diff --git a/deployment_scripts/puppet/modules/contrail/manifests/compute/nova.pp b/deployment_scripts/puppet/modules/contrail/manifests/compute/nova.pp index 1e6a372bf..707808cb6 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/compute/nova.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/compute/nova.pp @@ -28,12 +28,7 @@ class contrail::compute::nova { } nova_config { - 'DEFAULT/neutron_url': value => "http://${contrail::mos_mgmt_vip}:9696"; - 'DEFAULT/neutron_admin_auth_url': value => "http://${contrail::mos_mgmt_vip}:35357/v2.0/"; 'DEFAULT/network_api_class': value => 'nova.network.neutronv2.api.API'; - 'DEFAULT/neutron_admin_tenant_name': value => 'services'; - 'DEFAULT/neutron_admin_username': value => 'neutron'; - 'DEFAULT/neutron_admin_password': value => $contrail::service_token; 'DEFAULT/neutron_url_timeout': value => '300'; 'DEFAULT/firewall_driver': value => 'nova.virt.firewall.NoopFirewallDriver'; 'DEFAULT/security_group_api': value => 'neutron'; diff --git a/deployment_scripts/puppet/modules/contrail/manifests/controller.pp b/deployment_scripts/puppet/modules/contrail/manifests/controller.pp index 2f5a3646d..26e7d5096 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/controller.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/controller.pp @@ -36,9 +36,7 @@ class contrail::controller { # Nova configuration nova_config { 'DEFAULT/network_api_class': value=> 'nova.network.neutronv2.api.API'; - 'DEFAULT/neutron_url': value => "http://${contrail::mos_mgmt_vip}:9696"; 'DEFAULT/neutron_url_timeout': value=> '300'; - 'DEFAULT/neutron_admin_auth_url': value=> "http://${contrail::mos_mgmt_vip}:35357/v2.0"; 'DEFAULT/firewall_driver': value=> 'nova.virt.firewall.NoopFirewallDriver'; 'DEFAULT/enabled_apis': value=> 'ec2,osapi_compute,metadata'; 'DEFAULT/security_group_api': value=> 'neutron'; @@ -56,9 +54,6 @@ class contrail::controller { 'DEFAULT/service_plugins': value => 'neutron_plugin_contrail.plugins.opencontrail.loadbalancer.plugin.LoadBalancerPlugin'; 'DEFAULT/allow_overlapping_ips': value => 'True'; 'service_providers/service_provider': value => 'LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default'; - 'keystone_authtoken/auth_host': value => $contrail::mos_mgmt_vip; - 'keystone_authtoken/auth_port': value => '35357'; - 'keystone_authtoken/auth_protocol': value => 'http'; 'QUOTAS/quota_network': value => '-1'; 'QUOTAS/quota_subnet': value => '-1'; 'QUOTAS/quota_port': value => '-1'; @@ -78,9 +73,9 @@ class contrail::controller { heat_config { 'DEFAULT/plugin_dirs': value => '/usr/lib/heat,/usr/lib/python2.7/dist-packages/contrail_heat'; 'clients_contrail/contrail-user': value=> 'neutron'; - 'clients_contrail/user': value=> 'neutron'; + 'clients_contrail/user': value=> $contrail::neutron_user; 'clients_contrail/password': value=> $contrail::service_token; - 'clients_contrail/tenant': value=> 'services'; + 'clients_contrail/tenant': value=> $contrail::service_tenant; 'clients_contrail/api_server': value=> $contrail::contrail_mgmt_vip; 'clients_contrail/auth_host_ip': value=> $contrail::mos_mgmt_vip; 'clients_contrail/api_base_url': value=> '/'; @@ -103,14 +98,24 @@ class contrail::controller { file {'/etc/ceilometer/pipeline.yaml': ensure => file, content => template('contrail/pipeline.yaml.erb'), - } ~> - service {'ceilometer-agent-central': - ensure => running, - name => 'p_ceilometer-agent-central', - enable => true, - hasstatus => true, - hasrestart => true, - provider => 'pacemaker', + } + if $contrail::ceilometer_ha_mode { + service {'ceilometer-agent-central': + ensure => running, + name => 'p_ceilometer-agent-central', + enable => true, + hasstatus => true, + hasrestart => true, + provider => 'pacemaker', + subscribe => File['/etc/ceilometer/pipeline.yaml'], + } + } + else { + service {['ceilometer-api','ceilometer-polling']: + ensure => running, + enable => true, + subscribe => File['/etc/ceilometer/pipeline.yaml'], + } } } diff --git a/deployment_scripts/puppet/modules/contrail/manifests/init.pp b/deployment_scripts/puppet/modules/contrail/manifests/init.pp index e27df9271..20c57ab39 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/init.