks/main.yml b/compass/deploy/ansible/roles/cinder-volume/tasks/main.yml new file mode 100644 index 0000000..8c0e626 --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-volume/tasks/main.yml @@ -0,0 +1,55 @@ +--- +- name: install cinder-volume and lvm2 packages + apt: name={{ item }} state=present force=yes + with_items: + - cinder-volume + - lvm2 + +- name: generate cinder volume service list + shell: echo {{ item }} >> /opt/service + with_items: + - cinder-volume + +- name: check if physical device exists + stat: path={{ physical_device }} + register: st + +- name: repace physical_device if st is false + local_action: copy src=loop.yml dest=/tmp/loop.yml + when: st.stat.exists == False + +- name: load loop.yml + include_vars: /tmp/loop.yml + when: st.stat.exists == False + +- name: check if cinder-volumes is mounted + shell: ls /mnt + register: cindervolumes + +- name: get available partition size + shell: df / | awk '$3 ~ /[0-9]+/ { print $4 }' + register: partition_size + +- name: if not mounted, mount it + shell: dd if=/dev/zero of=/mnt/cinder-volumes + bs=1 count=0 seek={{ partition_size.stdout }} + when: cindervolumes.stdout != 'cinder-volumes' + +- name: get first lo device + shell: ls /dev/loop* | egrep 'loop[0-9]+'|sed -n 1p + register: first_lo + when: cindervolumes.stdout != 'cinder-volumes' + +- name: do a losetup on /mnt/cinder-volumes + shell: losetup {{ first_lo.stdout }} /mnt/cinder-volumes + when: cindervolumes.stdout != 'cinder-volumes' + +- name: create physical and group volumes + lvg: vg=cinder-volumes pvs={{ physical_device }} + vg_options=--force + +- name: upload cinder-volume configuration + template: src=cinder.conf dest=/etc/cinder/cinder.conf + backup=yes + notify: + - restart cinder-volume diff --git a/compass/deploy/ansible/roles/cinder-volume/templates/cinder.conf b/compass/deploy/ansible/roles/cinder-volume/templates/cinder.conf new file mode 100644 index 0000000..aa3b8cc --- /dev/null +++ b/compass/deploy/ansible/roles/cinder-volume/templates/cinder.conf @@ -0,0 +1,62 @@ +[DEFAULT] +rootwrap_config = /etc/cinder/rootwrap.conf +api_paste_confg = /etc/cinder/api-paste.ini +iscsi_helper = tgtadm +volume_name_template = volume-%s +volume_group = cinder-volumes +verbose = True +auth_strategy = keystone +state_path = /var/lib/cinder +lock_path = /var/lock/cinder +notification_driver=cinder.openstack.common.notifier.rpc_notifier +volumes_dir = /var/lib/cinder/volumes + +log_file=/var/log/cinder/cinder.log + +control_exchange = cinder +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_port = 5672 +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +my_ip = {{ storage_controller_host }} + +glance_host = {{ HA_VIP }} +glance_port = 9292 +api_rate_limit = False +storage_availability_zone = nova + +quota_volumes = 10 +quota_gigabytes=1000 +quota_driver=cinder.quota.DbQuotaDriver + +osapi_volume_listen = {{ storage_controller_host }} +osapi_volume_listen_port = 8776 + +db_backend = sqlalchemy +volume_name_template = volume-%s +snapshot_name_template = snapshot-%s + +max_gigabytes=10000 +volume_group=cinder-volumes + +volume_clear=zero +volume_clear_size=10 + +iscsi_ip_address={{ storage_controller_host }} +iscsi_port=3260 +iscsi_helper=tgtadm + +volumes_dir=/var/lib/cinder/volumes + +volume_driver=cinder.volume.drivers.lvm.LVMISCSIDriver + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = cinder +admin_password = {{ CINDER_PASS }} + +[database] +connection = mysql://cinder:{{ CINDER_DBPASS }}@{{ db_host }}/cinder diff --git a/compass/deploy/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list b/compass/deploy/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list new file mode 100644 index 0000000..920f3d2 --- /dev/null +++ b/compass/deploy/ansible/roles/common/files/sources.list.d/cloudarchive-juno.list @@ -0,0 +1 @@ +deb http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-updates/juno main diff --git a/compass/deploy/ansible/roles/common/tasks/main.yml b/compass/deploy/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..ce595f5 --- /dev/null +++ b/compass/deploy/ansible/roles/common/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: install ubuntu-cloud-keyring(ubuntu) + apt: name={{ item }} state=latest + with_items: + - ubuntu-cloud-keyring + +- name: update hosts files to all hosts + template: src=hosts + dest=/etc/hosts + backup=yes + +- name: install common packages + apt: name={{ item }} state=latest + with_items: + - python-pip + - python-dev + - python-mysqldb + - ntp + +- name: restart ntp + command: su -s /bin/sh -c "service ntp stop; ntpd -gq; hwclock --systohc" + ignore_errors: True + +- name: update ntp conf + template: src=ntp.conf dest=/etc/ntp.conf backup=yes + +- name: restart ntp + service: name=ntp state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/common/templates/hosts b/compass/deploy/ansible/roles/common/templates/hosts new file mode 100644 index 0000000..9d27c0a --- /dev/null +++ b/compass/deploy/ansible/roles/common/templates/hosts @@ -0,0 +1,22 @@ +# compute-controller +10.145.89.136 host-136 +# database +10.145.89.136 host-136 +# messaging +10.145.89.136 host-136 +# storage-controller +10.145.89.138 host-138 +# image +10.145.89.138 host-138 +# identity +10.145.89.136 host-136 +# network-server +10.145.89.138 host-138 +# dashboard +10.145.89.136 host-136 +# storage-volume +10.145.89.139 host-139 +# network-worker +10.145.89.139 host-139 +# compute-worker +10.145.89.137 host-137 diff --git a/compass/deploy/ansible/roles/common/templates/ntp.conf b/compass/deploy/ansible/roles/common/templates/ntp.conf new file mode 100644 index 0000000..c613809 --- /dev/null +++ b/compass/deploy/ansible/roles/common/templates/ntp.conf @@ -0,0 +1,56 @@ +# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help + +driftfile /var/lib/ntp/ntp.drift + + +# Enable this if you want statistics to be logged. +#statsdir /var/log/ntpstats/ + +statistics loopstats peerstats clockstats +filegen loopstats file loopstats type day enable +filegen peerstats file peerstats type day enable +filegen clockstats file clockstats type day enable + +# Specify one or more NTP servers. + +# Use servers from the NTP Pool Project. Approved by Ubuntu Technical Board +# on 2011-02-08 (LP: #104525). See http://www.pool.ntp.org/join.html for +# more information. +server {{ NTP_SERVER_LOCAL }} +server 0.ubuntu.pool.ntp.org +server 1.ubuntu.pool.ntp.org +server 2.ubuntu.pool.ntp.org +server 3.ubuntu.pool.ntp.org + +# Use Ubuntu's ntp server as a fallback. +server ntp.ubuntu.com + +# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for +# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions> +# might also be helpful. +# +# Note that "restrict" applies to both servers and clients, so a configuration +# that might be intended to block requests from certain clients could also end +# up blocking replies from your own upstream servers. + +# By default, exchange time with everybody, but don't allow configuration. +restrict -4 default kod notrap nomodify nopeer noquery +restrict -6 default kod notrap nomodify nopeer noquery + +# Local users may interrogate the ntp server more closely. +restrict 127.0.0.1 +restrict ::1 + +# Clients from this (example!) subnet have unlimited access, but only if +# cryptographically authenticated. +#restrict 192.168.123.0 mask 255.255.255.0 notrust + + +# If you want to provide time to your local subnet, change the next line. +# (Again, the address is an example only.) +#broadcast 192.168.123.255 + +# If you want to listen to time broadcasts on your local subnet, de-comment the +# next lines. Please do this only if you trust everybody on the network! +#disable auth +#broadcastclient diff --git a/compass/deploy/ansible/roles/dashboard/tasks/main.yml b/compass/deploy/ansible/roles/dashboard/tasks/main.yml new file mode 100644 index 0000000..465b996 --- /dev/null +++ b/compass/deploy/ansible/roles/dashboard/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: install dashboard packages + apt: name={{ item }} state=present force=yes + with_items: + - apache2 + - memcached + - libapache2-mod-wsgi + - openstack-dashboard + +- name: remove ubuntu theme + apt: name=openstack-dashboard-ubuntu-theme + state=absent + +## horizon configuration is already enabled in apache2/conf-enabled +## by openstack-dashboard package deploy script. +#- name: update dashboard conf +# template: src=openstack-dashboard.conf +# dest=/etc/apache2/sites-available/openstack-dashboard.conf +# backup=yes + +- name: update horizon settings + template: src=local_settings.py + dest=/etc/openstack-dashboard/local_settings.py + backup=yes + +- name: restart apache2 + service: name=apache2 state=restarted enabled=yes + +- name: restart memcached + service: name=memcached state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/dashboard/templates/local_settings.py b/compass/deploy/ansible/roles/dashboard/templates/local_settings.py new file mode 100644 index 0000000..87e06e3 --- /dev/null +++ b/compass/deploy/ansible/roles/dashboard/templates/local_settings.py @@ -0,0 +1,511 @@ +import os + +from django.utils.translation import ugettext_lazy as _ + +from openstack_dashboard import exceptions + +DEBUG = True +TEMPLATE_DEBUG = DEBUG + +# Required for Django 1.5. +# If horizon is running in production (DEBUG is False), set this +# with the list of host/domain names that the application can serve. +# For more information see: +# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +#ALLOWED_HOSTS = ['horizon.example.com', ] + +# Set SSL proxy settings: +# For Django 1.4+ pass this header from the proxy after terminating the SSL, +# and don't forget to strip it from the client's request. +# For more information see: +# https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header +# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTOCOL', 'https') + +# If Horizon is being served through SSL, then uncomment the following two +# settings to better secure the cookies from security exploits +#CSRF_COOKIE_SECURE = True +#SESSION_COOKIE_SECURE = True + +# Overrides for OpenStack API versions. Use this setting to force the +# OpenStack dashboard to use a specific API version for a given service API. +# NOTE: The version should be formatted as it appears in the URL for the +# service API. For example, The identity service APIs have inconsistent +# use of the decimal point, so valid options would be "2.0" or "3". +# OPENSTACK_API_VERSIONS = { +# "identity": 3, +# "volume": 2 +# } + +# Set this to True if running on multi-domain model. When this is enabled, it +# will require user to enter the Domain name in addition to username for login. +# OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = False + +# Overrides the default domain used when running on single-domain model +# with Keystone V3. All entities will be created in the default domain. +# OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' + +# Set Console type: +# valid options would be "AUTO", "VNC", "SPICE" or "RDP" +# CONSOLE_TYPE = "AUTO" + +# Default OpenStack Dashboard configuration. +HORIZON_CONFIG = { + 'dashboards': ('project', 'admin', 'settings',), + 'default_dashboard': 'project', + 'user_home': 'openstack_dashboard.views.get_user_home', + 'ajax_queue_limit': 10, + 'auto_fade_alerts': { + 'delay': 3000, + 'fade_duration': 1500, + 'types': ['alert-success', 'alert-info'] + }, + 'help_url': "http://docs.openstack.org", + 'exceptions': {'recoverable': exceptions.RECOVERABLE, + 'not_found': exceptions.NOT_FOUND, + 'unauthorized': exceptions.UNAUTHORIZED}, +} + +# Specify a regular expression to validate user passwords. +# HORIZON_CONFIG["password_validator"] = { +# "regex": '.*', +# "help_text": _("Your password does not meet the requirements.") +# } + +# Disable simplified floating IP address management for deployments with +# multiple floating IP pools or complex network requirements. +# HORIZON_CONFIG["simple_ip_management"] = False + +# Turn off browser autocompletion for the login form if so desired. +# HORIZON_CONFIG["password_autocomplete"] = "off" + +LOCAL_PATH = os.path.dirname(os.path.abspath(__file__)) + +# Set custom secret key: +# You can either set it to a specific value or you can let horizion generate a +# default secret key that is unique on this machine, e.i. regardless of the +# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, there +# may be situations where you would want to set this explicitly, e.g. when +# multiple dashboard instances are distributed on different machines (usually +# behind a load-balancer). Either you have to make sure that a session gets all +# requests routed to the same dashboard instance or you set the same SECRET_KEY +# for all of them. +from horizon.utils import secret_key +SECRET_KEY = 'AJDSKLAJDKASJDKASJDKSAJDKSJAKDSA' +# We recommend you use memcached for development; otherwise after every reload +# of the django development server, you will have to login again. To use +# memcached set CACHES to something like +CACHES = { + 'default': { + 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION' : '127.0.0.1:11211', + } +} + +#CACHES = { +# 'default': { +# 'BACKEND' : 'django.core.cache.backends.locmem.LocMemCache' +# } +#} + +# Enable the Ubuntu theme if it is present. +try: + from ubuntu_theme import * +except ImportError: + pass + +# Default Ubuntu apache configuration uses /horizon as the application root. +# Configure auth redirects here accordingly. +LOGIN_URL='/horizon/auth/login/' +LOGOUT_URL='/horizon/auth/logout/' +LOGIN_REDIRECT_URL='/horizon' + +# The Ubuntu package includes pre-compressed JS and compiled CSS to allow +# offline compression by default. To enable online compression, install +# the node-less package and enable the following option. +COMPRESS_OFFLINE = True + +# By default, validation of the HTTP Host header is disabled. Production +# installations should have this set accordingly. For more information +# see https://docs.djangoproject.com/en/dev/ref/settings/. +ALLOWED_HOSTS = ['{{ dashboard_host }}'] + +# Send email to the console by default +EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' +# Or send them to /dev/null +#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' + +# Configure these for your outgoing email host +# EMAIL_HOST = 'smtp.my-company.com' +# EMAIL_PORT = 25 +# EMAIL_HOST_USER = 'djangomail' +# EMAIL_HOST_PASSWORD = 'top-secret!' + +# For multiple regions uncomment this configuration, and add (endpoint, title). +# AVAILABLE_REGIONS = [ +# ('http://cluster1.example.com:5000/v2.0', 'cluster1'), +# ('http://cluster2.example.com:5000/v2.0', 'cluster2'), +# ] + +OPENSTACK_HOST = "{{ HA_VIP }}" +OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST +OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_" + +# Disable SSL certificate checks (useful for self-signed certificates): +# OPENSTACK_SSL_NO_VERIFY = True + +# The CA certificate to use to verify SSL connections +# OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' + +# The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the +# capabilities of the auth backend for Keystone. +# If Keystone has been configured to use LDAP as the auth backend then set +# can_edit_user to False and name to 'ldap'. +# +# TODO(tres): Remove these once Keystone has an API to identify auth backend. +OPENSTACK_KEYSTONE_BACKEND = { + 'name': 'native', + 'can_edit_user': True, + 'can_edit_group': True, + 'can_edit_project': True, + 'can_edit_domain': True, + 'can_edit_role': True +} + +#Setting this to True, will add a new "Retrieve Password" action on instance, +#allowing Admin session password retrieval/decryption. +#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False + +# The Xen Hypervisor has the ability to set the mount point for volumes +# attached to instances (other Hypervisors currently do not). Setting +# can_set_mount_point to True will add the option to set the mount point +# from the UI. +OPENSTACK_HYPERVISOR_FEATURES = { + 'can_set_mount_point': False, + 'can_set_password': False, +} + +# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional +# services provided by neutron. Options currently available are load +# balancer service, security groups, quotas, VPN service. +OPENSTACK_NEUTRON_NETWORK = { + 'enable_lb': False, + 'enable_firewall': False, + 'enable_quotas': True, + 'enable_vpn': False, + # The profile_support option is used to detect if an external router can be + # configured via the dashboard. When using specific plugins the + # profile_support can be turned on if needed. + 'profile_support': None, + #'profile_support': 'cisco', +} + +# The OPENSTACK_IMAGE_BACKEND settings can be used to customize features +# in the OpenStack Dashboard related to the Image service, such as the list +# of supported image formats. +# OPENSTACK_IMAGE_BACKEND = { +# 'image_formats': [ +# ('', ''), +# ('aki', _('AKI - Amazon Kernel Image')), +# ('ami', _('AMI - Amazon Machine Image')), +# ('ari', _('ARI - Amazon Ramdisk Image')), +# ('iso', _('ISO - Optical Disk Image')), +# ('qcow2', _('QCOW2 - QEMU Emulator')), +# ('raw', _('Raw')), +# ('vdi', _('VDI')), +# ('vhd', _('VHD')), +# ('vmdk', _('VMDK')) +# ] +# } + +# The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for +# image custom property attributes that appear on image detail pages. +IMAGE_CUSTOM_PROPERTY_TITLES = { + "architecture": _("Architecture"), + "kernel_id": _("Kernel ID"), + "ramdisk_id": _("Ramdisk ID"), + "image_state": _("Euca2ools state"), + "project_id": _("Project ID"), + "image_type": _("Image Type") +} + +# OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is 'publicURL'. +#OPENSTACK_ENDPOINT_TYPE = "publicURL" + +# SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the +# case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints +# in the Keystone service catalog. Use this setting when Horizon is running +# external to the OpenStack environment. The default is None. This +# value should differ from OPENSTACK_ENDPOINT_TYPE if used. +#SECONDARY_ENDPOINT_TYPE = "publicURL" + +# The number of objects (Swift containers/objects or images) to display +# on a single page before providing a paging element (a "more" link) +# to paginate results. +API_RESULT_LIMIT = 1000 +API_RESULT_PAGE_SIZE = 20 + +# The timezone of the server. This should correspond with the timezone +# of your entire OpenStack installation, and hopefully be in UTC. +TIME_ZONE = "UTC" + +# When launching an instance, the menu of available flavors is +# sorted by RAM usage, ascending. If you would like a different sort order, +# you can provide another flavor attribute as sorting key. Alternatively, you +# can provide a custom callback method to use for sorting. You can also provide +# a flag for reverse sort. For more info, see +# http://docs.python.org/2/library/functions.html#sorted +# CREATE_INSTANCE_FLAVOR_SORT = { +# 'key': 'name', +# # or +# 'key': my_awesome_callback_method, +# 'reverse': False, +# } + +# The Horizon Policy Enforcement engine uses these values to load per service +# policy rule files. The content of these files should match the files the +# OpenStack services are using to determine role based access control in the +# target installation. + +# Path to directory containing policy.json files +#POLICY_FILES_PATH = os.path.join(ROOT_PATH, "conf") +# Map of local copy of service policy files +#POLICY_FILES = { +# 'identity': 'keystone_policy.json', +# 'compute': 'nova_policy.json', +# 'volume': 'cinder_policy.json', +# 'image': 'glance_policy.json', +#} + +# Trove user and database extension support. By default support for +# creating users and databases on database instances is turned on. +# To disable these extensions set the permission here to something +# unusable such as ["!"]. +# TROVE_ADD_USER_PERMS = [] +# TROVE_ADD_DATABASE_PERMS = [] + +LOGGING = { + 'version': 1, + # When set to True this will disable all logging except + # for loggers specified in this configuration dictionary. Note that + # if nothing is specified here and disable_existing_loggers is True, + # django.db.backends will still log unless it is disabled explicitly. + 'disable_existing_loggers': False, + 'handlers': { + 'null': { + 'level': 'DEBUG', + 'class': 'django.utils.log.NullHandler', + }, + 'console': { + # Set the level to "DEBUG" for verbose output logging. + 'level': 'INFO', + 'class': 'logging.StreamHandler', + }, + }, + 'loggers': { + # Logging from django.db.backends is VERY verbose, send to null + # by default. + 'django.db.backends': { + 'handlers': ['null'], + 'propagate': False, + }, + 'requests': { + 'handlers': ['null'], + 'propagate': False, + }, + 'horizon': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_dashboard': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'novaclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'cinderclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'keystoneclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'glanceclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'neutronclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'heatclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'ceilometerclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'troveclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'swiftclient': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'openstack_auth': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'nose.plugins.manager': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'django': { + 'handlers': ['console'], + 'level': 'DEBUG', + 'propagate': False, + }, + 'iso8601': { + 'handlers': ['null'], + 'propagate': False, + }, + } +} + +# 'direction' should not be specified for all_tcp/udp/icmp. +# It is specified in the form. +SECURITY_GROUP_RULES = { + 'all_tcp': { + 'name': 'ALL TCP', + 'ip_protocol': 'tcp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_udp': { + 'name': 'ALL UDP', + 'ip_protocol': 'udp', + 'from_port': '1', + 'to_port': '65535', + }, + 'all_icmp': { + 'name': 'ALL ICMP', + 'ip_protocol': 'icmp', + 'from_port': '-1', + 'to_port': '-1', + }, + 'ssh': { + 'name': 'SSH', + 'ip_protocol': 'tcp', + 'from_port': '22', + 'to_port': '22', + }, + 'smtp': { + 'name': 'SMTP', + 'ip_protocol': 'tcp', + 'from_port': '25', + 'to_port': '25', + }, + 'dns': { + 'name': 'DNS', + 'ip_protocol': 'tcp', + 'from_port': '53', + 'to_port': '53', + }, + 'http': { + 'name': 'HTTP', + 'ip_protocol': 'tcp', + 'from_port': '80', + 'to_port': '80', + }, + 'pop3': { + 'name': 'POP3', + 'ip_protocol': 'tcp', + 'from_port': '110', + 'to_port': '110', + }, + 'imap': { + 'name': 'IMAP', + 'ip_protocol': 'tcp', + 'from_port': '143', + 'to_port': '143', + }, + 'ldap': { + 'name': 'LDAP', + 'ip_protocol': 'tcp', + 'from_port': '389', + 'to_port': '389', + }, + 'https': { + 'name': 'HTTPS', + 'ip_protocol': 'tcp', + 'from_port': '443', + 'to_port': '443', + }, + 'smtps': { + 'name': 'SMTPS', + 'ip_protocol': 'tcp', + 'from_port': '465', + 'to_port': '465', + }, + 'imaps': { + 'name': 'IMAPS', + 'ip_protocol': 'tcp', + 'from_port': '993', + 'to_port': '993', + }, + 'pop3s': { + 'name': 'POP3S', + 'ip_protocol': 'tcp', + 'from_port': '995', + 'to_port': '995', + }, + 'ms_sql': { + 'name': 'MS SQL', + 'ip_protocol': 'tcp', + 'from_port': '1433', + 'to_port': '1433', + }, + 'mysql': { + 'name': 'MYSQL', + 'ip_protocol': 'tcp', + 'from_port': '3306', + 'to_port': '3306', + }, + 'rdp': { + 'name': 'RDP', + 'ip_protocol': 'tcp', + 'from_port': '3389', + 'to_port': '3389', + }, +} + +FLAVOR_EXTRA_KEYS = { + 'flavor_keys': [ + ('quota:read_bytes_sec', _('Quota: Read bytes')), + ('quota:write_bytes_sec', _('Quota: Write bytes')), + ('quota:cpu_quota', _('Quota: CPU')), + ('quota:cpu_period', _('Quota: CPU period')), + ('quota:inbound_average', _('Quota: Inbound average')), + ('quota:outbound_average', _('Quota: Outbound average')), + ] +} + diff --git a/compass/deploy/ansible/roles/dashboard/templates/openstack-dashboard.conf b/compass/deploy/ansible/roles/dashboard/templates/openstack-dashboard.conf new file mode 100644 index 0000000..a5a791a --- /dev/null +++ b/compass/deploy/ansible/roles/dashboard/templates/openstack-dashboard.conf @@ -0,0 +1,14 @@ +<VirtualHost *:80> + +WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi +WSGIDaemonProcess horizon user=www-data group=www-data processes=3 threads=10 +Alias /static /usr/share/openstack-dashboard/openstack_dashboard/static/ + +<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> +Order allow,deny +Allow from all +</Directory> + + +</VirtualHost> + diff --git a/compass/deploy/ansible/roles/database/files/my.cnf b/compass/deploy/ansible/roles/database/files/my.cnf new file mode 100644 index 0000000..d61f947 --- /dev/null +++ b/compass/deploy/ansible/roles/database/files/my.cnf @@ -0,0 +1,131 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +[client] +port = 3306 +socket = /var/run/mysqld/mysqld.sock + +# Here is entries for some specific programs +# The following values assume you have at least 32M ram + +# This was formally known as [safe_mysqld]. Both versions are currently parsed. +[mysqld_safe] +socket = /var/run/mysqld/mysqld.sock +nice = 0 + +[mysqld] +# +# * Basic Settings +# +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking +# +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +bind-address = 0.0.0.0 +# +# * Fine Tuning +# +key_buffer = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam-recover = BACKUP +#max_connections = 100 +#table_cache = 64 +#thread_concurrency = 10 +# +# * Query Cache Configuration +# +query_cache_limit = 1M +query_cache_size = 16M +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +#general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Here you can see queries with especially long duration +#log_slow_queries = /var/log/mysql/mysql-slow.log +#long_query_time = 2 +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = include_database_name +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem +default-storage-engine = innodb +innodb_file_per_table +collation-server = utf8_general_ci +init-connect = 'SET NAMES utf8' +character-set-server = utf8 + +[mysqldump] +quick +quote-names +max_allowed_packet = 16M + +[mysql] +#no-auto-rehash # faster start of mysql but no tab completition + +[isamchk] +key_buffer = 16M + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# +!includedir /etc/mysql/conf.d/ + diff --git a/compass/deploy/ansible/roles/database/tasks/main.yml b/compass/deploy/ansible/roles/database/tasks/main.yml new file mode 100644 index 0000000..e66f0cd --- /dev/null +++ b/compass/deploy/ansible/roles/database/tasks/main.yml @@ -0,0 +1,12 @@ +--- +- name: copy data.sh + template: src=data.j2 dest=/opt/data.sh mode=777 + tags: + - mysql_user + +- include: mysql.yml + when: HA_CLUSTER is not defined + +- include: mariadb.yml + when: HA_CLUSTER is defined + diff --git a/compass/deploy/ansible/roles/database/tasks/mariadb.yml b/compass/deploy/ansible/roles/database/tasks/mariadb.yml new file mode 100644 index 0000000..093dfd1 --- /dev/null +++ b/compass/deploy/ansible/roles/database/tasks/mariadb.yml @@ -0,0 +1,46 @@ +--- +- name: install python-mysqldb + apt: name={{ item }} state=present force=yes + with_items: + - libaio1 + - libssl0.9.8 + #- mariadb-client-5.5 + - mysql-client-5.5 + - python-mysqldb + - mysql-server-wsrep + - galera + +- name: create mysql log directy + file: path=/var/log/mysql state=directory owner=mysql group=mysql mode=0755 + +- name: update mariadb my.cnf + template: src=my.cnf dest=/etc/mysql/my.cnf backup=yes + +- name: update galera wsrep.cnf + template: src=wsrep.cnf dest=/etc/mysql/conf.d/wsrep.cnf backup=yes + +- name: update wsrep_sst_rsync uid + lineinfile: dest=/usr/bin/wsrep_sst_rsync state=absent regexp="\s*uid = \$MYUID$" backup=yes + +- name: update wsrep_sst_rsync gid + lineinfile: dest=/usr/bin/wsrep_sst_rsync state=absent regexp="\s*gid = \$MYGID$" backup=yes + +- name: manually restart mysql server + service: name=mysql state=restarted enabled=yes + register: result + until: result|success + retries: 5 + delay: 5 + tags: + - mysql_restart + +- name: generate mysql service list + shell: echo {{ item }} >> /opt/service + with_items: + - mysql + +- name: create database/user + shell: /opt/data.sh + when: HA_CLUSTER[inventory_hostname] == '' + tags: + - mysql_user diff --git a/compass/deploy/ansible/roles/database/tasks/mysql.yml b/compass/deploy/ansible/roles/database/tasks/mysql.yml new file mode 100644 index 0000000..327b656 --- /dev/null +++ b/compass/deploy/ansible/roles/database/tasks/mysql.yml @@ -0,0 +1,22 @@ +--- +- name: install mysql client and server packages + apt: name={{ item }} state=present + with_items: + - python-mysqldb + - mysql-server + +- name: create mysql log directy + file: path=/var/log/mysql state=directory owner=mysql group=mysql mode=0755 + +- name: update mysql my.cnf + copy: src=my.cnf + dest=/etc/mysql/my.cnf + backup=yes + +- name: manually restart mysql server + shell: service mysql restart + +- name: create database/user + shell: /opt/data.sh + tags: + - mysql_user diff --git a/compass/deploy/ansible/roles/database/templates/data.j2 b/compass/deploy/ansible/roles/database/templates/data.j2 new file mode 100644 index 0000000..c894b32 --- /dev/null +++ b/compass/deploy/ansible/roles/database/templates/data.j2 @@ -0,0 +1,39 @@ +#!/bin/sh +mysql -uroot -Dmysql <<EOF +drop database if exists keystone; +drop database if exists glance; +drop database if exists neutron; +drop database if exists nova; +drop database if exists cinder; + +CREATE DATABASE keystone; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON keystone.* TO 'keystone'@'{{ host }}' IDENTIFIED BY '{{ KEYSTONE_DBPASS }}'; +{% endfor %} + +CREATE DATABASE glance; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON glance.* TO 'glance'@'{{ host }}' IDENTIFIED BY '{{ GLANCE_DBPASS }}'; +{% endfor %} + +CREATE DATABASE neutron; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON neutron.* TO 'neutron'@'{{ host }}' IDENTIFIED BY '{{ NEUTRON_DBPASS }}'; +{% endfor %} + +CREATE DATABASE nova; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON nova.* TO 'nova'@'{{ host }}' IDENTIFIED BY '{{ NOVA_DBPASS }}'; +{% endfor %} + +CREATE DATABASE cinder; +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON cinder.* TO 'cinder'@'{{ host }}' IDENTIFIED BY '{{ CINDER_DBPASS }}'; +{% endfor %} + +{% if WSREP_SST_USER is defined %} +{% for host in ['%', 'localhost', inventory_hostname] %} +GRANT ALL ON *.* TO '{{ WSREP_SST_USER }}'@'{{ host }}' IDENTIFIED BY '{{ WSREP_SST_PASS }}'; +{% endfor %} +{% endif %} +EOF diff --git a/compass/deploy/ansible/roles/database/templates/my.cnf b/compass/deploy/ansible/roles/database/templates/my.cnf new file mode 100644 index 0000000..165d619 --- /dev/null +++ b/compass/deploy/ansible/roles/database/templates/my.cnf @@ -0,0 +1,134 @@ +# +# The MySQL database server configuration file. +# +# You can copy this to one of: +# - "/etc/mysql/my.cnf" to set global options, +# - "~/.my.cnf" to set user-specific options. +# +# One can use all long options that the program supports. +# Run program with --help to get a list of available options and with +# --print-defaults to see which it would actually understand and use. +# +# For explanations see +# http://dev.mysql.com/doc/mysql/en/server-system-variables.html + +# This will be passed to all mysql clients +# It has been reported that passwords should be enclosed with ticks/quotes +# escpecially if they contain "#" chars... +# Remember to edit /etc/mysql/debian.cnf when changing the socket location. +[client] +port = 3306 +socket = /var/run/mysqld/mysqld.sock + +# Here is entries for some specific programs +# The following values assume you have at least 32M ram + +# This was formally known as [safe_mysqld]. Both versions are currently parsed. +[mysqld_safe] +socket = /var/run/mysqld/mysqld.sock +nice = 0 + +[mysqld] +# +# * Basic Settings +# +user = mysql +pid-file = /var/run/mysqld/mysqld.pid +socket = /var/run/mysqld/mysqld.sock +port = 3306 +basedir = /usr +datadir = /var/lib/mysql +tmpdir = /tmp +lc-messages-dir = /usr/share/mysql +skip-external-locking +skip-name-resolve +# +# Instead of skip-networking the default is now to listen only on +# localhost which is more compatible and is not less secure. +#bind-address = {{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }} +bind-address = {{ HA_VIP }} +# +# * Fine Tuning +# +key_buffer = 16M +max_allowed_packet = 16M +thread_stack = 192K +thread_cache_size = 8 +# This replaces the startup script and checks MyISAM tables if needed +# the first time they are touched +myisam-recover = BACKUP +max_connections = 2000 +max_connect_errors = 8000 +#table_cache = 64 +#thread_concurrency = 10 +# +# * Query Cache Configuration +# +query_cache_limit = 1M +query_cache_size = 16M +# +# * Logging and Replication +# +# Both location gets rotated by the cronjob. +# Be aware that this log type is a performance killer. +# As of 5.1 you can enable the log at runtime! +general_log_file = /var/log/mysql/mysql.log +#general_log = 1 +# +# Error log - should be very few entries. +# +log_error = /var/log/mysql/error.log +# +# Here you can see queries with especially long duration +#log_slow_queries = /var/log/mysql/mysql-slow.log +#long_query_time = 2 +#log-queries-not-using-indexes +# +# The following can be used as easy to replay backup logs or for replication. +# note: if you are setting up a replication slave, see README.Debian about +# other settings you may need to change. +#server-id = 1 +#log_bin = /var/log/mysql/mysql-bin.log +expire_logs_days = 10 +max_binlog_size = 100M +#binlog_do_db = include_database_name +#binlog_ignore_db = include_database_name +# +# * InnoDB +# +# InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/. +# Read the manual for more InnoDB related options. There are many! +# +# * Security Features +# +# Read the manual, too, if you want chroot! +# chroot = /var/lib/mysql/ +# +# For generating SSL certificates I recommend the OpenSSL GUI "tinyca". +# +# ssl-ca=/etc/mysql/cacert.pem +# ssl-cert=/etc/mysql/server-cert.pem +# ssl-key=/etc/mysql/server-key.pem +default-storage-engine = innodb +innodb_file_per_table +collation-server = utf8_general_ci +init-connect = 'SET NAMES utf8' +character-set-server = utf8 + +[mysqldump] +quick +quote-names +max_allowed_packet = 16M + +[mysql] +#no-auto-rehash # faster start of mysql but no tab completition + +[isamchk] +key_buffer = 16M + +# +# * IMPORTANT: Additional settings that can override those from this file! +# The files must end with '.cnf', otherwise they'll be ignored. +# +!includedir /etc/mysql/conf.d/ + diff --git a/compass/deploy/ansible/roles/database/templates/wsrep.cnf b/compass/deploy/ansible/roles/database/templates/wsrep.cnf new file mode 100644 index 0000000..b9e9424 --- /dev/null +++ b/compass/deploy/ansible/roles/database/templates/wsrep.cnf @@ -0,0 +1,126 @@ +# This file contains wsrep-related mysqld options. It should be included +# in the main MySQL configuration file. +# +# Options that need to be customized: +# - wsrep_provider +# - wsrep_cluster_address +# - wsrep_sst_auth +# The rest of defaults should work out of the box. + +## +## mysqld options _MANDATORY_ for correct opration of the cluster +## +[mysqld] + +# (This must be substituted by wsrep_format) +binlog_format=ROW + +# Currently only InnoDB storage engine is supported +default-storage-engine=innodb + +# to avoid issues with 'bulk mode inserts' using autoinc +innodb_autoinc_lock_mode=2 + +# This is a must for paralell applying +innodb_locks_unsafe_for_binlog=1 + +# Query Cache is not supported with wsrep +query_cache_size=0 +query_cache_type=0 + +# Override bind-address +# In some systems bind-address defaults to 127.0.0.1, and with mysqldump SST +# it will have (most likely) disastrous consequences on donor node +#bind-address={{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }} +bind-address={{ HA_VIP }} + +## +## WSREP options +## + +# Full path to wsrep provider library or 'none' +wsrep_provider=/usr/lib/galera/libgalera_smm.so + +# Provider specific configuration options +#wsrep_provider_options= + +# Logical cluster name. Should be the same for all nodes. +wsrep_cluster_name="my_wsrep_cluster" + +# Group communication system handle +wsrep_cluster_address=gcomm://{{ HA_CLUSTER[inventory_hostname] }} + +# Human-readable node name (non-unique). Hostname by default. +#wsrep_node_name= + +# Base replication <address|hostname>[:port] of the node. +# The values supplied will be used as defaults for state transfer receiving, +# listening ports and so on. Default: address of the first network interface. +wsrep_node_address={{ hostvars[inventory_hostname]['ansible_' + INTERNAL_INTERFACE].ipv4.address }} + +# Address for incoming client connections. Autodetect by default. +#wsrep_node_incoming_address= + +# How many threads will process writesets from other nodes +wsrep_slave_threads=1 + +# DBUG options for wsrep provider +#wsrep_dbug_option + +# Generate fake primary keys for non-PK tables (required for multi-master +# and parallel applying operation) +wsrep_certify_nonPK=1 + +# Maximum number of rows in write set +wsrep_max_ws_rows=131072 + +# Maximum size of write set +wsrep_max_ws_size=1073741824 + +# to enable debug level logging, set this to 1 +wsrep_debug=1 + +# convert locking sessions into transactions +wsrep_convert_LOCK_to_trx=0 + +# how many times to retry deadlocked autocommits +wsrep_retry_autocommit=1 + +# change auto_increment_increment and auto_increment_offset automatically +wsrep_auto_increment_control=1 + +# retry autoinc insert, which failed for duplicate key error +wsrep_drupal_282555_workaround=0 + +# enable "strictly synchronous" semantics for read operations +wsrep_causal_reads=0 + +# Command to call when node status or cluster membership changes. +# Will be passed all or some of the following options: +# --status - new status of this node +# --uuid - UUID of the cluster +# --primary - whether the component is primary or not ("yes"/"no") +# --members - comma-separated list of members +# --index - index of this node in the list +wsrep_notify_cmd= + +## +## WSREP State Transfer options +## + +# State Snapshot Transfer method +wsrep_sst_method=rsync + +# Address on THIS node to receive SST at. DON'T SET IT TO DONOR ADDRESS!!! +# (SST method dependent. Defaults to the first IP of the first interface) +#wsrep_sst_receive_address= + +# SST authentication string. This will be used to send SST to joining nodes. +# Depends on SST method. For mysqldump method it is root:<root password> +wsrep_sst_auth={{ WSREP_SST_USER }}:{{ WSREP_SST_PASS }} + +# Desired SST donor name. +#wsrep_sst_donor= + +# Protocol version to use +# wsrep_protocol_version= diff --git a/compass/deploy/ansible/roles/glance/handlers/main.yml b/compass/deploy/ansible/roles/glance/handlers/main.yml new file mode 100644 index 0000000..d8eaa44 --- /dev/null +++ b/compass/deploy/ansible/roles/glance/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: restart glance-api + service: name=glance-api state=restarted enabled=yes + +- name: restart glance-registry + service: name=glance-registry state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/glance/tasks/glance_config.yml b/compass/deploy/ansible/roles/glance/tasks/glance_config.yml new file mode 100644 index 0000000..28392a3 --- /dev/null +++ b/compass/deploy/ansible/roles/glance/tasks/glance_config.yml @@ -0,0 +1,29 @@ +--- +- name: init glance db version + shell: glance-manage db_version_control 0 + +- name: sync glance db + shell: sleep 15; su -s /bin/sh -c "glance-manage db_sync" glance + register: result + until: result.rc == 0 + retries: 5 + delay: 3 + notify: + - restart glance-registry + - restart glance-api + +- meta: flush_handlers + +- name: place image upload script + template: src=image_upload.sh dest=/opt/image_upload.sh mode=0744 + +- name: download cirros image file + get_url: url={{ build_in_image }} dest=/opt/{{ build_in_image_name }} + +- name: wait for 9292 port to become available + wait_for: host={{ image_host }} port=9292 delay=5 + +- name: run image upload + shell: for i in {0..5}; do /opt/image_upload.sh && touch image_upload_completed; if [ $? != 0 ] ;then sleep 5; else break;fi;done + args: + creates: image_upload_completed diff --git a/compass/deploy/ansible/roles/glance/tasks/glance_install.yml b/compass/deploy/ansible/roles/glance/tasks/glance_install.yml new file mode 100644 index 0000000..505b3b0 --- /dev/null +++ b/compass/deploy/ansible/roles/glance/tasks/glance_install.yml @@ -0,0 +1,26 @@ +--- +- name: install glance packages + apt: name={{ item }} state=latest force=yes + with_items: + - glance + - python-glanceclient + +- name: generate glance service list + shell: echo {{ item }} >> /opt/service + with_items: + - glance-registry + - glance-api + +- name: update glance conf + template: src={{ item }} dest=/etc/glance/{{ item }} + backup=yes + with_items: + - glance-api.conf + - glance-registry.conf + notify: + - restart glance-registry + - restart glance-api + +- name: remove default sqlite db + shell: rm /var/lib/glance/glance.sqlite || touch glance.sqllite.db.removed + diff --git a/compass/deploy/ansible/roles/glance/tasks/main.yml b/compass/deploy/ansible/roles/glance/tasks/main.yml new file mode 100644 index 0000000..296f0dc --- /dev/null +++ b/compass/deploy/ansible/roles/glance/tasks/main.yml @@ -0,0 +1,18 @@ +--- +- include: glance_install.yml + tags: + - install + - glance_install + - glance + +- include: nfs.yml + tags: + - nfs + +- include: glance_config.yml + when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == '' + tags: + - config + - glance_config + - glance + diff --git a/compass/deploy/ansible/roles/glance/tasks/nfs.yml b/compass/deploy/ansible/roles/glance/tasks/nfs.yml new file mode 100644 index 0000000..c03ab4d --- /dev/null +++ b/compass/deploy/ansible/roles/glance/tasks/nfs.yml @@ -0,0 +1,41 @@ +--- +- name: get nfs server + local_action: shell /sbin/ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6| grep "10" -m 1 |awk '{print $2}'|tr -d "addr:" + register: ip_info + run_once: True + +- name: install nfs + local_action: yum name=nfs-utils state=present + run_once: True + +- name: create image directory + local_action: file path=/opt/images state=directory mode=0777 + run_once: True + +- name: update nfs config + local_action: lineinfile dest=/etc/exports state=present + regexp="/opt/images *(rw,insecure,sync,all_squash)" + line="/opt/images *(rw,insecure,sync,all_squash)" + run_once: True + +- name: restart nfs service + local_action: service name=nfs state=restarted enabled=yes + run_once: True + +- name: install nfs comm + apt: name=nfs-common state=present + +- name: get mount info + command: mount + register: mount_info + +- name: mount image directory + shell: | + mount -t nfs -onfsvers=3 {{ item }}:/opt/images /var/lib/glance/images + sed -i '/\/var\/lib\/glance\/images/d' /etc/fstab + echo {{ item }}:/opt/images /var/lib/glance/images/ nfs nfsvers=3 >> /etc/fstab + when: mount_info.stdout.find('images') == -1 + with_items: + ip_info.stdout_lines + retries: 5 + delay: 3 diff --git a/compass/deploy/ansible/roles/glance/templates/glance-api.conf b/compass/deploy/ansible/roles/glance/templates/glance-api.conf new file mode 100644 index 0000000..763539e --- /dev/null +++ b/compass/deploy/ansible/roles/glance/templates/glance-api.conf @@ -0,0 +1,677 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Which backend scheme should Glance use by default is not specified +# in a request to add a new image to Glance? Known schemes are determined +# by the known_stores option below. +# Default: 'file' +# "default_store" option has been moved to [glance_store] section in +# Juno release + +# List of which store classes and store class locations are +# currently known to glance at startup. +# Existing but disabled stores: +# glance.store.rbd.Store, +# glance.store.s3.Store, +# glance.store.swift.Store, +# glance.store.sheepdog.Store, +# glance.store.cinder.Store, +# glance.store.gridfs.Store, +# glance.store.vmware_datastore.Store, +#known_stores = glance.store.filesystem.Store, +# glance.store.http.Store + + +# Maximum image size (in bytes) that may be uploaded through the +# Glance API server. Defaults to 1 TB. +# WARNING: this value should only be increased after careful consideration +# and must be set to a value under 8 EB (9223372036854775808). +#image_size_cap = 1099511627776 + +# Address to bind the API server +bind_host = {{ image_host }} + +# Port the bind the API server to +bind_port = 9292 + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +log_file = /var/log/glance/api.log + +# Backlog requests when creating socket +backlog = 4096 + +# TCP_KEEPIDLE value in seconds when creating socket. +# Not supported on OS X. +#tcp_keepidle = 600 + +# API to use for accessing data. Default value points to sqlalchemy +# package, it is also possible to use: glance.db.registry.api +# data_api = glance.db.sqlalchemy.api + +# Number of Glance API worker processes to start. +# On machines with more than one CPU increasing this value +# may improve performance (especially if using SSL with +# compression turned on). It is typically recommended to set +# this value to the number of CPUs present on your machine. +workers = 1 + +# Maximum line size of message headers to be accepted. +# max_header_line may need to be increased when using large tokens +# (typically those generated by the Keystone v3 API with big service +# catalogs) +# max_header_line = 16384 + +# Role used to identify an authenticated user as administrator +#admin_role = admin + +# Allow unauthenticated users to access the API with read-only +# privileges. This only applies when using ContextMiddleware. +#allow_anonymous_access = False + +# Allow access to version 1 of glance api +#enable_v1_api = True + +# Allow access to version 2 of glance api +#enable_v2_api = True + +# Return the URL that references where the data is stored on +# the backend storage system. For example, if using the +# file system store a URL of 'file:///path/to/image' will +# be returned to the user in the 'direct_url' meta-data field. +# The default value is false. +#show_image_direct_url = False + +# Send headers containing user and tenant information when making requests to +# the v1 glance registry. This allows the registry to function as if a user is +# authenticated without the need to authenticate a user itself using the +# auth_token middleware. +# The default value is false. +#send_identity_headers = False + +# Supported values for the 'container_format' image attribute +#container_formats=ami,ari,aki,bare,ovf,ova + +# Supported values for the 'disk_format' image attribute +#disk_formats=ami,ari,aki,vhd,vmdk,raw,qcow2,vdi,iso + +# Directory to use for lock files. Default to a temp directory +# (string value). This setting needs to be the same for both +# glance-scrubber and glance-api. +#lock_path=<None> + +# Property Protections config file +# This file contains the rules for property protections and the roles/policies +# associated with it. +# If this config value is not specified, by default, property protections +# won't be enforced. +# If a value is specified and the file is not found, then the glance-api +# service will not start. +#property_protection_file = + +# Specify whether 'roles' or 'policies' are used in the +# property_protection_file. +# The default value for property_protection_rule_format is 'roles'. +#property_protection_rule_format = roles + +# Specifies how long (in hours) a task is supposed to live in the tasks DB +# after succeeding or failing before getting soft-deleted. +# The default value for task_time_to_live is 48 hours. +# task_time_to_live = 48 + +# This value sets what strategy will be used to determine the image location +# order. Currently two strategies are packaged with Glance 'location_order' +# and 'store_type'. +#location_strategy = location_order + +# ================= Syslog Options ============================ + +# Send logs to syslog (/dev/log) instead of to file specified +# by `log_file` +#use_syslog = False + +# Facility to use. If unset defaults to LOG_USER. +#syslog_log_facility = LOG_LOCAL0 + +# ================= SSL Options =============================== + +# Certificate file to use when starting API server securely +#cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +#key_file = /path/to/keyfile + +# CA certificate file to use to verify connecting clients +#ca_file = /path/to/cafile + +# ================= Security Options ========================== + +# AES key for encrypting store 'location' metadata, including +# -- if used -- Swift or S3 credentials +# Should be set to a random string of length 16, 24 or 32 bytes +#metadata_encryption_key = <16, 24 or 32 char registry metadata key> + +# ============ Registry Options =============================== + +# Address to find the registry server +registry_host = {{ internal_ip }} + +# Port the registry server is listening on +registry_port = 9191 + +# What protocol to use when connecting to the registry server? +# Set to https for secure HTTP communication +registry_client_protocol = http + +# The path to the key file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_KEY_FILE environ variable to a filepath of the key file +#registry_client_key_file = /path/to/key/file + +# The path to the cert file to use in SSL connections to the +# registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CERT_FILE environ variable to a filepath of the cert file +#registry_client_cert_file = /path/to/cert/file + +# The path to the certifying authority cert file to use in SSL connections +# to the registry server, if any. Alternately, you may set the +# GLANCE_CLIENT_CA_FILE environ variable to a filepath of the CA cert file +#registry_client_ca_file = /path/to/ca/file + +# When using SSL in connections to the registry server, do not require +# validation via a certifying authority. This is the registry's equivalent of +# specifying --insecure on the command line using glanceclient for the API +# Default: False +#registry_client_insecure = False + +# The period of time, in seconds, that the API server will wait for a registry +# request to complete. A value of '0' implies no timeout. +# Default: 600 +#registry_client_timeout = 600 + +# Whether to automatically create the database tables. +# Default: False +#db_auto_create = False + +# Enable DEBUG log messages from sqlalchemy which prints every database +# query and response. +# Default: False +#sqlalchemy_debug = True + +# Pass the user's token through for API requests to the registry. +# Default: True +#use_user_token = True + +# If 'use_user_token' is not in effect then admin credentials +# can be specified. Requests to the registry on behalf of +# the API will use these credentials. +# Admin user name +#admin_user = None +# Admin password +#admin_password = None +# Admin tenant name +#admin_tenant_name = None +# Keystone endpoint +#auth_url = None +# Keystone region +#auth_region = None +# Auth strategy +#auth_strategy = keystone + +# ============ Notification System Options ===================== + +# Notifications can be sent when images are create, updated or deleted. +# There are three methods of sending notifications, logging (via the +# log_file directive), rabbit (via a rabbitmq queue), qpid (via a Qpid +# message queue), or noop (no notifications sent, the default) +# NOTE: THIS CONFIGURATION OPTION HAS BEEN DEPRECATED IN FAVOR OF `notification_driver` +# notifier_strategy = default + +# Driver or drivers to handle sending notifications +# notification_driver = noop + +# Default publisher_id for outgoing notifications. +# default_publisher_id = image.localhost + +# Configuration options if sending notifications via rabbitmq (these are +# the defaults) +rabbit_host = localhost +rabbit_port = 5672 +rabbit_use_ssl = false +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} +rabbit_virtual_host = / +rabbit_notification_exchange = glance +rabbit_notification_topic = notifications +rabbit_durable_queues = False + +# Configuration options if sending notifications via Qpid (these are +# the defaults) +qpid_notification_exchange = glance +qpid_notification_topic = notifications +qpid_hostname = localhost +qpid_port = 5672 +qpid_username = +qpid_password = +qpid_sasl_mechanisms = +qpid_reconnect_timeout = 0 +qpid_reconnect_limit = 0 +qpid_reconnect_interval_min = 0 +qpid_reconnect_interval_max = 0 +qpid_reconnect_interval = 0 +qpid_heartbeat = 5 +# Set to 'ssl' to enable SSL +qpid_protocol = tcp +qpid_tcp_nodelay = True + +# ============ Filesystem Store Options ======================== + +# Directory that the Filesystem backend store +# writes image data to +# this option has been moved to [glance_store] for Juno release +# filesystem_store_datadir = /var/lib/glance/images/ + +# A list of directories where image data can be stored. +# This option may be specified multiple times for specifying multiple store +# directories. Either one of filesystem_store_datadirs or +# filesystem_store_datadir option is required. A priority number may be given +# after each directory entry, separated by a ":". +# When adding an image, the highest priority directory will be selected, unless +# there is not enough space available in cases where the image size is already +# known. If no priority is given, it is assumed to be zero and the directory +# will be considered for selection last. If multiple directories have the same +# priority, then the one with the most free space available is selected. +# If same store is specified multiple times then BadStoreConfiguration +# exception will be raised. +#filesystem_store_datadirs = /var/lib/glance/images/:1 + +# A path to a JSON file that contains metadata describing the storage +# system. When show_multiple_locations is True the information in this +# file will be returned with any location that is contained in this +# store. +#filesystem_store_metadata_file = None + +# ============ Swift Store Options ============================= + +# Version of the authentication service to use +# Valid versions are '2' for keystone and '1' for swauth and rackspace +swift_store_auth_version = 2 + +# Address where the Swift authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'https://' +# For swauth, use something like '127.0.0.1:8080/v1.0/' +swift_store_auth_address = 127.0.0.1:5000/v2.0/ + +# User to authenticate against the Swift authentication service +# If you use Swift authentication service, set it to 'account':'user' +# where 'account' is a Swift storage account and 'user' +# is a user in that account +swift_store_user = jdoe:jdoe + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = a86850deb2742ec3cb41518e26aa2d89 + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = glance + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +# What size, in MB, should Glance start chunking image files +# and do a large object manifest in Swift? By default, this is +# the maximum object size in Swift, which is 5GB +swift_store_large_object_size = 5120 + +# When doing a large object manifest, what size, in MB, should +# Glance write chunks to Swift? This amount of data is written +# to a temporary disk buffer during the process of chunking +# the image file, and the default is 200MB +swift_store_large_object_chunk_size = 200 + +# Whether to use ServiceNET to communicate with the Swift storage servers. +# (If you aren't RACKSPACE, leave this False!) +# +# To use ServiceNET for authentication, prefix hostname of +# `swift_store_auth_address` with 'snet-'. +# Ex. https://example.com/v1.0/ -> https://snet-example.com/v1.0/ +swift_enable_snet = False + +# If set to True enables multi-tenant storage mode which causes Glance images +# to be stored in tenant specific Swift accounts. +#swift_store_multi_tenant = False + +# A list of swift ACL strings that will be applied as both read and +# write ACLs to the containers created by Glance in multi-tenant +# mode. This grants the specified tenants/users read and write access +# to all newly created image objects. The standard swift ACL string +# formats are allowed, including: +# <tenant_id>:<username> +# <tenant_name>:<username> +# *:<username> +# Multiple ACLs can be combined using a comma separated list, for +# example: swift_store_admin_tenants = service:glance,*:admin +#swift_store_admin_tenants = + +# The region of the swift endpoint to be used for single tenant. This setting +# is only necessary if the tenant has multiple swift endpoints. +#swift_store_region = + +# If set to False, disables SSL layer compression of https swift requests. +# Setting to 'False' may improve performance for images which are already +# in a compressed format, eg qcow2. If set to True, enables SSL layer +# compression (provided it is supported by the target swift proxy). +#swift_store_ssl_compression = True + +# The number of times a Swift download will be retried before the +# request fails +#swift_store_retry_get_count = 0 + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +# Valid schemes are 'http://' and 'https://' +# If no scheme specified, default to 'http://' +s3_store_host = 127.0.0.1:8080/v1.0/ + +# User to authenticate against the S3 authentication service +s3_store_access_key = <20-char AWS access key> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <40-char AWS secret key> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = <lowercased 20-char aws access key>glance + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = False + +# When sending images to S3, the data will first be written to a +# temporary buffer on disk. By default the platform's temporary directory +# will be used. If required, an alternative directory can be specified here. +#s3_store_object_buffer_dir = /path/to/dir + +# When forming a bucket url, boto will either set the bucket name as the +# subdomain or as the first token of the path. Amazon's S3 service will +# accept it as the subdomain, but Swift's S3 middleware requires it be +# in the path. Set this to 'path' or 'subdomain' - defaults to 'subdomain'. +#s3_store_bucket_url_format = subdomain + +# ============ RBD Store Options ============================= + +# Ceph configuration file path +# If using cephx authentication, this file should +# include a reference to the right keyring +# in a client.