Browse Source

Deploy controller node with nsx-t support

Change-Id: Iae2b2679b4f7bdbc1fe5b82aa2c0f2b46e032907
changes/96/363496/8
Artem Savinov 2 years ago
parent
commit
9728ea3bb4
23 changed files with 922 additions and 20 deletions
  1. 38
    0
      Puppetfile
  2. 20
    0
      deployment_scripts/puppet/manifests/configure-agents-dhcp.pp
  3. 26
    0
      deployment_scripts/puppet/manifests/configure-plugin.pp
  4. 12
    1
      deployment_scripts/puppet/manifests/create-repo.pp
  5. 6
    0
      deployment_scripts/puppet/manifests/gem-install.pp
  6. 7
    0
      deployment_scripts/puppet/manifests/hiera-override.pp
  7. 33
    0
      deployment_scripts/puppet/manifests/install-nsx-packages.pp
  8. 69
    0
      deployment_scripts/puppet/manifests/neutron-server-start.pp
  9. 8
    0
      deployment_scripts/puppet/manifests/neutron-server-stop.pp
  10. 34
    0
      deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp
  11. 26
    0
      deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp
  12. 13
    0
      deployment_scripts/puppet/modules/nsxt/files/create_repo.sh
  13. 0
    1
      deployment_scripts/puppet/modules/nsxt/files/packages/Release
  14. 159
    0
      deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb
  15. 24
    0
      deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb
  16. 1
    1
      deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb
  17. 1
    1
      deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb
  18. 11
    7
      deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp
  19. 6
    0
      deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp
  20. 194
    8
      deployment_tasks.yaml
  21. 45
    0
      environment_config.yaml
  22. 25
    1
      pre_build_hook
  23. 164
    0
      update_modules.sh

+ 38
- 0
Puppetfile View File

@@ -0,0 +1,38 @@
1
+#!/usr/bin/env ruby
2
+#^syntax detection
3
+# See https://github.com/bodepd/librarian-puppet-simple for additional docs
4
+#
5
+# Important information for fuel-library:
6
+# With librarian-puppet-simple you *must* remove the existing folder from the
7
+# repo prior to trying to run librarian-puppet as it will not remove the folder
8
+# for you and you may run into some errors.
9
+
10
+# Pull in puppetlabs-stdlib
11
+mod 'stdlib',
12
+    :git => 'https://github.com/fuel-infra/puppetlabs-stdlib.git',
13
+    :ref => '4.9.0'
14
+
15
+# Pull in puppetlabs-inifile
16
+mod 'inifile',
17
+    :git => 'https://github.com/fuel-infra/puppetlabs-inifile.git',
18
+    :ref => '1.4.2'
19
+
20
+# Pull in puppet-neutron
21
+mod 'neutron',
22
+    :git => 'https://github.com/fuel-infra/puppet-neutron.git',
23
+    :ref => 'stable/mitaka'
24
+
25
+## Pull in puppet-nova
26
+#mod 'nova',
27
+#    :git => 'https://github.com/fuel-infra/puppet-nova.git',
28
+#    :ref => 'stable/mitaka'
29
+#
30
+# Pull in puppet-openstacklib
31
+mod 'openstacklib',
32
+    :git => 'https://github.com/fuel-infra/puppet-openstacklib.git',
33
+    :ref => 'stable/mitaka'
34
+
35
+## Pull in puppet-keystone
36
+#mod 'keystone',
37
+#    :git => 'https://github.com/fuel-infra/puppet-keystone.git',
38
+#    :ref => 'stable/mitaka'

+ 20
- 0
deployment_scripts/puppet/manifests/configure-agents-dhcp.pp View File

@@ -0,0 +1,20 @@
1
+notice('fuel-plugin-nsx-t: configure-agents-dhcp.pp')
2
+
3
+neutron_dhcp_agent_config {
4
+  'DEFAULT/ovs_integration_bridge':     value => 'nsx-managed';
5
+  'DEFAULT/interface_driver':           value => 'neutron.agent.linux.interface.OVSInterfaceDriver';
6
+  'DEFAULT/enable_metadata_network':    value => true;
7
+  'DEFAULT/enable_isolated_metadata':   value => true;
8
+  'DEFAULT/ovs_use_veth':               value => true;
9
+}
10
+
11
+if 'primary-controller' in hiera('roles') {
12
+  exec { 'dhcp-agent-restart':
13
+    command     => "crm resource restart $(crm status|awk '/dhcp/ {print \$3}')",
14
+    path        => '/usr/bin:/usr/sbin:/bin:/sbin',
15
+    logoutput   => true,
16
+    provider    => 'shell',
17
+    tries       => 3,
18
+    try_sleep   => 10,
19
+  }
20
+}

+ 26
- 0
deployment_scripts/puppet/manifests/configure-plugin.pp View File

@@ -31,6 +31,32 @@ nsx_config {
31 31
   'nsx_v3/default_edge_cluster_uuid': value => $edge_cluster;
32 32
 }
33 33
 
34
+file { '/etc/neutron/plugin.ini':
35
+  ensure  => link,
36
+  target  => $::nsxt::params::nsx_plugin_config,
37
+  replace => true,
38
+  require => File[$::nsxt::params::nsx_plugin_dir]
39
+}
40
+
41
+if !$settings['insecure'] {
42
+  nsx_config { 'nsx_v3/insecure': value => $settings['insecure']; }
43
+
44
+  $ca_filename = try_get_value($settings['ca_file'],'name','')
45
+
46
+  if !empty($ca_filename) {
47
+    $ca_certificate_content = $settings['ca_file']['content']
48
+    $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
49
+
50
+    nsx_config { 'nsx_v3/ca_file': value => $ca_file; }
51
+
52
+    file { $ca_file:
53
+      ensure  => present,
54
+      content => $ca_certificate_content,
55
+      require => File[$::nsxt::params::nsx_plugin_dir],
56
+    }
57
+  }
58
+}
59
+
34 60
 File[$::nsxt::params::nsx_plugin_dir]->
35 61
 File[$::nsxt::params::nsx_plugin_config]->
36 62
 Nsx_config<||>

