stackforge/puppet-openstack
Code Issues Proposed changes
Files
f93374ebdfd5d26ac1deccafe57493bf6ec296d3
puppet-openstack/manifests/controller.pp
Sumit Naiksatam d3928e578d Remove param validation if enable_ovs_agent=false 
Currently the controller module assumes that the
OVS agent is always configured when the neutron
service is configured. This patch ensures that
when OVS agent is not enabled, we do not require
OVS agent specific params to be set.

Change-Id: Id3e601841f2c962dbe9a142c4bdfe80b1a9fd4a7
2014-02-04 17:11:07 -08:00

620 lines
23 KiB
Puppet
Raw Blame History

#
# This can be used to build out the simplest openstack controller
#
# === Parameters
#
# [public_interface] Public interface used to route public traffic. Required.
# [public_address] Public address for public endpoints. Required.
# [public_protocol] Protocol used by public endpoints. Defaults to 'http'
# [token_format] Format keystone uses for tokens. Optional. Defaults to PKI.
# Supports PKI and UUID.
# [private_interface] Interface used for vm networking connectivity. Required.
# [internal_address] Internal address used for management. Required.
# [mysql_root_password] Root password for mysql server.
# [sql_idle_timeout] Timeout for sql to reap connections.
# (Optional) Defaults to undef.
# [admin_email] Admin email.
# [admin_password] Admin password.
# [keystone_db_password] Keystone database password.
# [keystone_admin_token] Admin token for keystone.
# [keystone_bind_address] Address that keystone api service should bind to.
# Optional. Defaults to '0.0.0.0'.
# [keystone_token_driver] Driver to use for managing tokens.
# Optional. Defaults to 'keystone.token.backends.sql.Token'
# [glance_registry_host] Address used by Glance API to find the Glance Registry service.
# Optional. Defaults to '0.0.0.0'.
# [glance_db_password] Glance DB password.
# [glance_user_password] Glance service user password.
# [nova_db_password] Nova DB password.
# [nova_user_password] Nova service password.
# [nova_memcached_servers] (array) List of memcached servers for use with nova.
# (optional) Defaults to false. Values should be hostname:port format.
#
# [purge_nova_config]
# Whether unmanaged nova.conf entries should be purged.
# (optional) Defaults to false.
#
# [nova_bind_address]
# IP address to use for binding Nova API's.
# (optional) Defualts to '0.0.0.0'.
#
# [rabbit_password] Rabbit password.
# [rabbit_user] Rabbit User. Optional. Defaults to openstack.
# [rabbit_host] IP address to connect to the RabbitMQ Broker. Optional. Defaults to '127.0.0.1'.
# [rabbit_hosts] An array of IP addresses or Virttual IP address for connecting to a RabbitMQ Cluster.
# Optional. Defaults to false.
# [rabbit_cluster_nodes] An array of Rabbit Broker IP addresses within the Cluster.
# Optional. Defaults to false.
# [rabbit_virtual_host] Rabbit virtual host path for Nova. Defaults to '/'.
# [network_manager] Nova network manager to use.
# [fixed_range] Range of ipv4 network for vms.
# [floating_range] Floating ip range to create.
# [create_networks] Rather network and floating ips should be created.
# [num_networks] Number of networks that fixed range should be split into.
# [multi_host] Rather node should support multi-host networking mode for HA.
# Optional. Defaults to false.
# [auto_assign_floating_ip] Rather configured to automatically allocate and
# assign a floating IP address to virtual instances when they are launched.
# Defaults to false.
# [network_config] Hash that can be used to pass implementation specifc
# network settings. Optioal. Defaults to {}
# [debug] Whether to log services at debug.
# [verbose] Whether to log services at verbose.
# Horizon related config - assumes puppetlabs-horizon code
# [secret_key] secret key to encode cookies, …
# [cache_server_ip] local memcached instance ip
# [cache_server_port] local memcached instance port
# [horizon] (bool) is horizon installed. Defaults to: true
# [neutron] (bool) is neutron installed
# The next is an array of arrays, that can be used to add call-out links to the dashboard for other apps.
