1 #Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
15 #Provides HA or non-HA setup for OpenStack Controller with ODL integration
16 #Mandatory common and HA variables are needed to setup each Controller
17 #ha_flag set to true will provide OpenStack HA of the following services:
18 #rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron
19 #includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc)
21 class opnfv::controller_networker {
22 if $odl_rest_port == '' { $odl_rest_port= '8081'}
23 if ($odl_flag != '') and str2bool($odl_flag) {
24 $ml2_mech_drivers = ['opendaylight']
25 $this_agent = 'opendaylight'
27 $ml2_mech_drivers = ['openvswitch','l2population']
31 ##Mandatory Common variables
32 if $admin_email == '' { fail('admin_email is empty') }
34 ##Most users will only care about a single user/password for all services
35 ##so lets create one variable that can be used instead of separate usernames/passwords
36 if !$single_username { $single_username = 'octopus' }
37 if !$single_password { $single_password = 'octopus' }
39 if !$keystone_admin_token { $keystone_admin_token = $single_password }
40 if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
41 if !$mysql_root_password { $mysql_root_password = $single_password }
42 if !$admin_password { $admin_password = $single_password }
44 ##Check for HA, if not leave old functionality alone
45 if $ha_flag and str2bool($ha_flag) {
46 ##Mandatory HA variables
47 if !$controllers_ip_array { fail('controllers_ip_array is empty') }
48 $controllers_ip_array_str = $controllers_ip_array
49 $controllers_ip_array = split($controllers_ip_array, ',')
50 if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
51 $controllers_hostnames_array_str = $controllers_hostnames_array
52 $controllers_hostnames_array = split($controllers_hostnames_array, ',')
53 if !$amqp_vip { fail('amqp_vip is empty') }
54 if !$private_subnet { fail('private_subnet is empty')}
55 if !$cinder_admin_vip { fail('cinder_admin_vip is empty') }
56 if !$cinder_private_vip { fail('cinder_private_vip is empty') }
57 if !$cinder_public_vip { fail('cinder_public_vip is empty') }
58 if !$db_vip { fail('db_vip is empty') }
59 if !$glance_admin_vip { fail('glance_admin_vip is empty') }
60 if !$glance_private_vip { fail('glance_private_vip is empty') }
61 if !$glance_public_vip { fail('glance_public_vip is empty') }
62 if !$horizon_admin_vip { fail('horizon_admin_vip is empty') }
63 if !$horizon_private_vip { fail('horizon_private_vip is empty') }
64 if !$horizon_public_vip { fail('horizon_public_vip is empty') }
65 if !$keystone_admin_vip { fail('keystone_admin_vip is empty') }
66 if !$keystone_private_vip { fail('keystone_private_vip is empty') }
67 if !$keystone_public_vip { fail('keystone_public_vip is empty') }
68 if !$loadbalancer_vip { fail('loadbalancer_vip is empty') }
69 if !$neutron_admin_vip { fail('neutron_admin_vip is empty') }
70 if !$neutron_private_vip { fail('neutron_private_vip is empty') }
71 if !$neutron_public_vip { fail('neutron_public_vip is empty') }
72 if !$nova_admin_vip { fail('nova_admin_vip is empty') }
73 if !$nova_private_vip { fail('nova_private_vip is empty') }
74 if !$nova_public_vip { fail('nova_public_vip is empty') }
75 if $private_network == '' { fail('private_network is empty') }
76 if !$heat_admin_vip { fail('heat_admin_vip is empty') }
77 if !$heat_private_vip { fail('heat_private_vip is empty') }
78 if !$heat_public_vip { fail('heat_public_vip is empty') }
79 if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') }
80 if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') }
81 if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') }
83 ##Find private interface
84 $ovs_tunnel_if = get_nic_from_network("$private_network")
86 ##Optional HA variables
87 if !$amqp_username { $amqp_username = $single_username }
88 if !$amqp_password { $amqp_password = $single_password }
89 if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' }
90 if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' }
91 if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array }
92 if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array}
93 if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' }
94 if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' }
95 if !$ceph_public_network { $ceph_public_network = $private_subnet }
