From 817187f7c60abbb81522e6215d268fd659a7c714 Mon Sep 17 00:00:00 2001
From: Yolanda Robla Mota <yroblamo@redhat.com>
Date: Thu, 18 Aug 2016 10:45:31 +0200
Subject: Add initial puppet and hiera files

Include the basic site.pp and initial modules, as long as default
hieras, to manage opnfv infracloud.

Change-Id: I891bc414b102257534f1d28df8299bf41c12e8f2
Signed-Off-By: Yolanda Robla <yroblamo@redhat.com>
---
 .../modules/opnfv/manifests/compute.pp             |  23 +++
 .../modules/opnfv/manifests/controller.pp          |  85 ++++++++
 .../modules/opnfv/manifests/server.pp              | 222 +++++++++++++++++++++
 3 files changed, 330 insertions(+)
 create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp
 create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp
 create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp

(limited to 'prototypes/puppet-infracloud/modules')

diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp
new file mode 100644
index 000000000..ca548a5d5
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/compute.pp
@@ -0,0 +1,23 @@
+class opnfv::compute (
+  $nova_rabbit_password,
+  $neutron_rabbit_password,
+  $neutron_admin_password,
+  $ssl_cert_file_contents,
+  $ssl_key_file_contents,
+  $br_name,
+  $controller_public_address,
+  $virt_type = 'kvm',
+) {
+  class { '::infracloud::compute':
+    nova_rabbit_password          => $nova_rabbit_password,
+    neutron_rabbit_password       => $neutron_rabbit_password,
+    neutron_admin_password        => $neutron_admin_password,
+    ssl_cert_file_contents        => $ssl_cert_file_contents,
+    ssl_key_file_contents         => $ssl_key_file_contents,
+    br_name                       => $br_name,
+    controller_public_address     => $controller_public_address,
+    virt_type                     => $virt_type,
+  }
+
+}
+
diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp
new file mode 100644
index 000000000..7522692c1
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/controller.pp
@@ -0,0 +1,85 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::controller (
+  $keystone_rabbit_password,
+  $neutron_rabbit_password,
+  $nova_rabbit_password,
+  $root_mysql_password,
+  $keystone_mysql_password,
+  $glance_mysql_password,
+  $neutron_mysql_password,
+  $nova_mysql_password,
+  $glance_admin_password,
+  $keystone_admin_password,
+  $neutron_admin_password,
+  $nova_admin_password,
+  $keystone_admin_token,
+  $ssl_key_file_contents,
+  $ssl_cert_file_contents,
+  $br_name,
+  $controller_public_address = $::fqdn,
+  $neutron_subnet_cidr,
+  $neutron_subnet_gateway,
+  $neutron_subnet_allocation_pools,
+  $opnfv_password,
+  $opnfv_email = 'opnfvuser@gmail.com',
+) {
+  class { '::infracloud::controller':
+    keystone_rabbit_password         => $keystone_rabbit_password,
+    neutron_rabbit_password          => $neutron_rabbit_password,
+    nova_rabbit_password             => $nova_rabbit_password,
+    root_mysql_password              => $root_mysql_password,
+    keystone_mysql_password          => $keystone_mysql_password,
+    glance_mysql_password            => $glance_mysql_password,
+    neutron_mysql_password           => $neutron_mysql_password,
+    nova_mysql_password              => $nova_mysql_password,
+    keystone_admin_password          => $keystone_admin_password,
+    glance_admin_password            => $glance_admin_password,
+    neutron_admin_password           => $neutron_admin_password,
+    nova_admin_password              => $nova_admin_password,
+    keystone_admin_token             => $keystone_admin_token,
+    ssl_key_file_contents            => $ssl_key_file_contents,
+    ssl_cert_file_contents           => $ssl_cert_file_contents,
+    br_name                          => $br_name,
+    controller_public_address        => $controller_public_address,
+    neutron_subnet_cidr              => $neutron_subnet_cidr,
+    neutron_subnet_gateway           => $neutron_subnet_gateway,
+    neutron_subnet_allocation_pools  => $neutron_subnet_allocation_pools,
+  }
+
+  # create keystone creds
+  keystone_domain { 'opnfv':
+    ensure  => present,
+    enabled => true,
+  }
+
+  keystone_tenant { 'opnfv':
+    ensure      => present,
+    enabled     => true,
+    description => 'OPNFV cloud',
+    domain      => 'opnfv',
+    require     => Keystone_domain['opnfv'],
+  }
+
+  keystone_user { 'opnfv':
+    ensure   => present,
+    enabled  => true,
+    domain   => 'opnfv',
+    email    => $opnfv_email,
+    password => $opnfv_password,
+    require  => Keystone_tenant['opnfv'],
+  }
+
+  keystone_role { 'user': ensure => present }
+
+  keystone_user_role { 'opnfv::opnfv@opnfv::opnfv':
+    roles => [ 'user', 'admin', ],
+  }
+}
+
diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp
new file mode 100644
index 000000000..5bbcd7506
--- /dev/null
+++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp
@@ -0,0 +1,222 @@
+# SPDX-license-identifier: Apache-2.0
+##############################################################################
+# Copyright (c) 2016 RedHat and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+class opnfv::server (
+  $iptables_public_tcp_ports = [],
+  $iptables_public_udp_ports = [],
+  $iptables_rules4           = [],
