opendev/puppet-infracloud
Code Issues Proposed changes

Retire repo

Browse Source 
Depends-On: https://review.opendev.org/720892
Change-Id: Iac68bd9001ef9d0bd70492d7e28e115b4f9d3ed7
This commit is contained in:
Monty Taylor 2020-04-22 08:55:47 -05:00
parent 121afc07bd
commit 0568a3e20c
61 changed files with 9 additions and 2298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +0,0 @@
Gemfile.lock
.bundled_gems/

15
Gemfile
View File

@ -1,15 +0,0 @@
source 'https://rubygems.org'
if File.exists?('/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper')
gem_checkout_method = {:path => '/home/zuul/src/git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
else
gem_checkout_method = {:git => 'https://git.openstack.org/openstack-infra/puppet-openstack_infra_spec_helper'}
end
gem_checkout_method[:require] = false
group :development, :test, :system_tests do
gem 'puppet-openstack_infra_spec_helper',
gem_checkout_method
end
# vim:ft=ruby

202
LICENSE
View File

@ -1,202 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

64
README.md
View File

@ -1,64 +0,0 @@
infracloud
=======
#### Table of Contents
1. [Overview - What is the infracloud module?](#overview)
2. [Module Description - What does the module do?](#module-description)
3. [Setup - The basics of getting started with infracloud](#setup)
4. [Implementation - An under-the-hood peek at what the module is doing](#implementation)
5. [Limitations - OS compatibility, etc.](#limitations)
6. [Development - Guide for contributing to the module](#development)
7. [Contributors - Those with commits](#contributors)
Overview
--------
The infracloud module is a part of [OpenStack-infra](http://docs.openstack.org/infra/system-config/), an effort by the OpenStack infrastructure team to provide continuous integration testing and code review for OpenStack-infra projects.
Module Description
------------------
The infracloud module is a thorough attempt to make Puppet capable of managing the entirety of infracloud. This includes manifests to provision the expected features of this module. Types are shipped as part of the infracloud module to assist in manipulation of configuration files.
Setup
-----
### Installing infracloud
infracloud is not currently in Puppet Forge, but is anticipated to be added soon. Once that happens, you'll be able to install infracloud with:
puppet module install openstack-infra/infracloud
### Beginning with infracloud
To utilize the infracloud module's functionality please check the README.
Implementation
--------------
### infracloud
infracloud is a combination of Puppet manifests to delivery configuration and extra functionality through types and providers.
Beaker-Rspec
------------
This module has beaker-rspec tests
To run the tests on the default vagrant node:
```shell
bundle install
bundle exec rake acceptance
```
For more information on writing and running beaker-rspec tests visit the documentation:
* https://github.com/puppetlabs/beaker/wiki/How-to-Write-a-Beaker-Test-for-a-Module
Development
-----------
Developer documentation for the entire puppet-infra project.
* http://docs.openstack.org/infra/system-config/puppet.html

9
README.rst Normal file
View File

@ -0,0 +1,9 @@
This project is no longer maintained.
The contents of this repository are still available in the Git
source code management system. To see the contents of this
repository before it reached its end of life, please check out the
previous commit with "git checkout HEAD^1".
For any further questions, please email
service-discuss@lists.opendev.org or join #opendev on Freenode.

8
Rakefile
View File

@ -1,8 +0,0 @@
require 'rubygems'
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-lint/tasks/puppet-lint'
PuppetLint.configuration.fail_on_warnings = true
PuppetLint.configuration.send('disable_80chars')
PuppetLint.configuration.send('disable_autoloader_layout')
PuppetLint.configuration.send('disable_class_inherits_from_params_class')
PuppetLint.configuration.send('disable_class_parameter_defaults')

11
bindep.txt
View File

@ -1,11 +0,0 @@
# This is a cross-platform list tracking distribution packages needed by tests;
# see http://docs.openstack.org/infra/bindep/ for additional information.
libxml2-devel [test platform:rpm]
libxml2-dev [test platform:dpkg]
libxslt-devel [test platform:rpm]
libxslt1-dev [test platform:dpkg]
ruby-devel [test platform:rpm]
ruby-dev [test platform:dpkg]
zlib1g-dev [test platform:dpkg]
zlib-devel [test platform:rpm]

77
examples/README.rst
View File

@ -1,77 +0,0 @@
InfraCloud Development
======================
This example provides a set of DIB elements, libvirt templates, and
instructions for creating a local development environment that simulates the
InfraCloud production environment. This means the networking and everything
ansible sets up in preparation for running puppet apply, including a dummy
hiera database. It also includes a script to do a short smoke test.
Setup
-----
These instructions assume libvirt and disk-image-builder are already installed,
and that there is a public SSH key in ~/.ssh/id_rsa.pub for the devuser element
to copy.
Create two disk images::
export DIB_DEV_USER_PWDLESS_SUDO=yes
export ELEMENTS_PATH=$HOME/infracloud-development/elements
DIB_ROLE=controller disk-image-create -u ubuntu devuser system-config puppet \
motd smoke-test infracloud-static-net vm cloud-init-nocloud \
-o "/tmp/infracloud-controller.qcow2" --image-size 20 \
-p git,vim,vlan,bridge-utils
DIB_ROLE=compute disk-image-create -u ubuntu devuser system-config puppet \
motd infracloud-static-net vm cloud-init-nocloud \
-o "/tmp/infracloud-compute.qcow2" --image-size 20 \
-p git,vim,vlan,bridge-utils
These images have static IP addresses and hostnames baked into them. This
simulates the production environment for most purposes but avoids too much
complexity setting up local networks.
Define the network::
virsh net-define definitions/network.xml
Start the network::
virsh net-start public
Define the VMs::
virsh define definitions/controller.xml
virsh define definitions/compute.xml
Start the VMs::
virsh start controller
virsh start compute
Puppet
------
SSH into the controller::
source functions/sshvm
sshvm controller
Apply any puppet changes you're testing to /etc/puppet/modules/infracloud or
/opt/system-config/production.
Run puppet apply::
puppet apply /opt/system-config/production/manifests/site.pp
Do the same on the compute node once the controller is finished::
sshvm compute
puppet apply /opt/system-config/production/manifests/site.pp
Test
----
Run the smoke test script::
bash -ex /opt/smoke-test

52
examples/definitions/compute.xml
View File

@ -1,52 +0,0 @@
<domain type='kvm'>
<name>compute</name>
<memory unit='MiB'>4096</memory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='unsafe'/>
<source file='/tmp/infracloud-compute.qcow2'/>
<target dev='sda' bus='sata'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</memballoon>
<interface type='network'>
<source network='public'/>
<mac address='52:54:00:3d:68:45' />
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
</devices>
</domain>

52
examples/definitions/controller.xml
View File

@ -1,52 +0,0 @@
<domain type='kvm'>
<name>controller</name>
<memory unit='MiB'>4096</memory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64'>hvm</type>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/kvm-spice</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='qcow2' cache='unsafe'/>
<source file='/tmp/infracloud-controller.qcow2'/>
<target dev='sda' bus='sata'/>
<address type='drive' controller='0' bus='0' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</memballoon>
<interface type='network'>
<source network='public'/>
<mac address='52:54:00:04:24:dc'/>
<model type='virtio'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
</devices>
</domain>

13
examples/definitions/network.xml
View File

@ -1,13 +0,0 @@
<network connections='1'>
<name>public</name>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<ip address='192.168.25.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.25.2' end='192.168.25.254'/>
</dhcp>
</ip>
</network>

1
examples/elements/infracloud-static-net/element-deps
View File

@ -1 +0,0 @@
install-static

14
examples/elements/infracloud-static-net/post-install.d/05-set-hostname
View File

@ -1,14 +0,0 @@
#!/bin/bash
set -ux
if [ "$DIB_ROLE" == "controller" ] ; then
HOSTNAME="controller00"
elif [ "$DIB_ROLE" == "compute" ] ; then
HOSTNAME="compute000"
else
echo "DIB_ROLE must be either 'controller' or 'compute'."
exit 1
fi
echo $HOSTNAME > /etc/hostname

34
examples/elements/infracloud-static-net/post-install.d/10-set-ips
View File

@ -1,34 +0,0 @@
#!/bin/bash
set -u
if [ "$DIB_ROLE" == "controller" ] ; then
ip="192.168.25.4"
elif [ "$DIB_ROLE" == "compute" ] ; then
ip="192.168.25.5"
else
echo "DIB_ROLE must be either 'controller' or 'compute'."
exit 1
fi
cat > /etc/network/interfaces <<EOF
auto lo
iface lo inet loopback
auto eth2
iface eth2 inet dhcp
auto eth2.25
iface eth2.25 inet manual
vlan-raw-device eth2
auto br_infracloud
iface br_infracloud inet static
address $ip
netmask 255.255.255.0
gateway 192.168.25.1
bridge_ports eth2.25
bridge_hello 2
bridge_maxage 12
bridge_stp off
EOF

