openstack/puppet-openstack-integration
Code Issues Proposed changes

scenario002/centos7: switch RabbitMQ and OpenStack to IPv6

Browse Source 
This is a first iteration of testing IPv6 deployment.
This patch will deploy scenario002 on centos7 by using IPv6 network.

To make it work on Ubuntu, it will require more work, that will be done
in future iterations. During my testing, I found some bugs and did not
investigate because I wanted a first scenario working on v6.

Same for scenario001 and scenario003, they'll be tested later.

Change-Id: Ib28b379645b5a3d351438e0408a9de62b9f48302
This commit is contained in:
Emilien Macchi 2016-03-02 19:09:05 -05:00
parent cf864be1bc
commit 4ed8366f07
8 changed files with 73 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
fixtures/scenario002.pp
View File

@ -16,11 +16,13 @@
case $::osfamily {
'Debian': {
$ipv6 = false
# ironic-conductor is broken for Ubuntu Trusty
# https://bugs.launchpad.net/cloud-archive/+bug/1530869
$ironic_enabled = false
}
'RedHat': {
$ipv6 = true
$ironic_enabled = true
}
default: {
@ -30,7 +32,8 @@ case $::osfamily {
include ::openstack_integration
class { '::openstack_integration::config':
ssl => true,
ssl => true,
ipv6 => $ipv6,
}
include ::openstack_integration::cacert
include ::openstack_integration::rabbitmq

14
manifests/cinder.pp
View File

@ -29,11 +29,17 @@ class openstack_integration::cinder (
password => 'cinder',
}
class { '::cinder::keystone::auth':
password => 'a_big_secret',
public_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s",
internal_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s",
admin_url => "http://${::openstack_integration::config::ip_for_url}:8776/v1/%(tenant_id)s",
public_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s",
internal_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s",
admin_url_v2 => "http://${::openstack_integration::config::ip_for_url}:8776/v2/%(tenant_id)s",
password => 'a_big_secret',
}
class { '::cinder':
database_connection => 'mysql+pymysql://cinder:cinder@127.0.0.1/cinder?charset=utf8',
rabbit_host => $::openstack_integration::config::rabbit_host,
rabbit_host => $::openstack_integration::config::ip_for_url,
rabbit_port => $::openstack_integration::config::rabbit_port,
rabbit_userid => 'cinder',
rabbit_password => 'an_even_bigger_secret',
@ -47,6 +53,8 @@ class openstack_integration::cinder (
identity_uri => $::openstack_integration::config::keystone_admin_uri,
default_volume_type => 'BACKEND_1',
service_workers => 2,
public_endpoint => "http://${::openstack_integration::config::ip_for_url}:8776",
bind_host => $::openstack_integration::config::host,
}
class { '::cinder::quota': }
class { '::cinder::scheduler': }
@ -56,7 +64,7 @@ class openstack_integration::cinder (
}
class { '::cinder::cron::db_purge': }
class { '::cinder::glance':
glance_api_servers => "${::openstack_integration::config::proto}://127.0.0.1:9292",
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
}
case $backend {
'iscsi': {

16
manifests/config.pp
View File

@ -22,19 +22,23 @@ class openstack_integration::config (
}
if $ipv6 {
$rabbit_host = '[::1]'
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => '::1',
$host = '::1'
$rabbit_env = {
'RABBITMQ_NODE_IP_ADDRESS' => $host,
'RABBITMQ_SERVER_START_ARGS' => '"-proto_dist inet6_tcp"',
}
$ip_version = '6'
} else {
$rabbit_host = '127.0.0.1'
$host = '127.0.0.1'
$rabbit_env = {}
$ip_version = '4'
}
$keystone_auth_uri = "${proto}://127.0.0.1:5000"
$keystone_admin_uri = "${proto}://127.0.0.1:35357"
# in URL, brackets are needed
$ip_for_url = normalize_ip_for_uri($host)
$base_url = "${proto}://${ip_for_url}"
$keystone_auth_uri = "${base_url}:5000"
$keystone_admin_uri = "${base_url}:35357"
}

