Browse Source

Re-design plugin to support Fuel-9.0

This implementation uses a task-based deployment,
all tasks fully idempotent.

TODO:
- use existing etcd
- use existing bird on nodes
- flags for BGP peers on UI (import/export first)
- field for custom import/export filters on UI for bird on RR
- IPv6 support

Change-Id: If82a14dd4ab3bfa53018654970f27ef44571b22e
tags/mitaka-eol^0
Sergey Vasilenko 2 years ago
parent
commit
52a3bb920d
56 changed files with 1985 additions and 825 deletions
  1. 25
    0
      .gitignore
  2. 83
    25
      README.md
  3. 12
    0
      components.yaml
  4. 0
    66
      deployment_scripts/calico-fuel-monitor
  5. 0
    173
      deployment_scripts/calico_compute.sh
  6. 0
    231
      deployment_scripts/calico_controller.sh
  7. 0
    75
      deployment_scripts/calico_route_reflector.sh
  8. 0
    32
      deployment_scripts/get_node_ip.py
  9. 0
    32
      deployment_scripts/get_node_ips_by_role.py
  10. 0
    32
      deployment_scripts/pluginutils.py
  11. 78
    0
      deployment_scripts/puppet/manifests/compute_alt_gateway.pp
  12. 36
    0
      deployment_scripts/puppet/manifests/compute_bird.pp
  13. 50
    0
      deployment_scripts/puppet/manifests/compute_dhcp_agent.pp
  14. 41
    0
      deployment_scripts/puppet/manifests/compute_felix.pp
  15. 20
    0
      deployment_scripts/puppet/manifests/compute_metadata_api.pp
  16. 114
    0
      deployment_scripts/puppet/manifests/compute_neutron_nova.pp
  17. 30
    0
      deployment_scripts/puppet/manifests/etcd_proxy.pp
  18. 22
    0
      deployment_scripts/puppet/manifests/hiera_override.pp
  19. 39
    0
      deployment_scripts/puppet/manifests/neutron_networks.pp
  20. 192
    0
      deployment_scripts/puppet/manifests/neutron_server_config.pp
  21. 12
    0
      deployment_scripts/puppet/manifests/private_gateway_check.pp
  22. 25
    0
      deployment_scripts/puppet/manifests/repo_setup.pp
  23. 36
    0
      deployment_scripts/puppet/manifests/role_etcd.pp
  24. 43
    0
      deployment_scripts/puppet/manifests/role_rr.pp
  25. 12
    0
      deployment_scripts/puppet/modules/calico/Modulefile
  26. 28
    0
      deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/convert_external_peers.rb
  27. 51
    0
      deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/convert_internal_peers.rb
  28. 55
    0
      deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/generate_bgp_peers.rb
  29. 65
    0
      deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/remove_ovs_usage.rb
  30. 95
    0
      deployment_scripts/puppet/modules/calico/manifests/bird.pp
  31. 35
    0
      deployment_scripts/puppet/modules/calico/manifests/bird/bgp_peer_record.pp
  32. 77
    0
      deployment_scripts/puppet/modules/calico/manifests/etcd.pp
  33. 20
    0
      deployment_scripts/puppet/modules/calico/manifests/init.pp
  34. 43
    0
      deployment_scripts/puppet/modules/calico/manifests/params.pp
  35. 17
    0
      deployment_scripts/puppet/modules/calico/spec/spec_helper.rb
  36. 18
    0
      deployment_scripts/puppet/modules/calico/templates/bird-calico_os-filters.conf.erb
  37. 29
    0
      deployment_scripts/puppet/modules/calico/templates/bird-compute.conf.erb
  38. 10
    0
      deployment_scripts/puppet/modules/calico/templates/bird-peer-compute.conf.erb
  39. 10
    0
      deployment_scripts/puppet/modules/calico/templates/bird-peer-ext.conf.erb
  40. 11
    0
      deployment_scripts/puppet/modules/calico/templates/bird-peer-rr.conf.erb
  41. 26
    0
      deployment_scripts/puppet/modules/calico/templates/bird-rr.conf.erb
  42. 13
    0
      deployment_scripts/puppet/modules/calico/templates/calico-alt-gateway.conf.erb
  43. 15
    0
      deployment_scripts/puppet/modules/calico/templates/etcd.conf.erb
  44. 6
    0
      deployment_scripts/puppet/modules/calico/templates/felix.cfg.erb
  45. 12
    0
      deployment_scripts/puppet/modules/calico/tests/init.pp
  46. 0
    45
      deployment_scripts/remove_default_networks.sh
  47. 0
    42
      deployment_scripts/update_etcd_cluster.sh
  48. 340
    0
      deployment_tasks.yaml
  49. 45
    1
      environment_config.yaml
  50. 17
    7
      metadata.yaml
  51. 20
    0
      node_roles.yaml
  52. 0
    18
      pre_build_hook
  53. 45
    0
      pre_install.sh
  54. BIN
      repositories/ubuntu/nova-api-metadata_13.0.0-7-u14.04+mos43_all.deb
  55. 12
    13
      specs/calico-fuel-plugin.rst
  56. 0
    33
      tasks.yaml

+ 25
- 0
.gitignore View File

@@ -1,2 +1,27 @@
1 1
 .build/
2 2
 calico-fuel-plugin-*.rpm
3
+*~
4
+*.swp
5
+*.gem
6
+*.rbc
7
+.idea
8
+.bundle
9
+.config
10
+*.lock
11
+*.diff
12
+coverage
13
+InstalledFiles
14
+lib/bundler/man
15
+pkg
16
+rdoc
17
+spec/reports
18
+spec/fixtures/modules
19
+spec/fixtures/manifests
20
+test/tmp
21
+test/version_tmp
22
+tmp
23
+
24
+# YARD artifacts
25
+.yardoc
26
+_yardoc
27
+doc/

+ 83
- 25
README.md View File

@@ -31,7 +31,7 @@ None.
31 31
 Compatible versions:
32 32
 --------------------
33 33
 
34
-	Mirantis Fuel 7.0
34
+	Mirantis Fuel 9.0
35 35
 
36 36
 To build the plugin:
37 37
 --------------------
@@ -39,18 +39,15 @@ To build the plugin:
39 39
 - Install the fuel plugin builder, fpb:
40 40
 
41 41
 		easy_install pip
42
-
43 42
 		pip install fuel-plugin-builder
44 43
 
45 44
 - Clone the calico plugin repository and run the plugin builder:
46 45
 
47 46
 		git clone https://github.com/openstack/fuel-plugin-calico
48
-
49 47
 		cd fuel-plugin-calico/
50
-
51 48
 		fpb --build .
52 49
 
53
-- Check that the file calico-fuel-plugin-2.0-2.0.0-0.noarch.rpm was created.
50
+- Check that the file fuel-plugin-calico-VERSION.noarch.rpm was created.
54 51
 
55 52
 
56 53
 To install the plugin:
@@ -60,13 +57,16 @@ To install the plugin:
60 57
 
61 58
 - Copy the plugin onto the fuel master node:
62 59
 
63
-		scp calico-fuel-plugin-2.0-2.0.0-0.noarch.rpm root@<Fuel_Master_Node_IP>:/tmp
60
+		scp fuel-plugin-calico-VERSION.noarch.rpm root@<Fuel_Master_Node_IP>:/tmp
61
+
62
+- Install the `patch` utility:
63
+
64
+        yum install -y patch
64 65
 
65 66
 - Install the plugin on the fuel master node:
66 67
 
67 68
 		cd /tmp
68
-
69
-		fuel plugins --install calico-fuel-plugin-2.0-2.0.0-0.noarch.rpm
69
+		fuel plugins --install fuel-plugin-calico-VERSION.noarch.rpm
70 70
 
71 71
 - Check the plugin was installed:
72 72
 
@@ -81,27 +81,85 @@ OpenStack cluster in the usual way, with the following guidelines:
81 81
 
82 82
 - Create a new OpenStack environment, selecting:
83 83
 
84
-	Kilo on Ubuntu Trusty
84
+        Mitaka on Ubuntu 14.04
85
+        "Calico networking" as the networking setup
85 86
 
86
-	"Neutron with VLAN segmentation" as the networking setup
87
-
88
-- Under the settings tab, make sure the following options are checked:
89
-
90
-	"Assign public network to all nodes"
91
-
92
-	"Use Calico Virtual Networking"
93
-
94
-- Under the network tab, configure the 'Public' settings (leaving all of the 
95
-  other sections with their default values). For example (exact values will
87
+- Under the network tab, configure the `Public` settings to reduce
88
+  Floating-IP addresses pool to one address, 
89
+  because Calico does not support Floating IPs use-case. 
90
+  For example (exact values will
96 91
   depend on your setup):
97 92
 
98
-	- IP Range: 172.18.203.60 - 172.18.203.69
99
-        - CIDR: 172.18.203.0/24
100
-        - Use VLAN tagging: No
101
-        - Gateway: 172.18.203.1 
102
-	- Floating IP range: 172.18.203.70 - 172.18.203.79
93
+        Node Network Group
94
+          default:
95
+            CIDR: 172.18.203.0/24
96
+            IP Range: 172.18.203.2 - 172.18.203.253
97
+            Gateway: 172.18.203.1
98
+            Use VLAN tagging: No
99
+
100
+        Settings
101
+          Neutron L3:
102
+            Floating IP range: 172.18.203.254 - 172.18.203.254
103
+
104
+- Under the network tab, configure the `Private` network settings 
105
+  (this network will be used for BGP peering between custer nodes, route 
106
+  reflectors and external peers, configured by UI). Do not forget to exclude
107
+  Your BGP peers and gateway from the IP range!
108
+  For example (exact values will depend on your setup):
109
+
110
+        IP Range: 172.100.203.33 - 172.100.203.254
111
+        CIDR: 172.100.203.0/24
112
+        Use VLAN tagging: No
113
+
114
+- Under Fuel CLI, configure gateway for `Private` network.
115
+  This gateway will be used for pass outgoing external traffic from instances.
116
+  In most cases the same gateway node should be also an external BGB peer 
117
+  (see below, external BGB peer-1).
118
+
119
+        [root@nailgun ~]# fuel2 network-group list
120
+        +----+---------+------------+---------------+---------+----------+
121
+        | id | name    | vlan_start | cidr          | gateway | group_id |
122
+        +----+---------+------------+---------------+---------+----------+
123
+        |  5 | private | None       | 10.88.12.0/24 | None    | 1        |
124
+        +----+---------+------------+---------------+---------+----------+
125
+        [root@nailgun ~]# fuel2 network-group update -g 10.88.12.1  5
126
+        +------------+---------------+
127
+        | Field      | Value         |
128
+        +------------+---------------+
129
+        | id         | 5             |
130
+        | name       | private       |
131
+        | vlan_start | None          |
132
+        | cidr       | 10.88.12.0/24 |
133
+        | gateway    | 10.88.12.1    |
134
+        | group_id   | 1             |
135
+        +------------+---------------+
136
+
137
+- Under the network tab, configure IP pool for Calico network fabric. 
138
+  Ip addresses from this pool will be assigned to VM instances:
139
+
140
+        Settings
141
+          Neutron L3:
142
+            Admin Tenant network CIDR: 10.10.0.0/16
143
+            Admin Tenant network gateway: 10.10.0.1
144
+
145
+- Under the network tab, in the `other/Calico_networking` section setup
146
+  AS number, external BGP peering and another Calico networking options.
147
+
148
+        AS Number: 64513
149
+
150
+        [X] Allow external BGP peering
151
+            External BGP peers:
152
+              peer-1:65000:10.88.12.1
153
+              peer-2:65002:172.100.203.13
103 154
 
104 155
 - Add nodes (for meaningful testing, you will need at least two compute nodes
105
-  in addition to the controller).
156
+  in addition to the controller). Calico-RR (route-reflector) and Calico-ETCD 
157
+  node roles may be co-located on Controller nodes or deployed separately.
158
+
159
+- Under the nodes tab, configure networks to NICs mapping 
160
+  (exact positions will depend on your setup)
106 161
 
107 162
 - Deploy changes
163
+
164
+- Do not forget to configure BGP peering session on you infrastructure 
165
+  BGP peers.