+ 12
- 1
deployment_scripts/puppet/manifests/create-repo.pp View File

@@ -1,3 +1,14 @@
1 1
 notice('fuel-plugin-nsx-t: create-repo.pp')
2 2
 
3
-class { '::nsxt::create_repo': }
3
+include ::nsxt::params
4
+
5
+$settings = hiera($::nsxt::params::hiera_key)
6
+$managers = $settings['nsx_api_managers']
7
+$username = $settings['nsx_api_user']
8
+$password = $settings['nsx_api_password']
9
+
10
+class { '::nsxt::create_repo':
11
+  managers => $managers,
12
+  username => $username,
13
+  password => $password,
14
+}

+ 6
- 0
deployment_scripts/puppet/manifests/gem-install.pp View File

@@ -0,0 +1,6 @@
1
+notice('fuel-plugin-nsx-t: gem-install.pp')
2
+
3
+# ruby gem package must be pre installed before puppet module used
4
+package { ['ruby-json', 'ruby-rest-client']:
5
+  ensure => latest,
6
+}

+ 7
- 0
deployment_scripts/puppet/manifests/hiera-override.pp View File

@@ -0,0 +1,7 @@
1
+notice('fuel-plugin-nsx-t: hiera-override.pp')
2
+
3
+include ::nsxt::params
4
+
5
+class { '::nsxt::hiera_override':
6
+  override_file_name => $::nsxt::params::hiera_key,
7
+}

+ 33
- 0
deployment_scripts/puppet/manifests/install-nsx-packages.pp View File

@@ -0,0 +1,33 @@
1
+notice('fuel-plugin-nsx-t: install-nsx-packages.pp')
2
+
3
+$nsx_required_packages = ['libunwind8', 'zip', 'libgflags2', 'libgoogle-perftools4', 'traceroute',
4
+                          'python-mako', 'python-simplejson', 'python-support', 'python-unittest2',
5
+                          'python-yaml', 'python-netaddr', 'libprotobuf8',
6
+                          'libboost-filesystem1.54.0', 'dkms', 'libboost-chrono-dev',
7
+                          'libboost-iostreams1.54.0', 'libvirt0']
8
+
9
+$nsx_packages = ['libgoogle-glog0', 'libjson-spirit', 'nicira-ovs-hypervisor-node', 'nsxa',
10
+                 'nsx-agent', 'nsx-aggservice', 'nsx-cli', 'nsx-da', 'nsx-host',
11
+                 'nsx-host-node-status-reporter', 'nsx-lldp', 'nsx-logical-exporter', 'nsx-mpa',
12
+                 'nsx-netcpa', 'nsx-sfhc', 'nsx-transport-node-status-reporter',
13
+                 'openvswitch-common', 'openvswitch-datapath-dkms', 'openvswitch-pki',
14
+                 'openvswitch-switch', 'python-openvswitch', 'tcpdump-ovs']
15
+
16
+package { $nsx_required_packages:
17
+  ensure => latest,
18
+}
19
+package { $nsx_packages:
20
+  ensure  => latest,
21
+  require => [Package[$nsx_required_packages],Service['openvswitch-switch']]
22
+}
23
+service { 'openvswitch-switch':
24
+  ensure => stopped,
25
+  enable => false,
26
+}
27
+# This not shell(ubuntu dash) script, this bash script.
28
+# if you leave it there all the command like '/bin/sh -c' cannot be executed
29
+# example: start galera via pacemaker
30
+file { '/etc/profile.d/nsx-alias.sh':
31
+  ensure  => absent,
32
+  require => Package[$nsx_packages],
33
+}

+ 69
- 0
deployment_scripts/puppet/manifests/neutron-server-start.pp View File

@@ -0,0 +1,69 @@
1
+notice('fuel-plugin-nsx-t: neutron-server-start.pp')
2
+
3
+include ::neutron::params
4
+
5
+service { 'neutron-server-start':
6
+  ensure     => 'running',
7
+  name       => $::neutron::params::server_service,
8
+  enable     => true,
9
+  hasstatus  => true,
10
+  hasrestart => true,
11
+}
12
+
13
+include ::nsxt::params
14
+
15
+neutron_config {
16
+  'DEFAULT/core_plugin':                value => $::nsxt::params::core_plugin;
17
+  'DEFAULT/service_plugins':            ensure => absent;
18
+  'service_providers/service_provider': ensure => absent;
19
+}
20
+
21
+Neutron_config<||> ~> Service['neutron-server']
22
+
23
+if 'primary-controller' in hiera('roles') {
24
+  include ::neutron::db::sync
25
+
26
+  Exec['neutron-db-sync'] ~> Service['neutron-server-start']
27
+  Neutron_config<||> ~> Exec['neutron-db-sync']
28
+
29
+  $neutron_config         = hiera_hash('neutron_config')
30
+  $management_vip         = hiera('management_vip')
31
+  $service_endpoint       = hiera('service_endpoint', $management_vip)
32
+  $ssl_hash               = hiera_hash('use_ssl', {})
33
+  $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http')
34
+  $internal_auth_address  = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint])
35
+  $identity_uri           = "${internal_auth_protocol}://${internal_auth_address}:5000"
36
+  $auth_api_version       = 'v2.0'
37
+  $auth_url               = "${identity_uri}/${auth_api_version}"
38
+  $auth_password          = $neutron_config['keystone']['admin_password']
39
+  $auth_user              = pick($neutron_config['keystone']['admin_user'], 'neutron')
40
+  $auth_tenant            = pick($neutron_config['keystone']['admin_tenant'], 'services')
41
+  $auth_region            = hiera('region', 'RegionOne')
42
+  $auth_endpoint_type     = 'internalURL'
43
+
44
+  exec { 'waiting-for-neutron-api':
45
+    environment => [
46
+      "OS_TENANT_NAME=${auth_tenant}",
47
+      "OS_USERNAME=${auth_user}",
48
+      "OS_PASSWORD=${auth_password}",
49
+      "OS_AUTH_URL=${auth_url}",
50
+      "OS_REGION_NAME=${auth_region}",
51
+      "OS_ENDPOINT_TYPE=${auth_endpoint_type}",
52
+    ],
53
+    path        => '/usr/sbin:/usr/bin:/sbin:/bin',
54
+    tries       => '30',
55
+    try_sleep   => '15',
56
+    command     => 'neutron net-list --http-timeout=4 2>&1 > /dev/null',
57
+    provider    => 'shell',
58
+    subscribe   => Service['neutron-server'],
59
+    refreshonly => true,
60
+  }
61
+}
62
+
63
+# fix add plugin.ini conf for neutron server
64
+exec { 'fix-plugin-ini':
65
+  path      => '/usr/sbin:/usr/bin:/sbin:/bin',
66
+  command   => 'sed -ri \'s|NEUTRON_PLUGIN_CONFIG=""|NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugin.ini"|\' /usr/share/neutron-common/plugin_guess_func',
67
+  provider  => 'shell',
68
+  before    => Service['neutron-server'],
69
+}