# There is no specific requirement for these apps to be for monitoring, that's just the defacto purpose.
# Each app is defined in two parts, the display name, and the URI
#
# [ovs_enable_tunneling]
# Enable/disable the Neutron OVS GRE tunneling networking mode.
# Optional. Defaults to true.
#
# [metadata_shared_secret]
# Shared secret used by nova and neutron to authenticate metadata.
# (optional) Defaults to false.
#
# [physical_network]
# Unique name of the physical network used by the Neutron OVS Agent.
# All physical networks listed are available for flat and VLAN
# provider network creation.
#
# [tenant_network_type]
# Type of network to allocate for tenant networks
# Optional. Defualts to 'gre'.
#
# [network_vlan_ranges]
# Comma-separated list of <physical_network>[:<vlan_min>:<vlan_max>]
# tuples enumerating ranges of VLAN IDs on named physical networks
# that are available for allocation. Only applicable when tenant_network_type
# parameter is set to 'vlan'.
# Optional. Defaults to 'physnet1:
#
# [firewall_driver]
# Driver used to implement firewall rules.
# (optional) Defaults to 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver'.
#
# [neutron_auth_url]
# Url used to neutron to contact the authentication service.
# (optional) Default to http://127.0.0.1:35357/v2.0.
#
# [horizon_app_links] array as in '[ ["Nagios","http://nagios_addr:port/path"],["Ganglia","http://ganglia_addr"] ]'
# [enabled] Whether services should be enabled. This parameter can be used to
# implement services in active-passive modes for HA. Optional. Defaults to true.
# [swift]
# Whether or not to configure keystone for swift authorization.
# (Optional). Defaults to false.
#
# [swift_user_password]
# Auth password for swift.
# (Optional) Defaults to false. Required if swift is set to true.
#
# [swift_public_address]
# The swift public endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [swift_internal_address]
# The swift internal endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [swift_admin_address]
# The swift admin endpoint address used to populate the keystone service catalog.
# (optional). Defaults to false.
#
# [use_syslog]
# Use syslog for logging.
# (Optional) Defaults to false.
#
# [log_facility]
# Syslog facility to receive log lines.
# (Optional) Defaults to LOG_USER.
#
# === Examples
#
# class { 'openstack::controller':
# public_address => '192.168.0.3',
# mysql_root_password => 'changeme',
# allowed_hosts => ['127.0.0.%', '192.168.1.%'],
# admin_email => 'my_email@mw.com',
# admin_password => 'my_admin_password',
# keystone_db_password => 'changeme',
# keystone_admin_token => '12345',
# glance_db_password => 'changeme',
# glance_user_password => 'changeme',
# nova_db_password => 'changeme',
# nova_user_password => 'changeme',
# secret_key => 'dummy_secret_key',
# }
#
class openstack::controller (
# Required Network
$public_address,
$admin_email,
# required password
$admin_password,
$rabbit_password,
$keystone_db_password,
$keystone_admin_token,
$glance_db_password,
$glance_user_password,
$nova_db_password,
$nova_user_password,
$nova_memcached_servers = false,
$secret_key,
$mysql_root_password,
# cinder and neutron password are not required b/c they are
# optional. Not sure what to do about this.
$neutron_user_password = false,
$neutron_db_password = false,
$neutron_core_plugin = undef,
$cinder_user_password = false,
$cinder_db_password = false,
$swift_user_password = false,
# Database
$db_host = '127.0.0.1',
$db_type = 'mysql',
$mysql_account_security = true,
$mysql_bind_address = '0.0.0.0',
$sql_idle_timeout = undef,
$allowed_hosts = '%',
$mysql_ssl = false,
$mysql_ca = undef,
$mysql_cert = undef,
$mysql_key = undef,
# Keystone
$keystone_host = '127.0.0.1',
$keystone_db_user = 'keystone',
$keystone_db_dbname = 'keystone',
$keystone_admin_tenant = 'admin',
