1 #Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
15 #Provides HA or non-HA setup for OpenStack Controller with ODL integration
16 #Mandatory common and HA variables are needed to setup each Controller
17 #ha_flag set to true will provide OpenStack HA of the following services:
18 #rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron
19 #includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc)
21 class opnfv::controller_networker {
22 if $odl_rest_port == '' { $odl_rest_port= '8081'}
23 if ($odl_flag != '') and str2bool($odl_flag) {
24 $ml2_mech_drivers = ['opendaylight']
25 $this_agent = 'opendaylight'
27 $ml2_mech_drivers = ['openvswitch','l2population']
31 ##Mandatory Common variables
32 if $admin_email == '' { fail('admin_email is empty') }
33 if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') }
35 ##Most users will only care about a single user/password for all services
36 ##so lets create one variable that can be used instead of separate usernames/passwords
37 if !$single_username { $single_username = 'octopus' }
38 if !$single_password { $single_password = 'octopus' }
40 if !$keystone_admin_token { $keystone_admin_token = $single_password }
41 if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
42 if !$mysql_root_password { $mysql_root_password = $single_password }
43 if !$admin_password { $admin_password = $single_password }
45 ##Check for HA, if not leave old functionality alone
46 if $ha_flag and str2bool($ha_flag) {
47 ##Mandatory HA variables
48 if !$controllers_ip_array { fail('controllers_ip_array is empty') }
49 $controllers_ip_array_str = $controllers_ip_array
50 $controllers_ip_array = split($controllers_ip_array, ',')
51 if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
52 $controllers_hostnames_array_str = $controllers_hostnames_array
53 $controllers_hostnames_array = split($controllers_hostnames_array, ',')
54 if !$amqp_vip { fail('amqp_vip is empty') }
55 if !$private_subnet { fail('private_subnet is empty')}
56 if !$cinder_admin_vip { fail('cinder_admin_vip is empty') }
57 if !$cinder_private_vip { fail('cinder_private_vip is empty') }
58 if !$cinder_public_vip { fail('cinder_public_vip is empty') }
59 if !$db_vip { fail('db_vip is empty') }
60 if !$glance_admin_vip { fail('glance_admin_vip is empty') }
61 if !$glance_private_vip { fail('glance_private_vip is empty') }
62 if !$glance_public_vip { fail('glance_public_vip is empty') }
63 if !$horizon_admin_vip { fail('horizon_admin_vip is empty') }
64 if !$horizon_private_vip { fail('horizon_private_vip is empty') }
65 if !$horizon_public_vip { fail('horizon_public_vip is empty') }
66 if !$keystone_admin_vip { fail('keystone_admin_vip is empty') }
67 if !$keystone_private_vip { fail('keystone_private_vip is empty') }
68 if !$keystone_public_vip { fail('keystone_public_vip is empty') }
69 if !$loadbalancer_vip { fail('loadbalancer_vip is empty') }
70 if !$neutron_admin_vip { fail('neutron_admin_vip is empty') }
71 if !$neutron_private_vip { fail('neutron_private_vip is empty') }
72 if !$neutron_public_vip { fail('neutron_public_vip is empty') }
73 if !$nova_admin_vip { fail('nova_admin_vip is empty') }
74 if !$nova_private_vip { fail('nova_private_vip is empty') }
75 if !$nova_public_vip { fail('nova_public_vip is empty') }
78 ##Optional HA variables
79 if !$amqp_username { $amqp_username = $single_username }
80 if !$amqp_password { $amqp_password = $single_password }
81 if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' }
82 if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' }
83 if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array }
84 if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array}
85 if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' }
86 if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' }
87 if !$ceph_public_network { $ceph_public_network = $private_subnet }
88 if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' }
89 if !$cinder_db_password { $cinder_db_password = $single_password }
90 if !$cinder_user_password { $cinder_user_password = $single_password }
91 if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
92 if !$horizon_secret { $horizon_secret = $single_password }
93 if !$glance_db_password { $glance_db_password = $single_password }
94 if !$keystone_db_password { $keystone_db_password = $single_password }
95 if !$keystone_user_password { $keystone_user_password = $single_password }
96 if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
97 if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array }
98 if !$neutron_db_password { $neutron_db_password = $single_password }
99 if !$neutron_user_password { $neutron_user_password = $single_password }
100 if !$nova_db_password { $nova_db_password = $single_password }
101 if !$nova_user_password { $nova_user_password = $single_password }
102 if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
