summaryrefslogtreecommitdiffstats
path: root/common/puppet-opnfv
diff options
context:
space:
mode:
authorTim Rozet <trozet@redhat.com>2015-05-21 17:05:53 -0400
committerTim Rozet <trozet@redhat.com>2015-05-21 17:05:53 -0400
commit4039d84dfbb40a88c90cc58d3823360c565766d9 (patch)
tree75d5d6512e88012c0753bc43aeec7e220a45445b /common/puppet-opnfv
parente1aaacb9e0fee01838194285ba4a5e52f9f144fe (diff)
Adds Heat and external network support
Patch changes behavior to do the following External Network: - openvswitch is now installed at the beginning of the puppet run - public interface config is changed to be an ovsport on br-ex - br-ex is created with the IP address formerly on public interface - neutron is configured to use br-ex - after neutron is running, an external provider_network and provider_subnet are created New global parameters required (only if external_network_flag is true): - public_gateway - public_dns - public_network - public_subnet - public_allocation_start - public_allocation_end Heat is now in HA and added to deployment by default: Introduces 6 new required global params: - heat_admin_vip - heat_private_vip - heat_public_vip - heat_cfn_admin_vip - heat_cfn_private_vip - heat_cfn_public_vip JIRA: BGS-31 Change-Id: Ic4428b31c2a3028aa46c4da73e4d0f338b6651d3 Signed-off-by: Tim Rozet <trozet@redhat.com>
Diffstat (limited to 'common/puppet-opnfv')
-rw-r--r--common/puppet-opnfv/manifests/controller_networker.pp54
-rw-r--r--common/puppet-opnfv/manifests/external_net_presetup.pp102
-rw-r--r--common/puppet-opnfv/manifests/external_net_setup.pp77
-rw-r--r--common/puppet-opnfv/manifests/init.pp4
-rw-r--r--common/puppet-opnfv/manifests/repo.pp30
-rw-r--r--common/puppet-opnfv/templates/br_ex.erb10
6 files changed, 266 insertions, 11 deletions
diff --git a/common/puppet-opnfv/manifests/controller_networker.pp b/common/puppet-opnfv/manifests/controller_networker.pp
index cff258d..18a876c 100644
--- a/common/puppet-opnfv/manifests/controller_networker.pp
+++ b/common/puppet-opnfv/manifests/controller_networker.pp
@@ -73,6 +73,12 @@ class opnfv::controller_networker {
if !$nova_private_vip { fail('nova_private_vip is empty') }
if !$nova_public_vip { fail('nova_public_vip is empty') }
if $private_network == '' { fail('private_network is empty') }
+ if !$heat_admin_vip { fail('heat_admin_vip is empty') }
+ if !$heat_private_vip { fail('heat_private_vip is empty') }
+ if !$heat_public_vip { fail('heat_public_vip is empty') }
+ if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') }
+ if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') }
+ if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') }
##Find private interface
$ovs_tunnel_if = get_nic_from_network("$private_network")
@@ -93,6 +99,7 @@ class opnfv::controller_networker {
if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
if !$horizon_secret { $horizon_secret = $single_password }
if !$glance_db_password { $glance_db_password = $single_password }
+ if !$glance_user_password { $glance_user_password = $single_password }
if !$keystone_db_password { $keystone_db_password = $single_password }
if !$keystone_user_password { $keystone_user_password = $single_password }
if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
@@ -104,6 +111,10 @@ class opnfv::controller_networker {
if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
+ if !$heat_user_password { $heat_user_password = $single_password }
+ if !$heat_db_password { $heat_db_password = $single_password }