96 if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' }
97 if !$cinder_db_password { $cinder_db_password = $single_password }
98 if !$cinder_user_password { $cinder_user_password = $single_password }
99 if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
100 if !$horizon_secret { $horizon_secret = $single_password }
101 if !$glance_db_password { $glance_db_password = $single_password }
102 if !$glance_user_password { $glance_user_password = $single_password }
103 if !$keystone_db_password { $keystone_db_password = $single_password }
104 if !$keystone_user_password { $keystone_user_password = $single_password }
105 if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
106 if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array }
107 if !$neutron_db_password { $neutron_db_password = $single_password }
108 if !$neutron_user_password { $neutron_user_password = $single_password }
109 if !$neutron_metadata_proxy_secret { $neutron_metadata_proxy_secret = $single_password }
110 if !$nova_db_password { $nova_db_password = $single_password }
111 if !$nova_user_password { $nova_user_password = $single_password }
112 if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
113 if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
114 if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
115 if !$heat_user_password { $heat_user_password = $single_password }
116 if !$heat_db_password { $heat_db_password = $single_password }
117 if !$heat_cfn_user_password { $heat_cfn_user_password = $single_password }
118 if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' }
119 if !$storage_network {
120 $storage_iface = $ovs_tunnel_if
122 $storage_iface = get_nic_from_network("$storage_network")
125 ##we assume here that if not provided, the first controller is where ODL will reside
126 ##this is fine for now as we will replace ODL with ODL HA when it is ready
127 if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] }
129 ###find interface ip of storage network
130 $osd_ip = find_ip("",
134 if ($external_network_flag != '') and str2bool($external_network_flag) {
135 class { "opnfv::external_net_presetup":
137 require => Class['opnfv::repo'],
141 class { "opnfv::ceph_deploy":
143 osd_pool_default_size => $ceph_osd_pool_size,
144 osd_journal_size => $ceph_osd_journal_size,
145 mon_initial_members => $controllers_hostnames_array_str,
146 mon_host => $controllers_ip_array_str,
148 public_network => $ceph_public_network,
149 cluster_network => $ceph_public_network,
150 images_key => $ceph_images_key,
151 volumes_key => $ceph_volumes_key,
154 class { "quickstack::openstack_common": }
156 class { "quickstack::pacemaker::params":
157 amqp_password => $amqp_password,
158 amqp_username => $amqp_username,
159 amqp_vip => $amqp_vip,
160 ceph_cluster_network => $private_subnet,
161 ceph_fsid => $ceph_fsid,
162 ceph_images_key => $ceph_images_key,
163 ceph_mon_host => $ceph_mon_host,
164 ceph_mon_initial_members => $ceph_mon_initial_members,
165 ceph_osd_journal_size => $ceph_osd_journal_size,
166 ceph_osd_pool_size => $ceph_osd_pool_size,
167 ceph_public_network => $ceph_public_network,
168 ceph_volumes_key => $ceph_volumes_key,
169 cinder_admin_vip => $cinder_admin_vip,
170 cinder_db_password => $cinder_db_password,
171 cinder_private_vip => $cinder_private_vip,
172 cinder_public_vip => $cinder_public_vip,
173 cinder_user_password => $cinder_user_password,
174 cluster_control_ip => $cluster_control_ip,
176 glance_admin_vip => $glance_admin_vip,
177 glance_db_password => $glance_db_password,
178 glance_private_vip => $glance_private_vip,
179 glance_public_vip => $glance_public_vip,
180 glance_user_password => $glance_user_password,
181 heat_auth_encryption_key => $heat_auth_encryption_key,
182 heat_cfn_admin_vip => $heat_cfn_admin_vip,
183 heat_cfn_private_vip => $heat_cfn_private_vip,
184 heat_cfn_public_vip => $heat_cfn_public_vip,
185 heat_cfn_user_password => $heat_cfn_user_password,
186 heat_cloudwatch_enabled => 'true',
187 heat_cfn_enabled => 'true',
188 heat_db_password => $heat_db_password,
189 heat_admin_vip => $heat_admin_vip,
190 heat_private_vip => $heat_private_vip,
191 heat_public_vip => $heat_public_vip,
192 heat_user_password => $heat_user_password,
193 horizon_admin_vip => $horizon_admin_vip,
