From 08b4bb7f028957064476f506f87e1404b8bb81b0 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 29 Jul 2015 12:20:26 +0200 Subject: [PATCH 01/24] Create nova base puppet resource Also align composition layer: - rename nova_api to nova_puppet - adjust connections Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 73 ++----- resources/nova_puppet/README.md | 275 ++++++++++++++++++++++++ resources/nova_puppet/actions/remove.pp | 4 + resources/nova_puppet/actions/run.pp | 137 ++++++++++++ resources/nova_puppet/meta.yaml | 242 +++++++++++++++++++++ 5 files changed, 679 insertions(+), 52 deletions(-) create mode 100644 resources/nova_puppet/README.md create mode 100644 resources/nova_puppet/actions/remove.pp create mode 100644 resources/nova_puppet/actions/run.pp create mode 100644 resources/nova_puppet/meta.yaml diff --git a/example-puppet.py b/example-puppet.py index a934b3ee..1f09f039 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -279,7 +279,7 @@ def deploy(): signals.connect(cinder_puppet, cinder_volume_puppet) # NOVA - nova_api = vr.create('nova_api', 'resources/nova_api_puppet', {})[0] + nova_puppet = vr.create('nova_puppet', 'resources/nova_puppet', {})[0] nova_db = vr.create('nova_db', 'resources/mariadb_db/', { 'db_name': 'nova_db', 'login_user': 'root'})[0] @@ -303,7 +303,7 @@ def deploy(): 'internal_port': 8774, 'admin_port': 8774})[0] - signals.connect(node1, nova_api) + signals.connect(node1, nova_puppet) signals.connect(node1, nova_db) signals.connect(node1, nova_db_user) signals.connect(mariadb_service1, nova_db, { @@ -314,38 +314,37 @@ def deploy(): signals.connect(mariadb_service1, nova_db_user, { 'port': 'login_port', 'root_password': 'login_password'}) + signals.connect(admin_user, nova_puppet, {'user_name': 'keystone_user', 'user_password': 'keystone_password', 'tenant_name': 'keystone_tenant'}) #? + signals.connect(openstack_vhost, nova_puppet, {'vhost_name': 'rabbit_virtual_host'}) signals.connect(nova_db, nova_db_user, {'db_name', 'db_host'}) signals.connect(services_tenant, nova_keystone_user) signals.connect(nova_keystone_user, nova_keystone_role) - signals.connect(keystone_puppet, nova_api, { + signals.connect(keystone_puppet, nova_puppet, { 'ip': 'keystone_host', 'admin_port': 'keystone_port'}) - signals.connect(nova_keystone_user, nova_api, { - 'user_name': 'keystone_user_name', - 'tenant_name': 'keystone_tenant_name', + signals.connect(nova_keystone_user, nova_puppet, { + 'user_name': 'keystone_user', + 'tenant_name': 'keystone_tenant', 'user_password': 'keystone_password'}) - signals.connect(rabbitmq_service1, nova_api, { - 'ip': 'rabbitmq_host'}) - signals.connect(openstack_rabbitmq_user, nova_api, { - 'user_name': 'rabbitmq_user', - 'password': 'rabbitmq_password'}) + signals.connect(rabbitmq_service1, nova_puppet, { + 'ip': 'rabbit_host', 'port': 'rabbit_port'}) + signals.connect(openstack_rabbitmq_user, nova_puppet, { + 'user_name': 'rabbit_userid', + 'password': 'rabbit_password'}) signals.connect(keystone_puppet, nova_keystone_service_endpoint, { 'ip': 'keystone_host', 'admin_port': 'keystone_admin_port', 'admin_token': 'admin_token'}) - signals.connect(mariadb_service1, nova_api, { + signals.connect(mariadb_service1, nova_puppet, { 'ip':'db_host'}) - signals.connect(nova_db_user, nova_api, { + signals.connect(nova_db_user, nova_puppet, { 'user_name':'db_user', 'db_name':'db_name', 'user_password':'db_password', 'db_host' : 'db_host'}) - signals.connect(nova_api, nova_keystone_service_endpoint, { - 'ip': ['ip', 'public_ip', 'internal_ip', 'admin_ip'], - 'ssh_key': 'ssh_key', - 'ssh_user': 'ssh_user'}) - signals.connect(nova_api, nova_keystone_service_endpoint, { - 'ip': 'ip', + signals.connect(nova_puppet, nova_keystone_service_endpoint, { + 'ip': ['ip', 'keystone_host', 'public_ip', 'internal_ip', 'admin_ip'], + 'port': ['admin_port', 'internal_port', 'public_port'], 'ssh_key': 'ssh_key', 'ssh_user': 'ssh_user'}) @@ -468,11 +467,12 @@ def deploy(): actions.resource_action(cinder_api_puppet, 'run') actions.resource_action(cinder_scheduler_puppet, 'run') actions.resource_action(cinder_volume_puppet, 'run') + actions.resource_action(nova_db, 'run') actions.resource_action(nova_db_user, 'run') actions.resource_action(nova_keystone_user, 'run') actions.resource_action(nova_keystone_role, 'run') - actions.resource_action(nova_api, 'run') + actions.resource_action(nova_puppet, 'run') actions.resource_action(nova_keystone_service_endpoint, 'run') actions.resource_action(glance_db, 'run') @@ -503,7 +503,7 @@ def undeploy(): 'nova_db', 'nova_db_user', 'nova_keystone_service_endpoint', - 'nova_api', + 'nova_puppet', 'cinder_volume_puppet', 'cinder_scheduler_puppet', 'cinder_api_puppet', @@ -541,37 +541,6 @@ def undeploy(): except errors.SolarError as e: print 'WARNING: %s' % str(e) - #actions.resource_action(resources['nova_keystone_service_endpoint'], 'remove' ) - # actions.resource_action(resources['nova_network_puppet'], 'remove' ) - - # actions.resource_action(resources['nova_keystone_role'], 'remove') - # actions.resource_action(resources['nova_keystone_user'], 'remove') - - # actions.resource_action(resources['neutron_keystone_service_endpoint'], 'remove' ) - # actions.resource_action(resources['neutron_puppet'], 'remove' ) - - # actions.resource_action(resources['cinder_puppet'], 'remove' ) - # actions.resource_action(resources['cinder_keystone_role'], 'remove') - # actions.resource_action(resources['cinder_keystone_user'], 'remove') - - # actions.resource_action(resources['neutron_keystone_role'], 'remove') - # actions.resource_action(resources['neutron_keystone_user'], 'remove') - # actions.resource_action(resources['services_tenant'], 'remove') - - # actions.resource_action(resources['admin_role'], 'remove') - # actions.resource_action(resources['admin_user'], 'remove') - # actions.resource_action(resources['admin_tenant'], 'remove') - - # actions.resource_action(resources['keystone_puppet'], 'remove') - # actions.resource_action(resources['keystone_db_user'], 'remove') - # actions.resource_action(resources['keystone_db'], 'remove') - - # actions.resource_action(resources['mariadb_service1'], 'remove') - - # actions.resource_action(resources['openstack_rabbitmq_user'], 'remove') - # actions.resource_action(resources['openstack_vhost'], 'remove') - # actions.resource_action(resources['rabbitmq_service1'], 'remove') - db.clear() signals.Connections.clear() diff --git a/resources/nova_puppet/README.md b/resources/nova_puppet/README.md new file mode 100644 index 00000000..57dc11f3 --- /dev/null +++ b/resources/nova_puppet/README.md @@ -0,0 +1,275 @@ +# Cinder resource for puppet handler + +Controlls a live cycle of the nova entities, +like the main puppet class, auth, DB, AMQP, packages, +keystone user, role and endpoint. + +# Parameters + +source https://github.com/openstack/puppet-nova/blob/5.1.0/manifests/init.pp + + ``ensure_package`` + (optional) The state of nova packages + Defaults to 'present' + + ``nova_cluster_id`` + (optional) Deprecated. This parameter does nothing and will be removed. + Defaults to 'localcluster' + + ``sql_connection`` + (optional) Deprecated. Use database_connection instead. + Defaults to false + + ``sql_idle_timeout`` + (optional) Deprecated. Use database_idle_timeout instead + Defaults to false + + ``database_connection`` + (optional) Connection url to connect to nova database. + Defaults to false + + ``slave_connection`` + (optional) Connection url to connect to nova slave database (read-only). + Defaults to false + + ``database_idle_timeout`` + (optional) Timeout before idle db connections are reaped. + Defaults to 3600 + + ``rpc_backend`` + (optional) The rpc backend implementation to use, can be: + rabbit (for rabbitmq) + qpid (for qpid) + zmq (for zeromq) + Defaults to 'rabbit' + + ``image_service`` + (optional) Service used to search for and retrieve images. + Defaults to 'nova.image.local.LocalImageService' + + ``glance_api_servers`` + (optional) List of addresses for api servers. + Defaults to 'localhost:9292' + + ``memcached_servers`` + (optional) Use memcached instead of in-process cache. Supply a list of memcached server IP's:Memcached Port. + Defaults to false + + ``rabbit_host`` + (optional) Location of rabbitmq installation. + Defaults to 'localhost' + + ``rabbit_hosts`` + (optional) List of clustered rabbit servers. + Defaults to false + + ``rabbit_port`` + (optional) Port for rabbitmq instance. + Defaults to '5672' + + ``rabbit_password`` + (optional) Password used to connect to rabbitmq. + Defaults to 'guest' + + ``rabbit_userid`` + (optional) User used to connect to rabbitmq. + Defaults to 'guest' + + ``rabbit_virtual_host`` + (optional) The RabbitMQ virtual host. + Defaults to '/' + + ``rabbit_use_ssl`` + (optional) Connect over SSL for RabbitMQ + Defaults to false + + ``kombu_ssl_ca_certs`` + (optional) SSL certification authority file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_certfile`` + (optional) SSL cert file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_keyfile`` + (optional) SSL key file (valid only if SSL enabled). + Defaults to undef + + ``kombu_ssl_version`` + (optional) SSL version to use (valid only if SSL enabled). + Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be + available on some distributions. + Defaults to 'TLSv1' + + ``amqp_durable_queues`` + (optional) Define queues as "durable" to rabbitmq. + Defaults to false + + ``qpid_hostname`` + (optional) Location of qpid server + Defaults to 'localhost' + + ``qpid_port`` + (optional) Port for qpid server + Defaults to '5672' + + ``qpid_username`` + (optional) Username to use when connecting to qpid + Defaults to 'guest' + + ``qpid_password`` + (optional) Password to use when connecting to qpid + Defaults to 'guest' + + ``qpid_heartbeat`` + (optional) Seconds between connection keepalive heartbeats + Defaults to 60 + + ``qpid_protocol`` + (optional) Transport to use, either 'tcp' or 'ssl'' + Defaults to 'tcp' + + ``qpid_sasl_mechanisms`` + (optional) Enable one or more SASL mechanisms + Defaults to false + + ``qpid_tcp_nodelay`` + (optional) Disable Nagle algorithm + Defaults to true + + ``service_down_time`` + (optional) Maximum time since last check-in for up service. + Defaults to 60 + + ``logdir`` + (optional) Deprecated. Use log_dir instead. + Defaults to false + + ``log_dir`` + (optional) Directory where logs should be stored. + If set to boolean false, it will not log to any directory. + Defaults to '/var/log/nova' + + ``state_path`` + (optional) Directory for storing state. + Defaults to '/var/lib/nova' + + ``lock_path`` + (optional) Directory for lock files. + On RHEL will be '/var/lib/nova/tmp' and on Debian '/var/lock/nova' + Defaults to $::nova::params::lock_path + + ``verbose`` + (optional) Set log output to verbose output. + Defaults to false + + ``periodic_interval`` + (optional) Seconds between running periodic tasks. + Defaults to '60' + + ``report_interval`` + (optional) Interval at which nodes report to data store. + Defaults to '10' + + ``monitoring_notifications`` + (optional) Whether or not to send system usage data notifications out on the message queue. Only valid for stable/essex. + Defaults to false + + ``use_syslog`` + (optional) Use syslog for logging + Defaults to false + + ``log_facility`` + (optional) Syslog facility to receive log lines. + Defaults to 'LOG_USER' + + ``use_ssl`` + (optional) Enable SSL on the API server + Defaults to false, not set + + ``enabled_ssl_apis`` + (optional) List of APIs to SSL enable + Defaults to [] + Possible values : 'ec2', 'osapi_compute', 'metadata' + + ``cert_file`` + (optinal) Certificate file to use when starting API server securely + Defaults to false, not set + + ``key_file`` + (optional) Private key file to use when starting API server securely + Defaults to false, not set + + ``ca_file`` + (optional) CA certificate file to use to verify connecting clients + Defaults to false, not set_ + + ``nova_user_id`` + (optional) Create the nova user with the specified gid. + Changing to a new uid after specifying a different uid previously, + or using this option after the nova account already exists will break + the ownership of all files/dirs owned by nova. It is strongly encouraged + not to use this option and instead create user before nova class or + for network shares create netgroup into which you'll put nova on all the + nodes. If undef no user will be created and user creation will standardly + happen in nova-common package. + Defaults to undef. + + ``nova_group_id`` + (optional) Create the nova user with the specified gid. + Changing to a new uid after specifying a different uid previously, + or using this option after the nova account already exists will break + the ownership of all files/dirs owned by nova. It is strongly encouraged + not to use this option and instead create group before nova class or for + network shares create netgroup into which you'll put nova on all the + nodes. If undef no user or group will be created and creation will + happen in nova-common package. + Defaults to undef. + + ``nova_public_key`` + (optional) Install public key in .ssh/authorized_keys for the 'nova' user. + Expects a hash of the form { type => 'key-type', key => 'key-data' } where + 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and 'key-data' is the + actual key data (e.g, 'AAAA...'). + + ``nova_private_key`` + (optional) Install