x
/
packstack
Code Issues Proposed changes

Provision Demo/Tempest Separation 

Packstack should be able to deploy Tempest in a standalone mode or in a full
configuration (with the user demo or another one given by the user).

Change-Id: I4874540edd60fa87cb853cdfdc6cc169600f5a50
Fixes: rhbz#1111969
This commit is contained in:
Gael Chamoulaud 2014-06-24 09:08:31 +02:00
parent bd36954ab4
commit d7a9e6db04
4 changed files with 262 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/packstack.rst
View File

@ -454,6 +454,12 @@ Provision Config Parameters
**CONFIG_PROVISION_TEMPEST**
Whether to configure tempest for testing.
**CONFIG_PROVISION_TEMPEST_USER**
The name of the Tempest Provisioning user. If you don't provide a user name, Tempest will be configured in a standalone mode. If you choose the **demo** user, packstack will use the password from **CONFIG_KEYSTONE_DEMO_PW** if **CONFIG_PROVISION_DEMO** is enabled. If not, the **CONFIG_PROVISION_TEMPEST_USER_PW** will be used.
**CONFIG_PROVISION_TEMPEST_USER_PW**
The password to use for the Tempest Provisioning user.
**CONFIG_PROVISION_TEMPEST_REPO_REVISION**
The revision of the tempest git repository to use.

81
packstack/plugins/provision_700.py
View File

@ -5,6 +5,7 @@ Installs and configures neutron
"""
import logging
import uuid
from packstack.installer import utils
from packstack.installer import validators
@ -57,6 +58,36 @@ def initConfig(controller):
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "provision-tempest-user",
"USAGE": "The name of the Tempest Provisioning user. If you "
"don't provide a user name, Tempest will be configured "
"in a standalone mode",
"PROMPT": ("Enter the name of the Tempest Provisioning user "
"(if blank, "),
"OPTION_LIST": False,
"VALIDATORS": False,
"DEFAULT_VALUE": "",
"MASK_INPUT": False,
"LOOSE_VALIDATION": True,
"CONF_NAME": "CONFIG_PROVISION_TEMPEST_USER",
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "provision-tempest-user-passwd",
"USAGE": "The password to use for the Tempest Provisioning user",
"PROMPT": "Enter the password for the Tempest Provisioning user",
"OPTION_LIST": [],
"VALIDATORS": [validators.validate_not_empty],
"DEFAULT_VALUE": uuid.uuid4().hex[:16],
"MASK_INPUT": True,
"LOOSE_VALIDATION": False,
"CONF_NAME": "CONFIG_PROVISION_TEMPEST_USER_PW",
"USE_DEFAULT": False,
"NEED_CONFIRM": True,
"CONDITION": False},
],
"PROVISION_DEMO": [
@ -121,8 +152,7 @@ def initConfig(controller):
}
def check_provisioning_demo(config):
return (config.get('CONFIG_PROVISION_DEMO', 'n') == 'y' or
config.get('CONFIG_PROVISION_TEMPEST', 'n') == 'y')
return (config.get('CONFIG_PROVISION_DEMO', 'n') == 'y')
def check_provisioning_tempest(config):
return (config.get('CONFIG_PROVISION_TEMPEST', 'n') == 'y')
@ -179,22 +209,28 @@ def initConfig(controller):
def initSequences(controller):
config = controller.CONF
provisioning_required = (
config['CONFIG_PROVISION_DEMO'] == 'y'
or
config['CONFIG_PROVISION_TEMPEST'] == 'y'
)
if not provisioning_required:
if (config['CONFIG_PROVISION_DEMO'] != "y" and
config['CONFIG_PROVISION_TEMPEST'] != "y"):
return
marshall_conf_bool(config, 'CONFIG_PROVISION_TEMPEST')
marshall_conf_bool(config, 'CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE')
provision_steps = [
{'title': 'Adding Provisioning manifest entries',
'functions': [create_manifest]}
]
provision_steps = []
if config['CONFIG_PROVISION_DEMO'] == "y":
provision_steps.append(
{'title': 'Adding Provisioning Demo manifest entries',
'functions': [create_demo_manifest]}
)
if config['CONFIG_PROVISION_TEMPEST']:
provision_steps.append(
{'title': 'Adding Provisioning Tempest manifest entries',
'functions': [create_tempest_manifest]}
)
controller.addSequence("Provisioning for Demo and Testing Usage",
[], [], provision_steps)
@ -208,9 +244,7 @@ def marshall_conf_bool(conf, key):
conf[key] = 'false'
#-------------------------- step functions --------------------------
def create_manifest(config, messages):
def using_neutron(config):
# Using the neutron or nova api servers as the provisioning target
# will suffice for the all-in-one case.
if config['CONFIG_NEUTRON_INSTALL'] != "y":
@ -225,6 +259,19 @@ def create_manifest(config, messages):
config['PROVISION_NEUTRON_AVAILABLE'] = config['CONFIG_NEUTRON_INSTALL']
marshall_conf_bool(config, 'PROVISION_NEUTRON_AVAILABLE')
manifest_file = '%s_provision.pp' % config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision.pp")
#-------------------------- step functions --------------------------
def create_demo_manifest(config, messages):
using_neutron(config)
manifest_file = '%s_provision_demo.pp' % config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision_demo.pp")
appendManifestFile(manifest_file, manifest_data)
def create_tempest_manifest(config, messages):
using_neutron(config)
manifest_file = '%s_provision_tempest.pp' % \
config['CONFIG_CONTROLLER_HOST']
manifest_data = getManifestTemplate("provision_tempest.pp")
appendManifestFile(manifest_file, manifest_data)