+ 8
- 0
deployment_scripts/puppet/manifests/neutron-server-stop.pp View File

@@ -0,0 +1,8 @@
1
+notice('fuel-plugin-nsx-t: neutron-server-stop.pp')
2
+
3
+include ::neutron::params
4
+
5
+service { 'neutron-server-stop':
6
+  ensure     => 'stopped',
7
+  name       => $::neutron::params::server_service,
8
+}

+ 34
- 0
deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp View File

@@ -0,0 +1,34 @@
1
+notice('fuel-plugin-nsx-t: reg-controller-as-transport-node.pp')
2
+
3
+include ::nsxt::params
4
+
5
+$settings            = hiera($::nsxt::params::hiera_key)
6
+$managers            = $settings['nsx_api_managers']
7
+$user                = $settings['nsx_api_user']
8
+$password            = $settings['nsx_api_password']
9
+$uplink_profile_uuid = $settings['uplink_profile_uuid']
10
+$static_ip_pool_uuid = $settings['static_ip_pool_uuid']
11
+$transport_zone_uuid = $settings['transport_zone_uuid']
12
+$pnics_pairs         = $settings['pnics_pairs']
13
+
14
+nsxt_create_transport_node { 'Add transport node':
15
+  ensure            => present,
16
+  managers          => $managers,
17
+  username          => $user,
18
+  password          => $password,
19
+  uplink_profile_id => $uplink_profile_uuid,
20
+  pnics             => $pnics_pairs,
21
+  static_ip_pool_id => $static_ip_pool_uuid,
22
+  transport_zone_id => $transport_zone_uuid,
23
+}
24
+
25
+if !$settings['insecure'] {
26
+  $ca_filename = try_get_value($settings['ca_file'],'name','')
27
+  if empty($ca_filename) {
28
+    # default path to ca for Ubuntu 14.0.4
29
+    $ca_file = "/etc/ssl/certs/ca-certificates.crt"
30
+  } else {
31
+    $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
32
+  }
33
+  Nsxt_create_transport_node { ca_file => $ca_file }
34
+}

+ 26
- 0
deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp View File

@@ -0,0 +1,26 @@
1
+notice('fuel-plugin-nsx-t: reg-controller-on-management-plane.pp')
2
+
3
+include ::nsxt::params
4
+
5
+$settings     = hiera($::nsxt::params::hiera_key)
6
+$managers     = $settings['nsx_api_managers']
7
+$user         = $settings['nsx_api_user']
8
+$password     = $settings['nsx_api_password']
9
+
10
+nsxt_add_to_fabric { 'Register controller node on management plane':
11
+  ensure   => present,
12
+  managers => $managers,
13
+  username => $user,
14
+  password => $password,
15
+}
16
+
17
+if !$settings['insecure'] {
18
+  $ca_filename = try_get_value($settings['ca_file'],'name','')
19
+  if empty($ca_filename) {
20
+    # default path to ca for Ubuntu 14.0.4
21
+    $ca_file = "/etc/ssl/certs/ca-certificates.crt"
22
+  } else {
23
+    $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}"
24
+  }
25
+  Nsxt_add_to_fabric { ca_file => $ca_file }
26
+}

+ 13
- 0
deployment_scripts/puppet/modules/nsxt/files/create_repo.sh View File

@@ -0,0 +1,13 @@
1
+#!/bin/bash -e
2
+repo_dir=$1
3
+component_archive=$2
4
+
5
+mkdir -p "$repo_dir"
6
+cd "$repo_dir"
7
+tar --wildcards --strip-components=1 -zxvf "$component_archive" "*/"
8
+dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz
9
+echo 'Label: nsx-t-protected-packages' > Release
10
+chmod 755 .
11
+chmod 644 *
12
+apt-get update
13
+rm -fr "${component_archive:?}"

