fuel-library/deployment/puppet/openstack_tasks/manifests/openstack_controller/openstack_controller.pp

# Copyright (C) 2015-2016 Mirantis
# Copyright (C) 2016 AT&T

class openstack_tasks::openstack_controller::openstack_controller {

  notice('MODULAR: openstack_controller/openstack_controller.pp')

  $network_scheme = hiera_hash('network_scheme', {})
  $network_metadata = hiera_hash('network_metadata', {})
  prepare_network_config($network_scheme)

  $primary_controller           = hiera('primary_controller')
  $use_syslog                   = hiera('use_syslog', true)
  $use_stderr                   = hiera('use_stderr', false)
  $syslog_log_facility_nova     = hiera('syslog_log_facility_nova','LOG_LOCAL6')
  $management_vip               = hiera('management_vip')
  $ceilometer_hash              = hiera_hash('ceilometer', {})
  $sahara_hash                  = hiera_hash('sahara', {})
  $storage_hash                 = hiera_hash('storage', {})
  $nova_hash                    = hiera_hash('nova', {})
  $nova_rate_limits             = $nova_hash['nova_rate_limits']
  $nova_config_hash             = hiera_hash('nova_config', {})
  $nova_report_interval         = hiera('nova_report_interval', '60')
  $nova_service_down_time       = hiera('nova_service_down_time', '180')
  $api_bind_address             = get_network_role_property('nova/api', 'ipaddr')
  $rabbit_hash                  = hiera_hash('rabbit', {})
  $service_endpoint             = hiera('service_endpoint')
  $ssl_hash                     = hiera_hash('use_ssl', {})
  $node_hash                    = hiera_hash('node_hash', {})
  $sahara_enabled               = pick($sahara_hash['enabled'], false)
  $kombu_compression            = hiera('kombu_compression', $::os_service_default)

  $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', [$nova_hash['auth_protocol'], 'http'])
  $internal_auth_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
  $admin_auth_protocol    = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', [$nova_hash['auth_protocol'], 'http'])
  $admin_auth_address     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])

  $keystone_auth_uri = "${internal_auth_protocol}://${internal_auth_address}:5000/"
  $keystone_auth_url = "${admin_auth_protocol}://${admin_auth_address}:35357/"
  $keystone_ec2_url  = "${keystone_auth_uri}v2.0/ec2tokens"

  # get glance api servers list
  $glance_endpoint_default      = hiera('glance_endpoint', $management_vip)
  $glance_protocol              = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'protocol', 'http')
  $glance_endpoint              = get_ssl_property($ssl_hash, {}, 'glance', 'internal', 'hostname', $glance_endpoint_default)
  $glance_api_servers           = hiera('glance_api_servers', "${glance_protocol}://${glance_endpoint}:9292")

  $keystone_user                = pick($nova_hash['user'], 'nova')
  $keystone_tenant              = pick($nova_hash['tenant'], 'services')
  $region_name                  = hiera('region', 'RegionOne')
  $workers_max                  = hiera('workers_max', $::os_workers)
  $service_workers              = pick($nova_hash['workers'],
                                        min(max($::processorcount, 2), $workers_max))
  $compute_nodes                = get_nodes_hash_by_roles($network_metadata, ['compute'])
  $huge_pages_nodes             = filter_nodes_with_enabled_option($compute_nodes, 'nova_hugepages_enabled')
  $cpu_pinning_nodes            = filter_nodes_with_enabled_option($compute_nodes, 'nova_cpu_pinning_enabled')

  $ironic_hash                  = hiera_hash('ironic', {})

  $openstack_controller_hash    = hiera_hash('openstack_controller', {})

  $external_lb                  = hiera('external_lb', false)

  $neutron_config                = hiera_hash('quantum_settings')
  $neutron_metadata_proxy_secret = $neutron_config['metadata']['metadata_proxy_shared_secret']
  $default_floating_net          = pick($neutron_config['default_floating_net'], 'net04_ext')
  $pci_vendor_devs               = pick($neutron_config['supported_pci_vendor_devs'], false)

  $repo_setup              = hiera_hash('repo_setup', {})
  $repo_type               = pick_default($repo_setup['repo_type'], '')
  # Boolean value for further usage
  if $pci_vendor_devs {
    $sriov_enabled = true
  } else {
    $sriov_enabled = false
  }

  if size($huge_pages_nodes) > 0 {
    $use_huge_pages = true
  } else {
    $use_huge_pages = false
  }

  if size($cpu_pinning_nodes) > 0 {
    $enable_cpu_pinning = true
  } else {
    $enable_cpu_pinning = false
  }