+ 12
- 0
components.yaml View File

@@ -0,0 +1,12 @@
1
+- name: 'network:neutron:calico'
2
+  label: 'Calico'
3
+  description: 'Calico networking'
4
+  bind: !!pairs
5
+    - "cluster:net_provider": "neutron"
6
+    - "cluster:net_segment_type": "tun"
7
+  compatible:
8
+    - name: 'hypervisor:kvm'
9
+    - name: 'hypervisor:qemu'
10
+  incompatible:
11
+    - name: 'hypervisor:vmware'
12
+      description: 'Calico plugin is not compatible with VMware for now'

+ 0
- 66
deployment_scripts/calico-fuel-monitor View File

@@ -1,66 +0,0 @@
1
-#!/usr/bin/env python
2
-
3
-import pyinotify
4
-import subprocess
5
-import yaml
6
-
7
-from pluginutils import NODES_CONFIG
8
-
9
-SCRIPTS_LOCATION="##REPLACE_ON_INSTALL##/"
10
-RECONFIGURE_ROUTE_REFLECTOR = SCRIPTS_LOCATION + "calico_route_reflector.sh"
11
-UPDATE_ETCD_CLUSTER = SCRIPTS_LOCATION + "update_etcd_cluster.sh"
12
-
13
-
14
-def _get_configured_nodes(roles):
15
-    with open(NODES_CONFIG, "r") as f:
16
-        config = yaml.safe_load(f)
17
-
18
-    return [node for node in config["nodes"] if node["role"] in roles]
19
-
20
-
21
-def _get_compute_nodes():
22
-    return _get_configured_nodes(["compute"])
23
-
24
-
25
-def _get_control_nodes():
26
-    nodes = _get_configured_nodes(["controller", "primary-controller"])
27
-
28
-    for node in nodes:
29
-        # Note this does not change the node role in the Fuel deployment, just
30
-        # in the list of nodes internal to this script (where we are only
31
-        # concerned with the distinction between compute/control nodes, not
32
-        # whether a given control node is primary or not).
33
-       if node["role"] == "primary-controller":
34
-            node["role"] = "controller"
35
-
36
-    return nodes
37
-
38
-
39
-class DeploymentChangeHandler(pyinotify.ProcessEvent):
40
-    def __init__(self):
41
-        super(DeploymentChangeHandler, self).__init__()
42
-        self.compute_nodes = _get_compute_nodes()
43
-        self.control_nodes = _get_control_nodes()
44
-
45
-    def process_IN_MODIFY(self, event):
46
-        current_compute_nodes = _get_compute_nodes()
47
-        current_control_nodes = _get_control_nodes()
48
-
49
-        if current_control_nodes != self.control_nodes:
50
-            subprocess.call(RECONFIGURE_ROUTE_REFLECTOR)
51
-            subprocess.call(UPDATE_ETCD_CLUSTER)
52
-
53
-        elif current_compute_nodes != self.compute_nodes:
54
-            subprocess.call(RECONFIGURE_ROUTE_REFLECTOR)
55
-
56
-        self.compute_nodes = current_compute_nodes
57
-        self.control_nodes = current_control_nodes
58
-
59
-
60
-if __name__ == "__main__":
61
-    handler = DeploymentChangeHandler()
62
-    watch_manager = pyinotify.WatchManager()
63
-    notifier = pyinotify.Notifier(watch_manager, handler)
64
-    watch_manager.add_watch(NODES_CONFIG, pyinotify.IN_MODIFY)
65
-    notifier.loop()
66
-

+ 0
- 173
deployment_scripts/calico_compute.sh View File

@@ -1,173 +0,0 @@
1
-#!/bin/bash
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-export DEBIAN_FRONTEND=noninteractive
5
-
6
-exec > /tmp/calico_compute.log 2>&1
7
-
8
-set -x
9
-
10
-echo "Hi, I'm a compute node!"
11
-
12
-this_node_address=$(python get_node_ip.py `hostname`)
13
-controller_node_addresses=$(python get_node_ips_by_role.py controller)
14
-
15
-# Get APT key for binaries.projectcalico.org.
16
-
17
-curl -L http://binaries.projectcalico.org/repo/key | apt-key add -
18
-
19
-# Add source for binaries.projectcalico.org, removing the priority files that
20
-# were automatically created by the fuel plugin installer (the version number
21
-# in the file names causes problems as it contains full stops, and the file
22
-# contents aren't what we want).
23
-
24
-rm -f /etc/apt/preferences.d/calico-fuel-plugin-2.0.0 /etc/apt/sources.list.d/calico-fuel-plugin-2.0.0.list
25
-
26
-cat > /etc/apt/sources.list.d/calico.list <<EOF
27
-deb http://binaries.projectcalico.org/fuel7.0 ./
28
-EOF
29
-
30
-cat << PREFS >> /etc/apt/preferences.d/calico-fuel
31
-Package: *
32
-Pin: origin binaries.projectcalico.org
33
-Pin-Priority: 1200
34
-PREFS
35
-
36
-# Add PPA for the etcd packages, and ensure that it has lower priority than
37
-# binaries.projectcalico.org so that we get the fuel versions of the calico
38
-# packages.
39
-
40
-apt-add-repository -y ppa:project-calico/kilo
41
-
42
-cat > /etc/apt/preferences.d/calico-etcd <<EOF
43
-Package: *
44
-Pin: release o=LP-PPA-project-calico-kilo
45
-Pin-Priority: 1175
46
-EOF
47
-
48
-# Pick up package details from new sources.
49
-apt-get update
50
-
51
-# Install etcd and configure it for a compute node.
52
-
53
-apt-get -y install etcd
54
-
55
-for controller_address in ${controller_node_addresses[@]}
56
-do
57
-  initial_cluster+="${controller_address}=http://${controller_address}:2380,"
58
-done
59
-initial_cluster=${initial_cluster::-1} # remove trailing comma
60
-
61
-service etcd stop
62
-rm -rf /var/lib/etcd/*
63
-awk '/exec \/usr\/bin\/etcd/{while(getline && $0 != ""){}}1' /etc/init/etcd.conf > tmp
64
-mv tmp /etc/init/etcd.conf
65
-cat << EXEC_CMD >> /etc/init/etcd.conf
66
-exec /usr/bin/etcd -proxy on                                                         \\
67
-                   -listen-client-urls http://127.0.0.1:4001                         \\
68
-                   -advertise-client-urls http://127.0.0.1:7001                      \\
69
-                   -initial-cluster ${initial_cluster}
70
-EXEC_CMD
71
-service etcd start
72
-
73
-# Run apt-get upgrade and apt-get dist-upgrade. These commands will
74
-# bring in Calico-specific updates to the OpenStack packages and to
75
-# dnsmasq. 
76
-
77
-apt-get -y upgrade
78
-apt-get -y dist-upgrade
79
-
80
-# Open /etc/nova/nova.conf and remove the linuxnet_interface_driver line.
81
-
82
-cp /etc/nova/nova.conf /etc/nova/nova.conf.pre-calico
83
-
84
-sed -i "/^linuxnet_interface_driver/d" /etc/nova/nova.conf
85
-service nova-compute restart
86
-
87
-# Install some extra packages.
88
-
89
-apt-get -y install neutron-common neutron-dhcp-agent nova-api
90
-
91
-# Open /etc/neutron/dhcp_agent.ini in your preferred text editor. In
92
-# the [DEFAULT] section, add the following line:
93
-#
94
-# interface_driver = neutron.agent.linux.interface.RoutedInterfaceDriver
95
-
96
-cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.pre-calico
97
-
98
-sed -i "/^interface_driver/d" /etc/neutron/dhcp_agent.ini
99
-
100
-sed -i "/^\[DEFAULT\]/a\
101
-interface_driver = neutron.agent.linux.interface.RoutedInterfaceDriver
102
-" /etc/neutron/dhcp_agent.ini
103
-
104
-# Allow BGP connections through the Fuel firewall. We do this before 
105
-# installing calico-compute, so that they will be included when the 
106
-# calico-compute install script does iptables-save.
107
-iptables -I INPUT 1 -p tcp --dport 179 -j ACCEPT
108
-
109
-# Add sources for BIRD and Ubuntu Precise.
110
-
111
-gpg --keyserver keyserver.ubuntu.com --recv-keys F9C59A45
112
-gpg -a --export F9C59A45 | apt-key add -
113
-
114
-cat > /etc/apt/sources.list.d/bird.list <<EOF
115
-deb http://ppa.launchpad.net/cz.nic-labs/bird/ubuntu trusty main
116
-EOF
117
-
118
-cat > /etc/apt/sources.list.d/trusty.list <<EOF
119
-deb http://gb.archive.ubuntu.com/ubuntu/ trusty main
120
-deb http://gb.archive.ubuntu.com/ubuntu/ trusty universe
121
-EOF
122
-
123
-apt-get update
124
-
125
-# Install BIRD and calico-compute packages.
126
-
127
-# Note that this will trigger the installation of iptables-persistent which
128
-# will attempt to bring up a dialog box. We use debconf-set-selections to set
129
-# the value beforehand to avoid this (so not to interrupt the automated
130
-# installation process).
131
-echo iptables-persistent iptables-persistent/autosave_v4 boolean true | debconf-set-selections
132
-echo iptables-persistent iptables-persistent/autosave_v6 boolean true | debconf-set-selections
133
-
134
-apt-get -y install calico-compute bird
135
-
136
-# Configure BIRD. By default Calico assumes that you'll be deploying
137
-# a route reflector to avoid the need for a full BGP mesh. To this
138
-# end, it includes useful configuration scripts that will prepare a
139
-# BIRD config file with a single peering to the route reflector. If
140
-# that's correct for your network, you can run the following command 
141
-# for IPv4 connectivity between compute hosts.
142
-#
143
-# The calico_route_reflector.sh script will set up the required BGP
144
-# Route Reflctor configuration on the controller to allow connections
145
-# from the compute nodes.
146
-#
147
-# If you are configuring a full BGP mesh you'll need to handle the BGP
148
-# configuration appropriately - by editing this script/the Route Reflector
149
-# script. You should consult the relevant documentation for your chosen BGP
150
-# stack.
151
-
152
-calico-gen-bird-mesh-conf.sh $this_node_address 64511 ${controller_node_addresses[@]}
153
-
154
-# Edit the /etc/calico/felix.cfg file:
155
-#     Change the MetadataAddr setting to 127.0.0.1.
156
-#     Change the MetadataPort setting to 8775.
157
-
158
-cp /etc/calico/felix.cfg.example /etc/calico/felix.cfg
159
-
160
-sed -i "/^MetadataAddr/d" /etc/calico/felix.cfg
161
-sed -i "/^\[global\]/a\
162
-MetadataAddr = 127.0.0.1
163
-" /etc/calico/felix.cfg
164
-
165
-sed -i "/^MetadataPort/d" /etc/calico/felix.cfg
166
-sed -i "/^\[global\]/a\
167
-MetadataPort = 8775
168
-" /etc/calico/felix.cfg
169
-
170
-# Restart the Felix service:
171
-service calico-felix restart
172
-
173
-exit 0

