openstack/puppet-openstack-integration
Code Issues Proposed changes
puppet-openstack-integration/manifests/neutron.pp
Andrew Smith c82f5689cb Add support for dual oslo.messaging backend configuration 
Introduce configuration parameters to specify the oslo.messaging
rpc or notification backend as one of rabbit, amqp. The default
config is to use rabbit broker for both rpc and notification. Selection
of amqp for rpc will use brokerless qpid-dispatch router.

This patch:
* Adds notification_transport_url parameter across services where needed
* Adds rpc and notification parameters to config
* Adds qdr for rpc amqp1 configuration
* Modifies scenario001 for dual messaging backends
* supports ssl config

Depends-On: Id6ebc4ce8b0ffdb0be92a758dbf89c84c3274725
Change-Id: Ia2a79a2e1482f6f72426bc81c8e6d2a04cb211e3
2017-08-27 10:44:31 -04:00

234 lines
8.4 KiB
Puppet
Raw Blame History

# Configure the Neutron service
#
# [*driver*]
# (optional) Neutron Driver to test
# Can be: openvswitch or linuxbridge.
# Defaults to 'openvswitch'.
#
# [*bgpvpn_enabled*]
# (optional) Flag to enable BGPVPN
# API extensions.
# Defaults to false.
#
# [*l2gw_enabled*]
# (optional) Flag to enable L2GW.
# Defaults to false.
#
class openstack_integration::neutron (
$driver = 'openvswitch',
$bgpvpn_enabled = false,
$l2gw_enabled = false,
) {
include ::openstack_integration::config
include ::openstack_integration::params
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'neutron':
notify => Service['neutron-server'],
require => Package['neutron'],
}
Exec['update-ca-certificates'] ~> Service['neutron-server']
}
rabbitmq_user { 'neutron':
admin => true,
password => 'an_even_bigger_secret',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { 'neutron@/':
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
Rabbitmq_user_permissions['neutron@/'] -> Service<| tag == 'neutron-service' |>
if $::openstack_integration::config::messaging_default_proto == 'amqp' {
qdr_user { 'neutron':
password => 'an_even_bigger_secret',
provider => 'sasl',
require => Class['::qdr'],
}
}
case $driver {
'openvswitch': {
include ::vswitch::ovs
# Functional test for Open-vSwitch:
# create dummy loopback interface to exercise adding a port to a bridge
vs_bridge { 'br-ex':
ensure => present,
notify => Exec['create_loop1_port'],
}
exec { 'create_loop1_port':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip link add name loop1 type dummy && ip addr add 127.2.0.1/24 dev loop1',
refreshonly => true,
}
-> vs_port { 'loop1':
ensure => present,
bridge => 'br-ex',
notify => Exec['create_br-ex_vif'],
}
# creates br-ex virtual interface to reach floating-ip network
exec { 'create_br-ex_vif':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip addr add 172.24.5.1/24 dev br-ex && ip link set br-ex up',
refreshonly => true,
}
class { '::neutron::agents::ml2::ovs':
local_ip => '127.0.0.1',
tunnel_types => ['vxlan'],
bridge_mappings => ['external:br-ex'],
manage_vswitch => false,
}
$firewall_driver = 'iptables_hybrid'
}
'linuxbridge': {
exec { 'create_dummy_iface':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
unless => 'ip l show loop0',
command => 'ip link add name loop0 type dummy && ip addr add 172.24.5.1/24 dev loop0 && ip link set loop0 up',
}
class { '::neutron::agents::ml2::linuxbridge':
local_ip => $::ipaddress,
tunnel_types => ['vxlan'],
physical_interface_mappings => ['external:loop0'],
}
$firewall_driver = 'iptables'
}
default: {
fail("Unsupported neutron driver (${driver})")
}
}
class { '::neutron::db::mysql':
password => 'neutron',
}
class { '::neutron::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:9696",
internal_url => "${::openstack_integration::config::base_url}:9696",
admin_url => "${::openstack_integration::config::base_url}:9696",
password => 'a_big_secret',
}
$bgpvpn_plugin = $bgpvpn_enabled ? {
true => 'bgpvpn',
default => undef,
}
if $l2gw_enabled {
if ($::operatingsystem == 'Ubuntu') {
class {'::neutron::services::l2gw': }
$l2gw_provider = 'L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default'
}
elsif ($::operatingsystem != 'Ubuntu') {
class {'::neutron::services::l2gw':
service_providers => ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
}
$l2gw_provider = undef
}
}
$l2gw_plugin = $l2gw_enabled ? {
true => 'networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin',
default => undef,
}
$plugins_list = delete_undef_values(['router', 'metering', 'firewall', 'lbaasv2', $bgpvpn_plugin, $l2gw_plugin])
class { '::neutron':
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => $plugins_list,
debug => true,
bind_host => $::openstack_integration::config::host,
use_ssl => $::openstack_integration::config::ssl,
cert_file => $::openstack_integration::params::cert_path,
key_file => "/etc/neutron/ssl/private/${::fqdn}.pem",
}
class { '::neutron::client': }
class { '::neutron::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
auth_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
}
$providers_list = delete_undef_values(['LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
'LOADBALANCERV2:Haproxy:neutron_lbaas.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
'FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default',
$l2gw_provider])
class { '::neutron::server':
database_connection => 'mysql+pymysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
sync_db => true,
api_workers => 2,
rpc_workers => 2,
service_providers => $providers_list,
}
class { '::neutron::services::lbaas': }
class { '::neutron::plugins::ml2':
type_drivers => ['vxlan', 'vlan', 'flat'],
tenant_network_types => ['vxlan', 'vlan', 'flat'],
extension_drivers => 'port_security',
mechanism_drivers => $driver,
firewall_driver => $firewall_driver,
}
class { '::neutron::agents::metadata':
debug => true,
shared_secret => 'a_big_secret',
metadata_workers => 2,
}
class { '::neutron::agents::lbaas':
interface_driver => $driver,
debug => true,
}
class { '::neutron::agents::l3':
interface_driver => $driver,
debug => true,
extensions => 'fwaas',
}
class { '::neutron::agents::dhcp':
interface_driver => $driver,
debug => true,
}
class { '::neutron::agents::metering':
interface_driver => $driver,
debug => true,
}
class { '::neutron::server::notifications':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
}
class { '::neutron::services::fwaas':
enabled => true,
agent_version => 'v1',
driver => 'neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriver',
}
if $bgpvpn_enabled {
class {'::neutron::services::bgpvpn':
service_providers => 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
}
}
}
View Git Blame Copy Permalink