Code Review / genesis.git / blob
? search:


6888850717d9ca9fa2d1dde6a5411568c3c8173d
[genesis.git] / common / puppet-opnfv / manifests / controller_networker.pp
1 #Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
2 #
3 #   Licensed under the Apache License, Version 2.0 (the "License");
4 #   you may not use this file except in compliance with the License.
5 #   You may obtain a copy of the License at
6 #
7 #       http://www.apache.org/licenses/LICENSE-2.0
8 #
9 #   Unless required by applicable law or agreed to in writing, software
10 #   distributed under the License is distributed on an "AS IS" BASIS,
11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 #   See the License for the specific language governing permissions and
13 #   limitations under the License.
14 #
15 #Provides HA or non-HA setup for OpenStack Controller with ODL integration
16 #Mandatory common and HA variables are needed to setup each Controller
17 #ha_flag set to true will provide OpenStack HA of the following services:
18 #rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron
19 #includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc)
20
21 class opnfv::controller_networker {
22   if $odl_rest_port == '' { $odl_rest_port= '8081'}
23   if ($odl_flag != '') and str2bool($odl_flag) {
24      $ml2_mech_drivers = ['opendaylight']
25      $this_agent = 'opendaylight'
26   } else {
27     $ml2_mech_drivers = ['openvswitch','l2population']
28     $this_agent = 'ovs'
29   }
30
31   ##Mandatory Common variables
32   if $admin_email == '' { fail('admin_email is empty') }
33   if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') }
34
35   ##Most users will only care about a single user/password for all services
36   ##so lets create one variable that can be used instead of separate usernames/passwords
37   if !$single_username { $single_username = 'octopus' }
38   if !$single_password { $single_password = 'octopus' }
39
40   if !$keystone_admin_token { $keystone_admin_token = $single_password }
41   if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
42   if !$mysql_root_password { $mysql_root_password = $single_password }
43   if !$admin_password { $admin_password = $single_password }
44
45   ##Check for HA, if not leave old functionality alone
46   if $ha_flag and str2bool($ha_flag) {
47     ##Mandatory HA variables
48     if !$controllers_ip_array { fail('controllers_ip_array is empty') }
49     $controllers_ip_array_str = $controllers_ip_array
50     $controllers_ip_array = split($controllers_ip_array, ',')
51     if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
52     $controllers_hostnames_array_str = $controllers_hostnames_array
53     $controllers_hostnames_array = split($controllers_hostnames_array, ',')
54     if !$amqp_vip { fail('amqp_vip is empty') }
55     if !$private_subnet { fail('private_subnet is empty')}
56     if !$cinder_admin_vip { fail('cinder_admin_vip is empty') }
57     if !$cinder_private_vip { fail('cinder_private_vip is empty') }
58     if !$cinder_public_vip { fail('cinder_public_vip is empty') }
59     if !$db_vip { fail('db_vip is empty') }
60     if !$glance_admin_vip { fail('glance_admin_vip is empty') }
61     if !$glance_private_vip { fail('glance_private_vip is empty') }
62     if !$glance_public_vip { fail('glance_public_vip is empty') }
63     if !$horizon_admin_vip { fail('horizon_admin_vip is empty') }
64     if !$horizon_private_vip { fail('horizon_private_vip is empty') }
65     if !$horizon_public_vip { fail('horizon_public_vip is empty') }
66     if !$keystone_admin_vip { fail('keystone_admin_vip is empty') }
67     if !$keystone_private_vip { fail('keystone_private_vip is empty') }
68     if !$keystone_public_vip { fail('keystone_public_vip is empty') }
69     if !$loadbalancer_vip { fail('loadbalancer_vip is empty') }
70     if !$neutron_admin_vip { fail('neutron_admin_vip is empty') }
71     if !$neutron_private_vip { fail('neutron_private_vip is empty') }
72     if !$neutron_public_vip { fail('neutron_public_vip is empty') }
73     if !$nova_admin_vip { fail('nova_admin_vip is empty') }
74     if !$nova_private_vip { fail('nova_private_vip is empty') }
75     if !$nova_public_vip { fail('nova_public_vip is empty') }
76
77
78     ##Optional HA variables
79     if !$amqp_username  { $amqp_username = $single_username }
80     if !$amqp_password  { $amqp_password = $single_password }
81     if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' }
82     if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' }
83     if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array }
84     if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array}
85     if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' }
86     if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' }
87     if !$ceph_public_network { $ceph_public_network = $private_subnet }