103 if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
104 if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
105 if !$storage_iface { $storage_iface = $ovs_tunnel_if }
107 ##we assume here that if not provided, the first controller is where ODL will reside
108 ##this is fine for now as we will replace ODL with ODL HA when it is ready
109 if $odl_control_ip == '' { $odl_control_ip = $controllers_ip_array[0] }
111 ###find interface ip of storage network
112 $osd_ip = find_ip("",
116 class { "opnfv::ceph_deploy":
118 osd_pool_default_size => $ceph_osd_pool_size,
119 osd_journal_size => $ceph_osd_journal_size,
120 mon_initial_members => $controllers_hostnames_array_str,
121 mon_host => $controllers_ip_array_str,
123 public_network => $ceph_public_network,
124 cluster_network => $ceph_public_network,
125 images_key => $ceph_images_key,
126 volumes_key => $ceph_volumes_key,
129 class { "quickstack::openstack_common": }
131 class { "quickstack::pacemaker::params":
132 amqp_password => $amqp_password,
133 amqp_username => $amqp_username,
134 amqp_vip => $amqp_vip,
135 ceph_cluster_network => $private_subnet,
136 ceph_fsid => $ceph_fsid,
137 ceph_images_key => $ceph_images_key,
138 ceph_mon_host => $ceph_mon_host,
139 ceph_mon_initial_members => $ceph_mon_initial_members,
140 ceph_osd_journal_size => $ceph_osd_journal_size,
141 ceph_osd_pool_size => $ceph_osd_pool_size,
142 ceph_public_network => $ceph_public_network,
143 ceph_volumes_key => $ceph_volumes_key,
144 cinder_admin_vip => $cinder_admin_vip,
145 cinder_db_password => $cinder_db_password,
146 cinder_private_vip => $cinder_private_vip,
147 cinder_public_vip => $cinder_public_vip,
148 cinder_user_password => $cinder_user_password,
149 cluster_control_ip => $cluster_control_ip,
151 glance_admin_vip => $glance_admin_vip,
152 glance_db_password => $glance_db_password,
153 glance_private_vip => $glance_private_vip,
154 glance_public_vip => $glance_public_vip,
155 glance_user_password => $glance_user_password,
156 heat_cfn_enabled => 'false',
157 horizon_admin_vip => $horizon_admin_vip,
158 horizon_private_vip => $horizon_private_vip,
159 horizon_public_vip => $horizon_public_vip,
160 include_ceilometer => 'false',
161 include_cinder => 'true',
162 include_glance => 'true',
163 include_heat => 'false',
164 include_horizon => 'true',
165 include_keystone => 'true',
166 include_neutron => 'true',
167 include_nosql => 'false',
168 include_nova => 'true',
169 include_swift => 'false',
170 keystone_admin_vip => $keystone_admin_vip,
171 keystone_db_password => $keystone_db_password,
172 keystone_private_vip => $keystone_private_vip,
173 keystone_public_vip => $keystone_public_vip,
174 keystone_user_password => $keystone_user_password,
175 lb_backend_server_addrs => $lb_backend_server_addrs,
176 lb_backend_server_names => $lb_backend_server_names,
177 loadbalancer_vip => $loadbalancer_vip,
179 neutron_admin_vip => $neutron_admin_vip,
180 neutron_db_password => $neutron_db_password,
181 neutron_metadata_proxy_secret => $neutron_metadata_proxy_secret,
182 neutron_private_vip => $neutron_private_vip,
183 neutron_public_vip => $neutron_public_vip,
184 neutron_user_password => $neutron_user_password,
185 nova_admin_vip => $nova_admin_vip,
186 nova_db_password => $nova_db_password,
187 nova_private_vip => $nova_private_vip,
188 nova_public_vip => $nova_public_vip,
189 nova_user_password => $nova_user_password,
190 pcmk_iface => $ovs_tunnel_if,
191 pcmk_server_addrs => $pcmk_server_addrs,
192 pcmk_server_names => $pcmk_server_names,
193 private_iface => $ovs_tunnel_if,
196 class { "quickstack::pacemaker::common": }
198 class { "quickstack::pacemaker::load_balancer": }
200 class { "quickstack::pacemaker::galera":
201 mysql_root_password => $mysql_root_password,
202 wsrep_cluster_members => $controllers_ip_array,
205 class { "quickstack::pacemaker::qpid": }
207 class { "quickstack::pacemaker::rabbitmq": }
209 class { "quickstack::pacemaker::keystone":
210 admin_email => $admin_email,
211 admin_password => $admin_password,
212 admin_token => $keystone_admin_token,
216 keystonerc => 'true',
217 use_syslog => 'true',
221 class { "quickstack::pacemaker::swift": }
223 class { "quickstack::pacemaker::glance":
226 pcmk_fs_manage => 'false',
231 class { "quickstack::pacemaker::nova":
232 neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
235 class { "quickstack::pacemaker::cinder":
237 rbd_secret_uuid => $rbd_secret_uuid,
243 class { "quickstack::pacemaker::heat": }
245 class { "quickstack::pacemaker::constraints": }
247 class { "quickstack::pacemaker::nosql": }
249 class { "quickstack::pacemaker::memcached": }
251 class { "quickstack::pacemaker::ceilometer":
252 ceilometer_metering_secret => $single_password,
255 class { "quickstack::pacemaker::horizon":
256 horizon_ca => '/etc/ipa/ca.crt',
257 horizon_cert => '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
