Code Review / genesis.git / blob
? search:


c4e74235f13c97841baad1e8d59013e0264cc20d
[genesis.git] / common / puppet-opnfv / manifests / controller_networker.pp
1 #Copyright 2015 Open Platform for NFV Project, Inc. and its contributors
2 #
3 #   Licensed under the Apache License, Version 2.0 (the "License");
4 #   you may not use this file except in compliance with the License.
5 #   You may obtain a copy of the License at
6 #
7 #       http://www.apache.org/licenses/LICENSE-2.0
8 #
9 #   Unless required by applicable law or agreed to in writing, software
10 #   distributed under the License is distributed on an "AS IS" BASIS,
11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 #   See the License for the specific language governing permissions and
13 #   limitations under the License.
14 #
15 #Provides HA or non-HA setup for OpenStack Controller with ODL integration
16 #Mandatory common and HA variables are needed to setup each Controller
17 #ha_flag set to true will provide OpenStack HA of the following services:
18 #rabbitmq, galera mariadb, keystone, glance, nova, cinder, horizon, neutron
19 #includes all sub-services of those features (i.e. neutron-server, neutron-lg-agent, etc)
20
21 class opnfv::controller_networker {
22   if $odl_rest_port == '' { $odl_rest_port= '8081'}
23   if ($odl_flag != '') and str2bool($odl_flag) { 
24      $ml2_mech_drivers = ['opendaylight']
25      $this_agent = 'opendaylight'
26   } else {
27     $ml2_mech_drivers = ['openvswitch','l2population'] 
28     $this_agent = 'ovs'
29   }
30
31   ##Mandatory Common variables
32   if $admin_email == '' { fail('admin_email is empty') }
33   if $ovs_tunnel_if == '' { fail('ovs_tunnel_if is empty') }
34
35   ##Most users will only care about a single user/password for all services
36   ##so lets create one variable that can be used instead of separate usernames/passwords
37   if !$single_username { $single_username = 'octopus' }
38   if !$single_password { $single_password = 'octopus' }
39
40   if !$keystone_admin_token { $keystone_admin_token = $single_password }
41   if !$neutron_metadata_shared_secret { $neutron_metadata_shared_secret = $single_password }
42   if !$mysql_root_password { $mysql_root_password = $single_password }
43   if !$admin_password { $admin_password = $single_password }
44
45   ##Check for HA, if not leave old functionality alone
46   if $ha_flag and str2bool($ha_flag) {
47     ##Mandatory HA variables
48     if !$controllers_ip_array { fail('controllers_ip_array is empty') }
49     $controllers_ip_array = split($controllers_ip_array, ',')
50     if !$controllers_hostnames_array { fail('controllers_hostnames_array is empty') }
51     $controllers_hostnames_array = split($controllers_hostnames_array, ',')
52     if !$amqp_vip { fail('amqp_vip is empty') }
53     if !$private_subnet { fail('private_subnet is empty')}
54     if !$cinder_admin_vip { fail('cinder_admin_vip is empty') }
55     if !$cinder_private_vip { fail('cinder_private_vip is empty') }
56     if !$cinder_public_vip { fail('cinder_public_vip is empty') }
57     if !$db_vip { fail('db_vip is empty') }
58     if !$glance_admin_vip { fail('glance_admin_vip is empty') }
59     if !$glance_private_vip { fail('glance_private_vip is empty') }
60     if !$glance_public_vip { fail('glance_public_vip is empty') }
61     if !$horizon_admin_vip { fail('horizon_admin_vip is empty') }
62     if !$horizon_private_vip { fail('horizon_private_vip is empty') }
63     if !$horizon_public_vip { fail('horizon_public_vip is empty') }
64     if !$keystone_admin_vip { fail('keystone_admin_vip is empty') }
65     if !$keystone_private_vip { fail('keystone_private_vip is empty') }
66     if !$keystone_public_vip { fail('keystone_public_vip is empty') }
67     if !$loadbalancer_vip { fail('loadbalancer_vip is empty') }
68     if !$neutron_admin_vip { fail('neutron_admin_vip is empty') }
69     if !$neutron_private_vip { fail('neutron_private_vip is empty') }
70     if !$neutron_public_vip { fail('neutron_public_vip is empty') }
71     if !$nova_admin_vip { fail('nova_admin_vip is empty') }
72     if !$nova_private_vip { fail('nova_private_vip is empty') }
73     if !$nova_public_vip { fail('nova_public_vip is empty') }
74
75
76     ##Optional HA variables
77     if !$amqp_username  { $amqp_username = $single_username }
78     if !$amqp_password  { $amqp_password = $single_password }
79     if !$ceph_fsid { $ceph_fsid = '904c8491-5c16-4dae-9cc3-6ce633a7f4cc' }
80     if !$ceph_images_key { $ceph_images_key = 'AQAfHBdUKLnUFxAAtO7WPKQZ8QfEoGqH0CLd7A==' }
81     if !$ceph_mon_host { $ceph_mon_host= $controllers_ip_array }
82     if !$ceph_mon_initial_members { $ceph_mon_initial_members = $controllers_hostnames_array}
83     if !$ceph_osd_journal_size { $ceph_osd_journal_size = '1000' }
