diff --git a/Modulefile b/Modulefile index 54c3128..16a54ab 100644 --- a/Modulefile +++ b/Modulefile @@ -9,5 +9,5 @@ project_page 'https://github.com/hastexo/kickstack' dependency 'hastexo/exportfact', '>= 0.1.1' dependency 'puppetlabs/lvm', '>= 0.1.2' -dependency 'puppetlabs/openstack', '>= 3.0.0' +dependency 'puppetlabs/openstack', '>= 4.0.0' dependency 'rgevaert/pwgen', '>= 0.0.1' diff --git a/manifests/cinder/api.pp b/manifests/cinder/api.pp index 5960c44..a05fa24 100644 --- a/manifests/cinder/api.pp +++ b/manifests/cinder/api.pp @@ -11,6 +11,7 @@ class kickstack::cinder::api inherits kickstack { keystone_user => 'cinder', keystone_password => $service_password, keystone_auth_host => $keystone_internal_address, + keystone_auth_uri => "http://${keystone_internal_address}:5000/v2.0", package_ensure => $::kickstack::package_version, } diff --git a/manifests/heat/config.pp b/manifests/heat/config.pp index 35e875f..895b599 100644 --- a/manifests/heat/config.pp +++ b/manifests/heat/config.pp @@ -18,7 +18,7 @@ class kickstack::heat::config inherits kickstack { rpc_backend => 'heat.openstack.common.rpc.impl_kombu', rabbit_host => $rabbit_host, rabbit_password => $rabbit_password, - rabbit_virtualhost => $::kickstack::rabbit_virtual_host, + rabbit_virtual_host => $::kickstack::rabbit_virtual_host, rabbit_userid => $::kickstack::rabbit_userid, keystone_host => $auth_host, keystone_tenant => $kickstack::keystone_service_tenant, diff --git a/manifests/heat/engine.pp b/manifests/heat/engine.pp index f5830a2..b18d4ff 100644 --- a/manifests/heat/engine.pp +++ b/manifests/heat/engine.pp @@ -1,9 +1,16 @@ class kickstack::heat::engine inherits kickstack { - + + include pwgen include ::kickstack::heat::config + $heat_auth_encryption_key = pick(getvar("${fact_prefix}heat_auth_encryption_key"),pwgen()) $apis = split($::kickstack::heat_apis,',') + kickstack::exportfact::export { 'heat_auth_encryption_key': + value => $heat_auth_encryption_key, + tag => 'heat' + } + if 'heat' in $apis { $metadata_server = getvar("${fact_prefix}heat_metadata_server") $metadata_server_url = "http://${metadata_server}:8000" @@ -20,6 +27,7 @@ class kickstack::heat::engine inherits kickstack { heat_metadata_server_url => $metadata_server_url, heat_waitcondition_server_url => $waitcondition_server_url, heat_watch_server_url => $watch_server_url, + auth_encryption_key => $heat_auth_encryption_key, } } diff --git a/manifests/neutron/agent/l2/compute.pp b/manifests/neutron/agent/l2/compute.pp index 50bbdbd..edccf49 100644 --- a/manifests/neutron/agent/l2/compute.pp +++ b/manifests/neutron/agent/l2/compute.pp @@ -6,6 +6,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack { case "$::kickstack::neutron_plugin" { 'ovs': { + file { "/etc/neutron/plugins/openvswitch/": + ensure => directory, + } + file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini": + content => template("kickstack/l2-agent-config.erb"), + replace => false, + } case $tenant_network_type { 'gre': { $local_tunnel_ip = getvar("ipaddress_${nic_data}") @@ -18,6 +25,7 @@ class kickstack::neutron::agent::l2::compute inherits kickstack { tunnel_bridge => $::kickstack::neutron_tunnel_bridge, tunnel_types => ['gre'], package_ensure => $::kickstack::package_version, + require => [ File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ], } } default: { @@ -32,6 +40,13 @@ class kickstack::neutron::agent::l2::compute inherits kickstack { } } } + case $::osfamily { + 'Debian': { + file { "/etc/init/neutron-plugin-openvswitch-agent.conf": + content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"), + } + } + } } 'linuxbridge': { class { "neutron::agents::linuxbridge": diff --git a/manifests/neutron/agent/l2/network.pp b/manifests/neutron/agent/l2/network.pp index d63e29f..2faf510 100644 --- a/manifests/neutron/agent/l2/network.pp +++ b/manifests/neutron/agent/l2/network.pp @@ -7,6 +7,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack { case "$::kickstack::neutron_plugin" { 'ovs': { + file { "/etc/neutron/plugins/openvswitch/": + ensure => directory, + } + file { "/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini": + content => template("kickstack/l2-agent-config.erb"), + replace => false, + } case $tenant_network_type { 'gre': { $local_tunnel_ip = getvar("ipaddress_${nic_data}") @@ -20,8 +27,8 @@ class kickstack::neutron::agent::l2::network inherits kickstack { local_ip => $local_tunnel_ip, tunnel_bridge => $::kickstack::neutron_tunnel_bridge, tunnel_types => ['gre'], - require => Class['::kickstack::neutron::agent::l3'], package_ensure => $::kickstack::package_version, + require => [ Class['::kickstack::neutron::agent::l3'], File["/etc/neutron/plugins/openvswitch/"], File["/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini"] ], } } default: { @@ -39,6 +46,13 @@ class kickstack::neutron::agent::l2::network inherits kickstack { } } } + case $::osfamily { + 'Debian': { + file { "/etc/init/neutron-plugin-openvswitch-agent.conf": + content => template("kickstack/init.neutron-plugin-openvswitch-agent.erb"), + } + } + } } 'linuxbridge': { class { "neutron::agents::linuxbridge": diff --git a/manifests/neutron/plugin.pp b/manifests/neutron/plugin.pp index f9429b6..81e3d83 100644 --- a/manifests/neutron/plugin.pp +++ b/manifests/neutron/plugin.pp @@ -22,12 +22,6 @@ class kickstack::neutron::plugin inherits kickstack { tunnel_id_ranges => $tunnel_id_ranges, package_ensure => $::kickstack::package_version, } - # This needs to be set for the plugin, not the agent - # (the latter is what the Neutron module assumes) - neutron_plugin_ovs { 'SECURITYGROUP/firewall_driver': - value => 'neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver', - require => Class['neutron::plugins::ovs'] - } } 'linuxbridge': { class { "neutron::plugins::linuxbridge": diff --git a/manifests/neutron/server.pp b/manifests/neutron/server.pp index 9547f26..ce8774d 100644 --- a/manifests/neutron/server.pp +++ b/manifests/neutron/server.pp @@ -5,12 +5,15 @@ class kickstack::neutron::server inherits kickstack { $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen()) $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address") + $database_connection = getvar("${fact_prefix}neutron_sql_connection") + $nova_api_address = getvar("${fact_prefix}nova_api_address") class { '::neutron::server': auth_tenant => $kickstack::keystone_service_tenant, auth_user => 'neutron', auth_password => $service_password, auth_host => $keystone_internal_address, + database_connection => $database_connection, package_ensure => $::kickstack::package_version, } @@ -25,4 +28,12 @@ class kickstack::neutron::server inherits kickstack { require => Class['::neutron::server'] } + case $::osfamily { + 'Debian': { + file { 'neutron-server-default': + path => '/etc/default/neutron-server', + content => template("kickstack/default.neutron-server.erb"), + } + } + } } diff --git a/manifests/neutron/server/notifications.pp b/manifests/neutron/server/notifications.pp new file mode 100644 index 0000000..7e1e3c2 --- /dev/null +++ b/manifests/neutron/server/notifications.pp @@ -0,0 +1,20 @@ +class kickstack::neutron::server::notifications inherits kickstack { + + include kickstack::neutron::config + include pwgen + + $service_password = pick(getvar("${fact_prefix}neutron_keystone_password"),pwgen()) + $keystone_internal_address = getvar("${fact_prefix}keystone_internal_address") + $database_connection = getvar("${fact_prefix}neutron_sql_connection") + $nova_service_password = getvar("${fact_prefix}nova_keystone_password") + $nova_api_address = getvar("${fact_prefix}nova_api_address") + + class { '::neutron::server::notifications': + nova_url => "http://${nova_api_address}:8774/v2", + nova_admin_username => 'nova', + nova_admin_tenant_name => $kickstack::keystone_service_tenant, + nova_admin_password => $nova_service_password, + nova_admin_auth_url => "http://${keystone_internal_address}:35357/v2.0", + nova_region_name => $kickstack::params::keystone_region, + } +} diff --git a/manifests/node/api.pp b/manifests/node/api.pp index 85957f4..a093130 100644 --- a/manifests/node/api.pp +++ b/manifests/node/api.pp @@ -40,10 +40,17 @@ class kickstack::node::api inherits kickstack { # This looks a bit silly, but is currently necessary: in order to configure nova-api # as a Neutron client, we first need to install nova-api and neutron-server in one # run, and then fix up Nova with the Neutron configuration in the next run. + # + # The same applies to Neutron with regards to Nova notifications, but the other way + # around. $neutron_keystone_password = getvar("${::kickstack::fact_prefix}neutron_keystone_password") + $nova_keystone_password = getvar("${::kickstack::fact_prefix}nova_keystone_password") if $neutron_keystone_password { include kickstack::nova::neutronclient } + if $nova_keystone_password { + include kickstack::neutron::server::notifications + } } if $keystone_internal_address