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/init.pp @@ -30,23 +30,52 @@ class contrail { $node_name = hiera('user_node_name') $nodes = hiera('nodes') + # Network configuration + prepare_network_config($network_scheme) + $interface = get_network_role_property('neutron/mesh', 'interface') + $gateway = $network_scheme['endpoints'][$interface]['gateway'] + $address = get_network_role_property('neutron/mesh', 'ipaddr') + $cidr = get_network_role_property('neutron/mesh', 'cidr') + $netmask = get_network_role_property('neutron/mesh', 'netmask') + $netmask_short = netmask_to_cidr($netmask) + $phys_dev = get_private_ifname($interface) + $phys_dev_pci = get_dev_pci_addr($phys_dev) + $vrouter_core_mask = pick($settings['vrouter_core_mask'], '0x3') + + # VIPs + $mos_mgmt_vip = $network_metadata['vips']['management']['ipaddr'] + $mos_public_vip = $network_metadata['vips']['public']['ipaddr'] + + $contrail_private_vip = $network_metadata['vips']['contrail_priv']['ipaddr'] + $contrail_mgmt_vip = $contrail_private_vip + + # Public SSL for Contrail WebUI $public_ssl_hash = hiera_hash('public_ssl', {}) $ssl_hash = hiera_hash('use_ssl', {}) $public_ssl = get_ssl_property($ssl_hash, $public_ssl_hash, 'horizon', 'public', 'usage', false) $public_ssl_path = get_ssl_property($ssl_hash, $public_ssl_hash, 'horizon', 'public', 'path', ['']) + # Internal SSL for keystone connections + $keystone_ssl = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'usage', false) + $keystone_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'protocol', 'http') + $keystone_address = get_ssl_property($ssl_hash, {}, 'keystone', 'admin', 'hostname', [$mos_mgmt_vip]) + $auth_url = "${keystone_protocol}://${keystone_address}:35357/v2.0" + $neutron_config = hiera_hash('neutron_config', {}) $floating_net = try_get_value($neutron_config, 'default_floating_net', 'net04_ext') $private_net = try_get_value($neutron_config, 'default_private_net', 'net04') $default_router = try_get_value($neutron_config, 'default_router', 'router04') $nets = $neutron_config['predefined_networks'] + $neutron_user = pick($neutron_config['keystone']['admin_user'], 'neutron') + $service_token = $neutron_config['keystone']['admin_password'] + $service_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services') $default_ceilometer_hash = { 'enabled' => false } $ceilometer_hash = hiera_hash('ceilometer', $default_ceilometer_hash) + $ceilometer_ha_mode = pick($ceilometer_hash['ha_mode'], true) $keystone = hiera_hash('keystone', {}) $admin_token = $keystone['admin_token'] - $service_token = $neutron_config['keystone']['admin_password'] $metadata_secret = $neutron_config['metadata']['metadata_proxy_shared_secret'] $admin_settings = hiera_hash('access', {}) @@ -79,19 +108,7 @@ class contrail { $service_ensure = hiera('upgrade',false) ? { true => 'stopped', default => 'running', - } - - # Network configuration - prepare_network_config($network_scheme) - $interface = get_network_role_property('neutron/mesh', 'interface') - $gateway = $network_scheme['endpoints'][$interface]['gateway'] - $address = get_network_role_property('neutron/mesh', 'ipaddr') - $cidr = get_network_role_property('neutron/mesh', 'cidr') - $netmask = get_network_role_property('neutron/mesh', 'netmask') - $netmask_short = netmask_to_cidr($netmask) - $phys_dev = get_private_ifname($interface) - $phys_dev_pci = get_dev_pci_addr($phys_dev) - $vrouter_core_mask = pick($settings['vrouter_core_mask'], '0x3') + } # DPDK settings $global_dpdk_enabled = $settings['contrail_global_dpdk'] @@ -107,12 +124,6 @@ class contrail { $libvirt_name = 'libvirtd' } - $mos_mgmt_vip = $network_metadata['vips']['management']['ipaddr'] - $mos_public_vip = $network_metadata['vips']['public']['ipaddr'] - - $contrail_private_vip = $network_metadata['vips']['contrail_priv']['ipaddr'] - $contrail_mgmt_vip = $contrail_private_vip - # Settings for RabbitMQ on contrail controllers $rabbit = hiera_hash('rabbit') $rabbit_password = $rabbit['password'] diff --git a/deployment_scripts/puppet/modules/contrail/manifests/provision/compute.pp b/deployment_scripts/puppet/modules/contrail/manifests/provision/compute.pp index 644a0d9f2..7e4b148cb 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/provision/compute.