diff options
| -rwxr-xr-x | jjb/armband/build.sh | 4 | ||||
| -rw-r--r-- | jjb/fuel/fuel-ci-jobs.yml | 17 | ||||
| -rw-r--r-- | jjb/fuel/fuel-project-jobs.yml | 6 | ||||
| -rw-r--r-- | jjb/fuel/fuel-verify-jobs.yml | 2 | ||||
| -rw-r--r-- | jjb/functest/functest-ci-jobs.yml | 18 | ||||
| -rw-r--r-- | jjb/joid/joid-deploy.sh | 5 | ||||
| -rw-r--r-- | jjb/yardstick/yardstick-ci-jobs.yml | 20 | ||||
| -rw-r--r-- | prototypes/bifrost/playbooks/test-bifrost-infracloud.yaml | 2 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/README.md | 52 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/creds/clouds.yaml | 12 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/hiera/common.yaml | 77 | ||||
| -rwxr-xr-x | prototypes/puppet-infracloud/install_modules.sh | 121 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/manifests/site.pp | 63 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/modules.env | 81 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp | 23 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp | 85 | ||||
| -rw-r--r-- | prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp | 222 |
17 files changed, 786 insertions, 24 deletions
diff --git a/jjb/armband/build.sh b/jjb/armband/build.sh index 0d357576b..300306f77 100755 --- a/jjb/armband/build.sh +++ b/jjb/armband/build.sh @@ -29,8 +29,10 @@ if [[ "$JOB_NAME" =~ "daily" ]]; then echo "Checking to see if we already built and stored Armband Fuel ISO for this commit" curl -s -o $LATEST_ISO_PROPERTIES http://$GS_URL/latest.properties 2>/dev/null +fi - # get metadata of latest ISO +# get metadata of latest ISO +if grep -q OPNFV_GIT_SHA1 $LATEST_ISO_PROPERTIES 2>/dev/null; then LATEST_ISO_SHA1=$(grep OPNFV_GIT_SHA1 $LATEST_ISO_PROPERTIES | cut -d'=' -f2) LATEST_ISO_URL=$(grep OPNFV_ARTIFACT_URL $LATEST_ISO_PROPERTIES | cut -d'=' -f2) else diff --git a/jjb/fuel/fuel-ci-jobs.yml b/jjb/fuel/fuel-ci-jobs.yml index 70942dd25..3615add83 100644 --- a/jjb/fuel/fuel-ci-jobs.yml +++ b/jjb/fuel/fuel-ci-jobs.yml @@ -13,7 +13,14 @@ master: &master stream: master branch: '{stream}' + disabled: false gs-pathname: '' + colorado: &colorado + stream: colorado + branch: 'stable/{stream}' + disabled: false + gs-pathname: '/{stream}' + auto-trigger-name: 'daily-trigger-disabled' #-------------------------------- # POD, INSTALLER, AND BRANCH MAPPING #-------------------------------- @@ -26,6 +33,12 @@ - virtual: slave-label: fuel-virtual <<: *master + - baremetal: + slave-label: fuel-baremetal + <<: *colorado + - virtual: + slave-label: fuel-virtual + <<: *colorado #-------------------------------- # None-CI PODs #-------------------------------- @@ -93,6 +106,8 @@ - job-template: name: 'fuel-{scenario}-{pod}-daily-{stream}' + disabled: '{obj:disabled}' + concurrent: false properties: @@ -166,6 +181,8 @@ - job-template: name: 'fuel-deploy-{pod}-daily-{stream}' + disabled: '{obj:disabled}' + concurrent: true properties: diff --git a/jjb/fuel/fuel-project-jobs.yml b/jjb/fuel/fuel-project-jobs.yml index c160fb893..cf893832b 100644 --- a/jjb/fuel/fuel-project-jobs.yml +++ b/jjb/fuel/fuel-project-jobs.yml @@ -13,7 +13,7 @@ branch: '{stream}' gs-pathname: '' disabled: false - - brahmaputra: + - colorado: branch: 'stable/{stream}' gs-pathname: '/{stream}' disabled: false @@ -30,6 +30,8 @@ - job-template: name: 'fuel-build-daily-{stream}' + disabled: '{obj:disabled}' + concurrent: false properties: @@ -223,7 +225,7 @@ concurrent: true - disabled: false + disabled: '{obj:disabled}' properties: - throttle: diff --git a/jjb/fuel/fuel-verify-jobs.yml b/jjb/fuel/fuel-verify-jobs.yml index 2b6239422..2662cb7c0 100644 --- a/jjb/fuel/fuel-verify-jobs.yml +++ b/jjb/fuel/fuel-verify-jobs.yml @@ -15,7 +15,7 @@ - colorado: branch: 'stable/{stream}' gs-pathname: '/{stream}' - disabled: true + disabled: false ##################################### # patch verification phases ##################################### diff --git a/jjb/functest/functest-ci-jobs.yml b/jjb/functest/functest-ci-jobs.yml index 7afd7d1c6..87a45f1e5 100644 --- a/jjb/functest/functest-ci-jobs.yml +++ b/jjb/functest/functest-ci-jobs.yml @@ -14,8 +14,8 @@ branch: '{stream}' gs-pathname: '' docker-tag: 'latest' - brahmaputra: &brahmaputra - stream: brahmaputra + colorado: &colorado + stream: colorado branch: 'stable/{stream}' gs-pathname: '/{stream}' docker-tag: 'stable' @@ -40,11 +40,11 @@ - baremetal: slave-label: fuel-baremetal installer: fuel - <<: *brahmaputra + <<: *colorado - virtual: slave-label: fuel-virtual installer: fuel - <<: *brahmaputra + <<: *colorado # joid CI PODs - baremetal: slave-label: joid-baremetal @@ -57,11 +57,11 @@ - baremetal: slave-label: joid-baremetal installer: joid - <<: *brahmaputra + <<: *colorado - virtual: slave-label: joid-virtual installer: joid - <<: *brahmaputra + <<: *colorado # compass CI PODs - baremetal: slave-label: compass-baremetal @@ -74,11 +74,11 @@ - baremetal: slave-label: compass-baremetal installer: compass - <<: *brahmaputra + <<: *colorado - virtual: slave-label: compass-virtual installer: compass - <<: *brahmaputra + <<: *colorado # apex CI PODs - apex-verify-master: slave-label: '{pod}' @@ -130,7 +130,7 @@ - arm-pod1: slave-label: '{pod}' installer: fuel - <<: *brahmaputra + <<: *colorado #-------------------------------- testsuite: diff --git a/jjb/joid/joid-deploy.sh b/jjb/joid/joid-deploy.sh index 575a5738c..05c2de1fc 100644 --- a/jjb/joid/joid-deploy.sh +++ b/jjb/joid/joid-deploy.sh @@ -94,6 +94,11 @@ if [ "$EXTRA" != "" ];then NFV_FEATURES="${NFV_FEATURES}_${EXTRA}" fi +# temporary sfc feature is availble only on onos and trusty +if [ "$NFV_FEATURES" == 'sfc' ] && [ "$SDN_CONTROLLER" == 'onos' ];then + UBUNTU_DISTRO=trusty +fi + ## ## Configure Joid deployment ## diff --git a/jjb/yardstick/yardstick-ci-jobs.yml b/jjb/yardstick/yardstick-ci-jobs.yml index a77b5c66d..eacb790a2 100644 --- a/jjb/yardstick/yardstick-ci-jobs.yml +++ b/jjb/yardstick/yardstick-ci-jobs.yml @@ -14,11 +14,11 @@ branch: '{stream}' gs-pathname: '' docker-tag: 'latest' - brahmaputra: &brahmaputra - stream: brahmaputra + colorado: &colorado + stream: colorado branch: 'stable/{stream}' gs-pathname: '{stream}' - docker-tag: 'brahmaputra.1.0' + docker-tag: 'colorado.1.0' #-------------------------------- # POD, INSTALLER, AND BRANCH MAPPING #-------------------------------- @@ -43,12 +43,12 @@ slave-label: fuel-baremetal installer: fuel auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado - virtual: slave-label: fuel-virtual installer: fuel auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado # joid CI PODs - baremetal: slave-label: joid-baremetal @@ -64,12 +64,12 @@ slave-label: joid-baremetal installer: joid auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado - virtual: slave-label: joid-virtual installer: joid auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado # compass CI PODs - baremetal: @@ -86,12 +86,12 @@ slave-label: compass-baremetal installer: compass auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado - virtual: slave-label: compass-virtual installer: compass auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado #-------------------------------- # Installers not using labels # CI PODs @@ -107,7 +107,7 @@ slave-label: '{pod}' installer: apex auto-trigger-name: 'daily-trigger-disabled' - <<: *brahmaputra + <<: *colorado #-------------------------------- # None-CI PODs #-------------------------------- diff --git a/prototypes/bifrost/playbooks/test-bifrost-infracloud.yaml b/prototypes/bifrost/playbooks/test-bifrost-infracloud.yaml index f193ea8d0..ba548b305 100644 --- a/prototypes/bifrost/playbooks/test-bifrost-infracloud.yaml +++ b/prototypes/bifrost/playbooks/test-bifrost-infracloud.yaml @@ -42,7 +42,7 @@ # do not support ramdisk-image-create as they invoke steps to cleanup # the ramdisk which causes ramdisk-image-create to believe it failed. - { role: bifrost-create-dib-image, dib_imagename: "{{ http_boot_folder }}/ipa", build_ramdisk: false, dib_os_element: "{{ ipa_dib_os_element|default('debian') }}", dib_os_release: "jessie", dib_elements: "ironic-agent {{ ipa_extra_dib_elements | default('') }}", when: create_ipa_image | bool == true } - - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "ubuntu-minimal", dib_os_release: "trusty", dib_elements: "vm serial-console simple-init devuser infra-cloud-bridge puppet growroot {{ extra_dib_elements|default('') }}", dib_packages: "openssh-server,vlan,vim,less,bridge-utils,language-pack-en,iputils-ping,rsyslog", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } + - { role: bifrost-create-dib-image, dib_imagetype: "qcow2", dib_imagename: "{{deploy_image}}", dib_os_element: "ubuntu-minimal", dib_os_release: "trusty", dib_elements: "vm serial-console simple-init devuser infra-cloud-bridge puppet growroot {{ extra_dib_elements|default('') }}", dib_packages: "openssh-server,vlan,vim,less,bridge-utils,language-pack-en,iputils-ping,rsyslog,curl", when: create_image_via_dib | bool == true and transform_boot_image | bool == false } environment: http_proxy: "{{ lookup('env','http_proxy') }}" https_proxy: "{{ lookup('env','https_proxy') }}" diff --git a/prototypes/puppet-infracloud/README.md b/prototypes/puppet-infracloud/README.md new file mode 100644 index 000000000..f3bd67279 --- /dev/null +++ b/prototypes/puppet-infracloud/README.md @@ -0,0 +1,52 @@ +=============================== +How to deploy puppet-infracloud +=============================== +The manifest and mmodules defined on this repo will deploy an OpenStack cloud based on `Infra Cloud <http://docs.openstack.org/infra/system-config/infra-cloud.html>`_ project. + +Once all the hardware is provisioned, enter in controller and compute nodes and follow these steps: + +1. Clone releng:: + + git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng + +2. Copy hiera to the right place:: + + cp /opt/releng/prototypes/puppet-infracloud/hiera/common.yaml /var/lib/hiera/ + +3. Install modules:: + + cd /opt/releng/prototypes/puppet-infracloud + ./install_modules.sh + +4. Apply the infracloud manifest:: + + cd /opt/releng/prototypes/puppet-infracloud + puppet apply --manifests/site.pp --modulepath=/etc/puppet/modules:/opt/releng/prototypes/puppet-infracloud/modules + +5. Once you finish this operation on controller and compute nodes, you will have a functional OpenStack cloud. + +In jumphost, follow that steps: + +1. Clone releng:: + + git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng + +2. Create OpenStack clouds config directory: + + mkdir -p /root/.config/openstack + +3. Copy credentials file:: + + cp /opt/releng/prototypes/puppet-infracloud/creds/clouds.yaml /root/.config/openstack/ + +4. Install openstack-client: + + pip install python-openstackclient + +5. Export the desired cloud:: + + export OS_CLOUD=opnfv + +6. Start using it:: + + openstack server list diff --git a/prototypes/puppet-infracloud/creds/clouds.yaml b/prototypes/puppet-infracloud/creds/clouds.yaml new file mode 100644 index 000000000..eb44db66c --- /dev/null +++ b/prototypes/puppet-infracloud/creds/clouds.yaml @@ -0,0 +1,12 @@ +clouds: + opnfv: + verify: False + auth: + auth_url: https://controller00.opnfvlocal:5000 + project_name: opnfv + username: opnfv + password: pass + identity_api_version: '3' + region_name: RegionOne + user_domain_name: opnfv + project_domain_name: opnfv diff --git a/prototypes/puppet-infracloud/hiera/common.yaml b/prototypes/puppet-infracloud/hiera/common.yaml new file mode 100644 index 000000000..6c28f1972 --- /dev/null +++ b/prototypes/puppet-infracloud/hiera/common.yaml @@ -0,0 +1,77 @@ +keystone_rabbit_password: pass +neutron_rabbit_password: pass +nova_rabbit_password: pass +root_mysql_password: pass +keystone_mysql_password: pass +glance_mysql_password: pass +neutron_mysql_password: pass +nova_mysql_password: pass +keystone_admin_password: pass +glance_admin_password: pass +neutron_admin_password: pass +nova_admin_password: pass +keystone_admin_token: token +ssl_key_file_contents: | + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0YX6wsA/Jhe3q + ByoiLsyagO5rOCIyzDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulb + GnB6A0GlT3YXuaKPucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK9 + 43G545aBZSGlUnVfFg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UU + TzrH2SL6Nhl7i+AenuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF + 37fsWxxxEX8a6gtGYEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeD + jEHey3UJAgMBAAECggEAGqapBEwPGRRbsY87b2+AtXdFQrw5eU3pj4jCr3dk4o1o + uCbiqxNgGnup4VRT2hmtkKF8O4jj/p1JozdF1RE0GsuhxCGeXiPxrwFfWSyQ28Ou + AWJ6O/njlVZRTTXRzbLyZEOEgWNEdJMfCsVXIUL6EsYxcW68fr8QtExAo0gSzvwe + IVyhopBy4A1jr5jWqjjlgJhoTHQCkp1e9pHiaW5WWHtk2DFdy6huw5PoDRppG42P + soMzqHy9AIWXrYaTGNjyybdJvbaiF0X5Bkr6k8ZxMlRuEb3Vpyrj7SsBrUifRJM3 + +yheSq3drdQHlw5VrukoIgXGYB4zAQq3LndLoL5YTQKBgQDlzz/hB1IuGOKBXRHy + p0j+Lyoxt5EiOW2mdEkbTUYyYnD9EDbJ0wdQ5ijtWLw0J3AwhASkH8ZyljOVHKlY + Sq2Oo/uroIH4M8cVIBOJQ2/ak98ItLZ1OMMnDxlZva52jBfYwOEkg6OXeLOLmay6 + ADfxQ56RFqreVHi9J0/jvpn9UwKBgQDI8CZrM4udJTP7gslxeDcRZw6W34CBBFds + 49d10Tfd05sysOludzWAfGFj27wqIacFcIyYQmnSga9lBhowv+RwdSjcb2QCCjOb + b2GdH+qSFU8BTOcd5FscCBV3U8Y1f/iYp0EQ1/GiG2AYcQC67kjWOO4/JZEXsmtq + LisFlWTcswKBgQCC/bs/nViuhei2LELKuafVmzTF2giUJX/m3Wm+cjGNDqew18kj + CXKmHks93tKIN+KvBNFQa/xF3G/Skt/EP+zl3XravUbYH0tfM0VvfE0JnjgHUlqe + PpiebvDYQlJrqDb/ihHLKm3ZLSfKbvIRo4Y/s3dy5CTJTgT0bLAQ9Nf5mQKBgGqb + Dqb9d+rtnACqSNnMn9q5xIHDHlhUx1VcJCm70Fn+NG7WcWJMGLSMSNdD8zafGA/I + wK7fPWmTqEx+ylJm3HnVjtI0vuheJTcoBq/oCPlsGLhl5pBzYOskVs8yQQyNUoUa + 52haSTZqM7eD7JFAbqBJIA2cjrf1zwtMZ0LVGegFAoGBAIFSkI+y4tDEEaSsxrMM + OBYEZDkffVar6/mDJukvyn0Q584K3I4eXIDoEEfMGgSN2Tza6QamuNFxOPCH+AAv + UKvckK4yuYkc7mQIgjCE8N8UF4kgsXjPek61TZT1QVI1aYFb78ZAZ0miudqWkx4t + YSNDj7llArylrPGHBLQ38X4/ + -----END PRIVATE KEY----- +ssl_cert_file_contents: | + -----BEGIN CERTIFICATE----- + MIIDcTCCAlmgAwIBAgIJAJsHSxF0u/oaMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV + BAYTAlVTMQ4wDAYDVQQHDAVXb3JsZDEOMAwGA1UECgwFT1BORlYxIDAeBgNVBAMM + F2NvbnRyb2xsZXIwMC5vcG5mdmxvY2FsMB4XDTE2MDgxNzE2MzQwOFoXDTE3MDgx + NzE2MzQwOFowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAcMBVdvcmxkMQ4wDAYDVQQK + DAVPUE5GVjEgMB4GA1UEAwwXY29udHJvbGxlcjAwLm9wbmZ2bG9jYWwwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YX6wsA/Jhe3qByoiLsyagO5rOCIy + zDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulbGnB6A0GlT3YXuaKP + ucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK943G545aBZSGlUnVf + Fg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UUTzrH2SL6Nhl7i+Ae + nuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF37fsWxxxEX8a6gtG + YEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeDjEHey3UJAgMBAAGj + UDBOMB0GA1UdDgQWBBQyFVbU5s2ihD0hX3W7GyHiHZGG1TAfBgNVHSMEGDAWgBQy + FVbU5s2ihD0hX3W7GyHiHZGG1TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA + A4IBAQB+xf7I9RVWzRNjMbWBDE6pBvOWnSksv7Jgr4cREvyOxBDaIoO3uQRDDu6r + RCgGs1CuwEaFX1SS/OVrKRFiy9kCU/LBZEFwaHRaL2Kj57Z2yNInPIiKB4h9jen2 + 75fYrpq42XUDSI0NpsqAJpmcQqXOOo8V08FlH0/6h8mWdsfQfbyaf+g73+aRZds8 + Q4ttmBrqY4Pi5CJW46w7LRCA5o92Di3GI9dAh9MVZ3023cTTjDkW04QbluphuTFj + O07Npz162/fHTXut+piV78t+1HlfYWY5TOSQMIVwenftA/Bn8+TQAgnLR+nGo/wu + oEaxLtj3Jr07+yIjL88ewT+c3fpq + -----END CERTIFICATE----- +infracloud_mysql_password: pass +opnfv_password: pass + +rabbitmq::package_gpg_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc' +rabbitmq::repo::apt::key: '0A9AF2115F4687BD29803A206B73A36E6026DFCA' + +hosts: + jumphost.opnfvlocal: + ip: 192.168.122.2 + controller00.opnfvlocal: + ip: 192.168.122.3 + compute00.opnfvlocal: + ip: 192.168.122.4 diff --git a/prototypes/puppet-infracloud/install_modules.sh b/prototypes/puppet-infracloud/install_modules.sh new file mode 100755 index 000000000..5d5acd9c1 --- /dev/null +++ b/prototypes/puppet-infracloud/install_modules.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Copyright 2014 OpenStack Foundation. +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +MODULE_PATH=`puppet config print modulepath | cut -d ':' -f 1` +SCRIPT_NAME=$(basename $0) +SCRIPT_DIR=$(readlink -f "$(dirname $0)") +JUST_CLONED=0 + +function remove_module { + local SHORT_MODULE_NAME=$1 + if [ -n "$SHORT_MODULE_NAME" ]; then + rm -Rf "$MODULE_PATH/$SHORT_MODULE_NAME" + else + echo "ERROR: remove_module requires a SHORT_MODULE_NAME." + fi +} + +function git_clone { + local MOD=$1 + local DEST=$2 + + JUST_CLONED=1 + for attempt in $(seq 0 3); do + clone_error=0 + git clone $MOD $DEST && break || true + rm -rf $DEST + clone_error=1 + done + return $clone_error +} + +# Array of modules to be installed key:value is module:version. +declare -A MODULES + +# Array of modues to be installed from source and without dependency resolution. +# key:value is source location, revision to checkout +declare -A SOURCE_MODULES + +# Array of modues to be installed from source and without dependency resolution from openstack git +# key:value is source location, revision to checkout +declare -A INTEGRATION_MODULES + +# load modules.env to populate MODULES[*] and SOURCE_MODULES[*] +# for