stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Merge "contrail: Initial commit"

Browse Source
This commit is contained in:
Jenkins 2015-06-30 03:43:45 +00:00 committed by Gerrit Code Review
commit 0d5d46b896
22 changed files with 1214 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Puppetfile
View File

@ -40,7 +40,7 @@ mod 'keystone',
:ref => '4b2623d4ec41957b0274d8a457e3019fdf1e342b'
mod 'neutron',
:git => 'git://github.com/enovance/puppet-neutron.git',
:ref => 'd5628a9ca16140e3c08c98d56feecaf56e898f35'
:ref => '183541d3890cd212db5a581470bdf98c21c40ad7'
mod 'nova',
:git => 'git://github.com/enovance/puppet-nova.git',
:ref => 'cc1a2a348a7953298c75881a5c4afafeb3d0a4e4'
@ -80,6 +80,9 @@ mod 'cassandra',
mod 'concat',
:git => 'git://github.com/enovance/puppet-concat.git',
:ref => 'ab06c2b8c09d9da82b53a62a5389427720519cd5'
mod 'contrail',
:git => 'git://github.com/enovance/puppet-contrail.git',
:ref => '2b135d5b9f00c26b357bf2f55082701f01e0670a'
mod 'corosync',
:git => 'git://github.com/enovance/puppetlabs-corosync.git',
:ref => '7bbdcd8c57beab6ba24b06ef5aaee2462f8d3d24'

2
files/qemu/qemu.conf
View File

@ -8,4 +8,4 @@ cgroup_device_acl = [
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc", "/dev/hpet", "/dev/net/tun",
]
clear_emulator_capabilities = 0
clear_emulator_capabilities = 1

10
manifests/compute/hypervisor.pp
View File

@ -122,6 +122,10 @@
# (optional) Hostname or IP used to connect to console service.
# Defaults to false (use nova_public_host)
#
# [*include_vswitch*]
# (optional) Should the class cloud::network::vswitch should be included.
# Defaults to true
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
@ -147,6 +151,7 @@ class cloud::compute::hypervisor(
$manage_tso = true,
$nova_shell = false,
$firewall_settings = {},
$include_vswitch = true,
# when using NFS storage backend
$nfs_enabled = false,
$nfs_device = false,
@ -158,7 +163,10 @@ class cloud::compute::hypervisor(
include 'cloud::params'
include 'cloud::telemetry'
include 'cloud::network'
include 'cloud::network::vswitch'
if $include_vswitch {
include 'cloud::network::vswitch'
}
if $libvirt_type == 'kvm' and ! $::vtx {
fail('libvirt_type is set to KVM and VTX seems to be disabled on this node.')

1
manifests/loadbalancer.pp
View File

@ -626,6 +626,7 @@ class cloud::loadbalancer(
){
include cloud::params
include cloud::network::contrail::haproxy
$common_tcp_options = {
'mode' => 'tcp',

13
manifests/network.pp
View File

@ -53,9 +53,14 @@
#
# [*plugin*]
# (optional) Neutron plugin name
# Supported values: 'ml2', 'n1kv'.
# Supported values: 'ml2', 'n1kv', 'opencontrail'.
# Defaults to 'ml2'
#
# [*service_plugins*]
# (optional) List of service plugin entrypoints to be loaded from the neutron
# service_plugins namespace
# Defaults to ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin']
#
class cloud::network(
$verbose = true,
$debug = true,
@ -66,6 +71,7 @@ class cloud::network(
$log_facility = 'LOG_LOCAL0',
$dhcp_lease_duration = '120',
$plugin = 'ml2',
$service_plugins = ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'],
) {
# Disable twice logging if syslog is enabled
@ -88,6 +94,9 @@ class cloud::network(
'n1kv': {
$core_plugin = 'neutron.plugins.cisco.network_plugin.PluginV2'
}
'opencontrail': {
$core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2'
}
default: {
fail("${plugin} plugin is not supported.")
}
@ -106,7 +115,7 @@ class cloud::network(
use_syslog => $use_syslog,
dhcp_agents_per_network => '2',
core_plugin => $core_plugin,
service_plugins => ['neutron.services.loadbalancer.plugin.LoadBalancerPlugin','neutron.services.metering.metering_plugin.MeteringPlugin','neutron.services.l3_router.l3_router_plugin.L3RouterPlugin'],
service_plugins => $service_plugins,
log_dir => $log_dir,
dhcp_lease_duration => $dhcp_lease_duration,
report_interval => '30',