194 horizon_private_vip => $horizon_private_vip,
195 horizon_public_vip => $horizon_public_vip,
196 include_ceilometer => 'false',
197 include_cinder => 'true',
198 include_glance => 'true',
199 include_heat => 'true',
200 include_horizon => 'true',
201 include_keystone => 'true',
202 include_neutron => 'true',
203 include_nosql => 'false',
204 include_nova => 'true',
205 include_swift => 'false',
206 keystone_admin_vip => $keystone_admin_vip,
207 keystone_db_password => $keystone_db_password,
208 keystone_private_vip => $keystone_private_vip,
209 keystone_public_vip => $keystone_public_vip,
210 keystone_user_password => $keystone_user_password,
211 lb_backend_server_addrs => $lb_backend_server_addrs,
212 lb_backend_server_names => $lb_backend_server_names,
213 loadbalancer_vip => $loadbalancer_vip,
215 neutron_admin_vip => $neutron_admin_vip,
216 neutron_db_password => $neutron_db_password,
217 neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret,
218 neutron_private_vip => $neutron_private_vip,
219 neutron_public_vip => $neutron_public_vip,
220 neutron_user_password => $neutron_user_password,
221 nova_admin_vip => $nova_admin_vip,
222 nova_db_password => $nova_db_password,
223 nova_private_vip => $nova_private_vip,
224 nova_public_vip => $nova_public_vip,
225 nova_user_password => $nova_user_password,
226 pcmk_iface => $ovs_tunnel_if,
227 pcmk_server_addrs => $pcmk_server_addrs,
228 pcmk_server_names => $pcmk_server_names,
229 private_iface => $ovs_tunnel_if,
232 class { "quickstack::pacemaker::common": }
234 class { "quickstack::pacemaker::load_balancer": }
236 class { "quickstack::pacemaker::galera":
237 mysql_root_password => $mysql_root_password,
238 wsrep_cluster_members => $controllers_ip_array,
241 class { "quickstack::pacemaker::qpid": }
243 class { "quickstack::pacemaker::rabbitmq": }
245 class { "quickstack::pacemaker::keystone":
246 admin_email => $admin_email,
247 admin_password => $admin_password,
248 admin_token => $keystone_admin_token,
252 keystonerc => 'true',
253 use_syslog => 'true',
257 class { "quickstack::pacemaker::swift": }
259 class { "quickstack::pacemaker::glance":
262 pcmk_fs_manage => 'false',
267 class { "quickstack::pacemaker::nova":
268 neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
271 class { "quickstack::pacemaker::cinder":
273 rbd_secret_uuid => $rbd_secret_uuid,
279 class { "quickstack::pacemaker::heat":
284 class { "quickstack::pacemaker::constraints": }
286 class { "quickstack::pacemaker::nosql": }
288 class { "quickstack::pacemaker::memcached": }
290 class { "quickstack::pacemaker::ceilometer":
291 ceilometer_metering_secret => $single_password,
294 class { "quickstack::pacemaker::horizon":
295 horizon_ca => '/etc/ipa/ca.crt',
296 horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
297 horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key',
298 secret_key => $horizon_secret,
302 class { "quickstack::pacemaker::neutron":
303 agent_type => $this_agent,
304 enable_tunneling => 'true',
305 external_network_bridge => 'br-ex',
306 ml2_mechanism_drivers => $ml2_mech_drivers,
307 ml2_network_vlan_ranges => ["physnet1:10:50"],
308 odl_controller_ip => $odl_control_ip,
309 odl_controller_port => $odl_rest_port,
310 ovs_tunnel_iface => $ovs_tunnel_if,
311 ovs_tunnel_types => ["vxlan"],
313 neutron_conf_additional_params => { default_quota => 'default',
314 quota_network => '50',
315 quota_subnet => '50',
316 quota_port => 'default',
317 quota_security_group => '50',
318 quota_security_group_rule => 'default',
319 quota_vip => 'default',
320 quota_pool => 'default',
321 quota_router => '50',
322 quota_floatingip => '100',
323 network_auto_schedule => 'default',
327 if ($external_network_flag != '') and str2bool($external_network_flag) {
328 class { "opnfv::external_net_setup": }
332 ##Mandatory Non-HA parameters
333 if $private_network == '' { fail('private_network is empty') }
334 if $public_network == '' { fail('public_network is empty') }
336 ##Optional Non-HA parameters
337 if !$amqp_username { $amqp_username = $single_username }
338 if !$amqp_password { $amqp_password = $single_password }
339 if !$mysql_root_password { $mysql_root_password = $single_password }
340 if !$keystone_db_password { $keystone_db_password = $single_password }
341 if !$horizon_secret_key { $horizon_secret_key = $single_password }
