Add SPOF support & Heat APIs support

- Add SPOF node which aims to manage OpenStack services which are
  bottleneck in Havana
- Add Heat APIs support (cfn & cloudwatch)
- Split Heat manifests
- Split Ceilometer manifests
- Create site-ref for basic architecture of small deployment

Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>

params.pp

@@ -35,6 +35,7 @@ class os_params {
   $site_domain = 'enovance.com'
   $storage = True
   $verbose = False
+  $spof_nodes_are_separate = False
 
   # Root hashed password
   # ToDo(EmilienM): Disable root user in all nodes and use sudo
@@ -211,13 +212,19 @@ class os_params {
   $heat_db_user = 'heat'
   $ks_heat_admin_host = 'os-ci-test3.enovance.com'
   $ks_heat_admin_port = '8004'
+  $ks_heat_cfn_admin_port = '8000'
+  $ks_heat_cloudwatch_admin_port = '8003'
   $ks_heat_admin_proto = 'http'
   $ks_heat_internal_host = 'os-ci-test3.enovance.com'
   $ks_heat_internal_port = '8004'
+  $ks_heat_cfn_internal_port = '8000'
+  $ks_heat_cloudwatch_internal_port = '8003'
   $ks_heat_internal_proto = 'http'
   $ks_heat_password = 'EIMMvWvDPEvI08ggT2azYMhGdsNXe6'
   $ks_heat_public_host = 'os-ci-test3.enovance.com'
   $ks_heat_public_port = '8004'
+  $ks_heat_cfn_public_port = '8000'
+  $ks_heat_cloudwatch_public_port = '8003'
   $ks_heat_public_proto = 'http'
 
 }

roles/identity/identity-controller.pp

@@ -196,6 +196,15 @@ class os_identity_controller (
     public_protocol  => $ks_heat_public_proto,
   }
 
+  class { 'heat::keystone::auth_cfn':
+    admin_address    => $ks_heat_admin_host,
+    internal_address => $ks_heat_internal_host,
+    password         => $ks_heat_password,
+    public_address   => $ks_heat_public_host,
+    public_protocol  => $ks_heat_public_proto,
+  }
+
+
   @@haproxy::balancermember{"${fqdn}-keystone_api":
     listening_service => "keystone_api_cluster",
     server_names      => $::hostname,