3
examples/elements/infracloud-static-net/static/etc/hosts
View File

@ -1,3 +0,0 @@
127.0.0.1 localhost
192.168.25.4 controller00.hpuswest.ic.openstack.org controller00
192.168.25.5 compute000.hpuswest.ic.openstack.org compute000

2
examples/elements/infracloud-static-net/static/etc/udev/rules.d/76-persistent-net-generator.rules
View File

@ -1,2 +0,0 @@
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:04:24:dc", KERNEL=="eth*", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth2"
SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:3d:68:45", KERNEL=="eth*", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth2"

1
examples/elements/motd/element-deps
View File

@ -1 +0,0 @@
install-static

7
examples/elements/motd/static/etc/motd
View File

@ -1,7 +0,0 @@
######################################################################
# #
# Run this: #
# #
# sudo puppet apply /opt/system-config/production/manifests/site.pp #
# #
######################################################################

1
examples/elements/puppet/element-deps
View File

@ -1 +0,0 @@
system-config

6
examples/elements/puppet/install.d/15-install-puppet
View File

@ -1,6 +0,0 @@
#!/bin/bash
set -x
/opt/system-config/production/install_puppet.sh
/opt/system-config/production/install_modules.sh

2
examples/elements/puppet/static/etc/puppet/environments/production/environment.conf
View File

@ -1,2 +0,0 @@
manifest = /opt/system-config/production/manifests/site.pp
modulepath = $basemodulepath:modules:/opt/system-config/production/modules

14
examples/elements/puppet/static/etc/puppet/hiera.yaml
View File

@ -1,14 +0,0 @@
---
:hierarchy:
# Use private hieradata first
- "hieradata/%{::environment}/fqdn/%{::fqdn}"
- "hieradata/%{::environment}/group/%{group}" # no :: because group is set at nodescope
- "hieradata/%{::environment}/common"
# Use public hieradata second, also be environmentally aware
- "%{::environment}/hiera/fqdn/%{::fqdn}"
- "%{::environment}/hiera/group/%{group}" # no :: because group is set at nodescope
- "%{::environment}/hiera/common"
:backends:
- yaml
:yaml:
:datadir: "/opt/system-config/"

9
examples/elements/puppet/static/etc/puppet/puppet.conf
View File

@ -1,9 +0,0 @@
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
basemodulepath=/etc/puppet/modules
environmentpath = /etc/puppet/environments
data_binding_terminus = none
hiera_config = /etc/puppet/hiera.yaml

51
examples/elements/puppet/static/opt/system-config/hieradata/production/common.yaml
View File

@ -1,51 +0,0 @@
---
ironic_db_password: XXX
bifrost_mysql_password: XXX
keystone_rabbit_password: XXX
neutron_rabbit_password: XXX
nova_rabbit_password: XXX
keystone_mysql_password: XXX
glance_mysql_password: XXX
nova_mysql_password: XXX
neutron_mysql_password: XXX
infracloud_mysql_password: XXX
keystone_admin_password: XXX
glance_admin_password: XXX
neutron_admin_password: XXX
nova_admin_password: XXX
keystone_admin_token: XXX
openstackci_infracloud_password: XXX
openstackjenkins_infracloud_password: XXX
# subject=/C=US/ST=Some-State/O=OpenStack Infra Fake Cert/CN=controller00.hpuswest.ic.openstack.org
ssl_key_file_contents: |
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDQIm6WkLzUTzJEK0T9hLvzPTtywR/doQK+/ItViDNBkm1SqA2A
7gORn/eDpryJ4ETi+oSE1Xg54+X3cRnHJN5xeTMGpP6yn/fkEVmdLWJNyox+wC98
nWoLYcvWTS+hIy339yA4NMxzXa/Hp168jMu1vsPQDFQDW+4aR62X/06UWwIDAQAB
AoGBAJe7UkWflJluduWtaaksN9y2mf0pf3KR66+R6n3bQgqeleY5L0b7vUxPgyDN
0ArvnSifmzY/bVs+oirGoBVG8oYT4p/1peKbSc2S78Ugh9CaR/BOtsrfwsUOJoE5
+0N0iZO14wOb54AZkcLIC6tDE2FhrywXLaHx6aJHm9u51ovJAkEA8ybpUxSrjR+J
MktuS/BnTnTvIB6bk0Gn6CIuZALs9sz6kBKo3b76drOuN9YAarIHABaJIL81LPi+
/hZGPoXjTQJBANsh180Gjw8iko+NtWW2izpvTeBWWyU1P9Jwr2pEi6qN4Tc+NGEV
J+xLpqyZc28kkA10tiDcDvYi/dgTiY4lskcCQHgARDbUhLXpUnSX9Z9UzidSXpGj
iXRresp91BdXukszbpWcH+sQTdw3YUv9OcduhTXt6U9YDo5bVSdhJtnEiiECQEJz
lt+j14o9b7h8vr+jhcEos7MOPQGhjkMgzPEq7DfCYsO/515xbfPoVRkOR8Uyj0Sl
Wf3I/fiCT/xQoGws3k0CQEgMq/8WNK3c6BG4LviqP2++GNm9mwYvZIz+mDlnjHvR
ZbKDbwWy2wYp2n/7WknIQS0o1CmcDXYAYgr4IPgLrfw=
-----END RSA PRIVATE KEY-----
infracloud_hpuswest_ssl_cert_file_contents: |
-----BEGIN CERTIFICATE-----
MIICZTCCAc4CCQDF0vhjB9rjdTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJV
UzETMBEGA1UECAwKU29tZS1TdGF0ZTEiMCAGA1UECgwZT3BlblN0YWNrIEluZnJh
IEZha2UgQ2VydDEvMC0GA1UEAwwmY29udHJvbGxlcjAwLmhwdXN3ZXN0LmljLm9w
ZW5zdGFjay5vcmcwHhcNMTYwMjE1MjI1MTA1WhcNMTcwMjE0MjI1MTA1WjB3MQsw
CQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTEiMCAGA1UECgwZT3BlblN0
YWNrIEluZnJhIEZha2UgQ2VydDEvMC0GA1UEAwwmY29udHJvbGxlcjAwLmhwdXN3
ZXN0LmljLm9wZW5zdGFjay5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
ANAibpaQvNRPMkQrRP2Eu/M9O3LBH92hAr78i1WIM0GSbVKoDYDuA5Gf94OmvIng
ROL6hITVeDnj5fdxGcck3nF5Mwak/rKf9+QRWZ0tYk3KjH7AL3ydagthy9ZNL6Ej
Lff3IDg0zHNdr8enXryMy7W+w9AMVANb7hpHrZf/TpRbAgMBAAEwDQYJKoZIhvcN
AQELBQADgYEAmqKsBH/c53P66zMJaoup8i2t4V+P0TWEVvKoxXMl1I2Cqahk1TZh
L2bb8x0gKs7Q8fQ7hWA785JvUBrTMhpqkGkhNERyaVQIhHHwTgzSoOp8Cs+16sy8
FzJrVWIctN7qHXhK0r2R+wKEHc+J7FruoLhKGerFrLv4vgsR+rgObrk=
-----END CERTIFICATE-----

1
examples/elements/smoke-test/element-deps
View File

@ -1 +0,0 @@
install-static

66
examples/elements/smoke-test/static/opt/smoke-test
View File

@ -1,66 +0,0 @@
#/bin/bash -ex
cleanup()
{
if [ "$?" -ne 0 ] ; then
echo "FAILED"
fi
if openstack image list | grep cirros ; then
openstack image delete cirros
fi
if openstack keypair list | grep controller ; then
openstack keypair delete controller
fi
if openstack server list | grep test ; then
openstack server delete test
fi
}
export OS_TENANT_NAME='openstack'
export OS_USERNAME='admin'
export OS_PASSWORD='XXX'
export OS_AUTH_URL='https://controller00.hpuswest.ic.openstack.org:5000/v3'
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_TYPE=v3password
trap cleanup EXIT
openstack project list
openstack user list
openstack service list
openstack endpoint list
nova list
nova image-list
nova flavor-list
nova keypair-list
if nova service-list | grep down ; then
exit 1
fi
glance image-list
neutron net-list
neutron subnet-list
openstack image create --copy-from http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img \
--public \
--container-format bare \
--disk-format qcow2 \
cirros
sleep 3
openstack image list --long | grep cirros | grep active
if [ ! -e ~/.ssh/id_rsa.pub ] ; then
ssh-keygen -f ~/.ssh/id_rsa -q -N ""
fi
nova keypair-add --pub-key ~/.ssh/id_rsa.pub controller
nova keypair-list
nova boot --flavor 1 --image cirros --key-name controller test
sleep 8
nova list | grep test | grep ACTIVE
echo "Success!"