59
manifests/network/contrail/analytics.pp Normal file
View File

@ -0,0 +1,59 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::analytics
#
# Install a Contrail analytics node
#
# === Parameters:
#
# [*bind_ip*]
# (optional) Address on which the Contrail analytics api is listening on
# Defaults to '127.0.0.1'
#
# [*port*]
# (optional) Port where Contrail analytics api is bound to
# Used for firewall purpose.
# Default to 8081
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::analytics (
$bind_ip = '127.0.0.1',
$port = 8081,
$firewall_settings = {},
){
include ::contrail::analytics
@@haproxy::balancermember{"${::fqdn}-contrail-analytics-api":
listening_service => 'contrail_analytics_api',
server_names => $::hostname,
ipaddresses => $bind_ip,
ports => $port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail analytics access':
port => [$port, '8086'],
extras => $firewall_settings,
}
}
}

78
manifests/network/contrail/config.pp Normal file
View File

@ -0,0 +1,78 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::config
#
# Install a Contrail config node
#
# === Parameters:
#
# [*api_bind_ip*]
# (optional) Address on which the Contrail config api is listening on
# Defaults to '127.0.0.1'
#
# [*discovery_bind_ip*]
# (optional) Address on which the Contrail discovery is listening on
# Defaults to '127.0.0.1'
#
# [*api_port*]
# (optional) Port where Contrail config api is bound to
# Used for firewall purpose.
# Default to 9100
#
# [*discovery_port*]
# (optional) Port where Contrail discovery is bound to
# Used for firewall purpose.
# Default to 9110
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::config (
$api_bind_ip = '127.0.0.1',
$discovery_bind_ip = '127.0.0.1',
$api_port = 9100,
$discovery_port = 9110,
$firewall_settings = {},
){
include ::contrail::config
@@haproxy::balancermember{"${::fqdn}-contrail-config-api":
listening_service => 'contrail_config_api',
server_names => $::hostname,
ipaddresses => $api_bind_ip,
ports => $api_port,
options => 'check inter 2000 rise 2 fall 5'
}
@@haproxy::balancermember{"${::fqdn}-contrail-config-discovery":
listening_service => 'contrail_config_discovery',
server_names => $::hostname,
ipaddresses => $discovery_bind_ip,
ports => $discovery_port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail config access':
port => ['8443', '8087', '8088', $discovery_port, $api_port],
extras => $firewall_settings,
}
}
}

40
manifests/network/contrail/control.pp Normal file
View File

@ -0,0 +1,40 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::control
#
# Install a Contrail control node
#
# === Parameters:
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::control (
$firewall_settings = {},
){
include ::contrail::control
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail control access':
port => ['8083', '5269', '8092', '8093'],
extras => $firewall_settings,
}
}
}

46
manifests/network/contrail/database.pp Normal file
View File

@ -0,0 +1,46 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::database
#
# Install a Contrail database node
#
# === Parameters:
#
# [*port*]
# (optional) Port where Kafka is bound to
# Used for firewall purpose.
# Default to 9042
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::database (
$port = 9042,
$firewall_settings = {},
){
include ::contrail::database
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail database access':
port => $port,
extras => $firewall_settings,
}
}
}

