From 9728ea3bb4cb810921fbae1b66d75686429e989a Mon Sep 17 00:00:00 2001 From: Artem Savinov Date: Mon, 29 Aug 2016 20:13:29 +0300 Subject: [PATCH] Deploy controller node with nsx-t support Change-Id: Iae2b2679b4f7bdbc1fe5b82aa2c0f2b46e032907 --- Puppetfile | 38 ++++ .../puppet/manifests/configure-agents-dhcp.pp | 20 ++ .../puppet/manifests/configure-plugin.pp | 26 +++ .../puppet/manifests/create-repo.pp | 13 +- .../puppet/manifests/gem-install.pp | 6 + .../puppet/manifests/hiera-override.pp | 7 + .../puppet/manifests/install-nsx-packages.pp | 33 +++ .../puppet/manifests/neutron-server-start.pp | 69 ++++++ .../puppet/manifests/neutron-server-stop.pp | 8 + .../reg-controller-as-transport-node.pp | 34 +++ .../reg-controller-on-management-plane.pp | 26 +++ .../puppet/modules/nsxt/files/create_repo.sh | 13 ++ .../modules/nsxt/files/packages/Release | 1 - .../parser/functions/get_nsxt_components.rb | 159 ++++++++++++++ .../parser/functions/hiera_overrides.rb | 24 +++ .../lib/puppet/type/nsxt_add_to_fabric.rb | 2 +- .../puppet/type/nsxt_create_transport_node.rb | 2 +- .../modules/nsxt/manifests/create_repo.pp | 18 +- .../modules/nsxt/manifests/hiera_override.pp | 6 + deployment_tasks.yaml | 202 +++++++++++++++++- environment_config.yaml | 45 ++++ pre_build_hook | 26 ++- update_modules.sh | 164 ++++++++++++++ 23 files changed, 922 insertions(+), 20 deletions(-) create mode 100644 Puppetfile create mode 100644 deployment_scripts/puppet/manifests/configure-agents-dhcp.pp create mode 100644 deployment_scripts/puppet/manifests/gem-install.pp create mode 100644 deployment_scripts/puppet/manifests/hiera-override.pp create mode 100644 deployment_scripts/puppet/manifests/install-nsx-packages.pp create mode 100644 deployment_scripts/puppet/manifests/neutron-server-start.pp create mode 100644 deployment_scripts/puppet/manifests/neutron-server-stop.pp create mode 100644 deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp create mode 100644 deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp create mode 100644 deployment_scripts/puppet/modules/nsxt/files/create_repo.sh delete mode 100644 deployment_scripts/puppet/modules/nsxt/files/packages/Release create mode 100644 deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb create mode 100644 deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb create mode 100644 deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp create mode 100755 update_modules.sh diff --git a/Puppetfile b/Puppetfile new file mode 100644 index 0000000..5b11ac0 --- /dev/null +++ b/Puppetfile @@ -0,0 +1,38 @@ +#!/usr/bin/env ruby +#^syntax detection +# See https://github.com/bodepd/librarian-puppet-simple for additional docs +# +# Important information for fuel-library: +# With librarian-puppet-simple you *must* remove the existing folder from the +# repo prior to trying to run librarian-puppet as it will not remove the folder +# for you and you may run into some errors. + +# Pull in puppetlabs-stdlib +mod 'stdlib', + :git => 'https://github.com/fuel-infra/puppetlabs-stdlib.git', + :ref => '4.9.0' + +# Pull in puppetlabs-inifile +mod 'inifile', + :git => 'https://github.com/fuel-infra/puppetlabs-inifile.git', + :ref => '1.4.2' + +# Pull in puppet-neutron +mod 'neutron', + :git => 'https://github.com/fuel-infra/puppet-neutron.git', + :ref => 'stable/mitaka' + +## Pull in puppet-nova +#mod 'nova', +# :git => 'https://github.com/fuel-infra/puppet-nova.git', +# :ref => 'stable/mitaka' +# +# Pull in puppet-openstacklib +mod 'openstacklib', + :git => 'https://github.com/fuel-infra/puppet-openstacklib.git', + :ref => 'stable/mitaka' + +## Pull in puppet-keystone +#mod 'keystone', +# :git => 'https://github.com/fuel-infra/puppet-keystone.git', +# :ref => 'stable/mitaka' diff --git a/deployment_scripts/puppet/manifests/configure-agents-dhcp.pp b/deployment_scripts/puppet/manifests/configure-agents-dhcp.pp new file mode 100644 index 0000000..977846c --- /dev/null +++ b/deployment_scripts/puppet/manifests/configure-agents-dhcp.pp @@ -0,0 +1,20 @@ +notice('fuel-plugin-nsx-t: configure-agents-dhcp.pp') + +neutron_dhcp_agent_config { + 'DEFAULT/ovs_integration_bridge': value => 'nsx-managed'; + 'DEFAULT/interface_driver': value => 'neutron.agent.linux.interface.OVSInterfaceDriver'; + 'DEFAULT/enable_metadata_network': value => true; + 'DEFAULT/enable_isolated_metadata': value => true; + 'DEFAULT/ovs_use_veth': value => true; +} + +if 'primary-controller' in hiera('roles') { + exec { 'dhcp-agent-restart': + command => "crm resource restart $(crm status|awk '/dhcp/ {print \$3}')", + path => '/usr/bin:/usr/sbin:/bin:/sbin', + logoutput => true, + provider => 'shell', + tries => 3, + try_sleep => 10, + } +} diff --git a/deployment_scripts/puppet/manifests/configure-plugin.pp b/deployment_scripts/puppet/manifests/configure-plugin.pp index 1f112a4..b597a94 100644 --- a/deployment_scripts/puppet/manifests/configure-plugin.pp +++ b/deployment_scripts/puppet/manifests/configure-plugin.pp @@ -31,6 +31,32 @@ nsx_config { 'nsx_v3/default_edge_cluster_uuid': value => $edge_cluster; } +file { '/etc/neutron/plugin.ini': + ensure => link, + target => $::nsxt::params::nsx_plugin_config, + replace => true, + require => File[$::nsxt::params::nsx_plugin_dir] +} + +if !