roles/load-balancer/lb_server.pp

@@ -17,34 +17,39 @@
 #
 
 class os_lb_server(
-  $ceilometer_api            = true,
-  $cinder_api                = true,
-  $glance_api                = true,
-  $neutron_api               = true,
-  $nova_api                  = true,
-  $ec2_api                   = true,
-  $metadata_api              = true,
-  $spice_api                 = true,
-  $swift_api                 = true,
-  $keystone_api_admin        = true,
-  $keystone_api              = true,
-  $horizon                   = true,
-  $haproxy_auth              = $os_params::haproxy_auth,
-  $keepalived_email          = $os_params::keepalived_email,
-  $keepalived_interface      = 'eth0',
-  $keepalived_ipvs           = [],
-  $keepalived_localhost_ip   = $ipaddress_eth0,
-  $keepalived_smtp           = $os_params::keepalived_smtp,
-  $ks_cinder_ceilometer_port = $os_params::ks_ceilometer_public_port,
-  $ks_cinder_public_port     = $os_params::ks_cinder_public_port,
-  $ks_glance_public_port     = $os_params::ks_glance_public_port,
-  $ks_heat_public_port       = $os_params::ks_heat_public_port,
-  $ks_keystone_admin_port    = $os_params::ks_keystone_admin_port,
-  $ks_keystone_public_port   = $os_params::ks_keystone_public_port,
-  $ks_neutron_public_port    = $os_params::ks_neutron_public_port,
-  $ks_swift_public_port      = $os_params::ks_swift_public_port,
-  $horizon_port              = $os_params::horizon_port,
-  $spice_port                = $os_params::spice_port,
+  $ceilometer_api                 = true,
+  $cinder_api                     = true,
+  $glance_api                     = true,
+  $neutron_api                    = true,
+  $heat_api                       = true,
+  $heat_cfn_api                   = true,
+  $heat_cloudwatch_api            = true,
+  $nova_api                       = true,
+  $ec2_api                        = true,
+  $metadata_api                   = true,
+  $spice_api                      = true,
+  $swift_api                      = true,
+  $keystone_api_admin             = true,
+  $keystone_api                   = true,
+  $horizon                        = true,
+  $haproxy_auth                   = $os_params::haproxy_auth,
+  $keepalived_email               = $os_params::keepalived_email,
+  $keepalived_interface           = 'eth0',
+  $keepalived_ipvs                = [],
+  $keepalived_localhost_ip        = $ipaddress_eth0,
+  $keepalived_smtp                = $os_params::keepalived_smtp,
+  $ks_cinder_ceilometer_port      = $os_params::ks_ceilometer_public_port,
+  $ks_cinder_public_port          = $os_params::ks_cinder_public_port,
+  $ks_glance_public_port          = $os_params::ks_glance_public_port,
+  $ks_heat_public_port            = $os_params::ks_heat_public_port,
+  $ks_heat_cfn_public_port        = $os_params::ks_heat_cfn_public_port,
+  $ks_heat_cloudwatch_public_port = $os_params::ks_heat_cloudwatch_public_port,
+  $ks_keystone_admin_port         = $os_params::ks_keystone_admin_port,
+  $ks_keystone_public_port        = $os_params::ks_keystone_public_port,
+  $ks_neutron_public_port         = $os_params::ks_neutron_public_port,
+  $ks_swift_public_port           = $os_params::ks_swift_public_port,
+  $horizon_port                   = $os_params::horizon_port,
+  $spice_port                     = $os_params::spice_port,
 ){
 
   class { 'haproxy': }
@@ -115,6 +120,14 @@ monitor fail if ceilometer_api_dead
 acl heat_api_dead nbsrv(heat_api_cluster) lt 1
 monitor fail if heat_api_dead
 <%- end -%>
+<%- if @heat_cfn_api -%>
+acl heat_api_cfn_dead nbsrv(heat_api_cfn_cluster) lt 1
+monitor fail if heat_api_cfn_dead
+<%- end -%>
+<%- if @heat_cloudwatch_api -%>
+acl heat_api_cloudwatch_dead nbsrv(heat_api_cloudwatch_cluster) lt 1
+monitor fail if heat_api_cloudwatch_dead
+<%- end -%>
 <%- if @horizon -%>
 acl horizon_dead nbsrv(horizon_cluster) lt 1
 monitor fail if horizon_dead
@@ -200,6 +213,12 @@ monitor fail if horizon_dead
   if $heat_api {
     os_haproxy_listen_http{ 'heat_api_cluster': ports => $ks_heat_public_port }
   }
+  if $heat_cfn_api {
+    os_haproxy_listen_http{ 'heat_api_cfn_cluster': ports => $ks_heat_cfn_public_port }
+  }
+  if $heat_cloudwatch_api {
+    os_haproxy_listen_http{ 'heat_api_cloudwatch_cluster': ports => $ks_heat_cloudwatch_public_port }
+  }
   if $horizon {
     os_haproxy_listen_http{ 'horizon_cluster': ports => $horizon_port }
   }

roles/network/network_metadata.pp

@@ -13,10 +13,12 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 #
-# Network Metadata node
+# Network Metadata node (need to be run once)
+# Could be managed by spof_node manifest
 #
 
 class os_network_metadata(
+  $enabled                              = true,
   $debug                                = $os_params::debug,
   $ks_neutron_password                  = $os_params::ks_neutron_password,
   $neutron_metadata_proxy_shared_secret = $os_params::neutron_metadata_proxy_shared_secret,
@@ -27,6 +29,7 @@ class os_network_metadata(
 ) {
 
   class { 'neutron::agents::metadata':
+    enabled       => $enabled,
     shared_secret => $neutron_metadata_proxy_shared_secret,
     debug         => $debug,
     metadata_ip   => $ks_nova_internal_host,

