common/puppet-opnfv/manifests/controller_networker.pp

   1 #Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
   2 #
   3 #   Licensed under the Apache License, Version 2.0 (the "License");
   4 #   you may not use this file except in compliance with the License.
   5 #   You may obtain a copy of the License at
   6 #
   7 #       http://www.apache.org/licenses/LICENSE-2.0
   8 #
   9 #   Unless required by applicable law or agreed to in writing, software
  10 #   distributed under the License is distributed on an "AS IS" BASIS,
  11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 #   See the License for the specific language governing permissions and
  13 #   limitations under the License.
  14 #
  15 #Provides HA or non-HA setup for OpenStack Controller with ODL integration
  16 #Mandatory common and HA variables are needed to setup each Controller
  17 #ha_flag set to true will provide OpenStack HA of the following services:
  18 #rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron
  19 #includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc)
  20
  21 class opnfv::controller_networker {
  22   if $odl_rest_port == '' { $odl_rest_port= '8081'}
  23   if ($odl_flag != '') and str2bool($odl_flag) {
  24      $ml2_mech_drivers = ['opendaylight']
  25      $this_agent = 'opendaylight'
  26   } else {
  27     $ml2_mech_drivers = ['openvswitch','l2population']
  28     $this_agent = 'ovs'
  29   }
  30
  31   ##Mandatory Common variables
  32   if $admin_email == '' { fail('admin_email is empty') }
  33
  34   ##Most users will only care about a single user/password for all services
  35   ##so lets create one variable that can be used instead of separate usernames/passwords
  36   if !$single_username { $single_username = 'octopus' }
  37   if !$single_password { $single_password = 'octopus' }
  38
  39   if !$keystone_admin_token { $keystone_admin_token = $single_password }
  40   if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
  41   if !$mysql_root_password { $mysql_root_password = $single_password }
  42   if !$admin_password { $admin_password = $single_password }
  43
  44   ##Check for HA, if not leave old functionality alone
  45   if $ha_flag and str2bool($ha_flag) {
  46     ##Mandatory HA variables
  47     if !$controllers_ip_array { fail('controllers_ip_array is empty') }
  48     $controllers_ip_array_str = $controllers_ip_array
  49     $controllers_ip_array = split($controllers_ip_array, ',')
  50     if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
  51     $controllers_hostnames_array_str = $controllers_hostnames_array
  52     $controllers_hostnames_array = split($controllers_hostnames_array, ',')
  53     if !$amqp_vip { fail('amqp_vip is empty') }
  54     if !$private_subnet { fail('private_subnet is empty')}
  55     if !$cinder_admin_vip { fail('cinder_admin_vip is empty') }
  56     if !$cinder_private_vip { fail('cinder_private_vip is empty') }
  57     if !$cinder_public_vip { fail('cinder_public_vip is empty') }
  58     if !$db_vip { fail('db_vip is empty') }
  59     if !$glance_admin_vip { fail('glance_admin_vip is empty') }
  60     if !$glance_private_vip { fail('glance_private_vip is empty') }
  61     if !$glance_public_vip { fail('glance_public_vip is empty') }
  62     if !$horizon_admin_vip { fail('horizon_admin_vip is empty') }
  63     if !$horizon_private_vip { fail('horizon_private_vip is empty') }
  64     if !$horizon_public_vip { fail('horizon_public_vip is empty') }
  65     if !$keystone_admin_vip { fail('keystone_admin_vip is empty') }
  66     if !$keystone_private_vip { fail('keystone_private_vip is empty') }
  67     if !$keystone_public_vip { fail('keystone_public_vip is empty') }
  68     if !$loadbalancer_vip { fail('loadbalancer_vip is empty') }
  69     if !$neutron_admin_vip { fail('neutron_admin_vip is empty') }
  70     if !$neutron_private_vip { fail('neutron_private_vip is empty') }
  71     if !$neutron_public_vip { fail('neutron_public_vip is empty') }
  72     if !$nova_admin_vip { fail('nova_admin_vip is empty') }
  73     if !$nova_private_vip { fail('nova_private_vip is empty') }
  74     if !$nova_public_vip { fail('nova_public_vip is empty') }
  75     if $private_network == '' { fail('private_network is empty') }
  76     if !$heat_admin_vip { fail('heat_admin_vip is empty') }
  77     if !$heat_private_vip { fail('heat_private_vip is empty') }
  78     if !$heat_public_vip { fail('heat_public_vip is empty') }
  79     if !$heat_cfn_admin_vip { fail('heat_cfn_admin_vip is empty') }
  80     if !$heat_cfn_private_vip { fail('heat_cfn_private_vip is empty') }
  81     if !$heat_cfn_public_vip { fail('heat_cfn_public_vip is empty') }
  82
