diff --git a/example-puppet.py b/example-puppet.py index 41a141de..573acca6 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -160,9 +160,29 @@ def setup_resources(): signals.connect(admin_user, openrc, {'user_name': 'user_name','user_password':'password', 'tenant_name': 'tenant'}) # NEUTRON - # TODO: vhost cannot be specified in neutron Puppet manifests so this user has to be admin anyways - neutron_puppet = vr.create('neutron_puppet', 'resources/neutron_puppet', {})[0] + # Deploy chain neutron -> (plugins) -> neutron_server -> ( agents ) + neutron_puppet = vr.create('neutron_puppet', 'resources/neutron_puppet', { + 'core_plugin': 'neutron.plugins.openvswitch.ovs_neutron_plugin.OVSNeutronPluginV2' + })[0] + signals.connect(node1, neutron_puppet) + signals.connect(rabbitmq_service1, neutron_puppet, { + 'ip': 'rabbit_host', + 'port': 'rabbit_port' + }) + signals.connect(openstack_rabbitmq_user, neutron_puppet, { + 'user_name': 'rabbit_user', + 'password': 'rabbit_password'}) + signals.connect(openstack_vhost, neutron_puppet, { + 'vhost_name': 'rabbit_virtual_host'}) + # NEUTRON API (SERVER) + neutron_server_puppet = vr.create('neutron_server_puppet', 'resources/neutron_server_puppet', { + 'sync_db': True, + })[0] + neutron_db = vr.create('neutron_db', 'resources/mariadb_db/', { + 'db_name': 'neutron_db', 'login_user': 'root'})[0] + neutron_db_user = vr.create('neutron_db_user', 'resources/mariadb_user/', { + 'user_name': 'neutron', 'user_password': 'neutron', 'login_user': 'root'})[0] neutron_keystone_user = vr.create('neutron_keystone_user', 'resources/keystone_user', { 'user_name': 'neutron', 'user_password': 'neutron' @@ -179,24 +199,29 @@ def setup_resources(): 'type': 'network' })[0] - signals.connect(node1, neutron_puppet) - signals.connect(rabbitmq_service1, neutron_puppet, { - 'ip': 'rabbitmq_host', - 'port': 'rabbitmq_port' + signals.connect(node1, neutron_db) + signals.connect(node1, neutron_db_user) + signals.connect(mariadb_service1, neutron_db, { + 'port': 'login_port', + 'root_password': 'login_password', + 'root_user': 'login_user', + 'ip' : 'db_host'}) + signals.connect(mariadb_service1, neutron_db_user, {'port': 'login_port', 'root_password': 'login_password'}) + signals.connect(neutron_db, neutron_db_user, {'db_name', 'db_host'}) + signals.connect(neutron_db_user, neutron_server_puppet, { + 'user_name':'db_user', + 'db_name':'db_name', + 'user_password':'db_password', + 'db_host' : 'db_host'}) + signals.connect(node1, neutron_server_puppet) + signals.connect(admin_user, neutron_server_puppet, { + 'user_name': 'auth_user', + 'user_password': 'auth_password', + 'tenant_name': 'auth_tenant' }) - signals.connect(openstack_rabbitmq_user, neutron_puppet, { - 'user_name': 'rabbitmq_user', - 'password': 'rabbitmq_password'}) - signals.connect(openstack_vhost, neutron_puppet, { - 'vhost_name': 'rabbitmq_virtual_host'}) - signals.connect(admin_user, neutron_puppet, { - 'user_name': 'keystone_user', - 'user_password': 'keystone_password', - 'tenant_name': 'keystone_tenant' - }) - signals.connect(keystone_puppet, neutron_puppet, { - 'ip': 'keystone_host', - 'port': 'keystone_port' + signals.connect(keystone_puppet, neutron_server_puppet, { + 'ip': 'auth_host', + 'port': 'auth_port' }) signals.connect(services_tenant, neutron_keystone_user) signals.connect(neutron_keystone_user, neutron_keystone_role) @@ -209,9 +234,69 @@ def setup_resources(): }) signals.connect(neutron_puppet, neutron_keystone_service_endpoint, { 'ip': ['admin_ip', 'internal_ip', 'public_ip'], - 'port': ['admin_port', 'internal_port', 'public_port'], + 'bind_port': ['admin_port', 'internal_port', 'public_port'], }) + # NEUTRON OVS PLUGIN & AGENT WITH GRE + neutron_plugins_ovs = vr.create('neutron_plugins_ovs', 'resources/neutron_plugins_ovs_puppet', { + 'tenant_network_type': 'gre', + })[0] + signals.connect(node1, neutron_plugins_ovs) + signals.connect(neutron_db_user, neutron_plugins_ovs, { + 'user_name':'db_user', + 'db_name':'db_name', + 'user_password':'db_password', + 'db_host' : 'db_host' + }) + neutron_agents_ovs = vr.create('neutron_agents_ovs', 'resources/neutron_agents_ovs_puppet', { + # TODO(bogdando) these should come from the node network resource + 'enable_tunneling': True, + 'local_ip': '10.1.0.13' # should be the IP addr of the br-mesh int. + })[0] + signals.connect(node1, neutron_agents_ovs) + + # NEUTRON DHCP, L3, metadata agents + neutron_agents_dhcp = vr.create('neutron_agents_dhcp', 'resources/neutron_agents_dhcp_puppet', {})[0] + signals.connect(node1, neutron_agents_dhcp) + neutron_agents_l3 = vr.create('neutron_agents_l3', 'resources/neutron_agents_l3_puppet', { + # TODO(bogdando) these should come from the node network resource + 'metadata_port': 8775, + 'external_network_bridge': 'br-floating', + })[0] + signals.connect(node1, neutron_agents_l3) + neutron_agents_metadata = vr.create('neutron_agents_metadata', 'resources/neutron_agents_metadata_puppet', { + 'shared_secret': 'secret', + })[0] + signals.connect(node1, neutron_agents_metadata) + signals.connect(neutron_server_puppet, neutron_agents_metadata, { + 'auth_host', 'auth_port', 'auth_password', + 'auth_tenant', 'auth_user', + }) + + # NEUTRON FOR COMPUTE (node2) + # Deploy chain neutron -> (plugins) -> ( agents ) + neutron_puppet2 = vr.create('neutron_puppet2', 'resources/neutron_puppet', {})[0] + signals.connect(node2, neutron_puppet2) + signals.connect(neutron_puppet, neutron_puppet2, { + 'rabbit_host', 'rabbit_port', + 'rabbit_user', 'rabbit_password', + 'rabbit_virtual_host', + 'package_ensure', 'core_plugin', + }) + + # NEUTRON OVS PLUGIN & AGENT WITH GRE FOR COMPUTE (node2) + neutron_plugins_ovs2 = vr.create('neutron_plugins_ovs2', 'resources/neutron_plugins_ovs_puppet', {})[0] + signals.connect(node2, neutron_plugins_ovs2) + signals.connect(neutron_plugins_ovs, neutron_plugins_ovs2, { + 'db_host', 'db_name', 'db_password', 'db_user', 'tenant_network_type' + }) + neutron_agents_ovs2 = vr.create('neutron_agents_ovs2', 'resources/neutron_agents_ovs_puppet', { + # TODO(bogdando) these should come from the node network resource + 'enable_tunneling': True, + 'local_ip': '10.1.0.14' # Should be the IP addr of the br-mesh int. + })[0] + signals.connect(node2, neutron_agents_ovs2) + # CINDER cinder_puppet = vr.create('cinder_puppet', 'resources/cinder_puppet', {})[0] cinder_db = vr.create('cinder_db', 'resources/mariadb_db/', { @@ -286,6 +371,7 @@ def setup_resources(): signals.connect(node1, cinder_volume_puppet) signals.connect(cinder_puppet, cinder_volume_puppet) evapi.add_react(cinder_puppet.name, cinder_volume_puppet.name, actions=('update',)) + # NOVA nova_puppet = vr.create('nova_puppet', 'resources/nova_puppet', {})[0] nova_db = vr.create('nova_db', 'resources/mariadb_db/', { @@ -362,6 +448,7 @@ def setup_resources(): 'keystone_password': 'admin_password', 'keystone_host': 'auth_host', 'keystone_port': 'auth_port'}) + signals.connect(nova_api_puppet, neutron_agents_metadata, {'ip': 'metadata_ip'}) # NOVA CONDUCTOR nova_conductor_puppet = vr.create('nova_conductor_puppet', 'resources/nova_conductor_puppet', {})[0] @@ -391,8 +478,20 @@ def setup_resources(): # NOTE(bogdando): changes nova config, so should notify nova compute service nova_compute_libvirt_puppet = vr.create('nova_compute_libvirt_puppet', 'resources/nova_compute_libvirt_puppet', {})[0] signals.connect(node2, nova_compute_libvirt_puppet) + # compute configuration for neutron, use http auth/endpoint protocols, keystone v2 auth hardcoded for the resource nova_neutron_puppet = vr.create('nova_neutron_puppet', 'resources/nova_neutron_puppet', {})[0] signals.connect(node2, nova_neutron_puppet) + signals.connect(neutron_server_puppet, nova_neutron_puppet, { + 'auth_password': 'neutron_admin_password', + 'auth_user': 'neutron_admin_username', + 'auth_type': 'neutron_auth_strategy', + 'auth_host': 'auth_host', 'auth_port': 'auth_port', + 'auth_protocol': 'auth_protocol', + }) + signals.connect(neutron_keystone_service_endpoint, nova_neutron_puppet, { + 'internal_ip':'neutron_endpoint_host', + 'internal_port':'neutron_endpoint_port', + }) # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) @@ -510,10 +609,18 @@ resources_to_run = [ 'keystone_service_endpoint', 'services_tenant', + 'neutron_db', + 'neutron_db_user', 'neutron_keystone_user', 'neutron_keystone_role', 'neutron_puppet', 'neutron_keystone_service_endpoint', + 'neutron_plugins_ovs', + 'neutron_server_puppet', + 'neutron_agents_ovs', + 'neutron_agents_dhcp', + 'neutron_agents_l3', + 'neutron_agents_metadata', 'cinder_db', 'cinder_db_user', @@ -535,11 +642,6 @@ resources_to_run = [ 'nova_api_puppet', 'nova_conductor_puppet', - 'nova_puppet2', - 'nova_compute_libvirt_puppet', - 'nova_neutron_puppet', - 'nova_compute_puppet', - 'glance_db', 'glance_db_user', 'glance_keystone_user', @@ -547,8 +649,16 @@ resources_to_run = [ 'glance_keystone_service_endpoint', 'glance_api_puppet', 'glance_registry_puppet', -] + 'nova_puppet2', + 'nova_compute_libvirt_puppet', + 'nova_neutron_puppet', + 'nova_compute_puppet', + + 'neutron_puppet2', + 'neutron_plugins_ovs2', + 'neutron_agents_ovs2', +] @click.command() diff --git a/resources/apache_puppet/README.md b/resources/apache_puppet/README.md new file mode 100644 index 00000000..bf0e1438 --- /dev/null +++ b/resources/apache_puppet/README.md @@ -0,0 +1,4 @@ +# Apache puppet resource + +This class installs Apache and manages apache service. +Defaults provided for Debian OS family. \ No newline at end of file diff --git a/resources/apache_puppet/actions/remove.pp b/resources/apache_puppet/actions/remove.pp new file mode 100644 index 00000000..6719c017 --- /dev/null +++ b/resources/apache_puppet/actions/remove.pp @@ -0,0 +1,5 @@ +class {'apache': + service_enable => false, + service_ensure => 'stopped', + package_ensure => 'absent', +} diff --git a/resources/apache_puppet/actions/run.pp b/resources/apache_puppet/actions/run.pp new file mode 100644 index 00000000..ee2379da --- /dev/null +++ b/resources/apache_puppet/actions/run.pp @@ -0,0 +1,120 @@ +$resource = hiera($::resource_name) + +$apache_name = $resource['input']['apache_name']['value'] +$service_name = $resource['input']['service_name']['value'] +$default_mods = $resource['input']['default_mods']['value'] +$default_vhost = $resource['input']['default_vhost']['value'] +$default_charset = $resource['input']['default_charset']['value'] +$default_confd_files = $resource['input']['default_confd_files']['value'] +$default_ssl_vhost = $resource['input']['default_ssl_vhost']['value'] +$default_ssl_cert = $resource['input']['default_ssl_cert']['value'] +$default_ssl_key = $resource['input']['default_ssl_key']['value'] +$default_ssl_chain = $resource['input']['default_ssl_chain']['value'] +$default_ssl_ca = $resource['input']['default_ssl_ca']['value'] +$default_ssl_crl_path = $resource['input']['default_ssl_crl_path']['value'] +$default_ssl_crl = $resource['input']['default_ssl_crl']['value'] +$default_ssl_crl_check = $resource['input']['default_ssl_crl_check']['value'] +$default_type = $resource['input']['default_type']['value'] +$ip = $resource['input']['ip']['value'] +$service_restart = $resource['input']['service_restart']['value'] +$purge_configs = $resource['input']['purge_configs']['value'] +$purge_vhost_dir = $resource['input']['purge_vhost_dir']['value'] +$purge_vdir = $resource['input']['purge_vdir']['value'] +$serveradmin = $resource['input']['serveradmin']['value'] +$sendfile = $resource['input']['sendfile']['value'] +$error_documents = $resource['input']['error_documents']['value'] +$timeout = $resource['input']['timeout']['value'] +$httpd_dir = $resource['input']['httpd_dir']['value'] +$server_root = $resource['input']['server_root']['value'] +$conf_dir = $resource['input']['conf_dir']['value'] +$confd_dir = $resource['input']['confd_dir']['value'] +$vhost_dir = $resource['input']['vhost_dir']['value'] +$vhost_enable_dir = $resource['input']['vhost_enable_dir']['value'] +$mod_dir = $resource['input']['mod_dir']['value'] +$mod_enable_dir = $resource['input']['mod_enable_dir']['value'] +$mpm_module = $resource['input']['mpm_module']['value'] +$lib_path = $resource['input']['lib_path']['value'] +$conf_template = $resource['input']['conf_template']['value'] +$servername = $resource['input']['servername']['value'] +$manage_user = $resource['input']['manage_user']['value'] +$manage_group = $resource['input']['manage_group']['value'] +$user = $resource['input']['user']['value'] +$group = $resource['input']['group']['value'] +$keepalive = $resource['input']['keepalive']['value'] +$keepalive_timeout = $resource['input']['keepalive_timeout']['value'] +$max_keepalive_requests = $resource['input']['max_keepalive_requests']['value'] +$logroot = $resource['input']['logroot']['value'] +$logroot_mode = $resource['input']['logroot_mode']['value'] +$log_level = $resource['input']['log_level']['value'] +$log_formats = $resource['input']['log_formats']['value'] +$ports_file = $resource['input']['ports_file']['value'] +$docroot = $resource['input']['docroot']['value'] +$apache_version = $resource['input']['apache_version']['value'] +$server_tokens = $resource['input']['server_tokens']['value'] +$server_signature = $resource['input']['server_signature']['value'] +$trace_enable = $resource['input']['trace_enable']['value'] +$allow_encoded_slashes = $resource['input']['allow_encoded_slashes']['value'] +$package_ensure = $resource['input']['package_ensure']['value'] +$use_optional_includes = $resource['input']['use_optional_includes']['value'] + +class {'apache': + apache_name => $apache_name, + service_name => $service_name, + default_mods => $default_mods, + default_vhost => $default_vhost, + default_charset => $default_charset, + default_confd_files => $default_confd_files, + default_ssl_vhost => $default_ssl_vhost, + default_ssl_cert => $default_ssl_cert, + default_ssl_key => $default_ssl_key, + default_ssl_chain => $default_ssl_chain, + default_ssl_ca => $default_ssl_ca, + default_ssl_crl_path => $default_ssl_crl_path, + default_ssl_crl => $default_ssl_crl, + default_ssl_crl_check => $default_ssl_crl_check, + default_type => $default_type, + ip => $ip, + service_enable => true, + service_manage => true, + service_ensure => 'running', + service_restart => $service_restart, + purge_configs => $purge_configs, + purge_vhost_dir => $purge_vhost_dir, + purge_vdir => $purge_vdir, + serveradmin => $serveradmin, + sendfile => $sendfile, + error_documents => $error_documents, + timeout => $timeout, + httpd_dir => $httpd_dir, + server_root => $server_root, + conf_dir => $conf_dir, + confd_dir => $confd_dir, + vhost_dir => $vhost_dir, + vhost_enable_dir => $vhost_enable_dir, + mod_dir => $mod_dir, + mod_enable_dir => $mod_enable_dir, + mpm_module => $mpm_module, + lib_path => $lib_path, + conf_template => $conf_template, + servername => $servername, + manage_user => $manage_user, + manage_group => $manage_group, + user => $user, + group => $group, + keepalive => $keepalive, + keepalive_timeout => $keepalive_timeout, + max_keepalive_requests => $max_keepalive_requests, + logroot => $logroot, + logroot_mode => $logroot_mode, + log_level => $log_level, + log_formats => $log_formats, + ports_file => $ports_file, + docroot => $docroot, + apache_version => $apache_version, + server_tokens => $server_tokens, + server_signature => $server_signature, + trace_enable => $trace_enable, + allow_encoded_slashes => $allow_encoded_slashes, + package_ensure => $package_ensure, + use_optional_includes => $use_optional_includes, +} diff --git a/resources/apache_puppet/meta.yaml b/resources/apache_puppet/meta.yaml new file mode 100644 index 00000000..89a233e7 --- /dev/null +++ b/resources/apache_puppet/meta.yaml @@ -0,0 +1,186 @@ +id: apache_puppet +handler: puppet +puppet_module: apache +version: 1.0.0 +input: + apache_name: + schema: str + value: 'apache2' + service_name: + schema: str + value: 'apache2' + default_mods: + schema: bool + value: true + default_vhost: + schema: bool + value: true + default_charset: + schema: str + value: + default_confd_files: + schema: bool + value: true + default_ssl_vhost: + schema: bool + value: false + default_ssl_cert: + schema: str + value: '/etc/ssl/certs/ssl-cert-snakeoil.pem' + default_ssl_key: + schema: str + value: '/etc/ssl/private/ssl-cert-snakeoil.key' + default_ssl_chain: + schema: str + value: + default_ssl_ca: + schema: str + value: + default_ssl_crl_path: + schema: str + value: + default_ssl_crl: + schema: str + value: + default_ssl_crl_check: + schema: str + value: + default_type: + schema: str + value: 'none' + service_restart: + schema: str + value: 'restart' + purge_configs: + schema: bool + value: true + purge_vhost_dir: + schema: str + value: + purge_vdir: + schema: bool + value: false + serveradmin: + schema: str + value: 'root@localhost' + sendfile: + schema: str + value: 'On' + error_documents: + schema: bool + value: false + timeout: + schema: int + value: 120 + httpd_dir: + schema: str + value: '/etc/apache2' + server_root: + schema: str + value: '/etc/apache2' + conf_dir: + schema: str + value: '/etc/apache2' + confd_dir: + schema: str + value: '/etc/apache2/conf.d' + vhost_dir: + schema: str + value: '/etc/apache2/sites-available' + vhost_enable_dir: + schema: str + value: '/etc/apache2/sites-enabled' + mod_dir: + schema: str + value: '/etc/apache2/mods-available' + mod_enable_dir: + schema: str + value: '/etc/apache2/mods-enabled' + mpm_module: + schema: str + value: 'worker' + lib_path: + schema: str + value: '/usr/lib/apache2/modules' + conf_template: + schema: str + value: 'apache/httpd.conf.erb' + servername: + schema: str! + value: + manage_user: + schema: bool + value: true + manage_group: + schema: bool + value: true + user: + schema: str + value: 'www-data' + group: + schema: str + value: 'www-data' + keepalive: + schema: str + value: 'Off' + keepalive_timeout: + schema: int + value: 15 + max_keepalive_requests: + schema: int + value: 100 + logroot: + schema: str + value: '/var/log/apache2' + logroot_mode: + schema: str + value: '0640' + log_level: + schema: str + value: 'warn' + log_formats: + schema: {} + value: {} + ports_file: + schema: str + value: '/etc/apache2/ports.conf' + docroot: + schema: str + value: '/srv/www' + apache_version: + schema: str + value: '2.4' + server_tokens: + schema: str + value: 'OS' + server_signature: + schema: str + value: 'On' + trace_enable: + schema: str + value: 'On' + allow_encoded_slashes: + schema: str + value: + package_ensure: + schema: str + value: 'installed' + use_optional_includes: + schema: bool + value: false + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/puppetlabs/puppetlabs-apache.git', branch: '1.5.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/apache_service, resources/apache] diff --git a/resources/apache_puppet/test.py b/resources/apache_puppet/test.py new file mode 100644 index 00000000..a9f2b725 --- /dev/null +++ b/resources/apache_puppet/test.py @@ -0,0 +1,11 @@ +import requests + +from solar.core.log import log + + +def test(resource): + log.debug('Testing apache_puppet') + requests.get( + 'http://%s:%s' % (resource.args['ip'].value, 80) + + ) diff --git a/resources/neutron_agents_dhcp_puppet/README.md b/resources/neutron_agents_dhcp_puppet/README.md new file mode 100644 index 00000000..ea1fcedb --- /dev/null +++ b/resources/neutron_agents_dhcp_puppet/README.md @@ -0,0 +1,57 @@ +# Neutron DHCP agent puppet resource + +Installs and configures the Neutron DHCP service + +# Parameters + +https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/agents/dhcp.pp + + ``package_ensure`` + (optional) Ensure state for package. Defaults to 'present'. + + ``debug`` + (optional) Show debugging output in log. Defaults to false. + + ``state_path`` + (optional) Where to store dnsmasq state files. This directory must be + writable by the user executing the agent. Defaults to '/var/lib/neutron'. + + ``resync_interval`` + (optional) The DHCP agent will resync its state with Neutron to recover + from any transient notification or rpc errors. The interval is number of + seconds between attempts. Defaults to 30. + + ``interface_driver`` + (optional) Defaults to 'neutron.agent.linux.interface.OVSInterfaceDriver'. + + ``dhcp_driver`` + (optional) Defaults to 'neutron.agent.linux.dhcp.Dnsmasq'. + + ``root_helper`` + (optional) Defaults to 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf'. + Addresses bug: https://bugs.launchpad.net/neutron/+bug/1182616 + Note: This can safely be removed once the module only targets the Havana release. + + ``use_namespaces`` + (optional) Allow overlapping IP (Must have kernel build with + CONFIG_NET_NS=y and iproute2 package that supports namespaces). + Defaults to true. + + ``dnsmasq_config_file`` + (optional) Override the default dnsmasq settings with this file. + Defaults to undef + + ``dhcp_delete_namespaces`` + (optional) Delete namespace after removing a dhcp server + Defaults to false. + + ``enable_isolated_metadata`` + (optional) enable metadata support on isolated networks. + Defaults to false. + + ``enable_metadata_network`` + (optional) Allows for serving metadata requests coming from a dedicated metadata + access network whose cidr is 169.254.169.254/16 (or larger prefix), and is + connected to a Neutron router from which the VMs send metadata request. + This option requires enable_isolated_metadata = True + Defaults to false. \ No newline at end of file diff --git a/resources/neutron_agents_dhcp_puppet/actions/remove.pp b/resources/neutron_agents_dhcp_puppet/actions/remove.pp