$settings['insecure'] { + nsx_config { 'nsx_v3/insecure': value => $settings['insecure']; } + + $ca_filename = try_get_value($settings['ca_file'],'name','') + + if !empty($ca_filename) { + $ca_certificate_content = $settings['ca_file']['content'] + $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}" + + nsx_config { 'nsx_v3/ca_file': value => $ca_file; } + + file { $ca_file: + ensure => present, + content => $ca_certificate_content, + require => File[$::nsxt::params::nsx_plugin_dir], + } + } +} + File[$::nsxt::params::nsx_plugin_dir]-> File[$::nsxt::params::nsx_plugin_config]-> Nsx_config<||> diff --git a/deployment_scripts/puppet/manifests/create-repo.pp b/deployment_scripts/puppet/manifests/create-repo.pp index 87196cb..b4c6caf 100644 --- a/deployment_scripts/puppet/manifests/create-repo.pp +++ b/deployment_scripts/puppet/manifests/create-repo.pp @@ -1,3 +1,14 @@ notice('fuel-plugin-nsx-t: create-repo.pp') -class { '::nsxt::create_repo': } +include ::nsxt::params + +$settings = hiera($::nsxt::params::hiera_key) +$managers = $settings['nsx_api_managers'] +$username = $settings['nsx_api_user'] +$password = $settings['nsx_api_password'] + +class { '::nsxt::create_repo': + managers => $managers, + username => $username, + password => $password, +} diff --git a/deployment_scripts/puppet/manifests/gem-install.pp b/deployment_scripts/puppet/manifests/gem-install.pp new file mode 100644 index 0000000..d1aaf4b --- /dev/null +++ b/deployment_scripts/puppet/manifests/gem-install.pp @@ -0,0 +1,6 @@ +notice('fuel-plugin-nsx-t: gem-install.pp') + +# ruby gem package must be pre installed before puppet module used +package { ['ruby-json', 'ruby-rest-client']: + ensure => latest, +} diff --git a/deployment_scripts/puppet/manifests/hiera-override.pp b/deployment_scripts/puppet/manifests/hiera-override.pp new file mode 100644 index 0000000..c9f4c24 --- /dev/null +++ b/deployment_scripts/puppet/manifests/hiera-override.pp @@ -0,0 +1,7 @@ +notice('fuel-plugin-nsx-t: hiera-override.pp') + +include ::nsxt::params + +class { '::nsxt::hiera_override': + override_file_name => $::nsxt::params::hiera_key, +} diff --git a/deployment_scripts/puppet/manifests/install-nsx-packages.pp b/deployment_scripts/puppet/manifests/install-nsx-packages.pp new file mode 100644 index 0000000..616501d --- /dev/null +++ b/deployment_scripts/puppet/manifests/install-nsx-packages.pp @@ -0,0 +1,33 @@ +notice('fuel-plugin-nsx-t: install-nsx-packages.pp') + +$nsx_required_packages = ['libunwind8', 'zip', 'libgflags2', 'libgoogle-perftools4', 'traceroute', + 'python-mako', 'python-simplejson', 'python-support', 'python-unittest2', + 'python-yaml', 'python-netaddr', 'libprotobuf8', + 'libboost-filesystem1.54.0', 'dkms', 'libboost-chrono-dev', + 'libboost-iostreams1.54.0', 'libvirt0'] + +$nsx_packages = ['libgoogle-glog0', 'libjson-spirit', 'nicira-ovs-hypervisor-node', 'nsxa', + 'nsx-agent', 'nsx-aggservice', 'nsx-cli', 'nsx-da', 'nsx-host', + 'nsx-host-node-status-reporter', 'nsx-lldp', 'nsx-logical-exporter', 'nsx-mpa', + 'nsx-netcpa', 'nsx-sfhc', 'nsx-transport-node-status-reporter', + 'openvswitch-common', 'openvswitch-datapath-dkms', 'openvswitch-pki', + 'openvswitch-switch', 'python-openvswitch', 'tcpdump-ovs'] + +package { $nsx_required_packages: + ensure => latest, +} +package { $nsx_packages: + ensure => latest, + require => [Package[$nsx_required_packages],Service['openvswitch-switch']] +} +service { 'openvswitch-switch': + ensure => stopped, + enable => false, +} +# This not shell(ubuntu dash) script, this bash script. +# if you leave it there all the command like '/bin/sh -c' cannot be executed +# example: start galera via pacemaker +file { '/etc/profile.d/nsx-alias.sh': + ensure => absent, + require => Package[$nsx_packages], +} diff --git a/deployment_scripts/puppet/manifests/neutron-server-start.pp b/deployment_scripts/puppet/manifests/neutron-server-start.pp new file mode 100644 index 0000000..b6eb980 --- /dev/null +++ b/deployment_scripts/puppet/manifests/neutron-server-start.pp @@ -0,0 +1,69 @@ +notice('fuel-plugin-nsx-t: neutron-server-start.pp') + +include ::neutron::params + +service { 'neutron-server-start': + ensure => 'running', + name => $::neutron::params::server_service, + enable => true, + hasstatus => true, + hasrestart => true, +} + +include ::nsxt::params + +neutron_config { + 'DEFAULT/core_plugin': value => $::nsxt::params::core_plugin; + 'DEFAULT/service_plugins': ensure => absent; + 'service_providers/service_provider': ensure => absent; +} + +Neutron_config<||> ~> Service['neutron-server'] + +if 'primary-controller' in hiera('roles') { + include ::neutron::db::sync + + Exec['neutron-db-sync'] ~> Service['neutron-server-start'] + Neutron_config<||> ~> Exec['neutron-db-sync'] + + $neutron_config = hiera_hash('neutron_config') + $management_vip = hiera('management_vip') + $service_endpoint = hiera('service_endpoint', $management_vip) + $ssl_hash = hiera_hash('use_ssl', {}) + $internal_auth_protocol = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'protocol', 'http') + $internal_auth_address = get_ssl_property($ssl_hash, {}, 'keystone', 'internal', 'hostname', [$service_endpoint]) + $identity_uri = "${internal_auth_protocol}://${internal_auth_address}:5000" + $auth_api_version = 'v2.0' + $auth_url = "${identity_uri}/${auth_api_version}" + $auth_password = $neutron_config['keystone']['admin_password'] + $auth_user = pick($neutron_config['keystone']['admin_user'], 'neutron') + $auth_tenant = pick($neutron_config['keystone']['admin_tenant'], 'services') + $auth_region = hiera('region', 'RegionOne') + $auth_endpoint_type = 'internalURL' + + exec { 'waiting-for-neutron-api': + environment => [ + "OS_TENANT_NAME=${auth_tenant}", + "OS_USERNAME=${auth_user}", + "OS_PASSWORD=${auth_password}", + "OS_AUTH_URL=${auth_url}", + "OS_REGION_NAME=${auth_region}", + "OS_ENDPOINT_TYPE=${auth_endpoint_type}", + ], + path => '/usr/sbin:/usr/bin:/sbin:/bin', + tries => '30', + try_sleep => '15', + command => 'neutron net-list --http-timeout=4 2>&1 > /dev/null', + provider => 'shell', + subscribe => Service['neutron-server'], + refreshonly => true, + } +} + +# fix add plugin.ini conf for neutron server +exec { 'fix-plugin-ini': + path => '/usr/sbin:/usr/bin:/sbin:/bin', + command => 'sed -ri \'s|NEUTRON_PLUGIN_CONFIG=""|NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugin.ini"|\' /usr/share/neutron-common/plugin_guess_func', + provider => 'shell', + before => Service['neutron-server'], +} diff --git a/deployment_scripts/puppet/manifests/neutron-server-stop.pp b/deployment_scripts/puppet/manifests/neutron-server-stop.pp new file mode 100644 index 0000000..3721b2d --- /dev/null +++ b/deployment_scripts/puppet/manifests/neutron-server-stop.pp @@ -0,0 +1,8 @@ +notice('fuel-plugin-nsx-t: neutron-server-stop.pp') + +include ::neutron::params + +service { 'neutron-server-stop': + ensure => 'stopped', + name => $::neutron::params::server_service, +} diff --git a/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp b/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp new file mode 100644 index 0000000..1a7d930 --- /dev/null +++ b/deployment_scripts/puppet/manifests/reg-controller-as-transport-node.pp @@ -0,0 +1,34 @@ +notice('fuel-plugin-nsx-t: reg-controller-as-transport-node.pp') + +include ::nsxt::params + +$settings = hiera($::nsxt::params::hiera_key) +$managers = $settings['nsx_api_managers'] +$user = $settings['nsx_api_user'] +$password = $settings['nsx_api_password'] +$uplink_profile_uuid = $settings['uplink_profile_uuid'] +$static_ip_pool_uuid = $settings['static_ip_pool_uuid'] +$transport_zone_uuid = $settings['transport_zone_uuid'] +$pnics_pairs = $settings['pnics_pairs'] + +nsxt_create_transport_node { 'Add transport node': + ensure => present, + managers => $managers, + username => $user, + password => $password, + uplink_profile_id => $uplink_profile_uuid, + pnics => $pnics_pairs, + static_ip_pool_id => $static_ip_pool_uuid, + transport_zone_id => $transport_zone_uuid, +} + +if !$settings['insecure'] { + $ca_filename = try_get_value($settings['ca_file'],'name','') + if empty($ca_filename) { + # default path to ca for Ubuntu 14.0.4 + $ca_file = "/etc/ssl/certs/ca-certificates.crt" + } else { + $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}" + } + Nsxt_create_transport_node { ca_file => $ca_file } +} diff --git a/deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp b/deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp new file mode 100644 index 0000000..68aaff1 --- /dev/null +++ b/deployment_scripts/puppet/manifests/reg-controller-on-management-plane.pp @@ -0,0 +1,26 @@ +notice('fuel-plugin-nsx-t: reg-controller-on-management-plane.pp') + +include ::nsxt::params + +$settings = hiera($::nsxt::params::hiera_key) +$managers = $settings['nsx_api_managers'] +$user = $settings['nsx_api_user'] +$password = $settings['nsx_api_password'] + +nsxt_add_to_fabric { 'Register controller node on management plane': + ensure => present, + managers => $managers, + username => $user, + password => $password, +} + +if !