private key into .ssh/id_rsa (or appropriate equivalent + for key type). Expects a hash of the form { type => 'key-type', key => + 'key-data' }, where 'key-type' is one of (ssh-rsa, ssh-dsa, ssh-ecdsa) and + 'key-data' is the contents of the private key file. + + ``nova_shell`` + (optional) Set shell for 'nova' user to the specified value. + Defaults to '/bin/false'. + + ``mysql_module`` + (optional) Deprecated. Does nothing. + + ``notification_driver`` + (optional) Driver or drivers to handle sending notifications. + Value can be a string or a list. + Defaults to [] + + ``notification_topics`` + (optional) AMQP topic used for OpenStack notifications + Defaults to 'notifications' + + ``notify_api_faults`` + (optional) If set, send api.fault notifications on caught + exceptions in the API service + Defaults to false + + ``notify_on_state_change`` + (optional) If set, send compute.instance.update notifications + on instance state changes. Valid values are None for no notifications, + "vm_state" for notifications on VM state changes, or "vm_and_task_state" + for notifications on VM and task state changes. + Defaults to undef + + ``os_region_name`` + (optional) Sets the os_region_name flag. For environments with + more than one endpoint per service, this is required to make + things such as cinder volume attach work. If you don't set this + and you have multiple endpoints, you will get AmbiguousEndpoint + exceptions in the nova API service. + Defaults to undef \ No newline at end of file diff --git a/resources/nova_puppet/actions/remove.pp b/resources/nova_puppet/actions/remove.pp new file mode 100644 index 00000000..764ff454 --- /dev/null +++ b/resources/nova_puppet/actions/remove.pp @@ -0,0 +1,4 @@ +class { 'nova': + ensure_package => 'absent', + rabbit_password => 'not important as removed', +} diff --git a/resources/nova_puppet/actions/run.pp b/resources/nova_puppet/actions/run.pp new file mode 100644 index 00000000..cf01b5f0 --- /dev/null +++ b/resources/nova_puppet/actions/run.pp @@ -0,0 +1,137 @@ +$resource = hiera($::resource_name) + +$db_user = $resource['input']['db_user']['value'] +$db_password = $resource['input']['db_password']['value'] +$db_name = $resource['input']['db_name']['value'] +$db_host = $resource['input']['db_host']['value'] + +$ensure_package = $resource['input']['ensure_package']['value'] +$database_connection = $resource['input']['database_connection']['value'] +$slave_connection = $resource['input']['slave_connection']['value'] +$database_idle_timeout = $resource['input']['database_idle_timeout']['value'] +$rpc_backend = $resource['input']['rpc_backend']['value'] +$image_service = $resource['input']['image_service']['value'] +$glance_api_servers = $resource['input']['glance_api_servers']['value'] +$memcached_servers = $resource['input']['memcached_servers']['value'] +$rabbit_host = $resource['input']['rabbit_host']['value'] +$rabbit_hosts = $resource['input']['rabbit_hosts']['value'] +$rabbit_password = $resource['input']['rabbit_password']['value'] +$rabbit_port = $resource['input']['rabbit_port']['value'] +$rabbit_userid = $resource['input']['rabbit_userid']['value'] +$rabbit_virtual_host = $resource['input']['rabbit_virtual_host']['value'] +$rabbit_use_ssl = $resource['input']['rabbit_use_ssl']['value'] +$rabbit_ha_queues = $resource['input']['rabbit_ha_queues']['value'] +$kombu_ssl_ca_certs = $resource['input']['kombu_ssl_ca_certs']['value'] +$kombu_ssl_certfile = $resource['input']['kombu_ssl_certfile']['value'] +$kombu_ssl_keyfile = $resource['input']['kombu_ssl_keyfile']['value'] +$kombu_ssl_version = $resource['input']['kombu_ssl_version']['value'] +$amqp_durable_queues = $resource['input']['amqp_durable_queues']['value'] +$qpid_hostname = $resource['input']['qpid_hostname']['value'] +$qpid_port = $resource['input']['qpid_port']['value'] +$qpid_username = $resource['input']['qpid_username']['value'] +$qpid_password = $resource['input']['qpid_password']['value'] +$qpid_sasl_mechanisms = $resource['input']['qpid_sasl_mechanisms']['value'] +$qpid_heartbeat = $resource['input']['qpid_heartbeat']['value'] +$qpid_protocol = $resource['input']['qpid_protocol']['value'] +$qpid_tcp_nodelay = $resource['input']['qpid_tcp_nodelay']['value'] +$auth_strategy = $resource['input']['auth_strategy']['value'] +$service_down_time = $resource['input']['service_down_time']['value'] +$log_dir = $resource['input']['log_dir']['value'] +$state_path = $resource['input']['state_path']['value'] +$lock_path = $resource['input']['lock_path']['value'] +$verbose = $resource['input']['verbose']['value'] +$debug = $resource['input']['debug']['value'] +$periodic_interval = $resource['input']['periodic_interval']['value'] +$report_interval = $resource['input']['report_interval']['value'] +$rootwrap_config = $resource['input']['rootwrap_config']['value'] +$use_ssl = $resource['input']['use_ssl']['value'] +$enabled_ssl_apis = $resource['input']['enabled_ssl_apis']['value'] +$ca_file = $resource['input']['ca_file']['value'] +$cert_file = $resource['input']['cert_file']['value'] +$key_file = $resource['input']['key_file']['value'] +$nova_user_id = $resource['input']['nova_user_id']['value'] +$nova_group_id = $resource['input']['nova_group_id']['value'] +$nova_public_key = $resource['input']['nova_public_key']['value'] +$nova_private_key = $resource['input']['nova_private_key']['value'] +$nova_shell = $resource['input']['nova_shell']['value'] +$root_helper = $resource['input']['root_helper']['value'] +$monitoring_notifications = $resource['input']['monitoring_notifications']['value'] +$use_syslog = $resource['input']['use_syslog']['value'] +$log_facility = $resource['input']['log_facility']['value'] +$install_utilities = $resource['input']['install_utilities']['value'] +$notification_driver = $resource['input']['notification_driver']['value'] +$notification_topics = $resource['input']['notification_topics']['value'] +$notify_api_faults = $resource['input']['notify_api_faults']['value'] +$notify_on_state_change = $resource['input']['notify_on_state_change']['value'] +$mysql_module = $resource['input']['mysql_module']['value'] +$nova_cluster_id = $resource['input']['nova_cluster_id']['value'] +$sql_connection = $resource['input']['sql_connection']['value'] +$sql_idle_timeout = $resource['input']['sql_idle_timeout']['value'] +$logdir = $resource['input']['logdir']['value'] +$os_region_name = $resource['input']['os_region_name']['value'] + +class { 'nova': + database_connection => "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8", + ensure_package => $ensure_package, + slave_connection => $slave_connection, + database_idle_timeout => $database_idle_timeout, + rpc_backend => $rpc_backend, + image_service => $image_service, + glance_api_servers => $glance_api_servers, + memcached_servers => $memcached_servers, + rabbit_host => $rabbit_host, + rabbit_hosts => $rabbit_hosts, + rabbit_password => $rabbit_password, + rabbit_port => $rabbit_port, + rabbit_userid => $rabbit_userid, + rabbit_virtual_host => $rabbit_virtual_host, + rabbit_use_ssl => $rabbit_use_ssl, + rabbit_ha_queues => $rabbit_ha_queues, + kombu_ssl_ca_certs => $kombu_ssl_ca_certs, + kombu_ssl_certfile => $kombu_ssl_certfile, + kombu_ssl_keyfile => $kombu_ssl_keyfile, + kombu_ssl_version => $kombu_ssl_version, + amqp_durable_queues => $amqp_durable_queues, + qpid_hostname => $qpid_hostname, + qpid_port => $qpid_port, + qpid_username => $qpid_username, + qpid_password => $qpid_password, + qpid_sasl_mechanisms => $qpid_sasl_mechanisms, + qpid_heartbeat => $qpid_heartbeat, + qpid_protocol => $qpid_protocol, + qpid_tcp_nodelay => $qpid_tcp_nodelay, + auth_strategy => $auth_strategy, + service_down_time => $service_down_time, + log_dir => $log_dir, + state_path => $state_path, + lock_path => $lock_path, + verbose => $verbose, + debug => $debug, + periodic_interval => $periodic_interval, + report_interval => $report_interval, + rootwrap_config => $rootwrap_config, + use_ssl => $use_ssl, + enabled_ssl_apis => $enabled_ssl_apis, + ca_file => $ca_file, + cert_file => $cert_file, + key_file => $key_file, + nova_user_id => $nova_user_id, + nova_group_id => $nova_group_id, + nova_public_key => $nova_public_key, + nova_private_key => $nova_private_key, + nova_shell => $nova_shell, + root_helper => $root_helper, + monitoring_notifications => $monitoring_notifications, + use_syslog => $use_syslog, + log_facility => $log_facility, + install_utilities => $install_utilities, + notification_driver => $notification_driver, + notification_topics => $notification_topics, + notify_api_faults => $notify_api_faults, + notify_on_state_change => $notify_on_state_change, + mysql_module => $mysql_module, + nova_cluster_id => $nova_cluster_id, + sql_idle_timeout => $sql_idle_timeout, + logdir => $logdir, + os_region_name => $os_region_name, +} diff --git a/resources/nova_puppet/meta.yaml b/resources/nova_puppet/meta.yaml new file mode 100644 index 00000000..53732819 --- /dev/null +++ b/resources/nova_puppet/meta.yaml @@ -0,0 +1,242 @@ +id: nova +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + ensure_package: + schema: str + value: 'present' + database_connection: + schema: str + value: '' + slave_connection: + schema: str + value: '' + database_idle_timeout: + schema: int + value: 3600 + rpc_backend: + schema: str + value: 'rabbit' + image_service: + schema: str + value: 'nova.image.glance.GlanceImageService' + glance_api_servers: + schema: str + value: 'localhost:9292' + memcached_servers: + schema: str + value: '' + rabbit_host: + schema: str + value: 'localhost' + rabbit_hosts: + schema: str + value: '' + rabbit_password: + schema: str! + value: 'guest' + rabbit_port: + schema: int + value: 5672 + rabbit_userid: + schema: str + value: 'guest' + rabbit_virtual_host: + schema: str + value: '/' + rabbit_use_ssl: + schema: bool + value: false + rabbit_ha_queues: + schema: str + value: '' + kombu_ssl_ca_certs: + schema: str + value: '' + kombu_ssl_certfile: + schema: str + value: '' + kombu_ssl_keyfile: + schema: str + value: '' + kombu_ssl_version: + schema: str + value: 'TLSv1' + amqp_durable_queues: + schema: bool + value: false + qpid_hostname: + schema: str + value: 'localhost' + qpid_port: + schema: int + value: 5672 + qpid_username: + schema: str + value: 'guest' + qpid_password: + schema: str! + value: 'guest' + qpid_sasl_mechanisms: + schema: bool + value: false + qpid_heartbeat: + schema: int + value: 60 + qpid_protocol: + schema: str + value: 'tcp' + qpid_tcp_nodelay: + schema: bool + value: true + auth_strategy: + schema: str + value: 'keystone' + service_down_time: + schema: int + value: 60 + log_dir: + schema: str + value: '/var/log/nova' + state_path: + schema: str + value: '/var/lib/nova' + lock_path: + schema: str + value: $::nova::params::lock_path + verbose: + schema: bool + value: false + debug: + schema: bool + value: false + periodic_interval: + schema: int + value: 60 + report_interval: + schema: int + value: 10 + rootwrap_config: + schema: str + value: '/etc/nova/rootwrap.conf' + use_ssl: + schema: bool + value: false + enabled_ssl_apis: + schema: [] + value: ['ec2', 'metadata', 'osapi_compute'] + ca_file: + schema: str + value: '' + cert_file: + schema: str + value: '' + key_file: + schema: str + value: '' + nova_user_id: + schema: str + value: '' + nova_group_id: + schema: str + value: '' + nova_public_key: + schema: str + value: '' + nova_private_key: + schema: str + value: '' + nova_shell: + schema: str + value: '/bin/false' + root_helper: + schema: str + value: $::nova::params::root_helper + monitoring_notifications: + schema: bool + value: false + use_syslog: + schema: bool + value: false + log_facility: + schema: str + value: 'LOG_USER' + install_utilities: + schema: bool + value: true + notification_driver: + schema: [] + value: [] + notification_topics: + schema: str + value: 'notifications' + notify_api_faults: + schema: bool + value: false + notify_on_state_change: + schema: str + value: '' + mysql_module: + schema: str + value: '' + nova_cluster_id: + schema: str + value: '' + sql_connection: + schema: str + value: '' + sql_idle_timeout: + schema: str + value: '' + logdir: + schema: str + value: '' + os_region_name: + schema: str + value: '' + + db_user: + schema: str! + value: nova + db_password: + schema: str! + value: + db_name: + schema: str! + value: + db_host: + schema: str! + value: + + keystone_password: + schema: str! + value: + keystone_port: + schema: int! + value: + keystone_host: + schema: str! + value: + keystone_tenant: + schema: str! + value: + keystone_user: + schema: str! + value: + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_service, resources/nova] From 67d3d751b1107adec1617daf50982daa9a5d7cdc Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Wed, 29 Jul 2015 13:54:39 +0200 Subject: [PATCH 02/24] Add missing port parameter for nova puppet Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 5 +---- resources/nova_puppet/meta.yaml | 4 ++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/example-puppet.py b/example-puppet.py index 1f09f039..7af2dd82 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -298,10 +298,7 @@ def deploy(): 'internalurl': 'http://{{internal_ip}}:{{internal_port}}/v2/%(tenant_id)s', 'publicurl': 'http://{{public_ip}}:{{public_port}}/v2/%(tenant_id)s', 'description': 'OpenStack Compute Service', - 'type': 'compute', - 'public_port': 8774, - 'internal_port': 8774, - 'admin_port': 8774})[0] + 'type': 'compute'})[0] signals.connect(node1, nova_puppet) signals.connect(node1, nova_db) diff --git a/resources/nova_puppet/meta.yaml b/resources/nova_puppet/meta.yaml index 53732819..bd613a49 100644 --- a/resources/nova_puppet/meta.yaml +++ b/resources/nova_puppet/meta.yaml @@ -225,6 +225,10 @@ input: schema: str! value: + port: + schema: int! + value: 8774 + git: schema: {repository: str!, branch: str!