summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYolanda Robla Mota <yroblamo@redhat.com>2016-08-18 10:45:31 +0200
committerFatih Degirmenci <fatih.degirmenci@ericsson.com>2016-08-23 12:42:04 +0000
commit817187f7c60abbb81522e6215d268fd659a7c714 (patch)
tree0efba32aceaad83e3d7727c2f9884fa97ff7222f
parent2d159fc0fc7c2b0cd4c911e30f83a4713ee0a2dc (diff)
Add initial puppet and hiera files
Include the basic site.pp and initial modules, as long as default hieras, to manage opnfv infracloud. Change-Id: I891bc414b102257534f1d28df8299bf41c12e8f2 Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>
-rw-r--r--prototypes/puppet-infracloud/README.md52
-rw-r--r--prototypes/puppet-infracloud/creds/clouds.yaml12
-rw-r--r--prototypes/puppet-infracloud/hiera/common.yaml77
-rwxr-xr-xprototypes/puppet-infracloud/install_modules.sh121
-rw-r--r--prototypes/puppet-infracloud/manifests/site.pp63
-rw-r--r--prototypes/puppet-infracloud/modules.env81
-rw-r--r--prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp23
-rw-r--r--prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp85
-rw-r--r--prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp222
9 files changed, 736 insertions, 0 deletions
diff --git a/prototypes/puppet-infracloud/README.md b/prototypes/puppet-infracloud/README.md
new file mode 100644
index 000000000..f3bd67279
--- /dev/null
+++ b/prototypes/puppet-infracloud/README.md
@@ -0,0 +1,52 @@
+===============================
+How to deploy puppet-infracloud
+===============================
+The manifest and mmodules defined on this repo will deploy an OpenStack cloud based on `Infra Cloud <http://docs.openstack.org/infra/system-config/infra-cloud.html>`_ project.
+
+Once all the hardware is provisioned, enter in controller and compute nodes and follow these steps:
+
+1. Clone releng::
+
+ git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng
+
+2. Copy hiera to the right place::
+
+ cp /opt/releng/prototypes/puppet-infracloud/hiera/common.yaml /var/lib/hiera/
+
+3. Install modules::
+
+ cd /opt/releng/prototypes/puppet-infracloud
+ ./install_modules.sh
+
+4. Apply the infracloud manifest::
+
+ cd /opt/releng/prototypes/puppet-infracloud
+ puppet apply --manifests/site.pp --modulepath=/etc/puppet/modules:/opt/releng/prototypes/puppet-infracloud/modules
+
+5. Once you finish this operation on controller and compute nodes, you will have a functional OpenStack cloud.
+
+In jumphost, follow that steps:
+
+1. Clone releng::
+
+ git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng
+
+2. Create OpenStack clouds config directory:
+
+ mkdir -p /root/.config/openstack
+
+3. Copy credentials file::
+
+ cp /opt/releng/prototypes/puppet-infracloud/creds/clouds.yaml /root/.config/openstack/
+
+4. Install openstack-client:
+
+ pip install python-openstackclient