134
packstack/puppet/templates/provision_demo.pp Normal file
View File

@ -0,0 +1,134 @@
## Keystone
# non admin user
$username = 'demo'
$password = '%(CONFIG_KEYSTONE_DEMO_PW)s'
$tenant_name = 'demo'
# admin user
$admin_username = 'admin'
$admin_password = '%(CONFIG_KEYSTONE_ADMIN_PW)s'
$admin_tenant_name = 'admin'
## Glance
$image_name = 'cirros'
$image_source = 'http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img'
$image_ssh_user = 'cirros'
## Neutron
$public_network_name = 'public'
$public_subnet_name = 'public_subnet'
$floating_range = '%(CONFIG_PROVISION_DEMO_FLOATRANGE)s'
$private_network_name = 'private'
$private_subnet_name = 'private_subnet'
$fixed_range = '10.0.0.0/24'
$router_name = 'router1'
$setup_ovs_bridge = %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s
$public_bridge_name = '%(CONFIG_PROVISION_DEMO_FLOATRANGE)s'
## Users
keystone_tenant { $tenant_name:
ensure => present,
enabled => true,
description => 'default tenant',
}
keystone_user { $username:
ensure => present,
enabled => true,
tenant => $tenant_name,
password => $password,
}
keystone_tenant { $alt_tenant_name:
ensure => present,
enabled => true,
description => 'alt tenant',
}
keystone_user { $alt_username:
ensure => present,
enabled => true,
tenant => $alt_tenant_name,
password => $alt_password,
}
## Images
glance_image { $image_name:
ensure => present,
is_public => 'yes',
container_format => 'bare',
disk_format => 'qcow2',
source => $image_source,
}
## Neutron
if %(PROVISION_NEUTRON_AVAILABLE)s {
$neutron_deps = [Neutron_network[$public_network_name]]
neutron_network { $public_network_name:
ensure => present,
router_external => true,
tenant_name => $admin_tenant_name,
}
neutron_subnet { $public_subnet_name:
ensure => 'present',
cidr => $floating_range,
enable_dhcp => false,
network_name => $public_network_name,
tenant_name => $admin_tenant_name,
}
neutron_network { $private_network_name:
ensure => present,
tenant_name => $tenant_name,
}
neutron_subnet { $private_subnet_name:
ensure => present,
cidr => $fixed_range,
network_name => $private_network_name,
tenant_name => $tenant_name,
}
# Tenant-owned router - assumes network namespace isolation
neutron_router { $router_name:
ensure => present,
tenant_name => $tenant_name,
gateway_network_name => $public_network_name,
# A neutron_router resource must explicitly declare a dependency on
# the first subnet of the gateway network.
require => Neutron_subnet[$public_subnet_name],
}
neutron_router_interface { "${router_name}:${private_subnet_name}":
ensure => present,
}
if $setup_ovs_bridge {
neutron_l3_ovs_bridge { $public_bridge_name:
ensure => present,
subnet_name => $public_subnet_name,
}
}
}
if %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s {
firewall { '000 nat':
chain => 'POSTROUTING',
jump => 'MASQUERADE',
source => $::openstack::provision::floating_range,
outiface => $::gateway_device,
table => 'nat',
proto => 'all',
}
firewall { '000 forward out':
chain => 'FORWARD',
action => 'accept',
outiface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
}
firewall { '000 forward in':
chain => 'FORWARD',
action => 'accept',
iniface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
}
}

