stackforge/puppet-openstack
Code Issues Proposed changes
Files
52d9710d26ee044edd55bc905fc135331c3c2101
puppet-openstack/manifests/provision.pp
Maru Newby 52d9710d26 Revert provisioning of shared networks. 
* As currently defined, the public network is configured to
   support floating ip assignment, and the private network should
   be private to the tenant.  In neither case should the network
   be configured as shared.

Change-Id: I51f7cd75cfd2b8a5a1aadad45b98dd010c0f1935
2013-08-05 12:06:41 -07:00

194 lines
6.4 KiB
Puppet
Raw Blame History

# == Class: openstack::provision
#
# This class provides basic provisioning of a bare openstack
# deployment. A non-admin user is created, an image is uploaded, and
# quantum networking is configured. Once complete, it should be
# possible for the non-admin user to create a boot a VM that can be
# logged into via vnc (ssh may require extra configuration).
#
# This module is currently limited to targetting an all-in-one
# deployment for the following reasons:
#
# - puppet-{keystone,glance,quantum} rely on their configuration files being
# available on localhost which is not guaranteed for multi-host.
#
# - the gateway configuration only supports a host that uses the same
# interface for both management and tenant traffic.
#
# - the gateway configuration makes the assumption that the local host is the
# gateway host, which is not guaranteed to be true for multi-host.
#
# === Parameters
#
# Document parameters here.
#
# [*setup_ovs_bridge*]
# Whether to configure the bridge specified by *public_bridge_name*
# with the ip address of the subnet identified by
# *public_subnet_name*. This must be enabled if VMs are to be
# reachable via floating ips.
#
# [*configure_tempest*]
# Whether to use the provisioning details to configure Tempest, the
# OpenStack integration test suite.
#
class openstack::provision(
## Keystone
# non admin user
$username = 'demo',
$password = 'pass',
$tenant_name = 'demo',
# another non-admin user
$alt_username = 'alt_demo',
$alt_password = 'pass',
$alt_tenant_name = 'alt_demo',
# admin user
$admin_username = 'admin',
$admin_password = 'pass',
$admin_tenant_name = 'admin',
## Glance
$image_name = 'cirros',
$image_source = 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img',
$image_ssh_user = 'cirros',
## Quantum
$tenant_name = 'demo',
$public_network_name = 'public',
$public_subnet_name = 'public_subnet',
$floating_range = '172.24.4.224/28',
$private_network_name = 'private',
$private_subnet_name = 'private_subnet',
$fixed_range = '10.0.0.0/24',
$router_name = 'router1',
$setup_ovs_bridge = false,
$public_bridge_name = 'br-ex',
## Tempest
$configure_tempest = false,
$identity_uri = undef,
$tempest_repo_uri = 'git://github.com/openstack/tempest.git',
$tempest_repo_revision = undef,
$tempest_clone_path = '/var/lib/tempest',
$tempest_clone_owner = 'root',
$setup_venv = false,
$resize_available = undef,
$change_password_available = undef
) {
## Users
keystone_tenant { $tenant_name:
ensure => present,
enabled => true,
description => 'default tenant',
}
keystone_user { $username:
ensure => present,
enabled => true,
tenant => $tenant_name,
password => $password,
}
keystone_tenant { $alt_tenant_name:
ensure => present,
enabled => true,
description => 'alt tenant',
}
keystone_user { $alt_username:
ensure => present,
enabled => true,
tenant => $alt_tenant_name,
password => $alt_password,
}
## Images
glance_image { $image_name:
ensure => present,
is_public => 'yes',
container_format => 'bare',
disk_format => 'qcow2',
source => $image_source,
}
## Networks
quantum_network { $public_network_name:
ensure => present,
router_external => true,
tenant_name => $admin_tenant_name,
}
quantum_subnet { $public_subnet_name:
ensure => 'present',
cidr => $floating_range,
network_name => $public_network_name,
tenant_name => $admin_tenant_name,
}
quantum_network { $private_network_name:
ensure => present,
tenant_name => $tenant_name,
}
quantum_subnet { $private_subnet_name:
ensure => present,
cidr => $fixed_range,
network_name => $private_network_name,
tenant_name => $tenant_name,
}
# Tenant-owned router - assumes network namespace isolation
quantum_router { $router_name:
ensure => present,
tenant_name => $tenant_name,
gateway_network_name => $public_network_name,
# A quantum_router resource must explicitly declare a dependency on
# the first subnet of the gateway network.
require => Quantum_subnet[$public_subnet_name],
}
quantum_router_interface { "${router_name}:${private_subnet_name}":
ensure => present,
}
if $setup_ovs_bridge {
quantum_l3_ovs_bridge { $public_bridge_name:
ensure => present,
subnet_name => $public_subnet_name,
}
}
## Tempest
if $configure_tempest {
class { 'tempest':
tempest_repo_uri => $tempest_repo_uri,
tempest_clone_path => $tempest_clone_path,
tempest_clone_owner => $tempest_clone_owner,
setup_venv => $setup_venv,
tempest_repo_revision => $tempest_repo_revision,
image_name => $image_name,
image_name_alt => $image_name,
image_ssh_user => $image_ssh_user,
image_alt_ssh_user => $image_ssh_user,
identity_uri => $identity_uri,
username => $username,
password => $password,
tenant_name => $tenant_name,
alt_username => $alt_username,
alt_password => $alt_password,
alt_tenant_name => $alt_tenant_name,
admin_username => $admin_username,
admin_password => $admin_password,
admin_tenant_name => $admin_tenant_name,
quantum_available => true,
public_network_name => $public_network_name,
resize_available => $resize_available,
change_password_available => $change_password_available,
require => [
Keystone_user[$username],
Keystone_user[$alt_username],
Glance_image[$image_name],
Quantum_network[$public_network_name],
],
}
}
}
View Git Blame Copy Permalink