84     if !$ceph_osd_pool_size { $ceph_osd_pool_size = '1' }
85     if !$ceph_public_network { $ceph_public_network = $private_subnet }
86     if !$ceph_volumes_key { $ceph_volumes_key = 'AQAfHBdUsFPTHhAAfqVqPq31FFCvyyO7oaOQXw==' }
87     if !$cinder_db_password { $cinder_db_password = $single_password }
88     if !$cinder_user_password { $cinder_user_password = $single_password }
89     if !$cluster_control_ip { $cluster_control_ip = $controllers_ip_array[0] }
90     if !$horizon_secret { $horizon_secret = $single_password }
91     if !$glance_db_password { $glance_db_password = $single_password }
92     if !$keystone_db_password { $keystone_db_password = $single_password }
93     if !$keystone_user_password { $keystone_user_password = $single_password }
94     if !$lb_backend_server_addrs { $lb_backend_server_addrs = $controllers_ip_array }
95     if !$lb_backend_server_names { $lb_backend_server_names = $controllers_hostnames_array }
96     if !$neutron_db_password  { $neutron_db_password = $single_password }
97     if !$neutron_user_password  { $neutron_user_password = $single_password }
98     if !$nova_db_password { $nova_db_password = $single_password }
99     if !$nova_user_password { $nova_user_password = $single_password }
100     if !$pcmk_server_addrs {$pcmk_server_addrs = $controllers_ip_array}
101     if !$pcmk_server_names {$pcmk_server_names = ["pcmk-${controllers_hostnames_array[0]}", "pcmk-${controllers_hostnames_array[1]}", "pcmk-${controllers_hostnames_array[2]}"] }
102     if !$rbd_secret_uuid { $rbd_secret_uuid = '3b519746-4021-4f72-957e-5b9d991723be' }
103
104     ##we assume here that if not provided, the first controller is where ODL will reside
105     ##this is fine for now as we will replace ODL with ODL HA when it is ready
106     if $odl_control_ip == '' { $odl_control_ip =  $controllers_ip_array[0] }
107
108
109     class { "quickstack::openstack_common": }
110     ->
111     class { "quickstack::pacemaker::params":
112       amqp_password            => $amqp_password,
113       amqp_username            => $amqp_username,
114       amqp_vip                 => $amqp_vip,
115       ceph_cluster_network     => $private_subnet,
116       ceph_fsid                => $ceph_fsid,
117       ceph_images_key          => $ceph_images_key,
118       ceph_mon_host            => $ceph_mon_host,
119       ceph_mon_initial_members => $ceph_mon_initial_members,
120       ceph_osd_journal_size    => $ceph_osd_journal_size,
121       ceph_osd_pool_size       => $ceph_osd_pool_size,
122       ceph_public_network      => $ceph_public_network,
123       ceph_volumes_key         => $ceph_volumes_key,
124       cinder_admin_vip         => $cinder_admin_vip,
125       cinder_db_password       => $cinder_db_password,
126       cinder_private_vip       => $cinder_private_vip,
127       cinder_public_vip        => $cinder_public_vip,
128       cinder_user_password     => $cinder_user_password,
129       cluster_control_ip       => $cluster_control_ip,
130       db_vip                   => $db_vip,
131       glance_admin_vip         => $glance_admin_vip,
132       glance_db_password       => $glance_db_password,
133       glance_private_vip       => $glance_private_vip,
134       glance_public_vip        => $glance_public_vip,
135       glance_user_password     => $glance_user_password,
136       heat_cfn_enabled         => 'false',
137       horizon_admin_vip        => $horizon_admin_vip,
138       horizon_private_vip      => $horizon_private_vip,
139       horizon_public_vip       => $horizon_public_vip,
140       include_ceilometer       => 'false',
141       include_cinder           => 'true',
142       include_glance           => 'true',
143       include_heat             => 'false',
144       include_horizon          => 'true',
145       include_keystone         => 'true',
146       include_neutron          => 'true',
147       include_nosql            => 'false',
148       include_nova             => 'true',
149       include_swift            => 'false',
150       keystone_admin_vip       => $keystone_admin_vip,
151       keystone_db_password     => $keystone_db_password,
152       keystone_private_vip     => $keystone_private_vip,
153       keystone_public_vip      => $keystone_public_vip,
154       keystone_user_password   => $keystone_user_password,
155       lb_backend_server_addrs  => $lb_backend_server_addrs,
156       lb_backend_server_names  => $lb_backend_server_names,
157       loadbalancer_vip         => $loadbalancer_vip,
158       neutron                  => 'true',
159       neutron_admin_vip        => $neutron_admin_vip,
160       neutron_db_password      => $neutron_db_password,
161       neutron_metadata_proxy_secret  => $neutron_metadata_proxy_secret,
