openstack/puppet-openstack-integration
Code Issues Proposed changes
30a78d1b80
puppet-openstack-integration/manifests/neutron.pp
Ihar Hrachyshka a14223b092 neutron: switched to lbaasv2 service plugin alias 
This is the preferred way to configure neutron service plugins.

Change-Id: Ida5a9469c3de10da83fed4af0608f431d9bb7e2c
Related-Bug: #1630693
2016-11-30 23:13:26 +00:00

197 lines
7.1 KiB
Puppet
Raw Blame History

# Configure the Neutron service
#
# [*driver*]
# (optional) Neutron Driver to test
# Can be: openvswitch or linuxbridge.
# Defaults to 'ml2_ovs'.
#
# [*lbaasv2*]
# (optional) Configure lbaas v2 instead of v1
# Defaults to true
#
class openstack_integration::neutron (
$driver = 'openvswitch',
$lbaasv2 = true,
) {
include ::openstack_integration::config
include ::openstack_integration::params
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'neutron':
notify => Service['neutron-server'],
require => Package['neutron'],
}
Exec['update-ca-certificates'] ~> Service['neutron-server']
}
rabbitmq_user { 'neutron':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { 'neutron@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |>
case $driver {
'openvswitch': {
include ::vswitch::ovs
# Functional test for Open-vSwitch:
# create dummy loopback interface to exercise adding a port to a bridge
vs_bridge { 'br-ex':
ensure => present,
notify => Exec['create_loop1_port'],
}
exec { 'create_loop1_port':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip link add name loop1 type dummy && ip addr add 127.2.0.1/24 dev loop1',
refreshonly => true,
} ->
vs_port { 'loop1':
ensure => present,
bridge => 'br-ex',
notify => Exec['create_br-ex_vif'],
}
# creates br-ex virtual interface to reach floating-ip network
exec { 'create_br-ex_vif':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip addr add 172.24.5.1/24 dev br-ex && ip link set br-ex up',
refreshonly => true,
}
class { '::neutron::agents::ml2::ovs':
local_ip => '127.0.0.1',
tunnel_types => ['vxlan'],
bridge_mappings => ['external:br-ex'],
manage_vswitch => false,
}
$firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'
}
'linuxbridge': {
exec { 'create_dummy_iface':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
unless => 'ip l show loop0',
command => 'ip link add name loop0 type dummy && ip addr add 172.24.5.1/24 dev loop0 && ip link set loop0 up',
}
class { '::neutron::agents::ml2::linuxbridge':
local_ip => $::ipaddress,
tunnel_types => ['vxlan'],
physical_interface_mappings => ['external:loop0'],
}
$external_network_bridge = ''
$firewall_driver = 'neutron.agent.linux.iptables_firewall.IptablesFirewallDriver'
}
default: {
fail("Unsupported neutron driver (${driver})")
}
}
class { '::neutron::db::mysql':
password => 'neutron',
}
class { '::neutron::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:9696",
internal_url => "${::openstack_integration::config::base_url}:9696",
admin_url => "${::openstack_integration::config::base_url}:9696",
password => 'a_big_secret',
}
class { '::neutron':
default_transport_url => os_transport_url({
'transport' => 'rabbit',
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::rabbit_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => ['router', 'metering', 'firewall', 'lbaasv2'],
debug => true,
bind_host => $::openstack_integration::config::host,
use_ssl => $::openstack_integration::config::ssl,
cert_file => $::openstack_integration::params::cert_path,
key_file => "/etc/neutron/ssl/private/${::fqdn}.pem",
}
class { '::neutron::client': }
class { '::neutron::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
auth_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
}
class { '::neutron::server':
database_connection => 'mysql+pymysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
sync_db => true,
api_workers => 2,
rpc_workers => 2,
service_providers => ['LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
'FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default'],
}
class { '::neutron::services::lbaas': }
class { '::neutron::plugins::ml2':
type_drivers => ['vxlan', 'flat'],
tenant_network_types => ['vxlan', 'flat'],
mechanism_drivers => $driver,
firewall_driver => $firewall_driver,
}
class { '::neutron::agents::metadata':
debug => true,
shared_secret => 'a_big_secret',
metadata_workers => 2,
}
if $lbaasv2 {
$lbaasv1 = false
$device_driver = 'neutron_lbaas.drivers.haproxy.namespace_driver.HaproxyNSDriver'
} else {
$lbaasv1 = true
$device_driver = 'neutron_lbaas.services.loadbalancer.drivers.haproxy.namespace_driver.HaproxyNSDriver'
}
class { '::neutron::agents::lbaas':
interface_driver => $driver,
enable_v1 => $lbaasv1,
enable_v2 => $lbaasv2,
debug => true,
device_driver => $device_driver
}
class { '::neutron::agents::l3':
interface_driver => $driver,
debug => true,
extensions => 'fwaas',
# This parameter is deprecated but we need it for linuxbridge
# It will be dropped in a future release.
external_network_bridge => $external_network_bridge,
}
class { '::neutron::agents::dhcp':
interface_driver => $driver,
debug => true,
}
class { '::neutron::agents::metering':
interface_driver => $driver,
debug => true,
}
class { '::neutron::server::notifications':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
}
class { '::neutron::services::fwaas':
enabled => true,
agent_version => 'v1',
driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver',
}
}
View Git Blame Copy Permalink