183
manifests/network/contrail/haproxy.pp Normal file
View File

@ -0,0 +1,183 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::haproxy
#
# Create the haproxy stanzas for Contrail related services
#
# === Parameters:
#
# [*contrail_analytics_api*]
# (optional) Enable or not Contrail analytics api public binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure
# Defaults to false
#
# [*contrail_config_api*]
# (optional) Enable or not Contrail config api binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to false
#
# [*contrail_config_discovery*]
# (optional) Enable or not Contrail discoverybinding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to false
#
# [*contrail_webui_http*]
# (optional) Enable or not Contrail webui http binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure.
# Defaults to true
#
# [*contrail_webui_https*]
# (optional) Enable or not Contrail webui https binding.
# If true, both public and internal will attempt to be created except if vip_internal_ip is set to false.
# If set to ['10.0.0.1'], only IP in the array (or in the string) will be configured in the pool. They must be part of keepalived_ip options.
# If set to false, no binding will be configure
# Defaults to true
#
# [*contrail_analytics_api_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_config_api_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_config_discovery_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_webui_http_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_webui_https_bind_options*]
# (optional) A hash of options that are inserted into the HAproxy listening
# service configuration block.
# Defaults to []
#
# [*contrail_analytics_api_port*]
# (optional) TCP port to connect to Contrail analytics api from public network
# Defaults to '8081'
#
# [*contrail_config_api_port*]
# (optional) TCP port to connect to Contrail config api from public network
# Defaults to '8082'
#
# [*contrail_config_discovery_port*]
# (optional) TCP port to connect to Contrail discovery from public network
# Defaults to '5998'
#
# [*contrail_webui_http_port*]
# (optional) TCP port to connect to Contrail webui http from public network
# Defaults to '8079'
#
# [*contrail_webui_https_port*]
# (optional) TCP port to connect to Contrail webui https from public network
# Defaults to '8143'
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::haproxy (
$contrail_analytics_api = false,
$contrail_config_api = false,
$contrail_config_discovery = false,
$contrail_webui_http = false,
$contrail_webui_https = false,
$contrail_analytics_api_bind_options = [],
$contrail_config_api_bind_options = [],
$contrail_config_discovery_bind_options = [],
$contrail_webui_http_bind_options = [],
$contrail_webui_https_bind_options = [],
$contrail_analytics_api_port = 8081,
$contrail_config_api_port = 8082,
$contrail_config_discovery_port = 5998,
$contrail_webui_http_port = 8079,
$contrail_webui_https_port = 8143,
$firewall_settings = {},
){
cloud::loadbalancer::binding { 'contrail_analytics_api':
ip => $contrail_analytics_api,
port => $contrail_analytics_api_port,
bind_options => $contrail_analytics_api_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger', 'tcp-check'],
'default-server' => 'error-limit 1 on-error mark-down',
},
}
cloud::loadbalancer::binding { 'contrail_config_api':
ip => $contrail_config_api,
port => $contrail_config_api_port,
bind_options => $contrail_config_api_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger'],
},
}
cloud::loadbalancer::binding { 'contrail_config_discovery':
ip => $contrail_config_discovery,
port => $contrail_config_discovery_port,
bind_options => $contrail_config_discovery_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'roundrobin',
'option' => ['nolinger'],
},
}
cloud::loadbalancer::binding { 'contrail_webui_http':
ip => $contrail_webui_http,
port => $contrail_webui_http_port,
bind_options => $contrail_webui_http_bind_options,
firewall_settings => $firewall_settings,
options => {
'balance' => 'source',
},
}
cloud::loadbalancer::binding { 'contrail_webui_https':
ip => $contrail_webui_https,
port => $contrail_webui_https_port,
bind_options => $contrail_webui_https_bind_options,
httpchk => 'ssl-hello-chk',
firewall_settings => $firewall_settings,
options => {
'mode' => 'tcp',
'balance' => 'source',
'reqadd' => 'X-Forwarded-Proto:\ https if { ssl_fc }',
}
}
}