162       neutron_private_vip      => $neutron_private_vip,
163       neutron_public_vip       => $neutron_public_vip,
164       neutron_user_password    => $neutron_user_password,
165       nova_admin_vip           => $nova_admin_vip,
166       nova_db_password         => $nova_db_password,
167       nova_private_vip         => $nova_private_vip,
168       nova_public_vip          => $nova_public_vip,
169       nova_user_password       => $nova_user_password,
170       pcmk_iface               => $ovs_tunnel_if,
171       pcmk_server_addrs        => $pcmk_server_addrs,
172       pcmk_server_names        => $pcmk_server_names,
173       private_iface            => $ovs_tunnel_if,
174     }
175     ->
176     class { "quickstack::pacemaker::common": }
177     ->
178     class { "quickstack::pacemaker::load_balancer": }
179     ->
180     class { "quickstack::pacemaker::galera":
181       mysql_root_password     => $mysql_root_password,
182       wsrep_cluster_members   => $controllers_ip_array,
183     }
184     ->
185      class { "quickstack::pacemaker::qpid": }
186     ->
187     class { "quickstack::pacemaker::rabbitmq": }
188     ->
189     class { "quickstack::pacemaker::keystone":
190       admin_email         =>  $admin_email,
191       admin_password      =>  $admin_password,
192       admin_token         =>  $keystone_admin_token,
193       cinder              =>  'true',
194       heat                =>  'false',
195       heat_cfn            =>  'false',
196       keystonerc          =>  'true',
197       use_syslog          =>  'true',
198       verbose             =>  'true',
199     }
200     ->
201     class { "quickstack::pacemaker::swift": }
202     ->
203     class { "quickstack::pacemaker::glance":
204       backend         => 'rbd',
205       debug           => true,
206       pcmk_fs_manage  => 'false',
207       use_syslog      => true,
208       verbose         => true
209     }
210     ->
211     class { "quickstack::pacemaker::nova":
212       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
213     }
214     ->
215     class { "quickstack::pacemaker::cinder":
216       backend_rbd     => true,
217       rbd_secret_uuid => $rbd_secret_uuid,
218       use_syslog      => true,
219       verbose         => true,
220       volume          => true,
221     }
222     ->
223     class { "quickstack::pacemaker::heat": }
224     ->
225     class { "quickstack::pacemaker::constraints": }
226
227     class { "quickstack::pacemaker::nosql": }
228
229     class { "quickstack::pacemaker::memcached": }
230
231     class { "quickstack::pacemaker::ceilometer":
232       ceilometer_metering_secret => $single_password,
233     }
234
235     class { "quickstack::pacemaker::horizon":
236       horizon_ca       =>  '/etc/ipa/ca.crt',
237       horizon_cert     =>  '/etc/pki/tls/certs/PUB_HOST-horizon.crt',
238       horizon_key      =>  '/etc/pki/tls/private/PUB_HOST-horizon.key',
239       secret_key       =>  $horizon_secret,
240       verbose          =>  'true',
241     }
242
243     class { "quickstack::pacemaker::neutron":
244       agent_type               =>  $this_agent,
245       enable_tunneling         =>  'true',
246       ml2_mechanism_drivers    =>  $ml2_mech_drivers,
247       ml2_network_vlan_ranges  =>  ["physnet1:10:50"],
248       odl_controller_ip        =>  $odl_control_ip,
249       odl_controller_port      =>  $odl_rest_port,
250       ovs_tunnel_iface         =>  $ovs_tunnel_if,
251       ovs_tunnel_types         =>  ["vxlan"],
252       verbose                  =>  'true',
253     }
254
255   } else {
256
257     if $public_ip == '' { fail('public_ip is empty') }
258     if $private_ip == '' { fail('private_ip is empty') }
259
260     if $odl_control_ip == '' { $odl_control_ip = $private_ip }
261
262     if $mysql_ip == '' { fail('mysql_ip is empty') }
263     if $mysql_root_password == '' { fail('mysql_root_password is empty') }
264     if $amqp_ip == '' { fail('amqp_ip is empty') }
265
266     if $memcache_ip == '' { fail('memcache_ip is empty') }
267     if $neutron_ip == '' { fail('neutron_ip is empty') }
268
269     if $keystone_db_password == '' { fail('keystone_db_password is empty') }
270
271     if $horizon_secret_key == '' { fail('horizon_secret_key is empty') }
272
273     if $nova_user_password == '' { fail('nova_user_password is empty') }
274     if $nova_db_password == '' { fail('nova_db_password is empty') }
275
276     if $cinder_user_password == '' { fail('cinder_user_password is empty') }
277     if $cinder_db_password == '' { fail('cinder_db_password is empty') }
278
279     if $glance_user_password == '' { fail('glance_user_password is empty') }
280     if $glance_db_password == '' { fail('glance_db_password is empty') }
281
