stackforge/puppet-openstack_dev_env
Code Issues Proposed changes
Files
a40b2bc990dbfb6291f97e8217bd3d8b38bfc716
puppet-openstack_dev_env/manifests/site.pp
Dan Bode 83e9aa37bc update nova_config to use DEFAULT section 
this is now required

Change-Id: Ibb60b18dcde4c2e77d8cd63693298ecbf6235cac
2013-04-12 17:03:04 -07:00

420 lines
13 KiB
Puppet
Raw Blame History

## This document serves as an example of how to deploy
# basic single and multi-node openstack environments.
#
####### shared variables ##################
#Exec {
# logoutput => true,
#}
# database config
$mysql_root_password = hiera('mysql_root_password', 'mysql_root_password')
$keystone_db_password = hiera('keystone_db_password', 'keystone_db_password')
$glance_db_password = hiera('glance_db_password', 'glance_db_password')
$nova_db_password = hiera('nova_db_password', 'nova_db_password')
$cinder_db_password = hiera('cinder_db_password', 'cinder_db_password')
$quantum_db_password = hiera('quantum_db_password', 'quantum_db_password')
$allowed_hosts = hiera('allowed_hosts', ['%'])
# keystone settings)
$admin_token = hiera('admin_token', 'service_token')
$admin_email = hiera('admin_email', 'keystone@localhost')
$admin_password = hiera('admin_password', 'ChangeMe')
$glance_user_password = hiera('glance_user_password', 'glance_user_password')
$nova_user_password = hiera('nova_user_password', 'nova_user_password')
$cinder_user_password = hiera('cinder_user_password', 'cinder_user_password')
$quantum_user_password = hiera('quantum_user_password', 'quantum_user_password')
$verbose = hiera('verbose', 'True')
$public_interface = hiera('public_interface', 'eth0')
$private_interface = hiera('private_interface', 'eth2')
$rabbit_password = hiera('rabbit_password', 'rabbit_password')
$rabbit_user = hiera('rabbit_user', 'nova')
$secret_key = hiera('secret_key', 'secret_key')
$libvirt_type = hiera('libvirt_type', 'qemu')
#$network_type = hiera('', 'quantum')
$network_type = hiera('network_type', 'nova')
if $network_type == 'nova' {
$use_quantum = false
$multi_host = true
$nova_network = true
} else {
$nova_network = false
$use_quantum = true
}
$fixed_network_range = hiera('fixed_network_range', '10.0.0.0/24')
$floating_network_range = hiera('floating_network_range', '172.16.0.128/25')
$auto_assign_floating_ip = hiera('auto_assign_floating_ip', false)
#### end shared variables #################
#### controller/compute mode settings ####
$openstack_controller = hiera('openstack_controller', '172.16.0.3')
#### controller/compute mode settings ####
$openstack_version = hiera('openstack_version', 'folsom')
# node declaration for all in one
import 'scenarios/all_in_one.pp'
# node declarations for a single server per role
import 'scenarios/multi_role.pp'
# import external swift definitions
import '/etc/puppet/modules-0/swift/examples/site.pp'
node /openstack-controller/ {
# deploy a script that can be used to test nova
class { 'openstack::test_file':
quantum => $use_quantum,
sleep_time => 120,
floating_ip => $nova_network,
}
if $::osfamily == 'Redhat' {
# redhat specific dashboard stuff
file_line { 'nova_sudoers':
line => 'nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *',
path => '/etc/sudoers',
before => Package['nova-common'],
}
nova_config { 'DEFAULT/rpc_backend': value => 'nova.openstack.common.rpc.impl_kombu';}
cinder_config { 'DEFAULT/rpc_backend': value => 'cinder.openstack.common.rpc.impl_kombu';}
#selboolean{'httpd_can_network_connect':
# value => on,
# persistent => true,
#}
firewall { '001 horizon incomming':
proto => 'tcp',
dport => ['80'],
action => 'accept',
}
firewall { '001 glance incomming':
proto => 'tcp',
dport => ['9292'],
action => 'accept',
}
firewall { '001 keystone incomming':
proto => 'tcp',
dport => ['5000', '35357'],
action => 'accept',
}
