290 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
			
		
		
	
	
			290 lines
		
	
	
		
			9.7 KiB
		
	
	
	
		
			Puppet
		
	
	
	
	
	
| #
 | |
| # This can be used to build out the simplest openstack controller
 | |
| #
 | |
| #
 | |
| # $export_resources - rather resources should be exported
 | |
| #
 | |
| # [public_interface] Public interface used to route public traffic. Required.
 | |
| # [public_address] Public address for public endpoints. Required.
 | |
| # [private_interface] Interface used for vm networking connectivity. Required.
 | |
| # [internal_address] Internal address used for management. Required.
 | |
| # [mysql_root_password] Root password for mysql server.
 | |
| # [admin_email] Admin email.
 | |
| # [admin_password] Admin password.
 | |
| # [keystone_db_password] Keystone database password.
 | |
| # [keystone_admin_token] Admin token for keystone.
 | |
| # [glance_db_password] Glance DB password.
 | |
| # [glance_user_password] Glance service user password.
 | |
| # [nova_db_password] Nova DB password.
 | |
| # [nova_user_password] Nova service password.
 | |
| # [rabbit_password] Rabbit password.
 | |
| # [rabbit_user] Rabbit User.
 | |
| # [network_manager] Nova network manager to use.
 | |
| # [fixed_range] Range of ipv4 network for vms.
 | |
| # [floating_range] Floating ip range to create.
 | |
| # [create_networks] Rather network and floating ips should be created.
 | |
| # [num_networks] Number of networks that fixed range should be split into.
 | |
| # [multi_host] Rather node should support multi-host networking mode for HA.
 | |
| #   Optional. Defaults to false.
 | |
| # [network_config] Hash that can be used to pass implementation specifc
 | |
| #   network settings. Optioal. Defaults to {}
 | |
| # [verbose] Rahter to log services at verbose.
 | |
| # [export_resources] Rather to export resources.
 | |
| # Horizon related config - assumes puppetlabs-horizon code
 | |
| # [cache_server_ip]     local memcached instance ip
 | |
| # [cache_server_port]   local memcached instance port
 | |
| # [swift]               (bool) is swift installed
 | |
| # [quantum]             (bool) is quantum installed
 | |
| #   The next is an array of arrays, that can be used to add call-out links to the dashboard for other apps.
 | |
| #   There is no specific requirement for these apps to be for monitoring, that's just the defacto purpose.
 | |
| #   Each app is defined in two parts, the display name, and the URI
 | |
| # [horizon_app_links]     array as in '[ ["Nagios","http://nagios_addr:port/path"],["Ganglia","http://ganglia_addr"] ]'
 | |
| #
 | |
| class openstack::controller(
 | |
|   # my address
 | |
|   $public_address,
 | |
|   $public_interface,
 | |
|   $private_interface,
 | |
|   $internal_address,
 | |
|   $admin_address           = $internal_address,
 | |
|   # connection information
 | |
|   $mysql_root_password     = 'sql_pass',
 | |
|   $admin_email             = 'some_user@some_fake_email_address.foo',
 | |
|   $admin_password          = 'ChangeMe',
 | |
|   $keystone_db_password    = 'keystone_pass',
 | |
|   $keystone_admin_token    = 'keystone_admin_token',
 | |
|   $glance_db_password      = 'glance_pass',
 | |
|   $glance_user_password    = 'glance_pass',
 | |
|   $nova_db_password        = 'nova_pass',
 | |
|   $nova_user_password      = 'nova_pass',
 | |
|   $rabbit_password         = 'rabbit_pw',
 | |
|   $rabbit_user             = 'nova',
 | |
|   # network configuration
 | |
|   # this assumes that it is a flat network manager
 | |
|   $network_manager         = 'nova.network.manager.FlatDHCPManager',
 | |
|   # this number has been reduced for performance during testing
 | |
|   $fixed_range             = '10.0.0.0/16',
 | |
|   $floating_range          = false,
 | |
|   $create_networks         = true,
 | |
|   $num_networks            = 1,
 | |
|   $multi_host              = false,
 | |
|   # TODO need to reconsider this design...
 | |
|   # this is where the config options that are specific to the network