  83     ##Find private interface
  84     $ovs_tunnel_if = get_nic_from_network("$private_network")
  85
  86     ##Optional HA variables
  87     if !$amqp_username  { $amqp_username = $single_username }
  88     if !$amqp_password  { $amqp_password = $single_password }
  89     if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' }
  90     if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' }
  91     if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array }
  92     if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array}
  93     if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' }
  94     if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' }
  95     if !$ceph_public_network { $ceph_public_network = $private_subnet }
  96     if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' }
  97     if !$cinder_db_password { $cinder_db_password = $single_password }
  98     if !$cinder_user_password { $cinder_user_password = $single_password }
  99     if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
 100     if !$horizon_secret { $horizon_secret = $single_password }
 101     if !$glance_db_password { $glance_db_password = $single_password }
 102     if !$glance_user_password { $glance_user_password = $single_password }
 103     if !$keystone_db_password { $keystone_db_password = $single_password }
 104     if !$keystone_user_password { $keystone_user_password = $single_password }
 105     if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
 106     if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array }
 107     if !$neutron_db_password  { $neutron_db_password = $single_password }
 108     if !$neutron_user_password  { $neutron_user_password = $single_password }
 109     if !$neutron_metadata_proxy_secret { $neutron_metadata_proxy_secret = $single_password }
 110     if !$nova_db_password { $nova_db_password = $single_password }
 111     if !$nova_user_password { $nova_user_password = $single_password }
 112     if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
 113     if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
 114     if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
 115     if !$heat_user_password  { $heat_user_password = $single_password }
 116     if !$heat_db_password  { $heat_db_password = $single_password }
 117     if !$heat_cfn_user_password  { $heat_cfn_user_password = $single_password }
 118     if !$heat_auth_encryption_key  { $heat_auth_encryption_key = 'octopus1octopus1' }
 119     if !$storage_network {
 120           $storage_iface = $ovs_tunnel_if
 121     } else {
 122           $storage_iface = get_nic_from_network("$storage_network")
 123     }
 124
 125     ##we assume here that if not provided, the first controller is where ODL will reside
 126     ##this is fine for now as we will replace ODL with ODL HA when it is ready
 127     if $odl_control_ip == '' { $odl_control_ip =  $controllers_ip_array[0] }
 128
 129     ###find interface ip of storage network
 130     $osd_ip = find_ip("",
 131                       "$storage_iface",
 132                       "")
 133
 134     if ($external_network_flag != '') and str2bool($external_network_flag) {
 135       class { "opnfv::external_net_presetup":
 136         stage   => presetup,
 137         require => Class['opnfv::repo'],
 138       }
 139     }
 140
 141     class { "opnfv::ceph_deploy":
 142       fsid                     => $ceph_fsid,
 143       osd_pool_default_size    => $ceph_osd_pool_size,
 144       osd_journal_size         => $ceph_osd_journal_size,
 145       mon_initial_members      => $controllers_hostnames_array_str,
 146       mon_host                 => $controllers_ip_array_str,
 147       osd_ip                   => $osd_ip,
 148       public_network           => $ceph_public_network,
 149       cluster_network          => $ceph_public_network,
 150       images_key               => $ceph_images_key,
 151       volumes_key              => $ceph_volumes_key,
 152     }
 153     ->
 154     class { "quickstack::openstack_common": }
 155     ->
 156     class { "quickstack::pacemaker::params":
 157       amqp_password            => $amqp_password,
 158       amqp_username            => $amqp_username,
 159       amqp_vip                 => $amqp_vip,
 160       ceph_cluster_network     => $private_subnet,
 161       ceph_fsid                => $ceph_fsid,
 162       ceph_images_key          => $ceph_images_key,
 163       ceph_mon_host            => $ceph_mon_host,
 164       ceph_mon_initial_members => $ceph_mon_initial_members,
 165       ceph_osd_journal_size    => $ceph_osd_journal_size,
 166       ceph_osd_pool_size       => $ceph_osd_pool_size,
