openstack/puppet-openstack-integration
Code Issues Proposed changes
6daa0a7fea
puppet-openstack-integration/manifests/neutron.pp
yatinkarel b44d0bdd5a Add CentOS8 support and jobs 
- scenario001 and 004 will be running without ceph
  until ceph repos get available for CentOS8
- scenario003 will run not run with linuxbridge until next CentOS
  minor version as it has issues:-
    - https://bugzilla.redhat.com/show_bug.cgi?id=1720637
- Add Puppetfile_centos7 to have different puppet modules
  as compared to other distros. Currently only puppet-mysql
  needs to be kept pinned for centos7 as newere mariadb version
  is required to remove the pin, CentOS8 and ubuntu have required
  mariadb version so pin is removed. So automatic updates of puppet
  modules will not be applied for CentOS7 as those jobs are going to
  be removed in coming months.
- check for rdo_dlrn url existence only for RedHat distros.

Change-Id: I98fc088cd87c1412544f9590ce7a925b413297e2
2019-12-20 10:18:18 +00:00

272 lines
9.6 KiB
Puppet
Raw Blame History

# Configure the Neutron service
#
# [*driver*]
# (optional) Neutron Driver to test
# Can be: openvswitch or linuxbridge.
# Defaults to 'openvswitch'.
#
# [*bgpvpn_enabled*]
# (optional) Flag to enable BGPVPN
# API extensions.
# Defaults to false.
#
# [*l2gw_enabled*]
# (optional) Flag to enable L2GW.
# Defaults to false.
#
# [*bgp_dragent_enabled*]
# (optional) Flag to enable BGP dragent
# Defaults to false.
#
# [*notification_topics*]
# (optional) AMQP topic used for OpenStack notifications
# Defaults to $::os_service_default.
#
class openstack_integration::neutron (
$driver = 'openvswitch',
$bgpvpn_enabled = false,
$l2gw_enabled = false,
$bgp_dragent_enabled = false,
$notification_topics = $::os_service_default,
) {
include openstack_integration::config
include openstack_integration::params
if $::openstack_integration::config::ssl {
openstack_integration::ssl_key { 'neutron':
notify => Service['neutron-server'],
require => Package['neutron'],
}
Exec['update-ca-certificates'] ~> Service['neutron-server']
}
openstack_integration::mq_user { 'neutron':
password => 'an_even_bigger_secret',
before => Anchor['neutron::service::begin'],
}
case $driver {
'openvswitch': {
include vswitch::ovs
# In CentOS8 puppet-vswitch requires network-scripts package until it's ported to NM.
if ($::operatingsystem == 'CentOS') and (versioncmp($::operatingsystemmajrelease, '8') == 0) {
package { 'network-scripts-openvswitch':
ensure => 'latest'
}
}
# Functional test for Open-vSwitch:
# create dummy loopback interface to exercise adding a port to a bridge
vs_bridge { 'br-ex':
ensure => present,
notify => Exec['create_loop1_port'],
}
exec { 'create_loop1_port':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip link add name loop1 type dummy && ip addr add 127.2.0.1/24 dev loop1',
refreshonly => true,
}
-> vs_port { 'loop1':
ensure => present,
bridge => 'br-ex',
notify => Exec['create_br-ex_vif'],
}
# creates br-ex virtual interface to reach floating-ip network
exec { 'create_br-ex_vif':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
command => 'ip addr add 172.24.5.1/24 dev br-ex && ip link set br-ex up',
refreshonly => true,
}
class { 'neutron::agents::ml2::ovs':
local_ip => '127.0.0.1',
tunnel_types => ['vxlan'],
bridge_mappings => ['external:br-ex'],
manage_vswitch => false,
}
$firewall_driver = 'iptables_hybrid'
}
'linuxbridge': {
exec { 'create_dummy_iface':
path => '/usr/bin:/bin:/usr/sbin:/sbin',
provider => shell,
unless => 'ip l show loop0',
command => 'ip link add name loop0 type dummy && ip addr add 172.24.5.1/24 dev loop0 && ip link set loop0 up',
}
class { 'neutron::agents::ml2::linuxbridge':
local_ip => $::ipaddress,
tunnel_types => ['vxlan'],
physical_interface_mappings => ['external:loop0'],
}
$firewall_driver = 'iptables'
}
default: {
fail("Unsupported neutron driver (${driver})")
}
}
class { 'neutron::db::mysql':
password => 'neutron',
}
class { 'neutron::keystone::auth':
public_url => "${::openstack_integration::config::base_url}:9696",
internal_url => "${::openstack_integration::config::base_url}:9696",
admin_url => "${::openstack_integration::config::base_url}:9696",
password => 'a_big_secret',
}
$bgpvpn_plugin = $bgpvpn_enabled ? {
true => 'bgpvpn',
default => undef,
}
if $l2gw_enabled {
if ($::operatingsystem == 'Ubuntu') {
class {'neutron::services::l2gw': }
$l2gw_provider = 'L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default'
}
elsif ($::operatingsystem != 'Ubuntu') {
class {'neutron::services::l2gw':