258 horizon_key => '/etc/pki/tls/private/PUB_HOST-horizon.key',
259 secret_key => $horizon_secret,
263 class { "quickstack::pacemaker::neutron":
264 agent_type => $this_agent,
265 enable_tunneling => 'true',
266 ml2_mechanism_drivers => $ml2_mech_drivers,
267 ml2_network_vlan_ranges => ["physnet1:10:50"],
268 odl_controller_ip => $odl_control_ip,
269 odl_controller_port => $odl_rest_port,
270 ovs_tunnel_iface => $ovs_tunnel_if,
271 ovs_tunnel_types => ["vxlan"],
277 if $public_ip == '' { fail('public_ip is empty') }
278 if $private_ip == '' { fail('private_ip is empty') }
280 if $odl_control_ip == '' { $odl_control_ip = $private_ip }
282 if $mysql_ip == '' { fail('mysql_ip is empty') }
283 if $mysql_root_password == '' { fail('mysql_root_password is empty') }
284 if $amqp_ip == '' { fail('amqp_ip is empty') }
286 if $memcache_ip == '' { fail('memcache_ip is empty') }
287 if $neutron_ip == '' { fail('neutron_ip is empty') }
289 if $keystone_db_password == '' { fail('keystone_db_password is empty') }
291 if $horizon_secret_key == '' { fail('horizon_secret_key is empty') }
293 if $nova_user_password == '' { fail('nova_user_password is empty') }
294 if $nova_db_password == '' { fail('nova_db_password is empty') }
296 if $cinder_user_password == '' { fail('cinder_user_password is empty') }
297 if $cinder_db_password == '' { fail('cinder_db_password is empty') }
299 if $glance_user_password == '' { fail('glance_user_password is empty') }
300 if $glance_db_password == '' { fail('glance_db_password is empty') }
302 if $neutron_user_password == '' { fail('neutron_user_password is empty') }
303 if $neutron_db_password == '' { fail('neutron_db_password is empty') }
304 if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') }
306 if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') }
307 if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') }
309 if $heat_user_password == '' { fail('heat_user_password is empty') }
310 if $heat_db_password == '' { fail('heat_db_password is empty') }
311 if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') }
313 if $swift_user_password == '' { fail('swift_user_password is empty') }
314 if $swift_shared_secret == '' { fail('swift_shared_secret is empty') }
315 if $swift_admin_password == '' { fail('swift_admin_password is empty') }
317 class { "quickstack::neutron::controller_networker":
318 admin_email => $admin_email,
319 admin_password => $admin_password,
320 agent_type => $this_agent,
321 enable_tunneling => true,
322 ovs_tunnel_iface => $ovs_tunnel_if,
323 ovs_tunnel_network => '',
324 ovs_tunnel_types => ['vxlan'],
325 ovs_l2_population => 'True',
326 external_network_bridge => 'br-ex',
327 tenant_network_type => 'vxlan',
328 tunnel_id_ranges => '1:1000',
329 controller_admin_host => $private_ip,
330 controller_priv_host => $private_ip,
331 controller_pub_host => $public_ip,
333 #support_profile => $quickstack::params::support_profile,
334 #freeipa => $quickstack::params::freeipa,
336 mysql_host => $mysql_ip,
337 mysql_root_password => $mysql_root_password,
338 #amqp_provider => $amqp_provider,
339 amqp_host => $amqp_ip,
340 amqp_username => 'guest',
341 amqp_password => 'guest',
342 #amqp_nssdb_password => $quickstack::params::amqp_nssdb_password,
344 keystone_admin_token => $keystone_admin_token,
345 keystone_db_password => $keystone_db_password,
347 ceilometer_metering_secret => $ceilometer_metering_secret,
348 ceilometer_user_password => $ceilometer_user_password,
350 cinder_backend_gluster => $quickstack::params::cinder_backend_gluster,
351 cinder_backend_gluster_name => $quickstack::params::cinder_backend_gluster_name,
352 cinder_gluster_shares => $quickstack::params::cinder_gluster_shares,
353 cinder_user_password => $cinder_user_password,
354 cinder_db_password => $cinder_db_password,
356 glance_db_password => $glance_db_password,
357 glance_user_password => $glance_user_password,
360 heat_cloudwatch => true,
361 heat_db_password => $heat_db_password,
362 heat_user_password => $heat_user_password,
363 heat_auth_encrypt_key => $heat_auth_encrypt_key,
365 horizon_secret_key => $horizon_secret_key,
366 horizon_ca => $quickstack::params::horizon_ca,
367 horizon_cert => $quickstack::params::horizon_cert,
368 horizon_key => $quickstack::params::horizon_key,
370 ml2_mechanism_drivers => $ml2_mech_drivers,
373 neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
374 neutron_db_password => $neutron_db_password,
375 neutron_user_password => $neutron_user_password,
377 nova_db_password => $nova_db_password,
378 nova_user_password => $nova_user_password,
380 odl_controller_ip => $odl_control_ip,
381 odl_controller_port => $odl_rest_port,
383 swift_shared_secret => $swift_shared_secret,
384 swift_admin_password => $swift_admin_password,
385 swift_ringserver_ip => '192.168.203.1',
386 swift_storage_ips => ["192.168.203.2","192.168.203.3","192.168.203.4"],
387 swift_storage_device => 'device1',