From 62eb545ad9e63941c28dd14379e9900a41cc5906 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 23 Dec 2015 22:54:56 +0100 Subject: [PATCH] Refactor fixtures & manifests to reduce code lines Create manifests for each project and include them in the right fixtures manifests, so we can reduce the code and avoid dupplicated puppet manifests. Change-Id: I66a98691b3014998f4c2529d2e3389ef1cbcc5f4 --- fixtures/scenario001.pp | 432 ++-------------------------------------- fixtures/scenario002.pp | 418 ++------------------------------------ fixtures/scenario003.pp | 328 +----------------------------- manifests/aodh.pp | 67 +++++++ manifests/ceilometer.pp | 53 +++++ manifests/cinder.pp | 67 +++++++ manifests/glance.pp | 47 +++++ manifests/heat.pp | 51 +++++ manifests/horizon.pp | 14 ++ manifests/neutron.pp | 74 +++++++ manifests/nova.pp | 66 ++++++ manifests/provision.pp | 72 +++++++ manifests/sahara.pp | 47 +++++ manifests/swift.pp | 67 +++++++ manifests/tempest.pp | 104 ++++++++++ manifests/trove.pp | 47 +++++ 16 files changed, 810 insertions(+), 1144 deletions(-) create mode 100644 manifests/aodh.pp create mode 100644 manifests/ceilometer.pp create mode 100644 manifests/cinder.pp create mode 100644 manifests/glance.pp create mode 100644 manifests/heat.pp create mode 100644 manifests/horizon.pp create mode 100644 manifests/neutron.pp create mode 100644 manifests/nova.pp create mode 100644 manifests/provision.pp create mode 100644 manifests/sahara.pp create mode 100644 manifests/swift.pp create mode 100644 manifests/tempest.pp create mode 100644 manifests/trove.pp diff --git a/fixtures/scenario001.pp b/fixtures/scenario001.pp index 2d6f3d57c..c5f3e237a 100644 --- a/fixtures/scenario001.pp +++ b/fixtures/scenario001.pp @@ -19,290 +19,21 @@ include ::openstack_integration::repos include ::openstack_integration::rabbitmq include ::openstack_integration::mysql include ::openstack_integration::keystone - -rabbitmq_user { ['neutron', 'nova', 'cinder', 'ceilometer', 'aodh', 'glance', 'trove']: - admin => true, - password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], -} -rabbitmq_user_permissions { ['neutron@/', 'nova@/', 'cinder@/', 'ceilometer@/', 'aodh@/', 'glance@/', 'trove@/']: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], -} - -# Deploy Glance -class { '::glance::db::mysql': - password => 'glance', -} -include ::glance -include ::glance::backend::file -include ::glance::client -class { '::glance::keystone::auth': - password => 'a_big_secret', -} -class { '::glance::api': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::registry': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::notify::rabbitmq': - rabbit_userid => 'glance', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - notification_driver => 'messagingv2', -} - -# Deploy Neutron -class { '::neutron::db::mysql': - password => 'neutron', -} -class { '::neutron::keystone::auth': - password => 'a_big_secret', -} -class { '::neutron': - rabbit_user => 'neutron', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - allow_overlapping_ips => true, - core_plugin => 'ml2', - service_plugins => ['router', 'metering'], - debug => true, - verbose => true, -} -class { '::neutron::client': } -class { '::neutron::server': - database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8', - auth_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - sync_db => true, - api_workers => 4, -} -class { '::neutron::plugins::ml2': - type_drivers => ['vxlan'], - tenant_network_types => ['vxlan'], - mechanism_drivers => ['openvswitch'], -} -class { '::neutron::agents::ml2::ovs': - enable_tunneling => true, - local_ip => '127.0.0.1', - tunnel_types => ['vxlan'], -} -class { '::neutron::agents::metadata': - debug => true, - auth_password => 'a_big_secret', - shared_secret => 'a_big_secret', - metadata_workers => 2, -} -class { '::neutron::agents::lbaas': - debug => true, -} -class { '::neutron::agents::l3': - debug => true, -} -class { '::neutron::agents::dhcp': - debug => true, -} -class { '::neutron::agents::metering': - debug => true, -} -class { '::neutron::server::notifications': - password => 'a_big_secret', -} - -# Deploy Nova -class { '::nova::db::mysql': - password => 'nova', -} -class { '::nova::keystone::auth': - password => 'a_big_secret', -} -class { '::nova': - database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8', - rabbit_host => '127.0.0.1', - rabbit_userid => 'nova', - rabbit_password => 'an_even_bigger_secret', - glance_api_servers => 'localhost:9292', - verbose => true, - debug => true, - notification_driver => 'messagingv2', - notify_on_state_change => 'vm_and_task_state', -} -class { '::nova::api': - admin_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - osapi_v3 => true, - neutron_metadata_proxy_shared_secret => 'a_big_secret', - osapi_compute_workers => 2, - ec2_workers => 2, - metadata_workers => 2, - default_floating_pool => 'public', -} -class { '::nova::cert': } -class { '::nova::client': } -class { '::nova::conductor': } -class { '::nova::consoleauth': } -class { '::nova::cron::archive_deleted_rows': } -class { '::nova::compute': - vnc_enabled => true, - instance_usage_audit => true, - instance_usage_audit_period => 'hour', -} -class { '::nova::compute::libvirt': - libvirt_virt_type => 'qemu', - migration_support => true, - vncserver_listen => '0.0.0.0', -} -class { '::nova::scheduler': } -class { '::nova::vncproxy': } -class { '::nova::network::neutron': - neutron_admin_password => 'a_big_secret', - neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0', -} - -# Deploy Cinder -class { '::cinder::db::mysql': - password => 'cinder', -} -class { '::cinder::keystone::auth': - password => 'a_big_secret', -} -class { '::cinder': - database_connection => 'mysql://cinder:cinder@127.0.0.1/cinder?charset=utf8', - rabbit_host => '127.0.0.1', - rabbit_userid => 'cinder', - rabbit_password => 'an_even_bigger_secret', - verbose => true, - debug => true, -} -class { '::cinder::api': - keystone_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - default_volume_type => 'BACKEND_1', - service_workers => 2, -} -class { '::cinder::quota': } -class { '::cinder::scheduler': } -class { '::cinder::scheduler::filter': } -class { '::cinder::volume': } -class { '::cinder::cron::db_purge': } -class { '::cinder::glance': - glance_api_servers => 'localhost:9292', -} -class { '::cinder::setup_test_volume': - size => '15G', -} -cinder::backend::iscsi { 'BACKEND_1': - iscsi_ip_address => '127.0.0.1', -} -class { '::cinder::backends': - enabled_backends => ['BACKEND_1'], -} -Cinder::Type { - os_password => 'a_big_secret', - os_tenant_name => 'services', - os_username => 'cinder', - os_auth_url => 'http://127.0.0.1:5000/v2.0', -} -cinder::type { 'BACKEND_1': - set_key => 'volume_backend_name', - set_value => 'BACKEND_1', - notify => Service['cinder-volume'], - require => Service['cinder-api'], -} - -# Deploy Ceilometer -class { '::ceilometer': - metering_secret => 'secrete', - rabbit_userid => 'ceilometer', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - debug => true, - verbose => true, -} -class { '::ceilometer::db::mysql': - password => 'ceilometer', -} -class { '::ceilometer::db': - database_connection => 'mysql://ceilometer:ceilometer@127.0.0.1/ceilometer?charset=utf8', -} -class { '::ceilometer::keystone::auth': - password => 'a_big_secret', -} -class { '::ceilometer::api': - enabled => true, - keystone_password => 'a_big_secret', - keystone_identity_uri => 'http://127.0.0.1:35357/', - service_name => 'httpd', -} -class { '::ceilometer::wsgi::apache': - ssl => false, - workers => '2', -} -class { '::ceilometer::collector': } -class { '::ceilometer::expirer': } -class { '::ceilometer::agent::notification': } -class { '::ceilometer::agent::polling': } -class { '::ceilometer::agent::auth': - auth_password => 'a_big_secret', - auth_url => 'http://127.0.0.1:5000/v2.0', -} +include ::openstack_integration::glance +include ::openstack_integration::neutron +include ::openstack_integration::nova +include ::openstack_integration::cinder +include ::openstack_integration::ceilometer +include ::openstack_integration::aodh +include ::openstack_integration::trove +include ::openstack_integration::provision # Aodh is not yet packaged in UCA, but only in RDO. case $::osfamily { 'Debian': { - class { '::ceilometer::alarm::evaluator': } - class { '::ceilometer::alarm::notifier': } - # for tempest $aodh_enabled = false } 'RedHat': { - class { '::aodh': - rabbit_userid => 'aodh', - rabbit_password => 'an_even_bigger_secret', - verbose => true, - debug => true, - rabbit_host => '127.0.0.1', - database_connection => 'mysql://aodh:aodh@127.0.0.1/aodh?charset=utf8', - } - class { '::aodh::db::mysql': - password => 'aodh', - } - class { '::aodh::keystone::auth': - password => 'a_big_secret', - } - class { '::aodh::api': - enabled => true, - keystone_password => 'a_big_secret', - keystone_identity_uri => 'http://127.0.0.1:35357/', - keystone_auth_uri => 'http://127.0.0.1:35357/', - service_name => 'httpd', - } - class { '::aodh::wsgi::apache': - ssl => false, - } - class { '::aodh::auth': - auth_url => 'http://127.0.0.1:5000/v2.0', - auth_password => 'a_big_secret', - } - class { '::aodh::client': } - class { '::aodh::notifier': } - class { '::aodh::listener': } - class { '::aodh::evaluator': } - class { '::aodh::db::sync': } - # for tempest $aodh_enabled = true } default: { @@ -310,146 +41,9 @@ case $::osfamily { } } -# Deploy Trove -class { '::trove': - database_connection => 'mysql://trove:trove@127.0.0.1/trove?charset=utf8', - rabbit_userid => 'trove', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - nova_proxy_admin_pass => 'a_big_secret', -} -class { '::trove::db::mysql': - password => 'trove', -} -class { '::trove::keystone::auth': - password => 'a_big_secret', -} -class { '::trove::api': - keystone_password => 'a_big_secret', - auth_url => 'http://127.0.0.1:35357/', - debug => true, - verbose => true, - workers => 2, -} -class { '::trove::client': } -class { '::trove::conductor': - debug => true, - verbose => true, -} -class { '::trove::taskmanager': - debug => true, - verbose => true, -} - -# Configure Tempest and the resources -$os_auth_options = '--os-username admin --os-password a_big_secret --os-tenant-name openstack --os-auth-url http://127.0.0.1:5000/v2.0' - -exec { 'manage_m1.nano_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.nano 42 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.nano", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.nano_nova_flavor'] - -exec { 'manage_m1.micro_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.micro 84 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.micro", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.micro_nova_flavor'] - -neutron_network { 'public': - tenant_name => 'openstack', - router_external => true, -} -Keystone_user_role['admin@openstack'] -> Neutron_network<||> - -neutron_subnet { 'public-subnet': - cidr => '172.24.5.0/24', - ip_version => '4', - allocation_pools => ['start=172.24.5.10,end=172.24.5.200'], - gateway_ip => '172.24.5.1', - enable_dhcp => false, - network_name => 'public', - tenant_name => 'openstack', -} - -include ::vswitch::ovs -vs_bridge { 'br-ex': - ensure => present, - notify => Exec['create_br-ex_vif'], -} - -# creates br-ex virtual interface to reach floating-ip network -exec { 'create_br-ex_vif': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => 'ip addr add 172.24.5.1/24 dev br-ex; ip link set br-ex up', - refreshonly => true, -} - -glance_image { 'cirros': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} -glance_image { 'cirros_alt': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} - -class { '::tempest': - debug => true, - use_stderr => false, - log_file => 'tempest.log', - tempest_clone_owner => $::id, - git_clone => false, - tempest_clone_path => '/tmp/openstack/tempest', - lock_path => '/tmp/openstack/tempest', - tempest_config_file => '/tmp/openstack/tempest/etc/tempest.conf', - configure_images => true, - configure_networks => true, - identity_uri => 'http://127.0.0.1:5000/v2.0', - identity_uri_v3 => 'http://127.0.0.1:5000/v3', - admin_username => 'admin', - admin_tenant_name => 'openstack', - admin_password => 'a_big_secret', - admin_domain_name => 'Default', - auth_version => 'v3', - image_name => 'cirros', - image_name_alt => 'cirros_alt', - cinder_available => true, - glance_available => true, - horizon_available => false, - nova_available => true, - neutron_available => true, - ceilometer_available => true, - aodh_available => $aodh_enabled, - trove_available => true, - sahara_available => false, - heat_available => false, - swift_available => false, - public_network_name => 'public', - flavor_ref => '42', - flavor_ref_alt => '84', - image_ssh_user => 'cirros', - image_alt_ssh_user => 'cirros', - img_file => 'cirros-0.3.4-x86_64-disk.img', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # img_dir => '/home/jenkins/cache/files', - img_dir => '/tmp/openstack/tempest', +class { '::openstack_integration::tempest': + cinder => true, + ceilometer => true, + aodh => $aodh_enabled, + trove => true, } diff --git a/fixtures/scenario002.pp b/fixtures/scenario002.pp index 0fdd63d11..03dd4c7e8 100644 --- a/fixtures/scenario002.pp +++ b/fixtures/scenario002.pp @@ -19,410 +19,18 @@ include ::openstack_integration::repos include ::openstack_integration::rabbitmq include ::openstack_integration::mysql include ::openstack_integration::keystone +include ::openstack_integration::glance +include ::openstack_integration::neutron +include ::openstack_integration::nova +include ::openstack_integration::heat +include ::openstack_integration::horizon +include ::openstack_integration::sahara +include ::openstack_integration::swift +include ::openstack_integration::provision -rabbitmq_user { ['glance', 'nova', 'neutron', 'sahara', 'heat']: - admin => true, - password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], -} -rabbitmq_user_permissions { ['glance@/', 'nova@/', 'neutron@/', 'sahara@/', 'heat@/']: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['::rabbitmq'], -} - -# Deploy Glance -class { '::glance::db::mysql': - password => 'glance', -} -include ::glance -include ::glance::backend::file -include ::glance::client -class { '::glance::keystone::auth': - password => 'a_big_secret', -} -class { '::glance::api': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::registry': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::notify::rabbitmq': - rabbit_userid => 'glance', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - notification_driver => 'messagingv2', -} - -# Deploy Neutron -class { '::neutron::db::mysql': - password => 'neutron', -} -class { '::neutron::keystone::auth': - password => 'a_big_secret', -} -class { '::neutron': - rabbit_user => 'neutron', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - allow_overlapping_ips => true, - core_plugin => 'ml2', - service_plugins => ['router', 'metering'], - debug => true, - verbose => true, -} -class { '::neutron::client': } -class { '::neutron::server': - database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8', - auth_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - sync_db => true, - api_workers => 4, -} -class { '::neutron::plugins::ml2': - type_drivers => ['vxlan'], - tenant_network_types => ['vxlan'], - mechanism_drivers => ['openvswitch'], -} -class { '::neutron::agents::ml2::ovs': - enable_tunneling => true, - local_ip => '127.0.0.1', - tunnel_types => ['vxlan'], -} -class { '::neutron::agents::metadata': - debug => true, - auth_password => 'a_big_secret', - shared_secret => 'a_big_secret', - metadata_workers => 2, -} -class { '::neutron::agents::lbaas': - debug => true, -} -class { '::neutron::agents::l3': - debug => true, -} -class { '::neutron::agents::dhcp': - debug => true, -} -class { '::neutron::agents::metering': - debug => true, -} -class { '::neutron::server::notifications': - password => 'a_big_secret', -} - -# Deploy Nova -class { '::nova::db::mysql': - password => 'nova', -} -class { '::nova::keystone::auth': - password => 'a_big_secret', -} -class { '::nova': - database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8', - rabbit_host => '127.0.0.1', - rabbit_userid => 'nova', - rabbit_password => 'an_even_bigger_secret', - glance_api_servers => 'localhost:9292', - verbose => true, - debug => true, - notification_driver => 'messagingv2', - notify_on_state_change => 'vm_and_task_state', -} -class { '::nova::api': - admin_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - osapi_v3 => true, - neutron_metadata_proxy_shared_secret => 'a_big_secret', - osapi_compute_workers => 2, - ec2_workers => 2, - metadata_workers => 2, - default_floating_pool => 'public', -} -class { '::nova::cert': } -class { '::nova::client': } -class { '::nova::conductor': } -class { '::nova::consoleauth': } -class { '::nova::cron::archive_deleted_rows': } -class { '::nova::compute': - vnc_enabled => true, - instance_usage_audit => true, - instance_usage_audit_period => 'hour', -} -class { '::nova::compute::libvirt': - libvirt_virt_type => 'qemu', - migration_support => true, - vncserver_listen => '0.0.0.0', -} -class { '::nova::scheduler': } -class { '::nova::vncproxy': } -class { '::nova::network::neutron': - neutron_admin_password => 'a_big_secret', - neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0', -} - -# Deploy Sahara -class { '::sahara::db::mysql': - password => 'sahara', -} -class { '::sahara::keystone::auth': - password => 'a_big_secret', -} -class { '::sahara': - database_connection => 'mysql://sahara:sahara@127.0.0.1/sahara?charset=utf8', - # two plugins because of hardcode in tempest: - # https://github.com/openstack/tempest/blob/master/tempest/config.py#L923 - plugins => ['vanilla', 'hdp'], - rabbit_userid => 'sahara', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - rpc_backend => 'rabbit', - admin_password => 'a_big_secret', - admin_user => 'sahara', - admin_tenant_name => 'services', - debug => true, - verbose => true, -} -class { '::sahara::service::api': - api_workers => 2, -} -class { '::sahara::service::engine': } -class { '::sahara::client': } -class { '::sahara::notify': - enable_notifications => true, -} - -# Deploy Heat -class { '::heat': - rabbit_userid => 'heat', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - database_connection => 'mysql://heat:heat@127.0.0.1/heat?charset=utf8', - identity_uri => 'http://127.0.0.1:35357/', - keystone_password => 'a_big_secret', - debug => true, - verbose => true, -} -class { '::heat::db::mysql': - password => 'heat', -} -class { '::heat::keystone::auth': - password => 'a_big_secret', - configure_delegated_roles => true, -} -class { '::heat::keystone::domain': - domain_password => 'oh_my_no_secret', -} -class { '::heat::client': } -class { '::heat::api': - workers => '2', -} -class { '::heat::engine': - auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12', -} -class { '::heat::api_cloudwatch': - workers => '2', -} -class { '::heat::api_cfn': - workers => '2', -} - -# Deploy Swift -include ::memcached -class { '::swift': - swift_hash_suffix => 'secrete', -} -class { '::swift::proxy': - proxy_local_net_ip => '127.0.0.1', - workers => '4', - pipeline => [ -'catch_errors', 'healthcheck', 'cache', 'tempurl', 'ratelimit', -'authtoken', 'keystone', 'formpost', 'staticweb', 'container_quotas', -'account_quotas', 'proxy-logging', 'proxy-server' - ], -} -include ::swift::proxy::catch_errors -include ::swift::proxy::healthcheck -include ::swift::proxy::proxy_logging -include ::swift::proxy::cache -include ::swift::proxy::tempurl -include ::swift::proxy::ratelimit -class { '::swift::proxy::authtoken': - auth_uri => 'http://127.0.0.1:5000/v2.0', - identity_uri => 'http://127.0.0.1:35357/', - admin_password => 'a_big_secret', -} -class { '::swift::proxy::keystone': - operator_roles => ['Member', 'admin', 'SwiftOperator'] -} -include ::swift::proxy::formpost -include ::swift::proxy::staticweb -include ::swift::proxy::container_quotas -include ::swift::proxy::account_quotas -include ::swift::proxy::tempauth -class { '::swift::keystone::auth': - password => 'a_big_secret', - operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], -} -file { '/srv/node': - ensure => directory, - owner => 'swift', - group => 'swift', - require => Package['swift'], -} -include ::swift::ringbuilder -class { '::swift::storage::all': - storage_local_net_ip => '127.0.0.1', - incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', - outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', -} -$swift_components = ['account', 'container', 'object'] -swift::storage::filter::recon { $swift_components : } -swift::storage::filter::healthcheck { $swift_components : } -ring_object_device { '127.0.0.1:6000/1': - zone => 1, - weight => 1, -} -ring_container_device { '127.0.0.1:6001/1': - zone => 1, - weight => 1, -} -ring_account_device { '127.0.0.1:6002/1': - zone => 1, - weight => 1, -} - -# Deploy Horizon -$vhost_params = { add_listen => false } -class { '::horizon': - secret_key => 'big_secret', - vhost_extra_params => $vhost_params, - servername => $::hostname, - allowed_hosts => $::hostname, - # need to disable offline compression due to - # https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1424042 - compress_offline => false, -} - -# Configure Tempest and the resources -$os_auth_options = '--os-username admin --os-password a_big_secret --os-tenant-name openstack --os-auth-url http://127.0.0.1:5000/v2.0' - -exec { 'manage_m1.nano_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.nano 42 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.nano", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.nano_nova_flavor'] - -exec { 'manage_m1.micro_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.micro 84 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.micro", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.micro_nova_flavor'] - -neutron_network { 'public': - tenant_name => 'openstack', - router_external => true, -} -Keystone_user_role['admin@openstack'] -> Neutron_network<||> - -neutron_subnet { 'public-subnet': - cidr => '172.24.5.0/24', - ip_version => '4', - allocation_pools => ['start=172.24.5.10,end=172.24.5.200'], - gateway_ip => '172.24.5.1', - enable_dhcp => false, - network_name => 'public', - tenant_name => 'openstack', -} - -include ::vswitch::ovs -vs_bridge { 'br-ex': - ensure => present, - notify => Exec['create_br-ex_vif'], -} - -# creates br-ex virtual interface to reach floating-ip network -exec { 'create_br-ex_vif': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => 'ip addr add 172.24.5.1/24 dev br-ex; ip link set br-ex up', - refreshonly => true, -} - -glance_image { 'cirros': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} -glance_image { 'cirros_alt': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} - -class { '::tempest': - debug => true, - use_stderr => false, - log_file => 'tempest.log', - tempest_clone_owner => $::id, - git_clone => false, - tempest_clone_path => '/tmp/openstack/tempest', - lock_path => '/tmp/openstack/tempest', - tempest_config_file => '/tmp/openstack/tempest/etc/tempest.conf', - configure_images => true, - configure_networks => true, - identity_uri => 'http://127.0.0.1:5000/v2.0', - identity_uri_v3 => 'http://127.0.0.1:5000/v3', - admin_username => 'admin', - admin_tenant_name => 'openstack', - admin_password => 'a_big_secret', - admin_domain_name => 'Default', - auth_version => 'v3', - image_name => 'cirros', - image_name_alt => 'cirros_alt', - cinder_available => false, - glance_available => true, - horizon_available => true, - nova_available => true, - neutron_available => true, - ceilometer_available => false, - sahara_available => true, - heat_available => true, - swift_available => true, - public_network_name => 'public', - flavor_ref => '42', - flavor_ref_alt => '84', - image_ssh_user => 'cirros', - image_alt_ssh_user => 'cirros', - img_file => 'cirros-0.3.4-x86_64-disk.img', - dashboard_url => "http://${::hostname}/", - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # img_dir => '/home/jenkins/cache/files', - img_dir => '/tmp/openstack/tempest', +class { '::openstack_integration::tempest': + horizon => true, + sahara => true, + heat => true, + swift => true, } diff --git a/fixtures/scenario003.pp b/fixtures/scenario003.pp index 0e8442f5d..9628a179b 100644 --- a/fixtures/scenario003.pp +++ b/fixtures/scenario003.pp @@ -19,325 +19,13 @@ include ::openstack_integration::repos include ::openstack_integration::rabbitmq include ::openstack_integration::mysql include ::openstack_integration::keystone +include ::openstack_integration::glance +include ::openstack_integration::neutron +include ::openstack_integration::nova +include ::openstack_integration::cinder +include ::openstack_integration::horizon +include ::openstack_integration::provision -rabbitmq_user { ['neutron', 'nova', 'cinder', 'glance']: - admin => true, - password => 'an_even_bigger_secret', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], -} -rabbitmq_user_permissions { ['neutron@/', 'nova@/', 'cinder@/', 'glance@/']: - configure_permission => '.*', - write_permission => '.*', - read_permission => '.*', - provider => 'rabbitmqctl', - require => Class['rabbitmq'], -} - -# Deploy Glance -class { '::glance::db::mysql': - password => 'glance', -} -include ::glance -include ::glance::backend::file -include ::glance::client -class { '::glance::keystone::auth': - password => 'a_big_secret', -} -class { '::glance::api': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::registry': - debug => true, - verbose => true, - database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', - keystone_password => 'a_big_secret', - workers => 2, -} -class { '::glance::notify::rabbitmq': - rabbit_userid => 'glance', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - notification_driver => 'messagingv2', -} - -# Deploy Neutron -class { '::neutron::db::mysql': - password => 'neutron', -} -class { '::neutron::keystone::auth': - password => 'a_big_secret', -} -class { '::neutron': - rabbit_user => 'neutron', - rabbit_password => 'an_even_bigger_secret', - rabbit_host => '127.0.0.1', - allow_overlapping_ips => true, - core_plugin => 'ml2', - service_plugins => ['router', 'metering'], - debug => true, - verbose => true, -} -class { '::neutron::client': } -class { '::neutron::server': - database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8', - auth_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - sync_db => true, - api_workers => 4, -} -class { '::neutron::plugins::ml2': - type_drivers => ['vxlan'], - tenant_network_types => ['vxlan'], - mechanism_drivers => ['openvswitch'], -} -class { '::neutron::agents::ml2::ovs': - enable_tunneling => true, - local_ip => '127.0.0.1', - tunnel_types => ['vxlan'], -} -class { '::neutron::agents::metadata': - debug => true, - auth_password => 'a_big_secret', - shared_secret => 'a_big_secret', - metadata_workers => 2, -} -class { '::neutron::agents::lbaas': - debug => true, -} -class { '::neutron::agents::l3': - debug => true, -} -class { '::neutron::agents::dhcp': - debug => true, -} -class { '::neutron::agents::metering': - debug => true, -} -class { '::neutron::server::notifications': - nova_admin_password => 'a_big_secret', -} - -# Deploy Nova -class { '::nova::db::mysql': - password => 'nova', -} -class { '::nova::keystone::auth': - password => 'a_big_secret', -} -class { '::nova': - database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8', - rabbit_host => '127.0.0.1', - rabbit_userid => 'nova', - rabbit_password => 'an_even_bigger_secret', - glance_api_servers => 'localhost:9292', - verbose => true, - debug => true, - notification_driver => 'messagingv2', - notify_on_state_change => 'vm_and_task_state', -} -class { '::nova::api': - admin_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - osapi_v3 => true, - neutron_metadata_proxy_shared_secret => 'a_big_secret', - osapi_compute_workers => 2, - ec2_workers => 2, - metadata_workers => 2, - default_floating_pool => 'public', -} -class { '::nova::cert': } -class { '::nova::client': } -class { '::nova::conductor': } -class { '::nova::consoleauth': } -class { '::nova::cron::archive_deleted_rows': } -class { '::nova::compute': - vnc_enabled => true, - instance_usage_audit => true, - instance_usage_audit_period => 'hour', -} -class { '::nova::compute::libvirt': - libvirt_virt_type => 'qemu', - migration_support => true, - vncserver_listen => '0.0.0.0', -} -class { '::nova::scheduler': } -class { '::nova::vncproxy': } -class { '::nova::network::neutron': - neutron_admin_password => 'a_big_secret', - neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0', -} - -# Deploy Cinder -class { '::cinder::db::mysql': - password => 'cinder', -} -class { '::cinder::keystone::auth': - password => 'a_big_secret', -} -class { '::cinder': - database_connection => 'mysql://cinder:cinder@127.0.0.1/cinder?charset=utf8', - rabbit_host => '127.0.0.1', - rabbit_userid => 'cinder', - rabbit_password => 'an_even_bigger_secret', - verbose => true, - debug => true, -} -class { '::cinder::api': - keystone_password => 'a_big_secret', - identity_uri => 'http://127.0.0.1:35357/', - default_volume_type => 'BACKEND_1', - service_workers => 2, -} -class { '::cinder::quota': } -class { '::cinder::scheduler': } -class { '::cinder::scheduler::filter': } -class { '::cinder::volume': } -class { '::cinder::cron::db_purge': } -class { '::cinder::glance': - glance_api_servers => 'localhost:9292', -} -class { '::cinder::setup_test_volume': - size => '15G', -} -cinder::backend::iscsi { 'BACKEND_1': - iscsi_ip_address => '127.0.0.1', -} -class { '::cinder::backends': - enabled_backends => ['BACKEND_1'], -} -Cinder::Type { - os_password => 'a_big_secret', - os_tenant_name => 'services', - os_username => 'cinder', - os_auth_url => 'http://127.0.0.1:5000/v2.0', -} -cinder::type { 'BACKEND_1': - set_key => 'volume_backend_name', - set_value => 'BACKEND_1', - notify => Service['cinder-volume'], - require => Service['cinder-api'], -} - -# Deploy Horizon -$vhost_params = { add_listen => false } -class { '::horizon': - secret_key => 'big_secret', - vhost_extra_params => $vhost_params, - servername => $::hostname, - allowed_hosts => $::hostname, - # need to disable offline compression due to - # https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1424042 - compress_offline => false, -} - -# Configure Tempest and the resources -$os_auth_options = '--os-username admin --os-password a_big_secret --os-tenant-name openstack --os-auth-url http://127.0.0.1:5000/v2.0' - -exec { 'manage_m1.nano_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.nano 42 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.nano", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.nano_nova_flavor'] - -exec { 'manage_m1.micro_nova_flavor': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => "nova ${os_auth_options} flavor-create m1.micro 84 128 0 1", - unless => "nova ${os_auth_options} flavor-list | grep m1.micro", -} -Keystone_user_role['admin@openstack'] -> Exec['manage_m1.micro_nova_flavor'] - -neutron_network { 'public': - tenant_name => 'openstack', - router_external => true, -} -Keystone_user_role['admin@openstack'] -> Neutron_network<||> - -neutron_subnet { 'public-subnet': - cidr => '172.24.5.0/24', - ip_version => '4', - allocation_pools => ['start=172.24.5.10,end=172.24.5.200'], - gateway_ip => '172.24.5.1', - enable_dhcp => false, - network_name => 'public', - tenant_name => 'openstack', -} - -include ::vswitch::ovs -vs_bridge { 'br-ex': - ensure => present, - notify => Exec['create_br-ex_vif'], -} - -# creates br-ex virtual interface to reach floating-ip network -exec { 'create_br-ex_vif': - path => '/usr/bin:/bin:/usr/sbin:/sbin', - provider => shell, - command => 'ip addr add 172.24.5.1/24 dev br-ex; ip link set br-ex up', - refreshonly => true, -} - -glance_image { 'cirros': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} -glance_image { 'cirros_alt': - ensure => present, - container_format => 'bare', - disk_format => 'qcow2', - is_public => 'yes', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', - source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', -} - -class { '::tempest': - debug => true, - use_stderr => false, - log_file => 'tempest.log', - git_clone => false, - tempest_clone_path => '/tmp/openstack/tempest', - tempest_clone_owner => $::id, - lock_path => '/tmp/tempest', - tempest_config_file => '/tmp/openstack/tempest/etc/tempest.conf', - configure_images => true, - configure_networks => true, - identity_uri => 'http://127.0.0.1:5000/v2.0', - identity_uri_v3 => 'http://127.0.0.1:5000/v3', - admin_username => 'admin', - admin_tenant_name => 'openstack', - admin_password => 'a_big_secret', - admin_domain_name => 'Default', - auth_version => 'v3', - image_name => 'cirros', - image_name_alt => 'cirros_alt', - cinder_available => true, - glance_available => true, - horizon_available => true, - nova_available => true, - neutron_available => true, - public_network_name => 'public', - flavor_ref => '42', - flavor_ref_alt => '84', - image_ssh_user => 'cirros', - image_alt_ssh_user => 'cirros', - img_file => 'cirros-0.3.4-x86_64-disk.img', - # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source - # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. - # img_dir => '/home/jenkins/cache/files', - img_dir => '/tmp/tempest', +class { '::openstack_integration::tempest': + horizon => true, } diff --git a/manifests/aodh.pp b/manifests/aodh.pp new file mode 100644 index 000000000..cd1f7367b --- /dev/null +++ b/manifests/aodh.pp @@ -0,0 +1,67 @@ +class openstack_integration::aodh { + + rabbitmq_user { 'aodh': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'aodh@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + # Aodh is not yet packaged in UCA, but only in RDO. + case $::osfamily { + 'Debian': { + class { '::ceilometer::alarm::evaluator': } + class { '::ceilometer::alarm::notifier': } + # for tempest + $aodh_enabled = false + } + 'RedHat': { + class { '::aodh': + rabbit_userid => 'aodh', + rabbit_password => 'an_even_bigger_secret', + verbose => true, + debug => true, + rabbit_host => '127.0.0.1', + database_connection => 'mysql://aodh:aodh@127.0.0.1/aodh?charset=utf8', + } + class { '::aodh::db::mysql': + password => 'aodh', + } + class { '::aodh::keystone::auth': + password => 'a_big_secret', + } + class { '::aodh::api': + enabled => true, + keystone_password => 'a_big_secret', + keystone_identity_uri => 'http://127.0.0.1:35357/', + keystone_auth_uri => 'http://127.0.0.1:35357/', + service_name => 'httpd', + } + class { '::aodh::wsgi::apache': + ssl => false, + } + class { '::aodh::auth': + auth_url => 'http://127.0.0.1:5000/v2.0', + auth_password => 'a_big_secret', + } + class { '::aodh::client': } + class { '::aodh::notifier': } + class { '::aodh::listener': } + class { '::aodh::evaluator': } + class { '::aodh::db::sync': } + # for tempest + $aodh_enabled = true + } + default: { + fail("Unsupported osfamily (${::osfamily})") + } + } + +} diff --git a/manifests/ceilometer.pp b/manifests/ceilometer.pp new file mode 100644 index 000000000..72a75a22d --- /dev/null +++ b/manifests/ceilometer.pp @@ -0,0 +1,53 @@ +class openstack_integration::ceilometer { + + rabbitmq_user { 'ceilometer': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'ceilometer@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::ceilometer': + metering_secret => 'secrete', + rabbit_userid => 'ceilometer', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + debug => true, + verbose => true, + } + class { '::ceilometer::db::mysql': + password => 'ceilometer', + } + class { '::ceilometer::db': + database_connection => 'mysql://ceilometer:ceilometer@127.0.0.1/ceilometer?charset=utf8', + } + class { '::ceilometer::keystone::auth': + password => 'a_big_secret', + } + class { '::ceilometer::api': + enabled => true, + keystone_password => 'a_big_secret', + keystone_identity_uri => 'http://127.0.0.1:35357/', + service_name => 'httpd', + } + class { '::ceilometer::wsgi::apache': + ssl => false, + workers => '2', + } + class { '::ceilometer::collector': } + class { '::ceilometer::expirer': } + class { '::ceilometer::agent::notification': } + class { '::ceilometer::agent::polling': } + class { '::ceilometer::agent::auth': + auth_password => 'a_big_secret', + auth_url => 'http://127.0.0.1:5000/v2.0', + } + +} diff --git a/manifests/cinder.pp b/manifests/cinder.pp new file mode 100644 index 000000000..4650ed780 --- /dev/null +++ b/manifests/cinder.pp @@ -0,0 +1,67 @@ +class openstack_integration::cinder { + + rabbitmq_user { 'cinder': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'cinder@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::cinder::db::mysql': + password => 'cinder', + } + class { '::cinder::keystone::auth': + password => 'a_big_secret', + } + class { '::cinder': + database_connection => 'mysql://cinder:cinder@127.0.0.1/cinder?charset=utf8', + rabbit_host => '127.0.0.1', + rabbit_userid => 'cinder', + rabbit_password => 'an_even_bigger_secret', + verbose => true, + debug => true, + } + class { '::cinder::api': + keystone_password => 'a_big_secret', + identity_uri => 'http://127.0.0.1:35357/', + default_volume_type => 'BACKEND_1', + service_workers => 2, + } + class { '::cinder::quota': } + class { '::cinder::scheduler': } + class { '::cinder::scheduler::filter': } + class { '::cinder::volume': } + class { '::cinder::cron::db_purge': } + class { '::cinder::glance': + glance_api_servers => 'localhost:9292', + } + class { '::cinder::setup_test_volume': + size => '15G', + } + cinder::backend::iscsi { 'BACKEND_1': + iscsi_ip_address => '127.0.0.1', + } + class { '::cinder::backends': + enabled_backends => ['BACKEND_1'], + } + Cinder::Type { + os_password => 'a_big_secret', + os_tenant_name => 'services', + os_username => 'cinder', + os_auth_url => 'http://127.0.0.1:5000/v2.0', + } + cinder::type { 'BACKEND_1': + set_key => 'volume_backend_name', + set_value => 'BACKEND_1', + notify => Service['cinder-volume'], + require => Service['cinder-api'], + } + +} diff --git a/manifests/glance.pp b/manifests/glance.pp new file mode 100644 index 000000000..6a92bac78 --- /dev/null +++ b/manifests/glance.pp @@ -0,0 +1,47 @@ +class openstack_integration::glance { + + rabbitmq_user { 'glance': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'glance@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::glance::db::mysql': + password => 'glance', + } + include ::glance + include ::glance::backend::file + include ::glance::client + class { '::glance::keystone::auth': + password => 'a_big_secret', + } + class { '::glance::api': + debug => true, + verbose => true, + database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', + keystone_password => 'a_big_secret', + workers => 2, + } + class { '::glance::registry': + debug => true, + verbose => true, + database_connection => 'mysql://glance:glance@127.0.0.1/glance?charset=utf8', + keystone_password => 'a_big_secret', + workers => 2, + } + class { '::glance::notify::rabbitmq': + rabbit_userid => 'glance', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + notification_driver => 'messagingv2', + } + +} diff --git a/manifests/heat.pp b/manifests/heat.pp new file mode 100644 index 000000000..5b333faab --- /dev/null +++ b/manifests/heat.pp @@ -0,0 +1,51 @@ +class openstack_integration::heat { + + rabbitmq_user { 'heat': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'heat@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::heat': + rabbit_userid => 'heat', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + database_connection => 'mysql://heat:heat@127.0.0.1/heat?charset=utf8', + identity_uri => 'http://127.0.0.1:35357/', + keystone_password => 'a_big_secret', + debug => true, + verbose => true, + } + class { '::heat::db::mysql': + password => 'heat', + } + class { '::heat::keystone::auth': + password => 'a_big_secret', + configure_delegated_roles => true, + } + class { '::heat::keystone::domain': + domain_password => 'oh_my_no_secret', + } + class { '::heat::client': } + class { '::heat::api': + workers => '2', + } + class { '::heat::engine': + auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12', + } + class { '::heat::api_cloudwatch': + workers => '2', + } + class { '::heat::api_cfn': + workers => '2', + } + +} diff --git a/manifests/horizon.pp b/manifests/horizon.pp new file mode 100644 index 000000000..69ce30e71 --- /dev/null +++ b/manifests/horizon.pp @@ -0,0 +1,14 @@ +class openstack_integration::horizon { + + $vhost_params = { add_listen => false } + class { '::horizon': + secret_key => 'big_secret', + vhost_extra_params => $vhost_params, + servername => $::hostname, + allowed_hosts => $::hostname, + # need to disable offline compression due to + # https://bugs.launchpad.net/ubuntu/+source/horizon/+bug/1424042 + compress_offline => false, + } + +} diff --git a/manifests/neutron.pp b/manifests/neutron.pp new file mode 100644 index 000000000..2e1b8a8dc --- /dev/null +++ b/manifests/neutron.pp @@ -0,0 +1,74 @@ +class openstack_integration::neutron { + + rabbitmq_user { 'neutron': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'neutron@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::neutron::db::mysql': + password => 'neutron', + } + class { '::neutron::keystone::auth': + password => 'a_big_secret', + } + class { '::neutron': + rabbit_user => 'neutron', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + allow_overlapping_ips => true, + core_plugin => 'ml2', + service_plugins => ['router', 'metering'], + debug => true, + verbose => true, + } + class { '::neutron::client': } + class { '::neutron::server': + database_connection => 'mysql://neutron:neutron@127.0.0.1/neutron?charset=utf8', + auth_password => 'a_big_secret', + identity_uri => 'http://127.0.0.1:35357/', + sync_db => true, + api_workers => 4, + } + class { '::neutron::plugins::ml2': + type_drivers => ['vxlan'], + tenant_network_types => ['vxlan'], + mechanism_drivers => ['openvswitch'], + } + class { '::neutron::agents::ml2::ovs': + enable_tunneling => true, + local_ip => '127.0.0.1', + tunnel_types => ['vxlan'], + } + class { '::neutron::agents::metadata': + debug => true, + auth_password => 'a_big_secret', + shared_secret => 'a_big_secret', + metadata_workers => 2, + } + class { '::neutron::agents::lbaas': + debug => true, + } + class { '::neutron::agents::l3': + debug => true, + } + class { '::neutron::agents::dhcp': + debug => true, + } + class { '::neutron::agents::metering': + debug => true, + } + class { '::neutron::server::notifications': + nova_admin_password => 'a_big_secret', + } + include ::vswitch::ovs + +} diff --git a/manifests/nova.pp b/manifests/nova.pp new file mode 100644 index 000000000..4f8953eab --- /dev/null +++ b/manifests/nova.pp @@ -0,0 +1,66 @@ +class openstack_integration::nova { + + rabbitmq_user { 'nova': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'nova@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::nova::db::mysql': + password => 'nova', + } + class { '::nova::keystone::auth': + password => 'a_big_secret', + } + class { '::nova': + database_connection => 'mysql://nova:nova@127.0.0.1/nova?charset=utf8', + rabbit_host => '127.0.0.1', + rabbit_userid => 'nova', + rabbit_password => 'an_even_bigger_secret', + glance_api_servers => 'localhost:9292', + verbose => true, + debug => true, + notification_driver => 'messagingv2', + notify_on_state_change => 'vm_and_task_state', + } + class { '::nova::api': + admin_password => 'a_big_secret', + identity_uri => 'http://127.0.0.1:35357/', + osapi_v3 => true, + neutron_metadata_proxy_shared_secret => 'a_big_secret', + osapi_compute_workers => 2, + ec2_workers => 2, + metadata_workers => 2, + default_floating_pool => 'public', + } + class { '::nova::cert': } + class { '::nova::client': } + class { '::nova::conductor': } + class { '::nova::consoleauth': } + class { '::nova::cron::archive_deleted_rows': } + class { '::nova::compute': + vnc_enabled => true, + instance_usage_audit => true, + instance_usage_audit_period => 'hour', + } + class { '::nova::compute::libvirt': + libvirt_virt_type => 'qemu', + migration_support => true, + vncserver_listen => '0.0.0.0', + } + class { '::nova::scheduler': } + class { '::nova::vncproxy': } + class { '::nova::network::neutron': + neutron_admin_password => 'a_big_secret', + neutron_admin_auth_url => 'http://127.0.0.1:35357/v2.0', + } + +} diff --git a/manifests/provision.pp b/manifests/provision.pp new file mode 100644 index 000000000..8e3059455 --- /dev/null +++ b/manifests/provision.pp @@ -0,0 +1,72 @@ +# Deploy OpenStack resources needed to run Tempest + +class openstack_integration::provision { + + $os_auth_options = '--os-username admin --os-password a_big_secret --os-tenant-name openstack --os-auth-url http://127.0.0.1:5000/v2.0' + + exec { 'manage_m1.nano_nova_flavor': + path => '/usr/bin:/bin:/usr/sbin:/sbin', + provider => shell, + command => "nova ${os_auth_options} flavor-create m1.nano 42 128 0 1", + unless => "nova ${os_auth_options} flavor-list | grep m1.nano", + } + Keystone_user_role['admin@openstack'] -> Exec['manage_m1.nano_nova_flavor'] + + exec { 'manage_m1.micro_nova_flavor': + path => '/usr/bin:/bin:/usr/sbin:/sbin', + provider => shell, + command => "nova ${os_auth_options} flavor-create m1.micro 84 128 0 1", + unless => "nova ${os_auth_options} flavor-list | grep m1.micro", + } + Keystone_user_role['admin@openstack'] -> Exec['manage_m1.micro_nova_flavor'] + + neutron_network { 'public': + tenant_name => 'openstack', + router_external => true, + } + Keystone_user_role['admin@openstack'] -> Neutron_network<||> + + neutron_subnet { 'public-subnet': + cidr => '172.24.5.0/24', + ip_version => '4', + allocation_pools => ['start=172.24.5.10,end=172.24.5.200'], + gateway_ip => '172.24.5.1', + enable_dhcp => false, + network_name => 'public', + tenant_name => 'openstack', + } + + vs_bridge { 'br-ex': + ensure => present, + notify => Exec['create_br-ex_vif'], + } + + # creates br-ex virtual interface to reach floating-ip network + exec { 'create_br-ex_vif': + path => '/usr/bin:/bin:/usr/sbin:/sbin', + provider => shell, + command => 'ip addr add 172.24.5.1/24 dev br-ex; ip link set br-ex up', + refreshonly => true, + } + + glance_image { 'cirros': + ensure => present, + container_format => 'bare', + disk_format => 'qcow2', + is_public => 'yes', + # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source + # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. + # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', + source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', + } + glance_image { 'cirros_alt': + ensure => present, + container_format => 'bare', + disk_format => 'qcow2', + is_public => 'yes', + # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source + # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. + # source => '/home/jenkins/cache/files/cirros-0.3.4-x86_64-disk.img', + source => 'http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img', + } +} diff --git a/manifests/sahara.pp b/manifests/sahara.pp new file mode 100644 index 000000000..b8b1c1e10 --- /dev/null +++ b/manifests/sahara.pp @@ -0,0 +1,47 @@ +class openstack_integration::sahara { + + rabbitmq_user { 'sahara': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'sahara@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::sahara::db::mysql': + password => 'sahara', + } + class { '::sahara::keystone::auth': + password => 'a_big_secret', + } + class { '::sahara': + database_connection => 'mysql://sahara:sahara@127.0.0.1/sahara?charset=utf8', + # two plugins because of hardcode in tempest: + # https://github.com/openstack/tempest/blob/master/tempest/config.py#L923 + plugins => ['vanilla', 'hdp'], + rabbit_userid => 'sahara', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + rpc_backend => 'rabbit', + admin_password => 'a_big_secret', + admin_user => 'sahara', + admin_tenant_name => 'services', + debug => true, + verbose => true, + } + class { '::sahara::service::api': + api_workers => 2, + } + class { '::sahara::service::engine': } + class { '::sahara::client': } + class { '::sahara::notify': + enable_notifications => true, + } + +} diff --git a/manifests/swift.pp b/manifests/swift.pp new file mode 100644 index 000000000..119026027 --- /dev/null +++ b/manifests/swift.pp @@ -0,0 +1,67 @@ +class openstack_integration::swift { + + include ::memcached + class { '::swift': + swift_hash_suffix => 'secrete', + } + class { '::swift::proxy': + proxy_local_net_ip => '127.0.0.1', + workers => '4', + pipeline => [ + 'catch_errors', 'healthcheck', 'cache', 'tempurl', 'ratelimit', + 'authtoken', 'keystone', 'formpost', 'staticweb', 'container_quotas', + 'account_quotas', 'proxy-logging', 'proxy-server' + ], + } + include ::swift::proxy::catch_errors + include ::swift::proxy::healthcheck + include ::swift::proxy::proxy_logging + include ::swift::proxy::cache + include ::swift::proxy::tempurl + include ::swift::proxy::ratelimit + class { '::swift::proxy::authtoken': + auth_uri => 'http://127.0.0.1:5000/v2.0', + identity_uri => 'http://127.0.0.1:35357/', + admin_password => 'a_big_secret', + } + class { '::swift::proxy::keystone': + operator_roles => ['Member', 'admin', 'SwiftOperator'] + } + include ::swift::proxy::formpost + include ::swift::proxy::staticweb + include ::swift::proxy::container_quotas + include ::swift::proxy::account_quotas + include ::swift::proxy::tempauth + class { '::swift::keystone::auth': + password => 'a_big_secret', + operator_roles => ['admin', 'SwiftOperator', 'ResellerAdmin'], + } + file { '/srv/node': + ensure => directory, + owner => 'swift', + group => 'swift', + require => Package['swift'], + } + include ::swift::ringbuilder + class { '::swift::storage::all': + storage_local_net_ip => '127.0.0.1', + incoming_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + outgoing_chmod => 'Du=rwx,g=rx,o=rx,Fu=rw,g=r,o=r', + } + $swift_components = ['account', 'container', 'object'] + swift::storage::filter::recon { $swift_components : } + swift::storage::filter::healthcheck { $swift_components : } + ring_object_device { '127.0.0.1:6000/1': + zone => 1, + weight => 1, + } + ring_container_device { '127.0.0.1:6001/1': + zone => 1, + weight => 1, + } + ring_account_device { '127.0.0.1:6002/1': + zone => 1, + weight => 1, + } + +} diff --git a/manifests/tempest.pp b/manifests/tempest.pp new file mode 100644 index 000000000..6538f04e0 --- /dev/null +++ b/manifests/tempest.pp @@ -0,0 +1,104 @@ +# Configure the Tempest service +# +# [*aodh*] +# (optional) Define if Aodh needs to be tested. +# Default to false. +# +# [*ceilometer*] +# (optional) Define if Ceilometer needs to be tested. +# Default to false. +# +# [*cinder*] +# (optional) Define if Cinder needs to be tested. +# Default to false. +# +# [*glance*] +# (optional) Define if Glance needs to be tested. +# Default to true. +# +# [*heat*] +# (optional) Define if Heat needs to be tested. +# Default to false. +# +# [*horizon*] +# (optional) Define if Horizon needs to be tested. +# Default to false. +# +# [*neutron*] +# (optional) Define if Neutron needs to be tested. +# Default to true. +# +# [*nova*] +# (optional) Define if Nova needs to be tested. +# Default to true. +# +# [*sahara*] +# (optional) Define if Sahara needs to be tested. +# Default to false. +# +# [*swift*] +# (optional) Define if Swift needs to be tested. +# Default to false. +# +# [*trove*] +# (optional) Define if Trove needs to be tested. +# Default to false. +# +class openstack_integration::tempest ( + $aodh = false, + $ceilometer = false, + $cinder = false, + $glance = true, + $heat = false, + $horizon = false, + $neutron = true, + $nova = true, + $sahara = false, + $swift = false, + $trove = false, +) { + + class { '::tempest': + debug => true, + use_stderr => false, + log_file => 'tempest.log', + tempest_clone_owner => $::id, + git_clone => false, + tempest_clone_path => '/tmp/openstack/tempest', + lock_path => '/tmp/openstack/tempest', + tempest_config_file => '/tmp/openstack/tempest/etc/tempest.conf', + configure_images => true, + configure_networks => true, + identity_uri => 'http://127.0.0.1:5000/v2.0', + identity_uri_v3 => 'http://127.0.0.1:5000/v3', + admin_username => 'admin', + admin_tenant_name => 'openstack', + admin_password => 'a_big_secret', + admin_domain_name => 'Default', + auth_version => 'v3', + image_name => 'cirros', + image_name_alt => 'cirros_alt', + cinder_available => $cinder, + glance_available => $glance, + horizon_available => $horizon, + nova_available => $nova, + neutron_available => $neutron, + ceilometer_available => $ceilometer, + aodh_available => $aodh, + trove_available => $trove, + sahara_available => $sahara, + heat_available => $heat, + swift_available => $swift, + public_network_name => 'public', + dashboard_url => "http://${::hostname}/", + flavor_ref => '42', + flavor_ref_alt => '84', + image_ssh_user => 'cirros', + image_alt_ssh_user => 'cirros', + img_file => 'cirros-0.3.4-x86_64-disk.img', + # TODO(emilien) optimization by 1/ using Hiera to configure Glance image source + # and 2/ if running in the gate, use /home/jenkins/cache/files/ cirros image. + # img_dir => '/home/jenkins/cache/files', + img_dir => '/tmp/openstack/tempest', + } +} diff --git a/manifests/trove.pp b/manifests/trove.pp new file mode 100644 index 000000000..711361493 --- /dev/null +++ b/manifests/trove.pp @@ -0,0 +1,47 @@ +class openstack_integration::trove { + + rabbitmq_user { 'trove': + admin => true, + password => 'an_even_bigger_secret', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + rabbitmq_user_permissions { 'trove@/': + configure_permission => '.*', + write_permission => '.*', + read_permission => '.*', + provider => 'rabbitmqctl', + require => Class['::rabbitmq'], + } + + class { '::trove': + database_connection => 'mysql://trove:trove@127.0.0.1/trove?charset=utf8', + rabbit_userid => 'trove', + rabbit_password => 'an_even_bigger_secret', + rabbit_host => '127.0.0.1', + nova_proxy_admin_pass => 'a_big_secret', + } + class { '::trove::db::mysql': + password => 'trove', + } + class { '::trove::keystone::auth': + password => 'a_big_secret', + } + class { '::trove::api': + keystone_password => 'a_big_secret', + auth_url => 'http://127.0.0.1:35357/', + debug => true, + verbose => true, + workers => 2, + } + class { '::trove::client': } + class { '::trove::conductor': + debug => true, + verbose => true, + } + class { '::trove::taskmanager': + debug => true, + verbose => true, + } + +}