1 # Copyright 2014 Red Hat, Inc.
4 # Licensed under the Apache License, Version 2.0 (the "License"); you may
5 # not use this file except in compliance with the License. You may obtain
6 # a copy of the License at
8 # http://www.apache.org/licenses/LICENSE-2.0
10 # Unless required by applicable law or agreed to in writing, software
11 # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12 # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13 # License for the specific language governing permissions and limitations
16 if hiera('step') >= 1 {
21 class { 'mysql::server':
24 'bind-address' => hiera('controller_host')
29 # FIXME: this should only occur on the bootstrap host (ditto for db syncs)
30 # Create all the database schemas
31 # Example DSN format: mysql://user:password@host/dbname
32 $allowed_hosts = ['%',hiera('controller_host')]
33 $keystone_dsn = split(hiera('keystone::database_connection'), '[@:/?]')
34 class { 'keystone::db::mysql':
35 user => $keystone_dsn[3],
36 password => $keystone_dsn[4],
37 host => $keystone_dsn[5],
38 dbname => $keystone_dsn[6],
39 allowed_hosts => $allowed_hosts,
41 $glance_dsn = split(hiera('glance::api::database_connection'), '[@:/?]')
42 class { 'glance::db::mysql':
43 user => $glance_dsn[3],
44 password => $glance_dsn[4],
45 host => $glance_dsn[5],
46 dbname => $glance_dsn[6],
47 allowed_hosts => $allowed_hosts,
49 $nova_dsn = split(hiera('nova::database_connection'), '[@:/?]')
50 class { 'nova::db::mysql':
52 password => $nova_dsn[4],
54 dbname => $nova_dsn[6],
55 allowed_hosts => $allowed_hosts,
57 $neutron_dsn = split(hiera('neutron::server::database_connection'), '[@:/?]')
58 class { 'neutron::db::mysql':
59 user => $neutron_dsn[3],
60 password => $neutron_dsn[4],
61 host => $neutron_dsn[5],
62 dbname => $neutron_dsn[6],
63 allowed_hosts => $allowed_hosts,
65 $cinder_dsn = split(hiera('cinder::database_connection'), '[@:/?]')
66 class { 'cinder::db::mysql':
67 user => $cinder_dsn[3],
68 password => $cinder_dsn[4],
69 host => $cinder_dsn[5],
70 dbname => $cinder_dsn[6],
71 allowed_hosts => $allowed_hosts,
73 $heat_dsn = split(hiera('heat::database_connection'), '[@:/?]')
74 class { 'heat::db::mysql':
76 password => $heat_dsn[4],
78 dbname => $heat_dsn[6],
79 allowed_hosts => $allowed_hosts,
81 $ceilometer_dsn = split(hiera('ceilometer::db::database_connection'), '[@:/?]')
82 class { 'ceilometer::db::mysql':
83 user => $ceilometer_dsn[3],
84 password => $ceilometer_dsn[4],
85 host => $ceilometer_dsn[5],
86 dbname => $ceilometer_dsn[6],
87 allowed_hosts => $allowed_hosts,
90 if $::osfamily == 'RedHat' {
91 $rabbit_provider = 'yum'
93 $rabbit_provider = undef
96 Class['rabbitmq'] -> Rabbitmq_vhost <| |>
97 Class['rabbitmq'] -> Rabbitmq_user <| |>
98 Class['rabbitmq'] -> Rabbitmq_user_permissions <| |>
102 package_provider => $rabbit_provider,
103 config_cluster => false,
104 node_ip_address => hiera('controller_host'),
107 rabbitmq_vhost { '/':
108 provider => 'rabbitmqctl',
110 rabbitmq_user { ['nova','glance','neutron','cinder','ceilometer','heat']:
112 password => hiera('rabbit_password'),
113 provider => 'rabbitmqctl',
116 rabbitmq_user_permissions {[
124 configure_permission => '.*',
125 write_permission => '.*',
126 read_permission => '.*',
127 provider => 'rabbitmqctl',
130 # pre-install swift here so we can build rings
135 if hiera('step') >= 2 {
139 #TODO: need a cleanup-keystone-tokens.sh solution here
141 'ec2/driver': value => 'keystone.contrib.ec2.backends.sql.Ec2';
143 file { [ '/etc/keystone/ssl', '/etc/keystone/ssl/certs', '/etc/keystone/ssl/private' ]:
144 ensure => 'directory',
147 require => Package['keystone'],
149 file { '/etc/keystone/ssl/certs/signing_cert.pem':
150 content => hiera('keystone_signing_certificate'),
153 notify => Service['keystone'],
154 require => File['/etc/keystone/ssl/certs'],
156 file { '/etc/keystone/ssl/private/signing_key.pem':
157 content => hiera('keystone_signing_key'),
160 notify => Service['keystone'],
161 require => File['/etc/keystone/ssl/private'],
163 file { '/etc/keystone/ssl/certs/ca.pem':
164 content => hiera('keystone_ca_certificate'),
167 notify => Service['keystone'],
168 require => File['/etc/keystone/ssl/certs'],
171 # TODO: notifications, scrubber, etc.