+ 0
- 1
deployment_scripts/puppet/modules/nsxt/files/packages/Release View File

@@ -1 +0,0 @@
1
-Label: nsx-t-protected-packages

+ 159
- 0
deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb View File

@@ -0,0 +1,159 @@
1
+require 'rest-client'
2
+require 'json'
3
+require 'openssl'
4
+require 'open-uri'
5
+
6
+module Puppet::Parser::Functions
7
+  newfunction(:get_nsxt_components, :type => :rvalue, :doc => <<-EOS
8
+Returns the address of nsx-t manager, on which enable install-upgrade service
9
+example:
10
+  get_nsxt_components('172.16.0.1,172.16.0.2,172.16.0.3', username, password)
11
+EOS
12
+  ) do |args|
13
+    managers = args[0]
14
+    username = args[1]
15
+    password = args[2]
16
+    managers.split(',').each do |manager|
17
+      # Suppression scheme, NSX-T 1.0 supports only https scheme
18
+      manager.to_s.strip =~ /(https?:\/\/)?(?<manager>.+)/
19
+      manager = Regexp.last_match[:manager]
20
+      service_enabled = check_service_enabled(manager, username, password)
21
+      if service_enabled == 'error'
22
+        next
23
+      elsif service_enabled == 'disabled'
24
+        service_enabled_on_manager = enable_upgrade_service(manager, username, password)
25
+      else
26
+        service_enabled_on_manager = service_enabled
27
+      end
28
+      if check_service_running(service_enabled_on_manager, username, password)
29
+        return get_component(service_enabled_on_manager, username, password)
30
+      else
31
+        service_enabled_on_manager = enable_upgrade_service(service_enabled_on_manager, username, password)
32
+        if check_service_running(service_enabled_on_manager, username, password)
33
+          return get_component(service_enabled_on_manager, username, password)
34
+        end
35
+      end
36
+      raise Puppet::Error,("\nCan not enable install-upgrade service on nsx-t manager\n")
37
+    end
38
+  end
39
+end
40
+
41
+def disable_upgrade_service(manager, username, password)
42
+  debug("Try disable install-upgrade service on #{manager}")
43
+  request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => false }}
44
+  api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
45
+  response = nsxt_api(api_url, username, password, 'put', request.to_json)
46
+  debug("response:\n #{response}")
47
+  if response['service_properties']['enabled'] == false
48
+    return
49
+  end
50
+  raise Puppet::Error,("\nCannot disable install-upgrade service on nsx-t manager #{manager}\n")
51
+end
52
+
53
+def get_component(manager, username, password)
54
+  file_path = '/tmp/nsxt-components.tgz'
55
+  component_url = get_component_url(manager, username, password)
56
+  begin
57
+    File.open(file_path, 'wb') do |saved_file|
58
+      open(component_url, 'rb') do |read_file|
59
+        saved_file.write(read_file.read)
60
+      end
61
+    end
62
+  rescue => error
63
+    raise Puppet::Error,("\nCan not get file from #{url}:\n#{error.message}\n")
64
+  end
65
+  disable_upgrade_service(manager, username, password)
66
+  return file_path
67
+end
68
+
69
+def get_component_url(manager, username, password)
70
+  node_version = get_node_version(manager, username, password)
71
+  begin
72
+    manifest = open("http://#{manager}:8080/repository/#{node_version}/metadata/manifest").read
73
+  rescue => error
74
+    raise Puppet::Error,("\nCan not get url for nsx-t components from #{url}:\n#{error.message}\n")
75
+  end
76
+  manifest.split(/\n/).each do |str|
77
+    if str.include? 'NSX_HOST_COMPONENT_UBUNTU_1404_TAR'
78
+      url = str.split('=')[1]
79
+      return "http://#{manager}:8080#{url}"
80
+    end
81
+  end
82
+end
83
+
84
+def get_node_version(manager, username, password)
85
+  debug("Try get nsx-t node version from #{manager}")
86
+  api_url = "https://#{manager}/api/v1/node"
87
+  response = nsxt_api(api_url, username, password, 'get')
88
+  debug("response:\n #{response}")
89
+  if not response.to_s.empty?
90
+    return response['node_version']
91
+  end
92
+  raise Puppet::Error,("\nCan not get node version from #{manager}\n")
93
+end
94
+
95
+def check_service_enabled(manager, username, password)
96
+  debug("Check install-upgrade service enabled on #{manager}")
97
+  api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
98
+  response = nsxt_api(api_url, username, password, 'get')
99
+  debug("response:\n #{response}")
100
+  if not response.to_s.empty?
101
+    if response['service_properties']['enabled'] == true
102
+      return response['service_properties']['enabled_on']
103
+    end
104
+    return 'disabled'
105
+  end
106
+  return 'error'
107
+end
108
+
109
+def check_service_running(manager, username, password)
110
+  debug("Check install-upgrade service running on #{manager}")
111
+  api_url = "https://#{manager}/api/v1/node/services/install-upgrade/status"
112
+  response = nsxt_api(api_url, username, password, 'get')
113
+  debug("response:\n #{response}")
114
+  if not response.to_s.empty?
115
+    if response['runtime_state'] == 'running'
116
+      return true
117
+    end
118
+  end
119
+  return false
120
+end
121
+
122
+def enable_upgrade_service(manager, username, password)
123
+  debug("Try enable install-upgrade service on #{manager}")
124
+  request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => true }}
125
+  api_url = "https://#{manager}/api/v1/node/services/install-upgrade"
126
+  response = nsxt_api(api_url, username, password, 'put', request.to_json)
127
+  debug("response:\n #{response}")
128
+  if response['service_properties']['enabled'] == true
129
+    return response['service_properties']['enabled_on']
130
+  end
131
+  raise Puppet::Error,("\nCannot enable install-upgrade service on nsx-t manager #{manager}\n")
132
+end
133
+
134
+def nsxt_api(api_url, username, password, method, request='', timeout=5)
135
+  retry_count = 3
136
+  begin
137
+    if method == 'get'
138
+      response = RestClient::Request.execute(method: :get, url: api_url, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE)
139
+    elsif method == 'put'
140
+      response = RestClient::Request.execute(method: :put, url: api_url, payload: request, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE, headers: {'Content-Type' => 'application/json'})
141
+    end
142
+    response_hash = JSON.parse(response.body)
143
+    return response_hash
144
+  rescue Errno::ECONNREFUSED
145
+    notice("\nCan not get response from #{api_url} - 'Connection refused', try next if exist\n")
146
+    return ""
147
+  rescue Errno::EHOSTUNREACH
148
+    notice("\nCan not get response from #{api_url} - 'No route to host', try next if exist\n")
149
+    return ""
150
+  rescue => error
151
+    retry_count -= 1
152
+    if retry_count > 0
153
+      sleep 10
154
+      retry
155
+    else
156
+      raise Puppet::Error,("\nCan not get response from #{api_url} :\n#{error.message}\n#{JSON.parse(error.response)['error_message']}\n")
157
+    end
158
+  end
159
+end