1
examples/elements/system-config/element-deps
View File

@ -1 +0,0 @@
source-repositories

1
examples/elements/system-config/source-repository-system-config
View File

@ -1 +0,0 @@
system-config git /opt/system-config/production https://git.openstack.org/openstack-infra/system-config

37
examples/functions/sshvm
View File

@ -1,37 +0,0 @@
#!/bin/bash
ssh_cmd() {
local vm_ip=$1
shift
ssh devuser@${vm_ip} -o StrictHostKeyChecking=no "$*"
}
sshvm() {
local vm_name=$1
shift
local vm_mac=$(virsh dumpxml $vm_name | grep -m 1 'mac address' | cut -d "'" -f 2)
local vm_ip=$(arp -n | grep -m 1 $vm_mac | cut -d ' ' -f 1)
local tries=2
while [ $tries -ge 0 ] ; do
if [ -n "$vm_ip" ] ; then
local error=$(ssh_cmd $vm_ip true 2>&1) # Check for connection refused and try again
if [[ ! $error =~ .*Connection\ refused.* ]] ; then
echo "SSHing to $vm_ip"
ssh_cmd $vm_ip "$*"
break
else
echo "SSH is not ready yet. Trying again in 5 seconds."
sleep 5
fi
else
if [ $tries -eq 0 ] ; then
echo "Could not reach VM."
else
echo "VM is not ready yet. Trying $tries more time(s) in 15 seconds."
sleep 15
fi
vm_ip=$(arp -n | grep $vm_mac | cut -d ' ' -f 1)
tries=$(echo "${tries}-1" | bc)
fi
done
}

1
files/dhcp-host.j2
View File

@ -1 +0,0 @@
{{ nics[0]['mac'] }},{{ipv4_public_address}},{{name}},12h

5
files/elements/infra-cloud-bridge/README.rst
View File

@ -1,5 +0,0 @@
==================
infra-cloud-bridge
==================
Installs an upstart script that will depend on glean, and
will configure bridge for our infra cloud.

4
files/elements/infra-cloud-bridge/element-deps
View File

@ -1,4 +0,0 @@
dib-init-system
install-static
package-installs
simple-init

13
files/elements/infra-cloud-bridge/init-scripts/systemd/create_bridge.service
View File

@ -1,13 +0,0 @@
[Unit]
Description=Create bridge for infra cloud
After=glean@.service network.target network-online.target
Wants=network-online.target
[Service]
Type=oneshot
User=root
ExecStart=/usr/bin/python /opt/create_bridge.py
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

9
files/elements/infra-cloud-bridge/init-scripts/upstart/create_bridge.conf
View File

@ -1,9 +0,0 @@
description "create bridge for infra cloud"
console output
start on (stopped glean and net-device-up IFACE!=lo)
script
exec python /opt/create_bridge.py
end script

2
files/elements/infra-cloud-bridge/package-installs.yaml
View File

@ -1,2 +0,0 @@
bridge-utils:
net-tools:

26
files/elements/infra-cloud-bridge/post-install.d/80-infra-cloud-bridge
View File

@ -1,26 +0,0 @@
#!/bin/bash
if [ "${DIB_DEBUG_TRACE:-0}" -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
case "$DIB_INIT_SYSTEM" in
upstart)
# nothing to do
exit 0
;;
systemd)
systemctl enable create_bridge.service
;;
openrc)
# let dib-init-system's postinstall handle enabling init scripts
exit 0
;;
*)
echo "Unsupported init system"
exit 1
;;
esac

13
files/elements/puppet/install.d/05-puppet
View File

@ -1,13 +0,0 @@
#!/bin/bash
wget https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_puppet.sh
bash -x install_puppet.sh
mkdir /root/.ssh
chmod 700 /root/.ssh
cat > /root/.ssh/authorized_keys <<EOF
from="puppetmaster.openstack.org" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp puppet-remote-2014-09-15
EOF
chmod 600 /root/.ssh/authorized_keys

129
manifests/bifrost.pp
View File

@ -1,129 +0,0 @@
# Copyright 2014 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
class infracloud::bifrost (
$gateway_ip,
$ipmi_passwords,
$ironic_db_password,
$ironic_inventory,
$mysql_password,
$ssh_private_key,
$ssh_public_key,
$vlan,
$bridge_name = 'br-vlan2551',
$default_network_interface = 'eth2',
$dhcp_pool_start = '10.10.16.144',
$dhcp_pool_end = '10.10.16.190',
$dhcp_static_mask = '255.255.255.0',
$network_interface = 'eth2',
$ipv4_nameserver = '8.8.8.8',
$ipv4_subnet_mask = '255.255.224.0',
$dib_dev_user_password = undef,
) {
include ::infracloud::params
# The configdrive bifrost task defaults to copying the user's local public
# ssh key. Let's make sure it's there so that bifrost doesn't error and so we
# can log in to nodes from the baremetal host.
file { '/root/.ssh/id_rsa':
ensure => present,
mode => '0600',
content => $ssh_private_key,
before => Exec['install bifrost'],
}
file { '/root/.ssh/id_rsa.pub':
ensure => present,
mode => '0644',
content => $ssh_public_key,
before => Exec['install bifrost'],
}
ensure_packages($::infracloud::params::bifrost_req_packages)
class { '::ansible':
ansible_version => '2.1.1.0',
require => Package[$::infracloud::params::bifrost_req_packages],
}
class { '::mysql::server':
root_password => $mysql_password,
}
vcsrepo { '/opt/stack/bifrost':
ensure => 'latest',
provider => 'git',
revision => 'master',
source => 'https://git.openstack.org/openstack/bifrost',
}
file { '/etc/bifrost':
ensure => directory,
}
file { '/etc/bifrost/bifrost_global_vars':
ensure => present,
content => template('infracloud/bifrost/bifrost_global_vars.erb'),
}
file { '/opt/stack/baremetal.json':
ensure => file,
content => template('infracloud/bifrost/inventory.json.erb'),
require => Vcsrepo['/opt/stack/bifrost'],
}
exec { 'install bifrost dependencies':
command => 'pip install -U -r /opt/stack/bifrost/requirements.txt',
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin',
refreshonly => true,
subscribe => Vcsrepo['/opt/stack/bifrost'],
}
file { '/opt/stack/elements':
ensure => directory,
recurse => true,
source => 'puppet:///modules/infracloud/elements',
before => Exec['install bifrost'],
}
file { ['/opt/stack/elements/infra-cloud-bridge/static',
'/opt/stack/elements/infra-cloud-bridge/static/opt']:
ensure => directory,
require => File['/opt/stack/elements'],
}
file { '/opt/stack/elements/infra-cloud-bridge/static/opt/create_bridge.py':
ensure => present,
content => template('infracloud/bifrost/create_bridge.py.erb'),
require => File['/opt/stack/elements/infra-cloud-bridge/static/opt'],
before => Exec['install bifrost'],
}
exec { 'install bifrost':
environment => ['BIFROST_INVENTORY_SOURCE=/opt/stack/baremetal.json', 'HOME=/root'],
command => "ansible-playbook -e @/etc/bifrost/bifrost_global_vars -vvvv \
-i /opt/stack/bifrost/playbooks/inventory/bifrost_inventory.py \
/opt/stack/bifrost/playbooks/install.yaml \
&& touch /var/run/bifrost_install_succeeded",
path => '/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin',
creates => '/var/run/bifrost_install_succeeded',
timeout => 1500,
require => [
Exec['install bifrost dependencies'],
File['/etc/bifrost/bifrost_global_vars'],
Vcsrepo['/opt/stack/bifrost'],
Package[$::infracloud::params::bifrost_req_packages],
Class['::mysql::server'],
],
}
}

31
manifests/cacert.pp
View File

@ -1,31 +0,0 @@
# adds infra cloud chain to trusted certs
class infracloud::cacert (
$cacert_content,
) {
include ::infracloud::params
file { $::infracloud::params::cert_path:
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0755',
}
file { "${::infracloud::params::cert_path}/openstack_infra_ca.crt":
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
content => $cacert_content,
replace => true,
require => File[$::infracloud::params::cert_path],
}
exec { 'update-ca-certificates':
command => $::infracloud::params::cert_command,
subscribe => [
File["${::infracloud::params::cert_path}/openstack_infra_ca.crt"],
],
refreshonly => true,
}
}