+
+5. Export the desired cloud::
+
+ export OS_CLOUD=opnfv
+
+6. Start using it::
+
+ openstack server list
diff --git a/prototypes/puppet-infracloud/creds/clouds.yaml b/prototypes/puppet-infracloud/creds/clouds.yaml
new file mode 100644
index 000000000..eb44db66c
--- /dev/null
+++ b/prototypes/puppet-infracloud/creds/clouds.yaml
@@ -0,0 +1,12 @@
+clouds:
+ opnfv:
+ verify: False
+ auth:
+ auth_url: https://controller00.opnfvlocal:5000
+ project_name: opnfv
+ username: opnfv
+ password: pass
+ identity_api_version: '3'
+ region_name: RegionOne
+ user_domain_name: opnfv
+ project_domain_name: opnfv
diff --git a/prototypes/puppet-infracloud/hiera/common.yaml b/prototypes/puppet-infracloud/hiera/common.yaml
new file mode 100644
index 000000000..6c28f1972
--- /dev/null
+++ b/prototypes/puppet-infracloud/hiera/common.yaml
@@ -0,0 +1,77 @@
+keystone_rabbit_password: pass
+neutron_rabbit_password: pass
+nova_rabbit_password: pass
+root_mysql_password: pass
+keystone_mysql_password: pass
+glance_mysql_password: pass
+neutron_mysql_password: pass
+nova_mysql_password: pass
+keystone_admin_password: pass
+glance_admin_password: pass
+neutron_admin_password: pass
+nova_admin_password: pass
+keystone_admin_token: token
+ssl_key_file_contents: |
+ -----BEGIN PRIVATE KEY-----
+ MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0YX6wsA/Jhe3q
+ ByoiLsyagO5rOCIyzDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulb
+ GnB6A0GlT3YXuaKPucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK9
+ 43G545aBZSGlUnVfFg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UU
+ TzrH2SL6Nhl7i+AenuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF
+ 37fsWxxxEX8a6gtGYEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeD
+ jEHey3UJAgMBAAECggEAGqapBEwPGRRbsY87b2+AtXdFQrw5eU3pj4jCr3dk4o1o
+ uCbiqxNgGnup4VRT2hmtkKF8O4jj/p1JozdF1RE0GsuhxCGeXiPxrwFfWSyQ28Ou
+ AWJ6O/njlVZRTTXRzbLyZEOEgWNEdJMfCsVXIUL6EsYxcW68fr8QtExAo0gSzvwe
+ IVyhopBy4A1jr5jWqjjlgJhoTHQCkp1e9pHiaW5WWHtk2DFdy6huw5PoDRppG42P
+ soMzqHy9AIWXrYaTGNjyybdJvbaiF0X5Bkr6k8ZxMlRuEb3Vpyrj7SsBrUifRJM3
+ +yheSq3drdQHlw5VrukoIgXGYB4zAQq3LndLoL5YTQKBgQDlzz/hB1IuGOKBXRHy
+ p0j+Lyoxt5EiOW2mdEkbTUYyYnD9EDbJ0wdQ5ijtWLw0J3AwhASkH8ZyljOVHKlY
+ Sq2Oo/uroIH4M8cVIBOJQ2/ak98ItLZ1OMMnDxlZva52jBfYwOEkg6OXeLOLmay6
+ ADfxQ56RFqreVHi9J0/jvpn9UwKBgQDI8CZrM4udJTP7gslxeDcRZw6W34CBBFds
+ 49d10Tfd05sysOludzWAfGFj27wqIacFcIyYQmnSga9lBhowv+RwdSjcb2QCCjOb
+ b2GdH+qSFU8BTOcd5FscCBV3U8Y1f/iYp0EQ1/GiG2AYcQC67kjWOO4/JZEXsmtq
+ LisFlWTcswKBgQCC/bs/nViuhei2LELKuafVmzTF2giUJX/m3Wm+cjGNDqew18kj
+ CXKmHks93tKIN+KvBNFQa/xF3G/Skt/EP+zl3XravUbYH0tfM0VvfE0JnjgHUlqe
+ PpiebvDYQlJrqDb/ihHLKm3ZLSfKbvIRo4Y/s3dy5CTJTgT0bLAQ9Nf5mQKBgGqb
+ Dqb9d+rtnACqSNnMn9q5xIHDHlhUx1VcJCm70Fn+NG7WcWJMGLSMSNdD8zafGA/I
+ wK7fPWmTqEx+ylJm3HnVjtI0vuheJTcoBq/oCPlsGLhl5pBzYOskVs8yQQyNUoUa