and $heat_sql_conn and $amqp_host and $amqp_password { diff --git a/manifests/nova/api.pp b/manifests/nova/api.pp index 72ce611..dc0de08 100644 --- a/manifests/nova/api.pp +++ b/manifests/nova/api.pp @@ -32,6 +32,12 @@ class kickstack::nova::api inherits kickstack { require => Class['::nova::api'] } + kickstack::exportfact::export { "nova_api_address": + value => "${hostname}", + tag => "nova", + require => Class['::nova::api'] + } + # Export the metadata API IP address and shared secret, to be picked up # by the Neutron metadata proxy agent on the network node kickstack::exportfact::export { "nova_metadata_ip": @@ -39,6 +45,7 @@ class kickstack::nova::api inherits kickstack { tag => "nova", require => Class['::nova::api'] } + kickstack::exportfact::export { "neutron_metadata_shared_secret": value => $neutron_secret, tag => 'nova', diff --git a/manifests/repo.pp b/manifests/repo.pp index b702304..08dfd68 100644 --- a/manifests/repo.pp +++ b/manifests/repo.pp @@ -1,5 +1,5 @@ class kickstack::repo inherits kickstack { - class { '::openstack::repo': + class { '::openstack::resources::repo': release => $::kickstack::release } } diff --git a/templates/default.neutron-server.erb b/templates/default.neutron-server.erb new file mode 100644 index 0000000..c4b8e86 --- /dev/null +++ b/templates/default.neutron-server.erb @@ -0,0 +1,5 @@ +# defaults for neutron-server + +# path to config file corresponding to the core_plugin specified in +# neutron.conf +NEUTRON_PLUGIN_CONFIG="/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini" diff --git a/templates/init.neutron-plugin-openvswitch-agent.erb b/templates/init.neutron-plugin-openvswitch-agent.erb new file mode 100644 index 0000000..2ca4ece --- /dev/null +++ b/templates/init.neutron-plugin-openvswitch-agent.erb @@ -0,0 +1,17 @@ +# vim:set ft=upstart ts=2 et: +description "Neutron OpenvSwitch Plugin Agent" +author "Chuck Short " + +start on runlevel [2345] and started neutron-ovs-cleanup +stop on runlevel [!2345] + +respawn + +chdir /var/run + +pre-start script + mkdir -p /var/run/neutron + chown neutron:root /var/run/neutron +end script + +exec start-stop-daemon --start --chuid neutron --exec /usr/bin/neutron-openvswitch-agent -- --config-file=/etc/neutron/neutron.conf --config-file=/etc/neutron/plugins/openvswitch/ovs_neutron_plugin.ini --log-file=/var/log/neutron/openvswitch-agent.log diff --git a/templates/l2-agent-config.erb b/templates/l2-agent-config.erb new file mode 100644 index 0000000..775ec89 --- /dev/null +++ b/templates/l2-agent-config.erb @@ -0,0 +1,170 @@ +[ovs] +# (StrOpt) Type of network to allocate for tenant networks. The +# default value 'local' is useful only for single-box testing and +# provides no connectivity between hosts. You MUST either change this +# to 'vlan' and configure network_vlan_ranges below or change this to +# 'gre' or 'vxlan' and configure tunnel_id_ranges below in order for +# tenant networks to provide connectivity between hosts. Set to 'none' +# to disable creation of tenant networks. +# +# tenant_network_type = local +# Example: tenant_network_type = gre +# Example: tenant_network_type = vxlan + +# (ListOpt) Comma-separated list of +# [::] tuples enumerating ranges +# of VLAN IDs on named physical networks that are available for +# allocation. All physical networks listed are available for flat and +# VLAN provider network creation. Specified ranges of VLAN IDs are +# available for tenant network allocation if tenant_network_type is +# 'vlan'. If empty, only gre, vxlan and local networks may be created. +# +# network_vlan_ranges = +# Example: network_vlan_ranges = physnet1:1000:2999 + +# (BoolOpt) Set to True in the server and the agents to enable support +# for GRE or VXLAN networks. Requires kernel support for OVS patch ports and +# GRE or VXLAN tunneling. +# +# WARNING: This option will be deprecated in the Icehouse release, at which +# point setting tunnel_type below will be required to enable +# tunneling. +# +# enable_tunneling = False + +# (StrOpt) The type of tunnel network, if any, supported by the plugin. If +# this is set, it will cause tunneling to be enabled. If this is not set and +# the option enable_tunneling is set, this will default to 'gre'. +# +# tunnel_type = +# Example: tunnel_type = gre +# Example: tunnel_type = vxlan + +# (ListOpt) Comma-separated list of : tuples +# enumerating ranges of GRE or VXLAN tunnel IDs that are available for +# tenant network allocation