diff options
Diffstat (limited to 'puppet-infracloud')
-rw-r--r-- | puppet-infracloud/.gitkeep | 0 | ||||
-rw-r--r-- | puppet-infracloud/README.md | 61 | ||||
-rw-r--r-- | puppet-infracloud/creds/clouds.yaml | 13 | ||||
-rw-r--r-- | puppet-infracloud/deploy_on_baremetal.md | 58 | ||||
-rw-r--r-- | puppet-infracloud/hiera/common.yaml | 85 | ||||
-rw-r--r-- | puppet-infracloud/hiera/common_baremetal.yaml | 174 | ||||
-rwxr-xr-x | puppet-infracloud/install_modules.sh | 121 | ||||
-rwxr-xr-x | puppet-infracloud/install_puppet.sh | 297 | ||||
-rw-r--r-- | puppet-infracloud/manifests/site.pp | 104 | ||||
-rw-r--r-- | puppet-infracloud/modules.env | 84 | ||||
-rw-r--r-- | puppet-infracloud/modules/opnfv/manifests/compute.pp | 23 | ||||
-rw-r--r-- | puppet-infracloud/modules/opnfv/manifests/controller.pp | 85 | ||||
-rw-r--r-- | puppet-infracloud/modules/opnfv/manifests/server.pp | 244 |
13 files changed, 0 insertions, 1349 deletions
diff --git a/puppet-infracloud/.gitkeep b/puppet-infracloud/.gitkeep deleted file mode 100644 index e69de29b..00000000 --- a/puppet-infracloud/.gitkeep +++ /dev/null diff --git a/puppet-infracloud/README.md b/puppet-infracloud/README.md deleted file mode 100644 index 7ebce3d0..00000000 --- a/puppet-infracloud/README.md +++ /dev/null @@ -1,61 +0,0 @@ -=============================== -How to deploy puppet-infracloud -=============================== -The manifest and mmodules defined on this repo will deploy an OpenStack cloud based on `Infra Cloud <http://docs.openstack.org/infra/system-config/infra-cloud.html>`_ project. - -Once all the hardware is provisioned, enter in controller and compute nodes and follow these steps: - -1. Clone releng-xci:: - - git clone https://gerrit.opnfv.org/gerrit/releng-xci /opt/releng-xci - -2. Copy hiera to the right place:: - - cp /opt/puppet-infracloud/hiera/common.yaml /var/lib/hiera - -3. Install modules:: - - cd /opt/puppet-infracloud - ./install_modules.sh - -4. Apply the infracloud manifest:: - - cd /opt/puppet-infracloud - puppet apply manifests/site.pp --modulepath=/etc/puppet/modules:/opt/puppet-infracloud/modules - -5. Once you finish this operation on controller and compute nodes, you will have a functional OpenStack cloud. - -In jumphost, follow that steps: - -1. Clone releng-xci:: - - git clone https://gerrit.opnfv.org/gerrit/releng-xci /opt/releng-xci - -2. Create OpenStack clouds config directory:: - - mkdir -p /root/.config/openstack - -3. Copy credentials file:: - - cp /opt/puppet-infracloud/creds/clouds.yaml /root/.config/openstack/ - -4. Install python-dev package as the installation of python-openstackclient depends on it - - apt-get install -y python-dev - -5. Install openstack-client. (version 3.2.0 is known to work):: - - pip install python-openstackclient - -6. Update /etc/hosts and add controller00:: - - 192.168.122.3 controller00 - 192.168.122.3 controller00.opnfvlocal controller00 - -7. Export the desired cloud:: - - export OS_CLOUD=opnfv - -8. Start using it:: - - openstack service list diff --git a/puppet-infracloud/creds/clouds.yaml b/puppet-infracloud/creds/clouds.yaml deleted file mode 100644 index cc27da28..00000000 --- a/puppet-infracloud/creds/clouds.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -clouds: - opnfv: - verify: False - auth: - auth_url: https://controller00.opnfvlocal:5000 - project_name: opnfv - username: opnfv - password: pass - identity_api_version: '3' - region_name: RegionOne - user_domain_name: opnfv - project_domain_name: opnfv diff --git a/puppet-infracloud/deploy_on_baremetal.md b/puppet-infracloud/deploy_on_baremetal.md deleted file mode 100644 index 8efa5af7..00000000 --- a/puppet-infracloud/deploy_on_baremetal.md +++ /dev/null @@ -1,58 +0,0 @@ -How to deploy Infra Cloud on baremetal -================================== - -Install bifrost controller --------------------------- -First step for deploying Infra Cloud is to install the bifrost controller. This can be virtualized, doesn't need to be on baremetal. -To achieve that, first we can create a virtual machine with libvirt, with the proper network setup. This VM needs to share one physical interface (the PXE boot one), with the servers for the controller and compute nodes. -Please follow documentation on: [https://git.openstack.org/cgit/openstack/bifrost/tree/tools/virsh_dev_env/README.md](https://git.openstack.org/cgit/openstack/bifrost/tree/tools/virsh_dev_env/README.md) to get sample templates and instructions for creating the bifrost VM. - -Once the **baremetal** VM is finished, you can login by ssh and start installing bifrost there. To proceed, follow this steps: - - 1. Change to root user, install git - 2. Clone releng-xci project (cd /opt, git clone https://gerrit.opnfv.org/gerrit/releng-xci) - 3. cd /opt/puppet-infracloud - 4. Copy hiera to the right folder (cp hiera/common_baremetal.yaml /var/lib/hiera/common.yaml) - 5. Ensure hostname is properly set ( hostnamectl set-hostname baremetal.opnfvlocal , hostname -f ) - 6. Install puppet and modules ( ./install_puppet.sh , ./install_modules.sh ) - 7. Apply puppet to install bifrost (puppet apply manifests/site.pp --modulepath=/etc/puppet/modules:/opt/puppet-infracloud/modules) - - With these steps you will have a bifrost controller up and running. - -Deploy baremetal servers --------------------------- -Once you have bifrost controller ready, you need to use it to start deployment of the baremetal servers. -On the same bifrost VM, follow these steps: - - 1. Source bifrost env vars: source /opt/stack/bifrost/env-vars - 2. Export baremetal servers inventory: export BIFROST_INVENTORY-SOURCE=/opt/stack/baremetal.json - 3. Change active directory: cd /opt/stack/bifrost/playbooks - 3. Enroll the servers: ansible-playbook -vvv -i inventory/bifrost_inventory.py enroll-dynamic.yaml -e @/etc/bifrost/bifrost_global_vars - 4. Deploy the servers: ansible-playbook -vvv -i inventory/bifrost_inventory.py deploy-dynamic.yaml -e @/etc/bifrost/bifrost_global_vars - 5. Wait until they are on **active** state, check it with: ironic node-list - -In case of some server needing to be redeployed, you can reset it and redeploy again with: - - 1. ironic node-set-provision-state <name_of_server> deleted - 2. Wait and check with ironic node-list until the server is on **available** state - 3. Redeploy again: ansible-playbook -vvv -i inventory/bifrost_inventory.py deploy-dynamic.yaml -e @/etc/bifrost/bifrost_global_vars - -Deploy baremetal servers --------------------------- -Once all the servers are on **active** state, they can be accessed by ssh and InfraCloud manifests can be deployed on them, to properly deploy a controller and a compute. -On each of those, follow that steps: - - 1. ssh from the bifrost controller to their external ips: ssh root@172.30.13.90 - 2. cd /opt, clone releng-xci project (git clone https://gerrit.opnfv.org/gerrit/releng-xci) - 3. Copy hiera to the right folder ( cp hiera/common_baremetal.yaml /var/lib/hiera/common.yaml) - 4. Install modules: ./install_modules.sh - 5. Apply puppet: puppet apply manifests/site.pp --modulepath=/etc/puppet/modules:/opt/puppet-infracloud/modules - -Once this has been done on controller and compute, you will have a working cloud. To start working with it, follow that steps: - - 1. Ensure that controller00.opnfvlocal resolves properly to the external IP (this is already done in the bifrost controller) - 2. Copy releng-xci/puppet-infracloud/creds/clouds.yaml to $HOME/.config/openstack/clouds.yaml - 3. Install python-openstackclient - 4. Specify the cloud you want to use: export OS_CLOUD=opnfvlocal - 5. Now you can start operating in your cloud with openstack-client: openstack flavor list - diff --git a/puppet-infracloud/hiera/common.yaml b/puppet-infracloud/hiera/common.yaml deleted file mode 100644 index 634d96cb..00000000 --- a/puppet-infracloud/hiera/common.yaml +++ /dev/null @@ -1,85 +0,0 @@ ---- -keystone_rabbit_password: pass -neutron_rabbit_password: pass -nova_rabbit_password: pass -root_mysql_password: pass -keystone_mysql_password: pass -glance_mysql_password: pass -neutron_mysql_password: pass -nova_mysql_password: pass -keystone_admin_password: pass -glance_admin_password: pass -neutron_admin_password: pass -nova_admin_password: pass -keystone_admin_token: token -ssl_key_file_contents: | - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0YX6wsA/Jhe3q - ByoiLsyagO5rOCIyzDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulb - GnB6A0GlT3YXuaKPucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK9 - 43G545aBZSGlUnVfFg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UU - TzrH2SL6Nhl7i+AenuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF - 37fsWxxxEX8a6gtGYEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeD - jEHey3UJAgMBAAECggEAGqapBEwPGRRbsY87b2+AtXdFQrw5eU3pj4jCr3dk4o1o - uCbiqxNgGnup4VRT2hmtkKF8O4jj/p1JozdF1RE0GsuhxCGeXiPxrwFfWSyQ28Ou - AWJ6O/njlVZRTTXRzbLyZEOEgWNEdJMfCsVXIUL6EsYxcW68fr8QtExAo0gSzvwe - IVyhopBy4A1jr5jWqjjlgJhoTHQCkp1e9pHiaW5WWHtk2DFdy6huw5PoDRppG42P - soMzqHy9AIWXrYaTGNjyybdJvbaiF0X5Bkr6k8ZxMlRuEb3Vpyrj7SsBrUifRJM3 - +yheSq3drdQHlw5VrukoIgXGYB4zAQq3LndLoL5YTQKBgQDlzz/hB1IuGOKBXRHy - p0j+Lyoxt5EiOW2mdEkbTUYyYnD9EDbJ0wdQ5ijtWLw0J3AwhASkH8ZyljOVHKlY - Sq2Oo/uroIH4M8cVIBOJQ2/ak98ItLZ1OMMnDxlZva52jBfYwOEkg6OXeLOLmay6 - ADfxQ56RFqreVHi9J0/jvpn9UwKBgQDI8CZrM4udJTP7gslxeDcRZw6W34CBBFds - 49d10Tfd05sysOludzWAfGFj27wqIacFcIyYQmnSga9lBhowv+RwdSjcb2QCCjOb - b2GdH+qSFU8BTOcd5FscCBV3U8Y1f/iYp0EQ1/GiG2AYcQC67kjWOO4/JZEXsmtq - LisFlWTcswKBgQCC/bs/nViuhei2LELKuafVmzTF2giUJX/m3Wm+cjGNDqew18kj - CXKmHks93tKIN+KvBNFQa/xF3G/Skt/EP+zl3XravUbYH0tfM0VvfE0JnjgHUlqe - PpiebvDYQlJrqDb/ihHLKm3ZLSfKbvIRo4Y/s3dy5CTJTgT0bLAQ9Nf5mQKBgGqb - Dqb9d+rtnACqSNnMn9q5xIHDHlhUx1VcJCm70Fn+NG7WcWJMGLSMSNdD8zafGA/I - wK7fPWmTqEx+ylJm3HnVjtI0vuheJTcoBq/oCPlsGLhl5pBzYOskVs8yQQyNUoUa - 52haSTZqM7eD7JFAbqBJIA2cjrf1zwtMZ0LVGegFAoGBAIFSkI+y4tDEEaSsxrMM - OBYEZDkffVar6/mDJukvyn0Q584K3I4eXIDoEEfMGgSN2Tza6QamuNFxOPCH+AAv - UKvckK4yuYkc7mQIgjCE8N8UF4kgsXjPek61TZT1QVI1aYFb78ZAZ0miudqWkx4t - YSNDj7llArylrPGHBLQ38X4/ - -----END PRIVATE KEY----- -ssl_cert_file_contents: | - -----BEGIN CERTIFICATE----- - MIIDcTCCAlmgAwIBAgIJAJsHSxF0u/oaMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV - BAYTAlVTMQ4wDAYDVQQHDAVXb3JsZDEOMAwGA1UECgwFT1BORlYxIDAeBgNVBAMM - F2NvbnRyb2xsZXIwMC5vcG5mdmxvY2FsMB4XDTE2MDgxNzE2MzQwOFoXDTE3MDgx - NzE2MzQwOFowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAcMBVdvcmxkMQ4wDAYDVQQK - DAVPUE5GVjEgMB4GA1UEAwwXY29udHJvbGxlcjAwLm9wbmZ2bG9jYWwwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YX6wsA/Jhe3qByoiLsyagO5rOCIy - zDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulbGnB6A0GlT3YXuaKP - ucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK943G545aBZSGlUnVf - Fg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UUTzrH2SL6Nhl7i+Ae - nuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF37fsWxxxEX8a6gtG - YEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeDjEHey3UJAgMBAAGj - UDBOMB0GA1UdDgQWBBQyFVbU5s2ihD0hX3W7GyHiHZGG1TAfBgNVHSMEGDAWgBQy - FVbU5s2ihD0hX3W7GyHiHZGG1TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA - A4IBAQB+xf7I9RVWzRNjMbWBDE6pBvOWnSksv7Jgr4cREvyOxBDaIoO3uQRDDu6r - RCgGs1CuwEaFX1SS/OVrKRFiy9kCU/LBZEFwaHRaL2Kj57Z2yNInPIiKB4h9jen2 - 75fYrpq42XUDSI0NpsqAJpmcQqXOOo8V08FlH0/6h8mWdsfQfbyaf+g73+aRZds8 - Q4ttmBrqY4Pi5CJW46w7LRCA5o92Di3GI9dAh9MVZ3023cTTjDkW04QbluphuTFj - O07Npz162/fHTXut+piV78t+1HlfYWY5TOSQMIVwenftA/Bn8+TQAgnLR+nGo/wu - oEaxLtj3Jr07+yIjL88ewT+c3fpq - -----END CERTIFICATE----- -infracloud_mysql_password: pass -opnfv_password: pass - -rabbitmq::package_gpg_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc' -rabbitmq::repo::apt::key: '0A9AF2115F4687BD29803A206B73A36E6026DFCA' - -hosts: - jumphost.opnfvlocal: - ip: 192.168.122.2 - controller00.opnfvlocal: - ip: 192.168.122.3 - compute00.opnfvlocal: - ip: 192.168.122.4 - -bridge_name: br_opnfv -neutron_subnet_cidr: '192.168.122.0/24' -neutron_subnet_gateway: '192.168.122.1' -neutron_subnet_allocation_pools: - - 'start=192.168.122.50,end=192.168.122.254' -virt_type: 'qemu' diff --git a/puppet-infracloud/hiera/common_baremetal.yaml b/puppet-infracloud/hiera/common_baremetal.yaml deleted file mode 100644 index 015612c9..00000000 --- a/puppet-infracloud/hiera/common_baremetal.yaml +++ /dev/null @@ -1,174 +0,0 @@ ---- -keystone_rabbit_password: pass -neutron_rabbit_password: pass -nova_rabbit_password: pass -root_mysql_password: pass -keystone_mysql_password: pass -glance_mysql_password: pass -neutron_mysql_password: pass -nova_mysql_password: pass -keystone_admin_password: pass -glance_admin_password: pass -neutron_admin_password: pass -nova_admin_password: pass -keystone_admin_token: token -ssl_key_file_contents: | - -----BEGIN PRIVATE KEY----- - MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0YX6wsA/Jhe3q - ByoiLsyagO5rOCIyzDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulb - GnB6A0GlT3YXuaKPucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK9 - 43G545aBZSGlUnVfFg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UU - TzrH2SL6Nhl7i+AenuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF - 37fsWxxxEX8a6gtGYEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeD - jEHey3UJAgMBAAECggEAGqapBEwPGRRbsY87b2+AtXdFQrw5eU3pj4jCr3dk4o1o - uCbiqxNgGnup4VRT2hmtkKF8O4jj/p1JozdF1RE0GsuhxCGeXiPxrwFfWSyQ28Ou - AWJ6O/njlVZRTTXRzbLyZEOEgWNEdJMfCsVXIUL6EsYxcW68fr8QtExAo0gSzvwe - IVyhopBy4A1jr5jWqjjlgJhoTHQCkp1e9pHiaW5WWHtk2DFdy6huw5PoDRppG42P - soMzqHy9AIWXrYaTGNjyybdJvbaiF0X5Bkr6k8ZxMlRuEb3Vpyrj7SsBrUifRJM3 - +yheSq3drdQHlw5VrukoIgXGYB4zAQq3LndLoL5YTQKBgQDlzz/hB1IuGOKBXRHy - p0j+Lyoxt5EiOW2mdEkbTUYyYnD9EDbJ0wdQ5ijtWLw0J3AwhASkH8ZyljOVHKlY - Sq2Oo/uroIH4M8cVIBOJQ2/ak98ItLZ1OMMnDxlZva52jBfYwOEkg6OXeLOLmay6 - ADfxQ56RFqreVHi9J0/jvpn9UwKBgQDI8CZrM4udJTP7gslxeDcRZw6W34CBBFds - 49d10Tfd05sysOludzWAfGFj27wqIacFcIyYQmnSga9lBhowv+RwdSjcb2QCCjOb - b2GdH+qSFU8BTOcd5FscCBV3U8Y1f/iYp0EQ1/GiG2AYcQC67kjWOO4/JZEXsmtq - LisFlWTcswKBgQCC/bs/nViuhei2LELKuafVmzTF2giUJX/m3Wm+cjGNDqew18kj - CXKmHks93tKIN+KvBNFQa/xF3G/Skt/EP+zl3XravUbYH0tfM0VvfE0JnjgHUlqe - PpiebvDYQlJrqDb/ihHLKm3ZLSfKbvIRo4Y/s3dy5CTJTgT0bLAQ9Nf5mQKBgGqb - Dqb9d+rtnACqSNnMn9q5xIHDHlhUx1VcJCm70Fn+NG7WcWJMGLSMSNdD8zafGA/I - wK7fPWmTqEx+ylJm3HnVjtI0vuheJTcoBq/oCPlsGLhl5pBzYOskVs8yQQyNUoUa - 52haSTZqM7eD7JFAbqBJIA2cjrf1zwtMZ0LVGegFAoGBAIFSkI+y4tDEEaSsxrMM - OBYEZDkffVar6/mDJukvyn0Q584K3I4eXIDoEEfMGgSN2Tza6QamuNFxOPCH+AAv - UKvckK4yuYkc7mQIgjCE8N8UF4kgsXjPek61TZT1QVI1aYFb78ZAZ0miudqWkx4t - YSNDj7llArylrPGHBLQ38X4/ - -----END PRIVATE KEY----- -ssl_cert_file_contents: | - -----BEGIN CERTIFICATE----- - MIIDcTCCAlmgAwIBAgIJAJsHSxF0u/oaMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV - BAYTAlVTMQ4wDAYDVQQHDAVXb3JsZDEOMAwGA1UECgwFT1BORlYxIDAeBgNVBAMM - F2NvbnRyb2xsZXIwMC5vcG5mdmxvY2FsMB4XDTE2MDgxNzE2MzQwOFoXDTE3MDgx - NzE2MzQwOFowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAcMBVdvcmxkMQ4wDAYDVQQK - DAVPUE5GVjEgMB4GA1UEAwwXY29udHJvbGxlcjAwLm9wbmZ2bG9jYWwwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YX6wsA/Jhe3qByoiLsyagO5rOCIy - zDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulbGnB6A0GlT3YXuaKP - ucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK943G545aBZSGlUnVf - Fg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UUTzrH2SL6Nhl7i+Ae - nuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF37fsWxxxEX8a6gtG - YEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeDjEHey3UJAgMBAAGj - UDBOMB0GA1UdDgQWBBQyFVbU5s2ihD0hX3W7GyHiHZGG1TAfBgNVHSMEGDAWgBQy - FVbU5s2ihD0hX3W7GyHiHZGG1TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA - A4IBAQB+xf7I9RVWzRNjMbWBDE6pBvOWnSksv7Jgr4cREvyOxBDaIoO3uQRDDu6r - RCgGs1CuwEaFX1SS/OVrKRFiy9kCU/LBZEFwaHRaL2Kj57Z2yNInPIiKB4h9jen2 - 75fYrpq42XUDSI0NpsqAJpmcQqXOOo8V08FlH0/6h8mWdsfQfbyaf+g73+aRZds8 - Q4ttmBrqY4Pi5CJW46w7LRCA5o92Di3GI9dAh9MVZ3023cTTjDkW04QbluphuTFj - O07Npz162/fHTXut+piV78t+1HlfYWY5TOSQMIVwenftA/Bn8+TQAgnLR+nGo/wu - oEaxLtj3Jr07+yIjL88ewT+c3fpq - -----END CERTIFICATE----- -infracloud_mysql_password: pass -opnfv_password: pass - -rabbitmq::package_gpg_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc' -rabbitmq::repo::apt::key: '0A9AF2115F4687BD29803A206B73A36E6026DFCA' - -hosts: - jumphost.opnfvlocal: - ip: 172.30.13.89 - controller00.opnfvlocal: - ip: 172.30.13.90 - compute00.opnfvlocal: - ip: 172.30.13.91 - -# settings for bifrost -bridge_name: br_opnfv -ironic_db_password: pass -bifrost_mysql_password: pass -bifrost_ssh_private_key: | - -----BEGIN RSA PRIVATE KEY----- - MIIEowIBAAKCAQEAvwr2LbfJQuKZDOQse+DQHX84c9LCHvQfy0pu15JkiLM5dUtx - hLr/5fxSzblubS4WkNZVsGTtUp51f8yoQyltqquGlVfUf0GO+PCLaRp0arhli0Rl - sAGatI12amnrVap82jINiKQRO+UnF97z2hiB35Zxko4jSaPOOiL48DEKowZHL2Ja - jjUt6dXcaNotXNaKZpcxz92gdZhFOPU8BrJ/mI9k9u6QI/4qLG/WzW4frHLigA1t - OrZ3Nnu3tloWNsS1lh71KRfEv46VD8tCAZfXqJtjdH4Z4AUO++CLF/K4zXhIoFqU - Wf8aS64YzoaAfnJ+jUwKs92dVjuFtbEk+t2YLQIDAQABAoIBAQCAr++YaD6oUV9r - caANaiiGVhY+3u9oTmXEWMVFbRVPh/riaglzsUuDLm7QqWIbJXqJ4fcitTmv95GK - nt+RLizzVEt5+gnoFs8qHU6rY+ibos6z+0TMRKhjiw8DK4oc0JT9nc3EB1CcmgW1 - bLeyZ+PEKuEiKaDXkAHw43HwyfgyS3Lc90TSaLj3P7egsBuhx1Yy+wgyiPQ/bF0b - OBLHHK+nwYLGAq25n/+zA7XAndc2OQd4KzUJcvjyND+IMYnzEbeFH36UcFqbvgGu - nR55yIrCxsxcJhhT2slMNtg/xCmo3Jzz1kNBtwbNBik4/5Lkckny0xhQl+h7vz9U - +cKjwfK5AoGBAPSy/JHMeQ5/rzbA5LAZhVa/Yc4B5datkwLNg6mh4CzMabJs8AKd - de05XB/Nq6Hfp8Aa7zLt2GIb3iqF6w/y+j8YAXS2KQD8/HDs2/9Oxr512kfssk5D - dcpTqeIFetzM9pqnctVXBGlbz0QLeL+lT3kXY00+CBm6LjEv8dsPxZr3AoGBAMfd - nDnTjUVZ+sRpTBDM3MhKLMETxNWNDaozL+SgpYQwtKlSTfQVdFcM66a8qCFjQFsc - /6AjL0bjCA5u859IoQ4ValD0vgkyLHdEN0P1Grf3MK8kjOW1A1s1i2FY6U0z9AM2 - zsUCA9bB5A9wwxwofoa8VkaDpVSMITbakVoNxJj7AoGAImcft2fmBTHScoJAJLoR - 0xZpK8t8gug4aQZ34luN5v5+RcWnINb+g3GzEA2cec+2B/5BbwmdiH2eiJ/3YnCo - 2kIHwl7x+N+Ypk/GxmhO7Owo2j/e+b3mS6HjmpFmqrBuY2PzcyceyalMxKZQPbGC - MOYm4e88uFFCuUuiV0gqYhUCgYBmSFhCE6yxeCnoSEbgNicq7SLYMIjEDOqYVpfE - 9h2ed9qM6IzyQ+SFBBy4+MVGSOfPeRis2DTCnz8pO8i7lEyvy2/cPFPgmue8pZFu - 2smwqfUlPJxKlgdArzdEO18x3kubNXo9whk614EiEcAX8fVGeK3iak665Pe+fb5z - Cqa47wKBgDp3/dgtMneoePKNefy4a9vp5y4XKviC6GOrr0xpEM2ptZ+I7mUJcACN - KbaW0dPgtS1cApelmF73IAJRYbKMW7lQzql61IoGw4pGTIMPKerqRs/hTWYPZiSG - QHWf3iTV5uQr6cSRoUgkAUHVw2KTGad41RAhDp352iakZuNNBFga - -----END RSA PRIVATE KEY----- -bifrost_ssh_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/CvYtt8lC4pkM5Cx74NAdfzhz0sIe9B/LSm7XkmSIszl1S3GEuv/l/FLNuW5tLhaQ1lWwZO1SnnV/zKhDKW2qq4aVV9R/QY748ItpGnRquGWLRGWwAZq0jXZqaetVqnzaMg2IpBE75ScX3vPaGIHflnGSjiNJo846IvjwMQqjBkcvYlqONS3p1dxo2i1c1opmlzHP3aB1mEU49TwGsn+Yj2T27pAj/iosb9bNbh+scuKADW06tnc2e7e2WhY2xLWWHvUpF8S/jpUPy0IBl9eom2N0fhngBQ774IsX8rjNeEigWpRZ/xpLrhjOhoB+cn6NTAqz3Z1WO4W1sST63Zgt yolanda@trasto -infracloud_vlan: 415 -infracloud_gateway_ip: 172.30.13.1 -default_network_interface: eno3 -dhcp_static_mask: 255.255.255.128 -dhcp_pool_start: 10.20.0.130 -dhcp_pool_end: 10.20.0.254 -network_interface: eth1 -ipv4_nameserver: 8.8.8.8 -ipv4_subnet_mask: 255.255.255.0 -ipv4_gateway: 172.30.13.1 -ironic_inventory: - controller00.opnfvlocal: - driver: agent_ipmitool - driver_info: - power: - ipmi_address: 172.30.8.90 - ipmi_username: admin - provisioning_ipv4_address: 10.20.0.130 - ipv4_address: 172.30.13.90 - ansible_ssh_host: 172.30.13.90 - ipv4_gateway: 172.30.13.1 - ipv4_interface_mac: 00:1e:67:f6:9b:35 - ipv4_subnet_mask: 255.255.255.192 - name: controller00.opnfvlocal - nics: - - mac: a4:bf:01:01:a9:fc - - mac: 00:1e:67:f6:9b:35 - properties: - cpu_arch: x86_64 - cpus: '44' - disk_size: '1800' - ram: '65536' - uuid: 00a22849-2442-e511-906e-0012795d96dd - compute00.opnfvlocal: - driver: agent_ipmitool - driver_info: - power: - ipmi_address: 172.30.8.91 - ipmi_username: admin - provisioning_ipv4_address: 10.20.0.131 - ipv4_address: 172.30.13.91 - ansible_ssh_host: 172.30.13.91 - ipv4_gateway: 172.30.13.1 - ipv4_interface_mac: 00:1e:67:f6:9b:37 - ipv4_subnet_mask: 255.255.255.0 - name: compute00.opnfvlocal - nics: - - mac: a4:bf:01:01:a9:d4 - - mac: 00:1e:67:f6:9b:37 - properties: - cpu_arch: x86_64 - cpus: '44' - disk_size: '1800' - ram: '65536' - uuid: 0051e926-f242-e511-906e-0012795d96dd -ipmi_passwords: {'172.30.8.90': 'octopus', '172.30.8.91': 'octopus'} -neutron_subnet_cidr: '172.30.13.0/24' -neutron_subnet_gateway: '172.30.13.1' -neutron_subnet_allocation_pools: - - 'start=172.30.13.100,end=172.30.13.254' -virt_type: 'kvm' -dib_dev_user_password: devuser diff --git a/puppet-infracloud/install_modules.sh b/puppet-infracloud/install_modules.sh deleted file mode 100755 index 5d5acd9c..00000000 --- a/puppet-infracloud/install_modules.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# Copyright 2014 OpenStack Foundation. -# Copyright 2014 Hewlett-Packard Development Company, L.P. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - -MODULE_PATH=`puppet config print modulepath | cut -d ':' -f 1` -SCRIPT_NAME=$(basename $0) -SCRIPT_DIR=$(readlink -f "$(dirname $0)") -JUST_CLONED=0 - -function remove_module { - local SHORT_MODULE_NAME=$1 - if [ -n "$SHORT_MODULE_NAME" ]; then - rm -Rf "$MODULE_PATH/$SHORT_MODULE_NAME" - else - echo "ERROR: remove_module requires a SHORT_MODULE_NAME." - fi -} - -function git_clone { - local MOD=$1 - local DEST=$2 - - JUST_CLONED=1 - for attempt in $(seq 0 3); do - clone_error=0 - git clone $MOD $DEST && break || true - rm -rf $DEST - clone_error=1 - done - return $clone_error -} - -# Array of modules to be installed key:value is module:version. -declare -A MODULES - -# Array of modues to be installed from source and without dependency resolution. -# key:value is source location, revision to checkout -declare -A SOURCE_MODULES - -# Array of modues to be installed from source and without dependency resolution from openstack git -# key:value is source location, revision to checkout -declare -A INTEGRATION_MODULES - -# load modules.env to populate MODULES[*] and SOURCE_MODULES[*] -# for processing. -MODULE_ENV_FILE=${MODULE_FILE:-modules.env} -MODULE_ENV_PATH=${MODULE_ENV_PATH:-${SCRIPT_DIR}} -if [ -f "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" ] ; then - . "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" -fi - -if [ -z "${!MODULES[*]}" ] && [ -z "${!SOURCE_MODULES[*]}" ] ; then - echo "" - echo "WARNING: nothing to do, unable to find MODULES or SOURCE_MODULES" - echo " export options, try setting MODULE_ENV_PATH or MODULE_ENV_FILE" - echo " export to the proper location of modules.env file." - echo "" - exit 0 -fi - -MODULE_LIST=`puppet module list --color=false` - -# Install modules from source -for MOD in ${!SOURCE_MODULES[*]} ; do - JUST_CLONED=0 - # get the name of the module directory - if [ `echo $MOD | awk -F. '{print $NF}'` = 'git' ]; then - echo "Remote repos of the form repo.git are not supported: ${MOD}" - exit 1 - fi - - MODULE_NAME=`echo $MOD | awk -F- '{print $NF}'` - - # set up git base command to use the correct path - GIT_CMD_BASE="git --git-dir=${MODULE_PATH}/${MODULE_NAME}/.git --work-tree ${MODULE_PATH}/${MODULE_NAME}" - # treat any occurrence of the module as a match - if ! echo $MODULE_LIST | grep "${MODULE_NAME}" >/dev/null 2>&1; then - # clone modules that are not installed - git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" - else - if [ ! -d ${MODULE_PATH}/${MODULE_NAME}/.git ]; then - echo "Found directory ${MODULE_PATH}/${MODULE_NAME} that is not a git repo, deleting it and reinstalling from source" - remove_module $MODULE_NAME - git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" - elif [ `${GIT_CMD_BASE} remote show origin | grep 'Fetch URL' | awk -F'URL: ' '{print $2}'` != $MOD ]; then - echo "Found remote in ${MODULE_PATH}/${MODULE_NAME} that does not match desired remote ${MOD}, deleting dir and re-cloning" - remove_module $MODULE_NAME - git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" - fi - fi - - # fetch the latest refs from the repo - if [[ $JUST_CLONED -eq 0 ]] ; then - # If we just cloned the repo, we do not need to remote update - for attempt in $(seq 0 3); do - clone_error=0 - $GIT_CMD_BASE remote update && break || true - clone_error=1 - done - if [[ $clone_error -ne 0 ]] ; then - exit $clone_error - fi - fi - # make sure the correct revision is installed, I have to use rev-list b/c rev-parse does not work with tags - if [ `${GIT_CMD_BASE} rev-list HEAD --max-count=1` != `${GIT_CMD_BASE} rev-list ${SOURCE_MODULES[$MOD]} --max-count=1` ]; then - # checkout correct revision - $GIT_CMD_BASE checkout ${SOURCE_MODULES[$MOD]} - fi -done diff --git a/puppet-infracloud/install_puppet.sh b/puppet-infracloud/install_puppet.sh deleted file mode 100755 index ae259448..00000000 --- a/puppet-infracloud/install_puppet.sh +++ /dev/null @@ -1,297 +0,0 @@ -#!/bin/bash -x - -# Copyright 2013 OpenStack Foundation. -# Copyright 2013 Hewlett-Packard Development Company, L.P. -# Copyright 2013 Red Hat, Inc. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. - - -# -# Distro identification functions -# note, can't rely on lsb_release for these as we're bare-bones and -# it may not be installed yet) - - -function is_fedora { - [ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora" -} - -function is_rhel7 { - [ -f /usr/bin/yum ] && \ - cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \ - cat /etc/*release | grep -q 'release 7' -} - -function is_ubuntu { - [ -f /usr/bin/apt-get ] -} - -function is_opensuse { - [ -f /usr/bin/zypper ] && \ - cat /etc/os-release | grep -q -e "openSUSE" -} - -function is_gentoo { - [ -f /usr/bin/emerge ] -} - -# dnf is a drop-in replacement for yum on Fedora>=22 -YUM=yum -if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then - YUM=dnf -fi - - -# -# Distro specific puppet installs -# - -function _systemd_update { - # there is a bug (rhbz#1261747) where systemd can fail to enable - # services due to selinux errors after upgrade. A work-around is - # to install the latest version of selinux and systemd here and - # restart the daemon for good measure after it is upgraded. - $YUM install -y selinux-policy - $YUM install -y systemd - systemctl daemon-reload -} - -function setup_puppet_fedora { - _systemd_update - - $YUM update -y - - # NOTE: we preinstall lsb_release here to ensure facter sets - # lsbdistcodename - # - # Fedora declares some global hardening flags, which distutils - # pick up when building python modules. redhat-rpm-config - # provides the required config options. Really this should be a - # dependency of python-devel (fix in the works, see - # https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be - # removed when that is sorted out. - - $YUM install -y redhat-lsb-core git puppet \ - redhat-rpm-config - - mkdir -p /etc/puppet/modules/ - - # Puppet expects the pip command named as pip-python on - # Fedora, as per the packaged command name. However, we're - # installing from get-pip.py so it's just 'pip'. An easy - # work-around is to just symlink pip-python to "fool" it. - # See upstream issue: - # https://tickets.puppetlabs.com/browse/PUP-1082 - ln -fs /usr/bin/pip /usr/bin/pip-python - # Wipe out templatedir so we don't get warnings about it - sed -i '/templatedir/d' /etc/puppet/puppet.conf - - # upstream is currently looking for /run/systemd files to check - # for systemd. This fails in a chroot where /run isn't mounted - # (like when using dib). Comment out this confine as fedora - # always has systemd - # see - # https://github.com/puppetlabs/puppet/pull/4481 - # https://bugzilla.redhat.com/show_bug.cgi?id=1254616 - sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \ - /usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb - - # upstream "requests" pip package vendors urllib3 and chardet - # packages. The fedora packages un-vendor this, and symlink those - # sub-packages back to packaged versions. We get into a real mess - # of if some of the puppet ends up pulling in "requests" from pip, - # and then something like devstack does a "yum install - # python-requests" which does a very bad job at overwriting the - # pip-installed version (symlinks and existing directories don't - # mix). A solution is to pre-install the python-requests - # package; clear it out and re-install from pip. This way, the - # package is installed for dependencies, and we have a pip-managed - # requests with correctly vendored sub-packages. - sudo ${YUM} install -y python2-requests - sudo rm -rf /usr/lib/python2.7/site-packages/requests/* - sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info - sudo pip install requests -} - -function setup_puppet_rhel7 { - local puppet_pkg="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm" - - # install a bootstrap epel repo to install latest epel-release - # package (which provides correct gpg keys, etc); then remove - # boostrap - cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF -[epel-bootstrap] -name=Bootstrap EPEL -mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch -failovermethod=priority -enabled=0 -gpgcheck=0 -EOF - yum --enablerepo=epel-bootstrap -y install epel-release - rm -f /etc/yum.repos.d/epel-bootstrap.repo - - _systemd_update - yum update -y - - # NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename - yum install -y redhat-lsb-core git puppet - - rpm -ivh $puppet_pkg - - # see comments in setup_puppet_fedora - ln -s /usr/bin/pip /usr/bin/pip-python - # Wipe out templatedir so we don't get warnings about it - sed -i '/templatedir/d' /etc/puppet/puppet.conf - - # install RDO repo as well; this covers a few things like - # openvswitch that aren't available for EPEL - yum install -y https://rdoproject.org/repos/rdo-release.rpm -} - -function setup_puppet_ubuntu { - if ! which lsb_release > /dev/null 2<&1 ; then - DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \ - --assume-yes install -y --force-yes lsb-release - fi - - lsbdistcodename=`lsb_release -c -s` - if [ $lsbdistcodename != 'trusty' ] ; then - rubypkg=rubygems - else - rubypkg=ruby - fi - - - PUPPET_VERSION=3.* - PUPPETDB_VERSION=2.* - FACTER_VERSION=2.* - - cat > /etc/apt/preferences.d/00-puppet.pref <<EOF -Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger -Pin: version $PUPPET_VERSION -Pin-Priority: 501 - -Package: puppetdb puppetdb-terminus -Pin: version $PUPPETDB_VERSION -Pin-Priority: 501 - -Package: facter -Pin: version $FACTER_VERSION -Pin-Priority: 501 -EOF - - # NOTE(pabelanger): Puppetlabs does not support ubuntu xenial. Instead use - # the version of puppet ship by xenial. - if [ $lsbdistcodename != 'xenial' ]; then - puppet_deb=puppetlabs-release-${lsbdistcodename}.deb - if type curl >/dev/null 2>&1; then - curl -O http://apt.puppetlabs.com/$puppet_deb - else - wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb - fi - dpkg -i $puppet_deb - rm $puppet_deb - fi; - - apt-get update - DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \ - --assume-yes dist-upgrade - DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \ - --assume-yes install -y --force-yes puppet git $rubypkg - # Wipe out templatedir so we don't get warnings about it - sed -i '/templatedir/d' /etc/puppet/puppet.conf -} - -function setup_puppet_opensuse { - local version=`grep -e "VERSION_ID" /etc/os-release | tr -d "\"" | cut -d "=" -f2` - zypper ar http://download.opensuse.org/repositories/systemsmanagement:/puppet/openSUSE_${version}/systemsmanagement:puppet.repo - zypper -v --gpg-auto-import-keys --no-gpg-checks -n ref - zypper --non-interactive in --force-resolution puppet - # Wipe out templatedir so we don't get warnings about it - sed -i '/templatedir/d' /etc/puppet/puppet.conf -} - -function setup_puppet_gentoo { - echo yes | emaint sync -a - emerge -q --jobs=4 puppet-agent - sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf -} - -# -# pip setup -# - -function setup_pip { - # Install pip using get-pip - local