79
manifests/network/contrail/rabbitmq.pp Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::rabbitmq
#
# This resource creates RabbitMQ resources for Contrail
#
# == Parameters:
#
# [*user*]
# (optional) The username to use when connecting to Rabbit
# Defaults to 'contrail'
#
# [*password*]
# (optional) The password to use when connecting to Rabbit
# Defaults to 'contrailpassword'
#
# [*vhost*]
# (optional) The virtual host to use when connecting to Rabbit
# Defaults to '/'
#
# [*is_admin*]
# (optional) If the user should be admin or not
# Defaults to true
#
# [*configure_permission*]
# (optional) Define configure permission
# Defaults to '.*'
#
# [*write_permission*]
# (optional) Define write permission
# Defaults to '.*'
#
# [*read_permission*]
# (optional) Define read permission
# Defaults to '.*'
#
class cloud::network::contrail::rabbitmq (
$user = 'contrail',
$password = 'contrailpassword',
$vhost = '/',
$is_admin = true,
$configure_permission = '.*',
$write_permission = '.*',
$read_permission = '.*',
) {
rabbitmq_user { $user :
admin => $is_admin,
password => $password,
provider => 'rabbitmqctl',
}
if !defined(Rabbitmq_vhost[$vhost]) {
rabbitmq_vhost { $vhost :
provider => 'rabbitmqctl',
}
}
rabbitmq_user_permissions { "${user}@${vhost}" :
configure_permission => $configure_permission,
write_permission => $write_permission,
read_permission => $read_permission,
provider => 'rabbitmqctl',
}
}

27
manifests/network/contrail/vrouter.pp Normal file
View File

@ -0,0 +1,27 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::vrouter
#
# Install a Contrail vrouter agent on the node
#
# === Parameters:
#
class cloud::network::contrail::vrouter (
){
include ::contrail::vrouter
}

79
manifests/network/contrail/webui.pp Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::network::contrail::webui
#
# Install a Contrail webui node
#
# === Parameters:
#
# [*http_bind_ip*]
# (optional) Address on which the Contrail webui http service is listening on
# Defaults to '127.0.0.1'
#
# [*https_bind_ip*]
# (optional) Address on which the Contrail webui https service is listening on
# Defaults to '127.0.0.1'
#
# [*http_port*]
# (optional) Port where Contrail webui http service is bound to
# Used for firewall purpose.
# Default to 9100
#
# [*https_port*]
# (optional) Port where Contrail webui https is bound to
# Used for firewall purpose.
# Default to 9110
#
# [*firewall_settings*]
# (optional) Allow to add custom parameters to firewall rules
# Should be an hash.
# Default to {}
#
class cloud::network::contrail::webui (
$http_bind_ip = '127.0.0.1',
$https_bind_ip = '127.0.0.1',
$http_port = 8080,
$https_port = 8143,
$firewall_settings = {},
$firewall_settings = {},
){
include ::contrail::webui
@@haproxy::balancermember{"${::fqdn}-contrail-webui-http":
listening_service => 'contrail_webui_http',
server_names => $::hostname,
ipaddresses => $http_bind_ip,
ports => $http_port,
options => 'check inter 2000 rise 2 fall 5'
}
@@haproxy::balancermember{"${::fqdn}-contrail-webui-https":
listening_service => 'contrail_webui_https',
server_names => $::hostname,
ipaddresses => $https_bind_ip,
ports => $https_port,
options => 'check inter 2000 rise 2 fall 5'
}
if $::cloud::manage_firewall {
cloud::firewall::rule{ '100 allow contrail webui access':
port => [$http_port, $https_port],
extras => $firewall_settings,
}
}
}