+ 24
- 0
deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb View File

@@ -0,0 +1,24 @@
1
+require 'yaml'
2
+
3
+module Puppet::Parser::Functions
4
+  newfunction(:hiera_overrides, :doc => <<-EOS
5
+Custom function to override hiera parameters, the first argument -
6
+file name, where write new parameters in yaml format, ex:
7
+   hiera_overrides('/etc/hiera/test.yaml')
8
+EOS
9
+  ) do |args|
10
+    filename = args[0]
11
+    hiera_overrides = {}
12
+
13
+    # override neutron_advanced_configuration
14
+    neutron_advanced_configuration = {}
15
+    neutron_advanced_configuration['neutron_dvr'] = false
16
+    neutron_advanced_configuration['neutron_l2_pop'] = false
17
+    neutron_advanced_configuration['neutron_l3_ha'] = false
18
+    neutron_advanced_configuration['neutron_qos'] = false
19
+    hiera_overrides['neutron_advanced_configuration'] = neutron_advanced_configuration
20
+
21
+    # write to hiera override yaml file
22
+    File.open(filename, 'w') { |file| file.write(hiera_overrides.to_yaml) }
23
+  end
24
+end

+ 1
- 1
deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb View File

@@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_add_to_fabric) do
10 10
     munge do |value|
11 11
       array = []
12 12
       value.split(',').each do |manager|
13
-        manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
13
+        manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
14 14
         host= Regexp.last_match[:host]
15 15
         port = Regexp.last_match[:port]
16 16
         port = 443 if port.to_s.empty?

+ 1
- 1
deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb View File

@@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_create_transport_node) do
10 10
     munge do |value|
11 11
       array = []
12 12
       value.split(',').each do |manager|
13
-        manager.to_s.strip =~ /(https:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
13
+        manager.to_s.strip =~ /(https?:\/\/)?(?<host>[^:]+):?(?<port>\d+)?/
14 14
         host= Regexp.last_match[:host]
15 15
         port = Regexp.last_match[:port]
16 16
         port = 443 if port.to_s.empty?

+ 11
- 7
deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp View File

@@ -1,14 +1,18 @@
1 1
 class nsxt::create_repo (
2
+  $managers,
3
+  $username,
4
+  $password,
2 5
   $repo_dir       = '/opt/nsx-t-repo',
3 6
   $repo_file      = '/etc/apt/sources.list.d/nsx-t-local.list',
4 7
   $repo_pref_file = '/etc/apt/preferences.d/nsx-t-local.pref',
5 8
 ) {
6
-  file { $repo_dir:
7
-    ensure  => directory,
9
+  $component_archive = get_nsxt_components($managers, $username, $password)
10
+
11
+  file { '/tmp/create_repo.sh':
12
+    ensure  => file,
8 13
     mode    => '0755',
9
-    source  => "puppet:///modules/${module_name}/packages",
10
-    recurse => true,
11
-    force   => true,
14
+    source  => "puppet:///modules/${module_name}/create_repo.sh",
15
+    replace => true,
12 16
   }
13 17
   file { $repo_file:
14 18
     ensure  => file,
@@ -24,8 +28,8 @@ class nsxt::create_repo (
24 28
   }
25 29
   exec { 'Create repo':
26 30
     path     => '/usr/sbin:/usr/bin:/sbin:/bin',
27
-    command  => "cd ${repo_dir} && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz",
31
+    command  => "/tmp/create_repo.sh ${repo_dir} ${component_archive}",
28 32
     provider => 'shell',
29
-    require  => File[$repo_dir],
33
+    require  => File['/tmp/create_repo.sh'],
30 34
   }
31 35
 }

+ 6
- 0
deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp View File

@@ -0,0 +1,6 @@
1
+class nsxt::hiera_override (
2
+  $override_file_name,
3
+) {
4
+  $override_file_path = "/etc/hiera/plugins/${override_file_name}.yaml"
5
+  hiera_overrides($override_file_path)
6
+}