  $db_type     = pick($nova_hash['db_type'], 'mysql+pymysql')
  $db_host     = pick($nova_hash['db_host'], hiera('database_vip'))
  $db_user     = pick($nova_hash['db_user'], 'nova')
  $db_password = $nova_hash['db_password']
  $db_name     = pick($nova_hash['db_name'], 'nova')
  $api_db_user     = pick($nova_hash['api_db_user'], 'nova_api')
  $api_db_password = pick($nova_hash['api_db_password'], $nova_hash['db_password'])
  $api_db_name     = pick($nova_hash['api_db_name'], 'nova_api')
  # LP#1526938 - python-mysqldb supports this, python-pymysql does not
  if $::os_package_type == 'debian' {
    $extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 }
  } else {
    $extra_params = { 'charset' => 'utf8' }
  }
  $db_connection = os_database_connection({
    'dialect'  => $db_type,
    'host'     => $db_host,
    'database' => $db_name,
    'username' => $db_user,
    'password' => $db_password,
    'extra'    => $extra_params
  })
  $api_db_connection = os_database_connection({
    'dialect'  => $db_type,
    'host'     => $db_host,
    'database' => $api_db_name,
    'username' => $api_db_user,
    'password' => $api_db_password,
    'extra'    => $extra_params
  })

  $transport_url = hiera('transport_url','rabbit://guest:password@127.0.0.1:5672/')

  # SQLAlchemy backend configuration
  $max_pool_size = hiera('max_pool_size', min($::os_workers * 5 + 0, 30 + 0))
  $max_overflow = hiera('max_overflow', min($::os_workers * 5 + 0, 60 + 0))
  $idle_timeout = hiera('idle_timeout', '3600')
  $max_retries = hiera('max_retries', '-1')

  if hiera('nova_quota') {
    $nova_quota_driver = 'nova.quota.DbQuotaDriver'
  } else {
    $nova_quota_driver = 'nova.quota.NoopQuotaDriver'
  }

  $notify_on_state_change = 'vm_and_task_state'

  # From legacy params.pp
  case $::osfamily {
    'RedHat': {
      $pymemcache_package_name = 'python-memcached'
    }
    'Debian': {
      $pymemcache_package_name = 'python-memcache'
    }
    default: {
      fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem},\
  module ${module_name} only support osfamily RedHat and Debian")
    }
  }

  $memcached_servers = hiera('memcached_servers')
  $local_memcached_server = hiera('local_memcached_server')

  $debug         = pick($openstack_controller_hash['debug'], hiera('debug', true))

  $fping_path = $::osfamily ? {
    'Debian' => '/usr/bin/fping',
    'RedHat' => '/usr/sbin/fping',
    default => fail('Unsupported Operating System.'),
  }

  $rabbit_heartbeat_timeout_threshold = pick($nova_hash['rabbit_heartbeat_timeout_threshold'], $rabbit_hash['heartbeat_timeout_threshold'], 60)
  $rabbit_heartbeat_rate              = pick($nova_hash['rabbit_heartbeat_rate'], $rabbit_hash['rabbit_heartbeat_rate'], 2)

  #################################################################

  class { '::nova':
    database_connection                => $db_connection,
    api_database_connection            => $api_db_connection,
    default_transport_url              => $transport_url,
    image_service                      => 'nova.image.glance.GlanceImageService',
    glance_api_servers                 => $glance_api_servers,
    debug                              => $debug,
    log_facility                       => $syslog_log_facility_nova,
    use_syslog                         => $use_syslog,
    use_stderr                         => $use_stderr,
    database_idle_timeout              => $idle_timeout,
    report_interval                    => $nova_report_interval,
    service_down_time                  => $nova_service_down_time,
    notify_api_faults                  => pick($nova_hash['notify_api_faults'], false),
    notification_driver                => $ceilometer_hash['notification_driver'],
    notify_on_state_change             => $notify_on_state_change,
    cinder_catalog_info                => pick($nova_hash['cinder_catalog_info'], 'volumev2:cinderv2:internalURL'),
    database_max_pool_size             => $max_pool_size,
    database_max_retries               => $max_retries,
    database_max_overflow              => $max_overflow,
    kombu_compression                  => $kombu_compression,
    rabbit_heartbeat_timeout_threshold => $rabbit_heartbeat_timeout_threshold,
    rabbit_heartbeat_rate              => $rabbit_heartbeat_rate,
    os_region_name                     => $region_name,
    cpu_allocation_ratio               => pick($nova_hash['cpu_allocation_ratio'], '8.0'),
    disk_allocation_ratio              => pick($nova_hash['disk_allocation_ratio'], '1.0'),
    ram_allocation_ratio               => pick($nova_hash['ram_allocation_ratio'], '1.0'),
  }

