diff --git a/params.pp b/params.pp index be2722f7..bf914bec 100644 --- a/params.pp +++ b/params.pp @@ -35,6 +35,7 @@ class os_params { $site_domain = 'enovance.com' $storage = True $verbose = False + $spof_nodes_are_separate = False # Root hashed password # ToDo(EmilienM): Disable root user in all nodes and use sudo @@ -211,13 +212,19 @@ class os_params { $heat_db_user = 'heat' $ks_heat_admin_host = 'os-ci-test3.enovance.com' $ks_heat_admin_port = '8004' + $ks_heat_cfn_admin_port = '8000' + $ks_heat_cloudwatch_admin_port = '8003' $ks_heat_admin_proto = 'http' $ks_heat_internal_host = 'os-ci-test3.enovance.com' $ks_heat_internal_port = '8004' + $ks_heat_cfn_internal_port = '8000' + $ks_heat_cloudwatch_internal_port = '8003' $ks_heat_internal_proto = 'http' $ks_heat_password = 'EIMMvWvDPEvI08ggT2azYMhGdsNXe6' $ks_heat_public_host = 'os-ci-test3.enovance.com' $ks_heat_public_port = '8004' + $ks_heat_cfn_public_port = '8000' + $ks_heat_cloudwatch_public_port = '8003' $ks_heat_public_proto = 'http' } diff --git a/roles/identity/identity-controller.pp b/roles/identity/identity-controller.pp index b2b3f310..dda5f770 100644 --- a/roles/identity/identity-controller.pp +++ b/roles/identity/identity-controller.pp @@ -196,6 +196,15 @@ class os_identity_controller ( public_protocol => $ks_heat_public_proto, } + class { 'heat::keystone::auth_cfn': + admin_address => $ks_heat_admin_host, + internal_address => $ks_heat_internal_host, + password => $ks_heat_password, + public_address => $ks_heat_public_host, + public_protocol => $ks_heat_public_proto, + } + + @@haproxy::balancermember{"${fqdn}-keystone_api": listening_service => "keystone_api_cluster", server_names => $::hostname, diff --git a/roles/load-balancer/lb_server.pp b/roles/load-balancer/lb_server.pp index bb4df492..69d29cb0 100644 --- a/roles/load-balancer/lb_server.pp +++ b/roles/load-balancer/lb_server.pp @@ -17,34 +17,39 @@ # class os_lb_server( - $ceilometer_api = true, - $cinder_api = true, - $glance_api = true, - $neutron_api = true, - $nova_api = true, - $ec2_api = true, - $metadata_api = true, - $spice_api = true, - $swift_api = true, - $keystone_api_admin = true, - $keystone_api = true, - $horizon = true, - $haproxy_auth = $os_params::haproxy_auth, - $keepalived_email = $os_params::keepalived_email, - $keepalived_interface = 'eth0', - $keepalived_ipvs = [], - $keepalived_localhost_ip = $ipaddress_eth0, - $keepalived_smtp = $os_params::keepalived_smtp, - $ks_cinder_ceilometer_port = $os_params::ks_ceilometer_public_port, - $ks_cinder_public_port = $os_params::ks_cinder_public_port, - $ks_glance_public_port = $os_params::ks_glance_public_port, - $ks_heat_public_port = $os_params::ks_heat_public_port, - $ks_keystone_admin_port = $os_params::ks_keystone_admin_port, - $ks_keystone_public_port = $os_params::ks_keystone_public_port, - $ks_neutron_public_port = $os_params::ks_neutron_public_port, - $ks_swift_public_port = $os_params::ks_swift_public_port, - $horizon_port = $os_params::horizon_port, - $spice_port = $os_params::spice_port, + $ceilometer_api = true, + $cinder_api = true, + $glance_api = true, + $neutron_api = true, + $heat_api = true, + $heat_cfn_api = true, + $heat_cloudwatch_api = true, + $nova_api = true, + $ec2_api = true, + $metadata_api = true, + $spice_api = true, + $swift_api = true, + $keystone_api_admin = true, + $keystone_api = true, + $horizon = true, + $haproxy_auth = $os_params::haproxy_auth, + $keepalived_email = $os_params::keepalived_email, + $keepalived_interface = 'eth0', + $keepalived_ipvs = [], + $keepalived_localhost_ip = $ipaddress_eth0, + $keepalived_smtp = $os_params::keepalived_smtp, + $ks_cinder_ceilometer_port = $os_params::ks_ceilometer_public_port, + $ks_cinder_public_port = $os_params::ks_cinder_public_port, + $ks_glance_public_port = $os_params::ks_glance_public_port, + $ks_heat_public_port = $os_params::ks_heat_public_port, + $ks_heat_cfn_public_port = $os_params::ks_heat_cfn_public_port, + $ks_heat_cloudwatch_public_port = $os_params::ks_heat_cloudwatch_public_port, + $ks_keystone_admin_port = $os_params::ks_keystone_admin_port, + $ks_keystone_public_port = $os_params::ks_keystone_public_port, + $ks_neutron_public_port = $os_params::ks_neutron_public_port, + $ks_swift_public_port = $os_params::ks_swift_public_port, + $horizon_port = $os_params::horizon_port, + $spice_port = $os_params::spice_port, ){ class { 'haproxy': } @@ -115,6 +120,14 @@ monitor fail if ceilometer_api_dead acl heat_api_dead nbsrv(heat_api_cluster) lt 1 monitor fail if heat_api_dead <%- end -%> +<%- if @heat_cfn_api -%> +acl heat_api_cfn_dead nbsrv(heat_api_cfn_cluster) lt 1 +monitor fail if heat_api_cfn_dead +<%- end -%> +<%- if @heat_cloudwatch_api -%> +acl heat_api_cloudwatch_dead nbsrv(heat_api_cloudwatch_cluster) lt 1 +monitor fail if heat_api_cloudwatch_dead +<%- end -%> <%- if @horizon -%> acl horizon_dead nbsrv(horizon_cluster) lt 1 monitor fail if horizon_dead @@ -200,6 +213,12 @@ monitor fail if horizon_dead if $heat_api { os_haproxy_listen_http{ 'heat_api_cluster': ports => $ks_heat_public_port } } + if $heat_cfn_api { + os_haproxy_listen_http{ 'heat_api_cfn_cluster': ports => $ks_heat_cfn_public_port } + } + if $heat_cloudwatch_api { + os_haproxy_listen_http{ 'heat_api_cloudwatch_cluster': ports => $ks_heat_cloudwatch_public_port } + } if $horizon { os_haproxy_listen_http{ 'horizon_cluster': ports => $horizon_port } } diff --git a/roles/network/network_metadata.pp b/roles/network/network_metadata.pp index e6383d51..b54a4f84 100644 --- a/roles/network/network_metadata.pp +++ b/roles/network/network_metadata.pp @@ -13,10 +13,12 @@ # License for the specific language governing permissions and limitations # under the License. # -# Network Metadata node +# Network Metadata node (need to be run once) +# Could be managed by spof_node manifest # class os_network_metadata( + $enabled = true, $debug = $os_params::debug, $ks_neutron_password = $os_params::ks_neutron_password, $neutron_metadata_proxy_shared_secret = $os_params::neutron_metadata_proxy_shared_secret, @@ -27,6 +29,7 @@ class os_network_metadata( ) { class { 'neutron::agents::metadata': + enabled => $enabled, shared_secret => $neutron_metadata_proxy_shared_secret, debug => $debug, metadata_ip => $ks_nova_internal_host, diff --git a/roles/orchestration/orchestration_api.pp b/roles/orchestration/orchestration_api.pp new file mode 100644 index 00000000..07c3100d --- /dev/null +++ b/roles/orchestration/orchestration_api.pp @@ -0,0 +1,55 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Orchestration APIs node +# + +class os_orchestration_api( + $ks_heat_public_port = $os_params::ks_heat_public_port, + $ks_heat_cfn_public_port = $os_params::ks_heat_cfn_public_port, + $ks_heat_cloudwatch_public_port = $os_params::ks_heat_cloudwatch_public_port, +) { + + class { 'heat::api': } + + class { 'heat::api-cfn': } + + class { 'heat::api-cloudwatch': } + + @@haproxy::balancermember{"${fqdn}-heat_api": + listening_service => "heat_api_cluster", + server_names => $::hostname, + ipaddresses => $local_ip, + ports => $ks_heat_public_port, + options => "check inter 2000 rise 2 fall 5" + } + + @@haproxy::balancermember{"${fqdn}-heat_cfn_api": + listening_service => "heat_cfn_api_cluster", + server_names => $::hostname, + ipaddresses => $local_ip, + ports => $ks_heat__cfn_public_port, + options => "check inter 2000 rise 2 fall 5" + } + + @@haproxy::balancermember{"${fqdn}-heat_cloudwatch_api": + listening_service => "heat_cloudwatch_api_cluster", + server_names => $::hostname, + ipaddresses => $local_ip, + ports => $ks_heat_cloudwatch_public_port, + options => "check inter 2000 rise 2 fall 5" + } + +} diff --git a/roles/orchestration/orchestration_controller.pp b/roles/orchestration/orchestration_common.pp similarity index 76% rename from roles/orchestration/orchestration_controller.pp rename to roles/orchestration/orchestration_common.pp index fddbdb6d..710028e2 100644 --- a/roles/orchestration/orchestration_controller.pp +++ b/roles/orchestration/orchestration_common.pp @@ -13,10 +13,10 @@ # License for the specific language governing permissions and limitations # under the License. # -# Orchestration controller node +# Orchestration common node # -class os_orchestration_controller( +class os_orchestration_common( $ks_keystone_internal_host = $os_params::ks_keystone_internal_host, $ks_keystone_internal_port = $os_params::ks_keystone_internal_port, $ks_keystone_internal_proto = $os_params::ks_keystone_internal_proto, @@ -52,20 +52,4 @@ class os_orchestration_controller( debug => $debug, } - class { 'heat::api': } - - class { 'heat::engine': - heat_metadata_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000", - heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000/v1/waitcondition", - heat_watch_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8003" - } - - @@haproxy::balancermember{"${fqdn}-heat_api": - listening_service => "heat_api_cluster", - server_names => $::hostname, - ipaddresses => $local_ip, - ports => $ks_keystone_internal_port, - options => "check inter 2000 rise 2 fall 5" - } - } diff --git a/roles/orchestration/orchestration_engine.pp b/roles/orchestration/orchestration_engine.pp new file mode 100644 index 00000000..5d5c57a0 --- /dev/null +++ b/roles/orchestration/orchestration_engine.pp @@ -0,0 +1,34 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Orchestration engine node (should be run once) +# Could be managed by spof node as Active / Passive. +# + +class os_orchestration_engine( + $enable = true, + $ks_heat_public_host = $os_params::ks_heat_public_host, + $ks_heat_public_proto = $os_params::ks_heat_public_proto, + $ks_heat_password = $os_params::ks_heat_password, +) { + + class { 'heat::engine': + enabled => $enabled, + heat_metadata_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000", + heat_waitcondition_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8000/v1/waitcondition", + heat_watch_server_url => "${ks_heat_public_proto}://${ks_heat_public_host}:8003" + } + +} diff --git a/roles/spof/spof_node.pp b/roles/spof/spof_node.pp new file mode 100644 index 00000000..2ad6e6a0 --- /dev/null +++ b/roles/spof/spof_node.pp @@ -0,0 +1,119 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPOF node usually installed twice, and managed by Pacemaker / Corosync +# + +class os_spof_node( + $debug = $os_params::debug, + $spof_nodes_are_separate = $os_params::spof_nodes_are_separate, +) { + + # Corosync & Pacemaker + class { 'corosync': + enable_secauth => false, + authkey => '/var/lib/puppet/ssl/certs/ca.pem', + bind_address => $::network_eth0, + multicast_address => '239.1.1.2', + } + + cs_property { + 'no-quorum-policy': value => 'ignore'; + 'stonith-enabled': value => 'false'; + 'pe-warn-series-max': value => 1000; + 'pe-input-series-max': value => 1000; + 'cluster-recheck-interval': value => '5min'; + } + + corosync::service { 'pacemaker': + version => '0', + } + + # Resources managed by Corosync as Active / Passive + Package['corosync'] -> + file { '/usr/lib/ocf/resource.d/heartbeat/ceilometer-agent-central': + source => '/scripts/ceilometer-agent-central_resource-agent', + mode => '0755', + owner => 'root', + group => 'root', + } -> + cs_primitive { 'ceilometer-agent-central': + primitive_class => 'ocf', + primitive_type => 'ceilometer-agent-central', + provided_by => 'heartbeat', + operations => { + 'monitor' => { interval => '10s', 'timeout' => '30s' }, + 'start' => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' } + } + } + + Package['corosync'] -> + file { '/usr/lib/ocf/resource.d/heartbeat/neutron-metadata-agent': + source => '/scripts/neutron-metadata-agent_resource-agent', + mode => '0755', + owner => 'root', + group => 'root', + } -> + cs_primitive { 'neutron-metadata-agent': + primitive_class => 'ocf', + primitive_type => 'neutron-metadata-agent', + provided_by => 'heartbeat', + operations => { + 'monitor' => { interval => '10s', 'timeout' => '30s' }, + 'start' => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' } + } + } + + Package['corosync'] -> + file { '/usr/lib/ocf/resource.d/heartbeat/heat-engine': + source => '/scripts/heat-engine_resource-agent', + mode => '0755', + owner => 'root', + group => 'root', + } -> + cs_primitive { 'heat-engine': + primitive_class => 'ocf', + primitive_type => 'heat-engine', + provided_by => 'heartbeat', + operations => { + 'monitor' => { interval => '10s', 'timeout' => '30s' }, + 'start' => { interval => '0', 'timeout' => '30s', 'on-fail' => 'restart' } + } + } + + # If SPOF nodes are separated from controller nodes, + # we should import common OpenStack classes: + if $spof_nodes_are_separate { + class { 'os_network_common': } + class { 'os_orchestration_common': } + class { 'os_telemetry_common': } + } + + # Run OpenStack Networking Metadata service + class { 'os_network_metadata': + enabled => false, + } + + # Run Heat Engine service + class { 'os_orchestration_engine': + enabled => false, + } + + # Run Ceilometer Agent Central service + class { 'os_telemetry_central_agent': + enabled => false, + } + +} diff --git a/roles/telemetry/telemetry_central_agent.pp b/roles/telemetry/telemetry_central_agent.pp new file mode 100644 index 00000000..cb7a572b --- /dev/null +++ b/roles/telemetry/telemetry_central_agent.pp @@ -0,0 +1,28 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Telemetry Central Agent node (should be run once) +# Could be managed by spof node as Active / Passive. +# + +class os_telemetry_central_agent( + $enable = true, +){ + + class { 'ceilometer::agent::central': + enabled => $enabled, + } + +} diff --git a/roles/telemetry/telemetry_server.pp b/roles/telemetry/telemetry_server.pp index 88254c0e..21d0f0a9 100644 --- a/roles/telemetry/telemetry_server.pp +++ b/roles/telemetry/telemetry_server.pp @@ -13,13 +13,13 @@ # License for the specific language governing permissions and limitations # under the License. # -# Metering server nodes +# Telemetry server nodes # class os_telemetry_server( $ks_keystone_internal_host = $os_params::ks_keystone_internal_host, $ks_keystone_internal_proto = $os_params::ks_keystone_internal_proto, - $ks_ceilometer_internal_port = $os_params::ks_keystone_internal_port, + $ks_ceilometer_internal_port = $os_params::ks_keystone_internal_port, $ks_ceilometer_password = $os_params::ks_ceilometer_password, $ceilometer_database_connection = $os_params::ceilometer_database_connection, ){ @@ -59,6 +59,4 @@ class os_telemetry_server( options => "check inter 2000 rise 2 fall 5" } -# Ceilometer Central Agent is defined in site.pp since it must be installed on only node (not able to scale-out) - } diff --git a/site-ref.pp b/site-ref.pp new file mode 100644 index 00000000..54aa476e --- /dev/null +++ b/site-ref.pp @@ -0,0 +1,134 @@ +# +# Copyright (C) 2013 eNovance SAS +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# Basic Architecture +# + +import 'params.pp' + +# Import roles +import 'roles/automation/*.pp' +import 'roles/cache/*.pp' +import 'roles/common/*.pp' # mandatory +import 'roles/compute/*.pp' +import 'roles/dashboard/*.pp' +import 'roles/database/*.pp' +import 'roles/identity/*.pp' +import 'roles/image/*.pp' +import 'roles/load-balancer/*.pp' +import 'roles/messaging/*.pp' +import 'roles/monitoring/*.pp' +import 'roles/network/*.pp' +import 'roles/object-storage/*.pp' +import 'roles/orchestration/*.pp' +import 'roles/telemetry/*.pp' +import 'roles/volume/*.pp' + +node common { + +# Params + class { 'os_params': } + +# Common system configuration + class { 'os_common_system': } + +} + + +# Puppet Master node +node '1-deployment-node' inherits common{ + +# Everything related to puppet is bootstraped by jenkins +# and other stuffs are made by common class. + +} + +# Controller node +node '3-controller-nodes' inherits common { + +## SPOF services: + class {'spof_node':} + +## Databases: + class {'os_nosql_node':} + class {'os_sql_node':} + +## Telemetry + class {'os_telemetry_common':} + class {'os_telemetry_server':} + +## Identity + class {'os_identity_controller': + local_ip => $ipaddress_eth0, + } + +# Object Storage + class {'os_swift_proxy': } + class {'os_swift_ringbuilder': + rsyncd_ipaddress => $ipaddress_eth0, + } + Class['os_swift_ringbuilder'] -> Class['os_swift_proxy'] + +# Messaging + class {'os_messaging_server': } + +# Cache + class {'os_cache_server': } + +# Networking + class {'os_network_common': } + class {'os_network_controller': } + +# Orchestration + class {'os_orchestration_common': } + class {'os_orchestration_api': } + +} + +# == Network nodes +node '2-network-nodes' inherits common { + + class {'os_network_common': } + class {'os_network_dhcp': } + class {'os_network_lbaas': } + class {'os_network_l3': } + class {'os_network_vpn':} + +} + +# Storage nodes +node '3-object-storage-nodes' inherits common{ + +## Telemetry + class {'os_telemetry_common':} + +## Object Storage + class { 'os_swift_storage': + local_ip => $ipaddress_eth0, + swift_zone => $os_params::os_swift_zone[$::hostname], + } + +} + +# Compute nodes +node 'compute-node' inherits common { + + class { 'os_network_compute': } + + class { 'os_compute_hypervisor': + local_ip => $ipaddress_eth0, + } + +} diff --git a/site.pp b/site.pp index 948032ac..a024fee2 100644 --- a/site.pp +++ b/site.pp @@ -33,6 +33,7 @@ import 'roles/monitoring/*.pp' import 'roles/network/*.pp' import 'roles/object-storage/*.pp' import 'roles/orchestration/*.pp' +import 'roles/spof/*.pp' import 'roles/telemetry/*.pp' import 'roles/volume/*.pp'