Install via puppet
Migrate as much as we're initially able to over to be installed via Puppet instead of elements from tripleo-image-elements. This change is rather large, but it's all more or less inter-dependent so I wasn't able to break it up any finer. The bulk of the change is a new element, puppet-stack-config. That element installs a puppet manifest at /etc/puppet/manifests/puppet-stack-config.pp that is applied via puppet during the os-refresh-config phase of the installation. When the manifest is applied, it uses a hiera data file from /etc/puppet/hieradata/puppet-stack-config.yaml as input. That file is generated from a template. The Puppet modules require a handful of additional inputs for password and secret items. These inputs are added to the instack.answers.sample file and instack-install-undercloud. We're able to remove many items from the static json we're writing out to /var/lib/heat-cfntools/cfn-init-data, but we still need this for some configuration as not everything is driven via a Puppet module (os-net-config) for instance. Also kemoves some particular hooks scripts that are no longer needed in instack-undercloud. This fix-undercloud-package-installs element is no longer needed. It's addressing bugs that have already been fixed. Change-Id: I9b93569f193c58d3e98063a1a90c3946a3a886db
This commit is contained in:
parent
1d73741d29
commit
0c9b39baf1
|
@ -1,18 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
if rpm -q fedora-release; then
|
||||
if ! rpm -q openstack-ironic; then
|
||||
yum -y install openstack-ironic-common
|
||||
fi
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1154720
|
||||
chmod 0440 /etc/sudoers.d/ironic
|
||||
|
||||
# Make sure python-netaddr is the latest version from RDO juno,
|
||||
# otherwise pip from ironic-discoverd will install a later version,
|
||||
# then the rpm update later will fail.
|
||||
yum -y update python-netaddr
|
||||
fi
|
|
@ -1,6 +1,6 @@
|
|||
[discoverd]
|
||||
debug = false
|
||||
os_auth_url = http://{{keystone.host}}:5000/v2.0
|
||||
os_auth_url = http://{{local-ip}}:5000/v2.0
|
||||
os_username = ironic
|
||||
os_password = {{ironic.service-password}}
|
||||
os_tenant_name = service
|
||||
|
|
|
@ -2,6 +2,6 @@ default discover
|
|||
|
||||
label discover
|
||||
kernel discovery.kernel
|
||||
append initrd=discovery.ramdisk discoverd_callback_url=http://{{local-ipv4}}:5050/v1/continue
|
||||
append initrd=discovery.ramdisk discoverd_callback_url=http://{{local-ip}}:5050/v1/continue
|
||||
ipappend 3
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
puppet-stack-config
|
||||
-------------------
|
||||
|
||||
puppet-stack-config provides static puppet configuration for a single node
|
||||
baremetal cloud using the Ironic driver. A yaml template is used to render a
|
||||
hiera data file at /etc/puppet/hieradata/puppet-stack-config.yaml.
|
||||
|
||||
The template rendering takes its input from a set of defined environment
|
||||
variables.
|
|
@ -0,0 +1,2 @@
|
|||
hiera
|
||||
puppet-modules
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
yum -y install git
|
|
@ -0,0 +1,72 @@
|
|||
#!/usr/bin/python
|
||||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
import os
|
||||
import shutil
|
||||
import subprocess
|
||||
import tempfile
|
||||
|
||||
import pystache
|
||||
|
||||
renderer = pystache.Renderer()
|
||||
template = os.path.join(os.path.dirname(__file__),
|
||||
'..',
|
||||
'puppet-stack-config.yaml.template')
|
||||
|
||||
keystone_pki_dir = tempfile.mkdtemp()
|
||||
subprocess.check_call(['generate-keystone-pki', '-d', keystone_pki_dir])
|
||||
|
||||
context = {
|
||||
'LOCAL_IP': os.environ.get('LOCAL_IP', '192.0.2.1'),
|
||||
'UNDERCLOUD_ADMIN_TOKEN': os.environ.get('UNDERCLOUD_ADMIN_TOKEN', 'unset'),
|
||||
'UNDERCLOUD_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_ADMIN_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_RABBIT_USERNAME': os.environ.get('UNDERCLOUD_RABBIT_USERNAME', 'guest'),
|
||||
'UNDERCLOUD_RABBIT_PASSWORD': os.environ.get('UNDERCLOUD_RABBIT_PASSWORD', 'guest'),
|
||||
'UNDERCLOUD_RABBIT_COOKIE': os.environ.get('UNDERCLOUD_RABBIT_COOKIE', 'guest'),
|
||||
'UNDERCLOUD_SWIFT_HASH_SUFFIX': os.environ.get('UNDERCLOUD_SWIFT_HASH_SUFFIX', 'unset'),
|
||||
'UNDERCLOUD_SWIFT_PASSWORD': os.environ.get('UNDERCLOUD_SWIFT_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_GLANCE_PASSWORD': os.environ.get('UNDERCLOUD_GLANCE_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HEAT_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_NEUTRON_PASSWORD': os.environ.get('UNDERCLOUD_NEUTRON_PASSWORD', 'unset'),
|
||||
'LOCAL_INTERFACE': os.environ.get('LOCAL_INTERFACE', 'eth1'),
|
||||
'UNDERCLOUD_CEILOMETER_METERING_SECRET': os.environ.get('UNDERCLOUD_CEILOMETER_METERING_SECRET', 'unset'),
|
||||
'UNDERCLOUD_CEILOMETER_PASSWORD': os.environ.get('UNDERCLOUD_CEILOMETER_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_CEILOMETER_SNMPD_USER': os.environ.get('UNDERCLOUD_CEILOMETER_SNMPD_USER', 'unset'),
|
||||
'UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD': os.environ.get('UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_NOVA_PASSWORD': os.environ.get('UNDERCLOUD_NOVA_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_IRONIC_PASSWORD': os.environ.get('UNDERCLOUD_IRONIC_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_TUSKAR_PASSWORD': os.environ.get('UNDERCLOUD_TUSKAR_PASSWORD', 'unset'),
|
||||
|
||||
'KEYSTONE_SIGNING_CERTIFICATE':
|
||||
open(os.path.join(keystone_pki_dir, 'signing_cert.pem')).read(),
|
||||
'KEYSTONE_SIGNING_KEY':
|
||||
open(os.path.join(keystone_pki_dir, 'signing_key.pem')).read(),
|
||||
'KEYSTONE_CA_CERTIFICATE':
|
||||
open(os.path.join(keystone_pki_dir, 'ca_cert.pem')).read(),
|
||||
'KEYSTONE_CA_KEY':
|
||||
open(os.path.join(keystone_pki_dir, 'ca_key.pem')).read(),
|
||||
}
|
||||
|
||||
with open(template) as f:
|
||||
puppet_stack_config_yaml = renderer.render(f.read(), context)
|
||||
|
||||
puppet_stack_config_yaml_path = '/etc/puppet/hieradata/puppet-stack-config.yaml'
|
||||
|
||||
if not os.path.exists(os.path.dirname(puppet_stack_config_yaml_path)):
|
||||
os.makedirs(os.path.dirname(puppet_stack_config_yaml_path))
|
||||
with open(puppet_stack_config_yaml_path, 'w') as f:
|
||||
f.write(puppet_stack_config_yaml)
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
mkdir -p /etc/puppet/manifests
|
||||
cp $(dirname $0)/../puppet-stack-config.pp /etc/puppet/manifests/puppet-stack-config.pp
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
# Ironic conductor requires that we run install.d/69-ironic-tftp-support
|
||||
# from the tripleo-image-element ironic-conductor element. This is actually
|
||||
# a big gap in functionaliity for the ironic puppet module. Since we still have
|
||||
# to include the ironic-conductor element here, but the package is not yet
|
||||
# installed, we must pre-create the ironic user
|
||||
if ! id ironic; then
|
||||
useradd ironic
|
||||
fi
|
|
@ -0,0 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
set +e
|
||||
puppet apply --detailed-exitcodes /etc/puppet/manifests/puppet-stack-config.pp
|
||||
rc=$?