  # TODO(aschultz): this is being removed in M, do we need it?
  if $use_syslog {
    nova_config {
      'DEFAULT/use_syslog_rfc_format':  value => true;
    }
  }

  if pick($nova_hash['use_cache'], true) {
    class { '::nova::cache':
      enabled          => true,
      backend          => 'oslo_cache.memcache_pool',
      memcache_servers => $local_memcached_server,
    }
  } else {
    ensure_packages($pymemcache_package_name)
  }

  class { '::nova::quota':
    quota_instances                   => pick($nova_hash['quota_instances'], 100),
    quota_cores                       => pick($nova_hash['quota_cores'], 100),
    quota_ram                         => pick($nova_hash['quota_ram'], 51200),
    quota_floating_ips                => pick($nova_hash['quota_floating_ips'], 100),
    quota_fixed_ips                   => pick($nova_hash['quota_fixed_ips'], -1),
    quota_metadata_items              => pick($nova_hash['quota_metadata_items'], 1024),
    quota_injected_files              => pick($nova_hash['quota_injected_files'], 50),
    quota_injected_file_content_bytes => pick($nova_hash['quota_injected_file_content_bytes'], 102400),
    quota_injected_file_path_length   => pick($nova_hash['quota_injected_file_path_length'], 4096),
    quota_security_groups             => pick($nova_hash['quota_security_groups'], 10),
    quota_security_group_rules        => pick($nova_hash['quota_security_group_rules'], 20),
    quota_key_pairs                   => pick($nova_hash['quota_key_pairs'], 10),
    quota_server_groups               => pick($nova_hash['quota_server_groups'], 10),
    quota_server_group_members        => pick($nova_hash['quota_server_group_members'], 10),
    reservation_expire                => pick($nova_hash['reservation_expire'], 86400),
    until_refresh                     => pick($nova_hash['until_refresh'], 0),
    max_age                           => pick($nova_hash['max_age'], 0),
    quota_driver                      => $nova_quota_driver
  }

  $default_limits = {
    'POST'         => 10,
    'POST_SERVERS' => 50,
    'PUT'          => 10,
    'GET'          => 3,
    'DELETE'       => 100,
  }

  $merged_limits = merge($default_limits, $nova_rate_limits)
  $post_limit    = $merged_limits['POST']
  $put_limit     = $merged_limits['PUT']
  $get_limit     = $merged_limits['GET']
  $delete_limit  = $merged_limits['DELETE']
  $post_servers_limit = $merged_limits['POST_SERVERS']
  $nova_rate_limits_string = inline_template('<%="(POST, *, .*,  #{@post_limit} , MINUTE);\
  (POST, %(*/servers), ^/servers,  #{@post_servers_limit} , DAY);(PUT, %(*) , .*,  #{@put_limit}\
  , MINUTE);(GET, %(*changes-since*), .*changes-since.*, #{@get_limit}, MINUTE);(DELETE, %(*),\
  .*, #{@delete_limit} , MINUTE)" %>')

  class { '::nova::keystone::authtoken':
    username          => $keystone_user,
    password          => $nova_hash['user_password'],
    project_name      => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
    auth_url          => $keystone_auth_url,
    auth_uri          => $keystone_auth_uri,
    auth_version      => pick($nova_hash['auth_version'], $::os_service_default),
    memcached_servers => $local_memcached_server,
  }
  if $repo_type == 'uca' {
    class { 'osnailyfacter::apache':
      listen_ports => hiera_array('apache_ports', ['0.0.0.0:80', '0.0.0.0:8888', '0.0.0.0:5000', '0.0.0.0:35357', '0.0.0.0:8777','0.0.0.0:8042']),
    }

    $ssl = false
    class {'::nova::wsgi::apache_placement':
      ssl       => $ssl,
      priority  => '36',
      bind_host => $bind_host,
      api_port  => 8778,
    }
    class {'::nova::placement':
      password       => $nova_hash['user_password'],
      auth_url       => $keystone_auth_url,
      os_interface   => 'internal',
      project_name   => pick($nova_hash['admin_tenant_name'], $keystone_tenant),
      os_region_name => $region_name
    }
    if $primary_controller {
      include ::nova::cell_v2::simple_setup
    }
  }
  # Configure nova-api
  class { '::nova::api':
    enabled                              => true,
    api_bind_address                     => $api_bind_address,
    metadata_listen                      => $api_bind_address,
    ratelimits                           => $nova_rate_limits_string,
    neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_secret,
    osapi_compute_workers                => $service_workers,
    metadata_workers                     => $service_workers,
    sync_db                              => $primary_controller,
    sync_db_api                          => $primary_controller,
    fping_path                           => $fping_path,
    api_paste_config                     => '/etc/nova/api-paste.ini',
    default_floating_pool                => $default_floating_net,
    enable_proxy_headers_parsing         => true,
    allow_resize_to_same_host            => pick($nova_hash['allow_resize_to_same_host'], true),
    require                              => Package['nova-common'],
  }