122
manifests/network/controller.pp
View File

@ -108,7 +108,7 @@
#
# [*plugin*]
# (optional) Neutron plugin name
# Supported values: 'ml2', 'n1kv'.
# Supported values: 'ml2', 'n1kv', 'opencontrail'.
# Defaults to 'ml2'
#
# [*l3_ha*]
@ -124,6 +124,18 @@
# (optional) TCP port to connect to Keystone API from admin network
# Defaults to '35357'
#
# [*ks_keystone_admin_user*]
# (optional) Admin user to connect to Keystone API
# Defaults to 'admin'
#
# [*ks_keystone_admin_password*]
# (optional) Password for admin user to connect to Keystone API
# Defaults to 'password'
#
# [*ks_keystone_admin_token*]
# (optional) Token to connect to Keystone API as admin user
# Defaults to undef
#
# [*provider_vlan_ranges*]
# (optionnal) VLAN range for provider networks
# Defaults to ['physnet1:1000:2999']
@ -151,7 +163,25 @@
# [*vni_ranges*]
# (optional) VxLan Network ID range. used by the ml2 plugin
# List of colon-separated id ranges
# Defautls to ['1:10000']
# Defaults to ['1:10000']
#
# [*contrail_api_server_ip*]
# (optional) IP address of the Contrail API
# Defaults to 127.0.0.1
#
# [*contrail_api_server_port*]
# (optional) Port of the Contrail API
# Defaults to 8082
#
# [*contrail_multi_tenancy*]
# (optional) Should Contrail support multi tenancy
# Boolean.
# Defaults to true
#
# [*contrail_extensions*]
# (optional) Array of extensions enabled for Contrail
# Array of extensions
# Defaults to ['']
#
# [*mechanism_drivers*]
# (optional) Neutron mechanism drivers to run
@ -160,43 +190,52 @@
# Defaults to ['linuxbridge', 'openvswitch','l2population']
#
class cloud::network::controller(
$neutron_db_host = '127.0.0.1',
$neutron_db_user = 'neutron',
$neutron_db_password = 'neutronpassword',
$neutron_db_idle_timeout = 5000,
$ks_neutron_password = 'neutronpassword',
$ks_keystone_admin_host = '127.0.0.1',
$ks_keystone_admin_proto = 'http',
$ks_keystone_public_port = 5000,
$ks_neutron_public_port = 9696,
$api_eth = '127.0.0.1',
$ks_admin_tenant = 'admin',
$nova_url = 'http://127.0.0.1:8774/v2',
$nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0',
$nova_admin_username = 'nova',
$nova_admin_tenant_name = 'services',
$nova_admin_password = 'novapassword',
$nova_region_name = 'RegionOne',
$manage_ext_network = false,
$firewall_settings = {},
$flat_networks = ['public'],
$tenant_network_types = ['gre'],
$type_drivers = ['gre', 'vlan', 'flat'],
$provider_vlan_ranges = ['physnet1:1000:2999'],
$plugin = 'ml2',
$mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'],
$l3_ha = false,
$router_distributed = false,
$neutron_db_host = '127.0.0.1',
$neutron_db_user = 'neutron',
$neutron_db_password = 'neutronpassword',
$neutron_db_idle_timeout = 5000,
$ks_neutron_password = 'neutronpassword',
$ks_keystone_admin_host = '127.0.0.1',
$ks_keystone_admin_proto = 'http',
$ks_keystone_admin_port = 35357,
$ks_keystone_admin_user = 'admin',
$ks_admin_tenant = 'admin',
$ks_keystone_admin_password = 'password',
$ks_keystone_admin_token = undef,
$ks_keystone_public_port = 5000,
$ks_neutron_public_port = 9696,
$api_eth = '127.0.0.1',
$nova_url = 'http://127.0.0.1:8774/v2',
$nova_admin_auth_url = 'http://127.0.0.1:5000/v2.0',
$nova_admin_username = 'nova',
$nova_admin_tenant_name = 'services',
$nova_admin_password = 'novapassword',
$nova_region_name = 'RegionOne',
$manage_ext_network = false,
$firewall_settings = {},
$flat_networks = ['public'],
$tenant_network_types = ['gre'],
$type_drivers = ['gre', 'vlan', 'flat'],
$provider_vlan_ranges = ['physnet1:1000:2999'],
$plugin = 'ml2',
$mechanism_drivers = ['linuxbridge', 'openvswitch','l2population'],
$l3_ha = false,
$router_distributed = false,
# only needed by cisco n1kv plugin
$n1kv_vsm_ip = '127.0.0.1',
$n1kv_vsm_password = 'secrete',
$ks_keystone_admin_port = 35357,
$n1kv_vsm_ip = '127.0.0.1',
$n1kv_vsm_password = 'secrete',
# only needed by ml2 plugin
$tunnel_id_ranges = ['1:10000'],
$vni_ranges = ['1:10000'],
$tunnel_id_ranges = ['1:10000'],
$vni_ranges = ['1:10000'],
# only needed by opencontrail plugin
$contrail_api_server_ip = '127.0.0.1',
$contrail_api_server_port = '8082',
$contrail_multi_tenancy = true,
$contrail_extensions = [''],
) {
include 'cloud::network'
include ::neutron::quota
$encoded_user = uriescape($neutron_db_user)
$encoded_password = uriescape($neutron_db_password)
@ -258,6 +297,21 @@ class cloud::network::controller(
}
}
'opencontrail': {
$core_plugin = 'neutron_plugin_contrail.plugins.opencontrail.contrail_plugin.NeutronPluginContrailCoreV2'
class { 'neutron::plugins::opencontrail':
api_server_ip => $contrail_api_server_ip ,
api_server_port => $contrail_api_server_port,
multi_tenancy => $contrail_multi_tenancy,
contrail_extensions => $contrail_extensions,
keystone_auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0/",
keystone_admin_user => $ks_keystone_admin_user,
keystone_admin_tenant_name => $ks_admin_tenant,
keystone_admin_password => $ks_keystone_admin_password,
keystone_admin_token => $ks_keystone_admin_token,
}
}
default: {
fail("${plugin} plugin is not supported.")
}