|
||||
set -e
|
||||
|
||||
echo "puppet apply exited with exit code $rc"
|
||||
|
||||
if [ $rc != 2 -a $rc != 0 ]; then
|
||||
exit $rc
|
||||
fi
|
|
@ -0,0 +1,25 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
set -o pipefail
|
||||
|
||||
add-rule INPUT -m udp -p udp --dport 69 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 8773,8774,8775 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 5000,35357 -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport 8585 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 6080 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 5900:5999 -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport 9292 -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport 9191 -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport 6385 -j ACCEPT
|
||||
add-rule FORWARD -d 192.0.2.0/24 -j ACCEPT
|
||||
add-rule FORWARD -d 192.168.122.0/24 -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport $(os-apply-config --key 'horizon.port' --type int --key-default 80) -j ACCEPT
|
||||
add-rule INPUT -p tcp --dport 5672 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 8000,8003,8004 -j ACCEPT
|
||||
add-rule INPUT -p tcp -m multiport --dports 8779 -j ACCEPT
|
||||
|
||||
|
||||
EXTERNAL_BRIDGE=br-ctlplane
|
||||
iptables -t nat -C PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775 || iptables -t nat -I PREROUTING -d 169.254.169.254/32 -i $EXTERNAL_BRIDGE -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8775
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
os-cloud-config:
|
||||
pystache:
|
||||
python-oslo-concurrency:
|
|
@ -0,0 +1,301 @@
|
|||
# Copyright 2015 Red Hat, Inc.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
if count(hiera('ntp::servers')) > 0 {
|
||||
include ::ntp
|
||||
}
|
||||
|
||||
# TODO Galara
|
||||
class { 'mysql::server':
|
||||
override_options => {
|
||||
'mysqld' => {
|
||||
'bind-address' => hiera('controller_host')
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# FIXME: this should only occur on the bootstrap host (ditto for db syncs)
|
||||
# Create all the database schemas
|
||||
# Example DSN format: mysql://user:password@host/dbname
|
||||
$allowed_hosts = ['%',hiera('controller_host')]
|
||||
$keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]')
|
||||
class { 'keystone::db::mysql':
|
||||
user => $keystone_dsn[3],
|
||||
password => $keystone_dsn[4],
|
||||
host => $keystone_dsn[5],
|
||||
dbname => $keystone_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]')
|
||||
class { 'glance::db::mysql':
|
||||
user => $glance_dsn[3],
|
||||
password => $glance_dsn[4],
|
||||
host => $glance_dsn[5],
|
||||
dbname => $glance_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$nova_dsn = split(hiera('nova::database_connection'), '[@:/?]')
|
||||
class { 'nova::db::mysql':
|
||||
user => $nova_dsn[3],
|
||||
password => $nova_dsn[4],
|
||||
host => $nova_dsn[5],
|
||||
dbname => $nova_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]')
|
||||
class { 'neutron::db::mysql':
|
||||
user => $neutron_dsn[3],
|
||||
password => $neutron_dsn[4],
|
||||
host => $neutron_dsn[5],
|
||||
dbname => $neutron_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$heat_dsn = split(hiera('heat_dsn'), '[@:/?]')
|
||||
class { 'heat::db::mysql':
|
||||
user => $heat_dsn[3],
|
||||
password => $heat_dsn[4],
|
||||
host => $heat_dsn[5],
|
||||
dbname => $heat_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]')
|
||||
class { 'ceilometer::db::mysql':
|
||||
user => $ceilometer_dsn[3],
|
||||
password => $ceilometer_dsn[4],
|
||||
host => $ceilometer_dsn[5],
|
||||
dbname => $ceilometer_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
$ironic_dsn = split(hiera('ironic::database_connection'), '[@:/?]')
|
||||
class { 'ironic::db::mysql':
|
||||
user => $ironic_dsn[3],
|
||||
password => $ironic_dsn[4],
|
||||
host => $ironic_dsn[5],
|
||||
dbname => $ironic_dsn[6],
|
||||
allowed_hosts => $allowed_hosts,
|
||||
}
|
||||
|
||||
if $::osfamily == 'RedHat' {
|
||||
$rabbit_provider = 'yum'
|
||||
} else {
|
||||
$rabbit_provider = undef
|
||||
}
|
||||
|
||||
Class['rabbitmq'] -> Rabbitmq_vhost <| |>
|
||||
Class['rabbitmq'] -> Rabbitmq_user <| |>
|
||||
Class['rabbitmq'] -> Rabbitmq_user_permissions <| |>
|
||||
|
||||
# TODO Rabbit HA
|
||||
class { 'rabbitmq':
|
||||
package_provider => $rabbit_provider,
|
||||
config_cluster => false,
|
||||
node_ip_address => hiera('controller_host'),
|
||||
}
|
||||
|
||||
rabbitmq_vhost { '/':
|
||||
provider => 'rabbitmqctl',
|
||||
}
|
||||
rabbitmq_user { ['nova','glance','neutron','ceilometer','heat']:
|
||||
admin => true,
|
||||
password => hiera('rabbit_password'),
|
||||
provider => 'rabbitmqctl',
|
||||
}
|
||||
|
||||
rabbitmq_user_permissions {[
|
||||
'nova@/',
|
||||
'glance@/',
|
||||
'neutron@/',
|
||||
'ceilometer@/',
|
||||
'heat@/',
|
||||
]:
|
||||
configure_permission => '.*',
|
||||
write_permission => '.*',
|
||||
read_permission => '.*',
|
||||
provider => 'rabbitmqctl',
|
||||
}
|
||||
|
||||
# pre-install swift here so we can build rings
|
||||
include ::swift
|
||||
|
||||
include ::keystone
|
||||
|
||||
#TODO: need a cleanup-keystone-tokens.sh solution here
|
||||
keystone_config {
|
||||
'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
|
||||
}
|
||||
file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
|
||||
ensure => 'directory',
|
||||
owner => 'keystone',
|
||||
group => 'keystone',
|
||||
require => Package['keystone'],
|
||||
}
|
||||
file { '/etc/keystone/ssl/certs/signing_cert.pem':
|
||||
content => hiera('keystone_signing_certificate'),
|
||||
owner => 'keystone',
|
||||
group => 'keystone',
|
||||
notify => Service['keystone'],
|
||||
require => File['/etc/keystone/ssl/certs'],
|
||||
}
|
||||
file { '/etc/keystone/ssl/private/signing_key.pem':
|
||||
content => hiera('keystone_signing_key'),
|
||||
owner => 'keystone',
|
||||
group => 'keystone',
|
||||
notify => Service['keystone'],
|
||||
require => File['/etc/keystone/ssl/private'],
|
||||
}
|
||||
file { '/etc/keystone/ssl/certs/ca.pem':