$keystone_bind_address = '0.0.0.0',
$region = 'RegionOne',
$public_protocol = 'http',
$keystone_token_driver = 'keystone.token.backends.sql.Token',
$token_format = 'PKI',
# Glance
$glance_registry_host = '0.0.0.0',
$glance_db_user = 'glance',
$glance_db_dbname = 'glance',
$glance_api_servers = undef,
$glance_backend = 'file',
$glance_rbd_store_user = undef,
$glance_rbd_store_pool = undef,
# Glance Swift Backend
$swift_store_user = 'swift_store_user',
$swift_store_key = 'swift_store_key',
# Nova
$nova_admin_tenant_name = 'services',
$nova_admin_user = 'nova',
$nova_db_user = 'nova',
$nova_db_dbname = 'nova',
$purge_nova_config = false,
$enabled_apis = 'ec2,osapi_compute,metadata',
$nova_bind_address = '0.0.0.0',
# Nova Networking
$public_interface = false,
$private_interface = false,
$internal_address = false,
$admin_address = false,
$network_manager = 'nova.network.manager.FlatDHCPManager',
$fixed_range = '10.0.0.0/24',
$floating_range = false,
$create_networks = true,
$num_networks = 1,
$multi_host = false,
$auto_assign_floating_ip = false,
$network_config = {},
# Rabbit
$rabbit_host = '127.0.0.1',
$rabbit_hosts = false,
$rabbit_cluster_nodes = false,
$rabbit_user = 'openstack',
$rabbit_virtual_host = '/',
# Horizon
$horizon = true,
$cache_server_ip = '127.0.0.1',
$cache_server_port = '11211',
$horizon_app_links = undef,
# VNC
$vnc_enabled = true,
$vncproxy_host = false,
# General
$debug = false,
$verbose = false,
# cinder
# if the cinder management components should be installed
$cinder = true,
$cinder_db_user = 'cinder',
$cinder_db_dbname = 'cinder',
$cinder_bind_address = '0.0.0.0',
$manage_volumes = false,
$volume_group = 'cinder-volumes',
$setup_test_volume = false,
$iscsi_ip_address = '127.0.0.1',
# Neutron
$neutron = true,
$physical_network = 'default',
$tenant_network_type = 'gre',
$ovs_enable_tunneling = true,
$allow_overlapping_ips = false,
$ovs_local_ip = false,
$network_vlan_ranges = undef,
$bridge_interface = undef,
$external_bridge_name = 'br-ex',
$bridge_uplinks = undef,
$bridge_mappings = undef,
$enable_ovs_agent = true,
$enable_dhcp_agent = true,
$enable_l3_agent = true,
$enable_metadata_agent = true,
$metadata_shared_secret = false,
$firewall_driver = 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
$neutron_db_user = 'neutron',
$neutron_db_name = 'neutron',
$neutron_auth_url = 'http://127.0.0.1:35357/v2.0',
$enable_neutron_server = true,
$security_group_api = 'neutron',
# swift
$swift = false,
$swift_public_address = false,
$swift_internal_address = false,
$swift_admin_address = false,
# Syslog
$use_syslog = false,
$log_facility = 'LOG_USER',
$enabled = true
) {
if $ovs_local_ip {
$ovs_local_ip_real = $ovs_local_ip
} else {
$ovs_local_ip_real = $internal_address
}
if $internal_address {
$internal_address_real = $internal_address
} else {
$internal_address_real = $public_address
}
if $admin_address {
$admin_address_real = $admin_address
} else {
$admin_address_real = $internal_address_real
}
if $vncproxy_host {
$vncproxy_host_real = $vncproxy_host
} else {
$vncproxy_host_real = $public_address
}
# Ensure things are run in order
Class['openstack::db::mysql'] -> Class['openstack::keystone']
Class['openstack::db::mysql'] -> Class['openstack::glance']
Class['openstack::db::mysql'] -> Class['openstack::nova::controller']
####### DATABASE SETUP ######
# set up mysql server
if ($db_type == 'mysql') {
if ($enabled) {
Class['glance::db::mysql'] -> Class['glance::registry']
}
class { 'openstack::db::mysql':
mysql_root_password => $mysql_root_password,
mysql_bind_address => $mysql_bind_address,
mysql_account_security => $mysql_account_security,
mysql_ssl => $mysql_ssl,
mysql_ca => $mysql_ca,
mysql_cert => $mysql_cert,
mysql_key => $mysql_key,
keystone_db_user => $keystone_db_user,
keystone_db_password => $keystone_db_password,
keystone_db_dbname => $keystone_db_dbname,
glance_db_user => $glance_db_user,
glance_db_password => $glance_db_password,
