From 817187f7c60abbb81522e6215d268fd659a7c714 Mon Sep 17 00:00:00 2001 From: Yolanda Robla Mota Date: Thu, 18 Aug 2016 10:45:31 +0200 Subject: Add initial puppet and hiera files Include the basic site.pp and initial modules, as long as default hieras, to manage opnfv infracloud. Change-Id: I891bc414b102257534f1d28df8299bf41c12e8f2 Signed-Off-By: Yolanda Robla --- prototypes/puppet-infracloud/README.md | 52 +++++ prototypes/puppet-infracloud/creds/clouds.yaml | 12 ++ prototypes/puppet-infracloud/hiera/common.yaml | 77 +++++++ prototypes/puppet-infracloud/install_modules.sh | 121 +++++++++++ prototypes/puppet-infracloud/manifests/site.pp | 63 ++++++ prototypes/puppet-infracloud/modules.env | 81 ++++++++ .../modules/opnfv/manifests/compute.pp | 23 +++ .../modules/opnfv/manifests/controller.pp | 85 ++++++++ .../modules/opnfv/manifests/server.pp | 222 +++++++++++++++++++++ 9 files changed, 736 insertions(+) create mode 100644 prototypes/puppet-infracloud/README.md create mode 100644 prototypes/puppet-infracloud/creds/clouds.yaml create mode 100644 prototypes/puppet-infracloud/hiera/common.yaml create mode 100755 prototypes/puppet-infracloud/install_modules.sh create mode 100644 prototypes/puppet-infracloud/manifests/site.pp create mode 100644 prototypes/puppet-infracloud/modules.env create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp diff --git a/prototypes/puppet-infracloud/README.md b/prototypes/puppet-infracloud/README.md new file mode 100644 index 000000000..f3bd67279 --- /dev/null +++ b/prototypes/puppet-infracloud/README.md @@ -0,0 +1,52 @@ +=============================== +How to deploy puppet-infracloud +=============================== +The manifest and mmodules defined on this repo will deploy an OpenStack cloud based on `Infra Cloud `_ project. + +Once all the hardware is provisioned, enter in controller and compute nodes and follow these steps: + +1. Clone releng:: + + git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng + +2. Copy hiera to the right place:: + + cp /opt/releng/prototypes/puppet-infracloud/hiera/common.yaml /var/lib/hiera/ + +3. Install modules:: + + cd /opt/releng/prototypes/puppet-infracloud + ./install_modules.sh + +4. Apply the infracloud manifest:: + + cd /opt/releng/prototypes/puppet-infracloud + puppet apply --manifests/site.pp --modulepath=/etc/puppet/modules:/opt/releng/prototypes/puppet-infracloud/modules + +5. Once you finish this operation on controller and compute nodes, you will have a functional OpenStack cloud. + +In jumphost, follow that steps: + +1. Clone releng:: + + git clone https://gerrit.opnfv.org/gerrit/releng /opt/releng + +2. Create OpenStack clouds config directory: + + mkdir -p /root/.config/openstack + +3. Copy credentials file:: + + cp /opt/releng/prototypes/puppet-infracloud/creds/clouds.yaml /root/.config/openstack/ + +4. Install openstack-client: + + pip install python-openstackclient + +5. Export the desired cloud:: + + export OS_CLOUD=opnfv + +6. Start using it:: + + openstack server list diff --git a/prototypes/puppet-infracloud/creds/clouds.yaml b/prototypes/puppet-infracloud/creds/clouds.yaml new file mode 100644 index 000000000..eb44db66c --- /dev/null +++ b/prototypes/puppet-infracloud/creds/clouds.yaml @@ -0,0 +1,12 @@ +clouds: + opnfv: + verify: False + auth: + auth_url: https://controller00.opnfvlocal:5000 + project_name: opnfv + username: opnfv + password: pass + identity_api_version: '3' + region_name: RegionOne + user_domain_name: opnfv + project_domain_name: opnfv diff --git a/prototypes/puppet-infracloud/hiera/common.yaml b/prototypes/puppet-infracloud/hiera/common.yaml new file mode 100644 index 000000000..6c28f1972 --- /dev/null +++ b/prototypes/puppet-infracloud/hiera/common.yaml @@ -0,0 +1,77 @@ +keystone_rabbit_password: pass +neutron_rabbit_password: pass +nova_rabbit_password: pass +root_mysql_password: pass +keystone_mysql_password: pass +glance_mysql_password: pass +neutron_mysql_password: pass +nova_mysql_password: pass +keystone_admin_password: pass +glance_admin_password: pass +neutron_admin_password: pass +nova_admin_password: pass +keystone_admin_token: token +ssl_key_file_contents: | + -----BEGIN PRIVATE KEY----- + MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC0YX6wsA/Jhe3q + ByoiLsyagO5rOCIyzDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulb + GnB6A0GlT3YXuaKPucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK9 + 43G545aBZSGlUnVfFg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UU + TzrH2SL6Nhl7i+AenuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF + 37fsWxxxEX8a6gtGYEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeD + jEHey3UJAgMBAAECggEAGqapBEwPGRRbsY87b2+AtXdFQrw5eU3pj4jCr3dk4o1o + uCbiqxNgGnup4VRT2hmtkKF8O4jj/p1JozdF1RE0GsuhxCGeXiPxrwFfWSyQ28Ou + AWJ6O/njlVZRTTXRzbLyZEOEgWNEdJMfCsVXIUL6EsYxcW68fr8QtExAo0gSzvwe + IVyhopBy4A1jr5jWqjjlgJhoTHQCkp1e9pHiaW5WWHtk2DFdy6huw5PoDRppG42P + soMzqHy9AIWXrYaTGNjyybdJvbaiF0X5Bkr6k8ZxMlRuEb3Vpyrj7SsBrUifRJM3 + +yheSq3drdQHlw5VrukoIgXGYB4zAQq3LndLoL5YTQKBgQDlzz/hB1IuGOKBXRHy + p0j+Lyoxt5EiOW2mdEkbTUYyYnD9EDbJ0wdQ5ijtWLw0J3AwhASkH8ZyljOVHKlY + Sq2Oo/uroIH4M8cVIBOJQ2/ak98ItLZ1OMMnDxlZva52jBfYwOEkg6OXeLOLmay6 + ADfxQ56RFqreVHi9J0/jvpn9UwKBgQDI8CZrM4udJTP7gslxeDcRZw6W34CBBFds + 49d10Tfd05sysOludzWAfGFj27wqIacFcIyYQmnSga9lBhowv+RwdSjcb2QCCjOb + b2GdH+qSFU8BTOcd5FscCBV3U8Y1f/iYp0EQ1/GiG2AYcQC67kjWOO4/JZEXsmtq + LisFlWTcswKBgQCC/bs/nViuhei2LELKuafVmzTF2giUJX/m3Wm+cjGNDqew18kj + CXKmHks93tKIN+KvBNFQa/xF3G/Skt/EP+zl3XravUbYH0tfM0VvfE0JnjgHUlqe + PpiebvDYQlJrqDb/ihHLKm3ZLSfKbvIRo4Y/s3dy5CTJTgT0bLAQ9Nf5mQKBgGqb + Dqb9d+rtnACqSNnMn9q5xIHDHlhUx1VcJCm70Fn+NG7WcWJMGLSMSNdD8zafGA/I + wK7fPWmTqEx+ylJm3HnVjtI0vuheJTcoBq/oCPlsGLhl5pBzYOskVs8yQQyNUoUa + 52haSTZqM7eD7JFAbqBJIA2cjrf1zwtMZ0LVGegFAoGBAIFSkI+y4tDEEaSsxrMM + OBYEZDkffVar6/mDJukvyn0Q584K3I4eXIDoEEfMGgSN2Tza6QamuNFxOPCH+AAv + UKvckK4yuYkc7mQIgjCE8N8UF4kgsXjPek61TZT1QVI1aYFb78ZAZ0miudqWkx4t + YSNDj7llArylrPGHBLQ38X4/ + -----END PRIVATE KEY----- +ssl_cert_file_contents: | + -----BEGIN CERTIFICATE----- + MIIDcTCCAlmgAwIBAgIJAJsHSxF0u/oaMA0GCSqGSIb3DQEBCwUAME8xCzAJBgNV + BAYTAlVTMQ4wDAYDVQQHDAVXb3JsZDEOMAwGA1UECgwFT1BORlYxIDAeBgNVBAMM + F2NvbnRyb2xsZXIwMC5vcG5mdmxvY2FsMB4XDTE2MDgxNzE2MzQwOFoXDTE3MDgx + NzE2MzQwOFowTzELMAkGA1UEBhMCVVMxDjAMBgNVBAcMBVdvcmxkMQ4wDAYDVQQK + DAVPUE5GVjEgMB4GA1UEAwwXY29udHJvbGxlcjAwLm9wbmZ2bG9jYWwwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YX6wsA/Jhe3qByoiLsyagO5rOCIy + zDsMTV0YMWVIa/QybvS1vI+pK9FIoYPbqWFGHXmQF0DJYulbGnB6A0GlT3YXuaKP + ucaaANr5hTjuEBF6LuQeq+OIO5u7+l56HGWbbVeB7+vnIxK943G545aBZSGlUnVf + Fg+v+IQtmRr36iEa5UDd4sahDXcp2Dm3zGgkFhFKie6AJ4UUTzrH2SL6Nhl7i+Ae + nuoUEDdgDWfGnCXozLngfmhKDi6lHDmh5zJhFS7cKz14wLgF37fsWxxxEX8a6gtG + YEEHqXV3x3AXO+U98pr15/xQM9O2O3mrqc/zkmcCRUwCjEeDjEHey3UJAgMBAAGj + UDBOMB0GA1UdDgQWBBQyFVbU5s2ihD0hX3W7GyHiHZGG1TAfBgNVHSMEGDAWgBQy + FVbU5s2ihD0hX3W7GyHiHZGG1TAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA + A4IBAQB+xf7I9RVWzRNjMbWBDE6pBvOWnSksv7Jgr4cREvyOxBDaIoO3uQRDDu6r + RCgGs1CuwEaFX1SS/OVrKRFiy9kCU/LBZEFwaHRaL2Kj57Z2yNInPIiKB4h9jen2 + 75fYrpq42XUDSI0NpsqAJpmcQqXOOo8V08FlH0/6h8mWdsfQfbyaf+g73+aRZds8 + Q4ttmBrqY4Pi5CJW46w7LRCA5o92Di3GI9dAh9MVZ3023cTTjDkW04QbluphuTFj + O07Npz162/fHTXut+piV78t+1HlfYWY5TOSQMIVwenftA/Bn8+TQAgnLR+nGo/wu + oEaxLtj3Jr07+yIjL88ewT+c3fpq + -----END CERTIFICATE----- +infracloud_mysql_password: pass +opnfv_password: pass + +rabbitmq::package_gpg_key: 'https://www.rabbitmq.com/rabbitmq-release-signing-key.asc' +rabbitmq::repo::apt::key: '0A9AF2115F4687BD29803A206B73A36E6026DFCA' + +hosts: + jumphost.opnfvlocal: + ip: 192.168.122.2 + controller00.opnfvlocal: + ip: 192.168.122.3 + compute00.opnfvlocal: + ip: 192.168.122.4 diff --git a/prototypes/puppet-infracloud/install_modules.sh b/prototypes/puppet-infracloud/install_modules.sh new file mode 100755 index 000000000..5d5acd9c1 --- /dev/null +++ b/prototypes/puppet-infracloud/install_modules.