roles/orchestration/orchestration_api.pp

@@ -0,0 +1,55 @@
+#
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Orchestration APIs node
+#
+
+class os_orchestration_api(
+  $ks_heat_public_port             = $os_params::ks_heat_public_port,
+  $ks_heat_cfn_public_port         = $os_params::ks_heat_cfn_public_port,
+  $ks_heat_cloudwatch_public_port  = $os_params::ks_heat_cloudwatch_public_port,
+) {
+
+  class { 'heat::api': }
+
+  class { 'heat::api-cfn': }
+
+  class { 'heat::api-cloudwatch': }
+
+  @@haproxy::balancermember{"${fqdn}-heat_api":
+    listening_service => "heat_api_cluster",
+    server_names      => $::hostname,
+    ipaddresses       => $local_ip,
+    ports             => $ks_heat_public_port,
+    options           => "check inter 2000 rise 2 fall 5"
+  }
+
+  @@haproxy::balancermember{"${fqdn}-heat_cfn_api":
+    listening_service => "heat_cfn_api_cluster",
+    server_names      => $::hostname,
+    ipaddresses       => $local_ip,
+    ports             => $ks_heat__cfn_public_port,
+    options           => "check inter 2000 rise 2 fall 5"
+  }
+
+  @@haproxy::balancermember{"${fqdn}-heat_cloudwatch_api":
+    listening_service => "heat_cloudwatch_api_cluster",
+    server_names      => $::hostname,
+    ipaddresses       => $local_ip,
+    ports             => $ks_heat_cloudwatch_public_port,
+    options           => "check inter 2000 rise 2 fall 5"
+  }
+
+}

roles/orchestration/orchestration_common.pp

@@ -13,10 +13,10 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 #
-# Orchestration controller node
+# Orchestration common node
 #
 
-class os_orchestration_controller(
+class os_orchestration_common(
   $ks_keystone_internal_host  = $os_params::ks_keystone_internal_host,
   $ks_keystone_internal_port  = $os_params::ks_keystone_internal_port,
   $ks_keystone_internal_proto = $os_params::ks_keystone_internal_proto,
@@ -52,20 +52,4 @@ class os_orchestration_controller(
     debug             => $debug,
   }
 
-  class { 'heat::api': }
-
-  class { 'heat::engine':
-    heat_metadata_server_url      => "${ks_heat_public_proto}://${ks_heat_public_host}:8000",
-    heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000/v1/waitcondition",
-    heat_watch_server_url         => "${ks_heat_public_proto}://${ks_heat_public_host}:8003"
-  }
-
-  @@haproxy::balancermember{"${fqdn}-heat_api":
-    listening_service => "heat_api_cluster",
-    server_names      => $::hostname,
-    ipaddresses       => $local_ip,
-    ports             => $ks_keystone_internal_port,
-    options           => "check inter 2000 rise 2 fall 5"
-  }
-
 }

roles/orchestration/orchestration_engine.pp

@@ -0,0 +1,34 @@
+#
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Orchestration engine node (should be run once)
+# Could be managed by spof node as Active / Passive.
+#
+
+class os_orchestration_engine(
+  $enable                     = true,
+  $ks_heat_public_host        = $os_params::ks_heat_public_host,
+  $ks_heat_public_proto       = $os_params::ks_heat_public_proto,
+  $ks_heat_password           = $os_params::ks_heat_password,
+) {
+
+  class { 'heat::engine':
+    enabled                       => $enabled,
+    heat_metadata_server_url      => "${ks_heat_public_proto}://${ks_heat_public_host}:8000",
+    heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000/v1/waitcondition",
+    heat_watch_server_url         => "${ks_heat_public_proto}://${ks_heat_public_host}:8003"
+  }
+
+}