<USER> section +#rbd_store_ceph_conf = /etc/ceph/ceph.conf + +# RADOS user to authenticate as (only applicable if using cephx) +# If <None>, a default will be chosen based on the client. section +# in rbd_store_ceph_conf +#rbd_store_user = <None> + +# RADOS pool in which images are stored +#rbd_store_pool = images + +# RADOS images will be chunked into objects of this size (in megabytes). +# For best performance, this should be a power of two +#rbd_store_chunk_size = 8 + +# ============ Sheepdog Store Options ============================= + +sheepdog_store_address = localhost + +sheepdog_store_port = 7000 + +# Images will be chunked into objects of this size (in megabytes). +# For best performance, this should be a power of two +sheepdog_store_chunk_size = 64 + +# ============ Cinder Store Options =============================== + +# Info to match when looking for cinder in the service catalog +# Format is : separated values of the form: +# <service_type>:<service_name>:<endpoint_type> (string value) +#cinder_catalog_info = volume:cinder:publicURL + +# Override service catalog lookup with template for cinder endpoint +# e.g. http://localhost:8776/v1/%(project_id)s (string value) +#cinder_endpoint_template = <None> + +# Region name of this node (string value) +#os_region_name = <None> + +# Location of ca certicates file to use for cinder client requests +# (string value) +#cinder_ca_certificates_file = <None> + +# Number of cinderclient retries on failed http calls (integer value) +#cinder_http_retries = 3 + +# Allow to perform insecure SSL requests to cinder (boolean value) +#cinder_api_insecure = False + +# ============ VMware Datastore Store Options ===================== + +# ESX/ESXi or vCenter Server target system. +# The server value can be an IP address or a DNS name +# e.g. 127.0.0.1, 127.0.0.1:443, www.vmware-infra.com +#vmware_server_host = <None> + +# Server username (string value) +#vmware_server_username = <None> + +# Server password (string value) +#vmware_server_password = <None> + +# Inventory path to a datacenter (string value) +# Value optional when vmware_server_ip is an ESX/ESXi host: if specified +# should be `ha-datacenter`. +#vmware_datacenter_path = <None> + +# Datastore associated with the datacenter (string value) +#vmware_datastore_name = <None> + +# The number of times we retry on failures +# e.g., socket error, etc (integer value) +#vmware_api_retry_count = 10 + +# The interval used for polling remote tasks +# invoked on VMware ESX/VC server in seconds (integer value) +#vmware_task_poll_interval = 5 + +# Absolute path of the folder containing the images in the datastore +# (string value) +#vmware_store_image_dir = /openstack_glance + +# Allow to perform insecure SSL requests to the target system (boolean value) +#vmware_api_insecure = False + +# ============ Delayed Delete Options ============================= + +# Turn on/off delayed delete +delayed_delete = False + +# Delayed delete time in seconds +scrub_time = 43200 + +# Directory that the scrubber will use to remind itself of what to delete +# Make sure this is also set in glance-scrubber.conf +scrubber_datadir = /var/lib/glance/scrubber + +# =============== Quota Options ================================== + +# The maximum number of image members allowed per image +#image_member_quota = 128 + +# The maximum number of image properties allowed per image +#image_property_quota = 128 + +# The maximum number of tags allowed per image +#image_tag_quota = 128 + +# The maximum number of locations allowed per image +#image_location_quota = 10 + +# Set a system wide quota for every user. This value is the total number +# of bytes that a user can use across all storage systems. A value of +# 0 means unlimited. +#user_storage_quota = 0 + +# =============== Image Cache Options ============================= + +# Base directory that the Image Cache uses +image_cache_dir = /var/lib/glance/image-cache/ + +# =============== Manager Options ================================= + +# DEPRECATED. TO BE REMOVED IN THE JUNO RELEASE. +# Whether or not to enforce that all DB tables have charset utf8. +# If your database tables do not have charset utf8 you will +# need to convert before this option is removed. This option is +# only relevant if your database engine is MySQL. +#db_enforce_mysql_charset = True + +# =============== Glance Store ==================================== +[glance_store] +# Moved from [DEFAULT], for Juno release +default_store = file +filesystem_store_datadir = /var/lib/glance/images/ + +# =============== Database Options ================================= + +[database] +# The file name to use with SQLite (string value) +sqlite_db = /var/lib/glance/glance.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous = True + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +backend = sqlalchemy + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> +connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on +# connection lost (boolean value) +#use_db_reconnect = False + +# seconds between db connection retries (integer value) +#db_retry_interval = 1 + +# Whether to increase interval between db connection retries, +# up to db_max_retry_interval (boolean value) +#db_inc_retry_interval = True + +# max seconds between db connection retries, if +# db_inc_retry_interval is enabled (integer value) +#db_max_retry_interval = 10 + +# maximum db connection retries before error is raised. +# (setting -1 implies an infinite retry count) (integer value) +#db_max_retries = 20 + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = glance +admin_password = {{ GLANCE_PASS }} + +[paste_deploy] +# Name of the paste configuration file that defines the available pipelines +#config_file = glance-api-paste.ini + +# Partial name of a pipeline in your paste configuration file with the +# service name removed. For example, if your paste section name is +# [pipeline:glance-api-keystone], you would configure the flavor below +# as 'keystone'. +flavor= keystone + +[store_type_location_strategy] +# The scheme list to use to get store preference order. The scheme must be +# registered by one of the stores defined by the 'known_stores' config option. +# This option will be applied when you using 'store_type' option as image +# location strategy defined by the 'location_strategy' config option. +#store_type_preference = diff --git a/compass/deploy/ansible/roles/glance/templates/glance-registry.conf b/compass/deploy/ansible/roles/glance/templates/glance-registry.conf new file mode 100644 index 0000000..8d731a2 --- /dev/null +++ b/compass/deploy/ansible/roles/glance/templates/glance-registry.conf @@ -0,0 +1,190 @@ +[DEFAULT] +# Show more verbose log output (sets INFO log level output) +#verbose = False + +# Show debugging output in logs (sets DEBUG log level output) +#debug = False + +# Address to bind the registry server +bind_host = {{ internal_ip }} + +# Port the bind the registry server to +bind_port = 9191 + +# Log to this file. Make sure you do not set the same log file for both the API +# and registry servers! +# +# If `log_file` is omitted and `use_syslog` is false, then log messages are +# sent to stdout as a fallback. +log_file = /var/log/glance/registry.log + +# Backlog requests when creating socket +backlog = 4096 + +# TCP_KEEPIDLE value in seconds when creating socket. +# Not supported on OS X. +#tcp_keepidle = 600 + +# API to use for accessing data. Default value points to sqlalchemy +# package. +#data_api = glance.db.sqlalchemy.api + +# Enable Registry API versions individually or simultaneously +#enable_v1_registry = True +#enable_v2_registry = True + +# Limit the api to return `param_limit_max` items in a call to a container. If +# a larger `limit` query param is provided, it will be reduced to this value. +api_limit_max = 1000 + +# If a `limit` query param is not provided in an api request, it will +# default to `limit_param_default` +limit_param_default = 25 + +# Role used to identify an authenticated user as administrator +#admin_role = admin + +# Whether to automatically create the database tables. +# Default: False +#db_auto_create = False + +# Enable DEBUG log messages from sqlalchemy which prints every database +# query and response. +# Default: False +#sqlalchemy_debug = True + +# ================= Syslog Options ============================ + +# Send logs to syslog (/dev/log) instead of to file specified +# by `log_file` +#use_syslog = False + +# Facility to use. If unset defaults to LOG_USER. +#syslog_log_facility = LOG_LOCAL1 + +# ================= SSL Options =============================== + +# Certificate file to use when starting registry server securely +#cert_file = /path/to/certfile + +# Private key file to use when starting registry server securely +#key_file = /path/to/keyfile + +# CA certificate file to use to verify connecting clients +#ca_file = /path/to/cafile + +# ================= Database Options ========================== + +[database] +# The file name to use with SQLite (string value) +sqlite_db = /var/lib/glance/glance.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous = True + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +backend = sqlalchemy + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection = <None> +connection = mysql://glance:{{ GLANCE_DBPASS }}@{{ db_host }}/glance + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode = TRADITIONAL + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout = 3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size = <None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries = 10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval = 10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow = <None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug = 0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout = <None> + +# Enable the experimental use of database reconnect on +# connection lost (boolean value) +#use_db_reconnect = False + +# seconds between db connection retries (integer value) +#db_retry_interval = 1 + +# Whether to increase interval between db connection retries, +# up to db_max_retry_interval (boolean value) +#db_inc_retry_interval = True + +# max seconds between db connection retries, if +# db_inc_retry_interval is enabled (integer value) +#db_max_retry_interval = 10 + +# maximum db connection retries before error is raised. +# (setting -1 implies an infinite retry count) (integer value) +#db_max_retries = 20 + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = glance +admin_password = {{ GLANCE_PASS }} + +[paste_deploy] +# Name of the paste configuration file that defines the available pipelines +#config_file = glance-registry-paste.ini + +# Partial name of a pipeline in your paste configuration file with the +# service name removed. For example, if your paste section name is +# [pipeline:glance-registry-keystone], you would configure the flavor below +# as 'keystone'. +flavor= keystone diff --git a/compass/deploy/ansible/roles/glance/templates/image_upload.sh b/compass/deploy/ansible/roles/glance/templates/image_upload.sh new file mode 100644 index 0000000..9dd1fa8 --- /dev/null +++ b/compass/deploy/ansible/roles/glance/templates/image_upload.sh @@ -0,0 +1,2 @@ +sleep 10 +glance --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ HA_VIP }}:35357/v2.0 image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < /opt/{{ build_in_image_name }} && touch glance.import.completed diff --git a/compass/deploy/ansible/roles/ha/files/galera_chk b/compass/deploy/ansible/roles/ha/files/galera_chk new file mode 100644 index 0000000..9fd165c --- /dev/null +++ b/compass/deploy/ansible/roles/ha/files/galera_chk @@ -0,0 +1,10 @@ +#! /bin/sh + +code=`mysql -uroot -e "show status" | awk '/Threads_running/{print $2}'` + +if [ "$code"=="1" ] +then + echo "HTTP/1.1 200 OK\r\n" +else + echo "HTTP/1.1 503 Service Unavailable\r\n" +fi diff --git a/compass/deploy/ansible/roles/ha/files/mysqlchk b/compass/deploy/ansible/roles/ha/files/mysqlchk new file mode 100644 index 0000000..2c03f19 --- /dev/null +++ b/compass/deploy/ansible/roles/ha/files/mysqlchk @@ -0,0 +1,15 @@ +# default: off +# description: An xinetd internal service which echo's characters back to +# clients. +# This is the tcp version. +service mysqlchk +{ + disable = no + flags = REUSE + socket_type = stream + protocol = tcp + user = root + wait = no + server = /usr/local/bin/galera_chk + port = 9200 +} diff --git a/compass/deploy/ansible/roles/ha/files/notify.sh b/compass/deploy/ansible/roles/ha/files/notify.sh new file mode 100644 index 0000000..5edffe8 --- /dev/null +++ b/compass/deploy/ansible/roles/ha/files/notify.sh @@ -0,0 +1,4 @@ +#!/bin/bash +python /usr/local/bin/failover.py $1 +mysql -uroot -e"flush hosts" +service mysql restart diff --git a/compass/deploy/ansible/roles/ha/handlers/main.yml b/compass/deploy/ansible/roles/ha/handlers/main.yml new file mode 100644 index 0000000..a02c686 --- /dev/null +++ b/compass/deploy/ansible/roles/ha/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: restart haproxy + service: name=haproxy state=restarted enabled=yes + +- name: restart xinetd + service: name=xinetd state=restarted enabled=yes + +- name: restart keepalived + service: name=keepalived state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/ha/tasks/main.yml b/compass/deploy/ansible/roles/ha/tasks/main.yml new file mode 100644 index 0000000..a00c21a --- /dev/null +++ b/compass/deploy/ansible/roles/ha/tasks/main.yml @@ -0,0 +1,94 @@ +--- +- name: install keepalived xinet haproxy + apt: name={{ item }} state=present + with_items: + - keepalived + - xinetd + - haproxy + +- name: generate ha service list + shell: echo {{ item }} >> /opt/service + with_items: + - keepalived + - xinetd + - haproxy + +- name: install pexpect + pip: name=pexpect state=present + +- name: activate ip_nonlocal_bind + sysctl: name=net.ipv4.ip_nonlocal_bind value=1 + state=present reload=yes + +- name: set net.ipv4.tcp_keepalive_intvl + sysctl: name=net.ipv4.tcp_keepalive_intvl value=1 + state=present reload=yes + +- name: set net.ipv4.tcp_keepalive_probes + sysctl: name=net.ipv4.tcp_keepalive_probes value=5 + state=present reload=yes + +- name: set net.ipv4.tcp_keepalive_time + sysctl: name=net.ipv4.tcp_keepalive_time value=5 + state=present reload=yes + +- name: update haproxy cfg + template: src=haproxy.cfg dest=/etc/haproxy/haproxy.cfg + notify: restart haproxy + +- name: set haproxy enable flag + lineinfile: dest=/etc/default/haproxy state=present + regexp="ENABLED=*" + line="ENABLED=1" + notify: restart haproxy + +- name: set haproxy log + lineinfile: dest=/etc/rsyslog.conf state=present + regexp="local0.* /var/log/haproxy.log" + line="local0.* /var/log/haproxy.log" + +- name: set rsyslog udp module + lineinfile: dest=/etc/rsyslog.conf state=present + regexp="^#$ModLoad imudp" + line="$ModLoad imudp" + +- name: set rsyslog udp port + lineinfile: dest=/etc/rsyslog.conf state=present + regexp="^#$UDPServerRun 514" + line="$UDPServerRun 514" + +- name: copy galera_chk file + copy: src=galera_chk dest=/usr/local/bin/galera_chk mode=0777 + +- name: copy notify file + copy: src=notify.sh dest=/usr/local/bin/notify.sh mode=0777 + +- name: copy notify template file + template: src=failover.j2 dest=/usr/local/bin/failover.py mode=0777 + +- name: add network service + lineinfile: dest=/etc/services state=present + line="mysqlchk 9200/tcp" + insertafter="Local services" + notify: restart xinetd + +- name: copy mysqlchk file + copy: src=mysqlchk dest=/etc/xinetd.d/mysqlchk mode=0777 + notify: restart xinetd + +- name: set keepalived start param + lineinfile: dest=/etc/default/keepalived state=present + regexp="^DAEMON_ARGS=*" + line="DAEMON_ARGS=\"-D -d -S 1\"" + +- name: set keepalived log + lineinfile: dest=/etc/rsyslog.conf state=present + regexp="local1.* /var/log/keepalived.log" + line="local1.* /var/log/keepalived.log" + +- name: update keepalived info + template: src=keepalived.conf dest=/etc/keepalived/keepalived.conf + notify: restart keepalived + +- name: restart rsyslog + shell: service rsyslog restart diff --git a/compass/deploy/ansible/roles/ha/templates/failover.j2 b/compass/deploy/ansible/roles/ha/templates/failover.j2 new file mode 100644 index 0000000..b03c737 --- /dev/null +++ b/compass/deploy/ansible/roles/ha/templates/failover.j2 @@ -0,0 +1,65 @@ +import ConfigParser, os, socket +import logging as LOG +import pxssh +import sys +import re + +LOG_FILE="/var/log/mysql_failover" +try: + os.remove(LOG_FILE) +except: + pass + +LOG.basicConfig(format='%(asctime)s %(message)s', datefmt='%m/%d/%Y %I:%M:%S %p', filename=LOG_FILE,level=LOG.DEBUG) +ha_vip = {{ HA_VIP }} +LOG.info("ha_vip: %s" % ha_vip) + +#ha_vip = "10.1.0.50" +galera_path = '/etc/mysql/conf.d/wsrep.cnf' +pattern = re.compile(r"gcomm://(?P<prev_ip>.*)") + +def ssh_get_hostname(ip): + try: + s = pxssh.pxssh() + s.login("%s" % ip, "root", "root") + s.sendline('hostname') # run a command + s.prompt() # match the prompt + result = s.before.strip() # print everything before the prompt. + return result.split(os.linesep)[1] + except pxssh.ExceptionPxssh as e: + LOG.error("pxssh failed on login.") + raise + +def failover(mode): + config = ConfigParser.ConfigParser() + config.optionxform = str + config.readfp(open(galera_path)) + wsrep_cluster_address = config.get("mysqld", "wsrep_cluster_address") + wsrep_cluster_address = pattern.match(wsrep_cluster_address).groupdict()["prev_ip"] + + LOG.info("old wsrep_cluster_address = %s" % wsrep_cluster_address) + + if mode == "master": + # refresh wsrep_cluster_address to null + LOG.info("I'm being master, set wsrep_cluster_address to null") + wsrep_cluster_address = "" + + elif mode == "backup": + # refresh wsrep_cluster_address to master int ip + hostname = ssh_get_hostname(ha_vip) + wsrep_cluster_address = socket.gethostbyname(hostname) + LOG.info("I'm being slave, set wsrep_cluster_address to master internal ip") + + LOG.info("new wsrep_cluster_address = %s" % wsrep_cluster_address) + wsrep_cluster_address = "gcomm://%s" % wsrep_cluster_address + config.set("mysqld", "wsrep_cluster_address", wsrep_cluster_address) + with open(galera_path, 'wb') as fp: + #config.write(sys.stdout) + config.write(fp) + + os.system("service mysql restart") + LOG.info("failover success!!!") + +if __name__ == "__main__": + LOG.debug("call me: %s" % sys.argv) + failover(sys.argv[1]) diff --git a/compass/deploy/ansible/roles/ha/templates/haproxy.cfg b/compass/deploy/ansible/roles/ha/templates/haproxy.cfg new file mode 100644 index 0000000..4ed528a --- /dev/null +++ b/compass/deploy/ansible/roles/ha/templates/haproxy.cfg @@ -0,0 +1,133 @@ + +global + #chroot /var/run/haproxy + daemon + user haproxy + group haproxy + maxconn 4000 + pidfile /var/run/haproxy/haproxy.pid + #log 127.0.0.1 local0 + tune.bufsize 1000000 + stats socket /var/run/haproxy.sock + stats timeout 2m + +defaults + log global + maxconn 8000 + option redispatch + option dontlognull + option splice-auto + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 6m + timeout server 6m + timeout check 10s + retries 5 + +listen proxy-glance_registry_cluster + bind {{ HA_VIP }}:9191 + option tcpka + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9191 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-glance_api_cluster + bind {{ HA_VIP }}:9292 + option tcpka + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9292 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-nova-novncproxy + bind {{ HA_VIP }}:6080 + option tcpka + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:6080 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-network + bind {{ HA_VIP }}:9696 + option tcpka + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:9696 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-volume + bind {{ HA_VIP }}:8776 + option tcpka + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8776 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-keystone_admin_cluster + bind {{ HA_VIP }}:35357 + option tcpka + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:35357 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-keystone_public_internal_cluster + bind {{ HA_VIP }}:5000 + option tcpka + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:5000 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-nova_compute_api_cluster + bind {{ HA_VIP }}:8774 + mode tcp + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8774 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-nova_metadata_api_cluster + bind {{ HA_VIP }}:8775 + option tcpka + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8775 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen proxy-cinder_api_cluster + bind {{ HA_VIP }}:8776 + mode tcp + option httpchk + option tcplog + balance source +{% for host in groups['controller'] %} + server {{ host }} {{ hostvars[host]['ansible_' + INTERNAL_INTERFACE].ipv4.address }}:8776 weight 1 check inter 2000 rise 2 fall 5 +{% endfor %} + +listen stats + mode http + bind 0.0.0.0:8888 + stats enable + stats refresh 30s + stats uri / + stats realm Global\ statistics + stats auth admin:admin + + diff --git a/compass/deploy/ansible/roles/ha/templates/keepalived.conf b/compass/deploy/ansible/roles/ha/templates/keepalived.conf new file mode 100644 index 0000000..0b49137 --- /dev/null +++ b/compass/deploy/ansible/roles/ha/templates/keepalived.conf @@ -0,0 +1,42 @@ +global_defs { + + notification_email{ + root@huawei.com + } + + notification_email_from keepalived@huawei.com + + smtp_server localhost + + smtp_connect_timeout 30 + + router_id NodeA + +} + +vrrp_instance VI_1 { + + interface {{ INTERNAL_INTERFACE }} + virtual_router_id 51 + state BACKUP + nopreempt + advert_int 1 +{% for host in groups['controller'] %} +{% if host == inventory_hostname %} + priority {{ 100 - loop.index0 * 5 }} +{% endif %} +{% endfor %} + + authentication { + auth_type PASS + auth_pass 1111 + } + + virtual_ipaddress { + {{ HA_VIP }} dev {{ INTERNAL_INTERFACE }} + } + + notify_master "/usr/local/bin/notify.sh master" + notify_backup "/usr/local/bin/notify.sh backup" +} + diff --git a/compass/deploy/ansible/roles/keystone/tasks/keystone_config.yml b/compass/deploy/ansible/roles/keystone/tasks/keystone_config.yml new file mode 100644 index 0000000..3203b26 --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/tasks/keystone_config.yml @@ -0,0 +1,16 @@ +--- +- name: keystone-manage db-sync + shell: su -s /bin/sh -c "keystone-manage db_sync" + register: result + until: result.rc == 0 + retries: 5 + delay: 3 + +- name: place keystone init script under /opt/ + template: src=keystone_init dest=/opt/keystone_init mode=0744 + +- name: run keystone_init + shell: /opt/keystone_init && touch keystone_init_complete || keystone_init_failed + args: + creates: keystone_init_complete + diff --git a/compass/deploy/ansible/roles/keystone/tasks/keystone_install.yml b/compass/deploy/ansible/roles/keystone/tasks/keystone_install.yml new file mode 100644 index 0000000..e69c069 --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/tasks/keystone_install.yml @@ -0,0 +1,29 @@ +--- +- name: install keystone packages + apt: name=keystone state=present force=yes + +- name: generate keystone service list + shell: echo {{ item }} >> /opt/service + with_items: + - keystone + +- name: update keystone conf + template: src=keystone.conf dest=/etc/keystone/keystone.conf backup=yes + +- name: delete sqlite database + shell: rm /var/lib/keystone/keystone.db || echo sqllite database already removed + +- name: cron job to purge expired tokens hourly + shell: (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush > /var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/crontabs/keystone + +- name: modify keystone cron rights + file: path=/var/spool/cron/crontabs/keystone mode=0600 + +- name: keystone source files + template: src={{ item }} dest=/opt/{{ item }} + with_items: + - admin-openrc.sh + - demo-openrc.sh + +- name: manually start keystone + service: name=keystone state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/keystone/tasks/main.yml b/compass/deploy/ansible/roles/keystone/tasks/main.yml new file mode 100644 index 0000000..2f36e91 --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- include: keystone_install.yml + tags: + - install + - keystone_install + - keystone + +- include: keystone_config.yml + when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == '' + tags: + - config + - keystone_config + - keystone diff --git a/compass/deploy/ansible/roles/keystone/templates/admin-openrc.sh b/compass/deploy/ansible/roles/keystone/templates/admin-openrc.sh new file mode 100644 index 0000000..f2e0d61 --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/templates/admin-openrc.sh @@ -0,0 +1,6 @@ +# Verify the Identity Service installation +export OS_PASSWORD={{ ADMIN_PASS }} +export OS_TENANT_NAME=admin +export OS_AUTH_URL=http://{{ HA_VIP }}:35357/v2.0 +export OS_USERNAME=ADMIN + diff --git a/compass/deploy/ansible/roles/keystone/templates/demo-openrc.sh b/compass/deploy/ansible/roles/keystone/templates/demo-openrc.sh new file mode 100644 index 0000000..8bdc51b --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/templates/demo-openrc.sh @@ -0,0 +1,5 @@ +export OS_USERNAME=demo +export OS_PASSWORD={{ DEMO_PASS }} +export OS_TENANT_NAME=demo +export OS_AUTH_URL=http://{{ HA_VIP }}:35357/v2.0 + diff --git a/compass/deploy/ansible/roles/keystone/templates/keystone.conf b/compass/deploy/ansible/roles/keystone/templates/keystone.conf new file mode 100644 index 0000000..fc8bf1f --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/templates/keystone.conf @@ -0,0 +1,1317 @@ +[DEFAULT] + +admin_token={{ ADMIN_TOKEN }} + +public_bind_host= {{ identity_host }} + +admin_bind_host= {{ identity_host }} + +#compute_port=8774 + +#admin_port=35357 + +#public_port=5000 + +# The base public endpoint URL for keystone that are +# advertised to clients (NOTE: this does NOT affect how +# keystone listens for connections) (string value). +# Defaults to the base host URL of the request. Eg a +# request to http://server:5000/v2.0/users will +# default to http://server:5000. You should only need +# to set this value if the base URL contains a path +# (eg /prefix/v2.0) or the endpoint should be found on +# a different server. +#public_endpoint=http://localhost:%(public_port)s/ + +# The base admin endpoint URL for keystone that are advertised +# to clients (NOTE: this does NOT affect how keystone listens +# for connections) (string value). +# Defaults to the base host URL of the request. Eg a +# request to http://server:35357/v2.0/users will +# default to http://server:35357. You should only need +# to set this value if the base URL contains a path +# (eg /prefix/v2.0) or the endpoint should be found on +# a different server. +#admin_endpoint=http://localhost:%(admin_port)s/ + +# onready allows you to send a notification when the process +# is ready to serve For example, to have it notify using +# systemd, one could set shell command: "onready = systemd- +# notify --ready" or a module with notify() method: "onready = +# keystone.common.systemd". (string value) +#onready=<None> + +# enforced by optional sizelimit middleware +# (keystone.middleware:RequestBodySizeLimiter). (integer +# value) +#max_request_body_size=114688 + +# limit the sizes of user & tenant ID/names. (integer value) +#max_param_size=64 + +# similar to max_param_size, but provides an exception for +# token values. (integer value) +#max_token_size=8192 + +# During a SQL upgrade member_role_id will be used to create a +# new role that will replace records in the +# user_tenant_membership table with explicit role grants. +# After migration, the member_role_id will be used in the API +# add_user_to_project. (string value) +#member_role_id=9fe2ff9ee4384b1894a90878d3e92bab + +# During a SQL upgrade member_role_id will be used to create a +# new role that will replace records in the +# user_tenant_membership table with explicit role grants. +# After migration, member_role_name will be ignored. (string +# value) +#member_role_name=_member_ + +# The value passed as the keyword "rounds" to passlib encrypt +# method. (integer value) +#crypt_strength=40000 + +# Set this to True if you want to enable TCP_KEEPALIVE on +# server sockets i.e. sockets used by the keystone wsgi server +# for client connections. (boolean value) +#tcp_keepalive=false + +# Sets the value of TCP_KEEPIDLE in seconds for each server +# socket. Only applies if tcp_keepalive is True. Not supported +# on OS X. (integer value) +#tcp_keepidle=600 + +# The maximum number of entities that will be returned in a +# collection can be set with list_limit, with no limit set by +# default. This global limit may be then overridden for a +# specific driver, by specifying a list_limit in the +# appropriate section (e.g. [assignment]). (integer value) +#list_limit=<None> + +# Set this to false if you want to enable the ability for +# user, group and project entities to be moved between domains +# by updating their domain_id. Allowing such movement is not +# recommended if the scope of a domain admin is being +# restricted by use of an appropriate policy file (see +# policy.v3cloudsample as an example). (boolean value) +#domain_id_immutable=true + + +# +# Options defined in oslo.messaging +# + +# Use durable queues in amqp. (boolean value) +# Deprecated group/name - [DEFAULT]/rabbit_durable_queues +#amqp_durable_queues=false + +# Auto-delete queues in amqp. (boolean value) +#amqp_auto_delete=false + +# Size of RPC connection pool. (integer value) +#rpc_conn_pool_size=30 + +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. (list value) +#allowed_rpc_exception_modules=oslo.messaging.exceptions,nova.exception,cinder.exception,exceptions +# Qpid broker hostname. (string value) +#qpid_hostname=localhost + +# Qpid broker port. (integer value) +#qpid_port=5672 + +# Qpid HA cluster host:port pairs. (list value) +#qpid_hosts=$qpid_hostname:$qpid_port + +# Username for Qpid connection. (string value) +#qpid_username= + +# Password for Qpid connection. (string value) +#qpid_password= + +# Space separated list of SASL mechanisms to use for auth. +# (string value) +#qpid_sasl_mechanisms= + +# Seconds between connection keepalive heartbeats. (integer +# value) +#qpid_heartbeat=60 + +# Transport to use, either 'tcp' or 'ssl'. (string value) +#qpid_protocol=tcp + +# Whether to disable the Nagle algorithm. (boolean value) +#qpid_tcp_nodelay=true + +# The qpid topology version to use. Version 1 is what was +# originally used by impl_qpid. Version 2 includes some +# backwards-incompatible changes that allow broker federation +# to work. Users should update to version 2 when they are +# able to take everything down, as it requires a clean break. +# (integer value) +#qpid_topology_version=1 + +# SSL version to use (valid only if SSL enabled). valid values +# are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some +# distributions. (string value) +#kombu_ssl_version= + +# SSL key file (valid only if SSL enabled). (string value) +#kombu_ssl_keyfile= + +# SSL cert file (valid only if SSL enabled). (string value) +#kombu_ssl_certfile= + +# SSL certification authority file (valid only if SSL +# enabled). (string value) +#kombu_ssl_ca_certs= + +# How long to wait before reconnecting in response to an AMQP +# consumer cancel notification. (floating point value) +#kombu_reconnect_delay=1.0 + +# The RabbitMQ broker address where a single node is used. +# (string value) +#rabbit_host=localhost + +# The RabbitMQ broker port where a single node is used. +# (integer value) +#rabbit_port=5672 + +# RabbitMQ HA cluster host:port pairs. (list value) +#rabbit_hosts=$rabbit_host:$rabbit_port + +# Connect over SSL for RabbitMQ. (boolean value) +#rabbit_use_ssl=false + +# The RabbitMQ userid. (string value) +rabbit_userid={{ RABBIT_USER }} + +# The RabbitMQ password. (string value) +rabbit_password={{ RABBIT_PASS }} + +# the RabbitMQ login method (string value) +#rabbit_login_method=AMQPLAIN + +# The RabbitMQ virtual host. (string value) +#rabbit_virtual_host=/ + +# How frequently to retry connecting with RabbitMQ. (integer +# value) +#rabbit_retry_interval=1 + +# How long to backoff for between retries when connecting to +# RabbitMQ. (integer value) +#rabbit_retry_backoff=2 + +# Maximum number of RabbitMQ connection retries. Default is 0 +# (infinite retry count). (integer value) +#rabbit_max_retries=0 + +# Use HA queues in RabbitMQ (x-ha-policy: all). If you change +# this option, you must wipe the RabbitMQ database. (boolean +# value) +#rabbit_ha_queues=false + +# If passed, use a fake RabbitMQ provider. (boolean value) +#fake_rabbit=false + +# ZeroMQ bind address. Should be a wildcard (*), an ethernet +# interface, or IP. The "host" option should point or resolve +# to this address. (string value) +#rpc_zmq_bind_address=* + +# MatchMaker driver. (string value) +#rpc_zmq_matchmaker=oslo.messaging._drivers.matchmaker.MatchMakerLocalhost + +# ZeroMQ receiver listening port. (integer value) +#rpc_zmq_port=9501 + +# Number of ZeroMQ contexts, defaults to 1. (integer value) +#rpc_zmq_contexts=1 + +# Maximum number of ingress messages to locally buffer per +# topic. Default is unlimited. (integer value) +#rpc_zmq_topic_backlog=<None> + +# Directory for holding IPC sockets. (string value) +#rpc_zmq_ipc_dir=/var/run/openstack + +# Name of this node. Must be a valid hostname, FQDN, or IP +# address. Must match "host" option, if running Nova. (string +# value) +#rpc_zmq_host=keystone + +# Seconds to wait before a cast expires (TTL). Only supported +# by impl_zmq. (integer value) +#rpc_cast_timeout=30 + +# Heartbeat frequency. (integer value) +#matchmaker_heartbeat_freq=300 + +# Heartbeat time-to-live. (integer value) +#matchmaker_heartbeat_ttl=600 + +# Host to locate redis. (string value) +#host=127.0.0.1 + +# Use this port to connect to redis host. (integer value) +#port=6379 + +# Password for Redis server (optional). (string value) +#password=<None> + +# Size of RPC greenthread pool. (integer value) +#rpc_thread_pool_size=64 + +# Driver or drivers to handle sending notifications. (multi +# valued) +#notification_driver= + +# AMQP topic used for OpenStack notifications. (list value) +# Deprecated group/name - [rpc_notifier2]/topics +#notification_topics=notifications + +# Seconds to wait for a response from a call. (integer value) +#rpc_response_timeout=60 + +# A URL representing the messaging driver to use and its full +# configuration. If not set, we fall back to the rpc_backend +# option and driver specific configuration. (string value) +#transport_url=<None> + +# The messaging driver to use, defaults to rabbit. Other +# drivers include qpid and zmq. (string value) +#rpc_backend=rabbit + +# The default exchange under which topics are scoped. May be +# overridden by an exchange name specified in the +# transport_url option. (string value) +#control_exchange=openstack + + +# +# Options defined in keystone.notifications +# + +# Default publisher_id for outgoing notifications (string +# value) +#default_publisher_id=<None> + + +# +# Options defined in keystone.middleware.ec2_token +# + +# URL to get token from ec2 request. (string value) +#keystone_ec2_url=http://localhost:5000/v2.0/ec2tokens + +# Required if EC2 server requires client certificate. (string +# value) +#keystone_ec2_keyfile=<None> + +# Client certificate key filename. Required if EC2 server +# requires client certificate. (string value) +#keystone_ec2_certfile=<None> + +# A PEM encoded certificate authority to use when verifying +# HTTPS connections. Defaults to the system CAs. (string +# value) +#keystone_ec2_cafile=<None> + +# Disable SSL certificate verification. (boolean value) +#keystone_ec2_insecure=false + + +# +# Options defined in keystone.openstack.common.eventlet_backdoor +# + +# Enable eventlet backdoor. Acceptable values are 0, <port>, +# and <start>:<end>, where 0 results in listening on a random +# tcp port number; <port> results in listening on the +# specified port number (and not enabling backdoor if that +# port is in use); and <start>:<end> results in listening on +# the smallest unused port number within the specified range +# of port numbers. The chosen port is displayed in the +# service's log file. (string value) +#backdoor_port=<None> + + +# +# Options defined in keystone.openstack.common.lockutils +# + +# Whether to disable inter-process locks (boolean value) +#disable_process_locking=false + +# Directory to use for lock files. (string value) +#lock_path=<None> + + +# +# Options defined in keystone.openstack.common.log +# + +# Print debugging output (set logging level to DEBUG instead +# of default WARNING level). (boolean value) +debug={{ DEBUG }} + +# Print more verbose output (set logging level to INFO instead +# of default WARNING level). (boolean value) +verbose={{ VERBOSE }} + +# Log output to standard error (boolean value) +#use_stderr=true + +# Format string to use for log messages with context (string +# value) +#logging_context_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s + +# Format string to use for log messages without context +# (string value) +#logging_default_format_string=%(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [-] %(instance)s%(message)s + +# Data to append to log format when level is DEBUG (string +# value) +#logging_debug_format_suffix=%(funcName)s %(pathname)s:%(lineno)d + +# Prefix each line of exception output with this format +# (string value) +#logging_exception_prefix=%(asctime)s.%(msecs)03d %(process)d TRACE %(name)s %(instance)s + +# List of logger=LEVEL pairs (list value) +#default_log_levels=amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN + +# Publish error events (boolean value) +#publish_errors=false + +# Make deprecations fatal (boolean value) +#fatal_deprecations=false + +# If an instance is passed with the log message, format it +# like this (string value) +#instance_format="[instance: %(uuid)s] " + +# If an instance UUID is passed with the log message, format +# it like this (string value) +#instance_uuid_format="[instance: %(uuid)s] " + +# The name of logging configuration file. It does not disable +# existing loggers, but just appends specified logging +# configuration to any other existing logging options. Please +# see the Python logging module documentation for details on +# logging configuration files. (string value) +# Deprecated group/name - [DEFAULT]/log_config +#log_config_append=<None> + +# DEPRECATED. A logging.Formatter log message format string +# which may use any of the available logging.LogRecord +# attributes. This option is deprecated. Please use +# logging_context_format_string and +# logging_default_format_string instead. (string value) +#log_format=<None> + +# Format string for %%(asctime)s in log records. Default: +# %(default)s (string value) +#log_date_format=%Y-%m-%d %H:%M:%S + +# (Optional) Name of log file to output to. If no default is +# set, logging will go to stdout. (string value) +# Deprecated group/name - [DEFAULT]/logfile +#log_file=<None> + +# (Optional) The base directory used for relative --log-file +# paths (string value) +# Deprecated group/name - [DEFAULT]/logdir +log_dir = /var/log/keystone + +# Use syslog for logging. Existing syslog format is DEPRECATED +# during I, and then will be changed in J to honor RFC5424 +# (boolean value) +#use_syslog=false + +# (Optional) Use syslog rfc5424 format for logging. If +# enabled, will add APP-NAME (RFC5424) before the MSG part of +# the syslog message. The old format without APP-NAME is +# deprecated in I, and will be removed in J. (boolean value) +#use_syslog_rfc_format=false + +# Syslog facility to receive log lines (string value) +#syslog_log_facility=LOG_USER + + +# +# Options defined in keystone.openstack.common.policy +# + +# JSON file containing policy (string value) +#policy_file=policy.json + +# Rule enforced when requested rule is not found (string +# value) +#policy_default_rule=default + + +[assignment] + +# +# Options defined in keystone +# + +# Keystone Assignment backend driver. (string value) +#driver=<None> + +# Toggle for assignment caching. This has no effect unless +# global caching is enabled. (boolean value) +#caching=true + +# TTL (in seconds) to cache assignment data. This has no +# effect unless global caching is enabled. (integer value) +#cache_time=<None> + +# Maximum number of entities that will be returned in an +# assignment collection. (integer value) +#list_limit=<None> + + +[auth] + +# +# Options defined in keystone +# + +# Default auth methods. (list value) +#methods=external,password,token + +# The password auth plugin module. (string value) +#password=keystone.auth.plugins.password.Password + +# The token auth plugin module. (string value) +#token=keystone.auth.plugins.token.Token + +# The external (REMOTE_USER) auth plugin module. (string +# value) +#external=keystone.auth.plugins.external.DefaultDomain + + +[cache] + +# +# Options defined in keystone +# + +# Prefix for building the configuration dictionary for the +# cache region. This should not need to be changed unless +# there is another dogpile.cache region with the same +# configuration name. (string value) +#config_prefix=cache.keystone + +# Default TTL, in seconds, for any cached item in the +# dogpile.cache region. This applies to any cached method that +# doesn't have an explicit cache expiration time defined for +# it. (integer value) +#expiration_time=600 + +# Dogpile.cache backend module. It is recommended that +# Memcache (dogpile.cache.memcache) or Redis +# (dogpile.cache.redis) be used in production deployments. +# Small workloads (single process) like devstack can use the +# dogpile.cache.memory backend. (string value) +#backend=keystone.common.cache.noop + +# Use a key-mangling function (sha1) to ensure fixed length +# cache-keys. This is toggle-able for debugging purposes, it +# is highly recommended to always leave this set to True. +# (boolean value) +#use_key_mangler=true + +# Arguments supplied to the backend module. Specify this +# option once per argument to be passed to the dogpile.cache +# backend. Example format: "<argname>:<value>". (multi valued) +#backend_argument= + +# Proxy Classes to import that will affect the way the +# dogpile.cache backend functions. See the dogpile.cache +# documentation on changing-backend-behavior. Comma delimited +# list e.g. my.dogpile.proxy.Class, my.dogpile.proxyClass2. +# (list value) +#proxies= + +# Global toggle for all caching using the should_cache_fn +# mechanism. (boolean value) +#enabled=false + +# Extra debugging from the cache backend (cache keys, +# get/set/delete/etc calls) This is only really useful if you +# need to see the specific cache-backend get/set/delete calls +# with the keys/values. Typically this should be left set to +# False. (boolean value) +#debug_cache_backend=false + + +[catalog] + +# +# Options defined in keystone +# + +# Catalog template file name for use with the template catalog +# backend. (string value) +#template_file=default_catalog.templates + +# Keystone catalog backend driver. (string value) +#driver=keystone.catalog.backends.sql.Catalog + +# Maximum number of entities that will be returned in a +# catalog collection. (integer value) +#list_limit=<None> + + +[credential] + +# +# Options defined in keystone +# + +# Keystone Credential backend driver. (string value) +#driver=keystone.credential.backends.sql.Credential + + +[database] + +# +# Options defined in keystone.openstack.common.db.options +# + +# The file name to use with SQLite (string value) +#sqlite_db=keystone.sqlite + +# If True, SQLite uses synchronous mode (boolean value) +#sqlite_synchronous=true + +# The backend to use for db (string value) +# Deprecated group/name - [DEFAULT]/db_backend +#backend=sqlalchemy + +# The SQLAlchemy connection string used to connect to the +# database (string value) +# Deprecated group/name - [DEFAULT]/sql_connection +# Deprecated group/name - [DATABASE]/sql_connection +# Deprecated group/name - [sql]/connection +#connection=<None> +connection = mysql://keystone:{{ KEYSTONE_DBPASS }}@{{ db_host }}/keystone + +# The SQL mode to be used for MySQL sessions. This option, +# including the default, overrides any server-set SQL mode. To +# use whatever SQL mode is set by the server configuration, +# set this to no value. Example: mysql_sql_mode= (string +# value) +#mysql_sql_mode=TRADITIONAL + +# Timeout before idle sql connections are reaped (integer +# value) +# Deprecated group/name - [DEFAULT]/sql_idle_timeout +# Deprecated group/name - [DATABASE]/sql_idle_timeout +# Deprecated group/name - [sql]/idle_timeout +#idle_timeout=3600 + +# Minimum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_min_pool_size +# Deprecated group/name - [DATABASE]/sql_min_pool_size +#min_pool_size=1 + +# Maximum number of SQL connections to keep open in a pool +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_pool_size +# Deprecated group/name - [DATABASE]/sql_max_pool_size +#max_pool_size=<None> + +# Maximum db connection retries during startup. (setting -1 +# implies an infinite retry count) (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_retries +# Deprecated group/name - [DATABASE]/sql_max_retries +#max_retries=10 + +# Interval between retries of opening a sql connection +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_retry_interval +# Deprecated group/name - [DATABASE]/reconnect_interval +#retry_interval=10 + +# If set, use this value for max_overflow with sqlalchemy +# (integer value) +# Deprecated group/name - [DEFAULT]/sql_max_overflow +# Deprecated group/name - [DATABASE]/sqlalchemy_max_overflow +#max_overflow=<None> + +# Verbosity of SQL debugging information. 0=None, +# 100=Everything (integer value) +# Deprecated group/name - [DEFAULT]/sql_connection_debug +#connection_debug=0 + +# Add python stack traces to SQL as comment strings (boolean +# value) +# Deprecated group/name - [DEFAULT]/sql_connection_trace +#connection_trace=false + +# If set, use this value for pool_timeout with sqlalchemy +# (integer value) +# Deprecated group/name - [DATABASE]/sqlalchemy_pool_timeout +#pool_timeout=<None> + +# Enable the experimental use of database reconnect on +# connection lost (boolean value) +#use_db_reconnect=false + +# seconds between db connection retries (integer value) +#db_retry_interval=1 + +# Whether to increase interval between db connection retries, +# up to db_max_retry_interval (boolean value) +#db_inc_retry_interval=true + +# max seconds between db connection retries, if +# db_inc_retry_interval is enabled (integer value) +#db_max_retry_interval=10 + +# maximum db connection retries before error is raised. +# (setting -1 implies an infinite retry count) (integer value) +#db_max_retries=20 + + +[ec2] + +# +# Options defined in keystone +# + +# Keystone EC2Credential backend driver. (string value) +#driver=keystone.contrib.ec2.backends.kvs.Ec2 + + +[endpoint_filter] + +# +# Options defined in keystone +# + +# Keystone Endpoint Filter backend driver (string value) +#driver=keystone.contrib.endpoint_filter.backends.sql.EndpointFilter + +# Toggle to return all active endpoints if no filter exists. +# (boolean value) +#return_all_endpoints_if_no_filter=true + + +[federation] + +# +# Options defined in keystone +# + +# Keystone Federation backend driver. (string value) +#driver=keystone.contrib.federation.backends.sql.Federation + +# Value to be used when filtering assertion parameters from +# the environment. (string value) +#assertion_prefix= + + +[identity] + +# +# Options defined in keystone +# + +# This references the domain to use for all Identity API v2 +# requests (which are not aware of domains). A domain with +# this ID will be created for you by keystone-manage db_sync +# in migration 008. The domain referenced by this ID cannot +# be deleted on the v3 API, to prevent accidentally breaking +# the v2 API. There is nothing special about this domain, +# other than the fact that it must exist to order to maintain +# support for your v2 clients. (string value) +#default_domain_id=default + +# A subset (or all) of domains can have their own identity +# driver, each with their own partial configuration file in a +# domain configuration directory. Only values specific to the +# domain need to be placed in the domain specific +# configuration file. This feature is disabled by default; set +# to True to enable. (boolean value) +#domain_specific_drivers_enabled=false + +# Path for Keystone to locate the domain specificidentity +# configuration files if domain_specific_drivers_enabled is +# set to true. (string value) +#domain_config_dir=/etc/keystone/domains + +# Keystone Identity backend driver. (string value) +#driver=keystone.identity.backends.sql.Identity + +# Maximum supported length for user passwords; decrease to +# improve performance. (integer value) +#max_password_length=4096 + +# Maximum number of entities that will be returned in an +# identity collection. (integer value) +#list_limit=<None> + + +[kvs] + +# +# Options defined in keystone +# + +# Extra dogpile.cache backend modules to register with the +# dogpile.cache library. (list value) +#backends= + +# Prefix for building the configuration dictionary for the KVS +# region. This should not need to be changed unless there is +# another dogpile.cache region with the same configuration +# name. (string value) +#config_prefix=keystone.kvs + +# Toggle to disable using a key-mangling function to ensure +# fixed length keys. This is toggle-able for debugging +# purposes, it is highly recommended to always leave this set +# to True. (boolean value) +#enable_key_mangler=true + +# Default lock timeout for distributed locking. (integer +# value) +#default_lock_timeout=5 + + +[ldap] + +# +# Options defined in keystone +# + +# URL for connecting to the LDAP server. (string value) +#url=ldap://localhost + +# User BindDN to query the LDAP server. (string value) +#user=<None> + +# Password for the BindDN to query the LDAP server. (string +# value) +#password=<None> + +# LDAP server suffix (string value) +#suffix=cn=example,cn=com + +# If true, will add a dummy member to groups. This is required +# if the objectclass for groups requires the "member" +# attribute. (boolean value) +#use_dumb_member=false + +# DN of the "dummy member" to use when "use_dumb_member" is +# enabled. (string value) +#dumb_member=cn=dumb,dc=nonexistent + +# allow deleting subtrees. (boolean value) +#allow_subtree_delete=false + +# The LDAP scope for queries, this can be either "one" +# (onelevel/singleLevel) or "sub" (subtree/wholeSubtree). +# (string value) +#query_scope=one + +# Maximum results per page; a value of zero ("0") disables +# paging. (integer value) +#page_size=0 + +# The LDAP dereferencing option for queries. This can be +# either "never", "searching", "always", "finding" or +# "default". The "default" option falls back to using default +# dereferencing configured by your ldap.conf. (string value) +#alias_dereferencing=default + +# Override the system's default referral chasing behavior for +# queries. (boolean value) +#chase_referrals=<None> + +# Search base for users. (string value) +#user_tree_dn=<None> + +# LDAP search filter for users. (string value) +#user_filter=<None> + +# LDAP objectClass for users. (string value) +#user_objectclass=inetOrgPerson + +# LDAP attribute mapped to user id. (string value) +#user_id_attribute=cn + +# LDAP attribute mapped to user name. (string value) +#user_name_attribute=sn + +# LDAP attribute mapped to user email. (string value) +#user_mail_attribute=email + +# LDAP attribute mapped to password. (string value) +#user_pass_attribute=userPassword + +# LDAP attribute mapped to user enabled flag. (string value) +#user_enabled_attribute=enabled + +# Bitmask integer to indicate the bit that the enabled value +# is stored in if the LDAP server represents "enabled" as a +# bit on an integer rather than a boolean. A value of "0" +# indicates the mask is not used. If this is not set to "0" +# the typical value is "2". This is typically used when +# "user_enabled_attribute = userAccountControl". (integer +# value) +#user_enabled_mask=0 + +# Default value to enable users. This should match an +# appropriate int value if the LDAP server uses non-boolean +# (bitmask) values to indicate if a user is enabled or +# disabled. If this is not set to "True"the typical value is +# "512". This is typically used when "user_enabled_attribute = +# userAccountControl". (string value) +#user_enabled_default=True + +# List of attributes stripped off the user on update. (list +# value) +#user_attribute_ignore=default_project_id,tenants + +# LDAP attribute mapped to default_project_id for users. +# (string value) +#user_default_project_id_attribute=<None> + +# Allow user creation in LDAP backend. (boolean value) +#user_allow_create=true + +# Allow user updates in LDAP backend. (boolean value) +#user_allow_update=true + +# Allow user deletion in LDAP backend. (boolean value) +#user_allow_delete=true + +# If True, Keystone uses an alternative method to determine if +# a user is enabled or not by checking if they are a member of +# the "user_enabled_emulation_dn" group. (boolean value) +#user_enabled_emulation=false + +# DN of the group entry to hold enabled users when using +# enabled emulation. (string value) +#user_enabled_emulation_dn=<None> + +# List of additional LDAP attributes used for mapping +# Additional attribute mappings for users. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#user_additional_attribute_mapping= + +# Search base for projects (string value) +#tenant_tree_dn=<None> + +# LDAP search filter for projects. (string value) +#tenant_filter=<None> + +# LDAP objectClass for projects. (string value) +#tenant_objectclass=groupOfNames + +# LDAP attribute mapped to project id. (string value) +#tenant_id_attribute=cn + +# LDAP attribute mapped to project membership for user. +# (string value) +#tenant_member_attribute=member + +# LDAP attribute mapped to project name. (string value) +#tenant_name_attribute=ou + +# LDAP attribute mapped to project description. (string value) +#tenant_desc_attribute=description + +# LDAP attribute mapped to project enabled. (string value) +#tenant_enabled_attribute=enabled + +# LDAP attribute mapped to project domain_id. (string value) +#tenant_domain_id_attribute=businessCategory + +# List of attributes stripped off the project on update. (list +# value) +#tenant_attribute_ignore= + +# Allow tenant creation in LDAP backend. (boolean value) +#tenant_allow_create=true + +# Allow tenant update in LDAP backend. (boolean value) +#tenant_allow_update=true + +# Allow tenant deletion in LDAP backend. (boolean value) +#tenant_allow_delete=true + +# If True, Keystone uses an alternative method to determine if +# a project is enabled or not by checking if they are a member +# of the "tenant_enabled_emulation_dn" group. (boolean value) +#tenant_enabled_emulation=false + +# DN of the group entry to hold enabled projects when using +# enabled emulation. (string value) +#tenant_enabled_emulation_dn=<None> + +# Additional attribute mappings for projects. Attribute +# mapping format is <ldap_attr>:<user_attr>, where ldap_attr +# is the attribute in the LDAP entry and user_attr is the +# Identity API attribute. (list value) +#tenant_additional_attribute_mapping= + +# Search base for roles. (string value) +#role_tree_dn=<None> + +# LDAP search filter for roles. (string value) +#role_filter=<None> + +# LDAP objectClass for roles. (string value) +#role_objectclass=organizationalRole + +# LDAP attribute mapped to role id. (string value) +#role_id_attribute=cn + +# LDAP attribute mapped to role name. (string value) +#role_name_attribute=ou + +# LDAP attribute mapped to role membership. (string value) +#role_member_attribute=roleOccupant + +# List of attributes stripped off the role on update. (list +# value) +#role_attribute_ignore= + +# Allow role creation in LDAP backend. (boolean value) +#role_allow_create=true + +# Allow role update in LDAP backend. (boolean value) +#role_allow_update=true + +# Allow role deletion in LDAP backend. (boolean value) +#role_allow_delete=true + +# Additional attribute mappings for roles. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#role_additional_attribute_mapping= + +# Search base for groups. (string value) +#group_tree_dn=<None> + +# LDAP search filter for groups. (string value) +#group_filter=<None> + +# LDAP objectClass for groups. (string value) +#group_objectclass=groupOfNames + +# LDAP attribute mapped to group id. (string value) +#group_id_attribute=cn + +# LDAP attribute mapped to group name. (string value) +#group_name_attribute=ou + +# LDAP attribute mapped to show group membership. (string +# value) +#group_member_attribute=member + +# LDAP attribute mapped to group description. (string value) +#group_desc_attribute=description + +# List of attributes stripped off the group on update. (list +# value) +#group_attribute_ignore= + +# Allow group creation in LDAP backend. (boolean value) +#group_allow_create=true + +# Allow group update in LDAP backend. (boolean value) +#group_allow_update=true + +# Allow group deletion in LDAP backend. (boolean value) +#group_allow_delete=true + +# Additional attribute mappings for groups. Attribute mapping +# format is <ldap_attr>:<user_attr>, where ldap_attr is the +# attribute in the LDAP entry and user_attr is the Identity +# API attribute. (list value) +#group_additional_attribute_mapping= + +# CA certificate file path for communicating with LDAP +# servers. (string value) +#tls_cacertfile=<None> + +# CA certificate directory path for communicating with LDAP +# servers. (string value) +#tls_cacertdir=<None> + +# Enable TLS for communicating with LDAP servers. (boolean +# value) +#use_tls=false + +# valid options for tls_req_cert are demand, never, and allow. +# (string value) +#tls_req_cert=demand + + +[matchmaker_ring] + +# +# Options defined in oslo.messaging +# + +# Matchmaker ring file (JSON). (string value) +# Deprecated group/name - [DEFAULT]/matchmaker_ringfile +#ringfile=/etc/oslo/matchmaker_ring.json + + +[memcache] + +# +# Options defined in keystone +# + +# Memcache servers in the format of "host:port" (list value) +#servers=localhost:11211 + +# Number of compare-and-set attempts to make when using +# compare-and-set in the token memcache back end. (integer +# value) +#max_compare_and_set_retry=16 + + +[oauth1] + +# +# Options defined in keystone +# + +# Keystone Credential backend driver. (string value) +#driver=keystone.contrib.oauth1.backends.sql.OAuth1 + +# Duration (in seconds) for the OAuth Request Token. (integer +# value) +#request_token_duration=28800 + +# Duration (in seconds) for the OAuth Access Token. (integer +# value) +#access_token_duration=86400 + + +[os_inherit] + +# +# Options defined in keystone +# + +# role-assignment inheritance to projects from owning domain +# can be optionally enabled. (boolean value) +#enabled=false + + +[paste_deploy] + +# +# Options defined in keystone +# + +# Name of the paste configuration file that defines the +# available pipelines. (string value) +#config_file=keystone-paste.ini + + +[policy] + +# +# Options defined in keystone +# + +# Keystone Policy backend driver. (string value) +#driver=keystone.policy.backends.sql.Policy + +# Maximum number of entities that will be returned in a policy +# collection. (integer value) +#list_limit=<None> + + +[revoke] + +# +# Options defined in keystone +# + +# An implementation of the backend for persisting revocation +# events. (string value) +#driver=keystone.contrib.revoke.backends.kvs.Revoke + +# This value (calculated in seconds) is added to token +# expiration before a revocation event may be removed from the +# backend. (integer value) +#expiration_buffer=1800 + +# Toggle for revocation event cacheing. This has no effect +# unless global caching is enabled. (boolean value) +#caching=true + + +[signing] + +# +# Options defined in keystone +# + +# Deprecated in favor of provider in the [token] section. +# (string value) +#token_format=<None> + +# Path of the certfile for token signing. (string value) +#certfile=/etc/keystone/ssl/certs/signing_cert.pem + +# Path of the keyfile for token signing. (string value) +#keyfile=/etc/keystone/ssl/private/signing_key.pem + +# Path of the CA for token signing. (string value) +#ca_certs=/etc/keystone/ssl/certs/ca.pem + +# Path of the CA Key for token signing. (string value) +#ca_key=/etc/keystone/ssl/private/cakey.pem + +# Key Size (in bits) for token signing cert (auto generated +# certificate). (integer value) +#key_size=2048 + +# Day the token signing cert is valid for (auto generated +# certificate). (integer value) +#valid_days=3650 + +# Certificate Subject (auto generated certificate) for token +# signing. (string value) +#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com + + +[ssl] + +# +# Options defined in keystone +# + +# Toggle for SSL support on the keystone eventlet servers. +# (boolean value) +#enable=false + +# Path of the certfile for SSL. (string value) +#certfile=/etc/keystone/ssl/certs/keystone.pem + +# Path of the keyfile for SSL. (string value) +#keyfile=/etc/keystone/ssl/private/keystonekey.pem + +# Path of the ca cert file for SSL. (string value) +#ca_certs=/etc/keystone/ssl/certs/ca.pem + +# Path of the CA key file for SSL. (string value) +#ca_key=/etc/keystone/ssl/private/cakey.pem + +# Require client certificate. (boolean value) +#cert_required=false + +# SSL Key Length (in bits) (auto generated certificate). +# (integer value) +#key_size=1024 + +# Days the certificate is valid for once signed (auto +# generated certificate). (integer value) +#valid_days=3650 + +# SSL Certificate Subject (auto generated certificate). +# (string value) +#cert_subject=/C=US/ST=Unset/L=Unset/O=Unset/CN=localhost + + +[stats] + +# +# Options defined in keystone +# + +# Keystone stats backend driver. (string value) +#driver=keystone.contrib.stats.backends.kvs.Stats + + +[token] + +# +# Options defined in keystone +# + +# External auth mechanisms that should add bind information to +# token e.g. kerberos, x509. (list value) +#bind= + +# Enforcement policy on tokens presented to keystone with bind +# information. One of disabled, permissive, strict, required +# or a specifically required bind mode e.g. kerberos or x509 +# to require binding to that authentication. (string value) +#enforce_token_bind=permissive + +# Amount of time a token should remain valid (in seconds). +# (integer value) +#expiration=3600 + +# Controls the token construction, validation, and revocation +# operations. Core providers are +# "keystone.token.providers.[pki|uuid].Provider". (string +# value) +provider=keystone.token.providers.uuid.Provider + +# Keystone Token persistence backend driver. (string value) +driver=keystone.token.persistence.backends.sql.Token + +# Toggle for token system cacheing. This has no effect unless +# global caching is enabled. (boolean value) +#caching=true + +# Time to cache the revocation list and the revocation events +# if revoke extension is enabled (in seconds). This has no +# effect unless global and token caching are enabled. (integer +# value) +revocation_cache_time=3600 + +# Time to cache tokens (in seconds). This has no effect unless +# global and token caching are enabled. (integer value) +#cache_time=<None> + +# Revoke token by token identifier. Setting revoke_by_id to +# True enables various forms of enumerating tokens, e.g. `list +# tokens for user`. These enumerations are processed to +# determine the list of tokens to revoke. Only disable if +# you are switching to using the Revoke extension with a +# backend other than KVS, which stores events in memory. +# (boolean value) +#revoke_by_id=true + + +[trust] + +# +# Options defined in keystone +# + +# delegation and impersonation features can be optionally +# disabled. (boolean value) +#enabled=true + +# Keystone Trust backend driver. (string value) +#driver=keystone.trust.backends.sql.Trust + + +[extra_headers] +Distribution = Ubuntu + diff --git a/compass/deploy/ansible/roles/keystone/templates/keystone_init b/compass/deploy/ansible/roles/keystone/templates/keystone_init new file mode 100644 index 0000000..729669b --- /dev/null +++ b/compass/deploy/ansible/roles/keystone/templates/keystone_init @@ -0,0 +1,43 @@ +# create an administrative user + +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --email=admin@admin.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 role-create --name=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=admin --pass={{ ADMIN_PASS }} --email=admin@admin.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=admin --description="Admin Tenant" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=admin --tenant=admin --role=admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=admin --role=_member_ --tenant=admin + +# create a normal user + +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=demo --pass={{ DEMO_PASS }} --email=DEMO_EMAIL +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=demo --description="Demo Tenant" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=demo --role=_member_ --tenant=demo + +# create a service tenant +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-create --name=service --description="Service Tenant" + +# regist keystone +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=keystone --type=identity --description="OpenStack Identity" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service_id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ identity / {print $2}') --publicurl=http://{{ HA_VIP }}:5000/v2.0 --internalurl=http://{{ HA_VIP }}:5000/v2.0 --adminurl=http://{{ HA_VIP }}:35357/v2.0 + +# Create a glance user that the Image Service can use to authenticate with the Identity service +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=glance --pass={{ GLANCE_PASS }} --email=glance@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=glance --tenant=service --role=admin + +#Register the Image Service with the Identity service so that other OpenStack services can locate it +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=glance --type=image --description="OpenStack Image Service" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ image / {print $2}') --publicurl=http://{{ HA_VIP }}:9292 --internalurl=http://{{ HA_VIP }}:9292 --adminurl=http://{{ HA_VIP }}:9292 + +#Create a nova user that Compute uses to authenticate with the Identity Service +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name=nova --pass={{ NOVA_PASS }} --email=nova@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user=nova --tenant=service --role=admin + +# register Compute with the Identity Service so that other OpenStack services can locate it +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name=nova --type=compute --description="OpenStack Compute" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id=$(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ compute / {print $2}') --publicurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s --internalurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s --adminurl=http://{{ HA_VIP }}:8774/v2/%\(tenant_id\)s + +# register netron user, role and service +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-create --name neutron --pass {{ NEUTRON_PASS }} --email neutron@example.com +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 user-role-add --user neutron --tenant service --role admin +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-create --name neutron --type network --description "OpenStack Networking" +keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 endpoint-create --service-id $(keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 service-list | awk '/ network / {print $2}') --publicurl http://{{ HA_VIP }}:9696 --adminurl http://{{ HA_VIP }}:9696 --internalurl http://{{ HA_VIP }}:9696 diff --git a/compass/deploy/ansible/roles/monitor/files/check_service.sh b/compass/deploy/ansible/roles/monitor/files/check_service.sh new file mode 100644 index 0000000..d309673 --- /dev/null +++ b/compass/deploy/ansible/roles/monitor/files/check_service.sh @@ -0,0 +1,7 @@ +#!/bin/bash +services=`cat /opt/service | uniq` +for service in $services; do + if [ `/sbin/initctl list|awk '/stop\/waiting/{print $1}'|uniq | grep $service` ]; then + /sbin/start $service + fi +done diff --git a/compass/deploy/ansible/roles/monitor/files/root b/compass/deploy/ansible/roles/monitor/files/root new file mode 100644 index 0000000..9c55c4f --- /dev/null +++ b/compass/deploy/ansible/roles/monitor/files/root @@ -0,0 +1 @@ +* * * * * /usr/local/bin/check_service.sh >> /var/log/check_service.log 2>&1 diff --git a/compass/deploy/ansible/roles/monitor/tasks/main.yml b/compass/deploy/ansible/roles/monitor/tasks/main.yml new file mode 100644 index 0000000..e5b93f3 --- /dev/null +++ b/compass/deploy/ansible/roles/monitor/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: copy service check file + copy: src=check_service.sh dest=/usr/local/bin/check_service.sh mode=0777 + +- name: copy cron file + copy: src=root dest=/var/spool/cron/crontabs/root mode=0600 + +- name: restart cron + service: name=cron state=restarted + + diff --git a/compass/deploy/ansible/roles/mq/tasks/main.yml b/compass/deploy/ansible/roles/mq/tasks/main.yml new file mode 100644 index 0000000..4ae4065 --- /dev/null +++ b/compass/deploy/ansible/roles/mq/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- include: rabbitmq.yml + +#- include: rabbitmq_cluster.yml +# when: HA_CLUSTER is defined diff --git a/compass/deploy/ansible/roles/mq/tasks/rabbitmq.yml b/compass/deploy/ansible/roles/mq/tasks/rabbitmq.yml new file mode 100644 index 0000000..5714406 --- /dev/null +++ b/compass/deploy/ansible/roles/mq/tasks/rabbitmq.yml @@ -0,0 +1,45 @@ +--- +- name: create rabbitmq directory + file: path=/etc/rabbitmq state=directory mode=0755 + +- name: copy rabbitmq config file + template: src=rabbitmq-env.conf dest=/etc/rabbitmq/rabbitmq-env.conf mode=0755 + +- name: install rabbitmq-server + apt: name=rabbitmq-server state=present + +- name: stop rabbitmq-server + service: name=rabbitmq-server + state=stopped + +- name: update .erlang.cookie + template: src=.erlang.cookie dest=/var/lib/rabbitmq/.erlang.cookie + group=rabbitmq + owner=rabbitmq + mode=0400 + when: ERLANG_TOKEN is defined + +- name: start and enable rabbitmq-server + service: name=rabbitmq-server + state=started + enabled=yes + +- name: generate mq service list + shell: echo {{ item }} >> /opt/service + with_items: + - rabbitmq-server + +- name: modify rabbitmq password + command: rabbitmqctl change_password guest {{ RABBIT_PASS }} + when: "RABBIT_USER is defined and RABBIT_USER == 'guest'" + ignore_errors: True + +- name: add rabbitmq user + command: rabbitmqctl add_user {{ RABBIT_USER }} {{ RABBIT_PASS }} + when: "RABBIT_USER is defined and RABBIT_USER != 'guest'" + ignore_errors: True + +- name: set rabbitmq user permission + command: rabbitmqctl set_permissions -p / {{ RABBIT_USER }} ".*" ".*" ".*" + when: "RABBIT_USER is defined and RABBIT_USER != 'guest'" + diff --git a/compass/deploy/ansible/roles/mq/tasks/rabbitmq_cluster.yml b/compass/deploy/ansible/roles/mq/tasks/rabbitmq_cluster.yml new file mode 100644 index 0000000..afd4c77 --- /dev/null +++ b/compass/deploy/ansible/roles/mq/tasks/rabbitmq_cluster.yml @@ -0,0 +1,27 @@ +--- +- name: stop rabbitmq app + command: rabbitmqctl stop_app + when: HA_CLUSTER[inventory_hostname] != '' + +- name: rabbitmqctl reset + command: rabbitmqctl reset + when: HA_CLUSTER[inventory_hostname] != '' + +- name: stop rabbitmq + shell: rabbitmqctl stop + +- name: set detach + shell: rabbitmq-server -detached + +- name: join cluster + command: rabbitmqctl join_cluster rabbit@{{ item }} + when: item != inventory_hostname and HA_CLUSTER[item] == '' + with_items: + groups['controller'] + +- name: start rabbitmq app + command: rabbitmqctl start_app + +- name: set the HA policy + rabbitmq_policy: name=ha-all pattern='^(?!amq\.).*' tags="ha-mode=all" + diff --git a/compass/deploy/ansible/roles/mq/templates/.erlang.cookie b/compass/deploy/ansible/roles/mq/templates/.erlang.cookie new file mode 100644 index 0000000..cadcfaf --- /dev/null +++ b/compass/deploy/ansible/roles/mq/templates/.erlang.cookie @@ -0,0 +1 @@ +{{ ERLANG_TOKEN }} diff --git a/compass/deploy/ansible/roles/mq/templates/rabbitmq-env.conf b/compass/deploy/ansible/roles/mq/templates/rabbitmq-env.conf new file mode 100644 index 0000000..6dd7349 --- /dev/null +++ b/compass/deploy/ansible/roles/mq/templates/rabbitmq-env.conf @@ -0,0 +1 @@ +RABBITMQ_NODE_IP_ADDRESS={{ HA_VIP }} diff --git a/compass/deploy/ansible/roles/neutron-common/handlers/main.yml b/compass/deploy/ansible/roles/neutron-common/handlers/main.yml new file mode 100644 index 0000000..36d779d --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-common/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: restart neutron-plugin-openvswitch-agent + service: name=neutron-plugin-openvswitch-agent state=restarted enabled=yes + when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron-l3-agent + service: name=neutron-l3-agent state=restarted enabled=yes + +- name: restart neutron-dhcp-agent + service: name=neutron-dhcp-agent state=restarted enabled=yes + +- name: restart neutron-metadata-agent + service: name=neutron-metadata-agent state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/neutron-compute/defaults/main.yml b/compass/deploy/ansible/roles/neutron-compute/defaults/main.yml new file mode 100644 index 0000000..825178b --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/defaults/main.yml @@ -0,0 +1,2 @@ +--- +neutron_ovs_bridge_mappings: "" diff --git a/compass/deploy/ansible/roles/neutron-compute/handlers/main.yml b/compass/deploy/ansible/roles/neutron-compute/handlers/main.yml new file mode 100644 index 0000000..36d779d --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/handlers/main.yml @@ -0,0 +1,13 @@ +--- +- name: restart neutron-plugin-openvswitch-agent + service: name=neutron-plugin-openvswitch-agent state=restarted enabled=yes + when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron-l3-agent + service: name=neutron-l3-agent state=restarted enabled=yes + +- name: restart neutron-dhcp-agent + service: name=neutron-dhcp-agent state=restarted enabled=yes + +- name: restart neutron-metadata-agent + service: name=neutron-metadata-agent state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/neutron-compute/tasks/main.yml b/compass/deploy/ansible/roles/neutron-compute/tasks/main.yml new file mode 100644 index 0000000..93ee46f --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/tasks/main.yml @@ -0,0 +1,55 @@ +--- + +- name: activate ipv4 forwarding + sysctl: name=net.ipv4.ip_forward value=1 + state=present reload=yes + +- name: deactivate ipv4 rp filter + sysctl: name=net.ipv4.conf.all.rp_filter value=0 + state=present reload=yes + +- name: deactivate ipv4 default rp filter + sysctl: name=net.ipv4.conf.default.rp_filter + value=0 state=present reload=yes + +- name: install compute-related neutron packages + apt: name={{ item }} state=present force=yes + with_items: + - neutron-common + - neutron-plugin-ml2 + - openvswitch-datapath-dkms + - openvswitch-switch + +- name: generate neutron computer service list + shell: echo {{ item }} >> /opt/service + with_items: + - neutron-plugin-openvswitch-agent + +- name: install neutron openvswitch agent + apt: name=neutron-plugin-openvswitch-agent + state=present force=yes + when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: config neutron + template: src=neutron-network.conf + dest=/etc/neutron/neutron.conf backup=yes + notify: + - restart neutron-plugin-openvswitch-agent + +- name: config ml2 plugin + template: src=ml2_conf.ini + dest=/etc/neutron/plugins/ml2/ml2_conf.ini + backup=yes + notify: + - restart neutron-plugin-openvswitch-agent + +- name: add br-int + openvswitch_bridge: bridge=br-int state=present + notify: + - restart neutron-plugin-openvswitch-agent + - restart nova-compute + +- include: ../../neutron-network/tasks/odl.yml + when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- meta: flush_handlers diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/dhcp_agent.ini b/compass/deploy/ansible/roles/neutron-compute/templates/dhcp_agent.ini new file mode 100644 index 0000000..19eb62e --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/dhcp_agent.ini @@ -0,0 +1,90 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# The DHCP agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +resync_interval = 5 + +# The DHCP agent requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Name of Open vSwitch bridge to use +# ovs_integration_bridge = br-int + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet does not contain any router port. The guest +# instance must be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = False + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Neutron router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +enable_metadata_network = False + +# Number of threads to use during sync process. Should not exceed connection +# pool size configured on server. +# num_sync_threads = 4 + +# Location to store DHCP server config files +# dhcp_confs = $state_path/dhcp + +# Domain to use for building the hostnames +dhcp_domain = openstacklocal + +# Override the default dnsmasq settings with this file +# dnsmasq_config_file = +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf + +# Comma-separated list of DNS servers which will be used by dnsmasq +# as forwarders. +# dnsmasq_dns_servers = + +# Limit number of leases to prevent a denial-of-service. +dnsmasq_lease_max = 16777216 + +# Location to DHCP lease relay UNIX domain socket +# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# dhcp_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the dhcp agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a dhcp server is disabled. +# dhcp_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/dnsmasq-neutron.conf b/compass/deploy/ansible/roles/neutron-compute/templates/dnsmasq-neutron.conf new file mode 100644 index 0000000..7bcbd9d --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +dhcp-option-force=26,1454 + diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/etc/xorp/config.boot b/compass/deploy/ansible/roles/neutron-compute/templates/etc/xorp/config.boot new file mode 100644 index 0000000..32caf96 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/etc/xorp/config.boot @@ -0,0 +1,25 @@ +interfaces { + restore-original-config-on-shutdown: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + description: "Internal pNodes interface" + disable: false + default-system-config + } +} + +protocols { + igmp { + disable: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + disable: false + version: 3 + } + } + traceoptions { + flag all { + disable: false + } + } + } +} diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/l3_agent.ini b/compass/deploy/ansible/roles/neutron-compute/templates/l3_agent.ini new file mode 100644 index 0000000..b394c00 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/l3_agent.ini @@ -0,0 +1,81 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# If use_namespaces is set as False then the agent can only configure one router. + +# This is done by setting the specific router_id. +# router_id = + +# When external_network_bridge is set, each L3 agent can be associated +# with no more than one external network. This value should be set to the UUID +# of that external network. To allow L3 agent support multiple external +# networks, both the external_network_bridge and gateway_external_network_id +# must be left empty. +# gateway_external_network_id = + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Neutron deployment, and may be False for all agents +# if all routers must have an external network gateway +handle_internal_only_routers = True + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge. when this parameter is set, each L3 agent +# can be associated with no more than one external network. +external_network_bridge = br-ex + +# TCP Port used by Neutron metadata server +metadata_port = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +send_arp_for_ha = 3 + +# seconds between re-sync routers' data if needed +periodic_interval = 40 + +# seconds to start to sync routers' data after +# starting agent +periodic_fuzzy_delay = 5 + +# enable_metadata_proxy, which is true by default, can be set to False +# if the Nova metadata server is not available +# enable_metadata_proxy = True + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# router_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the L3 agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a router is destroyed. +# router_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/metadata_agent.ini b/compass/deploy/ansible/roles/neutron-compute/templates/metadata_agent.ini new file mode 100644 index 0000000..6badf28 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/metadata_agent.ini @@ -0,0 +1,46 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_region = RegionOne +# Turn off verification of the certificate for ssl +# auth_insecure = False +# Certificate Authority public key (CA cert) file for ssl +# auth_ca_cert = +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +nova_metadata_ip = {{ HA_VIP }} + +# TCP Port used by Nova metadata server +nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret = {{ METADATA_SECRET }} + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# Number of separate worker processes for metadata server +# metadata_workers = 0 + +# Number of backlog requests to configure the metadata server socket with +# metadata_backlog = 128 + +# URL to connect to the cache backend. +# Example of URL using memory caching backend +# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 +# default_ttl=0 parameter will cause cache entries to never expire. +# Otherwise default_ttl specifies time in seconds a cache entry is valid for. +# No cache is used in case no value is passed. +# cache_url = diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/ml2_conf.ini b/compass/deploy/ansible/roles/neutron-compute/templates/ml2_conf.ini new file mode 100644 index 0000000..a790069 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/ml2_conf.ini @@ -0,0 +1,108 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }} + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }} + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +flat_networks = external +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +vni_ranges = 1001:4095 + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +vxlan_group = 239.1.1.1 +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8 + +[ovs] +local_ip = {{ internal_ip }} +{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %} +integration_bridge = br-int +tunnel_bridge = br-tun +tunnel_id_ranges = 1001:4095 +tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }} +{% endif %} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf +tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %} +vxlan_udp_port = 4789 +{% endif %} +l2_population = False + +[odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +network_vlan_ranges = 1001:4095 +tunnel_id_ranges = 1001:4095 +tun_peer_patch_port = patch-int +int_peer_patch_port = patch-tun +tenant_network_type = vxlan +tunnel_bridge = br-tun +integration_bridge = br-int +controllers = 10.1.0.15:8080:admin:admin +{% endif %} + +[ml2_odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +username = {{ odl_username }} +password = {{ odl_password }} +url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron +{% endif %} + diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/neutron-network.conf b/compass/deploy/ansible/roles/neutron-compute/templates/neutron-network.conf new file mode 100644 index 0000000..93be9cb --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/neutron-network.conf @@ -0,0 +1,465 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ DEBUG }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/neutron.conf b/compass/deploy/ansible/roles/neutron-compute/templates/neutron.conf new file mode 100644 index 0000000..1575367 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/neutron.conf @@ -0,0 +1,466 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ VERBOSE }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant +nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/neutron_init.sh b/compass/deploy/ansible/roles/neutron-compute/templates/neutron_init.sh new file mode 100644 index 0000000..b92e202 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/neutron_init.sh @@ -0,0 +1,4 @@ +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True + +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}} + diff --git a/compass/deploy/ansible/roles/neutron-compute/templates/nova.conf b/compass/deploy/ansible/roles/neutron-compute/templates/nova.conf new file mode 100644 index 0000000..4988cb0 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-compute/templates/nova.conf @@ -0,0 +1,73 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=ec2,osapi_compute,metadata + +vif_plugging_is_fatal: false +vif_plugging_timeout: 0 + +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova + +[conductor] +manager = nova.conductor.manager.ConductorManager +topic = conductor + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ HA_VIP }} + +[neutron] +url = http://{{ HA_VIP }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 diff --git a/compass/deploy/ansible/roles/neutron-controller/handlers/main.yml b/compass/deploy/ansible/roles/neutron-controller/handlers/main.yml new file mode 100644 index 0000000..b4c1585 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/handlers/main.yml @@ -0,0 +1,24 @@ +--- +- name: restart nova-api + service: name=nova-api state=restarted enabled=yes + +- name: restart nova-cert + service: name=nova-cert state=restarted enabled=yes + +- name: restart nova-consoleauth + service: name=nova-consoleauth state=restarted enabled=yes + +- name: restart nova-scheduler + service: name=nova-scheduler state=restarted enabled=yes + +- name: restart nova-conductor + service: name=nova-conductor state=restarted enabled=yes + +- name: restart nova-novncproxy + service: name=nova-novncproxy state=restarted enabled=yes + +- name: remove nova-sqlite-db + shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.db.removed + +- name: restart neutron-server + service: name=neutron-server state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/neutron-controller/tasks/main.yml b/compass/deploy/ansible/roles/neutron-controller/tasks/main.yml new file mode 100644 index 0000000..9c04d74 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- include: neutron_install.yml + tags: + - install + - neutron_install + - neutron + +- include: neutron_config.yml + when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == '' + tags: + - config + - neutron_config + - neutron diff --git a/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_config.yml b/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_config.yml new file mode 100644 index 0000000..77cc29a --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_config.yml @@ -0,0 +1,10 @@ +--- +- name: neutron-db-manage upgrade to Juno + shell: neutron-db-manage --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head + register: result + until: result.rc == 0 + retries: 5 + delay: 3 + notify: + - restart neutron-server + diff --git a/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_install.yml b/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_install.yml new file mode 100644 index 0000000..6165299 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/tasks/neutron_install.yml @@ -0,0 +1,29 @@ +--- +- name: install controller-related neutron packages + apt: name={{ item }} state=present force=yes + with_items: + - neutron-server + - neutron-plugin-ml2 + +- name: generate neutron controll service list + shell: echo {{ item }} >> /opt/service + with_items: + - neutron-server + - neutron-plugin-ml2 + +- name: get tenant id to fill neutron.conf + shell: keystone --os-token={{ ADMIN_TOKEN }} --os-endpoint=http://{{ HA_VIP }}:35357/v2.0 tenant-get service | grep id | awk '{print $4}' + register: NOVA_ADMIN_TENANT_ID + +- name: update neutron conf + template: src=neutron.conf dest=/etc/neutron/neutron.conf backup=yes + notify: + - restart neutron-server + +- name: update ml2 plugin conf + template: src=ml2_conf.ini dest=/etc/neutron/plugins/ml2/ml2_conf.ini backup=yes + notify: + - restart neutron-server + +- meta: flush_handlers + diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/dhcp_agent.ini b/compass/deploy/ansible/roles/neutron-controller/templates/dhcp_agent.ini new file mode 100644 index 0000000..19eb62e --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/dhcp_agent.ini @@ -0,0 +1,90 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# The DHCP agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +resync_interval = 5 + +# The DHCP agent requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Name of Open vSwitch bridge to use +# ovs_integration_bridge = br-int + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet does not contain any router port. The guest +# instance must be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = False + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Neutron router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +enable_metadata_network = False + +# Number of threads to use during sync process. Should not exceed connection +# pool size configured on server. +# num_sync_threads = 4 + +# Location to store DHCP server config files +# dhcp_confs = $state_path/dhcp + +# Domain to use for building the hostnames +dhcp_domain = openstacklocal + +# Override the default dnsmasq settings with this file +# dnsmasq_config_file = +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf + +# Comma-separated list of DNS servers which will be used by dnsmasq +# as forwarders. +# dnsmasq_dns_servers = + +# Limit number of leases to prevent a denial-of-service. +dnsmasq_lease_max = 16777216 + +# Location to DHCP lease relay UNIX domain socket +# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# dhcp_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the dhcp agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a dhcp server is disabled. +# dhcp_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf b/compass/deploy/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf new file mode 100644 index 0000000..7bcbd9d --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +dhcp-option-force=26,1454 + diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/etc/xorp/config.boot b/compass/deploy/ansible/roles/neutron-controller/templates/etc/xorp/config.boot new file mode 100644 index 0000000..32caf96 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/etc/xorp/config.boot @@ -0,0 +1,25 @@ +interfaces { + restore-original-config-on-shutdown: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + description: "Internal pNodes interface" + disable: false + default-system-config + } +} + +protocols { + igmp { + disable: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + disable: false + version: 3 + } + } + traceoptions { + flag all { + disable: false + } + } + } +} diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/l3_agent.ini b/compass/deploy/ansible/roles/neutron-controller/templates/l3_agent.ini new file mode 100644 index 0000000..b394c00 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/l3_agent.ini @@ -0,0 +1,81 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# If use_namespaces is set as False then the agent can only configure one router. + +# This is done by setting the specific router_id. +# router_id = + +# When external_network_bridge is set, each L3 agent can be associated +# with no more than one external network. This value should be set to the UUID +# of that external network. To allow L3 agent support multiple external +# networks, both the external_network_bridge and gateway_external_network_id +# must be left empty. +# gateway_external_network_id = + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Neutron deployment, and may be False for all agents +# if all routers must have an external network gateway +handle_internal_only_routers = True + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge. when this parameter is set, each L3 agent +# can be associated with no more than one external network. +external_network_bridge = br-ex + +# TCP Port used by Neutron metadata server +metadata_port = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +send_arp_for_ha = 3 + +# seconds between re-sync routers' data if needed +periodic_interval = 40 + +# seconds to start to sync routers' data after +# starting agent +periodic_fuzzy_delay = 5 + +# enable_metadata_proxy, which is true by default, can be set to False +# if the Nova metadata server is not available +# enable_metadata_proxy = True + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# router_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the L3 agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a router is destroyed. +# router_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/metadata_agent.ini b/compass/deploy/ansible/roles/neutron-controller/templates/metadata_agent.ini new file mode 100644 index 0000000..6badf28 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/metadata_agent.ini @@ -0,0 +1,46 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_region = RegionOne +# Turn off verification of the certificate for ssl +# auth_insecure = False +# Certificate Authority public key (CA cert) file for ssl +# auth_ca_cert = +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +nova_metadata_ip = {{ HA_VIP }} + +# TCP Port used by Nova metadata server +nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret = {{ METADATA_SECRET }} + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# Number of separate worker processes for metadata server +# metadata_workers = 0 + +# Number of backlog requests to configure the metadata server socket with +# metadata_backlog = 128 + +# URL to connect to the cache backend. +# Example of URL using memory caching backend +# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 +# default_ttl=0 parameter will cause cache entries to never expire. +# Otherwise default_ttl specifies time in seconds a cache entry is valid for. +# No cache is used in case no value is passed. +# cache_url = diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/ml2_conf.ini b/compass/deploy/ansible/roles/neutron-controller/templates/ml2_conf.ini new file mode 100644 index 0000000..a790069 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/ml2_conf.ini @@ -0,0 +1,108 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }} + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }} + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +flat_networks = external +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +vni_ranges = 1001:4095 + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +vxlan_group = 239.1.1.1 +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8 + +[ovs] +local_ip = {{ internal_ip }} +{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %} +integration_bridge = br-int +tunnel_bridge = br-tun +tunnel_id_ranges = 1001:4095 +tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }} +{% endif %} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf +tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %} +vxlan_udp_port = 4789 +{% endif %} +l2_population = False + +[odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +network_vlan_ranges = 1001:4095 +tunnel_id_ranges = 1001:4095 +tun_peer_patch_port = patch-int +int_peer_patch_port = patch-tun +tenant_network_type = vxlan +tunnel_bridge = br-tun +integration_bridge = br-int +controllers = 10.1.0.15:8080:admin:admin +{% endif %} + +[ml2_odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +username = {{ odl_username }} +password = {{ odl_password }} +url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron +{% endif %} + diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/neutron-network.conf b/compass/deploy/ansible/roles/neutron-controller/templates/neutron-network.conf new file mode 100644 index 0000000..93be9cb --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/neutron-network.conf @@ -0,0 +1,465 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ DEBUG }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/neutron.conf b/compass/deploy/ansible/roles/neutron-controller/templates/neutron.conf new file mode 100644 index 0000000..2a66e94 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/neutron.conf @@ -0,0 +1,466 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ VERBOSE }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant +nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/neutron_init.sh b/compass/deploy/ansible/roles/neutron-controller/templates/neutron_init.sh new file mode 100644 index 0000000..b92e202 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/neutron_init.sh @@ -0,0 +1,4 @@ +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True + +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}} + diff --git a/compass/deploy/ansible/roles/neutron-controller/templates/nova.conf b/compass/deploy/ansible/roles/neutron-controller/templates/nova.conf new file mode 100644 index 0000000..9587073 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-controller/templates/nova.conf @@ -0,0 +1,69 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=ec2,osapi_compute,metadata + +vif_plugging_is_fatal: false +vif_plugging_timeout: 0 + +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ HA_VIP }} + +[neutron] +url = http://{{ HA_VIP }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 diff --git a/compass/deploy/ansible/roles/neutron-network/handlers/main.yml b/compass/deploy/ansible/roles/neutron-network/handlers/main.yml new file mode 100644 index 0000000..d6c5cc8 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/handlers/main.yml @@ -0,0 +1,21 @@ +--- +- name: restart neutron-plugin-openvswitch-agent + service: name=neutron-plugin-openvswitch-agent state=restarted enabled=yes + when: "'opendaylight' not in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart neutron-l3-agent + service: name=neutron-l3-agent state=restarted enabled=yes + +- name: kill dnsmasq + command: killall dnsmasq + ignore_errors: True + +- name: restart neutron-dhcp-agent + service: name=neutron-dhcp-agent state=restarted enabled=yes + +- name: restart neutron-metadata-agent + service: name=neutron-metadata-agent state=restarted enabled=yes + +- name: restart xorp + service: name=xorp state=restarted enabled=yes sleep=10 + ignore_errors: True diff --git a/compass/deploy/ansible/roles/neutron-network/tasks/igmp-router.yml b/compass/deploy/ansible/roles/neutron-network/tasks/igmp-router.yml new file mode 100644 index 0000000..d6f38a0 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/tasks/igmp-router.yml @@ -0,0 +1,20 @@ +--- +- name: Install XORP to provide IGMP router functionality + apt: pkg=xorp + +- name: configure xorp + template: src=etc/xorp/config.boot dest=/etc/xorp/config.boot + notify: + - restart xorp + +- name: set xorp defaults + lineinfile: dest=/etc/default/xorp regexp=^RUN= line=RUN=yes + notify: + - restart xorp + +- meta: flush_handlers + +- name: start and enable xorp service + service: name=xorp state=started enabled=yes + retries: 2 + delay: 10 diff --git a/compass/deploy/ansible/roles/neutron-network/tasks/main.yml b/compass/deploy/ansible/roles/neutron-network/tasks/main.yml new file mode 100644 index 0000000..1d4b591 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/tasks/main.yml @@ -0,0 +1,114 @@ +--- +- name: activate ipv4 forwarding + sysctl: name=net.ipv4.ip_forward value=1 + state=present reload=yes + +- name: deactivate ipv4 rp filter + sysctl: name=net.ipv4.conf.all.rp_filter value=0 + state=present reload=yes + +- name: deactivate ipv4 default rp filter + sysctl: name=net.ipv4.conf.default.rp_filter + value=0 state=present reload=yes + +- name: install neutron network related packages + apt: name={{ item }} state=present force=yes + with_items: + - neutron-plugin-ml2 + - openvswitch-datapath-dkms + - openvswitch-switch + - neutron-l3-agent + - neutron-dhcp-agent + +- name: generate neutron service list + shell: echo {{ item }} >> /opt/service + with_items: + - openvswitch-switch + - neutron-l3-agent + - neutron-dhcp-agent + - neutron-plugin-openvswitch-agent + - neutron-metadata-agent + - xorp + +- name: install neutron openvswitch agent + apt: name=neutron-plugin-openvswitch-agent + state=present force=yes + when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: config neutron + template: src=neutron-network.conf + dest=/etc/neutron/neutron.conf backup=yes + notify: + - restart neutron-plugin-openvswitch-agent + - restart neutron-l3-agent + - kill dnsmasq + - restart neutron-dhcp-agent + - restart neutron-metadata-agent + +- name: config l3 agent + template: src=l3_agent.ini dest=/etc/neutron/l3_agent.ini + backup=yes + notify: + - restart neutron-l3-agent + +- name: config dhcp agent + template: src=dhcp_agent.ini dest=/etc/neutron/dhcp_agent.ini + backup=yes + notify: + - kill dnsmasq + - restart neutron-dhcp-agent + +- name: update dnsmasq-neutron.conf + template: src=dnsmasq-neutron.conf + dest=/etc/neutron/dnsmasq-neutron.conf + notify: + - kill dnsmasq + - restart neutron-dhcp-agent + +- name: config metadata agent + template: src=metadata_agent.ini + dest=/etc/neutron/metadata_agent.ini backup=yes + notify: + - restart neutron-metadata-agent + +- name: config ml2 plugin + template: src=ml2_conf.ini + dest=/etc/neutron/plugins/ml2/ml2_conf.ini + backup=yes + notify: + - restart neutron-plugin-openvswitch-agent + +- meta: flush_handlers + +- name: add br-int + openvswitch_bridge: bridge=br-int state=present + +- name: add br-ex + openvswitch_bridge: bridge=br-ex state=present + when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: assign a port to br-ex for physical ext interface + openvswitch_port: bridge=br-ex port={{ INTERFACE_NAME }} + state=present + when: "'openvswitch' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- include: igmp-router.yml + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: assert kernel support for vxlan + command: modinfo -F version vxlan + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- name: assert iproute2 suppport for vxlan + command: ip link add type vxlan help + register: iproute_out + failed_when: iproute_out.rc == 255 + when: "'vxlan' in {{ NEUTRON_TUNNEL_TYPES }}" + +- include: odl.yml + when: "'opendaylight' in {{ NEUTRON_MECHANISM_DRIVERS }}" + +- name: restart ovs service + service: name=openvswitch-switch state=restarted enabled=yes + +- meta: flush_handlers diff --git a/compass/deploy/ansible/roles/neutron-network/tasks/odl.yml b/compass/deploy/ansible/roles/neutron-network/tasks/odl.yml new file mode 100644 index 0000000..a2b449c --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/tasks/odl.yml @@ -0,0 +1,13 @@ +--- +- name: ovs set manager + command: ovs-vsctl set-manager tcp:{{ controller }}:6640 + +- name: get ovs uuid + shell: ovs-vsctl get Open_vSwitch . _uuid + register: ovs_uuid + +- name: set bridge_mappings + command: ovs-vsctl set Open_vSwitch {{ ovs_uuid.stdout }} other_config:bridge_mappings=physnet1:{{ INTERFACE_NAME }} + +- name: set local ip + command: ovs-vsctl set Open_vSwitch {{ ovs_uuid.stdout }} other_config:local_ip={{ internal_ip }} diff --git a/compass/deploy/ansible/roles/neutron-network/templates/dhcp_agent.ini b/compass/deploy/ansible/roles/neutron-network/templates/dhcp_agent.ini new file mode 100644 index 0000000..19eb62e --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/dhcp_agent.ini @@ -0,0 +1,90 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# The DHCP agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +resync_interval = 5 + +# The DHCP agent requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Name of Open vSwitch bridge to use +# ovs_integration_bridge = br-int + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet does not contain any router port. The guest +# instance must be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = False + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Neutron router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +enable_metadata_network = False + +# Number of threads to use during sync process. Should not exceed connection +# pool size configured on server. +# num_sync_threads = 4 + +# Location to store DHCP server config files +# dhcp_confs = $state_path/dhcp + +# Domain to use for building the hostnames +dhcp_domain = openstacklocal + +# Override the default dnsmasq settings with this file +# dnsmasq_config_file = +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf + +# Comma-separated list of DNS servers which will be used by dnsmasq +# as forwarders. +# dnsmasq_dns_servers = + +# Limit number of leases to prevent a denial-of-service. +dnsmasq_lease_max = 16777216 + +# Location to DHCP lease relay UNIX domain socket +# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# dhcp_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the dhcp agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a dhcp server is disabled. +# dhcp_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf b/compass/deploy/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf new file mode 100644 index 0000000..7bcbd9d --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +dhcp-option-force=26,1454 + diff --git a/compass/deploy/ansible/roles/neutron-network/templates/etc/xorp/config.boot b/compass/deploy/ansible/roles/neutron-network/templates/etc/xorp/config.boot new file mode 100644 index 0000000..32caf96 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/etc/xorp/config.boot @@ -0,0 +1,25 @@ +interfaces { + restore-original-config-on-shutdown: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + description: "Internal pNodes interface" + disable: false + default-system-config + } +} + +protocols { + igmp { + disable: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + disable: false + version: 3 + } + } + traceoptions { + flag all { + disable: false + } + } + } +} diff --git a/compass/deploy/ansible/roles/neutron-network/templates/l3_agent.ini b/compass/deploy/ansible/roles/neutron-network/templates/l3_agent.ini new file mode 100644 index 0000000..b394c00 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/l3_agent.ini @@ -0,0 +1,81 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# If use_namespaces is set as False then the agent can only configure one router. + +# This is done by setting the specific router_id. +# router_id = + +# When external_network_bridge is set, each L3 agent can be associated +# with no more than one external network. This value should be set to the UUID +# of that external network. To allow L3 agent support multiple external +# networks, both the external_network_bridge and gateway_external_network_id +# must be left empty. +# gateway_external_network_id = + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Neutron deployment, and may be False for all agents +# if all routers must have an external network gateway +handle_internal_only_routers = True + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge. when this parameter is set, each L3 agent +# can be associated with no more than one external network. +external_network_bridge = br-ex + +# TCP Port used by Neutron metadata server +metadata_port = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +send_arp_for_ha = 3 + +# seconds between re-sync routers' data if needed +periodic_interval = 40 + +# seconds to start to sync routers' data after +# starting agent +periodic_fuzzy_delay = 5 + +# enable_metadata_proxy, which is true by default, can be set to False +# if the Nova metadata server is not available +# enable_metadata_proxy = True + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# router_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the L3 agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a router is destroyed. +# router_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/neutron-network/templates/metadata_agent.ini b/compass/deploy/ansible/roles/neutron-network/templates/metadata_agent.ini new file mode 100644 index 0000000..6badf28 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/metadata_agent.ini @@ -0,0 +1,46 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_region = RegionOne +# Turn off verification of the certificate for ssl +# auth_insecure = False +# Certificate Authority public key (CA cert) file for ssl +# auth_ca_cert = +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +nova_metadata_ip = {{ HA_VIP }} + +# TCP Port used by Nova metadata server +nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret = {{ METADATA_SECRET }} + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# Number of separate worker processes for metadata server +# metadata_workers = 0 + +# Number of backlog requests to configure the metadata server socket with +# metadata_backlog = 128 + +# URL to connect to the cache backend. +# Example of URL using memory caching backend +# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 +# default_ttl=0 parameter will cause cache entries to never expire. +# Otherwise default_ttl specifies time in seconds a cache entry is valid for. +# No cache is used in case no value is passed. +# cache_url = diff --git a/compass/deploy/ansible/roles/neutron-network/templates/ml2_conf.ini b/compass/deploy/ansible/roles/neutron-network/templates/ml2_conf.ini new file mode 100644 index 0000000..a790069 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/ml2_conf.ini @@ -0,0 +1,108 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }} + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }} + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +flat_networks = external +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +vni_ranges = 1001:4095 + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +vxlan_group = 239.1.1.1 +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8 + +[ovs] +local_ip = {{ internal_ip }} +{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %} +integration_bridge = br-int +tunnel_bridge = br-tun +tunnel_id_ranges = 1001:4095 +tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }} +{% endif %} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf +tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %} +vxlan_udp_port = 4789 +{% endif %} +l2_population = False + +[odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +network_vlan_ranges = 1001:4095 +tunnel_id_ranges = 1001:4095 +tun_peer_patch_port = patch-int +int_peer_patch_port = patch-tun +tenant_network_type = vxlan +tunnel_bridge = br-tun +integration_bridge = br-int +controllers = 10.1.0.15:8080:admin:admin +{% endif %} + +[ml2_odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +username = {{ odl_username }} +password = {{ odl_password }} +url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron +{% endif %} + diff --git a/compass/deploy/ansible/roles/neutron-network/templates/neutron-network.conf b/compass/deploy/ansible/roles/neutron-network/templates/neutron-network.conf new file mode 100644 index 0000000..93be9cb --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/neutron-network.conf @@ -0,0 +1,465 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ DEBUG }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-network/templates/neutron.conf b/compass/deploy/ansible/roles/neutron-network/templates/neutron.conf new file mode 100644 index 0000000..1575367 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/neutron.conf @@ -0,0 +1,466 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ VERBOSE }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant +nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/neutron-network/templates/neutron_init.sh b/compass/deploy/ansible/roles/neutron-network/templates/neutron_init.sh new file mode 100644 index 0000000..b92e202 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/neutron_init.sh @@ -0,0 +1,4 @@ +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True + +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}} + diff --git a/compass/deploy/ansible/roles/neutron-network/templates/nova.conf b/compass/deploy/ansible/roles/neutron-network/templates/nova.conf new file mode 100644 index 0000000..9587073 --- /dev/null +++ b/compass/deploy/ansible/roles/neutron-network/templates/nova.conf @@ -0,0 +1,69 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=ec2,osapi_compute,metadata + +vif_plugging_is_fatal: false +vif_plugging_timeout: 0 + +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ HA_VIP }} + +[neutron] +url = http://{{ HA_VIP }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 diff --git a/compass/deploy/ansible/roles/nova-compute/handlers/main.yml b/compass/deploy/ansible/roles/nova-compute/handlers/main.yml new file mode 100644 index 0000000..c135003 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-compute/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart nova-compute + service: name=nova-compute state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/nova-compute/tasks/main.yml b/compass/deploy/ansible/roles/nova-compute/tasks/main.yml new file mode 100644 index 0000000..51c8dfa --- /dev/null +++ b/compass/deploy/ansible/roles/nova-compute/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: install nova-compute related packages + apt: name=nova-compute-kvm state=present force=yes + +- name: update nova-compute conf + template: src={{ item }} dest=/etc/nova/{{ item }} + with_items: + - nova.conf + - nova-compute.conf + notify: + - restart nova-compute + +- name: generate neutron controll service list + shell: echo {{ item }} >> /opt/service + with_items: + - nova-compute + +- meta: flush_handlers + +- name: remove nova sqlite db + shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.removed diff --git a/compass/deploy/ansible/roles/nova-compute/templates/nova-compute.conf b/compass/deploy/ansible/roles/nova-compute/templates/nova-compute.conf new file mode 100644 index 0000000..401dee7 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-compute/templates/nova-compute.conf @@ -0,0 +1,7 @@ +[DEFAULT] +compute_driver=libvirt.LibvirtDriver +force_raw_images = true +[libvirt] +virt_type=qemu +images_type = raw +mem_stats_period_seconds=0 diff --git a/compass/deploy/ansible/roles/nova-compute/templates/nova.conf b/compass/deploy/ansible/roles/nova-compute/templates/nova.conf new file mode 100644 index 0000000..4988cb0 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-compute/templates/nova.conf @@ -0,0 +1,73 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=ec2,osapi_compute,metadata + +vif_plugging_is_fatal: false +vif_plugging_timeout: 0 + +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova + +[conductor] +manager = nova.conductor.manager.ConductorManager +topic = conductor + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ HA_VIP }} + +[neutron] +url = http://{{ HA_VIP }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 diff --git a/compass/deploy/ansible/roles/nova-controller/handlers/main.yml b/compass/deploy/ansible/roles/nova-controller/handlers/main.yml new file mode 100644 index 0000000..b4c1585 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/handlers/main.yml @@ -0,0 +1,24 @@ +--- +- name: restart nova-api + service: name=nova-api state=restarted enabled=yes + +- name: restart nova-cert + service: name=nova-cert state=restarted enabled=yes + +- name: restart nova-consoleauth + service: name=nova-consoleauth state=restarted enabled=yes + +- name: restart nova-scheduler + service: name=nova-scheduler state=restarted enabled=yes + +- name: restart nova-conductor + service: name=nova-conductor state=restarted enabled=yes + +- name: restart nova-novncproxy + service: name=nova-novncproxy state=restarted enabled=yes + +- name: remove nova-sqlite-db + shell: rm /var/lib/nova/nova.sqlite || touch nova.sqlite.db.removed + +- name: restart neutron-server + service: name=neutron-server state=restarted enabled=yes diff --git a/compass/deploy/ansible/roles/nova-controller/tasks/main.yml b/compass/deploy/ansible/roles/nova-controller/tasks/main.yml new file mode 100644 index 0000000..72a9f4d --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/tasks/main.yml @@ -0,0 +1,13 @@ +--- +- include: nova_install.yml + tags: + - install + - nova_install + - nova + +- include: nova_config.yml + when: HA_CLUSTER is not defined or HA_CLUSTER[inventory_hostname] == '' + tags: + - config + - nova_config + - nova diff --git a/compass/deploy/ansible/roles/nova-controller/tasks/nova_config.yml b/compass/deploy/ansible/roles/nova-controller/tasks/nova_config.yml new file mode 