21
manifests/network/metadata.pp
View File

@ -76,18 +76,15 @@ class cloud::network::metadata(
include 'cloud::network::vswitch'
class { 'neutron::agents::metadata':
enabled => $enabled,
shared_secret => $neutron_metadata_proxy_shared_secret,
debug => $debug,
metadata_ip => $nova_metadata_server,
auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0",
auth_password => $ks_neutron_password,
auth_region => $auth_region,
metadata_workers => $::processorcount
}
neutron_metadata_agent_config {
'DEFAULT/nova_metadata_protocol': value => $ks_nova_internal_proto;
enabled => $enabled,
shared_secret => $neutron_metadata_proxy_shared_secret,
debug => $debug,
metadata_ip => $nova_metadata_server,
auth_url => "${ks_keystone_admin_proto}://${ks_keystone_admin_host}:${ks_keystone_admin_port}/v2.0",
auth_password => $ks_neutron_password,
auth_region => $auth_region,
metadata_workers => $::processorcount,
metadata_protocol => $ks_nova_internal_proto,
}
}

80
spec/classes/cloud_network_contrail_analytics_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::analytics
#
require 'spec_helper'
describe 'cloud::network::contrail::analytics' do
shared_examples_for 'contrail-analytics server' do
let :params do
{ }
end
it 'configure contrail-analytics' do
is_expected.to contain_class('contrail::analytics')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-analytics firewall rules' do
is_expected.to contain_firewall('100 allow contrail analytics access').with(
:port => ['8081', '8086'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-analytics firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail analytics access').with(
:port => ['8081', '8086'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-analytics server'
end
end