159
manifests/compute.pp
View File

@ -1,159 +0,0 @@
#Class infracloud::compute
#
class infracloud::compute(
$br_name,
$controller_public_address,
$neutron_admin_password,
$neutron_rabbit_password,
$nova_rabbit_password,
$ssl_cert_file_contents,
$ssl_key_file_contents,
$virt_type = 'kvm',
$openstack_release = 'mitaka',
) {
include ::infracloud::params
$ssl_cert_path = "${::infracloud::params::cert_path}/openstack_infra_ca.crt"
### Certificate Chain ###
class { '::infracloud::cacert':
cacert_content => $ssl_cert_file_contents,
}
### Networking ###
class {'::infracloud::veth':
br_name => $br_name,
}
### Repos and selinux ###
case $::osfamily {
'Debian': {
include ::apt
case $::operatingsystem {
'Ubuntu': {
class { '::openstack_extras::repo::debian::ubuntu':
release => $openstack_release,
package_require => true,
}
}
'Debian': {
class { '::openstack_extras::repo::debian::debian':
release => $openstack_release,
package_require => true,
}
}
default: {
fail("Unsupported operating system: ${::operatingsystem}")
}
}
}
'RedHat': {
class { '::openstack_extras::repo::redhat::redhat':
release => $openstack_release,
package_require => true,
}
class { '::selinux':
mode => 'permissive',
}
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'infracloud' module only supports osfamily Debian or RedHat.")
}
}
### Nova ###
# nova.conf
class { '::nova':
rabbit_userid => 'nova',
rabbit_password => $nova_rabbit_password,
rabbit_host => $controller_public_address,
rabbit_port => '5671',
rabbit_use_ssl => true,
glance_api_servers => "https://${controller_public_address}:9292",
use_ssl => true,
cert_file => $ssl_cert_path,
key_file => "/etc/nova/ssl/private/${controller_public_address}.pem",
}
file { '/etc/nova/ssl':
ensure => directory,
owner => 'root',
mode => '0755',
require => Class['::nova'],
}
file { '/etc/nova/ssl/private':
ensure => directory,
owner => 'root',
mode => '0755',
require => File['/etc/nova/ssl'],
}
infracloud::ssl_key { 'nova':
key_path => "/etc/nova/ssl/private/${controller_public_address}.pem",
key_content => $ssl_key_file_contents,
require => File['/etc/nova/ssl/private'],
}
# nova-compute service
class { '::nova::compute':
enabled => true,
force_raw_images => false,
}
# nova.conf neutron credentials
class { '::nova::network::neutron':
neutron_url => "https://${controller_public_address}:9696",
neutron_auth_url => "https://${controller_public_address}:35357",
neutron_auth_plugin => 'password',
neutron_password => $neutron_admin_password,
}
# Libvirt parameters
class { '::nova::compute::libvirt':
# Enhance disk I/O
libvirt_disk_cachemodes => ['file=unsafe'],
# KVM in prod, qemu in tests
libvirt_virt_type => $virt_type,
}
# NOTE(pabelanger): This is needed for force_raw_images to work. Otherwise
# nova will still convert images to raw.
nova_config {
'libvirt/images_type': value => 'qcow2';
}
### Neutron ###
# neutron.conf
class { '::neutron':
core_plugin => 'ml2',
enabled => true,
rabbit_user => 'neutron',
rabbit_password => $neutron_rabbit_password,
rabbit_host => $controller_public_address,
rabbit_port => '5671',
rabbit_use_ssl => true,
use_ssl => true,
cert_file => $ssl_cert_path,
key_file => "/etc/neutron/ssl/private/${controller_public_address}.pem",
}
# ML2
class { '::neutron::agents::ml2::linuxbridge':
physical_interface_mappings => ['provider:veth2'],
require => Class['infracloud::veth'],
}
# Fix for https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1453188
file { '/usr/bin/neutron-plugin-linuxbridge-agent':
ensure => link,
target => '/usr/bin/neutron-linuxbridge-agent',
before => Package['neutron-plugin-linuxbridge-agent'],
}
# Fix to make sure linuxbridge-agent can reach rabbit after moving it
Neutron_config['oslo_messaging_rabbit/rabbit_hosts'] ~> Service['neutron-plugin-linuxbridge-agent']
}