+ 52haSTZqM7eD7JFAbqBJIA2cjrf1zwtMZ0LVGegFAoGBAIFSkI+y4tDEEaSsxrMM
+ OBYEZDkffVar6/mDJukvyn0Q584K3I4eXIDoEEfMGgSN2Tza6QamuNFxOPCH+AAv
+ UKvckK4yuYkc7mQIgjCE8N8UF4kgsXjPek61TZT1QVI1aYFb78ZAZ0miudqWkx4t
+ YSNDj7llArylrPGHBLQ38X4/
+ -----END PRIVATE KEY-----
+ssl_cert_file_contents: |
+ -----BEGIN CERTIFICATE-----
+ MIIDcTCCAlmgAwIBAgIJAJsHSxF0u/oaMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV
+ BAYTAlVTMQ4wDAYDVQQHDAVXb3JsZDEOMAwGA1UECgwFT1BORlYxIDAeBgNVBAMM
+ F2NvbnRyb2xsZXIwMC5vcG5mdmxvY2FsMB4XDTE2MDgxNzE2MzQwOFoXDTE3MDgx
+ NzE2MzQwOFowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAcMBVdvcmxkMQ4wDAYDVQQK
+ DAVPUE5GVjEgMB4GA1UEAwwXY29udHJvbGxlcjAwLm9wbmZ2bG9jYWwwggEiMA0G
+ CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YX6wsA/Jhe3qByoiLsyagO5rOCIy
+ zDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulbGnB6A0GlT3YXuaKP
+ ucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK943G545aBZSGlUnVf
+ Fg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UUTzrH2SL6Nhl7i+Ae
+ nuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF37fsWxxxEX8a6gtG
+ YEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeDjEHey3UJAgMBAAGj
+ UDBOMB0GA1UdDgQWBBQyFVbU5s2ihD0hX3W7GyHiHZGG1TAfBgNVHSMEGDAWgBQy
+ FVbU5s2ihD0hX3W7GyHiHZGG1TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
+ A4IBAQB+xf7I9RVWzRNjMbWBDE6pBvOWnSksv7Jgr4cREvyOxBDaIoO3uQRDDu6r
+ RCgGs1CuwEaFX1SS/OVrKRFiy9kCU/LBZEFwaHRaL2Kj57Z2yNInPIiKB4h9jen2
+ 75fYrpq42XUDSI0NpsqAJpmcQqXOOo8V08FlH0/6h8mWdsfQfbyaf+g73+aRZds8
+ Q4ttmBrqY4Pi5CJW46w7LRCA5o92Di3GI9dAh9MVZ3023cTTjDkW04QbluphuTFj
+ O07Npz162/fHTXut+piV78t+1HlfYWY5TOSQMIVwenftA/Bn8+TQAgnLR+nGo/wu
+ oEaxLtj3Jr07+yIjL88ewT+c3fpq
+ -----END CERTIFICATE-----
+infracloud_mysql_password: pass
+opnfv_password: pass
+
+rabbitmq::package_gpg_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc'
+rabbitmq::repo::apt::key: '0A9AF2115F4687BD29803A206B73A36E6026DFCA'
+
+hosts:
+ jumphost.opnfvlocal:
+ ip: 192.168.122.2
+ controller00.opnfvlocal:
+ ip: 192.168.122.3
+ compute00.opnfvlocal:
+ ip: 192.168.122.4
diff --git a/prototypes/puppet-infracloud/install_modules.sh b/prototypes/puppet-infracloud/install_modules.sh
new file mode 100755
index 000000000..5d5acd9c1
--- /dev/null
+++ b/prototypes/puppet-infracloud/install_modules.sh
@@ -0,0 +1,121 @@
+#!/bin/bash
+# Copyright 2014 OpenStack Foundation.
+# Copyright 2014 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+MODULE_PATH=`puppet config print modulepath | cut -d ':' -f 1`
+SCRIPT_NAME=$(basename $0)
+SCRIPT_DIR=$(readlink -f "$(dirname $0)")
+JUST_CLONED=0
+
+function remove_module {
+ local SHORT_MODULE_NAME=$1
+ if [ -n "$SHORT_MODULE_NAME" ]; then
+ rm -Rf "$MODULE_PATH/$SHORT_MODULE_NAME"
+ else
+ echo "ERROR: remove_module requires a SHORT_MODULE_NAME."