  # tweak both 'nova-db-sync' and 'nova-db-sync-api' execs
  # TODO(mmalchuk) remove this after LP#1628580 merged
  Exec<| title == 'nova-db-sync' or title == 'nova-db-sync-api' |> {
    tries     => '10',
    try_sleep => '5',
  }

  Package[$pymemcache_package_name] -> Nova::Generic_service <| title == 'api' |>

  class { '::nova::conductor':
    enabled   => true,
    workers   => $service_workers,
    use_local => pick($nova_hash['use_local'], false),
  }

  # a bunch of nova services that require no configuration
  class { [
    '::nova::scheduler',
    '::nova::cert',
    '::nova::consoleauth',
  ]:
    enabled => true,
  }

  class { '::nova::vncproxy':
    enabled => true,
    host    => $api_bind_address,
  }

  include ::nova::params

  ####### Disable upstart startup on install #######
  if($::operatingsystem == 'Ubuntu') {
    tweaks::ubuntu_service_override { 'nova-cert':
      package_name => 'nova-cert',
    }
    tweaks::ubuntu_service_override { 'nova-conductor':
      package_name => 'nova-conductor',
    }
    tweaks::ubuntu_service_override { 'nova-novncproxy':
      package_name => $::nova::params::vncproxy_package_name,
    }
    tweaks::ubuntu_service_override { 'nova-api':
      package_name => 'nova-api',
    }
    tweaks::ubuntu_service_override { 'nova-scheduler':
      package_name => 'nova-scheduler',
    }
    tweaks::ubuntu_service_override { 'nova-consoleauth':
      package_name => 'nova-consoleauth',
    }
  }

  #TODO: PUT this configuration stanza into nova class
  nova_config {
    'DEFAULT/use_cow_images':   value => hiera('use_cow_images');
    'DEFAULT/force_raw_images': value => $nova_hash['force_raw_images'];
  }

  nova_config {
    'DEFAULT/teardown_unused_network_gateway': value => 'True'
  }

  $nova_scheduler_default_filters = [ 'RetryFilter', 'AvailabilityZoneFilter', 'RamFilter', 'CoreFilter', 'DiskFilter', 'ComputeFilter', 'ComputeCapabilitiesFilter', 'ImagePropertiesFilter', 'ServerGroupAntiAffinityFilter', 'ServerGroupAffinityFilter' ]
  $sriov_filters                  = $sriov_enabled ? { true => [ 'PciPassthroughFilter','AggregateInstanceExtraSpecsFilter' ], default => []}
  $sahara_filters                 = $sahara_enabled ? { true => [ 'DifferentHostFilter' ], default => []}
  $huge_pages_filters             = $use_huge_pages ? { true => [ 'NUMATopologyFilter' ], default => []}
  $cpu_pinning_filters            = $enable_cpu_pinning ? { true => [ 'NUMATopologyFilter', 'AggregateInstanceExtraSpecsFilter' ], default => []}
  $nova_scheduler_filters         = unique(concat(pick($nova_config_hash['default_filters'], $nova_scheduler_default_filters), $sahara_filters, $sriov_filters, $huge_pages_filters, $cpu_pinning_filters))

  if $ironic_hash['enabled'] {
    $scheduler_host_manager  = 'ironic_host_manager'
    $ironic_endpoint_default = hiera('ironic_endpoint', $management_vip)
    $ironic_protocol         = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'protocol', 'http')
    $ironic_endpoint         = get_ssl_property($ssl_hash, {}, 'ironic', 'internal', 'hostname', $ironic_endpoint_default)
    class { '::nova::ironic::common':
      admin_username    => pick($ironic_hash['auth_name'],'ironic'),
      admin_password    => pick($ironic_hash['user_password'],'ironic'),
      admin_url         => "${keystone_auth_url}v2.0",
      admin_tenant_name => pick($ironic_hash['tenant'],'services'),
      api_endpoint      => "${ironic_protocol}://${ironic_endpoint}:6385/v1",
    }
  }

  class { '::nova::scheduler::filter':
    scheduler_host_subset_size => pick($nova_hash['scheduler_host_subset_size'], '30'),
    scheduler_default_filters  => $nova_scheduler_filters,
    scheduler_host_manager     => $scheduler_host_manager,
  }

  # From logasy filter.pp
  nova_config {
    'DEFAULT/ram_weight_multiplier':        value => '1.0'
  }


  # TODO (iberezovskiy): In Debian open-iscsi is dependency
  # of os-brick package which is required for cinder.
  # Remove this 'if' once UCA packages are updated as well
  if $::os_package_type == 'ubuntu' and $storage_hash['volumes_ceph'] {
    package { 'open-iscsi':
      ensure => present,
    }
  }

}