Add support for the OpenStack Icehouse Release (2014.1)

This commit adds support for the OpenStack Icehouse release. Add the auth_encryption_key parameter to the heat::engine call More recent versions of the puppet-heat module, starting in Dec '13, require a auth_encryption_key parameter to be passed to the engine class. Kickstack didn't pass on the parameter, which caused the installation of Heat to fail. This commit adds the parameter, sets it automatically and exports it as fact. Applying this fix makes deploying Heat via Kickstack possible again. Add database configuration to neutron.conf Previous versions of Kickstack would have the database configuration in the plugin. By now, apparently, the recommended mechanism is to have the DB configuration happen in neutron.conf -- at least the ML2 class of the Neutron module doesn't even implement database parameters anymore. Thus, we need the database configuration in neutron.conf. This commit adds the required parameters to the neutron class. Bump dependency on puppetlabs-openstack to 4.0.0 Add three new template files required for Icehouse Icehouse doesn't ship the L2 OVS agent configuration file by default anymore, so we need to supply it. Also, the Upstart jobs for Neutron on Ubuntu 12.04 are broken for setups using OVS instead ov ML2. Fix them by supplying appropriate replacements. Ensure the L2 configuration file and Upstart job works properly The Icehouse packages for Ubuntu assume that Neutron is using the ML2 plugin by default; older setups using OVS continue to be supported for this release though. However, when installing the L2 agent package for OVS, the Upstart file is broken for OVS (i.e. non-ml2) usage and the OVS configuration file is missing altogether. These commits add back a proper OVS configuration file and ensure that on Ubuntu systems, the Upstart job makes the agent watch out for the correct configuration file (the OVS one instead of the ML2 one). Ensure Neutron is properly configured for Nova notifications Starting with the Icehouse release, Neutron can talk to Nova directly using so-called notifications. For this to work, Neutron needs to know how to talk to Nova. This commit enables the required portion of functionality by calling neutron::server:notifications in the Neutron puppet module. Also, the Nova API address is exported as a separate fact in the Nova module. Also, the Nova API IP is exported as a separate fact. Also, this ensures that on Debian and Ubuntu systems, the default file for the Neutron server points to the appropriate OVS configuration if OVS is used as a driver instead of ML2. Change call of the repo function to match new name puppet-openstack 4.0.0 and newer use openstack::resources::repo to add the OpenStack software repositories locally; this commit makes Kickstack use the new name. Move the neutron nova notification stuff into a separate class Properly define auth URI for Cinder Newer versions of the puppet-cinder module automatically guess what the Auth URI is if it's not set separately; by setting it explicitly, we make sure it has the right value all the time. Ensure directories are there before installing files The current OVS agent packages don't even ship the directory required for the OVS agent configuration file anymore; create it before putting the file in place. Don't explicitly enable Securitygroups anymore Previous versions of kickstack had to enable Securitygroups because the Neutron module was broken; the module was fixed now, so this is just not necessary anymore. This deletes the neutron nova notifications call from server.pp Not required here anymore as this has moved into a separate class. Include the nova notifications class in api role Change-Id: Ifc10b7b981153e0261da76cd290bce7337c1e6be
2014-04-22 13:52:02 +02:00 · 2014-04-22 13:52:02 +02:00 · 2bff9da142
commit 2bff9da142
parent c5567a2554
15 changed files with 280 additions and 11 deletions
--- a/2
+++ b/2
@ -9,5 +9,5 @@ project_page 'https://github.com/hastexo/kickstack'

 dependency 'hastexo/exportfact', '>= 0.1.1'
 dependency 'puppetlabs/lvm', '>= 0.1.2'
-dependency 'puppetlabs/openstack', '>= 3.0.0'
+dependency 'puppetlabs/openstack', '>= 4.0.0'
 dependency 'rgevaert/pwgen', '>= 0.0.1'
--- a/manifests/cinder/api.pp
+++ b/manifests/cinder/api.pp
@ -11,6 +11,7 @@ class kickstack::cinder::api inherits kickstack {
    keystone_user     => 'cinder',
    keystone_password => $service_password,
    keystone_auth_host => $keystone_internal_address,
+    keystone_auth_uri => "http://${keystone_internal_address}:5000/v2.0",
    package_ensure => $::kickstack::package_version,
  }