+ fi
+}
+
+function git_clone {
+ local MOD=$1
+ local DEST=$2
+
+ JUST_CLONED=1
+ for attempt in $(seq 0 3); do
+ clone_error=0
+ git clone $MOD $DEST && break || true
+ rm -rf $DEST
+ clone_error=1
+ done
+ return $clone_error
+}
+
+# Array of modules to be installed key:value is module:version.
+declare -A MODULES
+
+# Array of modues to be installed from source and without dependency resolution.
+# key:value is source location, revision to checkout
+declare -A SOURCE_MODULES
+
+# Array of modues to be installed from source and without dependency resolution from openstack git
+# key:value is source location, revision to checkout
+declare -A INTEGRATION_MODULES
+
+# load modules.env to populate MODULES[*] and SOURCE_MODULES[*]
+# for processing.
+MODULE_ENV_FILE=${MODULE_FILE:-modules.env}
+MODULE_ENV_PATH=${MODULE_ENV_PATH:-${SCRIPT_DIR}}
+if [ -f "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" ] ; then
+ . "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}"
+fi
+
+if [ -z "${!MODULES[*]}" ] && [ -z "${!SOURCE_MODULES[*]}" ] ; then
+ echo ""
+ echo "WARNING: nothing to do, unable to find MODULES or SOURCE_MODULES"
+ echo " export options, try setting MODULE_ENV_PATH or MODULE_ENV_FILE"
+ echo " export to the proper location of modules.env file."
+ echo ""
+ exit 0
+fi
+
+MODULE_LIST=`puppet module list --color=false`
+
+# Install modules from source
+for MOD in ${!SOURCE_MODULES[*]} ; do
+ JUST_CLONED=0
+ # get the name of the module directory
+ if [ `echo $MOD | awk -F. '{print $NF}'` = 'git' ]; then
+ echo "Remote repos of the form repo.git are not supported: ${MOD}"
+ exit 1
+ fi
+
+ MODULE_NAME=`echo $MOD | awk -F- '{print $NF}'`
+
+ # set up git base command to use the correct path
+ GIT_CMD_BASE="git --git-dir=${MODULE_PATH}/${MODULE_NAME}/.git --work-tree ${MODULE_PATH}/${MODULE_NAME}"
+ # treat any occurrence of the module as a match
+ if ! echo $MODULE_LIST | grep "${MODULE_NAME}" >/dev/null 2>&1; then
+ # clone modules that are not installed
+ git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}"
+ else
+ if [ ! -d ${MODULE_PATH}/${MODULE_NAME}/.git ]; then
+ echo "Found directory ${MODULE_PATH}/${MODULE_NAME} that is not a git repo, deleting it and reinstalling from source"
+ remove_module $MODULE_NAME
+ git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}"
+ elif [ `${GIT_CMD_BASE} remote show origin | grep 'Fetch URL' | awk -F'URL: ' '{print $2}'` != $MOD ]; then
+ echo "Found remote in ${MODULE_PATH}/${MODULE_NAME} that does not match desired remote ${MOD}, deleting dir and re-cloning"
+ remove_module $MODULE_NAME
+ git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}"
+ fi
+ fi
+
+ # fetch the latest refs from the repo
+ if [[ $JUST_CLONED -eq 0 ]] ; then
+ # If we just cloned the repo, we do not need to remote update
+ for attempt in $(seq 0 3); do
+ clone_error=0
+ $GIT_CMD_BASE remote update && break || true
+ clone_error=1
+ done
+ if [[ $clone_error -ne 0 ]] ; then
+ exit $clone_error
+ fi
+ fi
+ # make sure the correct revision is installed, I have to use rev-list b/c rev-parse does not work with tags
+ if [ `${GIT_CMD_BASE} rev-list HEAD --max-count=1` != `${GIT_CMD_BASE} rev-list ${SOURCE_MODULES[$MOD]} --max-count=1` ]; then