} value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} From b26c8f954164c6552636e5dfce53ed2f6dca7e61 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 09:43:16 +0200 Subject: [PATCH 03/24] Fix schema for nova puppet Signed-off-by: Bogdan Dobrelya --- resources/nova_puppet/actions/run.pp | 2 -- resources/nova_puppet/meta.yaml | 9 +++------ 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/resources/nova_puppet/actions/run.pp b/resources/nova_puppet/actions/run.pp index cf01b5f0..f7005d75 100644 --- a/resources/nova_puppet/actions/run.pp +++ b/resources/nova_puppet/actions/run.pp @@ -54,7 +54,6 @@ $nova_group_id = $resource['input']['nova_group_id']['value'] $nova_public_key = $resource['input']['nova_public_key']['value'] $nova_private_key = $resource['input']['nova_private_key']['value'] $nova_shell = $resource['input']['nova_shell']['value'] -$root_helper = $resource['input']['root_helper']['value'] $monitoring_notifications = $resource['input']['monitoring_notifications']['value'] $use_syslog = $resource['input']['use_syslog']['value'] $log_facility = $resource['input']['log_facility']['value'] @@ -120,7 +119,6 @@ class { 'nova': nova_public_key => $nova_public_key, nova_private_key => $nova_private_key, nova_shell => $nova_shell, - root_helper => $root_helper, monitoring_notifications => $monitoring_notifications, use_syslog => $use_syslog, log_facility => $log_facility, diff --git a/resources/nova_puppet/meta.yaml b/resources/nova_puppet/meta.yaml index bd613a49..8eb1165c 100644 --- a/resources/nova_puppet/meta.yaml +++ b/resources/nova_puppet/meta.yaml @@ -104,7 +104,7 @@ input: value: '/var/lib/nova' lock_path: schema: str - value: $::nova::params::lock_path + value: '/var/lock/nova' verbose: schema: bool value: false @@ -124,7 +124,7 @@ input: schema: bool value: false enabled_ssl_apis: - schema: [] + schema: [str] value: ['ec2', 'metadata', 'osapi_compute'] ca_file: schema: str @@ -150,9 +150,6 @@ input: nova_shell: schema: str value: '/bin/false' - root_helper: - schema: str - value: $::nova::params::root_helper monitoring_notifications: schema: bool value: false @@ -166,7 +163,7 @@ input: schema: bool value: true notification_driver: - schema: [] + schema: [str] value: [] notification_topics: schema: str From 648dd6d4bcbe2dd19a81ff7be8f871dd5294c8b5 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 09:48:47 +0200 Subject: [PATCH 04/24] Del nova_api after moved to nova_puppet resource Signed-off-by: Bogdan Dobrelya --- resources/nova_api_puppet/actions/remove.pp | 29 ---------- resources/nova_api_puppet/actions/run.pp | 33 ------------ resources/nova_api_puppet/meta.yaml | 59 --------------------- 3 files changed, 121 deletions(-) delete mode 100644 resources/nova_api_puppet/actions/remove.pp delete mode 100644 resources/nova_api_puppet/actions/run.pp delete mode 100644 resources/nova_api_puppet/meta.yaml diff --git a/resources/nova_api_puppet/actions/remove.pp b/resources/nova_api_puppet/actions/remove.pp deleted file mode 100644 index 4d6c4864..00000000 --- a/resources/nova_api_puppet/actions/remove.pp +++ /dev/null @@ -1,29 +0,0 @@ -$resource = hiera($::resource_name) - -$rabbitmq_user = $resource['input']['rabbitmq_user']['value'] -$rabbitmq_password = $resource['input']['rabbitmq_password']['value'] -$rabbitmq_host = $resource['input']['rabbitmq_host']['value'] -$db_user = $resource['input']['db_user']['value'] -$db_password = $resource['input']['db_password']['value'] -$db_name = $resource['input']['db_name']['value'] -$db_host = $resource['input']['db_host']['value'] -$keystone_password = $resource['input']['keystone_password']['value'] -$keystone_host = $resource['input']['keystone_host']['value'] -$keystone_port = $resource['input']['keystone_port']['value'] -$keystone_tenant_name = $resource['input']['keystone_tenant_name']['value'] -$keystone_user = $resource['input']['keystone_user_name']['value'] - -class { 'nova': - database_connection => "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8", - rabbit_userid => $rabbitmq_user, - rabbit_password => $rabbitmq_password, - rabbit_host => $rabbitmq_host, - image_service => 'nova.image.glance.GlanceImageService', - glance_api_servers => 'localhost:9292', - verbose => false, -} - -class { 'nova::api': - admin_password => $keystone_password, - ensure_package => 'absent' -} diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp deleted file mode 100644 index c1384f8b..00000000 --- a/resources/nova_api_puppet/actions/run.pp +++ /dev/null @@ -1,33 +0,0 @@ -$resource = hiera($::resource_name) - -$rabbitmq_user = $resource['input']['rabbitmq_user']['value'] -$rabbitmq_password = $resource['input']['rabbitmq_password']['value'] -$rabbitmq_host = $resource['input']['rabbitmq_host']['value'] -$db_user = $resource['input']['db_user']['value'] -$db_password = $resource['input']['db_password']['value'] -$db_name = $resource['input']['db_name']['value'] -$db_host = $resource['input']['db_host']['value'] -$keystone_password = $resource['input']['keystone_password']['value'] -$keystone_host = $resource['input']['keystone_host']['value'] -$keystone_port = $resource['input']['keystone_port']['value'] -$keystone_tenant_name = $resource['input']['keystone_tenant_name']['value'] -$keystone_user = $resource['input']['keystone_user_name']['value'] - -class { 'nova': - database_connection => "mysql://${db_user}:${db_password}@${db_host}/${db_name}?charset=utf8", - rabbit_userid => $rabbitmq_user, - rabbit_password => $rabbitmq_password, - rabbit_host => $rabbitmq_host, - image_service => 'nova.image.glance.GlanceImageService', - glance_api_servers => 'localhost:9292', - verbose => false, -} - -class { 'nova::api': - enabled => true, - admin_user => $keystone_user, - admin_password => $keystone_password, - auth_host => $keystone_host, - auth_port => $keystone_port, - admin_tenant_name => $keystone_tenant_name, -} diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml deleted file mode 100644 index 96ff21dc..00000000 --- a/resources/nova_api_puppet/meta.yaml +++ /dev/null @@ -1,59 +0,0 @@ -id: nova -handler: puppet -puppet_module: nova -version: 1.0.0 -input: - db_user: - schema: str! - value: nova - db_password: - schema: str! - value: - db_name: - schema: str! - value: - db_host: - schema: str! - value: - - rabbitmq_user: - schema: str! - value: - rabbitmq_password: - schema: str! - value: - rabbitmq_host: - schema: str! - value: - - keystone_password: - schema: str! - value: - keystone_port: - schema: int! - value: - keystone_host: - schema: str! - value: - keystone_tenant_name: - schema: str! - value: - keystone_user_name: - schema: str! - value: - - git: - schema: {repository: str!, branch: str!} - value: {repository: 'https://github.com/openstack/puppet-nova', branch: 'stable/juno'} - - ip: - schema: str! - value: - ssh_key: - schema: str! - value: - ssh_user: - schema: str! - value: - -tags: [resource/nova_service, resources/nova, resource/nova-api] From 56263a45ad648ade4f657d8f6a5f7154f86b02c2 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 10:09:56 +0200 Subject: [PATCH 05/24] Fix cinder puppet module references Signed-off-by: Bogdan Dobrelya --- resources/cinder_api_puppet/meta.yaml | 2 +- resources/cinder_scheduler_puppet/meta.yaml | 2 +- resources/cinder_volume_puppet/meta.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/resources/cinder_api_puppet/meta.yaml b/resources/cinder_api_puppet/meta.yaml index 6164176a..114db75a 100644 --- a/resources/cinder_api_puppet/meta.yaml +++ b/resources/cinder_api_puppet/meta.yaml @@ -1,6 +1,6 @@ id: cinder_api_puppet handler: puppet -puppet_module: cinder_api +puppet_module: cinder version: 1.0.0 input: keystone_password: diff --git a/resources/cinder_scheduler_puppet/meta.yaml b/resources/cinder_scheduler_puppet/meta.yaml index 5a7ce2b6..24c98431 100644 --- a/resources/cinder_scheduler_puppet/meta.yaml +++ b/resources/cinder_scheduler_puppet/meta.yaml @@ -1,6 +1,6 @@ id: cinder_scheduler_puppet handler: puppet -puppet_module: cinder_scheduler +puppet_module: cinder version: 1.0.0 input: scheduler_driver: diff --git a/resources/cinder_volume_puppet/meta.yaml b/resources/cinder_volume_puppet/meta.yaml index 20bc84fd..9146a153 100644 --- a/resources/cinder_volume_puppet/meta.yaml +++ b/resources/cinder_volume_puppet/meta.yaml @@ -1,6 +1,6 @@ id: cinder_volume_puppet handler: puppet -puppet_module: cinder_volume +puppet_module: cinder version: 1.0.0 input: package_ensure: From 70d9a0502ddacdda8f5fa3386b2f7c874850fb33 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 10:10:17 +0200 Subject: [PATCH 06/24] Add nova api puppet resource Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 11 ++ resources/nova_api_puppet/README.md | 141 ++++++++++++++++++++ resources/nova_api_puppet/actions/remove.pp | 4 + resources/nova_api_puppet/actions/run.pp | 65 +++++++++ resources/nova_api_puppet/meta.yaml | 108 +++++++++++++++ resources/nova_puppet/README.md | 2 +- 6 files changed, 330 insertions(+), 1 deletion(-) create mode 100644 resources/nova_api_puppet/README.md create mode 100644 resources/nova_api_puppet/actions/remove.pp create mode 100644 resources/nova_api_puppet/actions/run.pp create mode 100644 resources/nova_api_puppet/meta.yaml diff --git a/example-puppet.py b/example-puppet.py index 7af2dd82..71153156 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -345,6 +345,15 @@ def deploy(): 'ssh_key': 'ssh_key', 'ssh_user': 'ssh_user'}) + # NOVA API + nova_api_puppet = vr.create('nova_api_puppet', 'resources/nova_api_puppet', {})[0] + signals.connect(node1, nova_api_puppet) + signals.connect(nova_puppet, nova_api_puppet, { + 'keystone_tenant': 'admin_tenant_name', + 'keystone_user': 'admin_user', + 'keystone_host': 'auth_host', + 'keystone_port': 'auth_port'}) + # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) # signals.connect(rabbitmq_service1, nova_network_puppet, {'ip': 'rabbitmq_host', 'port': 'rabbitmq_port'}) @@ -471,6 +480,7 @@ def deploy(): actions.resource_action(nova_keystone_role, 'run') actions.resource_action(nova_puppet, 'run') actions.resource_action(nova_keystone_service_endpoint, 'run') + actions.resource_action(nova_api_puppet, 'run') actions.resource_action(glance_db, 'run') actions.resource_action(glance_db_user, 'run') @@ -500,6 +510,7 @@ def undeploy(): 'nova_db', 'nova_db_user', 'nova_keystone_service_endpoint', + 'nova_api_puppet', 'nova_puppet', 'cinder_volume_puppet', 'cinder_scheduler_puppet', diff --git a/resources/nova_api_puppet/README.md b/resources/nova_api_puppet/README.md new file mode 100644 index 00000000..9fc2bb88 --- /dev/null +++ b/resources/nova_api_puppet/README.md @@ -0,0 +1,141 @@ +# Nova API resource for puppet handler + +Setup and configure the Nova API service + +# Parameters + +source https://github.com/openstack/puppet-nova_api/blob/5.1.0/manifests/api.pp + + ``admin_password`` + (required) The password to set for the nova admin user in keystone + + ``ensure_package`` + (optional) Whether the nova api package will be installed + Defaults to 'present' + + ``auth_strategy`` + (DEPRECATED) Does nothing and will be removed in Icehouse + Defaults to false + + ``auth_host`` + (optional) The IP of the server running keystone + Defaults to '127.0.0.1' + + ``auth_port`` + (optional) The port to use when authenticating against Keystone + Defaults to 35357 + + ``auth_protocol`` + (optional) The protocol to use when authenticating against Keystone + Defaults to 'http' + + ``auth_uri`` + (optional) The uri of a Keystone service to authenticate against + Defaults to false + + ``auth_admin_prefix`` + (optional) Prefix to prepend at the beginning of the keystone path + Defaults to false + + ``auth_version`` + (optional) API version of the admin Identity API endpoint + for example, use 'v3.0' for the keystone version 3.0 api + Defaults to false + + ``admin_tenant_name`` + (optional) The name of the tenant to create in keystone for use by the nova services + Defaults to 'services' + + ``admin_user`` + (optional) The name of the user to create in keystone for use by the nova services + Defaults to 'nova' + + ``api_bind_address`` + (optional) IP address for nova-api server to listen + Defaults to '0.0.0.0' + + ``metadata_listen`` + (optional) IP address for metadata server to listen + Defaults to '0.0.0.0' + + ``enabled_apis`` + (optional) A comma separated list of apis to enable + Defaults to 'ec2,osapi_compute,metadata' + + ``keystone_ec2_url`` + (optional) The keystone url where nova should send requests for ec2tokens + Defaults to false + + ``volume_api_class`` + (optional) The name of the class that nova will use to access volumes. Cinder is the only option. + Defaults to 'nova.volume.cinder.API' + + ``use_forwarded_for`` + (optional) Treat X-Forwarded-For as the canonical remote address. Only + enable this if you have a sanitizing proxy. + Defaults to false + + ``osapi_compute_workers`` + (optional) Number of workers for OpenStack API service + Defaults to $::processorcount + + ``ec2_workers`` + (optional) Number of workers for EC2 service + Defaults to $::processorcount + + ``metadata_workers`` + (optional) Number of workers for metadata service + Defaults to $::processorcount + + ``conductor_workers`` + (optional) DEPRECATED. Use workers parameter of nova::conductor + Class instead. + Defaults to undef + + ``sync_db`` + (optional) Run nova-manage db sync on api nodes after installing the package. + Defaults to true + + ``neutron_metadata_proxy_shared_secret`` + (optional) Shared secret to validate proxies Neutron metadata requests + Defaults to undef + + ``pci_alias`` + (optional) Pci passthrough for controller: + Defaults to undef + Example + "[ {'vendor_id':'1234', 'product_id':'5678', 'name':'default'}, {...