get_pip_url=https://bootstrap.pypa.io/get-pip.py - local ret=1 - - if [ -f ./get-pip.py ]; then - ret=0 - elif type curl >/dev/null 2>&1; then - curl -O $get_pip_url - ret=$? - elif type wget >/dev/null 2>&1; then - wget $get_pip_url - ret=$? - fi - - if [ $ret -ne 0 ]; then - echo "Failed to get get-pip.py" - exit 1 - fi - - if is_opensuse; then - zypper --non-interactive in --force-resolution python python-xml - fi - - python get-pip.py - rm get-pip.py - - # we are about to overwrite setuptools, but some packages we - # install later might depend on the python-setuptools package. To - # avoid later conflicts, and because distro packages don't include - # enough info for pip to certain it can fully uninstall the old - # package, for safety we clear it out by hand (this seems to have - # been a problem with very old to new updates, e.g. centos6 to - # current-era, but less so for smaller jumps). There is a bit of - # chicken-and-egg problem with pip in that it requires setuptools - # for some operations, such as wheel creation. But just - # installing setuptools shouldn't require setuptools itself, so we - # are safe for this small section. - if is_rhel7 || is_fedora; then - yum install -y python-setuptools - rm -rf /usr/lib/python2.7/site-packages/setuptools* - fi - - pip install -U setuptools -} - -setup_pip - -if is_fedora; then - setup_puppet_fedora -elif is_rhel7; then - setup_puppet_rhel7 -elif is_ubuntu; then - setup_puppet_ubuntu -elif is_opensuse; then - setup_puppet_opensuse -elif is_gentoo; then - setup_puppet_gentoo -else - echo "*** Can not setup puppet: distribution not recognized" - exit 1 -fi - diff --git a/puppet-infracloud/manifests/site.pp b/puppet-infracloud/manifests/site.pp deleted file mode 100644 index 3483b06e..00000000 --- a/puppet-infracloud/manifests/site.pp +++ /dev/null @@ -1,104 +0,0 @@ -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2016 RedHat and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -node 'controller00.opnfvlocal' { - $group = 'infracloud' - include ::sudoers - - class { '::opnfv::server': - iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone - sysadmins => hiera('sysadmins', []), - enable_unbound => false, - purge_apt_sources => false, - } - class { '::opnfv::controller': - keystone_rabbit_password => hiera('keystone_rabbit_password'), - neutron_rabbit_password => hiera('neutron_rabbit_password'), - nova_rabbit_password => hiera('nova_rabbit_password'), - root_mysql_password => hiera('infracloud_mysql_password'), - keystone_mysql_password => hiera('keystone_mysql_password'), - glance_mysql_password => hiera('glance_mysql_password'), - neutron_mysql_password => hiera('neutron_mysql_password'), - nova_mysql_password => hiera('nova_mysql_password'), - keystone_admin_password => hiera('keystone_admin_password'), - glance_admin_password => hiera('glance_admin_password'), - neutron_admin_password => hiera('neutron_admin_password'), - nova_admin_password => hiera('nova_admin_password'), - keystone_admin_token => hiera('keystone_admin_token'), - ssl_key_file_contents => hiera('ssl_key_file_contents'), - ssl_cert_file_contents => hiera('ssl_cert_file_contents'), - br_name => hiera('bridge_name'), - controller_public_address => $::fqdn, - neutron_subnet_cidr => hiera('neutron_subnet_cidr'), - neutron_subnet_gateway => hiera('neutron_subnet_gateway'), - neutron_subnet_allocation_pools => hiera('neutron_subnet_allocation_pools'), - opnfv_password => hiera('opnfv_password'), - require => Class['::opnfv::server'], - } -} - -node 'compute00.opnfvlocal' { - $group = 'infracloud' - include ::sudoers - - class { '::opnfv::server': - sysadmins => hiera('sysadmins', []), - enable_unbound => false, - purge_apt_sources => false, - } - - class { '::opnfv::compute': - nova_rabbit_password => hiera('nova_rabbit_password'), - neutron_rabbit_password => hiera('neutron_rabbit_password'), - neutron_admin_password => hiera('neutron_admin_password'), - ssl_cert_file_contents => hiera('ssl_cert_file_contents'), - ssl_key_file_contents => hiera('ssl_key_file_contents'), - br_name => hiera('bridge_name'), - controller_public_address => 'controller00.opnfvlocal', - virt_type => hiera('virt_type'), - require => Class['::opnfv::server'], - } -} - -node 'jumphost.opnfvlocal' { - class { '::opnfv::server': - sysadmins => hiera('sysadmins', []), - enable_unbound => false, - purge_apt_sources => false, - } -} - -node 'baremetal.opnfvlocal', 'lfpod5-jumpserver' { - class { '::opnfv::server': - iptables_public_udp_ports => [67, 69], - sysadmins => hiera('sysadmins', []), - enable_unbound => false, - purge_apt_sources => false, - } - - class { '::infracloud::bifrost': - ironic_inventory => hiera('ironic_inventory', {}), - ironic_db_password => hiera('ironic_db_password'), - mysql_password => hiera('bifrost_mysql_password'), - ipmi_passwords => hiera('ipmi_passwords'), - ssh_private_key => hiera('bifrost_ssh_private_key'), - ssh_public_key => hiera('bifrost_ssh_public_key'), - vlan => hiera('infracloud_vlan'), - gateway_ip => hiera('infracloud_gateway_ip'), - default_network_interface => hiera('default_network_interface'), - dhcp_static_mask => hiera('dhcp_static_mask'), - dhcp_pool_start => hiera('dhcp_pool_start'), - dhcp_pool_end => hiera('dhcp_pool_end'), - network_interface => hiera('network_interface'), - ipv4_nameserver => hiera('ipv4_nameserver'), - ipv4_subnet_mask => hiera('ipv4_subnet_mask'), - bridge_name => hiera('bridge_name'), - dib_dev_user_password => hiera('dib_dev_user_password'), - require => Class['::opnfv::server'], - } -} diff --git a/puppet-infracloud/modules.env b/puppet-infracloud/modules.env deleted file mode 100644 index 9c07ec9b..00000000 --- a/puppet-infracloud/modules.env +++ /dev/null @@ -1,84 +0,0 @@ -# Copyright 2014 OpenStack Foundation. -# Copyright 2016 RedHat. -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. You may obtain -# a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# load additional modules from modules.env -# modules.env should exist in the same folder as install_modules.sh -# -# - use export MODULE_FILE to specify an alternate config -# when calling install_modules.sh. -# This allows for testing environments that are configured with alternate -# module configuration. - -# Source modules should use tags, explicit refs or remote