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/provision/compute.pp @@ -31,7 +31,8 @@ class contrail::provision::compute { command => "contrail-provision-vrouter \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 --openstack_ip ${contrail::mos_mgmt_vip} \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} \ ---admin_user neutron --admin_tenant_name services --admin_password '${contrail::service_token}' --dpdk_enabled \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ +--dpdk_enabled \ && touch /opt/contrail/provision-vrouter-DONE", creates => '/opt/contrail/provision-vrouter-DONE', require => File['/opt/contrail'], @@ -42,7 +43,7 @@ class contrail::provision::compute { command => "contrail-provision-vrouter \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 --openstack_ip ${contrail::mos_mgmt_vip} \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} \ ---admin_user neutron --admin_tenant_name services --admin_password '${contrail::service_token}' \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/provision-vrouter-DONE", creates => '/opt/contrail/provision-vrouter-DONE', require => File['/opt/contrail'], diff --git a/deployment_scripts/puppet/modules/contrail/manifests/provision/config.pp b/deployment_scripts/puppet/modules/contrail/manifests/provision/config.pp index 0a3e214f0..07322f947 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/provision/config.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/provision/config.pp @@ -32,7 +32,7 @@ then exit 1; fi", command => "python /opt/contrail/utils/provision_config_node.py \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} \ ---admin_user neutron --admin_tenant_name services --admin_password ${contrail::service_token} \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_config_node-DONE", creates => '/opt/contrail/prov_config_node-DONE', } -> @@ -41,7 +41,7 @@ then exit 1; fi", command => "python /opt/contrail/utils/provision_analytics_node.py \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} \ ---admin_user neutron --admin_tenant_name services --admin_password ${contrail::service_token} \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_analytics_node-DONE", creates => '/opt/contrail/prov_analytics_node-DONE', } @@ -53,7 +53,7 @@ then exit 1; fi", --oper add \ --linklocal_service_name metadata --linklocal_service_ip 169.254.169.254 --linklocal_service_port 80 \ --ipfabric_service_ip ${contrail::mos_mgmt_vip} --ipfabric_service_port 8775 \ ---admin_user neutron --admin_tenant_name services --admin_password '${contrail::service_token}' \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_metadata_service-DONE", require => Exec['wait_for_api'], creates => '/opt/contrail/prov_metadata_service-DONE', diff --git a/deployment_scripts/puppet/modules/contrail/manifests/provision/control.pp b/deployment_scripts/puppet/modules/contrail/manifests/provision/control.pp index bf524b276..43db42708 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/provision/control.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/provision/control.pp @@ -24,7 +24,7 @@ class contrail::provision::control { command => "python /opt/contrail/utils/provision_mx.py \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ --oper add --router_name ${name} --router_ip ${name} \ ---admin_user neutron --admin_tenant_name services --admin_password '${contrail::service_token}' \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_external_bgp_${name}-DONE", creates => "/opt/contrail/prov_external_bgp_${name}-DONE", } @@ -43,7 +43,7 @@ then exit 1; fi", command => "python /opt/contrail/utils/provision_control.py \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} --router_asn ${contrail::asnum} \ ---admin_user neutron --admin_tenant_name services --admin_password ${contrail::service_token} \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_control_bgp-DONE", creates => '/opt/contrail/prov_control_bgp-DONE', } @@ -55,4 +55,3 @@ then exit 1; fi", } } - diff --git a/deployment_scripts/puppet/modules/contrail/manifests/provision/controller.pp b/deployment_scripts/puppet/modules/contrail/manifests/provision/controller.pp index b706d88a9..ae1d0cf5b 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/provision/controller.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/provision/controller.pp @@ -41,7 +41,7 @@ exec { 'prov_route_target': --routing_instance_name default-domain:${contrail::admin_tenant}:${contrail::floating_net}:${contrail::floating_net} \ --route_target_number ${contrail::route_target} --router_asn ${contrail::asnum} \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ ---admin_user neutron --admin_tenant_name services --admin_password '${contrail::service_token}' \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /etc/contrail/prov_route_target-DONE", creates => '/etc/contrail/prov_route_target-DONE', require => Contrail::Create_Network[$contrail::floating_net], diff --git a/deployment_scripts/puppet/modules/contrail/manifests/provision/db.pp b/deployment_scripts/puppet/modules/contrail/manifests/provision/db.pp