+  $iptables_rules6           = [],
+  $sysadmins                 = [],
+  $enable_unbound            = true,
+  $purge_apt_sources         = true,
+) {
+  ###########################################################
+  # Classes for all hosts
+
+  include snmpd
+  include sudoers
+
+  class { 'iptables':
+    public_tcp_ports => $iptables_public_tcp_ports,
+    public_udp_ports => $all_udp,
+    rules4           => $iptables_rules4,
+    rules6           => $iptables_rules6,
+  }
+
+  class { 'timezone':
+    timezone => 'Etc/UTC',
+  }
+
+  if ($enable_unbound) {
+    class { 'unbound':
+      install_resolv_conf => $install_resolv_conf
+    }
+  }
+
+  if ($::in_chroot) {
+    notify { 'rsyslog in chroot':
+      message => 'rsyslog not refreshed, running in chroot',
+    }
+    $rsyslog_notify = []
+  } else {
+    service { 'rsyslog':
+      ensure     => running,
+      enable     => true,
+      hasrestart => true,
+      require    => Package['rsyslog'],
+    }
+    $rsyslog_notify = [ Service['rsyslog'] ]
+  }
+
+  ###########################################################
+  # System tweaks
+
+  # Increase syslog message size in order to capture
+  # python tracebacks with syslog.
+  file { '/etc/rsyslog.d/99-maxsize.conf':
+    ensure  => present,
+    # Note MaxMessageSize is not a puppet variable.
+    content => '$MaxMessageSize 6k',
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    notify  => $rsyslog_notify,
+    require => Package['rsyslog'],
+  }
+
+  # We don't like byobu
+  file { '/etc/profile.d/Z98-byobu.sh':
+    ensure => absent,
+  }
+
+  if $::osfamily == 'Debian' {
+
+    # Ubuntu installs their whoopsie package by default, but it eats through
+    # memory and we don't need it on servers
+    package { 'whoopsie':
+      ensure => absent,
+    }
+
+    package { 'popularity-contest':
+      ensure => absent,
+    }
+  }
+
+  ###########################################################
+  # Package resources for all operating systems
+
+  package { 'at':
+    ensure => present,
+  }
+
+  package { 'lvm2':
+    ensure => present,
+  }
+
+  package { 'strace':
+    ensure => present,
+  }
+
+  package { 'tcpdump':
+    ensure => present,
+  }
+
+  package { 'rsyslog':
+    ensure => present,
+  }
+
+  package { 'git':
+    ensure => present,
+  }
+
+  package { 'rsync':
+    ensure => present,
+  }
+
+  case $::osfamily {
+    'RedHat': {
+      $packages = ['parted', 'puppet', 'wget', 'iputils']
+      $user_packages = ['emacs-nox', 'vim-enhanced']
+      $update_pkg_list_cmd = ''
+    }
+    'Debian': {
+      $packages = ['parted', 'puppet', 'wget', 'iputils-ping']
+      case $::operatingsystemrelease {
+        /^(12|14)\.(04|10)$/: {
+          $user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
+                            'sysstat', 'iotop']
+        }
+        default: {
+          $user_packages = ['emacs-nox', 'vim-nox']
+        }
+      }
+      $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;'
+    }
+    default: {
+      fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
+    }
+  }
+  package { $packages:
+    ensure => present
+  }
+
+  ###########################################################
+  # Package resources for specific operating systems
+
+  case $::osfamily {
+    'Debian': {
+      # Purge and augment existing /etc/apt/sources.list if requested, and make
+      # sure apt-get update is run before any packages are installed
+      class { '::apt':
+        purge => { 'sources.list' => $purge_apt_sources }
+      }
+
+      # Make sure dig is installed
+      package { 'dnsutils':
+        ensure => present,
+      }
+    }
+    'RedHat': {
+      # Make sure dig is installed
+      package { 'bind-utils':
+        ensure => present,
+      }
+    }
+  }
+
+  ###########################################################
+  # Manage  ntp
+
+  include '::ntp'
+
+  if ($::osfamily == "RedHat") {
+    # Utils in ntp-perl are included in Debian's ntp package; we
+    # add it here for consistency.  See also
+    # https://tickets.puppetlabs.com/browse/MODULES-3660
+    package { 'ntp-perl':
+      ensure => present
+    }
+    # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
+    # centos-7.  Currently, ntpd explicitly require ntpdate to be running before
+    # the sync process can happen in ntpd.  As a result, if ntpdate is not
+    # running, ntpd will start but fail to sync because of DNS is not properly
+    # setup.
+    package { 'ntpdate':
+      ensure => present,
+    }
+    service { 'ntpdate':
+      enable => true,
+      require => Package['ntpdate'],
+    }
+  }
+
+  ###########################################################
+  # Manage  python/pip
+
+  $desired_virtualenv = '13.1.0'
+  class { '::pip':
+    optional_settings => {
+      'extra-index-url' => '',
+    },
+    manage_pip_conf => true,
+  }
+
+  if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
+    $virtualenv_ensure = $desired_virtualenv
+  } else {
+    $virtualenv_ensure = present
+  }
+  package { 'virtualenv':
+    ensure   => $virtualenv_ensure,
+    provider => openstack_pip,
+    require  => Class['pip'],
+  }
+
+  # add hosts entries
+  create_resources('host', hiera_hash('hosts'))
+}
-- 
cgit 1.2.3-korg