+ 0
- 231
deployment_scripts/calico_controller.sh View File

@@ -1,231 +0,0 @@
1
-#!/bin/bash
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-export DEBIAN_FRONTEND=noninteractive
5
-
6
-exec > /tmp/calico_controller.log 2>&1
7
-
8
-set -x
9
-
10
-echo "Hi, I'm a controller node!"
11
-
12
-this_node_address=$(python get_node_ip.py `hostname`)
13
-controller_node_addresses=$(python get_node_ips_by_role.py controller)
14
-
15
-# Get APT key for binaries.projectcalico.org.
16
-
17
-curl -L http://binaries.projectcalico.org/repo/key | apt-key add -
18
-
19
-# Add source for binaries.projectcalico.org, removing the priority files that
20
-# were automatically created by the fuel plugin installer (the version number
21
-# in the file names causes problems as it contains full stops, and the file
22
-# contents aren't what we want).
23
-
24
-rm -f /etc/apt/preferences.d/calico-fuel-plugin-2.0.0 /etc/apt/sources.list.d/calico-fuel-plugin-2.0.0.list
25
-
26
-cat > /etc/apt/sources.list.d/calico.list <<EOF
27
-deb http://binaries.projectcalico.org/fuel7.0 ./
28
-EOF
29
-
30
-cat << PREFS >> /etc/apt/preferences.d/calico-fuel
31
-Package: *
32
-Pin: origin binaries.projectcalico.org
33
-Pin-Priority: 1200
34
-PREFS
35
-
36
-# Add PPA for the etcd packages, and ensure that it has lower priority than
37
-# binaries.projectcalico.org so that we get the fuel versions of the calico
38
-# packages.
39
-
40
-apt-add-repository -y ppa:project-calico/kilo
41
-
42
-cat > /etc/apt/preferences.d/calico-etcd <<EOF
43
-Package: *
44
-Pin: release o=LP-PPA-project-calico-kilo
45
-Pin-Priority: 1175
46
-EOF
47
-
48
-# Pick up package details from new sources.
49
-apt-get update
50
-
51
-# Install etcd and configure it for a controller node.
52
-
53
-apt-get -y install etcd
54
-
55
-for controller_address in ${controller_node_addresses[@]}
56
-do
57
-  initial_cluster+="${controller_address}=http://${controller_address}:2380,"
58
-done
59
-initial_cluster=${initial_cluster::-1} # remove trailing comma
60
-
61
-service etcd stop
62
-rm -rf /var/lib/etcd/*
63
-awk '/exec \/usr\/bin\/etcd/{while(getline && $0 != ""){}}1' /etc/init/etcd.conf > tmp
64
-mv tmp /etc/init/etcd.conf
65
-cat << EXEC_CMD >> /etc/init/etcd.conf
66
-exec /usr/bin/etcd -name ${this_node_address}                                                                 \\
67
-                   -advertise-client-urls "http://${this_node_address}:2379,http://${this_node_address}:4001" \\
68
-                   -listen-client-urls "http://0.0.0.0:2379,http://0.0.0.0:4001"                              \\
69
-                   -listen-peer-urls "http://0.0.0.0:2380"                                                    \\
70
-                   -initial-advertise-peer-urls "http://${this_node_address}:2380"                            \\
71
-                   -initial-cluster-token fuel-cluster-1                                                      \\
72
-                   -initial-cluster ${initial_cluster}                                                        \\
73
-                   -initial-cluster-state new
74
-
75
-EXEC_CMD
76
-
77
-service etcd start
78
-
79
-# Ensure that the firewall isn't dropping traffic to the ports used by etcd.
80
-iptables -I INPUT 1 -p tcp --dport 2379 -j ACCEPT
81
-iptables -I INPUT 2 -p tcp --dport 2380 -j ACCEPT
82
-iptables -I INPUT 3 -p tcp --dport 4001 -j ACCEPT
83
-iptables-save > /etc/iptables.local
84
-/sbin/iptables-restore < /etc/iptables.local
85
-
86
-# Run apt-get upgrade and apt-get dist-upgrade. These commands will
87
-# bring in Calico-specific updates to the OpenStack packages and to
88
-# dnsmasq.
89
-
90
-apt-get -y upgrade
91
-apt-get -y dist-upgrade
92
-
93
-# Install the calico-control package:
94
-
95
-apt-get -y install calico-control
96
-
97
-# Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:
98
-#
99
-#     Find the line beginning with type_drivers, and change it to
100
-#     read type_drivers = local, flat.
101
-
102
-cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.pre-calico
103
-
104
-sed -i "/^type_drivers/d" /etc/neutron/plugins/ml2/ml2_conf.ini
105
-
106
-sed -i "/^\[ml2\]/a\
107
-type_drivers = local, flat
108
-" /etc/neutron/plugins/ml2/ml2_conf.ini
109
-
110
-#     Find the line beginning with mechanism_drivers, and change it
111
-#     to read mechanism_drivers = calico.
112
-
113
-sed -i "/^mechanism_drivers/d" /etc/neutron/plugins/ml2/ml2_conf.ini
114
-
115
-sed -i "/^\[ml2\]/a\
116
-mechanism_drivers = calico
117
-" /etc/neutron/plugins/ml2/ml2_conf.ini
118
-
119
-#     Find the line beginning with tenant_network_types, and change it
120
-#     to read tenant_network_types = local.
121
-
122
-sed -i "/^tenant_network_types/d" /etc/neutron/plugins/ml2/ml2_conf.ini
123
-
124
-sed -i "/^\[ml2\]/a\
125
-tenant_network_types = local
126
-" /etc/neutron/plugins/ml2/ml2_conf.ini
127
-
128
-# Edit the /etc/neutron/neutron.conf file:
129
-#
130
-#     Find the line for the dhcp_agents_per_network setting,
131
-#     uncomment it, and set its value to the number of compute nodes
132
-#     that you will have (or any number larger than that). This
133
-#     allows a DHCP agent to run on every compute node, which Calico
134
-#     requires because the networks on different compute nodes are
135
-#     not bridged together.
136
-
137
-cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.pre-calico
138
-
139
-sed -i "/^dhcp_agents_per_network/d" /etc/neutron/neutron.conf
140
-
141
-sed -i "/^\[DEFAULT\]/a\
142
-dhcp_agents_per_network = 1000
143
-" /etc/neutron/neutron.conf
144
-
145
-# Remove api_workers and rpc_workers config, so that these default to
146
-# 0. The Calico/OpenStack plugin doesn't currently work if the
147
-# Neutron server is split across multiple OS processes.
148
-
149
-sed -i "/^api_workers/d" /etc/neutron/neutron.conf
150
-sed -i "/^rpc_workers/d" /etc/neutron/neutron.conf
151
-
152
-# Set agent_down_time to 60, instead of Fuel's default setting of 15.
153
-# The Calico/OpenStack plugin reports Felix agent status every 30
154
-# seconds, based on the HEARTBEAT exchange between the plugin and each
155
-# Felix; and it is recommended that agent_down_time should be double
156
-# the expected reporting interval.
157
-
158
-sed -i "/^agent_down_time/d" /etc/neutron/neutron.conf
159
-
160
-sed -i "/^\[DEFAULT\]/a\
161
-agent_down_time = 60
162
-" /etc/neutron/neutron.conf
163
-
164
-# If dnspython is installed, eventlet replaces socket.getaddrinfo() with its
165
-# own version that cannot handle IPv6 addresses. As a workaround, we comment
166
-# out the '::1 localhost' line from /etc/hosts.
167
-
168
-sed -i "s/^::1\(.*\)/#::1\1 #commented out due to dnspython IPv6 issue/" /etc/hosts
169
-
170
-# Restart the neutron server process:
171
-
172
-service neutron-server restart
173
-
174
-# BIRD installation
175
-
176
-gpg --keyserver keyserver.ubuntu.com --recv-keys F9C59A45
177
-gpg -a --export F9C59A45 | apt-key add -
178
-
179
-cat > /etc/apt/sources.list.d/bird.list <<EOF
180
-deb http://ppa.launchpad.net/cz.nic-labs/bird/ubuntu trusty main
181
-EOF
182
-
183
-apt-get update
184
-
185
-apt-get -y install bird
186
-
187
-# Allow BGP through the Fuel firewall
188
-iptables -I INPUT 1 -p tcp --dport 179 -j ACCEPT
189
-
190
-# Save the current iptables so that they will be restored if the
191
-# controller is rebooted.
192
-iptables-save > /etc/iptables/rules.v4
193
-
194
-# Set up a service, calico-fuel-monitor, that will detect changes to the
195
-# deployment and reconfigure the calico components on the controller as
196
-# needed. For example, updating the route reflector configuration after
197
-# compute nodes are added/removed from the deployment.
198
-SERVICE_NAME=calico-fuel-monitor
199
-
200
-# Install the service's dependencies.
201
-apt-get -y install python-pip
202
-pip install pyinotify pyaml
203
-
204
-# During node deployment, the plugin deployment scripts are copied into 
205
-# /etc/fuel/plugins/<plugin_name>-<plugin_version> on the node, and this
206
-# script is run from that directory.
207
-SERVICE_DIR=$(pwd)
208
-sed -i "s@##REPLACE_ON_INSTALL##@${SERVICE_DIR}@" $SERVICE_NAME
209
-chmod +x $SERVICE_NAME
210
-
211
-cat << SERVICE_CFG >> /etc/init/calico-fuel-monitor.conf
212
-# calico-fuel-monitor - daemon to monitor for fuel deployment changes and
213
-#                       reconfigure the calico components accordingly
214
-
215
-description "Calico daemon to monitor fuel deployment changes"
216
-author "Emma Gordon <emma@projectcalico.org>"
217
-
218
-start on runlevel [2345]
219
-stop on runlevel [016]
220
-
221
-respawn
222
-
223
-script
224
-cd ${SERVICE_DIR}
225
-exec ./${SERVICE_NAME}
226
-end script
227
-SERVICE_CFG
228
-
229
-service $SERVICE_NAME start
230
-
231
-exit 0

+ 0
- 75
deployment_scripts/calico_route_reflector.sh View File

@@ -1,75 +0,0 @@
1
-#!/bin/bash
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-exec > /tmp/calico_route_reflector.log 2>&1
5
-
6
-set -x
7
-
8
-echo "Hi, I'm a route_reflector node!"
9
-
10
-this_node_address=$(python get_node_ip.py `hostname`)
11
-controller_node_addresses=$(python get_node_ips_by_role.py controller)
12
-
13
-client_peers=$(python get_node_ips_by_role.py compute)
14
-route_reflector_peers=("${controller_node_addresses[@]/$this_node_address}")
15
-
16
-# Generate basic config for a BIRD BGP route reflector.
17
-cat > /etc/bird/bird.conf <<EOF
18
-# Configure logging
19
-log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
20
-log stderr all;
21
-#log "tmp" all;
22
-
23
-# Override router ID
24
-router id $this_node_address;
25
-
26
-
27
-filter import_kernel {
28
-if ( net != 0.0.0.0/0 ) then {
29
-   accept;
30
-   }
31
-reject;
32
-}
33
-
34
-# Turn on global debugging of all protocols
35
-debug protocols all;
36
-
37
-# This pseudo-protocol watches all interface up/down events.
38
-protocol device {
39
-  scan time 2;    # Scan interfaces every 10 seconds
40
-}
41
-EOF
42
-
43
-# Add a BGP protocol stanza for all peers.
44
-for node in ${client_peers[@]} ${route_reflector_peers[@]}; do
45
-  cat >> /etc/bird/bird.conf <<EOF
46
-protocol bgp {
47
-  local as 64511;
48
-  neighbor $node as 64511;
49
-  multihop;
50
-EOF
51
-
52
-  if [[ "${client_peers[@]}" =~ "${node}" ]]; then
53
-    cat >> /etc/bird/bird.conf <<EOF
54
-  description "Client $node";
55
-  rr client;
56
-EOF
57
-  else
58
-    cat >> /etc/bird/bird.conf <<EOF
59
-  description "Route Reflector $node";
60
-EOF
61
-  fi
62
-
63
-  cat >> /etc/bird/bird.conf <<EOF
64
-  rr cluster id 1.2.3.4;
65
-  import all;
66
-  export all;
67
-  source address ${this_node_address};
68
-}
69
-EOF
70
-done
71
-
72
-# Restart BIRD with the new config.
73
-service bird restart
74
-
75
-exit 0

+ 0
- 32
deployment_scripts/get_node_ip.py View File

@@ -1,32 +0,0 @@
1
-#!/usr/bin/env python
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-import sys
5
-import yaml
6
-from pluginutils import get_config_file_for_node_type
7
-
8
-usage = "./get_node_ip.py <hostname>"
9
-
10
-def main(hostname):
11
-    config_file = get_config_file_for_node_type()
12
-
13
-    with open(config_file, "r") as f:
14
-        config = yaml.safe_load(f)
15
-
16
-    for node in config["nodes"]:
17
-        if node["fqdn"] == hostname:
18
-            # Get the IP address that other OpenStack nodes can use to address
19
-            # services on this node, rather than the node's public IP address.
20
-            this_node_ip = node["internal_address"]
21
-            break
22
-    else:
23
-        this_node_ip = None
24
-
25
-    print this_node_ip
26
-
27
-if __name__ == "__main__":
28
-    if len(sys.argv) != 2:
29
-        print usage
30
-        sys.exit(1)
31
-
32
-    main(sys.argv[1])

+ 0
- 32
deployment_scripts/get_node_ips_by_role.py View File

@@ -1,32 +0,0 @@
1
-#!/usr/bin/env python
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-import argparse
5
-import yaml
6
-
7
-from pluginutils import NODES_CONFIG
8
-
9
-
10
-def main(node_roles):
11
-    with open(NODES_CONFIG, "r") as f:
12
-        config = yaml.safe_load(f)
13
-
14
-    node_ips = [node["internal_address"] for node in config["nodes"] 
15
-                if node["role"] in node_roles]
16
-
17
-    return node_ips
18
-
19
-
20
-if __name__ == "__main__":
21
-    parser = argparse.ArgumentParser()
22
-    parser.add_argument("node_role", choices=["compute", "controller"])
23
-    args = parser.parse_args()
24
-
25
-    args.node_role = [args.node_role]
26
-    if args.node_role == ["controller"]:
27
-        args.node_role.append("primary-controller")
28
-
29
-    node_ips = main(args.node_role)
30
-    if node_ips:
31
-        print " ".join(node_ips)
32
-

+ 0
- 32
deployment_scripts/pluginutils.py View File

@@ -1,32 +0,0 @@
1
-#!/usr/bin/env python
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-import os
5
-
6
-# This config file is updated with the latest node details as the deployment
7
-# evolves. It only contains node details, not other config settings.
8
-NODES_CONFIG = "/etc/hiera/astute.yaml"
9
-
10
-# These config files contain details of the nodes at initial deployment, but
11
-# they are not subsequently updated with node changes. However, they contain
12
-# a greater range of information, including settings and network config. They
13
-# are also created on the system earlier in the deployment process, so are
14
-# good sources of initial node information during Calico setup.
15
-PRIMARY_CONTROLLER_CFG = "/etc/primary-controller.yaml"
16
-CONTROLLER_CFG = "/etc/controller.yaml"
17
-COMPUTE_CFG = "/etc/compute.yaml"
18
-
19
-def get_config_file_for_node_type():
20
-    if os.path.isfile(PRIMARY_CONTROLLER_CFG):
21
-        config_file = PRIMARY_CONTROLLER_CFG
22
-
23
-    elif os.path.isfile(CONTROLLER_CFG):
24
-        config_file = CONTROLLER_CFG
25
-
26
-    elif os.path.isfile(COMPUTE_CFG):
27
-        config_file = COMPUTE_CFG
28
-
29
-    else:
30
-        raise Exception("Unrecognised node type - can't obtain config")
31
-
32
-    return config_file