$settings['insecure'] { + $ca_filename = try_get_value($settings['ca_file'],'name','') + if empty($ca_filename) { + # default path to ca for Ubuntu 14.0.4 + $ca_file = "/etc/ssl/certs/ca-certificates.crt" + } else { + $ca_file = "${::nsxt::params::nsx_plugin_dir}/${ca_filename}" + } + Nsxt_add_to_fabric { ca_file => $ca_file } +} diff --git a/deployment_scripts/puppet/modules/nsxt/files/create_repo.sh b/deployment_scripts/puppet/modules/nsxt/files/create_repo.sh new file mode 100644 index 0000000..954a7bd --- /dev/null +++ b/deployment_scripts/puppet/modules/nsxt/files/create_repo.sh @@ -0,0 +1,13 @@ +#!/bin/bash -e +repo_dir=$1 +component_archive=$2 + +mkdir -p "$repo_dir" +cd "$repo_dir" +tar --wildcards --strip-components=1 -zxvf "$component_archive" "*/" +dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz +echo 'Label: nsx-t-protected-packages' > Release +chmod 755 . +chmod 644 * +apt-get update +rm -fr "${component_archive:?}" diff --git a/deployment_scripts/puppet/modules/nsxt/files/packages/Release b/deployment_scripts/puppet/modules/nsxt/files/packages/Release deleted file mode 100644 index a61129e..0000000 --- a/deployment_scripts/puppet/modules/nsxt/files/packages/Release +++ /dev/null @@ -1 +0,0 @@ -Label: nsx-t-protected-packages diff --git a/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb b/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb new file mode 100644 index 0000000..8211f7a --- /dev/null +++ b/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/get_nsxt_components.rb @@ -0,0 +1,159 @@ +require 'rest-client' +require 'json' +require 'openssl' +require 'open-uri' + +module Puppet::Parser::Functions + newfunction(:get_nsxt_components, :type => :rvalue, :doc => <<-EOS +Returns the address of nsx-t manager, on which enable install-upgrade service +example: + get_nsxt_components('172.16.0.1,172.16.0.2,172.16.0.3', username, password) +EOS + ) do |args| + managers = args[0] + username = args[1] + password = args[2] + managers.split(',').each do |manager| + # Suppression scheme, NSX-T 1.0 supports only https scheme + manager.to_s.strip =~ /(https?:\/\/)?(?.+)/ + manager = Regexp.last_match[:manager] + service_enabled = check_service_enabled(manager, username, password) + if service_enabled == 'error' + next + elsif service_enabled == 'disabled' + service_enabled_on_manager = enable_upgrade_service(manager, username, password) + else + service_enabled_on_manager = service_enabled + end + if check_service_running(service_enabled_on_manager, username, password) + return get_component(service_enabled_on_manager, username, password) + else + service_enabled_on_manager = enable_upgrade_service(service_enabled_on_manager, username, password) + if check_service_running(service_enabled_on_manager, username, password) + return get_component(service_enabled_on_manager, username, password) + end + end + raise Puppet::Error,("\nCan not enable install-upgrade service on nsx-t manager\n") + end + end +end + +def disable_upgrade_service(manager, username, password) + debug("Try disable install-upgrade service on #{manager}") + request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => false }} + api_url = "https://#{manager}/api/v1/node/services/install-upgrade" + response = nsxt_api(api_url, username, password, 'put', request.to_json) + debug("response:\n #{response}") + if response['service_properties']['enabled'] == false + return + end + raise Puppet::Error,("\nCannot disable install-upgrade service on nsx-t manager #{manager}\n") +end + +def get_component(manager, username, password) + file_path = '/tmp/nsxt-components.tgz' + component_url = get_component_url(manager, username, password) + begin + File.open(file_path, 'wb') do |saved_file| + open(component_url, 'rb') do |read_file| + saved_file.write(read_file.read) + end + end + rescue => error + raise Puppet::Error,("\nCan not get file from #{url}:\n#{error.message}\n") + end + disable_upgrade_service(manager, username, password) + return file_path +end + +def get_component_url(manager, username, password) + node_version = get_node_version(manager, username, password) + begin + manifest = open("http://#{manager}:8080/repository/#{node_version}/metadata/manifest").read + rescue => error + raise Puppet::Error,("\nCan not get url for nsx-t components from #{url}:\n#{error.message}\n") + end + manifest.split(/\n/).each do |str| + if str.include? 