100644 index 0000000..62351fa --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/tasks/nova_config.yml @@ -0,0 +1,16 @@ +--- +- name: nova db sync + command: su -s /bin/sh -c "nova-manage db sync" nova + register: result + until: result.rc == 0 + retries: 5 + delay: 3 + notify: + - restart nova-api + - restart nova-cert + - restart nova-consoleauth + - restart nova-scheduler + - restart nova-conductor + - restart nova-novncproxy + +- meta: flush_handlers diff --git a/compass/deploy/ansible/roles/nova-controller/tasks/nova_install.yml b/compass/deploy/ansible/roles/nova-controller/tasks/nova_install.yml new file mode 100644 index 0000000..a1cded5 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/tasks/nova_install.yml @@ -0,0 +1,35 @@ +--- +- name: install nova related packages + apt: name={{ item }} state=present force=yes + with_items: + - nova-api + - nova-cert + - nova-conductor + - nova-consoleauth + - nova-novncproxy + - nova-scheduler + - python-novaclient + - python-oslo.rootwrap + +- name: generate nova controll service list + shell: echo {{ item }} >> /opt/service + with_items: + - nova-api + - nova-cert + - nova-conductor + - nova-consoleauth + - nova-novncproxy + - nova-scheduler + +- name: update nova conf + template: src=nova.conf + dest=/etc/nova/nova.conf + backup=yes + notify: + - restart nova-api + - restart nova-cert + - restart nova-consoleauth + - restart nova-scheduler + - restart nova-conductor + - restart nova-novncproxy + - remove nova-sqlite-db diff --git a/compass/deploy/ansible/roles/nova-controller/templates/dhcp_agent.ini b/compass/deploy/ansible/roles/nova-controller/templates/dhcp_agent.ini new file mode 100644 index 0000000..19eb62e --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/dhcp_agent.ini @@ -0,0 +1,90 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# The DHCP agent will resync its state with Neutron to recover from any +# transient notification or rpc errors. The interval is number of +# seconds between attempts. +resync_interval = 5 + +# The DHCP agent requires an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins(OVS, Ryu, NEC, NVP, +# BigSwitch/Floodlight) +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Name of Open vSwitch bridge to use +# ovs_integration_bridge = br-int + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# The agent can use other DHCP drivers. Dnsmasq is the simplest and requires +# no additional setup of the DHCP server. +dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# The DHCP server can assist with providing metadata support on isolated +# networks. Setting this value to True will cause the DHCP server to append +# specific host routes to the DHCP request. The metadata service will only +# be activated when the subnet does not contain any router port. The guest +# instance must be configured to request host routes via DHCP (Option 121). +enable_isolated_metadata = False + +# Allows for serving metadata requests coming from a dedicated metadata +# access network whose cidr is 169.254.169.254/16 (or larger prefix), and +# is connected to a Neutron router from which the VMs send metadata +# request. In this case DHCP Option 121 will not be injected in VMs, as +# they will be able to reach 169.254.169.254 through a router. +# This option requires enable_isolated_metadata = True +enable_metadata_network = False + +# Number of threads to use during sync process. Should not exceed connection +# pool size configured on server. +# num_sync_threads = 4 + +# Location to store DHCP server config files +# dhcp_confs = $state_path/dhcp + +# Domain to use for building the hostnames +dhcp_domain = openstacklocal + +# Override the default dnsmasq settings with this file +# dnsmasq_config_file = +dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf + +# Comma-separated list of DNS servers which will be used by dnsmasq +# as forwarders. +# dnsmasq_dns_servers = + +# Limit number of leases to prevent a denial-of-service. +dnsmasq_lease_max = 16777216 + +# Location to DHCP lease relay UNIX domain socket +# dhcp_lease_relay_socket = $state_path/dhcp/lease_relay + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# dhcp_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the dhcp agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a dhcp server is disabled. +# dhcp_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf b/compass/deploy/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf new file mode 100644 index 0000000..7bcbd9d --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/dnsmasq-neutron.conf @@ -0,0 +1,2 @@ +dhcp-option-force=26,1454 + diff --git a/compass/deploy/ansible/roles/nova-controller/templates/etc/xorp/config.boot b/compass/deploy/ansible/roles/nova-controller/templates/etc/xorp/config.boot new file mode 100644 index 0000000..32caf96 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/etc/xorp/config.boot @@ -0,0 +1,25 @@ +interfaces { + restore-original-config-on-shutdown: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + description: "Internal pNodes interface" + disable: false + default-system-config + } +} + +protocols { + igmp { + disable: false + interface {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + vif {{ hostvars[inventory_hostname][neutron_vxlan_interface|default(internal_interface)]['device'] }} { + disable: false + version: 3 + } + } + traceoptions { + flag all { + disable: false + } + } + } +} diff --git a/compass/deploy/ansible/roles/nova-controller/templates/l3_agent.ini b/compass/deploy/ansible/roles/nova-controller/templates/l3_agent.ini new file mode 100644 index 0000000..b394c00 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/l3_agent.ini @@ -0,0 +1,81 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +# debug = False +verbose = True + +# L3 requires that an interface driver be set. Choose the one that best +# matches your plugin. +# interface_driver = + +# Example of interface_driver option for OVS based plugins (OVS, Ryu, NEC) +# that supports L3 agent +# interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver +interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver + +# Use veth for an OVS interface or not. +# Support kernels with limited namespace support +# (e.g. RHEL 6.5) so long as ovs_use_veth is set to True. +# ovs_use_veth = False + +# Example of interface_driver option for LinuxBridge +# interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver + +# Allow overlapping IP (Must have kernel build with CONFIG_NET_NS=y and +# iproute2 package that supports namespaces). +use_namespaces = True + +# If use_namespaces is set as False then the agent can only configure one router. + +# This is done by setting the specific router_id. +# router_id = + +# When external_network_bridge is set, each L3 agent can be associated +# with no more than one external network. This value should be set to the UUID +# of that external network. To allow L3 agent support multiple external +# networks, both the external_network_bridge and gateway_external_network_id +# must be left empty. +# gateway_external_network_id = + +# Indicates that this L3 agent should also handle routers that do not have +# an external network gateway configured. This option should be True only +# for a single agent in a Neutron deployment, and may be False for all agents +# if all routers must have an external network gateway +handle_internal_only_routers = True + +# Name of bridge used for external network traffic. This should be set to +# empty value for the linux bridge. when this parameter is set, each L3 agent +# can be associated with no more than one external network. +external_network_bridge = br-ex + +# TCP Port used by Neutron metadata server +metadata_port = 9697 + +# Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 +# to disable this feature. +send_arp_for_ha = 3 + +# seconds between re-sync routers' data if needed +periodic_interval = 40 + +# seconds to start to sync routers' data after +# starting agent +periodic_fuzzy_delay = 5 + +# enable_metadata_proxy, which is true by default, can be set to False +# if the Nova metadata server is not available +# enable_metadata_proxy = True + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# router_delete_namespaces, which is false by default, can be set to True if +# namespaces can be deleted cleanly on the host running the L3 agent. +# Do not enable this until you understand the problem with the Linux iproute +# utility mentioned in https://bugs.launchpad.net/neutron/+bug/1052535 and +# you are sure that your version of iproute does not suffer from the problem. +# If True, namespaces will be deleted when a router is destroyed. +# router_delete_namespaces = False + +# Timeout for ovs-vsctl commands. +# If the timeout expires, ovs commands will fail with ALARMCLOCK error. +# ovs_vsctl_timeout = 10 diff --git a/compass/deploy/ansible/roles/nova-controller/templates/metadata_agent.ini b/compass/deploy/ansible/roles/nova-controller/templates/metadata_agent.ini new file mode 100644 index 0000000..6badf28 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/metadata_agent.ini @@ -0,0 +1,46 @@ +[DEFAULT] +# Show debugging output in log (sets DEBUG log level output) +debug = True + +# The Neutron user information for accessing the Neutron API. +auth_url = http://{{ HA_VIP }}:5000/v2.0 +auth_region = RegionOne +# Turn off verification of the certificate for ssl +# auth_insecure = False +# Certificate Authority public key (CA cert) file for ssl +# auth_ca_cert = +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} + +# Network service endpoint type to pull from the keystone catalog +# endpoint_type = adminURL + +# IP address used by Nova metadata server +nova_metadata_ip = {{ HA_VIP }} + +# TCP Port used by Nova metadata server +nova_metadata_port = 8775 + +# When proxying metadata requests, Neutron signs the Instance-ID header with a +# shared secret to prevent spoofing. You may select any string for a secret, +# but it must match here and in the configuration used by the Nova Metadata +# Server. NOTE: Nova uses a different key: neutron_metadata_proxy_shared_secret +metadata_proxy_shared_secret = {{ METADATA_SECRET }} + +# Location of Metadata Proxy UNIX domain socket +# metadata_proxy_socket = $state_path/metadata_proxy + +# Number of separate worker processes for metadata server +# metadata_workers = 0 + +# Number of backlog requests to configure the metadata server socket with +# metadata_backlog = 128 + +# URL to connect to the cache backend. +# Example of URL using memory caching backend +# with ttl set to 5 seconds: cache_url = memory://?default_ttl=5 +# default_ttl=0 parameter will cause cache entries to never expire. +# Otherwise default_ttl specifies time in seconds a cache entry is valid for. +# No cache is used in case no value is passed. +# cache_url = diff --git a/compass/deploy/ansible/roles/nova-controller/templates/ml2_conf.ini b/compass/deploy/ansible/roles/nova-controller/templates/ml2_conf.ini new file mode 100644 index 0000000..a790069 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/ml2_conf.ini @@ -0,0 +1,108 @@ +[ml2] +# (ListOpt) List of network type driver entrypoints to be loaded from +# the neutron.ml2.type_drivers namespace. +# +# type_drivers = local,flat,vlan,gre,vxlan +# Example: type_drivers = flat,vlan,gre,vxlan +type_drivers = {{ NEUTRON_TYPE_DRIVERS |join(",") }} + +# (ListOpt) Ordered list of network_types to allocate as tenant +# networks. The default value 'local' is useful for single-box testing +# but provides no connectivity between hosts. +# +# tenant_network_types = local +# Example: tenant_network_types = vlan,gre,vxlan +tenant_network_types = {{ NEUTRON_TENANT_NETWORK_TYPES |join(",") }} + +# (ListOpt) Ordered list of networking mechanism driver entrypoints +# to be loaded from the neutron.ml2.mechanism_drivers namespace. +# mechanism_drivers = +# Example: mechanism_drivers = openvswitch,mlnx +# Example: mechanism_drivers = arista +# Example: mechanism_drivers = cisco,logger +# Example: mechanism_drivers = openvswitch,brocade +# Example: mechanism_drivers = linuxbridge,brocade +mechanism_drivers = {{ NEUTRON_MECHANISM_DRIVERS |join(",") }} + +[ml2_type_flat] +# (ListOpt) List of physical_network names with which flat networks +# can be created. Use * to allow flat networks with arbitrary +# physical_network names. +# +flat_networks = external +# Example:flat_networks = physnet1,physnet2 +# Example:flat_networks = * + +[ml2_type_vlan] +# (ListOpt) List of <physical_network>[:<vlan_min>:<vlan_max>] tuples +# specifying physical_network names usable for VLAN provider and +# tenant networks, as well as ranges of VLAN tags on each +# physical_network available for allocation as tenant networks. +# +network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999,physnet2 + +[ml2_type_gre] +# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation +tunnel_id_ranges = 1:1000 + +[ml2_type_vxlan] +# (ListOpt) Comma-separated list of <vni_min>:<vni_max> tuples enumerating +# ranges of VXLAN VNI IDs that are available for tenant network allocation. +# +vni_ranges = 1001:4095 + +# (StrOpt) Multicast group for the VXLAN interface. When configured, will +# enable sending all broadcast traffic to this multicast group. When left +# unconfigured, will disable multicast VXLAN mode. +# +vxlan_group = 239.1.1.1 +# Example: vxlan_group = 239.1.1.1 + +[securitygroup] +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True +firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver +enable_security_group = True + +[database] +connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron?charset=utf8 + +[ovs] +local_ip = {{ internal_ip }} +{% if 'openvswitch' in NEUTRON_MECHANISM_DRIVERS %} +integration_bridge = br-int +tunnel_bridge = br-tun +tunnel_id_ranges = 1001:4095 +tunnel_type = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +bridge_mappings = {{ neutron_ovs_bridge_mappings | default("external:br-ex") }} +{% endif %} + +[agent] +root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf +tunnel_types = {{ NEUTRON_TUNNEL_TYPES |join(",") }} +{% if 'vxlan' in NEUTRON_TUNNEL_TYPES %} +vxlan_udp_port = 4789 +{% endif %} +l2_population = False + +[odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +network_vlan_ranges = 1001:4095 +tunnel_id_ranges = 1001:4095 +tun_peer_patch_port = patch-int +int_peer_patch_port = patch-tun +tenant_network_type = vxlan +tunnel_bridge = br-tun +integration_bridge = br-int +controllers = 10.1.0.15:8080:admin:admin +{% endif %} + +[ml2_odl] +{% if 'opendaylight' in NEUTRON_MECHANISM_DRIVERS %} +username = {{ odl_username }} +password = {{ odl_password }} +url = http://{{ controller }}:{{ odl_api_port }}/controller/nb/v2/neutron +{% endif %} + diff --git a/compass/deploy/ansible/roles/nova-controller/templates/neutron-network.conf b/compass/deploy/ansible/roles/nova-controller/templates/neutron-network.conf new file mode 100644 index 0000000..93be9cb --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/neutron-network.conf @@ -0,0 +1,465 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ DEBUG }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/nova-controller/templates/neutron.conf b/compass/deploy/ansible/roles/nova-controller/templates/neutron.conf new file mode 100644 index 0000000..1575367 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/neutron.conf @@ -0,0 +1,466 @@ +[DEFAULT] +# Print more verbose output (set logging level to INFO instead of default WARNING level). +verbose = {{ VERBOSE }} + +# Print debugging output (set logging level to DEBUG instead of default WARNING level). +debug = {{ VERBOSE }} + +# Where to store Neutron state files. This directory must be writable by the +# user executing the agent. +state_path = /var/lib/neutron + +# Where to store lock files +lock_path = $state_path/lock + +# log_format = %(asctime)s %(levelname)8s [%(name)s] %(message)s +# log_date_format = %Y-%m-%d %H:%M:%S + +# use_syslog -> syslog +# log_file and log_dir -> log_dir/log_file +# (not log_file) and log_dir -> log_dir/{binary_name}.log +# use_stderr -> stderr +# (not user_stderr) and (not log_file) -> stdout +# publish_errors -> notification system + +# use_syslog = False +# syslog_log_facility = LOG_USER + +# use_stderr = True +# log_file = +log_dir = /var/log/neutron + +# publish_errors = False + +# Address to bind the API server to +bind_host = {{ network_server_host }} + +# Port the bind the API server to +bind_port = 9696 + +# Path to the extensions. Note that this can be a colon-separated list of +# paths. For example: +# api_extensions_path = extensions:/path/to/more/extensions:/even/more/extensions +# The __path__ of neutron.extensions is appended to this, so if your +# extensions are in there you don't need to specify them here +# api_extensions_path = + +# (StrOpt) Neutron core plugin entrypoint to be loaded from the +# neutron.core_plugins namespace. See setup.cfg for the entrypoint names of the +# plugins included in the neutron source distribution. For compatibility with +# previous versions, the class name of a plugin can be specified instead of its +# entrypoint name. +# +#core_plugin = neutron.plugins.ml2.plugin.Ml2Plugin +core_plugin = ml2 +# Example: core_plugin = ml2 + +# (ListOpt) List of service plugin entrypoints to be loaded from the +# neutron.service_plugins namespace. See setup.cfg for the entrypoint names of +# the plugins included in the neutron source distribution. For compatibility +# with previous versions, the class name of a plugin can be specified instead +# of its entrypoint name. +# +# service_plugins = +# Example: service_plugins = router,firewall,lbaas,vpnaas,metering +service_plugins = router + +# Paste configuration file +api_paste_config = api-paste.ini + +# The strategy to be used for auth. +# Supported values are 'keystone'(default), 'noauth'. +auth_strategy = keystone + +# Base MAC address. The first 3 octets will remain unchanged. If the +# 4h octet is not 00, it will also be used. The others will be +# randomly generated. +# 3 octet +# base_mac = fa:16:3e:00:00:00 +# 4 octet +# base_mac = fa:16:3e:4f:00:00 + +# Maximum amount of retries to generate a unique MAC address +# mac_generation_retries = 16 + +# DHCP Lease duration (in seconds) +dhcp_lease_duration = 86400 + +# Allow sending resource operation notification to DHCP agent +# dhcp_agent_notification = True + +# Enable or disable bulk create/update/delete operations +# allow_bulk = True +# Enable or disable pagination +# allow_pagination = False +# Enable or disable sorting +# allow_sorting = False +# Enable or disable overlapping IPs for subnets +# Attention: the following parameter MUST be set to False if Neutron is +# being used in conjunction with nova security groups +allow_overlapping_ips = True +# Ensure that configured gateway is on subnet +# force_gateway_on_subnet = False + + +# RPC configuration options. Defined in rpc __init__ +# The messaging module to use, defaults to kombu. +# rpc_backend = neutron.openstack.common.rpc.impl_kombu +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_password = {{ RABBIT_PASS }} + +# Size of RPC thread pool +rpc_thread_pool_size = 240 +# Size of RPC connection pool +rpc_conn_pool_size = 100 +# Seconds to wait for a response from call or multicall +rpc_response_timeout = 300 +# Seconds to wait before a cast expires (TTL). Only supported by impl_zmq. +rpc_cast_timeout = 300 +# Modules of exceptions that are permitted to be recreated +# upon receiving exception data from an rpc call. +# allowed_rpc_exception_modules = neutron.openstack.common.exception, nova.exception +# AMQP exchange to connect to if using RabbitMQ or QPID +# control_exchange = neutron + +# If passed, use a fake RabbitMQ provider +# fake_rabbit = False + +# Configuration options if sending notifications via kombu rpc (these are +# the defaults) +# SSL version to use (valid only if SSL enabled) +# kombu_ssl_version = +# SSL key file (valid only if SSL enabled) +# kombu_ssl_keyfile = +# SSL cert file (valid only if SSL enabled) +# kombu_ssl_certfile = +# SSL certification authority file (valid only if SSL enabled) +# kombu_ssl_ca_certs = +# Port where RabbitMQ server is running/listening +rabbit_port = 5672 +# RabbitMQ single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# rabbit_hosts is defaulted to '$rabbit_host:$rabbit_port' +# rabbit_hosts = localhost:5672 +# User ID used for RabbitMQ connections +rabbit_userid = {{ RABBIT_USER }} +# Location of a virtual RabbitMQ installation. +# rabbit_virtual_host = / +# Maximum retries with trying to connect to RabbitMQ +# (the default of 0 implies an infinite retry count) +# rabbit_max_retries = 0 +# RabbitMQ connection retry interval +# rabbit_retry_interval = 1 +# Use HA queues in RabbitMQ (x-ha-policy: all). You need to +# wipe RabbitMQ database when changing this option. (boolean value) +# rabbit_ha_queues = false +# QPID +# rpc_backend=neutron.openstack.common.rpc.impl_qpid +# Qpid broker hostname +# qpid_hostname = localhost +# Qpid broker port +# qpid_port = 5672 +# Qpid single or HA cluster (host:port pairs i.e: host1:5672, host2:5672) +# qpid_hosts is defaulted to '$qpid_hostname:$qpid_port' +# qpid_hosts = localhost:5672 +# Username for qpid connection +# qpid_username = '' +# Password for qpid connection +# qpid_password = '' +# Space separated list of SASL mechanisms to use for auth +# qpid_sasl_mechanisms = '' +# Seconds between connection keepalive heartbeats +# qpid_heartbeat = 60 +# Transport to use, either 'tcp' or 'ssl' +# qpid_protocol = tcp +# Disable Nagle algorithm +# qpid_tcp_nodelay = True + +# ZMQ +# rpc_backend=neutron.openstack.common.rpc.impl_zmq +# ZeroMQ bind address. Should be a wildcard (*), an ethernet interface, or IP. +# The "host" option should point or resolve to this address. +# rpc_zmq_bind_address = * + +# ============ Notification System Options ===================== + +# Notifications can be sent when network/subnet/port are created, updated or deleted. +# There are three methods of sending notifications: logging (via the +# log_file directive), rpc (via a message queue) and +# noop (no notifications sent, the default) + +# Notification_driver can be defined multiple times +# Do nothing driver +# notification_driver = neutron.openstack.common.notifier.no_op_notifier +# Logging driver +# notification_driver = neutron.openstack.common.notifier.log_notifier +# RPC driver. +notification_driver = neutron.openstack.common.notifier.rpc_notifier + +# default_notification_level is used to form actual topic name(s) or to set logging level +default_notification_level = INFO + +# default_publisher_id is a part of the notification payload +# host = myhost.com +# default_publisher_id = $host + +# Defined in rpc_notifier, can be comma separated values. +# The actual topic names will be %s.%(default_notification_level)s +notification_topics = notifications + +# Default maximum number of items returned in a single response, +# value == infinite and value < 0 means no max limit, and value must +# be greater than 0. If the number of items requested is greater than +# pagination_max_limit, server will just return pagination_max_limit +# of number of items. +# pagination_max_limit = -1 + +# Maximum number of DNS nameservers per subnet +# max_dns_nameservers = 5 + +# Maximum number of host routes per subnet +# max_subnet_host_routes = 20 + +# Maximum number of fixed ips per port +# max_fixed_ips_per_port = 5 + +# =========== items for agent management extension ============= +# Seconds to regard the agent as down; should be at least twice +# report_interval, to be sure the agent is down for good +agent_down_time = 75 +# =========== end of items for agent management extension ===== + +# =========== items for agent scheduler extension ============= +# Driver to use for scheduling network to DHCP agent +network_scheduler_driver = neutron.scheduler.dhcp_agent_scheduler.ChanceScheduler +# Driver to use for scheduling router to a default L3 agent +router_scheduler_driver = neutron.scheduler.l3_agent_scheduler.ChanceScheduler +# Driver to use for scheduling a loadbalancer pool to an lbaas agent +# loadbalancer_pool_scheduler_driver = neutron.services.loadbalancer.agent_scheduler.ChanceScheduler + +# Allow auto scheduling networks to DHCP agent. It will schedule non-hosted +# networks to first DHCP agent which sends get_active_networks message to +# neutron server +# network_auto_schedule = True + +# Allow auto scheduling routers to L3 agent. It will schedule non-hosted +# routers to first L3 agent which sends sync_routers message to neutron server +# router_auto_schedule = True + +# Number of DHCP agents scheduled to host a network. This enables redundant +# DHCP agents for configured networks. +# dhcp_agents_per_network = 1 + +# =========== end of items for agent scheduler extension ===== + +# =========== WSGI parameters related to the API server ============== +# Number of separate worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as workers. The parent process manages them. +api_workers = 8 + +# Number of separate RPC worker processes to spawn. The default, 0, runs the +# worker thread in the current process. Greater than 0 launches that number of +# child processes as RPC workers. The parent process manages them. +# This feature is experimental until issues are addressed and testing has been +# enabled for various plugins for compatibility. +rpc_workers = 8 + +# Sets the value of TCP_KEEPIDLE in seconds to use for each server socket when +# starting API server. Not supported on OS X. +# tcp_keepidle = 600 + +# Number of seconds to keep retrying to listen +# retry_until_window = 30 + +# Number of backlog requests to configure the socket with. +# backlog = 4096 + +# Max header line to accommodate large tokens +# max_header_line = 16384 + +# Enable SSL on the API server +# use_ssl = False + +# Certificate file to use when starting API server securely +# ssl_cert_file = /path/to/certfile + +# Private key file to use when starting API server securely +# ssl_key_file = /path/to/keyfile + +# CA certificate file to use when starting API server securely to +# verify connecting clients. This is an optional parameter only required if +# API clients need to authenticate to the API server using SSL certificates +# signed by a trusted CA +# ssl_ca_file = /path/to/cafile +# ======== end of WSGI parameters related to the API server ========== + + +# ======== neutron nova interactions ========== +# Send notification to nova when port status is active. +notify_nova_on_port_status_changes = True + +# Send notifications to nova when port data (fixed_ips/floatingips) change +# so nova can update it's cache. +notify_nova_on_port_data_changes = True + +# URL for connection to nova (Only supports one nova region currently). +nova_url = http://{{ HA_VIP }}:8774/v2 + +# Name of nova region to use. Useful if keystone manages more than one region +nova_region_name = RegionOne + +# Username for connection to nova in admin context +nova_admin_username = nova + +# The uuid of the admin nova tenant +nova_admin_tenant_id = {{ NOVA_ADMIN_TENANT_ID.stdout_lines[0] }} + +# Password for connection to nova in admin context. +nova_admin_password = {{ NOVA_PASS }} + +# Authorization URL for connection to nova in admin context. +nova_admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 + +# Number of seconds between sending events to nova if there are any events to send +send_events_interval = 2 + +# ======== end of neutron nova interactions ========== + +[quotas] +# Default driver to use for quota checks +quota_driver = neutron.db.quota_db.DbQuotaDriver + +# Resource name(s) that are supported in quota features +quota_items = network,subnet,port + +# Default number of resource allowed per tenant. A negative value means +# unlimited. +default_quota = -1 + +# Number of networks allowed per tenant. A negative value means unlimited. +quota_network = 100 + +# Number of subnets allowed per tenant. A negative value means unlimited. +quota_subnet = 100 + +# Number of ports allowed per tenant. A negative value means unlimited. +quota_port = 8000 + +# Number of security groups allowed per tenant. A negative value means +# unlimited. +quota_security_group = 1000 + +# Number of security group rules allowed per tenant. A negative value means +# unlimited. +quota_security_group_rule = 1000 + +# Number of vips allowed per tenant. A negative value means unlimited. +# quota_vip = 10 + +# Number of pools allowed per tenant. A negative value means unlimited. +# quota_pool = 10 + +# Number of pool members allowed per tenant. A negative value means unlimited. +# The default is unlimited because a member is not a real resource consumer +# on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_member = -1 + +# Number of health monitors allowed per tenant. A negative value means +# unlimited. +# The default is unlimited because a health monitor is not a real resource +# consumer on Openstack. However, on back-end, a member is a resource consumer +# and that is the reason why quota is possible. +# quota_health_monitors = -1 + +# Number of routers allowed per tenant. A negative value means unlimited. +# quota_router = 10 + +# Number of floating IPs allowed per tenant. A negative value means unlimited. +# quota_floatingip = 50 + +[agent] +# Use "sudo neutron-rootwrap /etc/neutron/rootwrap.conf" to use the real +# root filter facility. +# Change to "sudo" to skip the filtering and just run the comand directly +root_helper = "sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf" + +# =========== items for agent management extension ============= +# seconds between nodes reporting state to server; should be less than +# agent_down_time, best if it is half or less than agent_down_time +report_interval = 30 + +# =========== end of items for agent management extension ===== + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/v2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = neutron +admin_password = {{ NEUTRON_PASS }} +signing_dir = $state_path/keystone-signing + +[database] +# This line MUST be changed to actually run the plugin. +# Example: +# connection = mysql://root:pass@127.0.0.1:3306/neutron +# Replace 127.0.0.1 above with the IP address of the database used by the +# main neutron server. (Leave it as is if the database runs on this host.) +# connection = sqlite:////var/lib/neutron/neutron.sqlite +#connection = mysql://neutron:{{ NEUTRON_DBPASS }}@{{ db_host }}/neutron + +# The SQLAlchemy connection string used to connect to the slave database +slave_connection = + +# Database reconnection retry times - in event connectivity is lost +# set to -1 implies an infinite retry count +max_retries = 10 + +# Database reconnection interval in seconds - if the initial connection to the +# database fails +retry_interval = 10 + +# Minimum number of SQL connections to keep open in a pool +min_pool_size = 1 + +# Maximum number of SQL connections to keep open in a pool +max_pool_size = 100 + +# Timeout in seconds before idle sql connections are reaped +idle_timeout = 3600 + +# If set, use this value for max_overflow with sqlalchemy +max_overflow = 100 + +# Verbosity of SQL debugging information. 0=None, 100=Everything +connection_debug = 0 + +# Add python stack traces to SQL as comment strings +connection_trace = False + +# If set, use this value for pool_timeout with sqlalchemy +pool_timeout = 10 + +[service_providers] +# Specify service providers (drivers) for advanced services like loadbalancer, VPN, Firewall. +# Must be in form: +# service_provider=<service_type>:<name>:<driver>[:default] +# List of allowed service types includes LOADBALANCER, FIREWALL, VPN +# Combination of <service type> and <name> must be unique; <driver> must also be unique +# This is multiline option, example for default provider: +# service_provider=LOADBALANCER:name:lbaas_plugin_driver_path:default +# example of non-default provider: +# service_provider=FIREWALL:name2:firewall_driver_path +# --- Reference implementations --- +service_provider=LOADBALANCER:Haproxy:neutron.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default +service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default +# In order to activate Radware's lbaas driver you need to uncomment the next line. +# If you want to keep the HA Proxy as the default lbaas driver, remove the attribute default from the line below. +# Otherwise comment the HA Proxy line +# service_provider = LOADBALANCER:Radware:neutron.services.loadbalancer.drivers.radware.driver.LoadBalancerDriver:default +# uncomment the following line to make the 'netscaler' LBaaS provider available. +# service_provider=LOADBALANCER:NetScaler:neutron.services.loadbalancer.drivers.netscaler.netscaler_driver.NetScalerPluginDriver +# Uncomment the following line (and comment out the OpenSwan VPN line) to enable Cisco's VPN driver. +# service_provider=VPN:cisco:neutron.services.vpn.service_drivers.cisco_ipsec.CiscoCsrIPsecVPNDriver:default +# Uncomment the line below to use Embrane heleos as Load Balancer service provider. +# service_provider=LOADBALANCER:Embrane:neutron.services.loadbalancer.drivers.embrane.driver.EmbraneLbaas:default diff --git a/compass/deploy/ansible/roles/nova-controller/templates/neutron_init.sh b/compass/deploy/ansible/roles/nova-controller/templates/neutron_init.sh new file mode 100644 index 0000000..b92e202 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/neutron_init.sh @@ -0,0 +1,4 @@ +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 net-create ext-net --shared --router:external=True + +# neutron --os-username=admin --os-password={{ ADMIN_PASS }} --os-tenant-name=admin --os-auth-url=http://{{ identity_host }}:35357/v2.0 subnet-create ext-net --name ext-subnet --allocation-pool start={{ FLOATING_IP_START }},end={{ FLOATING_IP_END}} --disable-dhcp --gateway {{EXTERNAL_NETWORK_GATEWAY}} {{EXTERNAL_NETWORK_CIDR}} + diff --git a/compass/deploy/ansible/roles/nova-controller/templates/nova.conf b/compass/deploy/ansible/roles/nova-controller/templates/nova.conf new file mode 100644 index 0000000..c8991a3 --- /dev/null +++ b/compass/deploy/ansible/roles/nova-controller/templates/nova.conf @@ -0,0 +1,72 @@ +[DEFAULT] +dhcpbridge_flagfile=/etc/nova/nova.conf +dhcpbridge=/usr/bin/nova-dhcpbridge +logdir=/var/log/nova +state_path=/var/lib/nova +lock_path=/var/lock/nova +force_dhcp_release=True +iscsi_helper=tgtadm +libvirt_use_virtio_for_bridges=True +connection_type=libvirt +root_helper=sudo nova-rootwrap /etc/nova/rootwrap.conf +verbose={{ VERBOSE}} +debug={{ DEBUG }} +ec2_private_dns_show_ip=True +api_paste_config=/etc/nova/api-paste.ini +volumes_path=/var/lib/nova/volumes +enabled_apis=osapi_compute,metadata + +vif_plugging_is_fatal: false +vif_plugging_timeout: 0 + +auth_strategy = keystone + +rpc_backend = rabbit +rabbit_host = {{ rabbit_host }} +rabbit_userid = {{ RABBIT_USER }} +rabbit_password = {{ RABBIT_PASS }} + +osapi_compute_listen={{ internal_ip }} +metadata_listen={{ internal_ip }} + +my_ip = {{ internal_ip }} +vnc_enabled = True +vncserver_listen = {{ internal_ip }} +vncserver_proxyclient_address = {{ internal_ip }} +novncproxy_base_url = http://{{ HA_VIP }}:6080/vnc_auto.html + +novncproxy_host = {{ internal_ip }} +novncproxy_port = 6080 + +network_api_class = nova.network.neutronv2.api.API +linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver +firewall_driver = nova.virt.firewall.NoopFirewallDriver +security_group_api = neutron + +instance_usage_audit = True +instance_usage_audit_period = hour +notify_on_state_change = vm_and_task_state +notification_driver = nova.openstack.common.notifier.rpc_notifier +notification_driver = ceilometer.compute.nova_notifier + +[database] +# The SQLAlchemy connection string used to connect to the database +connection = mysql://nova:{{ NOVA_DBPASS }}@{{ db_host }}/nova + +[keystone_authtoken] +auth_uri = http://{{ HA_VIP }}:5000/2.0 +identity_uri = http://{{ HA_VIP }}:35357 +admin_tenant_name = service +admin_user = nova +admin_password = {{ NOVA_PASS }} + +[glance] +host = {{ HA_VIP }} + +[neutron] +url = http://{{ HA_VIP }}:9696 +auth_strategy = keystone +admin_tenant_name = service +admin_username = neutron +admin_password = {{ NEUTRON_PASS }} +admin_auth_url = http://{{ HA_VIP }}:35357/v2.0 diff --git a/compass/deploy/ansible/roles/repo/tasks/main.yml b/compass/deploy/ansible/roles/repo/tasks/main.yml new file mode 100644 index 0000000..9476f80 --- /dev/null +++ b/compass/deploy/ansible/roles/repo/tasks/main.yml @@ -0,0 +1,6 @@ +--- +- name: add juno cloudarchive + apt_repository: repo="{{ juno_cloud_archive }}" state=present + +- name: first update pkgs + apt: update_cache=yes diff --git a/compass/deploy/ansible/roles/repo/templates/sources.list b/compass/deploy/ansible/roles/repo/templates/sources.list new file mode 100644 index 0000000..8b062e7 --- /dev/null +++ b/compass/deploy/ansible/roles/repo/templates/sources.list @@ -0,0 +1 @@ +{{ LOCAL_REPO }} diff --git a/compass/deploy/compass_vm.sh b/compass/deploy/compass_vm.sh new file mode 100644 index 0000000..0764917 --- /dev/null +++ b/compass/deploy/compass_vm.sh @@ -0,0 +1,103 @@ +compass_vm_dir=$WORK_DIR/vm/compass +rsa_file=$compass_vm_dir/boot.rsa +ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file" +function tear_down_compass() { + sudo virsh destroy compass > /dev/null 2>&1 + sudo virsh undefine compass > /dev/null 2>&1 + + sudo umount $compass_vm_dir/old > /dev/null 2>&1 + sudo umount $compass_vm_dir/new > /dev/null 2>&1 + + sudo rm -rf $compass_vm_dir + + log_info "tear_down_compass success!!!" +} + +function install_compass_core() { + local inventory_file=$compass_vm_dir/inventory.file + log_info "install_compass_core enter" + sed -i "s/mgmt_next_ip:.*/mgmt_next_ip: ${COMPASS_SERVER}/g" $WORK_DIR/installer/compass-install/install/group_vars/all + echo "compass_nodocker ansible_ssh_host=$MGMT_IP ansible_ssh_port=22" > $inventory_file + PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=true ANSIBLE_HOST_KEY_CHECKING=false ANSIBLE_SSH_ARGS='-o UserKnownHostsFile=/dev/null -o ControlMaster=auto -o ControlPersist=60s' ansible-playbook -e pipeline=true --private-key=$rsa_file --user=root --connection=ssh --inventory-file=$inventory_file $WORK_DIR/installer/compass-install/install/compass_nodocker.yml + exit_status=$? + rm $inventory_file + log_info "install_compass_core exit" + if [[ $exit_status != 0 ]];then + /bin/false + fi +} + +function wait_ok() { + log_info "wait_compass_ok enter" + retry=0 + until timeout 1s ssh $ssh_args root@$MGMT_IP "exit" 2>/dev/null + do + log_progress "os install time used: $((retry*100/$1))%" + sleep 1 + let retry+=1 + if [[ $retry -ge $1 ]];then + log_error "os install time out" + tear_down_compass + exit 1 + fi + done + + log_warn "os install time used: 100%" + log_info "wait_compass_ok exit" +} + +function launch_compass() { + local old_mnt=$compass_vm_dir/old + local new_mnt=$compass_vm_dir/new + local old_iso=$WORK_DIR/iso/centos.iso + local new_iso=$compass_vm_dir/centos.iso + + log_info "launch_compass enter" + tear_down_compass + + set -e + mkdir -p $compass_vm_dir $old_mnt + sudo mount -o loop $old_iso $old_mnt + cd $old_mnt;find .|cpio -pd $new_mnt;cd - + + sudo umount $old_mnt + + chmod 755 -R $new_mnt + sed -i -e "s/REPLACE_MGMT_IP/$MGMT_IP/g" -e "s/REPLACE_MGMT_NETMASK/$MGMT_MASK/g" -e "s/REPLACE_INSTALL_IP/$COMPASS_SERVER/g" -e "s/REPLACE_INSTALL_NETMASK/$INSTALL_MASK/g" -e "s/REPLACE_GW/$MGMT_GW/g" $new_mnt/isolinux/isolinux.cfg + + sudo ssh-keygen -f $new_mnt/bootstrap/boot.rsa -t rsa -N '' + cp $new_mnt/bootstrap/boot.rsa $rsa_file + + rm -rf $new_mnt/.rr_moved $new_mnt/rr_moved + sudo mkisofs -quiet -r -J -R -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -hide-rr-moved -x "lost+found:" -o $new_iso $new_mnt + + rm -rf $old_mnt $new_mnt + + qemu-img create -f qcow2 $compass_vm_dir/disk.img 100G + + # create vm xml + sed -e "s/REPLACE_MEM/$COMPASS_VIRT_MEM/g" \ + -e "s/REPLACE_CPU/$COMPASS_VIRT_CPUS/g" \ + -e "s#REPLACE_IMAGE#$compass_vm_dir/disk.img#g" \ + -e "s#REPLACE_ISO#$compass_vm_dir/centos.iso#g" \ + -e "s/REPLACE_NET_MGMT/mgmt/g" \ + -e "s/REPLACE_BRIDGE_INSTALL/br_install/g" \ + $COMPASS_DIR/deploy/template/vm/compass.xml \ + > $WORK_DIR/vm/compass/libvirt.xml + + sudo virsh define $compass_vm_dir/libvirt.xml + sudo virsh start compass + + if ! wait_ok 300;then + log_error "install os timeout" + exit 1 + fi + + if ! install_compass_core;then + log_error "install compass core failed" + exit 1 + fi + + set +e + log_info "launch_compass exit" +} diff --git a/compass/deploy/conf/baremetal.conf b/compass/deploy/conf/baremetal.conf new file mode 100644 index 0000000..317d561 --- /dev/null +++ b/compass/deploy/conf/baremetal.conf @@ -0,0 +1,20 @@ +export VIRT_CPUS=4 +export HOST_MACS="'64:3e:8c:4c:6d:a3' '64:3e:8c:4c:6d:37' '64:3e:8c:4c:6c:d7' '64:3e:8c:4c:6b:7b' '64:3e:8c:4c:68:2b'" +export VIRT_MEM=16384 +export VIRT_DISK=30G +export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*' +#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*' +export ADAPTER_NAME="openstack_juno" +export ADAPTER_TARGET_SYSTEM_PATTERN="^openstack$" +export ADAPTER_FLAVOR_PATTERN="HA-ansible-multinodes" +export HOSTNAMES="host1,host2,host3,host4,host5" +export HOST_ROLES="host1=controller,ha;host2=controller,ha;host3=controller,ha;host4=compute;host5=compute" +export DEFAULT_ROLES="" +export SWITCH_IPS="172.29.1.166" +export SWITCH_CREDENTIAL="version=2c,community=public" +export DEPLOYMENT_TIMEOUT="150" +export POLL_SWITCHES_FLAG="nopoll_switches" +export DASHBOARD_URL="" +export REGTEST_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source ${REGTEST_DIR}/base.conf +export VIP="10.1.0.222" diff --git a/compass/deploy/conf/base.conf b/compass/deploy/conf/base.conf index 8362b9a..d8e8d51 100644 --- a/compass/deploy/conf/base.conf +++ b/compass/deploy/conf/base.conf @@ -1,11 +1,28 @@ -export COMPASS_SERVER_URL="http://10.1.0.12/api" +export ISO_URL=http://192.168.123.11:9999/xh/work/build/work/compass.iso +export INSTALL_IP=${INSTALL_IP:-10.1.0.12} +export INSTALL_MASK=${INSTALL_MASK:-255.255.255.0} +export INSTALL_GW=${INSTALL_GW:-10.1.0.1} +export INSTALL_IP_START=${INSTALL_IP_START:-10.1.0.1} +export INSTALL_IP_END=${INSTALL_IP_END:-10.1.0.254} +export MGMT_IP=${MGMT_IP:-192.168.200.2} +export MGMT_MASK=${MAGMT_MASK:-255.255.252.0} +export MGMT_GW=${MAGMT_GW:-192.168.200.1} +export MGMT_IP_START=${MGMT_IP_START:-192.168.200.3} +export MGMT_IP_END=${MGMT_IP_END:-192.168.200.254} +export OM_NIC=${OM_NIC:-eth3} +export OM_IP=${OM_IP:-192.168.123.11/22} +export OM_GW=${OM_GW:-192.168.120.1} +export COMPASS_VIRT_CPUS=4 +export COMPASS_VIRT_MEM=4096 +export COMPASS_SERVER=$INSTALL_IP +export COMPASS_SERVER_URL="http://$COMPASS_SERVER/api" export COMPASS_USER_EMAIL="admin@huawei.com" export COMPASS_USER_PASSWORD="admin" export CLUSTER_NAME="opnfv2" export LANGUAGE="EN" export TIMEZONE="America/Los_Angeles" -export NTP_SERVER="10.1.0.12" -export NAMESERVERS="10.1.0.12" +export NTP_SERVER="$COMPASS_SERVER" +export NAMESERVERS="$COMPASS_SERVER" export DOMAIN="ods.com" export PARTITIONS="/home=5%,/tmp=5%,/var=20%" export SUBNETS="10.1.0.0/24,172.16.2.0/24,172.16.3.0/24,172.16.4.0/24" @@ -18,6 +35,7 @@ export TENANT_INTERFACE=${TENANT_INTERFACE:-eth1} export STORAGE_INTERFACE=${STORAGE_INTERFACE:-eth3} export PUBLIC_INTERFACE=${PUBLIC_INTERFACE:-eth2} + function next_ip { ip_addr=$1 ip_base="$(echo $ip_addr | cut -d. -f'1 2 3')" diff --git a/compass/deploy/conf/cluster.conf b/compass/deploy/conf/cluster.conf new file mode 100644 index 0000000..4f43027 --- /dev/null +++ b/compass/deploy/conf/cluster.conf @@ -0,0 +1,20 @@ +export VIRT_NUMBER=5 +export VIRT_CPUS=4 +export VIRT_MEM=16384 +export VIRT_DISK=30G +export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*' +#export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*' +export ADAPTER_NAME="openstack_juno" +export ADAPTER_TARGET_SYSTEM_PATTERN="^openstack$" +export ADAPTER_FLAVOR_PATTERN="HA-ansible-multinodes" +export HOSTNAMES="host1,host2,host3,host4,host5" +export HOST_ROLES="host1=controller,ha;host2=controller,ha;host3=controller,ha;host4=compute;host5=compute" +export DEFAULT_ROLES="" +export SWITCH_IPS="1.1.1.1" +export SWITCH_CREDENTIAL="version=2c,community=public" +export DEPLOYMENT_TIMEOUT="150" +export POLL_SWITCHES_FLAG="nopoll_switches" +export DASHBOARD_URL="" +export REGTEST_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) +source ${REGTEST_DIR}/base.conf +export VIP="10.1.0.222" diff --git a/compass/deploy/conf/five.conf b/compass/deploy/conf/five.conf index e63e514..f32411b 100644 --- a/compass/deploy/conf/five.conf +++ b/compass/deploy/conf/five.conf @@ -1,6 +1,6 @@ export VIRT_NUMBER=5 export VIRT_CPUS=4 -export VIRT_MEM=4096 +export VIRT_MEM=16384 export VIRT_DISK=30G export 'ADAPTER_OS_PATTERN=(?i)ubuntu-14\.04.*' #export 'ADAPTER_OS_PATTERN=(?i)centos-6\.5.*' @@ -12,7 +12,7 @@ export HOST_ROLES="host1=controller,network;host2=compute,storage;host3=compute, export DEFAULT_ROLES="" export SWITCH_IPS="1.1.1.1" export SWITCH_CREDENTIAL="version=2c,community=public" -export DEPLOYMENT_TIMEOUT="90" +export DEPLOYMENT_TIMEOUT="150" export POLL_SWITCHES_FLAG="nopoll_switches" export DASHBOARD_URL="" export REGTEST_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) diff --git a/compass/deploy/deploy-vm.sh b/compass/deploy/deploy-vm.sh index 18857cd..41ef209 100644 --- a/compass/deploy/deploy-vm.sh +++ b/compass/deploy/deploy-vm.sh @@ -16,6 +16,12 @@ fi cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" bin/switch_virtualenv.py #source ../compass-install/ci/allinone.conf +/usr/bin/expect ${SCRIPT_DIR}/../deploy/remote_excute.exp \ + "ssh root@${COMPASS_SERVER} mkdir -p /opt/compass/bin/ansible_callbacks" vagrant + +/usr/bin/expect ${SCRIPT_DIR}/../deploy/remote_excute.exp \ + "scp -r ${SCRIPT_DIR}/../deploy/status_callback.py root@${COMPASS_SERVER}:/opt/compass/bin/ansible_callbacks/status_callback.py" \ + vagrant bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \ --compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \ --cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \ @@ -32,7 +38,8 @@ bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_ --network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \ --host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \ --machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" \ ---deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" +--deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" \ +--cluster_vip="${VIP}" deploy_result=$? tear_down_machines cd ../compass-install diff --git a/compass/deploy/deploy_host.sh b/compass/deploy/deploy_host.sh new file mode 100644 index 0000000..d08a821 --- /dev/null +++ b/compass/deploy/deploy_host.sh @@ -0,0 +1,40 @@ +function deploy_host(){ + cd $WORK_DIR/installer/compass-core + source $WORK_DIR/venv/bin/activate + if pip --help | grep -q trusted; then + pip install -i http://pypi.douban.com/simple -e . --trusted-host pypi.douban.com + else + pip install -i http://pypi.douban.com/simple -e . + fi + + sudo mkdir -p /var/log/compass + sudo chown -R 777 /var/log/compass + + sudo mkdir -p /etc/compass + sudo cp -rf conf/setting /etc/compass/. + + cp bin/switch_virtualenv.py.template bin/switch_virtualenv.py + sed -i "s|\$PythonHome|$VIRTUAL_ENV|g" bin/switch_virtualenv.py + ssh $ssh_args root@${COMPASS_SERVER} mkdir -p /opt/compass/bin/ansible_callbacks + scp $ssh_args -r ${COMPASS_DIR}/deploy/status_callback.py root@${COMPASS_SERVER}:/opt/compass/bin/ansible_callbacks/status_callback.py + + (sleep 15;reboot_hosts ) & + bin/client.py --logfile= --loglevel=debug --logdir= --compass_server="${COMPASS_SERVER_URL}" \ + --compass_user_email="${COMPASS_USER_EMAIL}" --compass_user_password="${COMPASS_USER_PASSWORD}" \ + --cluster_name="${CLUSTER_NAME}" --language="${LANGUAGE}" --timezone="${TIMEZONE}" \ + --hostnames="${HOSTNAMES}" --partitions="${PARTITIONS}" --subnets="${SUBNETS}" \ + --adapter_os_pattern="${ADAPTER_OS_PATTERN}" --adapter_name="${ADAPTER_NAME}" \ + --adapter_target_system_pattern="${ADAPTER_TARGET_SYSTEM_PATTERN}" \ + --adapter_flavor_pattern="${ADAPTER_FLAVOR_PATTERN}" \ + --http_proxy="${PROXY}" --https_proxy="${PROXY}" --no_proxy="${IGNORE_PROXY}" \ + --ntp_server="${NTP_SERVER}" --dns_servers="${NAMESERVERS}" --domain="${DOMAIN}" \ + --search_path="${SEARCH_PATH}" --default_gateway="${GATEWAY}" \ + --server_credential="${SERVER_CREDENTIAL}" --local_repo_url="${LOCAL_REPO_URL}" \ + --os_config_json_file="${OS_CONFIG_FILENAME}" --service_credentials="${SERVICE_CREDENTIALS}" \ + --console_credentials="${CONSOLE_CREDENTIALS}" --host_networks="${HOST_NETWORKS}" \ + --network_mapping="${NETWORK_MAPPING}" --package_config_json_file="${PACKAGE_CONFIG_FILENAME}" \ + --host_roles="${HOST_ROLES}" --default_roles="${DEFAULT_ROLES}" --switch_ips="${SWITCH_IPS}" \ + --machines=${machines//\'} --switch_credential="${SWITCH_CREDENTIAL}" \ + --deployment_timeout="${DEPLOYMENT_TIMEOUT}" --${POLL_SWITCHES_FLAG} --dashboard_url="${DASHBOARD_URL}" \ + --cluster_vip="${VIP}" +} diff --git a/compass/deploy/func.sh b/compass/deploy/func.sh index 29c2c23..49ea947 100644..100755 --- a/compass/deploy/func.sh +++ b/compass/deploy/func.sh @@ -1,19 +1,22 @@ function tear_down_machines() { - virtmachines=$(virsh list --name |grep pxe) + virtmachines=$(sudo virsh list --name |grep pxe) for virtmachine in $virtmachines; do echo "destroy $virtmachine" - virsh destroy $virtmachine + sudo virsh destroy $virtmachine if [[ "$?" != "0" ]]; then echo "destroy instance $virtmachine failed" exit 1 fi done - virtmachines=$(virsh list --all --name |grep pxe) - for virtmachine in $virtmachines; do - echo "undefine $virtmachine" - virsh undefine $virtmachine + + sudo virsh list --all|grep shut|awk '{print $2}'|xargs -n 1 sudo virsh undefine + + vol_names=$(sudo virsh vol-list default |grep .img | awk '{print $1}') + for vol_name in $vol_names; do + echo "virsh vol-delete $vol_name" + sudo virsh vol-delete $vol_name --pool default if [[ "$?" != "0" ]]; then - echo "undefine instance $virtmachine failed" + echo "vol-delete $vol_name failed!" exit 1 fi done diff --git a/compass/deploy/host_baremetal.sh b/compass/deploy/host_baremetal.sh new file mode 100644 index 0000000..26238e0 --- /dev/null +++ b/compass/deploy/host_baremetal.sh @@ -0,0 +1,9 @@ +function get_host_macs() { + local config_file=$WORK_DIR/installer/compass-install/install/group_vars/all + local machines=`echo $HOST_MACS|sed 's/ /,/g'` + + echo "test: true" >> $config_file + echo "pxe_boot_macs: [${machines}]" >> $config_file + + echo $machines +} diff --git a/compass/deploy/host_vm.sh b/compass/deploy/host_vm.sh new file mode 100644 index 0000000..cf9a757 --- /dev/null +++ b/compass/deploy/host_vm.sh @@ -0,0 +1,59 @@ +host_vm_dir=$WORK_DIR/vm +function tear_down_machines() { + for i in host{0..4} + do + sudo virsh destroy $i 1>/dev/null 2>/dev/null + sudo virsh undefine $i 1>/dev/null 2>/dev/null + rm -rf $host_vm_dir/host$i + done +} + +function reboot_hosts() { + log_warn "reboot_hosts do nothing" +} + +function launch_host_vms() { + tear_down_machines + #function_bod + mac_array=`echo $machines|sed 's/,/ /g'` + log_info "bringing up pxe boot vms" + i=0 + for mac in $mac_array; do + log_info "creating vm disk for instance host${i}" + vm_dir=$host_vm_dir/host$i + mkdir -p $vm_dir + sudo qemu-img create -f raw $vm_dir/disk.img ${VIRT_DISK} + # create vm xml + sed -e "s/REPLACE_MEM/$VIRT_MEM/g" \ + -e "s/REPLACE_CPU/$VIRT_CPUS/g" \ + -e "s/REPLACE_NAME/host$i/g" \ + -e "s#REPLACE_IMAGE#$vm_dir/disk.img#g" \ + -e "s/REPLACE_BOOT_MAC/$mac/g" \ + -e "s/REPLACE_BRIDGE_MGMT/br_install/g" \ + -e "s/REPLACE_BRIDGE_TENANT/br_install/g" \ + -e "s/REPLACE_BRIDGE_PUBLIC/br_install/g" \ + -e "s/REPLACE_BRIDGE_STORAGE/br_install/g" \ + $COMPASS_DIR/deploy/template/vm/host.xml\ + > $vm_dir/libvirt.xml + + sudo virsh define $vm_dir/libvirt.xml + sudo virsh start host$i + let i=i+1 + done +} + +function get_host_macs() { + local config_file=$WORK_DIR/installer/compass-install/install/group_vars/all + local mac_generator=${COMPASS_DIR}/deploy/mac_generator.sh + local machines= + + chmod +x $mac_generator + mac_array=`$mac_generator $VIRT_NUMBER` + machines=`echo $mac_array|sed 's/ /,/g'` + + echo "test: true" >> $config_file + echo "pxe_boot_macs: [${machines}]" >> $config_file + + echo $machines +} + diff --git a/compass/deploy/network.sh b/compass/deploy/network.sh new file mode 100755 index 0000000..c60607e --- /dev/null +++ b/compass/deploy/network.sh @@ -0,0 +1,70 @@ +function destroy_nets() { + sudo virsh net-destroy mgmt > /dev/null 2>&1 + sudo virsh net-undefine mgmt > /dev/null 2>&1 + + sudo virsh net-destroy install > /dev/null 2>&1 + sudo virsh net-undefine install > /dev/null 2>&1 + rm -rf $COMPASS_DIR/deploy/work/network/*.xml +} + +function setup_om_bridge() { + local device=$1 + local gw=$2 + ip link set br_install down + ip addr flush $device + brctl delbr br_install + + brctl addbr br_install + brctl addif br_install $device + ip link set br_install up + + shift;shift + for ip in $*;do + ip addr add $ip dev br_install + done + + route add default gw $gw +} + +function setup_om_nat() { + # create install network + sed -e "s/REPLACE_BRIDGE/br_install/g" \ + -e "s/REPLACE_NAME/install/g" \ + -e "s/REPLACE_GATEWAY/$INSTALL_GW/g" \ + -e "s/REPLACE_MASK/$INSTALL_MASK/g" \ + -e "s/REPLACE_START/$INSTALL_IP_START/g" \ + -e "s/REPLACE_END/$INSTALL_IP_END/g" \ + $COMPASS_DIR/deploy/template/network/nat.xml \ + > $WORK_DIR/network/install.xml + + sudo virsh net-define $WORK_DIR/network/install.xml + sudo virsh net-start install +} + +function create_nets() { + destroy_nets + + # create mgmt network + sed -e "s/REPLACE_BRIDGE/br_mgmt/g" \ + -e "s/REPLACE_NAME/mgmt/g" \ + -e "s/REPLACE_GATEWAY/$MGMT_GW/g" \ + -e "s/REPLACE_MASK/$MGMT_MASK/g" \ + -e "s/REPLACE_START/$MGMT_IP_START/g" \ + -e "s/REPLACE_END/$MGMT_IP_END/g" \ + $COMPASS_DIR/deploy/template/network/nat.xml \ + > $WORK_DIR/network/mgmt.xml + + sudo virsh net-define $WORK_DIR/network/mgmt.xml + sudo virsh net-start mgmt + + # create install network + if [[ ! -z $VIRT_NUMBER ]];then + setup_om_nat + else + mask=`echo $INSTALL_MASK | awk -F'.' '{print ($1*(2^24)+$2*(2^16)+$3*(2^8)+$4)}'` + mask_len=`echo "obase=2;${mask}"|bc|awk -F'0' '{print length($1)}'` + setup_om_bridge $OM_NIC $OM_GW $INSTALL_GW/$mask_len $OM_IP + fi + +} + diff --git a/compass/deploy/prepare.sh b/compass/deploy/prepare.sh index 2086c5d..9ec15f8 100644 --- a/compass/deploy/prepare.sh +++ b/compass/deploy/prepare.sh @@ -1,35 +1,35 @@ -sudo apt-get update -y -sudo apt-get install git python-pip python-dev -y -vagrant --version -if [[ $? != 0 ]]; then - vagrant_pkg_url=https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.deb - wget ${vagrant_pkg_url} - sudo dpkg -i $(basename ${vagrant_pkg_url}) -else - echo "vagrant is already installed" -fi -sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev -y -sudo service libvirt-bin restart +function prepare_env() { + export PYTHONPATH=/usr/lib/python2.7/dist-packages:/usr/local/lib/python2.7/dist-packages + sudo apt-get update -y + sudo apt-get install mkisofs bc + sudo apt-get install git python-pip python-dev -y + sudo apt-get install libxslt-dev libxml2-dev libvirt-dev build-essential qemu-utils qemu-kvm libvirt-bin virtinst libmysqld-dev -y + sudo pip install --upgrade pip + sudo pip install --upgrade ansible + sudo pip install --upgrade virtualenv + sudo service libvirt-bin restart + + # prepare work dir + sudo rm -rf $WORK_DIR + mkdir -p $WORK_DIR + mkdir -p $WORK_DIR/installer + mkdir -p $WORK_DIR/vm + mkdir -p $WORK_DIR/network + mkdir -p $WORK_DIR/iso + mkdir -p $WORK_DIR/venv -for plugin in vagrant-libvirt vagrant-mutate; do - vagrant plugin list |grep $plugin - if [[ $? != 0 ]]; then - vagrant plugin install $plugin --plugin-source https://ruby.taobao.org - else - echo "$plugin plugin is already installed" + if [[ ! -f centos.iso ]];then + wget -O $WORK_DIR/iso/centos.iso $ISO_URL fi -done -sudo pip install --upgrade ansible virtualenv -#precise_box_vb_url=https://cloud-images.ubuntu.com/vagrant/precise/current/precise-server-cloudimg-amd64-vagrant-disk1.box -#precise_box_vb_filename=$(basename ${precise_box_vb_url}) -centos65_box_vb_url=https://developer.nrel.gov/downloads/vagrant-boxes/CentOS-6.5-x86_64-v20140504.box -centos65_box_vb_filename=$(basename ${centos65_box_vb_url}) -#wget ${precise_box_vb_url} -vagrant box list |grep centos65 -if [[ $? != 0 ]]; then - wget ${centos65_box_vb_url} - mv ${centos65_box_vb_filename} centos65.box - vagrant mutate centos65.box libvirt -else - echo "centos65 box already exists" -fi + + # copy compass + mkdir -p $WORK_DIR/mnt + sudo mount -o loop $WORK_DIR/iso/centos.iso $WORK_DIR/mnt + cp -rf $WORK_DIR/mnt/compass/compass-core $WORK_DIR/installer/ + cp -rf $WORK_DIR/mnt/compass/compass-install $WORK_DIR/installer/ + sudo umount $WORK_DIR/mnt + rm -rf $WORK_DIR/mnt + + chmod 755 $WORK_DIR -R + virtualenv $WORK_DIR/venv +} diff --git a/compass/deploy/remote_excute.exp b/compass/deploy/remote_excute.exp new file mode 100644 index 0000000..9dd112b --- /dev/null +++ b/compass/deploy/remote_excute.exp @@ -0,0 +1,23 @@ +#!/usr/bin/expect + +set command [lindex $argv 0] +set passwd [lindex $argv 1] + +eval spawn "$command" +set timeout 60 + +expect { + -re ".*es.*o.*" + { + exp_send "yes\r" + exp_continue + } + + -re ".*sword:" { + exp_send "$passwd\r" + + } + +} + +interact diff --git a/compass/deploy/status_callback.py b/compass/deploy/status_callback.py new file mode 100644 index 0000000..8619132 --- /dev/null +++ b/compass/deploy/status_callback.py @@ -0,0 +1,174 @@ +# (C) 2012, Michael DeHaan, <michael.dehaan@gmail.com> + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +import httplib +import json +import sys +import logging + +def task_error(host, data): + logging.info("task_error: host=%s,data=%s" % (host, data)) + + if type(data) == dict: + invocation = data.pop('invocation', {}) + + notify_host("localhost", host, "failed") + +class CallbackModule(object): + """ + logs playbook results, per host, in /var/log/ansible/hosts + """ + + def on_any(self, *args, **kwargs): + pass + + def runner_on_failed(self, host, res, ignore_errors=False): + task_error(host, res) + + def runner_on_ok(self, host, res): + pass + + def runner_on_skipped(self, host, item=None): + pass + + def runner_on_unreachable(self, host, res): + pass + + def runner_on_no_hosts(self): + pass + + def runner_on_async_poll(self, host, res, jid, clock): + pass + + def runner_on_async_ok(self, host, res, jid): + pass + + def runner_on_async_failed(self, host, res, jid): + task_error(host, res) + + def playbook_on_start(self): + pass + + def playbook_on_notify(self, host, handler): + pass + + def playbook_on_no_hosts_matched(self): + pass + + def playbook_on_no_hosts_remaining(self): + pass + + def playbook_on_task_start(self, name, is_conditional): + pass + + def playbook_on_vars_prompt(self, varname, private=True, prompt=None, encrypt=None, confirm=False, salt_size=None, salt=None, default=None): + pass + + def playbook_on_setup(self): + pass + + def playbook_on_import_for_host(self, host, imported_file): + pass + + def playbook_on_not_import_for_host(self, host, missing_file): + pass + + def playbook_on_play_start(self, name): + pass + + def playbook_on_stats(self, stats): + logging.info("playbook_on_stats enter") + hosts = sorted(stats.processed.keys()) + host_vars = self.playbook.inventory.get_variables(hosts[0]) + cluster_name = host_vars['cluster_name'] + failures = False + unreachable = False + + for host in hosts: + summary = stats.summarize(host) + + if summary['failures'] > 0: + failures = True + if summary['unreachable'] > 0: + unreachable = True + + if failures or unreachable: + for host in hosts: + notify_host("localhost", host, "error") + return + + for host in hosts: + clusterhost_name = host + "." + cluster_name + notify_host("localhost", clusterhost_name, "succ") + + +def raise_for_status(resp): + if resp.status < 200 or resp.status > 300: + raise RuntimeError("%s, %s, %s" % (resp.status, resp.reason, resp.read())) + +def auth(conn): + credential = {} + credential['email'] = "admin@huawei.com" + credential['password'] = "admin" + url = "/api/users/token" + headers = {"Content-type": "application/json", + "Accept": "*/*"} + conn.request("POST", url, json.dumps(credential), headers) + resp = conn.getresponse() + + raise_for_status(resp) + return json.loads(resp.read())["token"] + +def notify_host(compass_host, host, status): + if status == "succ": + body = {"ready": True} + url = "/api/clusterhosts/%s/state_internal" % host + elif status == "error": + body = {"state": "ERROR"} + host = host.strip("host") + url = "/api/clusterhosts/%s/state" % host + else: + logging.error("notify_host: host %s with status %s is not supported" \ + % (host, status)) + return + + headers = {"Content-type": "application/json", + "Accept": "*/*"} + + conn = httplib.HTTPConnection(compass_host, 80) + token = auth(conn) + headers["X-Auth-Token"] = token + logging.info("host=%s,url=%s,body=%s,headers=%s" % (compass_host,url,json.dumps(body),headers)) + conn.request("POST", url, json.dumps(body), headers) + resp = conn.getresponse() + try: + raise_for_status(resp) + logging.info("notify host status success!!! status=%s, body=%s" % (resp.status, resp.read())) + except Exception as e: + logging.error("http request failed %s" % str(e)) + raise + finally: + conn.close() + +if __name__ == "__main__": + if len(sys.argv) != 3: + logging.error("params: host, status is need") + sys.exit(1) + + host = sys.argv[1] + status = sys.argv[2] + notify_host(host, status) diff --git a/compass/deploy/template/network/bridge.xml b/compass/deploy/template/network/bridge.xml new file mode 100644 index 0000000..6202cf1 --- /dev/null +++ b/compass/deploy/template/network/bridge.xml @@ -0,0 +1,5 @@ +<network ipv6='no'>