 167       ceph_public_network      => $ceph_public_network,
 168       ceph_volumes_key         => $ceph_volumes_key,
 169       cinder_admin_vip         => $cinder_admin_vip,
 170       cinder_db_password       => $cinder_db_password,
 171       cinder_private_vip       => $cinder_private_vip,
 172       cinder_public_vip        => $cinder_public_vip,
 173       cinder_user_password     => $cinder_user_password,
 174       cluster_control_ip       => $cluster_control_ip,
 175       db_vip                   => $db_vip,
 176       glance_admin_vip         => $glance_admin_vip,
 177       glance_db_password       => $glance_db_password,
 178       glance_private_vip       => $glance_private_vip,
 179       glance_public_vip        => $glance_public_vip,
 180       glance_user_password     => $glance_user_password,
 181       heat_auth_encryption_key => $heat_auth_encryption_key,
 182       heat_cfn_admin_vip       => $heat_cfn_admin_vip,
 183       heat_cfn_private_vip     => $heat_cfn_private_vip,
 184       heat_cfn_public_vip      => $heat_cfn_public_vip,
 185       heat_cfn_user_password   => $heat_cfn_user_password,
 186       heat_cloudwatch_enabled  => 'true',
 187       heat_cfn_enabled         => 'true',
 188       heat_db_password         => $heat_db_password,
 189       heat_admin_vip           => $heat_admin_vip,
 190       heat_private_vip         => $heat_private_vip,
 191       heat_public_vip          => $heat_public_vip,
 192       heat_user_password       => $heat_user_password,
 193       horizon_admin_vip        => $horizon_admin_vip,
 194       horizon_private_vip      => $horizon_private_vip,
 195       horizon_public_vip       => $horizon_public_vip,
 196       include_ceilometer       => 'false',
 197       include_cinder           => 'true',
 198       include_glance           => 'true',
 199       include_heat             => 'true',
 200       include_horizon          => 'true',
 201       include_keystone         => 'true',
 202       include_neutron          => 'true',
 203       include_nosql            => 'false',
 204       include_nova             => 'true',
 205       include_swift            => 'false',
 206       keystone_admin_vip       => $keystone_admin_vip,
 207       keystone_db_password     => $keystone_db_password,
 208       keystone_private_vip     => $keystone_private_vip,
 209       keystone_public_vip      => $keystone_public_vip,
 210       keystone_user_password   => $keystone_user_password,
 211       lb_backend_server_addrs  => $lb_backend_server_addrs,
 212       lb_backend_server_names  => $lb_backend_server_names,
 213       loadbalancer_vip         => $loadbalancer_vip,
 214       neutron                  => 'true',
 215       neutron_admin_vip        => $neutron_admin_vip,
 216       neutron_db_password      => $neutron_db_password,
 217       neutron_metadata_proxy_secret  => $neutron_metadata_proxy_secret,
 218       neutron_private_vip      => $neutron_private_vip,
 219       neutron_public_vip       => $neutron_public_vip,
 220       neutron_user_password    => $neutron_user_password,
 221       nova_admin_vip           => $nova_admin_vip,
 222       nova_db_password         => $nova_db_password,
 223       nova_private_vip         => $nova_private_vip,
 224       nova_public_vip          => $nova_public_vip,
 225       nova_user_password       => $nova_user_password,
 226       pcmk_iface               => $ovs_tunnel_if,
 227       pcmk_server_addrs        => $pcmk_server_addrs,
 228       pcmk_server_names        => $pcmk_server_names,
 229       private_iface            => $ovs_tunnel_if,
 230     }
 231     ->
 232     class { "quickstack::pacemaker::common": }
 233     ->
 234     class { "quickstack::pacemaker::load_balancer": }
 235     ->
 236     class { "quickstack::pacemaker::galera":
 237       mysql_root_password     => $mysql_root_password,
 238       wsrep_cluster_members   => $controllers_ip_array,
 239     }
 240     ->
 241      class { "quickstack::pacemaker::qpid": }
 242     ->
 243     class { "quickstack::pacemaker::rabbitmq": }
 244     ->
 245     class { "quickstack::pacemaker::keystone":
 246       admin_email         =>  $admin_email,
 247       admin_password      =>  $admin_password,
 248       admin_token         =>  $keystone_admin_token,
 249       cinder              =>  'true',
 250       heat                =>  'true',
 251       heat_cfn            =>  'true',
 252       keystonerc          =>  'true',
 253       use_syslog          =>  'true',
 254       verbose             =>  'true',
 255     }
 256     ->
 257     class { "quickstack::pacemaker::swift": }
 258     ->
 259     class { "quickstack::pacemaker::glance":
 260       backend         => 'rbd',
 261       debug           => true,