+ 78
- 0
deployment_scripts/puppet/manifests/compute_alt_gateway.pp View File

@@ -0,0 +1,78 @@
1
+notice('MODULAR: calico/compute_alt_gateway.pp')
2
+
3
+$network_scheme = hiera_hash('network_scheme')
4
+prepare_network_config($network_scheme)
5
+$network_metadata = hiera_hash('network_metadata', {})
6
+
7
+# Initial constants
8
+$plugin_name     = 'fuel-plugin-calico'
9
+$calico_mark = '0xCA'
10
+
11
+$neutron_config   = hiera_hash('neutron_config')
12
+$private_net_name = try_get_value($neutron_config, 'default_private_net', 'admin_internal_net')
13
+$neutron_networks = try_get_value($neutron_config, 'predefined_networks', {})
14
+$private_net      = try_get_value($neutron_networks, $private_net_name, {'L3'=>{}})
15
+$subnet_cidr      = pick($private_net['L3']['subnet'], '10.20.0.0/16')
16
+
17
+$calico_alt_gateway_br = get_network_role_property('neutron/mesh','interface')
18
+$calico_alt_gateway    = try_get_value($network_scheme,"endpoints/${calico_alt_gateway_br}/vendor_specific/provider_gateway")
19
+
20
+# Firewall initials
21
+class { '::firewall':}
22
+Class['::firewall'] -> Firewall<||>
23
+Class['::firewall'] -> Firewallchain<||>
24
+
25
+# iptables -t mangle -N calico-alt-gw-MARK
26
+firewallchain { 'calico-alt-gw-MARK:mangle:IPv4':
27
+  ensure  => present,
28
+}->
29
+# iptables -t mangle -A PREROUTING -i tap+ -j calico-alt-gw-MARK
30
+firewall { '010 process traffic from VM instances to outside':
31
+  ensure   => present,
32
+  table    => 'mangle',
33
+  chain    => 'PREROUTING',
34
+  iniface  => 'tap+',
35
+  proto    => 'all',
36
+  jump     => 'calico-alt-gw-MARK',
37
+} ->
38
+#iptables -t mangle -A calico-alt-gw-MARK -d 192.168.111.0/24 -j RETURN
39
+firewall { '011 skip internal traffic':
40
+  ensure      => present,
41
+  table       => 'mangle',
42
+  chain       => 'calico-alt-gw-MARK',
43
+  destination => $subnet_cidr,
44
+  proto       => 'all',
45
+  jump        => 'RETURN',
46
+} ->
47
+#iptables -t mangle -A calico-alt-gw-MARK -j MARK --set-mark 0x222
48
+firewall { '012 mark traffic from VM instances to outside':
49
+  ensure      => present,
50
+  table       => 'mangle',
51
+  chain       => 'calico-alt-gw-MARK',
52
+  jump        => 'MARK',
53
+  proto       => 'all',
54
+  set_mark    => $calico_mark
55
+}
56
+
57
+file { '/etc/init/calico-alt-gateway.conf':
58
+  ensure  => present,
59
+  mode    => '0644',
60
+  owner   => 'root',
61
+  group   => 'root',
62
+  content => template('calico/calico-alt-gateway.conf.erb'),
63
+} ~>
64
+service {'calico-alt-gateway':
65
+  ensure     => running,
66
+  enable     => true,
67
+  hasrestart => false,
68
+}
69
+
70
+# Without such settings source-routing works wrong. For more details
71
+# read the https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
72
+# Value '2' may be better, but Calico Felix agent is not compotible with '2'
73
+sysctl::value {
74
+  'net.ipv4.conf.all.rp_filter':                      value => "0";
75
+  "net.ipv4.conf.${calico_alt_gateway_br}.rp_filter": value => "0";
76
+}
77
+
78
+# vim: set ts=2 sw=2 et :

+ 36
- 0
deployment_scripts/puppet/manifests/compute_bird.pp View File

@@ -0,0 +1,36 @@
1
+notice('MODULAR: calico/compute_bird.pp')
2
+
3
+prepare_network_config(hiera_hash('network_scheme'))
4
+$network_metadata = hiera_hash('network_metadata', {})
5
+
6
+
7
+# Initial constants
8
+$plugin_name     = 'fuel-plugin-calico'
9
+$plugin_settings = hiera_hash("${plugin_name}", {})
10
+$enable_ipv4 = try_get_value($plugin_settings, 'enable_ipv4', true)
11
+$enable_ipv6 = try_get_value($plugin_settings, 'enable_ipv6', false)
12
+$as_number   = try_get_value($plugin_settings, 'as_number', 65001)
13
+
14
+$local_ip = get_network_role_property('neutron/mesh', 'ipaddr')
15
+
16
+$rr_nodes = get_nodes_hash_by_roles($network_metadata, ['calico-rr'])
17
+$rr_nodes_ip = get_node_to_ipaddr_map_by_network_role($rr_nodes, 'neutron/mesh')
18
+
19
+# Firewall initials
20
+class { '::firewall':}
21
+Class['::firewall'] -> Firewall<||>
22
+Class['::firewall'] -> Firewallchain<||>
23
+
24
+firewall { '410 bird':
25
+  dport  => '179',
26
+  proto  => 'tcp',
27
+  action => 'accept',
28
+} ->
29
+class { 'calico::bird':
30
+  template    => 'compute',
31
+  as_number   => $as_number,
32
+  enable_ipv4 => $enable_ipv4,
33
+  enable_ipv6 => $enable_ipv6,
34
+  src_addr    => $local_ip,
35
+  rr_servers  => $rr_nodes_ip,
36
+}

+ 50
- 0
deployment_scripts/puppet/manifests/compute_dhcp_agent.pp View File

@@ -0,0 +1,50 @@
1
+notice('MODULAR: calico/compute_dhcp_agent.pp')
2
+
3
+# stub for task-based deployment
4
+# class neutron { }
5
+# class { 'neutron' : }
6
+
7
+$debug                   = hiera('debug', true)
8
+$resync_interval         = '30'
9
+
10
+# class { '::neutron::agents::dhcp':
11
+#   debug                    => $debug,
12
+#   resync_interval          => $resync_interval,
13
+#   manage_service           => false,
14
+#   enable_isolated_metadata => true,
15
+#   enabled                  => false,
16
+# }
17
+
18
+# # stub package for 'neutron::agents::dhcp' class
19
+# package { 'neutron':
20
+#   name   => 'binutils',
21
+#   ensure => 'installed',
22
+# }
23
+
24
+package { 'neutron-dhcp-agent':
25
+  ensure => 'installed',
26
+} ->
27
+service { 'neutron-dhcp-agent':
28
+  ensure => 'stopped',
29
+  enable => false
30
+}
31
+tweaks::ubuntu_service_override { 'neutron-dhcp-agent':
32
+  package_name => 'neutron-dhcp-agent',
33
+}
34
+
35
+Package['neutron-dhcp-agent'] ->
36
+package { 'calico-dhcp-agent':
37
+  ensure => 'installed',
38
+} ->
39
+service { 'calico-dhcp-agent':
40
+  ensure => 'running',
41
+  enable => true
42
+}
43
+tweaks::ubuntu_service_override { 'calico-dhcp-agent':
44
+  package_name => 'calico-dhcp-agent',
45
+}
46
+
47
+neutron_config { 'DEFAULT/use_namespaces': value => false }
48
+
49
+Neutron_config<||> ~> Service['calico-dhcp-agent']
50
+Neutron_dhcp_agent_config<||> ~> Service['calico-dhcp-agent']

+ 41
- 0
deployment_scripts/puppet/manifests/compute_felix.pp View File

@@ -0,0 +1,41 @@
1
+notice('MODULAR: calico/compute_felix.pp')
2
+
3
+include calico
4
+
5
+# required, because neutron-dhcp-agent one of dependency of calico-compute
6
+package { 'neutron-dhcp-agent':
7
+  ensure => 'installed',
8
+} ->
9
+service { 'neutron-dhcp-agent':
10
+  ensure => 'stopped',
11
+  enable => false
12
+}
13
+tweaks::ubuntu_service_override { 'neutron-dhcp-agent':
14
+  package_name => 'neutron-dhcp-agent',
15
+}
16
+
17
+package { 'calico-felix':
18
+  ensure => 'installed',
19
+} ->
20
+package { 'calico-compute':
21
+  ensure => 'installed',
22
+} ->
23
+service { 'calico-felix':
24
+  ensure => 'running',
25
+  enable => true
26
+}
27
+tweaks::ubuntu_service_override { 'calico-felix':
28
+  package_name => 'calico-felix',
29
+}
30
+
31
+$etcd_host = '127.0.0.1'
32
+$etcd_port = $calico::params::etcd_port
33
+$metadata_host = '127.0.0.1'
34
+$metadata_port = 8775
35
+
36
+Package['calico-felix'] ->
37
+file { '/etc/calico/felix.cfg':
38
+  ensure  => present,
39
+  content => template('calico/felix.cfg.erb'),
40
+} ~>
41
+Service['calico-felix']

+ 20
- 0
deployment_scripts/puppet/manifests/compute_metadata_api.pp View File

@@ -0,0 +1,20 @@
1
+notice('MODULAR: calico/compute_metadata_api.pp')
2
+
3
+# $network_scheme = hiera_hash('network_scheme', {})
4
+# prepare_network_config($network_scheme)
5
+# $network_metadata = hiera_hash('network_metadata', {})
6
+
7
+package { 'nova-api-metadata':
8
+  name   => 'nova-api-metadata',
9
+  ensure => 'installed',
10
+} ->
11
+service { 'nova-api-metadata':
12
+  enable => true,
13
+  ensure => running
14
+}
15
+
16
+# Package['nova-api-metadata'] -> Nova_config<||>
17
+# tweaks::ubuntu_service_override { 'nova-api-metadata':
18
+#   package_name => 'nova-api-metadata'
19
+# }
20
+# Nova_config<||> -> Service['nova-api-metadata']

+ 114
- 0
deployment_scripts/puppet/manifests/compute_neutron_nova.pp View File

@@ -0,0 +1,114 @@
1
+notice('MODULAR: calico/compute_neutron_nova.pp')
2
+
3
+$network_scheme = hiera_hash('network_scheme', {})
4
+prepare_network_config($network_scheme)
5
+$network_metadata = hiera_hash('network_metadata', {})
6
+
7
+include calico
8
+include ::nova::params
9
+
10
+
11
+# Initial constants
12
+$plugin_name     = 'fuel-plugin-calico'
13
+$plugin_settings = hiera_hash("${plugin_name}", {})
14
+
15
+$neutron_config          = hiera_hash('neutron_config')
16
+$management_vip          = hiera('management_vip')
17
+$service_endpoint        = hiera('service_endpoint', $management_vip)
18
+
19
+# # LP#1526938 - python-mysqldb supports this, python-pymysql does not
20
+# if $::os_package_type == 'debian' {
21
+#   $extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 }
22
+# } else {
23
+#   $extra_params = { 'charset' => 'utf8' }
24
+# }
25
+
26
+# $net_role_property     = 'neutron/mesh'
27
+# $iface                 = get_network_role_property($net_role_property, 'phys_dev')
28
+# $physical_net_mtu      = pick(get_transformation_property('mtu', $iface[0]), '1500')
29
+
30
+$nova_hash                  = hiera_hash('nova', {})
31
+$libvirt_vif_driver         = pick($nova_hash['libvirt_vif_driver'], 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver')
32
+
33
+$region_name                = hiera('region', 'RegionOne')
34
+$admin_password             = try_get_value($neutron_config, 'keystone/admin_password')
35
+$admin_tenant_name          = try_get_value($neutron_config, 'keystone/admin_tenant', 'services')
36
+$admin_username             = try_get_value($neutron_config, 'keystone/admin_user', 'neutron')
37
+$auth_api_version           = 'v3'
38
+$ssl_hash                   = hiera_hash('use_ssl', {})
39
+
40
+$admin_identity_protocol    = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
41
+$admin_identity_address     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
42
+
43
+$neutron_internal_protocol  = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'protocol', 'http')
44
+$neutron_internal_endpoint  = get_ssl_property($ssl_hash, {}, 'neutron', 'internal', 'hostname', [hiera('neutron_endpoint', ''), $management_vip])
45
+
46
+$neutron_auth_url           = "${admin_identity_protocol}://${admin_identity_address}:35357/${auth_api_version}"
47
+$neutron_url                = "${neutron_internal_protocol}://${neutron_internal_endpoint}:9696"
48
+
49
+$nova_migration_ip          =  get_network_role_property('nova/migration', 'ipaddr')
50
+
51
+service { 'libvirt' :
52
+  ensure   => 'running',
53
+  enable   => true,
54
+  name     => $::nova::params::libvirt_service_name,
55
+  provider => $::nova::params::special_service_provider,
56
+} ->
57
+exec { 'destroy_libvirt_default_network':
58
+  command => 'virsh net-destroy default',
59
+  onlyif  => "virsh net-list | grep -qE '^\s*default\s'",
60
+  path    => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
61
+  tries   => 3,
62
+} ->
63
+exec { 'undefine_libvirt_default_network':
64
+  command => 'virsh net-undefine default',
65
+  onlyif  => "virsh net-list --all | grep -qE '^\s*default\s'",
66
+  path    => [ '/bin', '/sbin', '/usr/bin', '/usr/sbin' ],
67
+  tries   => 3,
68
+}
69
+
70
+Service['libvirt'] ~> Exec['destroy_libvirt_default_network']
71
+Service['libvirt'] ~> Exec['undefine_libvirt_default_network']
72
+
73
+# script called by qemu needs to manipulate the tap device
74
+file_line { 'clear_emulator_capabilities':
75
+  path   => '/etc/libvirt/qemu.conf',
76
+  line   => 'clear_emulator_capabilities = 0',
77
+  notify => Service['libvirt']
78
+}
79
+
80
+class { '::nova::compute::neutron':
81
+  libvirt_vif_driver => undef,
82
+  force_snat_range   => undef,
83
+}
84
+
85
+nova_config {
86
+  'DEFAULT/linuxnet_interface_driver': ensure => absent;
87
+  'DEFAULT/my_ip':                     value => $nova_migration_ip;
88
+}
89
+
90
+class { '::nova::network::neutron' :
91
+  neutron_password     => $admin_password,
92
+  neutron_project_name => $admin_tenant_name,
93
+  neutron_region_name  => $region_name,
94
+  neutron_username     => $admin_username,
95
+  neutron_auth_url     => $neutron_auth_url,
96
+  neutron_url          => $neutron_url,
97
+  neutron_ovs_bridge   => '',
98
+}
99
+
100
+augeas { 'sysctl-net.bridge.bridge-nf-call-arptables':
101
+  context => '/files/etc/sysctl.conf',
102
+  changes => "set net.bridge.bridge-nf-call-arptables '1'",
103
+  before  => Service['libvirt'],
104
+}
105
+augeas { 'sysctl-net.bridge.bridge-nf-call-iptables':
106
+  context => '/files/etc/sysctl.conf',
107
+  changes => "set net.bridge.bridge-nf-call-iptables '1'",
108
+  before  => Service['libvirt'],
109
+}
110
+augeas { 'sysctl-net.bridge.bridge-nf-call-ip6tables':
111
+  context => '/files/etc/sysctl.conf',
112
+  changes => "set net.bridge.bridge-nf-call-ip6tables '1'",
113
+  before  => Service['libvirt'],
114
+}

