stackforge/puppet-openstack_dev_env
Code Issues Proposed changes
Files
e7813bba846ae88e66cf23b2dd02684516fa21bd
puppet-openstack_dev_env/manifests/site.pp
Dan Bode e7813bba84 install hiera after puppet master 
for some reason, when I install puppet, the
system gem switches from some vagrant specific
one to the regular system one.

As a result, all gems installed before the
puppet master gem are not visible to puppet.

This commit installs hiera and hiera puppet after
the master.
2013-01-15 11:49:37 -08:00

350 lines
11 KiB
Puppet
Raw Blame History

## This document serves as an example of how to deploy
# basic single and multi-node openstack environments.
#
####### shared variables ##################
#Exec {
# logoutput => true,
#}
# database config
$mysql_root_password = hiera('mysql_root_password', 'mysql_root_password')
$keystone_db_password = hiera('keystone_db_password', 'keystone_db_password')
$glance_db_password = hiera('glance_db_password', 'glance_db_password')
$nova_db_password = hiera('nova_db_password', 'nova_db_password')
$cinder_db_password = hiera('cinder_db_password', 'cinder_db_password')
$quantum_db_password = hiera('quantum_db_password', 'quantum_db_password')
$allowed_hosts = hiera('allowed_hosts', ['%'])
# keystone settings)
$admin_token = hiera('admin_token', 'service_token')
$admin_email = hiera('admin_email', 'keystone@localhost')
$admin_password = hiera('admin_password', 'ChangeMe')
$glance_user_password = hiera('glance_user_password', 'glance_user_password')
$nova_user_password = hiera('nova_user_password', 'nova_user_password')
$cinder_user_password = hiera('cinder_user_password', 'cinder_user_password')
$quantum_user_password = hiera('quantum_user_password', 'quantum_user_password')
$verbose = hiera('verbose', 'True')
$public_interface = hiera('public_interface', 'eth0')
$private_interface = hiera('private_interface', 'eth2')
$rabbit_password = hiera('rabbit_password', 'rabbit_password')
$rabbit_user = hiera('rabbit_user', 'nova')
$secret_key = hiera('secret_key', 'secret_key')
$libvirt_type = hiera('libvirt_type', 'qemu')
#$network_type = hiera('', 'quantum')
$network_type = hiera('', 'nova')
if $network_type == 'nova' {
$use_quantum = false
$multi_host = true
} else {
$use_quantum = true
}
$fixed_network_range = hiera('fixed_network_range', '10.0.0.0/24')
$floating_network_range = hiera('floating_network_range', '172.16.0.128/25')
$auto_assign_floating_ip = hiera('auto_assign_floating_ip', false)
#### end shared variables #################
#### controller/compute mode settings ####
$openstack_controller = hiera('openstack_controller', '172.16.0.3')
#### controller/compute mode settings ####
# node declaration for all in one
import 'scenarios/all_in_one.pp'
# node declarations for a single server per role
import 'scenarios/multi_role.pp'
# import external swift definitions
import '/etc/puppet/modules-0/swift/examples/site.pp'
node /openstack-controller/ {
# deploy a script that can be used to test nova
class { 'openstack::test_file':
quantum => $use_quantum,
sleep_time => 60,
}
if $::osfamily == 'Debian' {
include 'apache'
} else {
# redhat specific dashboard stuff
file_line { 'nova_sudoers':
line => 'nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *',
path => '/etc/sudoers',
before => Package['nova-common'],
}
class {'apache':}
class {'apache::mod::wsgi':}
file { '/etc/httpd/conf.d/openstack-dashboard.conf':}
nova_config { 'rpc_backend': value => 'nova.openstack.common.rpc.impl_kombu';}
cinder_config { 'DEFAULT/rpc_backend': value => 'cinder.openstack.common.rpc.impl_kombu';}
#selboolean{'httpd_can_network_connect':
# value => on,
# persistent => true,
#}
firewall { '001 horizon incomming':
proto => 'tcp',
dport => ['80'],
action => 'accept',
}
firewall { '001 glance incomming':
proto => 'tcp',
dport => ['9292'],
action => 'accept',
}
firewall { '001 keystone incomming':
proto => 'tcp',
dport => ['5000', '35357'],
action => 'accept',
}
firewall { '001 mysql incomming':
proto => 'tcp',
dport => ['3306'],
action => 'accept',
}
firewall { '001 novaapi incomming':
proto => 'tcp',
dport => ['8773', '8774', '8776'],
action => 'accept',
}
firewall { '001 qpid incomming':
proto => 'tcp',
dport => ['5672'],
action => 'accept',
}
firewall { '001 novncproxy incomming':
proto => 'tcp',
dport => ['6080'],
action => 'accept',
}
}
class { 'openstack::controller':
#floating_range => $floating_network_range,
# Required Network
public_address => $openstack_controller,
public_interface => $public_interface,
private_interface => $private_interface,
# Required Database
mysql_root_password => $mysql_root_password,
# Required Keystone
admin_email => $admin_email,
admin_password => $admin_password,
keystone_db_password => $keystone_db_password,