 | |
|   # types go. I am not extremely happy with this....
 | |
|   $network_config          = {},
 | |
|   # I do not think that this needs a bridge?
 | |
|   $verbose                 = false,
 | |
|   $export_resources        = true,
 | |
|   $cache_server_ip         = '127.0.0.1',
 | |
|   $cache_server_port       = '11211',
 | |
|   $swift                   = false,
 | |
|   $quantum                 = false,
 | |
|   $horizon_app_links       = false,
 | |
| ) {
 | |
| 
 | |
|   $glance_api_servers = "${internal_address}:9292"
 | |
|   $nova_db = "mysql://nova:${nova_db_password}@${internal_address}/nova"
 | |
| 
 | |
|   if ($export_resources) {
 | |
|     # export all of the things that will be needed by the clients
 | |
|     @@nova_config { 'rabbit_host': value => $internal_address }
 | |
|     Nova_config <| title == 'rabbit_host' |>
 | |
|     @@nova_config { 'sql_connection': value => $nova_db }
 | |
|     Nova_config <| title == 'sql_connection' |>
 | |
|     @@nova_config { 'glance_api_servers': value => $glance_api_servers }
 | |
|     Nova_config <| title == 'glance_api_servers' |>
 | |
|     @@nova_config { 'novncproxy_base_url': value => "http://${public_address}:6080/vnc_auto.html" }
 | |
|     $sql_connection    = false
 | |
|     $glance_connection = false
 | |
|     $rabbit_connection = false
 | |
|   } else {
 | |
|     $sql_connection    = $nova_db
 | |
|     $glance_connection = $glance_api_servers
 | |
|     $rabbit_connection = $rabbit_host
 | |
|   }
 | |
| 
 | |
|   ####### DATABASE SETUP ######
 | |
| 
 | |
|   # set up mysql server
 | |
|   class { 'mysql::server':
 | |
|     config_hash => {
 | |
|       # the priv grant fails on precise if I set a root password
 | |
|       # TODO I should make sure that this works
 | |
|       # 'root_password' => $mysql_root_password,
 | |
|       'bind_address'  => '0.0.0.0'
 | |
|     }
 | |
|   }
 | |
|   # set up all openstack databases, users, grants
 | |
|   class { 'keystone::db::mysql':
 | |
|     password => $keystone_db_password,
 | |
|   }
 | |
|   class { 'glance::db::mysql':
 | |
|     host     => '127.0.0.1',
 | |
|     password => $glance_db_password,
 | |
|   }
 | |
|   # TODO should I allow all hosts to connect?
 | |
|   class { 'nova::db::mysql':
 | |
|     password      => $nova_db_password,
 | |
|     host          => $internal_address,
 | |
|     allowed_hosts => '%',
 | |
|   }
 | |
| 
 | |
|   ####### KEYSTONE ###########
 | |
| 
 | |
|   # set up keystone
 | |
|   class { 'keystone':
 | |
|     admin_token  => $keystone_admin_token,
 | |
|     # we are binding keystone on all interfaces
 | |
|     # the end user may want to be more restrictive
 | |
|     bind_host    => '0.0.0.0',
 | |
|     log_verbose  => $verbose,
 | |
|     log_debug    => $verbose,
 | |
|     catalog_type => 'sql',
 | |
|   }
 | |
|   # set up keystone database
 | |
|   # set up the keystone config for mysql
 | |
|   class { 'keystone::config::mysql':
 | |
|     password => $keystone_db_password,
 | |
|   }
 | |
|   # set up keystone admin users
 | |
|   class { 'keystone::roles::admin':
 | |
|     email    => $admin_email,
 | |
|     password => $admin_password,
 | |
|   }
 | |
|   # set up the keystone service and endpoint
 | |
|   class { 'keystone::endpoint':
 | |
|     public_address   => $public_address,
 | |
|     internal_address => $internal_address,
 | |
|     admin_address    => $admin_address,
 | |
|   }
 | |
|   # set up glance service,user,endpoint
 | |
|   class { 'glance::keystone::auth':
 | |
|     password         => $glance_user_password,
 | |
|     public_address   => $public_address,
 | |
|     internal_address => $internal_address,
 | |
|     admin_address    => $admin_address,
 | |
|   }
 | |
|   # set up nova serice,user,endpoint
 | |
|   class { 'nova::keystone::auth':
 | |
|     password         => $nova_user_password,
 | |
|     public_address   => $public_address,
 | |
|     internal_address => $internal_address,
 | |
|     admin_address    => $admin_address,
