From 9db28abd1fdac6536a6ebb166017accafb97f77a Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Sat, 29 Jun 2013 03:26:45 +0000 Subject: [PATCH] Add a manifest that does basic provisioning. * The intent is to ensure a minimally usable deployment that can launch vm's with network connectivity, as can be done after a devstack deployment. Change-Id: Iee213b03129f770b35d3d6430ea187fd4ababc66 --- manifests/provision.pp | 186 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 manifests/provision.pp diff --git a/manifests/provision.pp b/manifests/provision.pp new file mode 100644 index 0000000..ca0f386 --- /dev/null +++ b/manifests/provision.pp @@ -0,0 +1,186 @@ +# == Class: openstack::provision +# +# This class provides basic provisioning of a bare openstack +# deployment. A non-admin user is created, an image is uploaded, and +# quantum networking is configured. Once complete, it should be +# possible for the non-admin user to create a boot a VM that can be +# logged into via vnc (ssh may require extra configuration). +# +# This module is currently limited to targetting an all-in-one +# deployment for the following reasons: +# +# - puppet-{keystone,glance,quantum} rely on their configuration files being +# available on localhost which is not guaranteed for multi-host. +# +# - the gateway configuration only supports a host that uses the same +# interface for both management and tenant traffic. +# +# - the gateway configuration makes the assumption that the local host is the +# gateway host, which is not guaranteed to be true for multi-host. +# +# === Parameters +# +# Document parameters here. +# +# [*setup_ovs_bridge*] +# Whether to configure the bridge specified by *public_bridge_name* +# with the ip address of the subnet identified by +# *public_subnet_name*. This must be enabled if VMs are to be +# reachable via floating ips. +# +# [*configure_tempest*] +# Whether to use the provisioning details to configure Tempest, the +# OpenStack integration test suite. +# +class openstack::provision( + ## Keystone + # non admin user + $username = 'demo', + $password = 'pass', + $tenant_name = 'demo', + # another non-admin user + $alt_username = 'alt_demo', + $alt_password = 'pass', + $alt_tenant_name = 'alt_demo', + # admin user + $admin_username = 'admin', + $admin_password = 'pass', + $admin_tenant_name = 'admin', + + ## Glance + $image_name = 'cirros', + $image_source = 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img', + $image_ssh_user = 'cirros', + + ## Quantum + $tenant_name = 'demo', + $public_network_name = 'public', + $public_subnet_name = 'public_subnet', + $floating_range = '172.24.4.224/28', + $private_network_name = 'private', + $private_subnet_name = 'private_subnet', + $fixed_range = '10.0.0.0/24', + $router_name = 'router1', + $setup_ovs_bridge = false, + $public_bridge_name = 'br-ex', + + ## Tempest + $configure_tempest = false, + $identity_uri = undef, + $tempest_clone_path = '/var/lib/tempest', + $tempest_clone_owner = 'root', + $setup_venv = false, +) { + ## Users + + keystone_tenant { $tenant_name: + ensure => present, + enabled => 'True', + description => 'default tenant', + } + keystone_user { $username: + ensure => present, + enabled => 'True', + tenant => $tenant_name, + password => $password, + } + + keystone_tenant { $alt_tenant_name: + ensure => present, + enabled => 'True', + description => 'alt tenant', + } + keystone_user { $alt_username: + ensure => present, + enabled => 'True', + tenant => $alt_tenant_name, + password => $alt_password, + } + + ## Images + + glance_image { $image_name: + ensure => present, + is_public => 'yes', + container_format => 'bare', + disk_format => 'qcow2', + source => $image_source, + } + + ## Networks + + quantum_network { $public_network_name: + ensure => present, + router_external => 'True', + tenant_name => $admin_tenant_name, + } + quantum_subnet { $public_subnet_name: + ensure => 'present', + cidr => $floating_range, + network_name => $public_network_name, + tenant_name => $admin_tenant_name, + } + quantum_network { $private_network_name: + ensure => present, + tenant_name => $tenant_name, + } + quantum_subnet { $private_subnet_name: + ensure => present, + cidr => $fixed_range, + network_name => $private_network_name, + tenant_name => $tenant_name, + } + # Tenant-owned router - assumes network namespace isolation + quantum_router { $router_name: + ensure => present, + tenant_name => $tenant_name, + gateway_network_name => $public_network_name, + # A quantum_router resource must explicitly declare a dependency on + # the first subnet of the gateway network. + require => Quantum_subnet[$public_subnet_name], + } + quantum_router_interface { "${router_name}:${private_subnet_name}": + ensure => present, + } + + if $setup_ovs_bridge { + quantum_l3_ovs_bridge { $public_bridge_name: + ensure => present, + subnet_name => $public_subnet_name, + } + } + + ## Tempest + + if $configure_tempest { + class { 'tempest': + tempest_repo_uri => $tempest_repo_uri, + tempest_clone_path => $tempest_clone_path, + tempest_clone_owner => $tempest_clone_owner, + setup_venv => $setup_venv, + image_name => $image_name, + image_name_alt => $image_name, + image_ssh_user => $image_ssh_user, + image_alt_ssh_user => $image_ssh_user, + identity_uri => $identity_uri, + username => $username, + password => $password, + tenant_name => $tenant_name, + alt_username => $alt_username, + alt_password => $alt_password, + alt_tenant_name => $alt_tenant_name, + admin_username => $admin_username, + admin_password => $admin_password, + admin_tenant_name => $admin_tenant_name, + quantum_available => true, + public_network_name => $public_network_name, + require => [ + Keystone_user[$username], + Keystone_user[$alt_username], + Glance_image[$image_name], + Quantum_network[$public_network_name], + ], + } + } + +}