81
packstack/puppet/templates/provision.pp → packstack/puppet/templates/provision_tempest.pp
View File

@ -1,8 +1,17 @@
if '%(CONFIG_PROVISION_TEMPEST_USER)s' != '' {
## Keystone
# non admin user
$username = 'demo'
$password = '%(CONFIG_KEYSTONE_DEMO_PW)s'
$tenant_name = 'demo'
$username = '%(CONFIG_PROVISION_TEMPEST_USER)s'
if '%(CONFIG_PROVISION_TEMPEST_USER)s' == 'demo' and
'%(CONFIG_PROVISION_DEMO)s' == 'y' {
$password = '%(CONFIG_KEYSTONE_DEMO_PW)s'
} else {
$password = '%(CONFIG_PROVISION_TEMPEST_USER_PW)s'
}
$tenant_name = '%(CONFIG_PROVISION_TEMPEST_USER)s'
# admin user
$admin_username = 'admin'
$admin_password = '%(CONFIG_KEYSTONE_ADMIN_PW)s'
@ -54,6 +63,7 @@
enabled => true,
description => 'default tenant',
}
keystone_user { $username:
ensure => present,
enabled => true,
@ -66,6 +76,7 @@
enabled => true,
description => 'alt tenant',
}
keystone_user { $alt_username:
ensure => present,
enabled => true,
@ -124,6 +135,7 @@
router_external => true,
tenant_name => $admin_tenant_name,
}
neutron_subnet { $public_subnet_name:
ensure => 'present',
cidr => $floating_range,
@ -131,16 +143,19 @@
network_name => $public_network_name,
tenant_name => $admin_tenant_name,
}
neutron_network { $private_network_name:
ensure => present,
tenant_name => $tenant_name,
}
neutron_subnet { $private_subnet_name:
ensure => present,
cidr => $fixed_range,
network_name => $private_network_name,
tenant_name => $tenant_name,
}
# Tenant-owned router - assumes network namespace isolation
neutron_router { $router_name:
ensure => present,
@ -150,6 +165,7 @@
# the first subnet of the gateway network.
require => Neutron_subnet[$public_subnet_name],
}
neutron_router_interface { "${router_name}:${private_subnet_name}":
ensure => present,
}
@ -205,27 +221,46 @@
}
}
if %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s {
firewall { '000 nat':
chain => 'POSTROUTING',
jump => 'MASQUERADE',
source => $::openstack::provision::floating_range,
outiface => $::gateway_device,
table => 'nat',
proto => 'all',
}
if %(CONFIG_PROVISION_ALL_IN_ONE_OVS_BRIDGE)s {
firewall { '000 nat':
chain => 'POSTROUTING',
jump => 'MASQUERADE',
source => $::openstack::provision::floating_range,
outiface => $::gateway_device,
table => 'nat',
proto => 'all',
}
firewall { '000 forward out':
chain => 'FORWARD',
action => 'accept',
outiface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
}
firewall { '000 forward out':
chain => 'FORWARD',
action => 'accept',
outiface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
}
firewall { '000 forward in':
chain => 'FORWARD',
action => 'accept',
iniface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
firewall { '000 forward in':
chain => 'FORWARD',
action => 'accept',
iniface => '%(CONFIG_NEUTRON_L3_EXT_BRIDGE)s',
proto => 'all',
}
}
} else {
## Standalone Tempest installation
class { 'tempest':
tempest_repo_uri => '%(CONFIG_PROVISION_TEMPEST_REPO_URI)s',
tempest_clone_path => '/var/lib/tempest',
tempest_clone_owner => 'root',
setup_venv => false,
tempest_repo_revision => '%(CONFIG_PROVISION_TEMPEST_REPO_REVISION)s',
configure_images => false,
configure_networks => false,
cinder_available => undef,
glance_available => true,
heat_available => undef,
horizon_available => undef,
neutron_available => false,
nova_available => true,
swift_available => undef,
}
}