service_providers => ['L2GW:l2gw:networking_l2gw.services.l2gateway.service_drivers.L2gwDriver:default']
}
$l2gw_provider = undef
}
} else {
$l2gw_provider = undef
}
$l2gw_plugin = $l2gw_enabled ? {
true => 'networking_l2gw.services.l2gateway.plugin.L2GatewayPlugin',
default => undef,
}
$bgp_dr_plugin = $bgp_dragent_enabled ? {
true => 'neutron_dynamic_routing.services.bgp.bgp_plugin.BgpPlugin',
default => undef,
}
$plugins_list = delete_undef_values(['router', 'metering', 'firewall_v2', 'qos', 'trunk', $bgpvpn_plugin, $l2gw_plugin, $bgp_dr_plugin])
if $driver == 'linuxbridge' {
$global_physnet_mtu = '1450'
} else {
$global_physnet_mtu = undef
}
class { 'neutron::logging':
debug => true,
}
class { 'neutron':
default_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_default_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_default_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
notification_transport_url => os_transport_url({
'transport' => $::openstack_integration::config::messaging_notify_proto,
'host' => $::openstack_integration::config::host,
'port' => $::openstack_integration::config::messaging_notify_port,
'username' => 'neutron',
'password' => 'an_even_bigger_secret',
}),
rabbit_use_ssl => $::openstack_integration::config::ssl,
amqp_sasl_mechanisms => 'PLAIN',
allow_overlapping_ips => true,
core_plugin => 'ml2',
service_plugins => $plugins_list,
bind_host => $::openstack_integration::config::host,
use_ssl => $::openstack_integration::config::ssl,
cert_file => $::openstack_integration::params::cert_path,
key_file => "/etc/neutron/ssl/private/${::fqdn}.pem",
notification_topics => $notification_topics,
notification_driver => 'messagingv2',
global_physnet_mtu => $global_physnet_mtu,
}
class { 'neutron::client': }
class { 'neutron::keystone::authtoken':
password => 'a_big_secret',
user_domain_name => 'Default',
project_domain_name => 'Default',
auth_url => $::openstack_integration::config::keystone_admin_uri,
www_authenticate_uri => $::openstack_integration::config::keystone_auth_uri,
memcached_servers => $::openstack_integration::config::memcached_servers,
}
$providers_list = delete_undef_values(['FIREWALL_V2:fwaas_db:neutron_fwaas.services.firewall.service_drivers.agents.agents.FirewallAgentDriver:default',
$l2gw_provider])
if $::osfamily == 'Debian' {
Service<| title == 'neutron-server'|> -> Openstacklib::Service_validation<| title == 'neutron-server' |> -> Neutron_network<||>
$validate_neutron_server_service = true
} else {
$validate_neutron_server_service = false
}
class { 'neutron::server':
database_connection => 'mysql+pymysql://neutron:neutron@127.0.0.1/neutron?charset=utf8',
sync_db => true,
api_workers => 2,
rpc_workers => 2,
rpc_response_max_timeout => 300,
validate => $validate_neutron_server_service,
service_providers => $providers_list,
ensure_dr_package => $bgp_dragent_enabled,
}
class { 'neutron::plugins::ml2':
type_drivers => ['vxlan', 'vlan', 'flat'],
tenant_network_types => ['vxlan', 'vlan', 'flat'],
extension_drivers => 'port_security,qos',
mechanism_drivers => $driver,
firewall_driver => $firewall_driver,
}
if $::openstack_integration::config::ssl {
# with nova metadata api running via wsgi it is ssl terminated, also
# neutron metadata agent does not support an ipv6 address for the
# metadata_host, so we need to use the hostname
$metadata_host = 'localhost'
$metadata_protocol = 'https'
} else {
$metadata_host = $::openstack_integration::config::host
$metadata_protocol = 'http'
}
class { 'neutron::agents::metadata':
debug => true,
shared_secret => 'a_big_secret',
metadata_workers => 2,
metadata_host => $metadata_host,
metadata_protocol => $metadata_protocol,
}
class { 'neutron::agents::l3':
interface_driver => $driver,
debug => true,
extensions => 'fwaas_v2',
}
class { 'neutron::agents::dhcp':
interface_driver => $driver,
debug => true,
}
class { 'neutron::agents::metering':
interface_driver => $driver,
debug => true,
}
class { 'neutron::server::notifications':
auth_url => $::openstack_integration::config::keystone_admin_uri,
password => 'a_big_secret',
}
class { 'neutron::services::fwaas':
enabled => true,
agent_version => 'v2',
driver => 'neutron_fwaas.services.firewall.service_drivers.agents.drivers.linux.iptables_fwaas_v2.IptablesFwaasDriver',
}
if $bgpvpn_enabled {
class {'neutron::services::bgpvpn':
service_providers => 'BGPVPN:Dummy:networking_bgpvpn.neutron.services.service_drivers.driver_api.BGPVPNDriver:default'
}
}
if $bgp_dragent_enabled {
class {'neutron::agents::bgp_dragent':
bgp_router_id => '127.0.0.1'
}
}
}
View Git Blame Copy Permalink