+ <name>REPLACE_NAME</name>
+ <forward mode='bridge'>
+ </forward>
+</network>
diff --git a/compass/deploy/template/network/nat.xml b/compass/deploy/template/network/nat.xml new file mode 100644 index 0000000..90ce888 --- /dev/null +++ b/compass/deploy/template/network/nat.xml @@ -0,0 +1,10 @@ +<network ipv6='yes'>
+ <name>REPLACE_NAME</name>
+ <forward mode='nat'/>
+ <bridge name='REPLACE_BRIDGE'/>
+ <ip address='REPLACE_GATEWAY' netmask='REPLACE_MASK'>
+ <!--dhcp>
+ <range start='REPLACE_START' end='REPLACE_END'/>
+ </dhcp-->
+ </ip>
+</network>
diff --git a/compass/deploy/template/vm/compass.xml b/compass/deploy/template/vm/compass.xml new file mode 100644 index 0000000..918a9f2 --- /dev/null +++ b/compass/deploy/template/vm/compass.xml @@ -0,0 +1,64 @@ +<domain type='kvm'> + <name>compass</name> + <memory unit='MiB'>REPLACE_MEM</memory> + <currentMemory unit='MiB'>REPLACE_MEM</currentMemory> + <vcpu placement='static'>REPLACE_CPU</vcpu> + <os> + <type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type> + <boot dev='hd'/> + <boot dev='cdrom'/> + </os> + <features> + <acpi/> + <apic/> + <pae/> + </features> + <cpu mode='host-model'> + <model fallback='allow'/> + <feature policy='optional' name='vmx'/> + <feature policy='optional' name='svm'/> + </cpu> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>destroy</on_crash> + <devices> + <emulator>/usr/bin/kvm-spice</emulator> + <disk type='file' device='disk'> + <driver name='qemu' type='qcow2'/> + <source file='REPLACE_IMAGE'/> + <target dev='vda' bus='ide'/> + </disk> + <disk type='file' device='cdrom'> + <driver name='qemu' type='raw'/> + <source file='REPLACE_ISO'/> + <target dev='hdc' bus='ide'/> + <readonly/> + </disk> + <controller type='pci' index='0' model='pci-root'/> + <interface type='network'> + <source network='REPLACE_NET_MGMT'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> + </interface> + <interface type='bridge'> + <source bridge='REPLACE_BRIDGE_INSTALL'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> + </interface> + <serial type='pty'> + <target port='0'/> + </serial> + <console type='pty'> + <target type='serial' port='0'/> + </console> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0' keymap='en-us'> + <listen type='address' address='0.0.0.0'/> + </graphics> + <video> + <model type='cirrus' vram='9216' heads='1'/> + </video> + </devices> +</domain> diff --git a/compass/deploy/template/vm/host.xml b/compass/deploy/template/vm/host.xml new file mode 100644 index 0000000..b399e6f --- /dev/null +++ b/compass/deploy/template/vm/host.xml @@ -0,0 +1,67 @@ +<domain type='kvm'> + <name>REPLACE_NAME</name> + <memory unit='MiB'>REPLACE_MEM</memory> + <currentMemory unit='MiB'>REPLACE_MEM</currentMemory> + <vcpu placement='static'>REPLACE_CPU</vcpu> + <os> + <type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type> + <boot dev='hd'/> + <boot dev='network'/> + <bios useserial='yes' rebootTimeout='0'/> + </os> + <features> + <acpi/> + <apic/> + <pae/> + </features> + <clock offset='utc'/> + <on_poweroff>destroy</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>restart</on_crash> + <devices> + <emulator>/usr/bin/kvm-spice</emulator> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='REPLACE_IMAGE'/> + <target dev='vda' bus='virtio'/> + </disk> + <interface type='bridge'> + <mac address=REPLACE_BOOT_MAC/> + <source bridge='REPLACE_BRIDGE_MGMT'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> + </interface> + <interface type='bridge'> + <source bridge='REPLACE_BRIDGE_TENANT'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/> + </interface> + <interface type='bridge'> + <source bridge='REPLACE_BRIDGE_PUBLIC'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> + </interface> + <interface type='bridge'> + <source bridge='REPLACE_BRIDGE_STORAGE'/> + <model type='virtio'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> + </interface> + <serial type='pty'> + <source path='/dev/pts/0'/> + </serial> + <console type='pty' tty='/dev/pts/0'> + <source path='/dev/pts/0'/> + <target type='serial' port='0'/> + </console> + <input type='mouse' bus='ps2'/> + <input type='keyboard' bus='ps2'/> + <graphics type='vnc' port='5901' autoport='yes' listen='0.0.0.0'> + <listen type='address' address='0.0.0.0'/> + </graphics> + <video> + <model type='cirrus' vram='9216' heads='1'/> + <alias name='video0'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> + </video> + </devices> +</domain> diff --git a/foreman/ci/Vagrantfile b/foreman/ci/Vagrantfile index 100e12d..5550976 100644 --- a/foreman/ci/Vagrantfile +++ b/foreman/ci/Vagrantfile @@ -12,7 +12,7 @@ Vagrant.configure(2) do |config| # Every Vagrant development environment requires a box. You can search for # boxes at https://atlas.hashicorp.com/search. - config.vm.box = "chef/centos-7.0" + config.vm.box = "opnfv/centos-7.0" # Disable automatic box update checking. If you disable this, then # boxes will only be checked for updates when the user runs @@ -41,6 +41,9 @@ Vagrant.configure(2) do |config| default_gw = "" nat_flag = false + # Disable dhcp flag + disable_dhcp_flag = false + # Share an additional folder to the guest VM. The first argument is # the path on the host to the actual folder. The second argument is # the path on the guest to mount the folder. And the optional third @@ -90,4 +93,8 @@ Vagrant.configure(2) do |config| config.vm.provision :shell, path: "nat_setup.sh" end config.vm.provision :shell, path: "bootstrap.sh" + if disable_dhcp_flag + config.vm.provision :shell, :inline => "systemctl stop dhcpd" + config.vm.provision :shell, :inline => "systemctl disable dhcpd" + end end diff --git a/foreman/ci/bootstrap.sh b/foreman/ci/bootstrap.sh index 4bc22ed..c98f00e 100755 --- a/foreman/ci/bootstrap.sh +++ b/foreman/ci/bootstrap.sh @@ -25,8 +25,7 @@ green=`tput setaf 2` yum install -y epel-release-7* # Install other required packages -# Major version is pinned to force some consistency for Arno -if ! yum -y install python-pip-1* python-virtualenv-1* gcc-4* git-1* sshpass-1* ansible-1* python-requests-1*; then +if ! yum -y install python-pip python-virtualenv gcc git sshpass ansible python-requests; then printf '%s\n' 'bootstrap.sh: failed to install required packages' >&2 exit 1 fi @@ -36,7 +35,7 @@ cd /opt echo "Cloning khaleesi to /opt" if [ ! -d khaleesi ]; then - if ! git clone -b v1.0 https://github.com/trozet/khaleesi.git; then + if ! git clone -b opnfv https://github.com/trozet/khaleesi.git; then printf '%s\n' 'bootstrap.sh: Unable to git clone khaleesi' >&2 exit 1 fi diff --git a/foreman/ci/clean.sh b/foreman/ci/clean.sh index f61ac93..345864b 100755 --- a/foreman/ci/clean.sh +++ b/foreman/ci/clean.sh @@ -3,22 +3,23 @@ #Clean script to uninstall provisioning server for Foreman/QuickStack #author: Tim Rozet (trozet@redhat.com) # -#Uses Vagrant and VirtualBox +#Removes Libvirt, KVM, Vagrant, VirtualBox # -#Destroys Vagrant VM running in /tmp/bgs_vagrant +#Destroys Vagrant VMs running in $vm_dir/ #Shuts down all nodes found in Khaleesi settings -#Removes hypervisor kernel modules (VirtualBox) +#Removes hypervisor kernel modules (VirtualBox & KVM/Libvirt) ##VARS reset=`tput sgr0` blue=`tput setaf 4` red=`tput setaf 1` green=`tput setaf 2` +vm_dir=/var/opt/opnfv ##END VARS ##FUNCTIONS display_usage() { - echo -e "\n\n${blue}This script is used to uninstall Foreman/QuickStack Installer and Clean OPNFV Target System${reset}\n\n" + echo -e "\n\n${blue}This script is used to uninstall and clean the OPNFV Target System${reset}\n\n" echo -e "\nUsage:\n$0 [arguments] \n" echo -e "\n -no_parse : No variable parsing into config. Flag. \n" echo -e "\n -base_config : Full path of ksgen settings file to parse. Required. Will provide BMC info to shutdown hosts. Example: -base_config /opt/myinventory.yml \n" @@ -31,7 +32,7 @@ if [[ ( $1 == "--help") || $1 == "-h" ]]; then exit 0 fi -echo -e "\n\n${blue}This script is used to uninstall Foreman/QuickStack Installer and Clean OPNFV Target System${reset}\n\n" +echo -e "\n\n${blue}This script is used to uninstall and clean the OPNFV Target System${reset}\n\n" echo "Use -h to display help" sleep 2 @@ -50,54 +51,55 @@ do esac done - -# Install ipmitool -# Major version is pinned to force some consistency for Arno -if ! yum list installed | grep -i ipmitool; then - if ! yum -y install ipmitool-1*; then - echo "${red}Unable to install ipmitool!${reset}" - exit 1 - fi -else - echo "${blue}Skipping ipmitool as it is already installed!${reset}" -fi - -###find all the bmc IPs and number of nodes -node_counter=0 -output=`grep bmc_ip $base_config | grep -Eo '[0-9]+.[0-9]+.[0-9]+.[0-9]+'` -for line in ${output} ; do - bmc_ip[$node_counter]=$line - ((node_counter++)) -done - -max_nodes=$((node_counter-1)) - -###find bmc_users per node -node_counter=0 -output=`grep bmc_user $base_config | sed 's/\s*bmc_user:\s*//'` -for line in ${output} ; do - bmc_user[$node_counter]=$line - ((node_counter++)) -done - -###find bmc_pass per node -node_counter=0 -output=`grep bmc_pass $base_config | sed 's/\s*bmc_pass:\s*//'` -for line in ${output} ; do - bmc_pass[$node_counter]=$line - ((node_counter++)) -done - -for mynode in `seq 0 $max_nodes`; do - echo "${blue}Node: ${bmc_ip[$mynode]} ${bmc_user[$mynode]} ${bmc_pass[$mynode]} ${reset}" - if ipmitool -I lanplus -P ${bmc_pass[$mynode]} -U ${bmc_user[$mynode]} -H ${bmc_ip[$mynode]} chassis power off; then - echo "${blue}Node: $mynode, ${bmc_ip[$mynode]} powered off!${reset}" +if [ ! -z "$base_config" ]; then + # Install ipmitool + # Major version is pinned to force some consistency for Arno + if ! yum list installed | grep -i ipmitool; then + if ! yum -y install ipmitool-1*; then + echo "${red}Unable to install ipmitool!${reset}" + exit 1 + fi else - echo "${red}Error: Unable to power off $mynode, ${bmc_ip[$mynode]} ${reset}" - exit 1 + echo "${blue}Skipping ipmitool as it is already installed!${reset}" fi -done + ###find all the bmc IPs and number of nodes + node_counter=0 + output=`grep bmc_ip $base_config | grep -Eo '[0-9]+.[0-9]+.[0-9]+.[0-9]+'` + for line in ${output} ; do + bmc_ip[$node_counter]=$line + ((node_counter++)) + done + + max_nodes=$((node_counter-1)) + + ###find bmc_users per node + node_counter=0 + output=`grep bmc_user $base_config | sed 's/\s*bmc_user:\s*//'` + for line in ${output} ; do + bmc_user[$node_counter]=$line + ((node_counter++)) + done + + ###find bmc_pass per node + node_counter=0 + output=`grep bmc_pass $base_config | sed 's/\s*bmc_pass:\s*//'` + for line in ${output} ; do + bmc_pass[$node_counter]=$line + ((node_counter++)) + done + for mynode in `seq 0 $max_nodes`; do + echo "${blue}Node: ${bmc_ip[$mynode]} ${bmc_user[$mynode]} ${bmc_pass[$mynode]} ${reset}" + if ipmitool -I lanplus -P ${bmc_pass[$mynode]} -U ${bmc_user[$mynode]} -H ${bmc_ip[$mynode]} chassis power off; then + echo "${blue}Node: $mynode, ${bmc_ip[$mynode]} powered off!${reset}" + else + echo "${red}Error: Unable to power off $mynode, ${bmc_ip[$mynode]} ${reset}" + exit 1 + fi + done +else + echo "${blue}Skipping Baremetal node poweroff as base_config was not provided${reset}" +fi ###check to see if vbox is installed vboxpkg=`rpm -qa | grep VirtualBox` if [ $? -eq 0 ]; then @@ -106,39 +108,120 @@ else skip_vagrant=1 fi +###legacy VM location check +###remove me later +if [ -d /tmp/bgs_vagrant ]; then + cd /tmp/bgs_vagrant + vagrant destroy -f + rm -rf /tmp/bgs_vagrant +fi + ###destroy vagrant if [ $skip_vagrant -eq 0 ]; then - cd /tmp/bgs_vagrant - if vagrant destroy -f; then - echo "${blue}Successfully destroyed Foreman VM ${reset}" + if [ -d $vm_dir ]; then + ##all vm directories + for vm in $( ls $vm_dir ); do + cd $vm_dir/$vm + if vagrant destroy -f; then + echo "${blue}Successfully destroyed $vm Vagrant VM ${reset}" + else + echo "${red}Unable to destroy $vm Vagrant VM! Attempting to killall vagrant if process is hung ${reset}" + killall vagrant + echo "${blue}Checking if vagrant was already destroyed and no process is active...${reset}" + if ps axf | grep vagrant | grep -v 'grep'; then + echo "${red}Vagrant process still exists after kill...exiting ${reset}" + exit 1 + else + echo "${blue}Vagrant process doesn't exist. Moving on... ${reset}" + fi + fi + + ##Vagrant boxes appear as VboxHeadless processes + ##try to gracefully destroy the VBox VM if it still exists + if vboxmanage list runningvms | grep $vm; then + echo "${red} $vm VBoxHeadless process still exists...Removing${reset}" + vbox_id=$(vboxmanage list runningvms | grep $vm | awk '{print $1}' | sed 's/"//g') + vboxmanage controlvm $vbox_id poweroff + if vboxmanage unregistervm --delete $vbox_id; then + echo "${blue}$vm VM is successfully deleted! ${reset}" + else + echo "${red} Unable to delete VM $vm ...Exiting ${reset}" + exit 1 + fi + else + echo "${blue}$vm VM is successfully deleted! ${reset}" + fi + done else - echo "${red}Unable to destroy Foreman VM ${reset}" - echo "${blue}Checking if vagrant was already destroyed and no process is active...${reset}" - if ps axf | grep vagrant; then - echo "${red}Vagrant VM still exists...exiting ${reset}" - exit 1 - else - echo "${blue}Vagrant process doesn't exist. Moving on... ${reset}" - fi + echo "${blue}${vm_dir} doesn't exist, no VMs in OPNFV directory to destroy! ${reset}" fi + echo "${blue}Checking for any remaining virtual box processes...${reset}" ###kill virtualbox - echo "${blue}Killing VirtualBox ${reset}" - killall virtualbox - killall VBoxHeadless + if ps axf | grep virtualbox | grep -v 'grep'; then + echo "${blue}virtualbox processes are still running. Killing any remaining VirtualBox processes...${reset}" + killall virtualbox + fi + + ###kill any leftover VMs (brute force) + if ps axf | grep VBoxHeadless | grep -v 'grep'; then + echo "${blue}VBoxHeadless processes are still running. Killing any remaining VBoxHeadless processes...${reset}" + killall VBoxHeadless + fi ###remove virtualbox - echo "${blue}Removing VirtualBox ${reset}" + echo "${blue}Removing VirtualBox... ${reset}" yum -y remove $vboxpkg else - echo "${blue}Skipping Vagrant destroy + Vbox Removal as VirtualBox package is already removed ${reset}" + echo "${blue}Skipping Vagrant destroy + VBox Removal as VirtualBox package is already removed ${reset}" fi +###remove working vm directory +echo "${blue}Removing working VM directory: $vm_dir ${reset}" +rm -rf $vm_dir + +###check to see if libvirt is installed +echo "${blue}Checking if libvirt/KVM is installed" +if rpm -qa | grep -iE 'libvirt|kvm'; then + echo "${blue}Libvirt/KVM is installed${reset}" + echo "${blue}Checking for any QEMU/KVM VMs...${reset}" + vm_count=0 + while read -r line; do ((vm_count++)); done < <(virsh list --all | sed 1,2d | head -n -1) + if [ $vm_count -gt 0 ]; then + echo "${blue}VMs Found: $vm_count${reset}" + vm_runnning=0 + while read -r line; do ((vm_running++)); done < <(virsh list --all | sed 1,2d | head -n -1| grep -i running) + echo "${blue}Powering off $vm_running VM(s)${reset}" + while read -r vm; do + if ! virsh destroy $vm; then + echo "${red}WARNING: Unable to power off VM ${vm}${reset}" + else + echo "${blue}VM $vm powered off!${reset}" + fi + done < <(virsh list --all | sed 1,2d | head -n -1| grep -i running | sed 's/^[ \t]*//' | awk '{print $2}') + echo "${blue}Destroying libvirt VMs...${reset}" + while read -r vm; do + if ! virsh undefine --remove-all-storage $vm; then + echo "${red}ERROR: Unable to remove the VM ${vm}${reset}" + exit 1 + else + echo "${blue}VM $vm removed!${reset}" + fi + done < <(virsh list --all | sed 1,2d | head -n -1| awk '{print $2}') + else + echo "${blue}No VMs found for removal" + fi + echo "${blue}Removing libvirt and kvm packages" + yum -y remove libvirt-* + yum -y remove *qemu* +else + echo "${blue}libvirt/KVM is not installed${reset}" +fi ###remove kernel modules echo "${blue}Removing kernel modules ${reset}" -for kernel_mod in vboxnetadp vboxnetflt vboxpci vboxdrv; do +for kernel_mod in vboxnetadp vboxnetflt vboxpci vboxdrv kvm_intel kvm; do if ! rmmod $kernel_mod; then if rmmod $kernel_mod 2>&1 | grep -i 'not currently loaded'; then echo "${blue} $kernel_mod is not currently loaded! ${reset}" diff --git a/foreman/ci/deploy.sh b/foreman/ci/deploy.sh index 86f03a7..6771da0 100755 --- a/foreman/ci/deploy.sh +++ b/foreman/ci/deploy.sh @@ -25,6 +25,12 @@ red=`tput setaf 1` green=`tput setaf 2` declare -A interface_arr +declare -A controllers_ip_arr +declare -A admin_ip_arr +declare -A public_ip_arr + +vm_dir=/var/opt/opnfv +script=`realpath $0` ##END VARS ##FUNCTIONS @@ -35,6 +41,36 @@ display_usage() { echo -e "\n -no_parse : No variable parsing into config. Flag. \n" echo -e "\n -base_config : Full path of settings file to parse. Optional. Will provide a new base settings file rather than the default. Example: -base_config /opt/myinventory.yml \n" echo -e "\n -virtual : Node virtualization instead of baremetal. Flag. \n" + echo -e "\n -enable_virtual_dhcp : Run dhcp server instead of using static IPs. Use this with -virtual only. \n" + echo -e "\n -static_ip_range : static IP range to define when using virtual and when dhcp is not being used (default), must at least a 20 IP block. Format: '192.168.1.1,192.168.1.20' \n" + echo -e "\n -ping_site : site to use to verify IP connectivity from the VM when -virtual is used. Format: -ping_site www.blah.com \n" + echo -e "\n -floating_ip_count : number of IP address from the public range to be used for floating IP. Default is 20.\n" + echo -e "\n -admin_nic : Baremetal NIC for the admin network. Required if other "nic" arguments are used. \ +Not applicable with -virtual. Example: -admin_nic em1" + echo -e "\n -private_nic : Baremetal NIC for the private network. Required if other "nic" arguments are used. \ +Not applicable with -virtual. Example: -private_nic em2" + echo -e "\n -public_nic : Baremetal NIC for the public network. Required if other "nic" arguments are used. \ +Can also be used with -virtual. Example: -public_nic em3" + echo -e "\n -storage_nic : Baremetal NIC for the storage network. Optional. Not applicable with -virtual. \ +Private NIC will be used for storage if not specified. Example: -storage_nic em4" +} + +##verify vm dir exists +##params: none +function verify_vm_dir { + if [ -d "$vm_dir" ]; then + echo -e "\n\n${red}ERROR: VM Directory: $vm_dir already exists. Environment not clean. Please use clean.sh. Exiting${reset}\n\n" + exit 1 + else + mkdir -p $vm_dir + fi + + chmod 700 $vm_dir + + if [ ! -d $vm_dir ]; then + echo -e "\n\n${red}ERROR: Unable to create VM Directory: $vm_dir Exiting${reset}\n\n" + exit -1 + fi } ##find ip of interface @@ -51,6 +87,41 @@ function find_subnet { printf "%d.%d.%d.%d\n" "$((i1 & m1))" "$((i2 & m2))" "$((i3 & m3))" "$((i4 & m4))" } +##verify subnet has at least n IPs +##params: subnet mask, n IPs +function verify_subnet_size { + IFS=. read -r i1 i2 i3 i4 <<< "$1" + num_ips_required=$2 + + ##this function assumes you would never need more than 254 + ##we check here to make sure + if [ "$num_ips_required" -ge 254 ]; then + echo -e "\n\n${red}ERROR: allocating more than 254 IPs is unsupported...Exiting${reset}\n\n" + return 1 + fi + + ##we just return if 3rd octet is not 255 + ##because we know the subnet is big enough + if [ "$i3" -ne 255 ]; then + return 0 + elif [ $((254-$i4)) -ge "$num_ips_required" ]; then + return 0 + else + echo -e "\n\n${red}ERROR: Subnet is too small${reset}\n\n" + return 1 + fi +} + +##finds last usable ip (broadcast minus 1) of a subnet from an IP and netmask +## Warning: This function only works for IPv4 at the moment. +##params: ip, netmask +function find_last_ip_subnet { + IFS=. read -r i1 i2 i3 i4 <<< "$1" + IFS=. read -r m1 m2 m3 m4 <<< "$2" + IFS=. read -r s1 s2 s3 s4 <<< "$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).$((i4 & m4))" + printf "%d.%d.%d.%d\n" "$((255 - $m1 + $s1))" "$((255 - $m2 + $s2))" "$((255 - $m3 + $s3))" "$((255 - $m4 + $s4 - 1))" +} + ##increments subnet by a value ##params: ip, value ##assumes low value @@ -87,6 +158,19 @@ function next_ip { echo $baseaddr.$lsv } +##subtracts a value from an IP address +##params: last ip, ip_count +##assumes ip_count is less than the last octect of the address +subtract_ip() { + IFS=. read -r i1 i2 i3 i4 <<< "$1" + ip_count=$2 + if [ $i4 -lt $ip_count ]; then + echo -e "\n\n${red}ERROR: Can't subtract $ip_count from IP address $1 Exiting${reset}\n\n" + exit 1 + fi + printf "%d.%d.%d.%d\n" "$i1" "$i2" "$i3" "$((i4 - $ip_count ))" +} + ##removes the network interface config from Vagrantfile ##params: interface ##assumes you are in the directory of Vagrantfile @@ -149,19 +233,21 @@ parse_yaml() { }' } -##END FUNCTIONS - -if [[ ( $1 == "--help") || $1 == "-h" ]]; then +##translates the command line paramaters into variables +##params: $@ the entire command line is passed +##usage: parse_cmd_line() "$@" +parse_cmdline() { + if [[ ( $1 == "--help") || $1 == "-h" ]]; then display_usage exit 0 -fi + fi -echo -e "\n\n${blue}This script is used to deploy Foreman/QuickStack Installer and Provision OPNFV Target System${reset}\n\n" -echo "Use -h to display help" -sleep 2 + echo -e "\n\n${blue}This script is used to deploy Foreman/QuickStack Installer and Provision OPNFV Target System${reset}\n\n" + echo "Use -h to display help" + sleep 2 -while [ "`echo $1 | cut -c1`" = "-" ] -do + while [ "`echo $1 | cut -c1`" = "-" ] + do echo $1 case "$1" in -base_config) @@ -176,35 +262,137 @@ do virtual="TRUE" shift 1 ;; + -enable_virtual_dhcp) + enable_virtual_dhcp="TRUE" + shift 1 + ;; + -static_ip_range) + static_ip_range=$2 + shift 2 + ;; + -ping_site) + ping_site=$2 + shift 2 + ;; + -floating_ip_count) + floating_ip_count=$2 + shift 2 + ;; + -admin_nic) + admin_nic=$2 + shift 2 + nic_arg_flag=1 + ;; + -private_nic) + private_nic=$2 + shift 2 + nic_arg_flag=1 + ;; + -public_nic) + public_nic=$2 + shift 2 + nic_arg_flag=1 + ;; + -storage_nic) + storage_nic=$2 + shift 2 + nic_arg_flag=1 + ;; *) display_usage exit 1 ;; -esac -done + esac + done + + if [ ! -z "$enable_virtual_dhcp" ] && [ ! -z "$static_ip_range" ]; then + echo -e "\n\n${red}ERROR: Incorrect Usage. Static IP range cannot be set when using DHCP!. Exiting${reset}\n\n" + exit 1 + fi + + if [ -z "$virtual" ]; then + if [ ! -z "$enable_virtual_dhcp" ]; then + echo -e "\n\n${red}ERROR: Incorrect Usage. enable_virtual_dhcp can only be set when using -virtual!. Exiting${reset}\n\n" + exit 1 + elif [ ! -z "$static_ip_range" ]; then + echo -e "\n\n${red}ERROR: Incorrect Usage. static_ip_range can only be set when using -virtual!. Exiting${reset}\n\n" + exit 1 + fi + fi + + if [ -z "$floating_ip_count" ]; then + floating_ip_count=20 + fi + + ##Validate nic args + if [[ $nic_arg_flag -eq 1 ]]; then + if [ -z "$virtual" ]; then + for nic_type in admin_nic private_nic public_nic; do + eval "nic_value=\$$nic_type" + if [ -z "$nic_value" ]; then + echo "${red}$nic_type is empty or not defined. Required when other nic args are given!${reset}" + exit 1 + fi + interface_ip=$(find_ip $nic_value) + if [ ! "$interface_ip" ]; then + echo "${red}$nic_value does not have an IP address! Exiting... ${reset}" + exit 1 + fi + done + else + ##if virtual only public_nic should be specified + for nic_type in admin_nic private_nic storage_nic; do + eval "nic_value=\$$nic_type" + if [ ! -z "$nic_value" ]; then + echo "${red}$nic_type is not a valid argument using -virtual. Please only specify public_nic!${reset}" + exit 1 + fi + done + + interface_ip=$(find_ip $public_nic) + if [ ! "$interface_ip" ]; then + echo "${red}Public NIC: $public_nic does not have an IP address! Exiting... ${reset}" + exit 1 + fi + fi + fi +} ##disable selinux -/sbin/setenforce 0 - -# Install EPEL repo for access to many other yum repos -# Major version is pinned to force some consistency for Arno -yum install -y epel-release-7* - -# Install other required packages -# Major versions are pinned to force some consistency for Arno -if ! yum install -y binutils-2* gcc-4* make-3* patch-2* libgomp-4* glibc-headers-2* glibc-devel-2* kernel-headers-3* kernel-devel-3* dkms-2* psmisc-22*; then - printf '%s\n' 'deploy.sh: Unable to install depdency packages' >&2 - exit 1 -fi - -##install VirtualBox repo -if cat /etc/*release | grep -i "Fedora release"; then - vboxurl=http://download.virtualbox.org/virtualbox/rpm/fedora/\$releasever/\$basearch -else - vboxurl=http://download.virtualbox.org/virtualbox/rpm/el/\$releasever/\$basearch -fi - -cat > /etc/yum.repos.d/virtualbox.repo << EOM +##params: none +##usage: disable_selinux() +disable_selinux() { + /sbin/setenforce 0 +} + +##Install the EPEL repository and additional packages +##params: none +##usage: install_EPEL() +install_EPEL() { + # Install EPEL repo for access to many other yum repos + # Major version is pinned to force some consistency for Arno + yum install -y epel-release-7* + + # Install other required packages + # Major versions are pinned to force some consistency for Arno + if ! yum install -y binutils-2* gcc-4* make-3* patch-2* libgomp-4* glibc-headers-2* glibc-devel-2* kernel-headers-3* kernel-devel-3* dkms-2* psmisc-22*; then + printf '%s\n' 'deploy.sh: Unable to install depdency packages' >&2 + exit 1 + fi +} + +##Download and install virtual box +##params: none +##usage: install_vbox() +install_vbox() { + ##install VirtualBox repo + if cat /etc/*release | grep -i "Fedora release"; then + vboxurl=http://download.virtualbox.org/virtualbox/rpm/fedora/\$releasever/\$basearch + else + vboxurl=http://download.virtualbox.org/virtualbox/rpm/el/\$releasever/\$basearch + fi + + cat > /etc/yum.repos.d/virtualbox.repo << EOM [virtualbox] name=Oracle Linux / RHEL / CentOS-\$releasever / \$basearch - VirtualBox baseurl=$vboxurl @@ -215,365 +403,321 @@ skip_if_unavailable = 1 keepcache = 0 EOM -##install VirtualBox -if ! yum list installed | grep -i virtualbox; then - if ! yum -y install VirtualBox-4.3; then - printf '%s\n' 'deploy.sh: Unable to install virtualbox package' >&2 - exit 1 + ##install VirtualBox + if ! yum list installed | grep -i virtualbox; then + if ! yum -y install VirtualBox-4.3; then + printf '%s\n' 'deploy.sh: Unable to install virtualbox package' >&2 + exit 1 + fi fi -fi -##install kmod-VirtualBox -if ! lsmod | grep vboxdrv; then - if ! sudo /etc/init.d/vboxdrv setup; then - printf '%s\n' 'deploy.sh: Unable to install kernel module for virtualbox' >&2 - exit 1 + ##install kmod-VirtualBox + if ! lsmod | grep vboxdrv; then + sudo /etc/init.d/vboxdrv setup + if ! lsmod | grep vboxdrv; then + printf '%s\n' 'deploy.sh: Unable to install kernel module for virtualbox' >&2 + exit 1 + fi + else + printf '%s\n' 'deploy.sh: Skipping kernel module for virtualbox. Already Installed' fi -else - printf '%s\n' 'deploy.sh: Skipping kernel module for virtualbox. Already Installed' -fi +} -##install Ansible -if ! yum list installed | grep -i ansible; then - if ! yum -y install ansible-1*; then - printf '%s\n' 'deploy.sh: Unable to install Ansible package' >&2 - exit 1 +##install Ansible using yum +##params: none +##usage: install_ansible() +install_ansible() { + if ! yum list installed | grep -i ansible; then + if ! yum -y install ansible-1*; then + printf '%s\n' 'deploy.sh: Unable to install Ansible package' >&2 + exit 1 + fi fi -fi +} -##install Vagrant -if ! rpm -qa | grep vagrant; then - if ! rpm -Uvh https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.rpm; then - printf '%s\n' 'deploy.sh: Unable to install vagrant package' >&2 - exit 1 +##install Vagrant RPM directly with the bintray.com site +##params: none +##usage: install_vagrant() +install_vagrant() { + if ! rpm -qa | grep vagrant; then + if ! rpm -Uvh https://dl.bintray.com/mitchellh/vagrant/vagrant_1.7.2_x86_64.rpm; then + printf '%s\n' 'deploy.sh: Unable to install vagrant package' >&2 + exit 1 + fi + else + printf '%s\n' 'deploy.sh: Skipping Vagrant install as it is already installed.' fi -else - printf '%s\n' 'deploy.sh: Skipping Vagrant install as it is already installed.' -fi -##add centos 7 box to vagrant -if ! vagrant box list | grep chef/centos-7.0; then - if ! vagrant box add chef/centos-7.0 --provider virtualbox; then - printf '%s\n' 'deploy.sh: Unable to download centos7 box for Vagrant' >&2 - exit 1 + ##add centos 7 box to vagrant + if ! vagrant box list | grep opnfv/centos-7.0; then + if ! vagrant box add opnfv/centos-7.0 --provider virtualbox; then + printf '%s\n' 'deploy.sh: Unable to download centos7 box for Vagrant' >&2 + exit 1 + fi + else + printf '%s\n' 'deploy.sh: Skipping Vagrant box add as centos-7.0 is already installed.' fi -else - printf '%s\n' 'deploy.sh: Skipping Vagrant box add as centos-7.0 is already installed.' -fi -##install workaround for centos7 -if ! vagrant plugin list | grep vagrant-centos7_fix; then - if ! vagrant plugin install vagrant-centos7_fix; then - printf '%s\n' 'deploy.sh: Warning: unable to install vagrant centos7 workaround' >&2 + ##install workaround for centos7 + if ! vagrant plugin list | grep vagrant-centos7_fix; then + if ! vagrant plugin install vagrant-centos7_fix; then + printf '%s\n' 'deploy.sh: Warning: unable to install vagrant centos7 workaround' >&2 + fi + else + printf '%s\n' 'deploy.sh: Skipping Vagrant plugin as centos7 workaround is already installed.' fi -else - printf '%s\n' 'deploy.sh: Skipping Vagrant plugin as centos7 workaround is already installed.' -fi +} -cd /tmp/ ##remove bgs vagrant incase it wasn't cleaned up -rm -rf /tmp/bgs_vagrant - -##clone bgs vagrant -##will change this to be opnfv repo when commit is done -if ! git clone -b v1.0 https://github.com/trozet/bgs_vagrant.git; then - printf '%s\n' 'deploy.sh: Unable to clone vagrant repo' >&2 - exit 1 -fi - -cd bgs_vagrant - -echo "${blue}Detecting network configuration...${reset}" -##detect host 1 or 3 interface configuration -#output=`ip link show | grep -E "^[0-9]" | grep -Ev ": lo|tun|virbr|vboxnet" | awk '{print $2}' | sed 's/://'` -output=`ifconfig | grep -E "^[a-zA-Z0-9]+:"| grep -Ev "lo|tun|virbr|vboxnet" | awk '{print $1}' | sed 's/://'` - -if [ ! "$output" ]; then - printf '%s\n' 'deploy.sh: Unable to detect interfaces to bridge to' >&2 - exit 1 -fi - -##find number of interfaces with ip and substitute in VagrantFile -if_counter=0 -for interface in ${output}; do - - if [ "$if_counter" -ge 4 ]; then - break - fi - interface_ip=$(find_ip $interface) - if [ ! "$interface_ip" ]; then - continue - fi - new_ip=$(next_usable_ip $interface_ip) - if [ ! "$new_ip" ]; then - continue - fi - interface_arr[$interface]=$if_counter - interface_ip_arr[$if_counter]=$new_ip - subnet_mask=$(find_netmask $interface) - if [ "$if_counter" -eq 1 ]; then - private_subnet_mask=$subnet_mask - private_short_subnet_mask=$(find_short_netmask $interface) - fi - if [ "$if_counter" -eq 2 ]; then - public_subnet_mask=$subnet_mask - public_short_subnet_mask=$(find_short_netmask $interface) - fi - if [ "$if_counter" -eq 3 ]; then - storage_subnet_mask=$subnet_mask - fi - sed -i 's/^.*eth_replace'"$if_counter"'.*$/ config.vm.network "public_network", ip: '\""$new_ip"\"', bridge: '\'"$interface"\'', netmask: '\""$subnet_mask"\"'/' Vagrantfile - ((if_counter++)) -done - -##now remove interface config in Vagrantfile for 1 node -##if 1, 3, or 4 interfaces set deployment type -##if 2 interfaces remove 2nd interface and set deployment type -if [ "$if_counter" == 1 ]; then - deployment_type="single_network" - remove_vagrant_network eth_replace1 - remove_vagrant_network eth_replace2 - remove_vagrant_network eth_replace3 -elif [ "$if_counter" == 2 ]; then - deployment_type="single_network" - second_interface=`echo $output | awk '{print $2}'` - remove_vagrant_network $second_interface - remove_vagrant_network eth_replace2 -elif [ "$if_counter" == 3 ]; then - deployment_type="three_network" - remove_vagrant_network eth_replace3 -else - deployment_type="multi_network" -fi - -echo "${blue}Network detected: ${deployment_type}! ${reset}" - -if route | grep default; then - echo "${blue}Default Gateway Detected ${reset}" - host_default_gw=$(ip route | grep default | awk '{print $3}') - echo "${blue}Default Gateway: $host_default_gw ${reset}" - default_gw_interface=$(ip route get $host_default_gw | awk '{print $3}') - case "${interface_arr[$default_gw_interface]}" in - 0) - echo "${blue}Default Gateway Detected on Admin Interface!${reset}" - sed -i 's/^.*default_gw =.*$/ default_gw = '\""$host_default_gw"\"'/' Vagrantfile - node_default_gw=$host_default_gw - ;; - 1) - echo "${red}Default Gateway Detected on Private Interface!${reset}" - echo "${red}Private subnet should be private and not have Internet access!${reset}" - exit 1 - ;; - 2) - echo "${blue}Default Gateway Detected on Public Interface!${reset}" - sed -i 's/^.*default_gw =.*$/ default_gw = '\""$host_default_gw"\"'/' Vagrantfile - echo "${blue}Will setup NAT from Admin -> Public Network on VM!${reset}" - sed -i 's/^.*nat_flag =.*$/ nat_flag = true/' Vagrantfile - echo "${blue}Setting node gateway to be VM Admin IP${reset}" - node_default_gw=${interface_ip_arr[0]} - public_gateway=$default_gw - ;; - 3) - echo "${red}Default Gateway Detected on Storage Interface!${reset}" - echo "${red}Storage subnet should be private and not have Internet access!${reset}" - exit 1 - ;; - *) - echo "${red}Unable to determine which interface default gateway is on..Exiting!${reset}" - exit 1 - ;; - esac -else - #assumes 24 bit mask - defaultgw=`echo ${interface_ip_arr[0]} | cut -d. -f1-3` - firstip=.1 - defaultgw=$defaultgw$firstip - echo "${blue}Unable to find default gateway. Assuming it is $defaultgw ${reset}" - sed -i 's/^.*default_gw =.*$/ default_gw = '\""$defaultgw"\"'/' Vagrantfile - node_default_gw=$defaultgw -fi - -if [ $base_config ]; then - if ! cp -f $base_config opnfv_ksgen_settings.yml; then - echo "{red}ERROR: Unable to copy $base_config to opnfv_ksgen_settings.yml${reset}" - exit 1 - fi -fi - -if [ $no_parse ]; then -echo "${blue}Skipping parsing variables into settings file as no_parse flag is set${reset}" - -else - -echo "${blue}Gathering network parameters for Target System...this may take a few minutes${reset}" -##Edit the ksgen settings appropriately -##ksgen settings will be stored in /vagrant on the vagrant machine -##if single node deployment all the variables will have the same ip -##interface names will be enp0s3, enp0s8, enp0s9 in chef/centos7 - -sed -i 's/^.*default_gw:.*$/default_gw:'" $node_default_gw"'/' opnfv_ksgen_settings.yml +##params: none +##usage: clean_tmp() +clean_tmp() { + rm -rf $vm_dir/foreman_vm +} -##replace private interface parameter -##private interface will be of hosts, so we need to know the provisioned host interface name -##we add biosdevname=0, net.ifnames=0 to the kickstart to use regular interface naming convention on hosts -##replace IP for parameters with next IP that will be given to controller -if [ "$deployment_type" == "single_network" ]; then - ##we also need to assign IP addresses to nodes - ##for single node, foreman is managing the single network, so we can't reserve them - ##not supporting single network anymore for now - echo "{blue}Single Network type is unsupported right now. Please check your interface configuration. Exiting. ${reset}" - exit 0 +##clone genesis and move to node vm dir +##params: destination directory +##usage: clone_bgs /tmp/myvm/ +clone_bgs() { + script_dir="`dirname "$script"`" + cp -fr $script_dir/ $1 + cp -fr $script_dir/../../common/puppet-opnfv $1 +} -elif [[ "$deployment_type" == "multi_network" || "$deployment_type" == "three_network" ]]; then +##validates the network settings and update VagrantFile with network settings +##params: none +##usage: configure_network() +configure_network() { + cd $vm_dir/foreman_vm + + ##if nic_arg_flag is set, then we don't figure out + ##NICs dynamically + if [[ $nic_arg_flag -eq 1 ]]; then + echo "${blue}Static Network Interfaces Defined. Updating Vagrantfile...${reset}" + if [ $virtual ]; then + nic_list="$public_nic" + elif [ -z "$storage_nic" ]; then + echo "${blue}storage_nic not defined, will combine storage into private VLAN ${reset}" + nic_list="$admin_nic $private_nic $public_nic" + else + nic_list="$admin_nic $private_nic $public_nic $storage_nic" + fi + nic_array=( $nic_list ) + output=$nic_list + else + echo "${blue}Detecting network configuration...${reset}" + ##detect host 1 or 3 interface configuration + #output=`ip link show | grep -E "^[0-9]" | grep -Ev ": lo|tun|virbr|vboxnet" | awk '{print $2}' | sed 's/://'` + output=`/bin/ls -l /sys/class/net | tail -n +2 | grep -v virtual | cut -d " " -f10` + fi - if [ "$deployment_type" == "three_network" ]; then - sed -i 's/^.*network_type:.*$/network_type: three_network/' opnfv_ksgen_settings.yml + if [ ! "$output" ]; then + printf '%s\n' 'deploy.sh: Unable to detect interfaces to bridge to' >&2 + exit 1 fi - sed -i 's/^.*deployment_type:.*$/ deployment_type: '"$deployment_type"'/' opnfv_ksgen_settings.yml + ##virtual we only find 1 interface + if [ $virtual ]; then + if [ ! -z "${nic_array[0]}" ]; then + echo "${blue}Public Interface specified: ${nic_array[0]}${reset}" + this_default_gw_interface=${nic_array[0]} + else + ##find interface with default gateway + this_default_gw=$(ip route | grep default | awk '{print $3}') + echo "${blue}Default Gateway: $this_default_gw ${reset}" + this_default_gw_interface=$(ip route get $this_default_gw | awk '{print $3}') + fi - ##get ip addresses for private network on controllers to make dhcp entries - ##required for controllers_ip_array global param - next_private_ip=${interface_ip_arr[1]} - type=_private - for node in controller1 controller2 controller3; do - next_private_ip=$(next_usable_ip $next_private_ip) - if [ ! "$next_private_ip" ]; then - printf '%s\n' 'deploy.sh: Unable to find next ip for private network for control nodes' >&2 - exit 1 + ##find interface IP, make sure its valid + interface_ip=$(find_ip $this_default_gw_interface) + if [ ! "$interface_ip" ]; then + echo "${red}Interface ${this_default_gw_interface} does not have an IP: $interface_ip ! Exiting ${reset}" + exit 1 fi - sed -i 's/'"$node$type"'/'"$next_private_ip"'/g' opnfv_ksgen_settings.yml - controller_ip_array=$controller_ip_array$next_private_ip, - done - ##replace global param for contollers_ip_array - controller_ip_array=${controller_ip_array%?} - sed -i 's/^.*controllers_ip_array:.*$/ controllers_ip_array: '"$controller_ip_array"'/' opnfv_ksgen_settings.yml + ##set variable info + if [ ! -z "$static_ip_range" ]; then + new_ip=$(echo $static_ip_range | cut -d , -f1) + else + new_ip=$(next_usable_ip $interface_ip) + if [ ! "$new_ip" ]; then + echo "${red} Cannot find next IP on interface ${this_default_gw_interface} new_ip: $new_ip ! Exiting ${reset}" + exit 1 + fi + fi + interface=$this_default_gw_interface + public_interface=$interface + interface_arr[$interface]=2 + interface_ip_arr[2]=$new_ip + subnet_mask=$(find_netmask $interface) + public_subnet_mask=$subnet_mask + public_short_subnet_mask=$(find_short_netmask $interface) - ##now replace all the VIP variables. admin//private can be the same IP - ##we have to use IP's here that won't be allocated to hosts at provisioning time - ##therefore we increment the ip by 10 to make sure we have a safe buffer - next_private_ip=$(increment_ip $next_private_ip 10) + if ! verify_subnet_size $public_subnet_mask 25; then + echo "${red} Not enough IPs in public subnet: $interface_ip_arr[2] ${public_subnet_mask}. Need at least 25 IPs. Please resize subnet! Exiting ${reset}" + exit 1 + fi - grep -E '*private_vip|loadbalancer_vip|db_vip|amqp_vip|*admin_vip' opnfv_ksgen_settings.yml | while read -r line ; do - sed -i 's/^.*'"$line"'.*$/ '"$line $next_private_ip"'/' opnfv_ksgen_settings.yml - next_private_ip=$(next_usable_ip $next_private_ip) - if [ ! "$next_private_ip" ]; then - printf '%s\n' 'deploy.sh: Unable to find next ip for private network for vip replacement' >&2 + ##set that interface to be public + sed -i 's/^.*eth_replace2.*$/ config.vm.network "public_network", ip: '\""$new_ip"\"', bridge: '\'"$interface"\'', netmask: '\""$subnet_mask"\"'/' Vagrantfile + if_counter=1 + else + ##find number of interfaces with ip and substitute in VagrantFile + if_counter=0 + for interface in ${output}; do + + if [ "$if_counter" -ge 4 ]; then + break + fi + interface_ip=$(find_ip $interface) + if [ ! "$interface_ip" ]; then + continue + fi + new_ip=$(next_usable_ip $interface_ip) + if [ ! "$new_ip" ]; then + continue + fi + interface_arr[$interface]=$if_counter + interface_ip_arr[$if_counter]=$new_ip + subnet_mask=$(find_netmask $interface) + if [ "$if_counter" -eq 0 ]; then + admin_subnet_mask=$subnet_mask + if ! verify_subnet_size $admin_subnet_mask 5; then + echo "${red} Not enough IPs in admin subnet: ${interface_ip_arr[$if_counter]} ${admin_subnet_mask}. Need at least 5 IPs. Please resize subnet! Exiting ${reset}" + exit 1 + fi + + elif [ "$if_counter" -eq 1 ]; then + private_subnet_mask=$subnet_mask + private_short_subnet_mask=$(find_short_netmask $interface) + + if ! verify_subnet_size $private_subnet_mask 15; then + echo "${red} Not enough IPs in private subnet: ${interface_ip_arr[$if_counter]} ${private_subnet_mask}. Need at least 15 IPs. Please resize subnet! Exiting ${reset}" + exit 1 + fi + elif [ "$if_counter" -eq 2 ]; then + public_subnet_mask=$subnet_mask + public_short_subnet_mask=$(find_short_netmask $interface) + + if ! verify_subnet_size $public_subnet_mask 25; then + echo "${red} Not enough IPs in public subnet: ${interface_ip_arr[$if_counter]} ${public_subnet_mask}. Need at least 25 IPs. Please resize subnet! Exiting ${reset}" + exit 1 + fi + elif [ "$if_counter" -eq 3 ]; then + storage_subnet_mask=$subnet_mask + + if ! verify_subnet_size $storage_subnet_mask 10; then + echo "${red} Not enough IPs in storage subnet: ${interface_ip_arr[$if_counter]} ${storage_subnet_mask}. Need at least 10 IPs. Please resize subnet! Exiting ${reset}" + exit 1 + fi + else + echo "${red}ERROR: interface counter outside valid range of 0 to 3: $if_counter ! ${reset}" + exit 1 + fi + sed -i 's/^.*eth_replace'"$if_counter"'.*$/ config.vm.network "public_network", ip: '\""$new_ip"\"', bridge: '\'"$interface"\'', netmask: '\""$subnet_mask"\"'/' Vagrantfile + ((if_counter++)) + done + fi + ##now remove interface config in Vagrantfile for 1 node + ##if 1, 3, or 4 interfaces set deployment type + ##if 2 interfaces remove 2nd interface and set deployment type + if [[ "$if_counter" == 1 || "$if_counter" == 2 ]]; then + if [ $virtual ]; then + deployment_type="single_network" + echo "${blue}Single network detected for Virtual deployment...converting to three_network with internal networks! ${reset}" + private_internal_ip=155.1.2.2 + admin_internal_ip=156.1.2.2 + private_subnet_mask=255.255.255.0 + private_short_subnet_mask=/24 + interface_ip_arr[1]=$private_internal_ip + interface_ip_arr[0]=$admin_internal_ip + admin_subnet_mask=255.255.255.0 + admin_short_subnet_mask=/24 + sed -i 's/^.*eth_replace1.*$/ config.vm.network "private_network", virtualbox__intnet: "my_private_network", ip: '\""$private_internal_ip"\"', netmask: '\""$private_subnet_mask"\"'/' Vagrantfile + sed -i 's/^.*eth_replace0.*$/ config.vm.network "private_network", virtualbox__intnet: "my_admin_network", ip: '\""$admin_internal_ip"\"', netmask: '\""$private_subnet_mask"\"'/' Vagrantfile + remove_vagrant_network eth_replace3 + deployment_type=three_network + else + echo "${blue}Single network or 2 network detected for baremetal deployment. This is unsupported! Exiting. ${reset}" exit 1 fi - done + elif [ "$if_counter" == 3 ]; then + deployment_type="three_network" + remove_vagrant_network eth_replace3 + else + deployment_type="multi_network" + fi - ##replace foreman site - next_public_ip=${interface_ip_arr[2]} - sed -i 's/^.*foreman_url:.*$/ foreman_url:'" https:\/\/$next_public_ip"'\/api\/v2\//' opnfv_ksgen_settings.yml - ##replace public vips - next_public_ip=$(increment_ip $next_public_ip 10) - grep -E '*public_vip' opnfv_ksgen_settings.yml | while read -r line ; do - sed -i 's/^.*'"$line"'.*$/ '"$line $next_public_ip"'/' opnfv_ksgen_settings.yml - next_public_ip=$(next_usable_ip $next_public_ip) - if [ ! "$next_public_ip" ]; then - printf '%s\n' 'deploy.sh: Unable to find next ip for public network for vip replcement' >&2 - exit 1 + echo "${blue}Network detected: ${deployment_type}! ${reset}" + + if [ $virtual ]; then + if [ -z "$enable_virtual_dhcp" ]; then + sed -i 's/^.*disable_dhcp_flag =.*$/ disable_dhcp_flag = true/' Vagrantfile + if [ $static_ip_range ]; then + ##verify static range is at least 20 IPs + static_ip_range_begin=$(echo $static_ip_range | cut -d , -f1) + static_ip_range_end=$(echo $static_ip_range | cut -d , -f2) + ##verify range is at least 20 ips + ##assumes less than 255 range pool + begin_octet=$(echo $static_ip_range_begin | cut -d . -f4) + end_octet=$(echo $static_ip_range_end | cut -d . -f4) + ip_count=$((end_octet-begin_octet+1)) + if [ "$ip_count" -lt 20 ]; then + echo "${red}Static range is less than 20 ips: ${ip_count}, exiting ${reset}" + exit 1 + else + echo "${blue}Static IP range is size $ip_count ${reset}" + fi + fi fi - done + fi - ##replace public_network param - public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) - sed -i 's/^.*public_network:.*$/ public_network:'" $public_subnet"'/' opnfv_ksgen_settings.yml - ##replace private_network param - private_subnet=$(find_subnet $next_private_ip $private_subnet_mask) - sed -i 's/^.*private_network:.*$/ private_network:'" $private_subnet"'/' opnfv_ksgen_settings.yml - ##replace storage_network - if [ "$deployment_type" == "three_network" ]; then - sed -i 's/^.*storage_network:.*$/ storage_network:'" $private_subnet"'/' opnfv_ksgen_settings.yml + if route | grep default; then + echo "${blue}Default Gateway Detected ${reset}" + host_default_gw=$(ip route | grep default | awk '{print $3}') + echo "${blue}Default Gateway: $host_default_gw ${reset}" + default_gw_interface=$(ip route get $host_default_gw | awk '{print $3}') + case "${interface_arr[$default_gw_interface]}" in + 0) + echo "${blue}Default Gateway Detected on Admin Interface!${reset}" + sed -i 's/^.*default_gw =.*$/ default_gw = '\""$host_default_gw"\"'/' Vagrantfile + node_default_gw=$host_default_gw + ;; + 1) + echo "${red}Default Gateway Detected on Private Interface!${reset}" + echo "${red}Private subnet should be private and not have Internet access!${reset}" + exit 1 + ;; + 2) + echo "${blue}Default Gateway Detected on Public Interface!${reset}" + sed -i 's/^.*default_gw =.*$/ default_gw = '\""$host_default_gw"\"'/' Vagrantfile + echo "${blue}Will setup NAT from Admin -> Public Network on VM!${reset}" + sed -i 's/^.*nat_flag =.*$/ nat_flag = true/' Vagrantfile + echo "${blue}Setting node gateway to be VM Admin IP${reset}" + node_default_gw=${interface_ip_arr[0]} + public_gateway=$default_gw + ;; + 3) + echo "${red}Default Gateway Detected on Storage Interface!${reset}" + echo "${red}Storage subnet should be private and not have Internet access!${reset}" + exit 1 + ;; + *) + echo "${red}Unable to determine which interface default gateway is on..Exiting!${reset}" + exit 1 + ;; + esac else - next_storage_ip=${interface_ip_arr[3]} - storage_subnet=$(find_subnet $next_storage_ip $storage_subnet_mask) - sed -i 's/^.*storage_network:.*$/ storage_network:'" $storage_subnet"'/' opnfv_ksgen_settings.yml - fi - - ##replace public_subnet param - public_subnet=$public_subnet'\'$public_short_subnet_mask - sed -i 's/^.*public_subnet:.*$/ public_subnet:'" $public_subnet"'/' opnfv_ksgen_settings.yml - ##replace private_subnet param - private_subnet=$private_subnet'\'$private_short_subnet_mask - sed -i 's/^.*private_subnet:.*$/ private_subnet:'" $private_subnet"'/' opnfv_ksgen_settings.yml - - ##replace public_dns param to be foreman server - sed -i 's/^.*public_dns:.*$/ public_dns: '${interface_ip_arr[2]}'/' opnfv_ksgen_settings.yml - - ##replace public_gateway - if [ -z "$public_gateway" ]; then - ##if unset then we assume its the first IP in the public subnet - public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) - public_gateway=$(increment_subnet $public_subnet 1) - fi - sed -i 's/^.*public_gateway:.*$/ public_gateway:'" $public_gateway"'/' opnfv_ksgen_settings.yml - - ##we have to define an allocation range of the public subnet to give - ##to neutron to use as floating IPs - ##we should control this subnet, so this range should work .150-200 - ##but generally this is a bad idea and we are assuming at least a /24 subnet here - public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) - public_allocation_start=$(increment_subnet $public_subnet 150) - public_allocation_end=$(increment_subnet $public_subnet 200) - - sed -i 's/^.*public_allocation_start:.*$/ public_allocation_start:'" $public_allocation_start"'/' opnfv_ksgen_settings.yml - sed -i 's/^.*public_allocation_end:.*$/ public_allocation_end:'" $public_allocation_end"'/' opnfv_ksgen_settings.yml - -else - printf '%s\n' 'deploy.sh: Unknown network type: $deployment_type' >&2 - exit 1 -fi - -echo "${blue}Parameters Complete. Settings have been set for Foreman. ${reset}" - -fi - -if [ $virtual ]; then - echo "${blue} Virtual flag detected, setting Khaleesi playbook to be opnfv-vm.yml ${reset}" - sed -i 's/opnfv.yml/opnfv-vm.yml/' bootstrap.sh -fi - -echo "${blue}Starting Vagrant! ${reset}" - -##stand up vagrant -if ! vagrant up; then - printf '%s\n' 'deploy.sh: Unable to start vagrant' >&2 - exit 1 -else - echo "${blue}Foreman VM is up! ${reset}" -fi - -if [ $virtual ]; then - -##Bring up VM nodes -echo "${blue}Setting VMs up... ${reset}" -nodes=`sed -nr '/nodes:/{:start /workaround/!{N;b start};//p}' opnfv_ksgen_settings.yml | sed -n '/^ [A-Za-z0-9]\+:$/p' | sed 's/\s*//g' | sed 's/://g'` -##due to ODL Helium bug of OVS connecting to ODL too early, we need controllers to install first -##this is fix kind of assumes more than I would like to, but for now it should be OK as we always have -##3 static controllers -compute_nodes=`echo $nodes | tr " " "\n" | grep -v controller | tr "\n" " "` -controller_nodes=`echo $nodes | tr " " "\n" | grep controller | tr "\n" " "` -nodes=${controller_nodes}${compute_nodes} - -for node in ${nodes}; do - cd /tmp - - ##remove VM nodes incase it wasn't cleaned up - rm -rf /tmp/$node - - ##clone bgs vagrant - ##will change this to be opnfv repo when commit is done - if ! git clone -b v1.0 https://github.com/trozet/bgs_vagrant.git $node; then - printf '%s\n' 'deploy.sh: Unable to clone vagrant repo' >&2 - exit 1 + #assumes 24 bit mask + defaultgw=`echo ${interface_ip_arr[0]} | cut -d. -f1-3` + firstip=.1 + defaultgw=$defaultgw$firstip + echo "${blue}Unable to find default gateway. Assuming it is $defaultgw ${reset}" + sed -i 's/^.*default_gw =.*$/ default_gw = '\""$defaultgw"\"'/' Vagrantfile + node_default_gw=$defaultgw fi - cd $node - if [ $base_config ]; then if ! cp -f $base_config opnfv_ksgen_settings.yml; then echo "{red}ERROR: Unable to copy $base_config to opnfv_ksgen_settings.yml${reset}" @@ -581,114 +725,503 @@ for node in ${nodes}; do fi fi - ##parse yaml into variables - eval $(parse_yaml opnfv_ksgen_settings.yml "config_") - ##find node type - node_type=config_nodes_${node}_type - node_type=$(eval echo \$$node_type) - - ##find number of interfaces with ip and substitute in VagrantFile - output=`ifconfig | grep -E "^[a-zA-Z0-9]+:"| grep -Ev "lo|tun|virbr|vboxnet" | awk '{print $1}' | sed 's/://'` - - if [ ! "$output" ]; then - printf '%s\n' 'deploy.sh: Unable to detect interfaces to bridge to' >&2 - exit 1 + nodes=`sed -nr '/nodes:/{:start /workaround/!{N;b start};//p}' opnfv_ksgen_settings.yml | sed -n '/^ [A-Za-z0-9]\+:$/p' | sed 's/\s*//g' | sed 's/://g'` + controller_nodes=`echo $nodes | tr " " "\n" | grep controller | tr "\n" " "` + echo "${blue}Controller nodes found in settings: ${controller_nodes}${reset}" + my_controller_array=( $controller_nodes ) + num_control_nodes=${#my_controller_array[@]} + if [ "$num_control_nodes" -ne 3 ]; then + if cat opnfv_ksgen_settings.yml | grep ha_flag | grep true; then + echo "${red}Error: You must define exactly 3 control nodes when HA flag is true!${reset}" + exit 1 + fi + else + echo "${blue}Number of Controller nodes detected: ${num_control_nodes}${reset}" fi + if [ $no_parse ]; then + echo "${blue}Skipping parsing variables into settings file as no_parse flag is set${reset}" - if_counter=0 - for interface in ${output}; do - - if [ "$if_counter" -ge 4 ]; then - break - fi - interface_ip=$(find_ip $interface) - if [ ! "$interface_ip" ]; then - continue - fi - case "${if_counter}" in - 0) - mac_string=config_nodes_${node}_mac_address - mac_addr=$(eval echo \$$mac_string) - mac_addr=$(echo $mac_addr | sed 's/:\|-//g') - if [ $mac_addr == "" ]; then - echo "${red} Unable to find mac_address for $node! ${reset}" - exit 1 - fi - ;; - 1) - if [ "$node_type" == "controller" ]; then - mac_string=config_nodes_${node}_private_mac - mac_addr=$(eval echo \$$mac_string) - if [ $mac_addr == "" ]; then - echo "${red} Unable to find private_mac for $node! ${reset}" - exit 1 - fi - else - ##generate random mac - mac_addr=$(echo -n 00-60-2F; dd bs=1 count=3 if=/dev/random 2>/dev/null |hexdump -v -e '/1 "-%02X"') - fi - mac_addr=$(echo $mac_addr | sed 's/:\|-//g') - ;; - *) - mac_addr=$(echo -n 00-60-2F; dd bs=1 count=3 if=/dev/random 2>/dev/null |hexdump -v -e '/1 "-%02X"') - mac_addr=$(echo $mac_addr | sed 's/:\|-//g') - ;; - esac - sed -i 's/^.*eth_replace'"$if_counter"'.*$/ config.vm.network "public_network", bridge: '\'"$interface"\'', :mac => '\""$mac_addr"\"'/' Vagrantfile - ((if_counter++)) - done - - ##now remove interface config in Vagrantfile for 1 node - ##if 1, 3, or 4 interfaces set deployment type - ##if 2 interfaces remove 2nd interface and set deployment type - if [ "$if_counter" == 1 ]; then - deployment_type="single_network" - remove_vagrant_network eth_replace1 - remove_vagrant_network eth_replace2 - remove_vagrant_network eth_replace3 - elif [ "$if_counter" == 2 ]; then - deployment_type="single_network" - second_interface=`echo $output | awk '{print $2}'` - remove_vagrant_network $second_interface - remove_vagrant_network eth_replace2 - elif [ "$if_counter" == 3 ]; then - deployment_type="three_network" - remove_vagrant_network eth_replace3 else - deployment_type="multi_network" - fi - ##modify provisioning to do puppet install, config, and foreman check-in - ##substitute host_name and dns_server in the provisioning script - host_string=config_nodes_${node}_hostname - host_name=$(eval echo \$$host_string) - sed -i 's/^host_name=REPLACE/host_name='$host_name'/' vm_nodes_provision.sh - ##dns server should be the foreman server - sed -i 's/^dns_server=REPLACE/dns_server='${interface_ip_arr[0]}'/' vm_nodes_provision.sh + echo "${blue}Gathering network parameters for Target System...this may take a few minutes${reset}" + ##Edit the ksgen settings appropriately + ##ksgen settings will be stored in /vagrant on the vagrant machine + ##if single node deployment all the variables will have the same ip + ##interface names will be enp0s3, enp0s8, enp0s9 in chef/centos7 + + sed -i 's/^.*default_gw:.