--- a/manifests/heat/config.pp
+++ b/manifests/heat/config.pp
@ -18,7 +18,7 @@ class kickstack::heat::config inherits kickstack {
        rpc_backend     => 'heat.openstack.common.rpc.impl_kombu',
        rabbit_host     => $rabbit_host,
        rabbit_password => $rabbit_password,
-        rabbit_virtualhost => $::kickstack::rabbit_virtual_host,
+        rabbit_virtual_host => $::kickstack::rabbit_virtual_host,
        rabbit_userid   => $::kickstack::rabbit_userid,
        keystone_host   => $auth_host,
        keystone_tenant => $kickstack::keystone_service_tenant,
--- a/manifests/heat/engine.pp
+++ b/manifests/heat/engine.pp
@ -1,9 +1,16 @@
 class kickstack::heat::engine inherits kickstack {
-  
+
+  include pwgen
  include ::kickstack::heat::config

+  $heat_auth_encryption_key = pick(getvar("${fact_prefix}heat_auth_encryption_key"),pwgen())
  $apis = split($::kickstack::heat_apis,',')

+  kickstack::exportfact::export { 'heat_auth_encryption_key':
+    value => $heat_auth_encryption_key,
+    tag => 'heat'
+  }
+
  if 'heat' in $apis {
    $metadata_server = getvar("${fact_prefix}heat_metadata_server")
    $metadata_server_url = "http://${metadata_server}:8000"
@ -20,6 +27,7 @@ class kickstack::heat::engine inherits kickstack {
      heat_metadata_server_url => $metadata_server_url,
      heat_waitcondition_server_url => $waitcondition_server_url,
      heat_watch_server_url => $watch_server_url,
+      auth_encryption_key => $heat_auth_encryption_key,
    }
  }
  
--- a/manifests/neutron/agent/l2/compute.pp
+++ b/manifests/neutron/agent/l2/compute.pp
@ -6,6 +6,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {

  case "$::kickstack::neutron_plugin" {
    'ovs': {
+      file { "/etc/neutron/plugins/openvswitch/":
+        ensure => directory,
+      }
+      file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
+        content => template("kickstack/l2-agent-config.erb"),
+        replace => false,
+      }
      case $tenant_network_type {
        'gre': {
          $local_tunnel_ip = getvar("ipaddress_${nic_data}")
@ -18,6 +25,7 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {
            tunnel_bridge      => $::kickstack::neutron_tunnel_bridge,
            tunnel_types       => ['gre'],
            package_ensure => $::kickstack::package_version,
+            require        => [ File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
          }
        }
        default: {
@ -32,6 +40,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack {
          }
        }
      }
+      case $::osfamily {
+        'Debian': {
+          file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
+            content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
+          }
+        }
+      }
    }
    'linuxbridge': {
      class { "neutron::agents::linuxbridge":
--- a/manifests/neutron/agent/l2/network.pp
+++ b/manifests/neutron/agent/l2/network.pp
@ -7,6 +7,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack {

  case "$::kickstack::neutron_plugin" {
    'ovs': {
+      file { "/etc/neutron/plugins/openvswitch/":
+        ensure => directory,
+      }
+      file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini":
+        content => template("kickstack/l2-agent-config.erb"),
+        replace => false,
+      }
      case $tenant_network_type {
        'gre': {
          $local_tunnel_ip = getvar("ipaddress_${nic_data}")
@ -20,8 +27,8 @@ class kickstack::neutron::agent::l2::network inherits kickstack {
            local_ip           => $local_tunnel_ip,
            tunnel_bridge      => $::kickstack::neutron_tunnel_bridge,
            tunnel_types       => ['gre'],
-            require            => Class['::kickstack::neutron::agent::l3'],
            package_ensure => $::kickstack::package_version,
+            require        => [ Class['::kickstack::neutron::agent::l3'], File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ],
          }
        }
        default: {
@ -39,6 +46,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack {
          }
        }
      }
+      case $::osfamily {
+        'Debian': {
+          file { "/etc/init/neutron-plugin-openvswitch-agent.conf":
+            content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"),
+          }
+        }
+      }
    }
    'linuxbridge': {
      class { "neutron::agents::linuxbridge":
--- a/manifests/neutron/plugin.pp
+++ b/manifests/neutron/plugin.pp
@ -22,12 +22,6 @@ class kickstack::neutron::plugin inherits kickstack {
        tunnel_id_ranges => $tunnel_id_ranges,
        package_ensure => $::kickstack::package_version,
      }
-      # This needs to be set for the plugin, not the agent
-      # (the latter is what the Neutron module assumes)
-      neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver':
-        value => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver',
-        require => Class['neutron::plugins::ovs']
-      }
    }
    'linuxbridge': {
      class { "neutron::plugins::linuxbridge":
--- a/manifests/neutron/server.pp
+++ b/manifests/neutron/server.pp
@ -5,12 +5,15 @@ class kickstack::neutron::server inherits kickstack {

  $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
  $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
+  $database_connection = getvar("${fact_prefix}neutron_sql_connection")
+  $nova_api_address = getvar("${fact_prefix}nova_api_address")

  class { '::neutron::server':
    auth_tenant   => $kickstack::keystone_service_tenant,
    auth_user     => 'neutron',
    auth_password => $service_password,
    auth_host     => $keystone_internal_address,
+    database_connection => $database_connection,
    package_ensure => $::kickstack::package_version,
  }

@ -25,4 +28,12 @@ class kickstack::neutron::server inherits kickstack {
    require => Class['::neutron::server']
  }

+  case $::osfamily {
+    'Debian': {
+      file { 'neutron-server-default':
+        path => '/etc/default/neutron-server',
+        content => template("kickstack/default.neutron-server.erb"),
+      }
+    }
+  }
 }
--- a/manifests/neutron/server/notifications.pp
+++ b/manifests/neutron/server/notifications.pp
@ -0,0 +1,20 @@
+class kickstack::neutron::server::notifications inherits kickstack {
+
+  include kickstack::neutron::config
+  include pwgen
+
+  $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen())
+  $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address")
+  $database_connection = getvar("${fact_prefix}neutron_sql_connection")
+  $nova_service_password = getvar("${fact_prefix}nova_keystone_password")
+  $nova_api_address = getvar("${fact_prefix}nova_api_address")
+
+  class { '::neutron::server::notifications':
+    nova_url               => "http://${nova_api_address}:8774/v2",
+    nova_admin_username    => 'nova',
+    nova_admin_tenant_name => $kickstack::keystone_service_tenant,
+    nova_admin_password    => $nova_service_password,
+    nova_admin_auth_url    => "http://${keystone_internal_address}:35357/v2.0",
+    nova_region_name       => $kickstack::params::keystone_region,
+  }
+}
--- a/manifests/node/api.pp
+++ b/manifests/node/api.pp
@ -40,10 +40,17 @@ class kickstack::node::api inherits kickstack {
    # This looks a bit silly, but is currently necessary: in order to configure nova-api
    # as a Neutron client, we first need to install nova-api and neutron-server in one
    # run, and then fix up Nova with the Neutron configuration in the next run.
+    #
+    # The same applies to Neutron with regards to Nova notifications, but the other way
+    # around.
    $neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password")
+    $nova_keystone_password = getvar("${::kickstack::fact_prefix}nova_keystone_password")
    if $neutron_keystone_password {
      include kickstack::nova::neutronclient
    }
+    if $nova_keystone_password {
+      include kickstack::neutron::server::notifications
+    }
  }

  if $keystone_internal_address and $heat_sql_conn and $amqp_host and $amqp_password {
--- a/manifests/nova/api.pp
+++ b/manifests/nova/api.pp
@ -32,6 +32,12 @@ class kickstack::nova::api inherits kickstack {
    require           => Class['::nova::api']
  }