keystone_admin_token => $admin_token,
# Required Glance
glance_db_password => $glance_db_password,
glance_user_password => $glance_user_password,
# Required Nov a
nova_db_password => $nova_db_password,
nova_user_password => $nova_user_password,
# cinder
cinder_db_password => $cinder_db_password,
cinder_user_password => $cinder_user_password,
cinder => true,
# quantum
quantum => $use_quantum,
quantum_db_password => $quantum_db_password,
quantum_user_password => $quantum_user_password,
# horizon
secret_key => $secret_key,
# need to sort out networking...
network_manager => 'nova.network.manager.FlatDHCPManager',
fixed_range => $fixed_network_range,
floating_range => $floating_network_range,
create_networks => true,
multi_host => $multi_host,
db_host => '127.0.0.1',
db_type => 'mysql',
mysql_account_security => true,
# TODO - this should not allow all
allowed_hosts => '%',
# Keystone
# Glance
glance_api_servers => '127.0.0.1:9292',
rabbit_password => $rabbit_password,
rabbit_user => $rabbit_user,
# Horizon
cache_server_ip => '127.0.0.1',
cache_server_port => '11211',
swift => false,
horizon_app_links => undef,
# General
verbose => $verbose,
purge_nova_config => false,
}
package { 'python-cliff':
ensure => present,
}
class { 'openstack::auth_file':
admin_password => $admin_password,
keystone_admin_token => $admin_token,
controller_node => '127.0.0.1',
}
keystone_config {
'DEFAULT/log_config': ensure => absent,
}
}
node /compute/ {
# TODO not sure why this is required
# this has a bug, and is constantly added to the file
if $libvirt_type == 'qemu' {
if $::osfamily == 'Debian' {
Package['libvirt'] ->
file_line { 'quemu_hack':
line => 'cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet", "/dev/net/tun",]',
path => '/etc/libvirt/qemu.conf',
ensure => present,
} ~> Service['libvirt']
} elsif $::osfamily == 'RedHat' {
package { 'avahi': ensure => present } ~>
service { 'messagebus':
ensure => running,
enable => true,
} ~>
service { 'avahi-daemon':
ensure => running,
enable => true,
} ~>
Service['libvirtd']
cinder_config { 'DEFAULT/rpc_backend': value => 'cinder.openstack.common.rpc.impl_kombu';}
file_line { 'nova_sudoers':
line => 'nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *',
path => '/etc/sudoers',
before => Service['nova-network'],
}
file_line { 'cinder_sudoers':
line => 'cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *',
path => '/etc/sudoers',
before => Service['cinder-volume'],
}
nova_config { 'rpc_backend': value => 'nova.openstack.common.rpc.impl_kombu';}
nova_config{
"network_host": value => $openstack_controller;
"libvirt_inject_partition": value => "-1";
}
if $libvirt_type == "qemu" {
file { "/usr/bin/qemu-system-x86_64":
ensure => link,
target => "/usr/libexec/qemu-kvm",
notify => Service["nova-compute"],
}
}
firewall { '001 vnc listen incomming':
proto => 'tcp',
dport => ['6080'],
action => 'accept',
}
firewall { '001 volume incomming':
proto => 'tcp',
dport => ['3260'],
action => 'accept',
}
}
}
class { 'cinder::setup_test_volume': } -> Service<||>
class { 'openstack::compute':
public_interface => $public_interface,
private_interface => $private_interface,
internal_address => $::ipaddress_eth1,
libvirt_type => $libvirt_type,
sql_connection => "mysql://nova:${nova_db_password}@${openstack_controller}/nova",
cinder_sql_connection => "mysql://cinder:${cinder_db_password}@${openstack_controller}/cinder",
quantum_sql_connection => "mysql://quantum:${quantum_db_password}@${openstack_controller}/quantum?charset=utf8",
multi_host => $multi_host,
fixed_range => $fixed_network_range,
nova_user_password => $nova_user_password,
quantum => $use_quantum,
quantum_host => $openstack_controller,
quantum_user_password => $quantum_user_password,
rabbit_password => $rabbit_password,
glance_api_servers => ["${openstack_controller}:9292"],
rabbit_host => $openstack_controller,
keystone_host => $openstack_controller,
vncproxy_host => $openstack_controller,
vnc_enabled => true,
verbose => $verbose,
}
}
node /devstack/ {
class { 'devstack': }
}
node default {
notify { $clientcert: }
}
node puppetmaster {
$hostname = 'puppetmaster'
### Add the puppetlabs repo
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => '4BD6EC30',
key_server => 'pgp.mit.edu',
tag => ['puppet'],
}
Exec["apt_update"] -> Package <| |>
package { ['hiera', 'hiera-puppet']:
ensure => present,
provider => 'gem',
require => Package['puppetmaster'],
}
class { 'puppet::master':
autosign => true,
modulepath => '/etc/puppet/modules-0',
}
class { 'puppetdb':
require => Class['puppet::master'],
}
# Configure the puppet master to use puppetdb.
class { 'puppetdb::master::config':
restart_puppet => false,
puppetdb_startup_timeout => 240,
notify => Class['apache'],
}
}
View Git Blame Copy Permalink