new file mode 100644 index 00000000..72dc2b1a --- /dev/null +++ b/resources/neutron_agents_dhcp_puppet/actions/remove.pp @@ -0,0 +1,16 @@ +class { 'neutron::agents::dhcp': + package_ensure => 'absent', + enabled => false, +} + +include neutron::params + +package { 'neutron': + ensure => 'absent', + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-dhcp-service' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_dhcp_puppet/actions/run.pp b/resources/neutron_agents_dhcp_puppet/actions/run.pp new file mode 100644 index 00000000..c0c9cae1 --- /dev/null +++ b/resources/neutron_agents_dhcp_puppet/actions/run.pp @@ -0,0 +1,45 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$package_ensure = $resource['input']['package_ensure']['value'] +$debug = $resource['input']['debug']['value'] +$state_path = $resource['input']['state_path']['value'] +$resync_interval = $resource['input']['resync_interval']['value'] +$interface_driver = $resource['input']['interface_driver']['value'] +$dhcp_driver = $resource['input']['dhcp_driver']['value'] +$root_helper = $resource['input']['root_helper']['value'] +$use_namespaces = $resource['input']['use_namespaces']['value'] +$dnsmasq_config_file = $resource['input']['dnsmasq_config_file']['value'] +$dhcp_delete_namespaces = $resource['input']['dhcp_delete_namespaces']['value'] +$enable_isolated_metadata = $resource['input']['enable_isolated_metadata']['value'] +$enable_metadata_network = $resource['input']['enable_metadata_network']['value'] + +class { 'neutron::agents::dhcp': + enabled => true, + manage_service => true, + package_ensure => $package_ensure, + debug => $debug, + state_path => $state_path, + resync_interval => $resync_interval, + interface_driver => $interface_driver, + dhcp_driver => $dhcp_driver, + root_helper => $root_helper, + use_namespaces => $use_namespaces, + dnsmasq_config_file => $dnsmasq_config_file, + dhcp_delete_namespaces => $dhcp_delete_namespaces, + enable_isolated_metadata => $enable_isolated_metadata, + enable_metadata_network => $enable_metadata_network, +} + +include neutron::params + +package { 'neutron': + ensure => $package_ensure, + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-dhcp-service' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_dhcp_puppet/meta.yaml b/resources/neutron_agents_dhcp_puppet/meta.yaml new file mode 100644 index 00000000..9893e2e7 --- /dev/null +++ b/resources/neutron_agents_dhcp_puppet/meta.yaml @@ -0,0 +1,57 @@ +handler: puppet +id: 'neutron_agents_dhcp_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + package_ensure: + schema: str + value: present + debug: + schema: bool + value: false + state_path: + schema: str + value: '/var/lib/neutron' + resync_interval: + schema: int + value: 30 + interface_driver: + schema: str + value: 'neutron.agent.linux.interface.OVSInterfaceDriver' + dhcp_driver: + schema: str + value: 'neutron.agent.linux.dhcp.Dnsmasq' + root_helper: + schema: str + value: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf' + use_namespaces: + schema: bool + value: true + dnsmasq_config_file: + schema: str + value: + dhcp_delete_namespaces: + schema: bool + value: false + enable_isolated_metadata: + schema: bool + value: false + enable_metadata_network: + schema: bool + value: false + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_agents_dhcp] +version: 1.0.0 diff --git a/resources/neutron_agents_l3_puppet/README.md b/resources/neutron_agents_l3_puppet/README.md new file mode 100644 index 00000000..4a74b464 --- /dev/null +++ b/resources/neutron_agents_l3_puppet/README.md @@ -0,0 +1,100 @@ +# Neutron L3 agent puppet resource + +Installs and configures the Neutron L3 service +TODO: create ability to have multiple L3 services + +# Parameters + +https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/agents/l3.pp + + ``package_ensure`` + (optional) The state of the package + Defaults to present + + ``debug`` + (optional) Print debug info in logs + Defaults to false + + ``external_network_bridge`` + (optional) The name of the external bridge + Defaults to br-ex + + ``use_namespaces`` + (optional) Enable overlapping IPs / network namespaces + Defaults to false + + ``interface_driver`` + (optional) Driver to interface with neutron + Defaults to OVSInterfaceDriver + + ``router_id`` + (optional) The ID of the external router in neutron + Defaults to blank + + ``gateway_external_network_id`` + (optional) The ID of the external network in neutron + Defaults to blank + + ``handle_internal_only_routers`` + (optional) L3 Agent will handle non-external routers + Defaults to true + + ``metadata_port`` + (optional) The port of the metadata server + Defaults to 9697 + + ``send_arp_for_ha`` + (optional) Send this many gratuitous ARPs for HA setup. Set it below or equal to 0 + to disable this feature. + Defaults to 3 + + ``periodic_interval`` + (optional) seconds between re-sync routers' data if needed + Defaults to 40 + + ``periodic_fuzzy_delay`` + (optional) seconds to start to sync routers' data after starting agent + Defaults to 5 + + ``enable_metadata_proxy`` + (optional) can be set to False if the Nova metadata server is not available + Defaults to True + + ``network_device_mtu`` + (optional) The MTU size for the interfaces managed by the L3 agent + Defaults to undef + Should be deprecated in the next major release in favor of a global parameter + + ``router_delete_namespaces`` + (optional) namespaces can be deleted cleanly on the host running the L3 agent + Defaults to False + + ``ha_enabled`` + (optional) Enabled or not HA for L3 agent. + Defaults to false + + ``ha_vrrp_auth_type`` + (optional) VRRP authentication type. Can be AH or PASS. + Defaults to "PASS" + + ``ha_vrrp_auth_password`` + (optional) VRRP authentication password. Required if ha_enabled = true. + Defaults to undef + + ``ha_vrrp_advert_int`` + (optional) The advertisement interval in seconds. + Defaults to '2' + + ``agent_mode`` + (optional) The working mode for the agent. + 'legacy': default behavior (without DVR) + 'dvr': enable DVR for an L3 agent running on compute node (DVR in production) + 'dvr_snat': enable DVR with centralized SNAT support (DVR for single-host, for testing only) + Defaults to 'legacy' + + ``allow_automatic_l3agent_failover`` + (optional) Automatically reschedule routers from offline L3 agents to online + L3 agents. + This is another way to run virtual routers in highly available way but with slow + failover performances compared to Keepalived feature in Neutron L3 Agent. + Defaults to 'False' \ No newline at end of file diff --git a/resources/neutron_agents_l3_puppet/actions/remove.pp b/resources/neutron_agents_l3_puppet/actions/remove.pp new file mode 100644 index 00000000..11b04be2 --- /dev/null +++ b/resources/neutron_agents_l3_puppet/actions/remove.pp @@ -0,0 +1,16 @@ +class { 'neutron::agents::l3': + package_ensure => 'absent', + enabled => false, +} + +include neutron::params + +package { 'neutron': + ensure => 'absent', + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-l3' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_l3_puppet/actions/run.pp b/resources/neutron_agents_l3_puppet/actions/run.pp new file mode 100644 index 00000000..66971b1d --- /dev/null +++ b/resources/neutron_agents_l3_puppet/actions/run.pp @@ -0,0 +1,63 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$package_ensure = $resource['input']['package_ensure']['value'] +$debug = $resource['input']['debug']['value'] +$external_network_bridge = $resource['input']['external_network_bridge']['value'] +$use_namespaces = $resource['input']['use_namespaces']['value'] +$interface_driver = $resource['input']['interface_driver']['value'] +$router_id = $resource['input']['router_id']['value'] +$gateway_external_network_id = $resource['input']['gateway_external_network_id']['value'] +$handle_internal_only_routers = $resource['input']['handle_internal_only_routers']['value'] +$metadata_port = $resource['input']['metadata_port']['value'] +$send_arp_for_ha = $resource['input']['send_arp_for_ha']['value'] +$periodic_interval = $resource['input']['periodic_interval']['value'] +$periodic_fuzzy_delay = $resource['input']['periodic_fuzzy_delay']['value'] +$enable_metadata_proxy = $resource['input']['enable_metadata_proxy']['value'] +$network_device_mtu = $resource['input']['network_device_mtu']['value'] +$router_delete_namespaces = $resource['input']['router_delete_namespaces']['value'] +$ha_enabled = $resource['input']['ha_enabled']['value'] +$ha_vrrp_auth_type = $resource['input']['ha_vrrp_auth_type']['value'] +$ha_vrrp_auth_password = $resource['input']['ha_vrrp_auth_password']['value'] +$ha_vrrp_advert_int = $resource['input']['ha_vrrp_advert_int']['value'] +$agent_mode = $resource['input']['agent_mode']['value'] +$allow_automatic_l3agent_failover = $resource['input']['allow_automatic_l3agent_failover']['value'] + +class { 'neutron::agents::l3': + enabled => true, + manage_service => true, + package_ensure => $package_ensure, + debug => $debug, + external_network_bridge => $external_network_bridge, + use_namespaces => $use_namespaces, + interface_driver => $interface_driver, + router_id => $router_id, + gateway_external_network_id => $gateway_external_network_id, + handle_internal_only_routers => $handle_internal_only_routers, + metadata_port => $metadata_port, + send_arp_for_ha => $send_arp_for_ha, + periodic_interval => $periodic_interval, + periodic_fuzzy_delay => $periodic_fuzzy_delay, + enable_metadata_proxy => $enable_metadata_proxy, + network_device_mtu => $network_device_mtu, + router_delete_namespaces => $router_delete_namespaces, + ha_enabled => $ha_enabled, + ha_vrrp_auth_type => $ha_vrrp_auth_type, + ha_vrrp_auth_password => $ha_vrrp_auth_password, + ha_vrrp_advert_int => $ha_vrrp_advert_int, + agent_mode => $agent_mode, + allow_automatic_l3agent_failover => $allow_automatic_l3agent_failover, +} + +include neutron::params + +package { 'neutron': + ensure => $package_ensure, + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-l3' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_l3_puppet/meta.yaml b/resources/neutron_agents_l3_puppet/meta.yaml new file mode 100644 index 00000000..41d6be40 --- /dev/null +++ b/resources/neutron_agents_l3_puppet/meta.yaml @@ -0,0 +1,84 @@ +handler: puppet +id: 'neutron_agents_l3_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + package_ensure: + schema: str + value: 'present' + debug: + schema: bool + value: false + external_network_bridge: + schema: str + value: 'br-ex' + use_namespaces: + schema: bool + value: true + interface_driver: + schema: str + value: 'neutron.agent.linux.interface.OVSInterfaceDriver' + router_id: + schema: str + value: + gateway_external_network_id: + schema: str + value: + handle_internal_only_routers: + schema: bool + value: true + metadata_port: + schema: int + value: 9697 + send_arp_for_ha: + schema: int + value: 3 + periodic_interval: + schema: int + value: 40 + periodic_fuzzy_delay: + schema: int + value: 5 + enable_metadata_proxy: + schema: bool + value: true + network_device_mtu: + schema: str + value: + router_delete_namespaces: + schema: bool + value: false + ha_enabled: + schema: bool + value: false + ha_vrrp_auth_type: + schema: str + value: 'PASS' + ha_vrrp_auth_password: + schema: str + value: + ha_vrrp_advert_int: + schema: int + value: 3 + agent_mode: + schema: str + value: 'legacy' + allow_automatic_l3agent_failover: + schema: bool + value: false + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_agents_l3] +version: 1.0.0 diff --git a/resources/neutron_agents_metadata_puppet/README.md b/resources/neutron_agents_metadata_puppet/README.md new file mode 100644 index 00000000..94cba4c7 --- /dev/null +++ b/resources/neutron_agents_metadata_puppet/README.md @@ -0,0 +1,65 @@ +# Neutron DHCP agent puppet resource + +Setup and configure Neutron metadata agent + +# Parameters + +https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/agents/metadata.pp + + ``auth_password`` + (required) The password for the administrative user. + + ``shared_secret`` + (required) Shared secret to validate proxies Neutron metadata requests. + + ``package_ensure`` + Ensure state of the package. Defaults to 'present'. + + ``debug`` + Debug. Defaults to false. + + ``auth_tenant`` + The administrative user's tenant name. Defaults to 'services'. + + ``auth_user`` + The administrative user name for OpenStack Networking. + Defaults to 'neutron'. + + ``auth_url`` + The URL used to validate tokens. Defaults to 'http://localhost:35357/v2.0'. + Note, for this resource it is decomposed to auth_host and auth_port + due to implementation restrictions + + ``auth_insecure`` + turn off verification of the certificate for ssl (Defaults to false) + + ``auth_ca_cert`` + CA cert to check against with for ssl keystone. (Defaults to undef) + + ``auth_region`` + The authentication region. Defaults to 'RegionOne'. + + ``metadata_ip`` + The IP address of the metadata service. Defaults to '127.0.0.1'. + + ``metadata_port`` + The TCP port of the metadata service. Defaults to 8775. + + ``metadata_workers`` + (optional) Number of separate worker processes to spawn. + The default, count of machine's processors, runs the worker thread in the + current process. + Greater than 0 launches that number of child processes as workers. + The parent process manages them. Having more workers will help to improve performances. + Defaults to: $::processorcount + + ``metadata_backlog`` + (optional) Number of backlog requests to configure the metadata server socket with. + Defaults to 4096 + + ``metadata_memory_cache_ttl`` + (optional) Specifies time in seconds a metadata cache entry is valid in + memory caching backend. + Set to 0 will cause cache entries to never expire. + Set to undef or false to disable cache. + Defaults to 5 \ No newline at end of file diff --git a/resources/neutron_agents_metadata_puppet/actions/remove.pp b/resources/neutron_agents_metadata_puppet/actions/remove.pp new file mode 100644 index 00000000..15000590 --- /dev/null +++ b/resources/neutron_agents_metadata_puppet/actions/remove.pp @@ -0,0 +1,16 @@ +class { 'neutron::agents::metadata': + package_ensure => 'absent', + enabled => false, +} + +include neutron::params + +package { 'neutron': + ensure => 'absent', + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-metadata' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_metadata_puppet/actions/run.pp b/resources/neutron_agents_metadata_puppet/actions/run.pp new file mode 100644 index 00000000..ab99d768 --- /dev/null +++ b/resources/neutron_agents_metadata_puppet/actions/run.pp @@ -0,0 +1,53 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$auth_host = $resource['input']['auth_host']['value'] +$auth_port = $resource['input']['auth_port']['value'] + +$auth_password = $resource['input']['auth_password']['value'] +$shared_secret = $resource['input']['shared_secret']['value'] +$package_ensure = $resource['input']['package_ensure']['value'] +$debug = $resource['input']['debug']['value'] +$auth_tenant = $resource['input']['auth_tenant']['value'] +$auth_user = $resource['input']['auth_user']['value'] +$auth_insecure = $resource['input']['auth_insecure']['value'] +$auth_ca_cert = $resource['input']['auth_ca_cert']['value'] +$auth_region = $resource['input']['auth_region']['value'] +$metadata_ip = $resource['input']['metadata_ip']['value'] +$metadata_port = $resource['input']['metadata_port']['value'] +$metadata_workers = $resource['input']['metadata_workers']['value'] +$metadata_backlog = $resource['input']['metadata_backlog']['value'] +$metadata_memory_cache_ttl = $resource['input']['metadata_memory_cache_ttl']['value'] + +class { 'neutron::agents::metadata': + enabled => true, + manage_service => true, + auth_password => $auth_password, + shared_secret => $shared_secret, + package_ensure => $package_ensure, + debug => $debug, + auth_tenant => $auth_tenant, + auth_user => $auth_user, + auth_url => "http://${auth_host}:${auth_port}/v2.0", + auth_insecure => $auth_insecure, + auth_ca_cert => $auth_ca_cert, + auth_region => $auth_region, + metadata_ip => $metadata_ip, + metadata_port => $metadata_port, + metadata_workers => $metadata_workers, + metadata_backlog => $metadata_backlog, + metadata_memory_cache_ttl => $metadata_memory_cache_ttl, +} + +include neutron::params + +package { 'neutron': + ensure => $package_ensure, + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-metadata' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_metadata_puppet/meta.yaml b/resources/neutron_agents_metadata_puppet/meta.yaml new file mode 100644 index 00000000..0d7a2e17 --- /dev/null +++ b/resources/neutron_agents_metadata_puppet/meta.yaml @@ -0,0 +1,70 @@ +handler: puppet +id: 'neutron_agents_metadata_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + auth_password: + schema: str! + value: + shared_secret: + schema: str! + value: + package_ensure: + schema: str + value: 'present' + debug: + schema: bool + value: false + auth_tenant: + schema: str + value: 'services' + auth_user: + schema: str + value: 'neutron' + auth_insecure: + schema: bool + value: false + auth_ca_cert: + schema: str + value: + auth_region: + schema: str + value: 'RegionOne' + metadata_ip: + schema: str + value: '127.0.0.1' + metadata_port: + schema: int + value: 8775 + metadata_workers: + schema: int + value: 1 + metadata_backlog: + schema: int + value: 4096 + metadata_memory_cache_ttl: + schema: int + value: 5 + + auth_host: + schema: str + value: 'localhost' + auth_port: + schema: int + value: 35357 + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_agents_metadata] +version: 1.0.0 diff --git a/resources/neutron_agents_ovs_puppet/README.md b/resources/neutron_agents_ovs_puppet/README.md new file mode 100644 index 00000000..b04c023c --- /dev/null +++ b/resources/neutron_agents_ovs_puppet/README.md @@ -0,0 +1,5 @@ +# Neutron OVS agent puppet resource + +Setups OVS neutron agent + +source https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/agents/ovs.pp \ No newline at end of file diff --git a/resources/neutron_agents_ovs_puppet/actions/remove.pp b/resources/neutron_agents_ovs_puppet/actions/remove.pp new file mode 100644 index 00000000..30baa70a --- /dev/null +++ b/resources/neutron_agents_ovs_puppet/actions/remove.pp @@ -0,0 +1,4 @@ +class { 'neutron::agents::ovs': + package_ensure => 'absent', + enabled => false, +} \ No newline at end of file diff --git a/resources/neutron_agents_ovs_puppet/actions/run.pp b/resources/neutron_agents_ovs_puppet/actions/run.pp new file mode 100644 index 00000000..8ae399bd --- /dev/null +++ b/resources/neutron_agents_ovs_puppet/actions/run.pp @@ -0,0 +1,38 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$package_ensure = $resource['input']['package_ensure']['value'] +$bridge_uplinks = $resource['input']['bridge_uplinks']['value'] +$bridge_mappings = $resource['input']['bridge_mappings']['value'] +$integration_bridge = $resource['input']['integration_bridge']['value'] +$enable_tunneling = $resource['input']['enable_tunneling']['value'] +$tunnel_types = $resource['input']['tunnel_types']['value'] +$local_ip = $resource['input']['local_ip']['value'] +$tunnel_bridge = $resource['input']['tunnel_bridge']['value'] +$vxlan_udp_port = $resource['input']['vxlan_udp_port']['value'] +$polling_interval = $resource['input']['polling_interval']['value'] +$firewall_driver = $resource['input']['firewall_driver']['value'] +$veth_mtu = $resource['input']['veth_mtu']['value'] + +class { 'neutron::agents::ovs': + enabled => true, + manage_service => true, + package_ensure => $package_ensure, + bridge_uplinks => $bridge_uplinks, + bridge_mappings => $bridge_mappings, + integration_bridge => $integration_bridge, + enable_tunneling => $enable_tunneling, + tunnel_types => $tunnel_types, + local_ip => $local_ip, + tunnel_bridge => $tunnel_bridge, + vxlan_udp_port => $vxlan_udp_port, + polling_interval => $polling_interval, + firewall_driver => $firewall_driver, + veth_mtu => $veth_mtu, +} + +# Remove external class dependency +Service <| title == 'neutron-plugin-ovs-service' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_agents_ovs_puppet/meta.yaml b/resources/neutron_agents_ovs_puppet/meta.yaml new file mode 100644 index 00000000..e29d979d --- /dev/null +++ b/resources/neutron_agents_ovs_puppet/meta.yaml @@ -0,0 +1,57 @@ +handler: puppet +id: 'neutron_agents_ovs_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + package_ensure: + schema: str + value: 'present' + bridge_uplinks: + schema: [str] + value: [] + bridge_mappings: + schema: [str] + value: [] + integration_bridge: + schema: str + value: 'br-int' + enable_tunneling: + schema: bool + value: false + tunnel_types: + schema: [str] + value: [] + local_ip: + schema: str + value: + tunnel_bridge: + schema: str + value: 'br-tun' + vxlan_udp_port: + schema: int + value: 4789 + polling_interval: + schema: int + value: 2 + firewall_driver: + schema: str + value: 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver' + veth_mtu: + schema: str + value: + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_agents_ovs] +version: 1.0.0 diff --git a/resources/neutron_plugins_ovs_puppet/README.md b/resources/neutron_plugins_ovs_puppet/README.md new file mode 100644 index 00000000..af945afe --- /dev/null +++ b/resources/neutron_plugins_ovs_puppet/README.md @@ -0,0 +1,17 @@ +# Neutron OVS plugin puppet resource + +Configure the neutron server to use the OVS plugin. +This configures the plugin for the API server, but does nothing +about configuring the agents that must