*$/default_gw:'" $node_default_gw"'/' opnfv_ksgen_settings.yml + + ##replace private interface parameter + ##private interface will be of hosts, so we need to know the provisioned host interface name + ##we add biosdevname=0, net.ifnames=0 to the kickstart to use regular interface naming convention on hosts + ##replace IP for parameters with next IP that will be given to controller + if [ "$deployment_type" == "single_network" ]; then + ##we also need to assign IP addresses to nodes + ##for single node, foreman is managing the single network, so we can't reserve them + ##not supporting single network anymore for now + echo "{blue}Single Network type is unsupported right now. Please check your interface configuration. Exiting. ${reset}" + exit 0 + + elif [[ "$deployment_type" == "multi_network" || "$deployment_type" == "three_network" ]]; then + + if [ "$deployment_type" == "three_network" ]; then + sed -i 's/^.*network_type:.*$/network_type: three_network/' opnfv_ksgen_settings.yml + fi + + sed -i 's/^.*deployment_type:.*$/ deployment_type: '"$deployment_type"'/' opnfv_ksgen_settings.yml + + ##get ip addresses for private network on controllers to make dhcp entries + ##required for controllers_ip_array global param + next_private_ip=${interface_ip_arr[1]} + type=_private + control_count=0 + for node in controller1 controller2 controller3; do + next_private_ip=$(next_usable_ip $next_private_ip) + if [ ! "$next_private_ip" ]; then + printf '%s\n' 'deploy.sh: Unable to find next ip for private network for control nodes' >&2 + exit 1 + fi + sed -i 's/'"$node$type"'/'"$next_private_ip"'/g' opnfv_ksgen_settings.yml + controller_ip_array=$controller_ip_array$next_private_ip, + controllers_ip_arr[$control_count]=$next_private_ip + ((control_count++)) + done + + next_public_ip=${interface_ip_arr[2]} + foreman_ip=$next_public_ip + + ##if no dhcp, find all the Admin IPs for nodes in advance + if [ $virtual ]; then + if [ -z "$enable_virtual_dhcp" ]; then + sed -i 's/^.*no_dhcp:.*$/no_dhcp: true/' opnfv_ksgen_settings.yml + nodes=`sed -nr '/nodes:/{:start /workaround/!{N;b start};//p}' opnfv_ksgen_settings.yml | sed -n '/^ [A-Za-z0-9]\+:$/p' | sed 's/\s*//g' | sed 's/://g'` + compute_nodes=`echo $nodes | tr " " "\n" | grep -v controller | tr "\n" " "` + controller_nodes=`echo $nodes | tr " " "\n" | grep controller | tr "\n" " "` + nodes=${controller_nodes}${compute_nodes} + next_admin_ip=${interface_ip_arr[0]} + type=_admin + for node in ${nodes}; do + next_admin_ip=$(next_ip $next_admin_ip) + if [ ! "$next_admin_ip" ]; then + echo "${red} Unable to find an unused IP in admin_network for $node ! ${reset}" + exit 1 + else + admin_ip_arr[$node]=$next_admin_ip + sed -i 's/'"$node$type"'/'"$next_admin_ip"'/g' opnfv_ksgen_settings.yml + fi + done + + ##allocate node public IPs + for node in ${nodes}; do + next_public_ip=$(next_usable_ip $next_public_ip) + if [ ! "$next_public_ip" ]; then + echo "${red} Unable to find an unused IP in admin_network for $node ! ${reset}" + exit 1 + else + public_ip_arr[$node]=$next_public_ip + fi + done + fi + fi + ##replace global param for controllers_ip_array + controller_ip_array=${controller_ip_array%?} + sed -i 's/^.*controllers_ip_array:.*$/ controllers_ip_array: '"$controller_ip_array"'/' opnfv_ksgen_settings.yml + + ##now replace all the VIP variables. admin//private can be the same IP + ##we have to use IP's here that won't be allocated to hosts at provisioning time + ##therefore we increment the ip by 10 to make sure we have a safe buffer + next_private_ip=$(increment_ip $next_private_ip 10) + + private_output=$(grep -E '*private_vip|loadbalancer_vip|db_vip|amqp_vip|*admin_vip' opnfv_ksgen_settings.yml) + if [ ! -z "$private_output" ]; then + while read -r line; do + sed -i 's/^.*'"$line"'.*$/ '"$line $next_private_ip"'/' opnfv_ksgen_settings.yml + next_private_ip=$(next_usable_ip $next_private_ip) + if [ ! "$next_private_ip" ]; then + printf '%s\n' 'deploy.sh: Unable to find next ip for private network for vip replacement' >&2 + exit 1 + fi + done <<< "$private_output" + fi + + ##replace odl_control_ip (non-HA only) + odl_control_ip=${controllers_ip_arr[0]} + sed -i 's/^.*odl_control_ip:.*$/ odl_control_ip: '"$odl_control_ip"'/' opnfv_ksgen_settings.yml + + ##replace controller_ip (non-HA only) + sed -i 's/^.*controller_ip:.*$/ controller_ip: '"$odl_control_ip"'/' opnfv_ksgen_settings.yml + + ##replace foreman site + sed -i 's/^.*foreman_url:.*$/ foreman_url:'" https:\/\/$foreman_ip"'\/api\/v2\//' opnfv_ksgen_settings.yml + ##replace public vips + ##no need to do this if no dhcp + if [[ -z "$enable_virtual_dhcp" && ! -z "$virtual" ]]; then + next_public_ip=$(next_usable_ip $next_public_ip) + else + next_public_ip=$(increment_ip $next_public_ip 10) + fi + + public_output=$(grep -E '*public_vip' opnfv_ksgen_settings.yml) + if [ ! -z "$public_output" ]; then + while read -r line; do + if echo $line | grep horizon_public_vip; then + horizon_public_vip=$next_public_ip + fi + sed -i 's/^.*'"$line"'.*$/ '"$line $next_public_ip"'/' opnfv_ksgen_settings.yml + next_public_ip=$(next_usable_ip $next_public_ip) + if [ ! "$next_public_ip" ]; then + printf '%s\n' 'deploy.sh: Unable to find next ip for public network for vip replcement' >&2 + exit 1 + fi + done <<< "$public_output" + fi + + ##replace public_network param + public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) + sed -i 's/^.*public_network:.*$/ public_network:'" $public_subnet"'/' opnfv_ksgen_settings.yml + ##replace private_network param + private_subnet=$(find_subnet $next_private_ip $private_subnet_mask) + sed -i 's/^.*private_network:.*$/ private_network:'" $private_subnet"'/' opnfv_ksgen_settings.yml + ##replace storage_network + if [ "$deployment_type" == "three_network" ]; then + sed -i 's/^.*storage_network:.*$/ storage_network:'" $private_subnet"'/' opnfv_ksgen_settings.yml + else + next_storage_ip=${interface_ip_arr[3]} + storage_subnet=$(find_subnet $next_storage_ip $storage_subnet_mask) + sed -i 's/^.*storage_network:.*$/ storage_network:'" $storage_subnet"'/' opnfv_ksgen_settings.yml + fi + + ##replace public_subnet param + public_subnet=$public_subnet'\'$public_short_subnet_mask + sed -i 's/^.*public_subnet:.*$/ public_subnet:'" $public_subnet"'/' opnfv_ksgen_settings.yml + ##replace private_subnet param + private_subnet=$private_subnet'\'$private_short_subnet_mask + sed -i 's/^.*private_subnet:.*$/ private_subnet:'" $private_subnet"'/' opnfv_ksgen_settings.yml + + ##replace public_dns param to be foreman server + sed -i 's/^.*public_dns:.*$/ public_dns: '${interface_ip_arr[2]}'/' opnfv_ksgen_settings.yml + + ##replace public_gateway + if [ -z "$public_gateway" ]; then + ##if unset then we assume its the first IP in the public subnet + public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) + public_gateway=$(increment_subnet $public_subnet 1) + fi + sed -i 's/^.*public_gateway:.*$/ public_gateway:'" $public_gateway"'/' opnfv_ksgen_settings.yml + + ##we have to define an allocation range of the public subnet to give + ##to neutron to use as floating IPs + ##if static ip range, then we take the difference of the end range and current ip + ## to be the allocation pool + ##if not static ip, we will use the last 20 IP from the subnet + ## note that this is not a really good idea because the subnet must be at least a /27 for this to work... + public_subnet=$(find_subnet $next_public_ip $public_subnet_mask) + if [ ! -z "$static_ip_range" ]; then + begin_octet=$(echo $next_public_ip | cut -d . -f4) + end_octet=$(echo $static_ip_range_end | cut -d . -f4) + ip_diff=$((end_octet-begin_octet)) + if [ $ip_diff -le 0 ]; then + echo "${red}ip range left for floating range is less than or equal to 0! $ipdiff ${reset}" + exit 1 + else + public_allocation_start=$(next_ip $next_public_ip) + public_allocation_end=$static_ip_range_end + fi + else + last_ip_subnet=$(find_last_ip_subnet $next_public_ip $public_subnet_mask) + public_allocation_start=$(subtract_ip $last_ip_subnet $floating_ip_count ) + public_allocation_end=${last_ip_subnet} + fi + echo "${blue}Neutron Floating IP range: $public_allocation_start to $public_allocation_end ${reset}" + + sed -i 's/^.*public_allocation_start:.*$/ public_allocation_start:'" $public_allocation_start"'/' opnfv_ksgen_settings.yml + sed -i 's/^.*public_allocation_end:.*$/ public_allocation_end:'" $public_allocation_end"'/' opnfv_ksgen_settings.yml + + else + printf '%s\n' 'deploy.sh: Unknown network type: $deployment_type' >&2 + exit 1 + fi - ## remove bootstrap and NAT provisioning - sed -i '/nat_setup.sh/d' Vagrantfile - sed -i 's/bootstrap.sh/vm_nodes_provision.sh/' Vagrantfile + echo "${blue}Parameters Complete. Settings have been set for Foreman. ${reset}" - ## modify default_gw to be node_default_gw - sed -i 's/^.*default_gw =.*$/ default_gw = '\""$node_default_gw"\"'/' Vagrantfile + fi +} - ## modify VM memory to be 4gig - sed -i 's/^.*vb.memory =.*$/ vb.memory = 4096/' Vagrantfile +##Configure bootstrap.sh to use the virtual Khaleesi playbook +##params: none +##usage: configure_virtual() +configure_virtual() { + if [ $virtual ]; then + echo "${blue} Virtual flag detected, setting Khaleesi playbook to be opnfv-vm.yml ${reset}" + sed -i 's/opnfv.yml/opnfv-vm.yml/' bootstrap.sh + fi +} - echo "${blue}Starting Vagrant Node $node! ${reset}" +##Starts Foreman VM with Vagrant +##params: none +##usage: start_vagrant() +start_foreman() { + echo "${blue}Starting Vagrant! ${reset}" ##stand up vagrant if ! vagrant up; then - echo "${red} Unable to start $node ${reset}" + printf '%s\n' 'deploy.sh: Unable to complete Foreman VM install' >&2 exit 1 else - echo "${blue} $node VM is up! ${reset}" + echo "${blue}Foreman VM is up! ${reset}" fi +} -done +##start the VM if this is a virtual installation +##this function does nothing if baremetal servers are being used +##params: none +##usage: start_virtual_nodes() +start_virtual_nodes() { + if [ $virtual ]; then + + ##Bring up VM nodes + echo "${blue}Setting VMs up... ${reset}" + nodes=`sed -nr '/nodes:/{:start /workaround/!{N;b start};//p}' opnfv_ksgen_settings.yml | sed -n '/^ [A-Za-z0-9]\+:$/p' | sed 's/\s*//g' | sed 's/://g'` + ##due to ODL Helium bug of OVS connecting to ODL too early, we need controllers to install first + ##this is fix kind of assumes more than I would like to, but for now it should be OK as we always have + ##3 static controllers + compute_nodes=`echo $nodes | tr " " "\n" | grep -v controller | tr "\n" " "` + controller_nodes=`echo $nodes | tr " " "\n" | grep controller | tr "\n" " "` + nodes=${controller_nodes}${compute_nodes} + controller_count=0 + compute_wait_completed=false + + for node in ${nodes}; do + + ##remove VM nodes incase it wasn't cleaned up + rm -rf $vm_dir/$node + rm -rf /tmp/genesis/ + + ##clone genesis and move into node folder + clone_bgs $vm_dir/$node + + cd $vm_dir/$node + + if [ $base_config ]; then + if ! cp -f $base_config opnfv_ksgen_settings.yml; then + echo "${red}ERROR: Unable to copy $base_config to opnfv_ksgen_settings.yml${reset}" + exit 1 + fi + fi + + ##parse yaml into variables + eval $(parse_yaml opnfv_ksgen_settings.yml "config_") + ##find node type + node_type=config_nodes_${node}_type + node_type=$(eval echo \$$node_type) + + ##trozet test make compute nodes wait 20 minutes + if [ "$compute_wait_completed" = false ] && [ "$node_type" != "controller" ]; then + echo "${blue}Waiting 20 minutes for Control nodes to install before continuing with Compute nodes..." + compute_wait_completed=true + sleep 1400 + fi + + ## Add Admin interface + mac_string=config_nodes_${node}_mac_address + mac_addr=$(eval echo \$$mac_string) + mac_addr=$(echo $mac_addr | sed 's/:\|-//g') + if [ $mac_addr == "" ]; then + echo "${red} Unable to find mac_address for $node! ${reset}" + exit 1 + fi + this_admin_ip=${admin_ip_arr[$node]} + sed -i 's/^.*eth_replace0.*$/ config.vm.network "private_network", virtualbox__intnet: "my_admin_network", ip: '\""$this_admin_ip"\"', netmask: '\""$admin_subnet_mask"\"', :mac => '\""$mac_addr"\"'/' Vagrantfile + + ## Add private interface + if [ "$node_type" == "controller" ]; then + mac_string=config_nodes_${node}_private_mac + mac_addr=$(eval echo \$$mac_string) + if [ $mac_addr == "" ]; then + echo "${red} Unable to find private_mac for $node! ${reset}" + exit 1 + fi + else + ##generate random mac + mac_addr=$(echo -n 00-60-2F; dd bs=1 count=3 if=/dev/random 2>/dev/null |hexdump -v -e '/1 "-%02X"') + fi + mac_addr=$(echo $mac_addr | sed 's/:\|-//g') + if [ "$node_type" == "controller" ]; then + new_node_ip=${controllers_ip_arr[$controller_count]} + if [ ! "$new_node_ip" ]; then + echo "{red}ERROR: Empty node ip for controller $controller_count ${reset}" + exit 1 + fi + ((controller_count++)) + else + next_private_ip=$(next_ip $next_private_ip) + if [ ! "$next_private_ip" ]; then + echo "{red}ERROR: Could not find private ip for $node ${reset}" + exit 1 + fi + new_node_ip=$next_private_ip + fi + sed -i 's/^.*eth_replace1.*$/ config.vm.network "private_network", virtualbox__intnet: "my_private_network", :mac => '\""$mac_addr"\"', ip: '\""$new_node_ip"\"', netmask: '\""$private_subnet_mask"\"'/' Vagrantfile + ##replace host_ip in vm_nodes_provision with private ip + sed -i 's/^host_ip=REPLACE/host_ip='$new_node_ip'/' vm_nodes_provision.sh + ##replace ping site + if [ ! -z "$ping_site" ]; then + sed -i 's/www.google.com/'$ping_site'/' vm_nodes_provision.sh + fi + + ##find public ip info and add public interface + mac_addr=$(echo -n 00-60-2F; dd bs=1 count=3 if=/dev/random 2>/dev/null |hexdump -v -e '/1 "-%02X"') + mac_addr=$(echo $mac_addr | sed 's/:\|-//g') + this_public_ip=${public_ip_arr[$node]} + + if [ -z "$enable_virtual_dhcp" ]; then + sed -i 's/^.*eth_replace2.*$/ config.vm.network "public_network", bridge: '\'"$public_interface"\'', :mac => '\""$mac_addr"\"', ip: '\""$this_public_ip"\"', netmask: '\""$public_subnet_mask"\"'/' Vagrantfile + else + sed -i 's/^.*eth_replace2.*$/ config.vm.network "public_network", bridge: '\'"$public_interface"\'', :mac => '\""$mac_addr"\"'/' Vagrantfile + fi + remove_vagrant_network eth_replace3 + + ##modify provisioning to do puppet install, config, and foreman check-in + ##substitute host_name and dns_server in the provisioning script + host_string=config_nodes_${node}_hostname + host_name=$(eval echo \$$host_string) + sed -i 's/^host_name=REPLACE/host_name='$host_name'/' vm_nodes_provision.sh + ##dns server should be the foreman server + sed -i 's/^dns_server=REPLACE/dns_server='${interface_ip_arr[0]}'/' vm_nodes_provision.sh + ## remove bootstrap and NAT provisioning + sed -i '/nat_setup.sh/d' Vagrantfile + sed -i 's/bootstrap.sh/vm_nodes_provision.sh/' Vagrantfile + ## modify default_gw to be node_default_gw + sed -i 's/^.*default_gw =.*$/ default_gw = '\""$node_default_gw"\"'/' Vagrantfile + ## modify VM memory to be 4gig + ##if node type is controller + if [ "$node_type" == "controller" ]; then + sed -i 's/^.*vb.memory =.*$/ vb.memory = 4096/' Vagrantfile + fi + echo "${blue}Starting Vagrant Node $node! ${reset}" + ##stand up vagrant + if ! vagrant up; then + echo "${red} Unable to start $node ${reset}" + exit 1 + else + echo "${blue} $node VM is up! ${reset}" + fi + done + echo "${blue} All VMs are UP! ${reset}" + echo "${blue} Waiting for puppet to complete on the nodes... ${reset}" + ##check puppet is complete + ##ssh into foreman server, run check to verify puppet is complete + pushd $vm_dir/foreman_vm + if ! vagrant ssh -c "/opt/khaleesi/run.sh --no-logs --use /vagrant/opnfv_ksgen_settings.yml /opt/khaleesi/playbooks/validate_opnfv-vm.yml"; then + echo "${red} Failed to validate puppet completion on nodes ${reset}" + exit 1 + else + echo "{$blue} Puppet complete on all nodes! ${reset}" + fi + popd + ##add routes back to nodes + for node in ${nodes}; do + pushd $vm_dir/$node + if ! vagrant ssh -c "route | grep default | grep $this_default_gw"; then + echo "${blue} Adding public route back to $node! ${reset}" + vagrant ssh -c "route add default gw $this_default_gw" + vagrant ssh -c "route delete default gw 10.0.2.2" + fi + popd + done + if [ ! -z "$horizon_public_vip" ]; then + echo "${blue} Virtual deployment SUCCESS!! Foreman URL: http://${foreman_ip}, Horizon URL: http://${horizon_public_vip} ${reset}" + else + echo "${blue} Virtual deployment SUCCESS!! Foreman URL: http://${foreman_ip}, Horizon URL: http://${odl_control_ip} ${reset}" + fi + fi +} - echo "${blue} All VMs are UP! ${reset}" +##check to make sure nodes are powered off +##this function does nothing if virtual +##params: none +##usage: check_baremetal_nodes() +check_baremetal_nodes() { + if [ $virtual ]; then + echo "${blue}Skipping Baremetal node power status check as deployment is virtual ${reset}" + else + echo "${blue}Checking Baremetal nodes power state... ${reset}" + if [ ! -z "$base_config" ]; then + # Install ipmitool + # Major version is pinned to force some consistency for Arno + if ! yum list installed | grep -i ipmitool; then + echo "${blue}Installing ipmitool...${reset}" + if ! yum -y install ipmitool-1*; then + echo "${red}Failed to install ipmitool!${reset}" + exit 1 + fi + fi + + ###find all the bmc IPs and number of nodes + node_counter=0 + output=`grep bmc_ip $base_config | grep -Eo '[0-9]+.[0-9]+.[0-9]+.[0-9]+'` + for line in ${output} ; do + bmc_ip[$node_counter]=$line + ((node_counter++)) + done + + max_nodes=$((node_counter-1)) + + ###find bmc_users per node + node_counter=0 + output=`grep bmc_user $base_config | sed 's/\s*bmc_user:\s*//'` + for line in ${output} ; do + bmc_user[$node_counter]=$line + ((node_counter++)) + done + + ###find bmc_pass per node + node_counter=0 + output=`grep bmc_pass $base_config | sed 's/\s*bmc_pass:\s*//'` + for line in ${output} ; do + bmc_pass[$node_counter]=$line + ((node_counter++)) + done + + for mynode in `seq 0 $max_nodes`; do + echo "${blue}Node: ${bmc_ip[$mynode]} ${bmc_user[$mynode]} ${bmc_pass[$mynode]} ${reset}" + ipmi_output=`ipmitool -I lanplus -P ${bmc_pass[$mynode]} -U ${bmc_user[$mynode]} -H ${bmc_ip[$mynode]} chassis status \ + | grep "System Power" | cut -d ':' -f2 | tr -d [:blank:]` + if [ "$ipmi_output" == "on" ]; then + echo "${red}Error: Node is powered on: ${bmc_ip[$mynode]} ${reset}" + echo "${red}Please run clean.sh before running deploy! ${reset}" + exit 1 + elif [ "$ipmi_output" == "off" ]; then + echo "${blue}Node: ${bmc_ip[$mynode]} is powered off${reset}" + else + echo "${red}Warning: Unable to detect node power state: ${bmc_ip[$mynode]} ${reset}" + fi + done + else + echo "${red}base_config was not provided for a baremetal install! Exiting${reset}" + exit 1 + fi + fi +} + +##END FUNCTIONS + +main() { + parse_cmdline "$@" + disable_selinux + check_baremetal_nodes + install_EPEL + install_vbox + install_ansible + install_vagrant + clean_tmp + verify_vm_dir + clone_bgs $vm_dir/foreman_vm + configure_network + configure_virtual + start_foreman + start_virtual_nodes +} -fi +main "$@" diff --git a/foreman/ci/opnfv_ksgen_settings.yml b/foreman/ci/opnfv_ksgen_settings.yml index 21840dd..b41a41b 100644 --- a/foreman/ci/opnfv_ksgen_settings.yml +++ b/foreman/ci/opnfv_ksgen_settings.yml @@ -44,6 +44,7 @@ global_params: deployment_type: network_type: multi_network default_gw: +no_dhcp: false foreman: seed_values: - { name: heat_cfn, oldvalue: true, newvalue: false } @@ -110,6 +111,7 @@ nodes: bmc_mac: "10:23:45:67:88:AB" bmc_user: root bmc_pass: root + admin_ip: compute_admin ansible_ssh_pass: "Op3nStack" admin_password: "" groups: @@ -130,6 +132,7 @@ nodes: bmc_mac: "10:23:45:67:88:AC" bmc_user: root bmc_pass: root + admin_ip: controller1_admin private_ip: controller1_private private_mac: "10:23:45:67:87:AC" ansible_ssh_pass: "Op3nStack" @@ -152,6 +155,7 @@ nodes: bmc_mac: "10:23:45:67:88:AD" bmc_user: root bmc_pass: root + admin_ip: controller2_admin private_ip: controller2_private private_mac: "10:23:45:67:87:AD" ansible_ssh_pass: "Op3nStack" @@ -174,6 +178,7 @@ nodes: bmc_mac: "10:23:45:67:88:AE" bmc_user: root bmc_pass: root + admin_ip: controller3_admin private_ip: controller3_private private_mac: "10:23:45:67:87:AE" ansible_ssh_pass: "Op3nStack" diff --git a/foreman/ci/opnfv_ksgen_settings_no_HA.yml b/foreman/ci/opnfv_ksgen_settings_no_HA.yml new file mode 100644 index 0000000..79db257 --- /dev/null +++ b/foreman/ci/opnfv_ksgen_settings_no_HA.yml @@ -0,0 +1,264 @@ +global_params: + admin_email: opnfv@opnfv.com + ha_flag: "false" + odl_flag: "true" + odl_control_ip: + private_network: + storage_network: + public_network: + private_subnet: + deployment_type: + controller_ip: +network_type: multi_network +default_gw: +no_dhcp: false +foreman: + seed_values: + - { name: heat_cfn, oldvalue: true, newvalue: false } +workaround_puppet_version_lock: false +opm_branch: master +installer: + name: puppet + short_name: pupt + network: + auto_assign_floating_ip: false + variant: + short_name: m2vx + plugin: + name: neutron +workaround_openstack_packstack_rpm: false +tempest: + repo: + Fedora: + '19': http://REPLACE_ME/~REPLACE_ME/openstack-tempest-icehouse/fedora-19/ + '20': http://REPLACE_ME/~REPLACE_ME/openstack-tempest-icehouse/fedora-20/ + RedHat: + '7.0': https://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7/ + use_virtual_env: false + public_allocation_end: 10.2.84.71 + skip: + files: null + tests: null + public_allocation_start: 10.2.84.51 + physnet: physnet1 + use_custom_repo: false + public_subnet_cidr: 10.2.84.0/24 + public_subnet_gateway: 10.2.84.1 + additional_default_settings: + - section: compute + option: flavor_ref + value: 1 + cirros_image_file: cirros-0.3.1-x86_64-disk.img + setup_method: tempest/rpm + test_name: all + rdo: + version: juno + rpm: http://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm + rpm: + version: 20141201 + dir: ~{{ nodes.tempest.remote_user }}/tempest-dir +tmp: + node_prefix: '{{ node.prefix | reject("none") | join("-") }}-' + anchors: + - https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm + - http://repos.fedorapeople.org/repos/openstack/openstack-juno/ +opm_repo: https://github.com/redhat-openstack/openstack-puppet-modules.git +workaround_vif_plugging: false +openstack_packstack_rpm: http://REPLACE_ME/brewroot/packages/openstack-puppet-modules/2013.2/9.el6ost/noarch/openstack-puppet-modules-2013.2-9.el6ost.noarch.rpm +nodes: + compute: + name: oscompute11.opnfv.com + hostname: oscompute11.opnfv.com + short_name: oscompute11 + type: compute + host_type: baremetal + hostgroup: Compute + mac_address: "10:23:45:67:89:AB" + bmc_ip: 10.4.17.2 + bmc_mac: "10:23:45:67:88:AB" + bmc_user: root + bmc_pass: root + admin_ip: compute_admin + ansible_ssh_pass: "Op3nStack" + admin_password: "" + groups: + - compute + - foreman_nodes + - puppet + - rdo + - neutron + controller1: + name: oscontroller1.opnfv.com + hostname: oscontroller1.opnfv.com + short_name: oscontroller1 + type: controller + host_type: baremetal + hostgroup: Controller_Network_ODL + mac_address: "10:23:45:67:89:AC" + bmc_ip: 10.4.17.3 + bmc_mac: "10:23:45:67:88:AC" + bmc_user: root + bmc_pass: root + private_ip: controller1_private + admin_ip: controller1_admin + private_mac: "10:23:45:67:87:AC" + ansible_ssh_pass: "Op3nStack" + admin_password: "octopus" + groups: + - controller + - foreman_nodes + - puppet + - rdo + - neutron +workaround_mysql_centos7: true +distro: + name: centos + centos: + '7.0': + repos: [] + short_name: c + short_version: 70 + version: '7.0' + rhel: + '7.0': + kickstart_url: http://REPLACE_ME/released/RHEL-7/7.0/Server/x86_64/os/ + repos: + - section: rhel7-server-rpms + name: Packages for RHEL 7 - $basearch + baseurl: http://REPLACE_ME/rel-eng/repos/rhel-7.0/x86_64/ + gpgcheck: 0 + - section: rhel-7-server-update-rpms + name: Update Packages for Enterprise Linux 7 - $basearch + baseurl: http://REPLACE_ME/rel-eng/repos/rhel-7.0-z/x86_64/ + gpgcheck: 0 + - section: rhel-7-server-optional-rpms + name: Optional Packages for Enterprise Linux 7 - $basearch + baseurl: http://REPLACE_ME/released/RHEL-7/7.0/Server-optional/x86_64/os/ + gpgcheck: 0 + - section: rhel-7-server-extras-rpms + name: Optional Packages for Enterprise Linux 7 - $basearch + baseurl: http://REPLACE_ME/rel-eng/EXTRAS-7.0-RHEL-7-20140610.0/compose/Server/x86_64/os/ + gpgcheck: 0 + '6.5': + kickstart_url: http://REPLACE_ME/released/RHEL-6/6.5/Server/x86_64/os/ + repos: + - section: rhel6.5-server-rpms + name: Packages for RHEL 6.5 - $basearch + baseurl: http://REPLACE_ME.REPLACE_ME/released/RHEL-6/6.5/Server/$basearch/os/Server + gpgcheck: 0 + - section: rhel-6.5-server-update-rpms + name: Update Packages for Enterprise Linux 6.5 - $basearch + baseurl: http://REPLACE_ME.REPLACE_ME/rel-eng/repos/RHEL-6.5-Z/$basearch/ + gpgcheck: 0 + - section: rhel-6.5-server-optional-rpms + name: Optional Packages for Enterprise Linux 6.5 - $basearch + baseurl: http://REPLACE_ME.REPLACE_ME/released/RHEL-6/6.5/Server/optional/$basearch/os + gpgcheck: 0 + - section: rhel6.5-server-rpms-32bit + name: Packages for RHEL 6.5 - i386 + baseurl: http://REPLACE_ME.REPLACE_ME/released/RHEL-6/6.5/Server/i386/os/Server + gpgcheck: 0 + enabled: 1 + - section: rhel-6.5-server-update-rpms-32bit + name: Update Packages for Enterprise Linux 6.5 - i686 + baseurl: http://REPLACE_ME.REPLACE_ME/rel-eng/repos/RHEL-6.5-Z/i686/ + gpgcheck: 0 + enabled: 1 + - section: rhel-6.5-server-optional-rpms-32bit + name: Optional Packages for Enterprise Linux 6.5 - i386 + baseurl: http://REPLACE_ME.REPLACE_ME/released/RHEL-6/6.5/Server/optional/i386/os + gpgcheck: 0 + enabled: 1 + subscription: + username: REPLACE_ME + password: HWj8TE28Qi0eP2c + pool: 8a85f9823e3d5e43013e3ddd4e2a0977 + config: + selinux: permissive + ntp_server: 0.pool.ntp.org + dns_servers: + - 10.4.1.1 + - 10.4.0.2 + reboot_delay: 1 + initial_boot_timeout: 180 +node: + prefix: + - rdo + - pupt + - ffqiotcxz1 + - null +product: + repo_type: production + name: rdo + short_name: rdo + rpm: + CentOS: https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm + Fedora: https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm + RedHat: https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm + short_version: ju + repo: + production: + CentOS: + 7.0.1406: http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7 + '6.5': http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-6 + '7.0': http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7 + Fedora: + '20': http://repos.fedorapeople.org/repos/openstack/openstack-juno/fedora-20 + '21': http://repos.fedorapeople.org/repos/openstack/openstack-juno/fedora-21 + RedHat: + '6.6': http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-6 + '6.5': http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-6 + '7.0': http://repos.fedorapeople.org/repos/openstack/openstack-juno/epel-7 + version: juno + config: + enable_epel: y + short_repo: prod +tester: + name: tempest +distro_reboot_options: '--no-wall '' Reboot is triggered by Ansible'' ' +job: + verbosity: 1 + archive: + - '{{ tempest.dir }}/etc/tempest.conf' + - '{{ tempest.dir }}/etc/tempest.conf.sample' + - '{{ tempest.dir }}/*.log' + - '{{ tempest.dir }}/*.xml' + - /root/ + - /var/log/ + - /etc/nova + - /etc/ceilometer + - /etc/cinder + - /etc/glance + - /etc/keystone + - /etc/neutron + - /etc/ntp + - /etc/puppet + - /etc/qpid + - /etc/qpidd.conf + - /root + - /etc/yum.repos.d + - /etc/yum.repos.d +topology: + name: multinode + short_name: mt +workaround_neutron_ovs_udev_loop: true +workaround_glance_table_utf8: false +verbosity: + debug: 0 + info: 1 + warning: 2 + warn: 2 + errors: 3 +provisioner: + username: admin + network: + type: nova + name: external + skip: skip_provision + foreman_url: https://10.2.84.2/api/v2/ + password: octopus + type: foreman +workaround_nova_compute_fix: false +workarounds: + enabled: true + diff --git a/foreman/ci/reload_playbook.yml b/foreman/ci/reload_playbook.yml index 9e3d053..9b3a4d4 100644 --- a/foreman/ci/reload_playbook.yml +++ b/foreman/ci/reload_playbook.yml @@ -14,3 +14,4 @@ delay=60 timeout=180 sudo: false + - pause: minutes=1 diff --git a/foreman/ci/vm_nodes_provision.sh b/foreman/ci/vm_nodes_provision.sh index d0bba64..e64c0ad 100755 --- a/foreman/ci/vm_nodes_provision.sh +++ b/foreman/ci/vm_nodes_provision.sh @@ -18,6 +18,7 @@ green=`tput setaf 2` host_name=REPLACE dns_server=REPLACE +host_ip=REPLACE ##END VARS ##set hostname @@ -31,27 +32,52 @@ if ! grep 'PEERDNS=no' /etc/sysconfig/network-scripts/ifcfg-enp0s3; then systemctl restart NetworkManager fi -if ! ping www.google.com -c 5; then +##modify /etc/resolv.conf to point to foreman +echo "${blue} Configuring resolv.conf with DNS: $dns_server ${reset}" +cat > /etc/resolv.conf << EOF +search ci.com opnfv.com +nameserver $dns_server +nameserver 8.8.8.8 + +EOF + +##modify /etc/hosts to add own IP for rabbitmq workaround +host_short_name=`echo $host_name | cut -d . -f 1` +echo "${blue} Configuring hosts with: $host_name $host_ip ${reset}" +cat > /etc/hosts << EOF +$host_ip $host_short_name $host_name +127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 +::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 +EOF + +if ! ping www.google.com -c 5; then echo "${red} No internet connection, check your route and DNS setup ${reset}" exit 1 fi -# Install EPEL repo for access to many other yum repos -# Major version is pinned to force some consistency for Arno -yum install -y epel-release-7* +##install EPEL +if ! yum repolist | grep "epel/"; then + if ! rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm; then + printf '%s\n' 'vm_provision_nodes.sh: Unable to configure EPEL repo' >&2 + exit 1 + fi +else + printf '%s\n' 'vm_nodes_provision.sh: Skipping EPEL repo as it is already configured.' +fi -# Update device-mapper-libs, needed for libvirtd on compute nodes -# Major version is pinned to force some consistency for Arno -if ! yum -y upgrade device-mapper-libs-1*; then +##install device-mapper-libs +##needed for libvirtd on compute nodes +if ! yum -y upgrade device-mapper-libs; then echo "${red} WARN: Unable to upgrade device-mapper-libs...nova-compute may not function ${reset}" fi -# Install other required packages -# Major version is pinned to force some consistency for Arno echo "${blue} Installing Puppet ${reset}" -if ! yum install -y puppet-3*; then - printf '%s\n' 'vm_nodes_provision.sh: failed to install required packages' >&2 - exit 1 +##install puppet +if ! yum list installed | grep -i puppet; then + if ! yum -y install puppet; then + printf '%s\n' 'vm_nodes_provision.sh: Unable to install puppet package' >&2 + exit 1 + fi fi echo "${blue} Configuring puppet ${reset}" diff --git a/foreman/docs/src/installation-instructions.rst b/foreman/docs/src/installation-instructions.rst index 2ac872d..20ea983 100644 --- a/foreman/docs/src/installation-instructions.rst +++ b/foreman/docs/src/installation-instructions.rst @@ -213,8 +213,6 @@ Follow the steps below to execute: 4. Your nodes will take 40-60 minutes to re-install CentOS 7 and install/configure OPNFV. When complete you will see "Finished: SUCCESS" -.. _setup_verify: - Verifying the Setup ------------------- @@ -236,9 +234,7 @@ Now that the installer has finished it is a good idea to check and make sure thi 7. Now go to your web browser and insert the Horizon public VIP. The login will be "admin"/"octopus". -8. You are now able to follow the `OpenStack Verification <openstack_verify_>`_ section. - -.. _openstack_verify: +8. You are now able to follow the `OpenStack Verification`_ section. OpenStack Verification ---------------------- @@ -316,14 +312,14 @@ Follow the steps below to execute: Verifying the Setup - VMs ------------------------- -Follow the instructions in the `Verifying the Setup <setup_verify_>`_ section. +Follow the instructions in the `Verifying the Setup`_ section. Also, for VM deployment you are able to easily access your nodes by going to ``/tmp/<node name>`` and then ``vagrant ssh`` (password is "vagrant"). You can use this to go to a controller and check OpenStack services, OpenDaylight, etc. OpenStack Verification - VMs ---------------------------- -Follow the steps in `OpenStack Verification <openstack_verify_>`_ section. +Follow the steps in `OpenStack Verification`_ section. Frequently Asked Questions ========================== @@ -353,7 +349,11 @@ OpenStack OpenDaylight ------------ -`OpenDaylight artifacts <http://www.opendaylight.org/software/downloads>`_ +Upstream OpenDaylight provides `a number of packaging and deployment options <https://wiki.opendaylight.org/view/Deployment>`_ meant for consumption by downstream projects like OPNFV. + +Currently, OPNFV Foreman uses `OpenDaylight's Puppet module <https://github.com/dfarrell07/puppet-opendaylight>`_, which in turn depends on `OpenDaylight's RPM <https://copr.fedoraproject.org/coprs/dfarrell07/OpenDaylight/>`_. + +Note that the RPM is currently hosted on Copr, but `will soon <https://trello.com/c/qseotfgL/171-host-odl-rpm-on-odl-infra>`_ be migrated to OpenDaylight's infrastructure and/or the new CentOS NFV SIG. Foreman ------- diff --git a/fuel/build/Makefile b/fuel/build/Makefile index d3afe83..4acf5e2 100644 --- a/fuel/build/Makefile +++ b/fuel/build/Makefile @@ -42,8 +42,6 @@ SUBDIRS += f_osnaily SUBDIRS += f_l23network SUBDIRS += f_resolvconf SUBDIRS += f_ntp -SUBDIRS += f_odl_docker -#SUBDIRS += f_odl # f_example is only an example of how to generate a .deb package and # should not be enabled in official builds. @@ -63,7 +61,6 @@ all: @echo "Versions of cached build results built by" $(shell hostname) "at" $(shell date -u) > $(VERSION_FILE) @echo "cache.mk" $(shell md5sum $(BUILD_BASE)/cache.mk | cut -f1 -d " ") >> $(VERSION_FILE) @echo "config.mk" $(shell md5sum $(BUILD_BASE)/config.mk | cut -f1 -d " ") >> $(VERSION_FILE) - $(MAKE) -C f_odl_docker -f Makefile all @make -C docker @docker/runcontext $(DOCKERIMG) $(MAKE) $(MAKEFLAGS) iso @@ -128,10 +125,6 @@ patch-packages: prepare: #$(MAKE) -C opendaylight -f Makefile setup -.PHONY: odl -odl: - #$(MAKE) -C opendaylight -f Makefile - .PHONY: build-clean $(SUBCLEAN) build-clean: $(SUBCLEAN) $(MAKE) -C patch-packages -f Makefile clean @@ -146,7 +139,6 @@ clean: clean-cache prepare $(SUBCLEAN) @rm -f *.iso @rm -Rf release @rm -Rf newiso - @rm -f f_odl @rm -f $(NEWISO) @rm -f $(BUILD_BASE)/.versions @@ -156,6 +148,6 @@ $(SUBCLEAN): %.clean: # Todo: Make things smarter - we shouldn't need to clean everything # betwen make invocations. .PHONY: iso -iso: prepare build-clean odl $(ISOCACHE) $(SUBDIRS) patch-packages +iso: prepare build-clean $(ISOCACHE) $(SUBDIRS) patch-packages install/install.sh iso $(ISOCACHE) $(NEWISO) $(PRODNO) $(REVSTATE) @printf "\n\nProduct ISO is $(NEWISO)\n\n" diff --git a/fuel/build/docker/ubuntu-builder/Dockerfile b/fuel/build/docker/ubuntu-builder/Dockerfile index b4e1b4e..76fe401 100644 --- a/fuel/build/docker/ubuntu-builder/Dockerfile +++ b/fuel/build/docker/ubuntu-builder/Dockerfile @@ -24,8 +24,5 @@ ADD ./setcontext /root/setcontext RUN chmod +x /root/setcontext ADD ./enable_dockerx2 /root/enable_dockerx2 RUN chmod +x /root/enable_dockerx2 -ADD ./install.sh /root/install.sh -RUN chmod +x /root/install.sh -RUN /root/install.sh VOLUME /var/lib/docker diff --git a/fuel/build/docker/ubuntu-builder/install.sh b/fuel/build/docker/ubuntu-builder/install.sh deleted file mode 100755 index df1af72..0000000 --- a/fuel/build/docker/ubuntu-builder/install.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -#Install Oracle Java 7 jdk -echo "Installing JAVA 7" -apt-get update -add-apt-repository ppa:webupd8team/java -y -apt-get update -echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections -apt-get install oracle-java7-installer -y - -#Install Maven 3 -echo deb http://ppa.launchpad.net/natecarlson/maven3/ubuntu precise main >> /etc/apt/sources.list -echo deb-src http://ppa.launchpad.net/natecarlson/maven3/ubuntu precise main >> /etc/apt/sources.list -apt-get update || exit 1 -sudo apt-get install -y --force-yes maven3 || exit 1 -ln -s /usr/share/maven3/bin/mvn /usr/bin/mvn diff --git a/fuel/build/f_odl_docker/Makefile b/fuel/build/f_odl_docker/Makefile deleted file mode 100755 index 6135e71..0000000 --- a/fuel/build/f_odl_docker/Makefile +++ /dev/null @@ -1,51 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -TOP := $(shell pwd) -BUILDTAG := loving_daniel - -# Edit this to match the GENESIS / OPNFV in your environment -export OPNFV_PUPPET := $(BUILD_BASE)/../../common/puppet-opnfv -include ../config.mk - -.PHONY: all -all: - @mkdir -p puppet/modules/opnfv/odl_docker - @rm -rf tmp - @mkdir -p tmp - @cp -Rvp ${OPNFV_PUPPET}/manifests/templates/dockerfile tmp/. - @docker build -t ${BUILDTAG} tmp/dockerfile/. - @docker save ${BUILDTAG} > puppet/modules/opnfv/odl_docker/odl_docker_image.tar - @wget ${DOCKER_REPO}/${DOCKER_TAG} -O puppet/modules/opnfv/odl_docker/docker-latest - @echo "OPFNV_PUPPET is: ${OPNFV_PUPPET}" - @cp -Rvp ${OPNFV_PUPPET}/manifests/templates/dockerfile/container_scripts puppet/modules/opnfv - -.PHONY: clean -clean: - @rm -rf tmp - @rm -rf release - -.PHONY: build-clean -build-clean: - @rm -rf tmp - @rm -rf release - @rm -rf puppet/modules/opnfv/odl_docker/odl_docker_image.tar - @rm -rf puppet/modules/opnfv/odl_docker/docker-latest - -.PHONY: validate-cache -validate-cache: - @echo "No cache validation schema available for $(shell pwd)" - @echo "Continuing ..." - -.PHONY: release -release: - # Fetch PP from OPNFV Common - @cp -Rvp ${OPNFV_PUPPET}/manifests/odl_docker.pp ${PUPPET_DEST} - @cp -Rvp puppet/modules/* $(PUPPET_DEST) diff --git a/fuel/build/f_odl_docker/dockerfile/Dockerfile b/fuel/build/f_odl_docker/dockerfile/Dockerfile deleted file mode 100755 index e3c7ee5..0000000 --- a/fuel/build/f_odl_docker/dockerfile/Dockerfile +++ /dev/null @@ -1,72 +0,0 @@ -#################################################################### -# -# Dockerfile to build a ODL (Karaf) Docker Container -# -# Copyright daniel.smith@ericsson.com -# License: Apache GPL -# -#################################################################### - - -#Set the base image - note: the current release of Karaf is using Jdk7 and alot of 12.04, so we will use it rather than 14.04 and backport a ton of stuff -FROM ubuntu:12.04 - -# Maintainer Info -MAINTAINER Daniel Smith - -#Run apt-get update one start just to check for updates when building -RUN echo "Updating APT" -RUN apt-get update -RUN echo "Adding wget" -RUN apt-get install -y wget -RUN apt-get install -y net-tools -RUN apt-get install -y openjdk-7-jre -RUN apt-get install -y openjdk-7-jdk -RUN apt-get install -y openssh-server -RUN apt-get install -y vim -RUN apt-get install -y expect -RUN apt-get install -y daemontools -RUN mkdir -p /opt/odl_source -RUN bash -c 'echo "export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64" >> ~/.bashrc' - - -#Now lets got and fetch the ODL distribution -RUN echo "Fetching ODL" -RUN wget https://nexus.opendaylight.org/content/groups/public/org/opendaylight/integration/distribution-karaf/0.2.3-Helium-SR3/distribution-karaf-0.2.3-Helium-SR3.tar.gz -O /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz - -RUN echo "Untarring ODL inplace" -RUN mkdir -p /opt/odl -RUN tar zxvf /opt/odl_source/distribution-karaf-0.2.3-Helium-SR3.tar.gz -C /opt/odl - -RUN echo "Installing DLUX and other features into ODL" -COPY tmp/dockerfile/container_scripts/start_odl_docker.sh /etc/init.d/start_odl_docker.sh -COPY tmp/dockerfile/container_scripts/speak.sh /etc/init.d/speak.sh -RUN chmod 777 /etc/init.d/start_odl_docker.sh -RUN chmod 777 /etc/init.d/speak.sh - - -# Expose the ports -# PORTS FOR BASE SYSTEM AND DLUX -EXPOSE 8101 -EXPOSE 6633 -EXPOSE 1099 -EXPOSE 43506 -EXPOSE 8181 -EXPOSE 8185 -EXPOSE 9000 -EXPOSE 39378 -EXPOSE 33714 -EXPOSE 44444 -EXPOSE 6653 - -# PORTS FOR OVSDB AND ODL CONTROL -EXPOSE 12001 -EXPOSE 6640 -EXPOSE 8080 -EXPOSE 7800 -EXPOSE 55130 -EXPOSE 52150 -EXPOSE 36826 - -# set the ENTRYPOINT - An entry point allows us to run this container as an exectuable -CMD ["/etc/init.d/start_odl_docker.sh"] diff --git a/fuel/build/f_odl_docker/dockerfile/container_scripts/check_feature.sh b/fuel/build/f_odl_docker/dockerfile/container_scripts/check_feature.sh deleted file mode 100755 index 3e5d0b2..0000000 --- a/fuel/build/f_odl_docker/dockerfile/container_scripts/check_feature.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/expect -spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client -expect "root>" -send "feature:list | grep -i odl-restconf\r" -send "\r\r\r" -expect "root>" -send "logout\r" - diff --git a/fuel/build/f_odl_docker/dockerfile/container_scripts/speak.sh b/fuel/build/f_odl_docker/dockerfile/container_scripts/speak.sh deleted file mode 100755 index 3ba07a8..0000000 --- a/fuel/build/f_odl_docker/dockerfile/container_scripts/speak.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/expect -# Ericsson Research Canada -# -# Author: Daniel Smith <daniel.smith@ericsson.com> -# -# Simple expect script to start up ODL client and load feature set for DLUX and OVSDB -# -# NOTE: THIS WILL BE REPLACED WITH A PROGRAMATIC METHOD SHORTLY -# DEPRECATED AFTER ARNO - -spawn /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/client -expect "root>" -send "feature:install odl-base-all odl-aaa-authn odl-restconf odl-nsf-all odl-adsal-northbound odl-mdsal-apidocs odl-ovsdb-openstack odl-ovsdb-northbound odl-dlux-core" -send "\r\r\r" -expect "root>" -send "logout\r" - diff --git a/fuel/build/f_odl_docker/dockerfile/container_scripts/start_odl_docker.sh b/fuel/build/f_odl_docker/dockerfile/container_scripts/start_odl_docker.sh deleted file mode 100755 index 1c72dda..0000000 --- a/fuel/build/f_odl_docker/dockerfile/container_scripts/start_odl_docker.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Ericsson Research Canada -# -# Author: Daniel Smith <daniel.smith@ericsson.com> -# -# Start up script for calling karaf / ODL inside a docker container. -# -# This script will also call a couple expect scripts to load the feature set that we want - - -#ENV -export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64 - -#MAIN -echo "Starting up the da Sheilds..." -/opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/karaf server & -echo "Sleeping 5 bad hack" -sleep 10 -echo "should see stuff listening now" -netstat -na -echo " should see proess running for karaf" -ps -efa -echo " Starting the packages we want" -/etc/init.d/speak.sh -echo "Printout the status - if its right, you should see 8181 appear now" -netstat -na -ps -efa - - - -## This is a loop that keeps our container going currently, prinout the "status of karaf" to the docker logs every minute -## Cheap - but effective -while true; -do - echo "Checking status of ODL:" - /opt/odl/distribution-karaf-0.2.3-Helium-SR3/bin/status - sleep 60 -done diff --git a/fuel/build/f_odl_docker/puppet/modules/opnfv/manifests/odl_docker.pp b/fuel/build/f_odl_docker/puppet/modules/opnfv/manifests/odl_docker.pp deleted file mode 100644 index c286127..0000000 --- a/fuel/build/f_odl_docker/puppet/modules/opnfv/manifests/odl_docker.pp +++ /dev/null @@ -1,77 +0,0 @@ -class opnfv::odl_docker -{ - case $::fuel_settings['role'] { - /controller/: { - - file { '/opt': - ensure => 'directory', - } - - file { '/opt/opnfv': - ensure => 'directory', - owner => 'root', - group => 'root', - mode => 777, - } - - file { '/opt/opnfv/odl': - ensure => 'directory', - } - - file { '/opt/opnfv/odl/odl_docker_image.tar': - ensure => present, - source => '/etc/puppet/modules/opnfv/odl_docker/odl_docker_image.tar', - mode => 750, - } - - file { '/opt/opnfv/odl/docker-latest': - ensure => present, - source => '/etc/puppet/modules/opnfv/odl_docker/docker-latest', - mode => 750, - } - - file { '/opt/opnfv/odl/start_odl_conatiner.sh': - ensure => present, - source => '/etc/puppet/modules/opnfv/scripts/start_odl_container.sh', - mode => 750, - } - file { '/opt/opnfv/odl/stage_odl.sh': - ensure => present, - source => '/etc/puppet/modules/opnfv/scripts/stage_odl.sh', - mode => 750, - } - file { '/opt/opnfv/odl/config_net_odl.sh': - ensure => present, - source => '/etc/puppet/modules/opnfv/scripts/config_net_odl.sh', - mode => 750, - } - file { '/opt/opnfv/odl/change.sh': - ensure => present, - source => '/etc/puppet/modules/opnfv/scripts/change.sh', - mode => 750, - } - - - # fix failed to find the cgroup root issue - # https://github.com/docker/docker/issues/8791 - case $::operatingsystem { - 'ubuntu': { - package {'cgroup-lite': - ensure => present, - } - - service {'cgroup-lite': - ensure => running, - enable => true, - require => Package['cgroup-lite'], - } - } - 'centos': { - package {'docker-io': - ensure => latest, - } - } - } - } - } -} diff --git a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/change.sh b/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/change.sh deleted file mode 100644 index f7f3d6e..0000000 --- a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/change.sh +++ /dev/null @@ -1,219 +0,0 @@ -#!/bin/bash -# script to remove bridges and reset networking for ODL - - -#VARS -MODE=0 -DNS=8.8.8.8 - -#ENV -source ~/openrc - -# GET IPS for that node -function get_ips { - BR_MGMT=`grep address /etc/network/ifcfg_backup/ifcfg-br-mgmt | awk -F" " '{print $2}'` - BR_STORAGE=`grep address /etc/network/ifcfg_backup/ifcfg-br-storage | awk -F" " '{print $2}'` - BR_FW_ADMIN=`grep address /etc/network/ifcfg_backup/ifcfg-br-fw-admin | awk -F" " '{print $2}'` - BR_EX=`grep address /etc/network/ifcfg_backup/ifcfg-br-ex | awk -F" " '{print $2}'` - DEF_NETMASK=255.255.255.0 - DEF_GW=172.30.9.1 -} - -function backup_ifcfg { - echo " backing up " - mkdir -p /etc/network/ifcfg_backup - mv /etc/network/interfaces.d/ifcfg-br-ex /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-br-fw-admin /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-br-mgmt /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-br-storage /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-br-prv /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-eth0 /etc/network/ifcfg_backup/. - mv /etc/network/interfaces.d/ifcfg-eth1 /etc/network/ifcfg_backup/. - rm -rf /etc/network/interfaces.d/ifcfg-eth1.300 - rm -rf /etc/network/interfaces.d/ifcfg-eth1.301 - rm -rf /etc/network/interfaces.d/ifcfg-eth1 - rm -rf /etc/network/interfaces.d/ifcfg-eth0 - -} - - -function create_ifcfg_br_mgmt { - echo "migrating br_mgmt" - echo "auto eth1.300" >> /etc/network/interfaces.d/ifcfg-eth1.300 - echo "iface eth1.300 inet static" >> /etc/network/interfaces.d/ifcfg-eth1.300 - echo " address $BR_MGMT" >> /etc/network/interfaces.d/ifcfg-eth1.300 - echo " netmask $DEF_NETMASK" >> /etc/network/interfaces.d/ifcfg-eth1.300 -} - -function create_ifcfg_br_storage { - echo "migration br_storage" - echo "auto eth1.301" >> /etc/network/interfaces.d/ifcfg-eth1.301 - echo "iface eth1.301 inet static" >> /etc/network/interfaces.d/ifcfg-eth1.301 - echo " address $BR_STORAGE" >> /etc/network/interfaces.d/ifcfg-eth1.301 - echo " netmask $DEF_NETMASK" >> /etc/network/interfaces.d/ifcfg-eth1.301 -} - -function create_ifcfg_br_fw_admin { - echo " migratinng br_fw_admin" - echo "auto eth1" >> /etc/network/interfaces.d/ifcfg-eth1 - echo "iface eth1 inet static" >> /etc/network/interfaces.d/ifcfg-eth1 - echo " address $BR_FW_ADMIN" >> /etc/network/interfaces.d/ifcfg-eth1 - echo " netmask $DEF_NETMASK" >> /etc/network/interfaces.d/ifcfg-eth1 -} - -function create_ifcfg_eth0 { - echo "migratinng br-ex to eth0 - temporarily" - echo "auto eth0" >> /etc/network/interfaces.d/ifcfg-eth0 - echo "iface eth0 inet static" >> /etc/network/interfaces.d/ifcfg-eth0 - echo " address $BR_EX" >> /etc/network/interfaces.d/ifcfg-eth0 - echo " netmask $DEF_NETMASK" >> /etc/network/interfaces.d/ifcfg-eth0 - echo " gateway $DEF_GW" >> /etc/network/interfaces.d/ifcfg-eth0 -} - -function set_mode { - if [ -d "/var/lib/glance/images" ] - then - echo " controller " - MODE=0 - else - echo " compute " - MODE=1 - fi -} - - -function stop_ovs { - echo "Stopping OpenVSwitch" - service openvswitch-switch stop - -} - -function start_ovs { - echo "Starting OVS" - service openvswitch-switch start - ovs-vsctl show -} - - -function clean_ovs { - echo "cleaning OVS DB" - stop_ovs - rm -rf /var/log/openvswitch/* - mkdir -p /opt/opnfv/odl/ovs_back - cp -pr /etc/openvswitch/* /opt/opnfv/odl/ovs_back/. - rm -rf /etc/openvswitch/conf.db - echo "restarting OVS - you should see Nothing there" - start_ovs -} - - - -function reboot_me { - reboot -} - -function allow_challenge { - sed -i -e 's/ChallengeResponseAuthentication no/ChallengeResponseAuthentication yes/g' /etc/ssh/sshd_config - service ssh restart -} - -function clean_neutron { - subnets=( `neutron subnet-list | awk -F" " '{print $2}' | grep -v id | sed '/^$/d'` ) - networks=( `neutron net-list | awk -F" " '{print $2}' | grep -v id | sed '/^$/d'` ) - ports=( `neutron port-list | awk -F" " '{print $2}' | grep -v id | sed '/^$/d'` ) - routers=( `neutron router-list | awk -F" " '{print $2}' | grep -v id | sed '/^$/d'` ) - - #display all elements - echo "SUBNETS: ${subnets[@]} " - echo "NETWORKS: ${networks[@]} " - echo "PORTS: ${ports[@]} " - echo "ROUTERS: ${routers[@]} " - - - # get port and subnet for each router - for i in "${routers[@]}" - do - routerport=( `neutron router-port-list $i | awk -F" " '{print $2}' | grep -v id | sed '/^$/d' `) - routersnet=( `neutron router-port-list $i | awk -F" " '{print $8}' | grep -v fixed | sed '/^$/d' | sed 's/,$//' | sed -e 's/^"//' -e 's/"$//' `) - done - - echo "ROUTER PORTS: ${routerport[@]} " - echo "ROUTER SUBNET: ${routersnet[@]} " - - #remove router subnets - echo "router-interface-delete" - for i in "${routersnet[@]}" - do - neutron router-interface-delete ${routers[0]} $i - done - - #remove subnets - echo "subnet-delete" - for i in "${subnets[@]}" - do - neutron subnet-delete $i - done - - #remove nets - echo "net-delete" - for i in "${networks[@]}" - do - neutron net-delete $i - done - - #remove routers - echo "router-delete" - for i in "${routers[@]}" - do - neutron router-delete $i - done - - #remove ports - echo "port-delete" - for i in "${ports[@]}" - do - neutron port-delete $i - done - - #remove subnets - echo "subnet-delete second pass" - for i in "${subnets[@]}" - do - neutron subnet-delete $i - done - -} - -function set_dns { - sed -i -e 's/nameserver 10.20.0.2/nameserver $DNS/g' /etc/resolv.conf -} - - -#OUTPUT - -function check { - echo $BR_MGMT - echo $BR_STORAGE - echo $BR_FW_ADMIN - echo $BR_EX -} - -### MAIN - - -set_mode -backup_ifcfg -get_ips -create_ifcfg_br_mgmt -create_ifcfg_br_storage -create_ifcfg_br_fw_admin -if [ $MODE == "0" ] -then - create_ifcfg_eth0 -fi -allow_challenge -clean_ovs -check -reboot_me - - diff --git a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/config_net_odl.sh b/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/config_net_odl.sh deleted file mode 100755 index 145da80..0000000 --- a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/config_net_odl.sh +++ /dev/null @@ -1,192 +0,0 @@ -#!/bin/bash -# -# Author: Daniel Smith (Ericsson) -# -# Script to update neutron configuration for OVSDB/ODL integratino -# -# Usage - Set / pass CONTROL_HOST to your needs -# -### SET THIS VALUE TO MATCH YOUR SYSTEM -CONTROL_HOST=192.168.0.2 -BR_EX_IP=172.30.9.70 - -# ENV -source ~/openrc -# VARS -ML2_CONF=/etc/neutron/plugins/ml2/ml2_conf.ini -MODE=0 - - -# FUNCTIONS -# Update ml2_conf.ini -function update_ml2conf { - echo "Backing up and modifying ml2_conf.ini" - cp $ML2_CONF $ML2_CONF.bak - sed -i -e 's/mechanism_drivers =openvswitch/mechanism_drivers = opendaylight/g' $ML2_CONF - sed -i -e 's/tenant_network_types = flat,vlan,gre,vxlan/tenant_network_types = vxlan/g' $ML2_CONF - sed -i -e 's/bridge_mappings=physnet2:br-prv/bridge_mappings=physnet1:br-ex/g' $ML2_CONF - echo "[ml2_odl]" >> $ML2_CONF - echo "password = admin" >> $ML2_CONF - echo "username = admin" >> $ML2_CONF - echo "url = http://${CONTROL_HOST}:8080/controller/nb/v2/neutron" >> $ML2_CONF -} - -function reset_neutrondb { - echo "Reseting DB" - mysql -e "drop database if exists neutron_ml2;" - mysql -e "create database neutron_ml2 character set utf8;" - mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';" - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head -} - -function restart_neutron { - echo "Restarting Neutron Server" - service neutron-server restart - echo "Should see Neutron runing now" - service neutron-server status - echo "Shouldnt be any nets, but should work (return empty)" - neutron net-list -} - -function stop_neutron { - echo "Stopping Neutron / OVS components" - service neutron-plugin-openvswitch-agent stop - if [ $MODE == "0" ] - then - service neutron-server stop - fi -} - -function disable_agent { - echo "Disabling Neutron Plugin Agents from running" - service neutron-plugin-openvswitch-agent stop - echo 'manual' > /etc/init/neutron-plugin-openvswitch-agent.override -} - - - -function verify_ML2_working { - echo "checking that we can talk via ML2 properly" - curl -u admin:admin http://${CONTROL_HOST}:8080/controller/nb/v2/neutron/networks > /tmp/check_ml2 - if grep "network" /tmp/check_ml2 - then - echo "Success - ML2 to ODL is working" - else - echo "im sorry Jim, but its dead" - fi - -} - - -function set_mode { - if [ -d "/var/lib/glance/images" ] - then - echo "Controller Mode" - MODE=0 - else - echo "Compute Mode" - MODE=1 - fi -} - -function stop_ovs { - echo "Stopping OpenVSwitch" - service openvswitch-switch stop - -} - -function start_ovs { - echo "Starting OVS" - service openvswitch-vswitch start - ovs-vsctl show -} - - -function control_setup { - echo "Modifying Controller" - stop_neutron - stop_ovs - disable_agent - rm -rf /var/log/openvswitch/* - mkdir -p /opt/opnfv/odl/ovs_back - mv /etc/openvswitch/conf.db /opt/opnfv/odl/ovs_back/. - mv /etc/openvswitch/.conf*lock* /opt/opnfv/odl/ovs_back/. - rm -rf /etc/openvswitch/conf.db - rm -rf /etc/openvswitch/.conf* - service openvswitch-switch start - ovs-vsctl add-br br-ex - ovs-vsctl add-port br-ex eth0 - ovs-vsctl set interface br-ex type=external - ifconfig br-ex 172.30.9.70/24 up - service neutron-server restart - - echo "setting up networks" - ip link add link eth1 name br-mgmt type vlan id 300 - ifconfig br-mgmt `grep address /etc/network/interfaces.d/ifcfg-br-mgmt | awk -F" " '{print $2}'`/24 up arp - ip link add link eth1 name br-storage type vlan id 301 - ip link add link eth1 name br-prv type vlan id 1000 - ifconfig br-storage `grep address /etc/network/interfaces.d/ifcfg-br-storage | awk -F" " '{print $2}'`/24 up arp - ifconfig eth1 `grep address /etc/network/interfaces.d/ifcfg-br-fw-admin | awk -F" " '{print $2}'`/24 up arp - - echo "Setting ODL Manager IP" - ovs-vsctl set-manager tcp:192.168.0.2:6640 - - echo "Verifying ODL ML2 plugin is working" - verify_ML2_working - - # BAD HACK - Should be parameterized - this is to catch up - route add default gw 172.30.9.1 - -} - -function clean_ovs { - echo "cleaning OVS DB" - stop_ovs - rm -rf /var/log/openvswitch/* - mkdir -p /opt/opnfv/odl/ovs_back - cp -pr /etc/openvswitch/* /opt/opnfv/odl/ovs_back/. - rm -rf /etc/openvswitch/conf.db - echo "restarting OVS - you should see Nothing there" - start_ovs -} - -function compute_setup { - echo "Modifying Compute" - echo "Disabling neutron openvswitch plugin" - stop_neutron - disable_agent - ip link add link eth1 name br-mgmt type vlan id 300 - ifconfig br-mgmt `grep address /etc/network/interfaces.d/ifcfg-br-mgmt | awk -F" " '{print $2}'`/24 up arp - ip link add link eth1 name br-storage type vlan id 301 - ip link add link eth1 name br-prv type vlan id 1000 - ifconfig br-storage `grep address /etc/network/interfaces.d/ifcfg-br-storage | awk -F" " '{print $2}'`/24 up arp - ifconfig eth1 `grep address /etc/network/interfaces.d/ifcfg-br-fw-admin | awk -F" " '{print $2}'`/24 up arp - - echo "set manager, and route for ODL controller" - ovs-vsctl set-manager tcp:192.168.0.2:6640 - route add 172.17.0.1 gw 192.168.0.2 - verify_ML2_working -} - - -# MAIN -echo "Starting to make call" -update_ml2conf -echo "Check Mode" -set_mode - -if [ $MODE == "0" ]; -then - echo "Calling control setup" - control_setup -elif [ $MODE == "1" ]; -then - echo "Calling compute setup" - compute_setup - -else - echo "Something is bad - call for help" - exit -fi - - diff --git a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/stage_odl.sh b/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/stage_odl.sh deleted file mode 100755 index fa14b47..0000000 --- a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/stage_odl.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -# Author: Daniel Smith (Ericsson) -# Stages ODL Controlleer -# Inputs: odl_docker_image.tar -# Usage: ./stage_odl.sh - -# ENVS -source ~/.bashrc -source ~/openrc - -LOCALPATH=/opt/opnfv/odl -DOCKERBIN=docker-latest -ODLIMGNAME=odl_docker_image.tar -DNS=8.8.8.8 -HOST_IP=`ifconfig br-ex | grep -i "inet addr" | awk -F":" '{print $2}' | awk -F" " '{print $1}'` - - - -# DEBUG ECHOS -echo $LOCALPATH -echo $DOCKERBIN -echo $ODLIMGNAME -echo $DNS -echo $HOST_IP - - -# Set DNS to someting external and default GW - ODL requires a connection to the internet -sed -i -e 's/nameserver 10.20.0.2/nameserver 8.8.8.8/g' /etc/resolv.conf -route delete default gw 10.20.0.2 -route add default gw 172.30.9.1 - -# Start Docker daemon and in background -echo "Starting Docker" -chmod +x $LOCALPATH/$DOCKERBIN -$LOCALPATH/$DOCKERBIN -d & -#courtesy sleep for virtual env -sleep 2 - -# Import the ODL Container -echo "Importing ODL Container" -$LOCALPATH/$DOCKERBIN load -i $LOCALPATH/$ODLIMGNAME - -# Start ODL, load DLUX and OVSDB modules -echo "Removing any old install found - file not found is ok here" -$LOCALPATH/$DOCKERBIN rm odl_docker -echo "Starting up ODL controller in Daemon mode - no shell possible" -$LOCALPATH/$DOCKERBIN run --name odl_docker -p 8181:8181 -p 8185:8185 -p 9000:9000 -p 1099:1099 -p 8101:8101 -p 6633:6633 -p 43506:43506 -p 44444:44444 -p 6653:6653 -p 12001:12001 -p 6400:6400 -p 6640:6640 -p 8080:8080 -p 7800:7800 -p 55130:55130 -p 52150:52150 -p 36826:26826 -i -d -t loving_daniel - -# Following, you should see the docker ps listed and a port opened -echo " you should reach ODL controller at http://HOST_IP:8181/dlux/index.html" -$LOCALPATH/$DOCKERBINNAME ps -a -netstat -lnt - - diff --git a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/start_odl_container.sh b/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/start_odl_container.sh deleted file mode 100755 index 347ac74..0000000 --- a/fuel/build/f_odl_docker/puppet/modules/opnfv/scripts/start_odl_container.sh +++ /dev/null @@ -1,95 +0,0 @@ -#!