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# Copyright 2014 OpenStack Foundation. +# Copyright 2014 Hewlett-Packard Development Company, L.P. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +MODULE_PATH=`puppet config print modulepath | cut -d ':' -f 1` +SCRIPT_NAME=$(basename $0) +SCRIPT_DIR=$(readlink -f "$(dirname $0)") +JUST_CLONED=0 + +function remove_module { + local SHORT_MODULE_NAME=$1 + if [ -n "$SHORT_MODULE_NAME" ]; then + rm -Rf "$MODULE_PATH/$SHORT_MODULE_NAME" + else + echo "ERROR: remove_module requires a SHORT_MODULE_NAME." + fi +} + +function git_clone { + local MOD=$1 + local DEST=$2 + + JUST_CLONED=1 + for attempt in $(seq 0 3); do + clone_error=0 + git clone $MOD $DEST && break || true + rm -rf $DEST + clone_error=1 + done + return $clone_error +} + +# Array of modules to be installed key:value is module:version. +declare -A MODULES + +# Array of modues to be installed from source and without dependency resolution. +# key:value is source location, revision to checkout +declare -A SOURCE_MODULES + +# Array of modues to be installed from source and without dependency resolution from openstack git +# key:value is source location, revision to checkout +declare -A INTEGRATION_MODULES + +# load modules.env to populate MODULES[*] and SOURCE_MODULES[*] +# for processing. +MODULE_ENV_FILE=${MODULE_FILE:-modules.env} +MODULE_ENV_PATH=${MODULE_ENV_PATH:-${SCRIPT_DIR}} +if [ -f "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" ] ; then + . "${MODULE_ENV_PATH}/${MODULE_ENV_FILE}" +fi + +if [ -z "${!MODULES[*]}" ] && [ -z "${!SOURCE_MODULES[*]}" ] ; then + echo "" + echo "WARNING: nothing to do, unable to find MODULES or SOURCE_MODULES" + echo " export options, try setting MODULE_ENV_PATH or MODULE_ENV_FILE" + echo " export to the proper location of modules.env file." + echo "" + exit 0 +fi + +MODULE_LIST=`puppet module list --color=false` + +# Install modules from source +for MOD in ${!SOURCE_MODULES[*]} ; do + JUST_CLONED=0 + # get the name of the module directory + if [ `echo $MOD | awk -F. '{print $NF}'` = 'git' ]; then + echo "Remote repos of the form repo.git are not supported: ${MOD}" + exit 1 + fi + + MODULE_NAME=`echo $MOD | awk -F- '{print $NF}'` + + # set up git base command to use the correct path + GIT_CMD_BASE="git --git-dir=${MODULE_PATH}/${MODULE_NAME}/.git --work-tree ${MODULE_PATH}/${MODULE_NAME}" + # treat any occurrence of the module as a match + if ! echo $MODULE_LIST | grep "${MODULE_NAME}" >/dev/null 2>&1; then + # clone modules that are not installed + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + else + if [ ! -d ${MODULE_PATH}/${MODULE_NAME}/.git ]; then + echo "Found directory ${MODULE_PATH}/${MODULE_NAME} that is not a git repo, deleting it and reinstalling from source" + remove_module $MODULE_NAME + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + elif [ `${GIT_CMD_BASE} remote show origin | grep 'Fetch URL' | awk -F'URL: ' '{print $2}'` != $MOD ]; then + echo "Found remote in ${MODULE_PATH}/${MODULE_NAME} that does not match desired remote ${MOD}, deleting dir and re-cloning" + remove_module $MODULE_NAME + git_clone $MOD "${MODULE_PATH}/${MODULE_NAME}" + fi + fi + + # fetch the latest refs from the repo + if [[ $JUST_CLONED -eq 0 ]] ; then + # If we just cloned the repo, we do not need to remote update + for attempt in $(seq 0 3); do + clone_error=0 + $GIT_CMD_BASE remote update && break || true + clone_error=1 + done + if [[ $clone_error -ne 0 ]] ; then + exit $clone_error + fi + fi + # make sure the correct revision is installed, I have to use rev-list b/c rev-parse does not work with tags + if [ `${GIT_CMD_BASE} rev-list HEAD --max-count=1` != `${GIT_CMD_BASE} rev-list ${SOURCE_MODULES[$MOD]} --max-count=1` ]; then + # checkout correct revision + $GIT_CMD_BASE checkout ${SOURCE_MODULES[$MOD]} + fi +done diff --git a/prototypes/puppet-infracloud/manifests/site.pp b/prototypes/puppet-infracloud/manifests/site.pp new file mode 100644 index 000000000..e524918c6 --- /dev/null +++ b/prototypes/puppet-infracloud/manifests/site.pp @@ -0,0 +1,63 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +node 'controller00.opnfvlocal' { + $group = 'infracloud' + class { 'opnfv::server': + iptables_public_tcp_ports => [80,5000,5671,8774,9292,9696,35357], # logs,keystone,rabbit,nova,glance,neutron,keystone + sysadmins => hiera('sysadmins', []), + enable_unbound => false, + purge_apt_sources => false, + } + class { 'opnfv::controller': + keystone_rabbit_password => hiera('keystone_rabbit_password'), + neutron_rabbit_password => hiera('neutron_rabbit_password'), + nova_rabbit_password => hiera('nova_rabbit_password'), + root_mysql_password => hiera('infracloud_mysql_password'), + keystone_mysql_password => hiera('keystone_mysql_password'), + glance_mysql_password => hiera('glance_mysql_password'), + neutron_mysql_password => hiera('neutron_mysql_password'), + nova_mysql_password => hiera('nova_mysql_password'), + keystone_admin_password => hiera('keystone_admin_password'), + glance_admin_password => hiera('glance_admin_password'), + neutron_admin_password => hiera('neutron_admin_password'), + nova_admin_password => hiera('nova_admin_password'), + keystone_admin_token => hiera('keystone_admin_token'), + ssl_key_file_contents => hiera('ssl_key_file_contents'), + ssl_cert_file_contents => hiera('ssl_cert_file_contents'), + br_name => 'br-eth0', + controller_public_address => $::fqdn, + neutron_subnet_cidr => '192.168.122.0/24', + neutron_subnet_gateway => '192.168.122.1', + neutron_subnet_allocation_pools => [ + 'start=192.168.122.50,end=192.168.122.254', + ], + opnfv_password => hiera('opnfv_password'), + } +} + +node 'compute00.opnfvlocal' { + $group = 'infracloud' + class { 'opnfv::server': + sysadmins => hiera('sysadmins', []), + enable_unbound => false, + purge_apt_sources => false, + } + + class { 'opnfv::compute': + nova_rabbit_password => hiera('nova_rabbit_password'), + neutron_rabbit_password => hiera('neutron_rabbit_password'), + neutron_admin_password => hiera('neutron_admin_password'), + ssl_cert_file_contents => hiera('ssl_cert_file_contents'), + ssl_key_file_contents => hiera('ssl_key_file_contents'), + br_name => 'br-eth0', + controller_public_address => 'controller00.opnfvlocal', + virt_type => 'qemu', + } +} + diff --git a/prototypes/puppet-infracloud/modules.env b/prototypes/puppet-infracloud/modules.env new file mode 100644 index 000000000..2df81ecc4 --- /dev/null +++ b/prototypes/puppet-infracloud/modules.env @@ -0,0 +1,81 @@ +# Copyright 2014 OpenStack Foundation. +# Copyright 2016 RedHat. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# load additional modules from modules.env +# modules.env should exist in the same folder as install_modules.sh +# +# - use export MODULE_FILE to specify an alternate config +# when calling install_modules.sh. +# This allows for testing environments that are configured with alternate +# module configuration. + +# Source modules should use tags, explicit refs or remote branches because +# we do not update local branches in this script. +# Keep sorted + +OPENSTACK_GIT_ROOT=https://git.openstack.org + +# InfraCloud modules +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-cinder"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-glance"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-ironic"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-keystone"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-neutron"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-nova"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstack_extras"]="origin/stable/mitaka" +SOURCE_MODULES["$OPENSTACK_GIT_ROOT/openstack/puppet-openstacklib"]="origin/stable/mitaka" + +SOURCE_MODULES["https://github.com/duritong/puppet-sysctl"]="v0.0.11" +SOURCE_MODULES["https://github.com/nanliu/puppet-staging"]="1.0.0" +SOURCE_MODULES["https://github.com/jfryman/puppet-selinux"]="v0.2.5" +SOURCE_MODULES["https://github.com/maestrodev/puppet-wget"]="v1.6.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apache"]="1.8.1" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-apt"]="2.1.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-concat"]="1.2.5" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-firewall"]="1.1.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-haproxy"]="1.5.0" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-inifile"]="1.1.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-mysql"]="3.6.2" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-ntp"]="3.2.1" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-rabbitmq"]="5.2.3" +SOURCE_MODULES["https://github.com/puppetlabs/puppetlabs-stdlib"]="4.10.0" +SOURCE_MODULES["https://github.com/rafaelfelix/puppet-pear"]="1.0.3" +SOURCE_MODULES["https://github.com/saz/puppet-memcached"]="v2.6.0" +SOURCE_MODULES["https://github.com/saz/puppet-timezone"]="v3.3.0" +SOURCE_MODULES["https://github.com/stankevich/puppet-python"]="1.9.4" +SOURCE_MODULES["https://github.com/vamsee/puppet-solr"]="0.0.8" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-alternatives"]="0.3.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-archive"]="v0.5.1" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-git_resource"]="0.3.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-nodejs"]="1.2.0" +SOURCE_MODULES["https://github.com/voxpupuli/puppet-puppetboard"]="2.4.0" + + +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-httpd"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-infracloud"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-iptables"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-pip"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-snmpd"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssh"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ssl_cert_check"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-sudoers"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-ulimit"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unattended_upgrades"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-unbound"]="origin/master" +INTEGRATION_MODULES["$OPENSTACK_GIT_ROOT/openstack-infra/puppet-user"]="origin/master" + +for MOD in ${!INTEGRATION_MODULES[*]}; do + SOURCE_MODULES[$MOD]=${INTEGRATION_MODULES[$MOD]} +done diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp new file mode 100644 index 000000000..ca548a5d5 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp @@ -0,0 +1,23 @@ +class opnfv::compute ( + $nova_rabbit_password, + $neutron_rabbit_password, + $neutron_admin_password, + $ssl_cert_file_contents, + $ssl_key_file_contents, + $br_name, + $controller_public_address, + $virt_type = 'kvm', +) { + class { '::infracloud::compute': + nova_rabbit_password => $nova_rabbit_password, + neutron_rabbit_password => $neutron_rabbit_password, + neutron_admin_password => $neutron_admin_password, + ssl_cert_file_contents => $ssl_cert_file_contents, + ssl_key_file_contents => $ssl_key_file_contents, + br_name => $br_name, + controller_public_address => $controller_public_address, + virt_type => $virt_type, + } + +} + diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp new file mode 100644 index 000000000..7522692c1 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp @@ -0,0 +1,85 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +class opnfv::controller ( + $keystone_rabbit_password, + $neutron_rabbit_password, + $nova_rabbit_password, + $root_mysql_password, + $keystone_mysql_password, + $glance_mysql_password, + $neutron_mysql_password, + $nova_mysql_password, + $glance_admin_password, + $keystone_admin_password, + $neutron_admin_password, + $nova_admin_password, + $keystone_admin_token, + $ssl_key_file_contents, + $ssl_cert_file_contents, + $br_name, + $controller_public_address = $::fqdn, + $neutron_subnet_cidr, + $neutron_subnet_gateway, + $neutron_subnet_allocation_pools, + $opnfv_password, + $opnfv_email = 'opnfvuser@gmail.com', +) { + class { '::infracloud::controller': + keystone_rabbit_password => $keystone_rabbit_password, + neutron_rabbit_password => $neutron_rabbit_password, + nova_rabbit_password => $nova_rabbit_password, + root_mysql_password => $root_mysql_password, + keystone_mysql_password => $keystone_mysql_password, + glance_mysql_password => $glance_mysql_password, + neutron_mysql_password => $neutron_mysql_password, + nova_mysql_password => $nova_mysql_password, + keystone_admin_password => $keystone_admin_password, + glance_admin_password => $glance_admin_password, + neutron_admin_password => $neutron_admin_password, + nova_admin_password => $nova_admin_password, + keystone_admin_token => $keystone_admin_token, + ssl_key_file_contents => $ssl_key_file_contents, + ssl_cert_file_contents => $ssl_cert_file_contents, + br_name => $br_name, + controller_public_address => $controller_public_address, + neutron_subnet_cidr => $neutron_subnet_cidr, + neutron_subnet_gateway => $neutron_subnet_gateway, + neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools, + } + + # create keystone creds + keystone_domain { 'opnfv': + ensure => present, + enabled => true, + } + + keystone_tenant { 'opnfv': + ensure => present, + enabled => true, + description => 'OPNFV cloud', + domain => 'opnfv', + require => Keystone_domain['opnfv'], + } + + keystone_user { 'opnfv': + ensure => present, + enabled => true, + domain => 'opnfv', + email => $opnfv_email, + password => $opnfv_password, + require => Keystone_tenant['opnfv'], + } + + keystone_role { 'user': ensure => present } + + keystone_user_role { 'opnfv::opnfv@opnfv::opnfv': + roles => [ 'user', 'admin', ], + } +} + diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp new file mode 100644 index 000000000..5bbcd7506 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp @@ -0,0 +1,222 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +class opnfv::server ( + $iptables_public_tcp_ports = [], + $iptables_public_udp_ports = [], + $iptables_rules4 = [], + $iptables_rules6 = [], + $sysadmins = [], + $enable_unbound = true, + $purge_apt_sources = true, +) { + ########################################################### + # Classes for all hosts + + include snmpd + include sudoers + + class { 'iptables': + public_tcp_ports => $iptables_public_tcp_ports, + public_udp_ports => $all_udp, + rules4 => $iptables_rules4, + rules6 => $iptables_rules6, + } + + class { 'timezone': + timezone => 'Etc/UTC', + } + + if ($enable_unbound) { + class { 'unbound': + install_resolv_conf => $install_resolv_conf + } + } + + if ($::in_chroot) { + notify { 'rsyslog in chroot': + message => 'rsyslog not refreshed, running in chroot', + } + $rsyslog_notify = [] + } else { + service { 'rsyslog': + ensure => running, + enable => true, + hasrestart => true, + require => Package['rsyslog'], + } + $rsyslog_notify = [ Service['rsyslog'] ] + } + + ########################################################### + # System tweaks + + # Increase syslog message size in order to capture + # python tracebacks with syslog. + file { '/etc/rsyslog.d/99-maxsize.conf': + ensure => present, + # Note MaxMessageSize is not a puppet variable. + content => '$MaxMessageSize 6k', + owner => 'root', + group => 'root', + mode => '0644', + notify => $rsyslog_notify, + require => Package['rsyslog'], + } + + # We don't like byobu + file { '/etc/profile.d/Z98-byobu.sh': + ensure => absent, + } + + if $::osfamily == 'Debian' { + + # Ubuntu installs their whoopsie package by default, but it eats through + # memory and we don't need it on servers + package { 'whoopsie': + ensure => absent, + } + + package { 'popularity-contest': + ensure => absent, + } + } + + ########################################################### + # Package resources for all operating systems + + package { 'at': + ensure => present, + } + + package { 'lvm2': + ensure => present, + } + + package { 'strace': + ensure => present, + } + + package { 'tcpdump': + ensure => present, + } + + package { 'rsyslog': + ensure => present, + } + + package { 'git': + ensure => present, + } + + package { 'rsync': + ensure => present, + } + + case $::osfamily { + 'RedHat': { + $packages = ['parted', 'puppet', 'wget', 'iputils'] + $user_packages = ['emacs-nox', 'vim-enhanced'] + $update_pkg_list_cmd = '' + } + 'Debian': { + $packages = ['parted', 'puppet', 'wget', 'iputils-ping'] + case $::operatingsystemrelease { + /^(12|14)\.(04|10)$/: { + $user_packages = ['emacs23-nox', 'vim-nox', 'iftop', + 'sysstat', 'iotop'] + } + default: { + $user_packages = ['emacs-nox', 'vim-nox'] + } + } + $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;' + } + default: { + fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).") + } + } + package { $packages: + ensure => present + } + + ########################################################### + # Package resources for specific operating systems + + case $::osfamily { + 'Debian': { + # Purge and augment existing /etc/apt/sources.list if requested, and make + # sure apt-get update is run before any packages are installed + class { '::apt': + purge => { 'sources.list' => $purge_apt_sources } + } + + # Make sure dig is installed + package { 'dnsutils': + ensure => present, + } + } + 'RedHat': { + # Make sure dig is installed + package { 'bind-utils': + ensure => present, + } + } + } + + ########################################################### + # Manage ntp + + include '::ntp' + + if ($::osfamily == "RedHat") { + # Utils in ntp-perl are included in Debian's ntp package; we + # add it here for consistency. See also + # https://tickets.puppetlabs.com/browse/MODULES-3660 + package { 'ntp-perl': + ensure => present + } + # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for + # centos-7. Currently, ntpd explicitly require ntpdate to be running before + # the sync process can happen in ntpd. As a result, if ntpdate is not + # running, ntpd will start but fail to sync because of DNS is not properly + # setup. + package { 'ntpdate': + ensure => present, + } + service { 'ntpdate': + enable => true, + require => Package['ntpdate'], + } + } + + ########################################################### + # Manage python/pip + + $desired_virtualenv = '13.1.0' + class { '::pip': + optional_settings => { + 'extra-index-url' => '', + }, + manage_pip_conf => true, + } + + if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { + $virtualenv_ensure = $desired_virtualenv + } else { + $virtualenv_ensure = present + } + package { 'virtualenv': + ensure => $virtualenv_ensure, + provider => openstack_pip, + require => Class['pip'], + } + + # add hosts entries + create_resources('host', hiera_hash('hosts')) +} -- cgit 1.2.3-korg