88     if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' }
89     if !$cinder_db_password { $cinder_db_password = $single_password }
90     if !$cinder_user_password { $cinder_user_password = $single_password }
91     if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
92     if !$horizon_secret { $horizon_secret = $single_password }
93     if !$glance_db_password { $glance_db_password = $single_password }
94     if !$keystone_db_password { $keystone_db_password = $single_password }
95     if !$keystone_user_password { $keystone_user_password = $single_password }
96     if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
97     if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array }
98     if !$neutron_db_password  { $neutron_db_password = $single_password }
99     if !$neutron_user_password  { $neutron_user_password = $single_password }
100     if !$nova_db_password { $nova_db_password = $single_password }
101     if !$nova_user_password { $nova_user_password = $single_password }
102     if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
103     if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
104     if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
105     if !$storage_iface { $storage_iface = $ovs_tunnel_if }
106
107     ##we assume here that if not provided, the first controller is where ODL will reside
108     ##this is fine for now as we will replace ODL with ODL HA when it is ready
109     if $odl_control_ip == '' { $odl_control_ip =  $controllers_ip_array[0] }
110
111     ###find interface ip of storage network
112     $osd_ip = find_ip("",
113                       "$storage_iface",
114                       "")
115
116     class { "opnfv::ceph_deploy":
117       fsid                     => $ceph_fsid,
118       osd_pool_default_size    => $ceph_osd_pool_size,
119       osd_journal_size         => $ceph_osd_journal_size,
120       mon_initial_members      => $controllers_hostnames_array_str,
121       mon_host                 => $controllers_ip_array_str,
122       osd_ip                   => $osd_ip,
123       public_network           => $ceph_public_network,
124       cluster_network          => $ceph_public_network,
125       images_key               => $ceph_images_key,
126       volumes_key              => $ceph_volumes_key,
127     }
128     ->
129     class { "quickstack::openstack_common": }
130     ->
131     class { "quickstack::pacemaker::params":
132       amqp_password            => $amqp_password,
133       amqp_username            => $amqp_username,
134       amqp_vip                 => $amqp_vip,
135       ceph_cluster_network     => $private_subnet,
136       ceph_fsid                => $ceph_fsid,
137       ceph_images_key          => $ceph_images_key,
138       ceph_mon_host            => $ceph_mon_host,
139       ceph_mon_initial_members => $ceph_mon_initial_members,
140       ceph_osd_journal_size    => $ceph_osd_journal_size,
141       ceph_osd_pool_size       => $ceph_osd_pool_size,
142       ceph_public_network      => $ceph_public_network,
143       ceph_volumes_key         => $ceph_volumes_key,
144       cinder_admin_vip         => $cinder_admin_vip,
145       cinder_db_password       => $cinder_db_password,
146       cinder_private_vip       => $cinder_private_vip,
147       cinder_public_vip        => $cinder_public_vip,
148       cinder_user_password     => $cinder_user_password,
149       cluster_control_ip       => $cluster_control_ip,
150       db_vip                   => $db_vip,
151       glance_admin_vip         => $glance_admin_vip,
152       glance_db_password       => $glance_db_password,
153       glance_private_vip       => $glance_private_vip,
154       glance_public_vip        => $glance_public_vip,
155       glance_user_password     => $glance_user_password,
156       heat_cfn_enabled         => 'false',
157       horizon_admin_vip        => $horizon_admin_vip,
158       horizon_private_vip      => $horizon_private_vip,
159       horizon_public_vip       => $horizon_public_vip,
160       include_ceilometer       => 'false',
161       include_cinder           => 'true',
162       include_glance           => 'true',
163       include_heat             => 'false',
164       include_horizon          => 'true',
165       include_keystone         => 'true',
166       include_neutron          => 'true',
167       include_nosql            => 'false',
168       include_nova             => 'true',
169       include_swift            => 'false',
170       keystone_admin_vip       => $keystone_admin_vip,
171       keystone_db_password     => $keystone_db_password,
172       keystone_private_vip     => $keystone_private_vip,
173       keystone_public_vip      => $keystone_public_vip,
174       keystone_user_password   => $keystone_user_password,
175       lb_backend_server_addrs  => $lb_backend_server_addrs,
176       lb_backend_server_names  => $lb_backend_server_names,