/bin/bash -# Ericsson Canada Inc. -# Authoer: Daniel Smith -# -# A helper script to install and setup the ODL docker conatiner on the controller -# -# -# Inputs: odl_docker_image.tar -# -# Usage: ./start_odl_docker.sh -echo "DEPRECATED - USE stage_odl.sh instead - this will be removed shortly once automated deployment is working - SR1" - - -# ENVS -source ~/.bashrc -source ~/openrc - -# VARS - -# Switch for Dev mode - uses apt-get on control to cheat and get docker installed locally rather than from puppet source - -DEV=1 - -# Switch for 1:1 port mapping of EXPOSED ports in Docker to the host, if set to 0, then random ports will be used - NOTE: this doesnt work for all web services X port on Host --> Y port in Container, -# especially for SSL/HTTPS cases. Be aware. - -MATCH_PORT=1 - -LOCALPATH=/opt/opnfv/odl -DOCKERBINNAME=docker-latest -DOCKERIMAGENAME=odl_docker_image.tar -DNS=8.8.8.8 -HOST_IP=`ifconfig br-fw-admin | grep -i "inet addr" | awk -F":" '{print $2}' | awk -F" " '{print $1}'` - - -# Set this to "1" if you want to have your docker container startup into a shell - - -ENABLE_SHELL=1 - - -echo " Fetching Docker " -if [ "$DEV" -eq "1" ]; -# If testing Locally (on a control node) you can set DEV=1 to enable apt-get based install on the control node (not desired target, but good for testing). -then - echo "Dev Mode - Fetching from Internet"; - echo " this wont work in production builds"; - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - mkdir -p $LOCALPATH - wget https://get.docker.com/builds/Linux/x86_64/docker-latest -O $LOCALPATH/$DOCKERBINNAME - wget http://ftp.us.debian.org/debian/pool/main/d/docker.io/docker.io_1.3.3~dfsg1-2_amd64.deb - chmod 777 $LOCALPATH/$DOCKERBINNAME - echo "done "; -else - echo "Using Binaries delivered from Puppet" - echo "Starting Docker in Daemon mode" - chmod +x $LOCALPATH/$DOCKERBINNAME - $LOCALPATH/$DOCKERBINNAME -d & - - # wait until docker will be fully initialized - # before any further action against just started docker - sleep 5 -fi - - -# We need to perform some cleanup of the Openstack Environment -echo "TODO -- This should be automated in the Fuel deployment at some point" -echo "However, the timing should come after basic tests are running, since this " -echo " part will remove the subnet router association that is deployed automativally" -echo " via fuel. Refer to the ODL + Openstack Integration Page " - -# Import the ODL container into docker - -echo "Importing ODL container into docker" -$LOCALPATH/$DOCKERBINNAME load -i $LOCALPATH/$DOCKERIMAGENAME - -echo " starting up ODL - DLUX and Mapping Ports" -if [ "$MATCH_PORT" -eq "1" ] -then - echo "Starting up Docker..." - $LOCALPATH/$DOCKERBINNAME rm odl_docker -fi - -if [ "$ENABLE_SHELL" -eq "1" ]; -then - echo "Starting Container in Interactive Mode (/bin/bash will be provided, you will need to run ./start_odl_docker.sh inside the container yourself)" - $LOCALPATH/$DOCKERBINNAME run --name odl_docker -p 8181:8181 -p 8185:8185 -p 9000:9000 -p 1099:1099 -p 8101:8101 -p 6633:6633 -p 43506:43506 -p 44444:44444 -p 6653:6653 -p 12001:12001 -p 6400:6400 -p 6640:6640 -p 8080:8080 -p 7800:7800 -p 55130:55130 -p 52150:52150 -p 36826:26826 -i -t loving_daniel /bin/bash -else - echo "Starting Conatiner in Daemon mode - no shell will be provided and docker attach will not provide shell)" - $LOCALPATH/$DOCKERBINNAME run --name odl_docker -p 8181:8181 -p 8185:8185 -p 9000:9000 -p 1099:1099 -p 8101:8101 -p 6633:6633 -p 43506:43506 -p 44444:44444 -p 6653:6653 -p 12001:12001 -p 6400:6400 -p 6640:6640 -p 8080:8080 -p 7800:7800 -p 55130:55130 -p 52150:52150 -p 36826:26826 -i -d -t loving_daniel - echo "should see the process listed here in docker ps -a" - $LOCALPATH/$DOCKERBINNAME ps -a; - echo "Match Port enabled, you can reach the DLUX login at: " - echo "http://$HOST_IP:8181/dlux.index.html" -fi diff --git a/fuel/build/f_odl_docker/scripts/config_net_odl.sh b/fuel/build/f_odl_docker/scripts/config_net_odl.sh deleted file mode 100644 index d292acd..0000000 --- a/fuel/build/f_odl_docker/scripts/config_net_odl.sh +++ /dev/null @@ -1,164 +0,0 @@ -#!/bin/bash -# -# Author: Daniel Smith (Ericsson) -# -# Script to update neutron configuration for OVSDB/ODL integratino -# -# Usage - Set / pass CONTROL_HOST to your needs -# -CONTROL_HOST=172.30.9.70 - -# ENV -source ~/openrc - -# VARS -ML2_CONF=/etc/neutron/plugins/ml2/ml2_conf.ini -MODE=0 - - -# FUNCTIONS - -# Update ml2_conf.ini -function update_ml2conf { - echo "Backing up and modifying ml2_conf.ini" - cp $ML2_CONF $ML2_CONF.bak - sed -i -e 's/mechanism_drivers =openvswitch/mechanism_drivers = opendaylight/g' $ML2_CONF - sed -i -e 's/tenant_network_types = flat,vlan,gre,vxlan/tenant_network_types = vxlan/g' $ML2_CONF - cat "[ml2_odl]" >> $ML2_CONF - cat "password = admin" >> $ML2_CONF - cat "username = admin" >> $ML2_CONF - cat "url = http://${CONTROL_HOST}:8080/controller/nb/v2/neutron" >> $ML2_CONF -} - -function reset_neutrondb { - echo "Reseting DB" - mysql -e "drop database if exists neutron_ml2;" - mysql -e "create database neutron_ml2 character set utf8;" - mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';" - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head -} - -function restart_neutron { - echo "Restarting Neutron Server" - service neutron-server restart - echo "Should see Neutron runing now" - service neutron-server status - echo "Shouldnt be any nets, but should work (return empty)" - neutron net-list -} - -function stop_neutron { - echo "Stopping Neutron / OVS components" - service neutron-plugin-openvswitch-agent stop - if [ $MODE == "0" ] - then - service neutron-server stop - fi -} - - - -function verify_ML2_working { - echo "checking that we can talk via ML2 properly" - curl -u admin:admin http://${CONTROL_HOST}:8080/controller/nb/v2/neutron/networks > /tmp/check_ml2 - if grep "network" /tmp/check_ml2 - then - echo "Success - ML2 to ODL is working" - else - echo "im sorry Jim, but its dead" - fi - -} - - -function set_mode { - if ls -l /var/lib/glance/images - then - echo "Controller Mode" - MODE=0 - else - echo "Compute Mode" - MODE=1 - fi -} - -function stop_ovs { - echo "Stopping OpenVSwitch" - service openvswitch-switch stop - -} - -function control_setup { - echo "Modifying Controller" - stop_neutron - stop_ovs - rm -rf /var/log/openvswitch/* - mkdir -p /opt/opnfv/odl/ovs_back - mv /etc/openvswitch/conf.db /opt/opnfv/odl/ovs_back/. - mv /etc/openvswitch/.conf*lock* /opt/opnfv/odl/ovs_back/. - service openvswitch-switch start - ovs-vsctl set-manager tcp:172.30.9.70:6640 - ovs-vsctl add-br br-eth0 - ovs-vsctl add-br br-ex - ovs-vsctl add-port br-eth0 eth0 - ovs-vsctl add-port br-eth0 br-eth0--br-ex - ovs-vsctl add-port br-ex br-ex--br-eth0 - ovs-vsctl set interface br-ex--br-eth0 type=patch - ovs-vsctl set interface br-eth0--br-ex type=patch - ovs-vsctl set interface br-ex--br-eth0 options:peer=br-eth0--br-ex - ovs-vsctl set interface br-eth0--br-ex options:peer=br-ex--br-eth0 - ifconfig br-ex 172.30.9.70/24 up - service neutron-server restart - - echo "setting up networks" - ip link add link eth1 name br-mgmt type vlan id 300 - ip link add link eth1 name br-storage type vlan id 301 - /etc/init.d/networking restart - - - echo "Reset Neutron DB" - #reset_neutrondb - echo "Restarting Neutron Components" - #restart_neutron - echo "Verifying ODL ML2 plugin is working" - verify_ML2_working - -} - -function compute_setup { - echo "do compute stuff here" - echo "stopping neutron openvswitch plugin" - stop_neutron - ip link add link eth1 name br-mgmt type vlan id 300 - ifconfig br-mgmt `grep address /etc/network/interfaces.d/ifcfg-br-mgmt | awk -F" " '{print $2}'`/24 - ip link add link eth1 name br-storage type vlan id 301 - ifconfig br-storage `grep address /etc/network/interfaces.d/ifcfg-br-storage | awk -F" " '{print $2}'`/24 - ifconfig eth1 `grep address /etc/network/interfaces.d/ifcfg-br-fw-mgmt | awk -F" " '{print $2}'`/24 - echo "set manager, and route for ODL controller" - ovs-vsctl set-manager tcp:192.168.0.2:6640 - route add 172.17.0.1 gw 192.168.0.2 - verify_ML2_working -} - - -# MAIN -echo "Starting to make call" -update_ml2conf -echo "Check Mode" -set_mode - -if [ $MODE == "0" ]; -then - echo "Calling control setup" - control_setup -elif [ $MODE == "1" ]; -then - echo "Calling compute setup" - compute_setup - -else - echo "Something is bad - call for help" - exit -fi - - diff --git a/fuel/build/f_odl_docker/scripts/config_neutron_for_odl.sh b/fuel/build/f_odl_docker/scripts/config_neutron_for_odl.sh deleted file mode 100644 index 3b688ae..0000000 --- a/fuel/build/f_odl_docker/scripts/config_neutron_for_odl.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash -CONTROL_HOST=172.17.0.3 - -# ENV -source ~/openrc - - - -# VARS -ML2_CONF=/etc/neutron/plugins/ml2/ml2_conf.ini -MODE=0 - - -# FUCNTIONS - - -# Update ml2_conf.ini -function update_ml2conf { - echo "Backing up and modifying ml2_conf.ini" - cp $ML2_CONF $ML2_CONF.bak - sed -i -e 's/mechanism_drivers =openvswitch/mechanism_drivers = opendaylight/g' $ML2_CONF -#!/bin/bash -CONTROL_HOST=172.17.0.3 - -# ENV -source ~/openrc - - - -# VARS -ML2_CONF=/etc/neutron/plugins/ml2/ml2_conf.ini -MODE=0 - - -# FUCNTIONS - - -# Update ml2_conf.ini -function update_ml2conf { - echo "Backing up and modifying ml2_conf.ini" - cp $ML2_CONF $ML2_CONF.bak - sed -i -e 's/mechanism_drivers =openvswitch/mechanism_drivers = opendaylight/g' $ML2_CONF - sed -i -e 's/tenant_network_types = flat,vlan,gre,vxlan/tenant_network_types = vxlan/g' $ML2_CONF - cat "[ml2_odl]" >> $ML2_CONF - cat "password = admin" >> $ML2_CONF - cat "username = admin" >> $ML2_CONF - cat "url = http://${CONTROL_HOST}:8080/controller/nb/v2/neutron" >> $ML2_CONF -} - -function reset_neutrondb { - echo "Reseting DB" - mysql -e "drop database if exists neutron_ml2;" - mysql -e "create database neutron_ml2 character set utf8;" - mysql -e "grant all on neutron_ml2.* to 'neutron'@'%';" - neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini upgrade head -} - -function restart_neutron { - echo "Restarting Neutron Server" - service neutron-server restart - echo "Should see Neutron runing now" - service neutron-server status - echo "Shouldnt be any nets, but should work (return empty)" - neutron net-list -} - -function stop_neutron { - echo "Stopping Neutron / OVS components" - service neutron-plugin-openvswitch-agent stop - if [ $MODE == "0" ] - then - service neutron-server stop - fi -} - - - -function verify_ML2_working { - echo "checking that we can talk via ML2 properly" - curl -u admin:admin http://${CONTROL_HOST}:8080/controller/nb/v2/neutron/networks > /tmp/check_ml2 - if grep "network" /tmp/check_ml2 - then - echo "Success - ML2 to ODL is working" - else - echo "im sorry Jim, but its dead" - fi - -} - - -function set_mode { - if df -k | grep glance - then - echo "Controller Mode" - MODE=0 - else - echo "Compute Mode" - MODE=1 - fi -} - -function stop_ovs { - echo "Stopping OpenVSwitch" - service openvswitch-switch stop - -} - -function control_setup { - echo "do control stuff here" - echo "Reset Neutron DB" - #reset_neutrondb - echo "Restarting Neutron Components" - #restart_neutron - echo "Verifying ODL ML2 plugin is working" - verify_ML2_working - -} - -function compute_setup { - echo "do compute stuff here" - stop_neutron - verify_ML2_working -} - - -# MAIN -echo "Starting to make call" -#update_ml2conf -echo "Check Mode" -set_mode - -if [ $MODE == "0" ]; -then - echo "Calling control setup" - control_setup -elif [ $MODE == "1" ]; -then - echo "Calling compute setup" - compute_setup - -else - echo "Something is bad - call for help" - exit -fi - - diff --git a/fuel/build/f_odl_docker/scripts/prep_nets_for_odl.sh b/fuel/build/f_odl_docker/scripts/prep_nets_for_odl.sh deleted file mode 100755 index dd4fc9f..0000000 --- a/fuel/build/f_odl_docker/scripts/prep_nets_for_odl.sh +++ /dev/null @@ -1,90 +0,0 @@ -#!/bin/bash -# a "cheat" way to install docker on the controller -# can only be used if you have a connecting out to the internet - -# Usage: ./install_docker.sh <ip of default route to remove> <ip of default gw to add> - -OLDGW=$1 -#!/bin/bash -# a "cheat" way to install docker on the controller -# can only be used if you have a connecting out to the internet - -# Usage: ./install_docker.sh <ip of default route to remove> <ip of default gw to add> - -OLDGW=$1 -NEWGW=$2 -IMAGEPATH=/opt/opnfv -IMAGENAME=odl_docker_image.tar -SOURCES=/etc/apt/sources.list - - -if [ "$#" -ne 2]; then - echo "Two args not provided, will not touch networking" -else - - # Fix routes - echo "Fixing routes" - #DEBUG - netstat -rn - - echo "delete old def route" - route delete default gw $1 - echo "adding new def route" - route add default gw $2 - - echo " you should see a good nslookup now" - nslookup www.google.ca -#!/bin/bash -# a "cheat" way to install docker on the controller -# can only be used if you have a connecting out to the internet - -# Usage: ./install_docker.sh <ip of default route to remove> <ip of default gw to add> - -OLDGW=$1 -NEWGW=$2 -IMAGEPATH=/opt/opnfv -IMAGENAME=odl_docker_image.tar -SOURCES=/etc/apt/sources.list - - -if [ "$#" -ne 2]; then - echo "Two args not provided, will not touch networking" -else - - # Fix routes - echo "Fixing routes" - #DEBUG - netstat -rn - - echo "delete old def route" - route delete default gw $1 - echo "adding new def route" - route add default gw $2 - - echo " you should see a good nslookup now" - nslookup www.google.ca -fi - - -if egrep "mirrors.txt" $SOURCES -then - echo "Sources was already updated, not touching" -else - echo "adding the closests mirrors and docker mirror to the mix" - echo "deb mirror://mirrors.ubuntu.com/mirrors.txt precise main restricted universe multiverse" >> /etc/apt/sources.list - echo "deb mirror://mirrors.ubuntu.com/mirrors.txt precise-updates main restricted universe multiverse" >> /etc/apt/sources.list - echo "deb mirror://mirrors.ubuntu.com/mirrors.txt precise-backports main restricted universe multiverse" >> /etc/apt/sources.list - echo "deb mirror://mirrors.ubuntu.com/mirrors.txt precise-security main restricted universe multiverse" >> /etc/apt/sources.list - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 36A1D7869245C8950F966E92D8576A8BA88D21E9 - echo "deb https://get.docker.com/ubuntu docker main " > /etc/apt/sources.list.d/docker.list -fi - -echo "Updating" -apt-get update -echo "Installing Docker" -apt-get install -y lxc-docker - -echo "Loading ODL Docker Image" -docker load -i $IMAGEPATH/$IMAGENAME - - diff --git a/fuel/build/f_odl_docker/scripts/setup_ovs_for_odl.sh b/fuel/build/f_odl_docker/scripts/setup_ovs_for_odl.sh deleted file mode 100644 index 42c9451..0000000 --- a/fuel/build/f_odl_docker/scripts/setup_ovs_for_odl.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash - - - -ok .. so they created br-int - -so lets add a physical nic to it - - -# First - Removal all the bridges you find - -for i in $(ovs-vsctl list-br) -do - if [ "$i" == "br-int" ]; - then - echo "skipped br-int" - elif [ "$i" == "br-prv"]; - then - echo "skipped br-pr" - else - ovs-vsctl del-br $i - fi -done diff --git a/fuel/build/f_opnfv_puppet/puppet/modules/opnfv/manifests/init.pp b/fuel/build/f_opnfv_puppet/puppet/modules/opnfv/manifests/init.pp index 54f1c86..fabe30a 100644 --- a/fuel/build/f_opnfv_puppet/puppet/modules/opnfv/manifests/init.pp +++ b/fuel/build/f_opnfv_puppet/puppet/modules/opnfv/manifests/init.pp @@ -23,6 +23,4 @@ class opnfv { include opnfv::ntp # Make sure all added packages are installed include opnfv::add_packages - # Setup OpenDaylight - include opnfv::odl_docker } diff --git a/fuel/build/opendaylight/Makefile b/fuel/build/opendaylight/Makefile deleted file mode 100644 index bd2eeb5..0000000 --- a/fuel/build/opendaylight/Makefile +++ /dev/null @@ -1,102 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -############################################################################ -# BEGIN of variables to customize -# -SHELL = /bin/bash - - -BUILD_DIR := $(shell pwd) -GIT_DIR := /tmp -export CONFIG_SPEC_SCRIPT -export MAVEN_OPTS = -Xmx1024m -XX:MaxPermSize=512m -MAINTAINER = "Main Tainer <main.tainer@example.org>" -ODL_SHORT_NAME = odl -ODL_VERSION = 0.1-1 -DEPEND = openjdk-8-jdk -TARGET_BUILD_PATH="/tmp/controller/opendaylight/distribution/opendaylight-karaf/target/" -MAVEN_SPEC = $(BUILD_DIR)/odl_maven/settings.xml - -# -# END of variables to customize -############################################################################# - -.PHONY: all -all: odl - -############################################################################ -# BEGIN of Include definitions -# -include ../config.mk -# -# END Include definitions -############################################################################# - -.PHONY: setup -setup: - rm -f "$(BUILD_BASE)/f_odl" - ln -s "$(shell readlink -e $(BUILD_DIR))/f_odl" "$(shell readlink -e $(BUILD_BASE))/f_odl" - -.PHONY: validate-cache -validate-cache: - @REMOTE_ID=$(shell git ls-remote $(ODL_MAIN_REPO) $(ODL_MAIN_TAG)^{} | awk '{print $$(NF-1)}'); \ - if [ -z $$REMOTE_ID ] || [ $$REMOTE_ID = " " ]; \ - then \ - REMOTE_ID=$(shell git ls-remote $(ODL_MAIN_REPO) $(ODL_MAIN_TAG) | awk '{print $$(NF-1)}'); \ - fi; \ - if [ $$REMOTE_ID != $(shell cat $(VERSION_FILE) | grep odl | awk '{print $$NF}') ]; \ - then \ - echo "Cache does not match upstream OpenDaylight, cache must be rebuilt!"; \ - exit 1; \ - fi - -.PHONY: odl -odl: - -ifeq ($(ODL_MAIN_REPO),) - @echo "No config-spec target for ODL, nothing to build" -else - -ifeq ($(shell if [ -e .odl-build.log ];then cat .odl-build.log; fi;),$(ODL_MAIN_TAG)) - @cd /tmp && git clone $(ODL_MAIN_REPO) && cd /tmp/controller && git checkout $(ODL_MAIN_TAG) - - @echo "ODL is up to date" -else - @if [ ! -d "/tmp/controller" ]; then\ - cd /tmp && git clone $(ODL_MAIN_REPO);\ - fi; - - @if [ "$(UNIT_TEST)" = "FALSE" ]; then\ - echo "Building ODL without unit test";\ - cd /tmp/controller &&\ - git checkout $(ODL_MAIN_TAG) &&\ - mvn -D maven.test.skip=true -gs $(MAVEN_SPEC) clean install;\ - else\ - echo "Building ODL with unit test";\ - cd /tmp/controller &&\ - git checkout $(ODL_MAIN_TAG) &&\ - mvn -gs $(MAVEN_SPEC) clean install;\ - fi; - - @echo "odl" `git -C /tmp/controller show | grep commit | head -1 | cut -d " " -f2` >> $(VERSION_FILE) - @./make-odl-deb.sh -N $(ODL_SHORT_NAME)_`cd /tmp/controller; git rev-parse --short HEAD` -n $(ODL_SHORT_NAME) -v "$(ODL_VERSION)" -t "$(ODL_MAIN_TAG)" -m $(MAINTAINER) -d $(DEPEND) -p $(TARGET_BUILD_PATH) - @echo $(ODL_MAIN_TAG) > .odl-build.log -endif -endif - -.PHONY: clean $(SUBCLEAN) -clean: $(SUBCLEAN) - @rm -Rf /tmp/controller - @rm -f .odl-build.log - @./make-odl-deb.sh -C - -.PHONY: release -release: diff --git a/fuel/build/opendaylight/README b/fuel/build/opendaylight/README deleted file mode 100644 index 7aa392e..0000000 --- a/fuel/build/opendaylight/README +++ /dev/null @@ -1,52 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -This directory builds the OpenDaylight debian package by cloning the -opendaylight.org repo, building the odl tag specified in -"fuel-build/config-spec" and constructing a debian package source tree under -"f_odl", which automatically is linked into "fuel_build/." for further build processing. - -The opendaylight has the following structure: -. -+--------+-------------+-----------+ -| | | | -| Makefile make-odl-deb.sh README -| (this file) -| -+----------+----------+ - | | - odl_maven/ f_odl/ - -Makefile: -Invoked by the git root Makefile, it builds the clones the odl repo from -odl, checkout the tag/branch indicated in "fuelbuild/config-spec", builds -odl, and calls "make-odl-deb.sh" to create a debian package source tree. - -make-odl-deb.sh: -Creates the odl debian package source tree in "f_odl" from the odl build -results. - -odl_maven/: -Contains needed control files for maven OpenDaylight build - -f_odl/: -Contains buildscripts and the generated odl debian package source tree produced -by the odl build (make-odl-deb.sh) which is later used by the root build system. - -NOTE on the controller/ git repo clone: -The git controller repo clone Contains all artifacts from the odl build, it only -exists in /tmp inside the build docker container and is not visible anywhere on -the build host - -Note on build caching: -The latest build results are cached, and will not be rebuilt unless the fuel-build/ -config-spec is changed in respect to odl version or if make clean is applied. -./.odl-build.log and ./.odl-build.history are used to keep adequate bookmaking to -track caching and needed cleanout. diff --git a/fuel/build/opendaylight/f_odl/Makefile b/fuel/build/opendaylight/f_odl/Makefile deleted file mode 100644 index f7ebd3e..0000000 --- a/fuel/build/opendaylight/f_odl/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -include $(BUILD_BASE)/config.mk -ODL_NAME_SHORT := odl -PACKAGE := odl_$(shell cd /tmp/controller; git rev-parse --short HEAD) -VERSION := 0.1-1 -DEB_NAME := $(PACKAGE)_$(VERSION) - -.PHONY: all -all: release/pool/main/$(DEB_NAME).deb - -release/pool/main/$(DEB_NAME).deb: -ifeq ($(ODL_MAIN_REPO),) - @echo "No config-spec target for ODL, nothing to build" -else - @mkdir -p tmp/src - @mkdir -p release/pool/main - @cp -rp package/$(DEB_NAME) tmp/src - @gzip -f9 tmp/src/$(DEB_NAME)/usr/share/doc/$(ODL_NAME_SHORT)/changelog.Debian - @fakeroot dpkg-deb --build tmp/src/$(DEB_NAME) - @lintian tmp/src/$(DEB_NAME).deb - @cp tmp/src/$(DEB_NAME).deb release/pool/main -endif - -.PHONY: clean -clean: - @rm -rf tmp - @rm -rf release - @rm -f $(DEB_DEST)/$(DEB_NAME).deb - -.PHONY: validate-cache -validate-cache: - @echo "No cache validation schema available for $(shell pwd)" - @echo "Continuing ..." - -.PHONY: release -release:release/pool/main/$(DEB_NAME).deb -ifneq ($(ODL_MAIN_REPO),) - @cp release/pool/main/$(DEB_NAME).deb $(DEB_DEST) - @cp -Rvp puppet/modules/* $(PUPPET_DEST) -endif diff --git a/fuel/build/opendaylight/f_odl/README b/fuel/build/opendaylight/f_odl/README deleted file mode 100644 index 077962d..0000000 --- a/fuel/build/opendaylight/f_odl/README +++ /dev/null @@ -1,49 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -This directory adds the OpenDaylight (odl) package and related puppet -deployment manifest such that it gets built into the .iso image an deployed -on the stack controller cluster. - -The f_odl has the following structure: -. -+--------+----------+-----------+------------+ - | | | | - puppet/ Makefile README odl_<change_id> - | (this file) /<version> - | | - | odl deb pkg src - modules/ - | - | - | - opnfv/ - | - | - | - manifests/ - | - | - | - odl.pp - -Makefile: -Invoked by the git root Makefile, it builds the odl debian package from the -debian pkg source directory (inside this directory) and pushes it together -with the manifests to the fuel build source artifact directory, such that it -eventually gets built into the new fuel .iso - -odl.pp: -Controls the installation and configuration of odl - -odl deb pkg src: -Is the debian package source directory tree including all needed odl artifacts -and debian pakage meta data. This debian source package tree is built from -fuel-build/opendaylight and doesnt exist before it has bee built. diff --git a/fuel/build/opendaylight/f_odl/puppet/modules/opnfv/manifests/odl.pp b/fuel/build/opendaylight/f_odl/puppet/modules/opnfv/manifests/odl.pp deleted file mode 100644 index 6165646..0000000 --- a/fuel/build/opendaylight/f_odl/puppet/modules/opnfv/manifests/odl.pp +++ /dev/null @@ -1,13 +0,0 @@ -class opnfv::odl { - if $::osfamily == 'Debian' { - - - case $::fuel_settings['role'] { - /controller/: { - package { 'odl': - ensure => installed, - } - } - } - } -} diff --git a/fuel/build/opendaylight/f_odl/testing/README b/fuel/build/opendaylight/f_odl/testing/README deleted file mode 100644 index 2ef4976..0000000 --- a/fuel/build/opendaylight/f_odl/testing/README +++ /dev/null @@ -1,12 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -In order to test the functionality without performing a full deployment, run "puppet apply" on the -fake_init.pp which will call only the opnfv::odl class. diff --git a/fuel/build/opendaylight/f_odl/testing/fake_init.pp b/fuel/build/opendaylight/f_odl/testing/fake_init.pp deleted file mode 100644 index 0600d2e..0000000 --- a/fuel/build/opendaylight/f_odl/testing/fake_init.pp +++ /dev/null @@ -1,13 +0,0 @@ -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -$fuel_settings = parseyaml($astute_settings_yaml) - -include opnfv::odl diff --git a/fuel/build/opendaylight/make-odl-deb.sh b/fuel/build/opendaylight/make-odl-deb.sh deleted file mode 100755 index 5222087..0000000 --- a/fuel/build/opendaylight/make-odl-deb.sh +++ /dev/null @@ -1,314 +0,0 @@ -#!/bin/bash -set -e -############################################################################## -# Copyright (c) 2015 Ericsson AB and others. -# stefan.k.berg@ericsson.com -# jonas.bjurel@ericsson.com -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## - -############################################################################## -# Default variable declarations - -COMMAND= -PACKAGE_NAME= -PACKAGE_SHORT_NAME= -PACKAGE_VERSION= -TARGET_BUILD_PATH= -DEPENDENCIES= -MAINTAINER= -ARCH="amd64" -BUILD_HISTORY=".odl-build-history" - -############################################################################## -# subroutine: usage -# Description: Prints out usage of this script - -usage () -{ -cat <<EOF -usage: $0 options - -$0 creates a ${PACKAGE_NAME} Debian package - -OPTIONS: - -n Package shoer name - -N Package name - -v Version - -t Tag - -p Target build path, the path where the built tar ball is to be fetched - -m Maintainer - -d Package dependencies - -h Prints this message - -C Clean - -E.g.: $0 -n my/deb/src/dest/path -N my-package -v 1.0-1 -t myTag -p path/to/the/source -m "Main Tainer <main.tainer.exampe.org> -d myJavaDependence -EOF -} - -############################################################################## -# subroutine: clean -# Description: Cleans up all artifacts from earlier builds - -clean () -{ -if [ -e $BUILD_HISTORY ]; then - while read line - do - rm -rf $line - done < $BUILD_HISTORY - rm ${BUILD_HISTORY} - exit 0 -fi -} - -############################################################################## -# make-DEBIAN_control -# Description: constructs the Debian pack control file - -make-DEBIAN_control () -{ -cat <<EOF -Package: $PACKAGE_SHORT_NAME -Version: $PACKAGE_VERSION -Section: base -Priority: optional -Architecture: $ARCH -Depends: $DEPENDENCIES -Maintainer: $MAINTAINER -Description: OpenDaylight deamon - This is a daemon for the opendaylight/odl controller service. -EOF -} - -############################################################################## -# subroutine: make-DEBIAN_conffiles -# Description: Constructs the Debian package config files assignment - -make-DEBIAN_conffiles () -{ -cat <<EOF -/etc/odl/etc/all.policy -/etc/odl/etc/config.properties -/etc/odl/etc/custom.properties -/etc/odl/etc/distribution.info -/etc/odl/etc/equinox-debug.properties -/etc/odl/etc/java.util.logging.properties -/etc/odl/etc/jmx.acl.cfg -/etc/odl/etc/jmx.acl.java.lang.Memory.cfg -/etc/odl/etc/jmx.acl.org.apache.karaf.bundle.cfg -/etc/odl/etc/jmx.acl.org.apache.karaf.config.cfg -/etc/odl/etc/jmx.acl.org.apache.karaf.security.jmx.cfg -/etc/odl/etc/jmx.acl.osgi.compendium.cm.cfg -/etc/odl/etc/jre.properties -/etc/odl/etc/keys.properties -/etc/odl/etc/org.apache.felix.fileinstall-deploy.cfg -/etc/odl/etc/org.apache.karaf.command.acl.bundle.cfg -/etc/odl/etc/org.apache.karaf.command.acl.config.cfg -/etc/odl/etc/org.apache.karaf.command.acl.feature.cfg -/etc/odl/etc/org.apache.karaf.command.acl.jaas.cfg -/etc/odl/etc/org.apache.karaf.command.acl.kar.cfg -/etc/odl/etc/org.apache.karaf.command.acl.shell.cfg -/etc/odl/etc/org.apache.karaf.command.acl.system.cfg -/etc/odl/etc/org.apache.karaf.features.cfg -/etc/odl/etc/org.apache.karaf.features.obr.cfg -/etc/odl/etc/org.apache.karaf.features.repos.cfg -/etc/odl/etc/org.apache.karaf.jaas.cfg -/etc/odl/etc/org.apache.karaf.kar.cfg -/etc/odl/etc/org.apache.karaf.log.cfg -/etc/odl/etc/org.apache.karaf.management.cfg -/etc/odl/etc/org.apache.karaf.shell.cfg -/etc/odl/etc/org.ops4j.pax.logging.cfg -/etc/odl/etc/org.ops4j.pax.url.mvn.cfg -/etc/odl/etc/regions-config.xml -/etc/odl/etc/shell.init.script -/etc/odl/etc/startup.properties -/etc/odl/etc/system.properties -/etc/odl/etc/users.properties -/etc/odl/configuration/context.xml -/etc/odl/configuration/logback.xml -/etc/odl/configuration/tomcat-logging.properties -/etc/odl/configuration/tomcat-server.xml -EOF -} - -############################################################################## -# subroutine: make-DEBIAN_postinst -# Description: Constructs the Debian package post installation script - -make-DEBIAN_postinst () -{ -cat <<EOF -#!/bin/bash -e -ln -s /etc/${PACKAGE_SHORT_NAME}/* ${TARGET_INSTALL_PATH} -echo "OpenDaylight $TAG version $PACKAGE_VERSION has been installed" -EOF -} - -############################################################################## -# subroutine: make-DEBIAN_bin -# Description: Constructs the bin script (normally under /usr/bin) - -make-DEBIAN_bin () -{ -cat <<EOF -#!/bin/bash -e -${TARGET_INSTALL_PATH}bin/karaf $@ -EOF -} - -############################################################################## -# subroutine: make-DEBIAN_copyright -# Description: Constructs the copyright text (normally under /usr/share/doc...) - -make-DEBIAN_copyright () -{ -cat <<EOF -OpenDaylight - an open source SDN controller -Licensed to the Apache Software Foundation (ASF) under one or more -contributor license agreements. See the NOTICE file distributed with -this work for additional information regarding copyright ownership. -The ASF licenses this file to You under the Apache License, Version 2.0 -(the "License"); you may not use this file except in compliance with -the License. You may obtain a copy of the License at - -http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -EOF -} - -############################################################################## -# subroutine: make-DEBIAN_changelog -# Description: Constructs the changelog text (normally under /usr/share/doc...) - -make-DEBIAN_changelog () -{ -cat <<EOF -$PACKAGE_SHORT_NAME ($PACKAGE_VERSION) precise-proposed; urgency=low - - * Derived from $PACKAGE_NAME $PACHAGE_VERSION - - -- $MAINTAINER $(date) -EOF -} - -############################################################################## -# MAIN - -while getopts "N:n:v:d:Chm:t:p:" OPTION -do - case $OPTION in - h) - usage - exit 0 - ;; - - N) - PACKAGE_NAME=$OPTARG - COMMAND+="-N ${PACKAGE_NAME} " - ;; - - n) - PACKAGE_SHORT_NAME=$OPTARG - COMMAND+="-n ${PACKAGE_SHORT_NAME} " - ;; - - v) - PACKAGE_VERSION=$OPTARG - COMMAND+="-v ${PACKAGE_VERSION} " - ;; - - p) - TARGET_BUILD_PATH=$OPTARG - COMMAND+="-p ${TARGET_BUILD_PATH} " - ;; - - t) - TAG=$OPTARG - COMMAND+="-t ${TAG} " - ;; - - m) - MAINTAINER=$OPTARG - COMMAND+="-m ${MAINTAINER} " - ;; - - d) - DEPENDENCIES=$OPTARG - COMMAND+="-d ${DEPENDENCIES} " - ;; - - A) - ARCH=$OPTARG - COMMAND+="-A ${ARCH} " - ;; - - C) - COMMAND+="-C " - clean - exit 0 - ;; - esac -done - -# Constructing script variables -DEB_PACK_BASE_PATH="f_${PACKAGE_SHORT_NAME}/package/${PACKAGE_NAME}_${PACKAGE_VERSION}" -echo ${DEB_PACK_BASE_PATH} >> "$BUILD_HISTORY" -TARGET_INSTALL_PATH="/usr/share/java/${PACKAGE_SHORT_NAME}/" -DEB_PACK_CONTENT_PATH="${DEB_PACK_BASE_PATH}/usr/share/java/${PACKAGE_SHORT_NAME}/" -DEB_PACK_CONFIG_PATH="${DEB_PACK_BASE_PATH}/etc/${PACKAGE_SHORT_NAME}" -TARGET_TAR=$(ls ${TARGET_BUILD_PATH}*.tar.gz) -TARGET_TAR="${TARGET_TAR##*/}" -TAR_PATH="${TARGET_TAR%.*}" -TAR_PATH="${TAR_PATH%.*}" -if [ -e $DEB_PACK_BASE_PATH ]; then - rm -R $DEB_PACK_BASE_PATH -fi - -# Create Deb pack content and configuration -mkdir -p ${DEB_PACK_CONTENT_PATH} -cp ${TARGET_BUILD_PATH}${TARGET_TAR} ${DEB_PACK_CONTENT_PATH} -tar -xzf ${DEB_PACK_CONTENT_PATH}${TARGET_TAR} -C ${DEB_PACK_CONTENT_PATH} -rm ${DEB_PACK_CONTENT_PATH}${TARGET_TAR} -mv ${DEB_PACK_CONTENT_PATH}${TAR_PATH}/* ${DEB_PACK_CONTENT_PATH}. -rm -R ${DEB_PACK_CONTENT_PATH}${TAR_PATH} - -# Crate and populate Deb pack config target -mkdir -p ${DEB_PACK_CONFIG_PATH}/etc -mv ${DEB_PACK_CONTENT_PATH}etc/* ${DEB_PACK_CONFIG_PATH}/etc/ -rm -R ${DEB_PACK_CONTENT_PATH}etc -mkdir -p ${DEB_PACK_CONFIG_PATH}/configuration -mv ${DEB_PACK_CONTENT_PATH}configuration/* ${DEB_PACK_CONFIG_PATH}/configuration/ -rm -R ${DEB_PACK_CONTENT_PATH}configuration - -# Set package permisions -find ${DEB_PACK_CONTENT_PATH} -type d -print -exec chmod 755 {} \; -find ${DEB_PACK_CONFIG_PATH}/etc/ -type f -print -exec chmod 644 {} \; -find ${DEB_PACK_CONFIG_PATH}/etc/ -type d -print -exec chmod 755 {} \; - -# Create package usr/bin odl script -mkdir "${DEB_PACK_BASE_PATH}/usr/bin" -chmod 755 "${DEB_PACK_BASE_PATH}/usr/bin" -make-DEBIAN_bin > "${DEB_PACK_BASE_PATH}/usr/bin/odl" -chmod 755 "${DEB_PACK_BASE_PATH}/usr/bin/odl" - -# Create Deb pack install meta-data -mkdir "${DEB_PACK_BASE_PATH}/DEBIAN" -make-DEBIAN_control > "${DEB_PACK_BASE_PATH}/DEBIAN/control" -make-DEBIAN_conffiles > "${DEB_PACK_BASE_PATH}/DEBIAN/conffiles" -mkdir -p "${DEB_PACK_BASE_PATH}/usr/share/doc/${PACKAGE_SHORT_NAME}" -make-DEBIAN_copyright > "${DEB_PACK_BASE_PATH}/usr/share/doc/${PACKAGE_SHORT_NAME}/copyright" -make-DEBIAN_changelog > "${DEB_PACK_BASE_PATH}/usr/share/doc/${PACKAGE_SHORT_NAME}/changelog.Debian" - -# Create Deb pack post install symlinks and usr/bin scripts -make-DEBIAN_postinst > "${DEB_PACK_BASE_PATH}/DEBIAN/postinst" -chmod 755 "${DEB_PACK_BASE_PATH}/DEBIAN/postinst" -mkdir -p "${DEB_PACK_BASE_PATH}/usr/bin" diff --git a/fuel/build/opendaylight/odl_maven/settings.xml b/fuel/build/opendaylight/odl_maven/settings.xml deleted file mode 100644 index 35a4442..0000000 --- a/fuel/build/opendaylight/odl_maven/settings.xml +++ /dev/null @@ -1,46 +0,0 @@ -<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> - - <profiles> - <profile> - <id>opendaylight-release</id> - <repositories> - <repository> - <releases> - <enabled>true</enabled> - <updatePolicy>never</updatePolicy> - </releases> - <snapshots> - <enabled>false</enabled> - </snapshots> - <id>opendaylight-mirror</id> - <name>opendaylight-mirror</name> - <url>http://nexus.opendaylight.org/content/groups/public/</url> - </repository> - </repositories> - </profile> - - <profile> - <id>opendaylight-snapshots</id> - <repositories> - <repository> - <releases> - <enabled>false</enabled> - </releases> - <snapshots> - <enabled>true</enabled> - </snapshots> - <id>opendaylight-snapshot</id> - <name>opendaylight-snapshot</name> - <url>http://nexus.opendaylight.org/content/repositories/opendaylight.snapshot/</url> - </repository> - </repositories> - </profile> - </profiles> - - <activeProfiles> - <activeProfile>opendaylight-release</activeProfile> - <activeProfile>opendaylight-snapshots</activeProfile> - </activeProfiles> -</settings> diff --git a/fuel/prototypes/auto-deploy/examples/libvirt/conf/vms/fuel-master b/fuel/prototypes/auto-deploy/examples/libvirt/conf/vms/fuel-master index 9ff8017..d2a7841 100644 --- a/fuel/prototypes/auto-deploy/examples/libvirt/conf/vms/fuel-master +++ b/fuel/prototypes/auto-deploy/examples/libvirt/conf/vms/fuel-master @@ -98,6 +98,5 @@ <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </memballoon> </devices> - <seclabel type='dynamic' model='apparmor' relabel='yes'/> </domain> diff --git a/opensteak/ci/build.sh b/opensteak/ci/build.sh index e69de29..7a85332 100644 --- a/opensteak/ci/build.sh +++ b/opensteak/ci/build.sh @@ -0,0 +1,19 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +#placeholder diff --git a/opensteak/ci/deploy.sh b/opensteak/ci/deploy.sh index e69de29..bd6ff86 100644 --- a/opensteak/ci/deploy.sh +++ b/opensteak/ci/deploy.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) + +# TODO: find a way to create the openvswitch bridge + + +# This will create a Foreman Virtual Machine with KVM (libvirt) +cd ../tools/ +sudo python3 create_foreman.py --config ../config/infra.yaml + + diff --git a/opensteak/config/common.yaml b/opensteak/config/common.yaml new file mode 100644 index 0000000..144e84f --- /dev/null +++ b/opensteak/config/common.yaml @@ -0,0 +1,119 @@ +# common.yaml +--- + +### +## OpenStack passwords +### +ceph_password: "password" +admin_password: "password" +mysql_service_password: "password" +mysql_root_password: "password" +rabbitmq_password: "password" +glance_password: "password" +nova_password: "password" +neutron_shared_secret: "password" +neutron_password: "password" +cinder_password: "password" +keystone_admin_token: "password" +horizon_secret_key: "12345" + +domain: "infra.opensteak.fr" + +### +## Class parameters +### +# Rabbit +opensteak::rabbitmq::rabbitmq_password: "%{hiera('rabbitmq_password')}" + +# MySQL +opensteak::mysql::root_password: "%{hiera('mysql_root_password')}" +opensteak::mysql::mysql_password: "%{hiera('mysql_service_password')}" + +# Key +opensteak::key::password: "%{hiera('admin_password')}" +opensteak::key::stack_domain: "%{hiera('domain')}" + +# Keystone +opensteak::keystone::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::keystone::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::keystone::keystone_token: "%{hiera('keystone_admin_token')}" +opensteak::keystone::stack_domain: "%{hiera('domain')}" +opensteak::keystone::admin_mail: "admin@opensteak.fr" +opensteak::keystone::admin_password: "%{hiera('admin_password')}" +opensteak::keystone::glance_password: "%{hiera('glance_password')}" +opensteak::keystone::nova_password: "%{hiera('nova_password')}" +opensteak::keystone::neutron_password: "%{hiera('neutron_password')}" +opensteak::keystone::cinder_password: "%{hiera('cinder_password')}" + +# Glance +opensteak::glance::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::glance::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::glance::stack_domain: "%{hiera('domain')}" +opensteak::glance::glance_password: "%{hiera('glance_password')}" + +# Nova +opensteak::nova::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::nova::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::nova::stack_domain: "%{hiera('domain')}" +opensteak::nova::nova_password: "%{hiera('nova_password')}" +opensteak::nova::neutron_password: "%{hiera('neutron_password')}" +opensteak::nova::neutron_shared: "%{hiera('neutron_shared_secret')}" + +# Cinder +opensteak::cinder::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::cinder::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::cinder::stack_domain: "%{hiera('domain')}" +opensteak::cinder::nova_password: "%{hiera('cinder_password')}" + +# Compute +opensteak::nova-compute::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::nova-compute::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::nova-compute::stack_domain: "%{hiera('domain')}" +opensteak::nova-compute::neutron_password: "%{hiera('neutron_password')}" + + +# Neutron controller +opensteak::neutron-controller::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::neutron-controller::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::neutron-controller::stack_domain: "%{hiera('domain')}" +opensteak::neutron-controller::nova_password: "%{hiera('nova_password')}" +opensteak::neutron-controller::neutron_password: "%{hiera('neutron_password')}" +# Neutron compute +opensteak::neutron-compute::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::neutron-compute::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::neutron-compute::stack_domain: "%{hiera('domain')}" +opensteak::neutron-compute::neutron_password: "%{hiera('neutron_password')}" +opensteak::neutron-compute::neutron_shared: "%{hiera('neutron_shared_secret')}" +opensteak::neutron-compute::infra_nodes: + server186: + ip: 192.168.1.27 + bridge_uplinks: + - 'br-vm:p3p1' + server187: + ip: 192.168.1.155 + bridge_uplinks: + - 'br-vm:p3p1' + server188: + ip: 192.168.1.116 + bridge_uplinks: + - 'br-vm:p3p1' + server189: + ip: 192.168.1.117 + bridge_uplinks: + - 'br-vm:p3p1' +# Neutron network +opensteak::neutron-network::mysql_password: "%{hiera('mysql_root_password')}" +opensteak::neutron-network::rabbitmq_password: "%{hiera('rabbitmq_password')}" +opensteak::neutron-network::stack_domain: "%{hiera('domain')}" +opensteak::neutron-network::neutron_password: "%{hiera('neutron_password')}" +opensteak::neutron-network::neutron_shared: "%{hiera('neutron_shared_secret')}" +opensteak::neutron-network::infra_nodes: + server98: + ip: 192.168.1.58 + bridge_uplinks: + - 'br-ex:em2' + - 'br-vm:em5' + +# Horizon +opensteak::horizon::stack_domain: "%{hiera('domain')}" +opensteak::horizon::secret_key: "%{hiera('horizon_secret_key')}" diff --git a/opensteak/config/infra.yaml b/opensteak/config/infra.yaml new file mode 100644 index 0000000..2ff02a1 --- /dev/null +++ b/opensteak/config/infra.yaml @@ -0,0 +1,81 @@ +domains: "infra.opensteak.fr" +media: "Ubuntu mirror" +environments: "production" +operatingsystems: "Ubuntu14.04Cloud" +subnets: "Admin" +compute_profiles: "Test" +smart_proxies: "foreman.infra.opensteak.fr" +ptables: "Preseed default" +architectures: "x86_64" + +operatingsystems: + "Ubuntu 14.04.2 LTS": + name: "Ubuntu" + description: "Ubuntu 14.04.2 LTS" + major: "14" + minor: "04" + family: "Debian" + release_name: "trusty" + password_hash: "MD5" + "Ubuntu 14.04 Cloud": + name: "Ubuntu14.04Cloud" + description: "Ubuntu 14.04 Cloud" + major: "14" + minor: "04" + family: "Debian" + release_name: "trusty" + password_hash: "MD5" + +hostgroupTop: + name: 'test' + classes: + - "ntp" + subnet: "Admin" + params: + password: 'toto' +hostgroups: + hostgroupController: + name: 'controller' + classes: + - "opensteak::base-network" + - "opensteak::libvirt" + params: + foreman_sshkey: 'xxxx' + hostgroupControllerVM: + name: 'controller_VM' + classes: + - "opensteak::apt" + params: + foreman_sshkey: 'xxxx' + password: 'toto' + hostgroupCompute: + name: 'compute' + classes: + - "opensteak::neutron-compute" + - "opensteak::nova-compute" +subnets: + Admin: + shared: False + data: + network: "192.168.4.0" + mask: "255.255.255.0" + vlanid: + gateway: "192.168.4.1" + dns_primary: "192.168.1.4" + from: "192.168.4.10" + to: "192.168.4.200" + ipam: "DHCP" + boot_mode: "DHCP" + +foreman: + ip: "192.168.4.2" + admin: "admin" + password: "opnfv" + cpu: "4" + ram: "4194304" + iso: "trusty-server-cloudimg-amd64-disk1.img" + disksize: "5G" + force: True + dns: "8.8.8.8" + bridge: "br-libvirt" + bridge_type: "openvswitch" diff --git a/opensteak/tools/README.rst b/opensteak/tools/README.rst new file mode 100644 index 0000000..188addc --- /dev/null +++ b/opensteak/tools/README.rst @@ -0,0 +1,52 @@ +:Authors: Arnaud Morin (arnaud1.morin@orange.com) +:Version: 0.0.2 + +======================================================= +OPNFV Installation instructions using Foreman/OpenSteak +======================================================= + +Abstract +======== + +This document describes how to setup OPNFV from a foreman Virtual Machine on an Ubuntu server. + +License +======= +OPNFV Installation instructions using Foreman/OpenSteak (c) by Arnaud Morin (Orange) + +OPNFV Installation instructions using Foreman/OpenSteak are licensed under a Creative Commons Attribution 4.0 International License. You should have received a copy of the license along with this. If not, see <http://creativecommons.org/licenses/by/4.0/>. + +Version history +=================== + ++--------------------+--------------------+--------------------+--------------------+ +| **Date** | **Ver.** | **Author** | **Comment** | +| | | | | ++--------------------+--------------------+--------------------+--------------------+ +| 2015-06-08 | 0.0.1 | Arnaud Morin | First draft | +| | | (Orange) | | ++--------------------+--------------------+--------------------+--------------------+ + +Table of contents +=================== + +.. contents:: + :backlinks: none + +Introduction +============ + +This document describes how to setup OPNFV from a foreman Virtual Machine on an Ubuntu server. +Before starting, you should have an Ubuntu 14.04 LTS server already installed. + +Here is the manual workflow that you will have to perform: + +- Install +- Manually prepare configuration files from templates. + + +Here is the current workflow of the automated installation: + +- Dependencies installation (such as libvirt, impitools, etc.) +- Foreman Virtual Machine creation +- to be completed diff --git a/opensteak/tools/config.yaml b/opensteak/tools/config.yaml new file mode 100644 index 0000000..c618a52 --- /dev/null +++ b/opensteak/tools/config.yaml @@ -0,0 +1,78 @@ +domains: "test-infra.opensteak.fr" +media: "Ubuntu mirror" +environments: "production" +operatingsystems: "Ubuntu14.04Cloud" +subnets: "Admin" +compute_profiles: "Test" +smart_proxies: "foreman.infra.opensteak.fr" +ptables: "Preseed default" +architectures: "x86_64" + +operatingsystems: + "Ubuntu 14.04.1 LTS": + name: "Ubuntu" + description: "Ubuntu 14.04.1 LTS" + major: "14" + minor: "04" + family: "Debian" + release_name: "trusty" + password_hash: "MD5" + "Ubuntu 14.04 Cloud": + name: "Ubuntu14.04Cloud" + description: "Ubuntu 14.04 Cloud" + major: "14" + minor: "04" + family: "Debian" + release_name: "trusty" + password_hash: "MD5" + +hostgroupTop: + name: 'test' + classes: + - "ntp" + subnet: "Admin" + params: + password: 'toto' +hostgroups: + hostgroupController: + name: 'controller' + classes: + - "opensteak::base-network" + - "opensteak::libvirt" + params: + foreman_sshkey: 'xxxx' + hostgroupControllerVM: + name: 'controller_VM' + classes: + - "opensteak::apt" + params: + foreman_sshkey: 'xxxx' + password: 'toto' + hostgroupCompute: + name: 'compute' + classes: + - "opensteak::neutron-compute" + - "opensteak::nova-compute" +subnets: + Admin: + shared: False + data: + network: "172.16.0.0" + mask: "255.255.255.0" + vlanid: + gateway: "172.16.0.1" + dns_primary: "172.16.0.1" + from: "172.16.0.10" + to: "172.16.0.200" + ipam: "DHCP" + boot_mode: "DHCP" + +foreman: + ip: "172.16.0.2" + password: "opnfv" + cpu: "2" + ram: "2097152" + iso: "trusty-server-cloudimg-amd64-disk1.img" + disksize: "5G" + force: True + dns: "8.8.8.8" diff --git a/opensteak/tools/create_foreman.py b/opensteak/tools/create_foreman.py new file mode 100644 index 0000000..6cf4510 --- /dev/null +++ b/opensteak/tools/create_foreman.py @@ -0,0 +1,236 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +""" +Create Virtual Machines +""" + +# TODO: be sure that we are runnning as root + +from opensteak.conf import OpenSteakConfig +from opensteak.printer import OpenSteakPrinter +# from opensteak.argparser import OpenSteakArgParser +from opensteak.templateparser import OpenSteakTemplateParser +from opensteak.virsh import OpenSteakVirsh +from pprint import pprint as pp +# from ipaddress import IPv4Address +import argparse +import tempfile +import shutil +import os +# import sys + +p = OpenSteakPrinter() + +# +# Check for params +# +p.header("Check parameters") +args = {} + +# Update args with values from CLI +parser = argparse.ArgumentParser(description='This script will create a foreman VM.', usage='%(prog)s [options]') +parser.add_argument('-c', '--config', help='YAML config file to use (default is config/infra.yaml).', default='config/infra.yaml') +args.update(vars(parser.parse_args())) + +# Open config file +conf = OpenSteakConfig(config_file=args["config"]) +# pp(conf.dump()) + +a = {} +a["name"] = "foreman" +a["ip"] = conf["foreman"]["ip"] +a["netmask"] = conf["subnets"]["Admin"]["data"]["mask"] +a["netmaskshort"] = sum([bin(int(x)).count('1') + for x in conf["subnets"]["Admin"] + ["data"]["mask"] + .split('.')]) +a["gateway"] = conf["subnets"]["Admin"]["data"]["gateway"] +a["network"] = conf["subnets"]["Admin"]["data"]["network"] +a["admin"] = conf["foreman"]["admin"] +a["password"] = conf["foreman"]["password"] +a["cpu"] = conf["foreman"]["cpu"] +a["ram"] = conf["foreman"]["ram"] +a["iso"] = conf["foreman"]["iso"] +a["disksize"] = conf["foreman"]["disksize"] +a["force"] = conf["foreman"]["force"] +a["dhcprange"] = "{0} {1}".format(conf["subnets"]["Admin"] + ["data"]["from"], + conf["subnets"]["Admin"] + ["data"]["to"]) +a["domain"] = conf["domains"] +reverse_octets = str(conf["foreman"]["ip"]).split('.')[-2::-1] +a["reversedns"] = '.'.join(reverse_octets) + '.in-addr.arpa' +a["dns"] = conf["foreman"]["dns"] +a["bridge"] = conf["foreman"]["bridge"] +if conf["foreman"]["bridge_type"] == "openvswitch": + a["bridgeconfig"] = "<virtualport type='openvswitch'></virtualport>" +else: + # no specific config for linuxbridge + a["bridgeconfig"] = "" + +# Update args with values from config file +args.update(a) +del a + +p.list_id(args) + +# Ask confirmation +if args["force"] is not True: + p.ask_validation() + +# Create the VM +p.header("Initiate configuration") + +### +# Work on templates +### +# Create temporary folders and files +tempFolder = tempfile.mkdtemp(dir="/tmp") +tempFiles = {} + +for f in os.listdir("templates_foreman/"): + tempFiles[f] = "{0}/{1}".format(tempFolder, f) + try: + OpenSteakTemplateParser("templates_foreman/{0}".format(f), + tempFiles[f], args) + except Exception as err: + p.status(False, msg=("Something went wrong when trying to create " + "the file {0} from the template " + "templates_foreman/{1}").format(tempFiles[f], f), + failed="{0}".format(err)) + +### +# Work on files +### +for f in os.listdir("files_foreman/"): + tempFiles[f] = "{0}/{1}".format(tempFolder, f) + shutil.copyfile("files_foreman/{0}".format(f), tempFiles[f]) + +p.status(True, msg="Temporary files created:") +p.list_id(tempFiles) + + +### +# Delete if already exists +### + +# Get all volumes and VM +p.header("Virsh calls") +OpenSteakVirsh = OpenSteakVirsh() +volumeList = OpenSteakVirsh.volumeList() +domainList = OpenSteakVirsh.domainList() +# p.list_id(volumeList) +# p.list_id(domainList) + +# TODO: check that the default image is in the list +# (trusty-server-cloudimg-amd64-disk1.img by default) + +# Delete the volume if exists +try: + oldVolume = volumeList[args["name"]] + + # Ask confirmation + if args["force"] is not True: + p.ask_validation() + + status = OpenSteakVirsh.volumeDelete(volumeList[args["name"]]) + if (status["stderr"]): + p.status(False, msg=status["stderr"]) + p.status(True, msg=status["stdout"]) +except KeyError as err: + # no old volume, do nothing + pass + +# Delete the VM if exists +try: + vmStatus = domainList[args["name"]] + + # Ask confirmation + if args["force"] is not True: + p.ask_validation() + + # Destroy (stop) + if vmStatus == "running": + status = OpenSteakVirsh.domainDestroy(args["name"]) + if (status["stderr"]): + p.status(False, msg=status["stderr"]) + p.status(True, msg=status["stdout"]) + + # Undefine (delete) + status = OpenSteakVirsh.domainUndefine(args["name"]) + if (status["stderr"]): + p.status(False, msg=status["stderr"]) + p.status(True, msg=status["stdout"]) +except KeyError as err: + # no old VM defined, do nothing + pass + +### +# Create the configuration image file from metadata and userdata +### +status = OpenSteakVirsh.generateConfiguration(args["name"], tempFiles) +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=("Configuration generated successfully in " + "/var/lib/libvirt/images/{0}-configuration.iso") + .format(args["name"])) + +# Refresh the pool +status = OpenSteakVirsh.poolRefresh() +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=status["stdout"]) + +### +# Create the new VM +### +# Create the volume from a clone +status = OpenSteakVirsh.volumeClone(args["iso"], args["name"]) +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=status["stdout"]) + +# Resize the volume +status = OpenSteakVirsh.volumeResize(args["name"], args["disksize"]) +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=status["stdout"]) + +# Create the VM +status = OpenSteakVirsh.domainDefine(tempFiles["kvm-config"]) +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=status["stdout"]) + + +### +# Start the VM +### +status = OpenSteakVirsh.domainStart(args["name"]) +if (status["stderr"]): + p.status(False, msg=status["stderr"]) +p.status(True, msg=status["stdout"]) + +p.status(True, msg="Log file is at: /var/log/libvirt/qemu/{0}-serial.log" + .format(args["name"])) + +p.header("fini") + +# Delete temporary dir +shutil.rmtree(tempFolder) diff --git a/opensteak/tools/files_foreman/id_rsa b/opensteak/tools/files_foreman/id_rsa new file mode 100644 index 0000000..d53ba88 --- /dev/null +++ b/opensteak/tools/files_foreman/id_rsa @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAz0jMplucYXoe0xJ21ASL98PGbwZYCI5Xr4/kHXOdGvHvZr3z +58tWU1Ta4qMf0qa272VsdQiO1pCmSlqrDW5C9rEeqLhhRX/yLbgv35mOdjRoIIAX +6RfNniT/xXrfvPZYdw603fIbbw5igTRwc6W5QvJHRcKRKb762Vw2gPSS0GgFBLCk +vC2kQbW4cfP+9elo86FAhNBs2TbBHLc9H2W+9KzYfgsigjJLsgRXL6/uhu3+sL2d +3F1J9Nhyy3aoUOVxD2YPJlJvzYhLZcSXgXI+Oi0gZmhh3uImc4WRyOihK5jRpJaw +desygyXo4lVskzxBjm7L9ynbCNMOO85ZVVJGxQIDAQABAoIBAQCaOWcSy4yRtiPj +FZTV8MAXS1GD36t2SjoRhLTL+O5GUwW1YtVrfA2xmKv2/jm6KJJpkgPdG83y9NLU +9ZrZNlWaaHQQQocVB7ovrB/qdLzbU+i5bbTcl/pDlPG8g8yeMoflpUqK7AzfV0uR +KGwWj5JErjC7RaVt8wt+164xykbFyZeUu9htNthFD/OPaIPqgv6AoJdEULyGrTbd +SRyJ01n0beGkB0o+0dnOEO34K+pU0Zzk+rAcOEl3UNkpxOzedEFOR6NdnX1eH4t4 +a6OZgskcVjyxFQPAyhcSkQ2iWncQx2ritTclst4NFjBae5hwYgEB4S9ZN5IOueMH +eYhxYthNAoGBAPXtSDmRGPc4EHDBrbgDn4vhxK7QN35bWFW1KvHLD0hBBJO57GqT +jGCJsbkw6peERuFV8qq+Bvz0nvlKl9humB1djlndUETksUTrNz73XxpJJ8L5parF +okx0QLMXONOP5b6yGWYay3QD0gNz/HYVf//oDTdWRhbq5EY6VarOagfjAoGBANfG +UrlxEYHwq3TE7unvgaao5Vpmw8Hqir2bnl2zKmPoV8ds/V+paMnV6Hhzgzu3bKgF +ukZgAizEcfvxrxnfIraRJTI5xgBoIl8gdbsWkLre4qKpVSAkw4JLyzVVlXCyKYHp +ocjeNVbO5Z2Yft0cv30LfeX+DEDeQS12RHLu/Sc3AoGBAMns2ZfC5p/encknje8A +spjVeHwdJOOQNxiwl6FPHK40DIELcO4VVnbRuGaZnpVoHBbbTlQZkX1TkdCZCdLB +BA9giQiKamUW7eLry0HdNW5M0OQLvZZZjih+b71c/ODhTz/j1mz65UDN/jutmYaP +orjJnUhpg0U/+s0bCsojj/YHAoGBAKtsMhiFjaUv8OdJ9Y0A7H3dPKk/b1JF5YeR +dJV4W7sXwXT8T6eKTWfce14GV0JADSDHvB9g8xlh0DSa48OoFEn6shRe9cEo+fWd +Mis6WC0+Gcukv65TxsdjM8PhhGIOCQ/e7ttIPhQDN0Sm/FLqHe9YC+OGm3GFoT5e +8S5mU9StAoGABFwqkFELU84twzKYJCVPZPktwtfrD0Hkbd9pk0ebuSnQ3bATFIyU +CDspTADbY2IgC53u+XAhTd5BOsicTtMM9x1p5EOglbK1ANagWuGlzVfdbp+bmql9 +S8AaH22lha5vCfHHfAN2NSkQ+ABZnNpP66nFx06VcyEYkhuZgd6s5A0= +-----END RSA PRIVATE KEY----- diff --git a/opensteak/tools/files_foreman/id_rsa.pub b/opensteak/tools/files_foreman/id_rsa.pub new file mode 100644 index 0000000..8b4c6a1 --- /dev/null +++ b/opensteak/tools/files_foreman/id_rsa.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPSMymW5xheh7TEnbUBIv3w8ZvBlgIjlevj+Qdc50a8e9mvfPny1ZTVNriox/SprbvZWx1CI7WkKZKWqsNbkL2sR6ouGFFf/ItuC/fmY52NGgggBfpF82eJP/Fet+89lh3DrTd8htvDmKBNHBzpblC8kdFwpEpvvrZXDaA9JLQaAUEsKS8LaRBtbhx8/716WjzoUCE0GzZNsEctz0fZb70rNh+CyKCMkuyBFcvr+6G7f6wvZ3cXUn02HLLdqhQ5XEPZg8mUm/NiEtlxJeBcj46LSBmaGHe4iZzhZHI6KErmNGklrB16zKDJejiVWyTPEGObsv3KdsI0w47zllVUkbF arnaud@l-bibicy diff --git a/opensteak/tools/opensteak/.gitignore b/opensteak/tools/opensteak/.gitignore new file mode 100644 index 0000000..a65d046 --- /dev/null +++ b/opensteak/tools/opensteak/.gitignore @@ -0,0 +1,58 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover + +# Translations +*.mo +*.pot + +# Django stuff: +*.log + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ diff --git a/opensteak/tools/opensteak/__init__.py b/opensteak/tools/opensteak/__init__.py new file mode 100644 index 0000000..01f9c9a --- /dev/null +++ b/opensteak/tools/opensteak/__init__.