branches because -# we do not update local branches in this script. -# Keep sorted - -OPENSTACK_GIT_ROOT=https://git.openstack.org - -# InfraCloud modules -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-cinder"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-glance"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-ironic"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-keystone"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-neutron"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-nova"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstack_extras"]="origin/stable/mitaka" -SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstacklib"]="origin/stable/mitaka" - -SOURCE_MODULES["https://git.openstack.org/openstack-infra/puppet-vcsrepo"]="0.0.8" -SOURCE_MODULES["https://github.com/duritong/puppet-sysctl"]="v0.0.11" -SOURCE_MODULES["https://github.com/nanliu/puppet-staging"]="1.0.0" -SOURCE_MODULES["https://github.com/jfryman/puppet-selinux"]="v0.2.5" -SOURCE_MODULES["https://github.com/maestrodev/puppet-wget"]="v1.6.0" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apache"]="1.8.1" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apt"]="2.1.0" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-concat"]="1.2.5" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-firewall"]="1.1.3" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-haproxy"]="1.5.0" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-inifile"]="1.1.3" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-mysql"]="3.6.2" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-ntp"]="3.2.1" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-rabbitmq"]="5.2.3" -SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-stdlib"]="4.10.0" -SOURCE_MODULES["https://github.com/rafaelfelix/puppet-pear"]="1.0.3" -SOURCE_MODULES["https://github.com/saz/puppet-memcached"]="v2.6.0" -SOURCE_MODULES["https://github.com/saz/puppet-timezone"]="v3.3.0" -SOURCE_MODULES["https://github.com/stankevich/puppet-python"]="1.9.4" -SOURCE_MODULES["https://github.com/vamsee/puppet-solr"]="0.0.8" -SOURCE_MODULES["https://github.com/voxpupuli/puppet-alternatives"]="0.3.0" -SOURCE_MODULES["https://github.com/voxpupuli/puppet-archive"]="v0.5.1" -SOURCE_MODULES["https://github.com/voxpupuli/puppet-git_resource"]="0.3.0" -SOURCE_MODULES["https://github.com/voxpupuli/puppet-nodejs"]="1.2.0" -SOURCE_MODULES["https://github.com/voxpupuli/puppet-puppetboard"]="2.4.0" - - -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ansible"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-httpd"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-infracloud"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-iptables"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-logrotate"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-pip"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-snmpd"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssh"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssl_cert_check"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-sudoers"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unbound"]="origin/master" -INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master" - -for MOD in ${!INTEGRATION_MODULES[*]}; do - SOURCE_MODULES[$MOD]=${INTEGRATION_MODULES[$MOD]} -done diff --git a/puppet-infracloud/modules/opnfv/manifests/compute.pp b/puppet-infracloud/modules/opnfv/manifests/compute.pp deleted file mode 100644 index ca548a5d..00000000 --- a/puppet-infracloud/modules/opnfv/manifests/compute.pp +++ /dev/null @@ -1,23 +0,0 @@ -class opnfv::compute ( - $nova_rabbit_password, - $neutron_rabbit_password, - $neutron_admin_password, - $ssl_cert_file_contents, - $ssl_key_file_contents, - $br_name, - $controller_public_address, - $virt_type = 'kvm', -) { - class { '::infracloud::compute': - nova_rabbit_password => $nova_rabbit_password, - neutron_rabbit_password => $neutron_rabbit_password, - neutron_admin_password => $neutron_admin_password, - ssl_cert_file_contents => $ssl_cert_file_contents, - ssl_key_file_contents => $ssl_key_file_contents, - br_name => $br_name, - controller_public_address => $controller_public_address, - virt_type => $virt_type, - } - -} - diff --git a/puppet-infracloud/modules/opnfv/manifests/controller.pp b/puppet-infracloud/modules/opnfv/manifests/controller.pp deleted file mode 100644 index 7522692c..00000000 --- a/puppet-infracloud/modules/opnfv/manifests/controller.pp +++ /dev/null @@ -1,85 +0,0 @@ -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2016 RedHat and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -class opnfv::controller ( - $keystone_rabbit_password, - $neutron_rabbit_password, - $nova_rabbit_password, - $root_mysql_password, - $keystone_mysql_password, - $glance_mysql_password, - $neutron_mysql_password, - $nova_mysql_password, - $glance_admin_password, - $keystone_admin_password, - $neutron_admin_password, - $nova_admin_password, - $keystone_admin_token, - $ssl_key_file_contents, - $ssl_cert_file_contents, - $br_name, - $controller_public_address = $::fqdn, - $neutron_subnet_cidr, - $neutron_subnet_gateway, - $neutron_subnet_allocation_pools, - $opnfv_password, - $opnfv_email = 'opnfvuser@gmail.com', -) { - class { '::infracloud::controller': - keystone_rabbit_password => $keystone_rabbit_password, - neutron_rabbit_password => $neutron_rabbit_password, - nova_rabbit_password => $nova_rabbit_password, - root_mysql_password => $root_mysql_password, - keystone_mysql_password => $keystone_mysql_password, - glance_mysql_password => $glance_mysql_password, - neutron_mysql_password => $neutron_mysql_password, - nova_mysql_password => $nova_mysql_password, - keystone_admin_password => $keystone_admin_password, - glance_admin_password => $glance_admin_password, - neutron_admin_password => $neutron_admin_password, - nova_admin_password => $nova_admin_password, - keystone_admin_token => $keystone_admin_token, - ssl_key_file_contents => $ssl_key_file_contents, - ssl_cert_file_contents => $ssl_cert_file_contents, - br_name => $br_name, - controller_public_address => $controller_public_address, - neutron_subnet_cidr => $neutron_subnet_cidr, - neutron_subnet_gateway => $neutron_subnet_gateway, - neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools, - } - - # create