+ 30
- 0
deployment_scripts/puppet/manifests/etcd_proxy.pp View File

@@ -0,0 +1,30 @@
1
+notice('MODULAR: calico/etcd_proxy.pp')
2
+
3
+prepare_network_config(hiera_hash('network_scheme'))
4
+$network_metadata = hiera_hash('network_metadata', {})
5
+
6
+include calico
7
+
8
+# Initial constants
9
+$plugin_name     = 'fuel-plugin-calico'
10
+$plugin_settings = hiera_hash("${plugin_name}", {})
11
+
12
+# Firewall initials
13
+class { '::firewall':}
14
+Class['::firewall'] -> Firewall<||>
15
+Class['::firewall'] -> Firewallchain<||>
16
+
17
+firewall { '400 etcd':
18
+  dport  => [
19
+    $calico::params::etcd_port
20
+  ],
21
+  proto  => 'tcp',
22
+  action => 'accept',
23
+} ->
24
+# Deploy etcd cluster member
25
+class { 'calico::etcd':
26
+  node_role     => 'proxy',
27
+  bind_host     => $calico::params::mgmt_ip,
28
+  bind_port     => $calico::params::etcd_port,
29
+  cluster_nodes => $calico::params::etcd_servers_named_list,
30
+}

+ 22
- 0
deployment_scripts/puppet/manifests/hiera_override.pp View File

@@ -0,0 +1,22 @@
1
+# Manifest that creates hiera config overrride
2
+notice('MODULAR: calico/hiera_override.pp')
3
+
4
+# Initial constants
5
+$plugin_name     = 'fuel-plugin-calico'
6
+$plugin_settings = hiera_hash("${plugin_name}", {})
7
+$network_scheme  = hiera_hash("network_scheme", {})
8
+
9
+# Mangle network_scheme for setup new gateway
10
+if $plugin_settings['metadata']['enabled'] {
11
+  if $plugin_settings['network_name'] == 'another' {
12
+    $network_name = $plugin_settings['another_network_name']
13
+  } else {
14
+    $network_name = $plugin_settings['network_name']
15
+  }
16
+  $overrides = remove_ovs_usage($network_scheme)
17
+  file {"/etc/hiera/plugins/${plugin_name}.yaml":
18
+    ensure  => file,
19
+    content => inline_template("<%= @overrides %>")
20
+  }
21
+}
22
+# vim: set ts=2 sw=2 et :

+ 39
- 0
deployment_scripts/puppet/manifests/neutron_networks.pp View File

@@ -0,0 +1,39 @@
1
+notice('MODULAR: calico/neutron_networks.pp')
2
+
3
+#include calico
4
+
5
+# Initial constants
6
+$plugin_name     = 'fuel-plugin-calico'
7
+$plugin_settings = hiera_hash("${plugin_name}", {})
8
+
9
+$access_hash = hiera_hash('access', {})
10
+$tenant_name = try_get_value($access_hash, 'tenant', 'admin')
11
+
12
+# From docs:
13
+# neutron net-create --shared --provider:network_type local calico
14
+# neutron subnet-create --gateway 10.65.0.1 --enable-dhcp --ip-version 4 --name calico-v4 calico 10.65.0/24
15
+
16
+$net = 'calico'
17
+$subnet = 'calico-v4'
18
+$neutron_config   = hiera_hash('neutron_config')
19
+$private_net_name = try_get_value($neutron_config, 'default_private_net', 'admin_internal_net')
20
+$neutron_networks = try_get_value($neutron_config, 'predefined_networks', {})
21
+$private_net      = try_get_value($neutron_networks, $private_net_name, {'L3'=>{}})
22
+$subnet_cidr      = pick($private_net['L3']['subnet'], '10.20.0.0/16')
23
+$subnet_gw        = pick($private_net['L3']['gateway'],  '10.20.0.1')
24
+
25
+neutron_network { $net :
26
+  ensure                => 'present',
27
+  provider_network_type => 'local',
28
+  shared                => true,
29
+  tenant_name           => $tenant_name,
30
+} ->
31
+neutron_subnet { $subnet :
32
+  ensure           => 'present',
33
+  cidr             => $subnet_cidr,
34
+  network_name     => $net,
35
+  gateway_ip       => $subnet_gw,
36
+  enable_dhcp      => true,
37
+  ip_version       => '4',
38
+  tenant_name      => $tenant_name,
39
+}

+ 192
- 0
deployment_scripts/puppet/manifests/neutron_server_config.pp View File

@@ -0,0 +1,192 @@
1
+notice('MODULAR: calico/neutron_server_config.pp')
2
+
3
+# stub for task-based deployment
4
+class neutron { }
5
+class { 'neutron' : }
6
+
7
+$network_scheme = hiera_hash('network_scheme', {})
8
+prepare_network_config($network_scheme)
9
+$network_metadata = hiera_hash('network_metadata', {})
10
+
11
+include calico
12
+
13
+# Initial constants
14
+$plugin_name     = 'fuel-plugin-calico'
15
+$plugin_settings = hiera_hash("${plugin_name}", {})
16
+
17
+# override neutron options
18
+$override_configuration = hiera_hash('configuration', {})
19
+override_resources { 'neutron_api_config':
20
+  data => $override_configuration['neutron_api_config']
21
+} ~> Service['neutron-server']
22
+override_resources { 'neutron_config':
23
+  data => $override_configuration['neutron_config']
24
+} ~> Service['neutron-server']
25
+override_resources { 'neutron_plugin_ml2':
26
+  data => $override_configuration['neutron_plugin_ml2']
27
+} ~> Service['neutron-server']
28
+
29
+$neutron_config          = hiera_hash('neutron_config')
30
+$neutron_server_enable   = pick($neutron_config['neutron_server_enable'], true)
31
+$database_vip            = hiera('database_vip')
32
+$management_vip          = hiera('management_vip')
33
+$service_endpoint        = hiera('service_endpoint', $management_vip)
34
+$nova_endpoint           = hiera('nova_endpoint', $management_vip)
35
+$nova_hash               = hiera_hash('nova', { })
36
+
37
+$neutron_primary_controller_roles = hiera('neutron_primary_controller_roles', ['primary-controller'])
38
+$neutron_compute_roles            = hiera('neutron_compute_nodes', ['compute'])
39
+$primary_controller               = roles_include($neutron_primary_controller_roles)
40
+$compute                          = roles_include($neutron_compute_roles)
41
+
42
+$db_type     = 'mysql'
43
+$db_password = $neutron_config['database']['passwd']
44
+$db_user     = try_get_value($neutron_config, 'database/user', 'neutron')
45
+$db_name     = try_get_value($neutron_config, 'database/name', 'neutron')
46
+$db_host     = try_get_value($neutron_config, 'database/host', $database_vip)
47
+# LP#1526938 - python-mysqldb supports this, python-pymysql does not
48
+if $::os_package_type == 'debian' {
49
+  $extra_params = { 'charset' => 'utf8', 'read_timeout' => 60 }
50
+} else {
51
+  $extra_params = { 'charset' => 'utf8' }
52
+}
53
+$db_connection = os_database_connection({
54
+  'dialect'  => $db_type,
55
+  'host'     => $db_host,
56
+  'database' => $db_name,
57
+  'username' => $db_user,
58
+  'password' => $db_password,
59
+  'extra'    => $extra_params
60
+})
61
+
62
+$password                = $neutron_config['keystone']['admin_password']
63
+$username                = pick($neutron_config['keystone']['admin_user'], 'neutron')
64
+$project_name            = pick($neutron_config['keystone']['admin_tenant'], 'services')
65
+$region_name             = hiera('region', 'RegionOne')
66
+$auth_endpoint_type      = 'internalURL'
67
+
68
+$ssl_hash                = hiera_hash('use_ssl', {})
69
+
70
+$internal_auth_protocol  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
71
+$internal_auth_endpoint  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint, $management_vip])
72
+
73
+$admin_auth_protocol     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http')
74
+$admin_auth_endpoint     = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$service_endpoint, $management_vip])
75
+
76
+$nova_internal_protocol  = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'protocol', 'http')
77
+$nova_internal_endpoint  = get_ssl_property($ssl_hash, {}, 'nova', 'internal', 'hostname', [$nova_endpoint])
78
+
79
+$auth_api_version        = 'v2.0'
80
+$auth_uri                = "${internal_auth_protocol}://${internal_auth_endpoint}:5000/"
81
+$auth_url                = "${internal_auth_protocol}://${internal_auth_endpoint}:35357/"
82
+$nova_admin_auth_url     = "${admin_auth_protocol}://${admin_auth_endpoint}:35357/"
83
+$nova_url                = "${nova_internal_protocol}://${nova_internal_endpoint}:8774/v2"
84
+
85
+$workers_max             = hiera('workers_max', 16)
86
+$service_workers         = pick($neutron_config['workers'], min(max($::processorcount, 1), $workers_max))
87
+
88
+$neutron_advanced_config = hiera_hash('neutron_advanced_configuration', { })
89
+$enable_qos              = pick($neutron_advanced_config['neutron_qos'], false)
90
+
91
+if $enable_qos {
92
+  $qos_notification_drivers = 'message_queue'
93
+  $extension_drivers = ['port_security', 'qos']
94
+} else {
95
+  $qos_notification_drivers = undef
96
+  $extension_drivers = ['port_security']
97
+}
98
+
99
+$nova_auth_user          = pick($nova_hash['user'], 'nova')
100
+$nova_auth_password      = $nova_hash['user_password']
101
+$nova_auth_tenant        = pick($nova_hash['tenant'], 'services')
102
+
103
+$net_role_property     = 'neutron/mesh'
104
+$iface                 = get_network_role_property($net_role_property, 'phys_dev')
105
+$physical_net_mtu      = pick(get_transformation_property('mtu', $iface[0]), '1500')
106
+
107
+Package['neutron'] ~>
108
+package { 'calico-control':
109
+  ensure => 'installed',
110
+}
111
+Package['calico-control'] -> Class['::neutron::server']
112
+Package['calico-control'] -> Class['::neutron::plugins::ml2']
113
+
114
+class { '::neutron::plugins::ml2':
115
+  type_drivers              => ['local', 'flat'],
116
+  tenant_network_types      => 'local',
117
+  mechanism_drivers         => ['calico'],
118
+  flat_networks             => ['*'],
119
+  #network_vlan_ranges       => $network_vlan_ranges,
120
+  #tunnel_id_ranges          => [],
121
+  #vxlan_group               => $vxlan_group,
122
+  #vni_ranges                => $tunnel_id_ranges,
123
+  path_mtu                  => $physical_net_mtu,
124
+  extension_drivers         => $extension_drivers,
125
+  #supported_pci_vendor_devs => $pci_vendor_devs,
126
+  sriov_agent_required      => false,
127
+  enable_security_group     => true,
128
+  firewall_driver           => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
129
+}
130
+
131
+class { '::neutron::server':
132
+  sync_db                          => $primary_controller,
133
+
134
+  username                         => $username,
135
+  password                         => $password,
136
+  project_name                     => $project_name,
137
+  region_name                      => $region_name,
138
+  auth_url                         => $auth_url,
139
+  auth_uri                         => $auth_uri,
140
+
141
+  database_connection              => $db_connection,
142
+  database_max_retries             => hiera('max_retries'),
143
+  database_idle_timeout            => hiera('idle_timeout'),
144
+  database_max_pool_size           => hiera('max_pool_size'),
145
+  database_max_overflow            => hiera('max_overflow'),
146
+  database_retry_interval          => '2',
147
+
148
+  agent_down_time                  => 60, # it's a requirements of calico-plugin
149
+  allow_automatic_l3agent_failover => false,
150
+  l3_ha                            => false,
151
+
152
+  api_workers                      => 0, # it's a requirements of
153
+  rpc_workers                      => 0, # calico-plugin
154
+
155
+  router_distributed               => false,
156
+  qos_notification_drivers         => $qos_notification_drivers,
157
+  enabled                          => true,
158
+  manage_service                   => true,
159
+}
160
+
161
+Package['neutron'] ~>
162
+augeas { "dhcp_agents_per_network":
163
+  #context => "/files/etc/neutron/neutron.conf",
164
+  incl    => "/etc/neutron/neutron.conf",
165
+  lens    => 'Puppet.lns',
166
+  changes => [
167
+    "set DEFAULT/dhcp_agents_per_network ${calico::params::compute_nodes_count}",
168
+  ],
169
+} ~> Service['neutron-server']
170
+
171
+include ::neutron::params
172
+tweaks::ubuntu_service_override { $::neutron::params::server_service:
173
+  package_name => $neutron::params::server_package ? {
174
+    false   => $neutron::params::package_name,
175
+    default => $neutron::params::server_package
176
+  }
177
+}
178
+
179
+class { '::neutron::server::notifications':
180
+  nova_url     => $nova_url,
181
+  auth_url     => $nova_admin_auth_url,
182
+  username     => $nova_auth_user,
183
+  project_name => $nova_auth_tenant,
184
+  password     => $nova_auth_password,
185
+  region_name  => $region_name,
186
+}
187
+
188
+# Stub for Nuetron package
189
+package { 'neutron':
190
+  name   => 'binutils',
191
+  ensure => 'installed',
192
+}