processing. +MODULE_ENV_FILE=${MODULE_FILE:-modules.env} +MODULE_ENV_PATH=${MODULE_ENV_PATH:-${SCRIPT_DIR}} +if [ -f "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" ] ; then + . "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" +fi + +if [ -z "${!MODULES[*]}" ] && [ -z "${!SOURCE_MODULES[*]}" ] ; then + echo "" + echo "WARNING: nothing to do, unable to find MODULES or SOURCE_MODULES" + echo " export options, try setting MODULE_ENV_PATH or MODULE_ENV_FILE" + echo " export to the proper location of modules.env file." + echo "" + exit 0 +fi + +MODULE_LIST=`puppet module list --color=false` + +# Install modules from source +for MOD in ${!SOURCE_MODULES[*]} ; do + JUST_CLONED=0 + # get the name of the module directory + if [ `echo $MOD | awk -F. '{print $NF}'` = 'git' ]; then + echo "Remote repos of the form repo.git are not supported: ${MOD}" + exit 1 + fi + + MODULE_NAME=`echo $MOD | awk -F- '{print $NF}'` + + # set up git base command to use the correct path + GIT_CMD_BASE="git --git-dir=${MODULE_PATH}/${MODULE_NAME}/.git --work-tree ${MODULE_PATH}/${MODULE_NAME}" + # treat any occurrence of the module as a match + if ! echo $MODULE_LIST | grep "${MODULE_NAME}" >/dev/null 2>&1; then + # clone modules that are not installed + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + else + if [ ! -d ${MODULE_PATH}/${MODULE_NAME}/.git ]; then + echo "Found directory ${MODULE_PATH}/${MODULE_NAME} that is not a git repo, deleting it and reinstalling from source" + remove_module $MODULE_NAME + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + elif [ `${GIT_CMD_BASE} remote show origin | grep 'Fetch URL' | awk -F'URL: ' '{print $2}'` != $MOD ]; then + echo "Found remote in ${MODULE_PATH}/${MODULE_NAME} that does not match desired remote ${MOD}, deleting dir and re-cloning" + remove_module $MODULE_NAME + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + fi + fi + + # fetch the latest refs from the repo + if [[ $JUST_CLONED -eq 0 ]] ; then + # If we just cloned the repo, we do not need to remote update + for attempt in $(seq 0 3); do + clone_error=0 + $GIT_CMD_BASE remote update && break || true + clone_error=1 + done + if [[ $clone_error -ne 0 ]] ; then + exit $clone_error + fi + fi + # make sure the correct revision is installed, I have to use rev-list b/c rev-parse does not work with tags + if [ `${GIT_CMD_BASE} rev-list HEAD --max-count=1` != `${GIT_CMD_BASE} rev-list ${SOURCE_MODULES[$MOD]} --max-count=1` ]; then + # checkout correct revision + $GIT_CMD_BASE checkout ${SOURCE_MODULES[$MOD]} + fi +done diff --git a/prototypes/puppet-infracloud/manifests/site.pp b/prototypes/puppet-infracloud/manifests/site.pp new file mode 100644 index 000000000..e524918c6 --- /dev/null +++ b/prototypes/puppet-infracloud/manifests/site.pp @@ -0,0 +1,63 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +node 'controller00.opnfvlocal' { + $group = 'infracloud' + class { 'opnfv::server': + iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone + sysadmins => hiera('sysadmins', []), + enable_unbound => false, + purge_apt_sources => false, + } + class { 'opnfv::controller': + keystone_rabbit_password => hiera('keystone_rabbit_password'), + neutron_rabbit_password => hiera('neutron_rabbit_password'), + nova_rabbit_password => hiera('nova_rabbit_password'), + root_mysql_password => hiera('infracloud_mysql_password'), + keystone_mysql_password => hiera('keystone_mysql_password'), + glance_mysql_password => hiera('glance_mysql_password'), + neutron_mysql_password => hiera('neutron_mysql_password'), + nova_mysql_password => hiera('nova_mysql_password'), + keystone_admin_password => hiera('keystone_admin_password'), + glance_admin_password => hiera('glance_admin_password'), + neutron_admin_password => hiera('neutron_admin_password'), + nova_admin_password => hiera('nova_admin_password'), + keystone_admin_token => hiera('keystone_admin_token'), + ssl_key_file_contents => hiera('ssl_key_file_contents'), + ssl_cert_file_contents => hiera('ssl_cert_file_contents'), + br_name => 'br-eth0', + controller_public_address => $::fqdn, + neutron_subnet_cidr => '192.168.122.0/24', + neutron_subnet_gateway => '192.168.122.1', + neutron_subnet_allocation_pools => [ + 'start=192.168.122.50,end=192.168.122.254', + ], + opnfv_password => hiera('opnfv_password'), + } +} + +node 'compute00.opnfvlocal' { + $group = 'infracloud' + class { 'opnfv::server': + sysadmins => hiera('sysadmins', []), + enable_unbound => false, + purge_apt_sources => false, + } + + class { 'opnfv::compute': + nova_rabbit_password => hiera('nova_rabbit_password'), + neutron_rabbit_password => hiera('neutron_rabbit_password'), + neutron_admin_password => hiera('neutron_admin_password'), + ssl_cert_file_contents => hiera('ssl_cert_file_contents'), + ssl_key_file_contents => hiera('ssl_key_file_contents'), + br_name => 'br-eth0', + controller_public_address => 'controller00.opnfvlocal', + virt_type => 'qemu', + } +} + diff --git a/prototypes/puppet-infracloud/modules.env b/prototypes/puppet-infracloud/modules.env new file mode 100644 index 000000000..2df81ecc4 --- /dev/null +++ b/prototypes/puppet-infracloud/modules.env @@ -0,0 +1,81 @@ +# Copyright 2014 OpenStack Foundation. +# Copyright 2016 RedHat. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# load additional modules from modules.env +# modules.env should exist in the same folder as install_modules.sh +# +# - use export MODULE_FILE to specify an alternate config +# when calling install_modules.sh. +# This allows for testing environments that are configured with alternate +# module configuration. + +# Source modules should use tags, explicit refs or remote branches because +# we do not update local branches in this script. +# Keep sorted + +OPENSTACK_GIT_ROOT=https://git.openstack.org + +# InfraCloud modules +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-cinder"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-glance"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-ironic"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-keystone"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-neutron"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-nova"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstack_extras"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstacklib"]="origin/stable/mitaka" + +SOURCE_MODULES["https://github.com/duritong/puppet-sysctl"]="v0.0.11" +SOURCE_MODULES["https://github.com/nanliu/puppet-staging"]="1.0.0" +SOURCE_MODULES["https://github.com/jfryman/puppet-selinux"]="v0.2.5" +SOURCE_MODULES["https://github.com/maestrodev/puppet-wget"]="v1.6.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apache"]="1.8.1" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apt"]="2.1.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-concat"]="1.2.5" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-firewall"]="1.1.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-haproxy"]="1.5.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-inifile"]="1.1.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-mysql"]="3.6.2" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-ntp"]="3.2.1" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-rabbitmq"]="5.2.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-stdlib"]="4.10.0" +SOURCE_MODULES["https://github.com/rafaelfelix/puppet-pear"]="1.0.3" +SOURCE_MODULES["https://github.com/saz/puppet-memcached"]="v2.6.0" +SOURCE_MODULES["https://github.com/saz/puppet-timezone"]="v3.3.0" +SOURCE_MODULES["https://github.com/stankevich/puppet-python"]="1.9.4" +SOURCE_MODULES["https://github.com/vamsee/puppet-solr"]="0.0.8" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-alternatives"]="0.3.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-archive"]="v0.5.1" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-git_resource"]="0.3.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-nodejs"]="1.2.