+ # checkout correct revision
+ $GIT_CMD_BASE checkout ${SOURCE_MODULES[$MOD]}
+ fi
+done
diff --git a/prototypes/puppet-infracloud/manifests/site.pp b/prototypes/puppet-infracloud/manifests/site.pp
new file mode 100644
index 000000000..e524918c6
--- /dev/null
+++ b/prototypes/puppet-infracloud/manifests/site.pp
@@ -0,0 +1,63 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+node 'controller00.opnfvlocal' {
+ $group = 'infracloud'
+ class { 'opnfv::server':
+ iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone
+ sysadmins => hiera('sysadmins', []),
+ enable_unbound => false,
+ purge_apt_sources => false,
+ }
+ class { 'opnfv::controller':
+ keystone_rabbit_password => hiera('keystone_rabbit_password'),
+ neutron_rabbit_password => hiera('neutron_rabbit_password'),
+ nova_rabbit_password => hiera('nova_rabbit_password'),
+ root_mysql_password => hiera('infracloud_mysql_password'),
+ keystone_mysql_password => hiera('keystone_mysql_password'),
+ glance_mysql_password => hiera('glance_mysql_password'),
+ neutron_mysql_password => hiera('neutron_mysql_password'),
+ nova_mysql_password => hiera('nova_mysql_password'),
+ keystone_admin_password => hiera('keystone_admin_password'),
+ glance_admin_password => hiera('glance_admin_password'),
+ neutron_admin_password => hiera('neutron_admin_password'),
+ nova_admin_password => hiera('nova_admin_password'),
+ keystone_admin_token => hiera('keystone_admin_token'),
+ ssl_key_file_contents => hiera('ssl_key_file_contents'),
+ ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
+ br_name => 'br-eth0',
+ controller_public_address => $::fqdn,
+ neutron_subnet_cidr => '192.168.122.0/24',
+ neutron_subnet_gateway => '192.168.122.1',
+ neutron_subnet_allocation_pools => [
+ 'start=192.168.122.50,end=192.168.122.254',
+ ],
+ opnfv_password => hiera('opnfv_password'),
+ }
+}
+
+node 'compute00.opnfvlocal' {
+ $group = 'infracloud'
+ class { 'opnfv::server':
+ sysadmins => hiera('sysadmins', []),
+ enable_unbound => false,
+ purge_apt_sources => false,
+ }
+
+ class { 'opnfv::compute':
+ nova_rabbit_password => hiera('nova_rabbit_password'),
+ neutron_rabbit_password => hiera('neutron_rabbit_password'),
+ neutron_admin_password => hiera('neutron_admin_password'),
+ ssl_cert_file_contents => hiera('ssl_cert_file_contents'),
+ ssl_key_file_contents => hiera('ssl_key_file_contents'),
+ br_name => 'br-eth0',
+ controller_public_address => 'controller00.opnfvlocal',
+ virt_type => 'qemu',
+ }
+}
+
diff --git a/prototypes/puppet-infracloud/modules.env b/prototypes/puppet-infracloud/modules.env
new file mode 100644
index 000000000..2df81ecc4
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules.env
@@ -0,0 +1,81 @@
+# Copyright 2014 OpenStack Foundation.
+# Copyright 2016 RedHat.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# load additional modules from modules.env
+# modules.env should exist in the same folder as install_modules.sh
+#
+# - use export MODULE_FILE to specify an alternate config
+# when calling install_modules.sh.
+# This allows for testing environments that are configured with alternate
+# module configuration.
+
+# Source modules should use tags, explicit refs or remote branches because
+# we do not update local branches in this script.