glance_db_dbname => $glance_db_dbname,
nova_db_user => $nova_db_user,
nova_db_password => $nova_db_password,
nova_db_dbname => $nova_db_dbname,
cinder => $cinder,
cinder_db_user => $cinder_db_user,
cinder_db_password => $cinder_db_password,
cinder_db_dbname => $cinder_db_dbname,
neutron => $neutron,
neutron_db_user => $neutron_db_user,
neutron_db_password => $neutron_db_password,
neutron_db_dbname => $neutron_db_name,
allowed_hosts => $allowed_hosts,
enabled => $enabled,
}
} else {
fail("Unsupported db : ${db_type}")
}
####### KEYSTONE ###########
class { 'openstack::keystone':
debug => $debug,
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
db_password => $keystone_db_password,
db_name => $keystone_db_dbname,
db_user => $keystone_db_user,
db_ssl => $mysql_ssl,
db_ssl_ca => $mysql_ca,
idle_timeout => $sql_idle_timeout,
admin_token => $keystone_admin_token,
admin_tenant => $keystone_admin_tenant,
admin_email => $admin_email,
admin_password => $admin_password,
token_driver => $keystone_token_driver,
public_address => $public_address,
public_protocol => $public_protocol,
token_format => $token_format,
internal_address => $internal_address_real,
admin_address => $admin_address_real,
region => $region,
glance_user_password => $glance_user_password,
glance_internal_address => $internal_address_real,
glance_admin_address => $admin_address_real,
nova_user_password => $nova_user_password,
nova_internal_address => $internal_address_real,
nova_admin_address => $admin_address_real,
cinder => $cinder,
cinder_user_password => $cinder_user_password,
cinder_internal_address => $internal_address_real,
cinder_admin_address => $admin_address_real,
neutron => $neutron,
neutron_user_password => $neutron_user_password,
neutron_internal_address => $internal_address_real,
neutron_admin_address => $admin_address_real,
swift => $swift,
swift_user_password => $swift_user_password,
swift_public_address => $swift_public_address,
swift_internal_address => $swift_internal_address,
swift_admin_address => $swift_admin_address,
enabled => $enabled,
bind_host => $keystone_bind_address,
use_syslog => $use_syslog,
log_facility => $log_facility,
}
######## BEGIN GLANCE ##########
class { 'openstack::glance':
debug => $debug,
verbose => $verbose,
db_type => $db_type,
db_host => $db_host,
db_ssl => $mysql_ssl,
db_ssl_ca => $mysql_ca,
sql_idle_timeout => $sql_idle_timeout,
keystone_host => $keystone_host,
registry_host => $glance_registry_host,
db_user => $glance_db_user,
db_name => $glance_db_dbname,
db_password => $glance_db_password,
user_password => $glance_user_password,
backend => $glance_backend,
swift_store_user => $swift_store_user,
swift_store_key => $swift_store_key,
rbd_store_user => $glance_rbd_store_user,
rbd_store_pool => $glance_rbd_store_pool,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
}
######## BEGIN NOVA ###########
#
# indicates that all nova config entries that we did
# not specifify in Puppet should be purged from file
#
if ($purge_nova_config) {
resources { 'nova_config':
purge => true,
}
}
class { 'openstack::nova::controller':
# Database
db_host => $db_host,
sql_idle_timeout => $sql_idle_timeout,
# Network
network_manager => $network_manager,
network_config => $network_config,
floating_range => $floating_range,
fixed_range => $fixed_range,
public_address => $public_address,
admin_address => $admin_address,
internal_address => $internal_address_real,
auto_assign_floating_ip => $auto_assign_floating_ip,
create_networks => $create_networks,
num_networks => $num_networks,
multi_host => $multi_host,
public_interface => $public_interface,
private_interface => $private_interface,
# Neutron
neutron => $neutron,
neutron_user_password => $neutron_user_password,
metadata_shared_secret => $metadata_shared_secret,
security_group_api => $security_group_api,
# Nova
nova_admin_tenant_name => $nova_admin_tenant_name,
nova_admin_user => $nova_admin_user,
nova_user_password => $nova_user_password,