+ 194
- 8
deployment_tasks.yaml View File

@@ -1,3 +1,36 @@
1
+- id: nsx-t-hiera-override
2
+  version: 2.0.0
3
+  type: puppet
4
+  groups:
5
+    - primary-controller
6
+    - controller
7
+    - compute
8
+  required_for:
9
+    - netconfig
10
+  requires:
11
+    - globals
12
+  parameters:
13
+    puppet_manifest: puppet/manifests/hiera-override.pp
14
+    puppet_modules: puppet/modules
15
+    timeout: 120
16
+
17
+- id: nsx-t-gem-install
18
+  version: 2.0.0
19
+  type: puppet
20
+  groups:
21
+    - primary-controller
22
+    - controller
23
+    - compute
24
+  required_for:
25
+    - nsx-t-reg-controller-on-management-plane
26
+    - nsx-t-reg-controller-as-transport-node
27
+  requires:
28
+    - setup_repositories
29
+  parameters:
30
+    puppet_manifest: puppet/manifests/gem-install.pp
31
+    puppet_modules: puppet/modules
32
+    timeout: 300
33
+
1 34
 - id: nsx-t-create-repo
2 35
   version: 2.0.0
3 36
   type: puppet
@@ -6,13 +39,34 @@
6 39
     - controller
7 40
     - compute
8 41
   required_for:
9
-    - pre_deployment_end
42
+    - netconfig
10 43
   requires:
11
-    - pre_deployment_start
44
+    - nsx-t-gem-install
12 45
   parameters:
13 46
     puppet_manifest: puppet/manifests/create-repo.pp
14 47
     puppet_modules: puppet/modules
15
-    timeout: 120
48
+    timeout: 600
49
+    strategy:
50
+      type: one_by_one
51
+
52
+- id: nsx-t-install-packages
53
+  version: 2.0.0
54
+  type: puppet
55
+  groups:
56
+    - primary-controller
57
+    - controller
58
+    - compute
59
+  required_for:
60
+    - openstack-network-start
61
+    - database
62
+    - primary-database
63
+  requires:
64
+    - netconfig
65
+    - nsx-t-create-repo
66
+  parameters:
67
+    puppet_manifest: puppet/manifests/install-nsx-packages.pp
68
+    puppet_modules: puppet/modules
69
+    timeout: 300
16 70
 
17 71
 - id: nsx-t-install-plugin
18 72
   version: 2.0.0
@@ -21,9 +75,9 @@
21 75
     - primary-controller
22 76
     - controller
23 77
   required_for:
24
-    - nsx-t-configure-plugin
78
+    - openstack-network-end
25 79
   requires:
26
-    - openstack-network-common-config
80
+    - openstack-network-server-config
27 81
   parameters:
28 82
     puppet_manifest: puppet/manifests/install-nsx-plugin.pp
29 83
     puppet_modules: puppet/modules
@@ -36,10 +90,142 @@
36 90
     - primary-controller
37 91
     - controller
38 92
   required_for:
39
-    - openstack-network-neutron-start
93
+    - openstack-network-end
40 94
   requires:
41
-    - openstack-network-server-nova
95
+    - nsx-t-install-plugin
42 96
   parameters:
43 97
     puppet_manifest: puppet/manifests/configure-plugin.pp
44
-    puppet_modules: puppet/modules:/etc/puppet/modules
98
+    puppet_modules: puppet/modules
99
+    timeout: 60
100
+
101
+- id: nsx-t-neutron-server-stop
102
+  version: 2.0.0
103
+  type: puppet
104
+  groups:
105
+    - primary-controller
106
+    - controller
107
+  required_for:
108
+    - openstack-network-end
109
+  requires:
110
+    - openstack-network-server-config
111
+  parameters:
112
+    puppet_manifest: puppet/manifests/neutron-server-stop.pp
113
+    puppet_modules: puppet/modules
45 114
     timeout: 60
115
+
116
+- id: nsx-t-primary-neutron-server-start
117
+  version: 2.0.0
118
+  type: puppet
119
+  groups:
120
+    - primary-controller
121
+  required_for:
122
+    - primary-openstack-network-agents-metadata
123
+    - primary-openstack-network-agents-dhcp
124
+    - openstack-network-networks
125
+  requires:
126
+    - nsx-t-configure-plugin
127
+  cross-depends:
128
+    - name: nsx-t-neutron-server-stop
129
+  parameters:
130
+    puppet_manifest: puppet/manifests/neutron-server-start.pp
131
+    puppet_modules: puppet/modules
132
+    timeout: 300
133
+
134
+- id: nsx-t-reg-controller-on-management-plane
135
+  version: 2.0.0
136
+  type: puppet
137
+  groups:
138
+    - primary-controller
139
+    - controller
140
+  required_for:
141
+    - primary-openstack-network-agents-metadata
142
+    - primary-openstack-network-agents-dhcp
143
+  requires:
144
+    - nsx-t-install-packages
145
+  parameters:
146
+    puppet_manifest: puppet/manifests/reg-controller-on-management-plane.pp
147
+    puppet_modules: puppet/modules
148
+    timeout: 300
149
+
150
+- id: nsx-t-reg-controller-as-transport-node
151
+  version: 2.0.0
152
+  type: puppet
153
+  groups:
154
+    - primary-controller
155
+    - controller
156
+  required_for:
157
+    - primary-openstack-network-agents-metadata
158
+    - primary-openstack-network-agents-dhcp
159
+  requires:
160
+    - nsx-t-reg-controller-on-management-plane
161
+  parameters:
162
+    puppet_manifest: puppet/manifests/reg-controller-as-transport-node.pp
163
+    puppet_modules: puppet/modules
164
+    timeout: 300
165
+
166
+- id: nsx-t-neutron-server-start
167
+  version: 2.0.0
168
+  type: puppet
169
+  groups:
170
+    - controller
171
+  requires:
172
+    - nsx-t-neutron-server-stop
173
+    - nsx-t-configure-plugin
174
+  required_for:
175
+    - openstack-network-agents-metadata
176
+    - openstack-network-agents-dhcp
177
+  cross-depends:
178
+    - name: nsx-t-primary-neutron-server-start
179
+  parameters:
180
+    puppet_manifest: puppet/manifests/neutron-server-start.pp
181
+    puppet_modules: puppet/modules
182
+    timeout: 120
183
+    strategy:
184
+      type: one_by_one
185
+
186
+- id: nsx-t-primary-configure-agents-dhcp
187
+  version: 2.0.0
188
+  type: puppet
189
+  groups:
190
+    - primary-controller
191
+  required_for:
192
+    - openstack-network-networks
193
+  requires:
194
+    - primary-openstack-network-agents-dhcp
195
+  cross-depends:
196
+    - name: nsx-t-configure-agents-dhcp
197
+  parameters:
198
+    puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
199
+    puppet_modules: puppet/modules
200
+    timeout: 180
201
+
202
+- id: nsx-t-configure-agents-dhcp
203
+  version: 2.0.0
204
+  type: puppet
205
+  groups:
206
+    - controller
207
+  required_for:
208
+    - openstack-network-end
209
+  requires:
210
+    - openstack-network-agents-dhcp
211
+  parameters:
212
+    puppet_manifest: puppet/manifests/configure-agents-dhcp.pp
213
+    puppet_modules: puppet/modules
214
+    timeout: 120
215
+
216
+# skipped tasks
217
+- id: openstack-network-networks
218
+  version: 2.0.0
219
+  type: skipped
220
+- id: primary-openstack-network-plugins-l2
221
+  version: 2.0.0
222
+  type: skipped
223
+- id: openstack-network-plugins-l2
224
+  version: 2.0.0
225
+  type: skipped
226
+- id: primary-openstack-network-agents-l3
227
+  version: 2.0.0
228
+  type: skipped
229
+- id: openstack-network-agents-l3
230
+  version: 2.0.0
231
+  type: skipped