'NSX_HOST_COMPONENT_UBUNTU_1404_TAR' + url = str.split('=')[1] + return "http://#{manager}:8080#{url}" + end + end +end + +def get_node_version(manager, username, password) + debug("Try get nsx-t node version from #{manager}") + api_url = "https://#{manager}/api/v1/node" + response = nsxt_api(api_url, username, password, 'get') + debug("response:\n #{response}") + if not response.to_s.empty? + return response['node_version'] + end + raise Puppet::Error,("\nCan not get node version from #{manager}\n") +end + +def check_service_enabled(manager, username, password) + debug("Check install-upgrade service enabled on #{manager}") + api_url = "https://#{manager}/api/v1/node/services/install-upgrade" + response = nsxt_api(api_url, username, password, 'get') + debug("response:\n #{response}") + if not response.to_s.empty? + if response['service_properties']['enabled'] == true + return response['service_properties']['enabled_on'] + end + return 'disabled' + end + return 'error' +end + +def check_service_running(manager, username, password) + debug("Check install-upgrade service running on #{manager}") + api_url = "https://#{manager}/api/v1/node/services/install-upgrade/status" + response = nsxt_api(api_url, username, password, 'get') + debug("response:\n #{response}") + if not response.to_s.empty? + if response['runtime_state'] == 'running' + return true + end + end + return false +end + +def enable_upgrade_service(manager, username, password) + debug("Try enable install-upgrade service on #{manager}") + request = {'service_name' => 'install-upgrade', 'service_properties' => {'enabled' => true }} + api_url = "https://#{manager}/api/v1/node/services/install-upgrade" + response = nsxt_api(api_url, username, password, 'put', request.to_json) + debug("response:\n #{response}") + if response['service_properties']['enabled'] == true + return response['service_properties']['enabled_on'] + end + raise Puppet::Error,("\nCannot enable install-upgrade service on nsx-t manager #{manager}\n") +end + +def nsxt_api(api_url, username, password, method, request='', timeout=5) + retry_count = 3 + begin + if method == 'get' + response = RestClient::Request.execute(method: :get, url: api_url, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE) + elsif method == 'put' + response = RestClient::Request.execute(method: :put, url: api_url, payload: request, timeout: timeout, user: username, password: password, verify_ssl: OpenSSL::SSL::VERIFY_NONE, headers: {'Content-Type' => 'application/json'}) + end + response_hash = JSON.parse(response.body) + return response_hash + rescue Errno::ECONNREFUSED + notice("\nCan not get response from #{api_url} - 'Connection refused', try next if exist\n") + return "" + rescue Errno::EHOSTUNREACH + notice("\nCan not get response from #{api_url} - 'No route to host', try next if exist\n") + return "" + rescue => error + retry_count -= 1 + if retry_count > 0 + sleep 10 + retry + else + raise Puppet::Error,("\nCan not get response from #{api_url} :\n#{error.message}\n#{JSON.parse(error.response)['error_message']}\n") + end + end +end diff --git a/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb b/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb new file mode 100644 index 0000000..96ee545 --- /dev/null +++ b/deployment_scripts/puppet/modules/nsxt/lib/puppet/parser/functions/hiera_overrides.rb @@ -0,0 +1,24 @@ +require 'yaml' + +module Puppet::Parser::Functions + newfunction(:hiera_overrides, :doc => <<-EOS +Custom function to override hiera parameters, the first argument - +file name, where write new parameters in yaml format, ex: + hiera_overrides('/etc/hiera/test.yaml') +EOS + ) do |args| + filename = args[0] + hiera_overrides = {} + + # override neutron_advanced_configuration + neutron_advanced_configuration = {} + neutron_advanced_configuration['neutron_dvr'] = false + neutron_advanced_configuration['neutron_l2_pop'] = false + neutron_advanced_configuration['neutron_l3_ha'] = false + neutron_advanced_configuration['neutron_qos'] = false + hiera_overrides['neutron_advanced_configuration'] = neutron_advanced_configuration + + # write to hiera override yaml file + File.open(filename, 'w') { |file| file.write(hiera_overrides.to_yaml) } + end +end diff --git a/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb b/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb index f7661fe..3193a1d 100644 --- a/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb +++ b/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_add_to_fabric.rb @@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_add_to_fabric) do munge do |value| array = [] value.split(',').each do |manager| - manager.to_s.strip =~ /(https:\/\/)?(?[^:]+):?(?\d+)?/ + manager.to_s.strip =~ /(https?:\/\/)?(?[^:]+):?(?\d+)?/ host= Regexp.last_match[:host] port = Regexp.last_match[:port] port = 443 if port.to_s.empty? diff --git a/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb b/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb index 3ed791f..9df1057 100644 --- a/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb +++ b/deployment_scripts/puppet/modules/nsxt/lib/puppet/type/nsxt_create_transport_node.rb @@ -10,7 +10,7 @@ Puppet::Type.newtype(:nsxt_create_transport_node) do munge do |value| array = [] value.split(',').each do |manager| - manager.to_s.strip =~ /(https:\/\/)?(?[^:]+):?(?