also run and share a config +file with the OVS plugin if both are on the same machine. + +Note, this plugin was deprecated, you may want to use the ML2 plugin instead. + +NB: don't need tunnel ID range when using VLANs, +*but* you do need the network vlan range regardless of type, +because the list of networks there is still important +even if the ranges aren't specified +if type is vlan or flat, a default of physnet1:1000:2000 is used +otherwise this will not be set by default. + +source https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/plugins/ovs.pp \ No newline at end of file diff --git a/resources/neutron_plugins_ovs_puppet/actions/remove.pp b/resources/neutron_plugins_ovs_puppet/actions/remove.pp new file mode 100644 index 00000000..1ab65452 --- /dev/null +++ b/resources/neutron_plugins_ovs_puppet/actions/remove.pp @@ -0,0 +1,15 @@ +class { 'neutron::plugins::ovs': + package_ensure => 'absent', +} + +include neutron::params + +package { 'neutron': + ensure => 'absent', + name => $::neutron::params::package_name, +} + +# Remove external class dependency +Service <| title == 'neutron-plugin-ovs-service' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_plugins_ovs_puppet/actions/run.pp b/resources/neutron_plugins_ovs_puppet/actions/run.pp new file mode 100644 index 00000000..e4816044 --- /dev/null +++ b/resources/neutron_plugins_ovs_puppet/actions/run.pp @@ -0,0 +1,51 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$db_user = $resource['input']['db_user']['value'] +$db_host = $resource['input']['db_host']['value'] +$db_password = $resource['input']['db_password']['value'] +$db_name = $resource['input']['db_name']['value'] + +$package_ensure = $resource['input']['package_ensure']['value'] +$sql_max_retries = $resource['input']['sql_max_retries']['value'] +$sql_idle_timeout = $resource['input']['sql_idle_timeout']['value'] +$reconnect_interval = $resource['input']['reconnect_interval']['value'] +$tenant_network_type = $resource['input']['tenant_network_type']['value'] +$network_vlan_ranges = $resource['input']['network_vlan_ranges']['value'] +$tunnel_id_ranges = $resource['input']['tunnel_id_ranges']['value'] +$vxlan_udp_port = $resource['input']['vxlan_udp_port']['value'] + +# Stamp neutron head, if current version is None, or upgrade head would fail later +$command = '/usr/bin/neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugin.ini' +class { 'neutron::plugins::ovs': + package_ensure => $package_ensure, + sql_connection => "mysql://${db_user}:${db_password}@${db_host}/${db_name}", + sql_max_retries => $sql_max_retries, + sql_idle_timeout => $sql_idle_timeout, + reconnect_interval => $reconnect_interval, + tenant_network_type => $tenant_network_type, + network_vlan_ranges => $network_vlan_ranges, + tunnel_id_ranges => $tunnel_id_ranges, + vxlan_udp_port => $vxlan_udp_port, +} -> + +exec { 'neutron-db-sync': + provider => 'shell', + command => "${command} stamp head", + path => [ '/usr/bin', '/bin' ], + onlyif => "${command} current | grep -qE '^Current revision.*None$' " +} + +include neutron::params + +package { 'neutron': + ensure => $package_ensure, + name => $::neutron::params::package_name, + before => Exec['neutron-db-sync'] +} + +# Remove external class dependency +Service <| title == 'neutron-plugin-ovs-service' |> { + require => undef +} diff --git a/resources/neutron_plugins_ovs_puppet/meta.yaml b/resources/neutron_plugins_ovs_puppet/meta.yaml new file mode 100644 index 00000000..06b770d6 --- /dev/null +++ b/resources/neutron_plugins_ovs_puppet/meta.yaml @@ -0,0 +1,58 @@ +handler: puppet +id: 'neutron_plugins_ovs_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + package_ensure: + schema: str + value: 'present' + sql_max_retries: + schema: str + value: + sql_idle_timeout: + schema: str + value: + reconnect_interval: + schema: str + value: + tenant_network_type: + schema: str + value: 'vlan' + network_vlan_ranges: + schema: str + value: + tunnel_id_ranges: + schema: str + value: '1:1000' + vxlan_udp_port: + schema: int + value: 4789 + + db_user: + schema: str! + value: + db_password: + schema: str! + value: + db_name: + schema: str! + value: + db_host: + schema: str! + value: + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_plugins_ovs] +version: 1.0.0 diff --git a/resources/neutron_puppet/README.md b/resources/neutron_puppet/README.md new file mode 100644 index 00000000..217cd25a --- /dev/null +++ b/resources/neutron_puppet/README.md @@ -0,0 +1,194 @@ +# Neutron puppet resource + + Installs the neutron package and configures + /etc/neutron/neutron.conf for SSL, AMQP, logging, service plugins and other stuff. + Does not produce any services. + +# Parameters: + +source https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/init.pp + + ``package_ensure`` + (optional) The state of the package + Defaults to 'present' + + ``verbose`` + (optional) Verbose logging + Defaults to False + + ``debug`` + (optional) Print debug messages in the logs + Defaults to False + + ``bind_host`` + (optional) The IP/interface to bind to + Defaults to 0.0.0.0 (all interfaces) + + ``bind_port`` + (optional) The port to use + Defaults to 9696 + + ``core_plugin`` + (optional) Neutron plugin provider + Defaults to openvswitch + Could be bigswitch, brocade, cisco, embrane, hyperv, linuxbridge, midonet, ml2, mlnx, nec, nicira, plumgrid, ryu + + ``service_plugins`` + (optional) Advanced service modules. + Could be an array that can have these elements: + router, firewall, lbaas, vpnaas, metering + Defaults to empty + + ``auth_strategy`` + (optional) How to authenticate + Defaults to 'keystone'. 'noauth' is the only other valid option + + ``base_mac`` + (optional) The MAC address pattern to use. + Defaults to fa:16:3e:00:00:00 + + ``mac_generation_retries`` + (optional) How many times to try to generate a unique mac + Defaults to 16 + + ``dhcp_lease_duration`` + (optional) DHCP lease + Defaults to 86400 seconds + + ``dhcp_agents_per_network`` + (optional) Number of DHCP agents scheduled to host a network. + This enables redundant DHCP agents for configured networks. + Defaults to 1 + + ``network_device_mtu`` + (optional) The MTU size for the interfaces managed by neutron + Defaults to undef + + ``dhcp_agent_notification`` + (optional) Allow sending resource operation notification to DHCP agent. + Defaults to true + + ``allow_bulk`` + (optional) Enable bulk crud operations + Defaults to true + + ``allow_pagination`` + (optional) Enable pagination + Defaults to false + + ``allow_sorting`` + (optional) Enable sorting + Defaults to false + + ``allow_overlapping_ips`` + (optional) Enables network namespaces + Defaults to false + + ``api_extensions_path`` + (optional) Specify additional paths for API extensions that the + module in use needs to load. + Defaults to undef + + ``report_interval`` + (optional) Seconds between nodes reporting state to server; should be less than + agent_down_time, best if it is half or less than agent_down_time. + agent_down_time is a config for neutron-server, set by class neutron::server + report_interval is a config for neutron agents, set by class neutron + Defaults to: 30 + + ``control_exchange`` + (optional) What RPC queue/exchange to use + Defaults to neutron + + ``rpc_backend`` + (optional) what rpc/queuing service to use + Defaults to impl_kombu (rabbitmq) + + ``rabbit_password`` + ``rabbit_host`` + ``rabbit_port`` + ``rabbit_user`` + (optional) Various rabbitmq settings + + ``rabbit_hosts`` + (optional) array of rabbitmq servers for HA. + A single IP address, such as a VIP, can be used for load-balancing + multiple RabbitMQ Brokers. + Defaults to false + + ``rabbit_use_ssl`` + (optional) Connect over SSL for RabbitMQ + Defaults to false + + ``kombu_ssl_ca_certs`` + (optional) SSL certification authority file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_certfile`` + (optional) SSL cert file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_keyfile`` + (optional) SSL key file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_version`` + (optional) SSL version to use (valid only if SSL enabled). + Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be + available on some distributions. + Defaults to 'TLSv1' + + ``kombu_reconnect_delay`` + (optional) The amount of time to wait before attempting to reconnect + to MQ provider. This is used in some cases where you may need to wait + for the provider to propery premote the master before attempting to + reconnect. See https://review.openstack.org/#/c/76686 + Defaults to '1.0' + + ``qpid_hostname`` + ``qpid_port`` + ``qpid_username`` + ``qpid_password`` + ``qpid_heartbeat`` + ``qpid_protocol`` + ``qpid_tcp_nodelay`` + ``qpid_reconnect`` + ``qpid_reconnect_timeout`` + ``qpid_reconnect_limit`` + ``qpid_reconnect_interval`` + ``qpid_reconnect_interval_min`` + ``qpid_reconnect_interval_max`` + (optional) various QPID options + + ``use_ssl`` + (optinal) Enable SSL on the API server + Defaults to false, not set + + ``cert_file`` + (optinal) certificate file to use when starting api server securely + defaults to false, not set + + ``key_file`` + (optional) Private key file to use when starting API server securely + Defaults to false, not set + + ``ca_file`` + (optional) CA certificate file to use to verify connecting clients + Defaults to false, not set + + ``use_syslog`` + (optional) Use syslog for logging + Defaults to false + + ``log_facility`` + (optional) Syslog facility to receive log lines + Defaults to LOG_USER + + ``log_file`` + (optional) Where to log + Defaults to false + + ``log_dir`` + (optional) Directory where logs should be stored + If set to boolean false, it will not log to any directory + Defaults to /var/log/neutron diff --git a/resources/neutron_puppet/actions/remove.pp b/resources/neutron_puppet/actions/remove.pp index d6967955..52cfc1a4 100644 --- a/resources/neutron_puppet/actions/remove.pp +++ b/resources/neutron_puppet/actions/remove.pp @@ -1,22 +1,5 @@ -$resource = hiera('{{ resource_name }}') - -$rabbitmq_user = $resource['input']['rabbitmq_user']['value'] -$rabbitmq_password = $resource['input']['rabbitmq_password']['value'] -$rabbitmq_host = $resource['input']['rabbitmq_host']['value'] -$rabbitmq_port = $resource['input']['rabbitmq_port']['value'] - -class { 'neutron::server': - enabled => false, - package_ensure => 'absent', - auth_type => 'noauth' -} - class { 'neutron': - enabled => false, - package_ensure => 'absent', - rabbit_user => $rabbitmq_user, - rabbit_password => $rabbitmq_password, - rabbit_host => $rabbitmq_host, - rabbit_port => $rabbitmq_port -} - + enabled => false, + package_ensure => 'absent', + rabbit_password => 'not important as removed', +} \ No newline at end of file diff --git a/resources/neutron_puppet/actions/run.pp