} ]" + + ``ratelimits`` + (optional) A string that is a semicolon-separated list of 5-tuples. + See http://docs.openstack.org/trunk/config-reference/content/configuring-compute-API.html + Example: '(POST, "*", .*, 10, MINUTE);(POST, "*/servers", ^/servers, 50, DAY);(PUT, "*", .*, 10, MINUTE)' + Defaults to undef + + ``ratelimits_factory`` + (optional) The rate limiting factory to use + Defaults to 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory' + + ``osapi_v3`` + (optional) Enable or not Nova API v3 + Defaults to false + + ``validate`` + (optional) Whether to validate the service is working after any service refreshes + Defaults to false + + ``validation_options`` + (optional) Service validation options + Should be a hash of options defined in openstacklib::service_validation + If empty, defaults values are taken from openstacklib function. + Default command list nova flavors. + Require validate set at True. + Example: + nova::api::validation_options: + nova-api: + command: check_nova.py + path: /usr/bin:/bin:/usr/sbin:/sbin + provider: shell + tries: 5 + try_sleep: 10 + Defaults to {} diff --git a/resources/nova_api_puppet/actions/remove.pp b/resources/nova_api_puppet/actions/remove.pp new file mode 100644 index 00000000..bfd69841 --- /dev/null +++ b/resources/nova_api_puppet/actions/remove.pp @@ -0,0 +1,4 @@ +class { 'nova::api': + ensure_package => 'absent', + enabled => false, +} diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp new file mode 100644 index 00000000..9bca5595 --- /dev/null +++ b/resources/nova_api_puppet/actions/run.pp @@ -0,0 +1,65 @@ +$resource = hiera($::resource_name) + +$ensure_package = $resource['input']['ensure_package']['value'] +$auth_strategy = $resource['input']['auth_strategy']['value'] +$auth_host = $resource['input']['auth_host']['value'] +$auth_port = $resource['input']['auth_port']['value'] +$auth_protocol = $resource['input']['auth_protocol']['value'] +$auth_uri = $resource['input']['auth_uri']['value'] +$auth_admin_prefix = $resource['input']['auth_admin_prefix']['value'] +$auth_version = $resource['input']['auth_version']['value'] +$admin_tenant_name = $resource['input']['admin_tenant_name']['value'] +$admin_user = $resource['input']['admin_user']['value'] +$api_bind_address = $resource['input']['api_bind_address']['value'] +$metadata_listen = $resource['input']['metadata_listen']['value'] +$enabled_apis = $resource['input']['enabled_apis']['value'] +$keystone_ec2_url = $resource['input']['keystone_ec2_url']['value'] +$volume_api_class = $resource['input']['volume_api_class']['value'] +$use_forwarded_for = $resource['input']['use_forwarded_for']['value'] +$osapi_compute_workers = $resource['input']['osapi_compute_workers']['value'] +$ec2_workers = $resource['input']['ec2_workers']['value'] +$metadata_workers = $resource['input']['metadata_workers']['value'] +$sync_db = $resource['input']['sync_db']['value'] +$neutron_metadata_proxy_shared_secret = $resource['input']['neutron_metadata_proxy_shared_secret']['value'] +$osapi_v3 = $resource['input']['osapi_v3']['value'] +$pci_alias = $resource['input']['pci_alias']['value'] +$ratelimits = $resource['input']['ratelimits']['value'] +$ratelimits_factory = $resource['input']['ratelimits_factory']['value'] +$validate = $resource['input']['validate']['value'] +$validation_options = $resource['input']['validation_options']['value'] +$workers = $resource['input']['workers']['value'] +$conductor_workers = $resource['input']['conductor_workers']['value'] + +class { 'nova_api': + enabled => true, + manage_service => true, + ensure_package => $ensure_package, + auth_strategy => $auth_strategy, + auth_host => $auth_host, + auth_port => $auth_port, + auth_protocol => $auth_protocol, + auth_uri => $auth_uri, + auth_admin_prefix => $auth_admin_prefix, + auth_version => $auth_version, + admin_tenant_name => $admin_tenant_name, + admin_user => $admin_user, + api_bind_address => $api_bind_address, + metadata_listen => $metadata_listen, + enabled_apis => $enabled_apis, + keystone_ec2_url => $keystone_ec2_url, + volume_api_class => $volume_api_class, + use_forwarded_for => $use_forwarded_for, + osapi_compute_workers => $osapi_compute_workers, + ec2_workers => $ec2_workers, + metadata_workers => $metadata_workers, + sync_db => $sync_db, + neutron_metadata_proxy_shared_secret => $neutron_metadata_proxy_shared_secret, + osapi_v3 => $osapi_v3, + pci_alias => $pci_alias, + ratelimits => $ratelimits, + ratelimits_factory => $ratelimits_factory, + validate => $validate, + validation_options => $validation_options, + workers => $workers, + conductor_workers => $conductor_workers, +} diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml new file mode 100644 index 00000000..e969765c --- /dev/null +++ b/resources/nova_api_puppet/meta.yaml @@ -0,0 +1,108 @@ +id: nova_api +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + ensure_package: + schema: str + value: 'present' + auth_strategy: + schema: str + value: '' + auth_host: + schema: str + value: '127.0.0.1' + auth_port: + schema: int + value: 35357 + auth_protocol: + schema: str + value: 'http' + auth_uri: + schema: str + value: '' + auth_admin_prefix: + schema: str + value: '' + auth_version: + schema: str + value: '' + admin_tenant_name: + schema: str + value: 'services' + admin_user: + schema: str + value: 'nova' + api_bind_address: + schema: str + value: '0.0.0.0' + metadata_listen: + schema: str + value: '0.0.0.0' + enabled_apis: + schema: str + value: 'ec2,osapi_compute,metadata' + keystone_ec2_url: + schema: str + value: '' + volume_api_class: + schema: str + value: 'nova.volume.cinder.API' + use_forwarded_for: + schema: str + value: '' + osapi_compute_workers: + schema: inst + value: 1 + ec2_workers: + schema: int + value: 1 + metadata_workers: + schema: int + value: 1 + sync_db: + schema: bool + value: true + neutron_metadata_proxy_shared_secret: + schema: str + value: '' + osapi_v3: + schema: bool + value: false + pci_alias: + schema: str + value: '' + ratelimits: + schema: str + value: '' + ratelimits_factory: + schema: str + value: 'nova.api.openstack.compute.limits:RateLimitingMiddleware.factory' + validate: + schema: bool + value: false + validation_options: + schema: {} + value: {} + workers: + schema: str + value: '' + conductor_workers: + schema: str + value: '' + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_api_service, resources/nova_api, resources/nova] diff --git a/resources/nova_puppet/README.md b/resources/nova_puppet/README.md index 57dc11f3..76b594e3 100644 --- a/resources/nova_puppet/README.md +++ b/resources/nova_puppet/README.md @@ -1,4 +1,4 @@ -# Cinder resource for puppet handler +# Nova resource for puppet handler Controlls a live cycle of the nova entities, like the main puppet class, auth, DB, AMQP, packages, From 86136d77f6e7d1160f5a695bf94d22362812f340 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 11:36:14 +0200 Subject: [PATCH 07/24] Fix typo Signed-off-by: Bogdan Dobrelya --- resources/nova_api_puppet/actions/run.pp | 2 +- resources/nova_api_puppet/meta.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp index 9bca5595..6a565572 100644 --- a/resources/nova_api_puppet/actions/run.pp +++ b/resources/nova_api_puppet/actions/run.pp @@ -30,7 +30,7 @@ $validation_options = $resource['input']['validation_options' $workers = $resource['input']['workers']['value'] $conductor_workers = $resource['input']['conductor_workers']['value'] -class { 'nova_api': +class { 'nova::api': enabled => true, manage_service => true, ensure_package => $ensure_package, diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml index e969765c..ec571569 100644 --- a/resources/nova_api_puppet/meta.yaml +++ b/resources/nova_api_puppet/meta.yaml @@ -52,7 +52,7 @@ input: schema: str value: '' osapi_compute_workers: - schema: inst + schema: int value: 1 ec2_workers: schema: int From a35697ae3a1a835beac41ade9a7179b54dbb6418 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 11:44:02 +0200 Subject: [PATCH 08/24] Add missed admin_password for nova api resource Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 1 + resources/nova_api_puppet/actions/run.pp | 2 ++ resources/nova_api_puppet/meta.yaml | 3 +++ 3 files changed, 6 insertions(+) diff --git a/example-puppet.py b/example-puppet.py index 71153156..bb017fb8 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -351,6 +351,7 @@ def deploy(): signals.connect(nova_puppet, nova_api_puppet, { 'keystone_tenant': 'admin_tenant_name', 'keystone_user': 'admin_user', + 'keystone_password': 'admin_password', 'keystone_host': 'auth_host', 'keystone_port': 'auth_port'}) diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp index 6a565572..7c590df4 100644 --- a/resources/nova_api_puppet/actions/run.pp +++ b/resources/nova_api_puppet/actions/run.pp @@ -10,6 +10,7 @@ $auth_admin_prefix = $resource['input']['auth_admin_prefix'] $auth_version = $resource['input']['auth_version']['value'] $admin_tenant_name = $resource['input']['admin_tenant_name']['value'] $admin_user = $resource['input']['admin_user']['value'] +$admin_password = $resource['input']['admin_password']['value'] $api_bind_address = $resource['input']['api_bind_address']['value'] $metadata_listen = $resource['input']['metadata_listen']['value'] $enabled_apis = $resource['input']['enabled_apis']['value'] @@ -43,6 +44,7 @@ class { 'nova::api': auth_version => $auth_version, admin_tenant_name => $admin_tenant_name, admin_user => $admin_user, + admin_password => $admin_password, api_bind_address => $api_bind_address, metadata_listen => $metadata_listen, enabled_apis => $enabled_apis, diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml index ec571569..c34f2dfa 100644 --- a/resources/nova_api_puppet/meta.yaml +++ b/resources/nova_api_puppet/meta.yaml @@ -33,6 +33,9 @@ input: admin_user: schema: str value: 'nova' + admin_password: + schema: str + value: 'nova' api_bind_address: schema: str value: '0.0.0.0' From 4c862d6bf15586b2f4ac55993de387c34118616c Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 11:50:28 +0200 Subject: [PATCH 09/24] Add missing post-config and nova-common Required for decoupling usage of nova and nova api classes in separate catalog runs Signed-off-by: Bogdan Dobrelya --- resources/nova_api_puppet/actions/remove.pp | 7 +++++++ resources/nova_api_puppet/actions/run.pp | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/resources/nova_api_puppet/actions/remove.pp b/resources/nova_api_puppet/actions/remove.pp index bfd69841..bb71e553 100644 --- a/resources/nova_api_puppet/actions/remove.pp +++ b/resources/nova_api_puppet/actions/remove.pp @@ -2,3 +2,10 @@ class { 'nova::api': ensure_package => 'absent', enabled => false, } + +include nova::params + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => 'absent', +} diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp index 7c590df4..731e8ceb 100644 --- a/resources/nova_api_puppet/actions/run.pp +++ b/resources/nova_api_puppet/actions/run.pp @@ -31,6 +31,18 @@ $validation_options = $resource['input']['validation_options' $workers = $resource['input']['workers']['value'] $conductor_workers = $resource['input']['conductor_workers']['value'] +exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', + refreshonly => true, +} + +include nova::params + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => $ensure_package, +} + class { 'nova::api': enabled => true, manage_service => true, From f4bb568aeeedb7a1dfb46b35d69f7a7700258562 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 12:05:16 +0200 Subject: [PATCH 10/24] Fix schema and db-sync condition Db sync should always be run once we decoupled nova api from nova, unless we have a proper notification system Signed-off-by: Bogdan Dobrelya --- resources/nova_api_puppet/actions/run.pp | 1 - resources/nova_api_puppet/meta.yaml | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/resources/nova_api_puppet/actions/run.pp b/resources/nova_api_puppet/actions/run.pp index 731e8ceb..46a2eb78 100644 --- a/resources/nova_api_puppet/actions/run.pp +++ b/resources/nova_api_puppet/actions/run.pp @@ -33,7 +33,6 @@ $conductor_workers = $resource['input']['conductor_workers'] exec { 'post-nova_config': command => '/bin/echo "Nova config has changed"', - refreshonly => true, } include nova::params diff --git a/resources/nova_api_puppet/meta.yaml b/resources/nova_api_puppet/meta.yaml index c34f2dfa..ca568f8a 100644 --- a/resources/nova_api_puppet/meta.yaml +++ b/resources/nova_api_puppet/meta.yaml @@ -52,8 +52,8 @@ input: schema: str value: 'nova.volume.cinder.API' use_forwarded_for: - schema: str - value: '' + schema: bool + value: false