\d+)?/ + manager.to_s.strip =~ /(https?:\/\/)?(?[^:]+):?(?\d+)?/ host= Regexp.last_match[:host] port = Regexp.last_match[:port] port = 443 if port.to_s.empty? diff --git a/deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp b/deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp index 199e9b6..652e790 100644 --- a/deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp +++ b/deployment_scripts/puppet/modules/nsxt/manifests/create_repo.pp @@ -1,14 +1,18 @@ class nsxt::create_repo ( + $managers, + $username, + $password, $repo_dir = '/opt/nsx-t-repo', $repo_file = '/etc/apt/sources.list.d/nsx-t-local.list', $repo_pref_file = '/etc/apt/preferences.d/nsx-t-local.pref', ) { - file { $repo_dir: - ensure => directory, + $component_archive = get_nsxt_components($managers, $username, $password) + + file { '/tmp/create_repo.sh': + ensure => file, mode => '0755', - source => "puppet:///modules/${module_name}/packages", - recurse => true, - force => true, + source => "puppet:///modules/${module_name}/create_repo.sh", + replace => true, } file { $repo_file: ensure => file, @@ -24,8 +28,8 @@ class nsxt::create_repo ( } exec { 'Create repo': path => '/usr/sbin:/usr/bin:/sbin:/bin', - command => "cd ${repo_dir} && dpkg-scanpackages . /dev/null | gzip -9c > Packages.gz", + command => "/tmp/create_repo.sh ${repo_dir} ${component_archive}", provider => 'shell', - require => File[$repo_dir], + require => File['/tmp/create_repo.sh'], } } diff --git a/deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp b/deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp new file mode 100644 index 0000000..a933f38 --- /dev/null +++ b/deployment_scripts/puppet/modules/nsxt/manifests/hiera_override.pp @@ -0,0 +1,6 @@ +class nsxt::hiera_override ( + $override_file_name, +) { + $override_file_path = "/etc/hiera/plugins/${override_file_name}.yaml" + hiera_overrides($override_file_path) +} diff --git a/deployment_tasks.yaml b/deployment_tasks.yaml index eaf0307..89246a7 100644 --- a/deployment_tasks.yaml +++ b/deployment_tasks.yaml @@ -1,3 +1,36 @@ +- id: nsx-t-hiera-override + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + - compute + required_for: + - netconfig + requires: + - globals + parameters: + puppet_manifest: puppet/manifests/hiera-override.pp + puppet_modules: puppet/modules + timeout: 120 + +- id: nsx-t-gem-install + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + - compute + required_for: + - nsx-t-reg-controller-on-management-plane + - nsx-t-reg-controller-as-transport-node + requires: + - setup_repositories + parameters: + puppet_manifest: puppet/manifests/gem-install.pp + puppet_modules: puppet/modules + timeout: 300 + - id: nsx-t-create-repo version: 2.0.0 type: puppet @@ -6,13 +39,34 @@ - controller - compute required_for: - - pre_deployment_end + - netconfig requires: - - pre_deployment_start + - nsx-t-gem-install parameters: puppet_manifest: puppet/manifests/create-repo.pp puppet_modules: puppet/modules - timeout: 120 + timeout: 600 + strategy: + type: one_by_one + +- id: nsx-t-install-packages + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + - compute + required_for: + - openstack-network-start + - database + - primary-database + requires: + - netconfig + - nsx-t-create-repo + parameters: + puppet_manifest: puppet/manifests/install-nsx-packages.pp + puppet_modules: puppet/modules + timeout: 300 - id: nsx-t-install-plugin version: 2.0.0 @@ -21,9 +75,9 @@ - primary-controller - controller required_for: - - nsx-t-configure-plugin + - openstack-network-end requires: - - openstack-network-common-config + - openstack-network-server-config parameters: puppet_manifest: puppet/manifests/install-nsx-plugin.pp puppet_modules: puppet/modules @@ -36,10 +90,142 @@ - primary-controller - controller required_for: - - openstack-network-neutron-start + - openstack-network-end requires: - - openstack-network-server-nova + - nsx-t-install-plugin parameters: puppet_manifest: puppet/manifests/configure-plugin.pp - puppet_modules: puppet/modules:/etc/puppet/modules + puppet_modules: puppet/modules timeout: 60 + +- id: nsx-t-neutron-server-stop + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + required_for: + - openstack-network-end + requires: + - openstack-network-server-config + parameters: + puppet_manifest: puppet/manifests/neutron-server-stop.pp + puppet_modules: puppet/modules + timeout: 60 + +- id: nsx-t-primary-neutron-server-start + version: 2.0.0 + type: puppet + groups: + - primary-controller + required_for: + - primary-openstack-network-agents-metadata + - primary-openstack-network-agents-dhcp + - openstack-network-networks + requires: + - nsx-t-configure-plugin + cross-depends: + - name: nsx-t-neutron-server-stop + parameters: + puppet_manifest: puppet/manifests/neutron-server-start.pp + puppet_modules: puppet/modules + timeout: 300 + +- id: nsx-t-reg-controller-on-management-plane + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + required_for: + - primary-openstack-network-agents-metadata + - primary-openstack-network-agents-dhcp + requires: + - nsx-t-install-packages + parameters: + puppet_manifest: puppet/manifests/reg-controller-on-management-plane.pp + puppet_modules: puppet/modules + timeout: 300 + +- id: nsx-t-reg-controller-as-transport-node + version: 2.0.0 + type: puppet + groups: + - primary-controller + - controller + required_for: + - primary-openstack-network-agents-metadata + - primary-openstack-network-agents-dhcp + requires: + - nsx-t-reg-controller-on-management-plane + parameters: + puppet_manifest: puppet/manifests/reg-controller-as-transport-node.pp + puppet_modules: puppet/modules + timeout: 300 + +- id: nsx-t-neutron-server-start + version: 2.0.0 + type: puppet + groups: + - controller + requires: + - nsx-t-neutron-server-stop + - nsx-t-configure-plugin + required_for: + - openstack-network-agents-metadata + - openstack-network-agents-dhcp + cross-depends: + - name: nsx-t-primary-neutron-server-start + parameters: + puppet_manifest: puppet/manifests/neutron-server-start.pp + puppet_modules: puppet/modules + timeout: 120 + strategy: + type: one_by_one + +- id: nsx-t-primary-configure-agents-dhcp + version: 2.0.0 + type: puppet + groups: + - primary-controller + required_for: + - openstack-network-networks + requires: + - primary-openstack-network-agents-dhcp + cross-depends: + - name: nsx-t-configure-agents-dhcp + parameters: + puppet_manifest: puppet/manifests/configure-agents-dhcp.pp + puppet_modules: puppet/modules + timeout: 180 + +- id: nsx-t-configure-agents-dhcp + version: 2.0.0 + type: puppet + groups: + - controller + required_for: + - openstack-network-end + requires: + - openstack-network-agents-dhcp + parameters: + puppet_manifest: puppet/manifests/configure-agents-dhcp.pp + puppet_modules: puppet/modules + timeout: 120 + +# skipped tasks +- id: openstack-network-networks + version: 2.0.0 + type: skipped +- id: primary-openstack-network-plugins-l2 + version: 2.0.0 + type: skipped +- id: openstack-network-plugins-l2 + version: 2.0.0 + type: skipped +- id: primary-openstack-network-agents-l3 + version: 2.0.0 + type: skipped +- id: openstack-network-agents-l3 + version: 2.0.0 + type: skipped diff --git a/environment_config.yaml b/environment_config.yaml index a1c4ddb..69beff4 100644 --- a/environment_config.yaml +++ b/environment_config.yaml @@ -1,6 +1,21 @@ attributes: metadata: group: network + insecure: + value: true + label: "Bypass NSX Manager certificate verification" + description: '' + weight: 1 + type: 'checkbox' + ca_file: + value: '' + label: 'CA certificate file' + description: 'Specify a CA certificate file to use in NSX Manager certificate verification' + weight: 5 + type: 'file' + restrictions: + - condition: "settings:nsx-t.insecure.value == true" + action: "hide" nsx_api_managers: value: '' label: 'NSX Manager' @@ -62,3 +77,33 @@ attributes: source: *uuid error: 'Enter cluster UUID' type: "text" + uplink_profile_uuid: + value: '' + label: 'Uplink profile ID' + weight: 45 + regex: + source: *uuid + error: 'Enter uplink profile ID' + type: "text" + static_ip_pool_uuid: + value: '' + label: 'IP pool ID for STT VTEP' + weight: 50 + regex: + source: *uuid + error: 'Enter IP pool ID' + type: "text" + transport_zone_uuid: + value: '' + label: 'Transport zone ID' + weight: 55 + regex: + source: *uuid + error: 'Enter transport zone ID' + type: "text" + pnics_pairs: + value: 'enp0s1:uplink-1' + label: 'Colon separated pnics pairs, one per line' + min: 1 + weight: 60 + type: "textarea" diff --git a/pre_build_hook b/pre_build_hook index dc05e98..bca8208 100755 --- a/pre_build_hook +++ b/pre_build_hook @@ -1,5 +1,29 @@ #!/bin/bash - # Add here any the actions which are required before plugin build # like packages building, packages downloading from mirrors and so on. # The script should return 0 if there were no errors. + +set -eux + +ROOT="$(dirname $(readlink -f $0))" +PLUGIN_MOD_DIR="$ROOT/deployment_scripts/puppet/modules/upstream" +MODULE_NAME='nsxt' + +# Download upstream puppet modules that are not in fuel-library/ +find "$ROOT/deployment_scripts/puppet/modules" -maxdepth 1 -mindepth 1 -type d ! -name $MODULE_NAME -prune -exec rm -fr {} \; +"$ROOT"/update_modules.sh -d "$PLUGIN_MOD_DIR" + +# Remove .git directory +rm -fr $(find "${PLUGIN_MOD_DIR:?