roles/spof/spof_node.pp

@@ -0,0 +1,119 @@
+#
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPOF node usually installed twice, and managed by Pacemaker / Corosync
+#
+
+class os_spof_node(
+  $debug                          = $os_params::debug,
+  $spof_nodes_are_separate        = $os_params::spof_nodes_are_separate,
+) {
+
+  # Corosync & Pacemaker
+  class { 'corosync':
+    enable_secauth    => false,
+    authkey           => '/var/lib/puppet/ssl/certs/ca.pem',
+    bind_address      => $::network_eth0,
+    multicast_address => '239.1.1.2',
+  }
+
+  cs_property {
+    'no-quorum-policy':         value => 'ignore';
+    'stonith-enabled':          value => 'false';
+    'pe-warn-series-max':       value => 1000;
+    'pe-input-series-max':      value => 1000;
+    'cluster-recheck-interval': value => '5min';
+  }
+  
+  corosync::service { 'pacemaker':
+    version => '0',
+  }
+
+  # Resources managed by Corosync as Active / Passive
+  Package['corosync'] ->
+  file { '/usr/lib/ocf/resource.d/heartbeat/ceilometer-agent-central':
+    source  => '/scripts/ceilometer-agent-central_resource-agent',
+    mode    => '0755',
+    owner   => 'root',
+    group   => 'root',
+  } ->
+  cs_primitive { 'ceilometer-agent-central':
+    primitive_class => 'ocf',
+    primitive_type  => 'ceilometer-agent-central',
+    provided_by     => 'heartbeat',
+    operations      => {
+      'monitor' => { interval => '10s', 'timeout' => '30s' },
+      'start'   => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' }
+    }
+  }
+
+  Package['corosync'] ->
+  file { '/usr/lib/ocf/resource.d/heartbeat/neutron-metadata-agent':
+    source  => '/scripts/neutron-metadata-agent_resource-agent',
+    mode    => '0755',
+    owner   => 'root',
+    group   => 'root',
+  } ->
+  cs_primitive { 'neutron-metadata-agent':
+    primitive_class => 'ocf',
+    primitive_type  => 'neutron-metadata-agent',
+    provided_by     => 'heartbeat',
+    operations      => {
+      'monitor' => { interval => '10s', 'timeout' => '30s' },
+      'start'   => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' }
+    }
+  }
+
+  Package['corosync'] ->
+  file { '/usr/lib/ocf/resource.d/heartbeat/heat-engine':
+    source  => '/scripts/heat-engine_resource-agent',
+    mode    => '0755',
+    owner   => 'root',
+    group   => 'root',
+  } ->
+  cs_primitive { 'heat-engine':
+    primitive_class => 'ocf',
+    primitive_type  => 'heat-engine',
+    provided_by     => 'heartbeat',
+    operations      => {
+      'monitor' => { interval => '10s', 'timeout' => '30s' },
+      'start'   => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' }
+    }
+  }
+
+  # If SPOF nodes are separated from controller nodes,
+  # we should import common OpenStack classes:
+  if $spof_nodes_are_separate {
+    class { 'os_network_common': }
+    class { 'os_orchestration_common': }
+    class { 'os_telemetry_common': }
+  }
+
+  # Run OpenStack Networking Metadata service
+  class { 'os_network_metadata':
+    enabled => false,
+  }
+
+  # Run Heat Engine service
+  class { 'os_orchestration_engine':
+    enabled => false,
+  }
+
+  # Run Ceilometer Agent Central service
+  class { 'os_telemetry_central_agent':
+    enabled => false,
+  }
+
+}

roles/telemetry/telemetry_central_agent.pp

@@ -0,0 +1,28 @@
+#
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Telemetry Central Agent node (should be run once)
+# Could be managed by spof node as Active / Passive.
+#
+
+class os_telemetry_central_agent(
+  $enable = true,
+){
+
+  class { 'ceilometer::agent::central':
+    enabled => $enabled,
+  }
+
+}

roles/telemetry/telemetry_server.pp

@@ -13,13 +13,13 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 #
-# Metering server nodes
+# Telemetry server nodes
 #
 
 class os_telemetry_server(
   $ks_keystone_internal_host      = $os_params::ks_keystone_internal_host,
   $ks_keystone_internal_proto     = $os_params::ks_keystone_internal_proto,
-  $ks_ceilometer_internal_port      = $os_params::ks_keystone_internal_port,
+  $ks_ceilometer_internal_port    = $os_params::ks_keystone_internal_port,
   $ks_ceilometer_password         = $os_params::ks_ceilometer_password,
   $ceilometer_database_connection = $os_params::ceilometer_database_connection,
 ){
@@ -59,6 +59,4 @@ class os_telemetry_server(
     options           => "check inter 2000 rise 2 fall 5"
   }
 