firewall { '001 mysql incomming':
proto => 'tcp',
dport => ['3306'],
action => 'accept',
}
firewall { '001 novaapi incomming':
proto => 'tcp',
dport => ['8773', '8774', '8776'],
action => 'accept',
}
firewall { '001 qpid incomming':
proto => 'tcp',
dport => ['5672'],
action => 'accept',
}
firewall { '001 novncproxy incomming':
proto => 'tcp',
dport => ['6080'],
action => 'accept',
}
}
# we need to install conductor only for grizzly
# because this version of the manifests needs to support both
if $openstack_version == 'grizzly' {
class { 'nova::conductor':
enabled => true,
}
}
class { 'openstack::controller':
#floating_range => $floating_network_range,
# Required Network
public_address => $openstack_controller,
public_interface => $public_interface,
private_interface => $private_interface,
# Required Database
mysql_root_password => $mysql_root_password,
# Required Keystone
admin_email => $admin_email,
admin_password => $admin_password,
keystone_db_password => $keystone_db_password,
keystone_admin_token => $admin_token,
# Required Glance
glance_db_password => $glance_db_password,
glance_user_password => $glance_user_password,
# Required Nov a
nova_db_password => $nova_db_password,
nova_user_password => $nova_user_password,
# cinder
cinder_db_password => $cinder_db_password,
cinder_user_password => $cinder_user_password,
cinder => true,
# quantum
quantum => $use_quantum,
quantum_db_password => $quantum_db_password,
quantum_user_password => $quantum_user_password,
# horizon
secret_key => $secret_key,
# need to sort out networking...
network_manager => 'nova.network.manager.FlatDHCPManager',
fixed_range => $fixed_network_range,
floating_range => $floating_network_range,
create_networks => true,
multi_host => $multi_host,
db_host => '127.0.0.1',
db_type => 'mysql',
mysql_account_security => true,
# TODO - this should not allow all
allowed_hosts => '%',
# Keystone
# Glance
glance_api_servers => '127.0.0.1:9292',
rabbit_password => $rabbit_password,
rabbit_user => $rabbit_user,
# Horizon
cache_server_ip => '127.0.0.1',
cache_server_port => '11211',
swift => false,
horizon_app_links => undef,
# General
verbose => $verbose,
purge_nova_config => false,
}
package { 'python-cliff':
ensure => present,
}
class { 'openstack::auth_file':
admin_password => $admin_password,
keystone_admin_token => $admin_token,
controller_node => '127.0.0.1',
}
keystone_config {
'DEFAULT/log_config': ensure => absent,
}
}
node /compute/ {
# TODO not sure why this is required
# this has a bug, and is constantly added to the file
if $libvirt_type == 'qemu' {
if $::osfamily == 'Debian' {
Package['libvirt'] ->
file_line { 'quemu_hack':
line => 'cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet", "/dev/net/tun",]',
path => '/etc/libvirt/qemu.conf',
ensure => present,
} ~> Service['libvirt']
} elsif $::osfamily == 'RedHat' {
cinder_config { 'DEFAULT/rpc_backend': value => 'cinder.openstack.common.rpc.impl_kombu';}
file_line { 'nova_sudoers':
line => 'nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *',
path => '/etc/sudoers',
before => Service['nova-network'],
}
file_line { 'cinder_sudoers':
line => 'cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *',
path => '/etc/sudoers',
before => Service['cinder-volume'],
}
nova_config { 'DEFAULT/rpc_backend': value => 'nova.openstack.common.rpc.impl_kombu';}
nova_config{
"DEFAULT/network_host": value => $openstack_controller;
"DEFAULT/libvirt_inject_partition": value => "-1";
}
if $libvirt_type == "qemu" {
file { "/usr/bin/qemu-system-x86_64":
ensure => link,
target => "/usr/libexec/qemu-kvm",
notify => Service["nova-compute"],
}
}
firewall { '001 vnc listen incomming':
proto => 'tcp',
dport => ['6080'],
action => 'accept',
}
firewall { '001 volume incomming':
proto => 'tcp',
dport => ['3260'],
action => 'accept',