423
manifests/controller.pp
View File

@ -1,423 +0,0 @@
# Class: OpenStack Infra Cloud
#
class infracloud::controller(
$br_name,
$glance_admin_password,
$glance_mysql_password,
$keystone_admin_password,
$keystone_admin_token,
$keystone_mysql_password,
$keystone_rabbit_password,
$neutron_admin_password,
$neutron_mysql_password,
$neutron_rabbit_password,
$neutron_subnet_allocation_pools,
$neutron_subnet_cidr,
$neutron_subnet_gateway,
$nova_admin_password,
$nova_mysql_password,
$nova_rabbit_password,
$root_mysql_password,
$ssl_key_file_contents,
$ssl_cert_file_contents,
$controller_public_address = $::fqdn,
$mysql_max_connections = 1024,
$openstack_release = 'mitaka',
) {
$keystone_auth_uri = "https://${controller_public_address}:5000"
$keystone_admin_uri = "https://${controller_public_address}:35357"
include ::infracloud::params
$ssl_cert_path = "${::infracloud::params::cert_path}/openstack_infra_ca.crt"
### Certificate Chain ###
class { '::infracloud::cacert':
cacert_content => $ssl_cert_file_contents,
}
### Networking ###
class { '::infracloud::veth':
br_name => $br_name,
}
### Repos and selinux ###
case $::osfamily {
'Debian': {
include ::apt
case $::operatingsystem {
'Ubuntu': {
class { '::openstack_extras::repo::debian::ubuntu':
release => $openstack_release,
package_require => true,
}
}
'Debian': {
class { '::openstack_extras::repo::debian::debian':
release => $openstack_release,
package_require => true,
}
}
default: {
fail("Unsupported operating system: ${::operatingsystem}")
}
}
}
'RedHat': {
class { '::openstack_extras::repo::redhat::redhat':
release => $openstack_release,
package_require => true,
}
package { 'erlang':
ensure => present,
before => Class['::rabbitmq'],
}
class { '::selinux':
mode => 'permissive',
}
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'infracloud' module only supports osfamily Debian or RedHat.")
}
}
### Database ###
class { '::mysql::server':
root_password => $root_mysql_password,
restart => true,
override_options => {
'mysqld' => {
'max_connections' => $mysql_max_connections,
}
}
}
### Messaging ###
file { '/etc/rabbitmq/ssl/private':
ensure => directory,
owner => 'root',
mode => '0755',
}
infracloud::ssl_key { 'rabbitmq':
key_content => $ssl_key_file_contents,
key_path => "/etc/rabbitmq/ssl/private/${controller_public_address}.pem",
require => Package['rabbitmq-server'],
}
class { '::rabbitmq':
delete_guest_user => true,
environment_variables => {
'RABBITMQ_NODE_IP_ADDRESS' => '127.0.0.1',
},
ssl => true,
ssl_only => true,
ssl_cacert => $ssl_cert_path,
ssl_cert => $ssl_cert_path,
ssl_key => "/etc/rabbitmq/ssl/private/${controller_public_address}.pem",
require => File[$ssl_cert_path],
}
### Keystone ###
class { '::keystone::db::mysql':
password => $keystone_mysql_password,
}
infracloud::rabbitmq_user { 'keystone':
password => $keystone_rabbit_password,
}
# keystone.conf
class { '::keystone':
database_connection => "mysql://keystone:${keystone_mysql_password}@127.0.0.1/keystone",
catalog_type => 'sql',
admin_token => $keystone_admin_token,
service_name => 'httpd',
enable_ssl => true,
admin_bind_host => $controller_public_address,
rabbit_userid => 'keystone',
rabbit_password => $keystone_rabbit_password,
rabbit_host => $controller_public_address,
rabbit_port => '5671',
rabbit_use_ssl => true,
# Hack to work around a bug in the puppet module
# https://review.openstack.org/#/c/280462/
kombu_ssl_ca_certs => [],
kombu_ssl_certfile => [],
kombu_ssl_keyfile => [],
}
# keystone admin user, projects
class { '::keystone::roles::admin':
email => 'postmaster@example.com',
password => $keystone_admin_password,
}
# keystone auth endpoints
class { '::keystone::endpoint':
public_url => $keystone_auth_uri,
admin_url => $keystone_admin_uri,
version => '',
}
# apache server
include ::apache
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
mode => '0710',
}
$keystone_ssl_key_path = "/etc/ssl/private/${controller_public_address}-keystone.pem"
# keystone vhost
class { '::keystone::wsgi::apache':
ssl_key => $keystone_ssl_key_path,
ssl_cert => $ssl_cert_path,
subscribe => Class['::infracloud::cacert'],
require => File['/etc/ssl/private'],
}
infracloud::ssl_key { 'keystone':
key_content => $ssl_key_file_contents,
key_path => $keystone_ssl_key_path,
notify => Service['httpd'],
require => [ Package['keystone'], File['/etc/ssl/private'] ],
}
### Glance ###
$glance_database_connection = "mysql://glance:${glance_mysql_password}@127.0.0.1/glance"
class { '::glance::db::mysql':
password => $glance_mysql_password,
}
# glance-api.conf
class { '::glance::api':
database_connection => $glance_database_connection,
keystone_password => $glance_admin_password,
auth_uri => $keystone_auth_uri,
identity_uri => $keystone_admin_uri,
cert_file => $ssl_cert_path,
key_file => "/etc/glance/ssl/private/${controller_public_address}.pem",
subscribe => Class['::infracloud::cacert'],
}
infracloud::ssl_key { 'glance':
key_content => $ssl_key_file_contents,
notify => Service[$::glance::params::api_service_name],
require => Package[$::glance::params::api_package_name],
}
# glance-registry.conf
class { '::glance::registry':
database_connection => $glance_database_connection,
keystone_password => $glance_admin_password,
auth_uri => $keystone_auth_uri,
identity_uri => $keystone_admin_uri,
}
# set filesystem_store_datadir to /var/lib/glance/images in glance-api.conf
# and glance-registry.conf
class { '::glance::backend::file': }
# keystone user, role, service, endpoints for glance service
class { '::glance::keystone::auth':
password => $glance_admin_password,
public_url => "https://${controller_public_address}:9292",
admin_url => "https://${controller_public_address}:9292",
}
### Neutron server ###
sysctl::value { 'net.ipv4.conf.default.rp_filter':
value => 0
}
sysctl::value { 'net.ipv4.conf.all.rp_filter':
value => 0
}
class { '::neutron::db::mysql':
password => $neutron_mysql_password,
}
infracloud::rabbitmq_user { 'neutron':
password => $neutron_rabbit_password,
}
# neutron.conf
class { '::neutron':
core_plugin => 'ml2',
enabled => true,
rabbit_user => 'neutron',
rabbit_password => $neutron_rabbit_password,
rabbit_host => $controller_public_address,
rabbit_port => '5671',
rabbit_use_ssl => true,
use_ssl => true,
cert_file => $ssl_cert_path,
key_file => "/etc/neutron/ssl/private/${controller_public_address}.pem",
subscribe => Class['::infracloud::cacert'],
}
infracloud::ssl_key { 'neutron':
key_content => $ssl_key_file_contents,
notify => Service['neutron-server'],
require => Package['neutron'],
}
# keystone user, role, service, endpoints for neutron service
class { '::neutron::keystone::auth':
password => $neutron_admin_password,
public_url => "https://${controller_public_address}:9696/",
admin_url => "https://${controller_public_address}:9696/",
}
# neutron-server service and related neutron.conf and api-paste.conf params
class { '::neutron::server':
password => $neutron_admin_password,
database_connection => "mysql://neutron:${neutron_mysql_password}@127.0.0.1/neutron?charset=utf8",
sync_db => true,
auth_uri => $keystone_auth_uri,
auth_url => $keystone_admin_uri,
}
# neutron client package
class { '::neutron::client': }
# neutron.conf nova credentials
class { '::neutron::server::notifications':
auth_url => $keystone_admin_uri,
password => $nova_admin_password,
}
# ML2
class { '::neutron::plugins::ml2':
type_drivers => ['flat', 'vlan'],
tenant_network_types => [],
mechanism_drivers => ['linuxbridge'],
flat_networks => ['provider'],
network_vlan_ranges => ['provider'],
enable_security_group => true,
}
class { '::neutron::agents::ml2::linuxbridge':
physical_interface_mappings => ['provider:veth2'],
require => Class['infracloud::veth'],
}
# Fix for https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/1453188
file { '/usr/bin/neutron-plugin-linuxbridge-agent':
ensure => link,
target => '/usr/bin/neutron-linuxbridge-agent',
before => Package['neutron-plugin-linuxbridge-agent'],
}
# Fix to make sure linuxbridge-agent can reach rabbit after moving it
Neutron_config['oslo_messaging_rabbit/rabbit_hosts'] ~> Service['neutron-plugin-linuxbridge-agent']
# DHCP
class { '::neutron::agents::dhcp':
interface_driver => 'neutron.agent.linux.interface.BridgeInterfaceDriver',
dhcp_delete_namespaces => true,
}
# Provider network
neutron_network { 'public':
shared => true,
provider_network_type => 'flat',
provider_physical_network => 'provider',
}
# Provider subnet with three allication pools representing three "subnets"
neutron_subnet { 'provider-subnet-infracloud':
cidr => $neutron_subnet_cidr,
gateway_ip => $neutron_subnet_gateway,
network_name => 'public',
allocation_pools => $neutron_subnet_allocation_pools,
}
### Nova ###
class { '::nova::db':
database_connection => "mysql://nova:${nova_mysql_password}@127.0.0.1/nova?charset=utf8",
api_database_connection => "mysql://nova_api:${nova_mysql_password}@127.0.0.1/nova_api?charset=utf8"
}
class { '::nova::db::mysql':
password => $nova_mysql_password,
host => '127.0.0.1',
}
class { '::nova::db::mysql_api':
password => $nova_mysql_password,
host => '127.0.0.1',
}
infracloud::rabbitmq_user { 'nova':
password => $nova_rabbit_password,
}
# nova.conf - general
class { '::nova':
rabbit_userid => 'nova',
rabbit_password => $nova_rabbit_password,
rabbit_host => $controller_public_address,
rabbit_port => '5671',
rabbit_use_ssl => true,
glance_api_servers => "https://${controller_public_address}:9292",
use_ssl => true,
cert_file => $ssl_cert_path,
key_file => "/etc/nova/ssl/private/${controller_public_address}.pem",
subscribe => Class['::infracloud::cacert'],
}
infracloud::ssl_key { 'nova':
key_content => $ssl_key_file_contents,
notify => Service['nova-api'],
require => Class['::nova'],
}
# keystone user, role, service, endpoints for nova service
class { '::nova::keystone::auth':
password => $nova_admin_password,
public_url => "https://${controller_public_address}:8774/v2/%(tenant_id)s",
admin_url => "https://${controller_public_address}:8774/v2/%(tenant_id)s",
configure_ec2_endpoint => false,
configure_endpoint_v3 => false,
}
# nova.conf neutron credentials
class { '::nova::network::neutron':
neutron_auth_url => $keystone_admin_uri,
neutron_password => $neutron_admin_password,
neutron_auth_plugin => 'password',
neutron_url => "https://${controller_public_address}:9696",
}
# api service and endpoint-related params in nova.conf
class { '::nova::api':
enabled => true,
enabled_apis => 'osapi_compute',
admin_password => $nova_admin_password,
auth_uri => $keystone_auth_uri,
identity_uri => $keystone_admin_uri,
osapi_v3 => false,
}
# conductor service
class { '::nova::conductor':
enabled => true,
}
# scheduler service
class { '::nova::scheduler':
enabled => true,
}
### Logging ###
class { '::infracloud::logs': }
}

44
manifests/logs.pp
View File

@ -1,44 +0,0 @@
# Class: OpenStack Infra Logs
#
class infracloud::logs(
$docroot = '/var/www/logs',
$port = '80',
$vhost_name = $::fqdn,
) {
include ::apache
file { $docroot:
ensure => directory,
require => Class['::apache'],
}
# Allow everybody to read neutron logs.
file { '/var/log/neutron':
ensure => directory,
group => adm,
mode => '0644',
owner => neutron,
require => Class['::neutron'],
}
file { "${docroot}/neutron":
ensure => link,
target => '/var/log/neutron',
group => root,
owner => root,
require => [
File[$docroot],
File['/var/log/neutron'],
],
}
::apache::vhost::custom { $vhost_name:
ensure => present,
content => template('infracloud/logs.vhost.erb'),
}
# Temporary workaround until https://github.com/puppetlabs/puppetlabs-apache/pull/1388 is merged and released
if $::apache::mod_enable_dir != undef {
File[$::apache::mod_enable_dir] -> Exec["syntax verification for ${vhost_name}"]
}
}

18
manifests/params.pp
View File

@ -1,18 +0,0 @@
# common parameters to be reused in infracloud
class infracloud::params {
case $::osfamily {
'Debian': {
$cert_path = '/usr/local/share/ca-certificates'
$cert_command = '/usr/sbin/update-ca-certificates'
$bifrost_req_packages = [ 'gcc', 'libssl-dev', 'uuid-runtime' ]
}
'Redhat': {
$cert_path = '/etc/pki/ca-trust/source/anchors'
$cert_command = '/usr/bin/update-ca-trust'
$bifrost_req_packages = [ 'gcc', 'openssl-devel', 'libselinux-python' ]
}
default: {
fail('Only Debian and RedHat distros are supported.')
}
}
}

13
manifests/rabbitmq_user.pp
View File

@ -1,13 +0,0 @@
define infracloud::rabbitmq_user(
$password,
) {
rabbitmq_user { $name:
admin => false,
password => $password,
}
rabbitmq_user_permissions { "${name}@/":
configure_permission => '.*',
read_permission => '.*',
write_permission => '.*',
}
}

34
manifests/ssl_key.pp
View File

@ -1,34 +0,0 @@
define infracloud::ssl_key(
$key_content,
$key_path = undef,
) {
if $key_path == undef {
$_key_path = "/etc/${name}/ssl/private/${::fqdn}.pem"
} else {
$_key_path = $key_path
}
# If the user isn't providing an unexpected path, create the directory
# structure.
if $key_path == undef {
file { "/etc/${name}/ssl":
ensure => directory,
owner => $name,
mode => '0775',
}
file { "/etc/${name}/ssl/private":
ensure => directory,
owner => $name,
mode => '0755',
require => File["/etc/${name}/ssl"],
before => File[$_key_path]
}
}
file { $_key_path:
ensure => present,
content => $key_content,
owner => $name,
mode => '0600',
}
}

