2be3e3f9d2
* Manage Puppet OpenStack CI CA and create a common certificate, auto-signed. * Configure RabbitMQ to activate SSL on scenario002 * Configure OpenStack services that run on scenario002 to connect to RabbitMQ using SSL protocol. Change-Id: Ic435078472ba4e0e0eaf04a64e5bcb7aabba7b3d
96 lines
2.5 KiB
Puppet
96 lines
2.5 KiB
Puppet
# Configure the Neutron services
|
|
#
|
|
# [*ssl*]
|
|
# (optional) Boolean to enable or not SSL.
|
|
# Defaults to false.
|
|
#
|
|
class openstack_integration::neutron (
|
|
$ssl = false,
|
|
) {
|
|
|
|
if $ssl {
|
|
$rabbit_port = '5671'
|
|
} else {
|
|
$rabbit_port = '5672'
|
|
}
|
|
|
|
rabbitmq_user { 'neutron':
|
|
admin => true,
|
|
password => 'an_even_bigger_secret',
|
|
provider => 'rabbitmqctl',
|
|
require => Class['::rabbitmq'],
|
|
}
|
|
rabbitmq_user_permissions { 'neutron@/':
|
|
configure_permission => '.*',
|
|
write_permission => '.*',
|
|
read_permission => '.*',
|
|
provider => 'rabbitmqctl',
|
|
require => Class['::rabbitmq'],
|
|
}
|
|
|
|
class { '::neutron::db::mysql':
|
|
password => 'neutron',
|
|
}
|
|
class { '::neutron::keystone::auth':
|
|
password => 'a_big_secret',
|
|
}
|
|
class { '::neutron':
|
|
rabbit_user => 'neutron',
|
|
rabbit_password => 'an_even_bigger_secret',
|
|
rabbit_host => '127.0.0.1',
|
|
rabbit_port => $rabbit_port,
|
|
rabbit_use_ssl => $ssl,
|
|
allow_overlapping_ips => true,
|
|
core_plugin => 'ml2',
|
|
service_plugins => ['router', 'metering', 'firewall'],
|
|
debug => true,
|
|
verbose => true,
|
|
}
|
|
class { '::neutron::client': }
|
|
class { '::neutron::server':
|
|
database_connection => 'mysql+pymysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
|
|
auth_password => 'a_big_secret',
|
|
identity_uri => 'http://127.0.0.1:35357/',
|
|
sync_db => true,
|
|
api_workers => 2,
|
|
rpc_workers => 2,
|
|
}
|
|
class { '::neutron::plugins::ml2':
|
|
type_drivers => ['vxlan'],
|
|
tenant_network_types => ['vxlan'],
|
|
mechanism_drivers => ['openvswitch'],
|
|
}
|
|
class { '::neutron::agents::ml2::ovs':
|
|
enable_tunneling => true,
|
|
local_ip => '127.0.0.1',
|
|
tunnel_types => ['vxlan'],
|
|
}
|
|
class { '::neutron::agents::metadata':
|
|
debug => true,
|
|
auth_password => 'a_big_secret',
|
|
shared_secret => 'a_big_secret',
|
|
metadata_workers => 2,
|
|
}
|
|
class { '::neutron::agents::lbaas':
|
|
debug => true,
|
|
}
|
|
class { '::neutron::agents::l3':
|
|
debug => true,
|
|
}
|
|
class { '::neutron::agents::dhcp':
|
|
debug => true,
|
|
}
|
|
class { '::neutron::agents::metering':
|
|
debug => true,
|
|
}
|
|
class { '::neutron::server::notifications':
|
|
password => 'a_big_secret',
|
|
}
|
|
class { '::neutron::services::fwaas':
|
|
enabled => true,
|
|
driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver',
|
|
}
|
|
include ::vswitch::ovs
|
|
|
|
}
|