b/resources/neutron_puppet/actions/run.pp index 299636bc..a0ee911d 100644 --- a/resources/neutron_puppet/actions/run.pp +++ b/resources/neutron_puppet/actions/run.pp @@ -2,45 +2,119 @@ $resource = hiera($::resource_name) $ip = $resource['input']['ip']['value'] -$rabbitmq_user = $resource['input']['rabbitmq_user']['value'] -$rabbitmq_password = $resource['input']['rabbitmq_password']['value'] -$rabbitmq_host = $resource['input']['rabbitmq_host']['value'] -$rabbitmq_port = $resource['input']['rabbitmq_port']['value'] -$rabbitmq_virtual_host = $resource['input']['rabbitmq_virtual_host']['value'] - -$keystone_host = $resource['input']['keystone_host']['value'] -$keystone_port = $resource['input']['keystone_port']['value'] -$keystone_user = $resource['input']['keystone_user']['value'] -$keystone_password = $resource['input']['keystone_password']['value'] -$keystone_tenant = $resource['input']['keystone_tenant']['value'] +$package_ensure = $resource['input']['package_ensure']['value'] +$verbose = $resource['input']['verbose']['value'] +$debug = $resource['input']['debug']['value'] +$bind_host = $resource['input']['bind_host']['value'] +$bind_port = $resource['input']['bind_port']['value'] +$core_plugin = $resource['input']['core_plugin']['value'] +$service_plugins = $resource['input']['service_plugins']['value'] +$auth_strategy = $resource['input']['auth_strategy']['value'] +$base_mac = $resource['input']['base_mac']['value'] +$mac_generation_retries = $resource['input']['mac_generation_retries']['value'] +$dhcp_lease_duration = $resource['input']['dhcp_lease_duration']['value'] +$dhcp_agents_per_network = $resource['input']['dhcp_agents_per_network']['value'] +$network_device_mtu = $resource['input']['network_device_mtu']['value'] +$dhcp_agent_notification = $resource['input']['dhcp_agent_notification']['value'] +$allow_bulk = $resource['input']['allow_bulk']['value'] +$allow_pagination = $resource['input']['allow_pagination']['value'] +$allow_sorting = $resource['input']['allow_sorting']['value'] +$allow_overlapping_ips = $resource['input']['allow_overlapping_ips']['value'] +$api_extensions_path = $resource['input']['api_extensions_path']['value'] +$root_helper = $resource['input']['root_helper']['value'] +$report_interval = $resource['input']['report_interval']['value'] +$control_exchange = $resource['input']['control_exchange']['value'] +$rpc_backend = $resource['input']['rpc_backend']['value'] +$rabbit_password = $resource['input']['rabbit_password']['value'] +$rabbit_host = $resource['input']['rabbit_host']['value'] +$rabbit_hosts = $resource['input']['rabbit_hosts']['value'] +$rabbit_port = $resource['input']['rabbit_port']['value'] +$rabbit_user = $resource['input']['rabbit_user']['value'] +$rabbit_virtual_host = $resource['input']['rabbit_virtual_host']['value'] +$rabbit_use_ssl = $resource['input']['rabbit_use_ssl']['value'] +$kombu_ssl_ca_certs = $resource['input']['kombu_ssl_ca_certs']['value'] +$kombu_ssl_certfile = $resource['input']['kombu_ssl_certfile']['value'] +$kombu_ssl_keyfile = $resource['input']['kombu_ssl_keyfile']['value'] +$kombu_ssl_version = $resource['input']['kombu_ssl_version']['value'] +$kombu_reconnect_delay = $resource['input']['kombu_reconnect_delay']['value'] +$qpid_hostname = $resource['input']['qpid_hostname']['value'] +$qpid_port = $resource['input']['qpid_port']['value'] +$qpid_username = $resource['input']['qpid_username']['value'] +$qpid_password = $resource['input']['qpid_password']['value'] +$qpid_heartbeat = $resource['input']['qpid_heartbeat']['value'] +$qpid_protocol = $resource['input']['qpid_protocol']['value'] +$qpid_tcp_nodelay = $resource['input']['qpid_tcp_nodelay']['value'] +$qpid_reconnect = $resource['input']['qpid_reconnect']['value'] +$qpid_reconnect_timeout = $resource['input']['qpid_reconnect_timeout']['value'] +$qpid_reconnect_limit = $resource['input']['qpid_reconnect_limit']['value'] +$qpid_reconnect_interval_min = $resource['input']['qpid_reconnect_interval_min']['value'] +$qpid_reconnect_interval_max = $resource['input']['qpid_reconnect_interval_max']['value'] +$qpid_reconnect_interval = $resource['input']['qpid_reconnect_interval']['value'] +$use_ssl = $resource['input']['use_ssl']['value'] +$cert_file = $resource['input']['cert_file']['value'] +$key_file = $resource['input']['key_file']['value'] +$ca_file = $resource['input']['ca_file']['value'] +$use_syslog = $resource['input']['use_syslog']['value'] +$log_facility = $resource['input']['log_facility']['value'] +$log_file = $resource['input']['log_file']['value'] +$log_dir = $resource['input']['log_dir']['value'] class { 'neutron': - debug => true, - verbose => true, - enabled => true, - package_ensure => 'present', - auth_strategy => 'keystone', - rabbit_user => $rabbitmq_user, - rabbit_password => $rabbitmq_password, - rabbit_host => $rabbitmq_host, - rabbit_port => $rabbitmq_port, - rabbit_virtual_host => $rabbitmq_virtual_host, - service_plugins => ['metering'] + enabled => true, + package_ensure => $package_ensure, + verbose => $verbose, + debug => $debug, + bind_host => $bind_host, + bind_port => $bind_port, + core_plugin => $core_plugin, + service_plugins => $service_plugins, + auth_strategy => $auth_strategy, + base_mac => $base_mac, + mac_generation_retries => $mac_generation_retries, + dhcp_lease_duration => $dhcp_lease_duration, + dhcp_agents_per_network => $dhcp_agents_per_network, + network_device_mtu => $network_device_mtu, + dhcp_agent_notification => $dhcp_agent_notification, + allow_bulk => $allow_bulk, + allow_pagination => $allow_pagination, + allow_sorting => $allow_sorting, + allow_overlapping_ips => $allow_overlapping_ips, + api_extensions_path => $api_extensions_path, + root_helper => $root_helper, + report_interval => $report_interval, + control_exchange => $control_exchange, + rpc_backend => $rpc_backend, + rabbit_password => $rabbit_password, + rabbit_host => $rabbit_host, + rabbit_hosts => $rabbit_hosts, + rabbit_port => $rabbit_port, + rabbit_user => $rabbit_user, + rabbit_virtual_host => $rabbit_virtual_host, + rabbit_use_ssl => $rabbit_use_ssl, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_certfile => $kombu_ssl_certfile, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_version => $kombu_ssl_version, + kombu_reconnect_delay => $kombu_reconnect_delay, + qpid_hostname => $qpid_hostname, + qpid_port => $qpid_port, + qpid_username => $qpid_username, + qpid_password => $qpid_password, + qpid_heartbeat => $qpid_heartbeat, + qpid_protocol => $qpid_protocol, + qpid_tcp_nodelay => $qpid_tcp_nodelay, + qpid_reconnect => $qpid_reconnect, + qpid_reconnect_timeout => $qpid_reconnect_timeout, + qpid_reconnect_limit => $qpid_reconnect_limit, + qpid_reconnect_interval_min => $qpid_reconnect_interval_min, + qpid_reconnect_interval_max => $qpid_reconnect_interval_max, + qpid_reconnect_interval => $qpid_reconnect_interval, + use_ssl => $use_ssl, + cert_file => $cert_file, + key_file => $key_file, + ca_file => $ca_file, + use_syslog => $use_syslog, + log_facility => $log_facility, + log_file => $log_file, + log_dir => $log_dir, } - -class { 'neutron::server': - enabled => true, - package_ensure => 'present', - auth_type => 'keystone', - auth_password => $keystone_password, - auth_user => $keystone_user, - auth_tenant => $keystone_tenant -} - -class { 'neutron::agents::dhcp': } - -#file { '/etc/neutron/neutron-exports': -# owner => 'root', -# group => 'root', -# content => template('neutron/exports.erb') -#} diff --git a/resources/neutron_puppet/meta.yaml b/resources/neutron_puppet/meta.yaml index 8c39ceee..fb0cc902 100644 --- a/resources/neutron_puppet/meta.yaml +++ b/resources/neutron_puppet/meta.yaml @@ -1,5 +1,5 @@ handler: puppet -id: 'neutron' +id: 'neutron_puppet' input: ip: schema: str! @@ -11,45 +11,179 @@ input: schema: str! value: - # TODO: add vhost! - rabbitmq_host: + package_ensure: + schema: str + value: 'present' + verbose: + schema: bool + value: false + debug: + schema: bool + value: false + bind_host: + schema: str + value: '0.0.0.0' + bind_port: + schema: int + value: 9696 + core_plugin: + schema: str + value: 'openvswitch' + service_plugins: + schema: str + value: + auth_strategy: + schema: str + value: 'keystone' + base_mac: + schema: str + value: 'fa:16:3e:00:00:00' + mac_generation_retries: + schema: int + value: 16 + dhcp_lease_duration: + schema: int + value: 86400 + dhcp_agents_per_network: + schema: int + value: 1 + network_device_mtu: + schema: str + value: + dhcp_agent_notification: + schema: bool + value: true + allow_bulk: + schema: bool + value: true + allow_pagination: + schema: bool + value: false + allow_sorting: + schema: bool + value: false + allow_overlapping_ips: + schema: bool + value: false + api_extensions_path: + schema: str + value: + root_helper: + schema: str + value: 'sudo neutron-rootwrap /etc/neutron/rootwrap.conf' + report_interval: + schema: int + value: 30 + control_exchange: + schema: str + value: 'neutron' + rpc_backend: + schema: str + value: 'neutron.openstack.common.rpc.impl_kombu' + rabbit_password: schema: str! value: - rabbitmq_port: - schema: int! + rabbit_host: + schema: str + value: 'localhost' + rabbit_hosts: + schema: bool + value: false + rabbit_port: + schema: int + value: 5672 + rabbit_user: + schema: str + value: 'guest' + rabbit_virtual_host: + schema: str + value: '/' + rabbit_use_ssl: + schema: bool + value: false + kombu_ssl_ca_certs: + schema: str value: - rabbitmq_user: + kombu_ssl_certfile: + schema: str + value: + kombu_ssl_keyfile: + schema: str + value: + kombu_ssl_version: + schema: str + value: 'TLSv1' + kombu_reconnect_delay: + schema: str + value: '1.0' + qpid_hostname: + schema: str + value: 'localhost' + qpid_port: + schema: int + value: 5672 + qpid_username: + schema: str + value: 'guest' + qpid_password: schema: str! + value: 'guest' + qpid_heartbeat: + schema: int + value: 60 + qpid_protocol: + schema: str + value: 'tcp' + qpid_tcp_nodelay: + schema: bool + value: true + qpid_reconnect: + schema: bool + value: true + qpid_reconnect_timeout: + schema: int + value: 0 + qpid_reconnect_limit: + schema: int + value: 0 + qpid_reconnect_interval_min: + schema: int + value: 0 + qpid_reconnect_interval_max: + schema: int + value: 0 + qpid_reconnect_interval: + schema: int + value: 0 + use_ssl: + schema: bool + value: false + cert_file: + schema: str value: - rabbitmq_password: - schema: str! + key_file: + schema: str value: - rabbitmq_virtual_host: - schema: str! + ca_file: + schema: str value: + use_syslog: + schema: bool + value: false + log_facility: + schema: str + value: 'LOG_USER' + log_file: + schema: str + value: + log_dir: + schema: str + value: '/var/log/neutron' git: schema: {repository: str!, branch: str!