282     if $neutron_user_password == '' { fail('neutron_user_password is empty') }
283     if $neutron_db_password == '' { fail('neutron_db_password is empty') }
284     if $neutron_metadata_shared_secret == '' { fail('neutron_metadata_shared_secret is empty') }
285
286     if $ceilometer_user_password == '' { fail('ceilometer_user_password is empty') }
287     if $ceilometer_metering_secret == '' { fail('ceilometer_user_password is empty') }
288
289     if $heat_user_password == '' { fail('heat_user_password is empty') }
290     if $heat_db_password == '' { fail('heat_db_password is empty') }
291     if $heat_auth_encrypt_key == '' { fail('heat_auth_encrypt_key is empty') }
292
293     if $swift_user_password == '' { fail('swift_user_password is empty') }
294     if $swift_shared_secret == '' { fail('swift_shared_secret is empty') }
295     if $swift_admin_password == '' { fail('swift_admin_password is empty') }
296
297     class { "quickstack::neutron::controller_networker":
298       admin_email                   => $admin_email,
299       admin_password                => $admin_password,
300       agent_type                    => $this_agent,
301       enable_tunneling              => true,
302       ovs_tunnel_iface              => $ovs_tunnel_if,
303       ovs_tunnel_network            => '',
304       ovs_tunnel_types              => ['vxlan'],
305       ovs_l2_population             => 'True',
306       external_network_bridge       => 'br-ex',
307       tenant_network_type           => 'vxlan',
308       tunnel_id_ranges              => '1:1000',
309       controller_admin_host         => $private_ip,
310       controller_priv_host          => $private_ip,
311       controller_pub_host           => $public_ip,
312       ssl                           => false,
313       #support_profile               => $quickstack::params::support_profile,
314       #freeipa                       => $quickstack::params::freeipa,
315
316       mysql_host                    => $mysql_ip,
317       mysql_root_password           => $mysql_root_password,
318       #amqp_provider                 => $amqp_provider,
319       amqp_host                     => $amqp_ip,
320       amqp_username                 => 'guest',
321       amqp_password                 => 'guest',
322       #amqp_nssdb_password           => $quickstack::params::amqp_nssdb_password,
323
324       keystone_admin_token          => $keystone_admin_token,
325       keystone_db_password          => $keystone_db_password,
326
327       ceilometer_metering_secret    => $ceilometer_metering_secret,
328       ceilometer_user_password      => $ceilometer_user_password,
329
330       cinder_backend_gluster        => $quickstack::params::cinder_backend_gluster,
331       cinder_backend_gluster_name   => $quickstack::params::cinder_backend_gluster_name,
332       cinder_gluster_shares         => $quickstack::params::cinder_gluster_shares,
333       cinder_user_password          => $cinder_user_password,
334       cinder_db_password            => $cinder_db_password,
335
336       glance_db_password            => $glance_db_password,
337       glance_user_password          => $glance_user_password,
338
339       heat_cfn                      => true,
340       heat_cloudwatch               => true,
341       heat_db_password              => $heat_db_password,
342       heat_user_password            => $heat_user_password,
343       heat_auth_encrypt_key         => $heat_auth_encrypt_key,
344
345       horizon_secret_key            => $horizon_secret_key,
346       horizon_ca                    => $quickstack::params::horizon_ca,
347       horizon_cert                  => $quickstack::params::horizon_cert,
348       horizon_key                   => $quickstack::params::horizon_key,
349  
350       ml2_mechanism_drivers         => $ml2_mech_drivers,
351
352       #neutron                       => true,
353       neutron_metadata_proxy_secret => $neutron_metadata_shared_secret,
354       neutron_db_password           => $neutron_db_password,
355       neutron_user_password         => $neutron_user_password,
356
357       nova_db_password              => $nova_db_password,
358       nova_user_password            => $nova_user_password,
359
360       odl_controller_ip             => $odl_control_ip,
361       odl_controller_port           => $odl_rest_port,
362
363       swift_shared_secret           => $swift_shared_secret,
364       swift_admin_password          => $swift_admin_password,
365       swift_ringserver_ip           => '192.168.203.1',
366       swift_storage_ips             => ["192.168.203.2","192.168.203.3","192.168.203.4"],
367       swift_storage_device          => 'device1',
368     }
369
370   }
371 }
Base set of infrastructure components for OPNFV to run example VNFs