}" -name '.git' ) + +mv "$PLUGIN_MOD_DIR"/* "$(dirname $PLUGIN_MOD_DIR)" + +# Download puppet modules that are in fuel-library/ +TARBALL_VERSION='stable/mitaka' +REPO_PATH="https://github.com/openstack/fuel-library/tarball/${TARBALL_VERSION}" +# +wget -qO- "$REPO_PATH" | tar --wildcards -C "$PLUGIN_MOD_DIR" --strip-components=3 -zxvf - "openstack-fuel-library-*/deployment/puppet/" +mv "$PLUGIN_MOD_DIR"/osnailyfacter/lib/puppet/parser/functions/get_ssl_property.rb "$(dirname $PLUGIN_MOD_DIR)"/$MODULE_NAME/lib/puppet/parser/functions + +# clean +rm -fr "$PLUGIN_MOD_DIR" diff --git a/update_modules.sh b/update_modules.sh new file mode 100755 index 0000000..ed568df --- /dev/null +++ b/update_modules.sh @@ -0,0 +1,164 @@ +#!/bin/bash -e +############################################################################### +# +# Copyright 2015 Mirantis, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +############################################################################### +# +# update_modules.sh +# +# This script uses librarian-puppet-simple to populate the puppet folder with +# upstream puppet modules. By default, it assumes librarian-puppet-simple is +# already available to the environment or it will fail. You can provide command +# line options to have the script use bundler to install librarian-puppet-simple +# if neccessary. +# +# Parameters: +# -b - Use bundler to install librarian-puppet (optional) +# -r - Hard git reset of librarian managed modules back to specified version (optional) +# -p - Puppet version to use with bundler (optional) +# -h - Folder to be used as the home directory for bundler (optional) +# -g - Folder to be used as the gem directory (optional) +# -u - Run librarian update (optional) +# -v - Verbose printing, turns on set -x (optional) +# -? - This usage information +# +# Variables: +# PUPPET_GEM_VERSION - the version of puppet to be pulled down by bundler +# Defaults to '3.4.3' +# BUNDLE_DIR - The folder to store the bundle gems in. +# Defaults to '/var/tmp/.bundle_home' +# GEM_HOME - The folder to store the gems in to not require root. +# Defaults to '/var/tmp/.gem_home' +# +# NOTE: These variables can be overriden via bash environment variable with the +# same name or via the command line paramters. +# +# Author: Alex Schultz +# +############################################################################### +set -e + +usage() { + cat <] [-h ] [-g ] [-u] [-?] + +Options: + -b - Use bundler instead of assuming librarian-puppet is available + -r - Hard git reset of librarian managed modules back to specified version + -p - Puppet version to use with bundler + -h - Folder to be used as the home directory for bundler + -g - Folder to be used as the gem directory + -u - Run librarian update + -v - Verbose printing of commands + -d - Patch where modules to install + -? - This usage information + +EOF + exit 1 +} + +while getopts ":bp:g:h:vru:d:" opt; do + case $opt in + b) + USE_BUNDLER=true + BUNDLER_EXEC="bundle exec" + ;; + p) + PUPPET_GEM_VERSION=$OPTARG + ;; + h) + BUNDLE_DIR=$OPTARG + ;; + g) + GEM_HOME=$OPTARG + ;; + r) + RESET_HARD=true + ;; + u) + UPDATE=true + ;; + v) + VERBOSE='--verbose' + set -x + ;; + d) + PLUGIN_MOD_DIR=$OPTARG + ;; + \?) + usage + ;; + :) + echo "Option -$OPTARG requires an argument." >&2 + usage + ;; + esac +done +shift "$((OPTIND-1))" + +DEPLOYMENT_DIR=$(cd $(dirname $0) && pwd -P) +# Timeout in seconds for running puppet librarian +TIMEOUT=600 +export PUPPET_GEM_VERSION=${PUPPET_GEM_VERSION:-'~>3.8'} +export BUNDLE_DIR=${BUNDLE_DIR:-'/var/tmp/.bundle_home'} +export GEM_HOME=${GEM_HOME:-'/var/tmp/.gem_home'} + +# We need to be in the deployment directory to run librarian-puppet-simple +cd $DEPLOYMENT_DIR + +if [ "$USE_BUNDLER" = true ]; then + # ensure bundler is installed + bundle --version + + # update bundler modules + bundle update +fi + +# if no timeout command, return true so we don't fail this script (LP#1510665) +TIMEOUT_CMD=$(type -P timeout || true) +if [ -n "$TIMEOUT_CMD" ]; then + TIMEOUT_CMD="$TIMEOUT_CMD $TIMEOUT" +fi + +# Check to make sure if the folder already exists, it has a .git so we can +# use git on it. If the mod folder exists, but .git doesn't then remove the mod +# folder so it can be properly installed via librarian. +for MOD in $(grep "^mod" Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do + MOD_DIR="${PLUGIN_MOD_DIR}/${MOD}" + if [ -d $MOD_DIR ] && [ ! -d "${MOD_DIR}/.git" ]; + then + rm -rf "${MOD_DIR}" + fi +done + +# run librarian-puppet install to populate the modules if they do not already +# exist +$TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet install $VERBOSE --path=${PLUGIN_MOD_DIR} + +# run librarian-puppet update to ensure the modules are checked out to the +# correct version +if [ "$UPDATE" = true ]; then + $TIMEOUT_CMD $BUNDLER_EXEC librarian-puppet update $VERBOSE --path=${PLUGIN_MOD_DIR} +fi + +# do a hard reset on the librarian managed modules LP#1489542 +if [ "$RESET_HARD" = true ]; then + for MOD in $(grep "^mod " Puppetfile | tr -d '[:punct:]' | awk '{ print $2 }'); do + cd "${PLUGIN_MOD_DIR}/${MOD}" + git reset --hard + done + cd $DEPLOYMENT_DIR +fi