From 7bba3d59a010129741de6d3cfe78f86c73cfade5 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 10:52:28 -0700 Subject: [PATCH 01/13] Add support for setting regions. This commit adds a region parameter which can be used to set the region used for all keystone endpoints. --- manifests/controller.pp | 1 + manifests/keystone.pp | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/manifests/controller.pp b/manifests/controller.pp index d0d54d8..de7843d 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -189,6 +189,7 @@ class openstack::controller ( public_address => $public_address, internal_address => $internal_address, admin_address => $admin_address, + region => $region, glance_user_password => $glance_user_password, nova_user_password => $nova_user_password, cinder => $cinder, diff --git a/manifests/keystone.pp b/manifests/keystone.pp index df74088..ed23031 100644 --- a/manifests/keystone.pp +++ b/manifests/keystone.pp @@ -54,6 +54,7 @@ class openstack::keystone ( $admin_tenant = 'admin', $verbose = 'False', $bind_host = '0.0.0.0', + $region = 'RegionOne', $internal_address = false, $admin_address = false, $glance_public_address = false, @@ -177,6 +178,7 @@ class openstack::keystone ( public_address => $public_address, admin_address => $admin_real, internal_address => $internal_real, + region => $region, } # Configure Glance endpoint in Keystone @@ -186,6 +188,7 @@ class openstack::keystone ( public_address => $glance_public_real, admin_address => $glance_admin_real, internal_address => $glance_internal_real, + region => $region, } } @@ -196,6 +199,7 @@ class openstack::keystone ( public_address => $nova_public_real, admin_address => $nova_admin_real, internal_address => $nova_internal_real, + region => $region, } } @@ -206,6 +210,7 @@ class openstack::keystone ( public_address => $cinder_public_real, admin_address => $cinder_admin_real, internal_address => $cinder_internal_real, + region => $region, } } if $quantum { @@ -214,6 +219,7 @@ class openstack::keystone ( public_address => $quantum_public_real, admin_address => $quantum_admin_real, internal_address => $quantum_internal_real, + region => $region, } } } From 69e48a2ed27a619fee267f5963be23fd1404d2eb Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:02:31 -0700 Subject: [PATCH 02/13] re-add nova-network support This commit adds nova network support for openstack::compute, openstack::controller, and openstack::nova::controller. --- manifests/compute.pp | 80 +++++++++++++++++++++--------------- manifests/controller.pp | 5 +++ manifests/nova/controller.pp | 34 ++++++++------- 3 files changed, 72 insertions(+), 47 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 455aa1d..c093cc5 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -22,9 +22,18 @@ class openstack::compute ( $nova_user_password, # Required Rabbit $rabbit_password, - # Network # DB $sql_connection = false, + # Network + $quantum = true, + $public_address = $internal_address, + $admin_address = $internal_address, + $public_interface = undef, + $private_interface = undef, + $fixed_range = undef, + $network_manager = 'nova.network.manager.FlatDHCPManager', + $network_config = {}, + $multi_host = false, # Nova $purge_nova_config = true, # Rabbit @@ -84,41 +93,46 @@ class openstack::compute ( # if the compute node should be configured as a multi-host # compute installation - if $multi_host { - include keystone::python - #nova_config { - # 'multi_host': value => 'True'; - # 'send_arp_for_ha': value => 'True'; - #} - #if ! $public_interface { - # fail('public_interface must be defined for multi host compute nodes') - #} - #$enable_network_service = true - class { 'nova::api': - enabled => true, - admin_tenant_name => 'services', - admin_user => 'nova', - admin_password => $nova_user_password, - # TODO override enabled_apis + if $quantum == false { + if $multi_host { + include keystone::python + nova_config { + 'multi_host': value => 'True'; + 'send_arp_for_ha': value => 'True'; + } + if ! $public_interface { + fail('public_interface must be defined for multi host compute nodes') + } + $enable_network_service = true + class { 'nova::api': + enabled => true, + admin_tenant_name => 'services', + admin_user => 'nova', + admin_password => $nova_user_password, + # TODO override enabled_apis + } + } else { + $enable_network_service = false + nova_config { + 'multi_host': value => 'False'; + 'send_arp_for_ha': value => 'False'; + } + } + + class { 'nova::network': + private_interface => $private_interface, + public_interface => $public_interface, + fixed_range => $fixed_range, + floating_range => false, + network_manager => $network_manager, + config_overrides => $network_config, + create_networks => false, + enabled => $enable_network_service, + install_service => $enable_network_service, } } else { - #$enable_network_service = false - #nova_config { - # 'multi_host': value => 'False'; - # 'send_arp_for_ha': value => 'False'; - #} + # TODO install quantum } - #class { 'nova::network': - # private_interface => $private_interface, - # public_interface => $public_interface, - # fixed_range => $fixed_range, - # floating_range => false, - # network_manager => $network_manager, - # config_overrides => $network_config, - # create_networks => false, - # enabled => $enable_network_service, - # install_service => $enable_network_service, - #} } diff --git a/manifests/controller.pp b/manifests/controller.pp index de7843d..c510050 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -83,6 +83,7 @@ class openstack::controller ( # Required Horizon $secret_key = 'dummy_secret_key', # not sure if this works correctly + # Network $internal_address = $public_address, $admin_address = $public_address, $network_manager = 'nova.network.manager.FlatDHCPManager', @@ -111,6 +112,7 @@ class openstack::controller ( $nova_db_user = 'nova', $nova_db_dbname = 'nova', $purge_nova_config = true, + $quantum = true, # Rabbit $rabbit_password = 'rabbit_pw', $rabbit_user = 'nova', @@ -228,6 +230,7 @@ class openstack::controller ( db_host => $db_host, # Network network_manager => $network_manager, + network_config => $network_config, floating_range => $floating_range, fixed_range => $fixed_range, public_address => $public_address, @@ -237,6 +240,8 @@ class openstack::controller ( create_networks => $create_networks, num_networks => $num_networks, multi_host => $multi_host, + public_interface => $public_interface, + private_interface => $private_interface, quantum => $quantum, # Nova nova_user_password => $nova_user_password, diff --git a/manifests/nova/controller.pp b/manifests/nova/controller.pp index 187ef24..8288459 100644 --- a/manifests/nova/controller.pp +++ b/manifests/nova/controller.pp @@ -30,15 +30,18 @@ class openstack::nova::controller ( $nova_user_password, $nova_db_password, # Network - $fixed_range = '10.0.0.0/24', + $network_manager = 'nova.network.manager.FlatDHCPManager', + $network_config = {}, $floating_range = false, - $internal_address = $public_address, + $fixed_range = '10.0.0.0/24', $admin_address = $public_address, + $internal_address = $public_address, $auto_assign_floating_ip = false, $create_networks = true, $num_networks = 1, $multi_host = false, - $network_manager = 'nova.network.manager.FlatDHCPManager', + $public_interface = undef, + $private_interface = undef, $quantum = true, # Nova $nova_db_user = 'nova', @@ -115,17 +118,6 @@ class openstack::nova::controller ( auth_host => $keystone_host, } - # Configure nova-network - if $multi_host { - nova_config { 'multi_host': value => 'True' } - $enable_network_service = false - } else { - if $enabled { - $enable_network_service = true - } else { - $enable_network_service = false - } - } if $enabled { $really_create_networks = $create_networks @@ -134,6 +126,18 @@ class openstack::nova::controller ( } if $quantum == false { + # Configure nova-network + if $multi_host { + nova_config { 'multi_host': value => 'True' } + $enable_network_service = false + } else { + if $enabled { + $enable_network_service = true + } else { + $enable_network_service = false + } + } + class { 'nova::network': private_interface => $private_interface, public_interface => $public_interface, @@ -146,6 +150,8 @@ class openstack::nova::controller ( enabled => $enable_network_service, install_service => $enable_network_service, } + } else { + # Set up Quantum } if $auto_assign_floating_ip { From 867b783b8a20a71466dc72c5be12cc195cb47814 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:13:27 -0700 Subject: [PATCH 03/13] Add cinder config to nova::compute embed logic for managing cinder in openstack::compute. --- manifests/compute.pp | 19 +++++++++++++++++++ manifests/controller.pp | 1 + 2 files changed, 20 insertions(+) diff --git a/manifests/compute.pp b/manifests/compute.pp index c093cc5..382254e 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -46,6 +46,13 @@ class openstack::compute ( # VNC $vnc_enabled = true, $vncproxy_host = undef, + $vncserver_listen = $internal_address, + # cinder / volumes + $cinder = true, + $cinder_sql_connection = undef, + $manage_volumes = true, + $nova_volume = 