+ if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password }
+ if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' }
if !$storage_network {
$storage_iface = $ovs_tunnel_if
} else {
@@ -119,6 +130,13 @@ class opnfv::controller_networker {
"$storage_iface",
"")
+ if ($external_network_flag != '') and str2bool($external_network_flag) {
+ class { "opnfv::external_net_presetup":
+ stage => presetup,
+ require => Class['opnfv::repo'],
+ }
+ }
+
class { "opnfv::ceph_deploy":
fsid => $ceph_fsid,
osd_pool_default_size => $ceph_osd_pool_size,
@@ -159,14 +177,25 @@ class opnfv::controller_networker {
glance_private_vip => $glance_private_vip,
glance_public_vip => $glance_public_vip,
glance_user_password => $glance_user_password,
- heat_cfn_enabled => 'false',
+ heat_auth_encryption_key => $heat_auth_encryption_key,
+ heat_cfn_admin_vip => $heat_cfn_admin_vip,
+ heat_cfn_private_vip => $heat_cfn_private_vip,
+ heat_cfn_public_vip => $heat_cfn_public_vip,
+ heat_cfn_user_password => $heat_cfn_user_password,
+ heat_cloudwatch_enabled => 'true',
+ heat_cfn_enabled => 'true',
+ heat_db_password => $heat_db_password,
+ heat_admin_vip => $heat_admin_vip,
+ heat_private_vip => $heat_private_vip,
+ heat_public_vip => $heat_public_vip,
+ heat_user_password => $heat_user_password,
horizon_admin_vip => $horizon_admin_vip,
horizon_private_vip => $horizon_private_vip,
horizon_public_vip => $horizon_public_vip,
include_ceilometer => 'false',
include_cinder => 'true',
include_glance => 'true',
- include_heat => 'false',
+ include_heat => 'true',
include_horizon => 'true',
include_keystone => 'true',
include_neutron => 'true',
@@ -217,8 +246,8 @@ class opnfv::controller_networker {
admin_password => $admin_password,
admin_token => $keystone_admin_token,
cinder => 'true',
- heat => 'false',
- heat_cfn => 'false',
+ heat => 'true',
+ heat_cfn => 'true',
keystonerc => 'true',
use_syslog => 'true',
verbose => 'true',
@@ -246,7 +275,10 @@ class opnfv::controller_networker {
volume => true,
}
->
- class { "quickstack::pacemaker::heat": }
+ class { "quickstack::pacemaker::heat":
+ use_syslog => true,
+ verbose => true,
+ }
->
class { "quickstack::pacemaker::constraints": }
@@ -278,6 +310,10 @@ class opnfv::controller_networker {
verbose => 'true',
}
+ if ($external_network_flag != '') and str2bool($external_network_flag) {
+ class { "opnfv::external_net_setup": }
+ }
+
} else {
if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') }
if $public_ip == '' { fail('public_ip is empty') }
@@ -320,6 +356,10 @@ class opnfv::controller_networker {
if $swift_shared_secret == '' { fail('swift_shared_secret is empty') }
if $swift_admin_password == '' { fail('swift_admin_password is empty') }
+ if !$amqp_username { $amqp_username = $single_username }
+ if !$amqp_password { $amqp_password = $single_password }
+
+
class { "quickstack::neutron::controller_networker":
admin_email => $admin_email,
admin_password => $admin_password,
@@ -343,8 +383,8 @@ class opnfv::controller_networker {
mysql_root_password => $mysql_root_password,
#amqp_provider => $amqp_provider,
amqp_host => $amqp_ip,
- amqp_username => 'guest',
- amqp_password => 'guest',
+ amqp_username => $amqp_username,
+ amqp_password => $amqp_password,
#amqp_nssdb_password => $quickstack::params::amqp_nssdb_password,
keystone_admin_token => $keystone_admin_token,
diff --git a/common/puppet-opnfv/manifests/external_net_presetup.pp b/common/puppet-opnfv/manifests/external_net_presetup.pp
new file mode 100644
index 0000000..b7c7c5f