+ 12
- 0
deployment_scripts/puppet/manifests/private_gateway_check.pp View File

@@ -0,0 +1,12 @@
1
+notice('MODULAR: calico/private_gateway_check.pp')
2
+
3
+$network_scheme = hiera_hash('network_scheme')
4
+prepare_network_config($network_scheme)
5
+$calico_alt_gateway_br = get_network_role_property('neutron/mesh','interface')
6
+$calico_alt_gateway    = try_get_value($network_scheme,"endpoints/${calico_alt_gateway_br}/vendor_specific/provider_gateway")
7
+
8
+if ! is_ip_address($calico_alt_gateway) {
9
+  fail("Gateway for Private network does not specified or wrong !!!")
10
+}
11
+
12
+# vim: set ts=2 sw=2 et :

+ 25
- 0
deployment_scripts/puppet/manifests/repo_setup.pp View File

@@ -0,0 +1,25 @@
1
+notice('MODULAR: calico/repo_setup.pp')
2
+
3
+# Initial constants
4
+$plugin_name     = 'fuel-plugin-calico'
5
+$plugin_settings = hiera_hash("${plugin_name}", {})
6
+
7
+# Bird PPA
8
+apt::source { 'bird-repo':
9
+  location    => 'http://ppa.launchpad.net/cz.nic-labs/bird/ubuntu',
10
+  repos       => 'main',
11
+  #release     => 'trusty',
12
+  include     => { 'src' => false },
13
+}
14
+
15
+# Calico PPA
16
+apt::source { 'calico-repo':
17
+  #location    => "http://ppa.launchpad.net/project-calico/stable/ubuntu",
18
+  location    => "http://ppa.launchpad.net/project-calico/calico-1.4/ubuntu",
19
+  repos       => 'main',
20
+  #release     => 'trusty',
21
+  include     => { 'src' => false },
22
+}
23
+
24
+Apt::Source<||> ~> Exec<| title == 'apt_update' |>
25
+Exec<| title == 'apt_update' |> -> Package<||>

+ 36
- 0
deployment_scripts/puppet/manifests/role_etcd.pp View File

@@ -0,0 +1,36 @@
1
+notice('MODULAR: calico/etcd.pp')
2
+
3
+prepare_network_config(hiera_hash('network_scheme'))
4
+$network_metadata = hiera_hash('network_metadata', {})
5
+
6
+include calico
7
+
8
+# Initial constants
9
+$plugin_name     = 'fuel-plugin-calico'
10
+$plugin_settings = hiera_hash("${plugin_name}", {})
11
+$cluster_info    = hiera_hash('cluster', {})
12
+$cluster_token   = try_get_value($cluster_info, 'name', 'openstack-calico-cluster')
13
+
14
+# Firewall initials
15
+class { '::firewall':}
16
+Class['::firewall'] -> Firewall<||>
17
+Class['::firewall'] -> Firewallchain<||>
18
+
19
+firewall { '400 etcd':
20
+  dport  => [
21
+    $calico::params::etcd_port,
22
+    $calico::params::etcd_peer_port
23
+  ],
24
+  proto  => 'tcp',
25
+  action => 'accept',
26
+} ->
27
+# Deploy etcd cluster member
28
+class { 'calico::etcd':
29
+  node_role     => 'server',
30
+  bind_host     => $calico::params::mgmt_ip,
31
+  bind_port     => $calico::params::etcd_port,
32
+  peer_host     => $calico::params::mgmt_ip,
33
+  peer_port     => $calico::params::etcd_peer_port,
34
+  cluster_nodes => $calico::params::etcd_servers_named_list,
35
+  cluster_token => $cluster_token
36
+}

+ 43
- 0
deployment_scripts/puppet/manifests/role_rr.pp View File

@@ -0,0 +1,43 @@
1
+notice('MODULAR: calico/rr_bird.pp')
2
+
3
+prepare_network_config(hiera_hash('network_scheme'))
4
+$network_metadata = hiera_hash('network_metadata', {})
5
+
6
+
7
+# Initial constants
8
+$plugin_name     = 'fuel-plugin-calico'
9
+$plugin_settings = hiera_hash("${plugin_name}", {})
10
+$enable_ipv4 = try_get_value($plugin_settings, 'enable_ipv4', true)
11
+$enable_ipv6 = try_get_value($plugin_settings, 'enable_ipv6', false)
12
+$as_number   = try_get_value($plugin_settings, 'as_number', 65001)
13
+if try_get_value($plugin_settings, 'enable_external_peering', false) {
14
+  $ext_peers = convert_external_peers(try_get_value($plugin_settings, 'external_peers', ''))
15
+} else {
16
+  $ext_peers = {}
17
+}
18
+
19
+$local_ip = get_network_role_property('neutron/mesh', 'ipaddr')
20
+
21
+$compute_nodes = get_nodes_hash_by_roles($network_metadata, ['compute'])
22
+$compute_nodes_ip = get_node_to_ipaddr_map_by_network_role($compute_nodes, 'neutron/mesh')
23
+
24
+# Firewall initials
25
+class { '::firewall':}
26
+Class['::firewall'] -> Firewall<||>
27
+Class['::firewall'] -> Firewallchain<||>
28
+
29
+firewall { '410 bird':
30
+  dport  => '179',
31
+  proto  => 'tcp',
32
+  action => 'accept',
33
+} ->
34
+class { 'calico::bird':
35
+  template    => 'rr',
36
+  as_number   => $as_number,
37
+  enable_ipv4 => $enable_ipv4,
38
+  enable_ipv6 => $enable_ipv6,
39
+  src_addr    => $local_ip,
40
+  rr_clients  => $compute_nodes_ip,
41
+  rr_servers  => {},
42
+  ext_peers   => $ext_peers,
43
+}

+ 12
- 0
deployment_scripts/puppet/modules/calico/Modulefile View File

@@ -0,0 +1,12 @@
1
+name    'calico'
2
+version '0.1.0'
3
+source 'UNKNOWN'
4
+author 'mirantis'
5
+license 'Apache License, Version 2.0'
6
+summary 'UNKNOWN'
7
+description 'UNKNOWN'
8
+project_page 'UNKNOWN'
9
+
10
+## Add dependencies, if any:
11
+# dependency 'username/name', '>= 1.2.0'
12
+dependency 'puppetlabs/stdlib', '>=4.6.0'

+ 28
- 0
deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/convert_external_peers.rb View File

@@ -0,0 +1,28 @@
1
+Puppet::Parser::Functions::newfunction( :convert_external_peers,
2
+                                        :type => :rvalue, :doc => <<-EOS
3
+    This function get text in format
4
+      name:asnum:ipaddr:flags...
5
+    and convert to hash, used into generate_bgp_peers()
6
+      {
7
+        peer_name => {
8
+          ipaddr    => '1.2.3.4',
9
+          as_number => '64646'
10
+        }
11
+      }
12
+
13
+    EOS
14
+  ) do |argv|
15
+
16
+    if argv.size != 1
17
+      raise(
18
+        Puppet::ParseError,
19
+        "convert_external_peers(): Wrong number of arguments. Should be one."
20
+      )
21
+    end
22
+
23
+    peers = argv[0]
24
+    as_number = argv[1]
25
+
26
+    Hash[*peers.split(/\n/).map{|v| v.gsub(/\s+/, "")}.reject{|c| c.empty?}.map{|v| v.split(':')}.reject{|v| v.size<3}.map{|l| [l[0],{'as_number'=>l[1],'ipaddr'=> l[2]}]}.flatten]
27
+end
28
+# vim: set ts=2 sw=2 et :

+ 51
- 0
deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/convert_internal_peers.rb View File

@@ -0,0 +1,51 @@
1
+Puppet::Parser::Functions::newfunction( :convert_internal_peers,
2
+                                        :type => :rvalue, :doc => <<-EOS
3
+    This function get peers name-to-ipaddr map, as_number
4
+    and convert to hassh, used into generate_bgp_peers()
5
+    Usage:
6
+      convert_internal_peers(
7
+        $peers_hash,
8
+        $local_as_number,
9
+      )
10
+
11
+    Hash
12
+      {
13
+        peer_name -> '1.2.3.4'
14
+      }
15
+    will be converted to
16
+      {
17
+        peer_name => {
18
+          ipaddr    => '1.2.3.4',
19
+          as_number => '64646'
20
+        }
21
+      }
22
+
23
+    EOS
24
+  ) do |argv|
25
+
26
+    if argv.size != 2
27
+      raise(
28
+        Puppet::ParseError,
29
+        "convert_internal_peers(): Wrong number of arguments. Should be two."
30
+      )
31
+    end
32
+    if !argv[0].is_a?(Hash)
33
+      raise(
34
+        Puppet::ParseError,
35
+        "convert_internal_peers(): Wrong peers map."
36
+      )
37
+    end
38
+
39
+    peers = argv[0]
40
+    as_number = argv[1]
41
+
42
+    rv = {}
43
+    peers.each do |name, ipaddr|
44
+      rv[name] = {
45
+        'ipaddr'    => ipaddr,
46
+        'as_number' => as_number,
47
+      }
48
+    end
49
+    return rv
50
+end
51
+# vim: set ts=2 sw=2 et :

+ 55
- 0
deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/generate_bgp_peers.rb View File

@@ -0,0 +1,55 @@
1
+Puppet::Parser::Functions::newfunction( :generate_bgp_peers,
2
+                                        :type => :statement, :doc => <<-EOS
3
+    This function get internal peers map, connectivity options
4
+    and create corresponded resources.
5
+    Usage:
6
+      generate_bgp_peers(
7
+        $peers_hash,
8
+        $template_name,
9
+        $local_ipaddr,
10
+        $local_as_number,
11
+      )
12
+
13
+    Peers_hash should be in format:
14
+      {
15
+        peer_name => {
16
+          ipaddr => '1.2.3.4',
17
+          as_number  => '64646'
18
+        }
19
+      }
20
+    EOS
21
+  ) do |argv|
22
+
23
+    if argv.size != 4
24
+      raise(
25
+        Puppet::ParseError,
26
+        "generate_bgp_peers(): Wrong number of arguments. Should be four."
27
+      )
28
+    end
29
+    if !argv[0].is_a?(Hash)
30
+      raise(
31
+        Puppet::ParseError,
32
+        "generate_bgp_peers(): Wrong peers map."
33
+      )
34
+    end
35
+
36
+    peers = argv[0]
37
+    template = argv[1]
38
+    local_ipaddr = argv[2]
39
+    local_as_number = argv[3]
40
+
41
+    resources = {}
42
+    peers.each do |name, peer_hash|
43
+      #file_name = "/etc/bird/peers/#{template}__#{name}.conf"
44
+      resources[name] = {
45
+        'template'         => template,
46
+        'local_ipaddr'     => local_ipaddr,
47
+        'remote_ipaddr'    => peer_hash['ipaddr'],
48
+        'local_as_number'  => local_as_number,
49
+        'remote_as_number' => peer_hash['as_number'],
50
+      }
51
+    end
52
+    function_create_resources(['calico::bird::bgp_peer_record', resources])
53
+    return true
54
+end
55
+# vim: set ts=2 sw=2 et :

+ 65
- 0
deployment_scripts/puppet/modules/calico/lib/puppet/parser/functions/remove_ovs_usage.rb View File

@@ -0,0 +1,65 @@
1
+require 'yaml'
2
+
3
+Puppet::Parser::Functions::newfunction( :remove_ovs_usage,
4
+                                        :type => :rvalue, :doc => <<-EOS
5
+    This function get network_scheme and returns mangled
6
+    network scheme without ovs-based elements.
7
+    EOS
8
+  ) do |argv|
9
+
10
+    def bridge_name_max_len
11
+      15
12
+    end
13
+
14
+    if argv.size != 1
15
+      raise(
16
+        Puppet::ParseError,
17
+        "remove_ovs_usage(): Wrong number of arguments. Should be two."
18
+      )
19
+    end
20
+    if !argv[0].is_a?(Hash)
21
+      raise(
22
+        Puppet::ParseError,
23
+        "remove_ovs_usage(): Wrong network_scheme. Should be non-empty Hash."
24
+      )
25
+    end
26
+    if argv[0]['version'].to_s.to_f < 1.1
27
+      raise(
28
+        Puppet::ParseError,
29
+        "remove_ovs_usage(): You network_scheme hash has wrong format.\nThis parser can work with v1.1 format, please convert you config."
30
+      )
31
+    end
32
+
33
+    network_scheme = argv[0]
34
+    rv = {
35
+      'use_ovs' => false
36
+    }
37
+    overrides = []
38
+
39
+    network_scheme['transformations'].each do |tr|
40
+      if tr['provider'] == 'ovs'
41
+        if tr['action'] == 'add-patch'
42
+          overrides << {
43
+            'action'   => 'override',
44
+            'override' => "patch-#{tr['bridges'][0]}:#{tr['bridges'][1]}",
45
+            'provider' => 'lnx'
46
+          }
47
+        else
48
+          overrides << {
49
+            'action'   => 'override',
50
+            'override' => tr['name'],
51
+            'provider' => 'lnx'
52
+          }
53
+        end
54
+      end
55
+    end
56
+
57
+    if ! overrides.empty?
58
+      rv['network_scheme'] = {
59
+        'transformations' => overrides
60
+      }
61
+    end
62
+
63
+    return rv.to_yaml() + "\n"
64
+end
65
+# vim: set ts=2 sw=2 et :