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-puppetboard"]="2.4.0" + + +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-httpd"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-infracloud"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-iptables"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-pip"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-snmpd"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssh"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssl_cert_check"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-sudoers"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unbound"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master" + +for MOD in ${!INTEGRATION_MODULES[*]}; do + SOURCE_MODULES[$MOD]=${INTEGRATION_MODULES[$MOD]} +done diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp new file mode 100644 index 000000000..ca548a5d5 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp @@ -0,0 +1,23 @@ +class opnfv::compute ( + $nova_rabbit_password, + $neutron_rabbit_password, + $neutron_admin_password, + $ssl_cert_file_contents, + $ssl_key_file_contents, + $br_name, + $controller_public_address, + $virt_type = 'kvm', +) { + class { '::infracloud::compute': + nova_rabbit_password => $nova_rabbit_password, + neutron_rabbit_password => $neutron_rabbit_password, + neutron_admin_password => $neutron_admin_password, + ssl_cert_file_contents => $ssl_cert_file_contents, + ssl_key_file_contents => $ssl_key_file_contents, + br_name => $br_name, + controller_public_address => $controller_public_address, + virt_type => $virt_type, + } + +} + diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp new file mode 100644 index 000000000..7522692c1 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp @@ -0,0 +1,85 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +class opnfv::controller ( + $keystone_rabbit_password, + $neutron_rabbit_password, + $nova_rabbit_password, + $root_mysql_password, + $keystone_mysql_password, + $glance_mysql_password, + $neutron_mysql_password, + $nova_mysql_password, + $glance_admin_password, + $keystone_admin_password, + $neutron_admin_password, + $nova_admin_password, + $keystone_admin_token, + $ssl_key_file_contents, + $ssl_cert_file_contents, + $br_name, + $controller_public_address = $::fqdn, + $neutron_subnet_cidr, + $neutron_subnet_gateway, + $neutron_subnet_allocation_pools, + $opnfv_password, + $opnfv_email = 'opnfvuser@gmail.com', +) { + class { '::infracloud::controller': + keystone_rabbit_password => $keystone_rabbit_password, + neutron_rabbit_password => $neutron_rabbit_password, + nova_rabbit_password => $nova_rabbit_password, + root_mysql_password => $root_mysql_password, + keystone_mysql_password => $keystone_mysql_password, + glance_mysql_password => $glance_mysql_password, + neutron_mysql_password => $neutron_mysql_password, + nova_mysql_password => $nova_mysql_password, + keystone_admin_password => $keystone_admin_password, + glance_admin_password => $glance_admin_password, + neutron_admin_password => $neutron_admin_password, + nova_admin_password => $nova_admin_password, + keystone_admin_token => $keystone_admin_token, + ssl_key_file_contents => $ssl_key_file_contents, + ssl_cert_file_contents => $ssl_cert_file_contents, + br_name => $br_name, + controller_public_address => $controller_public_address, + neutron_subnet_cidr => $neutron_subnet_cidr, + neutron_subnet_gateway => $neutron_subnet_gateway, + neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools, + } + + # create keystone creds + keystone_domain { 'opnfv': + ensure => present, + enabled => true, + } + + keystone_tenant { 'opnfv': + ensure => present, + enabled => true, + description => 'OPNFV cloud', + domain => 'opnfv', + require => Keystone_domain['opnfv'], + } + + keystone_user { 'opnfv': + ensure => present, + enabled => true, + domain => 'opnfv', + email => $opnfv_email, + password => $opnfv_password, + require => Keystone_tenant['opnfv'], + } + + keystone_role { 'user': ensure => present } + + keystone_user_role { 'opnfv::opnfv@opnfv::opnfv': + roles => [ 'user', 'admin', ], + } +} + diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp new file mode 100644 index 000000000..5bbcd7506 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp @@ -0,0 +1,222 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +class opnfv::server ( + $iptables_public_tcp_ports = [], + $iptables_public_udp_ports = [], + $iptables_rules4 = [], + $iptables_rules6 = [], + $sysadmins = [], + $enable_unbound = true, + $purge_apt_sources = true, +) { + ########################################################### + # Classes for all hosts + + include snmpd + include sudoers + + class { 'iptables': + public_tcp_ports => $iptables_public_tcp_ports, + public_udp_ports => $all_udp, + rules4 => $iptables_rules4, + rules6 => $iptables_rules6, + } + + class { 'timezone': + timezone => 'Etc/UTC', + } + + if ($enable_unbound) { + class { 'unbound': + install_resolv_conf => $install_resolv_conf + } + } + + if ($::in_chroot) { + notify { 'rsyslog in chroot': + message => 'rsyslog not refreshed, running in chroot', + } + $rsyslog_notify = [] + } else { + service { 'rsyslog': + ensure => running, + enable => true, + hasrestart => true, + require => Package['rsyslog'], + } + $rsyslog_notify = [ Service['rsyslog'] ] + } + + ########################################################### + # System tweaks + + # Increase syslog message size in order to capture + # python tracebacks with syslog. + file { '/etc/rsyslog.d/99-maxsize.conf': + ensure => present, + # Note MaxMessageSize is not a puppet variable. + content => '$MaxMessageSize 6k', + owner => 'root', + group => 'root', + mode => '0644', + notify => $rsyslog_notify, + require => Package['rsyslog'], + } + + # We don't like byobu + file { '/etc/profile.d/Z98-byobu.sh': + ensure => absent, + } + + if $::osfamily == 'Debian' { + + # Ubuntu installs their whoopsie package by default, but it eats through + # memory and we don't need it on servers + package { 'whoopsie': + ensure => absent, + } + + package { 'popularity-contest': + ensure => absent, + } + } + + ########################################################### + # Package resources for all operating systems + + package { 'at': + ensure => present, + } + + package { 'lvm2': + ensure => present, + } + + package { 'strace': + ensure => present, + } + + package { 'tcpdump': + ensure => present, + } + + package { 'rsyslog': + ensure => present, + } + + package { 'git': + ensure => present, + } + + package { 'rsync': + ensure => present, + } + + case $::osfamily { + 'RedHat': { + $packages = ['parted', 'puppet', 'wget', 'iputils'] + $user_packages = ['emacs-nox', 'vim-enhanced'] + $update_pkg_list_cmd = '' + } + 'Debian': { + $packages = ['parted', 'puppet', 'wget', 'iputils-ping'] + case $::operatingsystemrelease { + /^(12|14)\.(04|10)$/: { + $user_packages = ['emacs23-nox', 'vim-nox', 'iftop', + 'sysstat', 'iotop'] + } + default: { + $user_packages = ['emacs-nox', 'vim-nox'] + } + } + $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;' + } + default: { + fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).") + } + } + package { $packages: + ensure => present + } + + ########################################################### + # Package resources for specific operating systems + + case $::osfamily { + 'Debian': { + # Purge and augment existing /etc/apt/sources.list if requested, and make + # sure apt-get update is run before any packages are installed + class { '::apt': + purge => { 'sources.list' => $purge_apt_sources } + } + + # Make sure dig is installed + package { 'dnsutils': + ensure => present, + } + } + 'RedHat': { + # Make sure dig is installed + package { 'bind-utils': + ensure => present, + } + } + } + + ########################################################### + # Manage ntp + + include '::ntp' + + if ($::osfamily == "RedHat") { + # Utils in ntp-perl are included in Debian's ntp package; we + # add it here for consistency. See also + # https://tickets.puppetlabs.com/browse/MODULES-3660 + package { 'ntp-perl': + ensure => present + } + # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for + # centos-7. Currently, ntpd explicitly require ntpdate to be running before + # the sync process can happen in ntpd. As a result, if ntpdate is not + # running, ntpd will start but fail to sync because of DNS is not properly + # setup. + package { 'ntpdate': + ensure => present, + } + service { 'ntpdate': + enable => true, + require => Package['ntpdate'], + } + } + + ########################################################### + # Manage python/pip + + $desired_virtualenv = '13.1.0' + class { '::pip': + optional_settings => { + 'extra-index-url' => '', + }, + manage_pip_conf => true, + } + + if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { + $virtualenv_ensure = $desired_virtualenv + } else { + $virtualenv_ensure = present + } + package { 'virtualenv': + ensure => $virtualenv_ensure, + provider => openstack_pip, + require => Class['pip'], + } + + # add hosts entries + create_resources('host', hiera_hash('hosts')) +} |