+  kickstack::exportfact::export { "nova_api_address":
+    value => "${hostname}",
+    tag => "nova",
+    require => Class['::nova::api']
+  }
+
  # Export the metadata API IP address and shared secret, to be picked up
  # by the Neutron metadata proxy agent on the network node
  kickstack::exportfact::export { "nova_metadata_ip":
@ -39,6 +45,7 @@ class kickstack::nova::api inherits kickstack {
    tag => "nova",
    require => Class['::nova::api']
  }
+
  kickstack::exportfact::export { "neutron_metadata_shared_secret":
    value => $neutron_secret,
    tag => 'nova',
--- a/manifests/repo.pp
+++ b/manifests/repo.pp
@ -1,5 +1,5 @@
 class kickstack::repo inherits kickstack {
-  class { '::openstack::repo':
+  class { '::openstack::resources::repo':
    release => $::kickstack::release
  }
 }
--- a/templates/default.neutron-server.erb
+++ b/templates/default.neutron-server.erb
@ -0,0 +1,5 @@
+# defaults for neutron-server
+
+# path to config file corresponding to the core_plugin specified in
+# neutron.conf
+NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"
--- a/templates/init.neutron-plugin-openvswitch-agent.erb
+++ b/templates/init.neutron-plugin-openvswitch-agent.erb
@ -0,0 +1,17 @@
+# vim:set ft=upstart ts=2 et:
+description "Neutron OpenvSwitch Plugin Agent"
+author "Chuck Short <zulcss@ubuntu.com>"
+
+start on runlevel [2345] and started neutron-ovs-cleanup
+stop on runlevel [!2345]
+
+respawn
+
+chdir /var/run
+
+pre-start script
+  mkdir -p /var/run/neutron
+  chown neutron:root /var/run/neutron
+end script
+
+exec start-stop-daemon --start --chuid neutron --exec /usr/bin/neutron-openvswitch-agent -- --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file=/var/log/neutron/openvswitch-agent.log
--- a/templates/l2-agent-config.erb
+++ b/templates/l2-agent-config.erb
@ -0,0 +1,170 @@
+[ovs]
+# (StrOpt) Type of network to allocate for tenant networks. The
+# default value 'local' is useful only for single-box testing and
+# provides no connectivity between hosts. You MUST either change this
+# to 'vlan' and configure network_vlan_ranges below or change this to
+# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for
+# tenant networks to provide connectivity between hosts. Set to 'none'
+# to disable creation of tenant networks.
+#
+# tenant_network_type = local
+# Example: tenant_network_type = gre
+# Example: tenant_network_type = vxlan
+
+# (ListOpt) Comma-separated list of
+# <physical_network>[:<vlan_min>:<vlan_max>] tuples enumerating ranges
+# of VLAN IDs on named physical networks that are available for
+# allocation. All physical networks listed are available for flat and
+# VLAN provider network creation. Specified ranges of VLAN IDs are
+# available for tenant network allocation if tenant_network_type is
+# 'vlan'. If empty, only gre, vxlan and local networks may be created.
+#
+# network_vlan_ranges =
+# Example: network_vlan_ranges = physnet1:1000:2999
+
+# (BoolOpt) Set to True in the server and the agents to enable support
+# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and
+# GRE or VXLAN tunneling.
+#
+# WARNING: This option will be deprecated in the Icehouse release, at which
+#          point setting tunnel_type below will be required to enable
+#          tunneling.
+#
+# enable_tunneling = False
+
+# (StrOpt) The type of tunnel network, if any, supported by the plugin. If
+# this is set, it will cause tunneling to be enabled. If this is not set and
+# the option enable_tunneling is set, this will default to 'gre'.
+#
+# tunnel_type =
+# Example: tunnel_type = gre
+# Example: tunnel_type = vxlan
+
+# (ListOpt) Comma-separated list of <tun_min>:<tun_max> tuples
+# enumerating ranges of GRE or VXLAN tunnel IDs that are available for
+# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'.
+#
+# tunnel_id_ranges =
+# Example: tunnel_id_ranges = 1:1000
+
+# Do not change this parameter unless you have a good reason to.
+# This is the name of the OVS integration bridge. There is one per hypervisor.
+# The integration bridge acts as a virtual "patch bay". All VM VIFs are