|
||||
content => hiera('keystone_ca_certificate'),
|
||||
owner => 'keystone',
|
||||
group => 'keystone',
|
||||
notify => Service['keystone'],
|
||||
require => File['/etc/keystone/ssl/certs'],
|
||||
}
|
||||
|
||||
# TODO: notifications, scrubber, etc.
|
||||
include ::glance::api
|
||||
include ::glance::registry
|
||||
include ::glance::backend::file
|
||||
|
||||
class { 'nova':
|
||||
rabbit_hosts => [hiera('controller_host')],
|
||||
glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_host'), ':', hiera('glance_port')]),
|
||||
}
|
||||
|
||||
include ::nova::api
|
||||
include ::nova::cert
|
||||
include ::nova::conductor
|
||||
include ::nova::consoleauth
|
||||
include ::nova::vncproxy
|
||||
include ::nova::scheduler
|
||||
|
||||
class {'neutron':
|
||||
rabbit_hosts => [hiera('controller_host')],
|
||||
}
|
||||
|
||||
include ::neutron::server
|
||||
include ::neutron::agents::dhcp
|
||||
|
||||
class { 'neutron::plugins::ml2':
|
||||
flat_networks => split(hiera('neutron_flat_networks'), ','),
|
||||
}
|
||||
|
||||
class { 'neutron::agents::ml2::ovs':
|
||||
bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
|
||||
}
|
||||
|
||||
# swift proxy
|
||||
include ::memcached
|
||||
include ::swift::proxy
|
||||
include ::swift::proxy::proxy_logging
|
||||
include ::swift::proxy::healthcheck
|
||||
include ::swift::proxy::cache
|
||||
include ::swift::proxy::keystone
|
||||
include ::swift::proxy::authtoken
|
||||
include ::swift::proxy::staticweb
|
||||
include ::swift::proxy::ceilometer
|
||||
include ::swift::proxy::ratelimit
|
||||
include ::swift::proxy::catch_errors
|
||||
include ::swift::proxy::tempauth
|
||||
include ::swift::proxy::tempurl
|
||||
include ::swift::proxy::formpost
|
||||
|
||||
# swift storage
|
||||
class {'swift::storage::all':
|
||||
mount_check => str2bool(hiera('swift_mount_check'))
|
||||
}
|
||||
if(!defined(File['/srv/node'])) {
|
||||
file { '/srv/node':
|
||||
ensure => directory,
|
||||
owner => 'swift',
|
||||
group => 'swift',
|
||||
require => Package['openstack-swift'],
|
||||
}
|
||||
}
|
||||
$swift_components = ['account', 'container', 'object']
|
||||
swift::storage::filter::recon { $swift_components : }
|
||||
swift::storage::filter::healthcheck { $swift_components : }
|
||||
|
||||
# Ceilometer
|
||||
include ::ceilometer
|
||||
include ::ceilometer::api
|
||||
include ::ceilometer::db
|
||||
include ::ceilometer::agent::notification
|
||||
include ::ceilometer::agent::central
|
||||
include ::ceilometer::alarm::notifier
|
||||
include ::ceilometer::alarm::evaluator
|
||||
include ::ceilometer::expirer
|
||||
include ::ceilometer::collector
|
||||
class { 'ceilometer::agent::auth':
|
||||
auth_url => join(['http://', hiera('controller_host'), ':5000/v2.0']),
|
||||
}
|
||||
|
||||
Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
|
||||
|
||||
# Heat
|
||||
include ::heat
|
||||
include ::heat::api
|
||||
include ::heat::api_cfn
|
||||
include ::heat::api_cloudwatch
|
||||
include ::heat::engine
|
||||
|
||||
$snmpd_user = hiera('snmpd_readonly_user_name')
|
||||
snmp::snmpv3_user { $snmpd_user:
|
||||
authtype => 'MD5',
|
||||
authpass => hiera('snmpd_readonly_user_password'),
|
||||
}
|
||||
class { 'snmp':
|
||||
agentaddress => ['udp:161','udp6:[::1]:161'],
|
||||
snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],
|
||||
}
|
||||
|
||||
class { 'nova::compute':
|
||||
enabled => true,
|
||||
}
|
||||
|
||||
nova_config {
|
||||
'DEFAULT/my_ip': value => $ipaddress;
|
||||
'DEFAULT/linuxnet_interface_driver': value => 'nova.network.linux_net.LinuxOVSInterfaceDriver';
|
||||
}
|
||||
|
||||
|
||||
class { 'nova::compute::ironic':
|
||||
admin_user => 'ironic',
|
||||
admin_passwd => hiera('ironic::api::admin_password'),
|
||||
admin_tenant_name => hiera('ironic::api::admin_tenant_name'),
|
||||
api_endpoint => join(['http://', hiera('controller_host'), ':6385/v1']),
|
||||
}
|
||||
|
||||
class { 'nova::network::neutron':
|
||||
neutron_admin_auth_url => join(['http://', hiera('controller_host'), ':35357/v2.0']),
|
||||
neutron_url => join(['http://', hiera('controller_host'), ':9696']),
|
||||
neutron_admin_password => hiera('neutron::server::auth_password'),
|
||||
neutron_admin_tenant_name => hiera('neutron::server::auth_tenant'),
|
||||
neutron_region_name => '',
|
||||
}
|
||||
|
||||
include ::ironic::conductor
|
||||
|
||||
class { 'ironic':
|
||||
enabled_drivers => ['pxe_ipmitool', 'pxe_ssh']
|
||||
}
|
||||
|
||||
class { 'ironic::api':
|
||||
host_ip => hiera('controller_host'),
|
||||
}
|
||||
|
||||
ironic_config {
|
||||
'DEFAULT/my_ip': value => hiera('controller_host');
|
||||
'glance/host': value => hiera('glance::api::bind_host');
|
||||
}
|
|
@ -0,0 +1,185 @@
|
|||
debug: false
|
||||
controller_host: {{LOCAL_IP}} #local-ipv4
|
||||
ntp::servers:
|
||||
-
|
||||
|
||||
# Common Hiera data gets applied to all nodes
|
||||
ssh::server::storeconfigs_enabled: false
|
||||
|
||||
# ceilometer settings used by compute and controller ceilo auth settings
|
||||
ceilometer::agent::auth::auth_region: 'regionOne'
|
||||
# FIXME: Might be better to use 'service' tenant here but this requires
|
||||
# changes in the tripleo-incubator keystone role setup
|
||||
ceilometer::agent::auth::auth_tenant_name: 'admin'
|
||||
|
||||
# Swift
|
||||
swift::proxy::proxy_local_net_ip: {{LOCAL_IP}}
|
||||
swift::proxy::authtoken::auth_host: {{LOCAL_IP}}
|
||||
swift::storage::all::storage_local_net_ip: {{LOCAL_IP}}
|
||||
swift::swift_hash_suffix: {{UNDERCLOUD_SWIFT_HASH_SUFFIX}}
|
||||
swift::proxy::account_autocreate: true
|
||||
swift::proxy::authtoken::admin_password: {{UNDERCLOUD_SWIFT_PASSWORD}}
|
||||
tripleo::ringbuilder::part_power: 10
|
||||
tripleo::ringbuilder::replicas: 3
|
||||
tripleo::ringbuilder::min_part_hours: 1
|
||||
swift_mount_check: false
|
||||
|
||||
swift::proxy::pipeline:
|
||||
- 'catch_errors'
|
||||
- 'healthcheck'
|
||||
- 'cache'
|
||||
- 'ratelimit'
|
||||
- 'tempurl'
|
||||
- 'formpost'
|
||||
- 'staticweb'
|
||||
- 'ceilometer'
|
||||
- 'authtoken'
|
||||
- 'keystone'
|
||||
- 'proxy-logging'
|
||||
- 'proxy-server'