--- /dev/null
+++ b/common/puppet-opnfv/manifests/external_net_presetup.pp
@@ -0,0 +1,102 @@
+#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class opnfv::external_net_presetup {
+
+ if $public_gateway == '' { fail('public_gateway is empty') }
+ if $public_dns == '' { fail('public_dns is empty') }
+ if $public_network == '' { fail('public_network is empty') }
+ if $public_subnet == '' { fail('public_subnet is empty') }
+ if $public_allocation_start == '' { fail('public_allocation_start is empty') }
+ if $public_allocation_end == '' { fail('public_allocation_end is empty') }
+ if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
+ $controllers_hostnames_array_str = $controllers_hostnames_array
+ $controllers_hostnames_array = split($controllers_hostnames_array, ',')
+
+ #find public NIC
+ $public_nic = get_nic_from_network("$public_network")
+ $public_nic_ip = get_ip_from_nic("$public_nic")
+ $public_nic_netmask = get_netmask_from_nic("$public_nic")
+
+ if ($public_nic == '') or ($public_nic_ip == '') or ($public_nic == "br-ex") or ($public_nic == "br_ex") {
+ notify {"Skipping augeas, public_nic ${public_nic}, public_nic_ip ${public_nic_ip}":}
+
+ exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex':
+ path => ["/usr/sbin/", "/usr/bin/"],
+ unless => 'ip addr show br-ex | grep "inet "',
+ before => Exec['restart-network-public-nic-ip'],
+ }
+ ~>
+ exec {'systemctl restart network':
+ path => ["/usr/sbin/", "/usr/bin/"],
+ refreshonly => 'true',
+ }
+
+ exec {'restart-network-public-nic-ip':
+ command => 'systemctl restart network',
+ path => ["/usr/sbin/", "/usr/bin/"],
+ onlyif => 'ip addr show | grep $(ip addr show br-ex | grep -Eo "inet [\.0-9]+" | cut -d " " -f2) | grep -v br-ex',
+ }
+
+ } else {
+ #reconfigure public interface to be ovsport
+ augeas { "main-$public_nic":
+ context => "/files/etc/sysconfig/network-scripts/ifcfg-$public_nic",
+ changes => [
+ "rm IPADDR",
+ "rm NETMASK",
+ "rm GATEWAY",
+ "rm DNS1",
+ "rm BOOTPROTO",
+ "rm DEFROUTE",
+ "rm IPV6_DEFROUTE",
+ "rm IPV6_PEERDNS",
+ "rm IPV6_PEERROUTES",
+ "rm PEERROUTES",
+ "set PEERDNS no",
+ "set BOOTPROTO static",
+ "set IPV6INIT no",
+ "set IPV6_AUTOCONF no",
+ "set ONBOOT yes",
+ "set TYPE OVSPort",
+ "set OVS_BRIDGE br-ex",
+ "set PROMISC yes"
+
+ ],
+ before => Class["quickstack::pacemaker::params"],
+ require => Service["openvswitch"],
+ }
+
+ ->
+ #create br-ex interface
+ file { 'external_bridge':
+ path => '/etc/sysconfig/network-scripts/ifcfg-br-ex',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => template('trystack/br_ex.erb'),
+ before => Class["quickstack::pacemaker::params"],
+ }
+ ->
+ exec {'ovs-vsctl -t 10 -- --may-exist add-br br-ex':
+ path => ["/usr/sbin/", "/usr/bin/"],
+ }
+ ~>
+ exec {'systemctl restart network':
+ path => ["/usr/sbin/", "/usr/bin/"],
+ refreshonly => 'true',
+ }
+
+ }
+}
diff --git a/common/puppet-opnfv/manifests/external_net_setup.pp b/common/puppet-opnfv/manifests/external_net_setup.pp
new file mode 100644
index 0000000..df9bdac
--- /dev/null
+++ b/common/puppet-opnfv/manifests/external_net_setup.pp
@@ -0,0 +1,77 @@
+#Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+class opnfv::external_net_setup {
+
+ if $public_gateway == '' { fail('public_gateway is empty') }
+ if $public_dns == '' { fail('public_dns is empty') }
+ if $public_network == '' { fail('public_network is empty') }
+ if $public_subnet == '' { fail('public_subnet is empty') }
+ if $public_allocation_start == '' { fail('public_allocation_start is empty') }