nova_db_password => $nova_db_password,
nova_db_user => $nova_db_user,
nova_db_dbname => $nova_db_dbname,
memcached_servers => $nova_memcached_servers,
enabled_apis => $enabled_apis,
api_bind_address => $nova_bind_address,
# Rabbit
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_hosts => $rabbit_hosts,
rabbit_cluster_nodes => $rabbit_cluster_nodes,
rabbit_virtual_host => $rabbit_virtual_host,
# Glance
glance_api_servers => $glance_api_servers,
# Keystone
keystone_host => $keystone_host,
# VNC
vnc_enabled => $vnc_enabled,
vncproxy_host => $vncproxy_host_real,
# Syslog
use_syslog => $use_syslog,
log_facility => $log_facility,
# General
debug => $debug,
verbose => $verbose,
enabled => $enabled,
}
######### Neutron Controller Services ########
if ($neutron) {
if ! $neutron_user_password {
fail('neutron_user_password must be set when configuring neutron')
}
if ! $neutron_db_password {
fail('neutron_db_password must be set when configuring neutron')
}
if $enable_ovs_agent {
if ! $bridge_interface {
fail('bridge_interface must be set when configuring neutron')
}
if ! $bridge_uplinks {
$bridge_uplinks_real = ["${external_bridge_name}:${bridge_interface}"]
} else {
$bridge_uplinks_real = $bridge_uplinks
}
if ! $bridge_mappings {
$bridge_mappings_real = ["${physical_network}:${external_bridge_name}"]
} else {
$bridge_mappings_real = $bridge_mappings
}
}
class { 'openstack::neutron':
# Database
db_host => $db_host,
sql_idle_timeout => $sql_idle_timeout,
# Rabbit
rabbit_host => $rabbit_host,
rabbit_user => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_hosts => $rabbit_hosts,
rabbit_virtual_host => $rabbit_virtual_host,
# Neutron OVS
tenant_network_type => $tenant_network_type,
network_vlan_ranges => $network_vlan_ranges,
ovs_enable_tunneling => $ovs_enable_tunneling,
allow_overlapping_ips => $allow_overlapping_ips,
ovs_local_ip => $ovs_local_ip_real,
bridge_uplinks => $bridge_uplinks_real,
bridge_mappings => $bridge_mappings_real,
enable_ovs_agent => $enable_ovs_agent,
firewall_driver => $firewall_driver,
# Database
db_name => $neutron_db_name,
db_user => $neutron_db_user,
db_password => $neutron_db_password,
# Plugin
core_plugin => $neutron_core_plugin,
# Neutron agents
enable_dhcp_agent => $enable_dhcp_agent,
enable_l3_agent => $enable_l3_agent,
enable_metadata_agent => $enable_metadata_agent,
auth_url => $neutron_auth_url,
user_password => $neutron_user_password,
shared_secret => $metadata_shared_secret,
# Keystone
keystone_host => $keystone_host,
# Syslog
use_syslog => $use_syslog,
log_facility => $log_facility,
# General
enabled => $enabled,
enable_server => $enable_neutron_server,
debug => $debug,
verbose => $verbose,
}
}
######### Cinder Controller Services ########
if ($cinder) {
if ! $cinder_db_password {
fail('Must set cinder db password when setting up a cinder controller')
}
if ! $cinder_user_password {
fail('Must set cinder user password when setting up a cinder controller')
}
class { 'openstack::cinder::all':
bind_host => $cinder_bind_address,
sql_idle_timeout => $sql_idle_timeout,
keystone_auth_host => $keystone_host,
keystone_password => $cinder_user_password,
rabbit_userid => $rabbit_user,
rabbit_password => $rabbit_password,
rabbit_host => $rabbit_host,
rabbit_hosts => $rabbit_hosts,
db_password => $cinder_db_password,
db_dbname => $cinder_db_dbname,
db_user => $cinder_db_user,
db_type => $db_type,
db_host => $db_host,
manage_volumes => $manage_volumes,
volume_group => $volume_group,
setup_test_volume => $setup_test_volume,
iscsi_ip_address => $iscsi_ip_address,
use_syslog => $use_syslog,
log_facility => $log_facility,
enabled => $enabled,
debug => $debug,
verbose => $verbose
}
}
######## Horizon ########
if ($horizon) {
class { 'openstack::horizon':
secret_key => $secret_key,
cache_server_ip => $cache_server_ip,
cache_server_port => $cache_server_port,
horizon_app_links => $horizon_app_links,
keystone_host => $keystone_host,
}
}
}
View Git Blame Copy Permalink