13
manifests/glance.pp
View File

@ -46,9 +46,9 @@ class openstack_integration::glance (
include ::glance
include ::glance::client
class { '::glance::keystone::auth':
public_url => "${::openstack_integration::config::proto}://127.0.0.1:9292",
internal_url => "${::openstack_integration::config::proto}://127.0.0.1:9292",
admin_url => "${::openstack_integration::config::proto}://127.0.0.1:9292",
public_url => "${::openstack_integration::config::base_url}:9292",
internal_url => "${::openstack_integration::config::base_url}:9292",
admin_url => "${::openstack_integration::config::base_url}:9292",
password => 'a_big_secret',
}
case $backend {
@ -72,7 +72,7 @@ class openstack_integration::glance (
swift_store_user => 'services:glance',
swift_store_key => 'a_big_secret',
swift_store_create_container_on_put => 'True',
swift_store_auth_address => "${::openstack_integration::config::proto}://127.0.0.1:5000/v2.0",
swift_store_auth_address => "${::openstack_integration::config::base_url}:5000/v2.0",
}
}
default: {
@ -89,11 +89,13 @@ class openstack_integration::glance (
workers => 2,
stores => $glance_stores,
default_store => $backend,
bind_host => $::openstack_integration::config::host,
auth_uri => $::openstack_integration::config::keystone_auth_uri,
identity_uri => $::openstack_integration::config::keystone_admin_uri,
registry_client_protocol => $::openstack_integration::config::proto,
registry_client_cert_file => $crt_file,
registry_client_key_file => $key_file,
registry_host => $::openstack_integration::config::host,
cert_file => $crt_file,
key_file => $key_file,
}
@ -102,6 +104,7 @@ class openstack_integration::glance (
verbose => true,
database_connection => 'mysql+pymysql://glance:glance@127.0.0.1/glance?charset=utf8',
keystone_password => 'a_big_secret',
bind_host => $::openstack_integration::config::host,
workers => 2,
auth_uri => $::openstack_integration::config::keystone_auth_uri,
identity_uri => $::openstack_integration::config::keystone_admin_uri,
@ -111,7 +114,7 @@ class openstack_integration::glance (
class { '::glance::notify::rabbitmq':
rabbit_userid => 'glance',
rabbit_password => 'an_even_bigger_secret',
rabbit_host => $::openstack_integration::config::rabbit_host,
rabbit_host => $::openstack_integration::config::ip_for_url,
rabbit_port => $::openstack_integration::config::rabbit_port,
notification_driver => 'messagingv2',
rabbit_use_ssl => $::openstack_integration::config::ssl,

19
manifests/ironic.pp
View File

@ -28,7 +28,7 @@ class openstack_integration::ironic {
class { '::ironic':
rabbit_userid => 'ironic',
rabbit_password => 'an_even_bigger_secret',
rabbit_host => $::openstack_integration::config::rabbit_host,
rabbit_host => $::openstack_integration::config::ip_for_url,
rabbit_port => $::openstack_integration::config::rabbit_port,
rabbit_use_ssl => $::openstack_integration::config::ssl,
database_connection => 'mysql+pymysql://ironic:ironic@127.0.0.1/ironic?charset=utf8',
@ -40,25 +40,26 @@ class openstack_integration::ironic {
password => 'ironic',
}
class { '::ironic::keystone::auth':
public_url => "${::openstack_integration::config::proto}://127.0.0.1:6385",
internal_url => "${::openstack_integration::config::proto}://127.0.0.1:6385",
admin_url => "${::openstack_integration::config::proto}://127.0.0.1:6385",
public_url => "${::openstack_integration::config::base_url}:6385",
internal_url => "${::openstack_integration::config::base_url}:6385",
admin_url => "${::openstack_integration::config::base_url}:6385",
password => 'a_big_secret',
}
class { '::ironic::client': }
class { '::ironic::api':
auth_uri => $::openstack_integration::config::keystone_auth_uri,
identity_uri => $::openstack_integration::config::keystone_admin_uri,
neutron_url => 'http://127.0.0.1:9696',
neutron_url => "http://${::openstack_integration::config::ip_for_url}:9696",
admin_password => 'a_big_secret',
service_name => 'httpd',
}
include ::apache
class { '::ironic::wsgi::apache':
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/ironic/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
bind_host => $::openstack_integration::config::ip_for_url,
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/ironic/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
}
class { '::ironic::conductor': }
Rabbitmq_user_permissions['ironic@/'] -> Service<| tag == 'ironic-service' |>

12
manifests/keystone.pp
View File

@ -42,13 +42,17 @@ class openstack_integration::keystone (
default_domain => $default_domain,
using_domain_config => $using_domain_config,
enable_ssl => $::openstack_integration::config::ssl,
public_bind_host => $::openstack_integration::config::host,
admin_bind_host => $::openstack_integration::config::host,
}
include ::apache
class { '::keystone::wsgi::apache':
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
bind_host => $::openstack_integration::config::ip_for_url,
admin_bind_host => $::openstack_integration::config::ip_for_url,
ssl => $::openstack_integration::config::ssl,
ssl_key => "/etc/keystone/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
workers => 2,
}
class { '::keystone::roles::admin':
email => 'test@example.tld',

