summaryrefslogtreecommitdiffstats
path: root/puppet-infracloud/modules
diff options
context:
space:
mode:
Diffstat (limited to 'puppet-infracloud/modules')
-rw-r--r--puppet-infracloud/modules/opnfv/manifests/compute.pp23
-rw-r--r--puppet-infracloud/modules/opnfv/manifests/controller.pp85
-rw-r--r--puppet-infracloud/modules/opnfv/manifests/server.pp222
3 files changed, 330 insertions, 0 deletions
diff --git a/puppet-infracloud/modules/opnfv/manifests/compute.pp b/puppet-infracloud/modules/opnfv/manifests/compute.pp
new file mode 100644
index 00000000..ca548a5d
--- /dev/null
+++ b/puppet-infracloud/modules/opnfv/manifests/compute.pp
@@ -0,0 +1,23 @@
+class opnfv::compute (
+ $nova_rabbit_password,
+ $neutron_rabbit_password,
+ $neutron_admin_password,
+ $ssl_cert_file_contents,
+ $ssl_key_file_contents,
+ $br_name,
+ $controller_public_address,
+ $virt_type = 'kvm',
+) {
+ class { '::infracloud::compute':
+ nova_rabbit_password => $nova_rabbit_password,
+ neutron_rabbit_password => $neutron_rabbit_password,
+ neutron_admin_password => $neutron_admin_password,
+ ssl_cert_file_contents => $ssl_cert_file_contents,
+ ssl_key_file_contents => $ssl_key_file_contents,
+ br_name => $br_name,
+ controller_public_address => $controller_public_address,
+ virt_type => $virt_type,
+ }
+
+}
+
diff --git a/puppet-infracloud/modules/opnfv/manifests/controller.pp b/puppet-infracloud/modules/opnfv/manifests/controller.pp
new file mode 100644
index 00000000..7522692c
--- /dev/null
+++ b/puppet-infracloud/modules/opnfv/manifests/controller.pp
@@ -0,0 +1,85 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::controller (
+ $keystone_rabbit_password,
+ $neutron_rabbit_password,
+ $nova_rabbit_password,
+ $root_mysql_password,
+ $keystone_mysql_password,
+ $glance_mysql_password,
+ $neutron_mysql_password,
+ $nova_mysql_password,
+ $glance_admin_password,
+ $keystone_admin_password,
+ $neutron_admin_password,
+ $nova_admin_password,
+ $keystone_admin_token,
+ $ssl_key_file_contents,
+ $ssl_cert_file_contents,
+ $br_name,
+ $controller_public_address = $::fqdn,
+ $neutron_subnet_cidr,
+ $neutron_subnet_gateway,
+ $neutron_subnet_allocation_pools,
+ $opnfv_password,
+ $opnfv_email = 'opnfvuser@gmail.com',
+) {
+ class { '::infracloud::controller':
+ keystone_rabbit_password => $keystone_rabbit_password,
+ neutron_rabbit_password => $neutron_rabbit_password,
+ nova_rabbit_password => $nova_rabbit_password,
+ root_mysql_password => $root_mysql_password,
+ keystone_mysql_password => $keystone_mysql_password,
+ glance_mysql_password => $glance_mysql_password,
+ neutron_mysql_password => $neutron_mysql_password,
+ nova_mysql_password => $nova_mysql_password,
+ keystone_admin_password => $keystone_admin_password,
+ glance_admin_password => $glance_admin_password,
+ neutron_admin_password => $neutron_admin_password,
+ nova_admin_password => $nova_admin_password,
+ keystone_admin_token => $keystone_admin_token,
+ ssl_key_file_contents => $ssl_key_file_contents,
+ ssl_cert_file_contents => $ssl_cert_file_contents,
+ br_name => $br_name,
+ controller_public_address => $controller_public_address,
+ neutron_subnet_cidr => $neutron_subnet_cidr,
+ neutron_subnet_gateway => $neutron_subnet_gateway,
+ neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools,
+ }
+
+ # create keystone creds
+ keystone_domain { 'opnfv':
+ ensure => present,
+ enabled => true,
+ }
+
+ keystone_tenant { 'opnfv':
+ ensure => present,
+ enabled => true,
+ description => 'OPNFV cloud',
+ domain => 'opnfv',
+ require => Keystone_domain['opnfv'],
+ }
+
+ keystone_user { 'opnfv':
+ ensure => present,
+ enabled => true,
+ domain => 'opnfv',
+ email => $opnfv_email,
+ password => $opnfv_password,
+ require => Keystone_tenant['opnfv'],
+ }
+
+ keystone_role { 'user': ensure => present }
+
+ keystone_user_role { 'opnfv::opnfv@opnfv::opnfv':
+ roles => [ 'user', 'admin', ],
+ }
+}
+
diff --git a/puppet-infracloud/modules/opnfv/manifests/server.pp b/puppet-infracloud/modules/opnfv/manifests/server.pp
new file mode 100644
index 00000000..5bbcd750
--- /dev/null
+++ b/puppet-infracloud/modules/opnfv/manifests/server.pp
@@ -0,0 +1,222 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::server (
+ $iptables_public_tcp_ports = [],
+ $iptables_public_udp_ports = [],
+ $iptables_rules4 = [],
+ $iptables_rules6 = [],
+ $sysadmins = [],
+ $enable_unbound = true,
+ $purge_apt_sources = true,
+) {
+ ###########################################################
+ # Classes for all hosts
+
+ include snmpd
+ include sudoers
+
+ class { 'iptables':
+ public_tcp_ports => $iptables_public_tcp_ports,
+ public_udp_ports => $all_udp,
+ rules4 => $iptables_rules4,
+ rules6 => $iptables_rules6,
+ }
+
+ class { 'timezone':
+ timezone => 'Etc/UTC',
+ }
+
+ if ($enable_unbound) {
+ class { 'unbound':
+ install_resolv_conf => $install_resolv_conf
+ }
+ }
+
+ if ($::in_chroot) {
+ notify { 'rsyslog in chroot':
+ message => 'rsyslog not refreshed, running in chroot',
+ }
+ $rsyslog_notify = []
+ } else {
+ service { 'rsyslog':
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ require => Package['rsyslog'],
+ }
+ $rsyslog_notify = [ Service['rsyslog'] ]
+ }
+
+ ###########################################################
+ # System tweaks
+
+ # Increase syslog message size in order to capture
+ # python tracebacks with syslog.