if tenant_network_type is 'gre' or 'vxlan'. +# +# tunnel_id_ranges = +# Example: tunnel_id_ranges = 1:1000 + +# Do not change this parameter unless you have a good reason to. +# This is the name of the OVS integration bridge. There is one per hypervisor. +# The integration bridge acts as a virtual "patch bay". All VM VIFs are +# attached to this bridge and then "patched" according to their network +# connectivity. +# +# integration_bridge = br-int + +# Only used for the agent if tunnel_id_ranges (above) is not empty for +# the server. In most cases, the default value should be fine. +# +# tunnel_bridge = br-tun + +# Peer patch port in integration bridge for tunnel bridge +# int_peer_patch_port = patch-tun + +# Peer patch port in tunnel bridge for integration bridge +# tun_peer_patch_port = patch-int + +# Uncomment this line for the agent if tunnel_id_ranges (above) is not +# empty for the server. Set local-ip to be the local IP address of +# this hypervisor. +# +# local_ip = + +# (ListOpt) Comma-separated list of : tuples +# mapping physical network names to the agent's node-specific OVS +# bridge names to be used for flat and VLAN networks. The length of +# bridge names should be no more than 11. Each bridge must +# exist, and should have a physical network interface configured as a +# port. All physical networks listed in network_vlan_ranges on the +# server should have mappings to appropriate bridges on each agent. +# +# bridge_mappings = +# Example: bridge_mappings = physnet1:br-eth1 + +[agent] +# Agent's polling interval in seconds +# polling_interval = 2 + +# Minimize polling by monitoring ovsdb for interface changes +# minimize_polling = True + +# When minimize_polling = True, the number of seconds to wait before +# respawning the ovsdb monitor after losing communication with it +# ovsdb_monitor_respawn_interval = 30 + +# (ListOpt) The types of tenant network tunnels supported by the agent. +# Setting this will enable tunneling support in the agent. This can be set to +# either 'gre' or 'vxlan'. If this is unset, it will default to [] and +# disable tunneling support in the agent. When running the agent with the OVS +# plugin, this value must be the same as "tunnel_type" in the "[ovs]" section. +# When running the agent with ML2, you can specify as many values here as +# your compute hosts supports. +# +# tunnel_types = +tunnel_types =gre +# Example: tunnel_types = gre +# Example: tunnel_types = vxlan +# Example: tunnel_types = vxlan, gre + +# (IntOpt) The port number to utilize if tunnel_types includes 'vxlan'. By +# default, this will make use of the Open vSwitch default value of '4789' if +# not specified. +# +# vxlan_udp_port = +# Example: vxlan_udp_port = 8472 + +# (IntOpt) This is the MTU size of veth interfaces. +# Do not change unless you have a good reason to. +# The default MTU size of veth interfaces is 1500. +# veth_mtu = +# Example: veth_mtu = 1504 + +# (BoolOpt) Flag to enable l2-population extension. This option should only be +# used in conjunction with ml2 plugin and l2population mechanism driver. It'll +# enable plugin to populate remote ports macs and IPs (using fdb_add/remove +# RPC calbbacks instead of tunnel_sync/update) on OVS agents in order to +# optimize tunnel management. +# +# l2_population = False + +[securitygroup] +# Firewall driver for realizing neutron security group function. +# firewall_driver = neutron.agent.firewall.NoopFirewallDriver +# Example: firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver + +# Controls if neutron security group is enabled or not. +# It should be false when you use nova security group. +# enable_security_group = True + +#----------------------------------------------------------------------------- +# Sample Configurations. +#----------------------------------------------------------------------------- +# +# 1. With VLANs on eth1. +# [ovs] +# network_vlan_ranges = default:2000:3999 +# tunnel_id_ranges = +# integration_bridge = br-int +# bridge_mappings = default:br-eth1 +# +# 2. With GRE tunneling. +# [ovs] +# network_vlan_ranges = +# tunnel_id_ranges = 1:1000 +# integration_bridge = br-int +# tunnel_bridge = br-tun +# local_ip = 10.0.0.3 +# +# 3. With VXLAN tunneling. +# [ovs] +# network_vlan_ranges = +# tenant_network_type = vxlan +# tunnel_type = vxlan +# tunnel_id_ranges = 1:1000 +# integration_bridge = br-int +# tunnel_bridge = br-tun +# local_ip = 10.0.0.3 +# [agent] +# tunnel_types = vxlan