+ if $public_allocation_end == '' { fail('public_allocation_end is empty') }
+ if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
+ $controllers_hostnames_array_str = $controllers_hostnames_array
+ $controllers_hostnames_array = split($controllers_hostnames_array, ',')
+
+ #find public NIC
+ $public_nic = get_nic_from_network("$public_network")
+ $public_nic_ip = get_ip_from_nic("$public_nic")
+ $public_nic_netmask = get_netmask_from_nic("$public_nic")
+
+ Anchor[ 'neutron configuration anchor end' ]
+ ->
+ #update bridge-mappings to physnet1
+ file_line { 'ovs':
+ ensure => present,
+ path => '/etc/neutron/plugin.ini',
+ line => '[ovs]',
+ }
+ ->
+ #update bridge-mappings to physnet1
+ file_line { 'bridge_mapping':
+ ensure => present,
+ path => '/etc/neutron/plugin.ini',
+ line => 'bridge_mappings = physnet1:br-ex',
+ }
+ ->
+ Exec["pcs-neutron-server-set-up"]
+
+##this way we only let controller1 create the neutron resources
+##controller1 should be the active neutron-server at provisioining time
+
+ if $hostname == $controllers_hostnames_array[0] {
+ Exec["all-neutron-nodes-are-up"]
+ ->
+ neutron_network { 'provider_network':
+ ensure => present,
+ name => 'provider_network',
+ admin_state_up => true,
+ provider_network_type => flat,
+ provider_physical_network => 'physnet1',
+ router_external => true,
+ tenant_name => 'admin',
+ }
+ ->
+ neutron_subnet { 'provider_subnet':
+ ensure => present,
+ name => provider_subnet,
+ cidr => $public_subnet,
+ gateway_ip => $public_gateway,
+ allocation_pools => [ "start=${public_allocation_start},end=${public_allocation_end}" ],
+ dns_nameservers => $public_dns,
+ network_name => 'provider_network',
+ tenant_name => 'admin',
+ }
+ }
+}
diff --git a/common/puppet-opnfv/manifests/init.pp b/common/puppet-opnfv/manifests/init.pp
index 11ef18f..7b68df5 100644
--- a/common/puppet-opnfv/manifests/init.pp
+++ b/common/puppet-opnfv/manifests/init.pp
@@ -24,10 +24,6 @@ class opnfv {
if $::osfamily == 'RedHat' {
- exec {'disable selinux':
- command => '/usr/sbin/setenforce 0',
- unless => '/usr/sbin/getenforce | grep Permissive',
- }
include stdlib
stage { 'presetup':
before => Stage['setup'],
diff --git a/common/puppet-opnfv/manifests/repo.pp b/common/puppet-opnfv/manifests/repo.pp
index eb3a2e6..fe89305 100644
--- a/common/puppet-opnfv/manifests/repo.pp
+++ b/common/puppet-opnfv/manifests/repo.pp
@@ -33,5 +33,35 @@ class opnfv::repo {
gpgcheck => 0,
}
+ exec {'disable selinux':
+ command => '/usr/sbin/setenforce 0',
+ unless => '/usr/sbin/getenforce | grep Permissive',
+ }
+ ->
+ service { "network":
+ ensure => "running",
+ enable => "true",
+ hasrestart => true,
+ restart => '/usr/bin/systemctl restart network',
+ }
+ ->
+ service { 'NetworkManager':
+ ensure => "stopped",
+ enable => "false",
+ }
+ ~>
+ exec { 'restart-network-presetup':
+ command => 'systemctl restart network',
+ path => ["/usr/sbin/", "/usr/bin/"],
+ refreshonly => 'true',
+ }
+ ->
+ package { 'openvswitch':
+ ensure => installed,
+ }
+ ->
+ service {'openvswitch':
+ ensure => 'running',
+ }
}
}
diff --git a/common/puppet-opnfv/templates/br_ex.erb b/common/puppet-opnfv/templates/br_ex.erb
new file mode 100644
index 0000000..6c0e7e7
--- /dev/null
+++ b/common/puppet-opnfv/templates/br_ex.erb
@@ -0,0 +1,10 @@
+DEVICE=br-ex
+DEVICETYPE=ovs
+IPADDR=<%= @public_nic_ip %>
+NETMASK=<%= @public_nic_netmask %>
+GATEWAY=<%= @public_gateway %>
+BOOTPROTO=static
+ONBOOT=yes
+TYPE=OVSBridge
+PROMISC=yes
+PEERDNS=no