'cinder-volumes', + $iscsi_ip_address = '127.0.0.1', # General $verbose = 'False', $enabled = true @@ -134,5 +141,17 @@ class openstack::compute ( # TODO install quantum } + if ($cinder) { + class { 'cinder': + rabbit_password => $rabbit_password, + rabbit_host => $rabbit_host, + sql_connection => $cinder_sql_connection, + verbose => $verbose, + } + class { 'cinder::volume': } + class { 'cinder::volume::iscsi': } + } else { + # Set up nova-volume + } } diff --git a/manifests/controller.pp b/manifests/controller.pp index c510050..8391bef 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -127,6 +127,7 @@ class openstack::controller ( $verbose = 'False', $export_resources = true, # if the cinder management components should be installed + $cinder = false, $cinder_user_password = 'cinder_user_pass', $cinder_db_password = 'cinder_db_pass', $cinder_db_user = 'cinder', From ea22f02ab3b1cd9b6141d01221137c1d00d86e10 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:18:04 -0700 Subject: [PATCH 04/13] stop exporting resources. This commit removes embedded logic that was exporting resources. Service discovery should be performed from the site manifest using query against puppet db. --- manifests/compute.pp | 8 ++------ manifests/controller.pp | 3 --- manifests/nova/controller.pp | 22 +++------------------- 3 files changed, 5 insertions(+), 28 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 382254e..d7e65a4 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -23,7 +23,7 @@ class openstack::compute ( # Required Rabbit $rabbit_password, # DB - $sql_connection = false, + $sql_connection, # Network $quantum = true, $public_address = $internal_address, @@ -37,7 +37,7 @@ class openstack::compute ( # Nova $purge_nova_config = true, # Rabbit - $rabbit_host = false, + $rabbit_host = '127.0.0.1', $rabbit_user = 'nova', # Glance $glance_api_servers = false, @@ -70,10 +70,6 @@ class openstack::compute ( } } - $final_sql_connection = $sql_connection - $glance_connection = $glance_api_servers - $rabbit_connection = $rabbit_host - class { 'nova': sql_connection => $sql_connection, rabbit_userid => $rabbit_user, diff --git a/manifests/controller.pp b/manifests/controller.pp index 8391bef..980a2a1 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -31,7 +31,6 @@ # [network_config] Hash that can be used to pass implementation specifc # network settings. Optioal. Defaults to {} # [verbose] Whether to log services at verbose. -# [export_resources] Rather to export resources. # Horizon related config - assumes puppetlabs-horizon code # [secret_key] secret key to encode cookies, … # [cache_server_ip] local memcached instance ip @@ -125,7 +124,6 @@ class openstack::controller ( $horizon_app_links = undef, # General $verbose = 'False', - $export_resources = true, # if the cinder management components should be installed $cinder = false, $cinder_user_password = 'cinder_user_pass', @@ -257,7 +255,6 @@ class openstack::controller ( # General verbose => $verbose, enabled => $enabled, - exported_resources => $export_resources, } ######### Cinder Controller Services ######## diff --git a/manifests/nova/controller.pp b/manifests/nova/controller.pp index 8288459..873bdce 100644 --- a/manifests/nova/controller.pp +++ b/manifests/nova/controller.pp @@ -58,7 +58,6 @@ class openstack::nova::controller ( $keystone_host = '127.0.0.1', $verbose = 'False', $enabled = true, - $exported_resources = true ) { # Configure the db string @@ -73,25 +72,10 @@ class openstack::nova::controller ( } else { $real_glance_api_servers = $glance_api_servers } - if ($exported_resources) { - # export all of the things that will be needed by the clients - @@nova_config { 'rabbit_host': value => $internal_address } - Nova_config <| title == 'rabbit_host' |> - @@nova_config { 'sql_connection': value => $nova_db } - Nova_config <| title == 'sql_connection' |> - - @@nova_config { 'glance_api_servers': value => $real_glance_api_servers } - Nova_config <| title == 'glance_api_servers' |> - - $sql_connection = false - $glance_connection = false - $rabbit_connection = false - } else { - $sql_connection = $nova_db - $glance_connection = $real_glance_api_servers - $rabbit_connection = $internal_address - } + $sql_connection = $nova_db + $glance_connection = $real_glance_api_servers + $rabbit_connection = $internal_address # Install / configure rabbitmq class { 'nova::rabbitmq': From 7f969c591853ac2b31dd705cdf816edff93b5bd4 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:21:33 -0700 Subject: [PATCH 05/13] Add live migration support --- manifests/compute.pp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index d7e65a4..6ac05b5 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -54,6 +54,7 @@ class openstack::compute ( $nova_volume = 'cinder-volumes', $iscsi_ip_address = '127.0.0.1', # General + $migration_support = false, $verbose = 'False', $enabled = true ) { @@ -90,8 +91,9 @@ class openstack::compute ( # Configure libvirt for nova-compute class { 'nova::compute::libvirt': - libvirt_type => $libvirt_type, - vncserver_listen => $internal_address, + libvirt_type => $libvirt_type, + vncserver_listen => $vncserver_listen, + migration_support => $migration_support, } # if the compute node should be configured as a multi-host From 7254a339e31a37fe1e424d6267e693e85e2e29a0 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:27:19 -0700 Subject: [PATCH 06/13] style updates --- manifests/compute.pp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 6ac05b5..0383162 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -35,7 +35,7 @@ class openstack::compute ( $network_config = {}, $multi_host = false, # Nova - $purge_nova_config = true, + $purge_nova_config = true, # Rabbit $rabbit_host = '127.0.0.1', $rabbit_user = 'nova', From 89002ebfc5d61640fe1d380d74c9c102a297f87b Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:28:59 -0700 Subject: [PATCH 07/13] add vnc_enabled flag --- manifests/controller.pp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifests/controller.pp b/manifests/controller.pp index 980a2a1..9f247a1 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -122,6 +122,8 @@ class openstack::controller ( $quantum = false, $cinder = false, $horizon_app_links = undef, + # VNC + $vnc_enabled = true, # General $verbose = 'False', # if the cinder management components should be installed @@ -252,6 +254,8 @@ class openstack::controller ( rabbit_password => $rabbit_password, # Glance glance_api_servers => $glance_api_servers, + # VNC + vnc_enabled => $vnc_enabled, # General verbose => $verbose, enabled => $enabled, From 7e9d20669b441ac0ba4a9cd47b2ae855cfbd7daf Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:45:52 -0700 Subject: [PATCH 08/13] reorganize class params for controller --- manifests/controller.pp | 49 ++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 28 deletions(-) diff --git a/manifests/controller.pp b/manifests/controller.pp index 9f247a1..d0248ab 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -66,22 +66,34 @@ class openstack::controller ( $public_address, $public_interface, $private_interface, - # Required Database + # Database + $db_host = '127.0.0.1', + $db_type = 'mysql', $mysql_root_password = 'sql_pass', - # Required Keystone + $mysql_account_security = true, + $mysql_bind_address = '0.0.0.0', + $allowed_hosts = '%', + # Keystone $admin_email = 'some_user@some_fake_email_address.foo', $admin_password = 'ChangeMe', $keystone_db_password = 'keystone_pass', + $keystone_db_user = 'keystone', + $keystone_db_dbname = 'keystone', $keystone_admin_token = 'keystone_admin_token', - # Required Glance + $keystone_admin_tenant = 'admin', + $region = 'RegionOne', + # Glance $glance_db_password = 'glance_pass', + $glance_db_user = 'glance', + $glance_db_dbname = 'glance', $glance_user_password = 'glance_pass', - # Required Nova + $glance_api_servers = undef, + # Nova $nova_db_password = 'nova_pass', + $nova_db_user = 'nova', + $nova_db_dbname = 'nova', $nova_user_password = 'nova_pass', - # Required Horizon - $secret_key = 'dummy_secret_key', - # not sure if this works correctly + $purge_nova_config = true, # Network $internal_address = $public_address, $admin_address = $public_address, @@ -93,35 +105,16 @@ class openstack::controller ( $multi_host = false, $auto_assign_floating_ip = false, $network_config = {}, - # Database - $db_host = '127.0.0.1', - $db_type = 'mysql', - $mysql_account_security = true, - $mysql_bind_address = '0.0.0.0', - $allowed_hosts = '%', - # Keystone - $keystone_db_user = 'keystone', - $keystone_db_dbname = 'keystone', - $keystone_admin_tenant = 'admin', - # Glance - $glance_db_user = 'glance', - $glance_db_dbname = 'glance', - $glance_api_servers = undef, - # Nova - $nova_db_user = 'nova', - $nova_db_dbname = 'nova', - $purge_nova_config = true, $quantum = true, # Rabbit $rabbit_password = 'rabbit_pw', $rabbit_user = 'nova', # Horizon + $secret_key = 'dummy_secret_key', $cache_server_ip = '127.0.0.1', $cache_server_port = '11211', - $swift = false, - $quantum = false, - $cinder = false, $horizon_app_links = undef, + $swift = false, # VNC $vnc_enabled = true, # General