177       loadbalancer_vip         => $loadbalancer_vip,
178       neutron                  => 'true',
179       neutron_admin_vip        => $neutron_admin_vip,
180       neutron_db_password      => $neutron_db_password,
181       neutron_metadata_proxy_secret  => $neutron_metadata_proxy_secret,
182       neutron_private_vip      => $neutron_private_vip,
183       neutron_public_vip       => $neutron_public_vip,
184       neutron_user_password    => $neutron_user_password,
185       nova_admin_vip           => $nova_admin_vip,
186       nova_db_password         => $nova_db_password,
187       nova_private_vip         => $nova_private_vip,
188       nova_public_vip          => $nova_public_vip,
189       nova_user_password       => $nova_user_password,
190       pcmk_iface               => $ovs_tunnel_if,
191       pcmk_server_addrs        => $pcmk_server_addrs,
192       pcmk_server_names        => $pcmk_server_names,
193       private_iface            => $ovs_tunnel_if,
194     }
195     ->
196     class { "quickstack::pacemaker::common": }
197     ->
198     class { "quickstack::pacemaker::load_balancer": }
199     ->
200     class { "quickstack::pacemaker::galera":
201       mysql_root_password     => $mysql_root_password,
202       wsrep_cluster_members   => $controllers_ip_array,
203     }
204     ->
205      class { "quickstack::pacemaker::qpid": }
206     ->
207     class { "quickstack::pacemaker::rabbitmq": }
208     ->
209     class { "quickstack::pacemaker::keystone":
210       admin_email         =>  $admin_email,
211       admin_password      =>  $admin_password,
212       admin_token         =>  $keystone_admin_token,
213       cinder              =>  'true',
214       heat                =>  'false',
215       heat_cfn            =>  'false',
216       keystonerc          =>  'true',
217       use_syslog          =>  'true',
218       verbose             =>  'true',
219     }
220     ->
221     class { "quickstack::pacemaker::swift": }
222     ->
223     class { "quickstack::pacemaker::glance":
224       backend         => 'rbd',
225       debug           => true,
226       pcmk_fs_manage  => 'false',
227       use_syslog      => true,
228       verbose         => true
229     }
230     ->
231     class { "quickstack::pacemaker::nova":
232       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
233     }
234     ->
235     class { "quickstack::pacemaker::cinder":
236       backend_rbd     => true,
237       rbd_secret_uuid => $rbd_secret_uuid,
238       use_syslog      => true,
239       verbose         => true,
240       volume          => true,
241     }
242     ->
243     class { "quickstack::pacemaker::heat": }
244     ->
245     class { "quickstack::pacemaker::constraints": }
246
247     class { "quickstack::pacemaker::nosql": }
248
249     class { "quickstack::pacemaker::memcached": }
250
251     class { "quickstack::pacemaker::ceilometer":
252       ceilometer_metering_secret => $single_password,
253     }
254
255     class { "quickstack::pacemaker::horizon":
256       horizon_ca       =>  '/etc/ipa/ca.crt',
257       horizon_cert     =>  '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
258       horizon_key      =>  '/etc/pki/tls/private/PUB_HOST-horizon.key',
259       secret_key       =>  $horizon_secret,
260       verbose          =>  'true',
261     }
262
263     class { "quickstack::pacemaker::neutron":
264       agent_type               =>  $this_agent,
265       enable_tunneling         =>  'true',
266       ml2_mechanism_drivers    =>  $ml2_mech_drivers,
267       ml2_network_vlan_ranges  =>  ["physnet1:10:50"],
268       odl_controller_ip        =>  $odl_control_ip,
269       odl_controller_port      =>  $odl_rest_port,
270       ovs_tunnel_iface         =>  $ovs_tunnel_if,
271       ovs_tunnel_types         =>  ["vxlan"],
272       verbose                  =>  'true',
273     }
274
275   } else {
276
277     if $public_ip == '' { fail('public_ip is empty') }
278     if $private_ip == '' { fail('private_ip is empty') }
279
280     if $odl_control_ip == '' { $odl_control_ip = $private_ip }
281
282     if $mysql_ip == '' { fail('mysql_ip is empty') }
283     if $mysql_root_password == '' { fail('mysql_root_password is empty') }
284     if $amqp_ip == '' { fail('amqp_ip is empty') }
285
286     if $memcache_ip == '' { fail('memcache_ip is empty') }
287     if $neutron_ip == '' { fail('neutron_ip is empty') }
288
289     if $keystone_db_password == '' { fail('keystone_db_password is empty') }
290
291     if $horizon_secret_key == '' { fail('horizon_secret_key is empty') }
292
293     if $nova_user_password == '' { fail('nova_user_password is empty') }
294     if $nova_db_password == '' { fail('nova_db_password is empty') }
295
296     if $cinder_user_password == '' { fail('cinder_user_password is empty') }
297     if $cinder_db_password == '' { fail('cinder_db_password is empty') }