|
||||
|
||||
# NOTE(dprince): build_ring support is currently not wired in.
|
||||
# See: https://review.openstack.org/#/c/109225/
|
||||
tripleo::ringbuilder::build_ring: True
|
||||
|
||||
# Glance
|
||||
glance::api::bind_port: 9292
|
||||
glance::api::bind_host: {{LOCAL_IP}}
|
||||
glance::api::auth_host: {{LOCAL_IP}}
|
||||
glance::api::registry_host: {{LOCAL_IP}}
|
||||
glance::api::keystone_password: {{UNDERCLOUD_GLANCE_PASSWORD}}
|
||||
glance::api::known_stores:
|
||||
- glance.store.filesystem.Store
|
||||
- glance.store.swift.Store
|
||||
glance::api::pipeline: 'keystone'
|
||||
# used to construct glance_api_servers
|
||||
glance_port: 9292
|
||||
glance_protocol: http
|
||||
glance_notifier_strategy: noop
|
||||
glance_log_file: ''
|
||||
glance::api::database_connection: mysql://glance:unset@{{LOCAL_IP}}/glance
|
||||
glance::registry::keystone_password: {{UNDERCLOUD_GLANCE_PASSWORD}}
|
||||
glance::registry::database_connection: mysql://glance:unset@{{LOCAL_IP}}/glance
|
||||
glance::registry::bind_host: {{LOCAL_IP}}
|
||||
glance::registry::auth_host: {{LOCAL_IP}}
|
||||
glance::registry::manage_service: true
|
||||
glance::registry::pipeline: 'keystone'
|
||||
|
||||
# Heat
|
||||
heat_stack_domain_admin_password: {{UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD}}
|
||||
heat::engine::configure_delegated_roles: false
|
||||
heat::engine::heat_stack_user_role: 'heat_stack_user'
|
||||
heat::engine::heat_watch_server_url: http://{{LOCAL_IP}}:8003
|
||||
heat::engine::heat_metadata_server_url: http://{{LOCAL_IP}}:8000
|
||||
heat::engine::heat_waitcondition_server_url: http://{{LOCAL_IP}}:8000/v1/waitcondition
|
||||
heat::engine::trusts_delegated_roles: []
|
||||
heat::engine::auth_encryption_key: unset___________
|
||||
heat::instance_user: heat-admin
|
||||
heat::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
heat::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
heat::rabbit_host: {{LOCAL_IP}}
|
||||
heat::keystone_host: {{LOCAL_IP}}
|
||||
heat::keystone_password: {{UNDERCLOUD_HEAT_PASSWORD}}
|
||||
heat::api::bind_host: {{LOCAL_IP}}
|
||||
heat::api_cloudwatch::bind_host: {{LOCAL_IP}}
|
||||
heat::api_cfn::bind_host: {{LOCAL_IP}}
|
||||
heat::database_connection: mysql://heat:unset@{{LOCAL_IP}}/heat
|
||||
heat_dsn: mysql://heat:unset@{{LOCAL_IP}}/heat
|
||||
|
||||
# Keystone
|
||||
keystone::admin_token: {{UNDERCLOUD_ADMIN_TOKEN}}
|
||||
keystone_ca_certificate: '{{KEYSTONE_CA_CERTIFICATE}}'
|
||||
keystone_signing_key: '{{KEYSTONE_SIGNING_KEY}}'
|
||||
keystone_signing_certificate: '{{KEYSTONE_SIGNING_CERTIFICATE}}'
|
||||
keystone::database_connection: mysql://keystone:unset@{{LOCAL_IP}}/keystone
|
||||
keystone::public_bind_host: 0.0.0.0
|
||||
keystone::admin_bind_host: 0.0.0.0
|
||||
|
||||
# MySQL
|
||||
admin_password: {{UNDERCLOUD_ADMIN_PASSWORD}}
|
||||
mysql_innodb_buffer_pool_size: 0
|
||||
mysql_root_password: ''
|
||||
mysql_cluster_name: unset
|
||||
mysql::server::manage_config_file: true
|
||||
|
||||
# Neutron
|
||||
neutron::bind_host: {{LOCAL_IP}}
|
||||
neutron::core_plugin: ml2
|
||||
neutron::dhcp_agents_per_network: 2
|
||||
neutron::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
neutron::rabbit_user: {{UNDERCLOUD_RABBIT_USER}}
|
||||
neutron::server::auth_host: {{LOCAL_IP}}
|
||||
neutron::server::database_connection: mysql://neutron:unset@{{LOCAL_IP}}/neutron
|
||||
neutron::server::sync_db: true
|
||||
neutron::agents::ml2::ovs::enable_tunneling: True
|
||||
neutron::agents::ml2::ovs::local_ip: {{LOCAL_IP}}
|
||||
neutron_flat_networks: ''
|
||||
neutron_mechanism_drivers: openvswitch
|
||||
neutron_bridge_mappings: ctlplane:br-ctlplane
|
||||
neutron_public_interface: {{LOCAL_INTERFACE}}
|
||||
neutron_physical_bridge: br-ctlplane
|
||||
neutron::server::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
||||
neutron::agents::metadata::auth_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
||||
|
||||
# Ceilometer
|
||||
ceilometer::metering_secret: {{UNDERCLOUD_CEILOMETER_METERING_SECRET}}
|
||||
ceilometer::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
ceilometer::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
ceilometer::rabbit_host: {{LOCAL_IP}}
|
||||
ceilometer::api::host: {{LOCAL_IP}}
|
||||
ceilometer::api::keystone_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
|
||||
ceilometer::api::keystone_host: {{LOCAL_IP}}
|
||||
ceilometer::db::database_connection: mysql://ceilometer:unset@{{LOCAL_IP}}/ceilometer
|
||||
ceilometer::agent::auth::auth_password: {{UNDERCLOUD_CEILOMETER_PASSWORD}}
|
||||
ceilometer_compute_agent: ''
|
||||
snmpd_readonly_user_name: {{UNDERCLOUD_CEILOMETER_SNMPD_USER}}
|
||||
snmpd_readonly_user_password: {{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}
|
||||
|
||||
# Nova
|
||||
nova::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
nova::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
nova::api::auth_host: {{LOCAL_IP}}
|
||||
nova::api::api_bind_address: {{LOCAL_IP}}
|
||||
nova::api::enabled: true
|
||||
nova::api::metadata_listen: {{LOCAL_IP}}
|
||||