-# Ceilometer Central Agent is defined in site.pp since it must be installed on only node (not able to scale-out)
-
 }

site-ref.pp

@@ -0,0 +1,134 @@
+#
+# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Basic Architecture
+#
+
+import 'params.pp'
+
+# Import roles
+import 'roles/automation/*.pp'
+import 'roles/cache/*.pp'
+import 'roles/common/*.pp' # mandatory
+import 'roles/compute/*.pp'
+import 'roles/dashboard/*.pp'
+import 'roles/database/*.pp'
+import 'roles/identity/*.pp'
+import 'roles/image/*.pp'
+import 'roles/load-balancer/*.pp'
+import 'roles/messaging/*.pp'
+import 'roles/monitoring/*.pp'
+import 'roles/network/*.pp'
+import 'roles/object-storage/*.pp'
+import 'roles/orchestration/*.pp'
+import 'roles/telemetry/*.pp'
+import 'roles/volume/*.pp'
+
+node common {
+
+# Params
+  class { 'os_params': }
+
+# Common system configuration
+  class { 'os_common_system': }
+
+}
+
+
+# Puppet Master node
+node '1-deployment-node' inherits common{
+
+# Everything related to puppet is bootstraped by jenkins
+# and other stuffs are made by common class.
+
+}
+
+# Controller node
+node '3-controller-nodes' inherits common {
+
+## SPOF services:
+    class {'spof_node':}
+
+## Databases:
+    class {'os_nosql_node':}
+    class {'os_sql_node':}
+
+## Telemetry
+    class {'os_telemetry_common':}
+    class {'os_telemetry_server':}
+
+## Identity
+    class {'os_identity_controller':
+      local_ip => $ipaddress_eth0,
+    }
+
+# Object Storage
+    class {'os_swift_proxy': }
+    class {'os_swift_ringbuilder':
+      rsyncd_ipaddress => $ipaddress_eth0,
+    }
+    Class['os_swift_ringbuilder'] -> Class['os_swift_proxy']
+
+# Messaging
+    class {'os_messaging_server': }
+
+# Cache
+    class {'os_cache_server': }
+
+# Networking
+    class {'os_network_common': }
+    class {'os_network_controller': }
+
+# Orchestration
+    class {'os_orchestration_common': }
+    class {'os_orchestration_api': }
+
+}
+
+# == Network nodes
+node '2-network-nodes' inherits common {
+
+    class {'os_network_common': }
+    class {'os_network_dhcp': }
+    class {'os_network_lbaas': }
+    class {'os_network_l3': }
+    class {'os_network_vpn':}
+
+}
+
+# Storage nodes
+node '3-object-storage-nodes' inherits common{
+
+## Telemetry
+    class {'os_telemetry_common':}
+
+## Object Storage
+    class { 'os_swift_storage':
+        local_ip    => $ipaddress_eth0,
+        swift_zone  =>  $os_params::os_swift_zone[$::hostname],
+    }
+
+}
+
+# Compute nodes
+node 'compute-node' inherits common {
+
+  class { 'os_network_compute': }
+
+  class { 'os_compute_hypervisor':
+    local_ip => $ipaddress_eth0,
+  }
+
+}

site.pp

@@ -33,6 +33,7 @@ import 'roles/monitoring/*.pp'
 import 'roles/network/*.pp'
 import 'roles/object-storage/*.pp'
 import 'roles/orchestration/*.pp'
+import 'roles/spof/*.pp'
 import 'roles/telemetry/*.pp'
 import 'roles/volume/*.pp'