172 include ::glance::api
173 include ::glance::registry
174 class { 'glance::backend::swift':
175 swift_store_auth_address => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
179 rabbit_hosts => [hiera('controller_virtual_ip')],
180 glance_api_servers => join([hiera('glance_protocol'), '://', hiera('controller_virtual_ip'), ':', hiera('glance_port')]),
185 include ::nova::conductor
186 include ::nova::consoleauth
187 include ::nova::vncproxy
188 include ::nova::scheduler
191 rabbit_hosts => [hiera('controller_virtual_ip')],
194 include ::neutron::server
195 include ::neutron::agents::dhcp
196 include ::neutron::agents::l3
198 file { '/etc/neutron/dnsmasq-neutron.conf':
199 content => hiera('neutron_dnsmasq_options'),
202 notify => Service['neutron-dhcp-service'],
203 require => Package['neutron'],
206 class { 'neutron::plugins::ml2':
207 flat_networks => split(hiera('neutron_flat_networks'), ','),
208 tenant_network_types => [hiera('neutron_tenant_network_type')],
209 type_drivers => [hiera('neutron_tenant_network_type')],
212 class { 'neutron::agents::ml2::ovs':
213 bridge_mappings => split(hiera('neutron_bridge_mappings'), ','),
214 tunnel_types => split(hiera('neutron_tunnel_types'), ','),
217 class { 'neutron::agents::metadata':
218 auth_url => join(['http://', hiera('controller_virtual_ip'), ':35357/v2.0']),
222 rabbit_hosts => [hiera('controller_virtual_ip')],
225 include ::cinder::api
226 include ::cinder::scheduler
227 include ::cinder::volume
228 include ::cinder::volume::iscsi
229 class {'cinder::setup_test_volume':
230 size => join([hiera('cinder_lvm_loop_device_size'), 'M']),
235 include ::swift::proxy
236 include ::swift::proxy::proxy_logging
237 include ::swift::proxy::healthcheck
238 include ::swift::proxy::cache
239 include ::swift::proxy::keystone
240 include ::swift::proxy::authtoken
241 include ::swift::proxy::staticweb
242 include ::swift::proxy::ceilometer
243 include ::swift::proxy::ratelimit
244 include ::swift::proxy::catch_errors
245 include ::swift::proxy::tempurl
246 include ::swift::proxy::formpost
249 class {'swift::storage::all':
250 mount_check => str2bool(hiera('swift_mount_check'))
252 if(!defined(File['/srv/node'])) {
257 require => Package['openstack-swift'],
260 $swift_components = ['account', 'container', 'object']
261 swift::storage::filter::recon { $swift_components : }
262 swift::storage::filter::healthcheck { $swift_components : }
266 include ::ceilometer::api
267 include ::ceilometer::db
268 include ::ceilometer::agent::notification
269 include ::ceilometer::agent::central
270 include ::ceilometer::alarm::notifier
271 include ::ceilometer::alarm::evaluator
272 include ::ceilometer::expirer
273 include ::ceilometer::collector
274 class { 'ceilometer::agent::auth':
275 auth_url => join(['http://', hiera('controller_virtual_ip'), ':5000/v2.0']),
278 Cron <| title == 'ceilometer-expirer' |> { command => "sleep $((\$(od -A n -t d -N 3 /dev/urandom) % 86400)) && ${::ceilometer::params::expirer_command}" }
283 include ::heat::api_cfn
284 include ::heat::api_cloudwatch
285 include ::heat::engine
288 'DEFAULT/instance_user': value => 'heat-admin';
291 $snmpd_user = hiera('snmpd_readonly_user_name')
292 snmp::snmpv3_user { $snmpd_user:
294 authpass => hiera('snmpd_readonly_user_password'),
297 agentaddress => ['udp:161','udp6:[::1]:161'],
298 snmpd_config => [ join(['rouser ', hiera('snmpd_readonly_user_name')]), 'proc cron', 'includeAllDisks 10%', 'master agentx', 'trapsink localhost public', 'iquerySecName internalUser', 'rouser internalUser', 'defaultMonitors yes', 'linkUpDownNotifications yes' ],