nova::api::admin_password: {{UNDERCLOUD_NOVA_PASSWORD}}
|
||||
nova::api::osapi_v3: true
|
||||
nova::conductor::enabled: true
|
||||
nova::consoleauth::enabled: true
|
||||
nova::database_connection: mysql://nova:unset@{{LOCAL_IP}}/nova
|
||||
nova::network::neutron::neutron_admin_password: {{UNDERCLOUD_NEUTRON_PASSWORD}}
|
||||
nova::notify_on_state_change: 'vm_and_task_state'
|
||||
nova::scheduler::enabled: true
|
||||
|
||||
# Ironic
|
||||
ironic::api::admin_password: {{UNDERCLOUD_IRONIC_PASSWORD}}
|
||||
ironic::api::auth_host: {{LOCAL_IP}}
|
||||
ironic::database_connection: mysql://ironic:unset@{{LOCAL_IP}}/ironic
|
||||
ironic::rabbit_host: {{LOCAL_IP}}
|
||||
ironic::rabbit_hosts: {{LOCAL_IP:5672}}
|
||||
ironic::rabbit_userid: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
ironic::rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
|
||||
# Rabbit
|
||||
rabbit_client_port: 5672
|
||||
rabbit_client_use_ssl: false
|
||||
rabbit_cookie: {{UNDERCLOUD_RABBIT_COOKIE}}
|
||||
rabbitmq::delete_guest_user: false
|
||||
rabbitmq::package_source: undef
|
||||
rabbitmq::port: '5672'
|
||||
rabbitmq::repos_ensure: false
|
||||
rabbitmq::wipe_db_on_cookie_change: true
|
||||
rabbit_password: {{UNDERCLOUD_RABBIT_PASSWORD}}
|
||||
rabbit_username: {{UNDERCLOUD_RABBIT_USERNAME}}
|
||||
|
||||
# service tenant
|
||||
ceilometer::api::keystone_tenant: 'service'
|
||||
cinder::api::keystone_tenant: 'service'
|
||||
glance::api::keystone_tenant: 'service'
|
||||
glance::registry::keystone_tenant: 'service'
|
||||
heat::keystone_tenant: 'service'
|
||||
ironic::api::admin_tenant_name: 'service'
|
||||
neutron::agents::metadata::auth_tenant: 'service'
|
||||
neutron::server::auth_tenant: 'service'
|
||||
nova::api::admin_tenant_name: 'service'
|
||||
swift::proxy::authtoken::admin_tenant_name: 'service'
|
|
@ -0,0 +1 @@
|
|||
openstack-selinux:
|
|
@ -1,11 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
TEMPLATE_PATH=$(os-apply-config --print-templates)
|
||||
|
||||
sed -i "s/\[baremetal\]/\[baremetal\]\nuse_file_injection=False/" $TEMPLATE_PATH/etc/nova/nova.conf
|
||||
cat >> $TEMPLATE_PATH/etc/nova/nova.conf <<EOF
|
||||
[libvirt]
|
||||
inject_partition=-2
|
||||
EOF
|
|
@ -1,8 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -eux
|
||||
|
||||
# xinetd controls starting the tftpd daemon so pxelinux.0 can be downloaded.
|
||||
# This is not needed upstream b/c usually it starts on boot, but we aren't
|
||||
# booting an undercloud here, we're installing one.
|
||||
systemctl restart xinetd
|
|
@ -41,7 +41,7 @@ tripleo wait_for 12 10 service $KEYSTONE_SERVICE status
|
|||
# Because keystone just still isn't up yet...
|
||||
sleep 20
|
||||
|
||||
export UNDERCLOUD_IP=$(os-apply-config --key local-ipv4 --type netaddress)
|
||||
export UNDERCLOUD_IP=$(os-apply-config --key local-ip --type netaddress)
|
||||
|
||||
init-keystone -o $UNDERCLOUD_IP -t $UNDERCLOUD_ADMIN_TOKEN \
|
||||
-e admin@example.com -p $UNDERCLOUD_ADMIN_PASSWORD -u root
|
||||
|
@ -102,4 +102,10 @@ nova quota-update --cores -1 --instances -1 --ram -1 $(keystone tenant-get admin
|
|||
# instack-prepare-for-overcloud
|
||||
rm -rf $HOME/.novaclient
|
||||
|
||||
# restart openstack-nova-compute
|
||||
# When installing via puppet, nova-compute fails the first time because the
|
||||
# ironic user does not yet exist. Now that the user has been created via
|
||||
# setup-endpoints, we need to restart the service.
|
||||
systemctl restart openstack-nova-compute
|
||||
|
||||
touch $OK_FILE
|
||||
|
|
|
@ -1,160 +1,48 @@
|
|||
{
|
||||
"OpenStack::Heat::Stack": {
|
||||
},
|
||||
"deployment-mode": "{{DEPLOYMENT_MODE}}",
|
||||
"admin-password": "{{UNDERCLOUD_ADMIN_PASSWORD}}",
|
||||
"admin-token": "{{UNDERCLOUD_ADMIN_TOKEN}}",
|
||||
"db-password": "{{UNDERCLOUD_DB_PASSWORD}}",
|
||||
"local-ipv4": "{{LOCAL_IP}}",
|
||||
"keystone": {
|
||||
"host": "127.0.0.1",
|
||||
"db": "mysql://keystone:{{UNDERCLOUD_DB_PASSWORD}}@localhost/keystone"
|
||||
},
|
||||
"rabbit": {
|
||||
"host": "127.0.0.1",
|
||||
"password": "guest",
|
||||
"username": "guest",
|
||||
"cookie": "changeme"
|
||||
},
|
||||
"glance": {
|
||||
"backend": "file",
|
||||
"host": "127.0.0.1",
|
||||
"protocol": "http",
|
||||
"port": "9292",
|
||||
"db": "mysql://glance:{{UNDERCLOUD_DB_PASSWORD}}@localhost/glance",
|
||||
"service-password": "{{UNDERCLOUD_GLANCE_PASSWORD}}",
|
||||
"notifier-strategy": "noop",
|
||||
"log-file": "''"
|
||||
},
|
||||
"nova": {
|
||||
"compute_hostname": "undercloud",
|
||||
"host": "127.0.0.1",
|
||||
"db": "mysql://nova:{{UNDERCLOUD_DB_PASSWORD}}@localhost/nova",
|
||||
"baremetal": {},
|
||||
"compute_driver": "nova.virt.ironic.driver.IronicDriver",
|
||||
"compute_manager": "ironic.nova.compute.manager.ClusteredComputeManager",
|
||||
"scheduler_host_manager": "nova.scheduler.ironic_host_manager.IronicHostManager",
|
||||
"tuning": {
|
||||
"ram_allocation_ratio": "1.0",
|
||||
"reserved_host_memory_mb": "0"
|
||||
},
|
||||
"metadata-proxy": "false",
|
||||
"service-password": "{{UNDERCLOUD_NOVA_PASSWORD}}",
|
||||
"config": [
|