+# Keep sorted
+
+OPENSTACK_GIT_ROOT=https://git.openstack.org
+
+# InfraCloud modules
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-cinder"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-glance"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-ironic"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-keystone"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-neutron"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-nova"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstack_extras"]="origin/stable/mitaka"
+SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstacklib"]="origin/stable/mitaka"
+
+SOURCE_MODULES["https://github.com/duritong/puppet-sysctl"]="v0.0.11"
+SOURCE_MODULES["https://github.com/nanliu/puppet-staging"]="1.0.0"
+SOURCE_MODULES["https://github.com/jfryman/puppet-selinux"]="v0.2.5"
+SOURCE_MODULES["https://github.com/maestrodev/puppet-wget"]="v1.6.0"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apache"]="1.8.1"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apt"]="2.1.0"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-concat"]="1.2.5"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-firewall"]="1.1.3"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-haproxy"]="1.5.0"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-inifile"]="1.1.3"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-mysql"]="3.6.2"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-ntp"]="3.2.1"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-rabbitmq"]="5.2.3"
+SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-stdlib"]="4.10.0"
+SOURCE_MODULES["https://github.com/rafaelfelix/puppet-pear"]="1.0.3"
+SOURCE_MODULES["https://github.com/saz/puppet-memcached"]="v2.6.0"
+SOURCE_MODULES["https://github.com/saz/puppet-timezone"]="v3.3.0"
+SOURCE_MODULES["https://github.com/stankevich/puppet-python"]="1.9.4"
+SOURCE_MODULES["https://github.com/vamsee/puppet-solr"]="0.0.8"
+SOURCE_MODULES["https://github.com/voxpupuli/puppet-alternatives"]="0.3.0"
+SOURCE_MODULES["https://github.com/voxpupuli/puppet-archive"]="v0.5.1"
+SOURCE_MODULES["https://github.com/voxpupuli/puppet-git_resource"]="0.3.0"
+SOURCE_MODULES["https://github.com/voxpupuli/puppet-nodejs"]="1.2.0"
+SOURCE_MODULES["https://github.com/voxpupuli/puppet-puppetboard"]="2.4.0"
+
+
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-httpd"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-infracloud"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-iptables"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-pip"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-snmpd"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssh"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssl_cert_check"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-sudoers"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unbound"]="origin/master"
+INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master"
+
+for MOD in ${!INTEGRATION_MODULES[*]}; do
+ SOURCE_MODULES[$MOD]=${INTEGRATION_MODULES[$MOD]}
+done
diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp
new file mode 100644
index 000000000..ca548a5d5
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp
@@ -0,0 +1,23 @@
+class opnfv::compute (
+ $nova_rabbit_password,
+ $neutron_rabbit_password,
+ $neutron_admin_password,
+ $ssl_cert_file_contents,
+ $ssl_key_file_contents,
+ $br_name,
+ $controller_public_address,
+ $virt_type = 'kvm',
+) {
+ class { '::infracloud::compute':
+ nova_rabbit_password => $nova_rabbit_password,
+ neutron_rabbit_password => $neutron_rabbit_password,
+ neutron_admin_password => $neutron_admin_password,
+ ssl_cert_file_contents => $ssl_cert_file_contents,
+ ssl_key_file_contents => $ssl_key_file_contents,
+ br_name => $br_name,
+ controller_public_address => $controller_public_address,
+ virt_type => $virt_type,
+ }
+