+ file { '/etc/rsyslog.d/99-maxsize.conf':
+ ensure => present,
+ # Note MaxMessageSize is not a puppet variable.
+ content => '$MaxMessageSize 6k',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ notify => $rsyslog_notify,
+ require => Package['rsyslog'],
+ }
+
+ # We don't like byobu
+ file { '/etc/profile.d/Z98-byobu.sh':
+ ensure => absent,
+ }
+
+ if $::osfamily == 'Debian' {
+
+ # Ubuntu installs their whoopsie package by default, but it eats through
+ # memory and we don't need it on servers
+ package { 'whoopsie':
+ ensure => absent,
+ }
+
+ package { 'popularity-contest':
+ ensure => absent,
+ }
+ }
+
+ ###########################################################
+ # Package resources for all operating systems
+
+ package { 'at':
+ ensure => present,
+ }
+
+ package { 'lvm2':
+ ensure => present,
+ }
+
+ package { 'strace':
+ ensure => present,
+ }
+
+ package { 'tcpdump':
+ ensure => present,
+ }
+
+ package { 'rsyslog':
+ ensure => present,
+ }
+
+ package { 'git':
+ ensure => present,
+ }
+
+ package { 'rsync':
+ ensure => present,
+ }
+
+ case $::osfamily {
+ 'RedHat': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils']
+ $user_packages = ['emacs-nox', 'vim-enhanced']
+ $update_pkg_list_cmd = ''
+ }
+ 'Debian': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils-ping']
+ case $::operatingsystemrelease {
+ /^(12|14)\.(04|10)$/: {
+ $user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
+ 'sysstat', 'iotop']
+ }
+ default: {
+ $user_packages = ['emacs-nox', 'vim-nox']
+ }
+ }
+ $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;'
+ }
+ default: {
+ fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
+ }
+ }
+ package { $packages:
+ ensure => present
+ }
+
+ ###########################################################
+ # Package resources for specific operating systems
+
+ case $::osfamily {
+ 'Debian': {
+ # Purge and augment existing /etc/apt/sources.list if requested, and make
+ # sure apt-get update is run before any packages are installed
+ class { '::apt':
+ purge => { 'sources.list' => $purge_apt_sources }
+ }
+
+ # Make sure dig is installed
+ package { 'dnsutils':
+ ensure => present,
+ }
+ }
+ 'RedHat': {
+ # Make sure dig is installed
+ package { 'bind-utils':
+ ensure => present,
+ }
+ }
+ }
+
+ ###########################################################
+ # Manage ntp
+
+ include '::ntp'
+
+ if ($::osfamily == "RedHat") {
+ # Utils in ntp-perl are included in Debian's ntp package; we
+ # add it here for consistency. See also
+ # https://tickets.puppetlabs.com/browse/MODULES-3660
+ package { 'ntp-perl':
+ ensure => present
+ }
+ # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
+ # centos-7. Currently, ntpd explicitly require ntpdate to be running before
+ # the sync process can happen in ntpd. As a result, if ntpdate is not
+ # running, ntpd will start but fail to sync because of DNS is not properly
+ # setup.
+ package { 'ntpdate':
+ ensure => present,
+ }
+ service { 'ntpdate':
+ enable => true,
+ require => Package['ntpdate'],
+ }
+ }
+
+ ###########################################################
+ # Manage python/pip
+
+ $desired_virtualenv = '13.1.0'
+ class { '::pip':
+ optional_settings => {
+ 'extra-index-url' => '',
+ },
+ manage_pip_conf => true,
+ }
+
+ if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
+ $virtualenv_ensure = $desired_virtualenv
+ } else {
+ $virtualenv_ensure = present
+ }
+ package { 'virtualenv':
+ ensure => $virtualenv_ensure,
+ provider => openstack_pip,
+ require => Class['pip'],
+ }
+
+ # add hosts entries
+ create_resources('host', hiera_hash('hosts'))
+}