||||
{"section": "DEFAULT",
|
||||
"values": [
|
||||
{"option": "scheduler_use_baremetal_filters",
|
||||
"value": "{{SCHEDULER_USE_BAREMETAL_FILTERS}}"
|
||||
},
|
||||
{"option": "scheduler_default_filters",
|
||||
"value": "{{SCHEDULER_DEFAULT_FILTERS}}"
|
||||
},
|
||||
{"option": "baremetal_scheduler_default_filters",
|
||||
"value": "{{BAREMETAL_SCHEDULER_DEFAULT_FILTERS}}"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"ironic": {
|
||||
"db": "mysql://ironic:{{UNDERCLOUD_DB_PASSWORD}}@localhost/ironic",
|
||||
"service-password": "{{UNDERCLOUD_IRONIC_PASSWORD}}",
|
||||
"config" : [
|
||||
{
|
||||
"values": [
|
||||
{ "option": "pxe_append_params",
|
||||
"value": "biosdevname=1"
|
||||
}
|
||||
],
|
||||
"section": "pxe"
|
||||
},
|
||||
{
|
||||
"section": "discoverd",
|
||||
"values": [
|
||||
{ "option": "enabled",
|
||||
"value": "true"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"bootstack": {
|
||||
"public_interface_ip": "{{LOCAL_IP}}/24",
|
||||
"masquerade_networks": ["{{MASQUERADE_NETWORK}}"]
|
||||
},
|
||||
"cinder": {
|
||||
"db": "mysql://cinder:{{UNDERCLOUD_DB_PASSWORD}}@localhost/cinder",
|
||||
"volume_size_mb": "5000",
|
||||
"service-password": "{{UNDERCLOUD_CINDER_PASSWORD}}"
|
||||
},
|
||||
"hiera": {
|
||||
"hierarchy": [
|
||||
"puppet-stack-config"
|
||||
]},
|
||||
"local-ip": "{{LOCAL_IP}}",
|
||||
"masquerade_networks": ["{{MASQUERADE_NETWORK}}"],
|
||||
"neutron": {
|
||||
"host": "127.0.0.1",
|
||||
"ovs_db": "mysql://neutron:{{UNDERCLOUD_DB_PASSWORD}}@localhost/ovs_neutron?charset=utf8",
|
||||
"ovs": {
|
||||
"bridge_mappings": "ctlplane:br-ctlplane",
|
||||
"dnsmasq_range": ["192.0.2.4", "192.0.2.4"],
|
||||
"enable_tunneling": "False",
|
||||
"network_vlan_ranges": "ctlplane",
|
||||
"physical_bridge": "br-ctlplane",
|
||||
"physical_network": "ctlplane",
|
||||
"public_interface": "{{LOCAL_INTERFACE}}",
|
||||
"tenant_network_type": "vlan",
|
||||
"local_ip": "{{LOCAL_IP}}"
|
||||
},
|
||||
"service-password": "{{UNDERCLOUD_NEUTRON_PASSWORD}}",
|
||||
"dhcp_start": "{{DHCP_START}}",
|
||||
"dhcp_end": "{{DHCP_END}}",
|
||||
"network_cidr": "{{NETWORK_CIDR}}",
|
||||
"network_gateway": "{{NETWORK_GATEWAY}}"
|
||||
},
|
||||
"heat": {
|
||||
"db": "mysql://heat:{{UNDERCLOUD_DB_PASSWORD}}@localhost/heat",
|
||||
"auth_encryption_key": "unset___________",
|
||||
"watch_server_url": "http://{{LOCAL_IP}}:8003",
|
||||
"waitcondition_server_url": "http://{{LOCAL_IP}}:8000/v1/waitcondition",
|
||||
"metadata_server_url": "http://{{LOCAL_IP}}:8000",
|
||||
"admin_tenant_name": "service",
|
||||
"admin_user": "heat",
|
||||
"admin_password": "{{UNDERCLOUD_HEAT_PASSWORD}}"
|
||||
},
|
||||
"horizon": {
|
||||
"secret_key": "unset___________"
|
||||
},
|
||||
"tuskar": {
|
||||
"service-password": "{{UNDERCLOUD_TUSKAR_PASSWORD}}",
|
||||
"db": "mysql://tuskar:{{UNDERCLOUD_DB_PASSWORD}}@localhost/tuskar?charset=utf8",
|
||||
"heat_keystone": {
|
||||
"username": "admin",
|
||||
"password": "unset",
|
||||
"tenant_name": "admin"
|
||||
}
|
||||
},
|
||||
"ceilometer": {
|
||||
"service-password": "{{UNDERCLOUD_CEILOMETER_PASSWORD}}",
|
||||
"db": "mysql://ceilometer:{{UNDERCLOUD_DB_PASSWORD}}@localhost/ceilometer?charset=utf8",
|
||||
"metering_secret": "unset",
|
||||
"snmpd_readonly_user_name": "ro_snmp_user",
|
||||
"snmpd_readonly_user_password": "{{UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD}}"
|
||||
},
|
||||
"bootstrap_host": {
|
||||
"bootstrap_nodeid": "undercloud",
|
||||
"nodeid": "undercloud"
|
||||
},
|
||||
"corosync": {
|
||||
"mcastport": "5577",
|
||||
"bindnetaddr": "{{LOCAL_IP}}",
|
||||
"nodes": [
|
||||
{ "ip": "{{LOCAL_IP}}" }
|
||||
]
|
||||
},
|
||||
"pacemaker": {
|
||||
"stonith_enabled": "false",
|
||||
"recheck_interval": "5",
|
||||
"quorum_policy": "ignore"
|
||||
},
|
||||
"discovery": {
|
||||
"interface": "{{DISCOVERY_INTERFACE}}",
|
||||
"iprange": "{{DISCOVERY_IPRANGE}}",
|
||||
"pxeip": "{{DISCOVERY_PXEIP}}"
|
||||
},
|
||||
"os_net_config": {
|
||||
"network_config": [
|
||||
{
|
||||
"type": "ovs_bridge",
|
||||
"name": "br-ctlplane",
|
||||
"ovs_extra": [
|
||||
"br-set-external-id br-ctlplane bridge-id br-ctlplane"
|
||||
],
|
||||
"members": [
|
||||
{
|
||||
"type": "interface",
|
||||
"name": "{{LOCAL_INTERFACE}}",
|
||||
"primary": "true"
|
||||
}
|
||||
],
|
||||
"addresses": [
|
||||
{
|
||||
"ip_netmask": "{{LOCAL_IP}}/24"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"tuskar": {
|
||||
"service-password": "{{UNDERCLOUD_TUSKAR_PASSWORD}}"
|
||||
},
|
||||
"ironic": {
|
||||
"service-password": "{{UNDERCLOUD_IRONIC_PASSWORD}}"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,37 +14,9 @@ template = os.path.join(os.path.dirname(__file__),
|
|||
'..',
|
||||
'config.json.template')
|
||||
|
||||
|
||||
context = {
|
||||
'DEPLOYMENT_MODE': os.environ.get('DEPLOYMENT_MODE', 'poc'),
|
||||
'SCHEDULER_DEFAULT_FILTERS':
|
||||
os.environ.get('SCHEDULER_DEFAULT_FILTERS',
|
||||
'RetryFilter,'
|
||||
'AvailabilityZoneFilter,'
|
||||
'RamFilter,'
|
||||
'DiskFilter,'
|
||||
'CoreFilter,'
|
||||
'ComputeFilter,'