+}
+
diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp
new file mode 100644
index 000000000..7522692c1
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp
@@ -0,0 +1,85 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::controller (
+ $keystone_rabbit_password,
+ $neutron_rabbit_password,
+ $nova_rabbit_password,
+ $root_mysql_password,
+ $keystone_mysql_password,
+ $glance_mysql_password,
+ $neutron_mysql_password,
+ $nova_mysql_password,
+ $glance_admin_password,
+ $keystone_admin_password,
+ $neutron_admin_password,
+ $nova_admin_password,
+ $keystone_admin_token,
+ $ssl_key_file_contents,
+ $ssl_cert_file_contents,
+ $br_name,
+ $controller_public_address = $::fqdn,
+ $neutron_subnet_cidr,
+ $neutron_subnet_gateway,
+ $neutron_subnet_allocation_pools,
+ $opnfv_password,
+ $opnfv_email = 'opnfvuser@gmail.com',
+) {
+ class { '::infracloud::controller':
+ keystone_rabbit_password => $keystone_rabbit_password,
+ neutron_rabbit_password => $neutron_rabbit_password,
+ nova_rabbit_password => $nova_rabbit_password,
+ root_mysql_password => $root_mysql_password,
+ keystone_mysql_password => $keystone_mysql_password,
+ glance_mysql_password => $glance_mysql_password,
+ neutron_mysql_password => $neutron_mysql_password,
+ nova_mysql_password => $nova_mysql_password,
+ keystone_admin_password => $keystone_admin_password,
+ glance_admin_password => $glance_admin_password,
+ neutron_admin_password => $neutron_admin_password,
+ nova_admin_password => $nova_admin_password,
+ keystone_admin_token => $keystone_admin_token,
+ ssl_key_file_contents => $ssl_key_file_contents,
+ ssl_cert_file_contents => $ssl_cert_file_contents,
+ br_name => $br_name,
+ controller_public_address => $controller_public_address,
+ neutron_subnet_cidr => $neutron_subnet_cidr,
+ neutron_subnet_gateway => $neutron_subnet_gateway,
+ neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools,
+ }
+
+ # create keystone creds
+ keystone_domain { 'opnfv':
+ ensure => present,
+ enabled => true,
+ }
+
+ keystone_tenant { 'opnfv':
+ ensure => present,
+ enabled => true,
+ description => 'OPNFV cloud',
+ domain => 'opnfv',
+ require => Keystone_domain['opnfv'],
+ }
+
+ keystone_user { 'opnfv':
+ ensure => present,
+ enabled => true,
+ domain => 'opnfv',
+ email => $opnfv_email,
+ password => $opnfv_password,
+ require => Keystone_tenant['opnfv'],
+ }
+
+ keystone_role { 'user': ensure => present }
+
+ keystone_user_role { 'opnfv::opnfv@opnfv::opnfv':
+ roles => [ 'user', 'admin', ],
+ }
+}
+
diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp
new file mode 100644
index 000000000..5bbcd7506
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp
@@ -0,0 +1,222 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::server (
+ $iptables_public_tcp_ports = [],
+ $iptables_public_udp_ports = [],
+ $iptables_rules4 = [],
+ $iptables_rules6 = [],
+ $sysadmins = [],
+ $enable_unbound = true,
+ $purge_apt_sources = true,
+) {
+ ###########################################################
+ # Classes for all hosts
+
+ include snmpd
+ include sudoers
+
+ class { 'iptables':
+ public_tcp_ports => $iptables_public_tcp_ports,
+ public_udp_ports => $all_udp,
+ rules4 => $iptables_rules4,
+ rules6 => $iptables_rules6,
+ }
+
+ class { 'timezone':
+ timezone => 'Etc/UTC',
+ }
+
+ if ($enable_unbound) {
+ class { 'unbound':
+ install_resolv_conf => $install_resolv_conf
+ }
+ }
+
+ if ($::in_chroot) {
+ notify { 'rsyslog in chroot':
+ message => 'rsyslog not refreshed, running in chroot',
+ }
+ $rsyslog_notify = []
+ } else {
+ service { 'rsyslog':
+ ensure => running,
+ enable => true,
+ hasrestart => true,
+ require => Package['rsyslog'],
+ }
+ $rsyslog_notify = [ Service['rsyslog'] ]
+ }
+
+ ###########################################################
+ # System tweaks
+
+ # Increase syslog message size in order to capture
+ # python tracebacks with syslog.