} - value: {repository: 'https://github.com/openstack/puppet-neutron', branch: 'stable/juno'} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} - port: - schema: int! - value: 9696 - - keystone_host: - schema: str! - keystone_port: - schema: int! - value: - keystone_user: - schema: str! - value: - keystone_password: - schema: str! - value: - keystone_tenant: - schema: str! - value: puppet_module: 'neutron' -tags: [] +tags: [resource/neutron] version: 1.0.0 diff --git a/resources/neutron_server_puppet/README.md b/resources/neutron_server_puppet/README.md new file mode 100644 index 00000000..f0cc5537 --- /dev/null +++ b/resources/neutron_server_puppet/README.md @@ -0,0 +1,167 @@ +# Neutron puppet resource + +Setup and configure the neutron API service and endpoint + +# Parameters: + +source https://github.com/openstack/puppet-neutron/blob/5.1.0/manifests/server.pp + + ``package_ensure`` + (optional) The state of the package + Defaults to present + + ``log_file`` + REMOVED: Use log_file of neutron class instead. + + ``log_dir`` + REMOVED: Use log_dir of neutron class instead. + + ``auth_password`` + (optional) The password to use for authentication (keystone) + Defaults to false. Set a value unless you are using noauth + + ``auth_type`` + (optional) What auth system to use + Defaults to 'keystone'. Can other be 'noauth' + + ``auth_host`` + (optional) The keystone host + Defaults to localhost + + ``auth_protocol`` + (optional) The protocol used to access the auth host + Defaults to http. + + ``auth_port`` + (optional) The keystone auth port + Defaults to 35357 + + ``auth_admin_prefix`` + (optional) The admin_prefix used to admin endpoint of the auth host + This allow admin auth URIs like http://auth_host:35357/keystone. + (where '/keystone' is the admin prefix) + Defaults to false for empty. If defined, should be a string with a leading '/' and no trailing '/'. + + ``auth_tenant`` + (optional) The tenant of the auth user + Defaults to services + + ``auth_user`` + (optional) The name of the auth user + Defaults to neutron + + ``auth_protocol`` + (optional) The protocol to connect to keystone + Defaults to http + + ``auth_uri`` + (optional) Complete public Identity API endpoint. + Defaults to: $auth_protocol://$auth_host:5000/ + + ``database_connection`` + (optional) Connection url for the neutron database. + (Defaults to 'sqlite:////var/lib/neutron/ovs.sqlite') + Note: for this resource it is decomposed to the + 'db_host', 'db_port', 'db_user', 'db_password' inputs + due to implementation limitations + + ``database_max_retries`` + (optional) Maximum database connection retries during startup. + (Defaults to 10) + + ``sql_max_retries`` + DEPRECATED: Use database_max_retries instead. + + ``max_retries`` + DEPRECATED: Use database_max_retries instead. + + ``database_idle_timeout`` + (optional) Timeout before idle database connections are reaped. + Deprecates sql_idle_timeout + (Defaults to 3600) + + ``sql_idle_timeout`` + DEPRECATED: Use database_idle_timeout instead. + + ``idle_timeout`` + DEPRECATED: Use database_idle_timeout instead. + + ``database_retry_interval`` + (optional) Interval between retries of opening a database connection. + (Defaults to 10) + + ``sql_reconnect_interval`` + DEPRECATED: Use database_retry_interval instead. + + ``retry_interval`` + DEPRECATED: Use database_retry_interval instead. + + ``database_min_pool_size`` + (optional) Minimum number of SQL connections to keep open in a pool. + Defaults to: 1 + + ``database_max_pool_size`` + (optional) Maximum number of SQL connections to keep open in a pool. + Defaults to: 10 + + ``database_max_overflow`` + (optional) If set, use this value for max_overflow with sqlalchemy. + Defaults to: 20 + + ``sync_db`` + (optional) Run neutron-db-manage on api nodes after installing the package. + Defaults to false + + ``api_workers`` + (optional) Number of separate worker processes to spawn. + The default, count of machine's processors, runs the worker thread in the + current process. + Greater than 0 launches that number of child processes as workers. + The parent process manages them. + Defaults to: $::processorcount + + ``rpc_workers`` + (optional) Number of separate RPC worker processes to spawn. + The default, count of machine's processors, runs the worker thread in the + current process. + Greater than 0 launches that number of child processes as workers. + The parent process manages them. + Defaults to: $::processorcount + + ``agent_down_time`` + (optional) Seconds to regard the agent as down; should be at least twice + report_interval, to be sure the agent is down for good. + agent_down_time is a config for neutron-server, set by class neutron::server + report_interval is a config for neutron agents, set by class neutron + Defaults to: 75 + + ``router_scheduler_driver`` + (optional) Driver to use for scheduling router to a default L3 agent. Could be: + neutron.scheduler.l3_agent_scheduler.ChanceScheduler to schedule a router in a random way + neutron.scheduler.l3_agent_scheduler.LeastRoutersScheduler to allocate on an L3 agent with the least number of routers bound. + Defaults to: neutron.scheduler.l3_agent_scheduler.ChanceScheduler + + ``mysql_module`` + (optional) Deprecated. Does nothing. + + ``router_distributed`` + (optional) Setting the "router_distributed" flag to "True" will default to the creation + of distributed tenant routers. + Also can be the type of the router on the create request (admin-only attribute). + Defaults to false + + ``l3_ha`` + (optional) Enable high availability for virtual routers. + Defaults to false + + ``max_l3_agents_per_router`` + (optional) Maximum number of l3 agents which a HA router will be scheduled on. If set to '0', a router will be scheduled on every agent. + Defaults to '3' + + ``min_l3_agents_per_router`` + (optional) Minimum number of l3 agents which a HA router will be scheduled on. + Defaults to '2' + + ``l3_ha_net_cidr`` + (optional) CIDR of the administrative network if HA mode is enabled. + Defaults to '169.254.192.0/18' \ No newline at end of file diff --git a/resources/neutron_server_puppet/actions/remove.pp b/resources/neutron_server_puppet/actions/remove.pp new file mode 100644 index 00000000..ecaed03a --- /dev/null +++ b/resources/neutron_server_puppet/actions/remove.pp @@ -0,0 +1,10 @@ +class { 'neutron::server': + enabled => false, + package_ensure => 'absent', + auth_password => 'not important as removed', +} + +# Remove external class dependency +Service <| title == 'neutron-server' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_server_puppet/actions/run.pp b/resources/neutron_server_puppet/actions/run.pp new file mode 100644 index 00000000..47fcb2cc --- /dev/null +++ b/resources/neutron_server_puppet/actions/run.pp @@ -0,0 +1,92 @@ +$resource = hiera($::resource_name) + +$ip = $resource['input']['ip']['value'] + +$db_user = $resource['input']['db_user']['value'] +$db_host = $resource['input']['db_host']['value'] +$db_password = $resource['input']['db_password']['value'] +$db_name = $resource['input']['db_name']['value'] + +$package_ensure = $resource['input']['package_ensure']['value'] +$auth_password = $resource['input']['auth_password']['value'] +$auth_type = $resource['input']['auth_type']['value'] +$auth_host = $resource['input']['auth_host']['value'] +$auth_port = $resource['input']['auth_port']['value'] +$auth_admin_prefix = $resource['input']['auth_admin_prefix']['value'] +$auth_tenant = $resource['input']['auth_tenant']['value'] +$auth_user = $resource['input']['auth_user']['value'] +$auth_protocol = $resource['input']['auth_protocol']['value'] +$auth_uri = $resource['input']['auth_uri']['value'] +$database_max_retries = $resource['input']['database_max_retries']['value'] +$database_idle_timeout = $resource['input']['database_idle_timeout']['value'] +$database_retry_interval = $resource['input']['database_retry_interval']['value'] +$database_min_pool_size = $resource['input']['database_min_pool_size']['value'] +$database_max_pool_size = $resource['input']['database_max_pool_size']['value'] +$database_max_overflow = $resource['input']['database_max_overflow']['value'] +$sync_db = $resource['input']['sync_db']['value'] +$api_workers = $resource['input']['api_workers']['value'] +$rpc_workers = $resource['input']['rpc_workers']['value'] +$agent_down_time = $resource['input']['agent_down_time']['value'] +$router_scheduler_driver = $resource['input']['router_scheduler_driver']['value'] +$router_distributed = $resource['input']['router_distributed']['value'] +$l3_ha = $resource['input']['l3_ha']['value'] +$max_l3_agents_per_router = $resource['input']['max_l3_agents_per_router']['value'] +$min_l3_agents_per_router = $resource['input']['min_l3_agents_per_router']['value'] +$l3_ha_net_cidr = $resource['input']['l3_ha_net_cidr']['value'] +$mysql_module = $resource['input']['mysql_module']['value'] +$sql_max_retries = $resource['input']['sql_max_retries']['value'] +$max_retries = $resource['input']['max_retries']['value'] +$sql_idle_timeout = $resource['input']['sql_idle_timeout']['value'] +$idle_timeout = $resource['input']['idle_timeout']['value'] +$sql_reconnect_interval = $resource['input']['sql_reconnect_interval']['value'] +$retry_interval = $resource['input']['retry_interval']['value'] +$log_dir = $resource['input']['log_dir']['value'] +$log_file = $resource['input']['log_file']['value'] +$report_interval = $resource['input']['report_interval']['value'] + +class { 'neutron::server': + enabled => true, + manage_service => true, + database_connection => "mysql://${db_user}:${db_password}@${db_host}/${db_name}", + package_ensure => $package_ensure, + auth_password => $auth_password, + auth_type => $auth_type, + auth_host => $auth_host, + auth_port => $auth_port, + auth_admin_prefix => $auth_admin_prefix, + auth_tenant => $auth_tenant, + auth_user => $auth_user, + auth_protocol => $auth_protocol, + auth_uri => $auth_uri, + database_max_retries => $database_max_retries, + database_idle_timeout => $database_idle_timeout, + database_retry_interval => $database_retry_interval, + database_min_pool_size => $database_min_pool_size, + database_max_pool_size => $database_max_pool_size, + database_max_overflow => $database_max_overflow, + sync_db => $sync_db, + api_workers => $api_workers, + rpc_workers => $rpc_workers, + agent_down_time => $agent_down_time, + router_scheduler_driver => $router_scheduler_driver, + router_distributed => $router_distributed, + l3_ha => $l3_ha, + max_l3_agents_per_router => $max_l3_agents_per_router, + min_l3_agents_per_router => $min_l3_agents_per_router, + l3_ha_net_cidr => $l3_ha_net_cidr, + mysql_module => $mysql_module, + sql_max_retries => $sql_max_retries, + max_retries => $max_retries, + sql_idle_timeout => $sql_idle_timeout, + idle_timeout => $idle_timeout, + sql_reconnect_interval => $sql_reconnect_interval, + retry_interval => $retry_interval, + log_dir => $log_dir, + log_file => $log_file, + report_interval => $report_interval, +} + +# Remove external class dependency +Service <| title == 'neutron-server' |> { + require => undef +} \ No newline at end of file diff --git a/resources/neutron_server_puppet/meta.yaml b/resources/neutron_server_puppet/meta.yaml new file mode 100644 index 00000000..4e4af5b7 --- /dev/null +++ b/resources/neutron_server_puppet/meta.yaml @@ -0,0 +1,142 @@ +handler: puppet +id: 'neutron_server_puppet' +input: + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + + db_user: + schema: str! + value: + db_password: + schema: str! + value: + db_name: + schema: str! + value: + db_host: + schema: str! + value: + + package_ensure: + schema: str + value: 'present' + auth_password: + schema: str! + value: + auth_type: + schema: str + value: 'keystone' + auth_host: + schema: str + value: 'localhost' + auth_port: + schema: int + value: 35357 + auth_admin_prefix: + schema: str + value: + auth_tenant: + schema: str + value: 'services' + auth_user: + schema: str + value: 'neutron' + auth_protocol: + schema: str + value: 'http' + auth_uri: + schema: str + value: + database_max_retries: + schema: int + value: 10 + database_idle_timeout: + schema: int + value: 3600 + database_retry_interval: + schema: int + value: 10 + database_min_pool_size: + schema: int + value: 1 + database_max_pool_size: + schema: int + value: 10 + database_max_overflow: + schema: int + value: 20 + sync_db: + schema: bool + value: false + api_workers: + schema: int + value: 1 + rpc_workers: + schema: int + value: 1 + agent_down_time: + schema: int + value: 75 + router_scheduler_driver: + schema: str + value: 'neutron.scheduler.l3_agent_scheduler.ChanceScheduler' + router_distributed: + schema: bool + value: false + l3_ha: + schema: bool + value: false + max_l3_agents_per_router: + schema: int + value: 3 + min_l3_agents_per_router: + schema: int + value: 2 + l3_ha_net_cidr: + schema: str + value: '169.254.192.0/18' + mysql_module: + schema: str + value: + sql_max_retries: + schema: str + value: + max_retries: + schema: str + value: + sql_idle_timeout: + schema: str + value: + idle_timeout: + schema: str + value: + sql_reconnect_interval: + schema: str + value: + retry_interval: + schema: str + value: + log_dir: + schema: str + value: + log_file: + schema: str + value: + report_interval: + schema: str + value: + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-neutron', branch: '5.1.0'} + +puppet_module: 'neutron' +tags: [resource/neutron, resource/neutron_service, resource/neutron_server, resource/neutron_api] +version: 1.0.0 diff --git a/resources/nova_neutron_puppet/README.md b/resources/nova_neutron_puppet/README.md index 1824d2af..fd438068 100644 --- a/resources/nova_neutron_puppet/README.md +++ b/resources/nova_neutron_puppet/README.md @@ -32,6 +32,9 @@ source https://github.com/openstack/puppet-nova/blob/5.1.0/manifests/network/neu ``neutron_url`` (optional) URL for connecting to the Neutron networking service. Defaults to 'http://127.0.0.1:9696' + Note: for this resource it is decomposed to the + 'neutron_endpoint_host', 'neutron_endpoint_port', 'neutron_endpoint_protocol' inputs + due to implementation limitations ``neutron_url_timeout`` (optional) Timeout value for connecting to neutron in seconds. @@ -73,6 +76,9 @@ source https://github.com/openstack/puppet-nova/blob/5.1.0/manifests/network/neu This is the Identity (keystone) admin API server IP and port value, and not the Identity service API IP and port. Defaults to 'http://127.0.0.1:35357/v2.0' + Note: for this resource it is decomposed to the + 'auth_host', 'auth_port', 'auth_protocol' inputs + due to implementation limitations ``network_api_class`` (optional) The full class name of the network API class. diff --git a/resources/nova_neutron_puppet/actions/run.pp b/resources/nova_neutron_puppet/actions/run.pp index 173f13da..4a0db5b8 100644 --- a/resources/nova_neutron_puppet/actions/run.pp +++ b/resources/nova_neutron_puppet/actions/run.pp @@ -1,16 +1,21 @@ $resource = hiera($::resource_name) +$auth_host = $resource['input']['auth_host']['value'] +$auth_port = $resource['input']['auth_port']['value'] +$auth_protocol = $resource['input']['auth_protocol']['value'] +$neutron_endpoint_host = $resource['input']['neutron_endpoint_host']['value'] +$neutron_endpoint_port = $resource['input']['neutron_endpoint_port']['value'] +$neutron_endpoint_protocol = $resource['input']['neutron_endpoint_protocol']['value'] + $libvirt_vif_driver = $resource['input']['libvirt_vif_driver']['value'] $force_snat_range = $resource['input']['force_snat_range']['value'] $neutron_admin_password = $resource['input']['neutron_admin_password']['value'] $neutron_auth_strategy = $resource['input']['neutron_auth_strategy']['value'] -$neutron_url = $resource['input']['neutron_url']['value'] $neutron_url_timeout = $resource['input']['neutron_url_timeout']['value'] $neutron_admin_tenant_name = $resource['input']['neutron_admin_tenant_name']['value'] $neutron_default_tenant_id = $resource['input']['neutron_default_tenant_id']['value'] $neutron_region_name = $resource['input']['neutron_region_name']['value'] $neutron_admin_username = $resource['input']['neutron_admin_username']['value'] -$neutron_admin_auth_url = $resource['input']['neutron_admin_auth_url']['value'] $neutron_ovs_bridge = $resource['input']['neutron_ovs_bridge']['value'] $neutron_extension_sync_interval = $resource['input']['neutron_extension_sync_interval']['value'] $neutron_ca_certificates_file = $resource['input']['neutron_ca_certificates_file']['value'] @@ -30,13 +35,13 @@ class { 'nova::compute::neutron': class { 'nova::network::neutron': neutron_admin_password => $neutron_admin_password, neutron_auth_strategy => $neutron_auth_strategy, - neutron_url => $neutron_url, + neutron_url => "${neutron_endpoint_protocol}://${neutron_endpoint_host}:${neutron_endpoint_port}", neutron_url_timeout => $neutron_url_timeout, neutron_admin_tenant_name => $neutron_admin_tenant_name, neutron_default_tenant_id => $neutron_default_tenant_id, neutron_region_name => $neutron_region_name, neutron_admin_username => $neutron_admin_username, - neutron_admin_auth_url => $neutron_admin_auth_url, + neutron_admin_auth_url => "${auth_protocol}://${auth_host}:${auth_port}/v2.0", neutron_ovs_bridge => $neutron_ovs_bridge, neutron_extension_sync_interval => $neutron_extension_sync_interval, neutron_ca_certificates_file => $neutron_ca_certificates_file, diff --git a/resources/nova_neutron_puppet/meta.yaml b/resources/nova_neutron_puppet/meta.yaml index f8afae15..a3e7a111 100644 --- a/resources/nova_neutron_puppet/meta.yaml +++ b/resources/nova_neutron_puppet/meta.yaml @@ -3,6 +3,25 @@ handler: puppet puppet_module: nova version: 1.0.0 input: + auth_host: + schema: str + value: 'localhost' + auth_port: + schema: int + value: 35357 + auth_protocol: + schema: str + value: 'http' + neutron_endpoint_host: + schema: str + value: 'localhost' + neutron_endpoint_port: + schema: int + value: 9696 + neutron_endpoint_protocol: + schema: str + value: 'http' + libvirt_vif_driver: schema: str value: 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver' @@ -15,9 +34,6 @@ input: neutron_auth_strategy: schema: str value: 'keystone' - neutron_url: - schema: str - value: 'http://127.0.0.1:9696' neutron_url_timeout: schema: int value: 30 @@ -33,9 +49,6 @@ input: neutron_admin_username: schema: str value: 'neutron' - neutron_admin_auth_url: - schema: str - value: 'http://127.0.0.1:35357/v2.0' neutron_ovs_bridge: schema: str value: 'br-int' diff --git a/solar/solar/cli/system_log.py b/solar/solar/cli/system_log.py index 8a62c336..fbd4f863 100644 --- a/solar/solar/cli/system_log.py +++ b/solar/solar/cli/system_log.py @@ -26,13 +26,28 @@ def validate(): @changes.command() -def stage(): +@click.option('-d', default=False, is_flag=True) +def stage(d): log = list(change.stage_changes().reverse()) for item in log: click.echo(item) + if d: + for line in item.details: + click.echo(' '*4+line) if not log: click.echo('No changes') +@changes.command(name='staged-item') +@click.argument('log_action') +@click.option('-d', default=True, is_flag=True) +def staged_item(log_action, d): + item = data.SL().get(log_action) + if not item: + click.echo('No staged changes for {}'.format(log_action)) + else: + click.echo(item) + for line in item.details: + click.echo(' '*4+line) @changes.command() def process(): diff --git a/solar/solar/cli/uids_history.py b/solar/solar/cli/uids_history.py index 04ed80cc..7a00e702 100644 --- a/solar/solar/cli/uids_history.py +++ b/solar/solar/cli/uids_history.py @@ -2,7 +2,7 @@ import click import os import re -uids_history = os.path.join(os.getcwd(), '.solar_cli_uids') +UIDS_HISTORY = os.path.join(os.getcwd(), '.solar_cli_uids') def remember_uid(uid): @@ -11,14 +11,14 @@ def remember_uid(uid): Can be used then as `last`, `last1`, `last2` anywhere """ try: - with open(uids_history, 'rb') as f: + with open(UIDS_HISTORY, 'rb') as f: hist = [x.strip() for x in f.readlines()] except IOError: hist = [] hist.insert(0, uid) if len(hist) > 3: hist = hist[:3] - with open(uids_history, 'wb') as f: + with open(UIDS_HISTORY, 'wb') as f: f.write('\n'.join(hist)) @@ -32,7 +32,7 @@ def get_uid(given_uid): position = int(matched.group(1)) except ValueError: position = 0 - with open(uids_history, 'rb') as f: + with open(UIDS_HISTORY, 'rb') as f: uids = [x.strip() for x in f.readlines()] try: return uids[position] diff --git a/solar/solar/core/resource/virtual_resource.py b/solar/solar/core/resource/virtual_resource.py index 8e2d3633..3601a9a9 100644 --- a/solar/solar/core/resource/virtual_resource.py +++ b/solar/solar/core/resource/virtual_resource.py @@ -27,10 +27,6 @@ def create_resource(name, base_path, args, virtual_resource=None): prepare_meta(metadata) - if os.path.exists(actions_path): - for f in os.listdir(actions_path): - metadata['actions'][os.path.splitext(f)[0]] = f - tags = metadata.get('tags', []) resource = Resource(name, metadata, args, tags, virtual_resource) diff --git a/solar/solar/system_log/data.py b/solar/solar/system_log/data.py index 36e0a13c..a5e300cf 100644 --- a/solar/solar/system_log/data.py +++ b/solar/solar/system_log/data.py @@ -63,6 +63,20 @@ class LogItem(object): def compact(self): return 'log task={} uid={}'.format(self.log_action, self.uid) + @property + def details(self): + rst = [] + for type_, val, change in self.diff: + if type_ == 'add': + for it in change: + if isinstance(it, dict): + rst.append('++ {}: {}'.format(it[0], it[1]['value'])) + else: + rst.append('++ {}: {}'.format(it[0], str(it[1]))) + elif type_ == 'change': + rst.append('-+ {}: {} >> {}'.format(val, change[0], change[1])) + return rst + class Log(object):