From 94f5b516a607dde056d2a456e863c837128697c4 Mon Sep 17 00:00:00 2001 From: Joe Topjian Date: Wed, 24 Oct 2012 11:46:12 -0700 Subject: [PATCH 09/13] refactor all.pp Massive refactor for all in one installation for folsom. --- manifests/all.pp | 298 ++++++++++++++++++++++++++++------------------- 1 file changed, 180 insertions(+), 118 deletions(-) diff --git a/manifests/all.pp b/manifests/all.pp index f6ac7cc..029a95c 100644 --- a/manifests/all.pp +++ b/manifests/all.pp @@ -59,60 +59,66 @@ class openstack::all ( # Network Required $public_address, - # MySQL Required - $mysql_root_password = 'sql_pass', - # Rabbit Required - $rabbit_password = 'rabbitpw', - # Keystone Required - $keystone_db_password = 'keystone_pass', - $keystone_admin_token = 'keystone_admin_token', - $admin_email = 'some_user@some_fake_email_address.foo', - $admin_password = 'ChangeMe', - # Nova Required - $nova_db_password = 'nova_pass', - $nova_user_password = 'nova_pass', - # Glance Required - $glance_db_password = 'glance_pass', - $glance_user_password = 'glance_pass', - # Horizon Required - $secret_key = 'dummy_secret_key', - # Network $public_interface = 'eth0', $private_interface = 'eth1', - $fixed_range = '10.0.0.0/24', - $network_manager = 'nova.network.manager.FlatDHCPManager', - $network_config = {}, - $auto_assign_floating_ip = false, - $floating_range = false, - $create_networks = true, - $num_networks = 1, - # MySQL + # Database + $mysql_root_password = 'sql_pass', $db_type = 'mysql', $mysql_account_security = true, $allowed_hosts = ['127.0.0.%'], - # Rabbit - $rabbit_user = 'nova', # Keystone + $admin_email = 'some_user@some_fake_email_address.foo', + $admin_password = 'ChangeMe', + $keystone_db_password = 'keystone_pass', $keystone_db_user = 'keystone', $keystone_db_dbname = 'keystone', + $keystone_admin_token = 'keystone_admin_token', $keystone_admin_tenant = 'admin', - # Nova - $nova_db_user = 'nova', - $nova_db_dbname = 'nova', - $purge_nova_config = true, - # Glance + $region = 'RegionOne', + # Glance Required + $glance_db_password = 'glance_pass', $glance_db_user = 'glance', $glance_db_dbname = 'glance', + $glance_user_password = 'glance_pass', + # Nova + $nova_db_password = 'nova_pass', + $nova_db_user = 'nova', + $nova_db_dbname = 'nova', + $nova_user_password = 'nova_pass', + $purge_nova_config = true, + # Network + $network_manager = 'nova.network.manager.FlatDHCPManager', + $fixed_range = '10.0.0.0/24', + $floating_range = false, + $create_networks = true, + $num_networks = 1, + $auto_assign_floating_ip = false, + $network_config = {}, + $quantum = true, + # Rabbit + $rabbit_password = 'rabbit_pw', + $rabbit_user = 'nova', # Horizon + $secret_key = 'dummy_secret_key', $cache_server_ip = '127.0.0.1', $cache_server_port = '11211', $swift = false, - $quantum = false, $horizon_app_links = undef, + # if the cinder management components should be installed + $cinder = true, + $cinder_user_password = 'cinder_user_pass', + $cinder_db_password = 'cinder_db_pass', + $cinder_db_user = 'cinder', + $cinder_db_dbname = 'cinder', + $volume_group = 'cinder-volumes', + $cinder_test = false, + # + $quantum_user_password = 'quantum_user_pass', + $quantum_db_password = 'quantum_db_pass', + $quantum_db_user = 'quantum', + $quantum_db_dbname = 'quantum', # Virtaulization $libvirt_type = 'kvm', - # Volume - $nova_volume = 'nova-volumes', # VNC $vnc_enabled = true, # General @@ -123,26 +129,36 @@ class openstack::all ( # Ensure things are run in order Class['openstack::db::mysql'] -> Class['openstack::keystone'] Class['openstack::db::mysql'] -> Class['openstack::glance'] - Class['openstack::db::mysql'] -> Class['openstack::nova::controller'] # set up mysql server - case $db_type { - 'mysql': { - class { 'openstack::db::mysql': - mysql_root_password => $mysql_root_password, - mysql_bind_address => '127.0.0.1', - mysql_account_security => $mysql_account_security, - keystone_db_user => $keystone_db_user, - keystone_db_password => $keystone_db_password, - keystone_db_dbname => $keystone_db_dbname, - glance_db_user => $glance_db_user, - glance_db_password => $glance_db_password, - glance_db_dbname => $glance_db_dbname, - nova_db_user => $nova_db_user, - nova_db_password => $nova_db_password, - nova_db_dbname => $nova_db_dbname, - allowed_hosts => $allowed_hosts, - } + if ($db_type == 'mysql') { + if ($enabled) { + Class['glance::db::mysql'] -> Class['glance::registry'] + $nova_db = "mysql://${nova_db_user}:${nova_db_password}@127.0.0.1/nova?charset=utf8" + } else { + $nova_db = false + } + class { 