+# attached to this bridge and then "patched" according to their network
+# connectivity.
+#
+# integration_bridge = br-int
+
+# Only used for the agent if tunnel_id_ranges (above) is not empty for
+# the server.  In most cases, the default value should be fine.
+#
+# tunnel_bridge = br-tun
+
+# Peer patch port in integration bridge for tunnel bridge
+# int_peer_patch_port = patch-tun
+
+# Peer patch port in tunnel bridge for integration bridge
+# tun_peer_patch_port = patch-int
+
+# Uncomment this line for the agent if tunnel_id_ranges (above) is not
+# empty for the server. Set local-ip to be the local IP address of
+# this hypervisor.
+#
+# local_ip =
+
+# (ListOpt) Comma-separated list of <physical_network>:<bridge> tuples
+# mapping physical network names to the agent's node-specific OVS
+# bridge names to be used for flat and VLAN networks. The length of
+# bridge names should be no more than 11. Each bridge must
+# exist, and should have a physical network interface configured as a
+# port. All physical networks listed in network_vlan_ranges on the
+# server should have mappings to appropriate bridges on each agent.
+#
+# bridge_mappings =
+# Example: bridge_mappings = physnet1:br-eth1
+
+[agent]
+# Agent's polling interval in seconds
+# polling_interval = 2
+
+# Minimize polling by monitoring ovsdb for interface changes
+# minimize_polling = True
+
+# When minimize_polling = True, the number of seconds to wait before
+# respawning the ovsdb monitor after losing communication with it
+# ovsdb_monitor_respawn_interval = 30
+
+# (ListOpt) The types of tenant network tunnels supported by the agent.
+# Setting this will enable tunneling support in the agent. This can be set to
+# either 'gre' or 'vxlan'. If this is unset, it will default to [] and
+# disable tunneling support in the agent. When running the agent with the OVS
+# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section.
+# When running the agent with ML2, you can specify as many values here as
+# your compute hosts supports.
+#
+# tunnel_types =
+tunnel_types =gre
+# Example: tunnel_types = gre
+# Example: tunnel_types = vxlan
+# Example: tunnel_types = vxlan, gre
+
+# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By
+# default, this will make use of the Open vSwitch default value of '4789' if
+# not specified.
+#
+# vxlan_udp_port =
+# Example: vxlan_udp_port = 8472
+
+# (IntOpt) This is the MTU size of veth interfaces.
+# Do not change unless you have a good reason to.
+# The default MTU size of veth interfaces is 1500.
+# veth_mtu =
+# Example: veth_mtu = 1504
+
+# (BoolOpt) Flag to enable l2-population extension. This option should only be
+# used in conjunction with ml2 plugin and l2population mechanism driver. It'll
+# enable plugin to populate remote ports macs and IPs (using fdb_add/remove
+# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to
+# optimize tunnel management.
+#
+# l2_population = False
+
+[securitygroup]
+# Firewall driver for realizing neutron security group function.
+# firewall_driver = neutron.agent.firewall.NoopFirewallDriver
+# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
+
+# Controls if neutron security group is enabled or not.
+# It should be false when you use nova security group.
+# enable_security_group = True
+
+#-----------------------------------------------------------------------------
+# Sample Configurations.
+#-----------------------------------------------------------------------------
+#
+# 1. With VLANs on eth1.
+# [ovs]
+# network_vlan_ranges = default:2000:3999
+# tunnel_id_ranges =
+# integration_bridge = br-int
+# bridge_mappings = default:br-eth1
+#
+# 2. With GRE tunneling.
+# [ovs]
+# network_vlan_ranges =
+# tunnel_id_ranges = 1:1000
+# integration_bridge = br-int
+# tunnel_bridge = br-tun
+# local_ip = 10.0.0.3
+#
+# 3. With VXLAN tunneling.
+# [ovs]
+# network_vlan_ranges =
+# tenant_network_type = vxlan
+# tunnel_type = vxlan
+# tunnel_id_ranges = 1:1000
+# integration_bridge = br-int
+# tunnel_bridge = br-tun
+# local_ip = 10.0.0.3
+# [agent]
+# tunnel_types = vxlan