+ 45
- 0
environment_config.yaml View File

@@ -1,6 +1,21 @@
1 1
 attributes:
2 2
   metadata:
3 3
     group: network
4
+  insecure:
5
+    value: true
6
+    label: "Bypass NSX Manager certificate verification"
7
+    description: ''
8
+    weight: 1
9
+    type: 'checkbox'
10
+  ca_file:
11
+    value: ''
12
+    label: 'CA certificate file'
13
+    description: 'Specify a CA certificate file to use in NSX Manager certificate verification'
14
+    weight: 5
15
+    type: 'file'
16
+    restrictions:
17
+      - condition: "settings:nsx-t.insecure.value == true"
18
+        action: "hide"
4 19
   nsx_api_managers:
5 20
     value: ''
6 21
     label: 'NSX Manager'
@@ -62,3 +77,33 @@ attributes:
62 77
       source: *uuid
63 78
       error: 'Enter cluster UUID'
64 79
     type: "text"
80
+  uplink_profile_uuid:
81
+    value: ''
82
+    label: 'Uplink profile ID'
83
+    weight: 45
84
+    regex:
85
+      source: *uuid
86
+      error: 'Enter uplink profile ID'
87
+    type: "text"
88
+  static_ip_pool_uuid:
89
+    value: ''
90
+    label: 'IP pool ID for STT VTEP'
91
+    weight: 50
92
+    regex:
93
+      source: *uuid
94
+      error: 'Enter IP pool ID'
95
+    type: "text"
96
+  transport_zone_uuid:
97
+    value: ''
98
+    label: 'Transport zone ID'
99
+    weight: 55
100
+    regex:
101
+      source: *uuid
102
+      error: 'Enter transport zone ID'
103
+    type: "text"
104
+  pnics_pairs:
105
+    value: 'enp0s1:uplink-1'
106
+    label: 'Colon separated pnics pairs, one per line'
107
+    min: 1
108
+    weight: 60
109
+    type: "textarea"

+ 25
- 1
pre_build_hook View File

@@ -1,5 +1,29 @@
1 1
 #!/bin/bash
2
-
3 2
 # Add here any the actions which are required before plugin build
4 3
 # like packages building, packages downloading from mirrors and so on.
5 4
 # The script should return 0 if there were no errors.
5
+
6
+set -eux
7
+
8
+ROOT="$(dirname $(readlink -f $0))"
9
+PLUGIN_MOD_DIR="$ROOT/deployment_scripts/puppet/modules/upstream"
10
+MODULE_NAME='nsxt'
11
+
12
+# Download upstream puppet modules that are not in fuel-library/
13
+find "$ROOT/deployment_scripts/puppet/modules" -maxdepth 1 -mindepth 1 -type d ! -name $MODULE_NAME -prune -exec rm -fr {} \;
14
+"$ROOT"/update_modules.sh -d "$PLUGIN_MOD_DIR"
15
+
16
+# Remove .git directory
17
+rm -fr $(find "${PLUGIN_MOD_DIR:?}" -name '.git' )
18
+
19
+mv "$PLUGIN_MOD_DIR"/* "$(dirname $PLUGIN_MOD_DIR)"
20
+
21
+# Download puppet modules that are in fuel-library/
22
+TARBALL_VERSION='stable/mitaka'
23
+REPO_PATH="https://github.com/openstack/fuel-library/tarball/${TARBALL_VERSION}"
24
+#
25
+wget -qO- "$REPO_PATH" | tar --wildcards -C "$PLUGIN_MOD_DIR" --strip-components=3 -zxvf - "openstack-fuel-library-*/deployment/puppet/"
26
+mv "$PLUGIN_MOD_DIR"/osnailyfacter/lib/puppet/parser/functions/get_ssl_property.rb "$(dirname $PLUGIN_MOD_DIR)"/$MODULE_NAME/lib/puppet/parser/functions
27
+
28
+# clean
29
+rm -fr "$PLUGIN_MOD_DIR"