'openstack::db::mysql': + mysql_root_password => $mysql_root_password, + mysql_account_security => $mysql_account_security, + keystone_db_user => $keystone_db_user, + keystone_db_password => $keystone_db_password, + keystone_db_dbname => $keystone_db_dbname, + glance_db_user => $glance_db_user, + glance_db_password => $glance_db_password, + glance_db_dbname => $glance_db_dbname, + nova_db_user => $nova_db_user, + nova_db_password => $nova_db_password, + nova_db_dbname => $nova_db_dbname, + cinder => $cinder, + cinder_db_user => $cinder_db_user, + cinder_db_password => $cinder_db_password, + cinder_db_dbname => $cinder_db_dbname, + quantum => $quantum, + quantum_db_user => $quantum_db_user, + quantum_db_password => $quantum_db_password, + quantum_db_dbname => $quantum_db_dbname, + allowed_hosts => $allowed_hosts, } } @@ -151,18 +167,23 @@ class openstack::all ( verbose => $verbose, db_type => $db_type, db_host => '127.0.0.1', - keystone_db_password => $keystone_db_password, - keystone_db_dbname => $keystone_db_dbname, - keystone_db_user => $keystone_db_user, - keystone_admin_token => $keystone_admin_token, - keystone_admin_tenant => $keystone_admin_tenant, + db_password => $keystone_db_password, + db_name => $keystone_db_dbname, + db_user => $keystone_db_user, + admin_token => $keystone_admin_token, + admin_tenant => $keystone_admin_tenant, admin_email => $admin_email, admin_password => $admin_password, public_address => $public_address, internal_address => '127.0.0.1', admin_address => '127.0.0.1', + region => $region, glance_user_password => $glance_user_password, nova_user_password => $nova_user_password, + cinder => $cinder, + cinder_user_password => $cinder_user_password, + quantum => $quantum, + quantum_user_password => $quantum_user_password, } ######## GLANCE ########## @@ -174,6 +195,7 @@ class openstack::all ( glance_db_dbname => $glance_db_dbname, glance_db_password => $glance_db_password, glance_user_password => $glance_user_password, + enabled => $enabled, } ######## NOVA ########### @@ -188,68 +210,108 @@ class openstack::all ( } } - class { 'openstack::nova::controller': - # Network - network_manager => $network_manager, - network_config => $network_config, - private_interface => $private_interface, - public_interface => $public_interface, - floating_range => $floating_range, - fixed_range => $fixed_range, - public_address => $public_address, - admin_address => '127.0.0.1', - internal_address => '127.0.0.1', - auto_assign_floating_ip => $auto_assign_floating_ip, - create_networks => $create_networks, - num_networks => $num_networks, - multi_host => false, - # Database - db_host => '127.0.0.1', - # Nova - nova_user_password => $nova_user_password, - nova_db_password => $nova_db_password, - nova_db_user => $nova_db_user, - nova_db_dbname => $nova_db_dbname, - # Rabbit - rabbit_user => $rabbit_user, - rabbit_password => $rabbit_password, - # Glance - glance_api_servers => '127.0.0.1:9292', - # VNC - vnc_enabled => $vnc_enabled, - # General - verbose => $verbose, - enabled => $enabled, - exported_resources => false, + # Install / configure rabbitmq + class { 'nova::rabbitmq': + userid => $rabbit_user, + password => $rabbit_password, + enabled => $enabled, } - class { 'openstack::nova::compute': - # Network - public_address => $public_address, - private_interface => $private_interface, - public_interface => $public_interface, - fixed_range => $fixed_range, - network_manager => $network_manager, - network_config => $network_config, - multi_host => false, - internal_address => '127.0.0.1', - # Virtualization - libvirt_type => $libvirt_type, - # Volumes - nova_volume => $nova_volume, - manage_volumes => true, - iscsi_ip_address => '127.0.0.1', - # VNC - vnc_enabled => $vnc_enabled, - vncproxy_host => $public_address, - # Nova - nova_user_password => $nova_user_password, - # Rabbit - rabbit_password => $rabbit_password, - # General - verbose => $verbose, - exported_resources => false, + # Configure Nova + class { 'nova': + sql_connection => $nova_db, + rabbit_userid => $rabbit_user, + rabbit_password => $rabbit_password, + image_service => 'nova.image.glance.GlanceImageService', + glance_api_servers => 'localhost:9292', + verbose => $verbose, + rabbit_host => $internal_address, + } + + # Configure nova-api + class { 'nova::api': + enabled => $enabled, + admin_password => $nova_user_password, + auth_host => 'localhost', + } + + if $enabled { + $really_create_networks = $create_networks + } else { + $really_create_networks = false + } + + if $quantum == false { + # Configure nova-network + class { 'nova::network': + private_interface => $private_interface, + public_interface => $public_interface, + fixed_range => $fixed_range, + floating_range => $floating_range, + network_manager => $network_manager, + config_overrides => $network_config, + create_networks => $really_create_networks, + num_networks => $num_networks, + enabled => $enabled, + } + } else { + # Set up Quantum + } + + if $auto_assign_floating_ip { + nova_config { 'auto_assign_floating_ip': value => 'True' } + } + + class { [ + 'nova::scheduler', + 'nova::objectstore', + 'nova::cert', + 'nova::consoleauth' + ]: + enabled => $enabled, + } + + if $vnc_enabled { + class { 'nova::vncproxy': + host => $public_address, + enabled => $enabled, + } + } + + ######### Cinder Controller Services ######## + if ($cinder) { + class { "cinder::base": + verbose => $verbose, + sql_connection => "mysql://${cinder_db_user}:${cinder_db_password}@127.0.0.1/${cinder_db_dbname}?charset=utf8", + rabbit_password => $rabbit_password, + } + + class { 'cinder::api': + keystone_password => $cinder_user_password, + } + + class { 'cinder::scheduler': } + class { 'cinder::volume': } + class { 'cinder::volume::iscsi': + volume_group => $volume_group, + test => $cinder_test, + } + } else { + # Set up nova-volume + } + + # Install / configure nova-compute + class { '::nova::compute': enabled => $enabled, + vnc_enabled => $vnc_enabled, + vncserver_proxyclient_address => $internal_address, + vncproxy_host => 'localhost', + } + + # Configure libvirt for nova-compute + class { 'nova::compute::libvirt': + libvirt_type => $libvirt_type, + vncserver_listen => $internal_address, } ######## Horizon ######## From da518f627c10c70545163cc8c45b6132a05f7e8f Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Wed, 24 Oct 2012 12:14:41 -0700 Subject: [PATCH 10/13] remove unused compute params The params public and admin address were not used by the openstack::compute class so I removed them. --- manifests/compute.pp | 2 -- 1 file changed, 2 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 0383162..7d1da3c 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -26,8 +26,6 @@ class openstack::compute ( $sql_connection, # Network $quantum = true, - $public_address = $internal_address, - $admin_address = $internal_address, $public_interface = undef, $private_interface = undef, $fixed_range = undef, From 5463abbdf161519ac916b1135ee56ae5351ad3bc Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Wed, 24 Oct 2012 12:16:17 -0700 Subject: [PATCH 11/13] remove defaults for controller passwords Setting default password for everything is setting people up for accidentally insecure openstack environments. --- manifests/controller.pp | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/manifests/controller.pp b/manifests/controller.pp index d0248ab..92f6f08 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -66,6 +66,23 @@ class openstack::controller ( $public_address, $public_interface, $private_interface, + $admin_email, + # required password + $admin_password, + $rabbit_password, + $keystone_db_password, + $keystone_admin_token, + $glance_db_password, + $glance_user_password, + $nova_db_password, + $nova_user_password, + $secret_key, + # cinder and quantum password are not required b/c they are + # optional. Not sure what to do about this. + $cinder_user_password = 'cinder_pass', + $cinder_db_password = 'cinder_pass', + $quantum_user_password = 'quantum_pass', + $quantum_db_password = 'quantum_pass', # Database $db_host = '127.0.0.1', $db_type = 'mysql', @@ -74,25 +91,17 @@ class openstack::controller ( $mysql_bind_address = '0.0.0.0', $allowed_hosts = '%', # Keystone - $admin_email = 'some_user@some_fake_email_address.foo', - $admin_password = 'ChangeMe', - $keystone_db_password = 'keystone_pass', $keystone_db_user = 'keystone', $keystone_db_dbname = 'keystone', - $keystone_admin_token = 'keystone_admin_token', $keystone_admin_tenant = 'admin', $region = 'RegionOne', # Glance - $glance_db_password = 'glance_pass', $glance_db_user = 'glance', $glance_db_dbname = 'glance', - $glance_user_password = 'glance_pass', $glance_api_servers = undef, # Nova - $nova_db_password = 'nova_pass', $nova_db_user = 'nova', $nova_db_dbname = 'nova', - $nova_user_password = 'nova_pass', $purge_nova_config = true, # Network $internal_address = $public_address, @@ -107,10 +116,8 @@ class openstack::controller ( $network_config = {}, $quantum = true, # Rabbit - $rabbit_password = 'rabbit_pw', $rabbit_user = 'nova', # Horizon - $secret_key = 'dummy_secret_key', $cache_server_ip = '127.0.0.1', $cache_server_port = '11211', $horizon_app_links = undef, @@ -121,13 +128,9 @@ class openstack::controller ( $verbose = 'False', # if the cinder management components should be installed $cinder = false, - $cinder_user_password = 'cinder_user_pass', - $cinder_db_password = 'cinder_db_pass', $cinder_db_user = 'cinder', $cinder_db_dbname = 'cinder', # - $quantum_user_password = 'quantum_user_pass', - $quantum_db_password = 'quantum_db_pass', $quantum_db_user = 'quantum', $quantum_db_dbname = 'quantum', $enabled = true From 5b293a1970e01bf7191732e0b8c42b15d4639d0d Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Wed, 24 Oct 2012 12:17:10 -0700 Subject: [PATCH 12/13] do not use other class param values as default This commit removes examples where class params used the values of other params as their default. I recently learned that this does not work! --- manifests/compute.pp | 11 +++++++++-- manifests/controller.pp | 19 +++++++++++++++---- 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index 7d1da3c..caddbcc 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -44,7 +44,7 @@ class openstack::compute ( # VNC $vnc_enabled = true, $vncproxy_host = undef, - $vncserver_listen = $internal_address, + $vncserver_listen = false, # cinder / volumes $cinder = true, $cinder_sql_connection = undef, @@ -57,6 +57,13 @@ class openstack::compute ( $enabled = true ) { + if $vncserver_listen { + $vncserver_listen_real = $vncserver_listen + } else { + $vncserver_listen_real = $internal_address + } + + # # indicates that all nova config entries that we did # not specifify in Puppet should be purged from file @@ -90,7 +97,7 @@ class openstack::compute ( # Configure libvirt for nova-compute class { 'nova::compute::libvirt': libvirt_type => $libvirt_type, - vncserver_listen => $vncserver_listen, + vncserver_listen => $vncserver_listen_real, migration_support => $migration_support, } diff --git a/manifests/controller.pp b/manifests/controller.pp index 92f6f08..be1eb45 100644 --- a/manifests/controller.pp +++ b/manifests/controller.pp @@ -104,8 +104,8 @@ class openstack::controller ( $nova_db_dbname = 'nova', $purge_nova_config = true, # Network - $internal_address = $public_address, - $admin_address = $public_address, + $internal_address = false, + $admin_address = false, $network_manager = 'nova.network.manager.FlatDHCPManager', $fixed_range = '10.0.0.0/24', $floating_range = false, @@ -136,6 +136,17 @@ class openstack::controller ( $enabled = true ) { + if $internal_address { + $internal_address_real = $internal_address + } else { + $internal_address_real = $public_address + } + if $admin_address { + $admin_address_real = $admin_address + } else { + $admin_address_real = $public_address + } + # Ensure things are run in order Class['openstack::db::mysql'] -> Class['openstack::keystone'] Class['openstack::db::mysql'] -> Class['openstack::glance'] @@ -186,7 +197,7 @@ class openstack::controller ( admin_email => $admin_email, admin_password => $admin_password, public_address => $public_address, - internal_address => $internal_address, + internal_address => $internal_address_real, admin_address => $admin_address, region => $region, glance_user_password => $glance_user_password, @@ -232,7 +243,7 @@ class openstack::controller ( fixed_range => $fixed_range, public_address => $public_address, admin_address => $admin_address, - internal_address => $internal_address, + internal_address => $internal_address_real, auto_assign_floating_ip => $auto_assign_floating_ip, create_networks => $create_networks, num_networks => $num_networks, From ecf1033c9e6aed711d37f37078edb394c4be0d9f Mon Sep 17 00:00:00 2001 From: Dan Bode Date: Thu, 25 Oct 2012 16:09:30 -0700 Subject: [PATCH 13/13] update cinder def in compute It was out of date with the latest version of the modules. --- manifests/compute.pp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/manifests/compute.pp b/manifests/compute.pp index caddbcc..082db9f 100644 --- a/manifests/compute.pp +++ b/manifests/compute.pp @@ -145,14 +145,19 @@ class openstack::compute ( } if ($cinder) { - class { 'cinder': + class { 'cinder::base': rabbit_password => $rabbit_password, rabbit_host => $rabbit_host, sql_connection => $cinder_sql_connection, verbose => $verbose, } class { 'cinder::volume': } - class { 'cinder::volume::iscsi': } + class { 'cinder::volume::iscsi': + iscsi_ip_address => $internal_address, + volume_group => $nova_volume, + } + + nova_config { 'volume_api_class': value => 'nova.volume.cinder.API' } } else { # Set up nova-volume }