27
manifests/veth.pp
View File

@ -1,27 +0,0 @@
# Create a veth pair to connect the neutron bridge to the vlan bridge
class infracloud::veth (
$br_name,
) {
exec { 'create veth pair':
command => '/sbin/ip link add veth1 type veth peer name veth2',
unless => '/sbin/ip link show | /bin/grep veth1 && /sbin/ip link show | /bin/grep veth2',
}
exec { 'attach veth pair':
command => "/sbin/brctl addif ${br_name} veth1",
unless => "/sbin/brctl show ${br_name} | /bin/grep veth1",
require => Exec['create veth pair'],
}
exec { 'turn on veth1':
command => '/sbin/ip link set dev veth1 up',
unless => '/sbin/ip link show dev veth1 | /bin/grep "state UP"',
require => Exec['attach veth pair'],
}
exec { 'turn on veth2':
command => '/sbin/ip link set dev veth2 up',
unless => '/sbin/ip link show dev veth2 | /bin/grep "state UP"',
require => Exec['attach veth pair'],
}
}

32
metadata.json
View File

@ -1,32 +0,0 @@
{
"name": "puppet-infracloud",
"version": "0.0.1",
"author": "OpenStack CI",
"summary": "Puppet module for OpenStack-infra Infracloud",
"license": "Apache-2.0",
"source": "https://git.openstack.org/openstack-infra/puppet-infracloud.git",
"project_page": "https://docs.openstack.org/infra/system-config/",
"issues_url": "https://storyboard.openstack.org/#!/project/767",
"description": "Installs and configures OpenStack-infra Infracloud.",
"operatingsystem_support": [
{
"operatingsystem": "Debian",
"operatingsystemrelease": ["8"]
},
{
"operatingsystem": "Fedora",
"operatingsystemrelease": ["21","22"]
},
{
"operatingsystem": "RedHat",
"operatingsystemrelease": ["7"]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": ["14.04"]
}
],
"dependencies": [
{ "name": "puppetlabs/stdlib", "version_requirement": ">= 4.0.0 <5.0.0" }
]
}

145
spec/acceptance/allinone_spec.rb
View File

@ -1,145 +0,0 @@
require 'puppet-openstack_infra_spec_helper/spec_helper_acceptance'
describe 'allinone', :if => os[:family] == 'ubuntu' && os[:release] != '16.04' do
fixtures_path = File.join(File.dirname(__FILE__), 'fixtures')
controller_path = File.join(fixtures_path, 'allinone_controller.pp')
compute_path = File.join(fixtures_path, 'allinone_compute.pp')
controller_pp = File.read(controller_path)
compute_pp = File.read(compute_path)
before :all do
# set up bridge
shell('apt-get install -y vlan bridge-utils')
shell('echo -e "auto eth0.2\niface eth0.2 inet manual\n" >> /etc/network/interfaces')
shell('modprobe 8021q')
shell('ifup eth0.2')
shell('brctl addbr br_infracloud')
shell('brctl addif br_infracloud eth0.2')
shell('ip addr add 10.1.0.42/255.255.240.0 dev br_infracloud')
shell('ip link set dev br_infracloud up')
# set hostname
shell('echo 127.0.1.1 infracloud.local infracloud >> /etc/hosts')
shell('echo infracloud > /etc/hostname')
shell('hostname infracloud')
end
# The controller and compute are meant to run on separate nodes, so
# applying them together gives duplicate definition errors. Otherwise
# they should be able to cohabitate a single node.
it 'should apply the controller with no errors' do
apply_manifest(controller_pp, catch_failures: true)
end
it 'should apply the compute with no errors' do
apply_manifest(compute_pp, catch_failures: true)
end
it 'should be idempotent' do
apply_manifest(controller_pp, catch_changes: true)
apply_manifest(compute_pp, catch_changes: true)
end
credentials = 'OS_USERNAME=admin'
credentials += ' OS_PASSWORD=XXX'
credentials += ' OS_PROJECT_NAME=openstack'
credentials += ' OS_USER_DOMAIN_NAME=default'
credentials += ' OS_PROJECT_DOMAIN_NAME=default'
credentials += ' OS_IDENTITY_API_VERSION=3'
credentials += ' OS_AUTH_URL=https://infracloud.local:5000/v3'
it 'should have keystone projects' do
result = shell("#{credentials} openstack project list")
expect(result.stdout).to match(/openstack/)
expect(result.exit_code).to eq(0)
end
it 'should have keystone users' do
result = shell("#{credentials} openstack user list")
expect(result.stdout).to match(/admin/)
expect(result.exit_code).to eq(0)
end
it 'should have keystone services' do
result = shell("#{credentials} openstack service list")
expect(result.stdout).to match(/identity/)
expect(result.stdout).to match(/compute/)
expect(result.stdout).to match(/network/)
expect(result.stdout).to match(/image/)
expect(result.exit_code).to eq(0)
end
it 'should have keystone endpoints' do
result = shell("#{credentials} openstack endpoint list")
expect(result.stdout).to match(/infracloud.local:5000/)
expect(result.stdout).to match(/infracloud.local:9696/)
expect(result.stdout).to match(/infracloud.local:9292/)
expect(result.stdout).to match(/infracloud.local:8774/)
expect(result.exit_code).to eq(0)
end
it 'should have nova flavors' do
result = shell("#{credentials} openstack flavor list")
expect(result.stdout).to match(/m1.tiny/)
expect(result.exit_code).to eq(0)
end
it 'should have nova services running' do
result = shell("#{credentials} openstack compute service list")
expect(result.stdout).to match(/conductor.*up/)
expect(result.stdout).to match(/scheduler.*up/)
expect(result.stdout).to match(/compute.*up/)
expect(result.exit_code).to eq(0)
end
it 'should have a neutron network' do
result = shell("#{credentials} openstack network list")
expect(result.stdout).to match(/public/)
expect(result.exit_code).to eq(0)
end
it 'should have a neutron subnet' do
result = shell("#{credentials} neutron subnet-list")
expect(result.stdout).to match(/provider-subnet-infracloud/)
expect(result.exit_code).to eq(0)
end
it 'should be able to upload an image' do
command = 'OS_IMAGE_API_VERSION=1 openstack image create \
--copy-from http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img \
--public \
--container-format bare \
--disk-format qcow2 \
cirros'
result = shell("#{credentials} #{command}")
expect(result.exit_code).to eq(0)
list_command = "#{credentials} openstack image list --long"
timeout = 60
end_time = Time.now + timeout
image_list = shell(list_command)
while image_list.stdout =~ /saving/ && Time.now() < end_time
sleep(10)
image_list = shell(list_command)
end
expect(image_list.stdout).to match(/cirros.*active/)
expect(image_list.exit_code).to eq(0)
end
it 'should be able to upload a keypair' do
shell('ssh-keygen -f ~/.ssh/id_rsa -q -N ""')
result = shell("#{credentials} openstack keypair create --public-key ~/.ssh/id_rsa.pub newkey")
expect(result.exit_code).to eq(0)
result = shell("#{credentials} openstack keypair list")
expect(result.stdout).to match('newkey')
expect(result.exit_code).to eq(0)
end
it 'should be able to boot a node' do
result = shell("#{credentials} openstack server create --flavor 1 --image cirros --key-name newkey testnode")
expect(result.exit_code).to eq(0)
sleep(8) # command returns immediately but node needs time to boot
result = shell("#{credentials} openstack server list")
expect(result.stdout).to match(/testnode.*ACTIVE/)
expect(result.exit_code).to eq(0)
end
end

29
spec/acceptance/fixtures/allinone_compute.pp
View File

@ -1,29 +0,0 @@
# All-in-one - compute
# Apply this second
#subject=/C=AU/ST=Some-State/O=OpenStack Infra CI/CN=infracloud.local
$ssl_cert_file_contents = '-----BEGIN CERTIFICATE-----
MIICPzCCAagCCQCPiSxWO8GqIDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEkMCIGA1UECgwbT3BlblN0YWNrIEluZnJh
c3RydWN0dXJlIENJMRkwFwYDVQQDDBBpbmZyYWNsb3VkLmxvY2FsMCAXDTE2MDQw
ODA1MjEwOFoYDzIxMTYwMzE1MDUyMTA4WjBjMQswCQYDVQQGEwJBVTETMBEGA1UE
CAwKU29tZS1TdGF0ZTEkMCIGA1UECgwbT3BlblN0YWNrIEluZnJhc3RydWN0dXJl
IENJMRkwFwYDVQQDDBBpbmZyYWNsb3VkLmxvY2FsMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCaqM0NGQuJ2yu86cxymeBBPKSPIV5Jw2qf8F1tVA58gnBTJGC2
6ApJQHurVq1NjLmLK20s/enDeawQQXRlJcgdt0lqOChxfgc4aZFEQ4N17uhY9DQS
YsiT8t00m7MZBrW3Chr6duzDNOCLtvvGo8sG9TZWgoIUqw42IzFscsd8wwIDAQAB
MA0GCSqGSIb3DQEBCwUAA4GBADd8JXYMBx66pQGHdyNrnS/ESA33g9JOmnZy5jv1
AWTAGnhoUoRyudRL8zefjcbTyKOLWDiD6vw2hpXPnffsvQYwdr0BMw8OeEfkVgnB
lFh8RZ1IuB+fZl26h1bddnU1yDvxZy6MeZ9o0xZMqR37yeVEjSWq0bP0E1mNpcZO
dgdQ
-----END CERTIFICATE-----'
class { '::infracloud::compute':
nova_rabbit_password => 'XXX',
neutron_rabbit_password => 'XXX',
neutron_admin_password => 'XXX',
ssl_cert_file_contents => $ssl_cert_file_contents,
br_name => 'br_infracloud',
controller_public_address => 'infracloud.local',
virt_type => 'qemu',
}