342 if !$nova_db_password { $nova_db_password = $single_password }
343 if !$nova_user_password { $nova_user_password = $single_password }
344 if !$cinder_db_password { $cinder_db_password = $single_password }
345 if !$cinder_user_password { $cinder_user_password = $single_password }
346 if !$glance_db_password { $glance_db_password = $single_password }
347 if !$glance_user_password { $glance_user_password = $single_password }
348 if !$neutron_db_password { $neutron_db_password = $single_password }
349 if !$neutron_user_password { $neutron_user_password = $single_password }
350 if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
351 if !$ceilometer_user_password { $ceilometer_user_password = $single_password }
352 if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password }
353 if !$heat_user_password { $heat_user_password = $single_password }
354 if !$heat_db_password { $heat_db_password = $single_password }
355 if !$heat_auth_encryption_key { $heat_auth_encryption_key = 'octopus1octopus1' }
356 if !$swift_user_password { $swift_user_password = $single_password }
357 if !$swift_shared_secret { $swift_shared_secret = $single_password }
358 if !$swift_admin_password { $swift_admin_password = $single_password }
360 ##Find private interface
361 $ovs_tunnel_if = get_nic_from_network("$private_network")
363 $private_ip = get_ip_from_nic("$ovs_tunnel_if")
365 $public_nic = get_nic_from_network("$public_network")
366 $public_ip = get_ip_from_nic("$public_nic")
368 if !$mysql_ip { $mysql_ip = $private_ip }
369 if !$amqp_ip { $amqp_ip = $private_ip }
370 if !$memcache_ip { $memcache_ip = $private_ip }
371 if !$neutron_ip { $neutron_ip = $private_ip }
372 if !$odl_control_ip { $odl_control_ip = $private_ip }
374 class { "quickstack::neutron::controller_networker":
375 admin_email => $admin_email,
376 admin_password => $admin_password,
377 agent_type => $this_agent,
378 enable_tunneling => true,
379 ovs_tunnel_iface => $ovs_tunnel_if,
380 ovs_tunnel_network => '',
381 ovs_tunnel_types => ['vxlan'],
382 ovs_l2_population => 'True',
383 external_network_bridge => 'br-ex',
384 tenant_network_type => 'vxlan',
385 tunnel_id_ranges => '1:1000',
386 controller_admin_host => $private_ip,
387 controller_priv_host => $private_ip,
388 controller_pub_host => $public_ip,
390 #support_profile => $quickstack::params::support_profile,
391 #freeipa => $quickstack::params::freeipa,
393 mysql_host => $mysql_ip,
394 mysql_root_password => $mysql_root_password,
395 #amqp_provider => $amqp_provider,
396 amqp_host => $amqp_ip,
397 amqp_username => $amqp_username,
398 amqp_password => $amqp_password,
399 #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password,
401 keystone_admin_token => $keystone_admin_token,
402 keystone_db_password => $keystone_db_password,
404 ceilometer_metering_secret => $ceilometer_metering_secret,
405 ceilometer_user_password => $ceilometer_user_password,
407 cinder_backend_gluster => $quickstack::params::cinder_backend_gluster,
408 cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name,
409 cinder_gluster_shares => $quickstack::params::cinder_gluster_shares,
410 cinder_user_password => $cinder_user_password,
411 cinder_db_password => $cinder_db_password,
413 glance_db_password => $glance_db_password,
414 glance_user_password => $glance_user_password,
417 heat_cloudwatch => true,
418 heat_db_password => $heat_db_password,
419 heat_user_password => $heat_user_password,
420 heat_auth_encrypt_key => $heat_auth_encrypt_key,
422 horizon_secret_key => $horizon_secret_key,
423 horizon_ca => $quickstack::params::horizon_ca,
424 horizon_cert => $quickstack::params::horizon_cert,
425 horizon_key => $quickstack::params::horizon_key,
429 ml2_mechanism_drivers => $ml2_mech_drivers,
432 neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
433 neutron_db_password => $neutron_db_password,
434 neutron_user_password => $neutron_user_password,
436 nova_db_password => $nova_db_password,
437 nova_user_password => $nova_user_password,
439 odl_controller_ip => $odl_control_ip,
440 odl_controller_port => $odl_rest_port,
442 swift_shared_secret => $swift_shared_secret,
443 swift_admin_password => $swift_admin_password,
444 swift_ringserver_ip => '192.168.203.1',
445 swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"],
446 swift_storage_device => 'device1',