 | |
|   }
 | |
| 
 | |
|   ######## END KEYSTONE ##########
 | |
| 
 | |
|   ######## BEGIN GLANCE ##########
 | |
| 
 | |
| 
 | |
|   class { 'glance::api':
 | |
|     log_verbose       => $verbose,
 | |
|     log_debug         => $verbose,
 | |
|     auth_type         => 'keystone',
 | |
|     auth_host         => '127.0.0.1',
 | |
|     auth_port         => '35357',
 | |
|     keystone_tenant   => 'services',
 | |
|     keystone_user     => 'glance',
 | |
|     keystone_password => $glance_user_password,
 | |
|     require => Keystone_user_role["glance@services"],
 | |
|   }
 | |
|   class { 'glance::backend::file': }
 | |
| 
 | |
|   class { 'glance::registry':
 | |
|     log_verbose       => $verbose,
 | |
|     log_debug         => $verbose,
 | |
|     auth_type         => 'keystone',
 | |
|     auth_host         => '127.0.0.1',
 | |
|     auth_port         => '35357',
 | |
|     keystone_tenant   => 'services',
 | |
|     keystone_user     => 'glance',
 | |
|     keystone_password => $glance_user_password,
 | |
|     sql_connection    => "mysql://glance:${glance_db_password}@127.0.0.1/glance",
 | |
|     require           => [Class['Glance::Db::Mysql'], Keystone_user_role['glance@services']]
 | |
|   }
 | |
| 
 | |
|   ######## END GLANCE ###########
 | |
| 
 | |
|   ######## BEGIN NOVA ###########
 | |
| 
 | |
| 
 | |
|   class { 'nova::rabbitmq':
 | |
|     userid   => $rabbit_user,
 | |
|     password => $rabbit_password,
 | |
|   }
 | |
| 
 | |
|   # TODO I may need to figure out if I need to set the connection information
 | |
|   # or if I should collect it
 | |
|   class { 'nova':
 | |
|     sql_connection     => $sql_connection,
 | |
|     # this is false b/c we are exporting
 | |
|     rabbit_host        => $rabbit_connection,
 | |
|     rabbit_userid      => $rabbit_user,
 | |
|     rabbit_password    => $rabbit_password,
 | |
|     image_service      => 'nova.image.glance.GlanceImageService',
 | |
|     glance_api_servers => $glance_connection,
 | |
|     verbose            => $verbose,
 | |
|   }
 | |
| 
 | |
|   class { 'nova::api':
 | |
|     enabled           => true,
 | |
|     # TODO this should be the nova service credentials
 | |
|     #admin_tenant_name => 'openstack',
 | |
|     #admin_user        => 'admin',
 | |
|     #admin_password    => $admin_service_password,
 | |
|     admin_tenant_name => 'services',
 | |
|     admin_user        => 'nova',
 | |
|     admin_password    => $nova_user_password,
 | |
|     require => Keystone_user_role["nova@services"],
 | |
|   }
 | |
| 
 | |
|   class { [
 | |
|     'nova::cert',
 | |
|     'nova::consoleauth',
 | |
|     'nova::scheduler',
 | |
|     'nova::objectstore',
 | |
|     'nova::vncproxy'
 | |
|   ]:
 | |
|     enabled => true,
 | |
|   }
 | |
| 
 | |
|   if $multi_host {
 | |
|     nova_config { 'multi_host':   value => 'True'; }
 | |
|     $enable_network_service = false
 | |
|   } else {
 | |
|     $enable_network_service = true
 | |
|   }
 | |
| 
 | |
|   # set up networking
 | |
|   class { 'nova::network':
 | |
|     private_interface => $private_interface,
 | |
|     public_interface  => $public_interface,
 | |
|     fixed_range       => $fixed_range,
 | |
|     floating_range    => $floating_range,
 | |
|     network_manager   => $network_manager,
 | |
|     config_overrides  => $network_config,
 | |
|     create_networks   => $create_networks,
 | |
|     num_networks      => $num_networks,
 | |
|     enabled           => $enable_network_service,
 | |
|     install_service   => $enable_network_service,
 | |
|   }
 | |
| 
 | |
|   ######## Horizon ########
 | |
| 
 | |
|   class { 'memcached':
 | |
|     listen_ip => '127.0.0.1',
 | |
|   }
 | |
| 
 | |
|   class { 'horizon':
 | |
|     cache_server_ip => $cache_server_ip,
 | |
|     cache_server_port => $cache_server_port,
 | |
|     swift => $swift,
 | |
|     quantum => $quantum,
 | |
|     horizon_app_links => $horizon_app_links,
 | |
|   }
 | |
| 
 | |
| 
 | |
|   ######## End Horizon #####
 | |
| 
 | |
| }
 | 