+ 164
- 0
update_modules.sh View File

@@ -0,0 +1,164 @@
1
+#!/bin/bash -e
2
+###############################################################################
3
+#
4
+#    Copyright 2015 Mirantis, Inc.
5
+#
6
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
7
+#    not use this file except in compliance with the License. You may obtain
8
+#    a copy of the License at
9
+#
10
+#         http://www.apache.org/licenses/LICENSE-2.0
11
+#
12
+#    Unless required by applicable law or agreed to in writing, software
13
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15
+#    License for the specific language governing permissions and limitations
16
+#    under the License.
17
+#
18
+###############################################################################
19
+#
20
+# update_modules.sh
21
+#
22
+#  This script uses librarian-puppet-simple to populate the puppet folder with
23
+#  upstream puppet modules.  By default, it assumes librarian-puppet-simple is
24
+#  already available to the environment or it will fail. You can provide command
25
+#  line options to have the script use bundler to install librarian-puppet-simple
26
+#  if neccessary.
27
+#
28
+# Parameters:
29
+#  -b - Use bundler to install librarian-puppet (optional)
30
+#  -r - Hard git reset of librarian managed modules back to specified version (optional)
31
+#  -p <puppet_version> - Puppet version to use with bundler (optional)
32
+#  -h <bundle_dir> - Folder to be used as the home directory for bundler (optional)
33
+#  -g <gem_home> - Folder to be used as the gem directory (optional)
34
+#  -u - Run librarian update (optional)
35
+#  -v - Verbose printing, turns on set -x (optional)
36
+#  -? - This usage information
37
+#
38
+# Variables:
39
+#  PUPPET_GEM_VERSION - the version of puppet to be pulled down by bundler
40
+#                       Defaults to '3.4.3'
41
+#  BUNDLE_DIR - The folder to store the bundle gems in.
42
+#               Defaults to '/var/tmp/.bundle_home'
43
+#  GEM_HOME - The folder to store the gems in to not require root.
44
+#               Defaults to '/var/tmp/.gem_home'
45
+#
46
+#  NOTE: These variables can be overriden via bash environment variable with the
47
+#        same name or via the command line paramters.
48
+#
49
+# Author: Alex Schultz <aschultz@mirantis.com>
50
+#
51
+###############################################################################
52
+set -e
53
+
54
+usage() {
55
+  cat <<EOF
56
+  Usage: $(basename $0) [-b] [-r] [-p <puppet_version>] [-h <bundle_dir>] [-g <gem_home>] [-u] [-?]
57
+
58
+Options:
59
+  -b - Use bundler instead of assuming librarian-puppet is available
60
+  -r - Hard git reset of librarian managed modules back to specified version
61
+  -p <puppet_version> - Puppet version to use with bundler
62
+  -h <bundle_dir> - Folder to be used as the home directory for bundler
63
+  -g <gem_home> - Folder to be used as the gem directory
64
+  -u - Run librarian update
65
+  -v - Verbose printing of commands
66
+  -d - Patch where modules to install
67
+  -? - This usage information
68
+
69
+EOF
70
+  exit 1
71
+}
72
+
73
+while getopts ":bp:g:h:vru:d:" opt; do
74
+  case $opt in
75
+    b)
76
+      USE_BUNDLER=true
77
+      BUNDLER_EXEC="bundle exec"
78
+      ;;
79
+    p)
80
+      PUPPET_GEM_VERSION=$OPTARG
81
+      ;;
82
+    h)
83
+      BUNDLE_DIR=$OPTARG
84
+      ;;
85
+    g)
86
+      GEM_HOME=$OPTARG
87
+      ;;
88
+    r)
89
+      RESET_HARD=true
90
+      ;;
91
+    u)
92
+      UPDATE=true
93
+      ;;
94
+    v)
95
+      VERBOSE='--verbose'
96
+      set -x
97
+      ;;
98
+    d)
99
+      PLUGIN_MOD_DIR=$OPTARG
100
+      ;;
101
+    \?)
102
+      usage
103
+      ;;
104
+    :)
105
+      echo "Option -$OPTARG requires an argument." >&2
106
+      usage
107
+      ;;
108
+  esac
109
+done
110
+shift "$((OPTIND-1))"
111
+
112
+DEPLOYMENT_DIR=$(cd $(dirname $0) && pwd -P)
113
+# Timeout in seconds for running puppet librarian
114
+TIMEOUT=600
115
+export PUPPET_GEM_VERSION=${PUPPET_GEM_VERSION:-'~>3.8'}
116
+export BUNDLE_DIR=${BUNDLE_DIR:-'/var/tmp/.bundle_home'}
117
+export GEM_HOME=${GEM_HOME:-'/var/tmp/.gem_home'}
118
+
119
+# We need to be in the deployment directory to run librarian-puppet-simple
120
+cd $DEPLOYMENT_DIR
121
+
122
+if [ "$USE_BUNDLER" = true ]; then
123
+  # ensure bundler is installed
124
+  bundle --version
125
+
126
+  # update bundler modules
127
+  bundle update
128
+fi
129
+
130
+# if no timeout command, return true so we don't fail this script (LP#1510665)
131
+TIMEOUT_CMD=$(type -P timeout || true)
132
+if [ -n "$TIMEOUT_CMD" ]; then
133
+    TIMEOUT_CMD="$TIMEOUT_CMD $TIMEOUT"
134
+fi
135
+
136
+# Check to make sure if the folder already exists, it has a .git so we can
137
+# use git on it. If the mod folder exists, but .git doesn't then remove the mod
138
+# folder so it can be properly installed via librarian.
139
+for MOD in $(grep "^mod" Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
140
+  MOD_DIR="${PLUGIN_MOD_DIR}/${MOD}"
141
+  if [ -d $MOD_DIR ] && [ ! -d "${MOD_DIR}/.git" ];
142
+  then
143
+    rm -rf "${MOD_DIR}"
144
+  fi
145
+done
146
+
147
+# run librarian-puppet install to populate the modules if they do not already
148
+# exist
149
+$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet install $VERBOSE --path=${PLUGIN_MOD_DIR}
150
+
151
+# run librarian-puppet update to ensure the modules are checked out to the
152
+# correct version
153
+if [ "$UPDATE" = true ]; then
154
+  $TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet update $VERBOSE --path=${PLUGIN_MOD_DIR}
155
+fi
156
+
157
+# do a hard reset on the librarian managed modules LP#1489542
158
+if [ "$RESET_HARD" = true ]; then
159
+  for MOD in $(grep "^mod " Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do
160
+    cd "${PLUGIN_MOD_DIR}/${MOD}"
161
+    git reset --hard
162
+  done
163
+  cd $DEPLOYMENT_DIR
164
+fi

Loading…
Cancel
Save