osapi_compute_workers: schema: int value: 1 From 43843b6f6145e091c47236e59d3754f06d41259c Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 12:14:21 +0200 Subject: [PATCH 11/24] Fix remove nova api resource Signed-off-by: Bogdan Dobrelya --- resources/nova_api_puppet/actions/remove.pp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/resources/nova_api_puppet/actions/remove.pp b/resources/nova_api_puppet/actions/remove.pp index bb71e553..4dfb8e20 100644 --- a/resources/nova_api_puppet/actions/remove.pp +++ b/resources/nova_api_puppet/actions/remove.pp @@ -1,10 +1,16 @@ class { 'nova::api': ensure_package => 'absent', enabled => false, + admin_password => 'not important as removed' } include nova::params +exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', + refreshonly => true, +} + package { 'nova-common': name => $nova::params::common_package_name, ensure => 'absent', From 041161cf17752fd2c11fc35dc55e1e7320496e5d Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Thu, 30 Jul 2015 15:47:26 +0200 Subject: [PATCH 12/24] Add nova conductor resource Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 7 +++++ resources/nova_conductor_puppet/README.md | 16 +++++++++++ .../nova_conductor_puppet/actions/remove.pp | 11 ++++++++ .../nova_conductor_puppet/actions/run.pp | 22 +++++++++++++++ resources/nova_conductor_puppet/meta.yaml | 27 +++++++++++++++++++ 5 files changed, 83 insertions(+) create mode 100644 resources/nova_conductor_puppet/README.md create mode 100644 resources/nova_conductor_puppet/actions/remove.pp create mode 100644 resources/nova_conductor_puppet/actions/run.pp create mode 100644 resources/nova_conductor_puppet/meta.yaml diff --git a/example-puppet.py b/example-puppet.py index bb017fb8..15594fd8 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -355,6 +355,11 @@ def deploy(): 'keystone_host': 'auth_host', 'keystone_port': 'auth_port'}) + # NOVA CONDUCTOR + nova_conductor_puppet = vr.create('nova_conductor_puppet', 'resources/nova_conductor_puppet', {})[0] + signals.connect(node1, nova_conductor_puppet) + signals.connect(nova_puppet, nova_conductor_puppet) + # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) # signals.connect(rabbitmq_service1, nova_network_puppet, {'ip': 'rabbitmq_host', 'port': 'rabbitmq_port'}) @@ -482,6 +487,7 @@ def deploy(): actions.resource_action(nova_puppet, 'run') actions.resource_action(nova_keystone_service_endpoint, 'run') actions.resource_action(nova_api_puppet, 'run') + actions.resource_action(nova_conductor_puppet, 'run') actions.resource_action(glance_db, 'run') actions.resource_action(glance_db_user, 'run') @@ -511,6 +517,7 @@ def undeploy(): 'nova_db', 'nova_db_user', 'nova_keystone_service_endpoint', + 'nova_conductor_puppet', 'nova_api_puppet', 'nova_puppet', 'cinder_volume_puppet', diff --git a/resources/nova_conductor_puppet/README.md b/resources/nova_conductor_puppet/README.md new file mode 100644 index 00000000..26a94d35 --- /dev/null +++ b/resources/nova_conductor_puppet/README.md @@ -0,0 +1,16 @@ +# Nova conductor resource for puppet handler + +Setup and configure the Nova conductor service. +Note, it [should not](http://docs.openstack.org/juno/config-reference/content/section_conductor.html) be deployed on compute nodes. + +# Parameters + +source https://github.com/openstack/puppet-nova_conductor/blob/5.1.0/manifests/conductor.pp + + ``ensure_package`` + (optional) The state of the nova conductor package + Defaults to 'present' + + ``workers`` + (optional) Number of workers for OpenStack Conductor service + Defaults to undef (i.e. parameter will not be present) \ No newline at end of file diff --git a/resources/nova_conductor_puppet/actions/remove.pp b/resources/nova_conductor_puppet/actions/remove.pp new file mode 100644 index 00000000..9c9fee76 --- /dev/null +++ b/resources/nova_conductor_puppet/actions/remove.pp @@ -0,0 +1,11 @@ +class { 'nova::conductor': + ensure_package => 'absent', + enabled => false, +} + +include nova::params + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => 'absent', +} \ No newline at end of file diff --git a/resources/nova_conductor_puppet/actions/run.pp b/resources/nova_conductor_puppet/actions/run.pp new file mode 100644 index 00000000..271fc179 --- /dev/null +++ b/resources/nova_conductor_puppet/actions/run.pp @@ -0,0 +1,22 @@ +$resource = hiera($::resource_name) + +$ensure_package = $resource['input']['ensure_package']['value'] +$workers = $resource['input']['workers']['value'] + +exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', +} + +include nova::params + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => $ensure_package, +} + +class { 'nova::conductor': + enabled => true, + manage_service => true, + ensure_package => $ensure_package, + workers => $workers, +} \ No newline at end of file diff --git a/resources/nova_conductor_puppet/meta.yaml b/resources/nova_conductor_puppet/meta.yaml new file mode 100644 index 00000000..39b4c3f5 --- /dev/null +++ b/resources/nova_conductor_puppet/meta.yaml @@ -0,0 +1,27 @@ +id: nova_conductor +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + ensure_package: + schema: str + value: 'present' + workers: + schema: int + value: 1 + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_conductor_service, resources/nova_conductor, resources/nova] From 88d11981a331ceaf4809a5431b9b0dd8f359d918 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 14:51:58 +0200 Subject: [PATCH 13/24] Add nova compute resource Signed-off-by: Bogdan Dobrelya --- resources/nova_compute_puppet/README.md | 105 ++++++++++++++++++ .../nova_compute_puppet/actions/remove.pp | 4 + resources/nova_compute_puppet/actions/run.pp | 49 ++++++++ resources/nova_compute_puppet/meta.yaml | 84 ++++++++++++++ 4 files changed, 242 insertions(+) create mode 100644 resources/nova_compute_puppet/README.md create mode 100644 resources/nova_compute_puppet/actions/remove.pp create mode 100644 resources/nova_compute_puppet/actions/run.pp create mode 100644 resources/nova_compute_puppet/meta.yaml diff --git a/resources/nova_compute_puppet/README.md b/resources/nova_compute_puppet/README.md new file mode 100644 index 00000000..8cecc3ec --- /dev/null +++ b/resources/nova_compute_puppet/README.md @@ -0,0 +1,105 @@ +# Nova compute resource for puppet handler + +Setup and configure the Nova compute service. + +# Parameters + +source https://github.com/openstack/puppet-nova_compute/blob/5.1.0/manifests/compute.pp + + ``enabled`` + (optional) Whether to enable the nova-compute service + Defaults to false + + ``manage_service`` + (optional) Whether to start/stop the service + Defaults to true + + ``ensure_package`` + (optional) The state for the nova-compute package + Defaults to 'present' + + ``vnc_enabled`` + (optional) Whether to use a VNC proxy + Defaults to true + + ``vncserver_proxyclient_address`` + (optional) The IP address of the server running the VNC proxy client + Defaults to '127.0.0.1' + + ``vncproxy_host`` + (optional) The host of the VNC proxy server + Defaults to false + + ``vncproxy_protocol`` + (optional) The protocol to communicate with the VNC proxy server + Defaults to 'http' + + ``vncproxy_port`` + (optional) The port to communicate with the VNC proxy server + Defaults to '6080' + + ``vncproxy_path`` + (optional) The path at the end of the uri for communication with the VNC proxy server + Defaults to '/vnc_auto.html' + + ``vnc_keymap`` + (optional) The keymap to use with VNC (ls -alh /usr/share/qemu/keymaps to list available keymaps) + Defaults to 'en-us' + + ``force_config_drive`` + (optional) Whether to force the config drive to be attached to all VMs + Defaults to false + + ``virtio_nic`` + (optional) Whether to use virtio for the nic driver of VMs + Defaults to false + + ``neutron_enabled`` + (optional) Whether to use Neutron for networking of VMs + Defaults to true + + ``network_device_mtu`` + (optional) The MTU size for the interfaces managed by nova + Defaults to undef + + ``instance_usage_audit`` + (optional) Generate periodic compute.instance.exists notifications. + Defaults to false + + ``instance_usage_audit_period`` + (optional) Time period to generate instance usages for. + Time period must be hour, day, month or year + Defaults to 'month' + + ``force_raw_images`` + (optional) Force backing images to raw format. + Defaults to true + + ``reserved_host_memory`` + Reserved host memory + The amount of memory in MB reserved for the host. + Defaults to '512' + + ``compute_manager`` + Compute manager + The driver that will manage the running instances. + Defaults to nova.compute.manager.ComputeManager + + ``pci_passthrough_whitelist`` + (optional) Pci passthrough hash in format of: + Defaults to undef + Example + "[ { 'vendor_id':'1234','product_id':'5678' }, + { 'vendor_id':'4321','product_id':'8765','physical_network':'default' } ] " + + ``default_availability_zone`` + (optional) Default compute node availability zone. + Defaults to nova + + ``default_schedule_zone`` + (optional) Availability zone to use when user doesn't specify one. + Defaults to undef + + ``internal_service_availability_zone`` + (optional) The availability zone to show internal services under. + Defaults to internal diff --git a/resources/nova_compute_puppet/actions/remove.pp b/resources/nova_compute_puppet/actions/remove.pp new file mode 100644 index 00000000..fe4757a6 --- /dev/null +++ b/resources/nova_compute_puppet/actions/remove.pp @@ -0,0 +1,4 @@ +class { 'nova::compute': + ensure_package => 'absent', + enabled => false, +} \ No newline at end of file diff --git a/resources/nova_compute_puppet/actions/run.pp b/resources/nova_compute_puppet/actions/run.pp new file mode 100644 index 00000000..3ae0c9f5 --- /dev/null +++ b/resources/nova_compute_puppet/actions/run.pp @@ -0,0 +1,49 @@ +$resource = hiera($::resource_name) + +$ensure_package = $resource['input']['ensure_package']['value'] +$vnc_enabled = $resource['input']['vnc_enabled']['value'] +$vncserver_proxyclient_address = $resource['input']['vncserver_proxyclient_address']['value'] +$vncproxy_host = $resource['input']['vncproxy_host']['value'] +$vncproxy_protocol = $resource['input']['vncproxy_protocol']['value'] +$vncproxy_port = $resource['input']['vncproxy_port']['value'] +$vncproxy_path = $resource['input']['vncproxy_path']['value'] +$vnc_keymap = $resource['input']['vnc_keymap']['value'] +$force_config_drive = $resource['input']['force_config_drive']['value'] +$virtio_nic = $resource['input']['virtio_nic']['value'] +$neutron_enabled = $resource['input']['neutron_enabled']['value'] +$network_device_mtu = $resource['input']['network_device_mtu']['value'] +$instance_usage_audit = $resource['input']['instance_usage_audit']['value'] +$instance_usage_audit_period = $resource['input']['instance_usage_audit_period']['value'] +$force_raw_images = $resource['input']['force_raw_images']['value'] +$reserved_host_memory = $resource['input']['reserved_host_memory']['value'] +$compute_manager = $resource['input']['compute_manager']['value'] +$pci_passthrough = $resource['input']['pci_passthrough']['value'] +$default_availability_zone = $resource['input']['default_availability_zone']['value'] +$default_schedule_zone = $resource['input']['default_schedule_zone']['value'] +$internal_service_availability_zone = $resource['input']['internal_service_availability_zone']['value'] + +class { 'nova::compute': + enabled => true, + manage_service => true, + ensure_package => $ensure_package, + vnc_enabled => $vnc_enabled, + vncserver_proxyclient_address => $vncserver_proxyclient_address, + vncproxy_host => $vncproxy_host, + vncproxy_protocol => $vncproxy_protocol, + vncproxy_port => $vncproxy_port, + vncproxy_path => $vncproxy_path, + vnc_keymap => $vnc_keymap, + force_config_drive => $force_config_drive, + virtio_nic => $virtio_nic, + neutron_enabled => $neutron_enabled, + network_device_mtu => $network_device_mtu, + instance_usage_audit => $instance_usage_audit, + instance_usage_audit_period => $instance_usage_audit_period, + force_raw_images => $force_raw_images, + reserved_host_memory => $reserved_host_memory, + compute_manager => $compute_manager, + pci_passthrough => $pci_passthrough, + default_availability_zone => $default_availability_zone, + default_schedule_zone => $default_schedule_zone, + internal_service_availability_zone => $internal_service_availability_zone, +} \ No newline at end of file diff --git a/resources/nova_compute_puppet/meta.yaml b/resources/nova_compute_puppet/meta.yaml new file mode 100644 index 00000000..0c448e11 --- /dev/null +++ b/resources/nova_compute_puppet/meta.yaml @@ -0,0 +1,84 @@ +id: nova_compute +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + ensure_package: + schema: str + value: 'present' + vnc_enabled: + schema: bool + value: true + vncserver_proxyclient_address: + schema: str + value: '127.0.0.1' + vncproxy_host: + schema: str + value: '' + vncproxy_protocol: + schema: str + value: 'http' + vncproxy_port: + schema: int + value: 6080 + vncproxy_path: + schema: str + value: '/vnc_auto.html' + vnc_keymap: + schema: str + value: 'en-us' + force_config_drive: + schema: bool + value: false + virtio_nic: + schema: bool + value: false + neutron_enabled: + schema: bool + value: true + network_device_mtu: + schema: str + value: '' + instance_usage_audit: + schema: bool + value: false + instance_usage_audit_period: + schema: str + value: 'month' + force_raw_images: + schema: bool + value: true + reserved_host_memory: + schema: int + value: 512 + compute_manager: + schema: str + value: 'nova.compute.manager.ComputeManager' + pci_passthrough: + schema: str + value: '' + default_availability_zone: + schema: str + value: 'nova' + default_schedule_zone: + schema: str + value: '' + internal_service_availability_zone: + schema: str + value: 'internal' + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_compute_service, resources/nova_compute, resources/nova] From 5ebdb56be92f84849084f179389be74cdbe95212 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 15:14:18 +0200 Subject: [PATCH 14/24] Add compute node2 Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 2 ++ templates/nodes.yml | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/example-puppet.py b/example-puppet.py index 15594fd8..5e300f9b 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -38,6 +38,8 @@ def deploy(): signals.Connections.clear() node1 = vr.create('nodes', 'templates/nodes.yml', {})[0] + # COMPUTE + node2 = vr.create('nodes', 'templates/nodes.yml', {})[1] # MARIADB mariadb_service1 = vr.create('mariadb_service1', 'resources/mariadb_service', { diff --git a/templates/nodes.yml b/templates/nodes.yml index 1aaa7784..92713674 100644 --- a/templates/nodes.yml +++ b/templates/nodes.yml @@ -6,3 +6,12 @@ resources: ip: '10.0.0.3' ssh_key: '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key' ssh_user: 'vagrant' + +id: compute_service +resources: + - id: node2 + from: resources/ro_node + values: + ip: '10.0.0.4' + ssh_key: '/vagrant/.vagrant/machines/solar-dev2/virtualbox/private_key' + ssh_user: 'vagrant' From 4d48210d3723817503fc44b338aedc139880c2e1 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 15:44:27 +0200 Subject: [PATCH 15/24] Add compostion layer for node2 nova compute Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/example-puppet.py b/example-puppet.py index 5e300f9b..ddd54c66 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -37,10 +37,8 @@ def deploy(): signals.Connections.clear() - node1 = vr.create('nodes', 'templates/nodes.yml', {})[0] - # COMPUTE - node2 = vr.create('nodes', 'templates/nodes.yml', {})[1] - + node1, node2 = vr.create('nodes', 'templates/nodes.yml', {})[0] + # MARIADB mariadb_service1 = vr.create('mariadb_service1', 'resources/mariadb_service', { 'image': 'mariadb', @@ -362,6 +360,20 @@ def deploy(): signals.connect(node1, nova_conductor_puppet) signals.connect(nova_puppet, nova_conductor_puppet) + # NOVA COMPUTE + nova_compute_puppet = vr.create('nova_compute_puppet', 'resources/nova_compute_puppet', {})[0] + nova_puppet2 = vr.create('nova_puppet', 'resources/nova_puppet', {})[0] + signals.connect(nova_puppet, nova_puppet2 { + 'ensure_package', 'rabbit_host', + 'rabbit_password', 'rabbit_port', 'rabbit_userid', + 'rabbit_virtual_host', 'db_user', 'db_password', + 'db_name', 'db_host', 'keystone_password', + 'keystone_port', 'keystone_host', 'keystone_tenant', + 'keystone_user', + }) + signals.connect(node2, nova_puppet2) + signals.connect(node2, nova_compute_puppet) + # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) # signals.connect(rabbitmq_service1, nova_network_puppet, {'ip': 'rabbitmq_host', 'port': 'rabbitmq_port'}) @@ -491,6 +503,9 @@ def deploy(): actions.resource_action(nova_api_puppet, 'run') actions.resource_action(nova_conductor_puppet, 'run') + actions.resource_action(nova_puppet2, 'run') + actions.resource_action(nova_compute_puppet, 'run') + actions.resource_action(glance_db, 'run') actions.resource_action(glance_db_user, 'run') actions.resource_action(glance_keystone_user, 'run') @@ -499,8 +514,6 @@ def deploy(): actions.resource_action(glance_api_puppet, 'run') actions.resource_action(glance_registry_puppet, 'run') - #actions.resource_action(glance, 'run') - time.sleep(10) @@ -522,6 +535,8 @@ def undeploy(): 'nova_conductor_puppet', 'nova_api_puppet', 'nova_puppet', + 'nova_compute_puppet', + 'nova_puppet2', 'cinder_volume_puppet', 'cinder_scheduler_puppet', 'cinder_api_puppet', From 60b7b9fdaddeb19e6d61ff92d18f1c1480781dbb Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 16:05:54 +0200 Subject: [PATCH 16/24] Fix nodes template Signed-off-by: Bogdan Dobrelya --- templates/nodes.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/templates/nodes.yml b/templates/nodes.yml index 92713674..fc0261df 100644 --- a/templates/nodes.yml +++ b/templates/nodes.yml @@ -1,4 +1,4 @@ -id: mariadb_service +id: simple_multinode resources: - id: node1 from: resources/ro_node @@ -6,9 +6,6 @@ resources: ip: '10.0.0.3' ssh_key: '/vagrant/.vagrant/machines/solar-dev1/virtualbox/private_key' ssh_user: 'vagrant' - -id: compute_service -resources: - id: node2 from: resources/ro_node values: From c7b2f710a181d5df942de8624de9b17d36851dfd Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 16:06:12 +0200 Subject: [PATCH 17/24] Fix example puppet for multinode Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/example-puppet.py b/example-puppet.py index ddd54c66..685d9173 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -37,7 +37,7 @@ def deploy(): signals.Connections.clear() - node1, node2 = vr.create('nodes', 'templates/nodes.yml', {})[0] + node1, node2 = vr.create('nodes', 'templates/nodes.yml', {}) # MARIADB mariadb_service1 = vr.create('mariadb_service1', 'resources/mariadb_service', { @@ -362,8 +362,8 @@ def deploy(): # NOVA COMPUTE nova_compute_puppet = vr.create('nova_compute_puppet', 'resources/nova_compute_puppet', {})[0] - nova_puppet2 = vr.create('nova_puppet', 'resources/nova_puppet', {})[0] - signals.connect(nova_puppet, nova_puppet2 { + nova_puppet2 = vr.create('nova_puppet2', 'resources/nova_puppet', {})[0] + signals.connect(nova_puppet, nova_puppet2, { 'ensure_package', 'rabbit_host', 'rabbit_password', 'rabbit_port', 'rabbit_userid', 'rabbit_virtual_host', 'db_user', 'db_password', From 204853a12195418152e7f06886ccd747c30cf9c6 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Fri, 31 Jul 2015 16:30:01 +0200 Subject: [PATCH 18/24] Add exec post config and network refresh to n-compute Signed-off-by: Bogdan Dobrelya --- resources/nova_compute_puppet/actions/remove.pp | 16 ++++++++++++++++ resources/nova_compute_puppet/actions/run.pp | 15 +++++++++++++++ 2 files changed, 31 insertions(+) diff --git a/resources/nova_compute_puppet/actions/remove.pp b/resources/nova_compute_puppet/actions/remove.pp index fe4757a6..a8a07fb0 100644 --- a/resources/nova_compute_puppet/actions/remove.pp +++ b/resources/nova_compute_puppet/actions/remove.pp @@ -1,4 +1,20 @@ class { 'nova::compute': ensure_package => 'absent', enabled => false, +} + +include nova::params + +exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', + refreshonly => true, +} + +exec { 'networking-refresh': + command => '/sbin/ifdown -a ; /sbin/ifup -a', +} + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => 'absent', } \ No newline at end of file diff --git a/resources/nova_compute_puppet/actions/run.pp b/resources/nova_compute_puppet/actions/run.pp index 3ae0c9f5..8c33baa1 100644 --- a/resources/nova_compute_puppet/actions/run.pp +++ b/resources/nova_compute_puppet/actions/run.pp @@ -46,4 +46,19 @@ class { 'nova::compute': default_availability_zone => $default_availability_zone, default_schedule_zone => $default_schedule_zone, internal_service_availability_zone => $internal_service_availability_zone, +} + +exec { 'networking-refresh': + command => '/sbin/ifdown -a ; /sbin/ifup -a', +} + +exec { 'post-nova_config': + command => '/bin/echo "Nova config has changed"', +} + +include nova::params + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => $ensure_package, } \ No newline at end of file From 41433b26db5d2420c124bde8c1c8b84bd00d1fb4 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 3 Aug 2015 10:23:08 +0200 Subject: [PATCH 19/24] Add nova comp libvirt resource Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 7 ++ .../nova_compute_libvirt_puppet/README.md | 84 +++++++++++++++++++ .../actions/remove.pp | 1 + .../actions/run.pp | 56 +++++++++++++ .../nova_compute_libvirt_puppet/meta.yaml | 63 ++++++++++++++ 5 files changed, 211 insertions(+) create mode 100644 resources/nova_compute_libvirt_puppet/README.md create mode 100644 resources/nova_compute_libvirt_puppet/actions/remove.pp create mode 100644 resources/nova_compute_libvirt_puppet/actions/run.pp create mode 100644 resources/nova_compute_libvirt_puppet/meta.yaml diff --git a/example-puppet.py b/example-puppet.py index 685d9173..8919162d 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -374,6 +374,11 @@ def deploy(): signals.connect(node2, nova_puppet2) signals.connect(node2, nova_compute_puppet) + # NOVA COMPUTE LIBVIRT + # NOTE(bogdando): changes nova config, so should notify nova compute service + nova_compute_libvirt_puppet = vr.create('nova_compute_libvirt_puppet', 'resources/nova_compute_libvirt_puppet', {})[0] + signals.connect(node2, nova_compute_libvirt_puppet) + # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) # signals.connect(rabbitmq_service1, nova_network_puppet, {'ip': 'rabbitmq_host', 'port': 'rabbitmq_port'}) @@ -504,6 +509,7 @@ def deploy(): actions.resource_action(nova_conductor_puppet, 'run') actions.resource_action(nova_puppet2, 'run') + actions.resource_action(nova_compute_libvirt_puppet, 'run') actions.resource_action(nova_compute_puppet, 'run') actions.resource_action(glance_db, 'run') @@ -536,6 +542,7 @@ def undeploy(): 'nova_api_puppet', 'nova_puppet', 'nova_compute_puppet', + 'nova_compute_libvirt_puppet', 'nova_puppet2', 'cinder_volume_puppet', 'cinder_scheduler_puppet', diff --git a/resources/nova_compute_libvirt_puppet/README.md b/resources/nova_compute_libvirt_puppet/README.md new file mode 100644 index 00000000..12a5928e --- /dev/null +++ b/resources/nova_compute_libvirt_puppet/README.md @@ -0,0 +1,84 @@ +# Nova compute libvirt resource for puppet handler + +Install and manage nova-compute guests managed by libvirt. +Cannot be used separately from nova compute resource and +should share the same node. +Libvirt service name defaults are given for Debian OS family. + +# Parameters + +source https://github.com/openstack/puppet-nova_compute_libvirt/blob/5.1.0/manifests/compute/libvirt.pp + + ``libvirt_virt_type`` + (optional) Libvirt domain type. Options are: kvm, lxc, qemu, uml, xen + Replaces libvirt_type + Defaults to 'kvm' + + ``vncserver_listen`` + (optional) IP address on which instance vncservers should listen + Defaults to '127.0.0.1' + + ``migration_support`` + (optional) Whether to support virtual machine migration + Defaults to false + + ``libvirt_cpu_mode`` + (optional) The libvirt CPU mode to configure. Possible values + include custom, host-model, none, host-passthrough. + Defaults to 'host-model' if libvirt_virt_type is set to either + kvm or qemu, otherwise defaults to 'none'. + + ``libvirt_disk_cachemodes`` + (optional) A list of cachemodes for different disk types, e.g. + ["file=directsync", "block=none"] + If an empty list is specified, the disk_cachemodes directive + will be removed from nova.conf completely. + Defaults to an empty list + + ``libvirt_inject_password`` + (optional) Inject the admin password at boot time, without an agent. + Defaults to false + + ``libvirt_inject_key`` + (optional) Inject the ssh public key at boot time. + Defaults to false + + ``libvirt_inject_partition`` + (optional) The partition to inject to : -2 => disable, -1 => inspect + (libguestfs only), 0 => not partitioned, >0 => partition + number (integer value) + Defaults to -2 + + ``remove_unused_base_images`` + (optional) Should unused base images be removed? + If undef is specified, remove the line in nova.conf + otherwise, use a boolean to remove or not the base images. + Defaults to undef + + ``remove_unused_kernels`` + (optional) Should unused kernel images be removed? + This is only safe to enable if all compute nodes + have been updated to support this option. + If undef is specified, remove the line in nova.conf + otherwise, use a boolean to remove or not the kernels. + Defaults to undef + + ``remove_unused_resized_minimum_age_seconds`` + (optional) Unused resized base images younger + than this will not be removed + If undef is specified, remove the line in nova.conf + otherwise, use a integer or a string to define after + how many seconds it will be removed. + Defaults to undef + + ``remove_unused_original_minimum_age_seconds`` + (optional) Unused unresized base images younger + than this will not be removed + If undef is specified, remove the line in nova.conf + otherwise, use a integer or a string to define after + how many seconds it will be removed. + Defaults to undef + + ``libvirt_service_name`` + (optional) libvirt service name. + Defaults to $::nova::params::libvirt_service_name diff --git a/resources/nova_compute_libvirt_puppet/actions/remove.pp b/resources/nova_compute_libvirt_puppet/actions/remove.pp new file mode 100644 index 00000000..b575edb8 --- /dev/null +++ b/resources/nova_compute_libvirt_puppet/actions/remove.pp @@ -0,0 +1 @@ +notify { 'Remove action is not supported upstream': } \ No newline at end of file diff --git a/resources/nova_compute_libvirt_puppet/actions/run.pp b/resources/nova_compute_libvirt_puppet/actions/run.pp new file mode 100644 index 00000000..a33a7761 --- /dev/null +++ b/resources/nova_compute_libvirt_puppet/actions/run.pp @@ -0,0 +1,56 @@ +$resource = hiera($::resource_name) + +$libvirt_virt_type = $resource['input']['libvirt_virt_type']['value'] +$vncserver_listen = $resource['input']['vncserver_listen']['value'] +$migration_support = $resource['input']['migration_support']['value'] +$libvirt_cpu_mode = $resource['input']['libvirt_cpu_mode']['value'] +$libvirt_disk_cachemodes = $resource['input']['libvirt_disk_cachemodes']['value'] +$libvirt_inject_password = $resource['input']['libvirt_inject_password']['value'] +$libvirt_inject_key = $resource['input']['libvirt_inject_key']['value'] +$libvirt_inject_partition = $resource['input']['libvirt_inject_partition']['value'] +$remove_unused_base_images = $resource['input']['remove_unused_base_images']['value'] +$remove_unused_kernels = $resource['input']['remove_unused_kernels']['value'] +$remove_unused_resized_minimum_age_seconds = $resource['input']['remove_unused_resized_minimum_age_seconds']['value'] +$remove_unused_original_minimum_age_seconds = $resource['input']['remove_unused_original_minimum_age_seconds']['value'] +$libvirt_service_name = $resource['input']['libvirt_service_name']['value'] +$libvirt_type = $resource['input']['libvirt_type']['value'] + +class { 'nova::compute::libvirt': + libvirt_virt_type => $libvirt_virt_type, + vncserver_listen => $vncserver_listen, + migration_support => $migration_support, + libvirt_cpu_mode => $libvirt_cpu_mode, + libvirt_disk_cachemodes => $libvirt_disk_cachemodes, + libvirt_inject_password => $libvirt_inject_password, + libvirt_inject_key => $libvirt_inject_key, + libvirt_inject_partition => $libvirt_inject_partition, + remove_unused_base_images => $remove_unused_base_images, + remove_unused_kernels => $remove_unused_kernels, + remove_unused_resized_minimum_age_seconds => $remove_unused_resized_minimum_age_seconds, + remove_unused_original_minimum_age_seconds => $remove_unused_original_minimum_age_seconds, + libvirt_service_name => $libvirt_service_name, + libvirt_type => $libvirt_type, +} + +#exec { 'networking-refresh': +# command => '/sbin/ifdown -a ; /sbin/ifup -a', +#} + +#exec { 'post-nova_config': +# command => '/bin/echo "Nova config has changed"', +#} + +include nova::params + +service { 'nova-compute': + name => $::nova::params::compute_service_name, +} + +package { 'nova-compute': + name => $::nova::params::compute_package_name, +} + +package { 'nova-common': + name => $nova::params::common_package_name, + ensure => $ensure_package, +} diff --git a/resources/nova_compute_libvirt_puppet/meta.yaml b/resources/nova_compute_libvirt_puppet/meta.yaml new file mode 100644 index 00000000..62ae7b25 --- /dev/null +++ b/resources/nova_compute_libvirt_puppet/meta.yaml @@ -0,0 +1,63 @@ +id: nova_compute_libvirt +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + libvirt_virt_type: + schema: str + value: 'kvm' + vncserver_listen: + schema: str + value: '127.0.0.1' + migration_support: + schema: bool + value: false + libvirt_cpu_mode: + schema: str + value: '' + libvirt_disk_cachemodes: + schema: [str] + value: [] + libvirt_inject_password: + schema: str! + value: 'changeme' + libvirt_inject_key: + schema: bool + value: false + libvirt_inject_partition: + schema: str + value: '-2' + remove_unused_base_images: + schema: str + value: '' + remove_unused_kernels: + schema: str + value: '' + remove_unused_resized_minimum_age_seconds: + schema: str + value: '' + remove_unused_original_minimum_age_seconds: + schema: str + value: '' + libvirt_service_name: + schema: str + value: 'libvirt-bin' + libvirt_type: + schema: bool + value: false + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_compute_libvirt_service, resources/nova_compute_libvirt, resources/nova_compute, resources/nova] From 870180af656c2b5c4ed68c9d60c376bfd85244de Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 3 Aug 2015 10:52:26 +0200 Subject: [PATCH 20/24] Fix libvirt inject password input Signed-off-by: Bogdan Dobrelya --- resources/nova_compute_libvirt_puppet/meta.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/nova_compute_libvirt_puppet/meta.yaml b/resources/nova_compute_libvirt_puppet/meta.yaml index 62ae7b25..632787d8 100644 --- a/resources/nova_compute_libvirt_puppet/meta.yaml +++ b/resources/nova_compute_libvirt_puppet/meta.yaml @@ -19,8 +19,8 @@ input: schema: [str] value: [] libvirt_inject_password: - schema: str! - value: 'changeme' + schema: bool + value: false libvirt_inject_key: schema: bool value: false From d8f5971084761a01f479895eaf9dfcccf1f01cfa Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 3 Aug 2015 11:33:38 +0200 Subject: [PATCH 21/24] Add nova_neutron resource. Includes configuration only classes for nova compute: nova::network::neutron and nova::compute::neutron Combined into the single resource as the latter one is too small (it has only 2 conf params) Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 9 +- resources/nova_neutron_puppet/README.md | 109 ++++++++++++++++++ .../nova_neutron_puppet/actions/remove.pp | 1 + resources/nova_neutron_puppet/actions/run.pp | 49 ++++++++ resources/nova_neutron_puppet/meta.yaml | 81 +++++++++++++ 5 files changed, 247 insertions(+), 2 deletions(-) create mode 100644 resources/nova_neutron_puppet/README.md create mode 100644 resources/nova_neutron_puppet/actions/remove.pp create mode 100644 resources/nova_neutron_puppet/actions/run.pp create mode 100644 resources/nova_neutron_puppet/meta.yaml diff --git a/example-puppet.py b/example-puppet.py index 8919162d..abe66b2d 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -361,6 +361,7 @@ def deploy(): signals.connect(nova_puppet, nova_conductor_puppet) # NOVA COMPUTE + # Deploy chain (nova, node_networking(TODO)) -> (nova_compute_libvirt, nova_neutron) -> nova_compute nova_compute_puppet = vr.create('nova_compute_puppet', 'resources/nova_compute_puppet', {})[0] nova_puppet2 = vr.create('nova_puppet2', 'resources/nova_puppet', {})[0] signals.connect(nova_puppet, nova_puppet2, { @@ -374,10 +375,12 @@ def deploy(): signals.connect(node2, nova_puppet2) signals.connect(node2, nova_compute_puppet) - # NOVA COMPUTE LIBVIRT + # NOVA COMPUTE LIBVIRT, NOVA_NEUTRON # NOTE(bogdando): changes nova config, so should notify nova compute service nova_compute_libvirt_puppet = vr.create('nova_compute_libvirt_puppet', 'resources/nova_compute_libvirt_puppet', {})[0] - signals.connect(node2, nova_compute_libvirt_puppet) + signals.connect(node2, nova_compute_libvirt_puppet) + nova_neutron_puppet = vr.create('nova_neutron_puppet', 'resources/nova_neutron_puppet', {})[0] + signals.connect(node2, nova_neutron_puppet) # signals.connect(keystone_puppet, nova_network_puppet, {'ip': 'keystone_host', 'port': 'keystone_port'}) # signals.connect(keystone_puppet, nova_keystone_service_endpoint, {'ip': 'keystone_host', 'admin_port': 'keystone_port', 'admin_token': 'admin_token'}) @@ -510,6 +513,7 @@ def deploy(): actions.resource_action(nova_puppet2, 'run') actions.resource_action(nova_compute_libvirt_puppet, 'run') + actions.resource_action(nova_neutron_puppet, 'run') actions.resource_action(nova_compute_puppet, 'run') actions.resource_action(glance_db, 'run') @@ -542,6 +546,7 @@ def undeploy(): 'nova_api_puppet', 'nova_puppet', 'nova_compute_puppet', + 'nova_neutron_puppet', 'nova_compute_libvirt_puppet', 'nova_puppet2', 'cinder_volume_puppet', diff --git a/resources/nova_neutron_puppet/README.md b/resources/nova_neutron_puppet/README.md new file mode 100644 index 00000000..1824d2af --- /dev/null +++ b/resources/nova_neutron_puppet/README.md @@ -0,0 +1,109 @@ +# Nova neutron resource for puppet handler + +Setup and configure the Nova compute to use Neutron. +Note, it should only be deployed on compute nodes. +Also manage the network driver to use for compute guests +This will use virtio for VM guests and the specified driver for the VIF. + +# Parameters + +source https://github.com/openstack/puppet-nova/blob/5.1.0/manifests/compute/neutron.pp + + ``libvirt_vif_driver`` + (optional) The libvirt VIF driver to configure the VIFs. + Defaults to 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver'. + + ``force_snat_range`` + (optional) Force SNAT rule to specified network for nova-network + Default to 0.0.0.0/0 + Due to architecture constraints in nova_config, it's not possible to setup + more than one SNAT rule though initial parameter is MultiStrOpt + +source https://github.com/openstack/puppet-nova/blob/5.1.0/manifests/network/neutron.pp + + ``neutron_admin_password`` + (required) Password for connecting to Neutron network services in + admin context through the OpenStack Identity service. + + ``neutron_auth_strategy`` + (optional) Should be kept as default 'keystone' for all production deployments. + Defaults to 'keystone' + + ``neutron_url`` + (optional) URL for connecting to the Neutron networking service. + Defaults to 'http://127.0.0.1:9696' + + ``neutron_url_timeout`` + (optional) Timeout value for connecting to neutron in seconds. + Defaults to '30' + + ``neutron_admin_tenant_name`` + (optional) Tenant name for connecting to Neutron network services in + admin context through the OpenStack Identity service. + Defaults to 'services' + + ``neutron_default_tenant_id`` + (optional) Default tenant id when creating neutron networks + Defaults to 'default' + + ``neutron_region_name`` + (optional) Region name for connecting to neutron in admin context + through the OpenStack Identity service. + Defaults to 'RegionOne' + + ``neutron_admin_username`` + (optional) Username for connecting to Neutron network services in admin context + through the OpenStack Identity service. + Defaults to 'neutron' + + ``neutron_ovs_bridge`` + (optional) Name of Integration Bridge used by Open vSwitch + Defaults to 'br-int' + + ``neutron_extension_sync_interval`` + (optional) Number of seconds before querying neutron for extensions + Defaults to '600' + + ``neutron_ca_certificates_file`` + (optional) Location of ca certicates file to use for neutronclient requests. + Defaults to 'None' + + ``neutron_admin_auth_url`` + (optional) Points to the OpenStack Identity server IP and port. + This is the Identity (keystone) admin API server IP and port value, + and not the Identity service API IP and port. + Defaults to 'http://127.0.0.1:35357/v2.0' + + ``network_api_class`` + (optional) The full class name of the network API class. + The default configures Nova to use Neutron for the network API. + Defaults to 'nova.network.neutronv2.api.API' + + ``security_group_api`` + (optional) The full class name of the security API class. + The default configures Nova to use Neutron for security groups. + Set to 'nova' to use standard Nova security groups. + Defaults to 'neutron' + + ``firewall_driver`` + (optional) Firewall driver. + This prevents nova from maintaining a firewall so it does not interfere + with Neutron's. Set to 'nova.virt.firewall.IptablesFirewallDriver' + to re-enable the Nova firewall. + Defaults to 'nova.virt.firewall.NoopFirewallDriver' + + ``vif_plugging_is_fatal`` + (optional) Fail to boot instance if vif plugging fails. + This prevents nova from booting an instance if vif plugging notification + is not received from neutron. + Defaults to 'True' + + ``vif_plugging_timeout`` + (optional) Number of seconds to wait for neutron vif plugging events. + Set to '0' and vif_plugging_is_fatal to 'False' if vif plugging + notification is not being used. + Defaults to '300' + + ``dhcp_domain`` + (optional) domain to use for building the hostnames + Defaults to 'novalocal' \ No newline at end of file diff --git a/resources/nova_neutron_puppet/actions/remove.pp b/resources/nova_neutron_puppet/actions/remove.pp new file mode 100644 index 00000000..cfb90903 --- /dev/null +++ b/resources/nova_neutron_puppet/actions/remove.pp @@ -0,0 +1 @@ +notify { "Nothing to remove here": } \ No newline at end of file diff --git a/resources/nova_neutron_puppet/actions/run.pp b/resources/nova_neutron_puppet/actions/run.pp new file mode 100644 index 00000000..173f13da --- /dev/null +++ b/resources/nova_neutron_puppet/actions/run.pp @@ -0,0 +1,49 @@ +$resource = hiera($::resource_name) + +$libvirt_vif_driver = $resource['input']['libvirt_vif_driver']['value'] +$force_snat_range = $resource['input']['force_snat_range']['value'] +$neutron_admin_password = $resource['input']['neutron_admin_password']['value'] +$neutron_auth_strategy = $resource['input']['neutron_auth_strategy']['value'] +$neutron_url = $resource['input']['neutron_url']['value'] +$neutron_url_timeout = $resource['input']['neutron_url_timeout']['value'] +$neutron_admin_tenant_name = $resource['input']['neutron_admin_tenant_name']['value'] +$neutron_default_tenant_id = $resource['input']['neutron_default_tenant_id']['value'] +$neutron_region_name = $resource['input']['neutron_region_name']['value'] +$neutron_admin_username = $resource['input']['neutron_admin_username']['value'] +$neutron_admin_auth_url = $resource['input']['neutron_admin_auth_url']['value'] +$neutron_ovs_bridge = $resource['input']['neutron_ovs_bridge']['value'] +$neutron_extension_sync_interval = $resource['input']['neutron_extension_sync_interval']['value'] +$neutron_ca_certificates_file = $resource['input']['neutron_ca_certificates_file']['value'] +$network_api_class = $resource['input']['network_api_class']['value'] +$security_group_api = $resource['input']['security_group_api']['value'] +$firewall_driver = $resource['input']['firewall_driver']['value'] +$vif_plugging_is_fatal = $resource['input']['vif_plugging_is_fatal']['value'] +$vif_plugging_timeout = $resource['input']['vif_plugging_timeout']['value'] +$dhcp_domain = $resource['input']['dhcp_domain']['value'] + + +class { 'nova::compute::neutron': + libvirt_vif_driver => $libvirt_vif_driver, + force_snat_range => $force_snat_range, +} + +class { 'nova::network::neutron': + neutron_admin_password => $neutron_admin_password, + neutron_auth_strategy => $neutron_auth_strategy, + neutron_url => $neutron_url, + neutron_url_timeout => $neutron_url_timeout, + neutron_admin_tenant_name => $neutron_admin_tenant_name, + neutron_default_tenant_id => $neutron_default_tenant_id, + neutron_region_name => $neutron_region_name, + neutron_admin_username => $neutron_admin_username, + neutron_admin_auth_url => $neutron_admin_auth_url, + neutron_ovs_bridge => $neutron_ovs_bridge, + neutron_extension_sync_interval => $neutron_extension_sync_interval, + neutron_ca_certificates_file => $neutron_ca_certificates_file, + network_api_class => $network_api_class, + security_group_api => $security_group_api, + firewall_driver => $firewall_driver, + vif_plugging_is_fatal => $vif_plugging_is_fatal, + vif_plugging_timeout => $vif_plugging_timeout, + dhcp_domain => $dhcp_domain, +} diff --git a/resources/nova_neutron_puppet/meta.yaml b/resources/nova_neutron_puppet/meta.yaml new file mode 100644 index 00000000..39a44b19 --- /dev/null +++ b/resources/nova_neutron_puppet/meta.yaml @@ -0,0 +1,81 @@ +id: nova_neutron +handler: puppet +puppet_module: nova +version: 1.0.0 +input: + libvirt_vif_driver: + schema: str + value: 'nova.virt.libvirt.vif.LibvirtGenericVIFDriver' + force_snat_range: + schema: str + value: '0.0.0.0/0' + neutron_admin_password: + schema: str + value: 'neutron' + neutron_auth_strategy: + schema: str + value: 'keystone' + neutron_url: + schema: str + value: 'http://127.0.0.1:9696' + neutron_url_timeout: + schema: int + value: 30 + neutron_admin_tenant_name: + schema: str + value: 'services' + neutron_default_tenant_id: + schema: str + value: 'default' + neutron_region_name: + schema: str + value: 'RegionOne' + neutron_admin_username: + schema: str + value: 'neutron' + neutron_admin_auth_url: + schema: str + value: 'http://127.0.0.1:35357/v2.0' + neutron_ovs_bridge: + schema: str + value: 'br-int' + neutron_extension_sync_interval: + schema: int + value: 600 + neutron_ca_certificates_file: + schema: str + value: '' + network_api_class: + schema: str + value: 'nova.network.neutronv2.api.API' + security_group_api: + schema: str + value: 'neutron' + firewall_driver: + schema: str + value: 'nova.virt.firewall.NoopFirewallDriver' + vif_plugging_is_fatal: + schema: bool + value: true + vif_plugging_timeout: + schema: int + value: 300 + dhcp_domain: + schema: str + value: 'novalocal' + + git: + schema: {repository: str!, branch: str!} + value: {repository: 'https://github.com/openstack/puppet-nova', branch: '5.1.0'} + + ip: + schema: str! + value: + ssh_key: + schema: str! + value: + ssh_user: + schema: str! + value: + +tags: [resource/nova_neutron_service, resources/nova_neutron, resources/nova_compute, resources/nova] From 8989717cd1273a85e9569b98386e1fc5fac64356 Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 3 Aug 2015 12:23:36 +0200 Subject: [PATCH 22/24] TODO fix glance_api_servers for compute Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 1 + 1 file changed, 1 insertion(+) diff --git a/example-puppet.py b/example-puppet.py index abe66b2d..ada6fa58 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -372,6 +372,7 @@ def deploy(): 'keystone_port', 'keystone_host', 'keystone_tenant', 'keystone_user', }) + # TODO(bogdando): Make a connection for nova_puppet2.glance_api_servers = "glance_api_puppet.ip:glance_api_puppet.bind_port" signals.connect(node2, nova_puppet2) signals.connect(node2, nova_compute_puppet) From 51d122118964531bcce9d6ebe63b4b6f1f90c60a Mon Sep 17 00:00:00 2001 From: Bogdan Dobrelya Date: Mon, 3 Aug 2015 13:25:45 +0200 Subject: [PATCH 23/24] Fix glance api servers for nova compute Signed-off-by: Bogdan Dobrelya --- example-puppet.py | 11 ++++++++++- resources/nova_puppet/actions/run.pp | 4 +++- resources/nova_puppet/meta.yaml | 7 +++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/example-puppet.py b/example-puppet.py index ada6fa58..4b22e188 100644 --- a/example-puppet.py +++ b/example-puppet.py @@ -363,7 +363,10 @@ def deploy(): # NOVA COMPUTE # Deploy chain (nova, node_networking(TODO)) -> (nova_compute_libvirt, nova_neutron) -> nova_compute nova_compute_puppet = vr.create('nova_compute_puppet', 'resources/nova_compute_puppet', {})[0] - nova_puppet2 = vr.create('nova_puppet2', 'resources/nova_puppet', {})[0] + # TODO (bogdando) figure out how to use it for multiple glance api servers + nova_puppet2 = vr.create('nova_puppet2', 'resources/nova_puppet', { + 'glance_api_servers': '{{glance_api_servers_host}}:{{glance_api_servers_port}}' + })[0] signals.connect(nova_puppet, nova_puppet2, { 'ensure_package', 'rabbit_host', 'rabbit_password', 'rabbit_port', 'rabbit_userid', @@ -454,6 +457,12 @@ def deploy(): 'pipeline': 'keystone', }) + # Update glance_api_service for nova compute + signals.connect(glance_api_puppet, nova_puppet2, { + 'ip': 'glance_api_servers_host', + 'bind_port': 'glance_api_servers_port' + }) + has_errors = False for r in locals().values(): if not isinstance(r, resource.Resource): diff --git a/resources/nova_puppet/actions/run.pp b/resources/nova_puppet/actions/run.pp index f7005d75..81a59824 100644 --- a/resources/nova_puppet/actions/run.pp +++ b/resources/nova_puppet/actions/run.pp @@ -4,6 +4,8 @@ $db_user = $resource['input']['db_user']['value'] $db_password = $resource['input']['db_password']['value'] $db_name = $resource['input']['db_name']['value'] $db_host = $resource['input']['db_host']['value'] +$glance_api_servers_host = $resource['input']['glance_api_servers_host']['value'] +$glance_api_servers_port = $resource['input']['glance_api_servers_port']['value'] $ensure_package = $resource['input']['ensure_package']['value'] $database_connection = $resource['input']['database_connection']['value'] @@ -76,7 +78,7 @@ class { 'nova': database_idle_timeout => $database_idle_timeout, rpc_backend => $rpc_backend, image_service => $image_service, - glance_api_servers => $glance_api_servers, + glance_api_servers => "${glance_api_servers_host}:${glance_api_servers_port}", memcached_servers => $memcached_servers, rabbit_host => $rabbit_host, rabbit_hosts => $rabbit_hosts, diff --git a/resources/nova_puppet/meta.yaml b/resources/nova_puppet/meta.yaml index 8eb1165c..37f26709 100644 --- a/resources/nova_puppet/meta.yaml +++ b/resources/nova_puppet/meta.yaml @@ -222,6 +222,13 @@ input: schema: str! value: + glance_api_servers_port: + schema: int + value: 9292 + glance_api_servers_host: + schema: 'str' + value: 'localhost' + port: schema: int! value: 8774 From 03eb698bbf601eb51d694de79b77c5205c319350 Mon Sep 17 00:00:00 2001 From: Przemyslaw Kaminski Date: Tue, 4 Aug 2015 09:31:40 +0200 Subject: [PATCH 24/24] Nova API test.py with servers, flavors, images --- resources/cinder_puppet/README.md | 4 +- resources/glance_api_service/test.py | 2 +- resources/glance_puppet/README.md | 2 +- resources/glance_puppet/test.py | 2 +- resources/keystone_service_endpoint/test.py | 2 +- resources/keystone_user/test.py | 2 +- resources/nova_api_puppet/test.py | 92 +++++++++++++++++++++ resources/nova_puppet/README.md | 2 +- solar/solar/core/validation.py | 2 +- 9 files changed, 101 insertions(+), 9 deletions(-) create mode 100644 resources/nova_api_puppet/test.py diff --git a/resources/cinder_puppet/README.md b/resources/cinder_puppet/README.md index 0f288ca8..52021836 100644 --- a/resources/cinder_puppet/README.md +++ b/resources/cinder_puppet/README.md @@ -1,6 +1,6 @@ # Cinder resource for puppet handler -Controlls a live cycle of the cinder entities, +Controls a live cycle of the cinder entities, like the main puppet class, auth, DB, AMQP, packages, keystone user, role and endpoint. @@ -109,4 +109,4 @@ source https://github.com/openstack/puppet-cinder/blob/5.1.0/manifests/init.pp ``sql_connection`` DEPRECATED ``sql_idle_timeout`` - DEPRECATED \ No newline at end of file + DEPRECATED diff --git a/resources/glance_api_service/test.py b/resources/glance_api_service/test.py index 23dcb7de..ba87049c 100644 --- a/resources/glance_api_service/test.py +++ b/resources/glance_api_service/test.py @@ -9,7 +9,7 @@ def test(resource): args = resource.args - token = validation.validate_token( + token, _ = validation.validate_token( keystone_host=args['keystone_host'].value, keystone_port=args['keystone_port'].value, user='glance_admin', diff --git a/resources/glance_puppet/README.md b/resources/glance_puppet/README.md index 8c84b90f..74be1851 100644 --- a/resources/glance_puppet/README.md +++ b/resources/glance_puppet/README.md @@ -1,6 +1,6 @@ # Glance (API) resource for puppet handler -Controlls a live cycle of the glance entities, +Controls a live cycle of the glance entities, like the main puppet class, auth, DB, AMQP, packages, keystone user, role and endpoint, API service. Also configures glance file backend. diff --git a/resources/glance_puppet/test.py b/resources/glance_puppet/test.py index b3ee8f02..e6fece1f 100644 --- a/resources/glance_puppet/test.py +++ b/resources/glance_puppet/test.py @@ -13,7 +13,7 @@ def test(resource): args = resource.args - token = validation.validate_token( + token, _ = validation.validate_token( keystone_host=args['keystone_host'].value, keystone_port=args['keystone_port'].value, user=args['keystone_user'].value, diff --git a/resources/keystone_service_endpoint/test.py b/resources/keystone_service_endpoint/test.py index edeede03..19819125 100644 --- a/resources/keystone_service_endpoint/test.py +++ b/resources/keystone_service_endpoint/test.py @@ -12,7 +12,7 @@ def test(resource): 'http://%s:%s/v3/services' % (resource.args['ip'].value, resource.args['keystone_admin_port'].value), headers={ 'X-Auth-Token': resource.args['admin_token'].value, - } + } ) resp_json = resp.json() diff --git a/resources/keystone_user/test.py b/resources/keystone_user/test.py index fcce9508..f37f375e 100644 --- a/resources/keystone_user/test.py +++ b/resources/keystone_user/test.py @@ -9,7 +9,7 @@ def test(resource): args = resource.args - token = validation.validate_token( + token, _ = validation.validate_token( keystone_host=args['keystone_host'].value, keystone_port=args['keystone_port'].value, user=args['user_name'].value, diff --git a/resources/nova_api_puppet/test.py b/resources/nova_api_puppet/test.py new file mode 100644 index 00000000..ca32863f --- /dev/null +++ b/resources/nova_api_puppet/test.py @@ -0,0 +1,92 @@ +import json +import requests + +from solar.core.log import log +from solar.core import validation + + +def test(resource): + log.debug('Testing nova api') + + args = resource.args + + token, token_data = validation.validate_token( + keystone_host=args['auth_host'].value, + keystone_port=args['auth_port'].value, + user=args['admin_user'].value, + tenant=args['admin_tenant_name'].value, + password=args['admin_password'].value, + ) + + endpoints = [ + e['endpoints'] for e in token_data['access']['serviceCatalog'] + if e['name'] == 'nova' + ][0] + public_url = endpoints[0]['publicURL'] + + log.debug('nova admin_url: %s', public_url) + + servers = requests.get( + '{public_url}/servers/detail'.format(public_url=public_url), + headers={ + 'X-Auth-Token': token, + 'Content-Type': 'application/json', + } + ) + + servers_json = servers.json() + + log.debug( + 'NOVA API SERVERS: %s', + json.dumps(servers_json, indent=2) + ) + + assert 'servers' in servers_json + assert isinstance(servers_json['servers'], list) + + flavors = requests.get( + '{public_url}/flavors'.format(public_url=public_url), + headers={ + 'X-Auth-Token': token, + 'Content-Type': 'application/json', + } + ) + + flavors_json = flavors.json() + + log.debug('NOVA API FLAVORS: %s', json.dumps(flavors_json, indent=2)) + + assert 'flavors' in flavors_json + assert isinstance(flavors_json['flavors'], list) + assert len(flavors_json['flavors']) > 0 + + for flavor_data in flavors_json['flavors']: + url = [link['href'] for link in flavor_data['links'] + if link['rel'] == 'self'][0] + + flavor = requests.get( + url, + headers={ + 'X-Auth-Token': token, + 'Content-Type': 'application/json', + } + ) + + flavor_json = flavor.json() + + log.debug( + 'NOVA API FLAVOR %s data: %s', + flavor_data['name'], + json.dumps(flavor_json, indent=2) + ) + + images = requests.get( + '{public_url}/images'.format(public_url=public_url), + headers={ + 'X-Auth-Token': token, + 'Content-Type': 'application/json', + } + ) + + log.debug('NOVA API IMAGES: %s', images.json()) + diff --git a/resources/nova_puppet/README.md b/resources/nova_puppet/README.md index 76b594e3..ad41226a 100644 --- a/resources/nova_puppet/README.md +++ b/resources/nova_puppet/README.md @@ -1,6 +1,6 @@ # Nova resource for puppet handler -Controlls a live cycle of the nova entities, +Controls a live cycle of the nova entities, like the main puppet class, auth, DB, AMQP, packages, keystone user, role and endpoint. diff --git a/solar/solar/core/validation.py b/solar/solar/core/validation.py index dee5cf11..e4efe4a0 100644 --- a/solar/solar/core/validation.py +++ b/solar/solar/core/validation.py @@ -192,4 +192,4 @@ def validate_token( log.debug('%s TOKEN: %s', user, token) - return token + return token, token_data.json()