57
spec/acceptance/fixtures/allinone_controller.pp
View File

@ -1,57 +0,0 @@
# All-in-one - controller
# Apply this first
$ssl_key_file_contents = '-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQCaqM0NGQuJ2yu86cxymeBBPKSPIV5Jw2qf8F1tVA58gnBTJGC2
6ApJQHurVq1NjLmLK20s/enDeawQQXRlJcgdt0lqOChxfgc4aZFEQ4N17uhY9DQS
YsiT8t00m7MZBrW3Chr6duzDNOCLtvvGo8sG9TZWgoIUqw42IzFscsd8wwIDAQAB
AoGBAJTIhRLvoBkLvsTrSmKJQ6Keu1RybmmZ1A5vRwGxFoqTVYm2elAbZCHaJd7L
8Mak9a47pbjdwC/r8iplPZs8wIjO/QtuBPZH/5k1i73xIiegJki99Ay2js0I/vww
XJvE4tLLhEMfbdTVyy+XQv/RassduM7kQbD+01pMcLB8K8jhAkEAx3c49YUqd77Z
zK/qBnwe2k8EQxCRjtijFwswMTgV3HOtmCzpzqc2KMNjJMX4bCPCZa5N2QCKJRT5
rYB7eT9bkQJBAMZ+iHNK8NuNBeY0Tkbaxw37EyF45F4e8DSs52PtgTQyEHffzVge
SxhBLWKQ/bPr3wjqSEkG7SEr0idR+sTmIRMCQQCbyy8d9Wj6JoMPMMdlUUT31ofJ
qgNGw0Z/FSoLB3drvJ52IX5s/oV6yUGC0235aOTJbp83QwijdgKd1aCbTzVBAkB3
xLGgn39lelos5TK2Hhwtm2mXsNJa2GAn6IxWB2EGlY7KRggpO14kbG9uIf5zKceS
IYssRTmf4kkT4KtnU1RxAkAjmtNISSzC4Sfx/55TuVIyt6taSQsSi89rSUjnbecI
Yq3byURu0cpBG6pCi+6gwP7s8VDyAYZF17/JjN1SJig0
-----END RSA PRIVATE KEY-----'
#subject=/C=AU/ST=Some-State/O=OpenStack Infra CI/CN=infracloud.local
$ssl_cert_file_contents = '-----BEGIN CERTIFICATE-----
MIICPzCCAagCCQCPiSxWO8GqIDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJB
VTETMBEGA1UECAwKU29tZS1TdGF0ZTEkMCIGA1UECgwbT3BlblN0YWNrIEluZnJh
c3RydWN0dXJlIENJMRkwFwYDVQQDDBBpbmZyYWNsb3VkLmxvY2FsMCAXDTE2MDQw
ODA1MjEwOFoYDzIxMTYwMzE1MDUyMTA4WjBjMQswCQYDVQQGEwJBVTETMBEGA1UE
CAwKU29tZS1TdGF0ZTEkMCIGA1UECgwbT3BlblN0YWNrIEluZnJhc3RydWN0dXJl
IENJMRkwFwYDVQQDDBBpbmZyYWNsb3VkLmxvY2FsMIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQCaqM0NGQuJ2yu86cxymeBBPKSPIV5Jw2qf8F1tVA58gnBTJGC2
6ApJQHurVq1NjLmLK20s/enDeawQQXRlJcgdt0lqOChxfgc4aZFEQ4N17uhY9DQS
YsiT8t00m7MZBrW3Chr6duzDNOCLtvvGo8sG9TZWgoIUqw42IzFscsd8wwIDAQAB
MA0GCSqGSIb3DQEBCwUAA4GBADd8JXYMBx66pQGHdyNrnS/ESA33g9JOmnZy5jv1
AWTAGnhoUoRyudRL8zefjcbTyKOLWDiD6vw2hpXPnffsvQYwdr0BMw8OeEfkVgnB
lFh8RZ1IuB+fZl26h1bddnU1yDvxZy6MeZ9o0xZMqR37yeVEjSWq0bP0E1mNpcZO
dgdQ
-----END CERTIFICATE-----'
class { '::infracloud::controller':
keystone_rabbit_password => 'XXX',
neutron_rabbit_password => 'XXX',
nova_rabbit_password => 'XXX',
root_mysql_password => 'XXX',
keystone_mysql_password => 'XXX',
glance_mysql_password => 'XXX',
neutron_mysql_password => 'XXX',
nova_mysql_password => 'XXX',
keystone_admin_password => 'XXX',
glance_admin_password => 'XXX',
neutron_admin_password => 'XXX',
nova_admin_password => 'XXX',
keystone_admin_token => 'XXX',
ssl_key_file_contents => $ssl_key_file_contents,
ssl_cert_file_contents => $ssl_cert_file_contents,
br_name => 'br_infracloud',
controller_public_address => 'infracloud.local',
neutron_subnet_cidr => '10.1.0.0/24',
neutron_subnet_gateway => '10.1.0.1',
neutron_subnet_allocation_pools => ['start=10.1.0.16,end=10.1.0.32'],
}

11
spec/acceptance/nodesets/default.yml
View File

@ -1,11 +0,0 @@
HOSTS:
ubuntu-server-1404-x64:
roles:
- master
platform: ubuntu-14.04-amd64
box: puppetlabs/ubuntu-14.04-64-nocm
box_url: https://vagrantcloud.com/puppetlabs/ubuntu-14.04-64-nocm
hypervisor: vagrant
CONFIG:
log_level: debug
type: git

10
spec/acceptance/nodesets/nodepool-centos7.yml
View File

@ -1,10 +0,0 @@
HOSTS:
centos-70-x64:
roles:
- master
platform: el-7-x86_64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-trusty.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-14.04-amd64:
roles:
- master
platform: ubuntu-14.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

10
spec/acceptance/nodesets/nodepool-xenial.yml
View File

@ -1,10 +0,0 @@
HOSTS:
ubuntu-16.04-amd64:
roles:
- master
platform: ubuntu-16.04-amd64
hypervisor: none
ip: 127.0.0.1
CONFIG:
type: foss
set_env: false

31
templates/bifrost/bifrost_global_vars.erb
View File

@ -1,31 +0,0 @@
network_interface: <%= @network_interface %>
node_default_network_interface: <%= @default_network_interface %>
node_network_info: "{}"
disable_dnsmasq_dns: true
ipv4_subnet_mask: <%= @ipv4_subnet_mask %>
ipv4_gateway: <%= @gateway_ip %>
ipv4_nameserver: <%= @ipv4_nameserver %>
vlan_id: <%= @vlan %>
dhcp_pool_start: <%= @dhcp_pool_start %>
dhcp_pool_end: <%= @dhcp_pool_end %>
dhcp_static_mask: <%= @dhcp_static_mask %>
inventory_dhcp: true
inventory_dhcp_static_ip: true
dib_os_element: "ubuntu-minimal"
dib_os_release: "trusty"
dib_packages: "openssh-server,vlan,vim,less,bridge-utils,language-pack-en,iputils-ping,rsyslog,curl"
dib_trace: true
extra_dib_elements: "devuser infra-cloud-bridge puppet growroot"
mysql_password: <%= @mysql_password %>
ironic_db_password: <%= @ironic_db_password %>
dib_env_vars:
DIB_INSTALLTYPE_simple_init: repo
DIB_DEV_USER_USERNAME: "baremetal"
<% if @dib_dev_user_password != nil %>
DIB_DEV_USER_PASSWORD: "<%= @dib_dev_user_password -%>"
<% end %>
DIB_DEV_USER_PWDLESS_SUDO: "Y"
ELEMENTS_PATH: "/opt/stack/elements:/opt/project-config/nodepool/elements"
extra_kernel_options: intel_iommu=off
create_ipa_image: true
dnsmasq_router: false