+ file { '/etc/rsyslog.d/99-maxsize.conf':
+ ensure => present,
+ # Note MaxMessageSize is not a puppet variable.
+ content => '$MaxMessageSize 6k',
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ notify => $rsyslog_notify,
+ require => Package['rsyslog'],
+ }
+
+ # We don't like byobu
+ file { '/etc/profile.d/Z98-byobu.sh':
+ ensure => absent,
+ }
+
+ if $::osfamily == 'Debian' {
+
+ # Ubuntu installs their whoopsie package by default, but it eats through
+ # memory and we don't need it on servers
+ package { 'whoopsie':
+ ensure => absent,
+ }
+
+ package { 'popularity-contest':
+ ensure => absent,
+ }
+ }
+
+ ###########################################################
+ # Package resources for all operating systems
+
+ package { 'at':
+ ensure => present,
+ }
+
+ package { 'lvm2':
+ ensure => present,
+ }
+
+ package { 'strace':
+ ensure => present,
+ }
+
+ package { 'tcpdump':
+ ensure => present,
+ }
+
+ package { 'rsyslog':
+ ensure => present,
+ }
+
+ package { 'git':
+ ensure => present,
+ }
+
+ package { 'rsync':
+ ensure => present,
+ }
+
+ case $::osfamily {
+ 'RedHat': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils']
+ $user_packages = ['emacs-nox', 'vim-enhanced']
+ $update_pkg_list_cmd = ''
+ }
+ 'Debian': {
+ $packages = ['parted', 'puppet', 'wget', 'iputils-ping']
+ case $::operatingsystemrelease {
+ /^(12|14)\.(04|10)$/: {
+ $user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
+ 'sysstat', 'iotop']
+ }
+ default: {
+ $user_packages = ['emacs-nox', 'vim-nox']
+ }
+ }
+ $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;'
+ }
+ default: {
+ fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
+ }
+ }
+ package { $packages:
+ ensure => present
+ }
+
+ ###########################################################
+ # Package resources for specific operating systems
+
+ case $::osfamily {
+ 'Debian': {
+ # Purge and augment existing /etc/apt/sources.list if requested, and make
+ # sure apt-get update is run before any packages are installed
+ class { '::apt':
+ purge => { 'sources.list' => $purge_apt_sources }
+ }
+
+ # Make sure dig is installed
+ package { 'dnsutils':
+ ensure => present,
+ }
+ }
+ 'RedHat': {
+ # Make sure dig is installed
+ package { 'bind-utils':
+ ensure => present,
+ }
+ }
+ }
+
+ ###########################################################
+ # Manage ntp
+
+ include '::ntp'
+
+ if ($::osfamily == "RedHat") {
+ # Utils in ntp-perl are included in Debian's ntp package; we
+ # add it here for consistency. See also
+ # https://tickets.puppetlabs.com/browse/MODULES-3660
+ package { 'ntp-perl':
+ ensure => present
+ }
+ # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
+ # centos-7. Currently, ntpd explicitly require ntpdate to be running before
+ # the sync process can happen in ntpd. As a result, if ntpdate is not
+ # running, ntpd will start but fail to sync because of DNS is not properly
+ # setup.
+ package { 'ntpdate':
+ ensure => present,
+ }
+ service { 'ntpdate':
+ enable => true,
+ require => Package['ntpdate'],
+ }
+ }
+
+ ###########################################################
+ # Manage python/pip
+
+ $desired_virtualenv = '13.1.0'
+ class { '::pip':
+ optional_settings => {
+ 'extra-index-url' => '',
+ },
+ manage_pip_conf => true,
+ }
+
+ if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
+ $virtualenv_ensure = $desired_virtualenv
+ } else {
+ $virtualenv_ensure = present
+ }
+ package { 'virtualenv':
+ ensure => $virtualenv_ensure,
+ provider => openstack_pip,
+ require => Class['pip'],
+ }
+
+ # add hosts entries
+ create_resources('host', hiera_hash('hosts'))
+}