|
||||
'ComputeCapabilitiesFilter,'
|
||||
'ImagePropertiesFilter,'
|
||||
'ServerGroupAntiAffinityFilter,'
|
||||
'ServerGroupAffinityFilter'),
|
||||
'BAREMETAL_SCHEDULER_DEFAULT_FILTERS':
|
||||
os.environ.get('BAREMETAL_SCHEDULER_DEFAULT_FILTERS',
|
||||
'RetryFilter,'
|
||||
'AvailabilityZoneFilter,'
|
||||
'ComputeFilter,'
|
||||
'ComputeCapabilitiesFilter,'
|
||||
'ImagePropertiesFilter,'
|
||||
'ExactRamFilter,'
|
||||
'ExactDiskFilter,'
|
||||
'ExactCoreFilter,'
|
||||
'ServerGroupAntiAffinityFilter,'
|
||||
'ServerGroupAffinityFilter'),
|
||||
'LOCAL_IP': os.environ.get('LOCAL_IP', '192.0.2.1'),
|
||||
'LOCAL_INTERFACE': os.environ.get('LOCAL_INTERFACE', 'eth1'),
|
||||
'DNSMASQ_START': os.environ.get('DNSMASQ_START', '192.0.2.4'),
|
||||
'DNSMASQ_END': os.environ.get('DNSMASQ_END', '192.0.2.4'),
|
||||
'MASQUERADE_NETWORK': os.environ.get('MASQUERADE_NETWORK', '192.0.2.0/24'),
|
||||
'DHCP_START': os.environ.get('DHCP_START', '192.0.2.5'),
|
||||
'DHCP_END': os.environ.get('DHCP_END', '192.0.2.24'),
|
||||
|
@ -53,24 +25,10 @@ context = {
|
|||
'DISCOVERY_INTERFACE': os.environ.get('DISCOVERY_INTERFACE', 'br-ctlplane'),
|
||||
'DISCOVERY_IPRANGE': os.environ.get('DISCOVERY_IPRANGE', '192.0.2.100,192.0.2.120'),
|
||||
'DISCOVERY_PXEIP': os.environ.get('DISCOVERY_PXEIP', '192.0.2.1'),
|
||||
'UNDERCLOUD_DB_PASSWORD': os.environ.get('UNDERCLOUD_DB_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_ADMIN_TOKEN': os.environ.get('UNDERCLOUD_ADMIN_TOKEN', 'unset'),
|
||||
'UNDERCLOUD_ADMIN_PASSWORD': os.environ.get('UNDERCLOUD_ADMIN_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_CEILOMETER_PASSWORD': os.environ.get('UNDERCLOUD_CEILOMETER_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD': os.environ.get('UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_GLANCE_PASSWORD': os.environ.get('UNDERCLOUD_GLANCE_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_HEAT_PASSWORD': os.environ.get('UNDERCLOUD_HEAT_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_NEUTRON_PASSWORD': os.environ.get('UNDERCLOUD_NEUTRON_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_NOVA_PASSWORD': os.environ.get('UNDERCLOUD_NOVA_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_TUSKAR_PASSWORD': os.environ.get('UNDERCLOUD_TUSKAR_PASSWORD', 'unset'),
|
||||
'UNDERCLOUD_IRONIC_PASSWORD': os.environ.get('UNDERCLOUD_IRONIC_PASSWORD', 'unset')
|
||||
'UNDERCLOUD_IRONIC_PASSWORD': os.environ.get('UNDERCLOUD_IRONIC_PASSWORD', 'unset'),
|
||||
}
|
||||
|
||||
if context['DEPLOYMENT_MODE'] == 'scale':
|
||||
context['SCHEDULER_USE_BAREMETAL_FILTERS'] = 'True'
|
||||
else:
|
||||
context['SCHEDULER_USE_BAREMETAL_FILTERS'] = 'False'
|
||||
|
||||
with open(template) as f:
|
||||
config_json = renderer.render(f.read(), context)
|
||||
|
||||
|
@ -80,11 +38,6 @@ if not os.path.exists(os.path.dirname(cfn_path)):
|
|||
with open(cfn_path, 'w') as f:
|
||||
f.write(config_json)
|
||||
|
||||
# For future reference, we could also generate this separately and combine the
|
||||
# cfn-init-data with the generated keystone data with:
|
||||
# jq -s '.[0].keystone=(.[0].keystone + .[1].keystone) | .[0]' cfn.json key.json
|
||||
subprocess.check_call(['generate-keystone-pki', '-s', '--heatenv', cfn_path])
|
||||
|
||||
# Make the json pretty again
|
||||
tmpfile = tempfile.mkstemp()[1]
|
||||
outfile = open(tmpfile, 'w')
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
export NOVA_VERSION=1.1
|
||||
export OS_PASSWORD=$(hiera admin_password)
|
||||
export OS_AUTH_URL=http://{{local-ip}}:5000/v2.0
|
||||
export OS_USERNAME=admin
|
||||
export OS_TENANT_NAME=admin
|
||||
export COMPUTE_API_VERSION=1.1
|
||||
export OS_NO_CACHE=True
|
|
@ -1,11 +1,11 @@
|
|||
UNDERCLOUD_DB_PASSWORD={{db-password}}
|
||||
UNDERCLOUD_ADMIN_TOKEN={{admin-token}}
|
||||
UNDERCLOUD_ADMIN_PASSWORD={{admin-password}}
|
||||
UNDERCLOUD_GLANCE_PASSWORD={{glance.service-password}}
|
||||
UNDERCLOUD_HEAT_PASSWORD={{heat.admin_password}}
|
||||
UNDERCLOUD_NEUTRON_PASSWORD={{neutron.service-password}}
|
||||
UNDERCLOUD_NOVA_PASSWORD={{nova.service-password}}
|
||||
UNDERCLOUD_IRONIC_PASSWORD={{ironic.service-password}}
|
||||
UNDERCLOUD_DB_PASSWORD=$(hiera admin_password)
|
||||
UNDERCLOUD_ADMIN_TOKEN=$(hiera keystone::admin_token)
|
||||
UNDERCLOUD_ADMIN_PASSWORD=$(hiera admin_password)
|
||||
UNDERCLOUD_GLANCE_PASSWORD=$(hiera glance::api::keystone_password)
|
||||
UNDERCLOUD_HEAT_PASSWORD=$(hiera heat::keystone_password)
|
||||
UNDERCLOUD_NEUTRON_PASSWORD=$(hiera neutron::server::auth_password)
|
||||
UNDERCLOUD_NOVA_PASSWORD=$(hiera nova::api::admin_password)
|
||||
UNDERCLOUD_IRONIC_PASSWORD=$(hiera ironic::api::admin_password)
|
||||
UNDERCLOUD_TUSKAR_PASSWORD={{tuskar.service-password}}
|
||||
UNDERCLOUD_CEILOMETER_PASSWORD={{ceilometer.service-password}}
|
||||
UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD={{ceilometer.snmpd_readonly_user_password}}
|
||||
UNDERCLOUD_CEILOMETER_PASSWORD=$(hiera ceilometer::api::keystone_password)
|
||||
UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=$(hiera snmpd_readonly_user_password)