25
templates/bifrost/bifrost_global_vars.hpuseast.erb
View File

@ -1,25 +0,0 @@
network_interface: em2
node_default_network_interface: eth0
vlan_id: 1598
node_network_info: "{}"
inventory_dhcp: true
inventory_dhcp_static_ip: true
ipv4_subnet_mask: 255.255.255.0
ipv4_gateway: 15.126.48.1
ipv4_nameserver: 8.8.8.8
dhcp_pool_start: 10.23.212.4
dhcp_pool_end: 10.23.212.126
dnsmasq_router: false
dnsmasq_dns_servers: 8.8.8.8,8.8.4.4
dib_os_element: "ubuntu-minimal"
dib_packages: "openssh-server,vlan,vim,less,bridge-utils,language-pack-en,iputils-ping,rsyslog"
dib_trace: true
extra_dib_elements: "devuser puppet growroot infra-cloud-bridge"
mysql_password: <%= @mysql_password %>
ironic_db_password: <%= @ironic_db_password %>
dib_env_vars:
DIB_INSTALLTYPE_simple_init: repo
DIB_DEV_USER_USERNAME: "baremetal"
DIB_DEV_USER_PWDLESS_SUDO: "Y"
ELEMENTS_PATH: "/opt/stack/diskimage-builder/elements:/opt/stack/elements:/opt/project-config/nodepool/elements"
extra_kernel_options: intel_iommu=off

206
templates/bifrost/create_bridge.py.erb
View File

@ -1,206 +0,0 @@
#!/usr/bin/python
# Copyright (c) 2016 Yolanda Robla
# Copyright (c) 2016 Hewlett-Packard Development Company, L.P.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import json
import os
import platform
import subprocess
import sys
from glean import systemlock
from glean.cmd import get_config_drive_interfaces, get_sys_interfaces
def configure_bridge_debian(interface, interface_name, bridge_name, vlan_raw_device=None):
if 'vlan_id' in interface:
vlan_content = 'vlan-raw-device %s' % vlan_raw_device
else:
vlan_content = ''
network_file = '/etc/network/interfaces.d/%s.cfg' % interface_name
bridge_file = '/etc/network/interfaces.d/%s.cfg' % bridge_name
# generate interface content depending on data
interface_file_content = """
auto {net_name}
iface {net_name} inet manual
{vlan_content}
"""
interface_file_content = interface_file_content.format(
net_name=interface_name,
vlan_content=vlan_content)
with open(network_file, 'w') as target_file:
target_file.write(interface_file_content)
# generate bridge content depending on data
bridge_file_content = """
auto {bridge_name}
iface {bridge_name} inet static
bridge_ports {net_name}
bridge_hello 2
bridge_maxage 12
bridge_stp off
address {ipv4_address}
netmask {netmask}
gateway {gateway}
dns-nameservers {nameservers}
"""
bridge_file_content = bridge_file_content.format(
bridge_name=bridge_name,
net_name=interface_name,
ipv4_address=interface['ip_address'],
netmask=interface['netmask'],
gateway=interface['routes'][0]['gateway'],
nameservers=' '.join(interface['dns_nameservers']))
with open(bridge_file, 'w') as target_file:
target_file.write(bridge_file_content)
# turn down pre-existing interface and start the bridge
# because at this point, glean has already configured
# previous interface that needs to be overriden.
# This will only happen at first time that the bridge
# is configured, because on reboots, we won't reach this
# configure_bridge method
subprocess.call(['ifdown', interface_name])
subprocess.call(['ifup', bridge_name])
def configure_bridge_rh(interface, interface_name, bridge_name, vlan_raw_device=None):
if 'vlan_id' in interface:
vlan_content = 'VLAN=YES'
else:
vlan_content = ''
network_file = '/etc/sysconfig/network-scripts/ifcfg-%s' % interface_name
bridge_file = '/etc/sysconfig/network-scripts/ifcfg-%s' % bridge_name
# generate interface content depending on data
interface_file_content = """
DEVICE={net_name}
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
TYPE=Ethernet
{vlan_content}
BRIDGE={bridge_name}
"""
interface_file_content = interface_file_content.format(
net_name=interface_name,
vlan_content=vlan_content,
bridge_name=bridge_name)
with open(network_file, 'w') as target_file:
target_file.write(interface_file_content)
# generate bridge content depending on data
bridge_file_content = """
DEVICE={bridge_name}
TYPE=Bridge
IPADDR={ipv4_address}
NETMASK={netmask}
GATEWAY={gateway}
STP=off
HELLO=2
MAXAGE=12
DNS={nameservers}
"""
bridge_file_content = bridge_file_content.format(
bridge_name=bridge_name,
ipv4_address=interface['ip_address'],
netmask=interface['netmask'],
gateway=interface['routes'][0]['gateway'],
nameservers=' '.join(interface['dns_nameservers']))
with open(bridge_file, 'w') as target_file:
target_file.write(bridge_file_content)
# restart networking to properly pick interfaces
subprocess.call(['service', 'network', 'restart'])
# mock object to interact with glean
class MockArgs(object):
pass
def main():
network_info_file = '/mnt/config/openstack/latest/network_info.json'
# detect the platform where we are
distro = platform.dist()[0].lower()
params = MockArgs()
setattr(params, 'root', '/')
setattr(params, 'noop', False)
setattr(params, 'distro', distro)
sys_interfaces = get_sys_interfaces(None, params)
network_info = {}
if os.path.exists(network_info_file):
network_info = json.load(open(network_info_file))
if not network_info:
# we do not have entries on configdrive, skip
sys.exit(0)
interfaces = get_config_drive_interfaces(network_info)
if len(interfaces) == 1:
interface = interfaces[interfaces.keys()[0]]
interface_name = sys_interfaces.get(
interface['id'], interface['id'].replace('ipv4-', ''))
else:
interface = interfaces[[i for i in interfaces.keys()
if 'vlan_id' in interfaces[i]][0]]
interface_name = sys_interfaces[interface['mac_address']]
bridge_name = '<%= @bridge_name -%>'
if 'vlan_id' in interface:
if interface['vlan_id'] in interface_name:
# if we find the entry for the already configured vlan, trim it
interface_name = interface_name.replace(
'.' + interface['vlan_id'], '')
vlan_raw_device = interface_name
interface_name = "{0}.{1}".format(
vlan_raw_device, interface['vlan_id'])
# only configure bridge if not exists
if not os.path.exists('/sys/class/net/%s' % bridge_name):
if distro in ('debian', 'ubuntu'):
configure_bridge_debian(interface, interface_name,
bridge_name, vlan_raw_device)
else:
configure_bridge_rh(interface, interface_name,
bridge_name, vlan_raw_device)
else:
if not os.path.exists('/sys/class/net/%s' % bridge_name):
if distro in ('debian', 'ubuntu'):
configure_bridge_debian(interface, interface_name,
bridge_name)
else:
configure_bridge_rh(interface, interface_name,
bridge_name)
if __name__ == '__main__':
with systemlock.Lock('/tmp/glean.lock'):
sys.exit(main())

9
templates/bifrost/deploy-public-dnsmasq.yaml.erb
View File

@ -1,9 +0,0 @@
---
- hosts: baremetal
connection: local
name: "Set up public dnsmasq"
become: no
tasks:
- name: "Set up static dhcp files"
template: src=templates/dhcp-host.j2 dest=/etc/dnsmasq.d/bifrost.dhcp-hosts.vlan<%= @vlan -%>.d/{{ inventory_hostname }}
delegate_to: localhost

3
templates/bifrost/inventory.hpuswest.json.erb
View File

@ -1,3 +0,0 @@
<% @ironic_deployed_inventory = @ironic_inventory.reject { |k,v| v['disabled'] } -%>
<% @ironic_deployed_inventory.each { |k,v| v['driver_info']['power']['ipmi_password'] = @ipmi_passwords[v['driver_info']['power']['ipmi_address']] } -%>
<%= JSON.pretty_generate(@ironic_deployed_inventory) %>

3
templates/bifrost/inventory.json.erb
View File

@ -1,3 +0,0 @@
<% @ironic_deployed_inventory = @ironic_inventory.reject { |k,v| v['disabled'] } -%>
<% @ironic_deployed_inventory.each { |k,v| v['driver_info']['power']['ipmi_password'] = @ipmi_passwords[v['driver_info']['power']['ipmi_address']] } -%>
<%= JSON.pretty_generate(@ironic_deployed_inventory) %>

19
templates/logs.vhost.erb
View File

@ -1,19 +0,0 @@
# ************************************
# Managed by Puppet
# ************************************
<VirtualHost <%= @vhost_name %>:<%= @port %>>
DocumentRoot <%= @docroot %>
<Directory <%= @docroot %>>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
</Directory>
ErrorLog /var/log/<%= scope.lookupvar("::apache::params::apache_name") %>/<%= @name %>_error.log
LogLevel warn
CustomLog /var/log/<%= scope.lookupvar("::apache::params::apache_name") %>/<%= @name %>_access.log combined
ServerSignature Off
AddType text/plain .log
</VirtualHost>