 262       pcmk_fs_manage  => 'false',
 263       use_syslog      => true,
 264       verbose         => true
 265     }
 266     ->
 267     class { "quickstack::pacemaker::nova":
 268       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
 269     }
 270     ->
 271     class { "quickstack::pacemaker::cinder":
 272       backend_rbd     => true,
 273       rbd_secret_uuid => $rbd_secret_uuid,
 274       use_syslog      => true,
 275       verbose         => true,
 276       volume          => true,
 277     }
 278     ->
 279     class { "quickstack::pacemaker::heat":
 280       use_syslog      => true,
 281       verbose         => true,
 282     }
 283     ->
 284     class { "quickstack::pacemaker::constraints": }
 285
 286     class { "quickstack::pacemaker::nosql": }
 287
 288     class { "quickstack::pacemaker::memcached": }
 289
 290     class { "quickstack::pacemaker::ceilometer":
 291       ceilometer_metering_secret => $single_password,
 292     }
 293
 294     class { "quickstack::pacemaker::horizon":
 295       horizon_ca       =>  '/etc/ipa/ca.crt',
 296       horizon_cert     =>  '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
 297       horizon_key      =>  '/etc/pki/tls/private/PUB_HOST-horizon.key',
 298       secret_key       =>  $horizon_secret,
 299       verbose          =>  'true',
 300     }
 301
 302     class { "quickstack::pacemaker::neutron":
 303       agent_type               =>  $this_agent,
 304       enable_tunneling         =>  'true',
 305       external_network_bridge  =>  'br-ex',
 306       ml2_mechanism_drivers    =>  $ml2_mech_drivers,
 307       ml2_network_vlan_ranges  =>  ["physnet1:10:50"],
 308       odl_controller_ip        =>  $odl_control_ip,
 309       odl_controller_port      =>  $odl_rest_port,
 310       ovs_tunnel_iface         =>  $ovs_tunnel_if,
 311       ovs_tunnel_types         =>  ["vxlan"],
 312       verbose                  =>  'true',
 313       neutron_conf_additional_params => { default_quota => 'default',
 314                                       quota_network => '50',
 315                                       quota_subnet => '50',
 316                                       quota_port => 'default',
 317                                       quota_security_group => '50',
 318                                       quota_security_group_rule  => 'default',
 319                                       quota_vip => 'default',
 320                                       quota_pool => 'default',
 321                                       quota_router => '50',
 322                                       quota_floatingip => '100',
 323                                       network_auto_schedule => 'default',
 324                                     },
 325     }
 326
 327     if ($external_network_flag != '') and str2bool($external_network_flag) {
 328       class { "opnfv::external_net_setup": }
 329     }
 330
 331   } else {
 332     ##Mandatory Non-HA parameters
 333     if $private_network == '' { fail('private_network is empty') }
 334     if $public_network == '' { fail('public_network is empty') }
 335
 336     ##Optional Non-HA parameters
 337     if !$amqp_username { $amqp_username = $single_username }
 338     if !$amqp_password { $amqp_password = $single_password }
 339     if !$mysql_root_password { $mysql_root_password = $single_password }
 340     if !$keystone_db_password { $keystone_db_password = $single_password }
 341     if !$horizon_secret_key { $horizon_secret_key = $single_password }
 342     if !$nova_db_password { $nova_db_password = $single_password }
 343     if !$nova_user_password { $nova_user_password = $single_password }
 344     if !$cinder_db_password { $cinder_db_password = $single_password }
 345     if !$cinder_user_password { $cinder_user_password = $single_password }
 346     if !$glance_db_password { $glance_db_password = $single_password }
 347     if !$glance_user_password { $glance_user_password = $single_password }
 348     if !$neutron_db_password  { $neutron_db_password = $single_password }
 349     if !$neutron_user_password  { $neutron_user_password = $single_password }
 350     if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
 351     if !$ceilometer_user_password { $ceilometer_user_password = $single_password }
 352     if !$ceilometer_metering_secret { $ceilometer_metering_secret = $single_password }
 353     if !$heat_user_password  { $heat_user_password = $single_password }
 354     if !$heat_db_password  { $heat_db_password = $single_password }
 355     if !$heat_auth_encryption_key  { $heat_auth_encryption_key = 'octopus1octopus1' }
 356     if !$swift_user_password { $swift_user_password = $single_password }