}
}
}
class { 'cinder::setup_test_volume': } -> Service<||>
class { 'openstack::compute':
public_interface => $public_interface,
private_interface => $private_interface,
internal_address => $::ipaddress_eth1,
libvirt_type => $libvirt_type,
sql_connection => "mysql://nova:${nova_db_password}@${openstack_controller}/nova",
cinder_sql_connection => "mysql://cinder:${cinder_db_password}@${openstack_controller}/cinder",
multi_host => $multi_host,
fixed_range => $fixed_network_range,
nova_user_password => $nova_user_password,
quantum => $use_quantum,
quantum_host => $openstack_controller,
quantum_user_password => $quantum_user_password,
rabbit_password => $rabbit_password,
glance_api_servers => ["${openstack_controller}:9292"],
rabbit_host => $openstack_controller,
keystone_host => $openstack_controller,
vncproxy_host => $openstack_controller,
vnc_enabled => true,
verbose => $verbose,
}
}
node /tempest/ {
if $::openstack_version == 'folsom' {
# this assumes that tempest is being run on the same node
# as the openstack controller
if $osfamily == 'redhat' {
$nova_api_service_name = 'openstack-nova-api'
} else {
$nova_api_service_name = 'nova-api'
}
service { 'nova-api':
name => $nova_api_service_name
}
Nova_config<||> ~> Service['nova-api']
Nova_paste_api_ini<||> ~> Service['nova-api']
nova_config { 'DEFAULT/api_rate_limit': value => 'false' }
# remove rate limiting
# this may be folsom specific
nova_paste_api_ini {
'composite:openstack_compute_api_v2/noauth': value => 'faultwrap sizelimit noauth osapi_compute_app_v2';
'composite:openstack_compute_api_v2/keystone': value => 'faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v2';
'composite:openstack_volume_api_v1/noauth': value => 'faultwrap sizelimit noauth osapi_volume_app_v1';
'composite:openstack_volume_api_v1/keystone': value => 'faultwrap sizelimit authtoken keystonecontext osapi_volume_app_v1';
}
}
if ($::openstack_version == 'grizzly') {
$revision = 'master'
} else {
$revision = $::openstack_version
}
class { 'tempest':
identity_host => $::openstack_controller,
identity_port => '35357',
identity_api_version => 'v2.0',
# non admin user
username => 'user1',
password => 'user1_password',
tenant_name => 'tenant1',
# another non-admin user
alt_username => 'user2',
alt_password => 'user2_password',
alt_tenant_name => 'tenant2',
# image information
image_id => 'XXXXXXX',#<%= image_id %>,
image_id_alt => 'XXXXXXX',#<%= image_id_alt %>,
flavor_ref => 1,
flavor_ref_alt => 2,
# the version of the openstack images api to use
image_api_version => '1',
image_host => $::openstack_controller,
image_port => '9292',
# this should be the username of a user with administrative privileges
admin_username => 'admin',
admin_password => $::admin_password,
admin_tenant_name => 'admin',
nova_db_uri => 'mysql://nova:nova_db_password@127.0.0.1/nova',
version_to_test => $revision,
}
class { 'openstack::auth_file':
admin_password => $::admin_password,
keystone_admin_token => $::admin_token,
controller_node => $::openstack_controller,
}
}
node /devstack/ {
class { 'devstack': }
}
node default {
notify { $clientcert: }
}
node puppetmaster {
$hostname = 'puppetmaster'
### Add the puppetlabs repo
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => '4BD6EC30',
key_server => 'pgp.mit.edu',
tag => ['puppet'],
}
Exec["apt_update"] -> Package <| |>
package { ['hiera', 'hiera-puppet']:
ensure => present,
provider => 'gem',
require => Package['puppetmaster'],
}
class { 'puppet::master':
autosign => true,
modulepath => '/etc/puppet/modules-0',
}
class { 'puppetdb':
require => Class['puppet::master'],
}
# Configure the puppet master to use puppetdb.
class { 'puppetdb::master::config':
restart_puppet => false,
puppetdb_startup_timeout => 240,
notify => Class['apache'],
}
}
View Git Blame Copy Permalink