+ 95
- 0
deployment_scripts/puppet/modules/calico/manifests/bird.pp View File

@@ -0,0 +1,95 @@
1
+#    Copyright 2015 Mirantis, Inc.
2
+#
3
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+#    not use this file except in compliance with the License. You may obtain
5
+#    a copy of the License at
6
+#
7
+#         http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+#    Unless required by applicable law or agreed to in writing, software
10
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+#    License for the specific language governing permissions and limitations
13
+#    under the License.
14
+
15
+class calico::bird (
16
+  $template,
17
+  $src_addr,
18
+  $as_number   = '64511',
19
+  $enable_ipv4 = true,
20
+  $enable_ipv6 = false,
21
+  $rr_clients  = {},
22
+  $rr_servers  = {},
23
+  $ext_peers   = {},
24
+) {
25
+
26
+  include ::calico
27
+
28
+  tweaks::ubuntu_service_override { 'bird':
29
+    package_name => 'bird',
30
+  }
31
+
32
+  tweaks::ubuntu_service_override { 'bird6':
33
+    package_name => 'bird',
34
+  }
35
+
36
+  package { 'bird':
37
+    ensure => installed,
38
+  } ->
39
+  file { '/etc/bird':
40
+    ensure => directory,
41
+  } ->
42
+  file { '/etc/bird/peers':
43
+    ensure => directory,
44
+  } ->
45
+  file { '/etc/bird/custom.conf':
46
+    ensure => present,
47
+  } ->
48
+  file { '/etc/bird/calico_os_filters.conf':
49
+    ensure  => present,
50
+    mode    => '0644',
51
+    owner   => 'root',
52
+    group   => 'root',
53
+    content => template("calico/bird-calico_os-filters.conf.erb"),
54
+  } ->
55
+  file { '/etc/bird/bird.conf':
56
+    ensure  => present,
57
+    mode    => '0644',
58
+    owner   => 'root',
59
+    group   => 'root',
60
+    content => template("calico/bird-${template}.conf.erb"),
61
+  }
62
+
63
+  # generate peer-config-files
64
+  generate_bgp_peers(convert_internal_peers($rr_servers, $as_number), 'rr', $src_addr, $as_number)
65
+  generate_bgp_peers(convert_internal_peers($rr_clients, $as_number), 'compute', $src_addr, $as_number)
66
+  generate_bgp_peers($ext_peers, 'ext', $src_addr, $as_number)
67
+
68
+  if $enable_ipv4 {
69
+    Package['bird'] ~>
70
+    service { 'bird':
71
+      ensure     => running,
72
+      enable     => true,
73
+      hasrestart => false,
74
+      restart    => '/usr/sbin/birdc configure'
75
+    }
76
+    File['/etc/bird/calico_os_filters.conf'] ~> Service['bird']
77
+    File['/etc/bird/custom.conf'] ~> Service['bird']
78
+    File['/etc/bird/bird.conf'] ~> Service['bird']
79
+  }
80
+
81
+  if $enable_ipv6 {
82
+    Package['bird'] ~>
83
+    service { 'bird6':
84
+      ensure     => running,
85
+      enable     => true,
86
+      hasrestart => false,
87
+      restart    => '/usr/sbin/birdc6 configure'
88
+    }
89
+    File['/etc/bird/calico_os_filters.conf'] ~> Service['bird6']
90
+    File['/etc/bird/custom.conf'] ~> Service['bird6']
91
+    File['/etc/bird/bird6.conf'] ~> Service['bird6']
92
+  }
93
+
94
+}
95
+# vim: set ts=2 sw=2 et :

+ 35
- 0
deployment_scripts/puppet/modules/calico/manifests/bird/bgp_peer_record.pp View File

@@ -0,0 +1,35 @@
1
+define calico::bird::bgp_peer_record (
2
+  $local_ipaddr,
3
+  $remote_ipaddr,
4
+  $local_as_number,
5
+  $remote_as_number,
6
+  $include  = false,
7
+  $ensure   = 'present',
8
+  $template = 'ext',
9
+) {
10
+  include ::calico::params
11
+  $peer_config_path = "/etc/bird/peers/${template}__${name}.conf"
12
+  file { "${peer_config_path}":
13
+    ensure  => $ensure,
14
+    require => File['/etc/bird/peers'],
15
+    before  => File['/etc/bird/bird.conf'],
16
+    notify  => Service['bird'],
17
+    content => template("calico/bird-peer-${template}.conf.erb"),
18
+  }
19
+  if $include {
20
+    file_line {"":
21
+      line      => "include ${peer_config_path};",
22
+      path      => '/etc/bird/bird.conf',
23
+      #after    => undef,
24
+      #ensure   => 'present',
25
+      #match    => undef, # /.*match/
26
+      #multiple => undef, # 'true' or 'false'
27
+      #name     => undef,
28
+      #replace  => true, # 'true' or 'false'
29
+      require   => File['/etc/bird/bird.conf'],
30
+      notify    => Service['bird']
31
+    }
32
+  }
33
+}
34
+
35
+# vim: set ts=2 sw=2 et :

+ 77
- 0
deployment_scripts/puppet/modules/calico/manifests/etcd.pp View File

@@ -0,0 +1,77 @@
1
+#    Copyright 2015 Mirantis, Inc.
2
+#
3
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+#    not use this file except in compliance with the License. You may obtain
5
+#    a copy of the License at
6
+#
7
+#         http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+#    Unless required by applicable law or agreed to in writing, software
10
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+#    License for the specific language governing permissions and limitations
13
+#    under the License.
14
+
15
+class calico::etcd (
16
+  $node_name = $::hostname,
17
+  $node_role,
18
+  $bind_host = $::ipaddress,
19
+  $bind_port = '4001',
20
+  $peer_host = $::ipaddress,
21
+  $peer_port = '2380',
22
+  $cluster_nodes = undef,
23
+  $cluster_token = 'fuel-cluster-1'
24
+) {
25
+
26
+case $node_role {
27
+  'proxy': {
28
+      $etcd_cmd_opts = "--proxy on \
29
+--initial-cluster=${cluster_nodes} \
30
+>>/var/log/etcd.log 2>&1"
31
+  }
32
+  'server': {
33
+      $etcd_cmd_opts = "--name=${node_name} \
34
+--advertise-client-urls=http://${bind_host}:${bind_port} \
35
+--listen-client-urls=http://127.0.0.1:${bind_port},http://${bind_host}:${bind_port} \
36
+--listen-peer-urls=http://127.0.0.1:${peer_port},http://${peer_host}:${peer_port} \
37
+--initial-cluster-token='${cluster_token}' \
38
+--initial-cluster=${cluster_nodes} \
39
+--initial-cluster-state=new \
40
+--initial-advertise-peer-urls=http://${peer_host}:${peer_port} \
41
+>>/var/log/etcd.log 2>&1"
42
+  }
43
+  default: {
44
+  }
45
+}
46
+
47
+  tweaks::ubuntu_service_override { 'etcd':
48
+    package_name => 'etcd',
49
+  }
50
+
51
+  package { ['etcd','python-etcd']:
52
+    ensure => installed,
53
+  } ->
54
+
55
+  file { '/var/log/etcd.log':
56
+    ensure => present,
57
+    mode    => '0644',
58
+    owner => 'etcd',
59
+    group => 'etcd',
60
+  } ->
61
+
62
+  file { '/etc/init/etcd.conf':
63
+    ensure  => present,
64
+    mode    => '0644',
65
+    owner   => 'root',
66
+    group   => 'root',
67
+    content => template('calico/etcd.conf.erb'),
68
+  } ~>
69
+
70
+  service { 'etcd':
71
+    ensure   => 'running',
72
+    enable   => true,
73
+    provider => 'upstart'
74
+  }
75
+
76
+}
77
+# vim: set ts=2 sw=2 et :

+ 20
- 0
deployment_scripts/puppet/modules/calico/manifests/init.pp View File

@@ -0,0 +1,20 @@
1
+#    Copyright 2015 Mirantis, Inc.
2
+#
3
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+#    not use this file except in compliance with the License. You may obtain
5
+#    a copy of the License at
6
+#
7
+#         http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+#    Unless required by applicable law or agreed to in writing, software
10
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+#    License for the specific language governing permissions and limitations
13
+#    under the License.
14
+
15
+class calico {
16
+
17
+include calico::params
18
+
19
+}
20
+# vim: set ts=2 sw=2 et :

+ 43
- 0
deployment_scripts/puppet/modules/calico/manifests/params.pp View File

@@ -0,0 +1,43 @@
1
+#    Copyright 2016 Mirantis, Inc.
2
+#
3
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
4
+#    not use this file except in compliance with the License. You may obtain
5
+#    a copy of the License at
6
+#
7
+#         http://www.apache.org/licenses/LICENSE-2.0
8
+#
9
+#    Unless required by applicable law or agreed to in writing, software
10
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
11
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
12
+#    License for the specific language governing permissions and limitations
13
+#    under the License.
14
+
15
+class calico::params {
16
+
17
+  # Network
18
+  $network_scheme   = hiera_hash('network_scheme', {})
19
+  $network_metadata = hiera_hash('network_metadata', {})
20
+  prepare_network_config($network_scheme)
21
+
22
+  # current node params
23
+  $node = hiera('node')
24
+  $roles = hiera('roles')
25
+  $mgmt_ip = get_network_role_property('mgmt/vip', 'ipaddr')
26
+
27
+  # computes
28
+  $compute_nodes = get_nodes_hash_by_roles($network_metadata, ['compute'])
29
+  $compute_nodes_count = size($compute_nodes)
30
+
31
+  # etcd nodes
32
+  $etcd_nodes = get_nodes_hash_by_roles($network_metadata, ['calico-etcd'])
33
+  $etcd_nodes_map = get_node_to_ipaddr_map_by_network_role($etcd_nodes, 'mgmt/vip')
34
+  $etcd_nodes_ips = ipsort(values($etcd_nodes_map))
35
+
36
+  # etcd daemon settings
37
+  $etcd_port = '4001'
38
+  $etcd_peer_port = '2380'
39
+  $etcd_servers = suffix(prefix($etcd_nodes_ips, 'http://'), ":${etcd_port}")
40
+  $etcd_servers_list = join($etcd_servers, ',')
41
+  $etcd_servers_named_list = join(suffix(join_keys_to_values($etcd_nodes_map,"=http://"), ":${etcd_peer_port}"), ',')
42
+}
43
+# vim: set ts=2 sw=2 et :

+ 17
- 0
deployment_scripts/puppet/modules/calico/spec/spec_helper.rb View File

@@ -0,0 +1,17 @@
1
+dir = File.expand_path(File.dirname(__FILE__))
2
+$LOAD_PATH.unshift File.join(dir, 'lib')
3
+
4
+require 'mocha'
5
+require 'puppet'
6
+require 'rspec'
7
+require 'spec/autorun'
8
+
9
+Spec::Runner.configure do |config|
10
+    config.mock_with :mocha
11
+end
12
+
13
+# We need this because the RAL uses 'should' as a method.  This
14
+# allows us the same behaviour but with a different method name.
15
+class Object
16
+    alias :must :should
17
+end

+ 18
- 0
deployment_scripts/puppet/modules/calico/templates/bird-calico_os-filters.conf.erb View File

@@ -0,0 +1,18 @@
1
+# We are only going to export routes from Calico interfaces.
2
+# Currently, 'tap*' is used by the OpenStack implimentation
3
+# and 'cali*' is used by the docker implimentation.
4
+# dummy1 is the interface that bare metal "service" addresses
5
+# should be bound to if they should be exported.
6
+# This will need to be updated as we add new interface names.
7
+#
8
+# Also filter out default, just in case.
9
+#
10
+# We should automate the build of this out of variables when
11
+# we have time.
12
+
13
+filter calico_openstack__export_bgp {
14
+  if ( (ifname ~ "tap*") || (ifname ~ "cali*") || (ifname ~ "dummy1") ) then {
15
+    if  net != 0.0.0.0/0 then accept;
16
+  }
17
+  reject;
18
+}

+ 29
- 0
deployment_scripts/puppet/modules/calico/templates/bird-compute.conf.erb View File

@@ -0,0 +1,29 @@
1
+router id <%= @src_addr %>;
2
+listen bgp address <%= @src_addr %>;
3
+
4
+include "/etc/bird/calico_os_filters.conf";
5
+
6
+# Configure synchronization between BIRD's routing tables and the
7
+# kernel.
8
+protocol kernel {
9
+  learn;          # Learn all alien routes from the kernel
10
+  persist;        # Don't remove routes on bird shutdown
11
+  scan time 2;    # Scan kernel routing table every 2 seconds
12
+  import all;
13
+  graceful restart;
14
+  export all;     # Default is export none
15
+}
16
+
17
+# Watch interface up/down events.
18
+protocol device {
19
+  scan time 2;    # Scan interfaces every 2 seconds
20
+}
21
+
22
+protocol direct {
23
+   debug all;
24
+   interface "br-mesh";
25
+}
26
+
27
+<%- @rr_servers.each do |name, ipaddr| -%>
28
+include "/etc/bird/peers/rr__<%= name %>.conf";
29
+<%- end -%>