keystone creds - keystone_domain { 'opnfv': - ensure => present, - enabled => true, - } - - keystone_tenant { 'opnfv': - ensure => present, - enabled => true, - description => 'OPNFV cloud', - domain => 'opnfv', - require => Keystone_domain['opnfv'], - } - - keystone_user { 'opnfv': - ensure => present, - enabled => true, - domain => 'opnfv', - email => $opnfv_email, - password => $opnfv_password, - require => Keystone_tenant['opnfv'], - } - - keystone_role { 'user': ensure => present } - - keystone_user_role { 'opnfv::opnfv@opnfv::opnfv': - roles => [ 'user', 'admin', ], - } -} - diff --git a/puppet-infracloud/modules/opnfv/manifests/server.pp b/puppet-infracloud/modules/opnfv/manifests/server.pp deleted file mode 100644 index d167973c..00000000 --- a/puppet-infracloud/modules/opnfv/manifests/server.pp +++ /dev/null @@ -1,244 +0,0 @@ -# SPDX-license-identifier: Apache-2.0 -############################################################################## -# Copyright (c) 2016 RedHat and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -class opnfv::server ( - $iptables_public_tcp_ports = [], - $iptables_public_udp_ports = [], - $iptables_rules4 = [], - $iptables_rules6 = [], - $sysadmins = [], - $enable_unbound = true, - $purge_apt_sources = true, -) { - ########################################################### - # Classes for all hosts - - include snmpd - - class { 'iptables': - public_tcp_ports => $iptables_public_tcp_ports, - public_udp_ports => $iptables_public_udp_ports, - rules4 => $iptables_rules4, - rules6 => $iptables_rules6, - } - - class { 'timezone': - timezone => 'Etc/UTC', - } - - if ($enable_unbound) { - class { 'unbound': - install_resolv_conf => $install_resolv_conf - } - } - - if ($::in_chroot) { - notify { 'rsyslog in chroot': - message => 'rsyslog not refreshed, running in chroot', - } - $rsyslog_notify = [] - } else { - service { 'rsyslog': - ensure => running, - enable => true, - hasrestart => true, - require => Package['rsyslog'], - } - $rsyslog_notify = [ Service['rsyslog'] ] - } - - ########################################################### - # System tweaks - - # Increase syslog message size in order to capture - # python tracebacks with syslog. - file { '/etc/rsyslog.d/99-maxsize.conf': - ensure => present, - # Note MaxMessageSize is not a puppet variable. - content => '$MaxMessageSize 6k', - owner => 'root', - group => 'root', - mode => '0644', - notify => $rsyslog_notify, - require => Package['rsyslog'], - } - - # We don't like byobu - file { '/etc/profile.d/Z98-byobu.sh': - ensure => absent, - } - - if $::osfamily == 'Debian' { - - # Ubuntu installs their whoopsie package by default, but it eats through - # memory and we don't need it on servers - package { 'whoopsie': - ensure => absent, - } - - package { 'popularity-contest': - ensure => absent, - } - } - - ########################################################### - # Package resources for all operating systems - - package { 'at': - ensure => present, - } - - package { 'lvm2': - ensure => present, - } - - package { 'strace': - ensure => present, - } - - package { 'tcpdump': - ensure => present, - } - - package { 'rsyslog': - ensure => present, - } - - package { 'git': - ensure => present, - } - - package { 'rsync': - ensure => present, - } - - case $::osfamily { - 'RedHat': { - $packages = ['parted', 'puppet', 'wget', 'iputils'] - $user_packages = ['emacs-nox', 'vim-enhanced'] - $update_pkg_list_cmd = '' - } - 'Debian': { - $packages = ['parted', 'puppet', 'wget', 'iputils-ping'] - case $::operatingsystemrelease { - /^(12|14)\.(04|10)$/: { - $user_packages = ['emacs23-nox', 'vim-nox', 'iftop', - 'sysstat', 'iotop'] - } - default: { - $user_packages = ['emacs-nox', 'vim-nox'] - } - } - $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;' - } - default: { - fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).") - } - } - package { $packages: - ensure => present - } - - ########################################################### - # Package resources for specific operating systems - - case $::osfamily { - 'Debian': { - # Purge and augment existing /etc/apt/sources.list if requested, and make - # sure apt-get update is run before any packages are installed - class { '::apt': - purge => { 'sources.list' => $purge_apt_sources } - } - - # Make sure dig is installed - package { 'dnsutils': - ensure => present, - } - } - 'RedHat': { - # Make sure dig is installed - package { 'bind-utils': - ensure => present, - } - } - } - - ########################################################### - # Manage ntp - - include '::ntp' - - if ($::osfamily == "RedHat") { - # Utils in ntp-perl are included in Debian's ntp package; we - # add it here for consistency. See also - # https://tickets.puppetlabs.com/browse/MODULES-3660 - package { 'ntp-perl': - ensure => present - } - # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for - # centos-7. Currently, ntpd explicitly require ntpdate to be running before - # the sync process can happen in ntpd. As a result, if ntpdate is not - # running, ntpd will start but fail to sync because of DNS is not properly - # setup. - package { 'ntpdate': - ensure => present, - } - service { 'ntpdate': - enable => true, - require => Package['ntpdate'], - } - } - - ########################################################### - # Manage python/pip - - $desired_virtualenv = '13.1.0' - class { '::pip': - optional_settings => { - 'extra-index-url' => '', - }, - manage_pip_conf => true, - } - - if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { - $virtualenv_ensure = $desired_virtualenv - } else { - $virtualenv_ensure = present - } - package { 'virtualenv': - ensure => $virtualenv_ensure, - provider => openstack_pip, - require => Class['pip'], - } - - # manage root ssh - if ! defined(File['/root/.ssh']) { - file { '/root/.ssh': - ensure => directory, - mode => '0700', - } - } - - # ensure that we have non-pass sudo, and - # not require tty - file_line { 'sudo_rule_no_pw': - path => '/etc/sudoers', - line => '%wheel ALL=(ALL) NOPASSWD: ALL', - } - file_line { 'sudo_rule_notty': - path => '/etc/sudoers', - line => 'Defaults requiretty', - match => '.*requiretty.*', - match_for_absence => true, - ensure => absent, - multiple => true, - } - - # update hosts - create_resources('host', hiera_hash('hosts')) -} |