8
manifests/neutron.pp
View File

@ -20,12 +20,15 @@ class openstack_integration::neutron {
password => 'neutron',
}
class { '::neutron::keystone::auth':
password => 'a_big_secret',
public_url => "http://${::openstack_integration::config::ip_for_url}:9696",
internal_url => "http://${::openstack_integration::config::ip_for_url}:9696",
admin_url => "http://${::openstack_integration::config::ip_for_url}:9696",
password => 'a_big_secret',
}
class { '::neutron':
rabbit_user => 'neutron',
rabbit_password => 'an_even_bigger_secret',
rabbit_host => $::openstack_integration::config::rabbit_host,
rabbit_host => $::openstack_integration::config::ip_for_url,
rabbit_port => $::openstack_integration::config::rabbit_port,
rabbit_use_ssl => $::openstack_integration::config::ssl,
allow_overlapping_ips => true,
@ -33,6 +36,7 @@ class openstack_integration::neutron {
service_plugins => ['router', 'metering', 'firewall'],
debug => true,
verbose => true,
bind_host => $::openstack_integration::config::host,
}
class { '::neutron::client': }
class { '::neutron::server':

28
manifests/nova.pp
View File

@ -41,23 +41,24 @@ class openstack_integration::nova (
password => 'nova',
}
class { '::nova::keystone::auth':
public_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s",
public_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s",
internal_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s",
internal_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s",
admin_url => "${::openstack_integration::config::proto}://127.0.0.1:8774/v2/%(tenant_id)s",
admin_url_v3 => "${::openstack_integration::config::proto}://127.0.0.1:8774/v3/%(tenant_id)s",
public_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s",
internal_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s",
admin_url => "${::openstack_integration::config::base_url}:8774/v2/%(tenant_id)s",
public_url_v3 => "${::openstack_integration::config::base_url}:8774/v3",
internal_url_v3 => "${::openstack_integration::config::base_url}:8774/v3",
admin_url_v3 => "${::openstack_integration::config::base_url}:8774/v3",
password => 'a_big_secret',
}
class { '::nova':
database_connection => 'mysql+pymysql://nova:nova@127.0.0.1/nova?charset=utf8',
api_database_connection => 'mysql+pymysql://nova_api:nova@127.0.0.1/nova_api?charset=utf8',
rabbit_host => $::openstack_integration::config::rabbit_host,
rabbit_host => $::openstack_integration::config::ip_for_url,
rabbit_port => $::openstack_integration::config::rabbit_port,
rabbit_userid => 'nova',
rabbit_password => 'an_even_bigger_secret',
rabbit_use_ssl => $::openstack_integration::config::ssl,
glance_api_servers => "${::openstack_integration::config::proto}://127.0.0.1:9292",
use_ipv6 => $::openstack_integration::config::ipv6,
glance_api_servers => "${::openstack_integration::config::base_url}:9292",
verbose => true,
debug => true,
notification_driver => 'messagingv2',
@ -67,6 +68,7 @@ class openstack_integration::nova (
admin_password => 'a_big_secret',
auth_uri => $::openstack_integration::config::keystone_auth_uri,
identity_uri => $::openstack_integration::config::keystone_admin_uri,
api_bind_address => $::openstack_integration::config::host,
osapi_v3 => true,
neutron_metadata_proxy_shared_secret => 'a_big_secret',
metadata_workers => 2,
@ -76,10 +78,11 @@ class openstack_integration::nova (
}
include ::apache
class { '::nova::wsgi::apache':
ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => '2',
bind_host => $::openstack_integration::config::ip_for_url,
ssl_key => "/etc/nova/ssl/private/${::fqdn}.pem",
ssl_cert => $::openstack_integration::params::cert_path,
ssl => $::openstack_integration::config::ssl,
workers => '2',
}
class { '::nova::client': }
class { '::nova::conductor': }
@ -114,6 +117,7 @@ class openstack_integration::nova (
class { '::nova::network::neutron':
neutron_auth_url => "${::openstack_integration::config::keystone_admin_uri}/v3",
neutron_url => "http://${::openstack_integration::config::ip_for_url}:9696",
neutron_password => 'a_big_secret',
}