+ 10
- 0
deployment_scripts/puppet/modules/calico/templates/bird-peer-compute.conf.erb View File

@@ -0,0 +1,10 @@
1
+protocol bgp '<%= @name %>' {
2
+  local as <%= @local_as_number %>;
3
+  neighbor <%= @remote_ipaddr %> as <%= @remote_as_number %>;
4
+  description "RR-client <%= @name %>";
5
+  multihop;
6
+  rr client;
7
+  import all;
8
+  export all;
9
+  source address <%= @local_ipaddr %>;
10
+}

+ 10
- 0
deployment_scripts/puppet/modules/calico/templates/bird-peer-ext.conf.erb View File

@@ -0,0 +1,10 @@
1
+protocol bgp '<%= @name %>' {
2
+  local as <%= @local_as_number %>;
3
+  neighbor <%= @remote_ipaddr %> as <%= @remote_as_number %>;
4
+  description "Ext. peer <%= @name %>";
5
+  multihop;
6
+  import none;
7
+  export all;
8
+  next hop keep;
9
+  source address <%= @local_ipaddr %>;
10
+}

+ 11
- 0
deployment_scripts/puppet/modules/calico/templates/bird-peer-rr.conf.erb View File

@@ -0,0 +1,11 @@
1
+protocol bgp '<%= @name %>' {
2
+  local as <%= @local_as_number %>;
3
+  neighbor <%= @remote_ipaddr %> as <%= @remote_as_number %>;
4
+  description "Route Reflector <%= @name %>";
5
+  multihop;
6
+  import all;
7
+  export filter calico_openstack__export_bgp;
8
+  next hop self;    # Disable next hop processing and always advertise our
9
+                    # local address as nexthop
10
+  source address <%= @local_ipaddr %>;
11
+}

+ 26
- 0
deployment_scripts/puppet/modules/calico/templates/bird-rr.conf.erb View File

@@ -0,0 +1,26 @@
1
+# Configure logging
2
+log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
3
+log stderr all;
4
+#log "tmp" all;
5
+# Override router ID
6
+router id <%= @src_addr %>;
7
+
8
+include "/etc/bird/calico_os_filters.conf";
9
+
10
+# Turn on global debugging of all protocols
11
+debug protocols all;
12
+# This pseudo-protocol watches all interface up/down events.
13
+protocol device {
14
+  scan time 2;    # Scan interfaces every 2 seconds
15
+}
16
+
17
+# Include custom config
18
+include "/etc/bird/custom.conf";
19
+
20
+<%- @rr_clients.each do |name, ipaddr| -%>
21
+include "/etc/bird/peers/compute__<%= name %>.conf";
22
+<%- end -%>
23
+
24
+<%- @ext_peers.each do |name, peer| -%>
25
+include "/etc/bird/peers/ext__<%= name %>.conf";
26
+<%- end -%>

+ 13
- 0
deployment_scripts/puppet/modules/calico/templates/calico-alt-gateway.conf.erb View File

@@ -0,0 +1,13 @@
1
+description "calico-alt-gateway"
2
+author "Alternative default gateway for Calico network"
3
+
4
+#start on stopped rc RUNLEVEL=[2345]
5
+start on (net-device-up and started etcd)
6
+#stop on runlevel [!2345]
7
+
8
+#respawn
9
+
10
+script
11
+  ip r add default via <%= @calico_alt_gateway %> table <%= @calico_mark %>
12
+  ip rule add fwmark <%= @calico_mark %> table <%= @calico_mark %>
13
+end script

+ 15
- 0
deployment_scripts/puppet/modules/calico/templates/etcd.conf.erb View File

@@ -0,0 +1,15 @@
1
+# vim:set ft=upstart ts=2 et:
2
+description "etcd"
3
+author "etcd maintainers"
4
+
5
+start on stopped rc RUNLEVEL=[2345]
6
+stop on runlevel [!2345]
7
+
8
+respawn
9
+
10
+setuid etcd
11
+
12
+env ETCD_DATA_DIR=/var/lib/etcd
13
+export ETCD_DATA_DIR
14
+
15
+exec /usr/bin/etcd <%=@etcd_cmd_opts %>

+ 6
- 0
deployment_scripts/puppet/modules/calico/templates/felix.cfg.erb View File

@@ -0,0 +1,6 @@
1
+[global]
2
+EtcdAddr = <%= @etcd_host %>:<%= @etcd_port %>
3
+#FelixHostname = hostname
4
+MetadataAddr = <%= @metadata_host %>
5
+MetadataPort = <%= @metadata_port %>
6
+InterfacePrefix = tap

+ 12
- 0
deployment_scripts/puppet/modules/calico/tests/init.pp View File

@@ -0,0 +1,12 @@
1
+# The baseline for module testing used by Puppet Labs is that each manifest
2
+# should have a corresponding test manifest that declares that class or defined
3
+# type.
4
+#
5
+# Tests are then run by using puppet apply --noop (to check for compilation
6
+# errors and view a log of events) or by fully applying the test in a virtual
7
+# environment (to compare the resulting system state to the desired state).
8
+#
9
+# Learn more about module testing here:
10
+# http://docs.puppetlabs.com/guides/tests_smoke.html
11
+#
12
+include calico

+ 0
- 45
deployment_scripts/remove_default_networks.sh View File

@@ -1,45 +0,0 @@
1
-#!/bin/bash
2
-# This script removes default network config created in OpenStack as part of a
3
-# Fuel deployment. These networks do not work for instance creation with
4
-# Calico, so need to be removed.
5
-
6
-# OpenStack authentication and authorization requires environment variables
7
-# contained in the openrc file, this will allow us to issue commands via the 
8
-# neutron API.
9
-source /root/openrc
10
-
11
-# Details of the default networks/routers created on Fuel deployment of a
12
-# Mirantis OpenStack environment.
13
-DEFAULT_NET=net04
14
-DEFAULT_NET_EXT=net04_ext
15
-DEFAULT_ROUTER=router04
16
-
17
-# DEFAULT_NET_EXT is set as the gateway for DEFAULT_ROUTER, we must clear that
18
-# before we can delete the network.
19
-neutron router-gateway-clear $DEFAULT_ROUTER
20
-neutron net-delete $DEFAULT_NET_EXT
21
-
22
-# DEFAULT_NET cannot be deleted until all ports configured on the network have 
23
-# been removed. We get details of the configured ports from the "neutron port-list"
24
-# command, whose output is of the form:
25
-# +-----+------+-------------------+-----------------------------------------------+
26
-# | id  | name | mac_address       | fixed_ips                                     |
27
-# +-----+------+-------------------+-----------------------------------------------+
28
-# | foo |      | fa:16:3e:ae:70:4e | {"subnet_id": "bar", "ip_address": "a.b.c.d"} |
29
-# +-----+------+-------------------+-----------------------------------------------+
30
-port_ids=$(neutron port-list | grep "|" | grep -v "fixed_ips" | cut -d " " -f 2)
31
-for port_id in "${port_ids[@]}"
32
-do
33
-  neutron port-delete $port_id
34
-  if [[ $? != 0 ]]; then
35
-    # One of the ports is associated with the interface for the default router.
36
-    # This causes port deletion to fail. So we delete the interface on the
37
-    # router (this also removes the port).
38
-    neutron router-interface-delete $DEFAULT_ROUTER port=$port_id
39
-  fi
40
-done
41
-
42
-# We can now delete the default router and the default network.
43
-neutron router-delete $DEFAULT_ROUTER
44
-neutron net-delete $DEFAULT_NET
45
-

+ 0
- 42
deployment_scripts/update_etcd_cluster.sh View File

@@ -1,42 +0,0 @@
1
-#!/bin/bash
2
-# Copyright 2015 Metaswitch Networks
3
-
4
-this_node_address=$(python get_node_ip.py `hostname`)
5
-controller_node_addresses=$(python get_node_ips_by_role.py controller)
6
-
7
-for node_address in ${controller_node_addresses[@]}
8
-do
9
-  initial_cluster+="${node_address}=http://${node_address}:2380,"
10
-done
11
-
12
-initial_cluster=${initial_cluster::-1} # remove trailing comma
13
-
14
-service etcd stop
15
-rm -rf /var/lib/etcd/*
16
-awk '/exec \/usr\/bin\/etcd/{while(getline && $0 != ""){}}1' /etc/init/etcd.conf > tmp
17
-mv tmp /etc/init/etcd.conf
18
-cat << EXEC_CMD >> /etc/init/etcd.conf
19
-exec /usr/bin/etcd -name ${this_node_address}                                                                 \\
20
-                   -advertise-client-urls "http://${this_node_address}:2379,http://${this_node_address}:4001" \\
21
-                   -listen-client-urls "http://0.0.0.0:2379,http://0.0.0.0:4001"                              \\
22
-                   -listen-peer-urls "http://0.0.0.0:2380"                                                    \\
23
-                   -initial-advertise-peer-urls "http://${this_node_address}:2380"                            \\
24
-                   -initial-cluster-token fuel-cluster-1                                                      \\
25
-                   -initial-cluster ${initial_cluster}                                                        \\
26
-                   -initial-cluster-state new
27
-
28
-EXEC_CMD
29
-service etcd start
30
-
31
-retry_count=0
32
-while [[ $retry_count < 5 ]]; do
33
-  etcdctl cluster-health
34
-  if [[ $? == 0 ]]; then
35
-    break
36
-  else
37
-    ((retry_count++))
38
-    service etcd restart
39
-    sleep 2
40
-  fi
41
-done
42
-

+ 340
- 0
deployment_tasks.yaml View File

@@ -0,0 +1,340 @@
1
+# Groups
2
+
3
+- id: calico-rrs
4
+  type: group
5
+  version: 2.1.0
6
+  role:
7
+    - calico-rr
8
+  tasks: [hiera, globals, setup_repositories, tools, logging, netconfig, hosts, deploy_start]
9
+  requires:
10
+    - deploy_start
11
+  required_for:
12
+    - deploy_end
13
+  parameters:
14
+    strategy:
15
+      type: one_by_one
16
+
17
+- id: calico-etcds
18
+  type: group
19
+  version: 2.1.0
20
+  role:
21
+    - calico-etcd
22
+  tasks: [hiera, globals, setup_repositories, tools, logging, netconfig, hosts, deploy_start]
23
+  requires:
24
+    - deploy_start
25
+  required_for:
26
+    - deploy_end
27
+  parameters:
28
+    strategy:
29
+      type: one_by_one
30
+
31
+# Plugin tasks
32
+
33
+- id: hiera_override
34
+  type: puppet
35
+  version: 2.1.0
36
+  groups: ["/.*/"]
37
+  requires:
38
+    - hiera
39
+  required_for:
40
+    - globals
41
+  parameters:
42
+    puppet_manifest: puppet/manifests/hiera_override.pp
43
+    puppet_modules: puppet/modules:/etc/puppet/modules
44
+    timeout: 3600
45
+
46
+- id: calico-private-gateway-check
47
+  groups: ["/.*/"]
48
+  version: 2.1.0
49
+  requires:
50
+    - globals
51
+  required_for:
52
+    - deploy_end
53
+    - netconfig
54
+    - hosts
55
+  type: puppet
56
+  parameters:
57
+    timeout: 180
58
+    puppet_manifest: puppet/manifests/private_gateway_check.pp
59
+    puppet_modules: puppet/modules:/etc/puppet/modules
60
+
61
+- id: calico-repo-setup
62
+  role:
63
+    - calico-rr
64
+    - calico-etcd
65
+    - primary-controller
66
+    - controller
67
+    - compute
68
+  version: 2.1.0
69
+  requires:
70
+    - netconfig
71
+    - hosts
72
+  required_for:
73
+    - deploy_end
74
+    - openstack-network-start
75
+  type: puppet
76
+  parameters:
77
+    timeout: 180
78
+    puppet_manifest: puppet/manifests/repo_setup.pp
79
+    puppet_modules: puppet/modules:/etc/puppet/modules
80
+
81
+- id: calico-rr
82
+  role:
83
+    - calico-rr
84
+  version: 2.1.0
85
+  requires:
86
+    - netconfig
87
+    - hosts
88
+    - firewall
89
+    - calico-repo-setup
90
+  required_for:
91
+    - deploy_end
92
+    - openstack-network-start
93
+  condition:
94
+    yaql_exp: >
95
+      changedAny($.configuration, $.debug, $.network_metadata, $.network_scheme, $['fuel-plugin-calico'])
96
+  type: puppet
97
+  parameters:
98
+    timeout: 180
99
+    puppet_manifest: puppet/manifests/role_rr.pp
100
+    puppet_modules: puppet/modules:/etc/puppet/modules
101
+
102
+- id: calico-etcd
103
+  role:
104
+    - calico-etcd
105
+  version: 2.1.0
106
+  requires:
107
+    - netconfig
108
+    - hosts
109
+    - firewall
110
+    - calico-repo-setup
111
+  required_for:
112
+    - deploy_end
113
+    - openstack-network-start
114
+  condition:
115
+    yaql_exp: >
116
+      changedAny($.configuration, $.debug, $.network_metadata, $.network_scheme, $['fuel-plugin-calico'])
117
+  type: puppet
118
+  parameters:
119
+    timeout: 180
120
+    puppet_manifest: puppet/manifests/role_etcd.pp
121
+    puppet_modules: puppet/mod