index b59aecee1..92b22f0de 100644 --- a/deployment_scripts/puppet/modules/contrail/manifests/provision/db.pp +++ b/deployment_scripts/puppet/modules/contrail/manifests/provision/db.pp @@ -37,7 +37,7 @@ then exit 1; fi", command => "python /opt/contrail/utils/provision_database_node.py \ --api_server_ip ${contrail::contrail_mgmt_vip} --api_server_port 8082 \ --oper add --host_name ${::fqdn} --host_ip ${contrail::address} \ ---admin_user neutron --admin_tenant_name services --admin_password ${contrail::service_token} \ +--admin_user '${contrail::neutron_user}' --admin_tenant_name '${contrail::service_tenant}' --admin_password '${contrail::service_token}' \ && touch /opt/contrail/prov_database_node-DONE", creates => '/opt/contrail/prov_database_node-DONE', } diff --git a/deployment_scripts/puppet/modules/contrail/templates/ContrailPlugin.ini.erb b/deployment_scripts/puppet/modules/contrail/templates/ContrailPlugin.ini.erb index 8f82965c8..53453b04f 100644 --- a/deployment_scripts/puppet/modules/contrail/templates/ContrailPlugin.ini.erb +++ b/deployment_scripts/puppet/modules/contrail/templates/ContrailPlugin.ini.erb @@ -9,8 +9,8 @@ analytics_api_ip = <%= scope.lookupvar('contrail::contrail_mgmt_vip') %> analytics_api_port = 8081 [KEYSTONE] -auth_url = http://<%= scope.lookupvar('contrail::mos_mgmt_vip') %>:35357/v2.0 +auth_url = <%= scope.lookupvar('contrail::auth_url') %> admin_token = <%= scope.lookupvar('contrail::admin_token') %> -admin_user=neutron +admin_user=<%= scope.lookupvar('contrail::neutron_user') %> admin_password=<%= scope.lookupvar('contrail::service_token') %> -admin_tenant_name=services +admin_tenant_name=<%= scope.lookupvar('contrail::service_tenant') %> diff --git a/deployment_scripts/puppet/modules/contrail/templates/contrail-keystone-auth.conf.erb b/deployment_scripts/puppet/modules/contrail/templates/contrail-keystone-auth.conf.erb index 6285ef13f..c52b18e01 100644 --- a/deployment_scripts/puppet/modules/contrail/templates/contrail-keystone-auth.conf.erb +++ b/deployment_scripts/puppet/modules/contrail/templates/contrail-keystone-auth.conf.erb @@ -1,11 +1,11 @@ [KEYSTONE] auth_host=<%= scope.lookupvar('contrail::mos_mgmt_vip') %> -auth_protocol=http +auth_protocol=<%= scope.lookupvar('contrail::keystone_protocol') %> auth_port=35357 -auth_url=http://<%= scope.lookupvar('contrail::mos_mgmt_vip') %>:35357/v2.0 -admin_user=neutron +auth_url=<%= scope.lookupvar('contrail::auth_url') %> +admin_user=<%= scope.lookupvar('contrail::neutron_user') %> admin_password=<%= scope.lookupvar('contrail::service_token') %> admin_token=<%= scope.lookupvar('contrail::admin_token') %> -admin_tenant_name=services -insecure=False +admin_tenant_name=<%= scope.lookupvar('contrail::service_tenant') %> +insecure=True memcache_servers=127.0.0.1:11211 \ No newline at end of file diff --git a/deployment_scripts/puppet/modules/contrail/templates/contrail-webui-userauth.js.erb b/deployment_scripts/puppet/modules/contrail/templates/contrail-webui-userauth.js.erb index 9db4de90e..578c10a8c 100644 --- a/deployment_scripts/puppet/modules/contrail/templates/contrail-webui-userauth.js.erb +++ b/deployment_scripts/puppet/modules/contrail/templates/contrail-webui-userauth.js.erb @@ -6,9 +6,9 @@ * Specify the authentication parameters for admin user ****************************************************************************/ var auth = {}; -auth.admin_user = 'neutron'; +auth.admin_user = '<%= scope.lookupvar('contrail::neutron_user') %>'; auth.admin_password = '<%= scope.lookupvar('contrail::service_token') %>'; auth.admin_token = '<%= scope.lookupvar('contrail::admin_token') %>'; -auth.admin_tenant_name = 'services'; +auth.admin_tenant_name = '<%= scope.lookupvar('contrail::service_tenant') %>'; module.exports = auth; diff --git a/deployment_scripts/puppet/modules/contrail/templates/vnc_api_lib.ini.erb b/deployment_scripts/puppet/modules/contrail/templates/vnc_api_lib.ini.erb index aa00e167a..50e48cfb1 100644 --- a/deployment_scripts/puppet/modules/contrail/templates/vnc_api_lib.ini.erb +++ b/deployment_scripts/puppet/modules/contrail/templates/vnc_api_lib.ini.erb @@ -10,7 +10,7 @@ BASE_URL = / ; Authentication settings (optional) [auth] AUTHN_TYPE = keystone -AUTHN_PROTOCOL = http -AUTHN_SERVER = <%= scope.lookupvar('contrail::mos_mgmt_vip') %> +AUTHN_PROTOCOL = <%= scope.lookupvar('contrail::keystone_protocol') %> +AUTHN_SERVER = <%= scope.lookupvar('contrail::keystone_address') %> AUTHN_PORT = 35357 AUTHN_URL = /v2.0/tokens