|
||||
|
|
|
@ -5,13 +5,13 @@ iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
|
|||
iptables -t nat -X BOOTSTACK_MASQ_NEW || true
|
||||
iptables -t nat -N BOOTSTACK_MASQ_NEW
|
||||
# Build the chain we want.
|
||||
{{#bootstack.masquerade_networks}}
|
||||
{{#masquerade_networks}}
|
||||
NETWORK={{.}}
|
||||
# Workaround iptables not permitting two -d parameters in one call.
|
||||
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
|
||||
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
|
||||
iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE
|
||||
{{/bootstack.masquerade_networks}}
|
||||
{{/masquerade_networks}}
|
||||
# Link it in.
|
||||
iptables -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
|
||||
# Delete the old chain if present.
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
basedir=$(os-refresh-config --print-base)
|
||||
mkdir $basedir/environment.d
|
||||
cat > $basedir/environment.d/10-tuskar-role-directory <<EOF
|
||||
export TUSKAR_ROLE_DIRECTORY=$TUSKAR_ROLE_DIRECTORY
|
||||
EOF
|
|
@ -109,7 +109,47 @@ UNDERCLOUD_TUSKAR_PASSWORD=
|
|||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_CEILOMETER_PASSWORD=
|
||||
|
||||
### Ceilometer metering secret ###
|
||||
# Ceilometer metering secret
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_CEILOMETER_METERING_SECRET=
|
||||
|
||||
### Ceilometer snmpd user ###
|
||||
# Ceilometer snmpd user
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_CEILOMETER_SNMPD_USER=
|
||||
|
||||
### Ceilometer snmpd password ###
|
||||
# Ceilometer snmpd password
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=
|
||||
|
||||
### Swift password ###
|
||||
# Swift password
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_SWIFT_PASSWORD=
|
||||
|
||||
### Rabbit Cookie ###
|
||||
# Rabbit Cookie
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_RABBIT_COOKIE=
|
||||
|
||||
### Rabbit Password ###
|
||||
# Rabbit Password
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_RABBIT_PASSWORD=
|
||||
|
||||
### Rabbit Username ###
|
||||
# Rabbit Username
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_RABBIT_USERNAME=
|
||||
|
||||
### Heat Stack Domain Admin Password ###
|
||||
# Heat Stack Domain Admin Password
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=
|
||||
|
||||
### Swift Hash Suffix ###
|
||||
# Swift Hash Suffix
|
||||
# If left unset, one will be automatically generated
|
||||
UNDERCLOUD_SWIFT_HASH_SUFFIX=
|
||||
|
|
|
@ -42,7 +42,6 @@
|
|||
"ceilometer-undercloud-config",
|
||||
"ironic-discoverd",
|
||||
"element-manifest",
|
||||
"fix-undercloud-package-installs",
|
||||
"os-cloud-config",
|
||||
"install-server",
|
||||
"selinux-permissive",
|
||||
|
|
|
@ -23,28 +23,19 @@
|
|||
"undercloud-install",
|
||||
"rhel7",
|
||||
"rhel7-distro",
|
||||
"boot-stack",
|
||||
"nova-ironic",
|
||||
"os-collect-config",
|
||||
"horizon",
|
||||
"neutron-dhcp-agent",
|
||||
"undercloud-stack-config",
|
||||
"rabbitmq-server",
|
||||
"mariadb-rpm",
|
||||
"os-refresh-config-reboot",
|
||||
"common-venv",
|
||||
"undercloud-post-config",
|
||||
"undercloud-package-install",
|
||||
"ceilometer-collector",
|
||||
"ceilometer-api",
|
||||
"ceilometer-agent-central",
|
||||
"ceilometer-agent-notification",
|
||||
"ceilometer-undercloud-config",
|
||||
"ironic-discoverd",
|
||||
"element-manifest",
|
||||
"tuskar",
|
||||
"fix-undercloud-package-installs",
|
||||
"os-cloud-config"
|
||||
"ironic-conductor",
|
||||
"os-cloud-config",
|
||||
"os-net-config",
|
||||
"puppet-stack-config"
|
||||
],
|
||||
"hook": [
|
||||
"extra-data",
|
||||
|
@ -56,7 +47,8 @@
|
|||
"exclude-element": [
|
||||
"dkms",
|
||||
"openvswitch-datapath",
|
||||
"pip-and-virtualenv"
|
||||
"pip-and-virtualenv",
|
||||
"ironic"
|
||||
],
|
||||
"blacklist": [
|
||||
"10-cloud-init",
|
||||
|
|
|
@ -57,17 +57,10 @@ $INSTACKUNDERCLOUDELEMENTS:\
|
|||
echo "Sourcing answers file from instack.answers..."
|
||||
source ~/instack.answers
|
||||
|
||||
export DEPLOYMENT_MODE
|
||||
export IMAGE_PATH
|
||||
export LOCAL_IP
|
||||
export DNSMASQ_START
|
||||
export DNSMASQ_END
|
||||
export LOCAL_INTERFACE
|
||||
export LOCAL_IP
|
||||
export MASQUERADE_NETWORK
|
||||
export POWER_DRIVER
|
||||
export VIRTUAL_POWER_USER
|
||||
|
||||
export VIRTUAL_POWER_HOST
|
||||
export DHCP_START
|
||||
export DHCP_END
|
||||
export NETWORK_CIDR
|
||||
|
@ -76,19 +69,24 @@ export DISCOVERY_INTERFACE
|
|||
export DISCOVERY_IPRANGE
|
||||
export DISCOVERY_PXEIP
|
||||
|
||||
export UNDERCLOUD_DB_PASSWORD=${UNDERCLOUD_DB_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD=${UNDERCLOUD_HEAT_STACK_DOMAIN_ADMIN_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_RABBIT_COOKIE=${UNDERCLOUD_RABBIT_COOKIE:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_RABBIT_PASSWORD=${UNDERCLOUD_RABBIT_PASSWORD:-guest}
|
||||
export UNDERCLOUD_RABBIT_USERNAME=${UNDERCLOUD_RABBIT_USERNAME:-guest}
|
||||
export UNDERCLOUD_SWIFT_HASH_SUFFIX=${UNDERCLOUD_SWIFT_HASH_SUFFIX:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_ADMIN_PASSWORD=${UNDERCLOUD_ADMIN_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_TUSKAR_PASSWORD=${UNDERCLOUD_TUSKAR_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_ADMIN_TOKEN=${UNDERCLOUD_ADMIN_TOKEN:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_CEILOMETER_METERING_SECRET=${UNDERCLOUD_CEILOMETER_METERING_SECRET:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_CEILOMETER_PASSWORD=${UNDERCLOUD_CEILOMETER_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD=${UNDERCLOUD_CEILOMETER_SNMPD_PASSWORD:-$(tripleo os-make-password)}
|
||||
|
||||
export TUSKAR_ROLE_DIRECTORY=${TUSKAR_ROLE_DIRECTORY:-/usr/share/openstack-tripleo-heat-templates}
|
||||
export UNDERCLOUD_CEILOMETER_SNMPD_USER=${UNDERCLOUD_CEILOMETER_SNMPD_USER:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_GLANCE_PASSWORD=${UNDERCLOUD_GLANCE_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_HEAT_PASSWORD=${UNDERCLOUD_HEAT_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_IRONIC_PASSWORD=${UNDERCLOUD_IRONIC_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_NEUTRON_PASSWORD=${UNDERCLOUD_NEUTRON_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_NOVA_PASSWORD=${UNDERCLOUD_NOVA_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_SWIFT_PASSWORD=${UNDERCLOUD_SWIFT_PASSWORD:-$(tripleo os-make-password)}
|
||||
export UNDERCLOUD_TUSKAR_PASSWORD=${UNDERCLOUD_TUSKAR_PASSWORD:-$(tripleo os-make-password)}
|
||||
|
||||
sudo -E instack \
|
||||
-p $ELEMENTS_PATH \
|
||||
|
@ -104,7 +102,7 @@ if [ "$RUN_ORC" = "1" ]; then
|
|||
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
|
||||
fi
|
||||
|
||||
command $(sudo cat /root/stackrc | xargs)
|
||||
source <(sudo cat /root/stackrc)
|
||||
if ! nova keypair-show default 2>/dev/null; then
|
||||
tripleo user-config
|
||||
fi
|
||||
|
|
|
@ -8,7 +8,7 @@ export DEPLOY_NAME=${DEPLOY_NAME:-deploy-ramdisk-ironic}
|
|||
export DISCOVERY_NAME=${DISCOVERY_NAME:-discovery-ramdisk}
|
||||
TFTP_ROOT=${TFTP_ROOT:-/tftpboot}
|
||||
|
||||
command $(sudo cat /root/stackrc | xargs)
|
||||
source <(sudo cat /root/stackrc)
|
||||
|
||||
OS_AUTH_URL=${OS_AUTH_URL:-""}
|
||||
if [ -z "$OS_AUTH_URL" ]; then
|
||||
|
|
Loading…
Reference in New Issue