 357     if !$swift_shared_secret { $swift_shared_secret = $single_password }
 358     if !$swift_admin_password { $swift_admin_password = $single_password }
 359
 360     ##Find private interface
 361     $ovs_tunnel_if = get_nic_from_network("$private_network")
 362     ##Find private ip
 363     $private_ip = get_ip_from_nic("$ovs_tunnel_if")
 364     #Find public NIC
 365     $public_nic = get_nic_from_network("$public_network")
 366     $public_ip = get_ip_from_nic("$public_nic")
 367
 368     if !$mysql_ip { $mysql_ip = $private_ip }
 369     if !$amqp_ip { $amqp_ip = $private_ip }
 370     if !$memcache_ip { $memcache_ip = $private_ip }
 371     if !$neutron_ip { $neutron_ip = $private_ip }
 372     if !$odl_control_ip { $odl_control_ip = $private_ip }
 373
 374     class { "quickstack::neutron::controller_networker":
 375       admin_email                   => $admin_email,
 376       admin_password                => $admin_password,
 377       agent_type                    => $this_agent,
 378       enable_tunneling              => true,
 379       ovs_tunnel_iface              => $ovs_tunnel_if,
 380       ovs_tunnel_network            => '',
 381       ovs_tunnel_types              => ['vxlan'],
 382       ovs_l2_population             => 'True',
 383       external_network_bridge       => 'br-ex',
 384       tenant_network_type           => 'vxlan',
 385       tunnel_id_ranges              => '1:1000',
 386       controller_admin_host         => $private_ip,
 387       controller_priv_host          => $private_ip,
 388       controller_pub_host           => $public_ip,
 389       ssl                           => false,
 390       #support_profile               => $quickstack::params::support_profile,
 391       #freeipa                       => $quickstack::params::freeipa,
 392
 393       mysql_host                    => $mysql_ip,
 394       mysql_root_password           => $mysql_root_password,
 395       #amqp_provider                 => $amqp_provider,
 396       amqp_host                     => $amqp_ip,
 397       amqp_username                 => $amqp_username,
 398       amqp_password                 => $amqp_password,
 399       #amqp_nssdb_password           => $quickstack::params::amqp_nssdb_password,
 400
 401       keystone_admin_token          => $keystone_admin_token,
 402       keystone_db_password          => $keystone_db_password,
 403
 404       ceilometer_metering_secret    => $ceilometer_metering_secret,
 405       ceilometer_user_password      => $ceilometer_user_password,
 406
 407       cinder_backend_gluster        => $quickstack::params::cinder_backend_gluster,
 408       cinder_backend_gluster_name   => $quickstack::params::cinder_backend_gluster_name,
 409       cinder_gluster_shares         => $quickstack::params::cinder_gluster_shares,
 410       cinder_user_password          => $cinder_user_password,
 411       cinder_db_password            => $cinder_db_password,
 412
 413       glance_db_password            => $glance_db_password,
 414       glance_user_password          => $glance_user_password,
 415
 416       heat_cfn                      => true,
 417       heat_cloudwatch               => true,
 418       heat_db_password              => $heat_db_password,
 419       heat_user_password            => $heat_user_password,
 420       heat_auth_encrypt_key         => $heat_auth_encrypt_key,
 421
 422       horizon_secret_key            => $horizon_secret_key,
 423       horizon_ca                    => $quickstack::params::horizon_ca,
 424       horizon_cert                  => $quickstack::params::horizon_cert,
 425       horizon_key                   => $quickstack::params::horizon_key,
 426
 427       keystonerc                    => true,
 428
 429       ml2_mechanism_drivers         => $ml2_mech_drivers,
 430
 431       #neutron                       => true,
 432       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
 433       neutron_db_password           => $neutron_db_password,
 434       neutron_user_password         => $neutron_user_password,
 435
 436       nova_db_password              => $nova_db_password,
 437       nova_user_password            => $nova_user_password,
 438
 439       odl_controller_ip             => $odl_control_ip,
 440       odl_controller_port           => $odl_rest_port,
 441
 442       swift_shared_secret           => $swift_shared_secret,
 443       swift_admin_password          => $swift_admin_password,
 444       swift_ringserver_ip           => '192.168.203.1',
 445       swift_storage_ips             => ["192.168.203.2","192.168.203.3","192.168.203.4"],
 446       swift_storage_device          => 'device1',
 447     }
 448
 449   }
 450 }