80
spec/classes/cloud_network_contrail_config_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::config
#
require 'spec_helper'
describe 'cloud::network::contrail::config' do
shared_examples_for 'contrail-config server' do
let :params do
{ }
end
it 'configure contrail-config' do
is_expected.to contain_class('contrail::config')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-config firewall rules' do
is_expected.to contain_firewall('100 allow contrail config access').with(
:port => ['8443', '8087', '8088', '9110', '9100'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-config firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail config access').with(
:port => ['8443', '8087', '8088', '9110', '9100'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-config server'
end
end

80
spec/classes/cloud_network_contrail_database_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::database
#
require 'spec_helper'
describe 'cloud::network::contrail::database' do
shared_examples_for 'contrail-database server' do
let :params do
{ }
end
it 'configure contrail-database' do
is_expected.to contain_class('contrail::database')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-database firewall rules' do
is_expected.to contain_firewall('100 allow contrail database access').with(
:port => '9042',
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-database firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail database access').with(
:port => '9042',
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-database server'
end
end

65
spec/classes/cloud_network_contrail_haproxy_spec.rb Normal file
View File

@ -0,0 +1,65 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::haproxy
#
require 'spec_helper'
describe 'cloud::network::contrail::haproxy' do
shared_examples_for 'contrail-haproxy stanzas' do
let :params do
{ }
end
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_analytics_api').with(
:port => '8081'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_api').with(
:port => '8082'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_config_discovery').with(
:port => '5998'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_http').with(
:port => '8079'
)}
it { is_expected.to contain_cloud__loadbalancer__binding('contrail_webui_https').with(
:port => '8143'
)}
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-haproxy stanzas'
end
end

65
spec/classes/cloud_network_contrail_rabbitmq_spec.rb Normal file
View File

@ -0,0 +1,65 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::rabbitmq
#
require 'spec_helper'
describe 'cloud::network::contrail::rabbitmq' do
shared_examples_for 'contrail-rabbitmq settings' do
let :params do
{ }
end
it 'configure the contrail rabbitmq-user' do
is_expected.to contain_rabbitmq_user('contrail').with(
:admin => 'true',
:password => 'contrailpassword',
:provider => 'rabbitmqctl',
)
end
it 'configure the contrail rabbitmq-user-permissions' do
is_expected.to contain_rabbitmq_user_permissions('contrail@/').with(
:configure_permission => '.*',
:write_permission => '.*',
:read_permission => '.*',
:provider => 'rabbitmqctl',
)
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-rabbitmq settings'
end
end

50
spec/classes/cloud_network_contrail_vrouter_spec.rb Normal file
View File

@ -0,0 +1,50 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::vrouter
#
require 'spec_helper'
describe 'cloud::network::contrail::vrouter' do
shared_examples_for 'contrail-vrouter server' do
let :params do
{ }
end
it 'configure contrail-vrouter' do
is_expected.to contain_class('contrail::vrouter')
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-vrouter server'
end
end

80
spec/classes/cloud_network_contrail_webui_spec.rb Normal file
View File

@ -0,0 +1,80 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for cloud::network::contrail::webui
#
require 'spec_helper'
describe 'cloud::network::contrail::webui' do
shared_examples_for 'contrail-webui server' do
let :params do
{ }
end
it 'configure contrail-webui' do
is_expected.to contain_class('contrail::webui')
end
context 'with default firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
it 'configure contrail-webui firewall rules' do
is_expected.to contain_firewall('100 allow contrail webui access').with(
:port => ['8080', '8143'],
:proto => 'tcp',
:action => 'accept',
)
end
end
context 'with custom firewall enabled' do
let :pre_condition do
"class { 'cloud': manage_firewall => true }"
end
before :each do
params.merge!(:firewall_settings => { 'limit' => '50/sec' } )
end
it 'configure contrail-webui firewall rules with custom parameter' do
is_expected.to contain_firewall('100 allow contrail webui access').with(
:port => ['8080', '8143'],
:proto => 'tcp',
:action => 'accept',
:limit => '50/sec',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat' }
end
it_configures 'contrail-webui server'
end
end