298
299     if $glance_user_password == '' { fail('glance_user_password is empty') }
300     if $glance_db_password == '' { fail('glance_db_password is empty') }
301
302     if $neutron_user_password == '' { fail('neutron_user_password is empty') }
303     if $neutron_db_password == '' { fail('neutron_db_password is empty') }
304     if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') }
305
306     if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') }
307     if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') }
308
309     if $heat_user_password == '' { fail('heat_user_password is empty') }
310     if $heat_db_password == '' { fail('heat_db_password is empty') }
311     if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') }
312
313     if $swift_user_password == '' { fail('swift_user_password is empty') }
314     if $swift_shared_secret == '' { fail('swift_shared_secret is empty') }
315     if $swift_admin_password == '' { fail('swift_admin_password is empty') }
316
317     class { "quickstack::neutron::controller_networker":
318       admin_email                   => $admin_email,
319       admin_password                => $admin_password,
320       agent_type                    => $this_agent,
321       enable_tunneling              => true,
322       ovs_tunnel_iface              => $ovs_tunnel_if,
323       ovs_tunnel_network            => '',
324       ovs_tunnel_types              => ['vxlan'],
325       ovs_l2_population             => 'True',
326       external_network_bridge       => 'br-ex',
327       tenant_network_type           => 'vxlan',
328       tunnel_id_ranges              => '1:1000',
329       controller_admin_host         => $private_ip,
330       controller_priv_host          => $private_ip,
331       controller_pub_host           => $public_ip,
332       ssl                           => false,
333       #support_profile               => $quickstack::params::support_profile,
334       #freeipa                       => $quickstack::params::freeipa,
335
336       mysql_host                    => $mysql_ip,
337       mysql_root_password           => $mysql_root_password,
338       #amqp_provider                 => $amqp_provider,
339       amqp_host                     => $amqp_ip,
340       amqp_username                 => 'guest',
341       amqp_password                 => 'guest',
342       #amqp_nssdb_password           => $quickstack::params::amqp_nssdb_password,
343
344       keystone_admin_token          => $keystone_admin_token,
345       keystone_db_password          => $keystone_db_password,
346
347       ceilometer_metering_secret    => $ceilometer_metering_secret,
348       ceilometer_user_password      => $ceilometer_user_password,
349
350       cinder_backend_gluster        => $quickstack::params::cinder_backend_gluster,
351       cinder_backend_gluster_name   => $quickstack::params::cinder_backend_gluster_name,
352       cinder_gluster_shares         => $quickstack::params::cinder_gluster_shares,
353       cinder_user_password          => $cinder_user_password,
354       cinder_db_password            => $cinder_db_password,
355
356       glance_db_password            => $glance_db_password,
357       glance_user_password          => $glance_user_password,
358
359       heat_cfn                      => true,
360       heat_cloudwatch               => true,
361       heat_db_password              => $heat_db_password,
362       heat_user_password            => $heat_user_password,
363       heat_auth_encrypt_key         => $heat_auth_encrypt_key,
364
365       horizon_secret_key            => $horizon_secret_key,
366       horizon_ca                    => $quickstack::params::horizon_ca,
367       horizon_cert                  => $quickstack::params::horizon_cert,
368       horizon_key                   => $quickstack::params::horizon_key,
369
370       ml2_mechanism_drivers         => $ml2_mech_drivers,
371
372       #neutron                       => true,
373       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
374       neutron_db_password           => $neutron_db_password,
375       neutron_user_password         => $neutron_user_password,
376
377       nova_db_password              => $nova_db_password,
378       nova_user_password            => $nova_user_password,
379
380       odl_controller_ip             => $odl_control_ip,
381       odl_controller_port           => $odl_rest_port,
382
383       swift_shared_secret           => $swift_shared_secret,
384       swift_admin_password          => $swift_admin_password,
385       swift_ringserver_ip           => '192.168.203.1',
386       swift_storage_ips             => ["192.168.203.2","192.168.203.3","192.168.203.4"],
387       swift_storage_device          => 'device1',
388     }
389
390   }
391 }
Base set of infrastructure components for OPNFV to run example VNFs