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +# This directory is a Python package. diff --git a/opensteak/tools/opensteak/argparser.py b/opensteak/tools/opensteak/argparser.py new file mode 100644 index 0000000..de980b6 --- /dev/null +++ b/opensteak/tools/opensteak/argparser.py @@ -0,0 +1,46 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> +# @author: Pawel Chomicki <pawel.chomicki@nokia.com> + +""" +Parse arguments from CLI +""" + +import argparse + +class OpenSteakArgParser: + + def __init__(self): + """ + Parse the command line + """ + self.parser = argparse.ArgumentParser(description='This script will create config files for a VM in current folder.', usage='%(prog)s [options] name') + self.parser.add_argument('name', help='Set the name of the machine') + self.parser.add_argument('-i', '--ip', help='Set the ip address of the machine. (Default is 192.168.42.42)', default='192.168.42.42') + self.parser.add_argument('-n', '--netmask', help='Set the netmask in short format. (Default is 24)', default='24') + self.parser.add_argument('-g', '--gateway', help='Set the gateway to ping internet. (Default is 192.168.42.1)', default='192.168.42.1') + self.parser.add_argument('-p', '--password', help='Set the ssh password. Login is ubuntu. (Default password is moutarde)', default='moutarde') + self.parser.add_argument('-u', '--cpu', help='Set number of CPU for the VM. (Default is 2)', default='2') + self.parser.add_argument('-r', '--ram', help='Set quantity of RAM for the VM in kB. (Default is 2097152)', default='2097152') + self.parser.add_argument('-o', '--iso', help='Use this iso file. (Default is trusty-server-cloudimg-amd64-disk1.img)', default='trusty-server-cloudimg-amd64-disk1.img') + self.parser.add_argument('-d', '--disksize', help='Create a disk with that size. (Default is 5G)', default='5G') + self.parser.add_argument('-f', '--force', help='Force creation without asking questions. This is dangerous as it will delete old VM with same name.', default=False, action='store_true') + + def parse(self): + return self.parser.parse_args() + diff --git a/opensteak/tools/opensteak/conf.py b/opensteak/tools/opensteak/conf.py new file mode 100644 index 0000000..65eaf43 --- /dev/null +++ b/opensteak/tools/opensteak/conf.py @@ -0,0 +1,72 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from yaml import load, dump +try: + from yaml import CLoader as Loader, CDumper as Dumper +except ImportError: + from yaml import Loader, Dumper + + +class OpenSteakConfig: + """OpenSteak config class + Use this object as a dict + """ + + def __init__(self, + config_file="/usr/local/opensteak/infra/config/common.yaml", + autosave=False): + """ Function __init__ + Load saved opensteak config. + + @param PARAM: DESCRIPTION + @return RETURN: DESCRIPTION + @param config_file: the yaml config file to read. + default is '/usr/local/opensteak/infra/config/common.yaml' + @param autosave: save automaticly the config at destroy + default is False + """ + self.config_file = config_file + self.autosave = autosave + with open(self.config_file, 'r') as stream: + self._data = load(stream, Loader=Loader) + + def __getitem__(self, index): + """Get an item of the configuration""" + return self._data[index] + + def __setitem__(self, index, value): + """Set an item of the configuration""" + self._data[index] = value + + def list(self): + """Set an item of the configuration""" + return self._data.keys() + + def dump(self): + """Dump the configuration""" + return dump(self._data, Dumper=Dumper) + + def save(self): + """Save the configuration to the file""" + with open(self.config_file, 'w') as f: + f.write(dump(self._data, Dumper=Dumper)) + + def __del__(self): + if self.autosave: + self.save() diff --git a/opensteak/tools/opensteak/foreman.py b/opensteak/tools/opensteak/foreman.py new file mode 100644 index 0000000..b7cbf42 --- /dev/null +++ b/opensteak/tools/opensteak/foreman.py @@ -0,0 +1,60 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.api import Api +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.domains import Domains +from opensteak.foreman_objects.smart_proxies import SmartProxies +from opensteak.foreman_objects.operatingsystems import OperatingSystems +from opensteak.foreman_objects.hostgroups import HostGroups +from opensteak.foreman_objects.hosts import Hosts +from opensteak.foreman_objects.architectures import Architectures +from opensteak.foreman_objects.subnets import Subnets +from opensteak.foreman_objects.puppetClasses import PuppetClasses +from opensteak.foreman_objects.compute_resources import ComputeResources + + +class OpenSteakForeman: + """ + HostGroup class + """ + def __init__(self, password, login='admin', ip='127.0.0.1'): + """ Function __init__ + Init the API with the connection params + @param password: authentication password + @param password: authentication login - default is admin + @param ip: api ip - default is localhost + @return RETURN: self + """ + self.api = Api(login=login, password=password, ip=ip, + printErrors=False) + self.domains = Domains(self.api) + self.smartProxies = SmartProxies(self.api) + self.puppetClasses = PuppetClasses(self.api) + self.operatingSystems = OperatingSystems(self.api) + self.architectures = Architectures(self.api) + self.subnets = Subnets(self.api) + self.hostgroups = HostGroups(self.api) + self.hosts = Hosts(self.api) + self.computeResources = ComputeResources(self.api) + self.environments = ForemanObjects(self.api, + 'environments', + 'environment') + self.smartClassParameters = ForemanObjects(self.api, + 'smart_class_parameters', + 'smart_class_parameter') diff --git a/opensteak/tools/opensteak/foreman_objects/.gitignore b/opensteak/tools/opensteak/foreman_objects/.gitignore new file mode 100644 index 0000000..a65d046 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/.gitignore @@ -0,0 +1,58 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover + +# Translations +*.mo +*.pot + +# Django stuff: +*.log + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ diff --git a/opensteak/tools/opensteak/foreman_objects/__init__.py b/opensteak/tools/opensteak/foreman_objects/__init__.py new file mode 100644 index 0000000..01f9c9a --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/__init__.py @@ -0,0 +1,18 @@ +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +# This directory is a Python package. diff --git a/opensteak/tools/opensteak/foreman_objects/api.py b/opensteak/tools/opensteak/foreman_objects/api.py new file mode 100644 index 0000000..dc99734 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/api.py @@ -0,0 +1,197 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +import json +import requests +from requests_futures.sessions import FuturesSession +from pprint import pformat + + +class Api: + """ + Api class + Class to deal with the foreman API v2 + """ + def __init__(self, password, login='admin', ip='127.0.0.1', printErrors=False): + """ Function __init__ + Init the API with the connection params + + @param password: authentication password + @param password: authentication login - default is admin + @param ip: api ip - default is localhost + @return RETURN: self + """ + self.base_url = 'http://{}/api/v2/'.format(ip) + self.headers = {'Accept': 'version=2', + 'Content-Type': 'application/json; charset=UTF-8'} + self.auth = (login, password) + self.errorMsg = '' + self.printErrors = printErrors + + def list(self, obj, filter=False, only_id=False, limit=20): + """ Function list + Get the list of an object + + @param obj: object name ('hosts', 'puppetclasses'...) + @param filter: filter for objects + @param only_id: boolean to only return dict with name/id + @return RETURN: the list of the object + """ + self.url = '{}{}/?per_page={}'.format(self.base_url, obj, limit) + if filter: + self.url += '&search={}'.format(filter) + self.resp = requests.get(url=self.url, auth=self.auth, + headers=self.headers) + if only_id: + if self.__process_resp__(obj) is False: + return False + if type(self.res['results']) is list: + return dict((x['name'], x['id']) for x in self.res['results']) + elif type(self.res['results']) is dict: + r = {} + for v in self.res['results'].values(): + for vv in v: + r[vv['name']] = vv['id'] + return r + else: + return False + else: + return self.__process_resp__(obj) + + def get(self, obj, id, sub_object=None): + """ Function get + Get an object by id + + @param obj: object name ('hosts', 'puppetclasses'...) + @param id: the id of the object (name or id) + @return RETURN: the targeted object + """ + self.url = '{}{}/{}'.format(self.base_url, obj, id) + if sub_object: + self.url += '/' + sub_object + self.resp = requests.get(url=self.url, auth=self.auth, + headers=self.headers) + if self.__process_resp__(obj): + return self.res + return False + + def get_id_by_name(self, obj, name): + """ Function get_id_by_name + Get the id of an object + + @param obj: object name ('hosts', 'puppetclasses'...) + @param id: the id of the object (name or id) + @return RETURN: the targeted object + """ + list = self.list(obj, filter='name = "{}"'.format(name), + only_id=True, limit=1) + return list[name] if name in list.keys() else False + + def set(self, obj, id, payload, action='', async=False): + """ Function set + Set an object by id + + @param obj: object name ('hosts', 'puppetclasses'...) + @param id: the id of the object (name or id) + @param action: specific action of an object ('power'...) + @param payload: the dict of the payload + @param async: should this request be async, if true use + return.result() to get the response + @return RETURN: the server response + """ + self.url = '{}{}/{}'.format(self.base_url, obj, id) + if action: + self.url += '/{}'.format(action) + self.payload = json.dumps(payload) + if async: + session = FuturesSession() + return session.put(url=self.url, auth=self.auth, + headers=self.headers, data=self.payload) + else: + self.resp = requests.put(url=self.url, auth=self.auth, + headers=self.headers, data=self.payload) + if self.__process_resp__(obj): + return self.res + return False + + def create(self, obj, payload, async=False): + """ Function create + Create an new object + + @param obj: object name ('hosts', 'puppetclasses'...) + @param payload: the dict of the payload + @param async: should this request be async, if true use + return.result() to get the response + @return RETURN: the server response + """ + self.url = self.base_url + obj + self.payload = json.dumps(payload) + if async: + session = FuturesSession() + return session.post(url=self.url, auth=self.auth, + headers=self.headers, data=self.payload) + else: + self.resp = requests.post(url=self.url, auth=self.auth, + headers=self.headers, + data=self.payload) + return self.__process_resp__(obj) + + def delete(self, obj, id): + """ Function delete + Delete an object by id + + @param obj: object name ('hosts', 'puppetclasses'...) + @param id: the id of the object (name or id) + @return RETURN: the server response + """ + self.url = '{}{}/{}'.format(self.base_url, obj, id) + self.resp = requests.delete(url=self.url, + auth=self.auth, + headers=self.headers, ) + return self.__process_resp__(obj) + + def __process_resp__(self, obj): + """ Function __process_resp__ + Process the response sent by the server and store the result + + @param obj: object name ('hosts', 'puppetclasses'...) + @return RETURN: the server response + """ + self.last_obj = obj + if self.resp.status_code > 299: + self.errorMsg = ">> Error {} for object '{}'".format(self.resp.status_code, + self.last_obj) + try: + self.ret = json.loads(self.resp.text) + self.errorMsg += pformat(self.ret[list(self.ret.keys())[0]]) + except: + self.ret = self.resp.text + self.errorMsg += self.ret + if self.printErrors: + print(self.errorMsg) + return False + self.res = json.loads(self.resp.text) + if 'results' in self.res.keys(): + return self.res['results'] + return self.res + + def __str__(self): + ret = pformat(self.base_url) + "\n" + ret += pformat(self.headers) + "\n" + ret += pformat(self.auth) + "\n" + return ret diff --git a/opensteak/tools/opensteak/foreman_objects/architectures.py b/opensteak/tools/opensteak/foreman_objects/architectures.py new file mode 100644 index 0000000..5e4303e --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/architectures.py @@ -0,0 +1,49 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects + + +class Architectures(ForemanObjects): + """ + Architectures class + """ + objName = 'architectures' + payloadObj = 'architecture' + + def checkAndCreate(self, key, payload, osIds): + """ Function checkAndCreate + Check if an architectures exists and create it if not + + @param key: The targeted architectures + @param payload: The targeted architectures description + @param osIds: The list of os ids liked with this architecture + @return RETURN: The id of the object + """ + if key not in self: + self[key] = payload + oid = self[key]['id'] + if not oid: + return False + #~ To be sure the OS list is good, we ensure our os are in the list + for os in self[key]['operatingsystems']: + osIds.add(os['id']) + self[key]["operatingsystem_ids"] = list(osIds) + if (len(self[key]['operatingsystems']) is not len(osIds)): + return False + return oid diff --git a/opensteak/tools/opensteak/foreman_objects/compute_resources.py b/opensteak/tools/opensteak/foreman_objects/compute_resources.py new file mode 100644 index 0000000..9ada9c4 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/compute_resources.py @@ -0,0 +1,62 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.item import ForemanItem + + +class ComputeResources(ForemanObjects): + """ + HostGroups class + """ + objName = 'compute_resources' + payloadObj = 'compute_resource' + + def list(self): + """ Function list + list the hostgroups + + @return RETURN: List of ForemanItemHostsGroup objects + """ + return list(map(lambda x: ForemanItem(self.api, x['id'], x), + self.api.list(self.objName))) + + def __getitem__(self, key): + """ Function __getitem__ + Get an hostgroup + + @param key: The hostgroup name or ID + @return RETURN: The ForemanItemHostsGroup object of an host + """ + # Because Hostgroup did not support get by name we need to do it by id + if type(key) is not int: + key = self.getId(key) + ret = self.api.get(self.objName, key) + return ForemanItem(self.api, key, ret) + + def __delitem__(self, key): + """ Function __delitem__ + Delete an hostgroup + + @param key: The hostgroup name or ID + @return RETURN: The API result + """ + # Because Hostgroup did not support get by name we need to do it by id + if type(key) is not int: + key = self.getId(key) + return self.api.delete(self.objName, key) diff --git a/opensteak/tools/opensteak/foreman_objects/domains.py b/opensteak/tools/opensteak/foreman_objects/domains.py new file mode 100644 index 0000000..753833f --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/domains.py @@ -0,0 +1,44 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects + + +class Domains(ForemanObjects): + """ + Domain class + """ + objName = 'domains' + payloadObj = 'domain' + + def load(self, id='0', name=''): + """ Function load + To be rewriten + + @param id: The Domain ID + @return RETURN: DESCRIPTION + """ + + if name: + id = self.__getIdByName__(name) + self.data = self.foreman.get('domains', id) + if 'parameters' in self.data: + self.params = self.data['parameters'] + else: + self.params = [] + self.name = self.data['name'] diff --git a/opensteak/tools/opensteak/foreman_objects/freeip.py b/opensteak/tools/opensteak/foreman_objects/freeip.py new file mode 100644 index 0000000..86c003f --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/freeip.py @@ -0,0 +1,79 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +#~ from foreman.api import Api +import requests +from bs4 import BeautifulSoup +import sys +import json + +class FreeIP: + """ FreeIP return an available IP in the targeted network """ + + def __init__ (self, login, password): + """ Init: get authenticity token """ + with requests.session() as self.session: + try: + #~ 1/ Get login token and authentify + payload = {} + log_soup = BeautifulSoup(self.session.get('https://127.0.0.1/users/login', verify=False).text) + payload['utf8'] = log_soup.findAll('input',attrs={'name':'utf8'})[0].get('value') + payload['authenticity_token'] = log_soup.findAll('input',attrs={'name':'authenticity_token'})[0].get('value') + if payload['authenticity_token'] == None: + raise requests.exceptions.RequestException("Bad catch of authenticity_token") + payload['commit']='Login' + payload['login[login]'] = login + payload['login[password]'] = password + #~ 2/ Log in + r = self.session.post('https://127.0.0.1/users/login', verify=False, data=payload) + if r.status_code != 200: + raise requests.exceptions.RequestException("Bad login or password") + #~ Get token for host creation + log_soup = BeautifulSoup(self.session.get('https://127.0.0.1/hosts/new', verify=False).text) + self.authenticity_token = log_soup.findAll('input',attrs={'name':'authenticity_token'})[0].get('value') + if payload['authenticity_token'] == None: + raise requests.exceptions.RequestException("Bad catch of authenticity_token") + except requests.exceptions.RequestException as e: + print("Error connection Foreman to get a free ip") + print(e) + sys.exit(1) + pass + + def get(self, subnet, mac = ""): + payload = {"host_mac": mac, "subnet_id": subnet} + payload['authenticity_token'] = self.authenticity_token + try: + self.last_ip = json.loads(self.session.post('https://127.0.0.1/subnets/freeip', verify=False, data=payload).text)['ip'] + if payload['authenticity_token'] == None: + raise requests.exceptions.RequestException("Error getting free IP") + except requests.exceptions.RequestException as e: + print("Error connection Foreman to get a free ip") + print(e) + sys.exit(1) + return self.last_ip + + + +if __name__ == "__main__": + import pprint + import sys + if len(sys.argv) == 4: + f = FreeIP(sys.argv[1], sys.argv[2]) + print(f.get(sys.argv[3])) + else: + print('Error: Usage\npython {} foreman_user foreman_password subnet'.format(sys.argv[0])) diff --git a/opensteak/tools/opensteak/foreman_objects/hostgroups.py b/opensteak/tools/opensteak/foreman_objects/hostgroups.py new file mode 100644 index 0000000..55b8ba6 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/hostgroups.py @@ -0,0 +1,103 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.itemHostsGroup import ItemHostsGroup +from pprint import pprint as pp + + +class HostGroups(ForemanObjects): + """ + HostGroups class + """ + objName = 'hostgroups' + payloadObj = 'hostgroup' + + def list(self): + """ Function list + list the hostgroups + + @return RETURN: List of ItemHostsGroup objects + """ + return list(map(lambda x: ItemHostsGroup(self.api, x['id'], x), + self.api.list(self.objName))) + + def __getitem__(self, key): + """ Function __getitem__ + Get an hostgroup + + @param key: The hostgroup name or ID + @return RETURN: The ItemHostsGroup object of an host + """ + # Because Hostgroup did not support get by name we need to do it by id + if type(key) is not int: + key = self.getId(key) + ret = self.api.get(self.objName, key) + return ItemHostsGroup(self.api, key, ret) + + def __delitem__(self, key): + """ Function __delitem__ + Delete an hostgroup + + @param key: The hostgroup name or ID + @return RETURN: The API result + """ + # Because Hostgroup did not support get by name we need to do it by id + if type(key) is not int: + key = self.getId(key) + return self.api.delete(self.objName, key) + + def checkAndCreate(self, key, payload, + hostgroupConf, + hostgroupParent, + puppetClassesId): + """ Function checkAndCreate + check And Create procedure for an hostgroup + - check the hostgroup is not existing + - create the hostgroup + - Add puppet classes from puppetClassesId + - Add params from hostgroupConf + + @param key: The hostgroup name or ID + @param payload: The description of the hostgroup + @param hostgroupConf: The configuration of the host group from the + foreman.conf + @param hostgroupParent: The id of the parent hostgroup + @param puppetClassesId: The dict of puppet classes ids in foreman + @return RETURN: The ItemHostsGroup object of an host + """ + if key not in self: + self[key] = payload + oid = self[key]['id'] + if not oid: + return False + + # Create Hostgroup classes + hostgroupClassIds = self[key]['puppetclass_ids'] + if 'classes' in hostgroupConf.keys(): + if not self[key].checkAndCreateClasses(puppetClassesId.values()): + print("Failed in classes") + return False + + # Set params + if 'params' in hostgroupConf.keys(): + if not self[key].checkAndCreateParams(hostgroupConf['params']): + print("Failed in params") + return False + + return oid diff --git a/opensteak/tools/opensteak/foreman_objects/hosts.py b/opensteak/tools/opensteak/foreman_objects/hosts.py new file mode 100644 index 0000000..95d47af --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/hosts.py @@ -0,0 +1,142 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.itemHost import ItemHost +import time + + +class Hosts(ForemanObjects): + """ + Host sclass + """ + objName = 'hosts' + payloadObj = 'host' + + def list(self): + """ Function list + list the hosts + + @return RETURN: List of ItemHost objects + """ + return list(map(lambda x: ItemHost(self.api, x['id'], x), + self.api.list(self.objName))) + + def __getitem__(self, key): + """ Function __getitem__ + Get an host + + @param key: The host name or ID + @return RETURN: The ItemHost object of an host + """ + return ItemHost(self.api, key, self.api.get(self.objName, key)) + + def __printProgression__(self, status, msg, eol): + """ Function __printProgression__ + Print the creation progression or not + It uses the foreman.printer lib + + @param status: Status of the message + @param msg: Message + @param eol: End Of Line (to get a new line or not) + @return RETURN: None + """ + if self.printHostProgress: + self.__printProgression__(status, msg, eol=eol) + + def createVM(self, key, attributes, printHostProgress=False): + """ Function createVM + Create a Virtual Machine + + The creation of a VM with libVirt is a bit complexe. + We first create the element in foreman, the ask to start before + the result of the creation. + To do so, we make async calls to the API and check the results + + @param key: The host name or ID + @param attributes:The payload of the host creation + @param printHostProgress: The link to opensteak.printerlib + to print or not the + progression of the host creation + @return RETURN: The API result + """ + + self.printHostProgress = printHostProgress + self.async = True + # Create the VM in foreman + self.__printProgression__('In progress', + key + ' creation: push in Foreman', eol='\r') + future1 = self.api.create('hosts', attributes, async=True) + + # Wait before asking to power on the VM + sleep = 5 + for i in range(0, sleep): + time.sleep(1) + self.__printProgression__('In progress', + key + ' creation: start in {0}s' + .format(sleep - i), + eol='\r') + + # Power on the VM + self.__printProgression__('In progress', + key + ' creation: starting', eol='\r') + future2 = self[key].powerOn() + + # Show Power on result + if future2.result().status_code is 200: + self.__printProgression__('In progress', + key + ' creation: wait for end of boot', + eol='\r') + else: + self.__printProgression__(False, + key + ' creation: Error', + failed=str(future2.result().status_code)) + return False + # Show creation result + if future1.result().status_code is 200: + self.__printProgression__('In progress', + key + ' creation: created', + eol='\r') + else: + self.__printProgression__(False, + key + ' creation: Error', + failed=str(future1.result().status_code)) + return False + + # Wait for puppet catalog to be applied + loop_stop = False + while not loop_stop: + status = self[key].getStatus() + if status == 'No Changes' or status == 'Active': + self.__printProgression__(True, + key + ' creation: provisioning OK') + loop_stop = True + elif status == 'Error': + self.__printProgression__(False, + key + ' creation: Error', + failed="Error during provisioning") + loop_stop = True + return False + else: + self.__printProgression__('In progress', + key + ' creation: provisioning ({})' + .format(status), + eol='\r') + time.sleep(5) + + return True diff --git a/opensteak/tools/opensteak/foreman_objects/item.py b/opensteak/tools/opensteak/foreman_objects/item.py new file mode 100644 index 0000000..f418f8c --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/item.py @@ -0,0 +1,135 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# David Blaisonneau <david.blaisonneau@orange.com> +# Arnaud Morin <arnaud1.morin@orange.com> + +from pprint import pprint as pp + + +class ForemanItem(dict): + """ + Item class + Represent the content of a foreman object as a dict + """ + + def __init__(self, api, key, + objName, payloadObj, + *args, **kwargs): + """ Function __init__ + Represent the content of a foreman object as a dict + + @param api: The foreman api + @param key: The object Key + @param *args, **kwargs: the dict representation + @return RETURN: Itself + """ + self.api = api + self.key = key + if objName: + self.objName = objName + if payloadObj: + self.payloadObj = payloadObj + self.store = dict() + if args[0]: + self.update(dict(*args, **kwargs)) + # We get the smart class parameters for the good items + if objName in ['hosts', 'hostgroups', + 'puppet_classes', 'environments']: + from opensteak.foreman_objects.itemSmartClassParameter\ + import ItemSmartClassParameter + scp_ids = map(lambda x: x['id'], + self.api.list('{}/{}/smart_class_parameters' + .format(self.objName, key))) + scp_items = list(map(lambda x: ItemSmartClassParameter(self.api, x, + self.api.get('smart_class_parameters', x)), + scp_ids)) + scp = {'{}::{}'.format(x['puppetclass']['name'], + x['parameter']): x + for x in scp_items} + self.update({'smart_class_parameters_dict': scp}) + + def __setitem__(self, key, attributes): + """ Function __setitem__ + Set a parameter of a foreman object as a dict + + @param key: The key to modify + @param attribute: The data + @return RETURN: The API result + """ + if key is 'puppetclass_ids': + payload = {"puppetclass_id": attributes, + self.payloadObj + "_class": + {"puppetclass_id": attributes}} + return self.api.create("{}/{}/{}" + .format(self.objName, + self.key, + "puppetclass_ids"), + payload) + elif key is 'parameters': + payload = {"parameter": attributes} + return self.api.create("{}/{}/{}" + .format(self.objName, + self.key, + "parameters"), + payload) + else: + payload = {self.payloadObj: {key: attributes}} + return self.api.set(self.objName, self.key, payload) + + def getParam(self, name=None): + """ Function getParam + Return a dict of parameters or a parameter value + + @param key: The parameter name + @return RETURN: dict of parameters or a parameter value + """ + if 'parameters' in self.keys(): + l = {x['name']: x['value'] for x in self['parameters']} + if name: + if name in l.keys(): + return l[name] + else: + return False + else: + return l + + def checkAndCreateClasses(self, classes): + """ Function checkAndCreateClasses + Check and add puppet classe + + @param key: The parameter name + @param classes: The classes ids list + @return RETURN: boolean + """ + actual_classes = self['puppetclass_ids'] + for v in classes: + if v not in actual_classes: + self['puppetclass_ids'] = v + return list(classes).sort() is list(self['puppetclass_ids']).sort() + + def checkAndCreateParams(self, params): + """ Function checkAndCreateParams + Check and add global parameters + + @param key: The parameter name + @param params: The params dict + @return RETURN: boolean + """ + actual_params = self['param_ids'] + for k, v in params.items(): + if k not in actual_params: + self['parameters'] = {"name": k, "value": v} + return self['param_ids'].sort() == list(params.values()).sort() diff --git a/opensteak/tools/opensteak/foreman_objects/itemHost.py b/opensteak/tools/opensteak/foreman_objects/itemHost.py new file mode 100644 index 0000000..c531e5c --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/itemHost.py @@ -0,0 +1,141 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +import base64 +from string import Template +from opensteak.foreman_objects.item import ForemanItem + + +class ItemHost(ForemanItem): + """ + ItemHostsGroup class + Represent the content of a foreman hostgroup as a dict + """ + + objName = 'hosts' + payloadObj = 'host' + + def __init__(self, api, key, *args, **kwargs): + """ Function __init__ + Represent the content of a foreman object as a dict + + @param api: The foreman api + @param key: The object Key + @param *args, **kwargs: the dict representation + @return RETURN: Itself + """ + ForemanItem.__init__(self, api, key, + self.objName, self.payloadObj, + *args, **kwargs) + self.update({'puppetclass_ids': + self.api.list('{}/{}/puppetclass_ids' + .format(self.objName, key))}) + self.update({'param_ids': + list(self.api.list('{}/{}/parameters' + .format(self.objName, key), + only_id=True) + .keys())}) + + + def getStatus(self): + """ Function getStatus + Get the status of an host + + @return RETURN: The host status + """ + return self.api.get('hosts', self.key, 'status')['status'] + + def powerOn(self): + """ Function powerOn + Power on a host + + @return RETURN: The API result + """ + return self.api.set('hosts', self.key, + {"power_action": "start"}, + 'power', async=self.async) + + def getParamFromEnv(self, var, default=''): + """ Function getParamFromEnv + Search a parameter in the host environment + + @param var: the var name + @param hostgroup: the hostgroup item linked to this host + @param default: default value + @return RETURN: the value + """ + if self.getParam(var): + return self.getParam(var) + if self.hostgroup: + if self.hostgroup.getParam(var): + return self.hostgroup.getParam(var) + if self.domain.getParam('password'): + return self.domain.getParam('password') + else: + return default + + def getUserData(self, + hostgroup, + domain, + defaultPwd='', + defaultSshKey='', + proxyHostname='', + tplFolder='templates_metadata/'): + """ Function getUserData + Generate a userdata script for metadata server from Foreman API + + @param domain: the domain item linked to this host + @param hostgroup: the hostgroup item linked to this host + @param defaultPwd: the default password if no password is specified + in the host>hostgroup>domain params + @param defaultSshKey: the default ssh key if no password is specified + in the host>hostgroup>domain params + @param proxyHostname: hostname of the smartproxy + @param tplFolder: the templates folder + @return RETURN: the user data + """ + if 'user-data' in self.keys(): + return self['user-data'] + else: + self.hostgroup = hostgroup + self.domain = domain + if proxyHostname == '': + proxyHostname = 'foreman.' + domain + password = self.getParamFromEnv('password', defaultPwd) + sshauthkeys = self.getParamFromEnv('global_sshkey', defaultSshKey) + with open(tplFolder+'puppet.conf', 'rb') as puppet_file: + p = MyTemplate(puppet_file.read()) + enc_puppet_file = base64.b64encode(p.substitute( + foremanHostname=proxyHostname)) + with open(tplFolder+'cloud-init.tpl', 'r') as content_file: + s = MyTemplate(content_file.read()) + if sshauthkeys: + sshauthkeys = ' - '+sshauthkeys + self.userdata = s.substitute( + password=password, + fqdn=self['name'], + sshauthkeys=sshauthkeys, + foremanurlbuilt="http://{}/unattended/built" + .format(proxyHostname), + puppet_conf_content=enc_puppet_file.decode('utf-8')) + return self.userdata + + +class MyTemplate(Template): + delimiter = '%' + idpattern = r'[a-z][_a-z0-9]*' diff --git a/opensteak/tools/opensteak/foreman_objects/itemHostsGroup.py b/opensteak/tools/opensteak/foreman_objects/itemHostsGroup.py new file mode 100644 index 0000000..d6a641c --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/itemHostsGroup.py @@ -0,0 +1,50 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.item import ForemanItem + + +class ItemHostsGroup(ForemanItem): + """ + ItemHostsGroup class + Represent the content of a foreman hostgroup as a dict + """ + + objName = 'hostgroups' + payloadObj = 'hostgroup' + + def __init__(self, api, key, *args, **kwargs): + """ Function __init__ + Represent the content of a foreman object as a dict + + @param api: The foreman api + @param key: The object Key + @param *args, **kwargs: the dict representation + @return RETURN: Itself + """ + ForemanItem.__init__(self, api, key, + self.objName, self.payloadObj, + *args, **kwargs) + self.update({'puppetclass_ids': + self.api.list('{}/{}/puppetclass_ids' + .format(self.objName, key))}) + self.update({'param_ids': + list(self.api.list('{}/{}/parameters' + .format(self.objName, key), + only_id=True) + .keys())}) diff --git a/opensteak/tools/opensteak/foreman_objects/itemOverrideValues.py b/opensteak/tools/opensteak/foreman_objects/itemOverrideValues.py new file mode 100644 index 0000000..936185e --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/itemOverrideValues.py @@ -0,0 +1,61 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + + +from opensteak.foreman_objects.item import ForemanItem +from pprint import pprint as pp + +class ItemOverrideValues(ForemanItem): + """ + ItemOverrideValues class + Represent the content of a foreman smart class parameter as a dict + """ + + objName = 'override_values' + payloadObj = 'override_value' + + def __init__(self, api, key, parentName, parentKey, *args, **kwargs): + """ Function __init__ + Represent the content of a foreman object as a dict + + @param api: The foreman api + @param key: The object Key + @param parentName: The object parent name (eg: smart_class_parameter) + @param parentKey: The object parent key + @param *args, **kwargs: the dict representation + @return RETURN: Itself + """ + self.parentName = parentName + self.parentKey = parentKey + ForemanItem.__init__(self, api, key, + self.objName, self.payloadObj, + *args, **kwargs) + + def __setitem__(self, key, attributes): + """ Function __setitem__ + Set a parameter of a foreman object as a dict + + @param key: The key to modify + @param attribute: The data + @return RETURN: The API result + """ + payload = {self.payloadObj: {key: attributes}} + return self.api.set('{}/{}/{}'.format(self.parentName, + self.parentKey, + self.objName), + self.key, payload) diff --git a/opensteak/tools/opensteak/foreman_objects/itemSmartClassParameter.py b/opensteak/tools/opensteak/foreman_objects/itemSmartClassParameter.py new file mode 100644 index 0000000..2d7ca2a --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/itemSmartClassParameter.py @@ -0,0 +1,62 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + + +from opensteak.foreman_objects.item import ForemanItem +from opensteak.foreman_objects.itemOverrideValues import ItemOverrideValues + + +class ItemSmartClassParameter(ForemanItem): + """ + ItemSmartClassParameter class + Represent the content of a foreman smart class parameter as a dict + """ + + objName = 'smart_class_parameters' + payloadObj = 'smart_class_parameter' + + def __init__(self, api, key, *args, **kwargs): + """ Function __init__ + Represent the content of a foreman object as a dict + + @param api: The foreman api + @param key: The object Key + @param *args, **kwargs: the dict representation + @return RETURN: Itself + """ + ForemanItem.__init__(self, api, key, + self.objName, self.payloadObj, + *args, **kwargs) + self.update({'override_values': + list(map(lambda x: ItemOverrideValues(self.api, + x['id'], + self.objName, + key, + x), + self['override_values']))}) + + def __setitem__(self, key, attributes): + """ Function __setitem__ + Set a parameter of a foreman object as a dict + + @param key: The key to modify + @param attribute: The data + @return RETURN: The API result + """ + payload = {self.payloadObj: {key: attributes}} + return self.api.set(self.objName, self.key, payload) diff --git a/opensteak/tools/opensteak/foreman_objects/objects.py b/opensteak/tools/opensteak/foreman_objects/objects.py new file mode 100644 index 0000000..c20c5a1 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/objects.py @@ -0,0 +1,136 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.item import ForemanItem + + +class ForemanObjects: + """ + ForemanObjects class + Parent class for Foreman Objects + """ + + def __init__(self, api, objName=None, payloadObj=None): + """ Function __init__ + Init the foreman object + + @param api: The foreman API + @param objName: The object name (linked with the Foreman API) + @param payloadObj: The object name inside the payload (in general + the singular of objName) + @return RETURN: Itself + """ + + self.api = api + if objName: + self.objName = objName + if payloadObj: + self.payloadObj = payloadObj + # For asynchronous creations + self.async = False + + def __iter__(self): + """ Function __iter__ + + @return RETURN: The iteration of objects list + """ + return iter(self.list()) + + def __getitem__(self, key): + """ Function __getitem__ + + @param key: The targeted object + @return RETURN: A ForemanItem + """ + return ForemanItem(self.api, + key, + self.objName, + self.payloadObj, + self.api.get(self.objName, key)) + + def __setitem__(self, key, attributes): + """ Function __setitem__ + + @param key: The targeted object + @param attributes: The attributes to apply to the object + @return RETURN: API result if the object was not present, or False + """ + if key not in self: + payload = {self.payloadObj: {'name': key}} + payload[self.payloadObj].update(attributes) + return self.api.create(self.objName, payload, async=self.async) + return False + + def __delitem__(self, key): + """ Function __delitem__ + + @return RETURN: API result + """ + return self.api.delete(self.objName, key) + + def __contains__(self, key): + """ Function __contains__ + + @param key: The targeted object + @return RETURN: True if the object exists + """ + return bool(key in self.listName().keys()) + + def getId(self, key): + """ Function getId + Get the id of an object + + @param key: The targeted object + @return RETURN: The ID + """ + return self.api.get_id_by_name(self.objName, key) + + def list(self, limit=20): + """ Function list + Get the list of all objects + + @param key: The targeted object + @param limit: The limit of items to return + @return RETURN: A ForemanItem list + """ + return list(map(lambda x: + ForemanItem(self.api, x['id'], + self.objName, self.payloadObj, + x), + self.api.list(self.objName, limit=limit))) + + def listName(self): + """ Function listName + Get the list of all objects name with Ids + + @param key: The targeted object + @return RETURN: A dict of obejct name:id + """ + return self.api.list(self.objName, limit=999999, only_id=True) + + def checkAndCreate(self, key, payload): + """ Function checkAndCreate + Check if an object exists and create it if not + + @param key: The targeted object + @param payload: The targeted object description + @return RETURN: The id of the object + """ + if key not in self: + self[key] = payload + return self[key]['id'] diff --git a/opensteak/tools/opensteak/foreman_objects/operatingsystems.py b/opensteak/tools/opensteak/foreman_objects/operatingsystems.py new file mode 100644 index 0000000..8cce606 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/operatingsystems.py @@ -0,0 +1,66 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.item import ForemanItem + + +class OperatingSystems(ForemanObjects): + """ + OperatingSystems class + """ + objName = 'operatingsystems' + payloadObj = 'operatingsystem' + + def __getitem__(self, key): + """ Function __getitem__ + + @param key: The operating system id/name + @return RETURN: The item + """ + ret = self.api.list(self.objName, + filter='title = "{}"'.format(key)) + if len(ret): + return ForemanItem(self.api, key, + self.objName, self.payloadObj, + ret[0]) + else: + return None + + def __setitem__(self, key, attributes): + """ Function __getitem__ + + @param key: The operating system id/name + @param attributes: The content of the operating system to create + @return RETURN: The API result + """ + if key not in self: + payload = {self.payloadObj: {'title': key}} + payload[self.payloadObj].update(attributes) + return self.api.create(self.objName, payload) + return False + + def listName(self): + """ Function listName + Get the list of all objects name with Ids + + @param key: The targeted object + @return RETURN: A dict of obejct name:id + """ + return { x['title']: x['id'] for x in self.api.list(self.objName, + limit=999999)} diff --git a/opensteak/tools/opensteak/foreman_objects/puppetClasses.py b/opensteak/tools/opensteak/foreman_objects/puppetClasses.py new file mode 100644 index 0000000..7f397f2 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/puppetClasses.py @@ -0,0 +1,46 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects +from opensteak.foreman_objects.item import ForemanItem +from pprint import pprint as pp + + +class PuppetClasses(ForemanObjects): + """ + OperatingSystems class + """ + objName = 'puppetclasses' + payloadObj = 'puppetclass' + + def list(self, limit=20): + """ Function list + Get the list of all objects + + @param key: The targeted object + @param limit: The limit of items to return + @return RETURN: A ForemanItem list + """ + puppetClassList = list() + for v in self.api.list(self.objName, limit=limit).values(): + puppetClassList.extend(v) + return list(map(lambda x: + ForemanItem(self.api, x['id'], + self.objName, self.payloadObj, + x), + puppetClassList)) diff --git a/opensteak/tools/opensteak/foreman_objects/smart_proxies.py b/opensteak/tools/opensteak/foreman_objects/smart_proxies.py new file mode 100644 index 0000000..2d6518b --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/smart_proxies.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects + + +class SmartProxies(ForemanObjects): + """ + Domain class + """ + objName = 'smart_proxies' + payloadObj = 'smart_proxy' + + def importPuppetClasses(self, smartProxyId): + """ Function importPuppetClasses + Force the reload of puppet classes + + @param smartProxyId: smartProxy Id + @return RETURN: the API result + """ + return self.api.create('smart_proxies/{}/import_puppetclasses'.format(smartProxyId), '{}') diff --git a/opensteak/tools/opensteak/foreman_objects/subnets.py b/opensteak/tools/opensteak/foreman_objects/subnets.py new file mode 100644 index 0000000..b1cac54 --- /dev/null +++ b/opensteak/tools/opensteak/foreman_objects/subnets.py @@ -0,0 +1,67 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +from opensteak.foreman_objects.objects import ForemanObjects + + +class Subnets(ForemanObjects): + """ + Subnets class + """ + objName = 'subnets' + payloadObj = 'subnet' + + def checkAndCreate(self, key, payload, domainId): + """ Function checkAndCreate + Check if a subnet exists and create it if not + + @param key: The targeted subnet + @param payload: The targeted subnet description + @param domainId: The domainId to be attached wiuth the subnet + @return RETURN: The id of the subnet + """ + if key not in self: + self[key] = payload + oid = self[key]['id'] + if not oid: + return False + #~ Ensure subnet contains the domain + subnetDomainIds = [] + for domain in self[key]['domains']: + subnetDomainIds.append(domain['id']) + if domainId not in subnetDomainIds: + subnetDomainIds.append(domainId) + self[key]["domain_ids"] = subnetDomainIds + if len(self[key]["domains"]) is not len(subnetDomainIds): + return False + return oid + + def removeDomain(self, subnetId, domainId): + """ Function removeDomain + Delete a domain from a subnet + + @param subnetId: The subnet Id + @param domainId: The domainId to be attached wiuth the subnet + @return RETURN: boolean + """ + subnetDomainIds = [] + for domain in self[subnetId]['domains']: + subnetDomainIds.append(domain['id']) + subnetDomainIds.remove(domainId) + self[subnetId]["domain_ids"] = subnetDomainIds + return len(self[subnetId]["domains"]) is len(subnetDomainIds) diff --git a/opensteak/tools/opensteak/printer.py b/opensteak/tools/opensteak/printer.py new file mode 100644 index 0000000..98c5af5 --- /dev/null +++ b/opensteak/tools/opensteak/printer.py @@ -0,0 +1,141 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +import sys + + +class OpenSteakPrinter: + """ Just a nice message printer """ + HEADER = '\033[95m' + OKBLUE = '\033[94m' + OKGREEN = '\033[92m' + WARNING = '\033[93m' + FAIL = '\033[91m' + ENDC = '\033[0m' + BOLD = '\033[1m' + UNDERLINE = '\033[4m' + + TABSIZE = 4 + + def header(self, msg): + """ Function header + Print a header for a block + + @param msg: The message to print in the header (limited to 78 chars) + @return RETURN: None + """ + print(""" +# +# {} +# +""".format(msg[0:78])) + + def config(self, msg, name, value=None, indent=0): + """ Function config + Print a line with the value of a parameter + + @param msg: The message to print in the header (limited to 78 chars) + @param name: The name of the prameter + @param value: The value of the parameter + @param indent: Tab size at the beginning of the line + @return RETURN: None + """ + ind = ' ' * indent * self.TABSIZE + if value is None: + print('{} - {} = {}'.format(ind, msg, name)) + elif value is False: + print('{} [{}KO{}] {} > {} (NOT found)'. + format(ind, self.FAIL, self.ENDC, msg, name)) + else: + print('{} [{}OK{}] {} > {} = {}'. + format(ind, self.OKGREEN, self.ENDC, msg, name, str(value))) + + def list(self, msg, indent=0): + """ Function list + Print a list item + + @param msg: The message to print in the header (limited to 78 chars) + @param indent: Tab size at the beginning of the line + @return RETURN: None + """ + print(' ' * indent * self.TABSIZE, '-', msg) + + def list_id(self, dic, indent=0): + """ Function list_id + Print a list of dict items + + @param dic: The dict to print + @param indent: Tab size at the beginning of the line + @return RETURN: None + """ + for (k, v) in dic.items(): + self.list("{}: {}".format(k, v), indent=indent) + + def status(self, res, msg, failed="", eol="\n", quit=True, indent=0): + """ Function status + Print status message + - OK/KO if the result is a boolean + - Else the result text + + @param res: The status to show + @param msg: The message to show + @param eol: End of line + @param quit: Exit the system in case of failure + @param indent: Tab size at the beginning of the line + @return RETURN: None + """ + ind = ' ' * indent * self.TABSIZE + if res is True: + msg = '{} [{}OK{}] {}'.format(ind, self.OKGREEN, self.ENDC, msg) + elif res: + msg = '{} [{}{}{}] {}'.format(ind, self.OKBLUE, res, + self.ENDC, msg) + else: + msg = '{} [{}KO{}] {}'.format(ind, self.FAIL, self.ENDC, msg) + if failed: + msg += '\n > {}'.format(failed) + msg = msg.ljust(140) + eol + sys.stdout.write(msg) + if res is False and quit is True: + sys.exit(0) + + def ask_validation(self, prompt=None, resp=False): + """ Function ask_validation + Ask a validation message + + @param prompt: The question to ask ('Continue ?') if None + @param resp: The default value (Default is False) + @return RETURN: Trie or False + """ + if prompt is None: + prompt = 'Continue ?' + if resp: + prompt += ' [{}Y{}/n]: '.format(self.BOLD, self.ENDC) + else: + prompt += ' [y/{}N{}]: '.format(self.BOLD, self.ENDC) + while True: + ans = input(prompt) + if not ans: + ans = 'y' if resp else 'n' + if ans not in ['y', 'Y', 'n', 'N']: + print('please enter y or n.') + continue + if ans == 'y' or ans == 'Y': + return True + if ans == 'n' or ans == 'N': + sys.exit(0) diff --git a/opensteak/tools/opensteak/templateparser.py b/opensteak/tools/opensteak/templateparser.py new file mode 100644 index 0000000..720f008 --- /dev/null +++ b/opensteak/tools/opensteak/templateparser.py @@ -0,0 +1,34 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +""" +Template parser +""" + +from string import Template + +class OpenSteakTemplateParser: + + def __init__(self, filein, fileout, dictionary): + """ + Parse the files with the dictionary + """ + fin = open(filein) + fout = open(fileout,'w') + template = Template(fin.read()) + fout.write(template.substitute(dictionary)) diff --git a/opensteak/tools/opensteak/virsh.py b/opensteak/tools/opensteak/virsh.py new file mode 100644 index 0000000..594b842 --- /dev/null +++ b/opensteak/tools/opensteak/virsh.py @@ -0,0 +1,174 @@ +#!/usr/bin/python3 +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +""" +Virsh library +""" + +import subprocess +import os + +class OpenSteakVirsh: + + virsh = "/usr/bin/virsh" + genisoimage = "/usr/bin/genisoimage" + environment = "" + + ### + # INIT + ### + def __init__(self): + self.environment = dict(os.environ) # Copy current environment + self.environment['LANG'] = 'en_US.UTF-8' + + + ### + # VOLUMES + ### + def volumeList(self, pool="default"): + """ + Return all volumes from a pool + """ + p = subprocess.Popen([self.virsh, "-q", "vol-list", pool], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + # Split lines + lines = stdout.splitlines() + + # Foreach line, split with space and construct a dictionnary + newLines = {} + for line in lines: + name, path = line.split(maxsplit=1) + newLines[name.strip()] = path.strip() + + return newLines + + def volumeDelete(self, path): + """ + Delete a volume + """ + p = subprocess.Popen([self.virsh, "-q", "vol-delete", path], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + def volumeClone(self, origin, name, pool="default"): + """ + Clone a volume + """ + p = subprocess.Popen([self.virsh, "-q", "vol-clone", "--pool", pool, origin, name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + def volumeResize(self, name, size, pool="default"): + """ + Resize a volume + """ + p = subprocess.Popen([self.virsh, "-q", "vol-resize", "--pool", pool, name, size], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + ### + # POOLS + ### + def poolRefresh(self, pool="default"): + """ + Refresh a pool + """ + p = subprocess.Popen([self.virsh, "-q", "pool-refresh", pool], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + ### + # DOMAINS + ### + def domainList(self): + """ + Return all domains (VM) + """ + p = subprocess.Popen([self.virsh, "-q", "list", "--all"], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + # Split lines + lines = stdout.splitlines() + + # Foreach line, split with space and construct a dictionnary + newLines = {} + for line in lines: + id, name, status = line.split(maxsplit=2) + newLines[name.strip()] = status.strip() + + return newLines + + def domainDefine(self, xml): + """ + Define a domain (create a VM) + """ + p = subprocess.Popen([self.virsh, "-q", "define", xml], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + def domainUndefine(self, name): + """ + Undefine a domain (delete a VM) + """ + p = subprocess.Popen([self.virsh, "-q", "undefine", name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + def domainStart(self, name): + """ + Define a domain (create a VM) + """ + p = subprocess.Popen([self.virsh, "-q", "start", name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + def domainDestroy(self, name): + """ + Destroy a domain (stop a VM) + """ + p = subprocess.Popen([self.virsh, "-q", "destroy", name], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + + ### + # ISO + ### + def generateConfiguration(self, name, files): + """ + Generate an ISO file + """ + + commandArray = [self.genisoimage, "-quiet", "-o", "/var/lib/libvirt/images/{0}-configuration.iso".format(name), "-volid", "cidata", "-joliet", "-rock"] + for k, f in files.items(): + commandArray.append(f) + + # Generate the iso file + p = subprocess.Popen(commandArray, stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, env=self.environment) + stdout, stderr = p.communicate() + + return {"stdout":stdout, "stderr":stderr} + diff --git a/opensteak/tools/templates_foreman/install.sh b/opensteak/tools/templates_foreman/install.sh new file mode 100644 index 0000000..497be86 --- /dev/null +++ b/opensteak/tools/templates_foreman/install.sh @@ -0,0 +1,216 @@ +#!/bin/sh +# -*- coding: utf-8 -*- +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Authors: +# @author: David Blaisonneau <david.blaisonneau@orange.com> +# @author: Arnaud Morin <arnaud1.morin@orange.com> + +### Set vars +NAME="${name}" +DOMAIN="${domain}" +DATEE=$$(date +%F-%Hh%M) +IP="${ip}" +MASK="${netmaskshort}" +NET="${network}" +DHCP_RANGE="${dhcprange}" +REVERSE_DNS="${reversedns}" +DNS_FORWARDER="${dns}" +ADMIN="${admin}" +PASSWORD="${password}" + +### Set correct env +#dpkg-reconfigure locales +export LC_CTYPE=en_US.UTF-8 +export LANG=en_US.UTF-8 +unset LC_ALL +umask 0022 + +### Check hostname is on the public interface +echo "* Ensure hostname point to external IP" +# Remove useless lines +perl -i -pe 's/^127.0.1.1.*\n$$//' /etc/hosts +perl -i -pe "s/^$${IP}.*\n$$//" /etc/hosts +# Append a line +echo "$${IP} $${NAME}.$${DOMAIN} $${NAME}" >> /etc/hosts + +### Dependencies +echo "* Install dependencies" +apt-get -y install ca-certificates wget git isc-dhcp-server + +### Set AppArmor +echo "* Set App armor" +cat /etc/apparmor.d/local/usr.sbin.dhcpd | grep '/etc/bind/rndc.key r,' >/dev/null +if [ $$? -eq 1 ] ; then + echo "/etc/bind/rndc.key r," >> /etc/apparmor.d/local/usr.sbin.dhcpd +fi + +### Prepare repos +echo "* Enable Puppet labs repo" +if [ "Z" = "Z$$(dpkg -l |grep 'ii puppetlabs-release')" ] ; then + wget https://apt.puppetlabs.com/puppetlabs-release-trusty.deb + dpkg -i puppetlabs-release-trusty.deb + apt-get update +fi + +# Install puppetmaster +echo "* Install puppetmaster" +if [ "Z" = "Z$$(dpkg -l |grep 'ii puppetmaster')" ] ; then + apt-get -y install puppetmaster +fi + +# Enable the Foreman repo +echo "* Enable Foreman repo" +if [ ! -e /etc/apt/sources.list.d/foreman.list ] ; then + echo "deb http://deb.theforeman.org/ trusty 1.8" > /etc/apt/sources.list.d/foreman.list + echo "deb http://deb.theforeman.org/ plugins 1.8" >> /etc/apt/sources.list.d/foreman.list + wget -q http://deb.theforeman.org/pubkey.gpg -O- | apt-key add - + apt-get update +fi + +### Install Foreman +echo "* Install foreman-installer" +if [ "Z" = "Z$$(dpkg -l |grep 'ii foreman-installer')" ] ; then + apt-get -y install foreman-installer +fi +if [ "Z" = "Z$$(gem list --local |grep rubyipmi)" ] ; then + gem install -q rubyipmi +fi + +### Execute foreman installer +echo "* Execute foreman installer" + +foreman-installer \ + --foreman-admin-username="$$ADMIN" \ + --foreman-admin-password="$$PASSWORD" \ + --enable-foreman-plugin-templates \ + --enable-foreman-plugin-discovery \ + --foreman-plugin-discovery-install-images=true \ + --enable-foreman-compute-libvirt + + +foreman-installer \ + --foreman-admin-username="$$ADMIN" \ + --foreman-admin-password="$$PASSWORD" \ + --enable-foreman-plugin-templates \ + --enable-foreman-plugin-discovery \ + --foreman-plugin-discovery-install-images=true \ + --enable-foreman-compute-libvirt \ + --enable-foreman-proxy \ + --foreman-proxy-bmc=true \ + --foreman-proxy-tftp=true \ + --foreman-proxy-tftp-servername="$$IP" \ + --foreman-proxy-dhcp=true \ + --foreman-proxy-dhcp-interface="eth0" \ + --foreman-proxy-dhcp-gateway="$$IP" \ + --foreman-proxy-dhcp-range="$$DHCP_RANGE" \ + --foreman-proxy-dhcp-nameservers="$$IP" \ + --foreman-proxy-dns=true \ + --foreman-proxy-dns-interface="eth0" \ + --foreman-proxy-dns-zone="$$DOMAIN" \ + --foreman-proxy-dns-reverse="$$REVERSE_DNS" \ + --foreman-proxy-dns-forwarders="$$DNS_FORWARDER" \ + --foreman-proxy-foreman-base-url="https://localhost" + +### Sync community templates for last ubuntu versions + +echo "* Sync community templates for last ubuntu versions" +foreman-rake templates:sync + +### Get and install OpenSteak files + +echo "* Get OpenSteak repos" +if [ -d /usr/local/opensteak ] ; then + cd /usr/local/opensteak + git pull +else + cd /usr/local/ + git clone https://github.com/Orange-OpenSource/opnfv.git -b foreman opensteak +fi +cd /usr/local/opensteak/infra/puppet_master + +echo "* Set puppet auth" +echo "*.$$DOMAIN" > /etc/puppet/autosign.conf +if [ -e /etc/puppet/auth.conf ] ; then + # Make a backup + mv /etc/puppet/auth.conf /etc/puppet/auth.conf.$$DATEE +fi +cp etc/puppet/auth.conf /etc/puppet/auth.conf +perl -i -pe "s/__NET__/$$NET/" /etc/puppet/auth.conf +perl -i -pe "s/__MASK__/$$MASK/" /etc/puppet/auth.conf + +# Set Hiera Conf +echo "* Push Hiera conf into /etc/puppet/" +if [ -e /etc/puppet/hiera.yaml ] ; then + # Make a backup + mv /etc/puppet/hiera.yaml /etc/puppet/hiera.yaml.$$DATEE +fi +cp etc/puppet/hiera.yaml /etc/puppet/hiera.yaml +if [ -e /etc/hiera.yaml ] ; then + rm /etc/hiera.yaml +fi +ln -s /etc/puppet/hiera.yaml /etc/hiera.yaml +cp -rf etc/puppet/hieradata /etc/puppet/ +rename s/DOMAIN/$$DOMAIN/ /etc/puppet/hieradata/production/nodes/*.yaml +cp etc/puppet/manifests/site.pp /etc/puppet/manifests/site.pp +cp ../config/common.yaml /etc/puppet/hieradata/production/common.yaml +chgrp puppet /etc/puppet/hieradata/production/*.yaml + +# Install and config r10k +echo "* Install and setup r10k" +if [ "Z" = "Z$$(gem list --local |grep r10k)" ] ; then + gem install -q r10k +fi +if [ -e /etc/r10k.yaml ] ; then + # Make a backup + mv /etc/r10k.yaml /etc/r10k.yaml.$$DATEE +fi +cp etc/r10k.yaml /etc/r10k.yaml + +# Install opensteak-r10k-update script +echo "* Install opensteak-r10k-update script into /usr/local/bin" +cp usr/local/bin/opensteak-r10k-update /usr/local/bin/opensteak-r10k-update +chmod +x /usr/local/bin/opensteak-r10k-update + +echo "* Run R10k. You can re-run r10k by calling:" +echo " opensteak-r10k-update" +opensteak-r10k-update + +#### Install VIM puppet +echo "* Install VIM puppet" +if [ ! -d ~/.vim/autoload ] ; then + mkdir -p ~/.vim/autoload +fi +if [ ! -d ~/.vim/bundle ] ; then + mkdir -p ~/.vim/bundle +fi +curl -LSso ~/.vim/autoload/pathogen.vim https://tpo.pe/pathogen.vim +cat <<EOF > ~/.vimrc +execute pathogen#infect() +syntax on +filetype plugin indent on +EOF +cd ~/.vim/bundle +if [ ! -d vim-puppet ] ; then + git clone https://github.com/rodjek/vim-puppet.git > /dev/null +fi + +### Gen SSH key for foreman +echo "* SSH Key" +cp /mnt/id_rsa /usr/share/foreman/.ssh/ +cp /mnt/id_rsa.pub /usr/share/foreman/.ssh/ +chown foreman:foreman /usr/share/foreman/.ssh/ -R + +### Run puppet +puppet agent -t -v + diff --git a/opensteak/tools/templates_foreman/kvm-config b/opensteak/tools/templates_foreman/kvm-config new file mode 100644 index 0000000..7e3d65d --- /dev/null +++ b/opensteak/tools/templates_foreman/kvm-config @@ -0,0 +1,65 @@ +<domain type='kvm'> + <name>${name}</name> + <memory>${ram}</memory> + <currentMemory>${ram}</currentMemory> + <vcpu>${cpu}</vcpu> + <os> + <type arch='x86_64'>hvm</type> + <!-- uncomment to enable PXE boot + <boot dev='network'/> + --> + <boot dev='hd'/> + </os> + <features> + <acpi/><apic/><pae/> + </features> + <clock offset="utc"/> + <on_poweroff>preserve</on_poweroff> + <on_reboot>restart</on_reboot> + <on_crash>restart</on_crash> + <devices> + <emulator>/usr/bin/qemu-system-x86_64</emulator> + <disk type='file' device='disk'> + <driver name='qemu' type='qcow2'/> + <source file='/var/lib/libvirt/images/${name}'/> + <target dev='vda' bus='virtio'/> + </disk> + <disk type='file' device='disk'> + <driver name='qemu' type='raw'/> + <source file='/var/lib/libvirt/images/${name}-configuration.iso'/> + <target dev='vdb' bus='virtio'/> + </disk> + <input type='mouse' bus='ps2'/> + <!-- uncomment to allow virsh console + <console type='pty'/> + <!- - end --> + <!-- uncomment to allow console to a log file --> + <serial type='file'> + <source path='/var/log/libvirt/qemu/${name}-serial.log'/> + <target port='0'/> + <alias name='serial0'/> + </serial> + <serial type='pty'> + <source path='/dev/pts/1'/> + <target port='1'/> + <alias name='serial1'/> + </serial> + <console type='file'> + <source path='/var/log/libvirt/qemu/${name}-serial.log'/> + <target type='serial' port='0'/> + <alias name='serial0'/> + </console> + <!-- end --> + <graphics type='spice' port='-1' autoport='no'/> + <video> + <model type='qxl' ram='65536' vram='65536' heads='1'/> + <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/> + </video> + <memballoon model='virtio'/> + <interface type='bridge'> + <source bridge='${bridge}'/> + ${bridgeconfig} + <model type='virtio'/> + </interface> + </devices> +</domain> diff --git a/opensteak/tools/templates_foreman/meta-data b/opensteak/tools/templates_foreman/meta-data new file mode 100644 index 0000000..b4cb9b6 --- /dev/null +++ b/opensteak/tools/templates_foreman/meta-data @@ -0,0 +1,12 @@ +instance-id: ${name}; +network-interfaces: | + auto lo + iface lo inet loopback + auto eth0 + iface eth0 inet static + address ${ip} + netmask ${netmaskshort} + gateway ${gateway} + dns-nameservers ${dns} + dns-search ${domain} +local-hostname: ${name} diff --git a/opensteak/tools/templates_foreman/user-data b/opensteak/tools/templates_foreman/user-data new file mode 100644 index 0000000..281b5d4 --- /dev/null +++ b/opensteak/tools/templates_foreman/user-data @@ -0,0 +1,25 @@ +#cloud-config +############################################# +# OPENSTEAK VM '${name}' +############################################# +password: ${password} +chpasswd: { expire: False } +ssh_pwauth: True +dsmode: net +hostname: ${name} +############################################# +# FIRST BOOT COMMAND +# - reload main interface +# - install puppet from puppetlabs +# - remove cloud-init +############################################# +runcmd: + - [ sh, -c, "mount /dev/vdb /mnt"] + - [ sh, -c, "sudo bash /mnt/install.sh"] +# This is the id_rsa.sansmotdepasse key +ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDY15cdBmIs2XOpe4EiFCsaY6bmUmK/GysMoLl4UG51JCfJwvwoWCoA+6mDIbymZxhxq9IGxilp/yTA6WQ9s/5pBag1cUMJmFuda9PjOkXl04jgqh5tR6I+GZ97AvCg93KAECis5ubSqw1xOCj4utfEUtPoF1OuzqM/lE5mY4N6VKXn+fT7pCD6cifBEs6JHhVNvs5OLLp/tO8Pa3kKYQOdyS0xc3rh+t2lrzvKUSWGZbX+dLiFiEpjsUL3tDqzkEMNUn4pdv69OJuzWHCxRWPfdrY9Wg0j3mJesP29EBht+w+EC9/kBKq+1VKdmsXUXAcjEvjovVL8l1BrX3BY0R8D sansmotdepasse +############################################# +# FINAL MESSAGE AT END OF BOOT +############################################# +final_message: "The system '${name}' is finally up, after $$UPTIME seconds" |